{"id":15813728,"url":"https://github.com/d33p0st/test-ransomware","last_synced_at":"2026-05-15T21:37:54.966Z","repository":{"id":256795284,"uuid":"856444875","full_name":"d33p0st/test-ransomware","owner":"d33p0st","description":"This is a Ransomware created for testing in macOS.","archived":false,"fork":false,"pushed_at":"2024-09-14T13:04:26.000Z","size":412,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-10-06T04:04:58.373Z","etag":null,"topics":["macos","ransomware","testing"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/d33p0st.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-09-12T15:30:54.000Z","updated_at":"2024-09-14T13:04:26.000Z","dependencies_parsed_at":"2024-09-13T04:38:55.938Z","dependency_job_id":"d61b8e85-ae51-4a2c-b76f-64a6da3ed20b","html_url":"https://github.com/d33p0st/test-ransomware","commit_stats":null,"previous_names":["d33p0st/test-ransomware"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/d33p0st/test-ransomware","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/d33p0st%2Ftest-ransomware","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/d33p0st%2Ftest-ransomware/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/d33p0st%2Ftest-ransomware/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/d33p0st%2Ftest-ransomware/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/d33p0st","download_url":"https://codeload.github.com/d33p0st/test-ransomware/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/d33p0st%2Ftest-ransomware/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":266039012,"owners_count":23867815,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["macos","ransomware","testing"],"created_at":"2024-10-05T04:05:13.515Z","updated_at":"2026-05-15T21:37:54.915Z","avatar_url":"https://github.com/d33p0st.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![Build](https://github.com/d33p0st/test-ransomware/actions/workflows/Build.yml/badge.svg)](https://github.com/d33p0st/test-ransomware/actions/workflows/Build.yml)\n[![Downloads](https://static.pepy.tech/badge/test-ransomware)](https://pepy.tech/project/test-ransomware)\n\n# Overview\n\nI've tried searching ransomwares for testing in macos but most of them turned out to be shady. This one is different. I created it on my own and it replicates basic ransomware behaviour. The user has full control over which `directories` and which `file-types` to target.\n\nAfter significant thinking about interruption during runtime of the ransomware and assessing the irreversible damages, I have added a few failsafes which might come in handy. One of them being `The files being encrypted multiple times due to starting and stopping of the ransomware`. In cases like these, the multiple encrypted files can also be recovered, which makes it significantly better than any other test ransomware I found online.\n\n\u003e Note: As I mentioned earlier, this is made for `macOS` only as I have used `Applescript` and other macOS dependent features to make it replicate ransomware behaviour.\n\n\u003e However, If you like it and want me to create one for your prefered operating system, create an issue [here](https://github.com/d33p0st/test-ransomware) and I'd be happy to help. Do star the repo!\n\n## Table of Contents\n\n* [Working](#working)\n* [Instruction of Usage](#instruction-of-usage)\n* [Detailed Features](#detailed-features)\n* [Precautions](#precautions)\n* [Issues](#issues)\n* [Pull Requests](#pull-requests)\n* [DISCLAIMER](#disclaimer)\n\n\u003e Please Read all Disclaimer and Precautions before use.\n\n## Working\n\n```console\n,_________________,       Monitors        ,____________,\n| Kill Protection |--------\u003e------\u003e-------| Ransomware |\n|     Program     |--------\u003e------\u003e-------|  Program   |\n'-----------------'   Restarts if killed  '-----,------'\n                                                |\n                                                |\n                    ,---------------------------'\n                    | - For All Targeted Directories\n                    | - Encrypts Targeted File Types\n                    |\n    ,--------,  ,---'----,      ,--------,\n    |  Dir1  |  |  Dir2  | .... |  Dir n |\n    '---,----'  '-,------'      '---,----'\n        |         |                 |\n,-------',  ,-----'--,        ,-----'--,\n| File 1 |  | File 2 |  ..... | File n |\n'--------'  '--------'        '--------'\n```\n\n## Instruction of Usage\n\n* `Installation`\n\n    ```bash\n    pip install test-ransomware\n    ```\n\n* `Usage`\n\n    ```bash\n    $ rw --help\n    Test Ransomware v0.1.0\n    author: Soumyo Deep Gupta (d33p0st, d33pster)\n    description: Dummy Ransomware to test Prevention/Detection and similar techniques.\n\n    Syntax: rw [OPTIONS]\n\n    [OPTIONS]\n\n    --start | -s            : This option starts the Kill Protection\n                            program which then starts the Ransomware.\n\n    --recover | -r          : This option recovers the affected files.\n\n    --directories | -d      : This option helps select target directories.\n                            [This is a mandatory option]\n                            Example: rw --start --directories dir1 dir2 ...\n\n    --types | -t            : This option helps select the target file types\n                            [NOT mandatory. Accepts File Extensions]\n                            Example: rw --start -d dir1 dir2 -t txt docx\n\n    --help | -h             : shows this help text and exit.\n\n    [Developer OPTIONS] (Use with precautions)\n\n    --start-runtime | -sr   : starts ransomware directly.\n\n    --rec | -rec            : recovers files directly.\n    ```\n\n* `Basic Examples`\n\n    ```bash\n    # to start ransomware will kill protection and target jpg and jpeg files\n    rw --directories ~/dir1 ~/dir2/dir3 --types jpg jpeg --start\n    ```\n\n    ```bash\n    # to recover the files affected by the above code.\n    rw --directories ~/dir1 ~/dir2/dir3 --types jpg jpeg --recover\n    ```\n\n## Detailed Features\n\n* `Base Ransomware`\n\n    The `Ransomware` scans and isolates the targeted files and replaces them with encrypted contents rendering them useless.\n\n    After that step, It keeps on checking the encrypted file hashes and if some file change is detected (could be the user being successful in decrypting some file or simply changed the encrypted file either accidently or due to ill motive), the `Ransomware` again encrypts the changed file.\n\n* `Kill Protection`\n\n    The `Ransomware` automatically restarts and re-encrypts the files.\n    \u003e Note: Each time the ransomware quits due to any reason, it restarts and re-encrypts all the files.\n\n* `Recovery`\n\n    No matter how many times a file is encrypted, The `Test Ransomware` will recover the original file.\n\n* `Multiple Terminal Output`\n\n    Once you start the `Ransomware`, apart from the current terminal, other terminals will open to notify about files and statuses.\n\n* `Faster than most`\n\n    The `Ransomware` is written in a python-rust mix leveraging rust's speed in time consuming tasks such as scanning for files and as such.\n    \u003e Note: This provides an addition test vector for Detection Techniques.\n\n## Precautions\n\n* As I mentioned earlier, Repeated killing wont help preventing/Safe-Guarding from the `Ransomware`. As soon as the `Ransomware` re-encrypts the files, the file size increases and therefore repeated killing will only result in resource loss.\n\n* The Developer options are merely for testing and is not recommended to use.\n\n* Double-check directories and files before using the `Ransomware`. If by any chance, recovery fails, I am not responsible for any kind of damage.\n\n* It is recommended to use this software for educational pupose only. Any damages to property or data or resource in any form or usage in illegal activities will result in the user being liable.\n\n## Issues\n\nCreate any issues found during usage or suggestions or anything [here](https://github.com.d33p0st/test-ransomware/issues).\n\n## Pull Requests\n\nFor any Modifications or changes or upgrades make sure you create a pull request [here](https://github.com/d33p0st/test-ransomware/pulls).\n\n## DISCLAIMER\n\n**THIS SOFTWARE IS PROVIDED FOR EDUCATIONAL AND RESEARCH PURPOSES ONLY. THE CREATOR DOES NOT CONDONE OR ENCOURAGE THE USE OF THIS SOFTWARE FOR ANY ILLEGAL OR MALICIOUS ACTIVITY.**\n\n**BY USING THIS SOFTWARE, YOU ACKNOWLEDGE AND AGREE THAT:**\n\n1. **THE CREATOR SHALL NOT BE HELD RESPONSIBLE OR LIABLE** for any damage, loss, or disruption caused by the use of this software. This includes but is not limited to damage to data, hardware, software, or other systems, whether used in testing, production, or otherwise.\n\n2. **THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND,** either express or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose, and non-infringement. In no event shall the creator be liable for any claims, damages, or other liability, whether in an action of contract, tort, or otherwise, arising from, out of, or in connection with the software or the use or other dealings in the software.\n\n3. **USERS OF THIS SOFTWARE ARE FULLY RESPONSIBLE** for ensuring that they have all necessary permissions to use the software, especially in cases where it interacts with files, systems, or environments that do not belong to them.\n\n4. **ANY USE OF THIS SOFTWARE IN VIOLATION OF LOCAL, STATE, NATIONAL, OR INTERNATIONAL LAW** is strictly prohibited and is the sole responsibility of the user. The creator is not liable for any legal consequences that may arise from improper or unauthorized use of this software.\n\n5. **BY USING OR DISTRIBUTING THIS SOFTWARE, YOU AGREE TO RELEASE THE CREATOR** from any and all liability, claims, or damages arising from the use or misuse of the software, including any unauthorized distribution, modification, or reverse engineering of the software.\n\n---\n\n**IMPORTANT: DO NOT USE THIS SOFTWARE IN PRODUCTION ENVIRONMENTS OR ON SYSTEMS THAT YOU DO NOT OWN WITHOUT EXPLICIT PERMISSION. ANY MALICIOUS USE OF THIS SOFTWARE IS STRICTLY PROHIBITED.**\n\n---","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fd33p0st%2Ftest-ransomware","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fd33p0st%2Ftest-ransomware","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fd33p0st%2Ftest-ransomware/lists"}