{"id":20838313,"url":"https://github.com/joelgmsec/psransom","last_synced_at":"2025-04-04T22:08:53.700Z","repository":{"id":38314273,"uuid":"464122004","full_name":"JoelGMSec/PSRansom","owner":"JoelGMSec","description":"PowerShell Ransomware Simulator with C2 Server","archived":false,"fork":false,"pushed_at":"2024-01-19T09:50:26.000Z","size":1261,"stargazers_count":476,"open_issues_count":2,"forks_count":115,"subscribers_count":11,"default_branch":"main","last_synced_at":"2025-03-28T21:08:26.762Z","etag":null,"topics":["c2","powershell","psransom","ransomware","simulator"],"latest_commit_sha":null,"homepage":"https://darkbyte.net","language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/JoelGMSec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"JoelGMSec","patreon":null,"open_collective":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"custom":["https://buymeacoff.ee/JoelGMSec","https://darkbyte.net/shop"]}},"created_at":"2022-02-27T11:52:03.000Z","updated_at":"2025-03-17T05:01:05.000Z","dependencies_parsed_at":"2024-12-15T21:05:07.203Z","dependency_job_id":"84d1c232-bbfb-47d3-97c3-9ac27ea4d5ef","html_url":"https://github.com/JoelGMSec/PSRansom","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JoelGMSec%2FPSRansom","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JoelGMSec%2FPSRansom/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JoelGMSec%2FPSRansom/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JoelGMSec%2FPSRansom/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/JoelGMSec","download_url":"https://codeload.github.com/JoelGMSec/PSRansom/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247256115,"owners_count":20909240,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["c2","powershell","psransom","ransomware","simulator"],"created_at":"2024-11-18T01:09:54.349Z","updated_at":"2025-04-04T22:08:53.660Z","avatar_url":"https://github.com/JoelGMSec.png","language":"PowerShell","funding_links":["https://github.com/sponsors/JoelGMSec","https://buymeacoff.ee/JoelGMSec","https://darkbyte.net/shop","https://www.buymeacoffee.com/joelgmsec"],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\u003cimg width=750 alt=\"PSRansom\" src=\"https://github.com/JoelGMSec/PSRansom/blob/main/PSRansom.png\"\u003e\u003c/p\u003e\n\n# PSRansom\n**PSRansom** is a PowerShell Ransomware Simulator with C2 Server capabilities. This tool helps you simulate encryption process of a generic ransomware in any system on any system with PowerShell installed on it. Thanks to the integrated C2 server, you can exfiltrate files and receive client information via HTTP. \n\nAll communication between the two elements is encrypted or encoded so as to be undetected by traffic inspection mechanisms, although at no time is HTTPS used at any time.\n\n# Requirements\n- PowerShell 4.0 or greater\n\n\n# Download\nIt is recommended to clone the complete repository or download the zip file.\nYou can do this by running the following command:\n```\ngit clone https://github.com/JoelGMSec/PSRansom\n```\n\n\n# Usage\n```\n.\\PSRansom -h\n\n  ____  ____  ____\n |  _ \\/ ___||  _ \\ __ _ _ __  ___  ___  _ __ ___\n | |_) \\___ \\| |_) / _' | '_ \\/ __|/ _ \\| '_ ' _ \\\n |  __/ ___) |  _ \u003c (_| | | | \\__ \\ (_) | | | | | |\n |_|   |____/|_| \\_\\__,_|_| |_|___/\\___/|_| |_| |_|\n\n  ----------------- by @JoelGMSec ----------------\n\n Info:  This tool helps you simulate encryption process of a\n        generic ransomware in PowerShell with C2 capabilities\n\n Usage: .\\PSRansom.ps1 -e Directory -s C2Server -p C2Port\n          Encrypt all files \u0026 sends recovery key to C2Server\n          Use -x to exfiltrate and decrypt files on C2Server\n\n        .\\PSRansom.ps1 -d Directory -k RecoveryKey\n          Decrypt all files with recovery key string\n\n Warning: All info will be sent to the C2Server without any encryption\n          You need previously generated recovery key to retrieve files\n\n```\n\n### The detailed guide of use can be found at the following link:\n\nhttps://darkbyte.net/psransom-simulando-un-ransomware-generico-con-powershell\n\n\n# License\nThis project is licensed under the GNU 3.0 license - see the LICENSE file for more details.\n\n\n# Credits and Acknowledgments\nThis tool has been created and designed from scratch by Joel Gámez Molina // @JoelGMSec\n\n\n# Contact\nThis software does not offer any kind of guarantee. Its use is exclusive for educational environments and / or security audits with the corresponding consent of the client. I am not responsible for its misuse or for any possible damage caused by it.\n\nFor more information, you can find me on Twitter as [@JoelGMSec](https://twitter.com/JoelGMSec) and on my blog [darkbyte.net](https://darkbyte.net).\n\n\n# Support\nYou can support my work buying me a coffee:\n\n[\u003cimg width=250 alt=\"buymeacoffe\" src=\"https://cdn.buymeacoffee.com/buttons/v2/default-blue.png\"\u003e](https://www.buymeacoffee.com/joelgmsec)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjoelgmsec%2Fpsransom","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjoelgmsec%2Fpsransom","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjoelgmsec%2Fpsransom/lists"}