Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/ivan-sincek/php-ransomware

PHP ransomware that encrypts your files, as well as file and directory names.
https://github.com/ivan-sincek/php-ransomware

defensive-security ethical-hacking malware offensive-security openssl php ransomware reverse-engineering security

Last synced: 3 months ago
JSON representation

PHP ransomware that encrypts your files, as well as file and directory names.

Host: GitHub
URL: https://github.com/ivan-sincek/php-ransomware
Owner: ivan-sincek
License: mit
Created: 2019-02-13T13:41:38.000Z (almost 6 years ago)
Default Branch: master
Last Pushed: 2023-04-25T15:06:33.000Z (almost 2 years ago)
Last Synced: 2024-10-17T16:21:24.786Z (3 months ago)
Topics: defensive-security, ethical-hacking, malware, offensive-security, openssl, php, ransomware, reverse-engineering, security
Language: PHP
Homepage:
Size: 302 KB
Stars: 111
Watchers: 6
Forks: 63
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# PHP Ransomware

PHP ransomware that encrypts your files, as well as file and directory names.

Ransomware is set to start encrypting files and directories from the server's web root directory and only inside the server's web root directory.

**Ransomware will self-destruct upon running, which means you only have one chance at decrypting your data.**

**Keep also in mind that each decryption file has a uniquely generated salt used in encryption and as such cannot be replaced with another decryption file.**

Tested on XAMPP for Windows v7.4.3 (64-bit) with PHP v7.4.3.

Made for educational purposes. I hope it will help!

**IMPORTANT!: Please DO NOT use this ransomware for illegal purposes! I have no [liability](https://github.com/ivan-sincek/php-ransomware/blob/master/LICENSE) over your actions!**

## How to Run

Requires PHP v5.5.0 or greater because `openssl_pbkdf2()` is used.

**Care not to do any damage! Backup your server files before running ransomware! Script will crash on large files!**

Copy [\\src\\encrypt.php](https://github.com/ivan-sincek/php-ransomware/blob/master/src/encrypt.php) to your server's web root directory (e.g. to \\xampp\\htdocs\\ on XAMPP).

Navigate to the encryption file with your preferred web browser.

Decryption file will be created automatically after the encryption phase.

---

On web servers other than XAMPP (Apache) you might need to load `OpenSSL` and `Multibyte String` libraries in PHP.

In XAMPP it is as simple as uncommenting the following in `php.ini`:

```fundamental
extension=php_openssl.dll
extension=mbstring
```

## Images

Ransomware

Figure 1 - Ransomware

Encrypted Content

Figure 2 - Encrypted Content