Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/joelgmsec/psransom

PowerShell Ransomware Simulator with C2 Server
https://github.com/joelgmsec/psransom

c2 powershell psransom ransomware simulator

Last synced: about 2 hours ago
JSON representation

PowerShell Ransomware Simulator with C2 Server

Host: GitHub
URL: https://github.com/joelgmsec/psransom
Owner: JoelGMSec
License: gpl-3.0
Created: 2022-02-27T11:52:03.000Z (over 2 years ago)
Default Branch: main
Last Pushed: 2024-01-19T09:50:26.000Z (10 months ago)
Last Synced: 2024-05-01T17:26:28.651Z (7 months ago)
Topics: c2, powershell, psransom, ransomware, simulator
Language: PowerShell
Homepage: https://darkbyte.net
Size: 1.2 MB
Stars: 440
Watchers: 8
Forks: 106
Open Issues: 2
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE

Awesome Lists containing this project

README

PSRansom

# PSRansom
**PSRansom** is a PowerShell Ransomware Simulator with C2 Server capabilities. This tool helps you simulate encryption process of a generic ransomware in any system on any system with PowerShell installed on it. Thanks to the integrated C2 server, you can exfiltrate files and receive client information via HTTP.

All communication between the two elements is encrypted or encoded so as to be undetected by traffic inspection mechanisms, although at no time is HTTPS used at any time.

# Requirements
- PowerShell 4.0 or greater

# Download
It is recommended to clone the complete repository or download the zip file.
You can do this by running the following command:
```
git clone https://github.com/JoelGMSec/PSRansom
```

# Usage
```
.\PSRansom -h

____ ____ ____
| _ \/ ___|| _ \ __ _ _ __ ___ ___ _ __ ___
| |_) \___ \| |_) / _' | '_ \/ __|/ _ \| '_ ' _ \
| __/ ___) | _ < (_| | | | \__ \ (_) | | | | | |
|_| |____/|_| \_\__,_|_| |_|___/\___/|_| |_| |_|

----------------- by @JoelGMSec ----------------

Info: This tool helps you simulate encryption process of a
generic ransomware in PowerShell with C2 capabilities

Usage: .\PSRansom.ps1 -e Directory -s C2Server -p C2Port
Encrypt all files & sends recovery key to C2Server
Use -x to exfiltrate and decrypt files on C2Server

.\PSRansom.ps1 -d Directory -k RecoveryKey
Decrypt all files with recovery key string

Warning: All info will be sent to the C2Server without any encryption
You need previously generated recovery key to retrieve files

```

### The detailed guide of use can be found at the following link:

https://darkbyte.net/psransom-simulando-un-ransomware-generico-con-powershell

# License
This project is licensed under the GNU 3.0 license - see the LICENSE file for more details.

# Credits and Acknowledgments
This tool has been created and designed from scratch by Joel Gámez Molina // @JoelGMSec

# Contact
This software does not offer any kind of guarantee. Its use is exclusive for educational environments and / or security audits with the corresponding consent of the client. I am not responsible for its misuse or for any possible damage caused by it.

For more information, you can find me on Twitter as [@JoelGMSec](https://twitter.com/JoelGMSec) and on my blog [darkbyte.net](https://darkbyte.net).

# Support
You can support my work buying me a coffee:

[](https://www.buymeacoffee.com/joelgmsec)