Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/pushpenderindia/nekros
NekRos is an Open-Source Ransomeware, with advanced Features, Which Looks Like Wannacry and Has C&C Server which can be Used to Retrive KEY
https://github.com/pushpenderindia/nekros
command-and-control database-manager fast gui kali-linux nekros open-source parratsec pushpender pushpender-singh python python3 ransomeware ransomeware-generator server technowlogy uncrackable-key wannacry windows
Last synced: 25 days ago
JSON representation
NekRos is an Open-Source Ransomeware, with advanced Features, Which Looks Like Wannacry and Has C&C Server which can be Used to Retrive KEY
- Host: GitHub
- URL: https://github.com/pushpenderindia/nekros
- Owner: PushpenderIndia
- License: bsd-3-clause
- Created: 2019-11-22T11:01:51.000Z (about 5 years ago)
- Default Branch: master
- Last Pushed: 2024-01-05T18:01:48.000Z (12 months ago)
- Last Synced: 2024-05-01T17:30:42.647Z (8 months ago)
- Topics: command-and-control, database-manager, fast, gui, kali-linux, nekros, open-source, parratsec, pushpender, pushpender-singh, python, python3, ransomeware, ransomeware-generator, server, technowlogy, uncrackable-key, wannacry, windows
- Language: Python
- Size: 4.84 MB
- Stars: 116
- Watchers: 9
- Forks: 50
- Open Issues: 7
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
NekRos - Ransomeware
This Awesome Project will Just Blow Your Mind, The Most Scarest Ransomeware.
NekRos is a Ransomeware Generator for Windows, which is written in Python 3, NekRos means DEAD in Greek, now you can imagine that why I named it NekRos.
Project is made for good purpose, unethical use is prohibited, misuse of this project can lead you behind the Bar/Jail, Porject is made to give Practical and Deep Knowledge of Ransomeware and their side effects.
It is the responsibility of end user to use this Software ethically and for testing purpose only : )
## NekRos - THE MOST Scariest Ransomeware
## Disclaimer
:computer: This project was created only for good purposes and personal use.
THIS SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. YOU MAY USE THIS SOFTWARE AT YOUR OWN RISK. THE USE IS COMPLETE RESPONSIBILITY OF THE END-USER. THE DEVELOPERS ASSUME NO LIABILITY AND ARE NOT RESPONSIBLE FOR ANY MISUSE OR DAMAGE CAUSED BY THIS PROGRAM.
## What is Ransomeware ?
**Ransomware** is a type of malware which **encrypts** the Data of Victim's PC making **Data un-usable**, they are mainly published to Encrypt victim's data which **perpetually block the access** to data unless a ransom is paid to Attacker/Hacker so that Decryption/Recovery of Data could be done.
## Warning : PAY ATTENTION
If you are using this software then it means you agrees our T&C i.e Any misuse of this software, **YOU - THE END USER** is responsile and not the author.
Our aim of building this software is to give the Practical Knowledge of Ransomeware so that we can Build a Better Cyber Army Which can fight against the Cyber Crimes.
The primary (and original) goal of this project was to provide a proof-of-concept which demonstrated Python's capabilities as a language for real-world malware development as **Traditionally** C, C++ is used to Create Stuff like this.
## Note : Project Under Development
#### TODO
- [ ] Making GUI Ransomeware Generator
- [ ] Implement Change language Function
- [ ] Improve C&C Server/Website, put some checks that if **payment == True**, then only Retrive Key from Database.
- [ ] Add New Features
#### By Default, Ransomeware Targets .lol, .mrrobot extension files
**Even thought not suggested**, But You Can test it even on your main system, as by default it targets **.lol** and **.mrrobot** extensions file, for testing purpose make your own files with these entensions and then run **main.py**
## Features
- [x] Works on Windows.
- [x] Generates Unique Machine ID for Victim System's Identification.
- [x] Generates Purely **Random** Encryption/Decryption KEY (**MD5 hash**), thus no chance of Making Keygen of This Ransomeware.
- [x] Decryption/Recovery of Data is only Possible with Valid Key only.
- [x] Changes Wallpaper after Given Interval of Time (In seconds).
- [x] Server (Website) Integrated with Ransomeware which can be used to Retrive **KEY**.
- [x] Searches for Sensitive Files on Default target location.
- [x] Only Encrypt Target Specified Extension files (Customizable)
- [x] Export KEY to Server before Encryption Process takes place.
- [x] Stylish and Scariest GUI Which looks like WannaCry Ransomeware
- [x] Shows Encryped Files Log in GUI Window
- [x] Timer Integrated With GUI Window
- [x] Extremely Fast and easy to use
- [x] **GUI DATABASE MANAGER** which can be used by hackers to automate database interactions.
- [x] C&C Website/Server With Database, to Stored **Decryption Key**, **Date**, **Payment** [**Boolean Type**] & **Unique ID**
- [x] Function to Prohibit Encryption of Particular Directorys (**Directory Exclusion**)
- [ ] Function to Change Language of GUI Window to Different Available langauges **(Coming Soon)**
- [ ] Function to Disable Decryptor When Payment not made in Given Time **(Coming Soon)**
- [ ] Creates Executable Binary With Zero Dependencies **(Coming Soon)**
- [ ] Create less size ~ 5mb payload with advance functionality **(Coming Soon)**
- [ ] Ofusticate the Payload before Generating it, hence Bypassing few more antivirus **(Coming Soon)**
- [ ] Generated Payload is Encryted with base64, hence makes extremely difficult to reverse engineer the payload **(Coming Soon)**
- [ ] Function to Kill Antivirus on Victim PC and tries to disable the security **(Coming Soon)**
## Prerequisite
- [x] Python 3.X , **Recommended 3.7**
- [x] Few External Modules like **pycryptodome**, **configparser**, **mysql-connector-python** etc.
## Tested On
[](https://www.microsoft.com/en-in/windows/) **Windows 8.1 - Pro**
## Order of Processes Which are taken
**MAIN.py is the Main File Which Do All Hard Work for You In Series**
**main.py** starts **THREE** stages i.e. **stage1**, **stage2**, **stage3**, and then atlast, starts the **GUI Window** which shows warning message.
**GUI Window** is capable to Call **Reverse_Attack** stager which takes **KEY** as argument.
**GUI Window** of Ransomeware is also capable to Show **Encrypted Files Log** In GUI Window.
## TREE to Show Role of Different Files
```
+====================+
+ Ransomeware_Files +
+====================+
+
+===========+
+ Main.py +
+===========+
+ |____Run Stage1
+ |____Run Stage2
+ |____Run Stage3
+ |____Change Wallpaer After Given IntervL
+ |____Start GUI
+ |____Starts Timer
+ |____Can Initiate Decrypt Function [Takes KEY As Argument]
+ |____Can Show Encrypted Files Log
+
+===========+
+ Stage1.py +
+===========+
+ |____*****TAKES 4 Arguments, i.e. [server, username, password, db_name]*****
+ |____Generates Unique Machine ID
+ |____Generates Random Encryption Key With Fixed Length
+ |____Export KEY to Command & Control Server
+ |____*****RETURN : Encryption/Decryption KEY*****
+
+===========+
+ Stage2.py +
+===========+
+ |____*****TAKES NO ARGUMENTS*****
+ |____Searches for Target Extension Files on Different Thread
+ |____*****RETURN : List of TARGET Files*****
+
+===========+
+ Stage3.py +
+===========+
+ |____*****TAKES 2 ARGUMENTS, i.e. KEY & LIST of Sensitive Files*****
+ |____Initiate Encryption Process
+
+===================+
+ Reverse_Attack.py +
+===================+
+ |____*****TAKES 1 ARGUMENTS, i.e. KEY *****
+ |____Initiate Decryption Process
+
+=======================+
+ After_Stage1 (Folder) +
+=======================+
+ |
+ | +====================+
+ |____+ changeWallpaper.py +
+ | +====================+
+ |____Images [Wallpaper]
+
+=======================+
+ After_Stage2 (Folder) +
+=======================+
|
| +====================+
|____+ check_log_gui.py +
| +====================+
|
| +====================+
|____+ decryptor_gui.py +
| +====================+
|
| +========+
|____+ GUI.py +
| +========+
|
| +========================================+
|____+ img [Folder Containing Resource Image] +
+========================================+
```
## Attack/Stage Breakdown
Attack is Divided Into **3 Stages**, Stages are Completed By **Main** Program (main.py)
* In **Stage1**, (Unique MachineID & KEY) are generated and were exported to Remote Server.
* In **Stage2**, Locates Target Extension Files in Default Target Directory.
* In **Stage3**, KEY & List of TargetFiles (obtained from Stage1 & Stage2) are then used to launch Encryption.
* In **Finale Stage**, Main Program launches Ransomeware GUI demanding for Ransome.
## Default Target Directory
```
+==========================+
+ Default Target Directory +
+==========================+
|____C:\Users\USERNAME\Pictures
|____C:\Users\USERNAME\Music
|____C:\Users\USERNAME\Downloads
|____C:\Users\USERNAME\Documents
|____C:\Users\USERNAME\Desktop
```
## ScreenShots
#### Main GUI Window of NekRos Ransomeware
#### Check Encryped Files Log ~ GUI Window
#### Decryptor ~ GUI Window
#### Database Manager ~ For Attacker
#### Website Asking for Machine ID
#### Website showing Result
## Usage
* Upload Website Folder's Content to your server and update **get_decrypt_code.php** with right creds. present in **website/php/**
* Create Database and Import **nekros.sql** in it.
* Update **config.txt** present in **Ransomeware** folder.
* Update **config.txt** present in **db_manager** folder to Manage database using GUI Window.
* Install python and then install required modules using this command :
```
$ pip install requirements.txt
```
* Run **main.py** like this
```
$ python main.py
```
## Decryption of Files
* Key is Exported to Server/Website before encryption process starts
* Simply Acquire that key from Database throught website by Typing the Machine ID in website page **OR** Directly look for key in database.
* Paste that Key in GUI Window **OR** Direclty Run **reverse_attack.py** and paste the KEY in script
```
#Run reverse_attack.py like this
$ python reverse_attack.py
```