No products in the cart.
PSRansom is a PowerShell Ransomware Simulator with C2 Server capabilities. This tool helps you simulate the encryption process of generic ransomware in any system on any system with PowerShell installed on it. Thanks to the integrated C2 server, you can exfiltrate files and receive client information via HTTP.
All communication between the two elements is encrypted or encoded so as to be undetected by traffic inspection mechanisms, although at no time is HTTPS used at any time.
Blog: https://darkbyte.net
Github: https://github.com/JoelGMSec/PSRansom
Requirements
- PowerShell 4.0 or greater
Download
It is recommended to clone the complete repository or download the zip file. You can do this by running the following command:
git clone https://github.com/JoelGMSec/PSRansom
Usage
.\PSRansom -h
____ ____ ____
| _ \/ ___|| _ \ __ _ _ __ ___ ___ _ __ ___
| |_) \___ \| |_) / _' | '_ \/ __|/ _ \| '_ ' _ \
| __/ ___) | _ < (_| | | | \__ \ (_) | | | | | |
|_| |____/|_| \_\__,_|_| |_|___/\___/|_| |_| |_|
----------------- by @JoelGMSec ----------------
Info: This tool helps you simulate encryption process of a
generic ransomware in PowerShell with C2 capabilities
Usage: .\RansomShell.ps1 -e Directory -s C2Server -p C2Port
Encrypt all files & sends recovery key to C2Server
Use -x to exfiltrate and decrypt files on C2Server
.\RansomShell.ps1 -d Directory -k RecoveryKey
Decrypt all files with recovery key string
Warning: All info will be sent to the C2Server without any encryption
You need previously generated recovery key to retrieve files
The detailed guide of use can be found at the following link:
https://darkbyte.net/psransom-simulando-un-ransomware-generico-con-powershell
License
This project is licensed under the GNU 3.0 license - see the LICENSE file for more details.
Credits and Acknowledgments
This tool has been created and designed from scratch by Joel Gámez Molina // @JoelGMSec
Contact
This software does not offer any kind of guarantee. Its use is exclusive to educational environments and/or security audits with the corresponding consent of the client. I am not responsible for its misuse or for any possible damage caused by it.
For more information, you can find me on Twitter as @JoelGMSec and on my blog darkbyte.net.
Support
You can support my work by buying me a coffee:
Author
- Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
Latest Articles
Blog2022.12.13What are the Common Security Weaknesses of Cloud Based Networks?
Blog2022.10.12Vulnerability management with Wazuh open source XDR
Blog2022.08.29Deception Technologies: Improving Incident Detection and Response by Alex Vakulov
Blog2022.08.25Exploring the Heightened Importance of Cybersecurity in Mobile App Development by Jeff Kalwerisky
Popular Authors
New Edition
Hi, colorsheme looks good, provide the color scheme name or links to GitHub?