📺 Watch the Demo Video:
PainPain is a modular, educational Proof-of-Concept (PoC) ransomware project. It demonstrates file discovery, encryption, exfiltration, and a realistic GUI, all for research and ethical hacking education. Do not use for malicious purposes.
- Recursive File Discovery (configurable)
- AES Encryption/Decryption with Fernet
- C2 Server Simulation (Flask, HTTP POST)
- Modern GUI (Tkinter, realistic ransom note, timer, payment instructions)
- Professional Logging (console & file)
- Safe PoC (test directories, no destructive defaults)
- Extensible, Modular Python Package
- Unit & Integration Tests
pip install -r requirements.txt- Copy
.env.exampleto.envand fill in your secrets/keys/configuration. - Never commit your
.envfile!
python c2_server/c2_server_alt.py- Encrypt files:
python main.py -p "./testDir/banking_receipts" -e - Decrypt files:
python main.py -p "./testDir/banking_receipts" -d - GUI:
- The GUI will display a ransom note, timer, and payment instructions.
- Enter the code
bitcoinand click Decrypt Files. After successful decryption, the window closes automatically in 1 second.
PainPain-Ransomware-PoC/
├── main.py # Main CLI entry point
├── ransomware/ # Core package
│ ├── core.py # Orchestrates discovery, encryption, GUI
│ ├── config.py # AppConfig (pydantic)
│ ├── gui/ # GUI logic (Tkinter)
│ ├── gui_main.py # Main GUI entry point
│ ├── crypto/ # Encryption, key management
│ ├── discovery/ # File discovery logic
│ ├── network/ # C2 client logic
│ ├── exceptions.py # Custom exceptions
│ └── ...
├── c2_server/ # C2 server (Flask)
│ ├── c2_server_alt.py # HTTP POST C2 server
│ └── ...
├── testDir/ # Sample/test data
├── tests/ # Unit/integration tests
├── requirements.txt # Python dependencies
├── Dockerfile # Containerization
├── README.md # Documentation
└── ...
- Entry point for encryption/decryption.
- Uses argparse for CLI options.
- Loads config from
.envviaAppConfig. - Calls
RansomwareAppfor all operations.
RansomwareApp: Orchestrates key management, file discovery, encryption/decryption, C2 exfiltration, and GUI launch.
- Tkinter-based GUI simulating a real ransomware note.
- Timer, payment instructions, and decryption workflow.
- Window closes 1 second after successful decryption.
encryptor.py: Fernet-based file encryption/decryption.keys.py: Key load/save utilities.
discoverer.py: Recursively finds files, with optional extension filtering.
client.py: Sends exfiltration data to C2 server via HTTP POST.
- Flask app, receives exfiltration data at
/exfiltrate. - Logs all events, stores machine data and exfiltrated files.
- Unit and integration tests for discovery, encryption, GUI, and network.
- Contains realistic test files (docs, images, configs, etc.) for safe demonstration.
- All config is managed via
.envandransomware/config.py. - Example
.env:c2_server_url="http://localhost:8080" encryption_key_path="./encryption.key" log_level="INFO" environment="development" timeout=30 hardcoded_key="your_hardcoded_key_here" decrypt_code="bitcoin" server_public_rsa_key="-----BEGIN PUBLIC KEY-----\n...\n-----END PUBLIC KEY-----" server_private_rsa_key="-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----" extension=".wasted" host="127.0.0.1" port=8080 payment_address="1BitcoinEaterAddressDontSendf59kuE"
docker build -t ransomware-poc .- See README above for Linux, macOS, and Windows/WSL2 instructions.
- Run all tests:
pytest
- Tests are in the
tests/directory.
- Fork the repo, create a feature branch, follow modular structure and docstring standards.
- Write clean code with type hints and docstrings.
- Submit a PR with a meaningful description.
- For educational and ethical research use only.
- Do not use on production or unauthorized systems.
- Authors are not responsible for misuse or damage.
- Always comply with local laws and regulations.
- Suggestions, security insights, or collaboration ideas? Email: [email protected]
"Cybersecurity is not about avoiding threats — it's about understanding them first."