A basic cryptolocker and data exfiltration demonstration tool for educational and authorized security testing purposes.
THIS SOFTWARE IS PROVIDED FOR EDUCATIONAL AND AUTHORIZED SECURITY TESTING PURPOSES ONLY.
This repository contains a demonstration model of ransomware-like behavior (file encryption) and data exfiltration capabilities. It is intended EXCLUSIVELY for:
- Educational purposes in cybersecurity courses
- Authorized penetration testing and red team exercises
- Purple team training and security awareness demonstrations
- Controlled laboratory environments with explicit permission
UNAUTHORIZED USE OF THIS SOFTWARE IS STRICTLY PROHIBITED AND ILLEGAL.
You may NOT use this software to:
- Encrypt files on systems you do not own or have explicit authorization to test
- Exfiltrate data from systems without proper authorization
- Cause harm, damage, or disruption to any computer systems or networks
- Violate any local, state, national, or international laws
Unauthorized use of this software may violate:
- Computer Fraud and Abuse Act (CFAA) in the United States
- Computer Misuse Act in the United Kingdom
- Similar cybercrime legislation in other jurisdictions
Violators may face severe criminal penalties including imprisonment and substantial fines.
THE AUTHORS AND CONTRIBUTORS OF THIS SOFTWARE DISCLAIM ALL RESPONSIBILITY AND LIABILITY FOR ANY MISUSE, DAMAGE, OR ILLEGAL ACTIVITIES CONDUCTED WITH THIS SOFTWARE.
By downloading, accessing, or using this software, you acknowledge that:
- You will use it only for lawful, authorized purposes
- You accept full responsibility for your actions
- The authors bear no liability for any consequences of misuse
- You will comply with all applicable laws and regulations
- File Encryption: AES-256-GCM encryption of files in the current directory
- Data Exfiltration: HTTPS-based file transmission to a specified IP address
- Cross-Platform: Builds for Windows (PE) and Unix-like systems
- Configurable: Command-line flags for target IP configuration
- Safety Features:
- Excludes
.goand.modsource files from encryption - Excludes the executable itself from encryption and transmission
- Excludes
Serpent/
βββ src/
β βββ serpent.go # Main application entry point
β βββ serpent_test.go # Test suite
β βββ Makefile # Build configuration
β βββ go.mod # Go module definition
β βββ pkg/
β βββ encrypt/ # Encryption and file operations
β βββ https/ # HTTPS file transmission
βββ build/ # Compiled executables
βββ test/ # Test files
βββ val/ # Validation directory
cd src
make buildThis will create:
build/serpent- Native executable (macOS/Linux)build/serpent.exe- Windows PE executable
# Run with default IP (127.0.0.1)
./serpent
# Specify target IP address
./serpent -i <ip_address>The program will:
- Display ASCII art banner
- Attempt to send all files in the current directory to the specified IP via HTTPS
- Encrypt all files in the current directory (excluding source files and the executable)
cd src
go test- Go 1.25.5 or higher
- HTTPS server for receiving exfiltrated files (for testing purposes)
This tool demonstrates:
- Attack Vectors: How ransomware encrypts files and exfiltrates data
- Detection Opportunities: File system monitoring, network traffic analysis
- Mitigation Strategies: Backups, endpoint protection, network segmentation
Use this knowledge to defend against real threats, not to create them.
This software is provided "as is" without warranty of any kind. See the disclaimer above for terms of use.
By using this software, you agree to:
- Obtain proper authorization before testing on any system
- Use it only for defensive security purposes
- Not distribute it to unauthorized parties
- Report any vulnerabilities responsibly
Remember: With great power comes great responsibility. Use your skills ethically and legally.