ransomwatch


Nameransomwatch JSON
Version 1.2.3 PyPI version JSON
download
home_pageNone
SummaryRansomware Intelligence Tool - Designed for threat intelligence, security research, and situational awareness
upload_time2025-07-08 22:36:29
maintainerNone
docs_urlNone
authorNone
requires_python>=3.8
licenseMIT
keywords ransomware security threat-intelligence cybersecurity
VCS
bugtrack_url
requirements requests urllib3
Travis-CI No Travis.
coveralls test coverage No coveralls.
            # ransomwatch - Ransomware Intelligence Tool

A Python tool for ransomware threat intelligence and security research.

![Python Version](https://img.shields.io/badge/python-3.8%2B-blue)
![PyPI version](https://img.shields.io/pypi/v/ransomwatch.svg)
![License](https://img.shields.io/badge/license-MIT-green)

## 🚀 Quick Start

```bash
# Install/Update from PyPI (recommended)
pip install ransomwatch
pip install --upgrade ransomwatch

# Set API token (get from ransomware.live)
export RANSOMWATCH_API_TOKEN="your-token-here"

# Use it
ransomwatch groups
ransomwatch recent -l 10
ransomwatch info --group ransomhub
ransomwatch stats
```

## Commands

| Command | Description | Example |
|---------|-------------|---------|
| `groups` | List active ransomware groups with risk levels | `ransomwatch groups` |
| `recent` | Show recent ransomware incidents | `ransomwatch recent -l 20` |
| `info` | Get detailed threat actor intelligence | `ransomwatch info --group akira` |
| `stats` | Show threat landscape statistics | `ransomwatch stats` |

## Options

```bash
--json                      # JSON output for automation
--verbose                   # Debug logging
--timeout N                 # Request timeout (default: 10s)
--rate-limit-per-minute N   # API rate limiting
```

## Output Examples

### Ransomware Groups Analysis
```
RANSOMWARE GROUP ANALYSIS
Active Groups: 271
====================================
  1. [CRITICAL] lockbit3
     Victim Count: 2,016

  2. [CRITICAL] clop
     Victim Count: 1,012

  3. [CRITICAL] alphv
     Alternative Name: blackcat
     Victim Count: 731

  4. [HIGH]     play
     Victim Count: 93

  5. [MEDIUM]   akira
     Victim Count: 45

  6. [LOW]      chaos
     Victim Count: 10

   ...

====================================
SUMMARY: 271 Groups | 8,234 Total Victims
RISK BREAKDOWN: Critical: 15 | High: 28 | Medium: 84 | Low: 144
```

### Recent Ransomware Incidents
```
RECENT RANSOMWARE INCIDENTS
Displaying: 10 most recent cases
====================================
  1. VICTIM: ...
     Threat Actor: lockbit3
     Discovery Date: 2024-01-01 20:15
     Location: United States
     Website: www.example.com
     Details: ...

  2. VICTIM: ...
     Threat Actor: alphv
     Discovery Date: 2023-01-01 08:15
     Location: Canada
     Details: ...

   ...

====================================
TOTAL INCIDENTS DISPLAYED: 10
```

### Threat Actor Intelligence Report
```
THREAT ACTOR INTELLIGENCE REPORT
====================================
PRIMARY IDENTIFIER: lockbit3
THREAT CLASSIFICATION: CRITICAL
CONFIRMED VICTIMS: 2,016

OPERATIONAL TIMELINE:
Initial Detection: 2019-09-01
Most Recent Activity: 2024-01-15

TACTICS, TECHNIQUES & PROCEDURES (TTPs):

   ...

====================================
```

## Automation & Integration

```bash
# JSON output
ransomwatch --json groups > threat_groups.json
ransomwatch --json recent -l 100 > incidents.json

# Daily threat intelligence reports
DATE=$(date +%Y-%m-%d)
ransomwatch --json stats > "threat_landscape_${DATE}.json"

# Filter high-risk groups with jq
ransomwatch --json groups | jq '.groups[] | select(.victims > 100) | {name: .group, victims: .victims, threat_level: "CRITICAL"}'

# Generate reports
ransomwatch groups > daily_threat_brief.txt
ransomwatch recent -l 20 > recent_incidents.txt
```

## Installation Methods

### Method 1: PyPI Install (Recommended)
```bash
pip install ransomwatch
ransomwatch --help
```

### Method 2: Development Install
```bash
git clone https://github.com/yannickboog/ransomwatch.git
cd ransomwatch
pip install -e .
ransomwatch --help
```

### Method 3: Direct Usage
```bash
git clone https://github.com/yannickboog/ransomwatch.git
cd ransomwatch
pip install -r requirements.txt
python3 -m ransomwatch --help
```

## 🔑 API Token

1. Get token from [ransomware.live](https://ransomware.live)
2. Set environment variable:

### Linux/macOS

#### Temporary (current session only)
```bash
export RANSOMWATCH_API_TOKEN="your-token"
```

#### For permanent setup on Linux/macOS:
```bash
echo 'export RANSOMWATCH_API_TOKEN="your-token"' >> ~/.bashrc
```

### Windows

#### Temporary (current session only)
**CMD:**
```cmd
set RANSOMWATCH_API_TOKEN=your-token
```

**PowerShell:**
```powershell
$env:RANSOMWATCH_API_TOKEN = "your-token"
```

#### Permanent (for all new sessions)
**CMD - For current user:**
```cmd
setx RANSOMWATCH_API_TOKEN "your-token"
```

**CMD - For all users (as Administrator):**
```cmd
setx RANSOMWATCH_API_TOKEN "your-token" /M
```

**PowerShell - For current user:**
```powershell
[Environment]::SetEnvironmentVariable("RANSOMWATCH_API_TOKEN", "your-token", "User")
```

**PowerShell - For all users (as Administrator):**
```powershell
[Environment]::SetEnvironmentVariable("RANSOMWATCH_API_TOKEN", "your-token", "Machine")
```

## Troubleshooting

| Error | Solution |
|-------|----------|
| "No API token provided" | Linux/macOS: `export RANSOMWATCH_API_TOKEN="token"`<br>Windows CMD: `set RANSOMWATCH_API_TOKEN=token`<br>Windows PowerShell: `$env:RANSOMWATCH_API_TOKEN = "token"` |
| "Request timed out" | `ransomwatch --timeout 30 groups` |
| "Invalid command" | Use: `groups`, `recent`, `info`, `stats` |

## Requirements

- Python 3.8+
- API token from ransomware.live

## 💰 Support

If this tool helped you, consider supporting development:

**Bitcoin**: `bc1qmmr6hqlqs097l4ehgyccu8aulk68hmpn3rwkn8`

## License

MIT License - see LICENSE file for details.

---

**For legitimate security research and threat intelligence purposes only.**

            

Raw data

            {
    "_id": null,
    "home_page": null,
    "name": "ransomwatch",
    "maintainer": null,
    "docs_url": null,
    "requires_python": ">=3.8",
    "maintainer_email": null,
    "keywords": "ransomware, security, threat-intelligence, cybersecurity",
    "author": null,
    "author_email": "Yannick Boog <security@yannick.xyz>",
    "download_url": "https://files.pythonhosted.org/packages/18/35/89a553f91cae690fe45c7fe9bcc4b539bde11c2f0dc1c50a73fbb1253b68/ransomwatch-1.2.3.tar.gz",
    "platform": null,
    "description": "# ransomwatch - Ransomware Intelligence Tool\n\nA Python tool for ransomware threat intelligence and security research.\n\n![Python Version](https://img.shields.io/badge/python-3.8%2B-blue)\n![PyPI version](https://img.shields.io/pypi/v/ransomwatch.svg)\n![License](https://img.shields.io/badge/license-MIT-green)\n\n## \ud83d\ude80 Quick Start\n\n```bash\n# Install/Update from PyPI (recommended)\npip install ransomwatch\npip install --upgrade ransomwatch\n\n# Set API token (get from ransomware.live)\nexport RANSOMWATCH_API_TOKEN=\"your-token-here\"\n\n# Use it\nransomwatch groups\nransomwatch recent -l 10\nransomwatch info --group ransomhub\nransomwatch stats\n```\n\n## Commands\n\n| Command | Description | Example |\n|---------|-------------|---------|\n| `groups` | List active ransomware groups with risk levels | `ransomwatch groups` |\n| `recent` | Show recent ransomware incidents | `ransomwatch recent -l 20` |\n| `info` | Get detailed threat actor intelligence | `ransomwatch info --group akira` |\n| `stats` | Show threat landscape statistics | `ransomwatch stats` |\n\n## Options\n\n```bash\n--json                      # JSON output for automation\n--verbose                   # Debug logging\n--timeout N                 # Request timeout (default: 10s)\n--rate-limit-per-minute N   # API rate limiting\n```\n\n## Output Examples\n\n### Ransomware Groups Analysis\n```\nRANSOMWARE GROUP ANALYSIS\nActive Groups: 271\n====================================\n  1. [CRITICAL] lockbit3\n     Victim Count: 2,016\n\n  2. [CRITICAL] clop\n     Victim Count: 1,012\n\n  3. [CRITICAL] alphv\n     Alternative Name: blackcat\n     Victim Count: 731\n\n  4. [HIGH]     play\n     Victim Count: 93\n\n  5. [MEDIUM]   akira\n     Victim Count: 45\n\n  6. [LOW]      chaos\n     Victim Count: 10\n\n   ...\n\n====================================\nSUMMARY: 271 Groups | 8,234 Total Victims\nRISK BREAKDOWN: Critical: 15 | High: 28 | Medium: 84 | Low: 144\n```\n\n### Recent Ransomware Incidents\n```\nRECENT RANSOMWARE INCIDENTS\nDisplaying: 10 most recent cases\n====================================\n  1. VICTIM: ...\n     Threat Actor: lockbit3\n     Discovery Date: 2024-01-01 20:15\n     Location: United States\n     Website: www.example.com\n     Details: ...\n\n  2. VICTIM: ...\n     Threat Actor: alphv\n     Discovery Date: 2023-01-01 08:15\n     Location: Canada\n     Details: ...\n\n   ...\n\n====================================\nTOTAL INCIDENTS DISPLAYED: 10\n```\n\n### Threat Actor Intelligence Report\n```\nTHREAT ACTOR INTELLIGENCE REPORT\n====================================\nPRIMARY IDENTIFIER: lockbit3\nTHREAT CLASSIFICATION: CRITICAL\nCONFIRMED VICTIMS: 2,016\n\nOPERATIONAL TIMELINE:\nInitial Detection: 2019-09-01\nMost Recent Activity: 2024-01-15\n\nTACTICS, TECHNIQUES & PROCEDURES (TTPs):\n\n   ...\n\n====================================\n```\n\n## Automation & Integration\n\n```bash\n# JSON output\nransomwatch --json groups > threat_groups.json\nransomwatch --json recent -l 100 > incidents.json\n\n# Daily threat intelligence reports\nDATE=$(date +%Y-%m-%d)\nransomwatch --json stats > \"threat_landscape_${DATE}.json\"\n\n# Filter high-risk groups with jq\nransomwatch --json groups | jq '.groups[] | select(.victims > 100) | {name: .group, victims: .victims, threat_level: \"CRITICAL\"}'\n\n# Generate reports\nransomwatch groups > daily_threat_brief.txt\nransomwatch recent -l 20 > recent_incidents.txt\n```\n\n## Installation Methods\n\n### Method 1: PyPI Install (Recommended)\n```bash\npip install ransomwatch\nransomwatch --help\n```\n\n### Method 2: Development Install\n```bash\ngit clone https://github.com/yannickboog/ransomwatch.git\ncd ransomwatch\npip install -e .\nransomwatch --help\n```\n\n### Method 3: Direct Usage\n```bash\ngit clone https://github.com/yannickboog/ransomwatch.git\ncd ransomwatch\npip install -r requirements.txt\npython3 -m ransomwatch --help\n```\n\n## \ud83d\udd11 API Token\n\n1. Get token from [ransomware.live](https://ransomware.live)\n2. Set environment variable:\n\n### Linux/macOS\n\n#### Temporary (current session only)\n```bash\nexport RANSOMWATCH_API_TOKEN=\"your-token\"\n```\n\n#### For permanent setup on Linux/macOS:\n```bash\necho 'export RANSOMWATCH_API_TOKEN=\"your-token\"' >> ~/.bashrc\n```\n\n### Windows\n\n#### Temporary (current session only)\n**CMD:**\n```cmd\nset RANSOMWATCH_API_TOKEN=your-token\n```\n\n**PowerShell:**\n```powershell\n$env:RANSOMWATCH_API_TOKEN = \"your-token\"\n```\n\n#### Permanent (for all new sessions)\n**CMD - For current user:**\n```cmd\nsetx RANSOMWATCH_API_TOKEN \"your-token\"\n```\n\n**CMD - For all users (as Administrator):**\n```cmd\nsetx RANSOMWATCH_API_TOKEN \"your-token\" /M\n```\n\n**PowerShell - For current user:**\n```powershell\n[Environment]::SetEnvironmentVariable(\"RANSOMWATCH_API_TOKEN\", \"your-token\", \"User\")\n```\n\n**PowerShell - For all users (as Administrator):**\n```powershell\n[Environment]::SetEnvironmentVariable(\"RANSOMWATCH_API_TOKEN\", \"your-token\", \"Machine\")\n```\n\n## Troubleshooting\n\n| Error | Solution |\n|-------|----------|\n| \"No API token provided\" | Linux/macOS: `export RANSOMWATCH_API_TOKEN=\"token\"`<br>Windows CMD: `set RANSOMWATCH_API_TOKEN=token`<br>Windows PowerShell: `$env:RANSOMWATCH_API_TOKEN = \"token\"` |\n| \"Request timed out\" | `ransomwatch --timeout 30 groups` |\n| \"Invalid command\" | Use: `groups`, `recent`, `info`, `stats` |\n\n## Requirements\n\n- Python 3.8+\n- API token from ransomware.live\n\n## \ud83d\udcb0 Support\n\nIf this tool helped you, consider supporting development:\n\n**Bitcoin**: `bc1qmmr6hqlqs097l4ehgyccu8aulk68hmpn3rwkn8`\n\n## License\n\nMIT License - see LICENSE file for details.\n\n---\n\n**For legitimate security research and threat intelligence purposes only.**\n",
    "bugtrack_url": null,
    "license": "MIT",
    "summary": "Ransomware Intelligence Tool - Designed for threat intelligence, security research, and situational awareness",
    "version": "1.2.3",
    "project_urls": {
        "Bug Reports": "https://github.com/yannickboog/ransomwatch/issues",
        "Homepage": "https://github.com/yannickboog/ransomwatch",
        "Source": "https://github.com/yannickboog/ransomwatch"
    },
    "split_keywords": [
        "ransomware",
        " security",
        " threat-intelligence",
        " cybersecurity"
    ],
    "urls": [
        {
            "comment_text": null,
            "digests": {
                "blake2b_256": "be715eb44794ff12a839c059ec679464dc1c354f242dd12d65d7f02a1cda223f",
                "md5": "eb6b0b327f1c0b226f2033589ac7cb1d",
                "sha256": "9316ebc890759d5002dccea992e0d928ec7f4d9f7a32b49673680af98b77df57"
            },
            "downloads": -1,
            "filename": "ransomwatch-1.2.3-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "eb6b0b327f1c0b226f2033589ac7cb1d",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": ">=3.8",
            "size": 17647,
            "upload_time": "2025-07-08T22:36:27",
            "upload_time_iso_8601": "2025-07-08T22:36:27.694909Z",
            "url": "https://files.pythonhosted.org/packages/be/71/5eb44794ff12a839c059ec679464dc1c354f242dd12d65d7f02a1cda223f/ransomwatch-1.2.3-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": null,
            "digests": {
                "blake2b_256": "183589a553f91cae690fe45c7fe9bcc4b539bde11c2f0dc1c50a73fbb1253b68",
                "md5": "63d329182915e675a2eef94f86407c87",
                "sha256": "e5b5c6e189cb5cb00bd59029f9778b2690330d7505281809b3e3728ec4cb0539"
            },
            "downloads": -1,
            "filename": "ransomwatch-1.2.3.tar.gz",
            "has_sig": false,
            "md5_digest": "63d329182915e675a2eef94f86407c87",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": ">=3.8",
            "size": 17684,
            "upload_time": "2025-07-08T22:36:29",
            "upload_time_iso_8601": "2025-07-08T22:36:29.291221Z",
            "url": "https://files.pythonhosted.org/packages/18/35/89a553f91cae690fe45c7fe9bcc4b539bde11c2f0dc1c50a73fbb1253b68/ransomwatch-1.2.3.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2025-07-08 22:36:29",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "yannickboog",
    "github_project": "ransomwatch",
    "travis_ci": false,
    "coveralls": false,
    "github_actions": false,
    "requirements": [
        {
            "name": "requests",
            "specs": [
                [
                    ">=",
                    "2.31.0"
                ]
            ]
        },
        {
            "name": "urllib3",
            "specs": [
                [
                    ">=",
                    "1.26.0"
                ]
            ]
        }
    ],
    "lcname": "ransomwatch"
}
        
Elapsed time: 1.21327s