kimd155

kimd155 / GhostLock

Public

SMB deny-share handle research tool. Lock files on an enterprise share with zero writes, zero encryption, and zero alerts in any behavioral defense. Standard user. One API call. No CVE.

ghostlock.io ransomware red-team smb windows
36
3
69% credibility
Found May 11, 2026 at 36 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

GhostLock is a security research tool for Windows that temporarily locks files in network shares using standard read access to simulate ransomware-like disruptions without modifying data.

How It Works

1
🔍 Discover GhostLock

You hear about a tool that helps security testers check how well network file shares hold up against locking tricks without changing files.

2
📥 Get the Tool

Download the simple program to your Windows computer and open it to see a friendly menu.

3
Pick Your Way
⌨️
Manual Path

Type in the address of the folder you want to test.

🔎
Auto-Discover

Scan and pick from a list of visible shared folders nearby.

4
Add Safety Marker

Place a special marker file in the folder first to confirm it's safe to test there.

5
🔒 Lock the Files

The tool quickly grabs holds on thousands of files in the folder, blocking others from opening them just like a real lockout attack.

6
⏱️ Hold and Watch

Keep the locks in place as long as you want, then stop to release everything cleanly.

📊 Get Your Report

Receive a clear summary of what happened, showing how many files were locked and for how long, to share your test results.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 36 to 36 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is GhostLock?

GhostLock is a Python 3.9+ tool for Windows that locks files on SMB shares using a single API call to grab exclusive deny-share handles. A standard domain user with read access can block access to thousands of files across an enterprise share, creating ransomware-like availability disruption with zero writes, zero encryption, and zero alerts in behavioral defenses. Run it interactively to paste UNC paths or auto-discover shares via smb enumeration github style, then hold locks indefinitely or timed via CLI flags like --hold-indefinite.

Why is it gaining traction?

It bypasses every common detection—no bulk I/O, no renames, no EDR signals—exploiting documented SMB behavior since NT 3.1, with no CVE or patch. Pure stdlib, no deps, parallel scanning locks hundreds of thousands of files in minutes, plus victim simulation and JSON reports. Stands out from github smb client or go smb github tools by focusing on ghost lock impact, sparking talks on ghostlocks youtube and ghostlock ai defenses.

Who should use this?

Red teamers simulating smb proxy github attacks on NAS shares without triggering SIEM. Blue team engineers auditing github smb server or smb android github configs for session open-file blind spots. Security researchers validating behavioral defense gaps in smb scan github workflows, using the sentinel file for safe, authorized testing.

Verdict

Worth forking for SMB research—excellent docs, CLI, and paper make ghostlock us testing straightforward. At 36 stars and 0.7% credibility score, it's early-stage proof-of-concept, not battle-tested, but nails the no-alerts hook.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.