Lockdown is a Windows-focused emergency response tool that automates system isolation, forensic capture, and full shutdown the moment compromise is detected. Built to integrate with EDR tools or custom detection scripts, it reacts instantly and surgically.
- 🔒 Blocks all network connections instantly
- 🧹 Terminates potentially dangerous or suspicious processes
- 📦 Captures detailed forensic info (processes, host/user/session)
- 📡 Sends alert + forensic dump via Discord webhook
- 💥 Immediately shuts down the system to stop further breach
- ⚙️ Designed to be called by EDR/XDR as an auto-response binary
- Network lockdown: Blocks all traffic via
netsh - Forensic sweep: Gathers host info and running processes
- Process purge: Terminates risky or untrusted processes
- Webhook dispatch: Sends formatted alert and attaches logs
- Self-release + shutdown: Reopens network briefly for exfil, then forces shutdown
- Clone the repo
- Set your Discord webhook inside the code (in
get_webhook()or a config file) - Compile using PyInstaller:
pyinstaller --onefile --noconsole main.pyYou may optionally modify which processes to terminate inside
kill_processes()inhardload.py
This is not an antivirus. It’s a "pull the plug" script:
- Detected RAT or ransomware activity
- Attacker persistence confirmed
- Suspicious lateral movement
- Remote desktop breach suspected
Use it to contain and alert, not to recover.
- Administrator privileges to run
- Discord webhook to receive alerts/logs
🚨 Emergency Alert 🚨
@everyone
Hostname: [REDACTED]
Username: [REDACTED]
Date/Time: [UTC]
Processes: See attached file.
JancoNel
Disclaimer: For educational, defensive, and incident response purposes only. Misuse is your responsibility. You break it, you buy it.