Skip to content
/ PowerShell-Debug Public

A powershell de-obfuscator tool, that can de-obfuscate any powershell command string, no matter how obfuscated.

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

GhostDog98/PowerShell-Debug

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8,633 Commits
.devcontainer
.devcontainer
 
 
.github
.github
 
 
.poshchan
.poshchan
 
 
.vscode
.vscode
 
 
.vsts-ci
.vsts-ci
 
 
CHANGELOG
CHANGELOG
 
 
assets
assets
 
 
demos
demos
 
 
docker
docker
 
 
docs
docs
 
 
src
src
 
 
test
test
 
 
tools
tools
 
 
.editorconfig
.editorconfig
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
.globalconfig
.globalconfig
 
 
.markdownlint.json
.markdownlint.json
 
 
.spelling
.spelling
 
 
ADOPTERS.md
ADOPTERS.md
 
 
Analyzers.props
Analyzers.props
 
 
CHANGELOG.md
CHANGELOG.md
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
DotnetRuntimeMetadata.json
DotnetRuntimeMetadata.json
 
 
LICENSE.txt
LICENSE.txt
 
 
PowerShell.Common.props
PowerShell.Common.props
 
 
PowerShell.sln
PowerShell.sln
 
 
README.md
README.md
 
 
Settings.StyleCop
Settings.StyleCop
 
 
ThirdPartyNotices.txt
ThirdPartyNotices.txt
 
 
build.psm1
build.psm1
 
 
codecov.yml
codecov.yml
 
 
global.json
global.json
 
 
nuget.config
nuget.config
 
 
stylecop.json
stylecop.json
 
 

Repository files navigation

PowerShell debugging tool

PowerShell-Debug is a tool that reveals what an obfuscated command is actually doing, no matter how much it is concealed (at least that is the aim).
So far, it logs this using the following methods, neither of which have any known methods of interception (at least to my knowledge):
Prints to the terminal itself using Console.WriteLine
Writes all commands executed to a .txt on the desktop, alongside timestamps.

Current commands that give output:

Get-Content
Out-File
Invoke-Expression
Invoke-WebRequest

Commands not yet done (but planned to):

New-ItemProperty (writes registry)
Test-Path (tests if a path exists)
Get-ItemProperty (Read registry)

Suggestions:

To suggest features, simply put up an issue or pull request, and i'll probably impliment it.

ToDo:

Change a bunch of the .md files to actually represent the new repo. Report registry functions (if anyone wants to figure this out, good luck, as the file for registry stuff is ~4000 lines long...) Change/Add to the current way of reporting commands to setting an eventViewer event, as this is more permanent and also catchable if the program is not run in a visable window.

Downloading the Source Code

You can just clone the repository:

git clone https://github.com/PowerShell/PowerShell.git

See working with the PowerShell repository for more information.

Legal and Licensing

PowerShell is licensed under the MIT license.

Code of Conduct

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

About

A powershell de-obfuscator tool, that can de-obfuscate any powershell command string, no matter how obfuscated.

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Security policy

Security policy
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

Version 1.0 debug (hopefully not broken) Latest
Jan 20, 2021

Packages

No packages published

Contributors 352

+ 338 contributors

Languages