Skip to content

Installation and Setup

Jump to bottom
Ryan Cobb edited this page Sep 23, 2017 · 2 revisions

There's two options for installation/setup of PSAmsi.

  1. Traditional download to disk + Import-Module
  2. Download into memory ("weaponized" version)

If you plan to read the source code or develop on PSAmsi, option 1 is recommended. If you are looking for a simple/quick way to execute PSAmsi on a target machine, option 2 is recommended.

Traditional

Download and import the module:

PS > git clone https://github.com/cobbr/PSAmsi
PS > cd ./PSAmsi
PS > Import-Module ./PSAmsi/PSAmsi.psd1

"Weaponized" Version

When developing offensive security tools, there's a dichotomy between wanting to write easy to read, modular, commented code and making tools stealthy/easy to deploy. PSAmsi solves this by just providing two copies. The "weaponized" PSAmsiClient.ps1 file is a simple combination of all the relevant portions of PSAmsi that would be deployed on a target.

Download PSAmsiClient.ps1 into memory and invoke it:

PS > (Invoke-WebRequest 'https://github.com/cobbr/PSAmsi/raw/master/PSAmsiClient.ps1').Content | iex

Requirements

The requirements for PSAmsi is a Windows 10 machine with PowerShell 5.0+.

However, Start-PSAmsiServer can also be run on a Linux/MacOS machine with PowerShell 6.0+, usage for Start-PSAmsiServer is described here.

  1. Installation
  2. Introduction to PSAmsi
  3. Conducting AMSI Scans
  4. Finding AMSI Signatures
  5. Defeating AMSI Signatures with Obfuscation
  6. Standalone Client and Server Architecture
  7. Controlling AMSI Alerts
Clone this wiki locally