A comprehensive PowerShell script obfuscator designed for red team operations. This tool applies multiple layers of obfuscation to PowerShell scripts while preserving their functionality.
- Replaces all user-defined identifiers with randomized names
- Applies various encoding methods including:
- Base64 encoding with .NET method calls
- Unicode escape sequences (%u00XX format)
- Hexadecimal encoding
- ASCII byte array representations
- Control Flow Obfuscation:
- Inserts dummy conditional statements (
if,switch,forloops) - Adds try-catch blocks throughout code
- Implements do-while constructs that execute once
- Inserts dummy conditional statements (
- Replaces standard cmdlets with shorter aliases (e.g.,
Get-Process→gps) - Adds random variable assignments that don't affect functionality
- Non-executing code to increase entropy and evade signature detection
- Processes large scripts in chunks for memory optimization
- Works on both Windows PowerShell and PowerShell Core
- Built-in PowerShell syntax checking capabilities
- Verifies obfuscated scripts maintain original behavior
- Three levels (low, medium, high) for tailored obfuscation
When tested against a 17.7KB PowerShell script (Get-ComputerDetail.ps1):
- 31.7KB (+79.1% increase)
- 100% maintained original functionality
- All major techniques consistently implemented
- Highly obfuscated output is significantly larger than original
- Obfuscated scripts may have slightly increased execution time
- Near impossible to debug or modify obfuscated scripts
- May not handle all PowerShell language constructs perfectly
python3 powershell_obfuscator.py input.ps1 -o obfuscated.ps1 -l highOptions:
-l, --level: Obfuscation intensity (low, medium, high)-t, --test: Run functionality tests after obfuscation-v, --verbose: Enable verbose logging
The PowerShell Obfuscator provides obfuscation suitable for advanced red team operations.