This python script deobfuscate PowerShell scripts.
- Deobfuscate ASCII base64 encode.
- Deobfuscate Unicode base64 encode.
- Rename obfuscated variables according to their entropy.
- Rename variables according to their type (string, string concat, int, float, null, true, false, new object).
- Rename functions.
python PS1Decoder.py input
Obfuscate PowerShell script
${global:ZPpMXBycE4mCNYa9o6mP} = 9831
${private:wal8i4pdFxdMvO6gb4PI} = "hello world"
${private:eL78KxptJvgUzUpTbJJU} = 4.1
$secret = $([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String('LjpVTkQzUjou')))
Deobfuscate PowerShell script
${global:var_int_9831_1} = 9831
${private:var_str_hello_world_1} = "hello world"
${private:var_float_4__1_1} = 4.1
$secret = ".:UND3R:."