Skip to content

victorgutierrez92/PS1Decoder

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits

.gitattributes

.gitattributes

 
 

LICENSE

LICENSE

 
 

PS1Decoder.py

PS1Decoder.py

 
 

README.md

README.md

 
 

Repository files navigation

PS1Decoder

This python script deobfuscate PowerShell scripts.

Characteristic

  • Deobfuscate ASCII base64 encode.
  • Deobfuscate Unicode base64 encode.
  • Rename obfuscated variables according to their entropy.
  • Rename variables according to their type (string, string concat, int, float, null, true, false, new object).
  • Rename functions.

Usage

python PS1Decoder.py input

Example

Obfuscate PowerShell script

${global:ZPpMXBycE4mCNYa9o6mP}  =  9831
${private:wal8i4pdFxdMvO6gb4PI}  =  "hello world"
${private:eL78KxptJvgUzUpTbJJU}  =  4.1
$secret = $([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String('LjpVTkQzUjou')))

Deobfuscate PowerShell script

${global:var_int_9831_1}  =  9831
${private:var_str_hello_world_1}  =  "hello world"
${private:var_float_4__1_1}  =  4.1
$secret  =  ".:UND3R:."

License

GNU General Public License v3.0

About

PowerShell deobfuscator

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages