{"id":26901945,"url":"https://github.com/malwarekid/pwsh-env-enc","last_synced_at":"2025-07-02T08:33:02.125Z","repository":{"id":233206515,"uuid":"786023994","full_name":"malwarekid/PWSH-Env-Enc","owner":"malwarekid","description":"This Python script provides functionality to encode PowerShell commands while preserving the environment variables. It's especially useful when dealing with PowerShell commands containing characters like ', \", or $.","archived":false,"fork":false,"pushed_at":"2024-05-06T05:34:18.000Z","size":16,"stargazers_count":16,"open_issues_count":0,"forks_count":6,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-01T09:08:51.318Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/malwarekid.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-04-13T07:34:41.000Z","updated_at":"2025-02-28T21:50:53.000Z","dependencies_parsed_at":"2024-04-14T16:44:26.850Z","dependency_job_id":"962e7666-48de-4618-ac56-731d8fe721f7","html_url":"https://github.com/malwarekid/PWSH-Env-Enc","commit_stats":null,"previous_names":["malwarekid/pwsh-env-enc"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/malwarekid/PWSH-Env-Enc","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/malwarekid%2FPWSH-Env-Enc","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/malwarekid%2FPWSH-Env-Enc/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/malwarekid%2FPWSH-Env-Enc/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/malwarekid%2FPWSH-Env-Enc/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/malwarekid","download_url":"https://codeload.github.com/malwarekid/PWSH-Env-Enc/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/malwarekid%2FPWSH-Env-Enc/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":263102546,"owners_count":23414123,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-04-01T09:08:54.750Z","updated_at":"2025-07-02T08:33:02.036Z","avatar_url":"https://github.com/malwarekid.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# PWSH-Env-Enc\n\n## Overview\n\n- This Python script is use to encode a powershell commands and scripts into environment variable indexes which can be ran in a PS console. It helps in obfuscating PowerShell commands for various purposes such as penetration testing, malware development, or system administration tasks.\n\nInspired by John Hammonds methodology in this [video](https://www.youtube.com/watch?v=8CiNx4nNqQ0)\n\n## Features\n\n- Encodes PowerShell commands to bypass security restrictions.\n- Supports encoding of arbitrary PowerShell commands.\n- Pre-encodes commands to handle special characters like single quotes, double quotes, or dollar signs.\n- Generates encoded PowerShell commands ready for execution.\n\n\n## How to Use\n\n1. Clone the Repository:\n\n```\ngit clone https://github.com/malwarekid/PWSH-Env-Enc.git \u0026\u0026\ncd PWSH-Env-Enc\n```\n\n2. Run the Script:\n\n```\npython3 PWSH-Env-Enc.py\n```\n\n```\n    ____ _       _______ __  __      ______                 ______          \n   / __ \\ |     / / ___// / / /     / ____/___ _   __      / ____/___  _____\n  / /_/ / | /| / /\\__ \\/ /_/ /_____/ __/ / __ \\ | / /_____/ __/ / __ \\/ ___/\n / ____/| |/ |/ /___/ / __  /_____/ /___/ / / / |/ /_____/ /___/ / / / /__  \n/_/     |__/|__//____/_/ /_/     /_____/_/ /_/|___/     /_____/_/ /_/\\___/  \n                                                             By @malwarekid\n\nPowershell command (leave empty for SCRIPT file) : net user\nPre encode the command? (helpful if your command has ' or \" or $ characters) [y/n]y\nWants to save the file? [y/n]n\nOriginal Command\n================================\nnet user\n================================\nEncoded Command\n================================\nStart-Process PowerShell.exe -ArgumentList ('-ep bypass -w h -e bgBlAHQAIAB1AHMAZQByAA==')\n================================\nFINAL Encoded Command\n================================\n\u0026 ($( [char]105,[char]101,[char]120 ) -Join $($null)) ($( [char]83,[char]116,[char]97,[char]114,[char]116,[char]45,[char]80,[char]114,[char]111,[char]99,[char]101,[char]115,[char]115,[char]32,[char]80,[char]111,[char]119,[char]101,[char]114,[char]83,[char]104,[char]101,[char]108,[char]108,[char]46,[char]101,[char]120,[char]101,[char]32,[char]45,[char]65,[char]114,[char]103,[char]117,[char]109,[char]101,[char]110,[char]116,[char]76,[char]105,[char]115,[char]116,[char]32,[char]40,[char]39,[char]45,[char]101,[char]112,[char]32,[char]98,[char]121,[char]112,[char]97,[char]115,[char]115,[char]32,[char]45,[char]119,[char]32,[char]104,[char]32,[char]45,[char]101,[char]32,[char]98,[char]103,[char]66,[char]108,[char]65,[char]72,[char]81,[char]65,[char]73,[char]65,[char]66,[char]49,[char]65,[char]72,[char]77,[char]65,[char]90,[char]81,[char]66,[char]121,[char]65,[char]65,[char]61,[char]61,[char]39,[char]41 ) -Join $($null))\n```\n\n3. Enter the PowerShell command you want to encode. If you leave it empty, you can provide the path to a script file.\n\n4. Optionally, choose to pre-encode the command if it contains special characters like `'`, `\"`, or `$`.\n\n5. Choose whether to save the encoded command to a PowerShell script file.\n\n6. The encoded PowerShell command will be displayed, and if chosen, saved to a file named `encoded.ps1`.\n\n![Screenshot from 2024-04-16 20-32-55](https://github.com/malwarekid/PWSH-Env-Enc/assets/91931069/e5b21069-8dc8-401d-894b-778f9f45eb52)\n\n7. Run in the PS console like that: `powershell.exe -NoP -Ep Bypass -W h -File .\\encoded.ps1`\n\n## Requirements\n\n- Python 3.x\n- Base64 library (should be included in standard Python installations)\n\n## Contributors\n\n- [MalwareKid](https://github.com/malwarekid)\n\n## License\n\nThis project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.\n\n---\n\n## Notes\n\nFeel free to contribute, report issues, or provide feedback and dont forget to follow me on [Instagram](https://www.instagram.com/malwarekid/) and [github](https://github.com/malwarekid/) Happy Hacking!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmalwarekid%2Fpwsh-env-enc","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmalwarekid%2Fpwsh-env-enc","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmalwarekid%2Fpwsh-env-enc/lists"}