{"id":26932980,"url":"https://github.com/noderaven/payload-obfuscator","last_synced_at":"2025-10-05T22:12:27.486Z","repository":{"id":272539497,"uuid":"916940142","full_name":"noderaven/payload-obfuscator","owner":"noderaven","description":"A Python-based tool for studying and practicing Windows PE binary obfuscation techniques.","archived":false,"fork":false,"pushed_at":"2025-02-24T02:15:48.000Z","size":135,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-24T04:24:25.315Z","etag":null,"topics":["av-bypass","av-evasion","edr-bypass","edr-evasion","obfuscation","obfuscation-script","obfuscation-tool","obfuscator","payload-obfuscation","penetration-testing","pentest","pentest-scripts","pentest-tool","pentesting","pentesting-tools","red-team","red-team-tools","red-teaming","red-teaming-tools"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/noderaven.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-01-15T03:30:36.000Z","updated_at":"2025-02-24T02:15:51.000Z","dependencies_parsed_at":null,"dependency_job_id":"613538b1-cb44-40a9-9684-8b656dd2ff5a","html_url":"https://github.com/noderaven/payload-obfuscator","commit_stats":null,"previous_names":["rileymxyz/payload-obfuscator","noderaven/payload-obfuscator"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/noderaven%2Fpayload-obfuscator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/noderaven%2Fpayload-obfuscator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/noderaven%2Fpayload-obfuscator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/noderaven%2Fpayload-obfuscator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/noderaven","download_url":"https://codeload.github.com/noderaven/payload-obfuscator/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246785489,"owners_count":20833498,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["av-bypass","av-evasion","edr-bypass","edr-evasion","obfuscation","obfuscation-script","obfuscation-tool","obfuscator","payload-obfuscation","penetration-testing","pentest","pentest-scripts","pentest-tool","pentesting","pentesting-tools","red-team","red-team-tools","red-teaming","red-teaming-tools"],"created_at":"2025-04-02T09:17:14.075Z","updated_at":"2025-10-05T22:12:22.446Z","avatar_url":"https://github.com/noderaven.png","language":"Python","readme":"# Payload Obfuscator\n\nA Python-based tool for studying and practicing Windows PE binary obfuscation techniques. This tool is designed for educational purposes and should only be used in authorized lab environments.\n\n## Features\n\n### PE Section Manipulation\n- Section creation and modification\n- Section splitting and merging\n- Space validation and alignment\n- Section table updates\n\n### Section Name Obfuscation\n- Random name generation\n- Common section name mimicry\n- Length-preserving mutations\n- PE format compatibility validation\n\n### String Obfuscation\n- Multiple encryption algorithms (XOR, AES, RC4, custom)\n- Dynamic key generation\n- String detection and encryption\n- Runtime decryption support\n- Resource string manipulation\n- String table modification\n\n### Anti-Analysis Features\n- Debugger detection and evasion\n- Virtualization detection\n- Process environment checks\n- Hardware breakpoint detection\n- API hooking detection\n- Timing-based checks\n- Parent process verification\n\n### Content Transformation\n- Section content encryption\n- Base64 encoding\n- Compression\n- Polymorphic characteristics\n\n### Safety Features\n- Critical section protection\n- PE format validation\n- Alignment verification\n- Comprehensive error handling\n\n## Installation\n\n### Regular Installation\n```bash\n# Clone the repository\ngit clone https://github.com/rileymxyz/payload_obfuscator.git\ncd payload_obfuscator\n\n# Create and activate virtual environment (recommended)\npython -m venv venv\nsource venv/bin/activate  # On Windows: venv\\Scripts\\activate\n\n# Install package\npip install .\n```\n\n### Development Setup\n```bash\n# Clone the repository\ngit clone https://github.com/rileymxyz/payload_obfuscator.git\ncd payload_obfuscator\n\n# Create and activate virtual environment\npython -m venv venv\nsource venv/bin/activate  # On Windows: venv\\Scripts\\activate\n\n# Install in development mode\npip install -e .\n\n# Install development dependencies\npip install -r requirements-dev.txt  # if you have additional dev requirements\n```\n\n### Troubleshooting\n\nIf you encounter import errors:\n1. Make sure you've installed the package (`pip install .` or `pip install -e .`)\n2. Verify your Python environment is activated\n3. Check that all dependencies are installed\n4. If using from source directory, make sure you're in the correct directory\n\nCommon issues:\n- ModuleNotFoundError: Make sure the package is installed\n- ImportError: Check that all dependencies are installed\n- PermissionError: Use appropriate permissions/sudo when needed\n\n## Usage\n\n### As a Module\n\n```python\nfrom payload_obfuscator.src.obfuscator import PayloadObfuscator\n\n# Initialize obfuscator\nobfuscator = PayloadObfuscator(\"input.exe\", \"output_dir\")\n\n# Obfuscate the payload\nobfuscator.obfuscate()\n```\n\n### From Command Line\n\n```bash\npython3 -m payload_obfuscator.src.obfuscator input.exe -o output_dir\n```\n\n## Advanced Usage Examples\n\n### String Encryption\n\n```python\nfrom payload_obfuscator.src.obfuscator import PayloadObfuscator\n\nobfuscator = PayloadObfuscator(\"input.exe\", \"output_dir\")\npe = obfuscator.pe_handler.load_pe(\"input.exe\")\n\n# Encrypt strings using specific method\nobfuscator.string_handler.encrypt_strings(pe, method=\"aes\")\n\n# Encrypt strings in specific sections\nobfuscator.string_handler.encrypt_strings(pe, method=\"xor\", section_names=[\".text\", \".data\"])\n\n# Get string table information\ninfo = obfuscator.string_handler.get_string_table_info(pe)\n```\n\n### Anti-Analysis Features\n\n```python\n# Check execution environment\nenv_check = obfuscator.anti_analysis_handler.check_environment()\n\n# Apply evasion techniques\nobfuscator.anti_analysis_handler.apply_evasion_techniques(\n    skip_debugger=False,\n    skip_vm=False\n)\n\n# Get detailed environment info\nenv_info = obfuscator.anti_analysis_handler.get_environment_info()\n```\n\n### Section Name Randomization\n\n```python\n# Randomize specific section\nsection = pe.sections[0]\nobfuscator.section_handler.randomize_section_name(pe, section, strategy=\"random\")\n\n# Randomize all non-critical sections\nobfuscator.section_handler.randomize_all_section_names(pe, skip_critical=True, strategy=\"mimic\")\n```\n\n## Security Considerations\n\n1. This tool is for educational purposes only\n2. Use only in authorized lab environments\n3. Do not use on production systems\n4. Follow all applicable laws and regulations\n5. Practice responsible disclosure\n\n## Contributing\n\n1. Fork the repository\n2. Create a feature branch\n3. Commit your changes\n4. Push to the branch\n5. Create a Pull Request\n\n## Disclaimer\n\nThis tool is intended for educational purposes only, specifically for practicing techniques within authorized lab environments. The authors are not responsible for any misuse or damage caused by this tool.\n\n## Acknowledgments\n\n- PE format documentation\n- Python pefile library\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnoderaven%2Fpayload-obfuscator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnoderaven%2Fpayload-obfuscator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnoderaven%2Fpayload-obfuscator/lists"}