deobshell¶

Category: Programming / PowerShell

Homepage: https://github.com/thewhiteninja/deobshell

License: MIT License

Source: Git

Profiles: Full, Basic

Tags: powershell, deobfuscation, malware-analysis

Powershell script deobfuscation using AST in Python.

Usage¶

DeobShell is PoC to deobfuscate Powershell using Abstract Syntax Tree (AST) manipulation in Python. The AST is extracted using a Powershell script by calling System.Management.Automation.Language.Parser and writing relevant nodes to an XML file.