Search the Community

Xencrypt - A PowerShell Script Anti-Virus Evasion Tool Tired of wasting lots of time obfuscating PowerShell scripts like invoke-mimikatz only to have them get detected anyway? Wouldn't it be awesome if you could take any script and automatically and with almost no effort generate a near-infinite amount of variants in order to defeat signature-based antivirus detection mechanisms? WELL, NOW YOU CAN! For the low low price of free! Xencrypt is a PowerShell crypter that uses AES encryption and Gzip/DEFLATE compression to with every invocation generate a completely unique yet functionally equivalent output script given any input script. It does this by compressing and encrypting the input script and storing this data as a payload in a new script which will unencrypt and decompress the payload before running it. In essence, it is to PowerShell what a PE crypter is. Features Xencrypt: Bypasses AMSI and all modern AVs in use on VirusTotal (as of writing) Compresses and encrypts powershell scripts Has a minimal and often even negative (thanks to the compression) overhead Randomizes variable names to further obfuscate the decrypter stub Randomizes encryption, compression and even the order that the statements appear in the code for maximum entropy! Super easy to modify to create your own crypter variant Supports recursive layering (crypter crypting the crypted output), tested up to 500 layers. Supports Import-Module as well as standard running as long as the input script also supported it GPLv3 -- Free and open-source! All features in a single file so you can take it with you anywhere! Is despite all of the above not a silver bullet for every configuration -- caveat emptor! [HIDE][Hidden Content]]