AMSITrigger : The Hunt For Malicious Strings

AMSITrigger will identify all of the malicious strings in a powershell file, by repeatedly making calls to AMSI using AMSIScanBuffer .

Hunting For Malicious Strings

Usage

-i, –inputfile=VALUE Powershell filename
-u, –url=VALUE URL eg. https://10.1.1.1/Invoke-NinjaCopy.ps1
-f, –format=VALUE Output Format:
1 – Only show Triggers
2 – Show Triggers with Line numbers
3 – Show Triggers inline with code
4 – Show AMSI calls (xmas tree mode)
-d, –debug Show Debug Info
-m, –maxsiglength=VALUE Maximum signature Length to cater for,
default=2048
-c, –chunksize=VALUE Chunk size to send to AMSIScanBuffer,
default=4096
-h, -?, –help Show Help

R K

Next MurMurHash : Tool To Calculate A MurmurHash Value Of A Favicon To Hunt Phishing Websites On The Shodan Platform »

Previous « Charlotte : C++ Fully Undetected Shellcode Launcher

Share

Published by

R K

Tags: AMSITriggerMalicious Strings

4 years ago

Recent Posts

Cyber security

How Web Application Firewalls (WAFs) Work

General Working of a Web Application Firewall (WAF) A Web Application Firewall (WAF) acts as…

2 weeks ago

Linux

How to Send POST Requests Using curl in Linux

How to Send POST Requests Using curl in Linux If you work with APIs, servers,…

2 weeks ago

Linux

What Does chmod 777 Mean in Linux

If you are a Linux user, you have probably seen commands like chmod 777 while…

2 weeks ago

Linux

How to Undo and Redo in Vim or Vi

Vim and Vi are among the most powerful text editors in the Linux world. They…

2 weeks ago

Linux

How to Unzip and Extract Files in Linux

Working with compressed files is a common task for any Linux user. Whether you are…

2 weeks ago

OSINT

Free Email Lookup Tools and Reverse Email Search Resources

In the digital era, an email address can reveal much more than just a contact…

2 weeks ago

L