py-amsi: Streamlining Malware Detection in Python with the Windows AMSI API

py-amsi is a library that scans strings or files for malware using the Windows Antimalware Scan Interface (AMSI) API. AMSI is an interface native to Windows that allows applications to ask the antivirus installed on the system to analyse a file/string. AMSI is not tied to Windows Defender. Antivirus providers implement the AMSI interface to receive calls from applications. This library takes advantage of the API to make antivirus scans in python. Read more about the Windows AMSI API here.

Installation

Via pip

pip install pyamsi

Clone repository

git clone https://github.com/Tomiwa-Ot/py-amsi.git
cd py-amsi/
python setup.py install

Usage

from pyamsi import Amsi

# Scan a file
Amsi.scan_file(file_path, debug=True) # debug is optional and False by default

# Scan string
Amsi.scan_string(string, string_name, debug=False) # debug is optional and False by default

# Both functions return a dictionary of the format
# {
#     'Sample Size' : 68,         // The string/file size in bytes
#     'Risk Level' : 0,           // The risk level as suggested by the antivirus
#     'Message' : 'File is clean' // Response message
# }

AMSI-Bypass-HWBP : A Tool For Evading AMSI Detection

March 12, 2025

In "Cyber security"

CrimsonEDR : A Cutting-Edge Tool For Simulating And Bypassing EDR Systems

February 28, 2025

In "Cyber security"

Lifetime-Amsi-EtwPatch : Disabling PowerShell’s AMSI And ETW Protections

December 18, 2024

In "Hacking Tools"

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.