py-amsi is a library that scans strings or files for malware using the Windows Antimalware Scan Interface (AMSI) API. AMSI is an interface native to Windows that allows applications to ask the antivirus installed on the system to analyse a file/string. AMSI is not tied to Windows Defender. Antivirus providers implement the AMSI interface to receive calls from applications. This library takes advantage of the API to make antivirus scans in python. Read more about the Windows AMSI APIĀ here.
Via pip
pip install pyamsi
Clone repository
git clone https://github.com/Tomiwa-Ot/py-amsi.git
cd py-amsi/
python setup.py install
Usage
from pyamsi import Amsi
# Scan a file
Amsi.scan_file(file_path, debug=True) # debug is optional and False by default
# Scan string
Amsi.scan_string(string, string_name, debug=False) # debug is optional and False by default
# Both functions return a dictionary of the format
# {
# 'Sample Size' : 68, // The string/file size in bytes
# 'Risk Level' : 0, // The risk level as suggested by the antivirus
# 'Message' : 'File is clean' // Response message
# }
Thanks for HIBP and this downloader. At first I was considering using it, but the…
Comprehensive repository for presentation slides from major cybersecurity conferences held in 2023 and 2024. It…
Generate a proxy dll for arbitrary dll, while also loading a user-defined secondary dll. In…
DLL Universal Patcher is a flexible and convenient code patcher that doesn't touch the files…
RustiveDump is a Rust-based tool designed to dump the memory of the lsass.exe process using…
This C# program finds Windows Defender folder exclusions using Windows Defender through its command-line tool…