GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → atxsinn3r → Amsiscanner

atxsinn3r / Amsiscanner

Licence: bsd-3-clause
A C/C++ implementation of Microsoft's Antimalware Scan Interface

Programming Languages

cpp
1120 projects

Labels

windowsmalwaremetasploit

Projects that are alternatives of or similar to Amsiscanner

Xeexe Topantivirusevasion
Undetectable & Xor encrypting with custom KEY (FUD Metasploit Rat) bypass Top Antivirus like BitDefender,Malwarebytes,Avast,ESET-NOD32,AVG,... & Automatically Add ICON and MANIFEST to excitable
Stars: ✭ 387 (+188.81%)
Mutual labels:  malware, metasploit
MsfMania
Python AV Evasion Tools
Stars: ✭ 388 (+189.55%)
Mutual labels:  malware, metasploit
trolo
trolo - an easy to use script for generating Payloads that bypasses antivirus
Stars: ✭ 45 (-66.42%)
Mutual labels:  malware, metasploit
Hacktheworld
An Python Script For Generating Payloads that Bypasses All Antivirus so far .
Stars: ✭ 527 (+293.28%)
Mutual labels:  malware, metasploit
Deathransom
A ransomware developed in python, with bypass technics, for educational purposes.
Stars: ✭ 126 (-5.97%)
Mutual labels:  malware
Hosts Blocklists
Automatically updated, moderated and optimized lists for blocking ads, trackers, malware and other garbage
Stars: ✭ 1,749 (+1205.22%)
Mutual labels:  malware
Flashmingo
Automatic analysis of SWF files based on some heuristics. Extensible via plugins.
Stars: ✭ 115 (-14.18%)
Mutual labels:  malware
Block
Let's make an annoyance free, better open internet, altogether!
Stars: ✭ 1,849 (+1279.85%)
Mutual labels:  malware
Threadboat
Program Uses Thread Execution Hijacking To Inject Native Shell-code Into a Standard Win32 Application
Stars: ✭ 132 (-1.49%)
Mutual labels:  malware
Penta
Open source all-in-one CLI tool to semi-automate pentesting.
Stars: ✭ 130 (-2.99%)
Mutual labels:  metasploit
Mba
Malware Behavior Analyzer
Stars: ✭ 125 (-6.72%)
Mutual labels:  malware
Ratel
RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software.
Stars: ✭ 121 (-9.7%)
Mutual labels:  malware
Mass Rat
Basic Multiplatform Remote Administration Tool - Xamarin
Stars: ✭ 127 (-5.22%)
Mutual labels:  malware
Www.rootkit.com
www.rootkit.com users section mirror, sql database dump, and a few other files/rootkits.
Stars: ✭ 117 (-12.69%)
Mutual labels:  malware
Ergo Pe Av
🧠 🦠 An artificial neural network and API to detect Windows malware, based on Ergo and LIEF.
Stars: ✭ 130 (-2.99%)
Mutual labels:  malware
Awesome Hacking
Awesome hacking is an awesome collection of hacking tools.
Stars: ✭ 1,802 (+1244.78%)
Mutual labels:  malware
The Big List Of Hacked Malware Web Sites
This repository contains a list of all web sites I come across that are either hacked with or purposefully hosting malware, ransomware, viruses or trojans.
Stars: ✭ 125 (-6.72%)
Mutual labels:  malware
Backdoor Apk
backdoor-apk is a shell script that simplifies the process of adding a backdoor to any Android APK file. Users of this shell script should have working knowledge of Linux, Bash, Metasploit, Apktool, the Android SDK, smali, etc. This shell script is provided as-is without warranty of any kind and is intended for educational purposes only.
Stars: ✭ 1,766 (+1217.91%)
Mutual labels:  metasploit
Pakuri
Penetration test Achieve Knowledge Unite Rapid Interface
Stars: ✭ 125 (-6.72%)
Mutual labels:  metasploit
Msploitego
Pentesting suite for Maltego based on data in a Metasploit database
Stars: ✭ 124 (-7.46%)
Mutual labels:  metasploit
View All Similar Projects ➔

AMSI Scanner

A C/C++ implementation of Microsoft's Antimalware Scan Interface.

Requirements

Before you compile, there are a couple of things needed, such as the amsi.h header file, and amsi.lib. This repository includes all that, but in case you are curious where they can be found, go ahead and download the Windows 10 SDK:

https://developer.microsoft.com/en-us/windows/downloads/windows-10-sdk

And then you will be able to find the header file in this location:

C:\Program Files (x86)\Windows Kits\10\Include\10.0.16299.0\um\amsi.h

The amsi.lib file is shipped in two versions, x64 and x86:

  • C:\Program Files (x86)\Windows Kits\10\Lib\10.0.16299.0\um\x86\amsi.lib
  • C:\Program Files (x86)\Windows Kits\10\Lib\10.0.16299.0\um\x64\amsi.lib

Compile

To compile, download Visual Studio (I used VS 2013, because Metasploit uses this version to compile Meterpreter):

https://www.visualstudio.com/downloads/

Go ahead and open the Developer Command Prompt, and then do this to compile:

cl.exe /MT /EHa amsiscanner.cpp

And then you will have a amsiscanner.exe.

Usage

To use this tool, simply provide the file name you wish you scan like this:

amsiscanner.exe C:\Users\bob\Desktop\example.exe

If you don't provide a file name, then amsiscanner.exe will scan an EICAR string (a special string value that is used to test AV engines, but completely harmless).

Demonstration

C:\Users\sinn3r\Desktop>amsiscanner.exe C:\Users\sinn3r\Desktop\AMSI_Detectables\Win32.VBS.APT34Dropper
Sample size: 9141 bytes
Malware detected: C:\Users\sinn3r\Desktop\AMSI_Detectables\Win32.VBS.APT34Dropper
Risk level = 32768 (File is considered malware)
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].