AMSITrigger v3

Hunting for Malicious Strings

Usage:

-i, -inputfile=VALUE       Powershell filename
-u, -url=VALUE             URL eg. https://10.1.1.1/Invoke-NinjaCopy.ps1
-f, -format=VALUE          Output Format:
                              1 - Only show Triggers
                              2 - Show Triggers with Line numbers
                              3 - Show Triggers inline with code
                              4 - Show AMSI calls (xmas tree mode)
-d, -debug                 Show Debug Info
-p, -pause=VALUE           Pause after displaying VALUE triggers  
-m, -maxsiglength=VALUE    Maximum signature Length to cater for,
                              default=2048
-c, -chunksize=VALUE       Chunk size to send to AMSIScanBuffer,
                              default=4096
-h, -?, -help              Show Help

For details see https://www.rythmstick.net/posts/amsitrigger

Name		Name	Last commit message	Last commit date
Latest commit History 72 Commits
AMSITrigger		AMSITrigger
.gitattributes		.gitattributes
.gitignore		.gitignore
AmsiTrigger.sln		AmsiTrigger.sln
LICENSE		LICENSE
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

AMSITrigger v3

Hunting for Malicious Strings

Usage:

About

Uh oh!

Releases 1

Packages

Uh oh!

Contributors 3

Languages

License

RythmStick/AMSITrigger

Folders and files

Latest commit

History

Repository files navigation

AMSITrigger v3

Hunting for Malicious Strings

Usage:

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases 1

Packages 0

Uh oh!

Contributors 3

Languages

Packages