This package implements an encoding to bypass entropy antivirus check.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for MauriceLambert from gravatar.com MauriceLambert

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU General Public License v3 or later (GPLv3+) (GPL-3.0 License)
  • Author: Maurice Lambert
  • Maintainer: Maurice Lambert
  • Tags entropy, antivirus-bypass, payload-encoding, encoding, malware
  • Requires: Python >=3.8
Classifiers

Project description

EntropyEncoding logo

EntropyEncoding

Description

This package implements an encoding to bypass entropy antivirus check.

I have researched about entropy bypass techniques and found people who use adding low-entropy data to bypass entropy check. I think adding data can be optimized and more efficient with a simple entropy encoding to reduce entropy score.

Adding low-entropy data:

  1. you get a larger file
  2. you do not change payload entropy (if the antivirus software splits the file for entropy calculation, it will probably have high entropy on a payload chunk)

Requirements

This package require:

  • python3
  • python3 Standard Library

Installation

python3 -m pip install EntropyEncoding

git clone "https://github.com/mauricelambert/EntropyEncoding.git"
cd "EntropyEncoding"
python3 -m pip install .

Usages

from EntropyEncoding import *

print(shannon_entropy(b"shellcode_payload"))
encoded_shellcode = entropy_encode(b"shellcode_payload")
print(encoded_shellcode)

entropy_decode(encoded_shellcode) == b"shellcode_payload"

print(shannon_entropy(encoded_shellcode))

Tests results:

~# python3 EntropyEncoding.py
Entropy for non-encoded secrets: 4.521591372417719
Entropy for non-encoded encrypted secrets: 7.951320327821406
Entropy for entropy-encoded encrypted secrets: 5.774096152750044
Entropy for non-encoded exe: 5.22055339277441
Entropy for non-encoded encrypted exe: 7.914685739354301
Entropy for entropy-encoded encrypted exe: 5.759477906043907
~#

Links

License

Licensed under the GPL, version 3.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for MauriceLambert from gravatar.com MauriceLambert

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU General Public License v3 or later (GPLv3+) (GPL-3.0 License)
  • Author: Maurice Lambert
  • Maintainer: Maurice Lambert
  • Tags entropy, antivirus-bypass, payload-encoding, encoding, malware
  • Requires: Python >=3.8
Classifiers

Release history Release notifications | RSS feed

0.0.5

0.0.4

This version

0.0.3

0.0.2

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

EntropyEncoding-0.0.3.tar.gz (29.5 kB view details)

Uploaded Source

File details

Details for the file EntropyEncoding-0.0.3.tar.gz.

File metadata

  • Download URL: EntropyEncoding-0.0.3.tar.gz
  • Upload date:
  • Size: 29.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.11.4

File hashes

Hashes for EntropyEncoding-0.0.3.tar.gz
Algorithm Hash digest
SHA256 a788e6537e504b403d2dc6ee3a277f2d207bd39f945f405e1ca10a050c642c6b
MD5 23484c8787b87eea323301392fb794a9
BLAKE2b-256 5109465773d2857194d1522b8075991f4ea53a091cc4690c7ae87fbb0b0b3232

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page