Python module for obfuscation classification in command line executions

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for wtang06 from gravatar.com wtang06

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License
  • Author: Wilson Tang
  • Requires: Python >=3.10
Classifiers
Report project as malware

Project description

Command Obfuscation Detection

This project currently only supports cmd.exe command obfuscation detection on Windows. In a previous iteration of this project, we used deep learning. Now, we have shifted the approach towards XGBoost instead.

Quick Installation

You can install our package through pip!

pip install obfuscation-detection

This is a basic usage of our package:

from obfuscation_detection import ObfuscationDetectionClassifier

model = ObfuscationDetectionClassifier()
commands = ['cmd.exe /c "echo Invoke-DOSfuscation"',
            'cm%windir:~ -4, -3%.e^Xe,;^,/^C",;,S^Et ^^o^=fus^cat^ion&,;,^se^T ^ ^ ^B^=o^ke-D^OS&&,;,s^Et^^ d^=ec^ho I^nv&&,;,C^Al^l,;,^%^D%^%B%^%o^%"',
            'cat /etc/passwd']
y = model.predict(commands)
y_prob = model.predict_proba(commands)

# 1 is obfuscated, 0 is non-obfuscated
print(y) # [0, 1, 0]
print(y_prob)

Usage

  1. Install python dependencies: pip install -r requirements.txt

  2. For quick usage, give a .csv file with column commands and you can run the commands through the model: python obfuscation_detection/main.py --filename commands.csv

  3. You can also write your own scripts to use the model class directly: python obfuscation_detection/model.py

Contributing

Contributions are welcomed! Read the Contributing Guide for more information.

Licensing

This project is licensed under the Apache V2 License. See LICENSE for more information.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for wtang06 from gravatar.com wtang06

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License
  • Author: Wilson Tang
  • Requires: Python >=3.10
Classifiers

Release history Release notifications | RSS feed

This version

1.0.0

0.7.2

0.7.1

0.7

0.6

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

obfuscation_detection-1.0.0.tar.gz (30.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

obfuscation_detection-1.0.0-py3-none-any.whl (29.4 kB view details)

Uploaded Python 3

File details

Details for the file obfuscation_detection-1.0.0.tar.gz.

File metadata

  • Download URL: obfuscation_detection-1.0.0.tar.gz
  • Upload date:
  • Size: 30.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.13.2

File hashes

Hashes for obfuscation_detection-1.0.0.tar.gz
Algorithm Hash digest
SHA256 5dd63ea8102aea818de431ba39f6756927825aac1bde7c734d9ed8b0eb9b0fff
MD5 a6ff126f319cc9a50b2e6a827c14a697
BLAKE2b-256 9a4739b4131bc27ba4816387e910746fd52d0229549e08117e8678c780dc767c

See more details on using hashes here.

File details

Details for the file obfuscation_detection-1.0.0-py3-none-any.whl.

File metadata

File hashes

Hashes for obfuscation_detection-1.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 ffa5c2c2641775d34743732fa535715a4451ed9a7767f239de4e278885d8dded
MD5 f17b769adb4902ffbb2584c4e4cafafd
BLAKE2b-256 a8adc0a302eb8aaa29d4d4a9b28e0bdc16452749d539a06ee97be148fb085f3f

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page