PowerChunker is tool designed to Bypass AMSI via PowerShell by splitting a file into multiple chunks. In a post on my blog, I discuss how malicious powershell scripts can evade detection by AMSI if they're run line-by-line, or in chunks. I've included Rasta-mouse's AmsiScanBuffer patch as a PoC to demonstrate how PowerChunker can automate this process to make a detected bypass execute without the need for obfuscation.

PowerChunker.py has no dependencies other than python3. The -s,--serve flag can be provided if the user wants to host the attack from the current server. Otherwise, all .ps1 files that are generated by this script must be transfered over to the web server that will serve them.

usage: PowerChunker.py [-h] [-s] [-o stager.ps1] file host

Split a powershell script to evade detection!

positional arguments:
  file                  Name of powershell script to chunk
  host                  Domain Name or IP Address of host that will serve
                        stager

optional arguments:
  -h, --help            show this help message and exit
  -s, --serve           Start HTTP Server to host stager (Optional)
  -o stager.ps1, --out stager.ps1
                        Name of final stager (Optional)

See below for an example usage of the script: