__ _
_ __ _ _ / _|_ _ ___ __ __ _| |_ ___ _ _
| '_ \ || | _| || (_-</ _/ _` | _/ _ \ '_|
| .__/\_, |_| \_,_/__/\__\__,_|\__\___/_|
|_| |__/
A powerful code obfuscation tool that transforms your source code into a difficult-to-understand form while preserving its full functionality.
PyFuscator is designed for security professionals, Red Teamers, and penetration testers who need to bypass detection mechanisms and protect their operational code. The tool supports both Python and PowerShell languages and applies common obfuscation techniques to evade security controls while maintaining full code functionality.
- Red Team Operations - Obfuscate payload delivery mechanisms to bypass detection
- Penetration Testing - Modify security testing scripts to avoid triggering defensive measures
- Command & Control - Disguise C2 communications and operational scripts
- OPSEC Enhancement - Protect operational security by making code analysis more difficult
- AV/EDR Evasion - Modify script signatures to bypass antivirus and endpoint detection
- Custom Implant Development - Create hard-to-analyze persistence mechanisms
- String Encryption - Encrypts string literals with base64 encoding
- Variable Renaming - Transforms variable, function, and class names into meaningless random strings
- Import Obfuscation - Hides and manipulates import statements
- Junk Code Insertion - Adds random non-functional code
- Dynamic Function Execution - Wraps function bodies with dynamic execution to hide logic
- Comment Removal - Strips all comments and docstrings from the code
- String Obfuscation - Encrypts string literals with various techniques
- Identifier Renaming - Transforms variable and function names into random strings
- Command Tokenization - Breaks PowerShell commands into obfuscated tokens
- Junk Code Insertion - Adds random non-functional code
- .NET Method Obfuscation - Uses .NET methods to obfuscate operations
- SecureString Obfuscation - Leverages PowerShell SecureString for added security
- ADS Storage - Hides scripts in Alternate Data Streams
- Comment Removal - Strips all comments from the code
# Install from PyPI (currently not supported)
pip install pyfuscator
# Or install from source
git clone https://github.com/spiegelin/pyfuscator.git
cd pyfuscator
pip install .If you don't want to install the package, you can use the included wrapper script:
# Clone the repository
git clone https://github.com/spiegelin/pyfuscator.git
cd pyfuscator
# Run directly using the wrapper script
python pyfuscator.py [options] input_file output_filePyFuscator provides language-specific commands to handle different obfuscation techniques:
# Python obfuscation
pyfuscator python input.py output.py
# PowerShell obfuscation
pyfuscator powershell input.ps1 output.ps1pyfuscator python [OPTIONS] INPUT_FILE OUTPUT_FILEOptions:
| Option | Description |
|---|---|
-r, --remove-comments |
Remove comments from the code (enabled by default) |
-j, --junk-code N |
Insert N random junk statements |
-o, --obfuscate-imports |
Obfuscate import statements and their references |
-i, --identifier-rename |
Rename variables, functions and class names |
-d, --dynamic-exec |
Wrap function bodies with dynamic execution |
-s, --encrypt-strings |
Encrypt string literals with base64 encoding |
-e, --encrypt N |
Apply N layers of encryption (0-5) |
-a, --all |
Apply all obfuscation techniques except encryption |
-v, --verbose |
Show detailed logs and statistics during obfuscation |
pyfuscator powershell [OPTIONS] INPUT_FILE OUTPUT_FILEOptions:
| Option | Description |
|---|---|
-r, --remove-comments |
Remove comments from the code (enabled by default) |
-j, --junk-code N |
Insert N random junk statements |
-c, --tokenize-commands |
Tokenize and obfuscate PowerShell commands |
-i, --identifier-rename |
Rename variables and functions |
-d, --dotnet-methods |
Use .NET methods for obfuscation |
-s, --secure-strings |
Use SecureString for string obfuscation |
-sd, --string-divide |
Divide strings into concatenated parts |
-e, --encrypt |
Encrypt the entire script with SecureString |
-b, --base64 |
Encode individual commands with Base64 |
--base64-full |
Encode the entire script with Base64 |
--ads |
Store scripts in Alternate Data Streams (Windows only) |
-l, --lower-entropy |
Apply entropy reduction techniques |
-a, --all |
Apply all PowerShell obfuscation techniques except full script encryption |
-v, --verbose |
Show detailed logs and statistics during obfuscation |
Here are some examples of PyFuscator usage:
# Basic Python obfuscation with identifier renaming and 2 encryption layers
pyfuscator python -i -e 2 input.py output.py
# Maximum Python obfuscation with all features enabled
pyfuscator python -a -e 3 input.py output.py
# Basic PowerShell obfuscation with identifier renaming
pyfuscator powershell -i input.ps1 output.ps1
# Maximum PowerShell obfuscation with all techniques
pyfuscator powershell -a input.ps1 output.ps1
# Apply verbose logging for detailed information
pyfuscator python -v -a input.py output.pyOriginal code:
import numpy as np
def calculate_sum(a, b):
"""Add two numbers and return the result."""
return a + b
result = calculate_sum(10, 20)
print("The result is:", result)Obfuscated code (with all techniques, except encryption):
if False:
oOxKjDI4 = 91
if False:
uu2l8rv2 = 69
XKcjzGSc = __import__(__import__(__import__('base64').b64decode('YmFzZTY0').decode()).b64decode(__import__('base64').b64decode('Ym5WdGNIaz0=').decode()).decode(__import__('base64').b64decode('dXRmLTg=').decode()))
def t25nFf8z(b6WJkQlT, TNe39vUg):
if (1 > 100):
'This code will never execute'
def rioand():
return (b6WJkQlT + TNe39vUg)
pebpvz = rioand()
return pebpvz
dmAHLkYI = t25nFf8z(10, 20)
print(__import__('base64').b64decode('VGhlIHJlc3VsdCBpczo=').decode(), dmAHLkYI)
ZDYS0AJO = __import__('base64').b64decode('bE12NzE=').decode()
try:
sq5aKGpR = True
except Exception:
sq5aKGpR = False
fPISuYlv = (__import__('base64').b64decode('bk9vcw==').decode() + __import__('base64').b64decode('ZnQ0Uw==').decode())Original code:
function Get-Hello {
param(
[string]$Name = "World"
)
# Return a greeting
return "Hello, $Name!"
}
Get-HelloObfuscated code (with all techniques):
function DafpOwV0 {
param(
[Parameter(Mandatory=$false)]
[string]$eEy82 = [char[]](87)-join''+"o"+"r"+"l"+"d"
)
(& {
$data = [System.Convert]::FromBase64String('SABlAGwAbABvACwAIAAkAGUARQB5ADgAMgAhAA==');
$ms = New-Object System.IO.MemoryStream;
$ms.Write($data, 0, $data.Length);
$ms.Seek(0,0) | Out-Null;
$sr = New-Object System.IO.StreamReader($ms, [System.Text.Encoding]::Unicode);
$decoded = $sr.ReadToEnd();
Invoke-Expression $decoded
})
}
# Junk code
$jMip4 = 'BxAjc4Tg'
$Cd9bR = @{ Q7M40 = 13; iYZkq = 'mG5uujDX'; puhpL = $false; t7OkX = 'mG5uujDX' }
if ($r08HF -le 67) { $asfoo = $true }
# Tokenized and obfuscated command invocation
(& {$p0='Inv';$p1='oke-';$p2='Expr';$p3='essi';$p4='on';$p0+$p1+$p2+$p3+$p4}) "DafpOwV0"- Comment Removal: Strips all comments and docstrings from the code.
- Junk Code Insertion: Adds random, non-functional code to obscure the original logic.
- Import Obfuscation (Python) / Command Tokenization (PowerShell): Hides and manipulates import statements or command names.
- Identifier Renaming: Changes all variable, function, and class names to random strings.
- String Encryption: Encrypts string literals using various techniques.
- Dynamic Function Execution (Python) / .NET Method Obfuscation (PowerShell): Wraps function bodies or operations with obfuscated execution methods.
- Lower Entropy (PowerShell): Reduces the entropy of the script by adding random spacing, command substitution with aliases, and reordering non-critical parts.
- ADS Storage (PowerShell, Windows only): Stores the script in Alternate Data Streams for additional stealth.
- Layer Encryption: Applies multiple layers of encryption to the entire script (if specified).
- The obfuscated code will run slower than the original due to the added complexity
- Obfuscated code looks suspicious and may be flagged by security tools
- Comment removal is applied by default but can also be explicitly specified with
-r - Excessive encryption layers can significantly increase code size and runtime
PyFuscator provides a layer of protection against static analysis, signature-based detection, and reverse engineering attempts. However, it's important to understand that:
- Obfuscation is not encryption - a determined analyst may still be able to recover the original logic
- The tool is designed to make reverse engineering difficult, not impossible
- For maximum security, combine code obfuscation with other evasion mechanisms
- Always use this tool in accordance with proper authorization and legal compliance
- Evasion Testing - Evaluate security product effectiveness against obfuscated malicious code
- Red Team Campaigns - Protect custom tooling during adversary emulation exercises
- Security Research - Study obfuscation techniques and develop improved detection methods
- Tool Protection - Prevent unauthorized analysis of proprietary security tools
- Tradecraft Development - Research and enhance code protection techniques
This tool is intended for legitimate security professionals conducting authorized testing activities. The authors do not endorse or support illegal or unauthorized use. Always:
- Ensure proper authorization before deploying obfuscated code
- Follow responsible disclosure practices
- Comply with all applicable laws and regulations
- Use this tool as part of a comprehensive security program
This project is licensed under the MIT License - see the LICENSE file for details.
Contributions are welcome! Please feel free to submit a Pull Request.
If you have any questions or feedback, please open an issue on GitHub.
If you find this project useful, please star it on GitHub!