AmsiScanner.Common 2.3.2

.NET 6.0 This package targets .NET 6.0. The package is compatible with this framework or higher.
There is a newer version of this package available.
See the version list below for details. 
dotnet add package AmsiScanner.Common --version 2.3.2
                    


                    

                
NuGet\Install-Package AmsiScanner.Common -Version 2.3.2
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="AmsiScanner.Common" Version="2.3.2" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="AmsiScanner.Common" Version="2.3.2" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="AmsiScanner.Common" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add AmsiScanner.Common --version 2.3.2
                    


                    

                
#r "nuget: AmsiScanner.Common, 2.3.2"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package AmsiScanner.Common@2.3.2
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=AmsiScanner.Common&version=2.3.2
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=AmsiScanner.Common&version=2.3.2
                    


                            Install as a Cake Tool

AmsiScanner.Common

Scan files with the Anti-Malware Scan Interface (AMSI) and minimize malicious text files and PowerShell scripts to see what the Antivirus is flagging as malicious.

Features:

  • Scan binary and text files with the installed AV to see if they are malicious.
  • Find the smallest subset of text that is still flagged as malicious by the installed AV.
  • Find the smallest subset of PowerShell tokens that are still flagged as malicious by the installed AV.
  • Encrypt files to mitigate accidental exection and detection by the installed AV.
  • Read files encrypted with this utility.

Dependencies

  • Windows 10+
  • .NET 6.0

Project Url

Please see the site below for more examples and documentation.

https://practicalsecurityanalytics.com/home/tools/amsiscanner/

AmsiScanner.Common Usage

Scan a File

Any type of file can be scanned with AmsiScanner; however, the type of text encoding may cause issues with some Antivirus engines. By default, Unicode encoding is used for text like files.

Example

using AmsiScanner.Common;

namespace FileScanner {

    internal class Program {
        /// <summary>
        /// Example command: .\FileScanner.exe ".\test-file.bin"
        /// </summary>
        /// <param name="args"></param>
        public static void Main(string[] args) {
            //This method will read from files encrypted with this library, single files in a zip file, or plain files
            byte[] contents = Utility.ReadAllBytes(args[0]);

            //Initialize an AmsiSession to the installed AV
            AmsiResult result = default;
            using (AmsiSession session = new AmsiSession()) {
                //If file contains text, scan it using Unicode
                //I've noted that malicious PowerShell scripts won't match Windows Defender signatures
                //we don't use this ScanString method. If we just scan the raw bytes, then if the file was
                //encoded with anything other than Unicode, then signatures will not match.
                string text;
                if (Utility.TryGetText(contents, out text)) {
                    //Scan text in Unicode format
                    result = session.ScanString(text);
                } else {
                    //Scan the raw bytes
                    result = session.ScanData(contents);
                }
            }

            //Print the results
            Console.WriteLine(result);
        }
    }
}
Product Compatible and additional computed target framework versions.
.NET net6.0 is compatible.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 was computed.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 was computed.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 was computed.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 was computed.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
2.3.5 429 10/14/2023
2.3.4 469 11/25/2022
2.3.3 444 11/25/2022
2.3.2 452 11/21/2022
2.3.1 450 11/16/2022
2.3.0 600 8/14/2022
2.2.0 595 8/14/2022
2.1.0 544 7/16/2022
2.0.0 567 6/28/2022