`Pkg.PowerShellBeautifier` — API for deobfuscating Microsoft PowerShell scripts¶

Overview¶

The Pkg.PowerShellBeautifier module contains the API for deobfuscating Microsoft PowerShell scripts.

Beautifying a PowerShell Script¶

The following code example demonstrates how to beautify a PowerShell script:

from Pkg.PowerShellBeautifier import *

script = r"""$A = get-childitem c:\temp

$B = gET-cHILDITEM c:\temp

$C = get-conTENT c:\temp\asdf.txt

$D = DIR C:\

iF (1 -eq 1) {
    Write-hOSt "hi"
}
"""

bt = PowerShellBeautifier()
bt.deobfuscate_code = True
bt.keep_comments = True
bt.name_variables = True
bt.remove_unused_variables = True
bt.replace_variables = True

output = bt.beautify(script, "text")
print(output)

Module API¶

Pkg.PowerShellBeautifier module API.

Classes:

PowerShellBeautifier()

Beautifier for PowerShell scripts.

class PowerShellBeautifier¶

Beautifier for PowerShell scripts.

Methods:

beautify(script[, fmt])

Beautifies the input script.

Attributes:

deobfuscate_code

If True, deobfuscates the code.

indent_spaces

The amount of indentation spaces.

keep_comments

If True, keeps the comments in the code.

name_variables

If True, automatically names variables.

remove_unused_variables

If True, removes unused variables in the code.

replace_variables

If True, replaces the variables in the code.

theme

The Pro.UI.ProTheme instance to be used to colorize the code.

beautify(script: str, fmt: str = 'lines') → Optional[Union[str, Pro.Core.NTByteArrayList]]¶

Beautifies the input script.

Parameters

script (str) – The script to beautify.

fmt (str) – The output format. Can be either "text" or "lines".

Returns

Returns the beautified code either as a string or as a Pro.Core.NTByteArrayList instance if successful; otherwise returns None.

Return type

Optional[Union[str, NTByteArrayList]]

deobfuscate_code¶

If True, deobfuscates the code.

indent_spaces¶

The amount of indentation spaces.

keep_comments¶

If True, keeps the comments in the code.

name_variables¶

If True, automatically names variables.

remove_unused_variables¶

If True, removes unused variables in the code.

replace_variables¶

If True, replaces the variables in the code.

theme¶

The Pro.UI.ProTheme instance to be used to colorize the code. Colors are only used when the ‘fmt’ parameter in beautify() is set to "lines".