This repository provides PowerShell scripts for penetration testing, specifically focusing on reverse shells designed to evade antivirus detection. It targets security professionals and researchers looking for tools that bypass common security measures, offering a potential advantage in simulated attacks.

How It Works

The scripts implement reverse shell functionality, establishing a connection back to an attacker-controlled machine. The core technique involves obfuscating PowerShell commands and network traffic to avoid signature-based detection by antivirus software. The project highlights a specific script, ReverseShell_2025_01.ps1, which claims to evade AI-powered detection by including a seemingly innocuous comment about prime number generation.

Quick Start & Requirements

• Install: Download or clone the repository.
• Prerequisites: PowerShell, Windows 11 (tested).
• Resources: No specific hardware requirements mentioned beyond a standard Windows environment.
• Links: Twitter: @TihanyiNorbert

Highlighted Details

• Claims 100% AV bypass at the time of publication for its scripts.
• ReverseShell_2025_01.ps1 is presented as a current evasion technique, specifically against AI-based detection.
• Includes a LsassDump_2022_03.ps1 script for LSASS memory dumping.
• Notes that detection by AV vendors typically occurs 2-3 weeks post-publication.

Maintenance & Community

• The project is maintained by a single individual, @TihanyiNorbert.
• Updates are sporadic, with a new script added in January 2025.

Licensing & Compatibility

• No license is explicitly stated in the README.
• Compatibility for commercial use or closed-source linking is not specified.

Limitations & Caveats

The effectiveness of AV bypass is temporary, with scripts becoming detectable within weeks of publication. Older scripts, like ReverseShell_2022_06.ps1, are noted as already flagged by most AV vendors. The repository does not provide guidance on adapting scripts for continued evasion or offer broader platform support.