•        116

This project show how create your own obfuscator for application .net, as a protection source code



Related Projects

Obfuscar, The Open Source Obfuscator for .NET Applications

  •    DotNet

Obfuscar is an open source .NET obfuscator released under MIT license. It provides basic obfuscation features that help secure secrets in a .NET assembly.

cecil - Cecil is a library to inspect, modify and generate .NET programs and libraries.

  •    CSharp

Mono.Cecil is a library to generate and inspect programs and libraries in the ECMA CIL form.Cecil has been around since 2004 and is widely used in the .NET community.



AssemblyTransformer is a tool for modifying .NET assemblies using Mono Cecil. It handles the entire transformation process including strong name signing and offers a simple command-line interface and a basic framework for creating and configuring specific transformations.


  •    DotNet

ImmDoc .NET is a command-line utility for generating HTML documentation from a set of .NET assemblies and XML files created by the compiler. It's developed in C#.

Reflection Studio


Reflection Studio is a development tool that encapsulate all my work around reflection, performance and WPF. It allows to inject performance traces into any NET software, get them back for analyse and reporting.

Revoke-Obfuscation - PowerShell Obfuscation Detection Framework

  •    PowerShell

Revoke-Obfuscation is a PowerShell v3.0+ compatible PowerShell obfuscation detection framework. In the Fall of 2016 and Spring of 2017, Daniel Bohannon (@danielhbohannon) released Invoke-Obfuscation and Invoke-CradleCrafter, two open-source PowerShell obfuscation frameworks. The goal of this research and these frameworks was to highlight the limitations of a purely signature-based approach to detecting attackers' usage of PowerShell. The core message to defenders has been to focus on detecting Indicators of Obfuscation in addition to known suspicious syntax.

Invoke-DOSfuscation - Cmd.exe Command Obfuscation Generator & Detection Test Harness

  •    PowerShell

Over the past several years as an Incident Response consultant I have witnessed a myriad of obfuscation and evasion techniques employed by several threat actors. Some of these techniques are incredibly complex while others are tastefully simple, but both categories are employed to evade detection. In my experience, I have found APT32 and FIN7 to pull out the most alluring obfuscation techniques and their creativity is noteworthy. In June 2017 after a slew of incremental command line obfuscation techniques, FIN7 used an environment variable string substitution capability native to cmd.exe that at the time I did not know even existed. Spurred by this discovery I co-authored a blog post with Nick Carr (@ItsReallyNick) called Obfuscation in the Wild: Targeted Attackers Lead the Way in Evasion Techniques where we highighted numerous groups' obfuscation techniques we identified in the wild.

obfusion - Obfusion - C++ X86 Code Obfuscation Library

  •    C++

This library handles obfuscation of assembled X86 machine code in order to make it harder to read and analyze during the reverse engineering process. Should work very well with obfuscating shellcode that is later embedded with executable files. If shellcode is known to security products, the obfuscation process should make it bypass any signature detection scans.


  •    CSharp

Dafuscator is a database data obfuscation system that allows you to tactically obfuscate or delete data out of your production database while leaving most of the data intact.

gohop - A VPN implemention in golang, with crypto and obfuscation in nature.

  •    Shell

GoHop is a VPN implemented in golang, with innate encryption and obfuscation. The goal of this project is to escape from censorship and intelligent package inspection. There're already lots of VPN solutions like OpenVPN, L2TP with IPSec, PPTP and other commercial VPNs. But one key problem of these VPNs are that they're only built for anti-censorship instead of anti-GFW, of course, because their developers are not Chinese.

optimus - 🤖 Id obfuscation based on Knuth's multiplicative hashing method for PHP.

  •    PHP

With this library, you can transform your internal id's to obfuscated integers based on Knuth's integer hash. It is similar to Hashids, but will generate integers instead of random strings. It is also super fast.

Invoke-CradleCrafter - PowerShell Remote Download Cradle Generator & Obfuscator

  •    PowerShell

Invoke-CradleCrafter is a PowerShell v2.0+ compatible PowerShell remote download cradle generator and obfuscator. In the Fall of 2016 after releasing Invoke-Obfuscation, I continued updating my spreadsheet of PowerShell remote download cradles thinking that one day I might add a "cradle selector" menu into Invoke-Obfuscation. This list consisted of cradles that were obscure to me, and many of which were not prevelently (or at all) being observed in the wild.

Invoke-Obfuscation - PowerShell Obfuscator

  •    PowerShell

Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator. In the Fall of 2015 I decided to begin researching the flexibility of PowerShell's language and began cataloguing the various ways to accomplish a handful of common techniques that most attackers use on a regular basis.

obfuscar - Open source obfuscation tool for .NET assemblies

  •    CSharp

The project logo cames from Legendora Icon by Teekatas Suwannakrua. Maintained and supported by LeXtudio.

SpookFlare - Loader, dropper generator with multiple features for bypassing client-side and network-side countermeasures

  •    Python

SpookFlare has a different perspective to bypass security measures and it gives you the opportunity to bypass the endpoint countermeasures at the client-side detection and network-side detection. SpookFlare is a loader/dropper generator for Meterpreter, Empire, Koadic etc. SpookFlare has obfuscation, encoding, run-time code compilation and character substitution features. So you can bypass the countermeasures of the target systems like a boss until they "learn" the technique and behavior of SpookFlare payloads. Special thanks to the following projects and contributors.

mono-tools - The mono-tools package contains a series of extra tools for Mono users.

  •    CSharp

The mono-tools package contains a series of extra tools for Mono users.

Just-Metadata - Just-Metadata is a tool that gathers and analyzes metadata about IP addresses

  •    Python

Just-Metadata is a tool that can be used to gather intelligence information passively about a large number of IP addresses, and attempt to extrapolate relationships that might not otherwise be seen. Just-Metadata has "gather" modules which are used to gather metadata about IPs loaded into the framework across multiple resources on the internet. Just-Metadata also has "analysis" modules. These are used to analyze the data loaded Just-Metadata and perform various operations that can identify potential relationships between the loaded systems. Just-Metadata will allow you to quickly find the Top "X" number of states, cities, timezones, etc. that the loaded IP addresses are located in. It will allow you to search for IP addresses by country. You can search all IPs to find which ones are used in callbacks as identified by VirusTotal. Want to see if any IPs loaded have been documented as taking part of attacks via the Animus Project, Just-Metadata can do it.

mono - Mono open source ECMA CLI, C# and .NET implementation.

  •    CSharp

Mono is a software platform designed to allow developers to easily create cross platform applications. It is an open source implementation of Microsoft's .NET Framework based on the ECMA standards for C# and the Common Language Runtime.Please see our guides for building Mono on Mac OS X, Linux and Windows.

QtSharp - Mono/.NET bindings for Qt

  •    CSharp

This project aims to create Mono/.NET libraries that wrap Qt ( thus enabling its usage through C#. It relies on the excellent CppSharp ( It is a generator that expects the include and library directories of a Qt set-up and then generates and compiles the wrappers. While still in development, it should work with any Qt version when complete. There is no Qt included in the repository, users have to download and install Qt themselves. For now, Qt MinGW for Windows has been the only tested version. Qt for OS X and Linux are planned, Qt for VC++ has not been planned for now.The source code is separated into a library that contains the settings and passes the generator needs, and a command-line client. In the future a GUI client, constructed with Qt# itself, is planned as well.

grafeas - Cloud artifact metadata CRUD API and resource specifications

  •    Go

Grafeas defines an API spec for managing metadata about software resources, such as container images, Virtual Machine (VM) images, JAR files, and scripts. You can use Grafeas to define and aggregate information about your project's components. Grafeas divides the metadata information into notes and occurrences. Notes are high-level descriptions of particular types of metadata. Occurrences are instantiations of notes, which describe how and when a given note occurs on the resource associated with the occurrence. This division allows third-party metadata providers to create and manage metadata on behalf of many customers. It also allows for fine-grained access control of different types of metadata.