Invoke-Obfuscation is a PowerShell-based tool for transforming PowerShell commands and scripts into obfuscated forms to evade signature-based detection. It applies token-level, string-level, and encoding techniques to hide execution logic, and supports compressing commands before obfuscation to reduce size while concealing the original code.
The tool distinguishes itself through layered obfuscation that can be applied and reversed one layer at a time, allowing users to restore a script's original form. It offers multiple encoding schemes including ASCII, hex, octal, binary, and XOR, and can hide command-line arguments from powershell.exe by pushing them to parent or grandparent processes. Invoke-Obfuscation also generates obfuscated launcher commands for execution on target systems and simulates obfuscation across PowerShell versions 2.0 through 5.0 to test security tool detection capabilities.
The tool provides both an interactive interface for navigating obfuscation layers and a command-line mode for direct obfuscation operations. It supports launching obfuscated scripts through various methods including CLIP, WMIC, and stdin with randomized execution flags, and includes regex-based and auto-detection menu navigation to avoid manual backtracking.