• Stars
    star
    114
  • Rank 306,284 (Top 7 %)
  • Language
    Python
  • Created over 7 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Generates anti-sandbox analysis HTA files without payloads

Disclaimer

As usual, this code and tool should not be used for malicious purposes.

genHTA

Usage:

python gen-hta.py
ο»Ώ β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•— β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—β–ˆβ–ˆβ–ˆβ•—   β–ˆβ–ˆβ•—β–ˆβ–ˆβ•—  β–ˆβ–ˆβ•—β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•— β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—
β–ˆβ–ˆβ•”β•β•β•β•β• β–ˆβ–ˆβ•”β•β•β•β•β•β–ˆβ–ˆβ–ˆβ–ˆβ•—  β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•‘  β–ˆβ–ˆβ•‘β•šβ•β•β–ˆβ–ˆβ•”β•β•β•β–ˆβ–ˆβ•”β•β•β–ˆβ–ˆβ•—
β–ˆβ–ˆβ•‘  β–ˆβ–ˆβ–ˆβ•—β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—  β–ˆβ–ˆβ•”β–ˆβ–ˆβ•— β–ˆβ–ˆβ•‘β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•‘   β–ˆβ–ˆβ•‘   β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•‘
β–ˆβ–ˆβ•‘   β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•”β•β•β•  β–ˆβ–ˆβ•‘β•šβ–ˆβ–ˆβ•—β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•”β•β•β–ˆβ–ˆβ•‘   β–ˆβ–ˆβ•‘   β–ˆβ–ˆβ•”β•β•β–ˆβ–ˆβ•‘
β•šβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•”β•β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—β–ˆβ–ˆβ•‘ β•šβ–ˆβ–ˆβ–ˆβ–ˆβ•‘β–ˆβ–ˆβ•‘  β–ˆβ–ˆβ•‘   β–ˆβ–ˆβ•‘   β–ˆβ–ˆβ•‘  β–ˆβ–ˆβ•‘
 β•šβ•β•β•β•β•β• β•šβ•β•β•β•β•β•β•β•šβ•β•  β•šβ•β•β•β•β•šβ•β•  β•šβ•β•   β•šβ•β•   β•šβ•β•  β•šβ•β•

Non-malicious anti-sandbox analysis HTA File Generator
Author: Vincent Yiu (@vysecurity)


[*] genHTA Started
[*] Begin populating with data, insert information now.

Title - This is the name of the campaign or could be the organisation you are posing to be.
[*] Title: Against Breast Cancer

Do you want for the HTA to be maximised? (Y/N)
[*] Maximised: Y

Subtitle - Enter a subtitle that will appear as part of the campaign.
[*] Subtitle: Afternoon Tea

Banner - Enter a URL or local path for the image that you would like embedded.
[*] Banner location: http://www.mancunianmatters.co.uk/sites/default/files/styles/article_main/public/Pink%20afternoon%20tea.jpg

Describe the questionnaire, why are we conducting this?
Begin by writing a quick few sentences on who the organisation are.
[*] About Organisation: After Breast Cancer is an charity that is working to fight against breast cancer of all forms within our world.

Now describe why you are conducting this question.
[*] About the questionnaire: ABC are running an afternoon tea event in order to raise funds for breast cancer research.

Now we will begin with inserting questions in the document.
How many questions would you like in the form?
[*] Number of questions: 4

There are currently three choices of questions you can have.
(1) radio selector, (2) input box, (3) textarea
[*] ID of choice (1/2/3): 2

[*] Enter a question: Name:

[*] ID of choice (1/2/3): 2

[*] Enter a question: Email:

[*] ID of choice (1/2/3): 3

[*] Enter a question: Dietary Requirements:

[*] ID of choice (1/2/3): 1

[*] Enter a question: Allergies?:

[*] How many radio buttons would you like? (1-10): 2
[*] A word to describe the worst option (eg. No, terrible, worst, strongly disagree): No
[*] A word to describe the best option (eg. Yes, fantastic, best, strongly agree): Yes


Submit Message - The message to display after submitting the form.
[*] Submit Message: Thankyou for your interest, we will contact you shortly
[+] Open file: output.hta
[+] Generated HTA
[+] Payload written

Example

More Repositories

1

RedTips

Red Team Tips as posted by @vysecurity on Twitter
1,015
star
2

LinkedInt

LinkedIn Recon Tool
Python
941
star
3

DomLink

A tool to link a domain with registered organisation names and emails, to other domains.
Python
781
star
4

DomainFrontingLists

A list of Domain Frontable Domains by CDN
532
star
5

morphHTA

morphHTA - Morphing Cobalt Strike's evil.HTA
Python
500
star
6

ANGRYPUPPY

Bloodhound Attack Path Automation in CobaltStrike
PowerShell
307
star
7

IPFuscator

IPFuscator - A tool to automatically generate alternative IP representations
Python
238
star
8

Aggressor-VYSEC

PowerShell
195
star
9

CVE-2017-8759

CVE-2017-8759 - A vulnerability in the SOAP WDSL parser.
174
star
10

ps1-toolkit

Obfuscated Penetration Testing PowerShell scripts
PowerShell
123
star
11

CVE-2018-4878

Aggressor Script to launch IE driveby for CVE-2018-4878
88
star
12

checkO365

checkO365 is a tool to check if a target domain is using O365
Python
84
star
13

CobaltSplunk

Splunk Dashboard for CobaltStrike logs
Python
83
star
14

ATT-CK_Analysis

Repository for my ATT&CK analysis research.
Python
70
star
15

FSharp-Shellcode

F# Implementation to spawn shellcode
F#
45
star
16

Invoke-ProcessScan

Gives context to a system. Uses EQGRP shadow broker leaked list to give some descriptions to processes.
PowerShell
42
star
17

AzureAppC2

A script that can be deployed to Azure App for C2 / Proxy / Redirector
Python
27
star
18

basicAuth

Basic Auth Phish page
PHP
25
star
19

ShellcodeConversion

A collection of shell code conversion scripts that I have written over time for repetitive tasks
Python
18
star
20

RDPInception

A script to attack users who are RDPing into a machine and recurse this attack. For security testers and attack simulations.
Batchfile
18
star
21

Office365TenantsList

Office365 Tenants List
16
star
22

WindfarmDynamite-CNA

CobaltStrike Aggressor Script to utilise FuzzySec's Windows Notification Framework Research to Spawn a Shell under Explorer.exe
15
star
23

EmpireAMSI

PowerShell
13
star
24

DoH-Servers

DNS over HTTPS Servers
12
star
25

BadIP

Bad Security Vendor IPs
Shell
10
star
26

wepwnise

A generator to weaponize Macro payloads that can evade EMET and utilises native VB migration.
Python
9
star
27

PWNDB

Parse PWNDB
Python
8
star
28

autovpn

Easily connect to a VPN in a country of your choice
Go
7
star
29

CloudServiceLists

Tenants list for each cloud service.
6
star
30

CVE-2020-0796

CVE-2020-0796 - Working PoC - 20200313
6
star
31

vysecurity

6
star
32

PacketParser

A cap/pcap packet parser to make life easier when performing stealth/passive reconnaissance.
Python
5
star
33

SCTPersistence

Create COM Objects backed by Scripts, not DLLs
JavaScript
5
star
34

nuclei-templates-notags

5
star
35

CVE-2021-40444

3
star
36

Linkedin_Connect_NEWUI

A Python Script that controls Selenium to automate the process of connecting on LinkedIn
Python
2
star
37

malleable-profiles

2
star
38

IIS_exploit

Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.
Python
2
star
39

test-conf

1
star
40

Archive

Archive
1
star
41

vysecurity.github.io

HTML
1
star
42

HOLYWATER

1
star
43

nextjs-blog-theme

1
star
44

DomainFrontingProxies

A list of Domain Fronting Proxies that are known to permit or break Domain Fronting
1
star