demiguise

The aim of this project is to generate .html files that contain an encrypted HTA file.

The idea is that when your target visits the page, the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user.

This is an evasion technique to get round content / file-type inspection implemented by some security-appliances.

Further technical information here.

Install:

git clone https://github.com/nccgroup/demiguise
cd demiguise

Usage:

# Generate an encrypted .hta file that executes notepad.exe
python demiguise.py -k hello -c "notepad.exe" -p Outlook.Application -o test.hta