The macro_pack tool shall only be used by pentester, security researchers, or other people with learning purpose. I condamn all use of security tools for unethical actions (weather these ar legal or illegal). I know this will not prevent usage by malicious people and that is why all features are not publicly released.
The macro_pack is a tool used to automatize obfuscation and generation of MS Office documents for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify antimalware solutions bypass and automatize the process from vba generation to final Office document generation. It is very simple to use:
– No configuration
– Everything can be done using a single line of code
The tool is compatible with payloads generated by popular pentest tools (Metasploit, Empire, …). It is also easy to combine with other tools as it is possible to read input from stdin and have a quiet output to another tool. This tool is written in Python3 and works on both Linux and Windows platform.
Note: Windows platform with genuine MS Office installed is required for Office documents automatic generation or trojan features.
The tool will use various obfuscation techniques, all automatic. Basic obfuscation (-o option) includes:
+ Renaming functions
+ Renaming variables
+ Removing spaces
+ Removing comments
+ Encoding Strings
Note that the main goal of macro_pack obfuscation is not to prevent reverse engineering, it is to prevent antivirus detection.
git clone https://github.com/sevagas/macro_pack && cd macro_pack
pip3 install -r requirements.txt
python3 macro_pack.py -h
python3 macro_pack.py -f empire.vba -o -W myDoc.docm