Vba2Graph is a tool for security researchers, who waste their time analyzing malicious Office macros. Generates a VBA call graph, with potential malicious keywords highlighted.
Allows for quick analysis of malicous macros, and easy understanding of the execution flow.
Also ReadBabySploit – Beginner Pentesting Toolkit/Framework Written in Python
https://github.com/decalage2/oletools/wiki/Install
pip2 install -r requirements.txt
Install Graphviz msi:
https://graphviz.gitlab.io/_pages/Download/Download_windows.html
Add “dot.exe” to PATH env variable or just:
set PATH=%PATH%;C:\Program Files (x86)\Graphviz2.38\bin
brew install graphviz
sudo apt-get install graphviz
sudo pacman -S graphviz
usage: vba2graph.py [-h] [-o OUTPUT] [-c {0,1,2,3}] (-i INPUT | -f FILE)
optional arguments:
-h, --help show this help message and exit
-o OUTPUT, --output OUTPUT
output folder (default: "output")
-c {0,1,2,3}, --colors {0,1,2,3}
color scheme number [0, 1, 2, 3] (default: 0 - B&W)
-i INPUT, --input INPUT
olevba generated file or .bas file
-f FILE, --file FILE Office file with macros
Only Python 2 is supported:
# Generate call graph directly from an Office file with macros [tnx @doomedraven]
python2 vba2graph.py -f malicious.doc -c 2
# Generate vba code using olevba then pipe it to vba2graph
olevba malicious.doc | python2 vba2graph.py -c 1
# Generate call graph from VBA code
python2 vba2graph.py -i vba_code.bas -o output_folder
You’ll get 4 folders in your output folder:
Example 1:
Trickbot downloader – utilizes object Resize event as initial trigger, followed by TextBox_Change triggers.
Example 2:
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.
GitButler is a git client that lets you work on multiple branches at the same…
Self-spreading to other Minecraft servers using an extendable, module-based lateral movement system. Crafty Controller Auth'd…
ModTask is an advanced C# tool designed for red teaming operations, focusing on manipulating scheduled…
HellBunny is a malleable shellcode loader written in C and Assembly utilizing direct and indirect…
SharpRedirect is a simple .NET Framework-based redirector from a specified local port to a destination…
Flyphish is an Ansible playbook allowing cyber security consultants to deploy a phishing server in…