├── LICENSE ├── README.md ├── go.mod ├── main.go ├── obfuscation └── obfuscation.go ├── out.vbs ├── sample.vbs └── utils └── utils.go /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2025 EvilBytecode 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to use the Software for educational and authorized cybersecurity research purposes only, subject to the following conditions: 7 | 8 | The above copyright notice, this permission notice, and the following disclaimer shall be included in all copies or substantial portions of the Software. 9 | 10 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 11 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS (INCLUDING EvilBytecode) BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, 12 | WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE, COPYING, DOWNLOADING, OR OTHER DEALINGS IN THE SOFTWARE. 13 | 14 | DISCLAIMER: I, EvilBytecode, release this project strictly for educational, academic, and authorized cybersecurity research purposes. 15 | By accessing, downloading, copying, using, or modifying this software, you agree to these terms. 16 | You must obtain explicit written permission from system owners before conducting any testing using this software. 17 | Unauthorized use, distribution, or deployment of this software against any third party, device, network, or system without prior consent is strictly forbidden and illegal. 18 | I, EvilBytecode, disclaim all responsibility, liability, or consequences arising from any misuse, illegal activities, damages, or losses resulting from this software. -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # VBS-Obfuscator-Go 2 | VBS-Obfuscator-GO is a Go-based tool designed for obfuscating VBScript (VBS) files. It transforms readable VBScript code into a less recognizable form by employing random variable names and encoding character values using mathematical operations. This helps protect scripts from casual inspection and modification. 3 | 4 | # Features 5 | - Random Variable Naming: Generates unique, random variable names to replace original readable names. 6 | - Mathematical Character Encoding: Obfuscates character values using various arithmetic operations such as addition, subtraction, and division. 7 | - Random Capitalization: Applies random capitalization to VBScript keywords and variable names. 8 | 9 | ## Usage 10 | - To obfuscate a VBScript file, use the following command: 11 | ``` 12 | go run obfuscator.go inputFile.vbs outputFile.vbs 13 | ``` 14 | Replace ``inputFile.vbs`` with your source VBScript file and ``outputFile.vbs`` with the target output file path. 15 | 16 | ## Example 17 | - To obfuscate a script named example.vbs into example_obfuscated.vbs, execute: 18 | 19 | ```go run obfuscator.go example.vbs example_obfuscated.vbs``` 20 | 21 | ## Contributing 22 | - Contributions are welcome! Please fork the repository and submit a pull request with your improvements or bug fixes. 23 | 24 | ## Output Example: 25 | ```vbs 26 | dIm rQYcRYotBATtLNAyJXDrlSaLspMYixuiHEjJKweCyfMsxZvoEdnguuLn, UfJnvKturBVaDzNiomRsmyVnAXPMXAJWIeaMgQayWvwLAFKRAeaRlPEm, nqPNyKVCmFYgJtlBxlJNFvkIrAXLVQOGYeDYwqoomKGUnLzhhaSryQxa 27 | sUB vXdnFcILOlmwolUiPVPTwiFdQzGmxVfLuahXlNPWBVSVBxZleoywunKC 28 | RQYCRyotBATTLnaYJxDRlSALsPMyiXUiHejJkwEcYfMsXzvOEdnguUlN = "587859/6757*91632/1104*6154-6055*9283-9169*1049-944*-941+1053*662360/5710*-2034+2080*3215-3146*630828/6372*957736/9209*431568/3888*21824/682*9779-9745*5017-4945*3077-2976*81540/755*-1628+1736*-7782+7893*5833-5789*-8495+8527*-2209+2296*1056609/9519*3814-3700*278748/2581*-740+840*57057/1729*267-233" 29 | UfJNVKtUrbVadZnIoMRsMyvnaXPMXAJwIeamGQaYwVWlaFKraEArLPEM = Split(RQyCRYotbaTtLNaYJXdrLSaLSPMYIXuIHEJjkwecyFmsxzvoednGUULn, chr(eval(8809-8767))) 30 | fOR EACh dzaPqAuHHeUBhiVVmBhBFjRadtyqCOyLuqXKXUUJLYCenKZnHQrlQAIT In uFjNvKtuRbVADzNIomrSmyvnAxPmXaJwiEAMgqAYWVwlAfkraEArLPEM 31 | NQpNykvCmFYgjTlBxLJNfVkiRaxLVQOgYeDyWQOoMKguNLZHhaSRyqXa = nqpnYKvcmfYGJTlbxljNfvKIRaXlvQOGyeDyWqoomKgUnlZHHaSRyqXa & cHr(EVAL(DZapQaUhheUBHIvVmBhBfJRaDTyQCOYlUqxkXuuJlyCEnKznhQrlqaIt)) 32 | next 33 | lyLxeYXJtRfahQqtahfvuUgHtgpVTrMJQNMHubOGKDJfQlRHIYBLBlpE 34 | eval(eXEcUTE(NQPNykVCMfYGJTLBXlJNfvkIRaXLvQogyedywQoomKGUnlZhHASryqxA)) 35 | End Sub 36 | vXdNFCILoLMWOLUipVPTwiFDqZGMxvfLUaHxLnpwbVSvbXzLEoyWUNkC 37 | ``` 38 | 39 | 40 | ## License 41 | This project is licensed under the MIT License. See the LICENSE file for details. -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module Ebyte-VBS-Obf 2 | 3 | go 1.22.2 4 | -------------------------------------------------------------------------------- /main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "fmt" 5 | "os" 6 | 7 | "Ebyte-VBS-Obf/obfuscation" 8 | "Ebyte-VBS-Obf/utils" 9 | ) 10 | 11 | func main() { 12 | if len(os.Args) != 3 { 13 | fmt.Println("[+] Usage: go run obfuscator.go inFile.vbs outFile.vbs") 14 | os.Exit(1) 15 | } 16 | 17 | utils.SeedRandom() 18 | 19 | splitter := "*" 20 | 21 | numOfChars := utils.RandomInt(5, 60) 22 | pld := utils.RandomString(numOfChars) 23 | array := utils.RandomString(numOfChars) 24 | temp := utils.RandomString(numOfChars) 25 | x := utils.RandomString(numOfChars) 26 | 27 | subOne := utils.RandomString(numOfChars) 28 | subTwo := utils.RandomString(numOfChars) 29 | 30 | inputFile, err := os.ReadFile(os.Args[1]) 31 | if err != nil { 32 | fmt.Println("[-] Error reading input file:", err) 33 | os.Exit(1) 34 | } 35 | 36 | outputFile, err := os.Create(os.Args[2]) 37 | if err != nil { 38 | fmt.Println("[-] Error creating output file:", err) 39 | os.Exit(1) 40 | } 41 | defer outputFile.Close() 42 | 43 | fmt.Fprintln(outputFile, obfuscation.RandCapitalization("Dim "+pld+", "+array+", "+temp)) 44 | fmt.Fprintln(outputFile, obfuscation.RandCapitalization("Sub "+subOne)) 45 | fmt.Fprintf(outputFile, "%s = \"%s\"\n", obfuscation.RandCapitalization(pld), obfuscation.Obfu(string(inputFile))) 46 | fmt.Fprintf(outputFile, "%s = Split(%s, chr(eval(%s)))\n", obfuscation.RandCapitalization(array), pld, obfuscation.Obfu(splitter)) 47 | fmt.Fprintln(outputFile, obfuscation.RandCapitalization("for each "+x+" in "+array)) 48 | fmt.Fprintln(outputFile, obfuscation.RandCapitalization(temp+" = "+temp+" & chr(eval("+x+"))")) 49 | fmt.Fprintln(outputFile, obfuscation.RandCapitalization("next")) 50 | fmt.Fprintln(outputFile, obfuscation.RandCapitalization(subTwo)) 51 | fmt.Fprintln(outputFile, obfuscation.RandCapitalization("eval(execute("+temp+"))")) 52 | fmt.Fprintln(outputFile, obfuscation.RandCapitalization("End Sub")) 53 | fmt.Fprintln(outputFile, obfuscation.RandCapitalization(subOne)) 54 | 55 | fmt.Println("[+] EByte Obf Done!") 56 | } 57 | -------------------------------------------------------------------------------- /obfuscation/obfuscation.go: -------------------------------------------------------------------------------- 1 | package obfuscation 2 | 3 | import ( 4 | "fmt" 5 | "math/rand" 6 | "strings" 7 | "Ebyte-VBS-Obf/utils" 8 | ) 9 | 10 | // RandCapitalization randomly capitalizes letters in a string. 11 | func RandCapitalization(characters string) string { 12 | var capiString strings.Builder 13 | for _, char := range characters { 14 | if rand.Intn(2) == 0 { 15 | capiString.WriteRune(utils.ToUpper(char)) 16 | } else { 17 | capiString.WriteRune(utils.ToLower(char)) 18 | } 19 | } 20 | return capiString.String() 21 | } 22 | 23 | // Obfu obfuscates a string by encoding characters. 24 | func Obfu(body string) string { 25 | var encBody strings.Builder 26 | for i, char := range body { 27 | if i == 0 { 28 | encBody.WriteString(Expr(int(char))) 29 | } else { 30 | encBody.WriteString("*" + Expr(int(char))) 31 | } 32 | } 33 | return encBody.String() 34 | } 35 | 36 | func Expr(char int) string { 37 | rangeVal := rand.Intn(9901) + 100 38 | exp := rand.Intn(3) 39 | 40 | switch exp { 41 | case 0: 42 | return fmt.Sprintf("%d-%d", rangeVal+char, rangeVal) 43 | case 1: 44 | return fmt.Sprintf("%d+%d", char-rangeVal, rangeVal) 45 | case 2: 46 | return fmt.Sprintf("%d/%d", char*rangeVal, rangeVal) 47 | } 48 | return "" 49 | } 50 | -------------------------------------------------------------------------------- /out.vbs: -------------------------------------------------------------------------------- 1 | dIm rQYcRYotBATtLNAyJXDrlSaLspMYixuiHEjJKweCyfMsxZvoEdnguuLn, UfJnvKturBVaDzNiomRsmyVnAXPMXAJWIeaMgQayWvwLAFKRAeaRlPEm, nqPNyKVCmFYgJtlBxlJNFvkIrAXLVQOGYeDYwqoomKGUnLzhhaSryQxa 2 | sUB vXdnFcILOlmwolUiPVPTwiFdQzGmxVfLuahXlNPWBVSVBxZleoywunKC 3 | RQYCRyotBATTLnaYJxDRlSALsPMyiXUiHejJkwEcYfMsXzvOEdnguUlN = "587859/6757*91632/1104*6154-6055*9283-9169*1049-944*-941+1053*662360/5710*-2034+2080*3215-3146*630828/6372*957736/9209*431568/3888*21824/682*9779-9745*5017-4945*3077-2976*81540/755*-1628+1736*-7782+7893*5833-5789*-8495+8527*-2209+2296*1056609/9519*3814-3700*278748/2581*-740+840*57057/1729*267-233" 4 | UfJNVKtUrbVadZnIoMRsMyvnaXPMXAJwIeamGQaYwVWlaFKraEArLPEM = Split(RQyCRYotbaTtLNaYJXdrLSaLSPMYIXuIHEJjkwecyFmsxzvoednGUULn, chr(eval(8809-8767))) 5 | fOR EACh dzaPqAuHHeUBhiVVmBhBFjRadtyqCOyLuqXKXUUJLYCenKZnHQrlQAIT In uFjNvKtuRbVADzNIomrSmyvnAxPmXaJwiEAMgqAYWVwlAfkraEArLPEM 6 | NQpNykvCmFYgjTlBxLJNfVkiRaxLVQOgYeDyWQOoMKguNLZHhaSRyqXa = nqpnYKvcmfYGJTlbxljNfvKIRaXlvQOGyeDyWqoomKgUnlZHHaSRyqXa & cHr(EVAL(DZapQaUhheUBHIvVmBhBfJRaDTyQCOYlUqxkXuuJlyCEnKznhQrlqaIt)) 7 | next 8 | lyLxeYXJtRfahQqtahfvuUgHtgpVTrMJQNMHubOGKDJfQlRHIYBLBlpE 9 | eval(eXEcUTE(NQPNykVCMfYGJTLBXlJNfvkIRaXLvQogyedywQoomKGUnlZhHASryqxA)) 10 | End Sub 11 | vXdNFCILoLMWOLUipVPTwiFDqZGMxvfLUaHxLnpwbVSvbXzLEoyWUNkC 12 | -------------------------------------------------------------------------------- /sample.vbs: -------------------------------------------------------------------------------- 1 | WScript.Echo "Hello, World!" -------------------------------------------------------------------------------- /utils/utils.go: -------------------------------------------------------------------------------- 1 | package utils 2 | 3 | import ( 4 | "math/rand" 5 | "strings" 6 | "time" 7 | ) 8 | 9 | // SeedRandom seeds the random number generator. 10 | func SeedRandom() { 11 | rand.Seed(time.Now().UnixNano()) 12 | } 13 | 14 | // RandomInt returns a random integer between min and max. 15 | func RandomInt(min, max int) int { 16 | return rand.Intn(max-min) + min 17 | } 18 | 19 | // RandomString generates a random string of the specified length. 20 | func RandomString(length int) string { 21 | const charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ" 22 | var result strings.Builder 23 | for i := 0; i < length; i++ { 24 | result.WriteByte(charset[rand.Intn(len(charset))]) 25 | } 26 | return result.String() 27 | } 28 | 29 | // ToUpper converts a rune to uppercase if it's a lowercase letter. 30 | func ToUpper(r rune) rune { 31 | if r >= 'a' && r <= 'z' { 32 | return r - ('a' - 'A') 33 | } 34 | return r 35 | } 36 | 37 | // ToLower converts a rune to lowercase if it's an uppercase letter. 38 | func ToLower(r rune) rune { 39 | if r >= 'A' && r <= 'Z' { 40 | return r + ('a' - 'A') 41 | } 42 | return r 43 | } 44 | --------------------------------------------------------------------------------