{"id":20417140,"url":"https://github.com/cybermonitor/adb","last_synced_at":"2026-03-27T02:41:36.797Z","repository":{"id":109741429,"uuid":"171212838","full_name":"CyberMonitor/adb","owner":"CyberMonitor","description":"Adaptive Document Builder","archived":false,"fork":false,"pushed_at":"2019-02-17T21:40:40.000Z","size":1631,"stargazers_count":5,"open_issues_count":0,"forks_count":19,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-04-12T17:22:11.336Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CyberMonitor.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-02-18T04:10:25.000Z","updated_at":"2024-09-25T16:56:53.000Z","dependencies_parsed_at":"2023-06-11T08:00:14.831Z","dependency_job_id":null,"html_url":"https://github.com/CyberMonitor/adb","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/CyberMonitor/adb","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberMonitor%2Fadb","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberMonitor%2Fadb/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberMonitor%2Fadb/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberMonitor%2Fadb/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CyberMonitor","download_url":"https://codeload.github.com/CyberMonitor/adb/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberMonitor%2Fadb/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31011428,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-27T02:33:22.146Z","status":"ssl_error","status_checked_at":"2026-03-27T02:33:21.763Z","response_time":164,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-15T06:24:52.319Z","updated_at":"2026-03-27T02:41:36.781Z","avatar_url":"https://github.com/CyberMonitor.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# adb\nAdaptive Document Builder\n\nA framework for generating simulated malicious office documents.\n\n## Features\n\n* VBA is distinct for every document (level of distinction depends on the adversary document builder selected)\n* Random author based on easily updated/replaced name lists (sets local system registry keys before each document build)\n* Random file name based on the most commonly seen file names in malicious document campaigns\n* Multiple file formats (doc, docm, XML flat OPC)\n* Multiple file extensions (.doc, .docm, .rtf)\n* Supports multiple payloads\n* Functions for building and randomizing VBA are in a shared library for use across multiple adversary builders\n* Modular design and architecture for easy addition of more adversary builders\n* debug mode that outputs audit trail of document creation details including VBA contents\n\n## Runs on\n\nPython 3 on Windows\u003c/br\u003e\nCOM is used to interface with an installed and configured Office product\n\n## Pre-requisites\n\n- Office installed\n- Office opened once to create first-time-run registry entries\n- Office must \"Trust access to the VBA project object model\" (must be checked)\u003c/br\u003e\n    https://support.office.com/en-us/article/enable-or-disable-macros-in-office-files-12b036fd-d140-4e74-b45e-16fed1a7e5c6\n- Python modules in requirements.txt installed\n\n### Run this on a virtual machine!\n - Disable Windows Defender or add an exclusion for the adb files (before cloning) and your output directory or they might get cleaned\n - Registry entries will be changed when setting the author of documents, so don't run this with any production Office software\n\n## Usage\n\n### List available adversary emulation builders\n\n```\n\u003epython adb.py -l\nsample_with_network_test\nunderscore_crew_201806\n```\n\n### Build documents\n\nBuild 5 documents with vba and payload style resembling underscore_crew_201806 (group that delivered agent tesla during this time period)\n\n* Extension: .doc\n* File Format: XML flat OPC\n\n```\n\u003epython adb.py -a underscore_crew_201806 -c 5 -o C:\\users\\h\\desktop\\out -f flatxml -e doc\n[*] Building document Sales_Invoice_6619.doc with author: Valentia A Petersen\n[*] Building document Your_Invoices_5801.doc with author: Nydia Shields\n[*] Building document Selected_Ticket_9047.doc with author: Felipa Henson\n[*] Building document Past_Due_Receipt_4278.doc with author: Minh J Mosley\n[*] Building document Final_Bill_7431.doc with author: Kaile Perkins\n```\n\n\n### Help Output\n```\nusage: program_name [-h] [-a ADVERSARY] [-f FILETYPE] [-e EXTENSION]\n                    [-c COUNT] [-l] [-o OUTDIR] [-d]\n\nprogram description\n\noptional arguments:\n  -h, --help            show this help message and exit\n  -a ADVERSARY, --adversary ADVERSARY\n                        -a --adversary {adversary name} (use -l to list)\n  -f FILETYPE, --filetype FILETYPE\n                        -f --filetype doc | docm | flatxml\n  -e EXTENSION, --extension EXTENSION\n                        -e --extension doc | docm | rtf\n  -c COUNT, --count COUNT\n                        -c --count {# of docs to create}\n  -l, --listadversaries\n                        -l --listadversaries : list available adversaries and\n                        exits\n  -o OUTDIR, --outdir OUTDIR\n                        -o --outdir {path\\to\\outdir}\n  -d, --debug           -d --debug : print debug statements and playbook for\n                        each document\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcybermonitor%2Fadb","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcybermonitor%2Fadb","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcybermonitor%2Fadb/lists"}