Demiguise

The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page, the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user. This is an evasion technique to get round content / file-type inspection implemented by some security-appliances.

This tool is not designed to create awesome HTA content. There are many other tools/techniques that can help you with that. What it might help you with is getting your HTA into an environment in the first place, and (if you use environmental keying) to avoid it being sandboxed.

Since the tool outputs an HTML file containing JavaScript, you can simply take this JS and host it wherever you like. This means that if your client's website is vulnerable to reflected-XSS, you can use this to serve your HTA file from their (highly trusted) domain.