Skip to content

noraj/vbsmin

master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
bin
 
 
 
 
lib
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

VBSmin

Gem Version GitHub tag (latest SemVer) GitHub forks GitHub stars GitHub license Rawsec's CyberSecurity Inventory

Packaging status

VBScript minifier

Features

  • ⬜️ Remove extra whitespace
    • Trailing whitespace
    • Leading whitespace
    • Blank lines
    • Inline extra spaces
  • 💬 Remove comments
    • Single quote (start of the line)
    • Single quote (inline)
    • REM
  • 1️⃣ One-line
    • Line splitting (underscore)
    • Colon

Quick start

Quick install

$ gem install vbsmin

See more install options.

Default usage: CLI

$ vbsmin samples/features.vbs
Original file size: 344 bytes
Minified file size: 244 bytes
Size saved: 100 bytes

Original file path: samples/features.vbs
Minified file path: samples/features.min.vbs

Default usage: library

require 'vbsmin'

vm = VBSMin.new
vm.minify('samples/features.vbs')

Example of output

So this chunk of script...

' Get WMI Object.
On Error Resume Next
Set objWbemLocator = CreateObject _
  ("WbemScripting.SWbemLocator")

if Err.Number Then
  REM Display error
  WScript.Echo vbCrLf & "Error # " & _
               " " & Err.Description
End If
On Error GoTo 0	

... should be minified to:

On Error Resume Next:Set objWbemLocator = CreateObject ("WbemScripting.SWbemLocator"):if Err.Number Then:WScript.Echo vbCrLf & "Error # " & " " & Err.Description:End If:On Error GoTo 0

References

Homepage / Documentation: https://noraj.github.io/vbsmin/

See why this CLI / tool was required.

Use cases

  • SQLi: when having a SQLi with write permission, you can write some files on the system, but some DBMS like PostgreSQL doesn't support newlines in an insert statement so you have to be able to write a one-line payload
  • File size:
    • in XSS or Word macro to get the more short and stealthy payload or even to bypass security mechanism based on length or size.
    • for performance or file upload limit

Author

Made by Alexandre ZANNI (@noraj)