This tool is designed for educational red team exercises and security awareness training only. Unauthorized use against systems without explicit permission is illegal and unethical.
This application creates a pixel-perfect clone of the Windows User Account Control (UAC) prompt that can be customized and deployed in security assessments. When users enter credentials and click "Yes," the information is sent to a Discord webhook for collection and analysis.
- Visual Accuracy: Meticulously styled to match the authentic Windows UAC prompt
- Credential Harvesting: Captures entered credentials and sends them via Discord webhook
- Customization: Easily modify the application name, publisher, and icon
- Stealth Operation: Minimizes user suspicion with authentic behavior
- Cross-Platform Development: Built with Electron for easy modification
- Executable Building: Package as a standalone Windows executable
- Node.js: v14.0.0 or higher
- Electron: v35.0.0 or higher
- Python 3.x: For customization script
- Discord Webhook: For receiving captured credentials
-
Clone this repository:
git clone https://github.com/RedOpsX/UACForgeX.git cd uac-prompt-clone -
Install dependencies:
npm install -
Run the customization script:
python uac.py -
Enter your customization options when prompted:
- Application name (e.g., "Printer driver software installation")
- Publisher name (e.g., "Microsoft Windows")
- Discord webhook URL
- Custom icon path (optional)
-
Choose whether to build the executable or run directly
npx electron .
npm install --save-dev electron-builder
npm run build
The executable will be created in the dist directory.
The UAC Prompt Clone can be customized using the included Python script:
python uac.py
- Application Name: The name displayed in the UAC dialog
- Publisher Name: The verified publisher name shown in the dialog
- Discord Webhook URL: Where captured credentials will be sent
- Custom Icon: Replace the default icon with your own (SVG, PNG, JPG supported)
- Create a Discord server or use an existing one
- Create a channel for receiving credentials
- Channel Settings → Integrations → Webhooks → New Webhook
- Copy the webhook URL and use it in the customization script
index.js: Main Electron processindex.html: UAC dialog interfacestyles.css: Visual styling for authentic appearancerenderer.js: UI interaction handlingpreload.js: Security bridge for Electronuac.py: Customization and build script
- Electron: Application framework
- HTML/CSS/JavaScript: User interface
- Python: Customization automation
- Node.js: Runtime environment
- electron-builder: Packaging and distribution
The build configuration in package.json can be modified for more advanced packaging options:
"build": {
"appId": "com.uac.prompt.clone",
"productName": "UAC Prompt",
"directories": {
"output": "dist"
},
"win": {
"target": "portable",
"icon": "assets/icon.png"
}
}For the best results with custom icons:
- Use PNG format for electron-builder
- SVG format works best for the application UI
- Recommended size: 256x256 pixels
- Phishing campaigns
- Social engineering assessments
- Security awareness training
- Endpoint security testing
- Test in isolated environments first
- Keep logs of all deployments for security audits
- Inform leadership before deployment in production
- Credential capture rate
- Time to user interaction
- Suspicion indicators from targets
- Train users to recognize authentic system dialogs
- Implement strong application control policies
- Deploy behavioral analysis tools that can detect spoofed system dialogs
- Configure Windows to use personalized UAC prompts where possible
- 🔗 Telegram Channel: t.me/RedOpsX
- 👤 Telegram (DM): @RedOpsX1337
This tool is developed for educational purposes and authorized red team security assessments only. The developers assume no liability for misuse or damage caused by this tool. Always obtain proper authorization before security testing.
Remember: With great power comes great responsibility. Use this tool ethically and legally.