{"id":15115390,"url":"https://github.com/venerasf/Venera","last_synced_at":"2025-09-27T21:30:32.548Z","repository":{"id":65893697,"uuid":"589061184","full_name":"venerasf/Venera","owner":"venerasf","description":"A modular exploitation framework extensible with Lua","archived":false,"fork":false,"pushed_at":"2025-01-12T17:43:45.000Z","size":796,"stargazers_count":64,"open_issues_count":4,"forks_count":3,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-12T18:34:23.533Z","etag":null,"topics":["exploit","lua","pentest","pentest-tool","qa-automation","scanner","security","security-tools","testing","venera"],"latest_commit_sha":null,"homepage":"https://venera.farinap5.com/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/venerasf.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-01-14T23:22:04.000Z","updated_at":"2025-01-12T17:43:49.000Z","dependencies_parsed_at":"2024-06-15T18:24:11.295Z","dependency_job_id":"ef98c975-f13d-4c81-a055-759b1ea05912","html_url":"https://github.com/venerasf/Venera","commit_stats":null,"previous_names":["venerasf/venera"],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/venerasf%2FVenera","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/venerasf%2FVenera/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/venerasf%2FVenera/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/venerasf%2FVenera/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/venerasf","download_url":"https://codeload.github.com/venerasf/Venera/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":234460505,"owners_count":18836837,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["exploit","lua","pentest","pentest-tool","qa-automation","scanner","security","security-tools","testing","venera"],"created_at":"2024-09-26T01:43:49.031Z","updated_at":"2025-09-27T21:30:27.081Z","avatar_url":"https://github.com/venerasf.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"\u003cimg align=\"center\" src=\"img/venera4.png\" width=\"150px\"\u003e\n\u003ch1 align=\"center\"\u003eVenera Framework\u003c/h1\u003e\n\nVenera is a tool for automating customized tests and attacks agaist many kinds of protocol. It relies on a scripting engine based on the Lua scripting language that makes it possible to create modules for all types of checks and exploits. The framework is a manager and interpreter of lua scripts that provides functions and libraries for the creation of powerful tools integrated with services used during unitary tests, vulnerability scanning and exploitation fase. The user can create its own modules or use community made scripts, the tool is switchable for all kinds of need situation.\n\nSee the docs [venera.farinap5.com](https://venera.farinap5.com/)\n\n![](img/banner.png)\n---\n\n### Download and Run\n\nNo binary files are included, have go environment installed.\n\n```bash\nmake install-go-apt\n```\n\n```bash\ngit clone git@github.com:farinap5/Venera.git\ncd  Venera\nmake run\n```\n\n### Help Menu\n```\nGENERIC COMMAND  DESCRIPTION\n---------------  -----------\nhelp             Show help menu. Type `help \u003ccmd\u003e`.\nbash             Spawns a shell\nimport           Import a (edited) script\nexport           Export a script (to edit)\nglobals          Show global variables\nvpm              Venera package manager\nexit             Exits the prompt\nsearch           Searches a script\nuse              Load a script\n\nSCRIPT COMMAND  DESCRIPTION\n--------------  -----------\nset             Set value for a variable\nrun             Run a script/module\nback            Exit module/script\noptions         Show variables of script/module\nlua             Run Lua code in running script\ninfo            Info/metadata about script/module\nreload          Reloads the current script/module\n```\n\nUse help command to describe each command with examples.\n\n```\n[vnr]\u003e\u003e help search\n\nSEARCHING:\n    `search` list scripts.\n    `search match \u003ckey\u003e` list matching patterns.\n    `search match:path \u003ckey\u003e` list path matching.\n    `search match:description \u003ckey\u003e` list description matching.\n    `search tag \u003ctag1 tag2...\u003e` list matching tags.\n```\n\nA simple example of the interface:\n\n![](img/sstiexp.png)\n\n---\n\n## How does a module work? \n\nThe module is a lua script created with one or many goals, the module will execute a routine of your choice as you would code it as you want.\n\nThe modules done allow testers to target a specific, known vulnerability, or to perform generic verifications against the remote/local target.\n\n**See some examples in:** https://github.com/farinap5/Venera/tree/main/scripts/test.\n\nThe module has some essential tables as `METADATA` and `VARS` being loaded from `Init()`, and then the `Main()` function with the entrypoint of custom functions.\n\n### Table `METADATA`\n\n`METADATA` takes information reguarding the script so Venera can identify this module in its script base, all fields need to be configured properly.\n- `AUTHOR` is a list of strings, others who created the script or have participated in research for that flaw it abuses as example.\n- `VERSION` module/script version.\n- `TAGS` Some tags that define the script and its purpose. Scripts can be searched and executed based on their tags.\n- `INFO` The description of the script can, fault that abuses, type of test, proposed mitigations, it's up to the creator.\n\n```lua\nMETADATA = {\n    AUTHOR = {\"Author1 \u003cauthor1@mail.com\u003e\"},\n    VERSION = \"0.1\",\n    TAGS = {\"example\",\"http\",\"scanner\"},\n    INFO = [[HTTP requests with lua-go]]\n}\n```\n### Table `VARS`\n\n`VARS` table loads the script's variables, which it uses as parameters for its actions.\n\n```lua\nVARS = {\n    URL = {VALUE=\"http://example.com\", NEEDED=\"yes\", DESCRIPT=\"URL\"},\n    METHOD = {VALUE=\"GET\", NEEDED=\"yes\", DESCRIPT=\"METHOD\"}\n}\n```\n\nWhen the variables are setted in `VARS` table, the user is able to interact with them using the command `options` to list those variables, and then the command `set` to configure a value for a variable:\n\n```\n(scripts/test/http.lua)\u003e\u003e options\n\nVARIABLE  DEFAULT             NEEDED  DESCRIPTION\n--------  -------             ------  -----------\nURL       http://example.com  yes     URL\nMETHOD    GET                 yes     METHOD\n```\n\nAs mentioned, user also can edit those variables with the `set` command:\n\n```\n(scripts/test/http.lua)\u003e\u003e set URL http://google.com\n[OK] URL \u003c- http://google.com\n```\n\n### Function `Init()`\n\nWhen you run `use \u003cscript.lua\u003e` the `Init()` function is automatically executed, so the metadata and variables are loaded. You can put other things in the function to load on the first iteraction.\n\n```lua\nfunction Init()\n    Meta(METADATA) -- Load metadata \n    LoadVars(VARS) -- Load variables\nend\n```\n\n### Function `Main()`\n\nThe function `Main()` is the entrypoint of your custom script. It is called when user types `run`.\n\n```lua\nfunction Main()\n    local request = http.request(VARS.METHOD.VALUE, VARS.URL.VALUE)\n    local result, err = client:do_request(request)\n    PrintSuccsln(result.code)\n    PrintSuccsln(result.body)\nend\n```\n\n## Built-in Functions\n\nYou can call those function within the script without requirements. Those functions are written in golang and can be called from the lua script.\n\n`PrintSuccs( str )` Print success message.\n\n`PrintErr( str )` Print error message.\n\n`PrintInfo( str )` Print info message.\n\n`PrintSuccsln( str )`  Print success message with line ending.\n\n`PrintErrln( str )` Print error message with line ending.\n\n`PrintInfoln( str )` Print info message with line ending.\n\n`Print( str )` Print string.\n\n`Println( str )` Print string with line ending.\n\n`RandomString( length=int , \"a-zA-Z0-9\" ) -\u003e str` Generates random string.\n\n`Input( str ) -\u003e  str` Prompt for an user input.\n\n`Open( str ) -\u003e str` Read a local file.\n\n`Call( path=str )` Call another script/module. The `ARGS` from caller scripts are inherited by scripts being called. \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvenerasf%2FVenera","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvenerasf%2FVenera","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvenerasf%2FVenera/lists"}