Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/Zerx0r/dvenom
🐍 Double Venom (DVenom) is a tool that provides an encryption wrapper and loader for your shellcode.
https://github.com/Zerx0r/dvenom
antivirus-bypass redteam redteam-tools shellcode shellcode-loader
Last synced: 8 days ago
JSON representation
🐍 Double Venom (DVenom) is a tool that provides an encryption wrapper and loader for your shellcode.
- Host: GitHub
- URL: https://github.com/Zerx0r/dvenom
- Owner: Zerx0r
- License: mit
- Archived: true
- Created: 2023-07-30T14:53:18.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2023-09-07T20:19:18.000Z (about 1 year ago)
- Last Synced: 2024-10-31T21:03:07.927Z (12 days ago)
- Topics: antivirus-bypass, redteam, redteam-tools, shellcode, shellcode-loader
- Language: Go
- Homepage:
- Size: 17.6 KB
- Stars: 158
- Watchers: 2
- Forks: 19
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# 🐍 Double Venom (DVenom)
Double Venom (DVenom) is a tool that helps red teamers bypass AVs by providing an encryption wrapper and loader for your
shellcode.## 🚀 Features
- 🛡️ Capable of bypassing some well-known antivirus (AVs).
- 🔒 Offers multiple encryption methods including RC4, AES256, XOR, and ROT.
- 🏗️ Produces source code in C#, Rust, PowerShell, ASPX, and VBA.
- 🔄 Employs different shellcode loading techniques: VirtualAlloc, Process Injection, NT Section Injection, Hollow
Process Injection.## 🎓 Getting Started
These instructions will get you a copy of the project up and running on your local machine for development and testing
purposes.### 👀 Prerequisites
- Golang installed.
- Basic understanding of shellcode operations.
- Familiarity with C#, Rust, PowerShell, ASPX, or VBA.### ⬇️ Installation
To clone and run this application, you'll need Git installed on your computer. From your command line:
```bash
# Clone this repository
$ git clone https://github.com/zerx0r/dvenom
# Go into the repository
$ cd dvenom
# Build the application
$ go build /cmd/dvenom/
```## 🎮 Usage
After installation, you can run the tool using the following command:
```bash
./dvenom -h
```### 🎛️ Command Line Arguments:
- -e: Specify the encryption type for the shellcode (Supported types: xor, rot, aes256, rc4).
- -key: Provide the encryption key.
- -l: Specify the language (Supported languages: cs, rs, ps1, aspx, vba).
- -m: Specify the method type (Supported types: valloc, pinject, hollow, ntinject).
- -procname: Provide the process name to be injected (default is "explorer").
- -scfile: Provide the path to the shellcode file.### 📚 Example
To generate c# source code that contains encrypted shellcode.
> Note that if AES256 has been selected as an encryption method, the Initialization Vector (IV) will be auto-generated.```bash
./dvenom -e aes256 -key secretKey -l cs -m ntinject -procname explorer -scfile /home/zerx0r/shellcode.bin > ntinject.cs
```## 📋 Limitations
| Language | Supported Methods | Supported Encryption |
|------------|-----------------------------------|-----------------------|
| C# | valloc, pinject, hollow, ntinject | xor, rot, aes256, rc4 |
| Rust | pinject, hollow, ntinject | xor, rot, rc4 |
| PowerShell | valloc, pinject | xor, rot |
| ASPX | valloc | xor, rot |
| VBA | valloc | xor, rot |## 💼 Contributing
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
## 📜 License
This project is licensed under the MIT License - see the [LICENSE](./LICENSE) file for details.
## ⚠️ Disclaimer
Double Venom (DVenom) is intended for educational and ethical testing purposes only. Using DVenom for attacking targets
without prior mutual consent is illegal. The tool developer and contributor(s) are not responsible for any misuse of
this tool.