Skip to content

Zerx0r/dvenom

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ย 

History

2 Commits

cmd

cmd

ย 
ย 

internal

internal

ย 
ย 

.gitignore

.gitignore

ย 
ย 

LICENSE

LICENSE

ย 
ย 

README.md

README.md

ย 
ย 

go.mod

go.mod

ย 
ย 

Repository files navigation

๐Ÿ Double Venom (DVenom)

Double Venom (DVenom) is a tool that helps red teamers bypass AVs by providing an encryption wrapper and loader for your shellcode.

๐Ÿš€ Features

  • ๐Ÿ›ก๏ธ Capable of bypassing some well-known antivirus (AVs).
  • ๐Ÿ”’ Offers multiple encryption methods including RC4, AES256, XOR, and ROT.
  • ๐Ÿ—๏ธ Produces source code in C#, Rust, PowerShell, ASPX, and VBA.
  • ๐Ÿ”„ Employs different shellcode loading techniques: VirtualAlloc, Process Injection, NT Section Injection, Hollow Process Injection.

๐ŸŽ“ Getting Started

These instructions will get you a copy of the project up and running on your local machine for development and testing purposes.

๐Ÿ‘€ Prerequisites

  • Golang installed.
  • Basic understanding of shellcode operations.
  • Familiarity with C#, Rust, PowerShell, ASPX, or VBA.

โฌ‡๏ธ Installation

To clone and run this application, you'll need Git installed on your computer. From your command line:

# Clone this repository
$ git clone https://github.com/zerx0r/dvenom
# Go into the repository
$ cd dvenom
# Build the application
$ go build /cmd/dvenom/

๐ŸŽฎ Usage

After installation, you can run the tool using the following command:

./dvenom -h

๐ŸŽ›๏ธ Command Line Arguments:

  • -e: Specify the encryption type for the shellcode (Supported types: xor, rot, aes256, rc4).
  • -key: Provide the encryption key.
  • -l: Specify the language (Supported languages: cs, rs, ps1, aspx, vba).
  • -m: Specify the method type (Supported types: valloc, pinject, hollow, ntinject).
  • -procname: Provide the process name to be injected (default is "explorer").
  • -scfile: Provide the path to the shellcode file.

๐Ÿ“š Example

To generate c# source code that contains encrypted shellcode.

Note that if AES256 has been selected as an encryption method, the Initialization Vector (IV) will be auto-generated.

./dvenom -e aes256 -key secretKey -l cs -m ntinject -procname explorer -scfile /home/zerx0r/shellcode.bin > ntinject.cs

๐Ÿ“‹ Limitations

Language Supported Methods Supported Encryption
C# valloc, pinject, hollow, ntinject xor, rot, aes256, rc4
Rust pinject, hollow, ntinject xor, rot, rc4
PowerShell valloc, pinject xor, rot
ASPX valloc xor, rot
VBA valloc xor, rot

๐Ÿ’ผ Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

๐Ÿ“œ License

This project is licensed under the MIT License - see the LICENSE file for details.

โš ๏ธ Disclaimer

Double Venom (DVenom) is intended for educational and ethical testing purposes only. Using DVenom for attacking targets without prior mutual consent is illegal. The tool developer and contributor(s) are not responsible for any misuse of this tool.

About

๐Ÿ Double Venom (DVenom) is a tool that provides an encryption wrapper and loader for your shellcode.

Topics

shellcode shellcode-loader redteam redteam-tools antivirus-bypass

Resources

Readme

License

MIT license
Activity

Stars

155 stars

Watchers

2 watching

Forks

22 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages