跳转至

【Essential tools for penetration testing】

【Essential tools for penetration testing】Double Venom (DVenom) shellcode encryption wrapper and loader bypasses AV,

💻Collection search tools + analysis🔧

🔗【 ❤️ Download ❤️ 】

is able to bypass some well-known anti-virus software, and provides multiple encryption methods, including RC4, AES256, XOR and ROT, VirtualAl...

Introduction to DVenom

Double Venom (DVenom) is a tool that helps red teamers bypass AV by providing an encrypted wrapper and loader for your shellcode.

🚀 Features

  • 🛡️ Able to bypass some well-known antivirus software (AV).
  • 🔒 Provides multiple encryption methods, including RC4, AES256, XOR and ROT.
  • 🏗️ Generate source code using C#, Rust, PowerShell, ASPX and VBA.
  • 🔄 Use different shellcode loading technologies: VirtualAlloc, process injection, NT segment injection, and hollow process injection.

🎓 Get started

These instructions will provide you with a copy of the project up and running on your local machine for development and testing purposes.

👀 Prerequisites

  • Golang is installed.
  • Have a basic understanding of shellcode operations.
  • Familiar with C#, Rust, PowerShell, ASPX or VBA.

⬇️Installation

To clone and run this application, you need to have Git installed on your computer.

# Clone project
$ git clone 
# Enter the repository
$ cddvenom
# Build the application
$ go build /cmd/dvenom/

🎮 Usage

Once installed, you can run the tool using the following command:

./dvenom -h

Usage of ./dvenom:
  -e string
        Specify the encryption type for the shellcode (Supported types: xor, rot, aes256, rc4).
  -key string
        Provide the encryption key.
  -l string
        Specify the language (Supported languages: cs, rust, ps1, aspx, vba).
  -m string
        Specify the method type (Supported types: valloc, pinject, hollow, ntinject).
  -procname string
        Provide the process name to be injected. (default "explorer")
  -scfile string
        Provide the path to the shellcode file.

🎛️ Command line parameters:

  • -e: Specify the encryption type of shellcode (supported types: xor, rot, aes256, rc4).
  • -key: Provide encryption key.
  • -l: Specify the language (supported languages: cs, rs, ps1, aspx, vba).
  • -m: Specify the method type (supported types: valloc, pinject, hollow, ntinject).
  • -procname: Provide the process name to inject (default is "explorer").
  • -scfile: Provides the path to the shellcode file.

📚 Example

Generate C# source code containing encrypted shellcode.

Please note,If AES256 is selected as the encryption method, an initialization vector (IV) is automatically generated.

./dvenom -e aes256 -key secretKey -l cs -m ntinject -procname explorer -scfile /home/zerx0r/shellcode.bin > ntinject.cs

📋 Limitations

languageSupported methodsSupported encryption
C#valloc, pinject, hollow, ntinjectxor, rot, aes256, rc4
Rustpinject, hollow, ntinjectxor, rot, rc4
PowerShellvalloc, pinjectxor, rot
ASPXvallocxor, rot
VBAvallocxor, rot

[] download link

Please indicate the source and link when reprinting