Dvenom - Tool That Provides An Encryption Wrapper And Loader For Your Shellcode

Double Venom (DVenom) is a tool that helps red teamers bypass AVs by providing an encryption wrapper and loader for your shellcode.

  • Capable of bypassing some well-known antivirus (AVs).
  • Offers multiple encryption methods including RC4, AES256, XOR, and ROT.
  • Produces source code in C#, Rust, PowerShell, ASPX, and VBA.
  • Employs different shellcode loading techniques: VirtualAlloc, Process Injection, NT Section Injection, Hollow Process Injection.

These instructions will get you a copy of the project up and running on your local machine for development and testing purposes.

  • Golang installed.
  • Basic understanding of shellcode operations.
  • Familiarity with C#, Rust, PowerShell, ASPX, or VBA.

To clone and run this application, you'll need Git installed on your computer. From your command line:

# Clone this repository
$ git clone https://github.com/zerx0r/dvenom
# Go into the repository
$ cd dvenom
# Build the application
$ go build /cmd/dvenom/

After installation, you can run the tool using the following command:

./dvenom -h

  • -e: Specify the encryption type for the shellcode (Supported types: xor, rot, aes256, rc4).
  • -key: Provide the encryption key.
  • -l: Specify the language (Supported languages: cs, rs, ps1, aspx, vba).
  • -m: Specify the method type (Supported types: valloc, pinject, hollow, ntinject).
  • -procname: Provide the process name to be injected (default is "explorer").
  • -scfile: Provide the path to the shellcode file.

To generate c# source code that contains encrypted shellcode.

Note that if AES256 has been selected as an encryption method, the Initialization Vector (IV) will be auto-generated.

./dvenom -e aes256 -key secretKey -l cs -m ntinject -procname explorer -scfile /home/zerx0r/shellcode.bin > ntinject.cs

Language Supported Methods Supported Encryption
C# valloc, pinject, hollow, ntinject xor, rot, aes256, rc4
Rust pinject, hollow, ntinject xor, rot, rc4
PowerShell valloc, pinject xor, rot
ASPX valloc xor, rot
VBA valloc xor, rot

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

This project is licensed under the MIT License - see the LICENSE file for details.

Double Venom (DVenom) is intended for educational and ethical testing purposes only. Using DVenom for attacking targets without prior mutual consent is illegal. The tool developer and contributor(s) are not responsible for any misuse of this tool.

Dvenom - Tool That Provides An Encryption Wrapper And Loader For Your Shellcode Dvenom - Tool That Provides An Encryption Wrapper And Loader For Your Shellcode Reviewed by Zion3R on 8:30 AM Rating: 5