• Warning! Malware detected. Download at your own risk.
Download Latest Version venom v1.0.17.7 - Codename_ shinigami (Christmas Gift).zip (121.5 MB)
Email in envelope

Get an email when there's a new version of VENOM C2 shellcode

Home / v1.0.17
Name Modified Size InfoDownloads / Week
Parent folder
README.md 2020-08-29 7.5 kB
0
venom v1.0.17 - Codename_ shinigami.tar.gz 2020-08-29 120.7 MB
0
venom v1.0.17 - Codename_ shinigami.zip 2020-08-29 120.8 MB
0
Totals: 3 Items   241.6 MB 0

Author: r00t-3xp10it Version release: v1.0.17 Codename: shinigami (God of death) Distros Supported: Linux Ubuntu, Kali, Debian, BackBox, Parrot OS Suspicious-Shell-Activity© (SSA) RedTeam develop @2020

pdf1

Framework Description

This tool uses msfvenom (metasploit) to generate shellcode in diferent formats ( c | python | ruby | dll | msi | hta-psh | docm | docx | deb | xml | ps1 | bat | exe | elf | pdf | macho | etc ) then injects the shellcode generated into one template (example: python) "the template then execute the shellcode in RAM" and uses compilers like GCC (gnu cross compiler) mingw32 or pyinstaller.py to build the executable file.
it also starts an multi-handler to receive the remote connection (shell or meterpreter). Venom toolkit will maintain old shellcode builds (that are now being detected by AV soluctions) to serve as a library of technics used, but it will incorporate a new sub-menu categorie (since version v1.0.16) named 'Amsi Evasion Payloads' to deal with windows defender detection (and other Anti-Virus detections).


Version v1.0.17 Changelog


New Agents added |Categorie nº|Target OS|Agent nº|Description| |---|---|---|---| |8 (Amsi Evasion)|Windows systems (vista|7|8|8.1|10)|4|meterpeter C2 command & Control PowerShell rat ()| |8 (Amsi Evasion)|Windows systems (vista|7|8|8.1|10)|5|Social Engineering - Fake PDF Trojan Horse ()| |8 (Amsi Evasion)|Multi-Platforms (Linux|Mac|Windows)|6|SillyRAT multi-platform reverse TCP python shell ()| |3 (Multi-OS)|Multi-Platforms (Linux|Mac|Windows)|5|SillyRAT multi-platform reverse TCP python shell (*)|



Dropper/Client execution diagrams

(*) meterpeter C2 Command & Control rat its only available in venom for linux x64 bit because Microsoft does not support powershell under
linux x86 (32-bit) arch's and meterpeter rat its written using powershell language. the bellow diagram demonstrates meterpeter on x64 bit.

diagram2

(**) This Venom module will ask the attacker to insert a PDF document, creates a C program that will be compiled with the help of GCC
(mingw32 or mingw-W64) into a binary.exe where is main task its to download and run the attacker Legitimate PDF document and the
Client.exe (reverse tcp shell) from attacker's apache2 webserver. Using for that the Remote-Host PowerShell interpreter.

diagram1

() This venom module uses SillyRAT (python) rat to build the Client.py and to recive the connection back (server.py), venom then
Creates a standalone executable (Windows OR Linux distros) to be deliver to target user using one URL link. dropper main task its
to download and run Client.py (reverse tcp shell) from attacker's apache2 webserver to the sellected location chosen before..
*Remark: Under categorie nº8 (Amsi Evasion) SillyRAT will create an dropper.bat insted of dropper.exe to evade AV detection.

Sillypic



Improvements/Bug-fixes |Issue|Description|Bug Reports| |---|---|---| |The requested URL was not found on this server|setup.sh 'venom domain name' obsolect configs|@ricko2991| |review Setup.sh|sourcecode review/Improved|@r00t-3xp10it| |venom CLI displays improved|venom CLI interface improved|@r00t-3xp10it|



:octocat: Install venom v1.0.17 shinigami :octocat: 'Download the framework from github' Remark: Allways use git clone to download the tool because it downloads the lastest commits to sourcecode.
If you wish to download the stable version then scrool until the end of this page and download the .zip or .tar.gz packages.

git clone https://github.com/r00t-3xp10it/venom.git

Set execution permitions

cd venom
sudo find ./ -name "*.sh" -exec chmod +x {} \;
sudo find ./ -name "*.py" -exec chmod +x {} \;

Install all dependencies

cd aux && sudo ./setup.sh

Run main tool

sudo ./venom.sh



Remark: SillyRAT project under venom framework will build droppers (Windows|Linux) to auto-Install Client.py requirements
on target machine before download the Client.py from attacker apache2 webserver and finally executes it in background (child).
Linux droppers will fake the installation of some package [Steam-Installer] to silent execute the Client in a child process detach from dropper parent process. And Mac (Apple) build only creates the Client.py that requires to be manual executed on target systems.
Finally the Windows dropper will reproduce Linux dropper job, but all steps are taken in Background mode (none prompt displays). bannersilly Remark: Under 'Linux' or 'Mac' systems the Client.py needs to be manual stoped because it 'beacons home' in intervals of 8 sec.
Under 'Windows' systems its the 'dropper' process that requires to be manual stoped to abort the 'beacon home' Client function.


🥇 Credits & Special Thanks 🎉

Name Job
Shanty Damayanti (my geek wife) For having 'commissioned' me the 'Amsi Evasion PDF Trojan module'
@codings9 for helping me debug PDF Trojan Server\Client execution on linux x64 system
@paranoidninja CarbonCopy - Sign an executable for AV evasion (OBFUSCATION=ON)
@ZHacker13 For is original work in meterpeter reverse tcp powershell shell
@hash3liZer SillyRAT multi-platform reverse TCP python shell/server


Remark: Once any of the Amsi Evasion builds (agent's) starts to get flagged by AV solluctions, it will be deleted from amsi evasion
sub-categorie and copy to any of the venom main-menu above categories to be stored has a technic used (not bypassing AV anymore).

:octocat: Suspicious-Shell-Activity© (SSA) RedTeam develop @2020 :octocat:

Source: README.md, updated 2020-08-29