The script will use msfvenom (metasploit) to generate shellcode in diferent formats ( c | python | ruby | dll | msi | hta-psh ) injects the shellcode generated into one template (example: python) “the python funtion will execute the shellcode into ram” and uses compilers like gcc (gnu cross compiler) or mingw32 or pyinstaller to build the executable file, also starts a multi-handler to recive the remote connection (shell or meterpreter session)

‘venom generator’ tool reproduces some of the technics used by,,, etc, etc, etc..

“P.S. some payloads are undetectable by AV solutions… yes!!!” One of the reasons for that its the use of a function to execute the 2° stage of shell/meterpreter directly into targets ram the other reazon its the use of external obfuscator/crypters.


venom (malicious_server) was build to take advantage of apache2 webserver to deliver payloads (LAN) using a fake webpage writen in html that takes advantage of <iframe> <meta-http-equiv> or “<form>” tags to be hable to trigger payload downloads, the user just needs to send the link provided to target host.

“Apache2 (malicious url) will copy all files needed to your webroot”


  • Zenity
  • Metasploit
  • GCC (compiler)
  • Pyinstaller (compiler)
  • mingw32 (compiler)
  • (crypter)
  • wine (emulator)
  • PEScrambler.exe (PE obfuscator)
  • apache2 (webserver)| winrar (wine)
  • vbs-obfuscator (obfuscator)
  • avet (Daniel Sauder)
  • shellter (KyRecon)
  • ettercap (MitM + DNS_Spoofing)
  • encrypt_PolarSSL (AES crypter)

“ will download/install all dependencies as they are needed”

Adicionally was build venom-main/aux/ to help you install all venom framework dependencies (metasploit as to be manually installed).


Framework Main Menu


[ Build 4 ] python/pyinstaller – osiris.exe

Build 4 Work floow: Build shellcode in C language, embebbed into one python template and compiled to exe by pyinstaller = osiris.exe


Download VENOM