A project that adds malware to office and pdf files over the web.
This project consists of two versions;
1- WebVenom Console Application 2- WebVenom Web Application
This project is a Python script that uses msfvenom to infect files in the upload directory and saves the infected files in the infected directory. The script can either take a reverse shell address from the user or read it from a config.fkn file if available.
msfvenom_infector_project/
├── infector.py # The main Python script
├── config.fkn # (Optional) File for reverse shell configuration
├── README.md # Documentation of the project
├── upload/ # Directory where files to be infected are placed
└── infected/ # Directory where infected files are saved
- Infect files: The script uses
msfvenomto generate a payload and infect files located in theuploaddirectory. - Customizable reverse shell: You can provide the reverse shell IP and port via a
config.fknfile, or the script will prompt you for the values. - Automatic infected file management: Infected files are automatically saved in the
infecteddirectory with a prefixed filename.
- Kali Linux: This script is designed to run on Kali Linux.
- Python 3.x: The script is written in Python 3.
- Metasploit Framework: Required to use the
msfvenomcommand.
If you haven't already installed Python 3 or Metasploit, you can install them using the following commands:
sudo apt-get update
sudo apt-get install python3
sudo apt-get install metasploit-framework-
Prepare the
uploaddirectory: Place the files you want to infect into theupload/directory. You can create the directory with the following command if it doesn't exist:mkdir upload
-
Set the reverse shell address: You can either:
- Create a
config.fknfile with the reverse shell IP and port in the formatLHOST:LPORT. - OR, the script will prompt you to enter the reverse shell address manually.
- Create a
-
Run the Python script: To run the script, simply use:
python3 infector.py
-
Check the
infecteddirectory: The infected files will be saved in theinfected/directory, which is created automatically if it doesn't exist.
To infect files using a reverse shell with IP 192.168.1.100 and port 4444, create a config.fkn file with the following content:
192.168.1.100:4444
Then, simply run:
python3 infector.pyInfected files will be saved in the infected directory with the filename prefix infected_.
- Ensure that
msfvenomis correctly installed and configured on your system. - Modify the payload type in the script if you want to infect non-Windows files or use different
msfvenomoptions.
WebVenom Web Application is a Flask-based web application designed to allow users to upload files and infect them with malicious payloads using msfvenom. This project integrates Python and msfvenom to provide a simple interface for file uploading, infection, and downloading of the infected files.
- Upload files through a user-friendly web interface.
- Infect files using msfvenom.
- Provide infected file download links to users.
- Delete infected files from the server.
To get the project running on your local machine, follow these steps:
Ensure that Python 3.x and msfvenom are installed on your system.
You need to have Flask installed. You can install it via pip:
```bash
pip install flask
```
-
Clone the project and run the
app.pyfile:git clone https://github.com/istec-iuc/WebVenom.git cd WebVenom python app.py -
Open your web browser and navigate to
http://127.0.0.1:5000.
- On the homepage, click the file upload button.
- Select a file and click "Upload."
- Return to the terminal and enter the reverse shell address.
- Once the file is infected using msfvenom, you can download the infected file.
WebVenom/
├── app.py # Flask application
├── upload/ # Uploaded files
├── infected/ # Infected files
└── templates/ # HTML templates
└── upload.html # Homepage HTML template
└── screenshots/ # Screenshots for documentation
```
## Screenshots
