Venom – Pentesting Testing Scanner
Vulnerability Scanning or vuln scan is the automated process for identifying security flaws in the target or victim network or web applications. A vulnerability scan is also performed by attackers who try to find points of entry into your network. Various automated Vulnerability Scanners scans the network or Web Application for us. Venom is one of the computerized scanners which scans the domain for various security flaws like XSS, SQLi, RCE, and many more. Venom is a Python language-based tool. It’s open-source and completely free to use. Venom has adapted several new features that improve functionality and usability. It is primarily experimental software. Venom Tool is for finding and executing various vulnerabilities. It scavenges the web using dorks and organizes the URLs it finds.
Note: Make Sure You have Python Installed on your System, as this is a python-based tool.
Click to check the Installation process: Python Installation Steps on Linux
Features of Venom Tool
- Venom tool scans for LFI, RXE, XSS, etc, Security Flaws.
- Venom tool consists of Huge Dork Target Lists.
- Venom tool can detect WAFs Protection.
- Venom tool can find Admin Pages on Target Domain.
- Venom tool is open-source and free to use.
- Venom tool can perform DNS Brute-forcing.
- Venom tool is a cross-platform Python-based toolkit.
- Venom tool has a Cloudflare resolver.
Installation of Venom Tool in Kali Linux OS
Step 1: Install the Python3-dev using the following command.
sudo apt-get install python3-dev
Step 2: Install the Python-dev using the following command.
sudo apt-get install python-dev
Step 3: Fire up your Kali Linux terminal and move to Desktop using the following command.
Step 4: You are on Desktop now create a new directory called Venom using the following command. In this directory, we will complete the installation of the Venom tool.
Step 5: Now switch to the Venom directory using the following command.
Step 6: Now you have to install the tool. You have to clone the tool from Github.
git clone https://github.com/v3n0m-Scanner/V3n0M-Scanner.git
Step 7: The tool has been downloaded successfully in the Venom directory. Now list out the contents of the tool by using the below command.
Step 8: You can observe that there is a new directory created of the Venom tool that has been generated while we were installing the tool. Now move to that directory using the below command:
Step 9: Once again to discover the contents of the tool, use the below command.
Step 10: Run the setup.py file to fully install the tool, use the below command.
python3 setup.py install --user
Step 11: Run the v3n0m.py from the src directory.
Working with Venom Tool in Kali Linux
Example 1: Dork and Vuln Scan
1. In this example, We will be performing Vulnerability Scanning on our target geeksforgeeks.org. Required input values are given like target, random dorks, pages, increments.
2. In the below Screenshot, the types of scanning options are displayed and asking for the user input. After proving the essential option the scanning process will be started
3. In the below Screenshot, you can see that we have selected the 10th option (Scan all the things). So Venom tool will scan all the vulnerabilities on the geeksforgeeks.org domain and give the vulnerable points.
Example 2: Admin page finder
In this example, We will be finding the Admin Pages which are associated or hosted on screenshotgeeksforgeeks.org. In the below screenshot, you can see that the Venom tool checks all possible pages along with its status code.
Example 3: DNS brute
1. In this example, We will be performing DNS Brute Forcing. In the below screenshot, you can see that we got the Subdomains, CNAME Records, and the A records for our target domain.
Example 4: Enable Tor/Proxy Support
In this example, we will be enabling our proxy for setting up our proxy server for bypassing the WAF Firewalls. In the below Screenshot, we have specified the IP address, Type of Proxy, Port Number from which the Proxy Server will be enabled.
Example 5: Cloudflare Resolving
1. In this example, We will be Performing Cloudflare Resolving on geeksforgeeks.org. We have given the target link for resolving.
2. In the below Screenshot, you can see that we have got the information about the Cloudflare Resolving along with the Status and the IP address