msfpc

msfpc [/] [] []
or
msfpc [] []

/
    Specifies the target platform and architecture, e.g., windows/x64, linux/x86, android/armle. This determines the base payload type.


    Defines the shell or meterpreter type, and whether it's staged or stageless. Examples: reverse_tcp, bind_tcp, meterpreter_reverse_tcp, meterpreter_bind_tcp. Can be suffixed with _stageless for a single-stage payload.

LHOST=
    Local host IP address for the listener (required for reverse shells).

LPORT=
    Local port for the listener (required for reverse shells).

RHOST=
    Remote host IP address (required for bind shells).

RPORT=
    Remote port (required for bind shells).

ITERATIONS=
    Number of times to encode the payload (for some encoders).

FILENAME=
    Specify the output filename for the payload.

RAW
    Output the raw shellcode (not an executable).

INTERACTIVE
    Run msfpc in interactive mode, prompting for options.

The msfpc command, short for Metasploit Payload Creator, is a utility script often found in penetration testing distributions like Kali Linux. It acts as a wrapper around the more complex msfvenom tool, streamlining the process of generating malicious payloads.

While msfvenom offers extensive customization, msfpc simplifies common use cases by providing an interactive interface or a more intuitive command-line syntax for generating various types of payloads (e.g., reverse shells, bind shells) for different operating systems and architectures. It abstracts away many of msfvenom's intricate options, allowing users to quickly create payloads by specifying basic parameters like target OS, architecture, payload type (staged/stageless), and connection details (LHOST, LPORT).

Beyond just generating the payload executable, msfpc can also automatically create a corresponding Metasploit resource script (.rc), which can be loaded into msfconsole to set up a listener for the generated payload. This integrated approach significantly accelerates the initial stages of a penetration test, making it easier for users to generate and deploy payloads without deep knowledge of msfvenom's syntax.

msfpc simplifies payload generation but does not inherently make payloads undetectable by antivirus software. The generated payloads are still based on msfvenom's output, and may require further obfuscation or evasion techniques for real-world scenarios. Always use such tools responsibly and only on systems you have explicit permission to test.

The msfpc script emerged as a community-contributed or distribution-specific wrapper around msfvenom. While msfvenom itself is a core component of the Metasploit Framework, developed by Rapid7, msfpc's exact origin is less formally documented, often appearing as a utility script included in penetration testing Linux distributions like Kali Linux to enhance user experience. It addresses the common need to quickly generate standard payloads without memorizing the verbose syntax of msfvenom, reflecting a trend towards making powerful security tools more accessible to a wider range of users, from beginners to experienced pentesters.

msfvenom(1), msfconsole(1), armitage(1)