root@promote:~# msfvenom -h
MsfVenom - a Metasploit standalone payload generator.
Also a replacement for msfpayload and msfencode.
Usage: /usr/bin/msfvenom [options] <var=val>
Options:
-p, --payload <payload> Payload to use. Specify a '-' or stdin to use custom payloads
指定使用的payload
--payload-options List the payload's standard options
-l, --list [type] List a module type. Options are: payloads, encoders, nops, all
查看所有可用的资源
-n, --nopsled <length> Prepend a nopsled of [length] size on to the payload
为payload预定一个NOP滑动长度
-f, --format <format> Output format (use --help-formats for a list)
--help-formats List available formats
指定payload输出格式
-e, --encoder <encoder> The encoder to use
指定使用的编码器
-a, --arch <arch> The architecture to use
指定payload的目标架构
--platform <platform> The platform of the payload
指定payload的目标平台
-s, --space <length> The maximum size of the resulting payload
指定攻击载荷的最大长度
--encoder-space <length> The maximum size of the encoded payload (defaults to the -s value)
-b, --bad-chars <list> The list of characters to avoid example: '\x00\xff'
规避的字符集
-i, --iterations <count> The number of times to encode the payload
指定payload的编码次数
-c, --add-code <path> Specify an additional win32 shellcode file to include
指定附加的win32 shellcode文件
-x, --template <path> Specify a custom executable file to use as a template
指定一个自定义的可执行文件为模板
-k, --keep Preserve the template behavior and inject the payload as a new thread
-o, --out <path> Save the payload
保存payload
-v, --var-name <name> Specify a custom variable name to use for certain output formats
--smallest Generate the smallest possible payload
最小化生成shellcode
-h, --help Show this message
root@promote:~#
查看payload具体参数
msfvenom -p windows/meterpreter/bind_tcp –payload-options
如果msf生成的shellcode不能运行 可以生成c代码然后自己编译。