Part of the Metasploit Framework, msfvenom is a command-line tool that helps penetration testers to generate stand-alone payloads to run on compromised machines to get remote access to the system. Msfvenom is a combination of two other Metasploit Framework tools: Msfpayload and Msfencode, which generate and encode payloads respectively.



Even if you have used Msfvenom before, chances are that you need to look up the tool's documentation every time you want to generate a payload. Msfvenom is a great tool, but getting all of the command line options right can be a challenge. With the new Payload generator, you can generate new payloads for any platform much more quickly:

Classic Payloads.png


Encoding the payload is easy, too. Simply type in the characters you'd like to see excluded from the payload.




You can choose different formats for the output format: EXE, raw bytes, and shellcode buffer.




We're making this new productivity feature available to you for free in Metasploit Community until April 30, 2014, after which it will become a Metasploit Pro exclusive feature again. You can get your free copy of Metasploit Community or a free Metasploit Pro trial on the Rapid7 website.