Goal
Search, generate & deliver payloads in an quick and easy way
Be as simple as possible BUT with all msfvenom payloads.
- Ever lost time searching the right MSFpayload ? Use the fast filter.
- Tired of inputing your IP, and defaults settings ? Let Easy-MsfVenom do it for you or ask for info.
- Want only stageless payloads (
-s
) ? Only Meterpreter ones (-m
)? - Want more complex options ? Want a hidden_tcp ? use
-k or --keyword
argument.
Features
- fast search through all Venom payloads.
- filter by Meterpreter / Bind / Reverse / architecture ...
- integrated easy delivery:
- Http server for Bind shells.
- Integrated listener for Reverse shells:
- launch of Msfconsole handler for Metasploit payloads.
- Launch of netcat listener for other payloads.
Usage
Note: By default, if omitted, we'll get x86 bind staged payloads
-
Interactive Mode:
-
Win shells /payloads :
./Easy-MsfVenom.py -t win
-
Linux shells /payloads :
./Easy-MsfVenom.py -t lin
-
Web shells /payloads (PHP,ASP, Java) :
./Easy-MsfVenom.py -t web
-
-
Some classics :
- Meterpreter Windows(x86) Bind_TCP payloads:
./Easy-MsfVenom.py -t win -m
- Meterpreter Windows(x86) Reverse TCP payloads:
./Easy-MsfVenom.py -t win -m -r
- Meterpreter Windows(x86) Bind_TCP payloads:
-
Custom search :
- Hidden Meterpreter Windows(x86) Bind_TCP payloads
./Easy-MsfVenom.py -t win -m -k hidden
- Powershell payloads:
./Easy-MsfVenom.py -k powershell
-
Full control :
- Meterpreter Win(x64) Stageless Reverse_TCP payloads:
./Easy-MsfVenom.py -t win -a x64 -m -s -r -p 4444
- Meterpreter Win(x64) Stageless Reverse_TCP payloads:
TO-DO:
- Add encoders with fast filters
- Add batch payloads
Requirement
- Python 3.x
- Metasploit-framework
Installation
git clone https://github.com/MatDupas/Easy-MsfVenom
cd Easy-MsfVenom; ./Easy-MsfVenom.py --upgrade
Upgrade
To keep Easy-MsfVenom synchronized with all MsfVenom payloads, just do:
./Easy-MsfVenom.py --upgrade
Note: it is useful to also keep metasploit-framework updated sudo apt update; sudo apt install metasploit-framework (it is better to make backup before upgrading, just in case...)
Legal / Ethics
TL;DR: Don't be evil, stay on the right side
This software is for educational and Pentesting /red Teaming purposes only. As a reminder, Attacking targets without prior mutual consent is illegal. It is the end user’s responsibility to obey all applicable local, state and federal laws. The author assume no liability and no responsability for any misuse or damage caused by this software.
Easy-MsfVenom © 2021 by Mathieu Dupas is licensed under CC BY-NC 4.0