Basic Syntax
Common Options
| Option | Description |
|---|---|
-p | Payload |
LHOST | Attacker IP |
LPORT | Listening port |
-f | Output format |
-o | Output file |
-e | Encoder |
-i | Encode iterations |
-b | Bad chars |
--platform | Force platform |
-a | Architecture |
Listener
Windows Payloads
Meterpreter (Recommended)
EXE
Staged HTTPS
DLL
ASPX
HTA
Normal Shell
Encoded Payload
Linux Payloads
Meterpreter ELF
Normal Shell
Python Payload
cmd/unix/reverse_python payload is a shell one-liner (it pipes a base64 stub into python), not Python source. Run it directly in a shell, not via python3 -c:
Bash One-liner
PHP Webshell
Web Payloads
| Language | Payload |
|---|---|
| JSP | java/jsp_shell_reverse_tcp |
| WAR | java/jsp_shell_reverse_tcp -f war |
| PHP | php/reverse_php |
| ASP | windows/meterpreter/reverse_tcp -f asp |
| ASPX | windows/meterpreter/reverse_tcp -f aspx |