Metasploit_Payloads_Encoders_Modules

localhost:~ yuanjizhao$ msfvenom -l encoders

Framework Encoders [--encoder <value>]
======================================

    Name                          Rank       Description
    ----                          ----       -----------
    cmd/brace                     low        Bash Brace Expansion Command Encoder
    cmd/echo                      good       Echo Command Encoder
    cmd/generic_sh                manual     Generic Shell Variable Substitution Command Encoder
    cmd/ifs                       low        Bourne ${IFS} Substitution Command Encoder
    cmd/perl                      normal     Perl Command Encoder
    cmd/powershell_base64         excellent  Powershell Base64 Command Encoder
    cmd/printf_php_mq             manual     printf(1) via PHP magic_quotes Utility Command Encoder
    generic/eicar                 manual     The EICAR Encoder
    generic/none                  normal     The "none" Encoder
    mipsbe/byte_xori              normal     Byte XORi Encoder
    mipsbe/longxor                normal     XOR Encoder
    mipsle/byte_xori              normal     Byte XORi Encoder
    mipsle/longxor                normal     XOR Encoder
    php/base64                    great      PHP Base64 Encoder
    ppc/longxor                   normal     PPC LongXOR Encoder
    ppc/longxor_tag               normal     PPC LongXOR Encoder
    ruby/base64                   great      Ruby Base64 Encoder
    sparc/longxor_tag             normal     SPARC DWORD XOR Encoder
    x64/xor                       normal     XOR Encoder
    x64/xor_dynamic               normal     Dynamic key XOR Encoder
    x64/zutto_dekiru              manual     Zutto Dekiru
    x86/add_sub                   manual     Add/Sub Encoder
    x86/alpha_mixed               low        Alpha2 Alphanumeric Mixedcase Encoder
    x86/alpha_upper               low        Alpha2 Alphanumeric Uppercase Encoder
    x86/avoid_underscore_tolower  manual     Avoid underscore/tolower
    x86/avoid_utf8_tolower        manual     Avoid UTF8/tolower
    x86/bloxor                    manual     BloXor - A Metamorphic Block Based XOR Encoder
    x86/bmp_polyglot              manual     BMP Polyglot
    x86/call4_dword_xor           normal     Call+4 Dword XOR Encoder
    x86/context_cpuid             manual     CPUID-based Context Keyed Payload Encoder
    x86/context_stat              manual     stat(2)-based Context Keyed Payload Encoder
    x86/context_time              manual     time(2)-based Context Keyed Payload Encoder
    x86/countdown                 normal     Single-byte XOR Countdown Encoder
    x86/fnstenv_mov               normal     Variable-length Fnstenv/mov Dword XOR Encoder
    x86/jmp_call_additive         normal     Jump/Call XOR Additive Feedback Encoder
    x86/nonalpha                  low        Non-Alpha Encoder
    x86/nonupper                  low        Non-Upper Encoder
    x86/opt_sub                   manual     Sub Encoder (optimised)
    x86/service                   manual     Register Service
    x86/shikata_ga_nai            excellent  Polymorphic XOR Additive Feedback Encoder
    x86/single_static_bit         manual     Single Static Bit
    x86/unicode_mixed             manual     Alpha2 Alphanumeric Unicode Mixedcase Encoder
    x86/unicode_upper             manual     Alpha2 Alphanumeric Unicode Uppercase Encoder
    x86/xor_dynamic               normal     Dynamic key XOR Encoder

localhost:~ yuanjizhao$ msfvenom -l platforms

Framework Platforms [--platform <value>]
========================================

    Name
    ----
    aix
    android
    apple_ios
    bsd
    bsdi
    cisco
    firefox
    freebsd
    hardware
    hpux
    irix
    java
    javascript
    juniper
    linux
    mainframe
    multi
    netbsd
    netware
    nodejs
    openbsd
    osx
    php
    python
    r
    ruby
    solaris
    unifi
    unix
    unknown
    windows

localhost:~ yuanjizhao$   msfvenom  -l  archs

Framework Architectures [--arch <value>]
========================================

    Name
    ----
    aarch64
    armbe
    armle
    cbea
    cbea64
    cmd
    dalvik
    firefox
    java
    mips
    mips64
    mips64le
    mipsbe
    mipsle
    nodejs
    php
    ppc
    ppc64
    ppc64le
    ppce500v2
    python
    r
    ruby
    sparc
    sparc64
    tty
    x64
    x86
    x86_64
    zarch

localhost:~ yuanjizhao$   msfvenom  -l  encrypt

Framework Encryption Formats [--encrypt <value>]
================================================

    Name
    ----
    aes256
    base64
    rc4
    xor

localhost:~ yuanjizhao$   msfvenom  -l  formats

Framework Executable Formats [--format <value>]
===============================================

    Name
    ----
    asp
    aspx
    aspx-exe
    axis2
    dll
    elf
    elf-so
    exe
    exe-only
    exe-service
    exe-small
    hta-psh
    jar
    jsp
    loop-vbs
    macho
    msi
    msi-nouac
    osx-app
    psh
    psh-cmd
    psh-net
    psh-reflection
    vba
    vba-exe
    vba-psh
    vbs
    war

Framework Transform Formats [--format <value>]
==============================================

    Name
    ----
    bash
    c
    csharp
    dw
    dword
    hex
    java
    js_be
    js_le
    num
    perl
    pl
    powershell
    ps1
    py
    python
    raw
    rb
    ruby
    sh
    vbapplication
    vbscript

localhost:~ yuanjizhao$   msfvenom  -l  nops

Framework NOPs (10 total)
=========================

    Name             Description
    ----             -----------
    aarch64/simple   Simple NOP generator
    armle/simple     Simple NOP generator
    mipsbe/better    Better NOP generator
    php/generic      Generates harmless padding for PHP scripts
    ppc/simple       Simple NOP generator
    sparc/random     SPARC NOP generator
    tty/generic      Generates harmless padding for TTY input
    x64/simple       An x64 single/multi byte NOP instruction generator.
    x86/opty2        Opty2 multi-byte NOP generator
    x86/single_byte  Single-byte NOP generator

localhost:~ yuanjizhao$   msfvenom  
Error: No options
MsfVenom - a Metasploit standalone payload generator.
Also a replacement for msfpayload and msfencode.
Usage: /opt/metasploit-framework/bin/../embedded/framework/msfvenom [options] <var=val>
Example: /opt/metasploit-framework/bin/../embedded/framework/msfvenom -p windows/meterpreter/reverse_tcp LHOST=<IP> -f exe -o payload.exe

Options:
    -l, --list            <type>     List all modules for [type]. Types are: payloads, encoders, nops, platforms, archs, encrypt, formats, all
    -p, --payload         <payload>  Payload to use (--list payloads to list, --list-options for arguments). Specify '-' or STDIN for custom
        --list-options               List --payload <value>'s standard, advanced and evasion options
    -f, --format          <format>   Output format (use --list formats to list)
    -e, --encoder         <encoder>  The encoder to use (use --list encoders to list)
        --sec-name        <value>    The new section name to use when generating large Windows binaries. Default: random 4-character alpha string
        --smallest                   Generate the smallest possible payload using all available encoders
        --encrypt         <value>    The type of encryption or encoding to apply to the shellcode (use --list encrypt to list)
        --encrypt-key     <value>    A key to be used for --encrypt
        --encrypt-iv      <value>    An initialization vector for --encrypt
    -a, --arch            <arch>     The architecture to use for --payload and --encoders (use --list archs to list)
        --platform        <platform> The platform for --payload (use --list platforms to list)
    -o, --out             <path>     Save the payload to a file
    -b, --bad-chars       <list>     Characters to avoid example: '\x00\xff'
    -n, --nopsled         <length>   Prepend a nopsled of [length] size on to the payload
        --pad-nops                   Use nopsled size specified by -n <length> as the total payload size, auto-prepending a nopsled of quantity (nops minus payload length)
    -s, --space           <length>   The maximum size of the resulting payload
        --encoder-space   <length>   The maximum size of the encoded payload (defaults to the -s value)
    -i, --iterations      <count>    The number of times to encode the payload
    -c, --add-code        <path>     Specify an additional win32 shellcode file to include
    -x, --template        <path>     Specify a custom executable file to use as a template
    -k, --keep                       Preserve the --template behaviour and inject the payload as a new thread
    -v, --var-name        <value>    Specify a custom variable name to use for certain output formats
    -t, --timeout         <second>   The number of seconds to wait when reading the payload from STDIN (default 30, 0 to disable)
    -h, --help                       Show this message

 

1 localhost:~ yuanjizhao$ msfvenom -l payloads
  2 
  3 Framework Payloads (546 total) [--payload <value>]
  4 ==================================================
  5 
  6     Name                                                Description
  7     ----                                                -----------
  8     aix/ppc/shell_bind_tcp                              Listen for a connection and spawn a command shell
  9     aix/ppc/shell_find_port                             Spawn a shell on an established connection
 10     aix/ppc/shell_interact                              Simply execve /bin/sh (for inetd programs)
 11     aix/ppc/shell_reverse_tcp                           Connect back to attacker and spawn a command shell
 12     android/meterpreter/reverse_http                    Run a meterpreter server in Android. Tunnel communication over HTTP
 13     android/meterpreter/reverse_https                   Run a meterpreter server in Android. Tunnel communication over HTTPS
 14     android/meterpreter/reverse_tcp                     Run a meterpreter server in Android. Connect back stager
 15     android/meterpreter_reverse_http                    Connect back to attacker and spawn a Meterpreter shell
 16     android/meterpreter_reverse_https                   Connect back to attacker and spawn a Meterpreter shell
 17     android/meterpreter_reverse_tcp                     Connect back to the attacker and spawn a Meterpreter shell
 18     android/shell/reverse_http                          Spawn a piped command shell (sh). Tunnel communication over HTTP
 19     android/shell/reverse_https                         Spawn a piped command shell (sh). Tunnel communication over HTTPS
 20     android/shell/reverse_tcp                           Spawn a piped command shell (sh). Connect back stager
 21     apple_ios/aarch64/meterpreter_reverse_http          Run the Meterpreter / Mettle server payload (stageless)
 22     apple_ios/aarch64/meterpreter_reverse_https         Run the Meterpreter / Mettle server payload (stageless)
 23     apple_ios/aarch64/meterpreter_reverse_tcp           Run the Meterpreter / Mettle server payload (stageless)
 24     apple_ios/aarch64/shell_reverse_tcp                 Connect back to attacker and spawn a command shell
 25     apple_ios/armle/meterpreter_reverse_http            Run the Meterpreter / Mettle server payload (stageless)
 26     apple_ios/armle/meterpreter_reverse_https           Run the Meterpreter / Mettle server payload (stageless)
 27     apple_ios/armle/meterpreter_reverse_tcp             Run the Meterpreter / Mettle server payload (stageless)
 28     bsd/sparc/shell_bind_tcp                            Listen for a connection and spawn a command shell
 29     bsd/sparc/shell_reverse_tcp                         Connect back to attacker and spawn a command shell
 30     bsd/vax/shell_reverse_tcp                           Connect back to attacker and spawn a command shell
 31     bsd/x64/exec                                        Execute an arbitrary command
 32     bsd/x64/shell_bind_ipv6_tcp                         Listen for a connection and spawn a command shell over IPv6
 33     bsd/x64/shell_bind_tcp                              Bind an arbitrary command to an arbitrary port
 34     bsd/x64/shell_bind_tcp_small                        Listen for a connection and spawn a command shell
 35     bsd/x64/shell_reverse_ipv6_tcp                      Connect back to attacker and spawn a command shell over IPv6
 36     bsd/x64/shell_reverse_tcp                           Connect back to attacker and spawn a command shell
 37     bsd/x64/shell_reverse_tcp_small                     Connect back to attacker and spawn a command shell
 38     bsd/x86/exec                                        Execute an arbitrary command
 39     bsd/x86/metsvc_bind_tcp                             Stub payload for interacting with a Meterpreter Service
 40     bsd/x86/metsvc_reverse_tcp                          Stub payload for interacting with a Meterpreter Service
 41     bsd/x86/shell/bind_ipv6_tcp                         Spawn a command shell (staged). Listen for a connection over IPv6
 42     bsd/x86/shell/bind_tcp                              Spawn a command shell (staged). Listen for a connection
 43     bsd/x86/shell/find_tag                              Spawn a command shell (staged). Use an established connection
 44     bsd/x86/shell/reverse_ipv6_tcp                      Spawn a command shell (staged). Connect back to the attacker over IPv6
 45     bsd/x86/shell/reverse_tcp                           Spawn a command shell (staged). Connect back to the attacker
 46     bsd/x86/shell_bind_tcp                              Listen for a connection and spawn a command shell
 47     bsd/x86/shell_bind_tcp_ipv6                         Listen for a connection and spawn a command shell over IPv6
 48     bsd/x86/shell_find_port                             Spawn a shell on an established connection
 49     bsd/x86/shell_find_tag                              Spawn a shell on an established connection (proxy/nat safe)
 50     bsd/x86/shell_reverse_tcp                           Connect back to attacker and spawn a command shell
 51     bsd/x86/shell_reverse_tcp_ipv6                      Connect back to attacker and spawn a command shell over IPv6
 52     bsdi/x86/shell/bind_tcp                             Spawn a command shell (staged). Listen for a connection
 53     bsdi/x86/shell/reverse_tcp                          Spawn a command shell (staged). Connect back to the attacker
 54     bsdi/x86/shell_bind_tcp                             Listen for a connection and spawn a command shell
 55     bsdi/x86/shell_find_port                            Spawn a shell on an established connection
 56     bsdi/x86/shell_reverse_tcp                          Connect back to attacker and spawn a command shell
 57     cmd/mainframe/apf_privesc_jcl                       (Elevate privileges for user. Adds SYSTEM SPECIAL and BPX.SUPERUSER to user profile. Does this by using an unsecured/updateable APF authorized library (APFLIB) and updating the user's ACEE using this program/library. Note: This privesc only works with z/OS systems using RACF, no other ESM is supported.)
 58     cmd/mainframe/bind_shell_jcl                        Provide JCL which creates a bind shell This implmentation does not include ebcdic character translation, so a client with translation capabilities is required. MSF handles this automatically.
 59     cmd/mainframe/generic_jcl                           Provide JCL which can be used to submit a job to JES2 on z/OS which will exit and return 0. This can be used as a template for other JCL based payloads
 60     cmd/mainframe/reverse_shell_jcl                     Provide JCL which creates a reverse shell This implementation does not include ebcdic character translation, so a client with translation capabilities is required. MSF handles this automatically.
 61     cmd/unix/bind_awk                                   Listen for a connection and spawn a command shell via GNU AWK
 62     cmd/unix/bind_busybox_telnetd                       Listen for a connection and spawn a command shell via BusyBox telnetd
 63     cmd/unix/bind_inetd                                 Listen for a connection and spawn a command shell (persistent)
 64     cmd/unix/bind_lua                                   Listen for a connection and spawn a command shell via Lua
 65     cmd/unix/bind_netcat                                Listen for a connection and spawn a command shell via netcat
 66     cmd/unix/bind_netcat_gaping                         Listen for a connection and spawn a command shell via netcat
 67     cmd/unix/bind_netcat_gaping_ipv6                    Listen for a connection and spawn a command shell via netcat
 68     cmd/unix/bind_nodejs                                Continually listen for a connection and spawn a command shell via nodejs
 69     cmd/unix/bind_perl                                  Listen for a connection and spawn a command shell via perl
 70     cmd/unix/bind_perl_ipv6                             Listen for a connection and spawn a command shell via perl
 71     cmd/unix/bind_r                                     Continually listen for a connection and spawn a command shell via R
 72     cmd/unix/bind_ruby                                  Continually listen for a connection and spawn a command shell via Ruby
 73     cmd/unix/bind_ruby_ipv6                             Continually listen for a connection and spawn a command shell via Ruby
 74     cmd/unix/bind_socat_udp                             Creates an interactive shell via socat
 75     cmd/unix/bind_stub                                  Listen for a connection and spawn a command shell (stub only, no payload)
 76     cmd/unix/bind_zsh                                   Listen for a connection and spawn a command shell via Zsh. Note: Although Zsh is often available, please be aware it isn't usually installed by default.
 77     cmd/unix/generic                                    Executes the supplied command
 78     cmd/unix/interact                                   Interacts with a shell on an established socket connection
 79     cmd/unix/reverse                                    Creates an interactive shell through two inbound connections
 80     cmd/unix/reverse_awk                                Creates an interactive shell via GNU AWK
 81     cmd/unix/reverse_bash                               Creates an interactive shell via bash's builtin /dev/tcp. This will not work on circa 2009 and older Debian-based Linux distributions (including Ubuntu) because they compile bash without the /dev/tcp feature.
 82     cmd/unix/reverse_bash_telnet_ssl                    Creates an interactive shell via mkfifo and telnet. This method works on Debian and other systems compiled without /dev/tcp support. This module uses the '-z' option included on some systems to encrypt using SSL.
 83     cmd/unix/reverse_ksh                                Connect back and create a command shell via Ksh. Note: Although Ksh is often available, please be aware it isn't usually installed by default.
 84     cmd/unix/reverse_lua                                Creates an interactive shell via Lua
 85     cmd/unix/reverse_ncat_ssl                           Creates an interactive shell via ncat, utilizing ssl mode
 86     cmd/unix/reverse_netcat                             Creates an interactive shell via netcat
 87     cmd/unix/reverse_netcat_gaping                      Creates an interactive shell via netcat
 88     cmd/unix/reverse_nodejs                             Continually listen for a connection and spawn a command shell via nodejs
 89     cmd/unix/reverse_openssl                            Creates an interactive shell through two inbound connections
 90     cmd/unix/reverse_perl                               Creates an interactive shell via perl
 91     cmd/unix/reverse_perl_ssl                           Creates an interactive shell via perl, uses SSL
 92     cmd/unix/reverse_php_ssl                            Creates an interactive shell via php, uses SSL
 93     cmd/unix/reverse_python                             Connect back and create a command shell via Python
 94     cmd/unix/reverse_python_ssl                         Creates an interactive shell via python, uses SSL, encodes with base64 by design.
 95     cmd/unix/reverse_r                                  Connect back and create a command shell via R
 96     cmd/unix/reverse_ruby                               Connect back and create a command shell via Ruby
 97     cmd/unix/reverse_ruby_ssl                           Connect back and create a command shell via Ruby, uses SSL
 98     cmd/unix/reverse_socat_udp                          Creates an interactive shell via socat
 99     cmd/unix/reverse_ssl_double_telnet                  Creates an interactive shell through two inbound connections, encrypts using SSL via "-z" option
100     cmd/unix/reverse_stub                               Creates an interactive shell through an inbound connection (stub only, no payload)
101     cmd/unix/reverse_zsh                                Connect back and create a command shell via Zsh. Note: Although Zsh is often available, please be aware it isn't usually installed by default.
102     cmd/windows/adduser                                 Create a new user and add them to local administration group. Note: The specified password is checked for common complexity requirements to prevent the target machine rejecting the user for failing to meet policy requirements. Complexity check: 8-14 chars (1 UPPER, 1 lower, 1 digit/special)
103     cmd/windows/bind_lua                                Listen for a connection and spawn a command shell via Lua
104     cmd/windows/bind_perl                               Listen for a connection and spawn a command shell via perl (persistent)
105     cmd/windows/bind_perl_ipv6                          Listen for a connection and spawn a command shell via perl (persistent)
106     cmd/windows/bind_ruby                               Continually listen for a connection and spawn a command shell via Ruby
107     cmd/windows/download_eval_vbs                       Downloads a file from an HTTP(S) URL and executes it as a vbs script. Use it to stage a vbs encoded payload from a short command line.
108     cmd/windows/download_exec_vbs                       Download an EXE from an HTTP(S) URL and execute it
109     cmd/windows/generic                                 Executes the supplied command
110     cmd/windows/powershell_bind_tcp                     Interacts with a powershell session on an established socket connection
111     cmd/windows/powershell_reverse_tcp                  Interacts with a powershell session on an established socket connection
112     cmd/windows/reverse_lua                             Creates an interactive shell via Lua
113     cmd/windows/reverse_perl                            Creates an interactive shell via perl
114     cmd/windows/reverse_powershell                      Connect back and create a command shell via Powershell
115     cmd/windows/reverse_ruby                            Connect back and create a command shell via Ruby
116     firefox/exec                                        This module runs a shell command on the target OS without touching the disk. On Windows, this command will flash the command prompt momentarily. This can be avoided by setting WSCRIPT to true, which drops a jscript "launcher" to disk that hides the prompt.
117     firefox/shell_bind_tcp                              Creates an interactive shell via Javascript with access to Firefox's XPCOM API
118     firefox/shell_reverse_tcp                           Creates an interactive shell via Javascript with access to Firefox's XPCOM API
119     generic/custom                                      Use custom string or file as payload. Set either PAYLOADFILE or PAYLOADSTR.
120     generic/debug_trap                                  Generate a debug trap in the target process
121     generic/shell_bind_tcp                              Listen for a connection and spawn a command shell
122     generic/shell_reverse_tcp                           Connect back to attacker and spawn a command shell
123     generic/tight_loop                                  Generate a tight loop in the target process
124     java/jsp_shell_bind_tcp                             Listen for a connection and spawn a command shell
125     java/jsp_shell_reverse_tcp                          Connect back to attacker and spawn a command shell
126     java/meterpreter/bind_tcp                           Run a meterpreter server in Java. Listen for a connection
127     java/meterpreter/reverse_http                       Run a meterpreter server in Java. Tunnel communication over HTTP
128     java/meterpreter/reverse_https                      Run a meterpreter server in Java. Tunnel communication over HTTPS
129     java/meterpreter/reverse_tcp                        Run a meterpreter server in Java. Connect back stager
130     java/shell/bind_tcp                                 Spawn a piped command shell (cmd.exe on Windows, /bin/sh everywhere else). Listen for a connection
131     java/shell/reverse_tcp                              Spawn a piped command shell (cmd.exe on Windows, /bin/sh everywhere else). Connect back stager
132     java/shell_reverse_tcp                              Connect back to attacker and spawn a command shell
133     linux/aarch64/meterpreter/reverse_tcp               Inject the mettle server payload (staged). Connect back to the attacker
134     linux/aarch64/meterpreter_reverse_http              Run the Meterpreter / Mettle server payload (stageless)
135     linux/aarch64/meterpreter_reverse_https             Run the Meterpreter / Mettle server payload (stageless)
136     linux/aarch64/meterpreter_reverse_tcp               Run the Meterpreter / Mettle server payload (stageless)
137     linux/aarch64/shell/reverse_tcp                     dup2 socket in x12, then execve. Connect back to the attacker
138     linux/aarch64/shell_reverse_tcp                     Connect back to attacker and spawn a command shell
139     linux/armbe/meterpreter_reverse_http                Run the Meterpreter / Mettle server payload (stageless)
140     linux/armbe/meterpreter_reverse_https               Run the Meterpreter / Mettle server payload (stageless)
141     linux/armbe/meterpreter_reverse_tcp                 Run the Meterpreter / Mettle server payload (stageless)
142     linux/armbe/shell_bind_tcp                          Listen for a connection and spawn a command shell
143     linux/armle/adduser                                 Create a new user with UID 0
144     linux/armle/exec                                    Execute an arbitrary command
145     linux/armle/meterpreter/bind_tcp                    Inject the mettle server payload (staged). Listen for a connection
146     linux/armle/meterpreter/reverse_tcp                 Inject the mettle server payload (staged). Connect back to the attacker
147     linux/armle/meterpreter_reverse_http                Run the Meterpreter / Mettle server payload (stageless)
148     linux/armle/meterpreter_reverse_https               Run the Meterpreter / Mettle server payload (stageless)
149     linux/armle/meterpreter_reverse_tcp                 Run the Meterpreter / Mettle server payload (stageless)
150     linux/armle/shell/bind_tcp                          dup2 socket in r12, then execve. Listen for a connection
151     linux/armle/shell/reverse_tcp                       dup2 socket in r12, then execve. Connect back to the attacker
152     linux/armle/shell_bind_tcp                          Connect to target and spawn a command shell
153     linux/armle/shell_reverse_tcp                       Connect back to attacker and spawn a command shell
154     linux/mips64/meterpreter_reverse_http               Run the Meterpreter / Mettle server payload (stageless)
155     linux/mips64/meterpreter_reverse_https              Run the Meterpreter / Mettle server payload (stageless)
156     linux/mips64/meterpreter_reverse_tcp                Run the Meterpreter / Mettle server payload (stageless)
157     linux/mipsbe/exec                                   A very small shellcode for executing commands. This module is sometimes helpful for testing purposes.
158     linux/mipsbe/meterpreter/reverse_tcp                Inject the mettle server payload (staged). Connect back to the attacker
159     linux/mipsbe/meterpreter_reverse_http               Run the Meterpreter / Mettle server payload (stageless)
160     linux/mipsbe/meterpreter_reverse_https              Run the Meterpreter / Mettle server payload (stageless)
161     linux/mipsbe/meterpreter_reverse_tcp                Run the Meterpreter / Mettle server payload (stageless)
162     linux/mipsbe/reboot                                 A very small shellcode for rebooting the system. This payload is sometimes helpful for testing purposes or executing other payloads that rely on initial startup procedures.
163     linux/mipsbe/shell/reverse_tcp                      Spawn a command shell (staged). Connect back to the attacker
164     linux/mipsbe/shell_bind_tcp                         Listen for a connection and spawn a command shell
165     linux/mipsbe/shell_reverse_tcp                      Connect back to attacker and spawn a command shell
166     linux/mipsle/exec                                   A very small shellcode for executing commands. This module is sometimes helpful for testing purposes as well as on targets with extremely limited buffer space.
167     linux/mipsle/meterpreter/reverse_tcp                Inject the mettle server payload (staged). Connect back to the attacker
168     linux/mipsle/meterpreter_reverse_http               Run the Meterpreter / Mettle server payload (stageless)
169     linux/mipsle/meterpreter_reverse_https              Run the Meterpreter / Mettle server payload (stageless)
170     linux/mipsle/meterpreter_reverse_tcp                Run the Meterpreter / Mettle server payload (stageless)
171     linux/mipsle/reboot                                 A very small shellcode for rebooting the system. This payload is sometimes helpful for testing purposes.
172     linux/mipsle/shell/reverse_tcp                      Spawn a command shell (staged). Connect back to the attacker
173     linux/mipsle/shell_bind_tcp                         Listen for a connection and spawn a command shell
174     linux/mipsle/shell_reverse_tcp                      Connect back to attacker and spawn a command shell
175     linux/ppc/meterpreter_reverse_http                  Run the Meterpreter / Mettle server payload (stageless)
176     linux/ppc/meterpreter_reverse_https                 Run the Meterpreter / Mettle server payload (stageless)
177     linux/ppc/meterpreter_reverse_tcp                   Run the Meterpreter / Mettle server payload (stageless)
178     linux/ppc/shell_bind_tcp                            Listen for a connection and spawn a command shell
179     linux/ppc/shell_find_port                           Spawn a shell on an established connection
180     linux/ppc/shell_reverse_tcp                         Connect back to attacker and spawn a command shell
181     linux/ppc64/shell_bind_tcp                          Listen for a connection and spawn a command shell
182     linux/ppc64/shell_find_port                         Spawn a shell on an established connection
183     linux/ppc64/shell_reverse_tcp                       Connect back to attacker and spawn a command shell
184     linux/ppc64le/meterpreter_reverse_http              Run the Meterpreter / Mettle server payload (stageless)
185     linux/ppc64le/meterpreter_reverse_https             Run the Meterpreter / Mettle server payload (stageless)
186     linux/ppc64le/meterpreter_reverse_tcp               Run the Meterpreter / Mettle server payload (stageless)
187     linux/ppce500v2/meterpreter_reverse_http            Run the Meterpreter / Mettle server payload (stageless)
188     linux/ppce500v2/meterpreter_reverse_https           Run the Meterpreter / Mettle server payload (stageless)
189     linux/ppce500v2/meterpreter_reverse_tcp             Run the Meterpreter / Mettle server payload (stageless)
190     linux/x64/exec                                      Execute an arbitrary command
191     linux/x64/meterpreter/bind_tcp                      Inject the mettle server payload (staged). Listen for a connection
192     linux/x64/meterpreter/reverse_tcp                   Inject the mettle server payload (staged). Connect back to the attacker
193     linux/x64/meterpreter_reverse_http                  Run the Meterpreter / Mettle server payload (stageless)
194     linux/x64/meterpreter_reverse_https                 Run the Meterpreter / Mettle server payload (stageless)
195     linux/x64/meterpreter_reverse_tcp                   Run the Meterpreter / Mettle server payload (stageless)
196     linux/x64/shell/bind_tcp                            Spawn a command shell (staged). Listen for a connection
197     linux/x64/shell/reverse_tcp                         Spawn a command shell (staged). Connect back to the attacker
198     linux/x64/shell_bind_ipv6_tcp                       Listen for an IPv6 connection and spawn a command shell
199     linux/x64/shell_bind_tcp                            Listen for a connection and spawn a command shell
200     linux/x64/shell_bind_tcp_random_port                Listen for a connection in a random port and spawn a command shell. Use nmap to discover the open port: 'nmap -sS target -p-'.
201     linux/x64/shell_find_port                           Spawn a shell on an established connection
202     linux/x64/shell_reverse_ipv6_tcp                    Connect back to attacker and spawn a command shell over IPv6
203     linux/x64/shell_reverse_tcp                         Connect back to attacker and spawn a command shell
204     linux/x86/adduser                                   Create a new user with UID 0
205     linux/x86/chmod                                     Runs chmod on specified file with specified mode
206     linux/x86/exec                                      Execute an arbitrary command
207     linux/x86/meterpreter/bind_ipv6_tcp                 Inject the mettle server payload (staged). Listen for an IPv6 connection (Linux x86)
208     linux/x86/meterpreter/bind_ipv6_tcp_uuid            Inject the mettle server payload (staged). Listen for an IPv6 connection with UUID Support (Linux x86)
209     linux/x86/meterpreter/bind_nonx_tcp                 Inject the mettle server payload (staged). Listen for a connection
210     linux/x86/meterpreter/bind_tcp                      Inject the mettle server payload (staged). Listen for a connection (Linux x86)
211     linux/x86/meterpreter/bind_tcp_uuid                 Inject the mettle server payload (staged). Listen for a connection with UUID Support (Linux x86)
212     linux/x86/meterpreter/find_tag                      Inject the mettle server payload (staged). Use an established connection
213     linux/x86/meterpreter/reverse_ipv6_tcp              Inject the mettle server payload (staged). Connect back to attacker over IPv6
214     linux/x86/meterpreter/reverse_nonx_tcp              Inject the mettle server payload (staged). Connect back to the attacker
215     linux/x86/meterpreter/reverse_tcp                   Inject the mettle server payload (staged). Connect back to the attacker
216     linux/x86/meterpreter/reverse_tcp_uuid              Inject the mettle server payload (staged). Connect back to the attacker
217     linux/x86/meterpreter_reverse_http                  Run the Meterpreter / Mettle server payload (stageless)
218     linux/x86/meterpreter_reverse_https                 Run the Meterpreter / Mettle server payload (stageless)
219     linux/x86/meterpreter_reverse_tcp                   Run the Meterpreter / Mettle server payload (stageless)
220     linux/x86/metsvc_bind_tcp                           Stub payload for interacting with a Meterpreter Service
221     linux/x86/metsvc_reverse_tcp                        Stub payload for interacting with a Meterpreter Service
222     linux/x86/read_file                                 Read up to 4096 bytes from the local file system and write it back out to the specified file descriptor
223     linux/x86/shell/bind_ipv6_tcp                       Spawn a command shell (staged). Listen for an IPv6 connection (Linux x86)
224     linux/x86/shell/bind_ipv6_tcp_uuid                  Spawn a command shell (staged). Listen for an IPv6 connection with UUID Support (Linux x86)
225     linux/x86/shell/bind_nonx_tcp                       Spawn a command shell (staged). Listen for a connection
226     linux/x86/shell/bind_tcp                            Spawn a command shell (staged). Listen for a connection (Linux x86)
227     linux/x86/shell/bind_tcp_uuid                       Spawn a command shell (staged). Listen for a connection with UUID Support (Linux x86)
228     linux/x86/shell/find_tag                            Spawn a command shell (staged). Use an established connection
229     linux/x86/shell/reverse_ipv6_tcp                    Spawn a command shell (staged). Connect back to attacker over IPv6
230     linux/x86/shell/reverse_nonx_tcp                    Spawn a command shell (staged). Connect back to the attacker
231     linux/x86/shell/reverse_tcp                         Spawn a command shell (staged). Connect back to the attacker
232     linux/x86/shell/reverse_tcp_uuid                    Spawn a command shell (staged). Connect back to the attacker
233     linux/x86/shell_bind_ipv6_tcp                       Listen for a connection over IPv6 and spawn a command shell
234     linux/x86/shell_bind_tcp                            Listen for a connection and spawn a command shell
235     linux/x86/shell_bind_tcp_random_port                Listen for a connection in a random port and spawn a command shell. Use nmap to discover the open port: 'nmap -sS target -p-'.
236     linux/x86/shell_find_port                           Spawn a shell on an established connection
237     linux/x86/shell_find_tag                            Spawn a shell on an established connection (proxy/nat safe)
238     linux/x86/shell_reverse_tcp                         Connect back to attacker and spawn a command shell
239     linux/x86/shell_reverse_tcp_ipv6                    Connect back to attacker and spawn a command shell over IPv6
240     linux/zarch/meterpreter_reverse_http                Run the Meterpreter / Mettle server payload (stageless)
241     linux/zarch/meterpreter_reverse_https               Run the Meterpreter / Mettle server payload (stageless)
242     linux/zarch/meterpreter_reverse_tcp                 Run the Meterpreter / Mettle server payload (stageless)
243     mainframe/shell_reverse_tcp                         Listen for a connection and spawn a command shell. This implementation does not include ebcdic character translation, so a client with translation capabilities is required. MSF handles this automatically.
244     multi/meterpreter/reverse_http                      Handle Meterpreter sessions regardless of the target arch/platform. Tunnel communication over HTTP
245     multi/meterpreter/reverse_https                     Handle Meterpreter sessions regardless of the target arch/platform. Tunnel communication over HTTPS
246     netware/shell/reverse_tcp                           Connect to the NetWare console (staged). Connect back to the attacker
247     nodejs/shell_bind_tcp                               Creates an interactive shell via nodejs
248     nodejs/shell_reverse_tcp                            Creates an interactive shell via nodejs
249     nodejs/shell_reverse_tcp_ssl                        Creates an interactive shell via nodejs, uses SSL
250     osx/armle/execute/bind_tcp                          Spawn a command shell (staged). Listen for a connection
251     osx/armle/execute/reverse_tcp                       Spawn a command shell (staged). Connect back to the attacker
252     osx/armle/shell/bind_tcp                            Spawn a command shell (staged). Listen for a connection
253     osx/armle/shell/reverse_tcp                         Spawn a command shell (staged). Connect back to the attacker
254     osx/armle/shell_bind_tcp                            Listen for a connection and spawn a command shell
255     osx/armle/shell_reverse_tcp                         Connect back to attacker and spawn a command shell
256     osx/armle/vibrate                                   Causes the iPhone to vibrate, only works when the AudioToolkit library has been loaded. Based on work by Charlie Miller <cmiller[at]securityevaluators.com>.
257     osx/ppc/shell/bind_tcp                              Spawn a command shell (staged). Listen for a connection
258     osx/ppc/shell/find_tag                              Spawn a command shell (staged). Use an established connection
259     osx/ppc/shell/reverse_tcp                           Spawn a command shell (staged). Connect back to the attacker
260     osx/ppc/shell_bind_tcp                              Listen for a connection and spawn a command shell
261     osx/ppc/shell_reverse_tcp                           Connect back to attacker and spawn a command shell
262     osx/x64/dupandexecve/bind_tcp                       dup2 socket in edi, then execve. Listen, read length, read buffer, execute
263     osx/x64/dupandexecve/reverse_tcp                    dup2 socket in edi, then execve. Connect, read length, read buffer, execute
264     osx/x64/exec                                        Execute an arbitrary command
265     osx/x64/meterpreter/bind_tcp                        Inject the mettle server payload (staged). Listen, read length, read buffer, execute
266     osx/x64/meterpreter/reverse_tcp                     Inject the mettle server payload (staged). Connect, read length, read buffer, execute
267     osx/x64/meterpreter_reverse_http                    Run the Meterpreter / Mettle server payload (stageless)
268     osx/x64/meterpreter_reverse_https                   Run the Meterpreter / Mettle server payload (stageless)
269     osx/x64/meterpreter_reverse_tcp                     Run the Meterpreter / Mettle server payload (stageless)
270     osx/x64/say                                         Say an arbitrary string outloud using Mac OS X text2speech
271     osx/x64/shell_bind_tcp                              Bind an arbitrary command to an arbitrary port
272     osx/x64/shell_find_tag                              Spawn a shell on an established connection (proxy/nat safe)
273     osx/x64/shell_reverse_tcp                           Connect back to attacker and spawn a command shell
274     osx/x86/bundleinject/bind_tcp                       Inject a custom Mach-O bundle into the exploited process. Listen, read length, read buffer, execute
275     osx/x86/bundleinject/reverse_tcp                    Inject a custom Mach-O bundle into the exploited process. Connect, read length, read buffer, execute
276     osx/x86/exec                                        Execute an arbitrary command
277     osx/x86/isight/bind_tcp                             Inject a Mach-O bundle to capture a photo from the iSight (staged). Listen, read length, read buffer, execute
278     osx/x86/isight/reverse_tcp                          Inject a Mach-O bundle to capture a photo from the iSight (staged). Connect, read length, read buffer, execute
279     osx/x86/shell_bind_tcp                              Listen for a connection and spawn a command shell
280     osx/x86/shell_find_port                             Spawn a shell on an established connection
281     osx/x86/shell_reverse_tcp                           Connect back to attacker and spawn a command shell
282     osx/x86/vforkshell/bind_tcp                         Call vfork() if necessary and spawn a command shell (staged). Listen, read length, read buffer, execute
283     osx/x86/vforkshell/reverse_tcp                      Call vfork() if necessary and spawn a command shell (staged). Connect, read length, read buffer, execute
284     osx/x86/vforkshell_bind_tcp                         Listen for a connection, vfork if necessary, and spawn a command shell
285     osx/x86/vforkshell_reverse_tcp                      Connect back to attacker, vfork if necessary, and spawn a command shell
286     php/bind_perl                                       Listen for a connection and spawn a command shell via perl (persistent)
287     php/bind_perl_ipv6                                  Listen for a connection and spawn a command shell via perl (persistent) over IPv6
288     php/bind_php                                        Listen for a connection and spawn a command shell via php
289     php/bind_php_ipv6                                   Listen for a connection and spawn a command shell via php (IPv6)
290     php/download_exec                                   Download an EXE from an HTTP URL and execute it
291     php/exec                                            Execute a single system command
292     php/meterpreter/bind_tcp                            Run a meterpreter server in PHP. Listen for a connection
293     php/meterpreter/bind_tcp_ipv6                       Run a meterpreter server in PHP. Listen for a connection over IPv6
294     php/meterpreter/bind_tcp_ipv6_uuid                  Run a meterpreter server in PHP. Listen for a connection over IPv6 with UUID Support
295     php/meterpreter/bind_tcp_uuid                       Run a meterpreter server in PHP. Listen for a connection with UUID Support
296     php/meterpreter/reverse_tcp                         Run a meterpreter server in PHP. Reverse PHP connect back stager with checks for disabled functions
297     php/meterpreter/reverse_tcp_uuid                    Run a meterpreter server in PHP. Reverse PHP connect back stager with checks for disabled functions
298     php/meterpreter_reverse_tcp                         Connect back to attacker and spawn a Meterpreter server (PHP)
299     php/reverse_perl                                    Creates an interactive shell via perl
300     php/reverse_php                                     Reverse PHP connect back shell with checks for disabled functions
301     php/shell_findsock                                  Spawn a shell on the established connection to the webserver. Unfortunately, this payload can leave conspicuous evil-looking entries in the apache error logs, so it is probably a good idea to use a bind or reverse shell unless firewalls prevent them from working. The issue this payload takes advantage of (CLOEXEC flag not set on sockets) appears to have been patched on the Ubuntu version of Apache and may not work on other Debian-based distributions. Only tested on Apache but it might work on other web servers that leak file descriptors to child processes.
302     python/meterpreter/bind_tcp                         Run a meterpreter server in Python (2.5-2.7 & 3.1-3.6). Listen for a connection
303     python/meterpreter/bind_tcp_uuid                    Run a meterpreter server in Python (2.5-2.7 & 3.1-3.6). Listen for a connection with UUID Support
304     python/meterpreter/reverse_http                     Run a meterpreter server in Python (2.5-2.7 & 3.1-3.6). Tunnel communication over HTTP
305     python/meterpreter/reverse_https                    Run a meterpreter server in Python (2.5-2.7 & 3.1-3.6). Tunnel communication over HTTP using SSL
306     python/meterpreter/reverse_tcp                      Run a meterpreter server in Python (2.5-2.7 & 3.1-3.6). Connect back to the attacker
307     python/meterpreter/reverse_tcp_ssl                  Run a meterpreter server in Python (2.5-2.7 & 3.1-3.6). Reverse Python connect back stager using SSL
308     python/meterpreter/reverse_tcp_uuid                 Run a meterpreter server in Python (2.5-2.7 & 3.1-3.6). Connect back to the attacker with UUID Support
309     python/meterpreter_bind_tcp                         Connect to the victim and spawn a Meterpreter shell
310     python/meterpreter_reverse_http                     Connect back to the attacker and spawn a Meterpreter shell
311     python/meterpreter_reverse_https                    Connect back to the attacker and spawn a Meterpreter shell
312     python/meterpreter_reverse_tcp                      Connect back to the attacker and spawn a Meterpreter shell
313     python/shell_bind_tcp                               Creates an interactive shell via python, encodes with base64 by design
314     python/shell_reverse_tcp                            Creates an interactive shell via python, encodes with base64 by design. Compatible with Python 2.3.3
315     python/shell_reverse_tcp_ssl                        Creates an interactive shell via python, uses SSL, encodes with base64 by design.
316     python/shell_reverse_udp                            Creates an interactive shell via python, encodes with base64 by design. Compatible with Python 2.3.3
317     r/shell_bind_tcp                                    Continually listen for a connection and spawn a command shell via R
318     r/shell_reverse_tcp                                 Connect back and create a command shell via R
319     ruby/shell_bind_tcp                                 Continually listen for a connection and spawn a command shell via Ruby
320     ruby/shell_bind_tcp_ipv6                            Continually listen for a connection and spawn a command shell via Ruby
321     ruby/shell_reverse_tcp                              Connect back and create a command shell via Ruby
322     ruby/shell_reverse_tcp_ssl                          Connect back and create a command shell via Ruby, uses SSL
323     solaris/sparc/shell_bind_tcp                        Listen for a connection and spawn a command shell
324     solaris/sparc/shell_find_port                       Spawn a shell on an established connection
325     solaris/sparc/shell_reverse_tcp                     Connect back to attacker and spawn a command shell
326     solaris/x86/shell_bind_tcp                          Listen for a connection and spawn a command shell
327     solaris/x86/shell_find_port                         Spawn a shell on an established connection
328     solaris/x86/shell_reverse_tcp                       Connect back to attacker and spawn a command shell
329     tty/unix/interact                                   Interacts with a TTY on an established socket connection
330     windows/adduser                                     Create a new user and add them to local administration group. Note: The specified password is checked for common complexity requirements to prevent the target machine rejecting the user for failing to meet policy requirements. Complexity check: 8-14 chars (1 UPPER, 1 lower, 1 digit/special)
331     windows/dllinject/bind_hidden_ipknock_tcp           Inject a DLL via a reflective loader. Listen for a connection. First, the port will need to be knocked from the IP defined in KHOST. This IP will work as an authentication method (you can spoof it with tools like hping). After that you could get your shellcode from any IP. The socket will appear as "closed," thus helping to hide the shellcode
332     windows/dllinject/bind_hidden_tcp                   Inject a DLL via a reflective loader. Listen for a connection from a hidden port and spawn a command shell to the allowed host.
333     windows/dllinject/bind_ipv6_tcp                     Inject a DLL via a reflective loader. Listen for an IPv6 connection (Windows x86)
334     windows/dllinject/bind_ipv6_tcp_uuid                Inject a DLL via a reflective loader. Listen for an IPv6 connection with UUID Support (Windows x86)
335     windows/dllinject/bind_named_pipe                   Inject a DLL via a reflective loader. Listen for a pipe connection (Windows x86)
336     windows/dllinject/bind_nonx_tcp                     Inject a DLL via a reflective loader. Listen for a connection (No NX)
337     windows/dllinject/bind_tcp                          Inject a DLL via a reflective loader. Listen for a connection (Windows x86)
338     windows/dllinject/bind_tcp_rc4                      Inject a DLL via a reflective loader. Listen for a connection
339     windows/dllinject/bind_tcp_uuid                     Inject a DLL via a reflective loader. Listen for a connection with UUID Support (Windows x86)
340     windows/dllinject/find_tag                          Inject a DLL via a reflective loader. Use an established connection
341     windows/dllinject/reverse_hop_http                  Inject a DLL via a reflective loader. Tunnel communication over an HTTP or HTTPS hop point. Note that you must first upload data/hop/hop.php to the PHP server you wish to use as a hop.
342     windows/dllinject/reverse_http                      Inject a DLL via a reflective loader. Tunnel communication over HTTP (Windows wininet)
343     windows/dllinject/reverse_http_proxy_pstore         Inject a DLL via a reflective loader. Tunnel communication over HTTP
344     windows/dllinject/reverse_ipv6_tcp                  Inject a DLL via a reflective loader. Connect back to the attacker over IPv6
345     windows/dllinject/reverse_nonx_tcp                  Inject a DLL via a reflective loader. Connect back to the attacker (No NX)
346     windows/dllinject/reverse_ord_tcp                   Inject a DLL via a reflective loader. Connect back to the attacker
347     windows/dllinject/reverse_tcp                       Inject a DLL via a reflective loader. Connect back to the attacker
348     windows/dllinject/reverse_tcp_allports              Inject a DLL via a reflective loader. Try to connect back to the attacker, on all possible ports (1-65535, slowly)
349     windows/dllinject/reverse_tcp_dns                   Inject a DLL via a reflective loader. Connect back to the attacker
350     windows/dllinject/reverse_tcp_rc4                   Inject a DLL via a reflective loader. Connect back to the attacker
351     windows/dllinject/reverse_tcp_rc4_dns               Inject a DLL via a reflective loader. Connect back to the attacker
352     windows/dllinject/reverse_tcp_uuid                  Inject a DLL via a reflective loader. Connect back to the attacker with UUID Support
353     windows/dllinject/reverse_udp                       Inject a DLL via a reflective loader. Connect back to the attacker with UUID Support
354     windows/dllinject/reverse_winhttp                   Inject a DLL via a reflective loader. Tunnel communication over HTTP (Windows winhttp)
355     windows/dns_txt_query_exec                          Performs a TXT query against a series of DNS record(s) and executes the returned payload
356     windows/download_exec                               Download an EXE from an HTTP(S)/FTP URL and execute it
357     windows/exec                                        Execute an arbitrary command
358     windows/format_all_drives                           This payload formats all mounted disks in Windows (aka ShellcodeOfDeath). After formatting, this payload sets the volume label to the string specified in the VOLUMELABEL option. If the code is unable to access a drive for any reason, it skips the drive and proceeds to the next volume.
359     windows/loadlibrary                                 Load an arbitrary library path
360     windows/messagebox                                  Spawns a dialog via MessageBox using a customizable title, text & icon
361     windows/meterpreter/bind_hidden_ipknock_tcp         Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Listen for a connection. First, the port will need to be knocked from the IP defined in KHOST. This IP will work as an authentication method (you can spoof it with tools like hping). After that you could get your shellcode from any IP. The socket will appear as "closed," thus helping to hide the shellcode
362     windows/meterpreter/bind_hidden_tcp                 Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Listen for a connection from a hidden port and spawn a command shell to the allowed host.
363     windows/meterpreter/bind_ipv6_tcp                   Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Listen for an IPv6 connection (Windows x86)
364     windows/meterpreter/bind_ipv6_tcp_uuid              Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Listen for an IPv6 connection with UUID Support (Windows x86)
365     windows/meterpreter/bind_named_pipe                 Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Listen for a pipe connection (Windows x86)
366     windows/meterpreter/bind_nonx_tcp                   Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Listen for a connection (No NX)
367     windows/meterpreter/bind_tcp                        Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Listen for a connection (Windows x86)
368     windows/meterpreter/bind_tcp_rc4                    Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Listen for a connection
369     windows/meterpreter/bind_tcp_uuid                   Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Listen for a connection with UUID Support (Windows x86)
370     windows/meterpreter/find_tag                        Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Use an established connection
371     windows/meterpreter/reverse_hop_http                Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Tunnel communication over an HTTP or HTTPS hop point. Note that you must first upload data/hop/hop.php to the PHP server you wish to use as a hop.
372     windows/meterpreter/reverse_http                    Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Tunnel communication over HTTP (Windows wininet)
373     windows/meterpreter/reverse_http_proxy_pstore       Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Tunnel communication over HTTP
374     windows/meterpreter/reverse_https                   Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Tunnel communication over HTTPS (Windows wininet)
375     windows/meterpreter/reverse_https_proxy             Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Tunnel communication over HTTP using SSL with custom proxy support
376     windows/meterpreter/reverse_ipv6_tcp                Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Connect back to the attacker over IPv6
377     windows/meterpreter/reverse_named_pipe              Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Connect back to the attacker via a named pipe pivot
378     windows/meterpreter/reverse_nonx_tcp                Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Connect back to the attacker (No NX)
379     windows/meterpreter/reverse_ord_tcp                 Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Connect back to the attacker
380     windows/meterpreter/reverse_tcp                     Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Connect back to the attacker
381     windows/meterpreter/reverse_tcp_allports            Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Try to connect back to the attacker, on all possible ports (1-65535, slowly)
382     windows/meterpreter/reverse_tcp_dns                 Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Connect back to the attacker
383     windows/meterpreter/reverse_tcp_rc4                 Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Connect back to the attacker
384     windows/meterpreter/reverse_tcp_rc4_dns             Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Connect back to the attacker
385     windows/meterpreter/reverse_tcp_uuid                Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Connect back to the attacker with UUID Support
386     windows/meterpreter/reverse_udp                     Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Connect back to the attacker with UUID Support
387     windows/meterpreter/reverse_winhttp                 Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Tunnel communication over HTTP (Windows winhttp)
388     windows/meterpreter/reverse_winhttps                Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Tunnel communication over HTTPS (Windows winhttp)
389     windows/meterpreter_bind_named_pipe                 Connect to victim and spawn a Meterpreter shell
390     windows/meterpreter_bind_tcp                        Connect to victim and spawn a Meterpreter shell
391     windows/meterpreter_reverse_http                    Connect back to attacker and spawn a Meterpreter shell
392     windows/meterpreter_reverse_https                   Connect back to attacker and spawn a Meterpreter shell
393     windows/meterpreter_reverse_ipv6_tcp                Connect back to attacker and spawn a Meterpreter shell
394     windows/meterpreter_reverse_tcp                     Connect back to attacker and spawn a Meterpreter shell
395     windows/metsvc_bind_tcp                             Stub payload for interacting with a Meterpreter Service
396     windows/metsvc_reverse_tcp                          Stub payload for interacting with a Meterpreter Service
397     windows/patchupdllinject/bind_hidden_ipknock_tcp    Inject a custom DLL into the exploited process. Listen for a connection. First, the port will need to be knocked from the IP defined in KHOST. This IP will work as an authentication method (you can spoof it with tools like hping). After that you could get your shellcode from any IP. The socket will appear as "closed," thus helping to hide the shellcode
398     windows/patchupdllinject/bind_hidden_tcp            Inject a custom DLL into the exploited process. Listen for a connection from a hidden port and spawn a command shell to the allowed host.
399     windows/patchupdllinject/bind_ipv6_tcp              Inject a custom DLL into the exploited process. Listen for an IPv6 connection (Windows x86)
400     windows/patchupdllinject/bind_ipv6_tcp_uuid         Inject a custom DLL into the exploited process. Listen for an IPv6 connection with UUID Support (Windows x86)
401     windows/patchupdllinject/bind_named_pipe            Inject a custom DLL into the exploited process. Listen for a pipe connection (Windows x86)
402     windows/patchupdllinject/bind_nonx_tcp              Inject a custom DLL into the exploited process. Listen for a connection (No NX)
403     windows/patchupdllinject/bind_tcp                   Inject a custom DLL into the exploited process. Listen for a connection (Windows x86)
404     windows/patchupdllinject/bind_tcp_rc4               Inject a custom DLL into the exploited process. Listen for a connection
405     windows/patchupdllinject/bind_tcp_uuid              Inject a custom DLL into the exploited process. Listen for a connection with UUID Support (Windows x86)
406     windows/patchupdllinject/find_tag                   Inject a custom DLL into the exploited process. Use an established connection
407     windows/patchupdllinject/reverse_ipv6_tcp           Inject a custom DLL into the exploited process. Connect back to the attacker over IPv6
408     windows/patchupdllinject/reverse_nonx_tcp           Inject a custom DLL into the exploited process. Connect back to the attacker (No NX)
409     windows/patchupdllinject/reverse_ord_tcp            Inject a custom DLL into the exploited process. Connect back to the attacker
410     windows/patchupdllinject/reverse_tcp                Inject a custom DLL into the exploited process. Connect back to the attacker
411     windows/patchupdllinject/reverse_tcp_allports       Inject a custom DLL into the exploited process. Try to connect back to the attacker, on all possible ports (1-65535, slowly)
412     windows/patchupdllinject/reverse_tcp_dns            Inject a custom DLL into the exploited process. Connect back to the attacker
413     windows/patchupdllinject/reverse_tcp_rc4            Inject a custom DLL into the exploited process. Connect back to the attacker
414     windows/patchupdllinject/reverse_tcp_rc4_dns        Inject a custom DLL into the exploited process. Connect back to the attacker
415     windows/patchupdllinject/reverse_tcp_uuid           Inject a custom DLL into the exploited process. Connect back to the attacker with UUID Support
416     windows/patchupdllinject/reverse_udp                Inject a custom DLL into the exploited process. Connect back to the attacker with UUID Support
417     windows/patchupmeterpreter/bind_hidden_ipknock_tcp  Inject the meterpreter server DLL (staged). Listen for a connection. First, the port will need to be knocked from the IP defined in KHOST. This IP will work as an authentication method (you can spoof it with tools like hping). After that you could get your shellcode from any IP. The socket will appear as "closed," thus helping to hide the shellcode
418     windows/patchupmeterpreter/bind_hidden_tcp          Inject the meterpreter server DLL (staged). Listen for a connection from a hidden port and spawn a command shell to the allowed host.
419     windows/patchupmeterpreter/bind_ipv6_tcp            Inject the meterpreter server DLL (staged). Listen for an IPv6 connection (Windows x86)
420     windows/patchupmeterpreter/bind_ipv6_tcp_uuid       Inject the meterpreter server DLL (staged). Listen for an IPv6 connection with UUID Support (Windows x86)
421     windows/patchupmeterpreter/bind_named_pipe          Inject the meterpreter server DLL (staged). Listen for a pipe connection (Windows x86)
422     windows/patchupmeterpreter/bind_nonx_tcp            Inject the meterpreter server DLL (staged). Listen for a connection (No NX)
423     windows/patchupmeterpreter/bind_tcp                 Inject the meterpreter server DLL (staged). Listen for a connection (Windows x86)
424     windows/patchupmeterpreter/bind_tcp_rc4             Inject the meterpreter server DLL (staged). Listen for a connection
425     windows/patchupmeterpreter/bind_tcp_uuid            Inject the meterpreter server DLL (staged). Listen for a connection with UUID Support (Windows x86)
426     windows/patchupmeterpreter/find_tag                 Inject the meterpreter server DLL (staged). Use an established connection
427     windows/patchupmeterpreter/reverse_ipv6_tcp         Inject the meterpreter server DLL (staged). Connect back to the attacker over IPv6
428     windows/patchupmeterpreter/reverse_nonx_tcp         Inject the meterpreter server DLL (staged). Connect back to the attacker (No NX)
429     windows/patchupmeterpreter/reverse_ord_tcp          Inject the meterpreter server DLL (staged). Connect back to the attacker
430     windows/patchupmeterpreter/reverse_tcp              Inject the meterpreter server DLL (staged). Connect back to the attacker
431     windows/patchupmeterpreter/reverse_tcp_allports     Inject the meterpreter server DLL (staged). Try to connect back to the attacker, on all possible ports (1-65535, slowly)
432     windows/patchupmeterpreter/reverse_tcp_dns          Inject the meterpreter server DLL (staged). Connect back to the attacker
433     windows/patchupmeterpreter/reverse_tcp_rc4          Inject the meterpreter server DLL (staged). Connect back to the attacker
434     windows/patchupmeterpreter/reverse_tcp_rc4_dns      Inject the meterpreter server DLL (staged). Connect back to the attacker
435     windows/patchupmeterpreter/reverse_tcp_uuid         Inject the meterpreter server DLL (staged). Connect back to the attacker with UUID Support
436     windows/patchupmeterpreter/reverse_udp              Inject the meterpreter server DLL (staged). Connect back to the attacker with UUID Support
437     windows/powershell_bind_tcp                         Listen for a connection and spawn an interactive powershell session
438     windows/powershell_reverse_tcp                      Listen for a connection and spawn an interactive powershell session
439     windows/shell/bind_hidden_ipknock_tcp               Spawn a piped command shell (staged). Listen for a connection. First, the port will need to be knocked from the IP defined in KHOST. This IP will work as an authentication method (you can spoof it with tools like hping). After that you could get your shellcode from any IP. The socket will appear as "closed," thus helping to hide the shellcode
440     windows/shell/bind_hidden_tcp                       Spawn a piped command shell (staged). Listen for a connection from a hidden port and spawn a command shell to the allowed host.
441     windows/shell/bind_ipv6_tcp                         Spawn a piped command shell (staged). Listen for an IPv6 connection (Windows x86)
442     windows/shell/bind_ipv6_tcp_uuid                    Spawn a piped command shell (staged). Listen for an IPv6 connection with UUID Support (Windows x86)
443     windows/shell/bind_named_pipe                       Spawn a piped command shell (staged). Listen for a pipe connection (Windows x86)
444     windows/shell/bind_nonx_tcp                         Spawn a piped command shell (staged). Listen for a connection (No NX)
445     windows/shell/bind_tcp                              Spawn a piped command shell (staged). Listen for a connection (Windows x86)
446     windows/shell/bind_tcp_rc4                          Spawn a piped command shell (staged). Listen for a connection
447     windows/shell/bind_tcp_uuid                         Spawn a piped command shell (staged). Listen for a connection with UUID Support (Windows x86)
448     windows/shell/find_tag                              Spawn a piped command shell (staged). Use an established connection
449     windows/shell/reverse_ipv6_tcp                      Spawn a piped command shell (staged). Connect back to the attacker over IPv6
450     windows/shell/reverse_nonx_tcp                      Spawn a piped command shell (staged). Connect back to the attacker (No NX)
451     windows/shell/reverse_ord_tcp                       Spawn a piped command shell (staged). Connect back to the attacker
452     windows/shell/reverse_tcp                           Spawn a piped command shell (staged). Connect back to the attacker
453     windows/shell/reverse_tcp_allports                  Spawn a piped command shell (staged). Try to connect back to the attacker, on all possible ports (1-65535, slowly)
454     windows/shell/reverse_tcp_dns                       Spawn a piped command shell (staged). Connect back to the attacker
455     windows/shell/reverse_tcp_rc4                       Spawn a piped command shell (staged). Connect back to the attacker
456     windows/shell/reverse_tcp_rc4_dns                   Spawn a piped command shell (staged). Connect back to the attacker
457     windows/shell/reverse_tcp_uuid                      Spawn a piped command shell (staged). Connect back to the attacker with UUID Support
458     windows/shell/reverse_udp                           Spawn a piped command shell (staged). Connect back to the attacker with UUID Support
459     windows/shell_bind_tcp                              Listen for a connection and spawn a command shell
460     windows/shell_bind_tcp_xpfw                         Disable the Windows ICF, then listen for a connection and spawn a command shell
461     windows/shell_hidden_bind_tcp                       Listen for a connection from certain IP and spawn a command shell. The shellcode will reply with a RST packet if the connections is not coming from the IP defined in AHOST. This way the port will appear as "closed" helping us to hide the shellcode.
462     windows/shell_reverse_tcp                           Connect back to attacker and spawn a command shell
463     windows/speak_pwned                                 Causes the target to say "You Got Pwned" via the Windows Speech API
464     windows/upexec/bind_hidden_ipknock_tcp              Uploads an executable and runs it (staged). Listen for a connection. First, the port will need to be knocked from the IP defined in KHOST. This IP will work as an authentication method (you can spoof it with tools like hping). After that you could get your shellcode from any IP. The socket will appear as "closed," thus helping to hide the shellcode
465     windows/upexec/bind_hidden_tcp                      Uploads an executable and runs it (staged). Listen for a connection from a hidden port and spawn a command shell to the allowed host.
466     windows/upexec/bind_ipv6_tcp                        Uploads an executable and runs it (staged). Listen for an IPv6 connection (Windows x86)
467     windows/upexec/bind_ipv6_tcp_uuid                   Uploads an executable and runs it (staged). Listen for an IPv6 connection with UUID Support (Windows x86)
468     windows/upexec/bind_named_pipe                      Uploads an executable and runs it (staged). Listen for a pipe connection (Windows x86)
469     windows/upexec/bind_nonx_tcp                        Uploads an executable and runs it (staged). Listen for a connection (No NX)
470     windows/upexec/bind_tcp                             Uploads an executable and runs it (staged). Listen for a connection (Windows x86)
471     windows/upexec/bind_tcp_rc4                         Uploads an executable and runs it (staged). Listen for a connection
472     windows/upexec/bind_tcp_uuid                        Uploads an executable and runs it (staged). Listen for a connection with UUID Support (Windows x86)
473     windows/upexec/find_tag                             Uploads an executable and runs it (staged). Use an established connection
474     windows/upexec/reverse_ipv6_tcp                     Uploads an executable and runs it (staged). Connect back to the attacker over IPv6
475     windows/upexec/reverse_nonx_tcp                     Uploads an executable and runs it (staged). Connect back to the attacker (No NX)
476     windows/upexec/reverse_ord_tcp                      Uploads an executable and runs it (staged). Connect back to the attacker
477     windows/upexec/reverse_tcp                          Uploads an executable and runs it (staged). Connect back to the attacker
478     windows/upexec/reverse_tcp_allports                 Uploads an executable and runs it (staged). Try to connect back to the attacker, on all possible ports (1-65535, slowly)
479     windows/upexec/reverse_tcp_dns                      Uploads an executable and runs it (staged). Connect back to the attacker
480     windows/upexec/reverse_tcp_rc4                      Uploads an executable and runs it (staged). Connect back to the attacker
481     windows/upexec/reverse_tcp_rc4_dns                  Uploads an executable and runs it (staged). Connect back to the attacker
482     windows/upexec/reverse_tcp_uuid                     Uploads an executable and runs it (staged). Connect back to the attacker with UUID Support
483     windows/upexec/reverse_udp                          Uploads an executable and runs it (staged). Connect back to the attacker with UUID Support
484     windows/vncinject/bind_hidden_ipknock_tcp           Inject a VNC Dll via a reflective loader (staged). Listen for a connection. First, the port will need to be knocked from the IP defined in KHOST. This IP will work as an authentication method (you can spoof it with tools like hping). After that you could get your shellcode from any IP. The socket will appear as "closed," thus helping to hide the shellcode
485     windows/vncinject/bind_hidden_tcp                   Inject a VNC Dll via a reflective loader (staged). Listen for a connection from a hidden port and spawn a command shell to the allowed host.
486     windows/vncinject/bind_ipv6_tcp                     Inject a VNC Dll via a reflective loader (staged). Listen for an IPv6 connection (Windows x86)
487     windows/vncinject/bind_ipv6_tcp_uuid                Inject a VNC Dll via a reflective loader (staged). Listen for an IPv6 connection with UUID Support (Windows x86)
488     windows/vncinject/bind_named_pipe                   Inject a VNC Dll via a reflective loader (staged). Listen for a pipe connection (Windows x86)
489     windows/vncinject/bind_nonx_tcp                     Inject a VNC Dll via a reflective loader (staged). Listen for a connection (No NX)
490     windows/vncinject/bind_tcp                          Inject a VNC Dll via a reflective loader (staged). Listen for a connection (Windows x86)
491     windows/vncinject/bind_tcp_rc4                      Inject a VNC Dll via a reflective loader (staged). Listen for a connection
492     windows/vncinject/bind_tcp_uuid                     Inject a VNC Dll via a reflective loader (staged). Listen for a connection with UUID Support (Windows x86)
493     windows/vncinject/find_tag                          Inject a VNC Dll via a reflective loader (staged). Use an established connection
494     windows/vncinject/reverse_hop_http                  Inject a VNC Dll via a reflective loader (staged). Tunnel communication over an HTTP or HTTPS hop point. Note that you must first upload data/hop/hop.php to the PHP server you wish to use as a hop.
495     windows/vncinject/reverse_http                      Inject a VNC Dll via a reflective loader (staged). Tunnel communication over HTTP (Windows wininet)
496     windows/vncinject/reverse_http_proxy_pstore         Inject a VNC Dll via a reflective loader (staged). Tunnel communication over HTTP
497     windows/vncinject/reverse_ipv6_tcp                  Inject a VNC Dll via a reflective loader (staged). Connect back to the attacker over IPv6
498     windows/vncinject/reverse_nonx_tcp                  Inject a VNC Dll via a reflective loader (staged). Connect back to the attacker (No NX)
499     windows/vncinject/reverse_ord_tcp                   Inject a VNC Dll via a reflective loader (staged). Connect back to the attacker
500     windows/vncinject/reverse_tcp                       Inject a VNC Dll via a reflective loader (staged). Connect back to the attacker
501     windows/vncinject/reverse_tcp_allports              Inject a VNC Dll via a reflective loader (staged). Try to connect back to the attacker, on all possible ports (1-65535, slowly)
502     windows/vncinject/reverse_tcp_dns                   Inject a VNC Dll via a reflective loader (staged). Connect back to the attacker
503     windows/vncinject/reverse_tcp_rc4                   Inject a VNC Dll via a reflective loader (staged). Connect back to the attacker
504     windows/vncinject/reverse_tcp_rc4_dns               Inject a VNC Dll via a reflective loader (staged). Connect back to the attacker
505     windows/vncinject/reverse_tcp_uuid                  Inject a VNC Dll via a reflective loader (staged). Connect back to the attacker with UUID Support
506     windows/vncinject/reverse_udp                       Inject a VNC Dll via a reflective loader (staged). Connect back to the attacker with UUID Support
507     windows/vncinject/reverse_winhttp                   Inject a VNC Dll via a reflective loader (staged). Tunnel communication over HTTP (Windows winhttp)
508     windows/x64/exec                                    Execute an arbitrary command (Windows x64)
509     windows/x64/loadlibrary                             Load an arbitrary x64 library path
510     windows/x64/messagebox                              Spawn a dialog via MessageBox using a customizable title, text & icon
511     windows/x64/meterpreter/bind_ipv6_tcp               Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged x64). Listen for an IPv6 connection (Windows x64)
512     windows/x64/meterpreter/bind_ipv6_tcp_uuid          Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged x64). Listen for an IPv6 connection with UUID Support (Windows x64)
513     windows/x64/meterpreter/bind_named_pipe             Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged x64). Listen for a pipe connection (Windows x64)
514     windows/x64/meterpreter/bind_tcp                    Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged x64). Listen for a connection (Windows x64)
515     windows/x64/meterpreter/bind_tcp_uuid               Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged x64). Listen for a connection with UUID Support (Windows x64)
516     windows/x64/meterpreter/reverse_http                Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged x64). Tunnel communication over HTTP (Windows x64 wininet)
517     windows/x64/meterpreter/reverse_https               Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged x64). Tunnel communication over HTTP (Windows x64 wininet)
518     windows/x64/meterpreter/reverse_named_pipe          Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged x64). Connect back to the attacker via a named pipe pivot
519     windows/x64/meterpreter/reverse_tcp                 Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged x64). Connect back to the attacker (Windows x64)
520     windows/x64/meterpreter/reverse_tcp_rc4             Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged x64). Connect back to the attacker
521     windows/x64/meterpreter/reverse_tcp_uuid            Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged x64). Connect back to the attacker with UUID Support (Windows x64)
522     windows/x64/meterpreter/reverse_winhttp             Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged x64). Tunnel communication over HTTP (Windows x64 winhttp)
523     windows/x64/meterpreter/reverse_winhttps            Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged x64). Tunnel communication over HTTPS (Windows x64 winhttp)
524     windows/x64/meterpreter_bind_named_pipe             Connect to victim and spawn a Meterpreter shell
525     windows/x64/meterpreter_bind_tcp                    Connect to victim and spawn a Meterpreter shell
526     windows/x64/meterpreter_reverse_http                Connect back to attacker and spawn a Meterpreter shell
527     windows/x64/meterpreter_reverse_https               Connect back to attacker and spawn a Meterpreter shell
528     windows/x64/meterpreter_reverse_ipv6_tcp            Connect back to attacker and spawn a Meterpreter shell
529     windows/x64/meterpreter_reverse_tcp                 Connect back to attacker and spawn a Meterpreter shell
530     windows/x64/powershell_bind_tcp                     Listen for a connection and spawn an interactive powershell session
531     windows/x64/powershell_reverse_tcp                  Listen for a connection and spawn an interactive powershell session
532     windows/x64/shell/bind_ipv6_tcp                     Spawn a piped command shell (Windows x64) (staged). Listen for an IPv6 connection (Windows x64)
533     windows/x64/shell/bind_ipv6_tcp_uuid                Spawn a piped command shell (Windows x64) (staged). Listen for an IPv6 connection with UUID Support (Windows x64)
534     windows/x64/shell/bind_named_pipe                   Spawn a piped command shell (Windows x64) (staged). Listen for a pipe connection (Windows x64)
535     windows/x64/shell/bind_tcp                          Spawn a piped command shell (Windows x64) (staged). Listen for a connection (Windows x64)
536     windows/x64/shell/bind_tcp_uuid                     Spawn a piped command shell (Windows x64) (staged). Listen for a connection with UUID Support (Windows x64)
537     windows/x64/shell/reverse_tcp                       Spawn a piped command shell (Windows x64) (staged). Connect back to the attacker (Windows x64)
538     windows/x64/shell/reverse_tcp_rc4                   Spawn a piped command shell (Windows x64) (staged). Connect back to the attacker
539     windows/x64/shell/reverse_tcp_uuid                  Spawn a piped command shell (Windows x64) (staged). Connect back to the attacker with UUID Support (Windows x64)
540     windows/x64/shell_bind_tcp                          Listen for a connection and spawn a command shell (Windows x64)
541     windows/x64/shell_reverse_tcp                       Connect back to attacker and spawn a command shell (Windows x64)
542     windows/x64/vncinject/bind_ipv6_tcp                 Inject a VNC Dll via a reflective loader (Windows x64) (staged). Listen for an IPv6 connection (Windows x64)
543     windows/x64/vncinject/bind_ipv6_tcp_uuid            Inject a VNC Dll via a reflective loader (Windows x64) (staged). Listen for an IPv6 connection with UUID Support (Windows x64)
544     windows/x64/vncinject/bind_named_pipe               Inject a VNC Dll via a reflective loader (Windows x64) (staged). Listen for a pipe connection (Windows x64)
545     windows/x64/vncinject/bind_tcp                      Inject a VNC Dll via a reflective loader (Windows x64) (staged). Listen for a connection (Windows x64)
546     windows/x64/vncinject/bind_tcp_uuid                 Inject a VNC Dll via a reflective loader (Windows x64) (staged). Listen for a connection with UUID Support (Windows x64)
547     windows/x64/vncinject/reverse_http                  Inject a VNC Dll via a reflective loader (Windows x64) (staged). Tunnel communication over HTTP (Windows x64 wininet)
548     windows/x64/vncinject/reverse_https                 Inject a VNC Dll via a reflective loader (Windows x64) (staged). Tunnel communication over HTTP (Windows x64 wininet)
549     windows/x64/vncinject/reverse_tcp                   Inject a VNC Dll via a reflective loader (Windows x64) (staged). Connect back to the attacker (Windows x64)
550     windows/x64/vncinject/reverse_tcp_rc4               Inject a VNC Dll via a reflective loader (Windows x64) (staged). Connect back to the attacker
551     windows/x64/vncinject/reverse_tcp_uuid              Inject a VNC Dll via a reflective loader (Windows x64) (staged). Connect back to the attacker with UUID Support (Windows x64)
552     windows/x64/vncinject/reverse_winhttp               Inject a VNC Dll via a reflective loader (Windows x64) (staged). Tunnel communication over HTTP (Windows x64 winhttp)
553     windows/x64/vncinject/reverse_winhttps              Inject a VNC Dll via a reflective loader (Windows x64) (staged). Tunnel communication over HTTPS (Windows x64 winhttp)