msfvenom

root@promote:~# msfvenom -hMsfVenom - a Metasploit standalone payload generator.Also a replacement for msfpayload and msfencode.Usage: /usr/bin/msfvenom [options] <var=val>Options:    -p, --payload       <payload>    Payload to use. Specify a '-' or stdin to use custom payloads    指定使用的payload        --payload-options            List the payload's standard options    -l, --list          [type]       List a module type. Options are: payloads, encoders, nops, all    查看所有可用的资源    -n, --nopsled       <length>     Prepend a nopsled of [length] size on to the payload    为payload预定一个NOP滑动长度    -f, --format        <format>     Output format (use --help-formats for a list)        --help-formats               List available formats    指定payload输出格式    -e, --encoder       <encoder>    The encoder to use    指定使用的编码器    -a, --arch          <arch>       The architecture to use        指定payload的目标架构        --platform      <platform>   The platform of the payload        指定payload的目标平台    -s, --space         <length>     The maximum size of the resulting payload        指定攻击载荷的最大长度        --encoder-space <length>     The maximum size of the encoded payload (defaults to the -s value)    -b, --bad-chars     <list>       The list of characters to avoid example: '\x00\xff'    规避的字符集    -i, --iterations    <count>      The number of times to encode the payload    指定payload的编码次数    -c, --add-code      <path>       Specify an additional win32 shellcode file to include    指定附加的win32 shellcode文件    -x, --template      <path>       Specify a custom executable file to use as a template    指定一个自定义的可执行文件为模板    -k, --keep                       Preserve the template behavior and inject the payload as a new thread    -o, --out           <path>       Save the payload    保存payload    -v, --var-name      <name>       Specify a custom variable name to use for certain output formats        --smallest                   Generate the smallest possible payload        最小化生成shellcode    -h, --help                       Show this messageroot@promote:~# 

查看payload具体参数
msfvenom -p windows/meterpreter/bind_tcp –payload-options
如果msf生成的shellcode不能运行 可以生成c代码然后自己编译。