#compdef msfvenom # ------------------------------------------------------------------------------ # License # ------- # This file is part of the Metasploit Framework and is released under the MSF # License, please see the COPYING file for more details. # # ------------------------------------------------------------------------------ # Description # ----------- # # Completion script for the Metasploit Framework's msfvenom command # (http://www.metasploit.com/). # # ------------------------------------------------------------------------------ # Authors # ------- # # * Spencer McIntyre # # ------------------------------------------------------------------------------ _msfvenom_archs_list=( 'aarch64' 'armbe' 'armle' 'cbea' 'cbea64' 'cmd' 'dalvik' 'firefox' 'java' 'mips' 'mips64' 'mips64le' 'mipsbe' 'mipsle' 'nodejs' 'php' 'ppc' 'ppc64' 'ppc64le' 'ppce500v2' 'python' 'r' 'ruby' 'sparc' 'sparc64' 'tty' 'x64' 'x86' 'x86_64' 'zarch' ) _msfvenom_arch() { _describe -t archs 'available archs' _msfvenom_archs_list || compadd "$@" } _msfvenom_encoders_list=( 'cmd/brace' 'cmd/echo' 'cmd/generic_sh' 'cmd/ifs' 'cmd/perl' 'cmd/powershell_base64' 'cmd/printf_php_mq' 'generic/eicar' 'generic/none' 'mipsbe/byte_xori' 'mipsbe/longxor' 'mipsle/byte_xori' 'mipsle/longxor' 'php/base64' 'ppc/longxor' 'ppc/longxor_tag' 'ruby/base64' 'sparc/longxor_tag' 'x64/xor' 'x64/xor_context' 'x64/xor_dynamic' 'x64/zutto_dekiru' 'x86/add_sub' 'x86/alpha_mixed' 'x86/alpha_upper' 'x86/avoid_underscore_tolower' 'x86/avoid_utf8_tolower' 'x86/bloxor' 'x86/bmp_polyglot' 'x86/call4_dword_xor' 'x86/context_cpuid' 'x86/context_stat' 'x86/context_time' 'x86/countdown' 'x86/fnstenv_mov' 'x86/jmp_call_additive' 'x86/nonalpha' 'x86/nonupper' 'x86/opt_sub' 'x86/service' 'x86/shikata_ga_nai' 'x86/single_static_bit' 'x86/unicode_mixed' 'x86/unicode_upper' 'x86/xor_dynamic' ) _msfvenom_encoder() { _describe -t encoders 'available encoders' _msfvenom_encoders_list || compadd "$@" } _msfvenom_formats_list=( # Executable formats 'asp' 'aspx' 'aspx-exe' 'axis2' 'dll' 'elf' 'elf-so' 'exe' 'exe-only' 'exe-service' 'exe-small' 'hta-psh' 'jar' 'jsp' 'loop-vbs' 'macho' 'msi' 'msi-nouac' 'osx-app' 'psh' 'psh-cmd' 'psh-net' 'psh-reflection' 'vba' 'vba-exe' 'vba-psh' 'vbs' 'war' # Transform formats 'bash' 'c' 'csharp' 'dw' 'dword' 'hex' 'java' 'js_be' 'js_le' 'num' 'perl' 'pl' 'powershell' 'ps1' 'py' 'python' 'raw' 'rb' 'ruby' 'sh' 'vbapplication' 'vbscript' ) _msfvenom_format() { _describe -t formats 'available formats' _msfvenom_formats_list || compadd "$@" } _msfvenom_platforms_list=( 'aix' 'android' 'apple_ios' 'brocade' 'bsd' 'bsdi' 'cisco' 'firefox' 'freebsd' 'hardware' 'hpux' 'irix' 'java' 'javascript' 'juniper' 'linux' 'mainframe' 'multi' 'netbsd' 'netware' 'nodejs' 'openbsd' 'osx' 'php' 'python' 'r' 'ruby' 'solaris' 'unifi' 'unix' 'unknown' 'windows' ) _msfvenom_platform() { _describe -t platforms 'available platforms' _msfvenom_platforms_list || compadd "$@" } local -a _msfvenom_payload_list if [ -f "$HOME/.local/cache/msfvenom/payloads.txt" ]; then while read line; do _msfvenom_payload_list+=("$line") done < "$HOME/.local/cache/msfvenom/payloads.txt" fi _msfvenom_payload() { if [ ${#_msfvenom_payload_list[@]} -ne 0 ]; then _describe -t payloads 'available payloads' _msfvenom_payload_list || compadd "$@" else _message -r "You need to pre-populate the payload cache, run the following commands:" _message -r "" _message -r "mkdir -p \$HOME/.local/cache/msfvenom/" _message -r "msfvenom --list payloads 2> /dev/null | tail -n +5 | sed '2d' | awk -F ' +' '{print \$2 \":\" \$3}' > \$HOME/.local/cache/msfvenom/payloads.txt" fi } _arguments \ "--smallest[Generate the smallest possible payload using all available encoders]" \ "--sec-name[The new section name to use when generating large Windows binaries. Default: random 4-character alpha string]" \ "--encoder-space[The maximum size of the encoded payload (defaults to the -s value)]:length" \ "--encrypt[The type of encryption or encoding to apply to the shellcode]:value" \ "--encrypt-key[A key to be used for --encrypt]:value" \ "--encrypt-iv[An initialization vector for --encrypt]:value" \ "--list-options[List --payload 's standard, advanced and evasion options]" \ "--pad-nops[Use nopsled size specified by -n \ as the total payload size, auto-prepending a nopsled of quantity (nops minus payload length)]" \ "--platform[The platform for --payload (use --list platforms to list)]:target platform:_msfvenom_platform" \ {-a,--arch}"[The architecture to use for --payload and --encoders (use --list archs to list)]:architecture:_msfvenom_archs" \ {-b,--bad-chars}"[Characters to avoid example: '\x00\xff']:bad characters" \ {-c,--add-code}"[Specify an additional win32 shellcode file to include]:shellcode file:_files" \ {-e,--encoder}"[The encoder to use (use --list encoders to list)]:encoder:_msfvenom_encoder" \ {-f,--format}"[Output format (use --list formats to list)]:output format:_msfvenom_formats" \ {-h,--help}"[Show the help banner]" \ {-i,--iterations}"[The number of times to encode the payload]:iterations" \ {-k,--keep}"[Preserve the --template behavior and inject the payload as a new thread]" \ {-l,--list}"[List all modules for \[type\]]:module type:(payloads encoders nops platforms archs encrypt formats all)" \ {-n,--nopsled}"[Prepend a nopsled of \[length\] size on to the payload]:nopsled length" \ {-o,--out}"[Save the payload to a file]:output file:_files" \ {-p,--payload}"[Payload to use (--list payloads to list, --list-options for arguments). Specify '-' or STDIN for custom]:target payload:_msfvenom_payload" \ {-s,--space}"[The maximum size of the resulting payload]:length" \ {-t,--timeout}"[The number of seconds to wait when reading the payload from STDIN (default 30, 0 to disable)]:second" \ {-v,--var-name}"[Specify a custom variable name to use for certain output formats]:value" \ {-x,--template}"[Specify a custom executable file to use as a template]:template file:_files"