Good-bye msfpayload and msfencode

Viewing 1 reply thread
  • Author
    • #8765

      A heads up for for those that may not be aware, msfpayload and msfencode are being deprecated in favour of msfvenom.

      @Wei Chen wrote:

      Greetings all,

      On behalf of the Metasploit’s development teams, I’d like to officially announce the decision of deprecating msfpayload and msfencode. Also starting today, we no longer support or accept patches for these two utilities. On June 8th 2015, the elderly msfpayload and msfencode will retire from the Metasploit repository, and replaced by their successor msfvenom. The tool msfvenom is the combination of msfpayload and msfencode, and has been in testing for more than 3.5 years.

      msfpayload and msfencode have been in service to the hacking community for almost 10 years. What’s really remarkable about them is that and they’ve been playing a big part in the success of computer hacking on almost every level, offense or defense. As an experienced penetration tester, sometimes maybe you don’t necessarily know all the exploits out there publicly, maybe you don’t even care because you’re such a honey badger, but I’m pretty sure you would be more than happy to bring a modified executable generated by msfpayload for an on-site gig just in case. If you’re just feeling nerdy all the way, you probably “concealed-carry” a msfpayload-generated file on your USB keychain at all times, too. If you’re an exploit writer, for fun or profit, even if you don’t really write Metasploit modules, you probably have used msfpayload to create something for you. If you’re just a security enthusiast, maybe you’ve even used msfpayload to impress your friends. Both msfpayload and msfencode have also had their share in the education and entertainment industry, including: books, on-line tutorials, talks at security conferences, trainings, live interviews, Youtube, etc. I can spend my entire blog talking about how people use these tools if you let me. But if you have a cool hacking story done with mostly just msfpayload, please do share in the comment section below.

      The second remarkable thing about msfpayload and msfencode is the people behind them. Since 2005, the tools have been fixed, improved, maintained, and documented by the open source security community. Each person has sacrificed their weekends, holidays, quality time with their friends and family to make sure the tools remain working properly. It has not been always easy, and most importantly no contributors have ever asked anything in return. If you ever run into one of these Metasploit people at a conference, make sure to buy them a drink.

      As we begin the final six-month journey, we’d like to encourage you to use the time to become familiar with msfvenom. If you are a tool developer that relies on msfpayload or msfencode, now is a good time to starting making that migration. If you’re a trainer, please update your course materials.


    • #54044

      Thanks for the reporting. I first used them while in my GPEN course this year, I’m excited to try my hand with venom.

Viewing 1 reply thread
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.


Sign in with Caendra

Forgot password?Sign up

Forgot your details?