Msfvenom no longer works

[Dramelac]

Steps to reproduce

• I used a source install, from the official repo on master branch
  • git clone [...]
• Used rvm to setup a ruby env match the .ruby-version
  • rvm install ruby-3.1.5
  • rvm use 3.1.5@metasploit --create

Ruby version of my shell:

$ ruby -v
ruby 3.1.5p252 (2024-04-23 revision 1945f8dc0e) [x86_64-linux]

• Then install dependencies bundler and the dependancies:
  • gem install bundler
  • bundle install

So far everything work and i can successfully run msfconsole:

$ ./msfconsole --version
Calling `DidYouMean::SPELL_CHECKERS.merge!(error_name => spell_checker)' has been deprecated. Please call `DidYouMean.correct_error(error_name, spell_checker)' instead.
Framework Version: 6.4.22-dev-233f6dc4d2

But when trying to run msvenom, i receive this error:

$ ./msfvenom --list platforms
Error: No options
MsfVenom - a Metasploit standalone payload generator.
Also a replacement for msfpayload and msfencode.
Usage: ./msfvenom [options] <var=val>
Example: ./msfvenom -p windows/meterpreter/reverse_tcp LHOST=<IP> -f exe -o payload.exe

Options:
    -l, --list            <type>     List all modules for [type]. Types are: payloads, encoders, nops, platforms, archs, encrypt, formats, all
    -p, --payload         <payload>  Payload to use (--list payloads to list, --list-options for arguments). Specify '-' or STDIN for custom
        --list-options               List --payload <value>'s standard, advanced and evasion options
    -f, --format          <format>   Output format (use --list formats to list)
    -e, --encoder         <encoder>  The encoder to use (use --list encoders to list)
        --service-name    <value>    The service name to use when generating a service binary
        --sec-name        <value>    The new section name to use when generating large Windows binaries. Default: random 4-character alpha string
        --smallest                   Generate the smallest possible payload using all available encoders
        --encrypt         <value>    The type of encryption or encoding to apply to the shellcode (use --list encrypt to list)
        --encrypt-key     <value>    A key to be used for --encrypt
        --encrypt-iv      <value>    An initialization vector for --encrypt
    -a, --arch            <arch>     The architecture to use for --payload and --encoders (use --list archs to list)
        --platform        <platform> The platform for --payload (use --list platforms to list)
    -o, --out             <path>     Save the payload to a file
    -b, --bad-chars       <list>     Characters to avoid example: '\x00\xff'
    -n, --nopsled         <length>   Prepend a nopsled of [length] size on to the payload
        --pad-nops                   Use nopsled size specified by -n <length> as the total payload size, auto-prepending a nopsled of quantity (nops minus payload length)
    -s, --space           <length>   The maximum size of the resulting payload
        --encoder-space   <length>   The maximum size of the encoded payload (defaults to the -s value)
    -i, --iterations      <count>    The number of times to encode the payload
    -c, --add-code        <path>     Specify an additional win32 shellcode file to include
    -x, --template        <path>     Specify a custom executable file to use as a template
    -k, --keep                       Preserve the --template behaviour and inject the payload as a new thread
    -v, --var-name        <value>    Specify a custom variable name to use for certain output formats
    -t, --timeout         <second>   The number of seconds to wait when reading the payload from STDIN (default 30, 0 to disable)
    -h, --help                       Show this message

Were you following a specific guide/tutorial or reading documentation?

I followed this doc: https://docs.metasploit.com/docs/development/get-started/setting-up-a-metasploit-development-environment.html#install-ruby Just used rvm to manage the current ruby environment.

Expected behavior

msfvenom should parse the arguments and run (listing platforms with my example)

Current behavior

An error message, unable to parse options and printing the help message.

Metasploit version

233f6dc4d284e80102db84d972511ab9641234d6 (HEAD -> master, origin/master, origin/HEAD) Bump version of framework to 6.4.22

Additional Information

I tried using previous 'known' working version of metasploit by checkout to older tags but i got the same outcome. The error might come from a new version of a dependencies breaking the tools.

Thanks for the help !

[smcintyre-r7]

I can't reproduce this. I'm using the exact same version of Ruby and framework.

  : metasploit-framework:(HEAD17:08:59 fedora-vm ~-msf ruby -v
ruby 3.1.5p252 (2024-04-23 revision 1945f8dc0e) [x86_64-linux]
  : metasploit-framework:(HEAD17:09:30 fedora-vm ~-msf ./msfconsole --version
Calling `DidYouMean::SPELL_CHECKERS.merge!(error_name => spell_checker)' has been deprecated. Please call `DidYouMean.correct_error(error_name, spell_checker)' instead.
Framework Version: 6.4.22-dev-233f6dc4d2
  : metasploit-framework:(HEAD17:09:37 fedora-vm ~-msf ./msfvenom --list platforms
Calling `DidYouMean::SPELL_CHECKERS.merge!(error_name => spell_checker)' has been deprecated. Please call `DidYouMean.correct_error(error_name, spell_checker)' instead.

Framework Platforms [--platform <value>]
========================================

    Name
    ----
    aix
    android
    apple_ios
    arista
    brocade
    bsd
    bsdi
    cisco
    firefox
    freebsd
    hardware
    hpux
    irix
    java
    javascript
    juniper
    linux
    mainframe
    mikrotik
    multi
    netbsd
    netware
    nodejs
    openbsd
    osx
    php
    python
    r
    ruby
    solaris
    unifi
    unix
    unknown
    windows

  : metasploit-framework:(HEAD17:09:40 fedora-vm ~-msf 

Is the msfvenom file you're executing the script that we ship or is it some kind of custom wrapper?

[Dramelac]

I use the repository script directly.

I tried with a new debian 12 container and no problem either, it must be coming from my environment but I don't see what / why...

What's weird is that msfconsole works so the current env and dependencies should be fine but not with msfvenom.

Does msfvenom handle dependencies differently from msfconsole now?

[jvoisin]

I can reproduce the issue here, with rbenv using ruby 5.1.3, latest metasploit version from git:

$ ruby -v
ruby 3.1.5p252 (2024-04-23 revision 1945f8dc0e) [aarch64-linux]
$ ./msfconsole --version
Framework Version: 6.4.28-dev-2305fc4e9c
$ ./msfvenom -l pouet
Invalid type (pouet). These are valid: payloads, encoders, nops, platforms, archs, encrypt, formats, all
$ ./msfvenom --list platforms
Error: No options
MsfVenom - a Metasploit standalone payload generator.
Also a replacement for msfpayload and msfencode.
Usage: ./msfvenom [options] <var=val>
Example: ./msfvenom -p windows/meterpreter/reverse_tcp LHOST=<IP> -f exe -o payload.exe

Options:
    -l, --list            <type>     List all modules for [type]. Types are: payloads, encoders, nops, platforms, archs, encrypt, formats, all
    -p, --payload         <payload>  Payload to use (--list payloads to list, --list-options for arguments). Specify '-' or STDIN for custom
        --list-options               List --payload <value>'s standard, advanced and evasion options
    -f, --format          <format>   Output format (use --list formats to list)
    -e, --encoder         <encoder>  The encoder to use (use --list encoders to list)
        --service-name    <value>    The service name to use when generating a service binary
        --sec-name        <value>    The new section name to use when generating large Windows binaries. Default: random 4-character alpha string
        --smallest                   Generate the smallest possible payload using all available encoders
        --encrypt         <value>    The type of encryption or encoding to apply to the shellcode (use --list encrypt to list)
        --encrypt-key     <value>    A key to be used for --encrypt
        --encrypt-iv      <value>    An initialization vector for --encrypt
    -a, --arch            <arch>     The architecture to use for --payload and --encoders (use --list archs to list)
        --platform        <platform> The platform for --payload (use --list platforms to list)
    -o, --out             <path>     Save the payload to a file
    -b, --bad-chars       <list>     Characters to avoid example: '\x00\xff'
    -n, --nopsled         <length>   Prepend a nopsled of [length] size on to the payload
        --pad-nops                   Use nopsled size specified by -n <length> as the total payload size, auto-prepending a nopsled of quantity (nops minus payload length)
    -s, --space           <length>   The maximum size of the resulting payload
        --encoder-space   <length>   The maximum size of the encoded payload (defaults to the -s value)
    -i, --iterations      <count>    The number of times to encode the payload
    -c, --add-code        <path>     Specify an additional win32 shellcode file to include
    -x, --template        <path>     Specify a custom executable file to use as a template
    -k, --keep                       Preserve the --template behaviour and inject the payload as a new thread
    -v, --var-name        <value>    Specify a custom variable name to use for certain output formats
    -t, --timeout         <second>   The number of seconds to wait when reading the payload from STDIN (default 30, 0 to disable)
    -h, --help                       Show this message
[1]
$

Interestingly, ./msfvenom -h works, and so does ./msfvenom -s 1

[jvoisin]

Prefixing the command with bundle exec fixes the issue.

[Dramelac]

Thank you @jvoisin , indeed using bundle exec fix the issue for me too thank you very much ! I don't know if it's somewhere an error in the project to be dependent on bundle exec or not so I let the maintainer decide if this issue should stay open or can be closed :)

[github-actions[bot]]

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

[github-actions[bot]]

Hi again!

It’s been 60 days since anything happened on this issue, so we are going to close it. Please keep in mind that I’m only a robot, so if I’ve closed this issue in error please feel free to reopen this issue or create a new one if you need anything else.

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

[xCEVre]

up ?

[billythegoat356]

any good fix? this is kind of a dirty workaround

[billythegoat356]

found a fix

nano msfvenom

then add

require 'bundler/setup'

at the top

[isaac-app-dev]

found a fix

nano msfvenom then add

require 'bundler/setup'

at the top

In addition

ENV['BUNDLE_GEMFILE'] ||= File.expand_path('Gemfile', __dir__)
require 'bundler/setup'

The first line will set the BUNDLE_GEMFILE environment variable for the msfvenom ruby process. This will allow msfvenom to be run outside the metasploit-framework directory.

[Dramelac]

Hello @jvoisin

Although the quick fix with bundle exec works, wouldn't it be a good idea to reopen the issue to implement the correct fix from @isaac-app-dev comment ?

Thank you !

[jvoisin]

Feel free to open a pull-request :)