Skip to content

API: Payloads

This guide explains how to manage payloads using the API.

List Payload Plugins

Retrieve all available payload plugins:

1
2
GET /api/v1/plugins/payloads HTTP/1.1
Authorization: Bearer {JWT_TOKEN}

List Payload Templates

Get a list of supported payload templates:

1
2
GET /api/v1/payloads/templates HTTP/1.1
Authorization: Bearer {JWT_TOKEN}

Create a New Payload

Create a new payload by supplying the payload template ID, configuration, listener ID, and whether internal encryption is enabled. (Note: internal encryption is separate from external encryption like HTTPS.)

JSON request:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
POST /api/v1/payloads HTTP/1.1
Authorization: Bearer {JWT_TOKEN}
Content-Type: application/json

{
  "payloadTemplateId": "PAYLOAD_TEMPLATE_ID",
  "name": "OPTIONAL_PAYLOAD_NAME",
  "configuration": {PAYLOAD_CONFIGURATION},
  "configurationFiles": [],
  "listenerId": 1,
  "encrypted": true
}

Multipart request (when the payload configuration uses uploaded files, such as certificateFile):

1
2
3
4
5
6
POST /api/v1/payloads HTTP/1.1
Authorization: Bearer {JWT_TOKEN}
Content-Type: multipart/form-data

requestBody: {"payloadTemplateId": "PAYLOAD_TEMPLATE_ID", "name": "OPTIONAL_PAYLOAD_NAME", "configuration": {PAYLOAD_CONFIGURATION}, "configurationFiles": [], "listenerId": 1, "encrypted": true}
{FILE_FIELD_NAME}: <binary file content>

For commercial payload signing, send the certificate as a file part named certificateFile.

Examples

Example 1 – Windows X86 Debug Executable Payload

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
POST /api/v1/payloads HTTP/1.1
Authorization: Bearer {JWT_TOKEN}
Content-Type: application/json

{
  "payloadTemplateId": "shelldot.payload.windows-x86",
  "configuration": {
    "type": "DEBUG_EXECUTABLE",
    "initialWait": 0,
    "paddingSize": 0
  },
  "listenerId": 1,
  "encrypted": false
}

Example 2 – Windows X64 DLL Payload

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
POST /api/v1/payloads HTTP/1.1
Authorization: Bearer {JWT_TOKEN}
Content-Type: application/json

{
  "payloadTemplateId": "shelldot.payload.windows-x64",
  "configuration": {
    "type": "DLL",
    "dllMethodName": "skippy"
  },
  "listenerId": 1,
  "encrypted": true
}

List All Payloads

Retrieve a list of all created payloads:

1
2
GET /api/v1/payloads HTTP/1.1
Authorization: Bearer {JWT_TOKEN}

Archived and unavailable payloads are hidden by default. Include them with:

1
2
GET /api/v1/payloads?includeNonActive=true HTTP/1.1
Authorization: Bearer {JWT_TOKEN}

View Payload Details

Fetch detailed information about a specific payload using its ID:

1
2
GET /api/v1/payloads/{PAYLOAD_ID} HTTP/1.1
Authorization: Bearer {JWT_TOKEN}

Download a Payload

Download the agent associated with a particular payload:

1
2
GET /api/v1/payloads/{PAYLOAD_ID}/download HTTP/1.1
Authorization: Bearer {JWT_TOKEN}

Rename a Payload

Update the custom name of an existing payload.

1
2
3
4
5
6
7
PATCH /api/v1/payloads/{PAYLOAD_ID} HTTP/1.1
Authorization: Bearer {JWT_TOKEN}
Content-Type: application/json

{
  "name": "NEW_PAYLOAD_NAME"
}

Archive a Payload

Archive an existing payload.

1
2
DELETE /api/v1/payloads/{PAYLOAD_ID} HTTP/1.1
Authorization: Bearer {JWT_TOKEN}