busterb
diff --git a/‎.github/label-actions.yml
+8 b/‎.github/label-actions.yml
+8
diff --git a/‎.rubocop.yml
+1-1 b/‎.rubocop.yml
+1-1
diff --git a/‎Dockerfile
+1-1 b/‎Dockerfile
+1-1
diff --git a/‎db/modules_metadata_base.json
+183-4 b/‎db/modules_metadata_base.json
+183-4
@@ -123,3 +123,11 @@ issues:
         When creating an issue, please ensure that the default issue template has been updated with the required details.
 
         Closing this issue. If you believe this issue has been closed in error, please provide any relevant output and logs which may be useful in diagnosing the issue.
+
+    ruby-3.0.0:
+      close: true
+      comment: |
+        This issue appears to be related to Ruby 3.0.0. At this time Metasploit does not support Ruby 3.0.0.
+        Please try using Ruby 2.7.x with Metasploit.
+
+        Closing this issue as a duplicate of #14666 - which aims to track this feature request.
@@ -192,7 +192,7 @@ Layout/ExtraSpacing:
   # When true, allows things like 'obj.meth(arg)  # comment',
   # rather than insisting on 'obj.meth(arg) # comment'.
   # If done for alignment, either this OR AllowForAlignment will allow it.
-  AllowBeforeTrailingComments: false
+  AllowBeforeTrailingComments: true
   # When true, forces the alignment of `=` in assignments on consecutive lines.
   ForceEqualSignAlignment: false
 
 
@@ -59,7 +59,7 @@ RUN chown -R root:metasploit $APP_HOME/
 RUN chmod 664 $APP_HOME/Gemfile.lock
 RUN gem update --system
 RUN cp -f $APP_HOME/docker/database.yml $APP_HOME/config/database.yml
-RUN curl -O https://bootstrap.pypa.io/get-pip.py && python get-pip.py && rm get-pip.py
+RUN curl -L -O https://github.com/pypa/get-pip/raw/3843bff3a0a61da5b63ea0b7d34794c5c51a2f11/get-pip.py && python get-pip.py && rm get-pip.py
 RUN pip install impacket
 
 WORKDIR $APP_HOME
 
@@ -43307,7 +43307,7 @@
 
     ],
     "targets": null,
-    "mod_time": "2018-09-15 18:54:45 +0000",
+    "mod_time": "2021-01-27 10:14:52 +0000",
     "path": "/modules/auxiliary/scanner/ssh/ssh_enumusers.rb",
     "is_install_path": true,
     "ref_name": "scanner/ssh/ssh_enumusers",
@@ -71067,6 +71067,48 @@
     },
     "needs_cleanup": null
   },
+  "exploit_multi/fileformat/archive_tar_arb_file_write": {
+    "name": "PEAR Archive_Tar < 1.4.11 Arbitrary File Write",
+    "fullname": "exploit/multi/fileformat/archive_tar_arb_file_write",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2020-11-17",
+    "type": "exploit",
+    "author": [
+      "gwillcox-r7",
+      "xorathustra"
+    ],
+    "description": "This module takes advantages of Archive_Tar < 1.4.11's lack of validation of file stream wrappers contained\n          within filenames to write an arbitrary file containing user controlled content to an arbitrary file\n          on disk. Note that the file will be written to disk with the permissions of the user that PHP is\n          running as, so it may not be possible to overwrite some files if the PHP user is not appropriately\n          privileged.",
+    "references": [
+      "URL-https://github.com/pear/Archive_Tar/issues/33",
+      "URL-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28949",
+      "CVE-2020-28949"
+    ],
+    "platform": "PHP",
+    "arch": "php",
+    "rport": null,
+    "autofilter_ports": [
+
+    ],
+    "autofilter_services": [
+
+    ],
+    "targets": [
+      "Archive_Tar < 1.4.11"
+    ],
+    "mod_time": "2021-01-19 09:25:56 +0000",
+    "path": "/modules/exploits/multi/fileformat/archive_tar_arb_file_write.rb",
+    "is_install_path": true,
+    "ref_name": "multi/fileformat/archive_tar_arb_file_write",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+    },
+    "needs_cleanup": null
+  },
   "exploit_multi/fileformat/evince_cbt_cmd_injection": {
     "name": "Evince CBT File Command Injection",
     "fullname": "exploit/multi/fileformat/evince_cbt_cmd_injection",
@@ -76376,6 +76418,59 @@
     },
     "needs_cleanup": null
   },
+  "exploit_multi/http/microfocus_ucmdb_unauth_deser": {
+    "name": "Micro Focus UCMDB Java Deserialization Unauthenticated Remote Code Execution",
+    "fullname": "exploit/multi/http/microfocus_ucmdb_unauth_deser",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2020-10-28",
+    "type": "exploit",
+    "author": [
+      "Pedro Ribeiro <[email protected]>"
+    ],
+    "description": "This module exploits two vulnerabilities, that when chained allow an attacker\n          to achieve unauthenticated remote code execution in Micro Focus UCMDB.\n          UCMDB included in versions 2020.05 and below of Operations Bridge Manager are affected,\n          but this module can probably also be used to exploit Operations Bridge Manager\n          (containeirized) and Application Performance Management.\n          Check the advisory and module documentation for details.\n          The first vulnerability is a hardcoded password for the \"diagnostics\" user, which\n          allows us to login to UCMDB. The second vulnerability is a run-of-the-mill Java\n          deserialization, which can be exploited with ysoserial's CommonsBeanutils1 payload.\n          Both Windows and Linux installations are vulnerable.",
+    "references": [
+      "URL-https://github.com/pedrib/PoC/blob/master/advisories/Micro_Focus/Micro_Focus_OBM.md",
+      "CVE-2020-11853",
+      "CVE-2020-11854",
+      "ZDI-20-1287",
+      "ZDI-20-1288"
+    ],
+    "platform": "Unix,Windows",
+    "arch": "",
+    "rport": 8443,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Windows",
+      "Linux"
+    ],
+    "mod_time": "2021-01-25 22:25:07 +0000",
+    "path": "/modules/exploits/multi/http/microfocus_ucmdb_unauth_deser.rb",
+    "is_install_path": true,
+    "ref_name": "multi/http/microfocus_ucmdb_unauth_deser",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+    },
+    "needs_cleanup": null
+  },
   "exploit_multi/http/mma_backdoor_upload": {
     "name": "Th3 MMA mma.php Backdoor Arbitrary File Upload",
     "fullname": "exploit/multi/http/mma_backdoor_upload",
@@ -88338,7 +88433,7 @@
     "author": [
       "unknown"
     ],
-    "description": "No module description",
+    "description": "This module exploits a stack-based buffer overflow in Apple QuickTime\n        before version 7.3.1. By sending an overly long RTSP response to a\n        client, an attacker may be able to execute arbitrary code.",
     "references": [
       "CVE-2007-6166",
       "OSVDB-40876",
@@ -88359,7 +88454,7 @@
       "Mac OS X 10.4.8 x86, QuickTime 7.1.3",
       "Mac OS X 10.5.0 x86, QuickTime 7.2.1"
     ],
-    "mod_time": "2020-10-02 17:38:06 +0000",
+    "mod_time": "2021-01-22 23:29:16 +0000",
     "path": "/modules/exploits/osx/rtsp/quicktime_rtsp_content_type.rb",
     "is_install_path": true,
     "ref_name": "osx/rtsp/quicktime_rtsp_content_type",
@@ -130645,6 +130740,56 @@
     },
     "needs_cleanup": null
   },
+  "exploit_windows/http/prtg_authenticated_rce": {
+    "name": "PRTG Network Monitor Authenticated RCE",
+    "fullname": "exploit/windows/http/prtg_authenticated_rce",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2018-06-25",
+    "type": "exploit",
+    "author": [
+      "Josh Berry <[email protected]>",
+      "Julien Bedel <[email protected]>"
+    ],
+    "description": "Notifications can be created by an authenticated user and can execute scripts when triggered.\n        Due to a poorly validated input on the script name, it is possible to chain it with a user-supplied command allowing command execution under the context of privileged user.\n        The module uses provided credentials to log in to the web interface, then creates and triggers a malicious notification to perform RCE using a Powershell payload.\n        It may require a few tries to get a shell because notifications are queued up on the server.\n        This vulnerability affects versions prior to 18.2.39. See references for more details about the vulnerability allowing RCE.",
+    "references": [
+      "CVE-2018-9276",
+      "URL-https://www.codewatch.org/blog/?p=453"
+    ],
+    "platform": "Windows",
+    "arch": "x86, x64",
+    "rport": 80,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Automatic Targeting"
+    ],
+    "mod_time": "2021-01-21 18:32:05 +0000",
+    "path": "/modules/exploits/windows/http/prtg_authenticated_rce.rb",
+    "is_install_path": true,
+    "ref_name": "windows/http/prtg_authenticated_rce",
+    "check": true,
+    "post_auth": true,
+    "default_credential": true,
+    "notes": {
+    },
+    "needs_cleanup": null
+  },
   "exploit_windows/http/psoproxy91_overflow": {
     "name": "PSO Proxy v0.91 Stack Buffer Overflow",
     "fullname": "exploit/windows/http/psoproxy91_overflow",
@@ -175680,7 +175825,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2020-06-11 13:09:25 +0000",
+    "mod_time": "2021-01-22 22:00:30 +0000",
     "path": "/modules/post/multi/recon/local_exploit_suggester.rb",
     "is_install_path": true,
     "ref_name": "multi/recon/local_exploit_suggester",
@@ -180692,6 +180837,40 @@
     },
     "needs_cleanup": null
   },
+  "post_windows/gather/forensics/fanny_bmp_check": {
+    "name": "FannyBMP or DementiaWheel Detection Registry Check",
+    "fullname": "post/windows/gather/forensics/fanny_bmp_check",
+    "aliases": [
+
+    ],
+    "rank": 300,
+    "disclosure_date": null,
+    "type": "post",
+    "author": [
+      "William M."
+    ],
+    "description": "This module searches for the Fanny.bmp worm related reg keys.\n          fannybmp is a worm that exploited zero day vulns\n          (more specifically, the LNK Exploit CVE-2010-2568).\n          Which allowed it to spread even if USB Autorun was turned off.\n          This is the same exploit that was used in StuxNet.",
+    "references": [
+      "URL-https://securelist.com/a-fanny-equation-i-am-your-father-stuxnet/68787",
+      "CVE-2010-2568"
+    ],
+    "platform": "Windows",
+    "arch": "",
+    "rport": null,
+    "autofilter_ports": null,
+    "autofilter_services": null,
+    "targets": null,
+    "mod_time": "2021-01-25 13:56:04 +0000",
+    "path": "/modules/post/windows/gather/forensics/fanny_bmp_check.rb",
+    "is_install_path": true,
+    "ref_name": "windows/gather/forensics/fanny_bmp_check",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+    },
+    "needs_cleanup": null
+  },
   "post_windows/gather/forensics/imager": {
     "name": "Windows Gather Forensic Imaging",
     "fullname": "post/windows/gather/forensics/imager",