metasploit-payloads 2.0.153 → 2.0.154

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f236dc912a4d70590a93b5c0ff03b98aba85a33dae65569eb76f77e4e2c2f2ee
-  data.tar.gz: 1bb5a328df81b0639b9ecd2d69aab2f5c23f0fd1222259d8cae8089b12294c76
+  metadata.gz: 8be6e3a79a976f76e3bdcd7131211f87d506e1d7951c8570970a00cca95d0685
+  data.tar.gz: 2aec19188104778d80c4626f306f11d8eb290f2e56b34b2881b59692c4fd5567
 SHA512:
-  metadata.gz: 44dfbd9505f397cc2b2cb31afc2c3fb82087ae9cffdcc82059058c868e44fecf73b7be96ea99e3521cc91a5c5a4224aa6333e8ea20f6540cedce62666ac5f9cb
-  data.tar.gz: 8e8ace929e8cf636f15e4cf1d91f88e86e8387852d33e3cbf5957243a8c5ed3137911a3188321d980d345b0a62aa3e9beba332a904dfe71ac582b5f026b4eb6e
+  metadata.gz: 352963fe40d6ce798c357c117dfaca9bdf99f5a504bc89b56586e5c0f8a852c896605a800db41c525ca4a350a06b1f37258f14da2fc93b43fd5d14719f4cf863
+  data.tar.gz: 261e198987bd0aa0f4e05319fd31145781c83cf456f13148047174489f43be9e7aa4f452a156e9244773fac8599ebfd9ee610adcbeb4ab2f7266ca67757c9180

data/.gitignore

@@ -7,6 +7,7 @@ InstalledFiles
 lib/bundler/man
 rdoc
 spec/reports
+spec/examples.txt
 test/tmp
 test/version_tmp
 tmp

data/.rspec

@@ -0,0 +1 @@
+--require spec_helper

data/Gemfile

@@ -2,3 +2,7 @@ source 'https://rubygems.org'
 
 # Specify your gem's dependencies in meterpreter_binaries.gemspec
 gemspec
+
+group :test do
+  gem 'rspec'
+end

data/lib/metasploit-payloads/error.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+module MetasploitPayloads
+  class Error < StandardError
+  end
+
+  # Error raised when a Metasploit Payloads file doesn't exist.
+  class NotFoundError < Error
+    attr_reader :path
+
+    def initialize(path = '')
+      @path = path
+      super("Meterpreter path #{@path} not found. Ensure antivirus is not enabled, or reinstall Metasploit.")
+    end
+  end
+
+  # Error raised when the user does not have read permissions for a Metasploit Payloads file
+  class NotReadableError < Error
+    attr_reader :path
+
+    def initialize(path = '')
+      @path = path
+      super("Meterpreter path #{@path} is not readable. Check if you have read access and try again.")
+    end
+  end
+
+  # Error raised when a Metasploit Payloads file's hash does not match what is defined in the manifest file.
+  class HashMismatchError < Error
+    attr_reader :path
+
+    def initialize(path = '')
+      @path = path
+      super("Meterpreter path #{@path} does not match the hash defined in the Metasploit Payloads manifest file.")
+    end
+  end
+end

data/lib/metasploit-payloads/version.rb

@@ -1,6 +1,6 @@
 # -*- coding:binary -*-
 module MetasploitPayloads
-  VERSION = '2.0.153'
+  VERSION = '2.0.154'
 
   def self.version
     VERSION

data/lib/metasploit-payloads.rb

@@ -1,6 +1,8 @@
 # -*- coding:binary -*-
 
+require 'openssl' unless defined? OpenSSL::Digest
 require 'metasploit-payloads/version' unless defined? MetasploitPayloads::VERSION
+require 'metasploit-payloads/error' unless defined? MetasploitPayloads::Error
 
 #
 # This module dispenses Metasploit payload binary files
@@ -10,6 +12,56 @@ module MetasploitPayloads
   METERPRETER_SUBFOLDER = 'meterpreter'
   USER_DATA_SUBFOLDER   = 'payloads'
 
+  #
+  # @return [Array<Hash<String, Symbol>>] An array of filenames with warnings. Provides a file name and error.
+  #  Empty if all needed Meterpreter files exist and have the correct hash.
+  def self.manifest_errors
+    manifest_errors = []
+
+    begin
+      manifest_contents = ::File.binread(manifest_path)
+    rescue => e
+      return [{ path: manifest_path, error: e }]
+    end
+
+    begin
+      manifest_uuid_contents = ::File.binread(manifest_uuid_path)
+    rescue => e
+      manifest_errors.append({ path: manifest_uuid_path, error: e })
+    end
+
+    # Check if the hash of the manifest file is correct.
+    if manifest_uuid_contents
+      manifest_digest = ::OpenSSL::Digest.new('SHA3-256', manifest_contents)
+      uuid_matches = (manifest_uuid_contents.chomp == manifest_digest.to_s)
+      unless uuid_matches
+        e = ::MetasploitPayloads::HashMismatchError.new(manifest_path)
+        manifest_errors.append({ path: manifest_path, error: e })
+      end
+    end
+
+    manifest_contents.each_line do |line|
+      filename, hash_type, hash = line.chomp.split(':')
+      begin
+        # self.path prepends the gem data directory, which is already present in the manifest file.
+        out_path = self.path(filename.sub('./data/', ''))
+        # self.path can return a path to the gem data, or user's local data.
+        bundled_file = out_path.start_with?(data_directory)
+        if bundled_file
+          file_hash_match = (::OpenSSL::Digest.new(hash_type, ::File.binread(out_path)).to_s == hash)
+          unless file_hash_match
+            e = ::MetasploitPayloads::HashMismatchError.new(out_path)
+            manifest_errors.append({ path: e.path, error: e })
+          end
+        end
+      rescue ::MetasploitPayloads::NotFoundError, ::MetasploitPayloads::NotReadableError => e
+        manifest_errors.append({ path: e.path, error: e })
+      end
+    end
+
+    manifest_errors
+  end
+
   #
   # Get the path to an extension based on its name (no prefix).
   #
@@ -17,6 +69,14 @@ module MetasploitPayloads
     path(METERPRETER_SUBFOLDER, "#{EXTENSION_PREFIX}#{ext_name}.#{binary_suffix}")
   end
 
+  #
+  # Get the path for the first readable path in the provided arguments.
+  # Start with the provided `extra_paths` then fall back to the `gem_path`.
+  #
+  # @param [String] gem_path a path to the gem
+  # @param [Array<String>] extra_paths a path to any extra paths that should be evaluated for local files before `gem_path`
+  # @raise [NotReadableError] if the user doesn't have read permissions for the currently-evaluated path
+  # @return [String,nil] A readable path or nil
   def self.readable_path(gem_path, *extra_paths)
     # Try the MSF path first to see if the file exists, allowing the MSF data
     # folder to override what is in the gem. This is very helpful for
@@ -24,12 +84,18 @@ module MetasploitPayloads
     # each time. We only do this is MSF is installed.
     extra_paths.each do |extra_path|
       if ::File.readable? extra_path
-        warn_local_path(extra_path) if ::File.readable? gem_path
+        warn_local_path(extra_path)
         return extra_path
+      else
+        # Raise rather than falling back;
+        # If there is a local file present, let's assume that the user wants to use it (e.g. local dev. changes)
+        # rather than having MSF Console falling back to the files in the gem
+        raise ::MetasploitPayloads::NotReadableError, extra_path, caller if ::File.exist?(extra_path)
       end
     end
 
     return gem_path if ::File.readable? gem_path
+    raise ::MetasploitPayloads::NotReadableError, gem_path, caller if ::File.exist?(gem_path)
 
     nil
   end
@@ -37,21 +103,36 @@ module MetasploitPayloads
   #
   # Get the path to a meterpreter binary by full name.
   #
+  # @param [String] name The name of the requested binary without any file extensions
+  # @param [String] binary_suffix The binary extension, without the leading '.' char (e.g. `php`, `jar`)
+  # @param [Boolean] debug Request a debug version of the binary. This adds a
+  #  leading '.debug' to the extension if looking for a DLL file.
   def self.meterpreter_path(name, binary_suffix, debug: false)
     binary_suffix = binary_suffix&.gsub(/dll$/, 'debug.dll') if debug
     path(METERPRETER_SUBFOLDER, "#{name}.#{binary_suffix}".downcase)
   end
 
   #
-  # Get the full path to any file packaged in this gem by local path and name.
+  # Get the full path to any file packaged in this gem or other Metasploit Framework directories by local path and name.
   #
+  # @param [Array<String>] path_parts requested path parts that will be joined
+  # @raise [NotFoundError] if the requested path/file does not exist
+  # @raise [NotReadableError] if the requested file exists but the user doesn't have read permissions
+  # @return [String,nil] A path or nil
   def self.path(*path_parts)
     gem_path = expand(data_directory, ::File.join(path_parts))
     if metasploit_installed?
       user_path = expand(Msf::Config.config_directory, ::File.join(USER_DATA_SUBFOLDER, path_parts))
       msf_path = expand(Msf::Config.data_directory, ::File.join(path_parts))
+      out_path = readable_path(gem_path, user_path, msf_path)
+    else
+      out_path = readable_path(gem_path)
     end
-    readable_path(gem_path, user_path, msf_path)
+
+    return out_path unless out_path.nil?
+    raise ::MetasploitPayloads::NotFoundError, ::File.join(gem_path), caller unless ::File.exist?(gem_path)
+
+    nil
   end
 
   #
@@ -61,7 +142,7 @@ module MetasploitPayloads
     file_path = path(path_parts)
     if file_path.nil?
       full_path = ::File.join(path_parts)
-      fail RuntimeError, "#{full_path} not found", caller
+      raise ::MetasploitPayloads::NotFoundError, full_path, caller
     end
 
     ::File.binread(file_path)
@@ -203,5 +284,13 @@ module MetasploitPayloads
 
       things
     end
+
+    def manifest_path
+      ::File.realpath(::File.join(::File.dirname(__FILE__), '..', 'manifest'))
+    end
+
+    def manifest_uuid_path
+      ::File.realpath(::File.join(::File.dirname(__FILE__), '..', 'manifest.uuid'))
+    end
   end
 end

data/manifest

@@ -2,9 +2,9 @@
 ./data/android/apk/classes.dex:SHA3-256:0ca34b9e74428678ca808e3601eb30ec78256d76a38c8eecf26e5f419837b769
 ./data/android/apk/resources.arsc:SHA3-256:9a6f5eb5cb24fb1f83808a67c692e66c1a698d6222db2000b8b07e595689311f
 ./data/android/meterpreter.dex:SHA3-256:6105628e55ccab5412f899bc8bb563796b53f5941d48283ff892abc09fbd1c6a
-./data/android/meterpreter.jar:SHA3-256:b6561f2f21cc6b4f1a2776346a918676986b5548b4401ba0929302d9ed5891da
-./data/android/metstage.jar:SHA3-256:0838b82b3f064a01a00150336940fa4987f756a984a8ad1c3ca06759247a0929
-./data/android/shell.jar:SHA3-256:9e525562fe2f227c51143759067f1687371481a1fc3c7f71fde016c6c17c8648
+./data/android/meterpreter.jar:SHA3-256:644553f5c9616780c1b8f420a90614b88da5b18ff1a774896d87fa7810798896
+./data/android/metstage.jar:SHA3-256:9dadc846e9cd52534631574bd1a5665dd0efb81dfdf26e435d4a0036a546ee27
+./data/android/shell.jar:SHA3-256:db129427fc3d9195f254cf6e9c4bd75eb0c077ab115a76c72aebae1d406ff3d4
 ./data/java/com/metasploit/meterpreter/MemoryBufferURLConnection.class:SHA3-256:a5a729165ff85444ee954f19590782def0a66b1941e89f3cb5baed1df72818c8
 ./data/java/com/metasploit/meterpreter/MemoryBufferURLStreamHandler.class:SHA3-256:386dd1d33383a0d1ac221bf4b914d8b648f5f47aefb3cad0e8d16988854e1762
 ./data/java/javapayload/stage/Meterpreter.class:SHA3-256:9124d682defeba42a88c766bee21c4d4a0c7c37f63f1928a2614c4d1bea2fecf
@@ -19,79 +19,79 @@
 ./data/java/metasploit/PayloadTrustManager.class:SHA3-256:e2d25c8b3e43f584e198e46c2576b367f96275800a96a42fd2dc2c81059a3c41
 ./data/java/metasploit/RMILoader.class:SHA3-256:4add539548d76e0142ff5e6ccdba6ee4b21191354be1a40499cb2a745b480bee
 ./data/java/metasploit/RMIPayload.class:SHA3-256:0d3e96836a8c3591f4bc827b33c4edb0b4f505a9f17cb0bdb27a367fb71d53c3
-./data/meterpreter/dump_sam.x64.debug.dll:SHA3-256:410d03d4f66766c78a13967d219c6dfb4910592b2f496f10f2d2d18a54eb7086
-./data/meterpreter/dump_sam.x64.dll:SHA3-256:337b6ee55c7c7ddfd6046d64201982968b55eb676c32d6b1d38a548546226583
-./data/meterpreter/dump_sam.x86.debug.dll:SHA3-256:3b94566733c262adf1e419e65c58cbd19314927c0b30fe0106137065d68517cb
-./data/meterpreter/dump_sam.x86.dll:SHA3-256:20b8c4e3ab55c87a81026aa84fad4dff251cd01a6a12a8c0b0d0564197227732
-./data/meterpreter/elevator.x64.debug.dll:SHA3-256:683a7bb692f99565c479f70eb53fdd55a981f96d791752c1c3fcae91d0989731
-./data/meterpreter/elevator.x64.dll:SHA3-256:2d4b2ea010276463f580ce8c628bbf93d2b3e1a46f054fb1baf6d4a5c8fa1d24
-./data/meterpreter/elevator.x86.debug.dll:SHA3-256:2b7c9b45043232b93e96e9222649b25f6d61fd59e43bb5e374552d49cbe1ac30
-./data/meterpreter/elevator.x86.dll:SHA3-256:69854978973b110d39b7eabf5f569f69fe1c01b50192b40335f65c14800db7a8
-./data/meterpreter/ext_server_bofloader.x64.debug.dll:SHA3-256:e093ef4b48586633d5bcd5bc865f6edf38542b08ff9649e0b8815b00bf05c509
-./data/meterpreter/ext_server_bofloader.x64.dll:SHA3-256:7470c6eb76b53d9193c48394e9a76a71e162213ec88b2777ffa8eb8e8e18e8cd
-./data/meterpreter/ext_server_bofloader.x86.debug.dll:SHA3-256:e22120056fe41bfa48d7eada455a4a94eb78c421968a8d37affec45906d3f804
-./data/meterpreter/ext_server_bofloader.x86.dll:SHA3-256:d942a9e9c45ce6d379c9b578ed36cd82168b6852b216edbcfe2b66172335893d
-./data/meterpreter/ext_server_espia.x64.debug.dll:SHA3-256:bc587642240d3728248c174e6fe8b46db173a33e768a1d65e6136f6befa6b66a
-./data/meterpreter/ext_server_espia.x64.dll:SHA3-256:0167dd71b6619276c70e0a711c698c24b890c135255bf994da43391be281cdc6
-./data/meterpreter/ext_server_espia.x86.debug.dll:SHA3-256:764c5ec2d24dceeb46517e454e4faddc64e9c014b8437c73f621128e5ef22c39
-./data/meterpreter/ext_server_espia.x86.dll:SHA3-256:db2dce5e60ffedf3b9e3c04324d2da2b38e6069c07cd358bc70064da41438716
-./data/meterpreter/ext_server_extapi.x64.debug.dll:SHA3-256:edeb08a2447ff609a94b26d9be78d31d4d58134ce2d569982343fcceaa64e8e6
-./data/meterpreter/ext_server_extapi.x64.dll:SHA3-256:e516bc462df6ad408b46a9e8c3bbb80c0eac820c771b3b3f62606f4a689c4316
-./data/meterpreter/ext_server_extapi.x86.debug.dll:SHA3-256:303a9c53e79cd2a7b9c9faf2432c9bf7f573ae6670f3866c61020412603b3975
-./data/meterpreter/ext_server_extapi.x86.dll:SHA3-256:da8b2885f93d791ab2661f592cec41ff06240a99210be37f89bef77e832990f7
-./data/meterpreter/ext_server_incognito.x64.debug.dll:SHA3-256:01cde245e6be5267b5cfe0576a5c7123189d75241b99e92cd082247e4ec9ce4c
-./data/meterpreter/ext_server_incognito.x64.dll:SHA3-256:ba8e0ee4c7da55be136dae7cf510366f4c83bdfb6ced1f79bcf8bd8f5f383578
-./data/meterpreter/ext_server_incognito.x86.debug.dll:SHA3-256:247af11ce299246fc759c7f2c1fe1b405d4f1bd9627e73f7c3a7114f497811e1
-./data/meterpreter/ext_server_incognito.x86.dll:SHA3-256:ab480622f6c123aa058c623a3a9baaba77b5d277cc31719c461a6bbd3a5b08d2
-./data/meterpreter/ext_server_kiwi.x64.debug.dll:SHA3-256:4ee876e90094ed320b7febe8c988b2b1e08c057ba7b85c241c3ccf6b474c9fdd
-./data/meterpreter/ext_server_kiwi.x64.dll:SHA3-256:b16bcce1af9c4e77126743ef789044f878555fd66959a107d4baf4d01d81fcd7
-./data/meterpreter/ext_server_kiwi.x86.debug.dll:SHA3-256:8214792b3b8d9d39e9e10f496fcb4b3b2f73a6add8675c41d4643aa6e0feeccb
-./data/meterpreter/ext_server_kiwi.x86.dll:SHA3-256:83fbf156a137d96120a822a2d381beb8ead6d388c971e38c7990bc7b76fde38b
-./data/meterpreter/ext_server_lanattacks.x64.debug.dll:SHA3-256:fd9354653bd9876a0ebfb7b630717c16296cc316dcef8a0af5f61068c9379c11
-./data/meterpreter/ext_server_lanattacks.x64.dll:SHA3-256:3a34ea07e0564b159be5d011a57aabc43649c181ba67cdbd9cc8000aba619876
-./data/meterpreter/ext_server_lanattacks.x86.debug.dll:SHA3-256:98302c0436bc980de4dfa2befdea0b0c475e4998447e19db4e65c93c8102cd3f
-./data/meterpreter/ext_server_lanattacks.x86.dll:SHA3-256:c3156c4649f0215ac941233d20aae6587e1fead5a0599535090d2333d841ce04
-./data/meterpreter/ext_server_peinjector.x64.debug.dll:SHA3-256:8ed9b9a1826a7df3981f23495dc02c5142dcc33f3f059e2899973615b751891b
-./data/meterpreter/ext_server_peinjector.x64.dll:SHA3-256:c8c1d81f233417871c8bcf94b67e9d59522c7334453a50e594f9158d1f859373
-./data/meterpreter/ext_server_peinjector.x86.debug.dll:SHA3-256:5837a598ee82384af8ec6d8ab3020ebcb5e43e9d358a89a6e47aa1191631c5cc
-./data/meterpreter/ext_server_peinjector.x86.dll:SHA3-256:a2da5dacaf45678f172aa6b9212aa78c33bba2aed31afbb9c03cd67f085acd26
-./data/meterpreter/ext_server_powershell.x64.debug.dll:SHA3-256:2b8e6648568a65f709652217899d2fd5743403d0d03455c510bbaa29bc1189f4
-./data/meterpreter/ext_server_powershell.x64.dll:SHA3-256:df6a102757f8e3e4d1678ae8c1b44422b08f1c686ce95e168f1e5df62014307b
-./data/meterpreter/ext_server_powershell.x86.debug.dll:SHA3-256:a58036310fa4a140e0b4718a2ecb525ac2737834e1a80c84b89a723315643147
-./data/meterpreter/ext_server_powershell.x86.dll:SHA3-256:f4c3b81dfee3f8c9d96744360f689a882acad8db7b80e9526a0836b049ce6599
-./data/meterpreter/ext_server_priv.x64.debug.dll:SHA3-256:34643796625fc30e8d9541f5732cd322405a1f498784e79910aa2b425ae98bcd
-./data/meterpreter/ext_server_priv.x64.dll:SHA3-256:b203ed90da17f69d7029ad91d39b2c0f1c04fbf190da5f6990aa594e06d4d329
-./data/meterpreter/ext_server_priv.x86.debug.dll:SHA3-256:b2a405c3003b0360cc7d1780623959c6df88444fdf3831d4db1e331eadd4d4cc
-./data/meterpreter/ext_server_priv.x86.dll:SHA3-256:a142f10f1030c9af6eea9eef188a002c6f187cf8663d942bc9108caf87e6048d
-./data/meterpreter/ext_server_python.x64.debug.dll:SHA3-256:bce2704bcbc25c7fecf605b4559e782da9615bbbed42acb117e4dfdb6045e403
-./data/meterpreter/ext_server_python.x64.dll:SHA3-256:22ab8f0affee20ee9a7cd65d301c5202608e4f93475461b96a591126e3663360
-./data/meterpreter/ext_server_python.x86.debug.dll:SHA3-256:560302f03d25019f2f92a20a4ebbb321dbb4a197f11b657ddf6f641e1b129e60
-./data/meterpreter/ext_server_python.x86.dll:SHA3-256:760e939b65f4cc115539caf2ded7f89082f9467cf15cb5011d394b214c0f5657
-./data/meterpreter/ext_server_sniffer.x64.dll:SHA3-256:26c2f265423c8b62604c8bfc9875666484a552552ffaf2bc358900b4bd3403e8
-./data/meterpreter/ext_server_sniffer.x86.dll:SHA3-256:c4787d4f8724d405bc313be4715d1d562baf1c1a6fabdf1f5ca52df7fdda2ad0
+./data/meterpreter/dump_sam.x64.debug.dll:SHA3-256:785cee32f256748d7581c2c99b2c7fc785b80cc4b98c04b23663083d9cbb63fe
+./data/meterpreter/dump_sam.x64.dll:SHA3-256:802b6fd59c81271de108ed34629591a54e595d4674b2994bcf193c3f14541f21
+./data/meterpreter/dump_sam.x86.debug.dll:SHA3-256:6a20175fdbc8c81fa1a8a7acf5b1bcd3a446361bc62df655bea03ee6f020946a
+./data/meterpreter/dump_sam.x86.dll:SHA3-256:b2586ce65fbc44ca65e3e1bb306e98ddc443731ad68dded7dc421a1a1a7eb044
+./data/meterpreter/elevator.x64.debug.dll:SHA3-256:8baefe56b2f90fdf0c30242aa64410fcf9388781542c25f1122f2eabc1c4b60d
+./data/meterpreter/elevator.x64.dll:SHA3-256:3c0aea83b1ff9ed1b5c577a8f5c9a609cc5ed49986fb73aa3a75939cf2ab6f1b
+./data/meterpreter/elevator.x86.debug.dll:SHA3-256:acbf23f52c53752019f41612ade31cb363ed5bbed93b1bad053120bb90aeb33e
+./data/meterpreter/elevator.x86.dll:SHA3-256:bac995312f1833e90cc5ab65989baa011c0367630b0fea948b618004435c0d56
+./data/meterpreter/ext_server_bofloader.x64.debug.dll:SHA3-256:6ea2c2337477ccd1c5b8d3970638c19dac5fcd87fd344eb44d1e3f5edbf20115
+./data/meterpreter/ext_server_bofloader.x64.dll:SHA3-256:20e680450f461dbc94cae49dcee97447ebb0c73c75355445c63a88cc51f0a233
+./data/meterpreter/ext_server_bofloader.x86.debug.dll:SHA3-256:3ade3073d62002e9f4b5846d3caf83a01fde51b8c00ad27721bee0688990bb7a
+./data/meterpreter/ext_server_bofloader.x86.dll:SHA3-256:73e81d200d754ea9dd6dc1784cac396fad577f3ffd9b912a34211d2b3309cf5f
+./data/meterpreter/ext_server_espia.x64.debug.dll:SHA3-256:291edf708eea4a682de78fc9e43dc9bf9a45447783b5bb98e13645e868bb589a
+./data/meterpreter/ext_server_espia.x64.dll:SHA3-256:07841363017e9f77f564a9c67b3b00e2b032b8715fe7fb80540772f404936d7e
+./data/meterpreter/ext_server_espia.x86.debug.dll:SHA3-256:6429005b28c1d1088d1c7bb043b1abb07b60b1de2832a178c9fb772b99850ad0
+./data/meterpreter/ext_server_espia.x86.dll:SHA3-256:dc675fd01b4f9bab251877e843e7f7c6117678d7e9d6da2389b5d612aac7198f
+./data/meterpreter/ext_server_extapi.x64.debug.dll:SHA3-256:1235b5aede8db36c99786272f92130d9f8fc3aff4ea4312c54b7ecb5ef9f5f26
+./data/meterpreter/ext_server_extapi.x64.dll:SHA3-256:0622c13932e5b92f6648b03f6b30993f169bf945ee311ebc1b3e7cef74b8b075
+./data/meterpreter/ext_server_extapi.x86.debug.dll:SHA3-256:dd9b373b5cbff2dded38eee4619cb6f2cc64b263157cf94494d15c1e94dc27cf
+./data/meterpreter/ext_server_extapi.x86.dll:SHA3-256:8b5fa9ca4ad31f38bb00609dfcbdaf1db8554847a3bdbf302218cad9555f5e7d
+./data/meterpreter/ext_server_incognito.x64.debug.dll:SHA3-256:e74587432b16a267901ddaca692ec9e7a85fde753796ced495635f101a123127
+./data/meterpreter/ext_server_incognito.x64.dll:SHA3-256:933ea101fdb29646f762d7e0ba2a3147c3579fa857857c39841c28c03328e148
+./data/meterpreter/ext_server_incognito.x86.debug.dll:SHA3-256:79379c113c07b6294d9ef90f59a055a08dc2cbd3817bf592bb32f8c165789a0c
+./data/meterpreter/ext_server_incognito.x86.dll:SHA3-256:daa959d55cee072928715bb814fb93f1b8aac6ba2b6e9d85315a319e1f9f6911
+./data/meterpreter/ext_server_kiwi.x64.debug.dll:SHA3-256:71638f41ac701e4f32e888d9060f5bbbc053283399ac6c2229469bbb6b523d15
+./data/meterpreter/ext_server_kiwi.x64.dll:SHA3-256:7f0a56cc9e8ee86da54163813c23c4a3bc8070fe498d61ebf19b02dc47f261fe
+./data/meterpreter/ext_server_kiwi.x86.debug.dll:SHA3-256:1f714bdd7e29191f40dee22c89696c7eeb6c5932f7aeeee798f3ca75ed52b345
+./data/meterpreter/ext_server_kiwi.x86.dll:SHA3-256:ae534cada086f1727716795222b3b89d2a0534da6ca2bd65bc119db156830904
+./data/meterpreter/ext_server_lanattacks.x64.debug.dll:SHA3-256:55e8fd764ac6d3b6eb9724dcb3c058ff5ab37f7e51fe2f15fe7dda82820bbfd5
+./data/meterpreter/ext_server_lanattacks.x64.dll:SHA3-256:653baca1f7394ebe3f72b7518dd0267912f4e4f843e5439043f66e9c87794505
+./data/meterpreter/ext_server_lanattacks.x86.debug.dll:SHA3-256:ac9ae1499d78c6b0814344b97a931b8cd8537e8e01949c7e6aea957d4d0948b8
+./data/meterpreter/ext_server_lanattacks.x86.dll:SHA3-256:cd2add87348966311b2a8239cad43cfcadb966209b7a40989b25a6d1744f6377
+./data/meterpreter/ext_server_peinjector.x64.debug.dll:SHA3-256:559d62001bddb7b3c0fb5388bd01e19d5c3a0139dabb1160dbe1022fc7c006ac
+./data/meterpreter/ext_server_peinjector.x64.dll:SHA3-256:e4be6ccbd3c6d8d46401e5da1eeebce71a7a323bbd36763da91196d4d2169231
+./data/meterpreter/ext_server_peinjector.x86.debug.dll:SHA3-256:d64c816321063138be26d8025b5bb835d8e4a109edcce9d807a12626d2781f89
+./data/meterpreter/ext_server_peinjector.x86.dll:SHA3-256:198aff2d850d53037140bd219d61d67172e736b33299608d01446f2043829f62
+./data/meterpreter/ext_server_powershell.x64.debug.dll:SHA3-256:a1759c33feb673ad69d343c21e81a32174d8382aa8e4780a05a616456e99e5f5
+./data/meterpreter/ext_server_powershell.x64.dll:SHA3-256:927157d6c4c9ed97ac6c44c5eb3d32c4e8af75788e1a4bda9135993d2f9cb179
+./data/meterpreter/ext_server_powershell.x86.debug.dll:SHA3-256:f23072816c21859eba191193959c7ce67f41bc93488643a763a64900ab6d4cd0
+./data/meterpreter/ext_server_powershell.x86.dll:SHA3-256:254b1b3755cf040918896b959d1ff1b25404c11056b2502a2bdde7bd35c031dc
+./data/meterpreter/ext_server_priv.x64.debug.dll:SHA3-256:f051cacdd39eb770c3be0fa2ccd2a4f64e23e51687d6caa43b3b99313b94ccbd
+./data/meterpreter/ext_server_priv.x64.dll:SHA3-256:443f7a82d5cb1486c751751b31723be137f5f77867ae69a3a39d22ef244c1502
+./data/meterpreter/ext_server_priv.x86.debug.dll:SHA3-256:36024f9ee7071ad2700eea3dcd4f6e947d58ebf0d55b3e636a4b8d0a91210f26
+./data/meterpreter/ext_server_priv.x86.dll:SHA3-256:7b316484d3dc6acead1fceb9b61b676d5ae27291ddc91ca001ae811d12f68635
+./data/meterpreter/ext_server_python.x64.debug.dll:SHA3-256:c642d56929929c56d1173df0770fc31070bebd325569795a1d74ac555fda80a1
+./data/meterpreter/ext_server_python.x64.dll:SHA3-256:86cfa76153a941c73559f878b1e2b1fee3754749205819ed269e5d7f33502f3f
+./data/meterpreter/ext_server_python.x86.debug.dll:SHA3-256:a17feaed376a0352888ada4fafda64e08ee18fc03704986def611d0957b35807
+./data/meterpreter/ext_server_python.x86.dll:SHA3-256:6875f74994f247dc878f9c7449bf92d0b3a201a932c41305b3e29406e7e370de
+./data/meterpreter/ext_server_sniffer.x64.dll:SHA3-256:c61f200a5cdeb37ad4e75754b5ca3e039bd646d808e6a52a489a51a3dd53a30d
+./data/meterpreter/ext_server_sniffer.x86.dll:SHA3-256:608f90d349bffec26e9d88591b764a71e9a739b7be76acc83a9272d266b4ea2f
 ./data/meterpreter/ext_server_stdapi.jar:SHA3-256:c064899075585b124102f7015ba6d0ab8aa5e773377ebed7e69cd467d3b6aa26
 ./data/meterpreter/ext_server_stdapi.php:SHA3-256:92e931e6b47caad6df4249cc263fdbe5d2975c4163f5b06963208163b7af97b5
 ./data/meterpreter/ext_server_stdapi.py:SHA3-256:3ed09316bdc2038873e5a3dc42bd8d725fdb66cf93a0f87300876d1e64ce6b3c
-./data/meterpreter/ext_server_stdapi.x64.debug.dll:SHA3-256:474591f1156bdb5e37c7cc1a97dfa140711e4ceb458bd4fb353510526ea6af32
-./data/meterpreter/ext_server_stdapi.x64.dll:SHA3-256:fba6a7f9832ffa71eb3e429f8dd6e84b4a6d3b624993294b7c1e6fa6f5084771
-./data/meterpreter/ext_server_stdapi.x86.debug.dll:SHA3-256:39b6ea76fb35d3d3eab58c326a012209446475601bccc389ce2e98ac290d416d
-./data/meterpreter/ext_server_stdapi.x86.dll:SHA3-256:172a6811b8d8714355a08c2010d1bbc74437306fcc98ec5f01a36e687d2dfdb5
-./data/meterpreter/ext_server_unhook.x64.debug.dll:SHA3-256:10d5ff179870692faa0f2984cd16a08fb57bacc4417d607344c7ac1aacf0e4dd
-./data/meterpreter/ext_server_unhook.x64.dll:SHA3-256:727eba9333ee98a1ecf97e0bc18830283c6d149240e9de1044bc9b44bdd099c7
-./data/meterpreter/ext_server_unhook.x86.debug.dll:SHA3-256:eba960e2a725d236fa07a1a0d81bd6b855be69841edf5ffbb617d4d293689619
-./data/meterpreter/ext_server_unhook.x86.dll:SHA3-256:dcfac981c105b561652d225a86559c2f5ded2791af4f0f6b3f8cfcc19d6bc1c0
-./data/meterpreter/ext_server_winpmem.x64.debug.dll:SHA3-256:ba692be66ba0d8a902362924c73e813c729cf4156a76d96e285ff01606caca8c
-./data/meterpreter/ext_server_winpmem.x64.dll:SHA3-256:43ebd05a70e439b4f126540911d70f1010ea335f388ed81a95be6a5cd28d5abb
-./data/meterpreter/ext_server_winpmem.x86.debug.dll:SHA3-256:ffeb82444abc80d7e6d406b5051c8be85cebe02a94a35691b10491861e42d48b
-./data/meterpreter/ext_server_winpmem.x86.dll:SHA3-256:c5ebebf2866094d96cac18bbb9b374d4d61558b1b599ac756a50799580ebfdb7
+./data/meterpreter/ext_server_stdapi.x64.debug.dll:SHA3-256:154c8ed4e92d92de6f60bd4c26ea7f8fab376bbd2712463313f1c103effaa1d7
+./data/meterpreter/ext_server_stdapi.x64.dll:SHA3-256:93326c89324f7b55880afd9c4fa2814547400a4573eb219df19ec5ecc4b4365d
+./data/meterpreter/ext_server_stdapi.x86.debug.dll:SHA3-256:4dfce463d19f4a406d82cef018abdb83b3eaac8ce2d2da76fdd2701328369f03
+./data/meterpreter/ext_server_stdapi.x86.dll:SHA3-256:8e05104a76b0de05a738c3677a353b8c11e7427ebbc3e8a58bebe75d608de708
+./data/meterpreter/ext_server_unhook.x64.debug.dll:SHA3-256:d62db48cb7436eaddbc555213a8bd1dc859abe6325e10a18787a40a4ee7a14a2
+./data/meterpreter/ext_server_unhook.x64.dll:SHA3-256:ac42b7ed5916ae528237268716dbebca4f192dd44aa110a6a27e736640afed05
+./data/meterpreter/ext_server_unhook.x86.debug.dll:SHA3-256:0ffe18aa87b330a2114fe773eb348357625c4ea79012d7e536954509500e060b
+./data/meterpreter/ext_server_unhook.x86.dll:SHA3-256:449eda2f641c1ac36266304494647b538062123a1b09d80d291bf499e3760617
+./data/meterpreter/ext_server_winpmem.x64.debug.dll:SHA3-256:15e1303ee7c80da536ddd8de4ae68f7ac698b170d9df3d8f73ac635550e4704f
+./data/meterpreter/ext_server_winpmem.x64.dll:SHA3-256:b676cdc0a285b8bf058c5a4eedfd2e0a9e7319dd03690c6d5848d8b680f22589
+./data/meterpreter/ext_server_winpmem.x86.debug.dll:SHA3-256:bc5fe4881328848a7188469f23344db547ac3ba0282683a5dbbc9a9420fb64f3
+./data/meterpreter/ext_server_winpmem.x86.dll:SHA3-256:ac760dbc5623c425ecefb8249eaee78d8a94b808f8dbac387292f77d60b26be9
 ./data/meterpreter/meterpreter.jar:SHA3-256:fc4bd122c9df063808270708e91a0da546de2c7a139bbfa000af65f6b0727dff
 ./data/meterpreter/meterpreter.php:SHA3-256:9389b1548410438d93ce12a2e276b7b2e77046845e6fca43b419b516de3871f9
 ./data/meterpreter/meterpreter.py:SHA3-256:a4ed4d3bb4c28c208a3f00453ccd1c50bb958cc8c20905599e7ba40a3259dba5
-./data/meterpreter/metsrv.x64.debug.dll:SHA3-256:91bd0572bac9a89d2c137ef31bd3a9f48400508f40e6b21040cd1c48625e448e
-./data/meterpreter/metsrv.x64.dll:SHA3-256:157f7d30d67c51fcf909945fabfa87ca134e8fefbb1f99c1011a71a1fea589e5
-./data/meterpreter/metsrv.x86.debug.dll:SHA3-256:0471bc50622447ffff6685f1f700d4bb68b64b4069ddf9632ee46ab10e494f75
-./data/meterpreter/metsrv.x86.dll:SHA3-256:13fa85c27633e92b3ffa59c647afb15a2786f37140fd19c92c52ed2e43890766
-./data/meterpreter/screenshot.x64.debug.dll:SHA3-256:d47ba16f51aec271997a3a9bec0e5170959ff09e49938dbd6a5247547657dd50
-./data/meterpreter/screenshot.x64.dll:SHA3-256:193e7d3c48eb7d8b3f1d8c24a0bdc6aad5dd32b3b3a0bb2af892b968e08fe20a
-./data/meterpreter/screenshot.x86.debug.dll:SHA3-256:f3c0cce17d0dd2910e201b8f8ff7a1d93bbf951b6a4570ffe054d39c23957c1f
-./data/meterpreter/screenshot.x86.dll:SHA3-256:b1d575fb9d03a7d9e49e47a7052b9dee555ef316298ea46685aa8c65126fa239
+./data/meterpreter/metsrv.x64.debug.dll:SHA3-256:c957f05143173351574d10ee9ee8e7e752a73bbbe46d1566dce89826e26dd19d
+./data/meterpreter/metsrv.x64.dll:SHA3-256:30cd3b37fe9af1a1882367b94e458f3ceba6792ab3833f15c3b41d895fa20f7d
+./data/meterpreter/metsrv.x86.debug.dll:SHA3-256:abac7c6fc2deec55731649a38c6f4529dd9c8cd4398a9f9eacdc7696f5e1ea94
+./data/meterpreter/metsrv.x86.dll:SHA3-256:10266591ea8eaafab8abdbfc9553c4d873aebdebeaf1e9b0ea6ad9d79c458f0b
+./data/meterpreter/screenshot.x64.debug.dll:SHA3-256:41ab6d6d31c4e7b19061a4b1d56ccf0eb45f16982b35c4e82713681aca4e99b5
+./data/meterpreter/screenshot.x64.dll:SHA3-256:9f9f2273bde229ba0bfe17b305d842428d465ccf98206c4573222baae1ef1fa2
+./data/meterpreter/screenshot.x86.debug.dll:SHA3-256:dc30868b1bd6a58115fac0926a107b473de2ad76e31f83719dd025fe2124f248
+./data/meterpreter/screenshot.x86.dll:SHA3-256:225efea4164a0ce9dabe263da6df8f03bcac21daef7d13a19896690ebb5f78c7

data/manifest.uuid

@@ -1 +1 @@
-31f50d587a54c34f44f443bdfa68348bf633f7f78d263e1911a535211d09f8d2
+db210e75d5f3ab01cbd7d01be778ba52a03fe35438314094c412ff489a878dae

data/spec/metasploit_payloads/metasploit_payloads_spec.rb

@@ -0,0 +1,249 @@
+# frozen_string_literal: true
+
+require 'metasploit-payloads'
+
+RSpec.describe ::MetasploitPayloads do
+  describe '::VERSION' do
+    it 'has a version number' do
+      expect(::MetasploitPayloads::VERSION).not_to be nil
+    end
+  end
+
+  describe '::Error' do
+    it 'has an Error class' do
+      expect(::MetasploitPayloads::Error.superclass).to be(::StandardError)
+    end
+
+    it 'has a NotFoundError class' do
+      expect(::MetasploitPayloads::NotFoundError.superclass).to be(::MetasploitPayloads::Error)
+    end
+
+    it 'has a NotReadableError class' do
+      expect(::MetasploitPayloads::NotReadableError.superclass).to be(::MetasploitPayloads::Error)
+    end
+
+    it 'has a HashMismatchError class' do
+      expect(::MetasploitPayloads::HashMismatchError.superclass).to be(::MetasploitPayloads::Error)
+    end
+  end
+
+  describe '#readable_path' do
+    let(:sample_file) { { name: 'meterpreter/meterpreter.py' } }
+
+    before :each do
+      allow(::File).to receive(:exist?).and_call_original
+      allow(::File).to receive(:readable?).and_call_original
+    end
+
+    context 'when the path is not readable' do
+      it 'raises a ::MetasploitPayloads::NotReadableError' do
+        allow(::File).to receive(:exist?).with(sample_file[:name]).and_return(true)
+        allow(::File).to receive(:readable?).with(sample_file[:name]).and_return(false)
+
+        expect { subject.readable_path(sample_file[:name]) }.to raise_error(::MetasploitPayloads::NotReadableError)
+      end
+    end
+
+    context 'when the path does not exist' do
+      it 'returns nil' do
+        allow(::File).to receive(:exist?).with(sample_file[:name]).and_return(false)
+        allow(::File).to receive(:readable?).with(sample_file[:name]).and_return(false)
+
+        expect(subject.readable_path(sample_file[:name])).to eq(nil)
+      end
+    end
+
+    context 'when the path exists and is readable' do
+      it 'returns the correct path' do
+        allow(::File).to receive(:exist?).with(sample_file[:name]).and_return(true)
+        allow(::File).to receive(:readable?).with(sample_file[:name]).and_return(true)
+
+        expect(subject.readable_path(sample_file[:name])).to eq(sample_file[:name])
+      end
+    end
+  end
+
+  describe '#path' do
+    let(:sample_file) { { name: 'meterpreter/meterpreter.py' } }
+
+    before :each do
+      allow(::File).to receive(:exist?).and_call_original
+      allow(::File).to receive(:readable?).and_call_original
+      allow(::MetasploitPayloads).to receive(:expand).and_call_original
+
+      allow(::MetasploitPayloads).to receive(:expand)
+        .with(::MetasploitPayloads.data_directory, sample_file[:name])
+        .and_return(sample_file[:name])
+    end
+
+    [
+      { context: 'is not readable', exist: true, readable: false, expected: ::MetasploitPayloads::NotReadableError },
+      { context: 'does not exist', exist: false, readable: false, expected: ::MetasploitPayloads::NotFoundError }
+    ].each do |test|
+      context "when the path #{test[:context]}" do
+        it "raises #{test[:expected]}" do
+          allow(::File).to receive(:exist?).with(sample_file[:name]).and_return(test[:exist])
+          allow(::File).to receive(:readable?).with(sample_file[:name]).and_return(test[:readable])
+
+          expect { subject.path(sample_file[:name]) }.to raise_error(test[:expected])
+        end
+      end
+    end
+
+    context 'when the path exists and is readable' do
+      it 'returns the correct path' do
+        allow(::File).to receive(:exist?).with(sample_file[:name]).and_return(true)
+        allow(::File).to receive(:readable?).with(sample_file[:name]).and_return(true)
+
+        expect(subject.path(sample_file[:name])).to eq(sample_file[:name])
+      end
+    end
+  end
+
+  describe '#manifest_errors' do
+    let(:hash_type) { 'SHA3-256' }
+    let(:hash) { { type: hash_type, value: '92e931e6b47caad6df4249cc263fdbe5d2975c4163f5b06963208163b7af97b5' } }
+    let(:sample_file) { { name: 'meterpreter/ext_server_stdapi.php', contents: 'sample_data', hash: hash } }
+    let(:manifest_values) { ["./data/#{sample_file[:name]}", sample_file[:hash][:type], sample_file[:hash][:value]] }
+    let(:manifest) { manifest_values.join(':') }
+    let(:manifest_uuid) { ::OpenSSL::Digest.new(hash_type, manifest).to_s }
+    let(:manifest_path) { 'manifest' }
+    let(:manifest_uuid_path) { 'manifest.uuid' }
+
+    before :each do
+      allow(::MetasploitPayloads).to receive(:manifest_path).and_call_original
+      allow(::MetasploitPayloads).to receive(:manifest_path).and_return(manifest_path)
+
+      allow(::MetasploitPayloads).to receive(:manifest_uuid_path).and_call_original
+      allow(::MetasploitPayloads).to receive(:manifest_uuid_path).and_return(manifest_uuid_path)
+
+      allow(::File).to receive(:binread).and_call_original
+      allow(::File).to receive(:binread).with(sample_file[:name]).and_return(sample_file[:contents])
+      allow(::File).to receive(:binread).with(::MetasploitPayloads.send(:manifest_path)).and_return(manifest)
+      allow(::File).to receive(:binread).with(::MetasploitPayloads.send(:manifest_uuid_path)).and_return(manifest_uuid)
+
+      allow(::OpenSSL::Digest).to receive(:new).and_call_original
+      allow(::OpenSSL::Digest).to receive(:new).with(hash_type,
+                                                     sample_file[:contents]).and_return(sample_file[:hash][:value])
+    end
+
+    context 'when manifest hash does not match' do
+      it 'result includes the manifest file' do
+        allow(::File).to receive(:binread).with(::MetasploitPayloads.send(:manifest_uuid_path))
+                                          .and_return('mismatched_manifest_hash')
+        path = ::MetasploitPayloads.send(:manifest_path)
+        e = ::MetasploitPayloads::HashMismatchError.new(path)
+
+        expect(subject.manifest_errors).to include({ path: path, error: e })
+      end
+    end
+
+    context 'when manifest hash does match' do
+      it 'result does not include manifest' do
+        path = ::MetasploitPayloads.send(:manifest_uuid_path)
+        e = ::MetasploitPayloads::HashMismatchError.new(path)
+
+        expect(subject.manifest_errors).not_to include({ path: path, error: e })
+      end
+    end
+
+    context 'when there are no file warnings' do
+      it 'returns an empty array' do
+        allow(::MetasploitPayloads).to receive(:path).with(sample_file[:name]).and_return(sample_file[:name])
+        allow(::File).to receive(:exist?).with(sample_file[:name]).and_return(true)
+        full_file_path = ::MetasploitPayloads.expand(::MetasploitPayloads.data_directory, sample_file[:name])
+        allow(::File).to receive(:readable?).with(full_file_path).and_return(true)
+        allow(::File).to receive(:binread).with(full_file_path).and_return(sample_file[:contents])
+
+        expect(subject.manifest_errors).to eq([])
+      end
+    end
+
+    [
+      { context: 'does not exist', error_class: ::MetasploitPayloads::NotFoundError },
+      { context: 'is not readable', error_class: ::MetasploitPayloads::NotReadableError }
+    ].each do |test|
+      context "when a file #{test[:context]}" do
+        it 'includes the correct error' do
+          error = test[:error_class].new(sample_file[:name])
+          allow(::MetasploitPayloads).to receive(:path).with(sample_file[:name]).and_raise(error)
+
+          expect(subject.manifest_errors).to include({ path: sample_file[:name], error: error })
+        end
+      end
+    end
+
+    context 'when a bundled file hash does not match' do
+      it 'includes the correct error' do
+        allow(::File).to receive(:exist?).with(sample_file[:name]).and_return(true)
+        full_file_path = ::MetasploitPayloads.expand(::MetasploitPayloads.data_directory, sample_file[:name])
+        allow(::File).to receive(:readable?).with(full_file_path).and_return(true)
+        allow(::File).to receive(:binread).with(full_file_path).and_return('mismatched_file_contents')
+        e = ::MetasploitPayloads::HashMismatchError.new(full_file_path)
+
+        expect(subject.manifest_errors).to include({ path: full_file_path, error: e })
+      end
+    end
+
+    context 'when the manifest file' do
+      context 'does not exist' do
+        it 'only includes the manifest error' do
+          # path = ::MetasploitPayloads.send(:manifest_path)
+          e = ::Errno::ENOENT.new(manifest_path)
+          allow(::File).to receive(:binread).with(manifest_path).and_raise(e)
+
+          expect(subject.manifest_errors).to eq([{ path: manifest_path, error: e }])
+        end
+      end
+
+      context 'cannot be read' do
+        it 'only includes the manifest error' do
+          e = ::Errno::EACCES.new(manifest_path)
+          allow(::File).to receive(:binread).with(manifest_path).and_raise(e)
+
+          expect(subject.manifest_errors).to eq([{ path: manifest_path, error: e }])
+        end
+      end
+    end
+
+    context 'when the manifest.uuid file' do
+      context 'does not exist' do
+        it 'includes the correct error' do
+          e = ::Errno::ENOENT.new(manifest_uuid_path)
+          allow(::File).to receive(:binread).with(manifest_uuid_path).and_raise(e)
+
+          expect(subject.manifest_errors).to include({ path: manifest_uuid_path, error: e })
+        end
+      end
+    end
+
+    context 'when manifest is readable and manifest.uuid is not readable' do
+      before :each do
+        allow(::File).to receive(:binread).with(manifest_uuid_path).and_raise(::Errno::EACCES.new(manifest_uuid_path))
+      end
+
+      it 'correctly evaluates a file hash mismatch' do
+        bundled_file_path = ::MetasploitPayloads.expand(::MetasploitPayloads.data_directory, sample_file[:name])
+        error = ::MetasploitPayloads::HashMismatchError.new(bundled_file_path)
+        allow(::MetasploitPayloads).to receive(:path).with(sample_file[:name]).and_return(bundled_file_path)
+        allow(::File).to receive(:binread).with(bundled_file_path).and_return('sample_mismatched_contents')
+
+        expect(subject.manifest_errors).to include({ path: bundled_file_path, error: error })
+      end
+
+      it 'correctly evaluates a missing file' do
+        error = ::MetasploitPayloads::NotFoundError.new(sample_file[:name])
+        allow(::MetasploitPayloads).to receive(:path).with(sample_file[:name]).and_raise(error)
+
+        expect(subject.manifest_errors).to include({ path: sample_file[:name], error: error })
+      end
+
+      it 'correctly evaluates an unreadable file' do
+        error = ::MetasploitPayloads::NotReadableError.new(sample_file[:name])
+        allow(::MetasploitPayloads).to receive(:path).with(sample_file[:name]).and_raise(error)
+
+        expect(subject.manifest_errors).to include({ path: sample_file[:name], error: error })
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,103 @@
+# frozen_string_literal: true
+
+require 'metasploit_payloads/metasploit_payloads_spec'
+
+# This file was generated by the `rspec --init` command. Conventionally, all
+# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
+# The generated `.rspec` file contains `--require spec_helper` which will cause
+# this file to always be loaded, without a need to explicitly require it in any
+# files.
+#
+# Given that it is always loaded, you are encouraged to keep this file as
+# light-weight as possible. Requiring heavyweight dependencies from this file
+# will add to the boot time of your test suite on EVERY test run, even for an
+# individual file that may not need all of that loaded. Instead, consider making
+# a separate helper file that requires the additional dependencies and performs
+# the additional setup, and require it from the spec files that actually need
+# it.
+#
+# The `.rspec` file also contains a few flags that are not defaults but that
+# users commonly want.
+#
+# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
+RSpec.configure do |config|
+  # rspec-expectations config goes here. You can use an alternate
+  # assertion/expectation library such as wrong or the stdlib/minitest
+  # assertions if you prefer.
+  config.expect_with :rspec do |expectations|
+    # This option will default to `true` in RSpec 4. It makes the `description`
+    # and `failure_message` of custom matchers include text for helper methods
+    # defined using `chain`, e.g.:
+    #     be_bigger_than(2).and_smaller_than(4).description
+    #     # => "be bigger than 2 and smaller than 4"
+    # ...rather than:
+    #     # => "be bigger than 2"
+    expectations.include_chain_clauses_in_custom_matcher_descriptions = true
+  end
+
+  # rspec-mocks config goes here. You can use an alternate test double
+  # library (such as bogus or mocha) by changing the `mock_with` option here.
+  config.mock_with :rspec do |mocks|
+    # Prevents you from mocking or stubbing a method that does not exist on
+    # a real object. This is generally recommended, and will default to
+    # `true` in RSpec 4.
+    mocks.verify_partial_doubles = true
+  end
+
+  # This option will default to `:apply_to_host_groups` in RSpec 4 (and will
+  # have no way to turn it off -- the option exists only for backwards
+  # compatibility in RSpec 3). It causes shared context metadata to be
+  # inherited by the metadata hash of host groups and examples, rather than
+  # triggering implicit auto-inclusion in groups with matching metadata.
+  config.shared_context_metadata_behavior = :apply_to_host_groups
+
+  # The settings below are suggested to provide a good initial experience
+  # with RSpec, but feel free to customize to your heart's content.
+  # This allows you to limit a spec run to individual examples or groups
+  # you care about by tagging them with `:focus` metadata. When nothing
+  # is tagged with `:focus`, all examples get run. RSpec also provides
+  # aliases for `it`, `describe`, and `context` that include `:focus`
+  # metadata: `fit`, `fdescribe` and `fcontext`, respectively.
+  config.filter_run_when_matching :focus
+
+  # Allows RSpec to persist some state between runs in order to support
+  # the `--only-failures` and `--next-failure` CLI options. We recommend
+  # you configure your source control system to ignore this file.
+  config.example_status_persistence_file_path = 'spec/examples.txt'
+
+  # Limits the available syntax to the non-monkey patched syntax that is
+  # recommended. For more details, see:
+  # https://rspec.info/features/3-12/rspec-core/configuration/zero-monkey-patching-mode/
+  config.disable_monkey_patching!
+
+  # This setting enables warnings. It's recommended, but in some cases may
+  # be too noisy due to issues in dependencies.
+  config.warnings = true
+
+  # Many RSpec users commonly either run the entire suite or an individual
+  # file, and it's useful to allow more verbose output when running an
+  # individual spec file.
+  if config.files_to_run.one?
+    # Use the documentation formatter for detailed output,
+    # unless a formatter has already been configured
+    # (e.g. via a command-line flag).
+    config.default_formatter = 'doc'
+  end
+
+  # Print the 10 slowest examples and example groups at the
+  # end of the spec run, to help surface which specs are running
+  # particularly slow.
+  config.profile_examples = 10
+
+  # Run specs in random order to surface order dependencies. If you find an
+  # order dependency and want to debug it, you can fix the order by providing
+  # the seed, which is printed after each run.
+  #     --seed 1234
+  config.order = :random
+
+  # Seed global randomization in this process using the `--seed` CLI option.
+  # Setting this allows you to use `--seed` to deterministically reproduce
+  # test failures related to randomization by passing the same `--seed` value
+  # as the one that triggered the failure.
+  Kernel.srand config.seed
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: metasploit-payloads
 version: !ruby/object:Gem::Version
-  version: 2.0.153
+  version: 2.0.154
 platform: ruby
 authors:
 - OJ Reeves
@@ -137,6 +137,7 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".gitignore"
+- ".rspec"
 - CONTRIBUTING.md
 - Gemfile
 - LICENSE
@@ -240,10 +241,13 @@ files:
 - data/meterpreter/screenshot.x86.debug.dll
 - data/meterpreter/screenshot.x86.dll
 - lib/metasploit-payloads.rb
+- lib/metasploit-payloads/error.rb
 - lib/metasploit-payloads/version.rb
 - manifest
 - manifest.uuid
 - metasploit-payloads.gemspec
+- spec/metasploit_payloads/metasploit_payloads_spec.rb
+- spec/spec_helper.rb
 homepage: http://www.metasploit.com
 licenses:
 - 3-clause (or "modified") BSD