From 5b94c7e2d4d720783c9239ad2fce095acdde811d Mon Sep 17 00:00:00 2001
From: jvoisin <julien.voisin@dustri.org>
Date: Sun, 1 Sep 2024 22:53:17 +0200
Subject: [PATCH 1/3] Add an encoder to minify php payloads

```console
$ ./msfvenom --platform php -a php -p php/reverse_php | ./msfvenom -e php/base64 --platform php -a php | php -l
Attempting to read payload from STDIN...
No encoder specified, outputting raw payload
Payload size: 3010 bytes
Found 1 compatible encoders
Attempting to encode payload with 1 iterations of php/base64
php/base64 succeeded with size 4052 (iteration=0)
php/base64 chosen with final size 4052
Payload size: 4052 bytes

No syntax errors detected in Standard input code
$ ./msfvenom --platform php -a php -p php/reverse_php -e php/minify | ./msfvenom -e php/base64 --platform php -a php | php -l
Attempting to read payload from STDIN...
Found 1 compatible encoders
Attempting to encode payload with 1 iterations of php/minify
php/minify succeeded with size 2109 (iteration=0)
php/minify chosen with final size 2109
Payload size: 2109 bytes

Found 1 compatible encoders
Attempting to encode payload with 1 iterations of php/base64
php/base64 succeeded with size 2839 (iteration=0)
php/base64 chosen with final size 2839
Payload size: 2839 bytes

No syntax errors detected in Standard input code
$
```
---
 modules/encoders/php/minify.rb | 42 ++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 modules/encoders/php/minify.rb

diff --git a/modules/encoders/php/minify.rb b/modules/encoders/php/minify.rb
new file mode 100644
index 000000000000..bf6438986388
--- /dev/null
+++ b/modules/encoders/php/minify.rb
@@ -0,0 +1,42 @@
+##
+# This module requires Metasploit: https://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+class MetasploitModule < Msf::Encoder
+  Rank = GreatRanking
+
+  def initialize
+    super(
+      'Name' => 'PHP Minify Encoder',
+      'Description' => %q{
+        This encoder minifies a PHP payload by removing leasing spaces, trailing
+        new lines, comments, …
+      },
+      'Author' => 'Julien Voisin',
+      'License' => BSD_LICENSE,
+      'Arch' => ARCH_PHP)
+  end
+
+  def encode_block(_, buf)
+    # Remove comments
+    buf.gsub!(/^\s*#.*$/, '')
+
+    # Remove spaces after keywords
+    buf.gsub!(/^\s*(if|else|elsif|while|for|foreach)\s*\(/, '\1(')
+
+    # Remove spaces before block opening
+    buf.gsub!(/\s*{$/, '{')
+
+    # Remove empty lines
+    buf.squeeze!("\n")
+
+    # Remove leading/trailing spaces
+    buf.gsub!(/^[ \t]+/, '')
+
+    # Remove new lines
+    buf.gsub!(/([;{}])\n/, '\1')
+
+    return buf
+  end
+end

From 72f4dcb5290a94768ee6c95de4d40cb303f22752 Mon Sep 17 00:00:00 2001
From: Metasploit <metasploit@rapid7.com>
Date: Wed, 4 Sep 2024 17:13:06 -0500
Subject: [PATCH 2/3] automatic module_metadata_base.json update

---
 db/modules_metadata_base.json | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
index 62cbf5879232..93fb6d632b24 100644
--- a/db/modules_metadata_base.json
+++ b/db/modules_metadata_base.json
@@ -63737,6 +63737,40 @@
     "session_types": false,
     "needs_cleanup": false
   },
+  "encoder_php/minify": {
+    "name": "PHP Minify Encoder",
+    "fullname": "encoder/php/minify",
+    "aliases": [
+
+    ],
+    "rank": 500,
+    "disclosure_date": null,
+    "type": "encoder",
+    "author": [
+      "Julien Voisin"
+    ],
+    "description": "This encoder minifies a PHP payload by removing leasing spaces, trailing\n        new lines, comments, …",
+    "references": [
+
+    ],
+    "platform": "All",
+    "arch": "php",
+    "rport": null,
+    "autofilter_ports": null,
+    "autofilter_services": null,
+    "targets": null,
+    "mod_time": "2024-09-01 22:53:17 +0000",
+    "path": "/modules/encoders/php/minify.rb",
+    "is_install_path": true,
+    "ref_name": "php/minify",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+    },
+    "session_types": false,
+    "needs_cleanup": false
+  },
   "encoder_ppc/longxor": {
     "name": "PPC LongXOR Encoder",
     "fullname": "encoder/ppc/longxor",

From 6f1acf4610322f7c01eeee9b608fa0dab132fa7b Mon Sep 17 00:00:00 2001
From: Metasploit <metasploit@rapid7.com>
Date: Thu, 5 Sep 2024 03:38:07 -0500
Subject: [PATCH 3/3] Bump version of framework to 6.4.26

---
 Gemfile.lock                        |  2 +-
 LICENSE_GEMS                        | 22 +++++++++++-----------
 lib/metasploit/framework/version.rb |  2 +-
 3 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 98c8f3836d79..589f4fd94054 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    metasploit-framework (6.4.25)
+    metasploit-framework (6.4.26)
       aarch64
       abbrev
       actionpack (~> 7.0.0)
diff --git a/LICENSE_GEMS b/LICENSE_GEMS
index 2fe440051909..dfe658d325d3 100644
--- a/LICENSE_GEMS
+++ b/LICENSE_GEMS
@@ -30,12 +30,12 @@ bigdecimal, 3.1.8, "ruby, Simplified BSD"
 bindata, 2.4.15, "Simplified BSD"
 bootsnap, 1.18.3, MIT
 bson, 5.0.0, "Apache 2.0"
-builder, 3.2.4, MIT
-bundler, 2.1.4, MIT
+builder, 3.3.0, MIT
+bundler, 2.2.3, MIT
 byebug, 11.1.3, "Simplified BSD"
 chunky_png, 1.4.0, MIT
 coderay, 1.1.3, MIT
-concurrent-ruby, 1.3.1, MIT
+concurrent-ruby, 1.3.4, MIT
 cookiejar, 0.3.4, "Simplified BSD"
 crass, 1.0.6, MIT
 csv, 3.3.0, "ruby, Simplified BSD"
@@ -50,7 +50,7 @@ drb, 2.2.1, "ruby, Simplified BSD"
 ed25519, 1.3.0, MIT
 em-http-request, 1.1.7, MIT
 em-socksify, 0.3.2, MIT
-erubi, 1.12.0, MIT
+erubi, 1.13.0, MIT
 eventmachine, 1.2.7, "ruby, GPL-2.0"
 factory_bot, 6.4.6, MIT
 factory_bot_rails, 6.4.3, MIT
@@ -86,7 +86,7 @@ memory_profiler, 1.0.1, MIT
 metasm, 1.0.5, LGPL-2.1
 metasploit-concern, 5.0.2, "New BSD"
 metasploit-credential, 6.0.9, "New BSD"
-metasploit-framework, 6.4.25, "New BSD"
+metasploit-framework, 6.4.26, "New BSD"
 metasploit-model, 5.0.2, "New BSD"
 metasploit-payloads, 2.0.166, "3-clause (or ""modified"") BSD"
 metasploit_data_models, 6.0.3, "New BSD"
@@ -95,7 +95,7 @@ method_source, 1.1.0, MIT
 mime-types, 3.5.2, MIT
 mime-types-data, 3.2024.0604, MIT
 mini_portile2, 2.8.7, MIT
-minitest, 5.23.1, MIT
+minitest, 5.25.1, MIT
 mqtt, 0.6.0, MIT
 msgpack, 1.6.1, "Apache 2.0"
 multi_json, 1.15.0, MIT
@@ -111,7 +111,7 @@ net-ssh, 7.2.3, MIT
 network_interface, 0.0.4, MIT
 nexpose, 7.3.0, "New BSD"
 nio4r, 2.7.3, "MIT, Simplified BSD"
-nokogiri, 1.16.5, MIT
+nokogiri, 1.16.7, MIT
 nori, 2.7.0, MIT
 octokit, 4.25.1, MIT
 openssl-ccm, 1.2.3, MIT
@@ -128,7 +128,7 @@ pry, 0.14.2, MIT
 pry-byebug, 3.10.1, MIT
 public_suffix, 5.0.5, MIT
 puma, 6.4.2, "New BSD"
-racc, 1.8.0, "ruby, Simplified BSD"
+racc, 1.8.1, "ruby, Simplified BSD"
 rack, 2.2.9, MIT
 rack-protection, 3.2.0, MIT
 rack-test, 2.1.0, MIT
@@ -166,9 +166,9 @@ rexml, 3.3.6, "Simplified BSD"
 rkelly-remix, 0.0.7, MIT
 rspec, 3.13.0, MIT
 rspec-core, 3.13.0, MIT
-rspec-expectations, 3.13.0, MIT
+rspec-expectations, 3.13.2, MIT
 rspec-mocks, 3.13.1, MIT
-rspec-rails, 6.1.2, MIT
+rspec-rails, 6.1.4, MIT
 rspec-rerun, 1.1.0, MIT
 rspec-support, 3.13.1, MIT
 rubocop, 1.64.1, MIT
@@ -215,4 +215,4 @@ winrm, 2.3.6, "Apache 2.0"
 xdr, 3.0.3, "Apache 2.0"
 xmlrpc, 0.3.3, "ruby, Simplified BSD"
 yard, 0.9.36, MIT
-zeitwerk, 2.6.15, MIT
+zeitwerk, 2.6.17, MIT
diff --git a/lib/metasploit/framework/version.rb b/lib/metasploit/framework/version.rb
index 16fdd7a93cbe..8ce9473e0842 100644
--- a/lib/metasploit/framework/version.rb
+++ b/lib/metasploit/framework/version.rb
@@ -32,7 +32,7 @@ def self.get_hash
         end
       end
 
-      VERSION = "6.4.25"
+      VERSION = "6.4.26"
       MAJOR, MINOR, PATCH = VERSION.split('.').map { |x| x.to_i }
       PRERELEASE = 'dev'
       HASH = get_hash