spelling fixes on docs

documentation/modules/auxiliary/admin/aws/aws_launch_instances.md

@@ -21,7 +21,7 @@ Shell #1:
 [*] instance i-12345678 status: initializing
 ...
 [*] instance i-12345678 status: ok
-[*] Instance i-12345678 has IP adrress 35.12.4.1
+[*] Instance i-12345678 has IP address 35.12.4.1
 [*] Auxiliary module execution completed
 ```
 
@@ -56,7 +56,7 @@ can be made available by assigning an Internet routable IP address to a host or
 routing traffic to it through an ELB (Elastic Load Balancer). In either case
 security-groups are used to open access to network ranges and specific TPC/UDP
 ports. Security-groups provide much of the functionality of traditional firewalls
-and can be configured by specifyig a protocol, a CIDR and a port. 
+and can be configured by specifying a protocol, a CIDR and a port. 
 
 ## How it Works
 
@@ -126,7 +126,7 @@ Advanced Options:
 
 * `INSTANCE_TYPE`: The instance type
 * `MaxCount`: Maximum number of instances to launch
-* `MinCount`: Minumum number of instances to launch
+* `MinCount`: Minimum number of instances to launch
 * `ROLE_NAME`: The instance profile/role name
 * `RPORT:` AWS EC2 Endpoint TCP Port
 * `SEC_GROUP_ID`: the EC2 security group to use

documentation/modules/auxiliary/admin/dcerpc/icpr_cert.md

@@ -127,7 +127,7 @@ has the [KB5014754][KB5014754] patch applied and the REG_DWORD
 account with the specified UPN should be supplied as well. In November of 2023, Microsoft will change the default value
 of `StrongCertificateBindingEnforcement` to 2. If the server has the patch applied, the SID will be returned in the
 issued certificate which ensures that the required strong mapping is in place. If the strong mapping is required and the
-SID is not specified in the certificate, then Kerberos authentication wil fail with `KDC_ERR_CERTIFICATE_MISMATCH`.
+SID is not specified in the certificate, then Kerberos authentication will fail with `KDC_ERR_CERTIFICATE_MISMATCH`.
 
 The user must know:
 

documentation/modules/auxiliary/admin/http/cisco_7937g_ssh_privesc.md

@@ -128,7 +128,7 @@ ncasCb - Show detailed ncas information, related to either call services,
 uptime - Show phone uptime.
 appPrt - Show UI's call status.
 fntPrt - Show information about fonts available on phone.
-memtop - Shows the top poiter to current memory.
+memtop - Shows the top pointer to current memory.
 removeScheduledLogEntry - debug
 addScheduledLogEntry - debug
 fatalError - Simulate fatal error for the phone.
@@ -178,8 +178,8 @@ localePrintAll - localePrintAll
 ceShow - Show Client Engine Status
 
 Commands 101 to 121:
-udiShow - Show Unique Device Indentifier
-show - Show Unique Device Indentifier
+udiShow - Show Unique Device Identifier
+show - Show Unique Device Identifier
 pbnShow - Display app & bootrom headers
 upr - Upgrade to a Rockpile Standalone Image
 upm - Upgrade to a Rockpile Manf Image
@@ -336,7 +336,7 @@ ncasCb - Show detailed ncas information, related to either call services,
 uptime - Show phone uptime.
 appPrt - Show UI's call status.
 fntPrt - Show information about fonts available on phone.
-memtop - Shows the top poiter to current memory.
+memtop - Shows the top pointer to current memory.
 removeScheduledLogEntry - debug
 addScheduledLogEntry - debug
 fatalError - Simulate fatal error for the phone.
@@ -386,8 +386,8 @@ localePrintAll - localePrintAll
 ceShow - Show Client Engine Status
 
 Commands 101 to 121:
-udiShow - Show Unique Device Indentifier
-show - Show Unique Device Indentifier
+udiShow - Show Unique Device Identifier
+show - Show Unique Device Identifier
 pbnShow - Display app & bootrom headers
 upr - Upgrade to a Rockpile Standalone Image
 upm - Upgrade to a Rockpile Manf Image

documentation/modules/auxiliary/admin/http/typo3_news_module_sqli.md

@@ -4,7 +4,7 @@ News module extensions v5.3.2 and earlier for TYPO3 contain an SQL injection vul
 
 ## Vulnerable Application
 
-In vulnerable versions of the news module for TYPO3, a filter for unsetting user specified values does not account for capitalization of the paramter name. This allows a user to inject values to an SQL query.
+In vulnerable versions of the news module for TYPO3, a filter for unsetting user specified values does not account for capitalization of the parameter name. This allows a user to inject values to an SQL query.
 
 To exploit the vulnerability, the module generates requests and sets a value for `order` and `OrderByAllowed`, which gets passed to the SQL query. The requests are constructed to reorder the display of news articles based on a character matching. This allows a blind SQL injection to be performed to retrieve a username and password hash.
 
@@ -28,7 +28,7 @@ The value for query parameter `id` of the page that the news extension is runnin
 - [ ] Enable the news extension
 - [ ] Import [vulnerable page](https://github.com/rapid7/metasploit-framework/files/1015777/T3D__2017-05-20_02-17-z.t3d.zip)
 - [ ] Enable page
-- [ ] Verify if page is visble to unauthenticated user and note the id
+- [ ] Verify if page is visible to unauthenticated user and note the id
 - [ ] `./msfconsole -q -x 'use auxiliary/admin/http/typo3_news_module_sqli; set rhost <rhost>; set id <id>; run'`
 - [ ] Username and password hash should have been retrieved
 

documentation/modules/auxiliary/admin/kerberos/get_ticket.md

@@ -78,7 +78,7 @@ Default is `true`.
 
 This option is only used when requesting a TGS.
 
-The Kerberos TGT to use when requesting the sevice ticket. If unset, the database will be checked'
+The Kerberos TGT to use when requesting the service ticket. If unset, the database will be checked'
 
 ## Scenarios
 

documentation/modules/auxiliary/admin/kerberos/keytab.md

@@ -63,7 +63,7 @@ Export Kerberos encryption keys stored in the Metasploit database to a keytab fi
 # Secrets dump
 msf6 > use auxiliary/gather/windows_secrets_dump
 msf6 auxiliary(gather/windows_secrets_dump) > run smbuser=Administrator smbpass=p4$$w0rd rhosts=192.168.123.13
-... ommitted ...
+... omitted ...
 # Kerberos keys:
 Administrator:aes256-cts-hmac-sha1-96:56c3bf6629871a4e4b8ec894f37489e823bbaecc2a0a4a5749731afa9d158e01
 Administrator:aes128-cts-hmac-sha1-96:df990c21c4e8ea502efbbca3aae435ea
@@ -72,7 +72,7 @@ Administrator:des-cbc-crc:ad49d9d92f5da170
 krbtgt:aes256-cts-hmac-sha1-96:e1c5500ffb883e713288d8037651821b9ecb0dfad89e01d1b920fe136879e33c
 krbtgt:aes128-cts-hmac-sha1-96:ba87b2bc064673da39f40d37f9daa9da
 krbtgt:des-cbc-md5:3ddf2f627c4cbcdc
-... ommitted ...
+... omitted ...
 [*] Auxiliary module execution completed
 
 # Export to keytab
@@ -94,7 +94,7 @@ Keytab entries
  1     18 (AES256)       [email protected]                           e1c5500ffb883e713288d8037651821b9ecb0dfad89e01d1b920fe136879e33c  1970-01-01 01:00:00 +0100
  1     17 (AES128)       [email protected]                           ba87b2bc064673da39f40d37f9daa9da                                  1970-01-01 01:00:00 +0100
  1     3  (DES_CBC_MD5)  [email protected]                           3ddf2f627c4cbcdc                                                  1970-01-01 01:00:00 +0100
-... ommitted ...
+... omitted ...
 [*] Auxiliary module execution completed
 ```
 
@@ -168,7 +168,7 @@ tgs-req
                   ^^^^^^^^^^^^^^ authenticator value now decrypted using the previously generated keytab file
 ```
 
-If you have exported the `krbtgt` account to the keytab file - Wireshark will also decrypt the TGT ticket itsel. If not - Wireshark
+If you have exported the `krbtgt` account to the keytab file - Wireshark will also decrypt the TGT ticket itself. If not - Wireshark
 will generate warnings about being unable to decrypt the TGT ticket which is signed using the krbtgt account.
 
 Additional details: https://wiki.wireshark.org/Kerberos

documentation/modules/auxiliary/admin/ldap/ad_cs_cert_template.md

@@ -56,11 +56,11 @@ The file format is determined by the extension so the file must end in either `.
 
 #### The JSON format
 The JSON file format is a hash with attribute name keys and ASCII-hex encoded values. These files are compatible with
-[`Certipy`'s][certipy] `template` command. This module uses the JSON file format when storing copies fo certificate to
+[`Certipy`'s][certipy] `template` command. This module uses the JSON file format when storing copies of certificate to
 disk.
 
 #### The YAML format
-The YAML file format is similiar to the JSON file format, but takes advantage of YAML's ability to include comments.
+The YAML file format is similar to the JSON file format, but takes advantage of YAML's ability to include comments.
 The file consists of a hash with attribute name keys and value strings. The `nTSecurityDescriptor` file can be either
 a binary string representing a literal value, or a security descriptor defined in Microsoft's [Security Descriptor
 Definition Language (SDDL)][sddl]. Premade configuration templates provided by Metasploit use this format.

documentation/modules/auxiliary/admin/ldap/rbcd.md

@@ -32,7 +32,7 @@ Grant Write privileges for sandy to the target machine, i.e. `WS01`:
 $TargetComputer = Get-ADComputer 'WS01'
 $User = Get-ADUser 'sandy'
 
-# Add GenericWrite access to the user against the target coputer
+# Add GenericWrite access to the user against the target computer
 $Rights = [System.DirectoryServices.ActiveDirectoryRights] "GenericWrite"
 $ControlType = [System.Security.AccessControl.AccessControlType] "Allow"
 $InheritanceType = [System.DirectoryServices.ActiveDirectorySecurityInheritance] "All"

documentation/modules/auxiliary/analyze/crack_databases.md

@@ -169,15 +169,15 @@ creds add user:mssql_foo hash:0x0100A607BA7C54A24D17B565C59F1743776A10250F581D48
 creds add user:mssql12_Password1! hash:0x0200F733058A07892C5CACE899768F89965F6BD1DED7955FE89E1C9A10E278$
 creds add user:mysql_probe hash:445ff82636a7ba59 jtr:mysql
 creds add user:mysql-sha1_tere hash:*5AD8F88516BD021DD43F171E2C785C69F8E54ADB jtr:mysql-sha1
-## oracle (10) uses usernames in the hashing, so we can't overide that here
+## oracle (10) uses usernames in the hashing, so we can't override that here
 creds add user:simon hash:4F8BC1809CB2AF77 jtr:des,oracle
 creds add user:SYSTEM hash:9EEDFA0AD26C6D52 jtr:des,oracle
 ## oracle 11/12 H value, username is used
 creds add user:DEMO hash:'S:8F2D65FB5547B71C8DA3760F10960428CD307B1C6271691FC55C1F56554A;H:DC9894A01797$
 ## oracle 11/12 uses a LONG format, see lib/msf/core/auxiliary/jtr.rb
 creds add user:oracle11_epsilon hash:'S:8F2D65FB5547B71C8DA3760F10960428CD307B1C6271691FC55C1F56554A;H:$
 creds add user:oracle12c_epsilon hash:'H:DC9894A01797D91D92ECA1DA66242209;T:E3243B98974159CC24FD2C9A8B3$
-##postgres uses username, so we can't overide that here
+##postgres uses username, so we can't override that here
 creds add user:example postgres:md5be86a79bf2043622d58d5453c47d4860
 creds add user:example postgres:md5be86a79bf20fake2d58d5453c47d4860
 echo "" > /root/.msf4/john.pot

documentation/modules/auxiliary/client/telegram/send_message.md

@@ -53,7 +53,7 @@ Module options (auxiliary/client/telegram/send_message):
    BOT_TOKEN                    yes       Telegram BOT token
    CHAT_ID                      no        Chat ID for the BOT
    DOCUMENT                     no        The path to the document(binary, video etc)
-   FORMATTING  Markdown         no        Message formating option (Markdown|MarkdownV2|HTML) (Accepted: Markdown, MarkdownV2, HT
+   FORMATTING  Markdown         no        Message formatting option (Markdown|MarkdownV2|HTML) (Accepted: Markdown, MarkdownV2, HT
                                           ML)
    IDFILE                       no        File containing chat IDs, one per line
    MESSAGE                      no        The message to be sent

documentation/modules/auxiliary/cloud/aws/enum_iam.md

@@ -43,7 +43,7 @@ This module authenticates to AWS IAM (Identify Access Module) to identify user a
 
   **LIMIT**
 
-  Some AWS API calls support limiting output, such that the module will only reutrn the number of instances, without detailing the configuration of each instance.  Optionally, this module's output can be filtered to minimize the query to AWS and the user output.  Alternatively, `LIMIT` can be left blank, such that all EC2 instances will be detailed.
+  Some AWS API calls support limiting output, such that the module will only return the number of instances, without detailing the configuration of each instance.  Optionally, this module's output can be filtered to minimize the query to AWS and the user output.  Alternatively, `LIMIT` can be left blank, such that all EC2 instances will be detailed.
 
   Note that the `LIMIT` parameter is imposed per region, so the total number of results may be higher than the user-specified limit, but the maximum number of results for a single region will not exceed `LIMIT`.  This behavior is due to the AWS API.
 

documentation/modules/auxiliary/dos/http/cable_haunt_websocket_dos.md

@@ -10,7 +10,7 @@ Please refer to [https://cablehaunt.com/](https://cablehaunt.com/) for more info
 
 **WS_USERNAME**
 
-This is the basic auth username for the spectrum analysis web service.  This is typicall default credentials such as `admin:password` but may also be something along the lines of `spectrum:spectrum`.  This will vary from manufacturer to manufacturer and ISP to ISP.
+This is the basic auth username for the spectrum analysis web service.  This is typically default credentials such as `admin:password` but may also be something along the lines of `spectrum:spectrum`.  This will vary from manufacturer to manufacturer and ISP to ISP.
 
 **WS_PASSWORD**
 

documentation/modules/auxiliary/fileformat/badpdf.md

@@ -85,7 +85,7 @@ msf auxiliary(fileformat/badpdf) > set pdfinject /root/Desktop/example.pdf
 pdfinject => /root/Desktop/example.pdf
 msf auxiliary(fileformat/badpdf) > exploit
 
-[+] Malicious file writen to /root/Desktop/example_malicious.pdf
+[+] Malicious file written to /root/Desktop/example_malicious.pdf
 [\*] Auxiliary module execution completed
 msf auxiliary(fileformat/badpdf) > 
 

documentation/modules/auxiliary/gather/cisco_rv320_config.md

@@ -2,7 +2,7 @@
 
 [CVE-2019-1653](https://nvd.nist.gov/vuln/detail/CVE-2019-1653) (aka Cisco Bugtracker ID [CSCvg85922](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info)) is an unauthenticated disclosure of device configuration information for the Cisco RV320/RV325 small business router.  The vulnerability was responsibly disclosed by [RedTeam Pentesting GmbH](https://seclists.org/fulldisclosure/2019/Jan/52).
 
-An exposed remote administration interface (on :443) would allow an attacker to retrieve password hashes and other sensitive device configuration information.  On version `1.4.2.15`, the vulnerabilty is exploitable via the WAN interface on port 8007 (by default) or 443 (if remote administration is enabled), in addition to port 443 on the LAN side.  On version `1.4.2.17`, only LAN port 443 is accessible by default, but user configuration can open port 443 for remote management on the WAN side, making the device vulnerable externally.
+An exposed remote administration interface (on :443) would allow an attacker to retrieve password hashes and other sensitive device configuration information.  On version `1.4.2.15`, the vulnerability is exploitable via the WAN interface on port 8007 (by default) or 443 (if remote administration is enabled), in addition to port 443 on the LAN side.  On version `1.4.2.17`, only LAN port 443 is accessible by default, but user configuration can open port 443 for remote management on the WAN side, making the device vulnerable externally.
 
 More context is available from [Rapid7's blog post](https://blog.rapid7.com/2019/01/29/cisco-r-rv320-rv325-router-unauthenticated-configuration-export-vulnerability-cve-2019-1653-what-you-need-to-know/).
 

documentation/modules/auxiliary/gather/cloud_lookup.md

@@ -44,7 +44,7 @@ Files containing IP addresses to blacklist during the analysis process, one per
 
 ### THREADS
 
-Number of concurent threads needed for DNS enumeration. Default: 8
+Number of concurrent threads needed for DNS enumeration. Default: 8
 
 ### WORDLIST
 

documentation/modules/auxiliary/gather/elasticsearch_enum.md

@@ -2,7 +2,7 @@
 
 This module enumerates Elasticsearch instances. It uses the REST API
 in order to gather information about the server, the cluster, nodes,
-in the cluster, indicies, and pull data from those indicies.
+in the cluster, indices, and pull data from those indices.
 
 ### Docker
 
@@ -85,7 +85,7 @@ msf6 auxiliary(gather/elasticsearch/enum) > run
   ------------       ------  ---------------
   es-docker-cluster  yellow  2
 
-[+] Indicies Information
+[+] Indices Information
 ====================
 
   Name       Health  Status  UUID                    Documents  Storage Usage (MB)

documentation/modules/auxiliary/gather/exchange_proxylogon_collector.md

@@ -108,7 +108,7 @@ msf6 auxiliary(gather/exchange_proxylogon_collector) > run
 [*] https://172.20.2.110:443 - Selecting the first internal server found
 [*]  * targeting internal: server2
 [*] https://172.20.2.110:443 - Attempt to dump emails for <[email protected]>
-[*]  * successfuly connected to: inbox
+[*]  * successfully connected to: inbox
 [*]  * selected folder: inbox (AQAYAGdhc3Rvbi5sYWdhZmYAZUBwd25lZC5sYWIALgAAA+uQmQIqiSJLiXyYWVYT65MBACRuvwACXEpAuhG13iUjVgwAAAIBDAAAAA==)
 [*]  * number of email found: 4
 [*] https://172.20.2.110:443 - Processing dump of 4 items
@@ -144,7 +144,7 @@ msf6 auxiliary(gather/exchange_proxylogon_collector) > run
 [*] https://172.20.2.110:443 - Selecting the first internal server found
 [*]  * targeting internal: server2
 [*] https://172.20.2.110:443 - Attempt to dump contacts for <[email protected]>
-[*]  * successfuly connected to: contacts
+[*]  * successfully connected to: contacts
 [*]  * selected folder: contacts (AQAYAGdhc3Rvbi5sYWdhZmYAZUBwd25lZC5sYWIALgAAA+uQmQIqiSJLiXyYWVYT65MBACRuvwACXEpAuhG13iUjVgwAAAIBDgAAAA==)
 [*]  * number of contact found: 1
 [*] https://172.20.2.110:443 - Processing dump of 1 items

documentation/modules/auxiliary/gather/get_user_spns.md

@@ -1,6 +1,6 @@
 ## Description
 
-This module will try to find Service Principal Names (SPN) that are associated with normal user accounts on the specified domain and then submit requests to retrive Ticket Granting Service (TGS) tickets for those accounts, which may be partially encrypted with the SPNs NTLM hash. After retrieving the TGS tickets, offline brute forcing attacks can be performed to retrieve the passwords for the SPN accounts.
+This module will try to find Service Principal Names (SPN) that are associated with normal user accounts on the specified domain and then submit requests to retrieve Ticket Granting Service (TGS) tickets for those accounts, which may be partially encrypted with the SPNs NTLM hash. After retrieving the TGS tickets, offline brute forcing attacks can be performed to retrieve the passwords for the SPN accounts.
 
 ## Verification Steps
 

documentation/modules/auxiliary/gather/hikvision_info_disclosure_cve_2017_7921.md

@@ -52,7 +52,7 @@ camera snapshots.
 
 ## Actions
 ### Automatic
-Retrieves all information suported by this module
+Retrieves all information supported by this module
 ### Configuration
 Retrieves the camera hardware and software configuration
 ### Credentials
@@ -120,7 +120,7 @@ Device manufacturer: Hikvision.China
 Device model: DS-2CD2142FWD-IS
 Device S/N: DS-2CD2142FWD-IS2016HS77777777777
 Device MAC: bc:ad:28:ff:ff:ff
-Device firware version: V5.4.1
+Device firmware version: V5.4.1
 Device firmware release: build 160525
 Device boot version: V1.3.4
 Device boot release: 100316

documentation/modules/auxiliary/gather/ldap_query.md

@@ -7,7 +7,7 @@ of this JSON/YAML file on disk.
 
 Users can also run a single query by using the `RUN_SINGLE_QUERY` option and then setting
 the `QUERY_FILTER` datastore option to the filter to send to the LDAP server and `QUERY_ATTRIBUTES`
-to a comma seperated string containing the list of attributes they are interested in obtaining
+to a comma separated string containing the list of attributes they are interested in obtaining
 from the results.
 
 As a third option can run one of several predefined queries by setting `ACTION` to the

documentation/modules/auxiliary/gather/office365userenum.md

@@ -14,7 +14,7 @@ Note this behaviour appears to be limited to Office365, MS Exchange does not app
 
 Microsoft Security Response Center stated on 2017-06-28 that this issue does not "meet the bar for security servicing". As such it is not expected to be fixed any time soon.
 
-This script is maintaing the ability to run independently of MSF.
+This script is maintaining the ability to run independently of MSF.
 
 Office365's implementation of ActiveSync is vulnerable.
 

documentation/modules/auxiliary/gather/peplink_bauth_sqli.md

@@ -289,7 +289,7 @@ msf5 auxiliary(gather/peplink_bauth_sqli) > run
 [+]                                             WAN
 [+]                                     port_type
 [+]                                             ethernet
-[+]                                     actiavted
+[+]                                     activated
 [+]                             name
 [+]                                     WAN
 [+]                             enable
@@ -355,7 +355,7 @@ msf5 auxiliary(gather/peplink_bauth_sqli) > run
 [+]                                             WAN
 [+]                                     port_type
 [+]                                             ethernet
-[+]                                     actiavted
+[+]                                     activated
 [+]                             name
 [+]                                     WAN
 [+]                             enable