diff --git a/modules/vulnerabilities/unix/http/linuxki_rce/files/linuxki_6.0-1_all.deb b/modules/vulnerabilities/unix/http/linuxki_rce/files/linuxki_6.0-1_all.deb
new file mode 100644
index 000000000..52adc24de
Binary files /dev/null and b/modules/vulnerabilities/unix/http/linuxki_rce/files/linuxki_6.0-1_all.deb differ
diff --git a/modules/vulnerabilities/unix/http/linuxki_rce/linuxki_rce.pp b/modules/vulnerabilities/unix/http/linuxki_rce/linuxki_rce.pp
new file mode 100644
index 000000000..16037f28d
--- /dev/null
+++ b/modules/vulnerabilities/unix/http/linuxki_rce/linuxki_rce.pp
@@ -0,0 +1,6 @@
+contain linuxki_rce::install
+contain linuxki_rce::apache
+contain linuxki_rce::configure
+Class['linuxki_rce::install']
+-> Class['linuxki_rce::apache']
+-> Class['linuxki_rce::configure']
diff --git a/modules/vulnerabilities/unix/http/linuxki_rce/manifests/apache.pp b/modules/vulnerabilities/unix/http/linuxki_rce/manifests/apache.pp
new file mode 100644
index 000000000..fbaf7a1dd
--- /dev/null
+++ b/modules/vulnerabilities/unix/http/linuxki_rce/manifests/apache.pp
@@ -0,0 +1,55 @@
+# Class: linuxki::apache
+# Apache configuration for linuxki
+#
+class linuxki_rce::apache {
+ Exec { path => ['/bin', '/usr/bin', '/usr/local/bin', '/sbin', '/usr/sbin'] }
+
+ file { '/etc/apache2/sites-enabled/000-default.conf':
+ ensure => absent,
+ }
+
+ class { '::apache':
+ default_vhost => false,
+ default_mods => ['rewrite'], # php5 via separate module
+ overwrite_ports => false,
+ mpm_module => 'prefork',
+ }
+ -> ::apache::vhost { 'linuxki':
+ port => '80',
+ options => 'FollowSymLinks',
+ override => 'All',
+ docroot => '/opt/',
+ directories => [{
+ path => '/opt/',
+ allow => 'from all',
+ },{
+ path => '/opt/linuxki/',
+ allow => 'from all',
+ }],
+ }
+
+ $dirmatch = '
+ Options Indexes FollowSymLinks
+ AllowOverride None
+ Require all granted
+
+
+
+ Options Indexes FollowSymLinks
+ AllowOverride None
+ Require all granted
+ '
+
+ # ugly way to append to the file... clean up potentially?
+ exec { 'append-directories':
+ command => "grep -qE '|' /etc/apache2/apache2.conf && echo '' || echo \"${dirmatch}\" | sudo tee -a /etc/apache2/apache2.conf",
+ }
+ # restart apache
+ -> exec { 'restart-apache-linuxki':
+ command => 'service apache2 restart',
+ logoutput => true
+ }
+ -> exec { 'wait-apache-linuxki':
+ command => 'sleep 4',
+ }
+}
diff --git a/modules/vulnerabilities/unix/http/linuxki_rce/manifests/configure.pp b/modules/vulnerabilities/unix/http/linuxki_rce/manifests/configure.pp
new file mode 100644
index 000000000..fe943cec1
--- /dev/null
+++ b/modules/vulnerabilities/unix/http/linuxki_rce/manifests/configure.pp
@@ -0,0 +1,18 @@
+# Class: linuxki_rce::configure
+# LinuxKI configuration
+#
+class linuxki_rce::configure {
+ $leaked_filenames = ['flagtest'] ##$secgen_parameters['leaked_filenames']
+ $strings_to_leak = ['this is a list of strings that are secrets / flags','another secret'] ##$secgen_parameters['strings_to_leak']
+
+ Exec { path => ['/bin', '/usr/bin', '/usr/local/bin', '/sbin', '/usr/sbin'] }
+
+ ::secgen_functions::leak_files { 'linuxki-flag-leak':
+ storage_directory => '/opt/linuxki/experimental/vis',
+ leaked_filenames => $leaked_filenames,
+ strings_to_leak => $strings_to_leak,
+ owner => 'www-data',
+ mode => '0750',
+ leaked_from => 'linuxki_rce',
+ }
+}
diff --git a/modules/vulnerabilities/unix/http/linuxki_rce/manifests/install.pp b/modules/vulnerabilities/unix/http/linuxki_rce/manifests/install.pp
new file mode 100644
index 000000000..49b080c34
--- /dev/null
+++ b/modules/vulnerabilities/unix/http/linuxki_rce/manifests/install.pp
@@ -0,0 +1,19 @@
+# Class: linuxki_rce::install
+# Install process for linuxKI toolkit
+#
+class linuxki_rce::install {
+ Exec { path => [ '/bin/', '/sbin/' , '/usr/bin/', '/usr/sbin/' ] }
+
+ # Maybe automate linux-headers to use uname -r?
+ ensure_packages(['make', 'elfutils', 'php', 'linux-headers-4.19.0-21-amd64'])
+
+ file { '/tmp/linuxki_6.0-1_all.deb':
+ ensure => file,
+ source => 'puppet:///modules/linuxki_rce/linuxki_6.0-1_all.deb',
+ }
+ -> package { 'linuxki':
+ ensure => installed,
+ provider => dpkg,
+ source => '/tmp/linuxki_6.0-1_all.deb'
+ }
+}
diff --git a/modules/vulnerabilities/unix/http/linuxki_rce/secgen_metadata.xml b/modules/vulnerabilities/unix/http/linuxki_rce/secgen_metadata.xml
new file mode 100644
index 000000000..2fae26f32
--- /dev/null
+++ b/modules/vulnerabilities/unix/http/linuxki_rce/secgen_metadata.xml
@@ -0,0 +1,71 @@
+
+
+
+ LinuxKI Toolset 6.01 Remote Command Execution
+ James Davis
+ MIT
+ This
+ module exploits a vulnerability in LinuxKI Toolset 6.01 and below which allows
+ remote code execution.
+ The kivis.php pid parameter received from the user is sent to the shell_exec function,
+ resulting in security vulnerability.
+
+
+ http
+ in_the_wild
+ user_rwx
+ remote
+ linux
+ low
+
+ port
+ strings_to_leak
+ leaked_filenames
+ strings_to_pre_leak
+
+
+ **CHECK THIS**
+
+
+
+
+
+
+
+
+
+
+
+
+ CVE-2020-7209
+ 9.8
+ CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+ LinuxKI
+ GNU GPLv2
+
+ https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/linuxki_rce.rb
+
+ https://github.com/HewlettPackard/LinuxKI/releases/tag/v6.0-1
+
+
+
+
+
+
+ webapp
+
+
+
+ services/unix/http/apache_stretch_compatible/apache
+
+
+
+ services/unix/http/**check versions**
+
+
+
+
\ No newline at end of file