diff --git a/lib/schemas/vulnerability_metadata_schema.xsd b/lib/schemas/vulnerability_metadata_schema.xsd
index 3923b62c8..428edca7f 100644
--- a/lib/schemas/vulnerability_metadata_schema.xsd
+++ b/lib/schemas/vulnerability_metadata_schema.xsd
@@ -9,6 +9,7 @@
       <xs:enumeration value="info_leak"/>
       <xs:enumeration value="user"/>
       <xs:enumeration value="root"/>
+      <xs:enumeration value="none"/>
     </xs:restriction>
   </xs:simpleType>
   <xs:simpleType name="accessOptions">
@@ -55,7 +56,7 @@
   </xs:simpleType>
   <xs:simpleType name="MSFregexp">
     <xs:restriction base="xs:string">
-      <xs:pattern value="exploit/[a-zA-Z0-9_\-/]+"/>
+      <xs:pattern value="(exploit|auxiliary)/[a-zA-Z0-9_\-/]+"/>
     </xs:restriction>
   </xs:simpleType>
   <xs:simpleType name="randType">
diff --git a/modules/services/unix/http/apache_bash_cgi/apache_bash_cgi.pp b/modules/services/unix/http/apache_bash_cgi/apache_bash_cgi.pp
new file mode 100644
index 000000000..f9dc48eff
--- /dev/null
+++ b/modules/services/unix/http/apache_bash_cgi/apache_bash_cgi.pp
@@ -0,0 +1 @@
+require apache_bash_cgi::init
\ No newline at end of file
diff --git a/modules/services/unix/http/apache_bash_cgi/files/test.cgi b/modules/services/unix/http/apache_bash_cgi/files/test.cgi
new file mode 100755
index 000000000..28885459c
--- /dev/null
+++ b/modules/services/unix/http/apache_bash_cgi/files/test.cgi
@@ -0,0 +1,7 @@
+#!/bin/bash 
+echo "Content-type: text/plain"
+echo $(env)
+echo
+echo "Hi"
+bash --version
+bash /dev/null
\ No newline at end of file
diff --git a/modules/services/unix/http/apache_bash_cgi/manifests/init.pp b/modules/services/unix/http/apache_bash_cgi/manifests/init.pp
new file mode 100644
index 000000000..0e53bbe5e
--- /dev/null
+++ b/modules/services/unix/http/apache_bash_cgi/manifests/init.pp
@@ -0,0 +1,11 @@
+class apache_bash_cgi::init {
+  file { '/usr/lib/cgi-bin/':
+    ensure => directory,
+  }
+
+  file { '/usr/lib/cgi-bin/test.cgi':
+    ensure => file,
+    source => 'puppet:///modules/apache_bash_cgi/test.cgi',
+    mode => '755',
+  }
+}
\ No newline at end of file
diff --git a/modules/services/unix/http/apache_bash_cgi/secgen_metadata.xml b/modules/services/unix/http/apache_bash_cgi/secgen_metadata.xml
new file mode 100644
index 000000000..19b2d9839
--- /dev/null
+++ b/modules/services/unix/http/apache_bash_cgi/secgen_metadata.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0"?>
+
+<service xmlns="http://www.github/cliffe/SecGen/service"
+               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+               xsi:schemaLocation="http://www.github/cliffe/SecGen/service">
+  <name>Apache Bash CGI</name>
+  <author>Thomas Shaw</author>
+  <module_license>MIT</module_license>
+  <description>Hosts a bash CGI script on a default apache installation.</description>
+
+  <type>httpd</type>
+  <platform>unix</platform>
+
+  <reference>https://httpd.apache.org/</reference>
+  <software_license>Apache v2</software_license>
+
+  <requires>
+    <module_path>modules/services/unix/http/apache</module_path>
+  </requires>
+
+</service>
\ No newline at end of file
diff --git a/modules/services/unix/file_share/samba/LICENSE b/modules/services/unix/smb/samba/LICENSE
similarity index 100%
rename from modules/services/unix/file_share/samba/LICENSE
rename to modules/services/unix/smb/samba/LICENSE
diff --git a/modules/services/unix/file_share/samba/README.md b/modules/services/unix/smb/samba/README.md
similarity index 100%
rename from modules/services/unix/file_share/samba/README.md
rename to modules/services/unix/smb/samba/README.md
diff --git a/modules/services/unix/file_share/samba/Rakefile b/modules/services/unix/smb/samba/Rakefile
similarity index 100%
rename from modules/services/unix/file_share/samba/Rakefile
rename to modules/services/unix/smb/samba/Rakefile
diff --git a/modules/services/unix/file_share/samba/checksums.json b/modules/services/unix/smb/samba/checksums.json
similarity index 100%
rename from modules/services/unix/file_share/samba/checksums.json
rename to modules/services/unix/smb/samba/checksums.json
diff --git a/modules/services/unix/file_share/samba/manifests/init.pp b/modules/services/unix/smb/samba/manifests/init.pp
similarity index 100%
rename from modules/services/unix/file_share/samba/manifests/init.pp
rename to modules/services/unix/smb/samba/manifests/init.pp
diff --git a/modules/services/unix/file_share/samba/manifests/params.pp b/modules/services/unix/smb/samba/manifests/params.pp
similarity index 100%
rename from modules/services/unix/file_share/samba/manifests/params.pp
rename to modules/services/unix/smb/samba/manifests/params.pp
diff --git a/modules/services/unix/file_share/samba/manifests/spec.pp b/modules/services/unix/smb/samba/manifests/spec.pp
similarity index 100%
rename from modules/services/unix/file_share/samba/manifests/spec.pp
rename to modules/services/unix/smb/samba/manifests/spec.pp
diff --git a/modules/services/unix/file_share/samba/metadata.json b/modules/services/unix/smb/samba/metadata.json
similarity index 100%
rename from modules/services/unix/file_share/samba/metadata.json
rename to modules/services/unix/smb/samba/metadata.json
diff --git a/modules/services/unix/file_share/samba/samba.pp b/modules/services/unix/smb/samba/samba.pp
similarity index 100%
rename from modules/services/unix/file_share/samba/samba.pp
rename to modules/services/unix/smb/samba/samba.pp
diff --git a/modules/services/unix/file_share/samba/secgen_metadata.xml b/modules/services/unix/smb/samba/secgen_metadata.xml
similarity index 72%
rename from modules/services/unix/file_share/samba/secgen_metadata.xml
rename to modules/services/unix/smb/samba/secgen_metadata.xml
index fc0dec3ff..4220a6a82 100644
--- a/modules/services/unix/file_share/samba/secgen_metadata.xml
+++ b/modules/services/unix/smb/samba/secgen_metadata.xml
@@ -5,10 +5,11 @@
          xsi:schemaLocation="http://www.github/cliffe/SecGen/service">
   <name>Samba file share Server</name>
   <author>example42</author>
+  <author>Jason Keighley</author>
   <module_license>Apache v2</module_license>
   <description>An installation of Samba</description>
 
-  <type>file_share</type>
+  <type>smb</type>
   <platform>linux</platform>
 
   <!--optional details-->
@@ -16,7 +17,7 @@
   <software_name>samba</software_name>
   <software_license>Apache v2</software_license>
 
-  <!--Cannot co-exist with other apache installations-->
+  <!--Cannot co-exist with other samba installations-->
   <conflict>
     <software_name>samba</software_name>
   </conflict>
@@ -25,10 +26,4 @@
     <type>update</type>
   </requires>
 
-</service>
-
-<!-- REQUIRES unix_update MODULE TO BE CALLED FIRST -->
-<!-- ALSO REQUIRES -->
-<!--example42/puppi (>=2.0.0)-->
-<!--example42/firewall (>=2.0.0)-->
-<!--example42/monitor (>=2.0.0)-->
\ No newline at end of file
+</service>
\ No newline at end of file
diff --git a/modules/services/unix/file_share/samba/spec/classes/standard42_spec.rb b/modules/services/unix/smb/samba/spec/classes/standard42_spec.rb
similarity index 100%
rename from modules/services/unix/file_share/samba/spec/classes/standard42_spec.rb
rename to modules/services/unix/smb/samba/spec/classes/standard42_spec.rb
diff --git a/modules/services/unix/file_share/samba/spec/spec_helper.rb b/modules/services/unix/smb/samba/spec/spec_helper.rb
similarity index 100%
rename from modules/services/unix/file_share/samba/spec/spec_helper.rb
rename to modules/services/unix/smb/samba/spec/spec_helper.rb
diff --git a/modules/services/unix/file_share/samba/templates/spec.erb b/modules/services/unix/smb/samba/templates/spec.erb
similarity index 100%
rename from modules/services/unix/file_share/samba/templates/spec.erb
rename to modules/services/unix/smb/samba/templates/spec.erb
diff --git a/modules/services/unix/file_share/samba/tests/absent.pp b/modules/services/unix/smb/samba/tests/absent.pp
similarity index 100%
rename from modules/services/unix/file_share/samba/tests/absent.pp
rename to modules/services/unix/smb/samba/tests/absent.pp
diff --git a/modules/services/unix/file_share/samba/tests/disable.pp b/modules/services/unix/smb/samba/tests/disable.pp
similarity index 100%
rename from modules/services/unix/file_share/samba/tests/disable.pp
rename to modules/services/unix/smb/samba/tests/disable.pp
diff --git a/modules/services/unix/file_share/samba/tests/init.pp b/modules/services/unix/smb/samba/tests/init.pp
similarity index 100%
rename from modules/services/unix/file_share/samba/tests/init.pp
rename to modules/services/unix/smb/samba/tests/init.pp
diff --git a/modules/utilities/unix/scanners/nmap/manifests/install.pp b/modules/utilities/unix/scanners/nmap/manifests/install.pp
new file mode 100644
index 000000000..dffc07245
--- /dev/null
+++ b/modules/utilities/unix/scanners/nmap/manifests/install.pp
@@ -0,0 +1,5 @@
+class nmap::install {
+  package { 'nmap':
+    ensure => installed,
+  }
+}
\ No newline at end of file
diff --git a/modules/utilities/unix/scanners/nmap/nmap.pp b/modules/utilities/unix/scanners/nmap/nmap.pp
new file mode 100644
index 000000000..b5eb3746e
--- /dev/null
+++ b/modules/utilities/unix/scanners/nmap/nmap.pp
@@ -0,0 +1 @@
+include nmap::install
\ No newline at end of file
diff --git a/modules/utilities/unix/scanners/nmap/secgen_metadata.xml b/modules/utilities/unix/scanners/nmap/secgen_metadata.xml
new file mode 100644
index 000000000..0b2304f7e
--- /dev/null
+++ b/modules/utilities/unix/scanners/nmap/secgen_metadata.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0"?>
+
+<utility xmlns="http://www.github/cliffe/SecGen/utility"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://www.github/cliffe/SecGen/utility">
+  <name>Nmap Security Scanner</name>
+  <author>Thomas Shaw</author>
+  <module_license>Apache v2</module_license>
+  <description>Nmap network host, service and security scanner.</description>
+
+  <type>utility</type>
+  <platform>linux</platform>
+
+  <!--optional details-->
+  <reference>https://nmap.org/</reference>
+
+  <requires>
+    <type>update</type>
+  </requires>
+
+</utility>
\ No newline at end of file
diff --git a/modules/utilities/unix/smb/smbclient/manifests/install.pp b/modules/utilities/unix/smb/smbclient/manifests/install.pp
new file mode 100644
index 000000000..f61995291
--- /dev/null
+++ b/modules/utilities/unix/smb/smbclient/manifests/install.pp
@@ -0,0 +1,5 @@
+class smbclient::install {
+  package { 'smbclient':
+    ensure => 'installed',
+  }
+}
\ No newline at end of file
diff --git a/modules/utilities/unix/smb/smbclient/secgen_metadata.xml b/modules/utilities/unix/smb/smbclient/secgen_metadata.xml
new file mode 100644
index 000000000..924574468
--- /dev/null
+++ b/modules/utilities/unix/smb/smbclient/secgen_metadata.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0"?>
+
+<utility xmlns="http://www.github/cliffe/SecGen/utility"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://www.github/cliffe/SecGen/utility">
+  <name>Samba client</name>
+  <author>Jason Keighley</author>
+  <module_license>Apache v2</module_license>
+  <description>An installation of smbclient</description>
+
+  <type>smb</type>
+  <platform>linux</platform>
+
+  <!--optional details-->
+  <software_name>smbclient</software_name>
+  <software_license>Apache v2</software_license>
+
+  <!--Cannot co-exist with other smbclient installations-->
+  <conflict>
+    <software_name>smbclient</software_name>
+  </conflict>
+
+  <requires>
+    <type>update</type>
+  </requires>
+
+</utility>
\ No newline at end of file
diff --git a/modules/utilities/unix/smb/smbclient/smbclient.pp b/modules/utilities/unix/smb/smbclient/smbclient.pp
new file mode 100644
index 000000000..5810c6277
--- /dev/null
+++ b/modules/utilities/unix/smb/smbclient/smbclient.pp
@@ -0,0 +1 @@
+class { smbclient::install: }
\ No newline at end of file
diff --git a/modules/vulnerabilities/unix/access_control_misconfigurations/uid_less_root/manifests/change_uid_permissions.pp b/modules/vulnerabilities/unix/access_control_misconfigurations/uid_less_root/manifests/change_uid_permissions.pp
new file mode 100644
index 000000000..91e2c793d
--- /dev/null
+++ b/modules/vulnerabilities/unix/access_control_misconfigurations/uid_less_root/manifests/change_uid_permissions.pp
@@ -0,0 +1,9 @@
+class uid_less_root::change_uid_permissions ($file_input = [], $user = 'root') {
+  $file_input.each |$file, $permission_code| {
+    file { $file:
+      mode => $permission_code,
+      owner => $user,
+    }
+    notice("File {$file} permissions have been checked.")
+  }
+}
\ No newline at end of file
diff --git a/modules/vulnerabilities/unix/access_control_misconfigurations/uid_less_root/secgen_metadata.xml b/modules/vulnerabilities/unix/access_control_misconfigurations/uid_less_root/secgen_metadata.xml
new file mode 100644
index 000000000..54f6350ff
--- /dev/null
+++ b/modules/vulnerabilities/unix/access_control_misconfigurations/uid_less_root/secgen_metadata.xml
@@ -0,0 +1,23 @@
+<?xml version="1.0"?>
+
+<vulnerability xmlns="http://www.github/cliffe/SecGen/vulnerability"
+               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+               xsi:schemaLocation="http://www.github/cliffe/SecGen/vulnerability">
+  <name>Access control mis-configurations uid less</name>
+  <author>Jason Keighley</author>
+  <module_license>Apache v2</module_license>
+  <description>Mis-configure files to enable root privileges</description>
+
+  <type>access_control_mis-configurations</type>
+  <privilege>root</privilege>
+  <access>local</access>
+  <platform>unix</platform>
+
+  <!--optional vulnerability details-->
+  <!--optional breadcrumb (info that is leaked and required to exploit)-->
+  <!--<breadcrumb></breadcrumb>-->
+  <!--optional hints-->
+  <hint>Text viewer permission misconfiguration</hint>
+  <solution>Less editor running as user root</solution>
+  <!--Cannot co-exist with other installations-->
+</vulnerability>
\ No newline at end of file
diff --git a/modules/vulnerabilities/unix/access_control_misconfigurations/uid_less_root/uid_less_root.pp b/modules/vulnerabilities/unix/access_control_misconfigurations/uid_less_root/uid_less_root.pp
new file mode 100644
index 000000000..6ab2160da
--- /dev/null
+++ b/modules/vulnerabilities/unix/access_control_misconfigurations/uid_less_root/uid_less_root.pp
@@ -0,0 +1,7 @@
+class {'uid_less_root::change_uid_permissions':
+  user => 'root',
+  file_input => {
+    '/bin/less' => '4777',
+    '/usr/bin/less' => '4777',
+  },
+}
\ No newline at end of file
diff --git a/modules/vulnerabilities/unix/bash/shellshock/files/bash-4.1.tar.gz b/modules/vulnerabilities/unix/bash/shellshock/files/bash-4.1.tar.gz
new file mode 100644
index 000000000..0ed6b53c3
Binary files /dev/null and b/modules/vulnerabilities/unix/bash/shellshock/files/bash-4.1.tar.gz differ
diff --git a/modules/vulnerabilities/unix/bash/shellshock/manifests/install.pp b/modules/vulnerabilities/unix/bash/shellshock/manifests/install.pp
new file mode 100644
index 000000000..fd5194b8e
--- /dev/null
+++ b/modules/vulnerabilities/unix/bash/shellshock/manifests/install.pp
@@ -0,0 +1,19 @@
+class shellshock::install{
+
+  file { '/usr/local/src/bash-4.1.tar.gz':
+    ensure => file,
+    source => 'puppet:///modules/shellshock/bash-4.1.tar.gz',
+  }
+
+  exec { 'unpack-bash-tar':
+    cwd         => '/usr/local/src',
+    command     => '/bin/tar -xzf /usr/local/src/bash-4.1.tar.gz',
+    creates     => '/usr/local/src/bash-4.1/',
+  }
+
+  exec { 'configure-make-make-install-bash':
+    cwd     => '/usr/local/src/bash-4.1/',
+    command => '/bin/bash /usr/local/src/bash-4.1/configure; /usr/bin/make; /usr/bin/make install;',
+    require => Exec['unpack-bash-tar'],
+  }
+}
\ No newline at end of file
diff --git a/modules/vulnerabilities/unix/bash/shellshock/secgen_metadata.xml b/modules/vulnerabilities/unix/bash/shellshock/secgen_metadata.xml
new file mode 100644
index 000000000..5b4853b41
--- /dev/null
+++ b/modules/vulnerabilities/unix/bash/shellshock/secgen_metadata.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0"?>
+
+<vulnerability xmlns="http://www.github/cliffe/SecGen/vulnerability"
+               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+               xsi:schemaLocation="http://www.github/cliffe/SecGen/vulnerability">
+  <name>Bashbug / Shellshock</name>
+  <author>Thomas Shaw</author>
+  <module_license>MIT</module_license>
+  <description>Installs GNU bash version 4.1 which contains the bashbug / shellshock vulnerability.</description>
+
+  <type>bash</type>
+  <privilege>none</privilege>
+  <access>local</access>
+  <platform>unix</platform>
+
+  <!--optional vulnerability details-->
+  <difficulty>medium</difficulty>
+  <cve>CVE-2014-6271</cve>
+  <cvss_base_score>10</cvss_base_score>
+  <cvss_vector>AV:N/AC:L/Au:N/C:C/I:C/A:C</cvss_vector>
+
+  <reference>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271</reference>
+  <reference>http://www.symantec.com/connect/blogs/shellshock-all-you-need-know-about-bash-bug-vulnerability</reference>
+  <software_name>bash</software_name>
+  <software_license>GPLv3+</software_license>
+
+</vulnerability>
\ No newline at end of file
diff --git a/modules/vulnerabilities/unix/bash/shellshock/shellshock.pp b/modules/vulnerabilities/unix/bash/shellshock/shellshock.pp
new file mode 100644
index 000000000..1e93f4b44
--- /dev/null
+++ b/modules/vulnerabilities/unix/bash/shellshock/shellshock.pp
@@ -0,0 +1 @@
+include shellshock::install
\ No newline at end of file
diff --git a/modules/vulnerabilities/unix/local/setuid_nmap/manifests/init.pp b/modules/vulnerabilities/unix/local/setuid_nmap/manifests/init.pp
new file mode 100644
index 000000000..0590c71d2
--- /dev/null
+++ b/modules/vulnerabilities/unix/local/setuid_nmap/manifests/init.pp
@@ -0,0 +1,5 @@
+class setuid_nmap::init {
+  file { '/usr/bin/nmap':
+    mode => '4755',
+  }
+}
\ No newline at end of file
diff --git a/modules/vulnerabilities/unix/local/setuid_nmap/secgen_metadata.xml b/modules/vulnerabilities/unix/local/setuid_nmap/secgen_metadata.xml
new file mode 100644
index 000000000..318e6796c
--- /dev/null
+++ b/modules/vulnerabilities/unix/local/setuid_nmap/secgen_metadata.xml
@@ -0,0 +1,23 @@
+<?xml version="1.0"?>
+
+<vulnerability xmlns="http://www.github/cliffe/SecGen/vulnerability"
+          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+          xsi:schemaLocation="http://www.github/cliffe/SecGen/vulnerability">
+  <name>Nmap Setuid</name>
+  <author>Thomas Shaw</author>
+  <module_license>MIT</module_license>
+  <description>Nmap setuid local privilege escalation</description>
+
+  <type>access_controls</type>
+  <privilege>root</privilege>
+  <access>local</access>
+  <platform>linux</platform>
+
+  <!--optional vulnerability details-->
+  <difficulty>medium</difficulty>
+
+  <requires>
+    <module_path>modules/utilities/unix/scanners/nmap</module_path>
+  </requires>
+
+</vulnerability>
\ No newline at end of file
diff --git a/modules/vulnerabilities/unix/local/setuid_nmap/setuid_nmap.pp b/modules/vulnerabilities/unix/local/setuid_nmap/setuid_nmap.pp
new file mode 100644
index 000000000..dfb647d4d
--- /dev/null
+++ b/modules/vulnerabilities/unix/local/setuid_nmap/setuid_nmap.pp
@@ -0,0 +1 @@
+include setuid_nmap::init
\ No newline at end of file
diff --git a/modules/vulnerabilities/unix/smb/samba_public_writable_share/files/smb_conf_public_share_definition b/modules/vulnerabilities/unix/smb/samba_public_writable_share/files/smb_conf_public_share_definition
new file mode 100644
index 000000000..0964fe4e6
--- /dev/null
+++ b/modules/vulnerabilities/unix/smb/samba_public_writable_share/files/smb_conf_public_share_definition
@@ -0,0 +1,15 @@
+#
+# Insecure Public share definition
+#
+[public]
+comment = Public Share
+# Path to directory
+path = /tmp
+# Allow writing to share
+read only = no
+# Force connections as guests
+guest ok = yes
+locking = no
+# Sets the umask for files/directories created on this share
+force create mode = 777
+force directory mode = 777
diff --git a/modules/vulnerabilities/unix/smb/samba_public_writable_share/manifests/install.pp b/modules/vulnerabilities/unix/smb/samba_public_writable_share/manifests/install.pp
new file mode 100644
index 000000000..bcb56024a
--- /dev/null
+++ b/modules/vulnerabilities/unix/smb/samba_public_writable_share/manifests/install.pp
@@ -0,0 +1,19 @@
+class samba_public_writable_share::install {
+
+  concat { '/etc/samba/smb.conf':
+    ensure => present,
+  }
+
+  concat::fragment { 'smb-conf-base':
+    source => '/etc/samba/smb.conf',
+    target => '/etc/samba/smb.conf',
+    order => '01',
+  }
+
+  concat::fragment { 'smb-conf-public-share-definition':
+    source => 'puppet:///modules/samba_public_writable_share/smb_conf_public_share_definition',
+    target => '/etc/samba/smb.conf',
+    order => '02',
+  }
+
+}
\ No newline at end of file
diff --git a/modules/vulnerabilities/unix/smb/samba_public_writable_share/samba_public_writable_share.pp b/modules/vulnerabilities/unix/smb/samba_public_writable_share/samba_public_writable_share.pp
new file mode 100644
index 000000000..fa00c9fbb
--- /dev/null
+++ b/modules/vulnerabilities/unix/smb/samba_public_writable_share/samba_public_writable_share.pp
@@ -0,0 +1 @@
+require samba_public_writable_share::install
\ No newline at end of file
diff --git a/modules/vulnerabilities/unix/smb/samba_public_writable_share/secgen_metadata.xml b/modules/vulnerabilities/unix/smb/samba_public_writable_share/secgen_metadata.xml
new file mode 100644
index 000000000..4fac706a8
--- /dev/null
+++ b/modules/vulnerabilities/unix/smb/samba_public_writable_share/secgen_metadata.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0"?>
+
+<vulnerability xmlns="http://www.github/cliffe/SecGen/vulnerability"
+               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+               xsi:schemaLocation="http://www.github/cliffe/SecGen/vulnerability ">
+  <name>Samba Public Writable Share</name>
+  <author>Thomas Shaw</author>
+  <module_license>MIT</module_license>
+  <description>
+    Samba file server configured with a public anonymously accessible share with read / write permissions.
+  </description>
+
+  <type>samba</type>
+  <privilege>user</privilege>
+  <access>remote</access>
+  <platform>linux</platform>
+
+  <!--optional vulnerability details-->
+  <difficulty>low</difficulty>
+
+  <!--optional details-->
+  <reference>http://allarsblog.com/2015/11/07/Setting-Up-Samba-No-Security/</reference>
+  <software_name>smbd</software_name>
+  <software_license>MIT</software_license>
+
+  <requires>
+    <module_path>modules/services/unix/smb/samba</module_path>
+  </requires>
+
+</vulnerability>
\ No newline at end of file
diff --git a/modules/vulnerabilities/unix/smb/samba_symlink_traversal/files/smb_conf_wide_links b/modules/vulnerabilities/unix/smb/samba_symlink_traversal/files/smb_conf_wide_links
new file mode 100644
index 000000000..6c6e9561e
--- /dev/null
+++ b/modules/vulnerabilities/unix/smb/samba_symlink_traversal/files/smb_conf_wide_links
@@ -0,0 +1,3 @@
+# wide links for symlink traversal ( enabled by default in versions <= 3.4.5 )
+wide links = yes
+follow symlinks = yes
\ No newline at end of file
diff --git a/modules/vulnerabilities/unix/smb/samba_symlink_traversal/manifests/install.pp b/modules/vulnerabilities/unix/smb/samba_symlink_traversal/manifests/install.pp
new file mode 100644
index 000000000..6cd16b623
--- /dev/null
+++ b/modules/vulnerabilities/unix/smb/samba_symlink_traversal/manifests/install.pp
@@ -0,0 +1,23 @@
+class samba_symlink_traversal::install {
+
+  # Insert the 'allow insecure wide links = yes' line into the [global] section
+  exec { 'sed-insert-global-allow-insecure-wide-links':
+    command => "/bin/sed -i \'/\\[global\\]/a allow insecure wide links = yes\' /etc/samba/smb.conf"
+  }
+
+  concat { '/etc/samba/smb.conf':
+    ensure => present,
+  }
+
+  concat::fragment { 'smb-conf-base':
+    source => '/etc/samba/smb.conf',
+    target => '/etc/samba/smb.conf',
+    order => '01',
+  }
+
+  concat::fragment { 'smb-conf-wide-links':
+    source => 'puppet:///modules/samba_symlink_traversal/smb_conf_wide_links',
+    target => '/etc/samba/smb.conf',
+    order => '03',
+  }
+}
\ No newline at end of file
diff --git a/modules/vulnerabilities/unix/smb/samba_symlink_traversal/samba_symlink_traversal.pp b/modules/vulnerabilities/unix/smb/samba_symlink_traversal/samba_symlink_traversal.pp
new file mode 100644
index 000000000..e31b24a80
--- /dev/null
+++ b/modules/vulnerabilities/unix/smb/samba_symlink_traversal/samba_symlink_traversal.pp
@@ -0,0 +1 @@
+require samba_symlink_traversal::install
\ No newline at end of file
diff --git a/modules/vulnerabilities/unix/smb/samba_symlink_traversal/secgen_metadata.xml b/modules/vulnerabilities/unix/smb/samba_symlink_traversal/secgen_metadata.xml
new file mode 100644
index 000000000..54ffcebbd
--- /dev/null
+++ b/modules/vulnerabilities/unix/smb/samba_symlink_traversal/secgen_metadata.xml
@@ -0,0 +1,36 @@
+<?xml version="1.0"?>
+
+<vulnerability xmlns="http://www.github/cliffe/SecGen/vulnerability"
+               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+               xsi:schemaLocation="http://www.github/cliffe/SecGen/vulnerability ">
+  <name>Samba Symlink Traversal</name>
+  <author>Thomas Shaw</author>
+  <module_license>MIT</module_license>
+  <description>
+    Samba file server configured with a public anonymously accessible share with read / write permissions and the
+    unix extensions = yes, wide links = yes and allow insecure wide links = yes settings.
+  </description>
+
+  <type>samba</type>
+  <privilege>user</privilege>
+  <access>remote</access>
+  <platform>linux</platform>
+
+  <!--optional vulnerability details-->
+  <difficulty>low</difficulty>
+
+  <!--optional details-->
+  <reference>https://www.samba.org/samba/news/symlink_attack.html</reference>
+  <reference>https://www.rapid7.com/db/modules/auxiliary/admin/smb/samba_symlink_traversal</reference>
+  <software_name>smbd</software_name>
+  <software_license>MIT</software_license>
+
+  <!--optional hints-->
+  <msf_module>auxiliary/admin/smb/samba_symlink_traversal</msf_module>
+
+  <requires>
+    <module_path>modules/services/unix/smb/samba</module_path>
+    <module_path>modules/vulnerabilities/unix/smb/samba_public_writable_share</module_path>
+  </requires>
+
+</vulnerability>
\ No newline at end of file
diff --git a/scenarios/simple_examples/access_control_misconfigurations_uid_less_root.xml b/scenarios/simple_examples/access_control_misconfigurations_uid_less_root.xml
new file mode 100644
index 000000000..525b0b660
--- /dev/null
+++ b/scenarios/simple_examples/access_control_misconfigurations_uid_less_root.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0"?>
+
+<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
+          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+          xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
+
+  <!-- an example remote storage system, with a remotely exploitable vulnerability that can then be escalated to root -->
+  <system>
+    <system_name>access_control_misconfigurations_root</system_name>
+    <base platform="linux"/>
+
+    <vulnerability module_path="modules/vulnerabilities/unix/access_control_misconfigurations/uid_less_root"></vulnerability>
+
+    <network type="private_network" range="dhcp"></network>
+  </system>
+
+</scenario>
diff --git a/scenarios/simple_examples/samba_service.xml b/scenarios/simple_examples/samba_service.xml
index 3e35cfb8a..d97e2d1ef 100644
--- a/scenarios/simple_examples/samba_service.xml
+++ b/scenarios/simple_examples/samba_service.xml
@@ -4,12 +4,12 @@
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
           xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
 
-  <!-- an example remote storage system, with a remotely exploitable vulnerability that can then be escalated to root -->
+  <!-- A secure samba service -->
   <system>
     <system_name>samba_service</system_name>
     <base platform="linux"/>
 
-    <service module_path="modules/services/unix/file_share/samba"></service>
+    <service module_path="modules/services/unix/smb/samba"></service>
 
     <network type="private_network" range="dhcp"></network>
   </system>
diff --git a/scenarios/simple_examples/samba_symlink_traversal_vulnerability.xml b/scenarios/simple_examples/samba_symlink_traversal_vulnerability.xml
new file mode 100644
index 000000000..2a8a3205b
--- /dev/null
+++ b/scenarios/simple_examples/samba_symlink_traversal_vulnerability.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0"?>
+
+<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
+          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+          xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
+
+  <!-- an example remote storage system running samba, with a misconfiguration vulnerability which enables symlink traversal -->
+  <system>
+    <system_name>samba_service</system_name>
+    <base platform="linux"/>
+
+    <vulnerability module_path="modules/vulnerabilities/unix/smb/samba_symlink_traversal"/>
+
+    <network type="private_network" range="dhcp"/>
+  </system>
+
+</scenario>
diff --git a/scenarios/simple_examples/setuid_nmap_escalation_vulnerability.xml b/scenarios/simple_examples/setuid_nmap_escalation_vulnerability.xml
new file mode 100644
index 000000000..3637c6bc3
--- /dev/null
+++ b/scenarios/simple_examples/setuid_nmap_escalation_vulnerability.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0"?>
+
+<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
+          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+          xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
+  <system>
+    <system_name>box_with_remote_user_level_vuln_and_setuid_nmap_priv_escalation</system_name>
+    <base platform="linux"/>
+
+    <!--We need a remote user privilege vulnerability so we can escalate to root with setuid_nmap -->
+    <vulnerability access="remote" privilege="user"/>
+    <vulnerability module_path="modules/vulnerabilities/unix/local/setuid_nmap"/>
+
+    <network type="private_network" range="dhcp"/>
+  </system>
+</scenario>
\ No newline at end of file
diff --git a/scenarios/simple_examples/shellshock_apache_vulnerability.xml b/scenarios/simple_examples/shellshock_apache_vulnerability.xml
new file mode 100644
index 000000000..ab095d2be
--- /dev/null
+++ b/scenarios/simple_examples/shellshock_apache_vulnerability.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0"?>
+
+<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
+          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+          xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
+
+  <system>
+    <system_name>storage_server</system_name>
+    <base platform="linux"/>
+
+    <service module_path="modules/services/unix/http/apache_bash_cgi"/>
+    <vulnerability module_path="modules/vulnerabilities/unix/bash/shellshock"/>
+
+    <network type="private_network" range="dhcp"/>
+  </system>
+
+</scenario>
diff --git a/scenarios/simple_examples/shellshock_vulnerability.xml b/scenarios/simple_examples/shellshock_vulnerability.xml
new file mode 100644
index 000000000..90d4af8d7
--- /dev/null
+++ b/scenarios/simple_examples/shellshock_vulnerability.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0"?>
+
+<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
+          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+          xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
+
+  <system>
+    <system_name>storage_server</system_name>
+    <base platform="linux"/>
+
+    <vulnerability module_path="modules/vulnerabilities/unix/bash/shellshock"/>
+
+    <network type="private_network" range="dhcp"/>
+  </system>
+
+</scenario>
diff --git a/scenarios/simple_examples/smbclient_utility.xml b/scenarios/simple_examples/smbclient_utility.xml
new file mode 100644
index 000000000..abc148d8d
--- /dev/null
+++ b/scenarios/simple_examples/smbclient_utility.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0"?>
+
+<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
+          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+          xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
+
+  <system>
+    <system_name>smbclient_utility</system_name>
+    <base platform="linux"/>
+
+    <utility module_path="modules/utilities/unix/smb/smbclient"></utility>
+
+    <network type="private_network" range="dhcp"></network>
+  </system>
+
+</scenario>
diff --git a/secgen.rb b/secgen.rb
index 9b6f4b4f7..c251a775b 100644
--- a/secgen.rb
+++ b/secgen.rb
@@ -25,6 +25,7 @@ def usage
    build-project, p: builds project (vagrant and puppet config), but does not build VMs
    build-vms [/project/dir], v [project #]: builds VMs from a previously generated project
               (use in combination with --project [dir])
+   list-scenarios: lists all scenarios that can be used with the --scenario option
 "
   exit
 end
@@ -101,6 +102,13 @@ def default_project_dir
   "#{PROJECTS_DIR}/SecGen#{Time.new.strftime("%Y%m%d_%H%M")}"
 end
 
+def list_scenarios
+  Print.info "Full paths to scenario files are displayed below"
+  Dir["#{ROOT_DIR}/scenarios/**/*"].select{ |file| !File.directory? file}.each_with_index do |scenario_name, scenario_number|
+    Print.std "#{scenario_number}) #{scenario_name}"
+  end
+end
+
 # end of method declarations
 # start of program execution
 
@@ -195,6 +203,9 @@ case ARGV[0]
       usage
       exit
     end
+  when 'list-scenarios'
+    list_scenarios
+    exit
   else
     Print.err "Command not valid: #{ARGV[0]}"
     usage