From 2d414d39fae09118ded10111a2400dfd80a0e11e Mon Sep 17 00:00:00 2001
From: bcoles <bcoles@gmail.com>
Date: Thu, 27 Nov 2025 20:46:30 +1100
Subject: [PATCH] Add Linux RISC-V command payload adapters

---
 .../adapters/cmd/linux/http/riscv32le.rb      | 25 ++++++++++
 .../adapters/cmd/linux/http/riscv64le.rb      | 25 ++++++++++
 .../adapters/cmd/linux/https/riscv32le.rb     | 25 ++++++++++
 .../adapters/cmd/linux/https/riscv64le.rb     | 25 ++++++++++
 .../adapters/cmd/linux/tftp/riscv32le.rb      | 25 ++++++++++
 .../adapters/cmd/linux/tftp/riscv64le.rb      | 25 ++++++++++
 spec/modules/payloads_spec.rb                 | 48 +++++++++++++++++++
 7 files changed, 198 insertions(+)
 create mode 100644 modules/payloads/adapters/cmd/linux/http/riscv32le.rb
 create mode 100644 modules/payloads/adapters/cmd/linux/http/riscv64le.rb
 create mode 100644 modules/payloads/adapters/cmd/linux/https/riscv32le.rb
 create mode 100644 modules/payloads/adapters/cmd/linux/https/riscv64le.rb
 create mode 100644 modules/payloads/adapters/cmd/linux/tftp/riscv32le.rb
 create mode 100644 modules/payloads/adapters/cmd/linux/tftp/riscv64le.rb

diff --git a/modules/payloads/adapters/cmd/linux/http/riscv32le.rb b/modules/payloads/adapters/cmd/linux/http/riscv32le.rb
new file mode 100644
index 0000000000000..027b9959c8fe6
--- /dev/null
+++ b/modules/payloads/adapters/cmd/linux/http/riscv32le.rb
@@ -0,0 +1,25 @@
+##
+# This module requires Metasploit: https://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+module MetasploitModule
+  include Msf::Payload::Adapter::Fetch::HTTP
+  include Msf::Payload::Adapter::Fetch::LinuxOptions
+
+  def initialize(info = {})
+    super(
+      update_info(
+        info,
+        'Name' => 'HTTP Fetch',
+        'Description' => 'Fetch and execute an RISC-V 32-bit payload from an HTTP server.',
+        'Author' => ['Brendan Watters', 'Spencer McIntyre', 'bcoles'],
+        'Platform' => 'linux',
+        'Arch' => ARCH_CMD,
+        'License' => MSF_LICENSE,
+        'AdaptedArch' => ARCH_RISCV32LE,
+        'AdaptedPlatform' => 'linux'
+      )
+    )
+  end
+end
diff --git a/modules/payloads/adapters/cmd/linux/http/riscv64le.rb b/modules/payloads/adapters/cmd/linux/http/riscv64le.rb
new file mode 100644
index 0000000000000..b0944fdc2953d
--- /dev/null
+++ b/modules/payloads/adapters/cmd/linux/http/riscv64le.rb
@@ -0,0 +1,25 @@
+##
+# This module requires Metasploit: https://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+module MetasploitModule
+  include Msf::Payload::Adapter::Fetch::HTTP
+  include Msf::Payload::Adapter::Fetch::LinuxOptions
+
+  def initialize(info = {})
+    super(
+      update_info(
+        info,
+        'Name' => 'HTTP Fetch',
+        'Description' => 'Fetch and execute an RISC-V 64-bit payload from an HTTP server.',
+        'Author' => ['Brendan Watters', 'Spencer McIntyre', 'bcoles'],
+        'Platform' => 'linux',
+        'Arch' => ARCH_CMD,
+        'License' => MSF_LICENSE,
+        'AdaptedArch' => ARCH_RISCV64LE,
+        'AdaptedPlatform' => 'linux'
+      )
+    )
+  end
+end
diff --git a/modules/payloads/adapters/cmd/linux/https/riscv32le.rb b/modules/payloads/adapters/cmd/linux/https/riscv32le.rb
new file mode 100644
index 0000000000000..6234d53b32321
--- /dev/null
+++ b/modules/payloads/adapters/cmd/linux/https/riscv32le.rb
@@ -0,0 +1,25 @@
+##
+# This module requires Metasploit: https://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+module MetasploitModule
+  include Msf::Payload::Adapter::Fetch::Https
+  include Msf::Payload::Adapter::Fetch::LinuxOptions
+
+  def initialize(info = {})
+    super(
+      update_info(
+        info,
+        'Name' => 'HTTPS Fetch',
+        'Description' => 'Fetch and execute an RISC-V 32-bit payload from an HTTPS server.',
+        'Author' => ['Brendan Watters', 'Spencer McIntyre', 'bcoles'],
+        'Platform' => 'linux',
+        'Arch' => ARCH_CMD,
+        'License' => MSF_LICENSE,
+        'AdaptedArch' => ARCH_RISCV32LE,
+        'AdaptedPlatform' => 'linux'
+      )
+    )
+  end
+end
diff --git a/modules/payloads/adapters/cmd/linux/https/riscv64le.rb b/modules/payloads/adapters/cmd/linux/https/riscv64le.rb
new file mode 100644
index 0000000000000..c696e778471a8
--- /dev/null
+++ b/modules/payloads/adapters/cmd/linux/https/riscv64le.rb
@@ -0,0 +1,25 @@
+##
+# This module requires Metasploit: https://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+module MetasploitModule
+  include Msf::Payload::Adapter::Fetch::Https
+  include Msf::Payload::Adapter::Fetch::LinuxOptions
+
+  def initialize(info = {})
+    super(
+      update_info(
+        info,
+        'Name' => 'HTTPS Fetch',
+        'Description' => 'Fetch and execute an RISC-V 64-bit payload from an HTTPS server.',
+        'Author' => ['Brendan Watters', 'Spencer McIntyre', 'bcoles'],
+        'Platform' => 'linux',
+        'Arch' => ARCH_CMD,
+        'License' => MSF_LICENSE,
+        'AdaptedArch' => ARCH_RISCV64LE,
+        'AdaptedPlatform' => 'linux'
+      )
+    )
+  end
+end
diff --git a/modules/payloads/adapters/cmd/linux/tftp/riscv32le.rb b/modules/payloads/adapters/cmd/linux/tftp/riscv32le.rb
new file mode 100644
index 0000000000000..d39c9a66225e2
--- /dev/null
+++ b/modules/payloads/adapters/cmd/linux/tftp/riscv32le.rb
@@ -0,0 +1,25 @@
+##
+# This module requires Metasploit: https://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+module MetasploitModule
+  include Msf::Payload::Adapter::Fetch::TFTP
+  include Msf::Payload::Adapter::Fetch::LinuxOptions
+
+  def initialize(info = {})
+    super(
+      update_info(
+        info,
+        'Name' => 'TFTP Fetch',
+        'Description' => 'Fetch and execute an RISC-V 32-bit payload from a TFTP server.',
+        'Author' => ['Brendan Watters', 'Spencer McIntyre', 'bcoles'],
+        'Platform' => 'linux',
+        'Arch' => ARCH_CMD,
+        'License' => MSF_LICENSE,
+        'AdaptedArch' => ARCH_RISCV32LE,
+        'AdaptedPlatform' => 'linux'
+      )
+    )
+  end
+end
diff --git a/modules/payloads/adapters/cmd/linux/tftp/riscv64le.rb b/modules/payloads/adapters/cmd/linux/tftp/riscv64le.rb
new file mode 100644
index 0000000000000..7b4c3bac15301
--- /dev/null
+++ b/modules/payloads/adapters/cmd/linux/tftp/riscv64le.rb
@@ -0,0 +1,25 @@
+##
+# This module requires Metasploit: https://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+module MetasploitModule
+  include Msf::Payload::Adapter::Fetch::TFTP
+  include Msf::Payload::Adapter::Fetch::LinuxOptions
+
+  def initialize(info = {})
+    super(
+      update_info(
+        info,
+        'Name' => 'TFTP Fetch',
+        'Description' => 'Fetch and execute an RISC-V 64-bit payload from a TFTP server.',
+        'Author' => ['Brendan Watters', 'Spencer McIntyre', 'bcoles'],
+        'Platform' => 'linux',
+        'Arch' => ARCH_CMD,
+        'License' => MSF_LICENSE,
+        'AdaptedArch' => ARCH_RISCV64LE,
+        'AdaptedPlatform' => 'linux'
+      )
+    )
+  end
+end
diff --git a/spec/modules/payloads_spec.rb b/spec/modules/payloads_spec.rb
index d276cdecd8661..e553e1091871e 100644
--- a/spec/modules/payloads_spec.rb
+++ b/spec/modules/payloads_spec.rb
@@ -516,6 +516,22 @@
                           reference_name: 'cmd/linux/http/mips64'
   end
 
+  context 'cmd/linux/http/riscv32le' do
+    it_should_behave_like 'payload is not cached',
+                          ancestor_reference_names: [
+                            'adapters/cmd/linux/http/riscv32le'
+                          ],
+                          reference_name: 'cmd/linux/http/riscv32le'
+  end
+
+  context 'cmd/linux/http/riscv64le' do
+    it_should_behave_like 'payload is not cached',
+                          ancestor_reference_names: [
+                            'adapters/cmd/linux/http/riscv64le'
+                          ],
+                          reference_name: 'cmd/linux/http/riscv64le'
+  end
+
   context 'cmd/linux/https/mips64' do
     it_should_behave_like 'payload is not cached',
                           ancestor_reference_names: [
@@ -677,6 +693,22 @@
                           reference_name: 'cmd/linux/tftp/mipsle'
   end
 
+  context 'cmd/linux/https/riscv32le' do
+    it_should_behave_like 'payload is not cached',
+                          ancestor_reference_names: [
+                            'adapters/cmd/linux/https/riscv32le'
+                          ],
+                          reference_name: 'cmd/linux/https/riscv32le'
+  end
+
+  context 'cmd/linux/https/riscv64le' do
+    it_should_behave_like 'payload is not cached',
+                          ancestor_reference_names: [
+                            'adapters/cmd/linux/https/riscv64le'
+                          ],
+                          reference_name: 'cmd/linux/https/riscv64le'
+  end
+
   context 'cmd/linux/http/ppc' do
     it_should_behave_like 'payload is not cached',
                           ancestor_reference_names: [
@@ -749,6 +781,22 @@
                           reference_name: 'cmd/linux/tftp/ppc64le'
   end
 
+  context 'cmd/linux/tftp/riscv32le' do
+    it_should_behave_like 'payload is not cached',
+                          ancestor_reference_names: [
+                            'adapters/cmd/linux/tftp/riscv32le'
+                          ],
+                          reference_name: 'cmd/linux/tftp/riscv32le'
+  end
+
+  context 'cmd/linux/tftp/riscv64le' do
+    it_should_behave_like 'payload is not cached',
+                          ancestor_reference_names: [
+                            'adapters/cmd/linux/tftp/riscv64le'
+                          ],
+                          reference_name: 'cmd/linux/tftp/riscv64le'
+  end
+
   context 'cmd/linux/http/x86' do
     it_should_behave_like 'payload is not cached',
                           ancestor_reference_names: [