diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml
new file mode 100644
index 00000000..cd5b20df
--- /dev/null
+++ b/.github/workflows/verify.yml
@@ -0,0 +1,490 @@
+name: Verify
+
+# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
+permissions:
+  actions: none
+  checks: none
+  contents: read
+  deployments: none
+  id-token: none
+  issues: none
+  discussions: none
+  packages: none
+  pages: none
+  pull-requests: none
+  repository-projects: none
+  security-events: none
+  statuses: none
+
+on:
+  push:
+    branches:
+      - 'master'
+  pull_request:
+    branches:
+      - '*'
+
+jobs:
+  # The job checkout structure is:
+  #  .
+  #  ├── metasploit-omnibus
+  #  └── metasploit-framework (Only if ARM or Windows builds)
+  #
+  docker_arm:
+    runs-on: ${{ matrix.os }}
+    timeout-minutes: 600
+
+    strategy:
+      fail-fast: false
+      matrix:
+        os:
+          - ubuntu-latest
+        # From: 'ls ./docker/'
+        docker:
+          # Skipped as not working
+          # - { dockerfile: 'debian-aarch64', previousImage: '' }
+          - { name: 'debian-armv7', previousDockerhubImage: 'rapid7/msf-debian-armv7-omnibus:2020_03' }
+
+    name: ${{ matrix.os }} - ${{ matrix.docker.name }}
+    steps:
+      - name: Checkout omnibus
+        uses: actions/checkout@v4
+        with:
+          path: metasploit-omnibus
+
+      - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36
+        id: changes
+        with:
+          filters: |
+            docker:
+              - 'docker/**'
+          working-directory: metasploit-omnibus
+
+      # Set the env vars for either a new build, or a previously successful build
+      - name: Set docker build metadata
+        run: |
+          export BUILD_DATE=$(date "+%Y_%m")
+          echo "BUILD_DATE=$BUILD_DATE" >> "$GITHUB_ENV"
+          if test "${HAS_MODIFIED_DOCKERFILES}" = 'true'; then
+            echo 'New build required'
+            echo "DOCKER_IMAGE=rapid7/${DOCKER_NAME}-omnibus:${BUILD_DATE}" >> "$GITHUB_ENV"
+          else
+            echo 'Reusing old image'
+            echo "DOCKER_IMAGE=${PREVIOUS_DOCKERHUB_IMAGE}" >> "$GITHUB_ENV"
+          fi
+        env:
+          HAS_MODIFIED_DOCKERFILES: ${{ steps.changes.outputs.docker }}
+          DOCKER_NAME: ${{ matrix.docker.name }}
+          PREVIOUS_DOCKERHUB_IMAGE: ${{ matrix.docker.previousDockerhubImage }}
+
+      - name: Build Docker image
+        if: steps.changes.outputs.docker == 'true'
+        run: |
+          /bin/bash -x -c "cd metasploit-omnibus && docker build --tag ${DOCKER_IMAGE} -f ./docker/${DOCKER_NAME}/Dockerfile ./docker/${DOCKER_NAME}"
+        env:
+          DOCKER_NAME: ${{ matrix.docker.name }}
+
+      # Checkout again - but with the submodules enabled to start a real build
+      - name: Checkout omnibus and submodules
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+          path: metasploit-omnibus
+
+      # Checkout framework
+      - name: Checkout metasploit-framework code
+        uses: actions/checkout@v4
+        with:
+          repository: rapid7/metasploit-framework
+          path: metasploit-framework
+          # If testing a custom branch is required
+          # ref: 'update-bundler-version'
+
+      - name: Run omnibus
+        run: |
+          echo "Building new image from ${DOCKER_IMAGE}"
+          mkdir -p metasploit-omnibus/certs
+          curl -L -o metasploit-omnibus/certs/ca-certificates.crt https://curl.haxx.se/ca/cacert.pem
+          cat > Dockerfile_temp <<EOF
+          FROM ${DOCKER_IMAGE}
+          RUN ["cross-build-start"]
+          COPY metasploit-omnibus /metasploit-omnibus
+          COPY metasploit-framework /metasploit-framework
+          RUN bash -l -c "cd /metasploit-omnibus && make"
+          RUN ["cross-build-end"]
+          EOF
+          cat > Dockerfile_temp.dockerignore <<EOF
+          *
+          !metasploit-omnibus
+          !metasploit-framework
+          EOF
+
+          export TEMP_DOCKER_IMAGE=${DOCKER_IMAGE}-build-artifacts
+          docker build --no-cache --rm --tag ${TEMP_DOCKER_IMAGE} --file Dockerfile_temp .
+
+          # Create the temp image and copy out the build assets
+          id=$(docker create ${TEMP_DOCKER_IMAGE})
+          docker cp $id:/metasploit-omnibus/pkg metasploit-omnibus
+          docker rm -v $id
+          docker rmi ${TEMP_DOCKER_IMAGE}
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: metasploit-${{ matrix.docker.name }}-installers
+          path: |
+            metasploit-omnibus/pkg/*.pkg
+            metasploit-omnibus/pkg/*.rpm
+            metasploit-omnibus/pkg/*.msi
+            metasploit-omnibus/pkg/*.deb
+          retention-days: 1
+
+  docker_intel:
+    runs-on: ${{ matrix.os }}
+    timeout-minutes: 180
+
+    strategy:
+      fail-fast: false
+      matrix:
+        os:
+          - ubuntu-latest
+        # From: 'ls ./docker/'
+        docker:
+          - name: 'centos6-x64'
+            previousDockerhubImage: 'rapid7/msf-centos6-x64-omnibus:2020_03'
+            installer: 'sudo rpm -i metasploit-omnibus/pkg/metasploit-framework*.rpm'
+          # Currently fails as it uses an older Ruby version:
+          - name: 'fedora30-x64'
+            # XXX: Previous dockerhub image fails as using Ruby 2.5.3 still
+            previousDockerhubImage: 'rapid7/msf-fedora30-x64-omnibus:2019_09'
+            installer: 'sudo rpm -i metasploit-omnibus/pkg/metasploit-framework*.rpm'
+          # Currently fails on rate limiting on Kali's side:
+          # - name: 'kali109-x64'
+          #   previousDockerhubImage: 'rapid7/msf-kali109-x64-omnibus:2020_03'
+          #   installer: 'sudo dpkg -i metasploit-omnibus/pkg/metasploit-framework_*_amd64.deb'
+          - name: 'ubuntu1204-x64'
+            previousDockerhubImage: 'rapid7/msf-ubuntu1204-x86-omnibus:2021_11'
+            installer: 'sudo dpkg -i metasploit-omnibus/pkg/*.deb'
+          - name: 'ubuntu1204-x86'
+            previousDockerhubImage: 'rapid7/msf-ubuntu1204-x64-omnibus:2019_01'
+            linux32: true
+            installer: 'sudo dpkg -i metasploit-omnibus/pkg/metasploit-framework_*_i386.deb'
+          - name: 'ubuntu1804-x64'
+            previousDockerhubImage: 'rapid7/msf-ubuntu1804-x64-omnibus:2019_09'
+            installer: 'sudo dpkg -i metasploit-omnibus/pkg/metasploit-framework_*_amd64.deb'
+
+    name: ${{ matrix.os }} - ${{ matrix.docker.name }}
+    steps:
+      - name: Checkout omnibus
+        uses: actions/checkout@v4
+        with:
+          path: metasploit-omnibus
+
+      - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36
+        id: changes
+        with:
+          filters: |
+            docker:
+              - 'docker/**'
+          working-directory: metasploit-omnibus
+
+      # Set the env vars for either a new build, or a previously successful build
+      - name: Set docker build metadata
+        run: |
+          export BUILD_DATE=$(date "+%Y_%m")
+          echo "BUILD_DATE=$BUILD_DATE" >> "$GITHUB_ENV"
+          if test "${HAS_MODIFIED_DOCKERFILES}" = 'true'; then
+            echo 'New build required'
+            echo "DOCKER_IMAGE=rapid7/${DOCKER_NAME}-omnibus:${BUILD_DATE}" >> "$GITHUB_ENV"
+          else
+            echo 'Reusing old image'
+            echo "DOCKER_IMAGE=${PREVIOUS_DOCKERHUB_IMAGE}" >> "$GITHUB_ENV"
+          fi
+        env:
+          HAS_MODIFIED_DOCKERFILES: ${{ steps.changes.outputs.docker }}
+          DOCKER_NAME: ${{ matrix.docker.name }}
+          PREVIOUS_DOCKERHUB_IMAGE: ${{ matrix.docker.previousDockerhubImage }}
+
+      - name: Build Docker image
+        if: steps.changes.outputs.docker == 'true'
+        run: |
+          /bin/bash -x -c "cd metasploit-omnibus && docker build --tag ${DOCKER_IMAGE} -f ./docker/${IMAGE_NAME}/Dockerfile ./docker/${IMAGE_NAME}"
+        env:
+          IMAGE_NAME: ${{ matrix.docker.name }}
+
+      # Checkout again - but with the submodules enabled to start a real build
+      - name: Checkout omnibus and submodules
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+          path: metasploit-omnibus
+
+      - name: Run omnibus
+        run: |
+          mkdir -p metasploit-omnibus/certs
+          curl -L -o metasploit-omnibus/certs/ca-certificates.crt https://curl.haxx.se/ca/cacert.pem
+
+          # If required, change reported architecture in new program environment and set personality flags
+          if [ ! -z "${LINUX32}" ] ; then
+            echo 'setting linux32'
+            /bin/bash -x -c "docker run --rm --volume $(pwd):$(pwd) --workdir $(pwd) --user jenkins ${DOCKER_IMAGE} linux32 /bin/bash -l -c 'cd metasploit-omnibus && ARCH=x86_64 make'"
+          else
+            /bin/bash -x -c "docker run --rm --volume $(pwd):$(pwd) --workdir $(pwd) --user jenkins ${DOCKER_IMAGE} /bin/bash -l -c 'cd metasploit-omnibus && make'"
+          fi
+        env:
+          LINUX32: ${{ matrix.docker.linux32 }}
+
+      - name: Test artifact
+        run: |
+          echo "Testing artifact"
+
+          cat > test_script.sh <<EOF
+          #!/bin/bash -ex
+          find metasploit-omnibus/pkg
+          $INSTALL_ARTIFACT
+
+          mkdir ~/.msf4; touch ~/.msf4/initial_setup_complete
+
+          msfconsole -qx 'setg variable test; version; exit'
+          msfvenom -p windows/meterpreter/reverse_tcp -f exe -o test.exe
+          msfd -h
+          msfrpc -h
+          msfrpcd -h
+          msfdb -h
+          msfbinscan -h
+          msfrop -h
+          msfelfscan -h
+          msfmachscan -h
+          msfpescan -h
+          # msfupdate
+          EOF
+
+          chmod +x ./test_script.sh
+
+          # If required, change reported architecture in new program environment and set personality flags
+          if [ ! -z "${LINUX32}" ] ; then
+            echo 'setting linux32'
+            /bin/bash -x -c "docker run --rm --volume $(pwd):$(pwd) --workdir $(pwd) --user jenkins ${DOCKER_IMAGE} linux32 /bin/bash -l -c './test_script.sh'"
+          else
+            /bin/bash -x -c "docker run --rm --volume $(pwd):$(pwd) --workdir $(pwd) --user jenkins ${DOCKER_IMAGE} /bin/bash -l -c './test_script.sh'"
+          fi
+        env:
+          LINUX32: ${{ matrix.docker.linux32 }}
+          INSTALL_ARTIFACT: ${{ matrix.docker.installer }}
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: metasploit-${{ matrix.docker.name }}-installers
+          path: |
+            metasploit-omnibus/pkg/*.pkg
+            metasploit-omnibus/pkg/*.rpm
+            metasploit-omnibus/pkg/*.msi
+            metasploit-omnibus/pkg/*.deb
+          retention-days: 1
+
+  osx:
+    runs-on: ${{ matrix.os }}
+    timeout-minutes: 180
+
+    strategy:
+      fail-fast: false
+      matrix:
+        os:
+          - macos-11
+        ruby:
+          - 3.0.6
+
+    name: ${{ matrix.os }}
+    steps:
+      - name: Checkout omnibus
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+          path: metasploit-omnibus
+
+      - name: Setup Ruby
+        env:
+          BUNDLE_FORCE_RUBY_PLATFORM: true
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
+          cache-version: 4
+          working-directory: metasploit-omnibus
+
+      - name: Run omnibus
+        run: |
+          sudo mkdir -p /var/cache/omnibus
+          sudo mkdir -p /opt/metasploit-framework
+          sudo chown `whoami` /var/cache/omnibus
+          sudo chown `whoami` /opt/metasploit-framework
+
+          cd metasploit-omnibus
+          make
+
+      - name: Test artifact
+        run: |
+          echo "Testing artifact"
+
+          sudo rm -rf /opt/metasploit-framework
+          /usr/bin/find metasploit-omnibus/pkg
+          PACKAGE=$(pwd)/$(/usr/bin/find metasploit-omnibus/pkg/metasploit*.pkg | head -n 1)
+          sudo installer -pkg ${PACKAGE} -target /
+
+          /opt/metasploit-framework/bin/msfconsole -qx 'setg variable test; version; exit'
+          /opt/metasploit-framework/bin/msfvenom -p windows/meterpreter/reverse_tcp -f exe -o test.exe
+          /opt/metasploit-framework/bin/msfd -h
+          /opt/metasploit-framework/bin/msfrpc -h
+          /opt/metasploit-framework/bin/msfrpcd -h
+          /opt/metasploit-framework/bin/msfdb -h
+          /opt/metasploit-framework/bin/msfbinscan -h
+          /opt/metasploit-framework/bin/msfrop -h
+          /opt/metasploit-framework/bin/msfelfscan -h
+          /opt/metasploit-framework/bin/msfmachscan -h
+          /opt/metasploit-framework/bin/msfpescan -h
+          # /opt/metasploit-framework/bin/msfupdate
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: metasploit-osx-installers
+          path: |
+            metasploit-omnibus/pkg/*.pkg
+            metasploit-omnibus/pkg/*.rpm
+            metasploit-omnibus/pkg/*.msi
+            metasploit-omnibus/pkg/*.deb
+          retention-days: 1
+
+  windows:
+    runs-on: ${{ matrix.os }}
+    timeout-minutes: 180
+
+    strategy:
+      fail-fast: false
+      matrix:
+        os:
+          - windows-2022
+        ruby:
+          - 3.0.6
+
+    name: ${{ matrix.os }}
+    steps:
+      # https://github.com/actions/runner-images/issues/5143
+      # https://github.com/actions/runner-images/issues/9701
+      - name: Install visual studio components
+        run: |
+          Set-Location "C:\Program Files (x86)\Microsoft Visual Studio\Installer\"
+          $InstallPath = "C:\Program Files\Microsoft Visual Studio\2022\Enterprise"
+          $componentsToRemove= @(
+            "Microsoft.VisualStudio.Component.VC.Redist.MSM"
+          )
+          [string]$workloadArgs = $componentsToRemove | ForEach-Object {" --add " +  $_}
+          $Arguments = ('/c', "vs_installer.exe", 'modify', '--installPath', "`"$InstallPath`"",$workloadArgs, '--quiet', '--norestart', '--nocache')
+          # should be run twice
+          $process = Start-Process -FilePath cmd.exe -ArgumentList $Arguments -Wait -PassThru -WindowStyle Hidden
+          $process = Start-Process -FilePath cmd.exe -ArgumentList $Arguments -Wait -PassThru -WindowStyle Hidden
+
+      - name: Checkout omnibus
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+          path: metasploit-omnibus
+
+      - name: Setup Ruby
+        env:
+          BUNDLE_FORCE_RUBY_PLATFORM: true
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: false
+          cache-version: 4
+          working-directory: metasploit-omnibus
+          # Github actions with Ruby requires Bundler 2.2.18+
+          # https://github.com/ruby/setup-ruby/tree/d2b39ad0b52eca07d23f3aa14fdf2a3fcc1f411c#windows
+          bundler: 2.2.33
+
+      # If you need to build a custom version of pcaprub:
+      # - name: Checkout pcaprub
+      #   uses: actions/checkout@v4
+      #   with:
+      #     repository: pcaprub/pcaprub
+      #     path: pcaprub
+      #     ref: '5440ca93dafd15e7d3bb009fc1bb9a15e80d03f9'
+
+      # - name: Create pcaprub gem
+      #   run: |
+      #     cd pcaprub
+      #     bundle
+      #     rake gem
+
+      # Checkout framework
+      - name: Checkout metasploit-framework code
+        uses: actions/checkout@v4
+        with:
+          repository: rapid7/metasploit-framework
+          path: metasploit-framework
+
+      - name: Extract xz files
+        run: |
+          cd metasploit-omnibus
+          xz -d local/cache/*.xz
+          ls local/cache
+
+      - name: Run omnibus
+        shell: cmd
+        env:
+          MSYSTEM: MINGW64
+        run: |
+          cd metasploit-omnibus
+          make dependencies
+
+          rem Don't run the main build itself under `make`, as the process will be spawned under msys2
+          rem and the ridk.cmd Ruby installer will forcibly kill the msys2 process before attempting to install ruby
+          ruby bin/omnibus build metasploit-framework
+
+      # Currently hangs on Github actions - but passes locally, potential cause within the debug.log file:
+      #
+      #     Info 1603.The file C:\Windows\system32\vcruntime140_1.dll is being held in use.  Close that application and retry.
+      #
+      # - name: Test artifact
+      #   shell: pwsh
+      #   run: |
+      #     Set-PSDebug -Trace 1
+      #     echo "Testing artifact"
+
+      #     Remove-Item c:\metasploit-framework -Recurse -ErrorAction Ignore
+
+      #     dir metasploit-omnibus\pkg
+
+      #     echo '' > debug.log
+      #     $artifact = (Get-ChildItem -Path "metasploit-omnibus/pkg/*.msi")[0].Name
+      #     $install_process = Start-Process msiexec.exe -ArgumentList "/i metasploit-omnibus\pkg\$artifact /quiet /qn /l*v debug.log" -NoNewWindow -PassThru
+      #     $log_process = Start-Process "powershell" "Get-Content -Path debug.log -Wait" -NoNewWindow -PassThru
+      #     $install_process.WaitForExit()
+      #     $log_process.Kill()
+      #     echo "finished install"
+
+      #     c:\metasploit-framework\bin\msfconsole -qx 'setg variable test; version; exit'
+      #     c:\metasploit-framework\bin\msfvenom -p windows/meterpreter/reverse_tcp -f exe -o test.exe
+      #     c:\metasploit-framework\bin\msfd -h
+      #     c:\metasploit-framework\bin\msfrpc -h
+      #     c:\metasploit-framework\bin\msfrpcd -h
+      #     c:\metasploit-framework\bin\msfdb -h
+      #     c:\metasploit-framework\bin\msfbinscan -h
+      #     c:\metasploit-framework\bin\msfrop -h
+      #     c:\metasploit-framework\bin\msfelfscan -h
+      #     c:\metasploit-framework\bin\msfmachscan -h
+      #     c:\metasploit-framework\bin\msfpescan -h
+      #     c:\metasploit-framework\bin\msfupdate
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: metasploit-windows-installers
+          path: |
+            metasploit-omnibus/pkg/*.pkg
+            metasploit-omnibus/pkg/*.rpm
+            metasploit-omnibus/pkg/*.msi
+            metasploit-omnibus/pkg/*.deb
+          retention-days: 1
diff --git a/.gitignore b/.gitignore
index 3bde6d1a..b23098a8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -9,6 +9,7 @@ pkg/*
 bin/*
 files/**/cache/
 vendor/cookbooks
+certs
 .idea
 
 # RVM management
diff --git a/.ruby-version b/.ruby-version
index 57cf282e..818bd47a 100644
--- a/.ruby-version
+++ b/.ruby-version
@@ -1 +1 @@
-2.6.5
+3.0.6
diff --git a/.travis.yml b/.travis.yml
deleted file mode 100644
index f8482330..00000000
--- a/.travis.yml
+++ /dev/null
@@ -1,17 +0,0 @@
-language: ruby
-cache: bundler
-before_install:
-  - bundle install --binstubs
-  - sudo apt install fakeroot
-  - sudo mkdir /var/cache/omnibus
-  - sudo chown travis /var/cache/omnibus
-  - sudo mkdir /opt/metasploit-framework
-  - sudo chown travis /opt/metasploit-framework
-  - git config --global user.name "Travis-CI"
-  - git config --global user.email "nobody@example.com"
-script:
-  - ./bin/omnibus build metasploit-framework
-rvm:
-  - '2.3.3'
-notifications:
-  irc: "irc.freenode.org#msfnotify"
diff --git a/Gemfile b/Gemfile
index 7c2d116e..31aeedb7 100644
--- a/Gemfile
+++ b/Gemfile
@@ -2,7 +2,7 @@ source 'https://rubygems.org'
 
 # Install omnibus
 # gem 'omnibus', '~> 4.0'
-gem 'omnibus', git: 'https://github.com/rapid7/omnibus', branch: 'r7_8.2.4_custom'
+gem 'omnibus', git: 'https://github.com/rapid7/omnibus', branch: 'r7_9.0.23_custom'
 
 # Use Chef's software definitions. It is recommended that you write your own
 # software definitions, but you can clone/fork Chef's to get you started.
diff --git a/Gemfile.lock b/Gemfile.lock
index d02d0b47..3f031e17 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,10 +1,10 @@
 GIT
   remote: https://github.com/rapid7/omnibus
-  revision: 5b238e62088797782f6b7ca1ddda3a0e7128c224
-  branch: r7_8.2.4_custom
+  revision: c6dc312d985e85fb35b8e9f8e49b607abd91665c
+  branch: r7_9.0.23_custom
   specs:
-    omnibus (8.2.4)
-      aws-sdk-s3 (~> 1)
+    omnibus (9.0.23)
+      aws-sdk-s3 (~> 1.116.0)
       chef-cleanroom (~> 1.0)
       chef-utils (>= 15.4)
       contracts (>= 0.16.0, < 0.17.0)
@@ -12,113 +12,117 @@ GIT
       license_scout (~> 1.0)
       mixlib-shellout (>= 2.0, < 4.0)
       mixlib-versioning
-      ohai (>= 15, < 17)
+      ohai (>= 16, < 19)
       pedump
+      rexml (~> 3.2)
       ruby-progressbar (~> 1.7)
       thor (>= 0.18, < 2.0)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    addressable (2.8.0)
-      public_suffix (>= 2.0.2, < 5.0)
+    addressable (2.8.6)
+      public_suffix (>= 2.0.2, < 6.0)
     awesome_print (1.9.2)
-    aws-eventstream (1.2.0)
-    aws-partitions (1.522.0)
-    aws-sdk-core (3.121.5)
-      aws-eventstream (~> 1, >= 1.0.2)
-      aws-partitions (~> 1, >= 1.520.1)
-      aws-sigv4 (~> 1.1)
-      jmespath (~> 1.0)
-    aws-sdk-kms (1.50.0)
-      aws-sdk-core (~> 3, >= 3.121.2)
+    aws-eventstream (1.3.0)
+    aws-partitions (1.916.0)
+    aws-sdk-core (3.192.1)
+      aws-eventstream (~> 1, >= 1.3.0)
+      aws-partitions (~> 1, >= 1.651.0)
+      aws-sigv4 (~> 1.8)
+      jmespath (~> 1, >= 1.6.1)
+    aws-sdk-kms (1.79.0)
+      aws-sdk-core (~> 3, >= 3.191.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-s3 (1.104.0)
-      aws-sdk-core (~> 3, >= 3.121.2)
+    aws-sdk-s3 (1.116.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.4)
-    aws-sigv4 (1.4.0)
+    aws-sigv4 (1.8.0)
       aws-eventstream (~> 1, >= 1.0.2)
     byebug (11.1.3)
-    chef-cleanroom (1.0.4)
-    chef-config (16.16.13)
+    chef-cleanroom (1.0.5)
+    chef-config (18.4.12)
       addressable
-      chef-utils (= 16.16.13)
+      chef-utils (= 18.4.12)
       fuzzyurl
       mixlib-config (>= 2.2.12, < 4.0)
       mixlib-shellout (>= 2.0, < 4.0)
       tomlrb (~> 1.2)
-    chef-utils (16.16.13)
+    chef-utils (18.4.12)
+      concurrent-ruby
     citrus (3.0.2)
     coderay (1.1.3)
+    concurrent-ruby (1.2.3)
     contracts (0.16.1)
-    ffi (1.15.4)
-    ffi-yajl (2.4.0)
+    ffi (1.16.3)
+    ffi-yajl (2.6.0)
       libyajl2 (>= 1.2)
     fuzzyurl (0.9.0)
-    iostruct (0.0.4)
+    iostruct (0.0.5)
     ipaddress (0.8.3)
     jmespath (1.6.2)
-    json (2.6.1)
+    json (2.7.2)
     libyajl2 (2.1.0)
-    license_scout (1.2.13)
+    license_scout (1.3.7)
       ffi-yajl (~> 2.2)
       mixlib-shellout (>= 2.2, < 4.0)
       toml-rb (>= 1, < 3)
     method_source (1.0.0)
     mixlib-cli (2.1.8)
-    mixlib-config (3.0.9)
+    mixlib-config (3.0.27)
       tomlrb
     mixlib-log (3.0.9)
-    mixlib-shellout (3.2.5)
+    mixlib-shellout (3.2.7)
       chef-utils
     mixlib-versioning (1.2.12)
-    multipart-post (2.1.1)
-    net-scp (3.0.0)
-      net-ssh (>= 2.6.5, < 7.0.0)
-    net-ssh (6.1.0)
-    ohai (16.13.0)
-      chef-config (>= 12.8, < 17)
-      chef-utils (>= 16.0, < 17)
+    multipart-post (2.4.0)
+    net-scp (4.0.0)
+      net-ssh (>= 2.6.5, < 8.0.0)
+    net-ssh (7.2.3)
+    ohai (18.1.3)
+      chef-config (>= 14.12, < 19)
+      chef-utils (>= 16.0, < 19)
       ffi (~> 1.9)
       ffi-yajl (~> 2.2)
       ipaddress
       mixlib-cli (>= 1.7.0)
       mixlib-config (>= 2.0, < 4.0)
       mixlib-log (>= 2.0.1, < 4.0)
-      mixlib-shellout (>= 2.0, < 4.0)
+      mixlib-shellout (~> 3.2, >= 3.2.5)
       plist (~> 3.1)
       train-core
       wmi-lite (~> 1.0)
-    pedump (0.6.2)
+    pedump (0.6.7)
       awesome_print
       iostruct (>= 0.0.4)
       multipart-post (>= 2.0.0)
       rainbow
       zhexdump (>= 0.0.2)
-    plist (3.6.0)
-    pry (0.13.1)
+    plist (3.7.1)
+    pry (0.14.2)
       coderay (~> 1.1)
       method_source (~> 1.0)
-    pry-byebug (3.9.0)
+    pry-byebug (3.10.1)
       byebug (~> 11.0)
-      pry (~> 0.13.0)
-    public_suffix (4.0.6)
-    rainbow (3.0.0)
-    ruby-progressbar (1.11.0)
-    thor (1.1.0)
-    toml-rb (2.1.0)
+      pry (>= 0.13, < 0.15)
+    public_suffix (5.0.5)
+    rainbow (3.1.1)
+    rexml (3.2.6)
+    ruby-progressbar (1.13.0)
+    thor (1.3.1)
+    toml-rb (2.2.0)
       citrus (~> 3.0, > 3.0)
     tomlrb (1.3.0)
-    train-core (3.8.1)
+    train-core (3.12.3)
       addressable (~> 2.5)
       ffi (!= 1.13.0)
       json (>= 1.8, < 3.0)
       mixlib-shellout (>= 2.0, < 4.0)
-      net-scp (>= 1.2, < 4.0)
-      net-ssh (>= 2.9, < 7.0)
-    wmi-lite (1.0.5)
-    zhexdump (0.0.2)
+      net-scp (>= 1.2, < 5.0)
+      net-ssh (>= 2.9, < 8.0)
+    wmi-lite (1.0.7)
+    zhexdump (0.1.0)
 
 PLATFORMS
   ruby
@@ -128,4 +132,4 @@ DEPENDENCIES
   pry-byebug
 
 BUNDLED WITH
-   2.1.4
+   2.2.33
diff --git a/Makefile b/Makefile
new file mode 100644
index 00000000..d1682201
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,27 @@
+.DEFAULT_GOAL := all
+
+.PHONY: all
+all: certs/ca-certificates.crt dependencies
+	# export SSL_CERT_FILE=${PWD}/certs/ca-certificates.crt
+
+	# build the metasploit-framework package
+	ruby bin/omnibus build metasploit-framework
+
+.PHONY: dependencies
+dependencies:
+	# Ensure consistent bundler versions
+	gem install bundler -v 2.2.3
+
+	# install omnibus' dependencies
+	bundle install
+	bundle binstubs --all
+
+	gem install win32-process -v 0.9.0
+
+certs/ca-certificates.crt:
+	mkdir -p certs
+	curl -L -o certs/ca-certificates.crt https://curl.haxx.se/ca/cacert.pem
+
+.PHONY: clean
+clean:
+	bin/omnibus clean metasploit-framework
diff --git a/README.md b/README.md
index ff4425fe..a03272a4 100644
--- a/README.md
+++ b/README.md
@@ -26,7 +26,19 @@ You can build images yourself:
 ```shell
 git clone https://github.com/rapid7/metasploit-omnibus.git
 cd metasploit-omnibus
-docker build --tag metasploit-omnibus-builder - < ./docker/kali109-x64/Dockerfile
+docker build --tag metasploit-omnibus-builder - < ./docker/ubuntu1204-x86/Dockerfile
+```
+
+Or on OSX you can use the following script to build all images following the latest Docker image naming convention:
+
+```shell
+export BUILD_DATE=$(date "+%Y_%m"); ls ./docker | xargs -I IMAGE_NAME /bin/bash -x -c "docker build --tag rapid7/msf-IMAGE_NAME-omnibus:$BUILD_DATE -f ./docker/IMAGE_NAME/Dockerfile ./docker/IMAGE_NAME"
+```
+
+Pushing
+
+```shell
+export BUILD_DATE=$(date "+%Y_%m"); ls ./docker | xargs -I IMAGE_NAME /bin/bash -x -c "docker push rapid7/msf-IMAGE_NAME-omnibus:$BUILD_DATE"
 ```
 
 You can then run a new container using the above tagged image, whilst mounting the current directory as a volume:
@@ -38,7 +50,7 @@ docker run -it --rm --volume $(pwd):$(pwd) --workdir $(pwd) --user jenkins metas
 Or you can run a new container using pre-built images from [Rapid7's Docker Hub account](https://hub.docker.com/u/rapid7):
 
 ```shell
-docker run -it --rm --volume $(pwd):$(pwd) --workdir $(pwd) --user jenkins rapid7/msf-kali109-x64-omnibus:2019_01 /bin/bash --login
+docker run -it --rm --volume $(pwd):$(pwd) --workdir $(pwd) --user jenkins rapid7/msf-ubuntu1204-x86-omnibus:2021_11 /bin/bash --login
 ```
 
 By default, `metasploit-omnibus` will download the latest version of Metasploit framework from Github, but also supports building with local copies from `/metasploit-framework` - [full details](https://github.com/rapid7/metasploit-omnibus/blob/9cd575bcdd19d8fedf4a94c4ca2d1d6c253628c2/config/software/metasploit-framework.rb#L2-L8).
@@ -46,7 +58,7 @@ By default, `metasploit-omnibus` will download the latest version of Metasploit
 To build omnibus with a local version of Metasploit framework, you can mount your framework repository as a volume to `/metasploit-framework` within the container. The following command assumes that the repository exists within the parent directory:
 
 ```shell
-docker run -it --rm --volume $(pwd):$(pwd) --volume=$(pwd)/../metasploit-framework:/metasploit-framework --workdir $(pwd) --user jenkins rapid7/msf-kali109-x64-omnibus:2019_01 /bin/bash --login
+docker run -it --rm --volume $(pwd):$(pwd) --volume=$(pwd)/../metasploit-framework:/metasploit-framework --workdir $(pwd) --user jenkins rapid7/msf-ubuntu1204-x86-omnibus:2021_11 /bin/bash --login
 ```
 
 When running inside the container, you can perform a normal ommibus build:
@@ -56,13 +68,24 @@ When running inside the container, you can perform a normal ommibus build:
 git submodule update -i
 
 # install omnibus' dependencies
-bundle install --binstubs
+bundle install
+bundle binstubs --all
 
 # build the metasploit-framework package
 bin/omnibus build metasploit-framework
 ```
 
-When complete, there will be a new installable .deb file under the 'pkg' directory. Note that the use of Docker volumes may cause builds to run slower. 
+When complete, there will be a new installable `.deb` file under the 'pkg' directory. Note that the use of Docker volumes may cause builds to run slower.
+
+To test the `.deb` file, install it - and then open msfconsole:
+
+```
+# install
+sudo dpkg -i pkg/metasploit-framework_6.3.39~20231017232715.git.3.47e0cd3~1rapid7-1_amd64.deb
+
+# Run to verify
+msfconsole
+```
 
 ## Building on Ubuntu / Debian systems
 
@@ -96,7 +119,7 @@ Checkout the metasploit-framework installer builder and install omnibus' depende
 git clone https://github.com/rapid7/metasploit-omnibus.git
 cd metasploit-omnibus
 # install omnibus' dependencies
-bundle install --binstubs
+bundle install && bundle binstubs --all
 ```
 
 Finally, build the installer itself:
@@ -111,7 +134,7 @@ when complete, there will be a new installable .deb file under the 'pkg' directo
 From Windows 10, install ruby, msys2, ruby-devkit, wixtoolset, git. Add the following command to the the preparation steps before executing the `build` command.
 ```
 xz -d local/cache/*.xz
-``` 
+```
 
 ## Building on OS X
 
diff --git a/config/patches/metasploit-framework/bundler.patch b/config/patches/metasploit-framework/bundler.patch
new file mode 100644
index 00000000..d6aa414b
--- /dev/null
+++ b/config/patches/metasploit-framework/bundler.patch
@@ -0,0 +1,10 @@
+diff --git a/Gemfile.lock b/Gemfile.lock
+index 6802316759..89aaddd322 100644
+--- Gemfile.lock	2024-05-17 12:32:16
++++ Gemfile.lock	2024-05-17 12:32:59
+@@ -574,4 +574,4 @@
+   yard
+
+ BUNDLED WITH
+-   2.1.4
++   2.5.10
diff --git a/config/patches/ruby/ruby-fast-load_31.patch b/config/patches/ruby/ruby-fast-load_31.patch
new file mode 100644
index 00000000..9743a3b8
--- /dev/null
+++ b/config/patches/ruby/ruby-fast-load_31.patch
@@ -0,0 +1,16 @@
+diff --git a/load.c b/load.c
+index a2b9da4..05ea96e 100644
+--- a/load.c
++++ b/load.c
+@@ -981,6 +981,11 @@ search_required(rb_vm_t *vm, VALUE fname, volatile VALUE *path, feature_func rb_
+        if (loading) *path = rb_filesystem_str_new_cstr(loading);
+        return 'r';
+     }
++    else if ((ft = rb_feature_p(vm, ftptr, 0, FALSE, FALSE, &loading)) == 's') {
++       if (loading) *path = rb_filesystem_str_new_cstr(loading);
++       return 's';
++    }
++
+     tmp = fname;
+     type = rb_find_file_ext(&tmp, ft == 's' ? ruby_ext : loadable_ext);
+     switch (type) {
\ No newline at end of file
diff --git a/config/patches/rubygems/rubygems-3.5.10.patch b/config/patches/rubygems/rubygems-3.5.10.patch
new file mode 100644
index 00000000..9900ce03
--- /dev/null
+++ b/config/patches/rubygems/rubygems-3.5.10.patch
@@ -0,0 +1,24 @@
+diff --git a/lib/rubygems/platform.rb b/lib/rubygems/platform.rb
+index 48b7344aee..08728c209c 100644
+--- a/lib/rubygems/platform.rb
++++ b/lib/rubygems/platform.rb
+@@ -1,7 +1,5 @@
+ # frozen_string_literal: true
+
+-require_relative "deprecate"
+-
+ ##
+ # Available list of platforms for targeting Gem installations.
+ #
+@@ -24,11 +22,6 @@ def self.match(platform)
+     match_platforms?(platform, Gem.platforms)
+   end
+
+-  class << self
+-    extend Gem::Deprecate
+-    rubygems_deprecate :match, "Gem::Platform.match_spec? or match_gem?"
+-  end
+-
+   def self.match_platforms?(platform, platforms)
+     platform = Gem::Platform.new(platform) unless platform.is_a?(Gem::Platform)
+     platforms.any? do |local_platform|
diff --git a/config/projects/metasploit-framework.rb b/config/projects/metasploit-framework.rb
index 545cf576..b9396440 100644
--- a/config/projects/metasploit-framework.rb
+++ b/config/projects/metasploit-framework.rb
@@ -4,6 +4,7 @@
 
 install_dir "#{default_root}/metasploit-framework"
 
+# Version is extracted from the latest Git tag found in the local Git repository
 build_version Omnibus::BuildVersion.semver + "-1rapid7"
 build_iteration 1
 
diff --git a/config/software/bundler.rb b/config/software/bundler.rb
index 0c712006..ca443e29 100644
--- a/config/software/bundler.rb
+++ b/config/software/bundler.rb
@@ -28,7 +28,7 @@
   dependency "rubygems"
 end
 
-default_version "2.1.4"
+default_version "2.5.10"
 
 build do
   env = with_standard_compiler_flags(with_embedded_path)
diff --git a/config/software/metasploit-framework.rb b/config/software/metasploit-framework.rb
index 880d2d77..cf9e1456 100644
--- a/config/software/metasploit-framework.rb
+++ b/config/software/metasploit-framework.rb
@@ -1,7 +1,19 @@
 name "metasploit-framework"
+
+# Detect a local checkout of metasploit-framework at '../metasploit-framework' - i.e. for the scenario of:
+# - c:/temp/metasploit-omnibus
+# - c:/temp/metasploit-framework (A local checkout of framework to use during the build process)
+# but try and use 'C:/metasploit-framework' - as that's the metasploit-omnibus artifacts output directory
+def has_windows_metasploit_framework_repo?
+  windows? && File.exist?('../metasploit-framework') && File.expand_path(File.join(Dir.pwd, "..", "metasploit-framework")) != "c:/metasploit-framework"
+end
+
 if linux? && File.exist?("/metasploit-framework")
   # supply current version of metasploit-framework at root of filesystem
   source path: "/metasploit-framework"
+elsif has_windows_metasploit_framework_repo?
+  # supply current version of metasploit-framework relative to the current directory
+  source path: "../metasploit-framework"
 else
   source git: "https://github.com/rapid7/metasploit-framework.git"
   default_version "master"
@@ -19,7 +31,7 @@
   dependency "postgresql"
 end
 
-ruby_abi_version = "3.0.0"
+ruby_abi_version = "3.1.0"
 # This depends on extra system libraries on OS X
 whitelist_file "#{install_dir}//embedded/framework/data/isight.bundle"
 
@@ -40,6 +52,8 @@
 whitelist_file "#{install_dir}//embedded/lib/ruby/gems/#{ruby_abi_version}/.*/sqlite3.*"
 
 build do
+  patch_env = with_standard_compiler_flags(with_embedded_path)
+  patch source: "bundler.patch", plevel: 0, env: patch_env
   copy "#{project_dir}", "#{install_dir}/embedded/framework"
 
   major, minor, patch = Omnibus::BuildVersion.semver.split('.')
@@ -76,10 +90,21 @@
         vars: { install_dir: install_dir }
   end
 
+  bundle "version", env: env
   bundle "config set force_ruby_platform true", env: env
-  bundle "install", env: env
+  bundle_env = with_standard_compiler_flags(with_embedded_path)
+  bundle_env['MAKE'] = 'make -j4'
+  bundle_env['BUNDLE_FORCE_RUBY_PLATFORM'] = 'true'
+  bundle "install --jobs=4", env: bundle_env
 
   if windows?
+    # Ensure we additionally copy out 'libssp-0.dll', which is required for multiple gems:
+    #   > dumpbin /dependents  C:/metasploit-framework/embedded/lib/ruby/gems/3.1.0/gems/msgpack-1.6.1/lib/msgpack/msgpack.so
+    #       ...
+    #       libssp-0.dll
+    #       ...
+    copy "#{install_dir}/embedded/msys64/ucrt64/bin/libssp-0.dll", "#{install_dir}/embedded/bin/libssp-0.dll"
+
     delete "#{install_dir}/embedded/msys64"
   end
   copy "#{project_dir}/Gemfile.lock", "#{install_dir}/embedded/framework/Gemfile.lock"
@@ -149,4 +174,12 @@
       end
     end
   end
+
+  # Workaround for a Windows bug with chef r7_9.0.23_custom that allows the `.git` folders through
+  # into the final build result, leading to the .exe being an extra 1gb in size
+  block do
+    self.project.exclusions.each do |exclusion|
+      Pathname(install_dir).glob(exclusion).each(&:rmtree)
+    end
+  end
 end
diff --git a/config/software/openssl.rb b/config/software/openssl.rb
index b55c5b4f..4402b5a2 100644
--- a/config/software/openssl.rb
+++ b/config/software/openssl.rb
@@ -23,29 +23,50 @@
 dependency "cacerts"
 dependency "openssl-fips" if fips_mode?
 
-default_version "1.1.1m"
+default_version "1.1.1t" # # do not remove - Rapid7 custom - do not remove
 
 # Openssl builds engines as libraries into a special directory. We need to include
 # that directory in lib_dirs so omnibus can sign them during macOS deep signing.
 lib_dirs lib_dirs.concat(["#{install_dir}/embedded/lib/engines"])
 lib_dirs lib_dirs.concat(["#{install_dir}/embedded/lib/engines-1.1"]) if version.start_with?("1.1")
+if version.start_with?("3.")
+  lib_dirs lib_dirs.concat(["#{install_dir}/embedded/lib/engines-3"])
+  lib_dirs lib_dirs.concat(["#{install_dir}/embedded/lib/ossl-modules"])
+end
 
 # 1.0.2u was the last public release of 1.0.2. Subsequent releases come from a support contract with OpenSSL Software Services
 if version.satisfies?("< 1.1.0")
   source url: "https://s3.amazonaws.com/chef-releng/openssl/openssl-#{version}.tar.gz", extract: :lax_tar
+  internal_source url: "#{ENV["ARTIFACTORY_REPO_URL"]}/#{name}/#{name}-#{version}.tar.gz", extract: :lax_tar,
+                  authorization: "X-JFrog-Art-Api:#{ENV["ARTIFACTORY_TOKEN"]}"
 else
   # As of 2020-09-09 even openssl-1.0.0.tar.gz can be downloaded from /source/openssl-VERSION.tar.gz
   # However, the latest releases are not in /source/old/VERSION/openssl-VERSION.tar.gz.
   # Let's stick with the simpler one for now.
   source url: "https://www.openssl.org/source/openssl-#{version}.tar.gz", extract: :lax_tar
+  internal_source url: "#{ENV["ARTIFACTORY_REPO_URL"]}/#{name}/#{name}-#{version}.tar.gz", extract: :lax_tar,
+                  authorization: "X-JFrog-Art-Api:#{ENV["ARTIFACTORY_TOKEN"]}"
 end
 
-version("1.1.1m") { source sha256: "f89199be8b23ca45fc7cb9f1d8d3ee67312318286ad030f5316aca6462db6c96" }
-version("1.1.1l") { source sha256: "0b7a3e5e59c34827fe0c3a74b7ec8baef302b98fa80088d7f9153aa16fa76bd1" }
-version("1.1.1f") { source sha256: "186c6bfe6ecfba7a5b48c47f8a1673d0f3b0e5ba2e25602dd23b629975da3f35" }
+version("3.0.5")   { source sha256: "aa7d8d9bef71ad6525c55ba11e5f4397889ce49c2c9349dcea6d3e4f0b024a7a" }
+version("3.0.4")   { source sha256: "2831843e9a668a0ab478e7020ad63d2d65e51f72977472dc73efcefbafc0c00f" }
+version("3.0.3")   { source sha256: "ee0078adcef1de5f003c62c80cc96527721609c6f3bb42b7795df31f8b558c0b" }
+version("3.0.1")   { source sha256: "c311ad853353bce796edad01a862c50a8a587f62e7e2100ef465ab53ec9b06d1" } # only ruby 3.1 supports openssl-3.0.1
+
+version("1.1.1t")  { source sha256: "8dee9b24bdb1dcbf0c3d1e9b02fb8f6bf22165e807f45adeb7c9677536859d3b" }
+version("1.1.1q")  { source sha256: "d7939ce614029cdff0b6c20f0e2e5703158a489a72b2507b8bd51bf8c8fd10ca" }
+version("1.1.1p")  { source sha256: "bf61b62aaa66c7c7639942a94de4c9ae8280c08f17d4eac2e44644d9fc8ace6f" }
+version("1.1.1o")  { source sha256: "9384a2b0570dd80358841464677115df785edb941c71211f75076d72fe6b438f" }
+version("1.1.1m")  { source sha256: "f89199be8b23ca45fc7cb9f1d8d3ee67312318286ad030f5316aca6462db6c96" }
+version("1.1.1l")  { source sha256: "0b7a3e5e59c34827fe0c3a74b7ec8baef302b98fa80088d7f9153aa16fa76bd1" }
+version("1.1.1w")  { source sha256: "cf3098950cb4d853ad95c0841f1f9c6d3dc102dccfcacd521d93925208b76ac8" }
 
+version("1.0.2zg") { source sha256: "09f8372eaede77ec8e6945e2d2d8eeb1b91662980cf23fe95f627b377162296c" }
 version("1.0.2zb") { source sha256: "b7d8f8c895279caa651e7f3de9a7b87b8dd01a452ca3d9327f45a9ef31d0c518" }
 version("1.0.2za") { source sha256: "86ec5d2ecb53839e9ec999db7f8715d0eb7e534d8a1d8688ef25280fbeee2ff8" }
+version("1.0.2ze") { source sha256: "796624c593c361c695bd16314bc6f944184f5d2ff87efcf0bfa0545aa84c4d88" }
+version("1.0.2zf") { source sha256: "85d2242b7d11a33d5f239f1f34a1ff7eb37431a554b7df99c52c646b70b14b2e" }
+version("1.0.2zi") { source sha256: "80b6c07995fc92456e31c61cf1b2a18f75e314063189bb183af6ae66d0261d84" }
 
 relative_path "openssl-#{version}"
 
@@ -55,9 +76,6 @@
     env["M4"] = "/opt/freeware/bin/m4"
   elsif mac_os_x? && arm?
     env["CFLAGS"] << " -Qunused-arguments"
-  elsif freebsd?
-    # Should this just be in standard_compiler_flags?
-    env["LDFLAGS"] += " -Wl,-rpath,#{install_dir}/embedded/lib"
   elsif windows?
     # XXX: OpenSSL explicitly sets -march=i486 and expects that to be honored.
     # It has OPENSSL_IA32_SSE2 controlling whether it emits optimized SSE2 code
@@ -77,15 +95,21 @@
     "no-mdc2",
     "no-rc5",
     "no-ssl2",
-    "enable-ssl3",
+    "no-ssl3",
     "no-zlib",
     "shared",
   ]
 
+  configure_args += ["--libdir=#{install_dir}/embedded/lib"] if version.satisfies?(">=3.0.1")
+
   # https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/
   configure_args += [ "-DOPENSSL_TRUSTED_FIRST_DEFAULT" ] if version.satisfies?(">= 1.0.2zb") && version.satisfies?("< 1.1.0")
 
-  configure_args += ["--with-fipsdir=#{install_dir}/embedded", "fips"] if fips_mode?
+  if version.satisfies?("< 3.0.0")
+    configure_args += ["--with-fipsdir=#{install_dir}/embedded", "fips"] if fips_mode?
+  else
+    configure_args += ["-enable-fips"] if fips_mode?
+  end
 
   configure_cmd =
     if aix?
@@ -135,6 +159,8 @@
     patch source: "openssl-1.0.1f-do-not-build-docs.patch", env: patch_env
   elsif version.start_with? "1.1"
     patch source: "openssl-1.1.0f-do-not-install-docs.patch", env: patch_env
+  elsif version.start_with? "3.0"
+    patch source: "openssl-3.0.1-do-not-install-docs.patch", env: patch_env
   end
 
   if version.start_with?("1.0.2") && mac_os_x? && arm?
@@ -148,7 +174,7 @@
 
   # Out of abundance of caution, we put the feature flags first and then
   # the crazy platform specific compiler flags at the end.
-  configure_args << env["CFLAGS"] << env["LDFLAGS"]
+  configure_args << env["CFLAGS"]
 
   configure_command = configure_args.unshift(configure_cmd).join(" ")
 
diff --git a/config/software/pcaprub.rb b/config/software/pcaprub.rb
index f5b9dc56..5672b235 100644
--- a/config/software/pcaprub.rb
+++ b/config/software/pcaprub.rb
@@ -15,7 +15,7 @@
 #
 
 name "pcaprub"
-default_version "0.12.4"
+default_version "0.13.2"
 
 if windows?
   dependency "ruby-windows"
@@ -32,6 +32,17 @@
 build do
   env = with_standard_compiler_flags(with_embedded_path)
   env['SSL_CERT_FILE'] = "#{install_dir}/embedded/ssl/cert.pem"
-  gem "install pcaprub" \
-    " --version '#{version}' --no-document", env: env
+
+  # We need to create the pcaprub gem ourselves until 0.13.2 is released (https://github.com/pcaprub/pcaprub/issues/67)
+  # Use version of pcaprub relative to the current directory
+  local_pcaprub_checkout = File.expand_path(File.join(Dir.pwd, "..", "pcaprub"))
+  command "echo checking for path: #{local_pcaprub_checkout}", env: env
+  if File.exist?(local_pcaprub_checkout)
+    gem "install --local #{local_pcaprub_checkout}/pkg/pcaprub-#{version}.gem", env: env
+    command "echo after new pcaprub code", env: env
+  else
+    command "echo before old pcaprub code", env: env
+    gem "install pcaprub" \
+      " --version '#{version}' --no-document", env: env
+  end
 end
diff --git a/config/software/ruby-windows-devkit.rb b/config/software/ruby-windows-devkit.rb
index bc9134bf..046f69c5 100644
--- a/config/software/ruby-windows-devkit.rb
+++ b/config/software/ruby-windows-devkit.rb
@@ -27,5 +27,9 @@
 
   embedded_dir = "#{install_dir}/embedded"
 
+  # Ruby Installer for windows:
+  # 1 - MSYS2 base installation
+  # 2 - MSYS2 system update (optional)
+  # 3 - MSYS2 and MINGW development toolchain
   command "#{embedded_dir}/bin/ridk.cmd install 2 3", env: env, cwd: embedded_dir
 end
diff --git a/config/software/ruby-windows.rb b/config/software/ruby-windows.rb
index b5e01d39..b403ff20 100644
--- a/config/software/ruby-windows.rb
+++ b/config/software/ruby-windows.rb
@@ -15,7 +15,7 @@
 #
 
 name "ruby-windows"
-default_version "3.0.2-1"
+default_version "3.1.5-1"
 
 if windows_arch_i386?
   relative_path "rubyinstaller-#{version}-x86"
@@ -54,6 +54,14 @@
     source sha256: "92894c0488ec7eab02b2ffc61a8945c4bf98d69561e170927ec30d60bee57898"
   end
 
+  version "3.1.4-1" do
+    source sha256: "6701088607ea4b587a31af76d75cb3fe9f7bcd75fc175cffcca22369ebb6331d"
+  end
+
+  version "3.1.5-1" do
+    source sha256: "f31eece5b5c64563829117d41c09ed87572c595e5d64a525d49c1dd9c50dccca"
+  end
+
   source url: "https://github.com/oneclick/rubyinstaller2/releases/download/rubyinstaller-#{version}/rubyinstaller-#{version}-x64.7z"
 end
 
diff --git a/config/software/ruby.rb b/config/software/ruby.rb
index ab5a1d8d..1b50af6f 100644
--- a/config/software/ruby.rb
+++ b/config/software/ruby.rb
@@ -26,29 +26,51 @@
 # the default versions should always be the latest release of ruby
 # if you consume this definition it is your responsibility to pin
 # to the desired version of ruby. don't count on this not changing.
-default_version "3.0.2"
+default_version "3.1.5"
 
 dependency "zlib"
 dependency "openssl"
 dependency "libffi"
 dependency "libyaml"
 
+# we build omnibus packages on freebsd 11 and use the packages on freebsd 11, 12 and 13.
+# the ruby executable has been linking to freebsds system's ncurses library files.
+# freebsd 13 system's ncurses library files have a different name than freebsd 11 and 12
+# which causes the ruby executable to fail.
+# adding ncurses as a dependency for freebsd prevents the ruby executable from linking to the
+# system's ncurses library files thereby allowing the package built on freebsd 11 to work on freebsd 13.
+dependency "ncurses" if freebsd?
+
 # version_list: url=https://cache.ruby-lang.org/pub/ruby/ filter=*.tar.gz
+version("3.2.2")      { source sha256: "96c57558871a6748de5bc9f274e93f4b5aad06cd8f37befa0e8d94e7b8a423bc" }
+version("3.2.0")      { source sha256: "daaa78e1360b2783f98deeceb677ad900f3a36c0ffa6e2b6b19090be77abc272" }
+version("3.1.4")      { source sha256: "a3d55879a0dfab1d7141fdf10d22a07dbf8e5cdc4415da1bde06127d5cc3c7b6" }
+version("3.1.5")      { source sha256: "3685c51eeee1352c31ea039706d71976f53d00ab6d77312de6aa1abaf5cda2c5" }
+version("3.1.3")      { source sha256: "5ea498a35f4cd15875200a52dde42b6eb179e1264e17d78732c3a57cd1c6ab9e" }
+version("3.1.2")      { source sha256: "61843112389f02b735428b53bb64cf988ad9fb81858b8248e22e57336f24a83e" }
+version("3.1.1")      { source sha256: "fe6e4782de97443978ddba8ba4be38d222aa24dc3e3f02a6a8e7701c0eeb619d" }
+
+version("3.0.6")      { source sha256: "6e6cbd490030d7910c0ff20edefab4294dfcd1046f0f8f47f78b597987ac683e" }
+version("3.0.5")      { source sha256: "9afc6380a027a4fe1ae1a3e2eccb6b497b9c5ac0631c12ca56f9b7beb4848776" }
+version("3.0.4")      { source sha256: "70b47c207af04bce9acea262308fb42893d3e244f39a4abc586920a1c723722b" }
+version("3.0.3")      { source sha256: "3586861cb2df56970287f0fd83f274bd92058872d830d15570b36def7f1a92ac" }
 version("3.0.2")      { source sha256: "5085dee0ad9f06996a8acec7ebea4a8735e6fac22f22e2d98c3f2bc3bef7e6f1" }
 version("3.0.1")      { source sha256: "369825db2199f6aeef16b408df6a04ebaddb664fb9af0ec8c686b0ce7ab77727" }
-version("3.0.0")      { source sha256: "a13ed141a1c18eb967aac1e33f4d6ad5f21be1ac543c344e0d6feeee54af8e28" }
 
+version("2.7.7")      { source sha256: "e10127db691d7ff36402cfe88f418c8d025a3f1eea92044b162dd72f0b8c7b90" }
+version("2.7.6")      { source sha256: "e7203b0cc09442ed2c08936d483f8ac140ec1c72e37bb5c401646b7866cb5d10" }
+version("2.7.5")      { source sha256: "2755b900a21235b443bb16dadd9032f784d4a88f143d852bc5d154f22b8781f1" }
 version("2.7.4")      { source sha256: "3043099089608859fc8cce7f9fdccaa1f53a462457e3838ec3b25a7d609fbc5b" }
 version("2.7.3")      { source sha256: "8925a95e31d8f2c81749025a52a544ea1d05dad18794e6828709268b92e55338" }
-version("2.7.2")      { source sha256: "6e5706d0d4ee4e1e2f883db9d768586b4d06567debea353c796ec45e8321c3d4" }
-version("2.7.1")      { source sha256: "d418483bdd0000576c1370571121a6eb24582116db0b7bb2005e90e250eae418" }
 
+version("2.6.10")     { source sha256: "0dc609f263d49c4176d5725deefc337273676395985b5e017789373e8cadf16e" }
+version("2.6.9")      { source sha256: "eb7bae7aac64bf9eb2153710a4cafae450ccbb62ae6f63d573e1786178b0efbb" }
 version("2.6.8")      { source sha256: "1807b78577bc08596a390e8a41aede37b8512190e05c133b17d0501791a8ca6d" }
 version("2.6.7")      { source sha256: "e4227e8b7f65485ecb73397a83e0d09dcd39f25efd411c782b69424e55c7a99e" }
-version("2.6.6")      { source sha256: "364b143def360bac1b74eb56ed60b1a0dca6439b00157ae11ff77d5cd2e92291" }
-version("2.6.5")      { source sha256: "66976b716ecc1fd34f9b7c3c2b07bbd37631815377a2e3e85a5b194cfdcbed7d" }
 
 source url: "https://cache.ruby-lang.org/pub/ruby/#{version.match(/^(\d+\.\d+)/)[0]}/ruby-#{version}.tar.gz"
+internal_source url: "#{ENV["ARTIFACTORY_REPO_URL"]}/#{name}/#{name}-#{version}.tar.gz",
+                authorization: "X-JFrog-Art-Api:#{ENV["ARTIFACTORY_TOKEN"]}"
 
 # In order to pass notarization we need to sign any binaries and libraries included in the package.
 # This makes sure we include and bins and libs that are brought in by gems.
@@ -63,6 +85,7 @@
 
 env = with_standard_compiler_flags(with_embedded_path)
 
+# do not remove - Rapid7 custom - do not remove:
 jemalloc_required = linux? || mac_os_x?
 if jemalloc_required
   dependency "jemalloc"
@@ -121,10 +144,12 @@
   patch_env = env.dup
   patch_env["PATH"] = "/opt/freeware/bin:#{env["PATH"]}" if aix?
 
-  if version.satisfies?("~> 3.0")
+  if version.satisfies?("~> 3.0.0")
     case version
-    when "3.0.0", "3.0.1"
+    when "3.0.1"
       patch source: "ruby-3.0.1-configure.patch", plevel: 1, env: patch_env
+    when "3.0.5", "3.0.6"
+      patch source: "ruby-3.0.5-configure.patch", plevel: 1, env: patch_env
     else
       patch source: "ruby-3.0.2-configure.patch", plevel: 1, env: patch_env
     end
@@ -153,7 +178,11 @@
   # over the top of it.  AFAIK no sane ruby code should need to do that, and the
   # cost of this behavior in core ruby is enormous.
   #
-  patch source: "ruby-fast-load_26.patch", plevel: 1, env: patch_env
+  if version.satisfies?("< 3.1")
+    patch source: "ruby-fast-load_26.patch", plevel: 1, env: patch_env
+  else
+    patch source: "ruby-fast-load_31.patch", plevel: 1, env: patch_env
+  end
 
   # this removes a checks for windows nano in the win32-ole files.
   # windows nano is a dead platform and not supported by chef so we can avoid
@@ -178,13 +207,6 @@
     patch source: "ruby-faster-load_27.patch", plevel: 1, env: patch_env
   end
 
-  # rubygems 3.1.x perf improvements
-  # this is part of ruby 2.7.3 so skip it
-  #
-  if version.satisfies?("~> 2.7") && version.satisfies?("< 2.7.3")
-    patch source: "ruby-2.7.1-rubygemsperf.patch", plevel: 1, env: patch_env
-  end
-
   # disable libpath in mkmf across all platforms, it trolls omnibus and
   # breaks the postgresql cookbook.  i'm not sure why ruby authors decided
   # this was a good idea, but it breaks our use case hard.  AIX cannot even
@@ -198,6 +220,7 @@
 
   configure_command = ["--with-out-ext=dbm,readline",
                        "--enable-shared",
+                       # do not remove - Rapid7 custom - do not remove:
                        "--enable-load-relative",
                        "--disable-install-doc",
                        "--without-gmp",
@@ -206,19 +229,16 @@
                        "--disable-dtrace",
                        "--disable-jit-support"]
   configure_command << "--with-bundled-md5" if fips_mode?
+  # do not remove - Rapid7 custom - do not remove:
   configure_command << "--with-jemalloc" if jemalloc_required
 
   # resolve C99 code accidentally introduced in Ruby 2.6.7 and it's still in 2.6.8 :(
-  patch source: "ruby-2.6.7_c99.patch", plevel: 1, env: patch_env if version.satisfies?("~> 2.6.7")
+  patch source: "ruby-2.6.7_c99.patch", plevel: 1, env: patch_env if version.satisfies?("~> 2.6.7", "< 2.6.10")
 
   if aix?
     # need to patch ruby's configure file so it knows how to find shared libraries
     patch source: "ruby-aix-configure_26_and_later.patch", plevel: 1, env: patch_env
 
-    if version.satisfies?("~> 2.6.4")
-      patch source: "ruby-2.6.4-bug14834.patch", plevel: 1, env: patch_env
-    end
-
     # have ruby use zlib on AIX correctly
     patch source: "ruby_aix_openssl.patch", plevel: 1, env: patch_env
     # AIX has issues with ssl retries, need to patch to have it retry
diff --git a/config/software/rubygems.rb b/config/software/rubygems.rb
index 68f5acf6..1ae9fd95 100644
--- a/config/software/rubygems.rb
+++ b/config/software/rubygems.rb
@@ -28,7 +28,7 @@
   dependency "ruby"
 end
 
-default_version "3.2.22"
+default_version "3.5.10"
 
 if version && !source
   # NOTE: 2.1.11 is the last version of rubygems before the 2.2.x change to native gem install location
@@ -40,7 +40,9 @@
   # we pin the previously known tarballs.
   known_tarballs = {
     "3.1.4" => "d117187a8f016cbe8f52011ae02e858b",
-    "3.2.22"=> "b128d5493da2ec7a1da49a7189c04b35",
+    "3.2.22" => "b128d5493da2ec7a1da49a7189c04b35",
+    "3.3.26" => "ba171c52fd9beda6dac7194413601795",
+    "3.5.10" => "70f46c096b4e11c42b0190cc3e3375e2"
   }
   known_tarballs.each do |vsn, md5|
     version vsn do
@@ -69,6 +71,13 @@
 build do
   env = with_standard_compiler_flags(with_embedded_path)
 
+  # Fix warning on msfconsle bootup that will be fixed when framework's bundler version is updated
+  #   NOTE: Gem::Platform.match is deprecated; use Gem::Platform.match_spec? or match_gem? instead. It will be removed in Rubygems 4
+  #   Gem::Platform.match called from /Users/adfoster/.rvm/gems/ruby-3.3.0/gems/bundler-2.1.4/lib/bundler/index.rb:198.
+  if version.satisfies?('>= 3.5.10')
+    patch source: "rubygems-3.5.10.patch", plevel: 1, env: env
+  end
+
   if source
     # Building from source:
     ruby "setup.rb --no-document", env: env
diff --git a/config/software/winpcap-devpack.rb b/config/software/winpcap-devpack.rb
index 9e12554c..a47c4b06 100644
--- a/config/software/winpcap-devpack.rb
+++ b/config/software/winpcap-devpack.rb
@@ -29,7 +29,7 @@
 source url: "https://www.winpcap.org/install/bin/WpdPack_4_1_2.zip"
 
 build do
-  ruby_api_version = "3.0.0"
+  ruby_api_version = "3.1.0"
 
   mkdir "#{install_dir}/embedded/lib"
   if windows_arch_i386?
diff --git a/docker/centos6-x64/.dockerignore b/docker/centos6-x64/.dockerignore
new file mode 100644
index 00000000..c0430667
--- /dev/null
+++ b/docker/centos6-x64/.dockerignore
@@ -0,0 +1,3 @@
+*
+
+!yum.repos.d
diff --git a/docker/centos6-x64/Dockerfile b/docker/centos6-x64/Dockerfile
index 5be261ad..89e8659e 100644
--- a/docker/centos6-x64/Dockerfile
+++ b/docker/centos6-x64/Dockerfile
@@ -5,9 +5,36 @@ MAINTAINER Rapid7 Release Engineering <r7_re@rapid7.com>
 
 VOLUME /pkg
 
-RUN rpm -ivh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
+# # Copy newer apt sources that are valid/use https
+COPY yum.repos.d /etc/yum.repos.d
+
+RUN rpm -ivh https://dl.fedoraproject.org/pub/archive/epel/6/x86_64/epel-release-6-8.noarch.rpm
 RUN yum upgrade -y && yum clean all
-RUN yum install -y centos-release-SCL && yum clean all
+
+# TODO: This was skipped as a test and should most likely be added back in:
+#       RUN yum install -y centos-release-SCL && yum clean all
+#
+# Reason:
+#  => ERROR [ 5/26] RUN yum install -y centos-release-SCL && yum clean all                                                                                                                                                                                                              5.9s
+# ------
+#  > [ 5/26] RUN yum install -y centos-release-SCL && yum clean all:
+# 0.986 Loaded plugins: fastestmirror, ovl
+# 1.242 Setting up Install Process
+# 1.242 Determining fastest mirrors
+# 2.372  * epel: ftp-stud.hs-esslingen.de
+# 5.668 No package centos-release-SCL available.
+# 5.745 Error: Nothing to do
+# ------
+# Dockerfile:16
+# --------------------
+#   14 |     #
+#   15 |
+#   16 | >>> RUN yum install -y centos-release-SCL && yum clean all
+#   17 |     RUN rpm --import http://mirrors.neterra.net/repoforge/RPM-GPG-KEY.dag.txt
+#   18 |     RUN curl -O http://mirrors.neterra.net/repoforge/redhat/el6/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm && \
+# --------------------
+# ERROR: failed to solve: process "/bin/sh -c yum install -y centos-release-SCL && yum clean all" did not complete successfully: exit code: 1
+
 RUN rpm --import http://mirrors.neterra.net/repoforge/RPM-GPG-KEY.dag.txt
 RUN curl -O http://mirrors.neterra.net/repoforge/redhat/el6/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm && \
     rpm -i rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm && \
@@ -72,11 +99,12 @@ RUN echo "jenkins ALL=(ALL) NOPASSWD: ALL" | tee -a /etc/sudoers
 
 RUN su jenkins -c 'command curl -sSL https://rvm.io/mpapis.asc | gpg --import - && \
   command curl -sSL https://rvm.io/pkuczynski.asc | gpg --import - && \
-  curl -L -sSL https://get.rvm.io | bash -s stable'
+  curl -L -sSL https://raw.githubusercontent.com/rvm/rvm/1.29.12/binscripts/rvm-installer | bash -s stable'
 
 RUN su jenkins -c "/bin/bash -l -c 'rvm requirements'"
-RUN su jenkins -c "/bin/bash -l -c 'rvm install 2.6.5'"
-RUN su jenkins -c "/bin/bash -l -c 'gem install bundler -v 1.17.3 --no-document'"
+RUN su jenkins -c "/bin/bash -l -c 'rvm install 3.0.6'"
+RUN su jenkins -c "/bin/bash -l -c 'gem install bundler -v 2.2.3 --no-document'"
+
 # pre-load the omnibus dependencies
 RUN su jenkins -c "/bin/bash -l -c 'cd ~/ && git clone https://github.com/rapid7/metasploit-omnibus.git && \
-        cd ~/metasploit-omnibus && bundle install --binstubs && cd ~/ && rm -fr metasploit-omnibus'"
+    cd ~/metasploit-omnibus && bundle install && bundle binstubs --all && cd ~/ && rm -fr metasploit-omnibus'"
diff --git a/docker/centos6-x64/yum.repos.d/CentOS-Base.repo b/docker/centos6-x64/yum.repos.d/CentOS-Base.repo
new file mode 100644
index 00000000..24a86e82
--- /dev/null
+++ b/docker/centos6-x64/yum.repos.d/CentOS-Base.repo
@@ -0,0 +1,5 @@
+[base]
+name=CentOS-$releasever - Base
+baseurl=https://vault.centos.org/6.10/os/$basearch/
+gpgcheck=1
+gpgkey=https://vault.centos.org/6.10/os/$basearch//RPM-GPG-KEY-CentOS-6
diff --git a/docker/centos6-x64/yum.repos.d/CentOS-SCLo-scl.repo b/docker/centos6-x64/yum.repos.d/CentOS-SCLo-scl.repo
new file mode 100644
index 00000000..a4d761fa
--- /dev/null
+++ b/docker/centos6-x64/yum.repos.d/CentOS-SCLo-scl.repo
@@ -0,0 +1,32 @@
+# CentOS-SCLo-sclo.repo
+#
+# Please see http://wiki.centos.org/SpecialInterestGroup/SCLo for more
+# information
+
+[centos-sclo-sclo]
+name=CentOS-6 - SCLo sclo
+baseurl=https://vault.centos.org/6.10/sclo/$basearch/sclo/
+gpgcheck=1
+enabled=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-SCLo
+
+[centos-sclo-sclo-testing]
+name=CentOS-6 - SCLo sclo Testing
+baseurl=https://vault.centos.org/6.10/sclo/$basearch/sclo/
+gpgcheck=0
+enabled=0
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-SCLo
+
+[centos-sclo-sclo-source]
+name=CentOS-6 - SCLo sclo Sources
+baseurl=https://vault.centos.org/6.10/sclo/$basearch/sclo/
+gpgcheck=1
+enabled=0
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-SCLo
+
+[centos-sclo-sclo-debuginfo]
+name=CentOS-6 - SCLo sclo Debuginfo
+baseurl=https://vault.centos.org/6.10/sclo/$basearch/
+gpgcheck=1
+enabled=0
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-SCLo
diff --git a/docker/centos6-x64/yum.repos.d/CentOS-fasttrack.repo b/docker/centos6-x64/yum.repos.d/CentOS-fasttrack.repo
new file mode 100644
index 00000000..5ddd9a6d
--- /dev/null
+++ b/docker/centos6-x64/yum.repos.d/CentOS-fasttrack.repo
@@ -0,0 +1,6 @@
+[fasttrack]
+name=CentOS-6 - fasttrack
+baseurl=https://vault.centos.org/6.10/$basearch/
+gpgcheck=1
+enabled=0
+gpgkey=https://vault.centos.org/6.10/$basearch/RPM-GPG-KEY-CentOS-6
diff --git a/docker/debian-aarch64/.dockerignore b/docker/debian-aarch64/.dockerignore
new file mode 100644
index 00000000..e589f930
--- /dev/null
+++ b/docker/debian-aarch64/.dockerignore
@@ -0,0 +1,3 @@
+*
+
+!apt
diff --git a/docker/debian-aarch64/Dockerfile b/docker/debian-aarch64/Dockerfile
index 486ed86b..328d371b 100644
--- a/docker/debian-aarch64/Dockerfile
+++ b/docker/debian-aarch64/Dockerfile
@@ -1,9 +1,24 @@
 # docker build -t rapid7/msf-debian-aarch64-omnibus .
-FROM forumi0721/debian-aarch64-base:latest
+FROM rapid7/msf-debian-aarch64-omnibus:2020_03
 MAINTAINER Rapid7 Release Engineering <r7_re@rapid7.com>
 
 RUN ["docker-build-start"]
 
+# Copy newer apt sources that are valid/use https
+COPY apt /etc/apt
+
+# Update certs as the current ones have expired
+RUN mkdir -p /tmp/updated_certs && \
+    cd /tmp/updated_certs && \
+    curl --location --insecure --output cacert-2023-08-22.pem https://curl.se/ca/cacert-2023-08-22.pem && \
+    echo '23c2469e2a568362a62eecf1b49ed90a15621e6fa30e29947ded3436422de9b9  cacert-2023-08-22.pem' > cacert-2023-08-22.pem.sha256 && \
+    sha256sum -c cacert-2023-08-22.pem.sha256 && \
+    mv cacert-2023-08-22.pem /etc/ssl/certs/ca-certificates.crt && \
+    rm -rf /tmp/updated_certs
+
+# Import newer debian signing keys, as the current version available in the docker image is outdated and apt-get fails
+RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0E98404D386FA1D9 6ED0E7B82643E131 F8D2585B8783D481
+
 RUN apt-get update && apt-get install -y \
     git \
     curl \
@@ -33,18 +48,18 @@ RUN command curl -sSL https://rvm.io/mpapis.asc | gpg --import - && \
     command curl -sSL https://rvm.io/pkuczynski.asc | gpg --import - && \
     curl -L -sSL https://get.rvm.io | bash -s stable
 RUN /bin/bash -l -c "rvm requirements"
-RUN /bin/bash -l -c "rvm install 2.6.5"
-RUN /bin/bash -l -c "gem install bundler -v 1.17.3 --no-document"
+RUN /bin/bash -l -c "rvm install 3.0.6"
+RUN /bin/bash -l -c "gem install bundler -v 2.2.3 --no-document"
 
 # pre-load the omnibus dependencies
-RUN git clone https://github.com/rapid7/metasploit-omnibus.git
-RUN cd metasploit-omnibus && /bin/bash -l -c "bundle install --binstubs"
-RUN rm -fr metasploit-omnibus
+RUN /bin/bash -l -c 'cd ~/ && git clone https://github.com/rapid7/metasploit-omnibus.git && \
+        cd ~/metasploit-omnibus && bundle install && bundle binstubs --all && cd ~/ && rm -fr metasploit-omnibus'
 
 ENV JENKINS_HOME /home/jenkins
-RUN useradd -d "$JENKINS_HOME" -u 1001 -m -s /bin/sh jenkins
+RUN id jenkins || useradd -d "$JENKINS_HOME" -u 1001 -m -s /bin/sh jenkins
 RUN cp ~/.gitconfig "$JENKINS_HOME"
 RUN chown -R jenkins "$JENKINS_HOME"
+RUN echo "jenkins ALL=(ALL) NOPASSWD: ALL" | tee -a /etc/sudoers
 
 RUN mkdir -p /var/cache/omnibus
 RUN mkdir -p /opt/metasploit-framework
diff --git a/docker/debian-aarch64/apt/sources.list b/docker/debian-aarch64/apt/sources.list
new file mode 100644
index 00000000..fc89f54e
--- /dev/null
+++ b/docker/debian-aarch64/apt/sources.list
@@ -0,0 +1,8 @@
+deb http://deb.debian.org/debian bullseye main contrib non-free
+deb-src http://deb.debian.org/debian bullseye main contrib non-free
+
+deb http://deb.debian.org/debian bullseye-updates main contrib non-free
+deb-src http://deb.debian.org/debian bullseye-updates main contrib non-free
+
+deb http://deb.debian.org/debian bullseye-backports main contrib non-free
+deb-src http://deb.debian.org/debian bullseye-backports main contrib non-free
diff --git a/docker/debian-armv7/.dockerignore b/docker/debian-armv7/.dockerignore
new file mode 100644
index 00000000..e589f930
--- /dev/null
+++ b/docker/debian-armv7/.dockerignore
@@ -0,0 +1,3 @@
+*
+
+!apt
diff --git a/docker/debian-armv7/Dockerfile b/docker/debian-armv7/Dockerfile
index 47ab4f44..edecc2cb 100644
--- a/docker/debian-armv7/Dockerfile
+++ b/docker/debian-armv7/Dockerfile
@@ -4,7 +4,8 @@ MAINTAINER Rapid7 Release Engineering <r7_re@rapid7.com>
 
 RUN ["cross-build-start"]
 
-RUN sed -i '/jessie-update/d' /etc/apt/sources.list
+# Copy newer apt sources that are valid
+COPY apt /etc/apt
 
 RUN apt-get update && apt-get install -y \
     git \
@@ -33,14 +34,14 @@ RUN git config --global user.email "packager@example.com" && \
 
 RUN command curl -sSL https://rvm.io/mpapis.asc | gpg --import - && \
     command curl -sSL https://rvm.io/pkuczynski.asc | gpg --import - && \
-    curl -L -sSL https://get.rvm.io | bash -s stable
+    curl -L -sSL https://raw.githubusercontent.com/rvm/rvm/1.29.12/binscripts/rvm-installer | bash -s stable
 RUN /bin/bash -l -c "rvm requirements"
-RUN /bin/bash -l -c "rvm install 2.6.5"
-RUN /bin/bash -l -c "gem install bundler -v 1.17.3 --no-document"
+RUN /bin/bash -l -c "rvm install 3.0.6"
+RUN /bin/bash -l -c "gem install bundler -v 2.2.4 --no-document"
 
 # pre-load the omnibus dependencies
 RUN git clone https://github.com/rapid7/metasploit-omnibus.git
-RUN cd metasploit-omnibus && /bin/bash -l -c "bundle install --binstubs"
+RUN cd metasploit-omnibus && /bin/bash -l -c "bundle install && bundle binstubs --all"
 RUN rm -fr metasploit-omnibus
 
 ENV JENKINS_HOME /home/jenkins
diff --git a/docker/debian-armv7/apt/sources.list b/docker/debian-armv7/apt/sources.list
new file mode 100644
index 00000000..3ec3df12
--- /dev/null
+++ b/docker/debian-armv7/apt/sources.list
@@ -0,0 +1,5 @@
+deb http://archive.debian.org/debian/ jessie main
+deb-src http://archive.debian.org/debian/ jessie main
+
+deb http://archive.debian.org/debian-security jessie/updates main
+deb-src http://archive.debian.org/debian/ jessie main
diff --git a/docker/fedora30-x64/Dockerfile b/docker/fedora30-x64/Dockerfile
index 554e14d5..91e7011a 100644
--- a/docker/fedora30-x64/Dockerfile
+++ b/docker/fedora30-x64/Dockerfile
@@ -70,11 +70,11 @@ RUN echo "jenkins ALL=(ALL) NOPASSWD: ALL" | tee -a /etc/sudoers
 
 RUN su jenkins -c 'command curl -sSL https://rvm.io/mpapis.asc | gpg --import - && \
   command curl -sSL https://rvm.io/pkuczynski.asc | gpg --import - && \
-  curl -L -sSL https://get.rvm.io | bash -s stable'
+  curl -L -sSL https://raw.githubusercontent.com/rvm/rvm/1.29.12/binscripts/rvm-installer | bash -s stable'
 
 RUN su jenkins -c "/bin/bash -l -c 'rvm requirements'"
-RUN su jenkins -c "/bin/bash -l -c 'rvm install 2.6.5'"
-RUN su jenkins -c "/bin/bash -l -c 'gem install bundler -v 1.17.3 --no-document'"
+RUN su jenkins -c "/bin/bash -l -c 'rvm install 3.0.6'"
+RUN su jenkins -c "/bin/bash -l -c 'gem install bundler -v 2.2.3 --no-document'"
 # pre-load the omnibus dependencies
 RUN su jenkins -c "/bin/bash -l -c 'cd ~/ && git clone https://github.com/rapid7/metasploit-omnibus.git && \
-        cd ~/metasploit-omnibus && bundle install --binstubs && cd ~/ && rm -fr metasploit-omnibus'"
+        cd ~/metasploit-omnibus && bundle install && bundle binstubs --all && cd ~/ && rm -fr metasploit-omnibus'"
diff --git a/docker/kali109-x64/Dockerfile b/docker/kali109-x64/Dockerfile
index a8b29dec..6c961203 100644
--- a/docker/kali109-x64/Dockerfile
+++ b/docker/kali109-x64/Dockerfile
@@ -3,7 +3,8 @@
 FROM rapid7/build:kali109_64
 MAINTAINER Rapid7 Release Engineering <r7_re@rapid7.com>
 
-RUN echo "deb http://old.kali.org/kali moto main non-free contrib" > /etc/apt/sources.list
+# package/ruby: needs gcc and host gcc >= 4.9, available only in Sana - https://www.kali.org/blog/kali-moto-eol/
+RUN echo "deb http://old.kali.org/kali sana main non-free contrib" > /etc/apt/sources.list
 
 RUN rm -fr /var/lib/apt/lists && \
     apt-get update && \
@@ -20,6 +21,9 @@ RUN rm -fr /var/lib/apt/lists && \
     libcurl4-openssl-dev \
     libexpat1-dev \
     libicu-dev \
+    gawk \
+    pkg-config \
+    sqlite3 \
 	reprepro && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
@@ -39,16 +43,21 @@ RUN echo "jenkins    ALL=NOPASSWD: ALL" > /etc/sudoers.d/jenkins
 RUN chmod 440 /etc/sudoers.d/jenkins
 RUN apt-get remove -y libpq-dev libpq5
 
-RUN su jenkins -c 'command curl -sSL https://rvm.io/mpapis.asc | gpg --import - && \
-  command curl -sSL https://rvm.io/pkuczynski.asc | gpg --import - && \
-  curl -L -sSL https://get.rvm.io | bash -s stable'
+# Update certs as the current ones have expired
+RUN mkdir -p /tmp/updated_certs && \
+    cd /tmp/updated_certs && \
+    curl --location --insecure --output cacert-2023-08-22.pem https://curl.se/ca/cacert-2023-08-22.pem && \
+    echo '23c2469e2a568362a62eecf1b49ed90a15621e6fa30e29947ded3436422de9b9  cacert-2023-08-22.pem' > cacert-2023-08-22.pem.sha256 && \
+    sha256sum -c cacert-2023-08-22.pem.sha256 && \
+    mv cacert-2023-08-22.pem /etc/ssl/certs/ca-certificates.crt && \
+    rm -rf /tmp/updated_certs
 
-RUN curl -O http://ftp.gnu.org/gnu/gawk/gawk-4.2.1.tar.gz && \
-  tar zxf gawk-4.2.1.tar.gz && \
-  cd gawk-4.2.1 && \
-  ./configure && \
-  make && make install && \
-  cd ../ && rm -rf gawk-4.2.1*
+RUN su jenkins -c 'command curl -sSL https://rvm.io/mpapis.asc | gpg --import - && \
+    command curl -sSL https://rvm.io/pkuczynski.asc | gpg --import - && \
+    curl --insecure --output /tmp/rvm-installer -sSL https://raw.githubusercontent.com/rvm/rvm/1.29.12/binscripts/rvm-installer && \
+    echo "fea24461e98d41528d6e28684aa4c216dbe903869bc3fcdb3493b6518fae2e7e  /tmp/rvm-installer" | sha256sum -c && \
+    command cat /tmp/rvm-installer | bash -s stable && \
+    rm /tmp/rvm-installer'
 
 RUN curl -O ftp://ftp.tcl.tk/pub/tcl/tcl8_6/tcl8.6.9-src.tar.gz && \
   tar zxf tcl8.6.9-src.tar.gz && \
@@ -56,14 +65,10 @@ RUN curl -O ftp://ftp.tcl.tk/pub/tcl/tcl8_6/tcl8.6.9-src.tar.gz && \
   ./configure && make && make install && \
   cd ../../ && rm -rf tcl8.6.9*
 
-RUN curl -O https://www.sqlite.org/src/tarball/sqlite.tar.gz?r=release && \
-  tar zxf sqlite.tar.gz?r=release && \
-  mkdir bld && cd bld && ../sqlite/configure && \
-  make && make install && \
-  cd ../ && rm -rf sqlite* && rm -rf bld
+RUN su jenkins -c "/bin/bash -l -c 'rvm requirements'"
+RUN su jenkins -c "/bin/bash -l -c 'rvm install 3.0.6'"
+RUN su jenkins -c "/bin/bash -l -c 'gem install bundler -v 2.2.3 --no-document'"
 
 # pre-load the omnibus dependencies
-RUN su jenkins -c "/bin/bash -l -c 'rvm install 2.6.5 --autolibs=0'"
-RUN su jenkins -c "/bin/bash -l -c 'rvm use 2.6.5 && gem install bundler -v 1.17.3 --no-document'"
-RUN su jenkins -c "/bin/bash -l -c 'rvm use 2.6.5 && cd ~/ && git clone https://github.com/rapid7/metasploit-omnibus.git && \
-  cd metasploit-omnibus && bundle install --binstubs && cd .. && rm -rf metasploit-omnibus'"
+RUN su jenkins -c "/bin/bash -l -c 'cd ~/ && git clone https://github.com/rapid7/metasploit-omnibus.git && \
+        cd ~/metasploit-omnibus && bundle install && bundle binstubs --all && cd ~/ && rm -fr metasploit-omnibus'"
diff --git a/docker/ubuntu1204-x64/Dockerfile b/docker/ubuntu1204-x64/Dockerfile
index 421affec..e4f8ae45 100644
--- a/docker/ubuntu1204-x64/Dockerfile
+++ b/docker/ubuntu1204-x64/Dockerfile
@@ -42,13 +42,13 @@ RUN echo "jenkins    ALL=NOPASSWD: ALL" > /etc/sudoers.d/jenkins
 RUN chmod 440 /etc/sudoers.d/jenkins
 
 RUN su jenkins -c 'command curl -sSL https://rvm.io/mpapis.asc | gpg --import - && \
-  command curl -sSL https://rvm.io/pkuczynski.asc | gpg --import - && \
-  curl -L -sSL https://get.rvm.io | bash -s stable'
+    command curl -sSL https://rvm.io/pkuczynski.asc | gpg --import - && \
+    curl -L -sSL https://raw.githubusercontent.com/rvm/rvm/1.29.12/binscripts/rvm-installer | bash -s stable '
 
 RUN su jenkins -c "/bin/bash -l -c 'rvm requirements'"
-RUN su jenkins -c "/bin/bash -l -c 'rvm install 2.6.5'"
-RUN su jenkins -c "/bin/bash -l -c 'gem install bundler -v 1.17.3 --no-document'"
+RUN su jenkins -c "/bin/bash -l -c 'rvm install 3.0.6'"
+RUN su jenkins -c "/bin/bash -l -c 'gem install bundler -v 2.2.3 --no-document'"
 
 # pre-load the omnibus dependencies
 RUN su jenkins -c "/bin/bash -l -c 'cd ~/ && git clone https://github.com/rapid7/metasploit-omnibus.git && \
-        cd ~/metasploit-omnibus && bundle install --binstubs && cd ~/ && rm -fr metasploit-omnibus'"
+        cd ~/metasploit-omnibus && bundle install && bundle binstubs --all && cd ~/ && rm -fr metasploit-omnibus'"
diff --git a/docker/ubuntu1204-x86/Dockerfile b/docker/ubuntu1204-x86/Dockerfile
index fa57e0a2..8f40cb33 100644
--- a/docker/ubuntu1204-x86/Dockerfile
+++ b/docker/ubuntu1204-x86/Dockerfile
@@ -41,14 +41,14 @@ RUN mkdir -p /etc/sudoers.d
 RUN echo "jenkins    ALL=NOPASSWD: ALL" > /etc/sudoers.d/jenkins
 RUN chmod 440 /etc/sudoers.d/jenkins
 
-RUN su jenkins -c 'command curl --insecure -sSL https://rvm.io/mpapis.asc | gpg --import - && \
-  command curl --insecure -sSL https://rvm.io/pkuczynski.asc | gpg --import - && \
-  curl --insecure -L -sSL https://get.rvm.io | bash -s stable'
+RUN su jenkins -c 'command curl -sSL https://rvm.io/mpapis.asc | gpg --import - && \
+    command curl -sSL https://rvm.io/pkuczynski.asc | gpg --import - && \
+    curl -L -sSL https://raw.githubusercontent.com/rvm/rvm/1.29.12/binscripts/rvm-installer | bash -s stable '
 
 RUN su jenkins -c "/bin/bash -l -c 'rvm requirements'"
-RUN su jenkins -c "linux32 /bin/bash -l -c 'rvm install 2.6.5'"
-RUN su jenkins -c "linux32 /bin/bash -l -c 'gem install bundler -v 2.1.4 --no-document'"
+RUN su jenkins -c "linux32 /bin/bash -l -c 'rvm install 3.0.6'"
+RUN su jenkins -c "linux32 /bin/bash -l -c 'gem install bundler -v 2.2.3 --no-document'"
 
 # pre-load the omnibus dependencies
 RUN su jenkins -c "/bin/bash -l -c 'cd ~/ && git clone https://github.com/rapid7/metasploit-omnibus.git && \
-        cd ~/metasploit-omnibus && bundle install --binstubs && cd ~/ && rm -fr metasploit-omnibus'"
+        cd ~/metasploit-omnibus && bundle install && bundle binstubs --all && cd ~/ && rm -fr metasploit-omnibus'"
diff --git a/docker/ubuntu1804-x64/Dockerfile b/docker/ubuntu1804-x64/Dockerfile
index 7ec089da..4ad608c3 100644
--- a/docker/ubuntu1804-x64/Dockerfile
+++ b/docker/ubuntu1804-x64/Dockerfile
@@ -41,12 +41,12 @@ RUN chmod 440 /etc/sudoers.d/jenkins
 
 RUN su jenkins -c 'command curl -sSL https://rvm.io/mpapis.asc | gpg --import - && \
   command curl -sSL https://rvm.io/pkuczynski.asc | gpg --import - && \
-  curl -L -sSL https://get.rvm.io | bash -s stable'
+  curl -L -sSL https://raw.githubusercontent.com/rvm/rvm/1.29.12/binscripts/rvm-installer | bash -s stable'
 
 RUN su jenkins -c "/bin/bash -l -c 'rvm requirements'"
-RUN su jenkins -c "/bin/bash -l -c 'rvm install 2.6.5'"
-RUN su jenkins -c "/bin/bash -l -c 'gem install bundler -v 1.17.3 --no-document'"
+RUN su jenkins -c "/bin/bash -l -c 'rvm install 3.0.6'"
+RUN su jenkins -c "/bin/bash -l -c 'gem install bundler -v 2.2.3 --no-document'"
 
 # pre-load the omnibus dependencies
 RUN su jenkins -c "/bin/bash -l -c 'cd ~/ && git clone https://github.com/rapid7/metasploit-omnibus.git && \
-        cd ~/metasploit-omnibus && bundle install --binstubs && cd ~/ && rm -fr metasploit-omnibus'"
+        cd ~/metasploit-omnibus && bundle install && bundle binstubs --all && cd ~/ && rm -fr metasploit-omnibus'"
diff --git a/local/cache b/local/cache
index 7c165e7c..0ad37117 160000
--- a/local/cache
+++ b/local/cache
@@ -1 +1 @@
-Subproject commit 7c165e7cb438d0c0ebf66c337fd4ed8e0bf83ff0
+Subproject commit 0ad37117f09e0fd78f109c36a17a48421b2ac7c6
diff --git a/omnibus.rb b/omnibus.rb
index 63849e6f..fd81006f 100644
--- a/omnibus.rb
+++ b/omnibus.rb
@@ -27,7 +27,7 @@
 
 # Disable git caching
 # ------------------------------
-# use_git_caching false
+use_git_caching false
 
 # Enable S3 asset caching
 # ------------------------------
diff --git a/packer/configure_ami.sh b/packer/configure_ami.sh
index 4b336972..86d2181b 100755
--- a/packer/configure_ami.sh
+++ b/packer/configure_ami.sh
@@ -56,13 +56,13 @@ cp ~/.gitconfig "$USER_HOME" && \
 
 su $BUILD_USER -c 'command curl -sSL https://rvm.io/mpapis.asc | gpg --import - && \
   command curl -sSL https://rvm.io/pkuczynski.asc | gpg --import - && \
-  curl -L -sSL https://get.rvm.io | bash -s stable'
+  curl -L -sSL https://raw.githubusercontent.com/rvm/rvm/1.29.12/binscripts/rvm-installer | bash -s stable'
 
 su $BUILD_USER -c "/bin/bash -l -c 'rvm requirements'"
-su $BUILD_USER -c "/bin/bash -l -c 'rvm install 2.6.5'"
+su $BUILD_USER -c "/bin/bash -l -c 'rvm install 3.0.6'"
 su $BUILD_USER -c "/bin/bash -l -c 'gem install bundler -v 2.2.3 --no-document'"
 su $BUILD_USER -c "/bin/bash -l -c 'cd ~/ && git clone https://github.com/rapid7/metasploit-omnibus.git && \
-        cd ~/metasploit-omnibus && bundle install --binstubs && cd ~/ && rm -fr metasploit-omnibus'"
+        cd ~/metasploit-omnibus && bundle install && bundle binstubs --all && cd ~/ && rm -fr metasploit-omnibus'"
 
 # Remove Aptitude daily cron jobs
 systemctl disable apt-daily.service
diff --git a/resources/metasploit-framework/msi/source.wxs.erb b/resources/metasploit-framework/msi/source.wxs.erb
index def052f8..04759bb2 100644
--- a/resources/metasploit-framework/msi/source.wxs.erb
+++ b/resources/metasploit-framework/msi/source.wxs.erb
@@ -76,7 +76,24 @@
           </Directory>
         </Directory>
       </Directory>
-      <Merge Id="CRT" Language="0" SourceFile="C:\Program Files (x86)\Common Files\Merge Modules\microsoft_vc120_crt_x64.msm" DiskId="1" />
+      <%
+        # https://learn.microsoft.com/en-us/cpp/windows/redistributing-visual-cpp-files?view=msvc-170
+        # In Visual Studio 2022 and 2019, merge module files are part of an optional installable component named C++ <version>
+        # Redistributable MSMs in the Visual Studio Installer. The merge modules are installed by default as part of a C++ install
+        # in Visual Studio 2017 and Visual Studio 2015. When installed in Visual Studio 2022, you'll find the redistributable
+        # merge modules in %VCINSTALLDIR%Redist\MSVC\v143\MergeModules. In the latest version of Visual Studio 2019, the redistributable
+        # merge modules are in %VCINSTALLDIR%Redist\MSVC\v142\MergeModules. In both Visual Studio 2019 and Visual Studio 2017, they're
+        # also found in %VCToolsRedistDir%MergeModules. In Visual Studio 2015, they're found in Program Files [(x86)]\Common Files\Merge Modules.
+        possible_crt_paths = [
+          # Visual studio 2022 enterprise - when installed with vs_installer.exe
+          'C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Redist\MSVC\v143\MergeModules\Microsoft_VC143_CRT_x64.msm',
+          # Visual studio 2013 default install
+          'C:\Program Files (x86)\Common Files\Merge Modules\microsoft_vc120_crt_x64.msm'
+        ]
+        crt_path = possible_crt_paths.find { |path| File.exist?(path) }
+        raise "Could not find valid CRT path - tried #{possible_crt_paths.join(", ")}." if crt_path.nil?
+      %>
+      <Merge Id="CRT" Language="0" SourceFile="<%= crt_path %>" DiskId="1" />
     </Directory>
 
     <SetDirectory Id="WINDOWSVOLUME" Value="[WindowsVolume]" />