Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add support for MaxMind GeoIP

Browse Source
This commit is contained in:
bcoles
2014-04-22 00:58:49 +09:30
parent a131e670bc
commit 4529dd1a6c
4 changed files with 53 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
Gemfile
View File

@@ -40,6 +40,7 @@ gem "msfrpc-client" # Metasploit Integration extension
gem "rubyzip", ">= 1.0.0"
gem "rubydns" # DNS extension
gem "sourcify"
gem "geoip" # geolocation support
# For running unit tests
if ENV['BEEF_TEST']

7
config.yaml
View File

@@ -103,6 +103,13 @@ beef:
crypto_default_value_length: 80
# IP Geolocation
# Requires MaxMind database
# curl -O http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
geoip:
enable: false
database: '/opt/GeoIP/GeoLiteCity.dat'
# You may override default extension configuration parameters here
extension:
requester:

32
core/main/handlers/browserdetails.rb
View File

@@ -68,7 +68,7 @@ module BeEF
}
zombie.httpheaders = @http_headers.to_json
zombie.save
#puts "HTTP Headers: #{zombie.httpheaders}"
#print_debug "[INIT] HTTP Headers: #{zombie.httpheaders}"
# add a log entry for the newly hooked browser
BeEF::Core::Logger.instance.register('Zombie', "#{zombie.ip} just joined the horde from the domain: #{log_zombie_domain}:#{log_zombie_port.to_s}", "#{zombie.id}")
@@ -80,6 +80,36 @@ module BeEF
self.err_msg "Invalid browser name returned from the hook browser's initial connection."
end
# geolocation
if config.get('beef.geoip.enable')
require 'geoip'
geoip_file = config.get('beef.geoip.database')
if File.exists? geoip_file
geoip = GeoIP.new(geoip_file).city(zombie.ip)
if geoip.nil?
print_debug "[INIT] Geolocation failed - No results for IP address '#{zombie.ip}'"
else
#print_debug "[INIT] Geolocation results: #{geoip}"
BeEF::Core::Logger.instance.register('Zombie', "#{zombie.ip} is connecting from: #{geoip}", "#{zombie.id}")
BD.set(session_id, 'LocationCity', "#{geoip['city_name']}")
BD.set(session_id, 'LocationCountry', "#{geoip['country_name']}")
BD.set(session_id, 'LocationCountryCode2', "#{geoip['country_code2']}")
BD.set(session_id, 'LocationCountryCode3', "#{geoip['country_code3']}")
BD.set(session_id, 'LocationContinentCode', "#{geoip['continent_code']}")
BD.set(session_id, 'LocationPostCode', "#{geoip['postal_code']}")
BD.set(session_id, 'LocationLatitude', "#{geoip['latitude']}")
BD.set(session_id, 'LocationLongitude', "#{geoip['longitude']}")
BD.set(session_id, 'LocationDMACode', "#{geoip['dma_code']}")
BD.set(session_id, 'LocationAreaCode', "#{geoip['area_code']}")
BD.set(session_id, 'LocationTimezone', "#{geoip['timezone']}")
BD.set(session_id, 'LocationRegionName', "#{geoip['real_region_name']}")
end
else
print_error "[INIT] Geolocation failed - Could not find MaxMind GeoIP database '#{geoip_file}'"
print_more "Download: http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz"
end
end
# detect browser proxy
using_proxy = false
[

14
extensions/admin_ui/controllers/modules/modules.rb
View File

@@ -95,6 +95,20 @@ class Modules < BeEF::Extension::AdminUI::HttpController
['Browser Components', 'Session Cookies', 'hasSessionCookies'],
['Browser Components', 'Persistent Cookies', 'hasPersistentCookies'],
# Geolocation
['Location', 'City', 'LocationCity'],
['Location', 'Country', 'LocationCountry'],
['Location', 'CountryCode2', 'LocationCountryCode2'],
['Location', 'CountryCode3', 'LocationCountryCode3'],
['Location', 'Continent', 'LocationContinentCode'],
['Location', 'Post Code', 'LocationPostCode'],
['Location', 'Latitude', 'LocationLatitude'],
['Location', 'Longitude', 'LocationLongitude'],
['Location', 'DMA Code', 'LocationDMACode'],
['Location', 'Area Code', 'LocationAreaCode'],
['Location', 'Timezone', 'LocationTimezone'],
['Location', 'Region', 'LocationRegionName'],
# Hooked Page
['Hooked Page', 'Page Title', 'PageTitle'],
['Hooked Page', 'Page URI', 'PageURI'],