From 4fcc1dc5628ad023047329294622588bae0588c3 Mon Sep 17 00:00:00 2001
From: Brendan Coles <bcoles@gmail.com>
Date: Sun, 28 Sep 2014 04:25:20 +0000
Subject: [PATCH] Allow DNS lookups on zombie IP addresses

---
 config.yaml                                       |  3 +++
 core/main/handlers/browserdetails.rb              | 15 +++++++++++++++
 .../admin_ui/controllers/modules/modules.rb       |  1 +
 3 files changed, 19 insertions(+)

diff --git a/config.yaml b/config.yaml
index 9ad8baaa0..fcec9db00 100644
--- a/config.yaml
+++ b/config.yaml
@@ -119,6 +119,9 @@ beef:
         # set this to TRUE if you want to allow auto-run execution for modules with target->user_notify
         allow_user_notify: true
 
+    # Enables DNS lookups on zombie IP addresses
+    dns_hostname_lookup: false
+
     # IP Geolocation
     # NOTE: requires MaxMind database:
     #   curl -O http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
diff --git a/core/main/handlers/browserdetails.rb b/core/main/handlers/browserdetails.rb
index 916b2f575..8e3916e79 100644
--- a/core/main/handlers/browserdetails.rb
+++ b/core/main/handlers/browserdetails.rb
@@ -86,6 +86,21 @@ module BeEF
             self.err_msg "Invalid browser name returned from the hook browser's initial connection."
           end
 
+          # lookup zombie host name
+          ip_str = zombie.ip
+          if config.get('beef.dns_hostname_lookup')
+            begin
+              require 'resolv'
+              host_name = Resolv.getname(zombie.ip).to_s
+              if BeEF::Filters.is_valid_hostname?(host_name)
+                ip_str += " [#{host_name}]"
+              end
+            rescue
+              print_debug "[INIT] Reverse lookup failed - No results for IP address '#{zombie.ip}'"
+            end
+          end
+          BD.set(session_id, 'IP', ip_str)
+
           # geolocation
           if config.get('beef.geoip.enable')
             require 'geoip'
diff --git a/extensions/admin_ui/controllers/modules/modules.rb b/extensions/admin_ui/controllers/modules/modules.rb
index 885476f7e..e70b5f9ab 100644
--- a/extensions/admin_ui/controllers/modules/modules.rb
+++ b/extensions/admin_ui/controllers/modules/modules.rb
@@ -117,6 +117,7 @@ class Modules < BeEF::Extension::AdminUI::HttpController
         ['Hooked Page', 'Cookies',       'Cookies'],
 
         # Host
+        ['Host', 'Host Name/IP',     'IP'],
         ['Host', 'Date',             'DateStamp'],
         ['Host', 'Operating System', 'OsName'],
         ['Host', 'Hardware',         'Hardware'],