Added a bunch of new RESTful API calls: get categories, search module by name.

core/bootstrap.rb

@@ -50,6 +50,7 @@ require 'core/hbmanager'
 ## @note Include RESTful API
 require 'core/main/rest/handlers/hookedbrowsers'
 require 'core/main/rest/handlers/modules'
+require 'core/main/rest/handlers/categories'
 require 'core/main/rest/handlers/logs'
 require 'core/main/rest/handlers/admin'
 require 'core/main/rest/api'

core/main/rest/api.rb

@@ -29,6 +29,12 @@ module BeEF
         end
       end
 
+      module RegisterCategoriesHandler
+        def self.mount_handler(server)
+          server.mount('/api/categories', BeEF::Core::Rest::Categories.new)
+        end
+      end
+
       module RegisterLogsHandler
         def self.mount_handler(server)
           server.mount('/api/logs', BeEF::Core::Rest::Logs.new)
@@ -43,6 +49,8 @@ module BeEF
 
       BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterHooksHandler, BeEF::API::Server, 'mount_handler')
       BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterModulesHandler, BeEF::API::Server, 'mount_handler')
+      BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterCategoriesHandler, BeEF::API::Server, 'mount_handler')
+
       BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterLogsHandler, BeEF::API::Server, 'mount_handler')
       BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterAdminHandler, BeEF::API::Server, 'mount_handler')
 

core/main/rest/handlers/categories.rb

@@ -0,0 +1,49 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+
+module BeEF
+  module Core
+    module Rest
+      class Categories < BeEF::Core::Router::Router
+
+        config = BeEF::Core::Configuration.instance
+
+        before do
+          error 401 unless params[:token] == config.get('beef.api_token')
+          halt 401 if not BeEF::Core::Rest.permitted_source?(request.ip)
+          headers 'Content-Type' => 'application/json; charset=UTF-8',
+                  'Pragma' => 'no-cache',
+                  'Cache-Control' => 'no-cache',
+                  'Expires' => '0'
+        end
+
+        get '/' do
+           categories = BeEF::Modules::get_categories
+           cats = Array.new
+           i = 0
+           # todo add sub-categories support!
+           categories.each do |category|
+             cat = {"id" => i, "name" => category}
+             cats << cat
+             i += 1
+           end
+           cats.to_json
+        end
+
+      end
+    end
+  end
+end

core/main/rest/handlers/hookedbrowsers.rb

@@ -30,12 +30,16 @@ module BeEF
                   'Expires' => '0'
         end
 
+        #
         # @note Return a can of Leffe to the thirsty Bovine Security Team member. AthCon2012 joke /antisnatchor/
+        #
         #get "/to/a/pub"
         #  "BeER please"
         #end
 
+        #
         # @note Get online and offline hooked browsers details (like name, version, os, ip, port, ...)
+        #
         get '/' do
           online_hooks = hb_to_json(BeEF::Core::Models::HookedBrowser.all(:lastseen.gte => (Time.new.to_i - 15)))
           offline_hooks = hb_to_json(BeEF::Core::Models::HookedBrowser.all(:lastseen.lt => (Time.new.to_i - 15)))
@@ -49,7 +53,9 @@ module BeEF
           output.to_json
         end
 
+        #
         # @note Get all the hooked browser details (plugins enabled, technologies enabled, cookies)
+        #
         get '/:session' do
           hb = BeEF::Core::Models::HookedBrowser.first(:session => params[:session])
           error 401 unless hb != nil

core/main/rest/handlers/logs.rb

@@ -30,13 +30,17 @@ module BeEF
                   'Expires' => '0'
         end
 
+        #
         # @note Get all global logs
+        #
         get '/' do
           logs = BeEF::Core::Models::Log.all()
           logs_to_json(logs)
         end
 
+        #
         # @note Get hooked browser logs
+        #
         get '/:session' do
           hb = BeEF::Core::Models::HookedBrowser.first(:session => params[:session])
           error 401 unless hb != nil

core/main/rest/handlers/modules.rb

@@ -30,7 +30,9 @@ module BeEF
                   'Expires' => '0'
         end
 
+        #
         # @note Get all available and enabled modules (id, name, category)
+        #
         get '/' do
           mods = BeEF::Core::Models::CommandModule.all
 
@@ -50,7 +52,18 @@ module BeEF
           mods_hash.to_json
         end
 
+        get '/search/:mod_name' do
+          mod = BeEF::Core::Models::CommandModule.first(:name => params[:mod_name])
+          result = {}
+          if mod != nil
+            result = {'id' => mod.id}
+          end
+          result.to_json
+        end
+
+        #
         # @note Get the module definition (info, options)
+        #
         get '/:mod_id' do
           cmd = BeEF::Core::Models::CommandModule.get(params[:mod_id])
           error 404 unless cmd != nil
@@ -76,20 +89,29 @@ module BeEF
         #Content-Type: application/json; charset=UTF-8
         #
         #{"date":"1331637093","data":"{\"data\":\"text=michele\"}"}
+        #
         get '/:session/:mod_id/:cmd_id' do
           hb = BeEF::Core::Models::HookedBrowser.first(:session => params[:session])
           error 401 unless hb != nil
           cmd = BeEF::Core::Models::Command.first(:hooked_browser_id => hb.id,
                                                   :command_module_id => params[:mod_id], :id => params[:cmd_id])
           error 404 unless cmd != nil
-          result = BeEF::Core::Models::Result.first(:hooked_browser_id => hb.id, :command_id => cmd.id)
-          error 404 unless result != nil
-          {
-             'date' => result.date,
-             'data' => result.data
-          }.to_json
+          results = BeEF::Core::Models::Result.all(:hooked_browser_id => hb.id, :command_id => cmd.id)
+          error 404 unless results != nil
+
+          results_hash = {}
+          i = 0
+          results.each do |result|
+            results_hash[i] = {
+                'date' => result.date,
+                'data' => result.data
+            }
+            i+=1
+          end
+          results_hash.to_json
         end
 
+        #
         # @note Fire a new command module to the specified hooked browser.
         # Return the command_id of the executed module if it has been fired correctly.
         # Input must be specified in JSON format
@@ -123,6 +145,7 @@ module BeEF
         #Content-Length: 35
         #
         #{"success":"true","command_id":"not_available"}
+        #
         post '/:session/:mod_id' do
           hb = BeEF::Core::Models::HookedBrowser.first(:session => params[:session])
           error 401 unless hb != nil
@@ -142,6 +165,7 @@ module BeEF
           end
         end
 
+        #
         #@note Fire a new command module to multiple hooked browsers.
         # Returns the command IDs of the launched modules, or 0 if firing got issues.
         # POST request body example (for modules that don't need parameters, just remove "mod_params")
@@ -156,6 +180,7 @@ module BeEF
         # curl example (alert module with custom text, 2 hooked browsers)):
         #curl -H "Content-Type: application/json; charset=UTF-8" -d '{"mod_id":110,"mod_params":{"text":"mucci?"},"hb_ids":[1,2]}'
         #-X POST http://127.0.0.1:3000/api/modules/multi?token=2316d82702b83a293e2d46a0886a003a6be0a633
+        #
         post '/multi' do
           request.body.rewind
           begin