From 5a2f30a0c042360c09cc63072bcc3fe3e10656dd Mon Sep 17 00:00:00 2001 From: antisnatchor Date: Mon, 22 Oct 2012 15:30:27 +1100 Subject: [PATCH] Added a bunch of new RESTful API calls: get categories, search module by name. --- core/bootstrap.rb | 1 + core/main/rest/api.rb | 8 ++++ core/main/rest/handlers/categories.rb | 49 +++++++++++++++++++++++ core/main/rest/handlers/hookedbrowsers.rb | 6 +++ core/main/rest/handlers/logs.rb | 4 ++ core/main/rest/handlers/modules.rb | 37 ++++++++++++++--- 6 files changed, 99 insertions(+), 6 deletions(-) create mode 100644 core/main/rest/handlers/categories.rb diff --git a/core/bootstrap.rb b/core/bootstrap.rb index 0ae748c22..3db52a26c 100644 --- a/core/bootstrap.rb +++ b/core/bootstrap.rb @@ -50,6 +50,7 @@ require 'core/hbmanager' ## @note Include RESTful API require 'core/main/rest/handlers/hookedbrowsers' require 'core/main/rest/handlers/modules' +require 'core/main/rest/handlers/categories' require 'core/main/rest/handlers/logs' require 'core/main/rest/handlers/admin' require 'core/main/rest/api' diff --git a/core/main/rest/api.rb b/core/main/rest/api.rb index 0f8ce0b7c..4a848696c 100644 --- a/core/main/rest/api.rb +++ b/core/main/rest/api.rb @@ -29,6 +29,12 @@ module BeEF end end + module RegisterCategoriesHandler + def self.mount_handler(server) + server.mount('/api/categories', BeEF::Core::Rest::Categories.new) + end + end + module RegisterLogsHandler def self.mount_handler(server) server.mount('/api/logs', BeEF::Core::Rest::Logs.new) @@ -43,6 +49,8 @@ module BeEF BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterHooksHandler, BeEF::API::Server, 'mount_handler') BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterModulesHandler, BeEF::API::Server, 'mount_handler') + BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterCategoriesHandler, BeEF::API::Server, 'mount_handler') + BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterLogsHandler, BeEF::API::Server, 'mount_handler') BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterAdminHandler, BeEF::API::Server, 'mount_handler') diff --git a/core/main/rest/handlers/categories.rb b/core/main/rest/handlers/categories.rb new file mode 100644 index 000000000..edb2fd242 --- /dev/null +++ b/core/main/rest/handlers/categories.rb @@ -0,0 +1,49 @@ +# +# Copyright 2012 Wade Alcorn wade@bindshell.net +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +module BeEF + module Core + module Rest + class Categories < BeEF::Core::Router::Router + + config = BeEF::Core::Configuration.instance + + before do + error 401 unless params[:token] == config.get('beef.api_token') + halt 401 if not BeEF::Core::Rest.permitted_source?(request.ip) + headers 'Content-Type' => 'application/json; charset=UTF-8', + 'Pragma' => 'no-cache', + 'Cache-Control' => 'no-cache', + 'Expires' => '0' + end + + get '/' do + categories = BeEF::Modules::get_categories + cats = Array.new + i = 0 + # todo add sub-categories support! + categories.each do |category| + cat = {"id" => i, "name" => category} + cats << cat + i += 1 + end + cats.to_json + end + + end + end + end +end \ No newline at end of file diff --git a/core/main/rest/handlers/hookedbrowsers.rb b/core/main/rest/handlers/hookedbrowsers.rb index f0ecf6bbd..20d38047a 100644 --- a/core/main/rest/handlers/hookedbrowsers.rb +++ b/core/main/rest/handlers/hookedbrowsers.rb @@ -30,12 +30,16 @@ module BeEF 'Expires' => '0' end + # # @note Return a can of Leffe to the thirsty Bovine Security Team member. AthCon2012 joke /antisnatchor/ + # #get "/to/a/pub" # "BeER please" #end + # # @note Get online and offline hooked browsers details (like name, version, os, ip, port, ...) + # get '/' do online_hooks = hb_to_json(BeEF::Core::Models::HookedBrowser.all(:lastseen.gte => (Time.new.to_i - 15))) offline_hooks = hb_to_json(BeEF::Core::Models::HookedBrowser.all(:lastseen.lt => (Time.new.to_i - 15))) @@ -49,7 +53,9 @@ module BeEF output.to_json end + # # @note Get all the hooked browser details (plugins enabled, technologies enabled, cookies) + # get '/:session' do hb = BeEF::Core::Models::HookedBrowser.first(:session => params[:session]) error 401 unless hb != nil diff --git a/core/main/rest/handlers/logs.rb b/core/main/rest/handlers/logs.rb index 848e1fd2e..7f90ad884 100644 --- a/core/main/rest/handlers/logs.rb +++ b/core/main/rest/handlers/logs.rb @@ -30,13 +30,17 @@ module BeEF 'Expires' => '0' end + # # @note Get all global logs + # get '/' do logs = BeEF::Core::Models::Log.all() logs_to_json(logs) end + # # @note Get hooked browser logs + # get '/:session' do hb = BeEF::Core::Models::HookedBrowser.first(:session => params[:session]) error 401 unless hb != nil diff --git a/core/main/rest/handlers/modules.rb b/core/main/rest/handlers/modules.rb index 158a9209f..bc3c8a8b3 100644 --- a/core/main/rest/handlers/modules.rb +++ b/core/main/rest/handlers/modules.rb @@ -30,7 +30,9 @@ module BeEF 'Expires' => '0' end + # # @note Get all available and enabled modules (id, name, category) + # get '/' do mods = BeEF::Core::Models::CommandModule.all @@ -50,7 +52,18 @@ module BeEF mods_hash.to_json end + get '/search/:mod_name' do + mod = BeEF::Core::Models::CommandModule.first(:name => params[:mod_name]) + result = {} + if mod != nil + result = {'id' => mod.id} + end + result.to_json + end + + # # @note Get the module definition (info, options) + # get '/:mod_id' do cmd = BeEF::Core::Models::CommandModule.get(params[:mod_id]) error 404 unless cmd != nil @@ -76,20 +89,29 @@ module BeEF #Content-Type: application/json; charset=UTF-8 # #{"date":"1331637093","data":"{\"data\":\"text=michele\"}"} + # get '/:session/:mod_id/:cmd_id' do hb = BeEF::Core::Models::HookedBrowser.first(:session => params[:session]) error 401 unless hb != nil cmd = BeEF::Core::Models::Command.first(:hooked_browser_id => hb.id, :command_module_id => params[:mod_id], :id => params[:cmd_id]) error 404 unless cmd != nil - result = BeEF::Core::Models::Result.first(:hooked_browser_id => hb.id, :command_id => cmd.id) - error 404 unless result != nil - { - 'date' => result.date, - 'data' => result.data - }.to_json + results = BeEF::Core::Models::Result.all(:hooked_browser_id => hb.id, :command_id => cmd.id) + error 404 unless results != nil + + results_hash = {} + i = 0 + results.each do |result| + results_hash[i] = { + 'date' => result.date, + 'data' => result.data + } + i+=1 + end + results_hash.to_json end + # # @note Fire a new command module to the specified hooked browser. # Return the command_id of the executed module if it has been fired correctly. # Input must be specified in JSON format @@ -123,6 +145,7 @@ module BeEF #Content-Length: 35 # #{"success":"true","command_id":"not_available"} + # post '/:session/:mod_id' do hb = BeEF::Core::Models::HookedBrowser.first(:session => params[:session]) error 401 unless hb != nil @@ -142,6 +165,7 @@ module BeEF end end + # #@note Fire a new command module to multiple hooked browsers. # Returns the command IDs of the launched modules, or 0 if firing got issues. # POST request body example (for modules that don't need parameters, just remove "mod_params") @@ -156,6 +180,7 @@ module BeEF # curl example (alert module with custom text, 2 hooked browsers)): #curl -H "Content-Type: application/json; charset=UTF-8" -d '{"mod_id":110,"mod_params":{"text":"mucci?"},"hb_ids":[1,2]}' #-X POST http://127.0.0.1:3000/api/modules/multi?token=2316d82702b83a293e2d46a0886a003a6be0a633 + # post '/multi' do request.body.rewind begin