Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added a bunch of new RESTful API calls: get categories, search module by name.

Browse Source
This commit is contained in:
antisnatchor
2012-10-22 15:30:27 +11:00
parent cbbb9e0d67
commit 5a2f30a0c0
6 changed files with 99 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
core/bootstrap.rb
View File

@@ -50,6 +50,7 @@ require 'core/hbmanager'
## @note Include RESTful API ## @note Include RESTful API
require 'core/main/rest/handlers/hookedbrowsers' require 'core/main/rest/handlers/hookedbrowsers'
require 'core/main/rest/handlers/modules' require 'core/main/rest/handlers/modules'
require 'core/main/rest/handlers/categories'
require 'core/main/rest/handlers/logs' require 'core/main/rest/handlers/logs'
require 'core/main/rest/handlers/admin' require 'core/main/rest/handlers/admin'
require 'core/main/rest/api' require 'core/main/rest/api'

8
core/main/rest/api.rb
View File

@@ -29,6 +29,12 @@ module BeEF
end end
end end
module RegisterCategoriesHandler
def self.mount_handler(server)
server.mount('/api/categories', BeEF::Core::Rest::Categories.new)
end
end
module RegisterLogsHandler module RegisterLogsHandler
def self.mount_handler(server) def self.mount_handler(server)
server.mount('/api/logs', BeEF::Core::Rest::Logs.new) server.mount('/api/logs', BeEF::Core::Rest::Logs.new)
@@ -43,6 +49,8 @@ module BeEF
BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterHooksHandler, BeEF::API::Server, 'mount_handler') BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterHooksHandler, BeEF::API::Server, 'mount_handler')
BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterModulesHandler, BeEF::API::Server, 'mount_handler') BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterModulesHandler, BeEF::API::Server, 'mount_handler')
BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterCategoriesHandler, BeEF::API::Server, 'mount_handler')
BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterLogsHandler, BeEF::API::Server, 'mount_handler') BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterLogsHandler, BeEF::API::Server, 'mount_handler')
BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterAdminHandler, BeEF::API::Server, 'mount_handler') BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterAdminHandler, BeEF::API::Server, 'mount_handler')

49
core/main/rest/handlers/categories.rb Normal file
View File

@@ -0,0 +1,49 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
module BeEF
module Core
module Rest
class Categories < BeEF::Core::Router::Router
config = BeEF::Core::Configuration.instance
before do
error 401 unless params[:token] == config.get('beef.api_token')
halt 401 if not BeEF::Core::Rest.permitted_source?(request.ip)
headers 'Content-Type' => 'application/json; charset=UTF-8',
'Pragma' => 'no-cache',
'Cache-Control' => 'no-cache',
'Expires' => '0'
end
get '/' do
categories = BeEF::Modules::get_categories
cats = Array.new
i = 0
# todo add sub-categories support!
categories.each do |category|
cat = {"id" => i, "name" => category}
cats << cat
i += 1
end
cats.to_json
end
end
end
end
end

6
core/main/rest/handlers/hookedbrowsers.rb
View File

@@ -30,12 +30,16 @@ module BeEF
'Expires' => '0' 'Expires' => '0'
end end
#
# @note Return a can of Leffe to the thirsty Bovine Security Team member. AthCon2012 joke /antisnatchor/ # @note Return a can of Leffe to the thirsty Bovine Security Team member. AthCon2012 joke /antisnatchor/
#
#get "/to/a/pub" #get "/to/a/pub"
# "BeER please" # "BeER please"
#end #end
#
# @note Get online and offline hooked browsers details (like name, version, os, ip, port, ...) # @note Get online and offline hooked browsers details (like name, version, os, ip, port, ...)
#
get '/' do get '/' do
online_hooks = hb_to_json(BeEF::Core::Models::HookedBrowser.all(:lastseen.gte => (Time.new.to_i - 15))) online_hooks = hb_to_json(BeEF::Core::Models::HookedBrowser.all(:lastseen.gte => (Time.new.to_i - 15)))
offline_hooks = hb_to_json(BeEF::Core::Models::HookedBrowser.all(:lastseen.lt => (Time.new.to_i - 15))) offline_hooks = hb_to_json(BeEF::Core::Models::HookedBrowser.all(:lastseen.lt => (Time.new.to_i - 15)))
@@ -49,7 +53,9 @@ module BeEF
output.to_json output.to_json
end end
#
# @note Get all the hooked browser details (plugins enabled, technologies enabled, cookies) # @note Get all the hooked browser details (plugins enabled, technologies enabled, cookies)
#
get '/:session' do get '/:session' do
hb = BeEF::Core::Models::HookedBrowser.first(:session => params[:session]) hb = BeEF::Core::Models::HookedBrowser.first(:session => params[:session])
error 401 unless hb != nil error 401 unless hb != nil

4
core/main/rest/handlers/logs.rb
View File

@@ -30,13 +30,17 @@ module BeEF
'Expires' => '0' 'Expires' => '0'
end end
#
# @note Get all global logs # @note Get all global logs
#
get '/' do get '/' do
logs = BeEF::Core::Models::Log.all() logs = BeEF::Core::Models::Log.all()
logs_to_json(logs) logs_to_json(logs)
end end
#
# @note Get hooked browser logs # @note Get hooked browser logs
#
get '/:session' do get '/:session' do
hb = BeEF::Core::Models::HookedBrowser.first(:session => params[:session]) hb = BeEF::Core::Models::HookedBrowser.first(:session => params[:session])
error 401 unless hb != nil error 401 unless hb != nil

37
core/main/rest/handlers/modules.rb
View File

@@ -30,7 +30,9 @@ module BeEF
'Expires' => '0' 'Expires' => '0'
end end
#
# @note Get all available and enabled modules (id, name, category) # @note Get all available and enabled modules (id, name, category)
#
get '/' do get '/' do
mods = BeEF::Core::Models::CommandModule.all mods = BeEF::Core::Models::CommandModule.all
@@ -50,7 +52,18 @@ module BeEF
mods_hash.to_json mods_hash.to_json
end end
get '/search/:mod_name' do
mod = BeEF::Core::Models::CommandModule.first(:name => params[:mod_name])
result = {}
if mod != nil
result = {'id' => mod.id}
end
result.to_json
end
#
# @note Get the module definition (info, options) # @note Get the module definition (info, options)
#
get '/:mod_id' do get '/:mod_id' do
cmd = BeEF::Core::Models::CommandModule.get(params[:mod_id]) cmd = BeEF::Core::Models::CommandModule.get(params[:mod_id])
error 404 unless cmd != nil error 404 unless cmd != nil
@@ -76,20 +89,29 @@ module BeEF
#Content-Type: application/json; charset=UTF-8 #Content-Type: application/json; charset=UTF-8
# #
#{"date":"1331637093","data":"{\"data\":\"text=michele\"}"} #{"date":"1331637093","data":"{\"data\":\"text=michele\"}"}
#
get '/:session/:mod_id/:cmd_id' do get '/:session/:mod_id/:cmd_id' do
hb = BeEF::Core::Models::HookedBrowser.first(:session => params[:session]) hb = BeEF::Core::Models::HookedBrowser.first(:session => params[:session])
error 401 unless hb != nil error 401 unless hb != nil
cmd = BeEF::Core::Models::Command.first(:hooked_browser_id => hb.id, cmd = BeEF::Core::Models::Command.first(:hooked_browser_id => hb.id,
:command_module_id => params[:mod_id], :id => params[:cmd_id]) :command_module_id => params[:mod_id], :id => params[:cmd_id])
error 404 unless cmd != nil error 404 unless cmd != nil
result = BeEF::Core::Models::Result.first(:hooked_browser_id => hb.id, :command_id => cmd.id) results = BeEF::Core::Models::Result.all(:hooked_browser_id => hb.id, :command_id => cmd.id)
error 404 unless result != nil error 404 unless results != nil
{
'date' => result.date, results_hash = {}
'data' => result.data i = 0
}.to_json results.each do |result|
results_hash[i] = {
'date' => result.date,
'data' => result.data
}
i+=1
end
results_hash.to_json
end end
#
# @note Fire a new command module to the specified hooked browser. # @note Fire a new command module to the specified hooked browser.
# Return the command_id of the executed module if it has been fired correctly. # Return the command_id of the executed module if it has been fired correctly.
# Input must be specified in JSON format # Input must be specified in JSON format
@@ -123,6 +145,7 @@ module BeEF
#Content-Length: 35 #Content-Length: 35
# #
#{"success":"true","command_id":"not_available"} #{"success":"true","command_id":"not_available"}
#
post '/:session/:mod_id' do post '/:session/:mod_id' do
hb = BeEF::Core::Models::HookedBrowser.first(:session => params[:session]) hb = BeEF::Core::Models::HookedBrowser.first(:session => params[:session])
error 401 unless hb != nil error 401 unless hb != nil
@@ -142,6 +165,7 @@ module BeEF
end end
end end
#
#@note Fire a new command module to multiple hooked browsers. #@note Fire a new command module to multiple hooked browsers.
# Returns the command IDs of the launched modules, or 0 if firing got issues. # Returns the command IDs of the launched modules, or 0 if firing got issues.
# POST request body example (for modules that don't need parameters, just remove "mod_params") # POST request body example (for modules that don't need parameters, just remove "mod_params")
@@ -156,6 +180,7 @@ module BeEF
# curl example (alert module with custom text, 2 hooked browsers)): # curl example (alert module with custom text, 2 hooked browsers)):
#curl -H "Content-Type: application/json; charset=UTF-8" -d '{"mod_id":110,"mod_params":{"text":"mucci?"},"hb_ids":[1,2]}' #curl -H "Content-Type: application/json; charset=UTF-8" -d '{"mod_id":110,"mod_params":{"text":"mucci?"},"hb_ids":[1,2]}'
#-X POST http://127.0.0.1:3000/api/modules/multi?token=2316d82702b83a293e2d46a0886a003a6be0a633 #-X POST http://127.0.0.1:3000/api/modules/multi?token=2316d82702b83a293e2d46a0886a003a6be0a633
#
post '/multi' do post '/multi' do
request.body.rewind request.body.rewind
begin begin