Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Modules: Resolve many Rubocop violations

Browse Source
This commit is contained in:
Brendan Coles
2022-01-22 12:46:42 +00:00
parent bbe805f017
commit a64480dfab
317 changed files with 3238 additions and 3965 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
modules/misc/blockui/module.rb
View File

@@ -4,18 +4,17 @@
# See the file 'doc/COPYING' for copying permission
#
class Blockui < BeEF::Core::Command
def self.options
return [
{'name' => 'message', 'ui_label' => 'Message', 'type' => 'textarea', 'value' => '<p>Please wait while your data is being saved...</p>', 'width' => '400px', 'height' => '100px' },
{'name' => 'timeout', 'ui_label' => 'Timeout (s)', 'value' => '30', 'width' => '400px' }
[
{ 'name' => 'message', 'ui_label' => 'Message', 'type' => 'textarea', 'value' => '<p>Please wait while your data is being saved...</p>', 'width' => '400px',
'height' => '100px' },
{ 'name' => 'timeout', 'ui_label' => 'Timeout (s)', 'value' => '30', 'width' => '400px' }
]
end
def post_execute
content = {}
content['result'] = @datastore['result']
save content
end
end

25
modules/misc/cryptoloot_miner/module.rb
View File

@@ -10,20 +10,19 @@
class Cryptoloot_miner < BeEF::Core::Command
def self.options
[{ 'name' => 'public_token',
'description' => 'Public Token',
'ui_label' => 'Public Token',
'value' => 'ae5c906cfd37610626e86e25786866d6d2ff1c258d5f',
'type' => 'text'
},
{ 'name' => 'report_interval',
'description' => 'Report Interval (in seconds)',
'ui_label' => 'Report Interval (s)',
'value' => '30',
'type' => 'text'
}]
[{ 'name' => 'public_token',
'description' => 'Public Token',
'ui_label' => 'Public Token',
'value' => 'ae5c906cfd37610626e86e25786866d6d2ff1c258d5f',
'type' => 'text' },
{ 'name' => 'report_interval',
'description' => 'Report Interval (in seconds)',
'ui_label' => 'Report Interval (s)',
'value' => '30',
'type' => 'text' }]
end
def post_execute
save({'result' => @datastore['result']})
save({ 'result' => @datastore['result'] })
end
end

18
modules/misc/ibm_inotes/extract_inotes_list/module.rb
View File

@@ -14,16 +14,16 @@
# limitations under the License.
#
class Extract_inotes_list < BeEF::Core::Command
def self.options
return [
{'type' => 'label', 'html' => 'Provide date boundaries to retrieve a list of Notes:' },
{'type' => 'textfield', 'name' => 'startdate', 'ui_label' => 'startdate yyyymmdd', 'value' => '20140101'},
{'type' => 'textfield', 'name' => 'enddate', 'ui_label' => 'enddate yyyymmdd', 'value' => '20500101'},
{'type' => 'textfield', 'name' => 'count', 'ui_label' => 'number of items returned', 'value' => '-1'},
def self.options
[
{ 'type' => 'label', 'html' => 'Provide date boundaries to retrieve a list of Notes:' },
{ 'type' => 'textfield', 'name' => 'startdate', 'ui_label' => 'startdate yyyymmdd', 'value' => '20140101' },
{ 'type' => 'textfield', 'name' => 'enddate', 'ui_label' => 'enddate yyyymmdd', 'value' => '20500101' },
{ 'type' => 'textfield', 'name' => 'count', 'ui_label' => 'number of items returned', 'value' => '-1' }
]
end
def post_execute
save({'result' => @datastore['result']})
end
def post_execute
save({ 'result' => @datastore['result'] })
end
end

20
modules/misc/ibm_inotes/inotes_flooder/module.rb
View File

@@ -14,17 +14,17 @@
# limitations under the License.
#
class Inotes_flooder < BeEF::Core::Command
def self.options
return [
{'type' => 'label', 'html' => 'Send a note to someone with an attachment:' },
{'type' => 'textfield', 'name' => 'to', 'ui_label' => 'TO', 'value' => ''},
{'type' => 'textfield', 'name' => 'subject', 'ui_label' => 'Subject', 'value' => ''},
{'name'=>'body', 'ui_label' => 'Body', 'type'=>'textarea', 'value'=>''},
{'type' => 'textfield', 'name' => 'delay', 'ui_label' => 'Delay (ms)', 'value' => '100'}
def self.options
[
{ 'type' => 'label', 'html' => 'Send a note to someone with an attachment:' },
{ 'type' => 'textfield', 'name' => 'to', 'ui_label' => 'TO', 'value' => '' },
{ 'type' => 'textfield', 'name' => 'subject', 'ui_label' => 'Subject', 'value' => '' },
{ 'name' => 'body', 'ui_label' => 'Body', 'type' => 'textarea', 'value' => '' },
{ 'type' => 'textfield', 'name' => 'delay', 'ui_label' => 'Delay (ms)', 'value' => '100' }
]
end
def post_execute
save({'result' => @datastore['result']})
end
def post_execute
save({ 'result' => @datastore['result'] })
end
end

14
modules/misc/ibm_inotes/read_inotes/module.rb
View File

@@ -14,14 +14,14 @@
# limitations under the License.
#
class Read_inotes < BeEF::Core::Command
def self.options
return [
{'type' => 'label', 'html' => 'Provide unid to retrieve details of a Note:' },
{'type' => 'textfield', 'name' => 'unid', 'ui_label' => 'notes unid', 'value' => '1'}
def self.options
[
{ 'type' => 'label', 'html' => 'Provide unid to retrieve details of a Note:' },
{ 'type' => 'textfield', 'name' => 'unid', 'ui_label' => 'notes unid', 'value' => '1' }
]
end
def post_execute
save({'result' => @datastore['result']})
end
def post_execute
save({ 'result' => @datastore['result'] })
end
end

18
modules/misc/ibm_inotes/send_inotes/module.rb
View File

@@ -14,16 +14,16 @@
# limitations under the License.
#
class Send_inotes < BeEF::Core::Command
def self.options
return [
{'type' => 'label', 'html' => 'Send a note to someone:' },
{'type' => 'textfield', 'name' => 'to', 'ui_label' => 'TO:', 'value' => ''},
{'type' => 'textfield', 'name' => 'subject', 'ui_label' => 'Subject:', 'value' => ''},
{'name'=>'body', 'ui_label' => 'Body', 'type'=>'textarea', 'value'=>''}
def self.options
[
{ 'type' => 'label', 'html' => 'Send a note to someone:' },
{ 'type' => 'textfield', 'name' => 'to', 'ui_label' => 'TO:', 'value' => '' },
{ 'type' => 'textfield', 'name' => 'subject', 'ui_label' => 'Subject:', 'value' => '' },
{ 'name' => 'body', 'ui_label' => 'Body', 'type' => 'textarea', 'value' => '' }
]
end
def post_execute
save({'result' => @datastore['result']})
end
def post_execute
save({ 'result' => @datastore['result'] })
end
end

23
modules/misc/ibm_inotes/send_inotes_with_attachment/module.rb
View File

File diff suppressed because one or more lines are too long

10
modules/misc/iframe_keylogger/module.rb
View File

@@ -4,18 +4,16 @@
# See the file 'doc/COPYING' for copying permission
#
class Iframe_keylogger < BeEF::Core::Command
def self.options
return [
{'name' => 'iFrameSrc', 'ui_label'=>'iFrame Src', 'type' => 'textarea', 'value' =>'/demos/secret_page.html', 'width' => '400px', 'height' => '50px'},
{'name' => 'sendBackInterval', 'ui_label' => 'Send Back Interval (ms)', 'value' => '2000', 'width'=>'100px' }
[
{ 'name' => 'iFrameSrc', 'ui_label' => 'iFrame Src', 'type' => 'textarea', 'value' => '/demos/secret_page.html', 'width' => '400px', 'height' => '50px' },
{ 'name' => 'sendBackInterval', 'ui_label' => 'Send Back Interval (ms)', 'value' => '2000', 'width' => '100px' }
]
end
def post_execute
content = {}
content['keystrokes'] = @datastore['keystrokes']
save content
end
end

17
modules/misc/iframe_sniffer/module.rb
View File

@@ -4,23 +4,22 @@
# See the file 'doc/COPYING' for copying permission
#
class Iframe_sniffer < BeEF::Core::Command
def pre_send
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/misc/iframe_sniffer/leakyframe.js','/leakyframe','js')
end
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/misc/iframe_sniffer/leakyframe.js', '/leakyframe', 'js')
end
def self.options
return [
{'name' => 'inputUrl', 'ui_label'=>'input URL', 'type' => 'textarea', 'value' =>'http://en.wikipedia.org/wiki/Beef', 'width' => '400px', 'height' => '50px'},
{'name' => 'anchorsToCheck', 'ui_label' => 'anchors to check', 'value' => 'History,Exploit,Etymology,References,ABCDE', 'type' => 'textarea', 'width' => '400px', 'height' => '100px' }
[
{ 'name' => 'inputUrl', 'ui_label' => 'input URL', 'type' => 'textarea', 'value' => 'http://en.wikipedia.org/wiki/Beef', 'width' => '400px', 'height' => '50px' },
{ 'name' => 'anchorsToCheck', 'ui_label' => 'anchors to check', 'value' => 'History,Exploit,Etymology,References,ABCDE', 'type' => 'textarea', 'width' => '400px',
'height' => '100px' }
]
end
def post_execute
content = {}
content['resultList'] = @datastore['resultList']
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('leakyframe.js')
save content
end
end

18
modules/misc/invisible_iframe/module.rb
View File

@@ -4,15 +4,13 @@
# See the file 'doc/COPYING' for copying permission
#
class Invisible_iframe < BeEF::Core::Command
def self.options
[
{ 'name' => 'target', 'ui_label' => 'URL', 'value' => 'http://beefproject.com/' }
]
end
def self.options
return [
{'name' => 'target', 'ui_label' => 'URL', 'value' => 'http://beefproject.com/'}
]
end
def post_execute
save({'result' => @datastore['result']})
end
def post_execute
save({ 'result' => @datastore['result'] })
end
end

19
modules/misc/local_file_theft/module.rb
View File

@@ -8,21 +8,18 @@
# Shamelessly plagurised from kos.io/xsspwn
class Local_file_theft < BeEF::Core::Command
def self.options
return [
{'name' => 'target_file',
'description' => 'The full path to the local file to steal e.g. file:///var/mobile/Library/AddressBook/AddressBook.sqlitedb',
'ui_label' => 'Target file',
'value' => 'autodetect'
}
[
{ 'name' => 'target_file',
'description' => 'The full path to the local file to steal e.g. file:///var/mobile/Library/AddressBook/AddressBook.sqlitedb',
'ui_label' => 'Target file',
'value' => 'autodetect' }
]
end
def post_execute
def post_execute
content = {}
content['result'] = @datastore['result']
save content
end
end
end

13
modules/misc/nosleep/module.rb
View File

@@ -5,14 +5,13 @@
#
class No_sleep < BeEF::Core::Command
def pre_send
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/misc/nosleep/NoSleep.min.js','/NoSleep', 'js')
end
def self.options
return [
]
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/misc/nosleep/NoSleep.min.js', '/NoSleep', 'js')
end
def self.options
[]
end
def post_execute
content = {}
content['result'] = @datastore['result']

12
modules/misc/raw_javascript/module.rb
View File

@@ -4,20 +4,18 @@
# See the file 'doc/COPYING' for copying permission
#
class Raw_javascript < BeEF::Core::Command
def self.options
return [
{'name' => 'cmd', 'description' => 'Javascript Code', 'ui_label' => 'Javascript Code', 'value' => "alert(\'BeEF Raw Javascript\');\nreturn \'It worked!\';", 'type' => 'textarea', 'width' => '400px', 'height' => '100px'},
[
{ 'name' => 'cmd', 'description' => 'Javascript Code', 'ui_label' => 'Javascript Code', 'value' => "alert(\'BeEF Raw Javascript\');\nreturn \'It worked!\';",
'type' => 'textarea', 'width' => '400px', 'height' => '100px' }
]
end
#
# This method is being called when a zombie sends some
# data back to the framework.
#
def post_execute
save({'result' => @datastore['result']})
save({ 'result' => @datastore['result'] })
end
end

4
modules/misc/read_gmail/module.rb
View File

@@ -14,13 +14,11 @@
# limitations under the License.
#
class Read_gmail < BeEF::Core::Command
#
# This method is being called when a zombie sends some
# data back to the framework.
#
def post_execute
save({'result' => @datastore['result']})
save({ 'result' => @datastore['result'] })
end
end

3
modules/misc/track_physical_movement/module.rb
View File

@@ -7,7 +7,8 @@ class Track_physical_movement < BeEF::Core::Command
def self.options
[]
end
def post_execute
save({'result' => @datastore['result']})
save({ 'result' => @datastore['result'] })
end
end

2
modules/misc/unblockui/module.rb
View File

@@ -4,11 +4,9 @@
# See the file 'doc/COPYING' for copying permission
#
class Unblockui < BeEF::Core::Command
def post_execute
content = {}
content['result'] = @datastore['result']
save content
end
end

29
modules/misc/wordpress/add_user/module.rb
View File

@@ -1,9 +1,9 @@
#
# Copyright (c) Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
#
# This is a complete rewrite of the original module exploits/wordpress_add_admin which was not working anymore
#
#
# Original Author: Daniel Reece (@HBRN8).
# Rewritten by Erwan LR (@erwan_lr | WPScanTeam) - https://wpscan.org/
#
@@ -12,25 +12,24 @@ require_relative '../wordpress_command'
class Wordpress_add_user < WordPressCommand
def self.options
super() + [
{ 'name' => 'username', 'ui_label' => 'Username', 'value' => 'beef' },
{ 'name' => 'username', 'ui_label' => 'Username', 'value' => 'beef' },
{ 'name' => 'password', 'ui_label' => 'Pwd', 'value' => SecureRandom.hex(5) },
{ 'name' => 'email', 'ui_label' => 'Email', 'value' => '' },
{ 'name' => 'role',
'type' => 'combobox',
'ui_label' => 'Role',
'store_type' => 'arraystore',
'type' => 'combobox',
'ui_label' => 'Role',
'store_type' => 'arraystore',
'store_fields' => ['role'],
'store_data' => [['administrator'], ['editor'], ['author'], ['contributor'], ['subscriber']],
'value' => 'administrator',
'valueField' => 'role',
'store_data' => [['administrator'], ['editor'], ['author'], ['contributor'], ['subscriber']],
'value' => 'administrator',
'valueField' => 'role',
'displayField' => 'role',
'mode' => 'local',
}
#{ 'name' => 'domail', 'type' => 'checkbox', 'ui_label' => 'Success mail?:', 'checked' => 'true' },
'mode' => 'local' }
# { 'name' => 'domail', 'type' => 'checkbox', 'ui_label' => 'Success mail?:', 'checked' => 'true' },
# If one day optional options are supported:
#{ 'name' => 'url', 'ui_label' => 'Website:', 'value' => '' },
#{ 'name' => 'fname', 'ui_label' => 'FirstName:', 'value' => '' },
#{ 'name' => 'lname', 'ui_label' => 'LastName:', 'value' => '' }
# { 'name' => 'url', 'ui_label' => 'Website:', 'value' => '' },
# { 'name' => 'fname', 'ui_label' => 'FirstName:', 'value' => '' },
# { 'name' => 'lname', 'ui_label' => 'LastName:', 'value' => '' }
]
end
end

12
modules/misc/wordpress/upload_rce_plugin/module.rb
View File

@@ -19,23 +19,23 @@ class Wordpress_upload_rce_plugin < WordPressCommand
# This allows easy modification of the beefbind.php to suit the needs, as well as being automatically generated
# even when the module is used with automated rules
def self.generate_zip_payload(auth_key)
stringio = Zip::OutputStream::write_buffer do |zio|
zio.put_next_entry("beefbind.php")
stringio = Zip::OutputStream.write_buffer do |zio|
zio.put_next_entry('beefbind.php')
file_content = File.read(File.join(File.dirname(__FILE__), 'beefbind.php')).to_s
file_content.gsub!(/#SHA1HASH#/, Digest::SHA1.hexdigest(auth_key))
zio.write(file_content)
end
stringio.rewind
payload = stringio.sysread
escaped_payload = ''
# Escape payload to be able to put it in the JS
payload.each_byte do |byte|
escaped_payload << "\\" + ("x%02X" % byte)
escaped_payload << ("\\#{'x%02X' % byte}")
end
escaped_payload

6
modules/misc/wordpress/wordpress_command.rb
View File

@@ -10,7 +10,7 @@ require 'securerandom'
class WordPressCommand < BeEF::Core::Command
def pre_send
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/misc/wordpress/wp.js', '/wp', 'js')
end
end
# If we could retrive the hooked URL, we could try to determine the wp_path to be set below
def self.options
@@ -18,13 +18,13 @@ class WordPressCommand < BeEF::Core::Command
{ 'name' => 'wp_path', 'ui_label' => 'WordPress Path', 'value' => '/' }
]
end
# This one is triggered each time a beef.net.send is called
def post_execute
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('wp.js')
return unless @datastore['result']
save({ 'result' => @datastore['result'] })
end
end

11
modules/misc/wordpress_post_auth_rce/module.rb
View File

@@ -4,16 +4,15 @@
# See the file 'doc/COPYING' for copying permission
#
class Wordpress_post_auth_rce < BeEF::Core::Command
def self.options
return [
{'name'=>'wordpress_url', 'ui_label' =>'Target Web Server','value'=>'http://vulnerable-wordpress.site/wordpress','width'=>'400px'}
[
{ 'name' => 'wordpress_url', 'ui_label' => 'Target Web Server', 'value' => 'http://vulnerable-wordpress.site/wordpress', 'width' => '400px' }
]
end
def post_execute
return if @datastore['result'].nil?
save({'result' => @datastore['result']})
save({ 'result' => @datastore['result'] })
end
end