From f26302c52bc1f17d88ed6d40466aedc38b555c16 Mon Sep 17 00:00:00 2001 From: Brendan Coles Date: Sun, 8 Feb 2015 04:15:19 +0000 Subject: [PATCH] Add RESTful API example code --- tools/rest_api_examples/browser-details | 94 +++++ tools/rest_api_examples/command-modules | 98 ++++++ tools/rest_api_examples/dns | 78 +++++ tools/rest_api_examples/export-logs | 93 +++++ tools/rest_api_examples/lib/beef_rest_api.rb | 347 +++++++++++++++++++ tools/rest_api_examples/lib/print.rb | 16 + tools/rest_api_examples/lib/string.rb | 22 ++ tools/rest_api_examples/metasploit | 98 ++++++ tools/rest_api_examples/network | 104 ++++++ tools/rest_api_examples/webrtc | 82 +++++ 10 files changed, 1032 insertions(+) create mode 100755 tools/rest_api_examples/browser-details create mode 100755 tools/rest_api_examples/command-modules create mode 100755 tools/rest_api_examples/dns create mode 100755 tools/rest_api_examples/export-logs create mode 100644 tools/rest_api_examples/lib/beef_rest_api.rb create mode 100644 tools/rest_api_examples/lib/print.rb create mode 100644 tools/rest_api_examples/lib/string.rb create mode 100755 tools/rest_api_examples/metasploit create mode 100755 tools/rest_api_examples/network create mode 100755 tools/rest_api_examples/webrtc diff --git a/tools/rest_api_examples/browser-details b/tools/rest_api_examples/browser-details new file mode 100755 index 000000000..9db22a5e2 --- /dev/null +++ b/tools/rest_api_examples/browser-details @@ -0,0 +1,94 @@ +#!/usr/bin/env ruby +# browser-details - Example BeEF RESTful API script +# Retrieves browser details and logs for all online hooked browsers +# Refer to the wiki for info: https://github.com/beefproject/beef/wiki/BeEF-RESTful-API +## +require 'rest_client' +require 'json' +require 'optparse' +require 'pp' +require './lib/string' # colored strings +require './lib/print' # print wrappers +require './lib/beef_rest_api' + +if ARGV.length == 0 + puts "#{$0}:" + puts "| Example BeEF RESTful API script" + puts "| Use --help for help" + puts "|_ Use verbose mode (-v) and debug mode (-d) for more output" + exit 1 +end + +# API config +proto = 'http' +host = '127.0.0.1' +port = '3000' +user = 'beef' +pass = 'beef' + +# Command line options +@debug = false +@verbose = false +OptionParser.new do |opts| + opts.on('-h', '--help', 'Shows this help screen') do + puts opts + exit 1 + end + opts.on('--host HOST', "Set BeEF host (default: #{host})") do |h| + host = h + end + opts.on('--port PORT', "Set BeEF port (default: #{port})") do |p| + port = p + end + opts.on('--user', "Set BeEF username (default: #{user})") do |u| + user = u + end + opts.on('--pass', "Set BeEF password (default: #{pass})") do |p| + pass = p + end + opts.on('--ssl', 'Use HTTPS') do + proto = 'https' + end + opts.on('-v', '--verbose', 'Enable verbose output') do + @verbose = true + end + opts.on('-d', '--debug', 'Enable debug output') do + @debug = true + end +end.parse! + +@api = BeefRestAPI.new proto, host, port, user, pass + +# Retrieve the RESTful API token +print_status "Authenticating to: #{proto}://#{host}:#{port}" +@api.auth + +# Retrieve BeEF version +@api.version + +# Retrieve online hooked browser list +hooks = @api.online_browsers.flatten +exit 1 if hooks.empty? +print_debug hooks + +# Retrieve hooked browser details +hooks.each do |hook| + next if hook['id'].nil? + print_status "Retrieving details for browser [id: #{hook['id']}]" + details = @api.browser_details(hook['session']) + print_debug details + print_verbose "Hooked Browser [id:#{hook['id']}, ip:#{details['IP']}, type:#{details['BrowserName']}-#{details['BrowserVersion']}, os:#{details['OsName']}] on [#{details['PageURI']}]" +end + +# Retrieve hooked browser logs +hooks.each do |hook| + next if hook['id'].nil? + print_status "Retrieving logs for browser [id: #{hook['id']}]" + logs = @api.browser_logs(hook['session']) + print_debug logs + logs['logs'].each do |log| + next if log['id'].nil? + print_verbose "#{log['date']} - #{log['event']}" + end +end + diff --git a/tools/rest_api_examples/command-modules b/tools/rest_api_examples/command-modules new file mode 100755 index 000000000..2ee309dba --- /dev/null +++ b/tools/rest_api_examples/command-modules @@ -0,0 +1,98 @@ +#!/usr/bin/env ruby +# command-modules - Example BeEF RESTful API script +# Retrieves module details and pops an alert dialog on all hooked browsers +# Refer to the wiki for info: https://github.com/beefproject/beef/wiki/BeEF-RESTful-API +## +require 'rest_client' +require 'json' +require 'optparse' +require 'pp' +require './lib/string' # colored strings +require './lib/print' # print wrappers +require './lib/beef_rest_api' + +if ARGV.length == 0 + puts "#{$0}:" + puts "| Example BeEF RESTful API script" + puts "| Use --help for help" + puts "|_ Use verbose mode (-v) and debug mode (-d) for more output" + exit 1 +end + +# API config +proto = 'http' +host = '127.0.0.1' +port = '3000' +user = 'beef' +pass = 'beef' + +# Command line options +@debug = false +@verbose = false +OptionParser.new do |opts| + opts.on('-h', '--help', 'Shows this help screen') do + puts opts + exit 1 + end + opts.on('--host HOST', "Set BeEF host (default: #{host})") do |h| + host = h + end + opts.on('--port PORT', "Set BeEF port (default: #{port})") do |p| + port = p + end + opts.on('--user', "Set BeEF username (default: #{user})") do |u| + user = u + end + opts.on('--pass', "Set BeEF password (default: #{pass})") do |p| + pass = p + end + opts.on('--ssl', 'Use HTTPS') do + proto = 'https' + end + opts.on('-v', '--verbose', 'Enable verbose output') do + @verbose = true + end + opts.on('-d', '--debug', 'Enable debug output') do + @debug = true + end +end.parse! + +@api = BeefRestAPI.new proto, host, port, user, pass + +# Retrieve the RESTful API token +print_status "Authenticating to: #{proto}://#{host}:#{port}" +@api.auth + +# Retrieve BeEF version +@api.version + +# Retrieve module categories +print_debug @api.categories + +# Retrieve modules +modules = @api.modules.flatten +exit 1 if modules.empty? +print_debug modules + +# Retrieve module details +modules.each do |m| + next if m['id'].nil? + print_status "Retrieving module details [id: #{m['id']}]" + details = @api.module_details(m['id']) + print_debug details +end + +# Retrieve online hooked browser list +hooks = @api.online_browsers.flatten +exit 1 if hooks.empty? +print_debug hooks + +# Execute alert dialog on all online browsers +mod_id = @api.get_module_id "Alert_dialog" +hooks.each do |hook| + next if hook['id'].nil? + print_status "Executing module [id: #{mod_id}, browser: #{hook['id']}]" + result = @api.execute_module(hook['session'], mod_id, { "text" => "hello!" }) + print_debug result +end + diff --git a/tools/rest_api_examples/dns b/tools/rest_api_examples/dns new file mode 100755 index 000000000..278ed3d64 --- /dev/null +++ b/tools/rest_api_examples/dns @@ -0,0 +1,78 @@ +#!/usr/bin/env ruby +# dns - Example BeEF RESTful API script +# Retrieves DNS rule set +# Refer to the wiki for info: https://github.com/beefproject/beef/wiki/BeEF-RESTful-API +## +require 'rest_client' +require 'json' +require 'optparse' +require 'pp' +require './lib/string' # colored strings +require './lib/print' # print wrappers +require './lib/beef_rest_api' + +if ARGV.length == 0 + puts "#{$0}:" + puts "| Example BeEF RESTful API script" + puts "| Use --help for help" + puts "|_ Use verbose mode (-v) and debug mode (-d) for more output" + exit 1 +end + +# API config +proto = 'http' +host = '127.0.0.1' +port = '3000' +user = 'beef' +pass = 'beef' + +# Command line options +@debug = false +@verbose = false +OptionParser.new do |opts| + opts.on('-h', '--help', 'Shows this help screen') do + puts opts + exit 1 + end + opts.on('--host HOST', "Set BeEF host (default: #{host})") do |h| + host = h + end + opts.on('--port PORT', "Set BeEF port (default: #{port})") do |p| + port = p + end + opts.on('--user', "Set BeEF username (default: #{user})") do |u| + user = u + end + opts.on('--pass', "Set BeEF password (default: #{pass})") do |p| + pass = p + end + opts.on('--ssl', 'Use HTTPS') do + proto = 'https' + end + opts.on('-v', '--verbose', 'Enable verbose output') do + @verbose = true + end + opts.on('-d', '--debug', 'Enable debug output') do + @debug = true + end +end.parse! + +@api = BeefRestAPI.new proto, host, port, user, pass + +# Retrieve the RESTful API token +print_status "Authenticating to: #{proto}://#{host}:#{port}" +@api.auth + +# Retrieve BeEF version +@api.version + +# Retrieve online hooked browser list +hooks = @api.online_browsers.flatten +exit 1 if hooks.empty? +print_debug hooks + +# Retrieve ruleset +print_status "Retrieving DNS rule set" +rules = @api.dns_ruleset +print_debug rules + diff --git a/tools/rest_api_examples/export-logs b/tools/rest_api_examples/export-logs new file mode 100755 index 000000000..aa945b7fc --- /dev/null +++ b/tools/rest_api_examples/export-logs @@ -0,0 +1,93 @@ +#!/usr/bin/env ruby +# export-logs - Example BeEF RESTful API script +# Retrieves BeEF logs and logs for all online hooked browsers +# Refer to the wiki for info: https://github.com/beefproject/beef/wiki/BeEF-RESTful-API +## +require 'rest_client' +require 'json' +require 'optparse' +require 'pp' +require './lib/string' # colored strings +require './lib/print' # print wrappers +require './lib/beef_rest_api' + +if ARGV.length == 0 + puts "#{$0}:" + puts "| Example BeEF RESTful API script" + puts "| Use --help for help" + puts "|_ Use verbose mode (-v) and debug mode (-d) for more output" + exit 1 +end + +# API config +proto = 'http' +host = '127.0.0.1' +port = '3000' +user = 'beef' +pass = 'beef' + +# Command line options +@debug = false +@verbose = false +OptionParser.new do |opts| + opts.on('-h', '--help', 'Shows this help screen') do + puts opts + exit 1 + end + opts.on('--host HOST', "Set BeEF host (default: #{host})") do |h| + host = h + end + opts.on('--port PORT', "Set BeEF port (default: #{port})") do |p| + port = p + end + opts.on('--user', "Set BeEF username (default: #{user})") do |u| + user = u + end + opts.on('--pass', "Set BeEF password (default: #{pass})") do |p| + pass = p + end + opts.on('--ssl', 'Use HTTPS') do + proto = 'https' + end + opts.on('-v', '--verbose', 'Enable verbose output') do + @verbose = true + end + opts.on('-d', '--debug', 'Enable debug output') do + @debug = true + end +end.parse! + +@api = BeefRestAPI.new proto, host, port, user, pass + +# Retrieve the RESTful API token +print_status "Authenticating to: #{proto}://#{host}:#{port}" +@api.auth + +# Retrieve BeEF version +@api.version + +# Retrieve BeEF logs +logs = @api.logs +print_debug logs +logs['logs'].each do |log| + next if log['id'].nil? + print_verbose "#{log['date']} - #{log['event']}" +end + +# Retrieve online hooked browser list +hooks = @api.online_browsers.flatten +exit 1 if hooks.empty? +print_debug hooks + +# Retrieve hooked browser logs +hooks.each do |hook| + next if hook['id'].nil? + print_status "Retrieving logs for browser [id: #{hook['id']}]" + logs = @api.browser_logs(hook['session']) + print_debug logs + logs['logs'].each do |log| + next if log['id'].nil? + print_verbose "#{log['date']} - #{log['event']}" + end +end + diff --git a/tools/rest_api_examples/lib/beef_rest_api.rb b/tools/rest_api_examples/lib/beef_rest_api.rb new file mode 100644 index 000000000..33b021a8f --- /dev/null +++ b/tools/rest_api_examples/lib/beef_rest_api.rb @@ -0,0 +1,347 @@ +class BeefRestAPI + +# initialize +def initialize proto = 'http', host = '127.0.0.1', port = '3000', user = 'beef', pass = 'beef' + @user = user + @pass = pass + @url = "#{proto}://#{host}:#{port}/api/" + @token = nil +end + +################################################################################ +### BeEF core API +################################################################################ + +# authenticate and get API token +def auth + print_verbose "Retrieving authentication token" + begin + response = RestClient.post "#{@url}admin/login", + { 'username' => "#{@user}", + 'password' => "#{@pass}" }.to_json, + :content_type => :json, + :accept => :json + result = JSON.parse(response.body) + @token = result['token'] + print_good "Retrieved RESTful API token: #{@token}" + rescue => e + print_error "Could not retrieve RESTful API token: #{e.message}" + end +end + +# get BeEF version +def version + begin + response = RestClient.get "#{@url}server/version", {:params => {:token => @token}} + result = JSON.parse(response.body) + print_good "Retrieved BeEF version: #{result['version']}" + result['version'] + rescue => e + print_error "Could not retrieve BeEF version: #{e.message}" + end +end + +# get online hooked browsers +def online_browsers + begin + print_verbose "Retrieving online browsers" + response = RestClient.get "#{@url}hooks", {:params => {:token => @token}} + result = JSON.parse(response.body) + browsers = result["hooked-browsers"]["online"] + print_good "Retrieved online browser list [#{browsers.size} online]" + browsers + rescue => e + print_error "Could not retrieve browser details: #{e.message}" + end +end + +# get hooked browser details by session +def browser_details session + begin + print_verbose "Retrieving details for hooked browser [session: #{session}]" + response = RestClient.get "#{@url}hooks/#{session}", {:params => {:token => @token}} + details = JSON.parse(response.body) + print_good "Retrieved browser details for #{details['IP']}" + details + rescue => e + print_error "Could not retrieve browser details: #{e.message}" + end +end + +# get BeEF logs +def logs + begin + print_verbose "Retrieving logs" + response = RestClient.get "#{@url}logs", {:params => {:token => @token}} + logs = JSON.parse(response.body) + print_good "Retrieved #{logs['logs_count']} log entries" + logs + rescue => e + print_error "Could not retrieve logs: #{e.message}" + end +end + +# get hooked browser logs by session +def browser_logs session + begin + print_verbose "Retrieving browser logs [session: #{session}]" + response = RestClient.get "#{@url}logs/#{session}", {:params => {:token => @token}} + logs = JSON.parse(response.body) + print_good "Retrieved #{logs['logs'].size} browser logs" + logs + rescue => e + print_error "Could not retrieve browser logs: #{e.message}" + end +end + +################################################################################ +### command module API +################################################################################ + +# get command module categories +def categories + begin + print_verbose "Retrieving module categories" + response = RestClient.get "#{@url}categories", {:params => {:token => @token}} + categories = JSON.parse(response.body) + print_good "Retrieved #{categories.size} module categories" + categories + rescue => e + print_error "Could not retrieve logs: #{e.message}" + end +end + +# get command modules +def modules + begin + print_verbose "Retrieving modules" + response = RestClient.get "#{@url}modules", {:params => {:token => @token}} + @modules = JSON.parse(response.body) + print_good "Retrieved #{@modules.size} available command modules" + @modules + rescue => e + print_error "Could not retrieve modules: #{e.message}" + end +end + +# get module id by module short name +def get_module_id mod_name + print_verbose "Retrieving id for module [name: #{mod_name}]" + @modules.each do |mod| + # normal modules + if mod_name.capitalize == mod[1]["class"] + return mod[1]["id"] + break + # metasploit modules + elsif mod[1]["class"] == "Msf_module" && mod_name.capitalize == mod[1]["name"] + return mod[1]["id"] + break + end + end + nil +end + +# get command module details +def module_details id + begin + print_verbose "Retrieving details for command module [id: #{id}]" + response = RestClient.get "#{@url}modules/#{id}", {:params => {:token => @token}} + details = JSON.parse(response.body) + print_good "Retrieved details for module [#{details['name']}]" + details + rescue => e + print_error "Could not retrieve modules: #{e.message}" + end +end + +# execute module +def execute_module session, mod_id, options + print_verbose "Executing module [id: #{mod_id}, #{options}]" + begin + response = RestClient.post "#{@url}modules/#{session}/#{mod_id}?token=#{@token}", options.to_json, + :content_type => :json, + :accept => :json + result = JSON.parse(response.body) + if result['success'] == 'true' + print_good "Executed module [id: #{mod_id}]" + else + print_error "Could not execute module [id: #{mod_id}]" + end + result + rescue => e + print_error "Could not start payload handler: #{e.message}" + end +end + + +################################################################################ +### Metasploit API +################################################################################ + +# get metasploit version +def msf_version + begin + response = RestClient.get "#{@url}msf/version", {:params => {:token => @token}} + result = JSON.parse(response.body) + version = result['version']['version'] + print_good "Retrieved Metasploit version: #{version}" + version + rescue => e + print_error "Could not retrieve Metasploit version: #{e.message}" + end +end + +# get metasploit jobs +def msf_jobs + begin + response = RestClient.get "#{@url}msf/jobs", {:params => {:token => @token}} + result = JSON.parse(response.body) + jobs = result['jobs'] + print_good "Retrieved job list [#{jobs.size} jobs]" + jobs + rescue => e + print_error "Could not retrieve Metasploit job list: #{e.message}" + end +end + +# get metasploit job info +def msf_job_info id + begin + response = RestClient.get "#{@url}msf/job/#{id}/info", {:params => {:token => @token}} + details = JSON.parse(response.body) + print_good "Retrieved job information [id: #{id}]" + details + rescue => e + print_error "Could not retrieve job info: #{e.message}" + end +end + +# start metasploit payload handler +def msf_handler options + print_verbose "Starting Metasploit payload handler [#{options}]" + begin + response = RestClient.post "#{@url}msf/handler?token=#{@token}", options.to_json, + :content_type => :json, + :accept => :json + result = JSON.parse(response.body) + job_id = result['id'] + if job_id.nil? + print_error "Could not start payload handler: Job id is nil" + else + print_good "Started payload handler [id: #{job_id}]" + end + job_id + rescue => e + print_error "Could not start payload handler: #{e.message}" + end +end + +# stop metasploit job +def msf_job_stop id + print_verbose "Stopping Metasploit job [id: #{id}]" + begin + response = RestClient.get "#{@url}msf/job/#{id}/stop", {:params => {:token => @token}} + result = JSON.parse(response.body) + if result['success'].nil? + print_error "Could not stop Metasploit job [id: #{id}]: No such job ?" + else + print_good "Stopped job [id: #{id}]" + end + result + rescue => e + print_error "Could not stop Metasploit job [id: #{id}]: #{e.message}" + end +end + + +################################################################################ +### Network API +################################################################################ + +# get all network hosts +def network_hosts_all + begin + print_verbose "Retrieving all network hosts" + response = RestClient.get "#{@url}network/hosts", {:params => {:token => @token}} + details = JSON.parse(response.body) + print_good "Retrieved #{details['count']} network hosts" + details + rescue => e + print_error "Could not retrieve network hosts: #{e.message}" + end +end + +# get all network services +def network_services_all + begin + print_verbose "Retrieving all network services" + response = RestClient.get "#{@url}network/services", {:params => {:token => @token}} + details = JSON.parse(response.body) + print_good "Retrieved #{details['count']} network services" + details + rescue => e + print_error "Could not retrieve network services: #{e.message}" + end +end + +# get network hosts by session +def network_hosts session + begin + print_verbose "Retrieving network hosts for hooked browser [session: #{session}]" + response = RestClient.get "#{@url}network/hosts/#{session}", {:params => {:token => @token}} + details = JSON.parse(response.body) + print_good "Retrieved #{details['count']} network hosts" + details + rescue => e + print_error "Could not retrieve network hosts: #{e.message}" + end +end + +# get network services by session +def network_services session + begin + print_verbose "Retrieving network services for hooked browser [session: #{session}]" + response = RestClient.get "#{@url}network/services/#{session}", {:params => {:token => @token}} + details = JSON.parse(response.body) + print_good "Retrieved #{details['count']} network services" + details + rescue => e + print_error "Could not retrieve network services: #{e.message}" + end +end + +################################################################################ +### DNS API +################################################################################ + +# get ruleset +def dns_ruleset + begin + print_verbose "Retrieving DNS ruleset" + response = RestClient.get "#{@url}dns/ruleset", {:params => {:token => @token}} + details = JSON.parse(response.body) + print_good "Retrieved #{details['count']} rules" + details + rescue => e + print_error "Could not retrieve DNS ruleset: #{e.message}" + end +end + +################################################################################ +### WebRTC +################################################################################ + +# get webrtc status for hooked browser by session +def webrtc_status id + begin + print_verbose "Retrieving status for hooked browser [id: #{id}]" + response = RestClient.get "#{@url}webrtc/status/#{id}", {:params => {:token => @token}} + details = JSON.parse(response.body) + print_good "Retrieved status for hooked browser [id: #{id}]" + details + rescue => e + print_error "Could not retrieve status: #{e.message}" + end +end + +end diff --git a/tools/rest_api_examples/lib/print.rb b/tools/rest_api_examples/lib/print.rb new file mode 100644 index 000000000..00a1b951e --- /dev/null +++ b/tools/rest_api_examples/lib/print.rb @@ -0,0 +1,16 @@ +# print wrappers +def print_debug s + pp s if @debug +end +def print_verbose s + puts "[*] #{s}".gray if @verbose +end +def print_status s + puts "[*] #{s}".blue +end +def print_good s + puts "[+] #{s}".green +end +def print_error s + puts "[!] Error: #{s}".red +end diff --git a/tools/rest_api_examples/lib/string.rb b/tools/rest_api_examples/lib/string.rb new file mode 100644 index 000000000..fdff7af31 --- /dev/null +++ b/tools/rest_api_examples/lib/string.rb @@ -0,0 +1,22 @@ +# colorise # https://stackoverflow.com/questions/1489183/colorized-ruby-output +class String +def black; "\033[30m#{self}\033[0m" end +def red; "\033[31m#{self}\033[0m" end +def green; "\033[32m#{self}\033[0m" end +def brown; "\033[33m#{self}\033[0m" end +def blue; "\033[34m#{self}\033[0m" end +def magenta; "\033[35m#{self}\033[0m" end +def cyan; "\033[36m#{self}\033[0m" end +def gray; "\033[37m#{self}\033[0m" end +def bg_black; "\033[40m#{self}\033[0m" end +def bg_red; "\033[41m#{self}\033[0m" end +def bg_green; "\033[42m#{self}\033[0m" end +def bg_brown; "\033[43m#{self}\033[0m" end +def bg_blue; "\033[44m#{self}\033[0m" end +def bg_magenta; "\033[45m#{self}\033[0m" end +def bg_cyan; "\033[46m#{self}\033[0m" end +def bg_gray; "\033[47m#{self}\033[0m" end +def bold; "\033[1m#{self}\033[22m" end +def reverse_color; "\033[7m#{self}\033[27m" end +end + diff --git a/tools/rest_api_examples/metasploit b/tools/rest_api_examples/metasploit new file mode 100755 index 000000000..446eeeca6 --- /dev/null +++ b/tools/rest_api_examples/metasploit @@ -0,0 +1,98 @@ +#!/usr/bin/env ruby +# metasploit - Example BeEF RESTful API script +# Starts some Metasploit payload handlers; +# lists all running metasploit jobs; +# then stops the payload handlers. +# Refer to the wiki for info: https://github.com/beefproject/beef/wiki/BeEF-RESTful-API +## +require 'rest_client' +require 'json' +require 'optparse' +require 'pp' +require './lib/string' # colored strings +require './lib/print' # print wrappers +require './lib/beef_rest_api' # API + +if ARGV.length == 0 + puts "#{$0}:" + puts "| Example BeEF RESTful API script" + puts "| Use --help for help" + puts "|_ Use verbose mode (-v) and debug mode (-d) for more output" + exit 1 +end + +# API config +proto = 'http' +host = '127.0.0.1' +port = '3000' +user = 'beef' +pass = 'beef' + +# Command line options +@debug = false +@verbose = false +OptionParser.new do |opts| + opts.on('-h', '--help', 'Shows this help screen') do + puts opts + exit 1 + end + opts.on('--host HOST', "Set BeEF host (default: #{host})") do |h| + host = h + end + opts.on('--port PORT', "Set BeEF port (default: #{port})") do |p| + port = p + end + opts.on('--user', "Set BeEF username (default: #{user})") do |u| + user = u + end + opts.on('--pass', "Set BeEF password (default: #{pass})") do |p| + pass = p + end + opts.on('--ssl', 'Use HTTPS') do + proto = 'https' + end + opts.on('-v', '--verbose', 'Enable verbose output') do + @verbose = true + end + opts.on('-d', '--debug', 'Enable debug output') do + @debug = true + end +end.parse! + +@api = BeefRestAPI.new proto, host, port, user, pass + +# Retrieve the RESTful API token +print_status "Authenticating to: #{proto}://#{host}:#{port}" +@api.auth + +# Retrieve BeEF version +@api.version + +# Retrieve Metasploit version +@api.msf_version + +# Start payload handlers +handlers = [ + @api.msf_handler( {'PAYLOAD'=>'generic/shell_reverse_tcp', 'LPORT' => '6666', 'LHOST' => host} ), + @api.msf_handler( {'PAYLOAD'=>'cmd/unix/reverse', 'LPORT' => '6010', 'LHOST' => host} ), + @api.msf_handler( {'PAYLOAD'=>'linux/x86/meterpreter/reverse_tcp', 'LPORT' => '6020', 'LHOST'=> host} ), + @api.msf_handler( {'PAYLOAD'=>'windows/meterpreter/reverse_tcp', 'LPORT' => '6030', 'LHOST'=> host} ) +] + +# Retrieve msf jobs +jobs = @api.msf_jobs +print_debug jobs + +# Retrieve msf job details +jobs.each do |job_id,job_name| + next if job_id !~ /\A\d+\Z/ + print_status "Retrieving details for Metasploit job [id: #{job_id}] [#{job_name}]" + details = @api.msf_job_info(job_id) + print_debug details +end + +# Stop payload handlers +handlers.each do |handler_id| + print_debug @api.msf_job_stop handler_id +end + diff --git a/tools/rest_api_examples/network b/tools/rest_api_examples/network new file mode 100755 index 000000000..38e7d1170 --- /dev/null +++ b/tools/rest_api_examples/network @@ -0,0 +1,104 @@ +#!/usr/bin/env ruby +# network - Example BeEF RESTful API script +# Retrieves details for all identified network hosts and network services +# Refer to the wiki for info: https://github.com/beefproject/beef/wiki/BeEF-RESTful-API +## +require 'rest_client' +require 'json' +require 'optparse' +require 'pp' +require './lib/string' # colored strings +require './lib/print' # print wrappers +require './lib/beef_rest_api' + +if ARGV.length == 0 + puts "#{$0}:" + puts "| Example BeEF RESTful API script" + puts "| Use --help for help" + puts "|_ Use verbose mode (-v) and debug mode (-d) for more output" + exit 1 +end + +# API config +proto = 'http' +host = '127.0.0.1' +port = '3000' +user = 'beef' +pass = 'beef' + +# Command line options +@debug = false +@verbose = false +OptionParser.new do |opts| + opts.on('-h', '--help', 'Shows this help screen') do + puts opts + exit 1 + end + opts.on('--host HOST', "Set BeEF host (default: #{host})") do |h| + host = h + end + opts.on('--port PORT', "Set BeEF port (default: #{port})") do |p| + port = p + end + opts.on('--user', "Set BeEF username (default: #{user})") do |u| + user = u + end + opts.on('--pass', "Set BeEF password (default: #{pass})") do |p| + pass = p + end + opts.on('--ssl', 'Use HTTPS') do + proto = 'https' + end + opts.on('-v', '--verbose', 'Enable verbose output') do + @verbose = true + end + opts.on('-d', '--debug', 'Enable debug output') do + @debug = true + end +end.parse! + +@api = BeefRestAPI.new proto, host, port, user, pass + +# Retrieve the RESTful API token +print_status "Authenticating to: #{proto}://#{host}:#{port}" +@api.auth + +# Retrieve BeEF version +@api.version + +# Retrieve all network hosts +hosts = @api.network_hosts_all +print_debug hosts + +# Retrieve all network services +services = @api.network_services_all +print_debug services + +# Retrieve online hooked browser list +hooks = @api.online_browsers.flatten +exit 1 if hooks.empty? +print_debug hooks + +# Retrieve network hosts for each hooked browser +hooks.each do |hook| + next if hook['id'].nil? + print_status "Retrieving network hosts for browser [id: #{hook['id']}]" + hosts = @api.network_hosts(hook['session']) + print_debug hosts + hosts['hosts'].each do |host| + next if host['id'].nil? + print_verbose "#{host['ip']}" + (" - #{host['type']}" unless host['type'].nil?).to_s + end +end + +# Retrieve network services for each hooked browser +hooks.each do |hook| + next if hook['id'].nil? + print_status "Retrieving network services for browser [id: #{hook['id']}]" + services = @api.network_services(hook['session']) + print_debug services + services['services'].each do |service| + next if service['id'].nil? + print_verbose "#{service['ip']}:#{service['port']}" + (" - #{service['type']}" unless service['type'].nil?).to_s + end +end diff --git a/tools/rest_api_examples/webrtc b/tools/rest_api_examples/webrtc new file mode 100755 index 000000000..5436ea5a3 --- /dev/null +++ b/tools/rest_api_examples/webrtc @@ -0,0 +1,82 @@ +#!/usr/bin/env ruby +# webrtc - Example BeEF RESTful API script +# Retrieves browser details and logs for all online hooked browsers +# Refer to the wiki for info: https://github.com/beefproject/beef/wiki/BeEF-RESTful-API +## +require 'rest_client' +require 'json' +require 'optparse' +require 'pp' +require './lib/string' # colored strings +require './lib/print' # print wrappers +require './lib/beef_rest_api' + +if ARGV.length == 0 + puts "#{$0}:" + puts "| Example BeEF RESTful API script" + puts "| Use --help for help" + puts "|_ Use verbose mode (-v) and debug mode (-d) for more output" + exit 1 +end + +# API config +proto = 'http' +host = '127.0.0.1' +port = '3000' +user = 'beef' +pass = 'beef' + +# Command line options +@debug = false +@verbose = false +OptionParser.new do |opts| + opts.on('-h', '--help', 'Shows this help screen') do + puts opts + exit 1 + end + opts.on('--host HOST', "Set BeEF host (default: #{host})") do |h| + host = h + end + opts.on('--port PORT', "Set BeEF port (default: #{port})") do |p| + port = p + end + opts.on('--user', "Set BeEF username (default: #{user})") do |u| + user = u + end + opts.on('--pass', "Set BeEF password (default: #{pass})") do |p| + pass = p + end + opts.on('--ssl', 'Use HTTPS') do + proto = 'https' + end + opts.on('-v', '--verbose', 'Enable verbose output') do + @verbose = true + end + opts.on('-d', '--debug', 'Enable debug output') do + @debug = true + end +end.parse! + +@api = BeefRestAPI.new proto, host, port, user, pass + +# Retrieve the RESTful API token +print_status "Authenticating to: #{proto}://#{host}:#{port}" +@api.auth + +# Retrieve BeEF version +@api.version + +# Retrieve online hooked browser list +hooks = @api.online_browsers.flatten +exit 1 if hooks.empty? +print_debug hooks + +# Retrieve hooked browser details +hooks.each do |hook| + next if hook['id'].nil? + print_status "Retrieving WebRTC status for browser [id: #{hook['id']}]" + details = @api.webrtc_status(hook['id']) + print_debug details + print_verbose details['success'] +end +