diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md index 0c257342f..d8f133c40 100644 --- a/.github/CONTRIBUTING.md +++ b/.github/CONTRIBUTING.md @@ -1,36 +1,169 @@ -# Contributing to BeEF +# Contributing +### Anyone is welcome to make BeEF better! +Thank you for wanting to contribute to BeEF. It's effort like yours that helps make BeEF such a great tool. -Anyone is welcome to make BeEF better! +Following these guidelines shows that you respect the time of the developers developing this open source project and helps them help you. In response to this, they should return that respect in addressing your issue, assisting with changes, and helping you finalize your pull requests. -Below are the steps needed to add code to BeEF on Github to the master branch: +### We want any form helpful of contributions! -1. Fork the repository and create a new branch -2. Write and commit your new code to that branch + BeEF is an open source project and we love to receive contributions from the community! There are many ways to contribute, from writing tutorials or blog posts, improving or translating the documentation, answering questions on the project, submitting bug reports and feature requests or writing or reviewing code which can be merged into BeEF itself. -3. Run the existing tests to make sure they pass +# Contributing +### Anyone is welcome to make BeEF better! +Thank you for wanting to contribute to BeEF. It's effort like yours that helps make BeEF such a great tool. -4. Make a pull request from the forked branch to BeEF master +Following these guidelines shows that you respect the time of the developers developing this open source project and helps them help you. In response to this, they should return that respect in addressing your issue, assisting with changes, and helping you finalize your pull requests. -See https://github.com/beefproject/beef/wiki/BeEF-Testing for steps to write tests. -TL;DR: -``` -bundle install --with test -bundle exec rake spec -``` +### We want any form helpful of contributions! -4. Write tests in RSpec for your new code (module, extension etc.) + BeEF is an open source project and we love to receive contributions from the community! There are many ways to contribute, from writing tutorials or blog posts, improving or translating the documentation, answering questions on the project, submitting bug reports and feature requests or writing or reviewing code which can be merged into BeEF itself. -5. Run all tests again to make sure they all pass -6. Edit existing wiki page / add a new one explaining the new features, including: + +# Ground Rules + +### Responsibilities +> * When making an issue, ensure the issue template is filled out, failure to do so can and will result in a closed ticket and a delay in support. +> * We now have a two-week of unresponsiveness period before closing a ticket, if this happens, just comment responding and @ whoever closed the ticket. +> * Ensure cross-platform compatibility for every change that's accepted. Mac and Linux are currently supported. +> * Create issues for any major changes and enhancements that you wish to make. Discuss things transparently and get community feedback. +> * Ensure language is as respectful and appropriate as possible. +> * Keep merges as straightforward as possible, only address one issue per commit where possible. +> * Be welcoming to newcomers and try to assist where possible, everyone needs help. + +# Where to start +### Looking to make your first contribution + + Unsure where to begin contributing to BeEF? You can start by looking through these issues: + + * Good First Issue - issues which should only require a few changes, and are good to start with. + * Question - issues which are a question and need a response. A good way to learn more about BeEF is to try to solve a problem. + +At this point, you're ready to make your changes! Feel free to ask for help; everyone is a beginner at first. + +If a maintainer asks you to "rebase" your PR, they're saying that code has changed, and that you need to update your branch so it's easier to merge. + +### Ruby best practise +Do read through: https://rubystyle.guide +Try and follow through with the practices throughout, even going through it once will help keep the codebase consistent. + +# Getting started + +### How to submit a contribution. + +1. Create your own fork of the code + +2. Checkout the master branch +> git checkout master + +3. Create a new branch for your feature +> git checkout -b my-cool-new-feature + +4. Add your new files +> git add modules/my-cool-new-module + +5. Modify or write a test case/s in Rspec for your changes + +6. Commit your changes with a relevant message +> git commit + +7. Push your changes to GitHub +> git push origin my-cool-new-feature + +8. Run all tests again to make sure they all pass + +9. Edit existing wiki page / add a new one explaining the new features, including: - sample usage (command snippets, steps and/or screenshots) - internal working (code snippets & explanation) -7. Submit a Pull Request, explaining: - - what you have added - - where to find help about it (link to wiki page) +10. Now browse to the following URL and create your pull request from your fork to beef master + - Fill out the Pull Request Template + - https://github.com/beefproject/beef/pulls -If you're brand new to contributing to open-source projects, check out Githubs guide: -https://github.com/firstcontributions/first-contributions/blob/master/README.md + +# How to report a bug +### Explain security disclosures first! + +If you find a security vulnerability, do NOT open an issue. Email security@beefproject.com instead. + +When the security team receives a security bug email, they will assign it to a primary handler. +This person will coordinate the fix and release process, involving the following steps: + +* Confirm the problem and find the affected versions. +* Audit code to find any potential similar problems. +* Prepare fixes + +# Ground Rules + +### Responsibilities +> * When making an issue, ensure the issue template is filled out, failure to do so can and will result in a closed ticket and a delay in support. +> * We now have a two-week of unresponsiveness period before closing a ticket, if this happens, just comment responding and @ whoever closed the ticket. +> * Ensure cross-platform compatibility for every change that's accepted. Mac and Linux are currently supported. +> * Create issues for any major changes and enhancements that you wish to make. Discuss things transparently and get community feedback. +> * Ensure language is as respectful and appropriate as possible. +> * Keep merges as straightforward as possible, only address one issue per commit where possible. +> * Be welcoming to newcomers and try to assist where possible, everyone needs help. + +# Where to start +### Looking to make your first contribution + + Unsure where to begin contributing to BeEF? You can start by looking through these issues: + + * Good First Issue - issues which should only require a few changes, and are good to start with. + * Question - issues which are a question and need a response. A good way to learn more about BeEF is to try to solve a problem. + +At this point, you're ready to make your changes! Feel free to ask for help; everyone is a beginner at first. + +If a maintainer asks you to "rebase" your PR, they're saying that code has changed, and that you need to update your branch so it's easier to merge. + +### Ruby best practise +Do read through: https://rubystyle.guide +Try and follow through with the practices throughout, even going through it once will help keep the codebase consistent. + +# Getting started + +### How to submit a contribution. + +1. Create your own fork of the code + +2. Checkout the master branch +> git checkout master + +3. Create a new branch for your feature +> git checkout -b my-cool-new-feature + +4. Add your new files +> git add modules/my-cool-new-module + +5. Modify or write a test case/s in Rspec for your changes + +6. Commit your changes with a relevant message +> git commit + +7. Push your changes to GitHub +> git push origin my-cool-new-feature + +8. Run all tests again to make sure they all pass + +9. Edit existing wiki page / add a new one explaining the new features, including: + - sample usage (command snippets, steps and/or screenshots) + - internal working (code snippets & explanation) + +10. Now browse to the following URL and create your pull request from your fork to beef master + - Fill out the Pull Request Template + - https://github.com/beefproject/beef/pulls + + +# How to report a bug +### Explain security disclosures first! + +If you find a security vulnerability, do NOT open an issue. Email security@beefproject.com instead. + +When the security team receives a security bug email, they will assign it to a primary handler. +This person will coordinate the fix and release process, involving the following steps: + +* Confirm the problem and find the affected versions. +* Audit code to find any potential similar problems. +* Prepare fixes \ No newline at end of file diff --git a/Gemfile b/Gemfile index c96f7d0d2..2f4545939 100644 --- a/Gemfile +++ b/Gemfile @@ -8,11 +8,11 @@ #gem 'simplecov', require: false, group: :test gem 'eventmachine' gem 'thin' -gem 'sinatra' -gem 'rack' -gem 'rack-protection' +gem 'sinatra', '>= 2.0.2' +gem 'rack', '>= 2.2.3' +gem 'rack-protection', '>= 2.0.0' gem 'em-websocket' # WebSocket support -gem 'uglifier' +gem 'uglifier', '>= 2.7.2' gem 'mime-types' gem 'execjs' gem 'ansi' @@ -20,10 +20,9 @@ gem 'term-ansicolor', :require => 'term/ansicolor' gem 'json' gem 'rubyzip', '>= 1.2.2' gem 'espeak-ruby', '>= 1.0.4' # Text-to-Voice -gem 'nokogiri', '>= 1.10.4' -gem 'rake' -#ruby 2.4 isnt compatible with a higher version of active-record -gem 'otr-activerecord' +gem 'nokogiri', '>= 1.10.8' +gem 'rake', '>= 12.3.3' +gem 'otr-activerecord' gem 'sqlite3' # Geolocation support diff --git a/core/main/handlers/browserdetails.rb b/core/main/handlers/browserdetails.rb index f4ad33ca4..df6021068 100644 --- a/core/main/handlers/browserdetails.rb +++ b/core/main/handlers/browserdetails.rb @@ -29,6 +29,7 @@ module BeEF # validate hook session value session_id = get_param(@data, 'beefhook') + print_debug "[INIT] Processing Browser Details for session #{session_id}" (self.err_msg "session id is invalid"; return) if not BeEF::Filters.is_valid_hook_session_id?(session_id) hooked_browser = HB.where(:session => session_id).first return if not hooked_browser.nil? # browser is already registered with framework @@ -404,6 +405,17 @@ module BeEF self.err_msg "Invalid value for 'browser.window.size.width' returned from the hook browser's initial connection." end + # store and log IP details of host + print_debug("Hooked browser [id:#{zombie.id}] has IP [ip: #{zombie.ip}]") + + if os_name != nil and os_version != nil + BeEF::Core::Models::NetworkHost.create(:hooked_browser => zombie, :ip => zombie.ip, :ntype => 'Host', :os => os_name + "-" + os_version) + elsif os_name != nil + BeEF::Core::Models::NetworkHost.create(:hooked_browser => zombie, :ip => zombie.ip, :ntype => 'Host', :os => os_name) + else + BeEF::Core::Models::NetworkHost.create(:hooked_browser => zombie, :ip => zombie.ip, :ntype => 'Host') + end + # get and store the yes|no value for browser capabilities capabilities = [ 'browser.capabilities.vbscript', diff --git a/extensions/network/rest/network.rb b/extensions/network/rest/network.rb index 1e905c0d6..96270c4e4 100644 --- a/extensions/network/rest/network.rb +++ b/extensions/network/rest/network.rb @@ -13,6 +13,7 @@ module BeEF config = BeEF::Core::Configuration.instance @nh = BeEF::Core::Models::NetworkHost @ns = BeEF::Core::Models::NetworkService + @hb = BeEF::Core::Models::HookedBrowser # Require a valid API token from a valid IP address halt 401 unless params[:token] == config.get('beef.api_token') @@ -69,7 +70,8 @@ module BeEF begin id = params[:id] - hosts = @nh.where(hooked_browser_id: id).distinct.order(:id) + hooked_browser = @hb.where(session: id).distinct + hosts = @nh.where(hooked_browser: hooked_browser).distinct.order(:hooked_browser) count = hosts.length result = {} @@ -121,7 +123,7 @@ module BeEF host = @nh.find(id) raise InvalidParamError, 'id' if host.nil? - halt 404 if host.empty? + halt 404 if host.nil? host.to_h.to_json rescue InvalidParamError => e