Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'rspec-conversion'

Browse Source 
* Converted tests to rspec for future releases + travis integration.
* Files remaining in test/ are integrations that require verification if they are still relevant/working.
This commit is contained in:
Ben Passmore
2019-09-26 13:40:29 +10:00
parent 3de78156c2 0b0e7840fc
commit ba3183ef38
59 changed files with 1287 additions and 1970 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
test/api/1333_auth_rate.rb
View File

@@ -1,73 +0,0 @@
#
# Copyright (c) 2006-2017 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
require 'test/unit'
#require 'pry-byebug'
require 'rest-client'
require 'json'
require 'optparse'
require 'pp'
require '../common/test_constants'
require_relative './lib/beef_rest_client'
class TC_1333_auth_rate < Test::Unit::TestCase
def test_auth_rate
# tests rate of auth calls
# this takes some time - with no output
# beef must be running
passwds = (1..9).map { |i| "broken_pass"}
passwds.push BEEF_PASSWD
apis = passwds.map { |pswd| BeefRestClient.new('http', ATTACK_DOMAIN, '3000', BEEF_USER, pswd) }
l = apis.length
# t0 = Time.now()
(0..2).each do |again| # multiple sets of auth attempts
# first pass -- apis in order, valid passwd on 9th attempt
# subsequent passes apis shuffled
# puts "speed requesets" # all should return 401
(0..50).each do |i|
# t = Time.now()
# puts "#{i} : #{t - t0} : #{apis[i%l].auth()[:payload]}"
test_api = apis[i%l]
assert_match("401", test_api.auth()[:payload]) # all (unless the valid is first 1 in 10 chance)
# t0 = t
end
# again with more time between calls -- there should be success (1st iteration)
# puts "delayed requests"
(0..(l*2)).each do |i|
# t = Time.now()
# puts "#{i} : #{t - t0} : #{apis[i%l].auth()[:payload]}"
test_api = apis[i%l]
if (test_api.is_pass?(BEEF_PASSWD))
assert(test_api.auth()[:payload]["success"]) # valid pass should succeed
else
assert_match("401", test_api.auth()[:payload])
end
sleep(0.5)
# t0 = t
end
apis.shuffle! # new order for next iteration
apis.reverse if (apis[0].is_pass?(BEEF_PASSWD)) # prevent the first from having valid passwd
end # multiple sets of auth attempts
end # test_auth_rate
end

49
test/api/lib/beef_rest_client.rb
View File

@@ -1,49 +0,0 @@
#
# Copyright (c) 2006-2017 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
# less noisy verson of BeeRestAPI found in tools.
class BeefRestClient
def initialize proto, host, port, user, pass
@user = user
@pass = pass
@url = "#{proto}://#{host}:#{port}/api/"
@token = nil
end
def is_pass?(passwd)
@pass == passwd
end
def auth
begin
response = RestClient.post "#{@url}admin/login",
{ 'username' => "#{@user}",
'password' => "#{@pass}" }.to_json,
:content_type => :json,
:accept => :json
result = JSON.parse(response.body)
@token = result['token']
{:success => result['success'], :payload => result}
rescue => e
{:success => false, :payload => e.message }
end
end
def version
return {:success => false, :payload => 'no token'} if @token.nil?
begin
response = RestClient.get "#{@url}server/version", {:params => {:token => @token}}
result = JSON.parse(response.body)
{:success => result['success'], :payload => result}
rescue => e
print_error "Could not retrieve BeEF version: #{e.message}"
{:success => false, :payload => e.message}
end
end
end

50
test/common/beef_test.rb
View File

@@ -1,50 +0,0 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
require 'test/unit'
require 'capybara'
require 'capybara/rspec'
Capybara.run_server = false # we need to run our own BeEF server
require 'selenium-webdriver'
class BeefTest
def self.save_screenshot(session)
Dir.mkdir(BEEF_TEST_DIR) unless File.directory?(BEEF_TEST_DIR)
session.driver.browser.save_screenshot(BEEF_TEST_DIR + Time.now.strftime("%Y-%m-%d--%H-%M-%S-%N") + ".png")
end
def self.login(session = nil)
session = Capybara::Session.new(:selenium_headless) if session.nil?
session.visit(ATTACK_URL)
sleep 2.0
session.has_content?('BeEF Authentication')
session.fill_in 'user', :with => BEEF_USER
session.fill_in 'pass', :with => BEEF_PASSWD
session.click_button('Login')
sleep 10.0
session
end
def self.logout(session)
session.click_link('Logout')
session
end
def self.new_attacker
self.login
end
def self.new_victim
victim = Capybara::Session.new(:selenium_headless)
victim.visit(VICTIM_URL)
victim
end
end

27
test/common/test_constants.rb
View File

@@ -1,27 +0,0 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
BEEF_TEST_DIR = "/tmp/beef-test/"
# General constants
ATTACK_DOMAIN = "127.0.0.1"
VICTIM_DOMAIN = "localhost"
ATTACK_URL = "http://" + ATTACK_DOMAIN + ":3000/ui/panel"
VICTIM_URL = "http://" + VICTIM_DOMAIN + ":3000/demos/basic.html"
# Credentials
BEEF_USER = ENV["TEST_BEEF_USER"] || 'beef'
BEEF_PASSWD = ENV["TEST_BEEF_PASS"] || "beef"
# RESTful API root endpoints
RESTAPI_HOOKS = "http://" + ATTACK_DOMAIN + ":3000/api/hooks"
RESTAPI_LOGS = "http://" + ATTACK_DOMAIN + ":3000/api/logs"
RESTAPI_MODULES = "http://" + ATTACK_DOMAIN + ":3000/api/modules"
RESTAPI_NETWORK = "http://" + ATTACK_DOMAIN + ":3000/api/network"
RESTAPI_PROXY = "http://" + ATTACK_DOMAIN + ":3000/api/proxy"
RESTAPI_DNS = "http://" + ATTACK_DOMAIN + ":3000/api/dns"
RESTAPI_SENG = "http://" + ATTACK_DOMAIN + ":3000/api/seng"
RESTAPI_ADMIN = "http://" + ATTACK_DOMAIN + ":3000/api/admin"
RESTAPI_WEBRTC = "http://" + ATTACK_DOMAIN + ":3000/api/webrtc"

22
test/common/ts_common.rb
View File

@@ -1,22 +0,0 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
# @note Version check to ensure BeEF is running Ruby 2.0+
if RUBY_VERSION < '2.3'
puts "\n"
puts "Ruby version #{RUBY_VERSION} is no longer supported. Please upgrade to Ruby version 2.3 or later."
puts "\n"
exit 1
end
begin
require 'test/unit/ui/console/testrunner'
rescue LoadError
puts "The following instruction failed: require 'test/unit/ui/console/testrunner'"
puts "Please run: sudo gem install test-unit-full"
exit
end

22
test/scripts/iptables.sh
View File

@@ -1,22 +0,0 @@
#!/bin/sh
# Delete all existing rules
/sbin/iptables -F
/sbin/iptables -X
# Set default chain policies
/sbin/iptables -P INPUT DROP
/sbin/iptables -P FORWARD DROP
/sbin/iptables -P OUTPUT ACCEPT
# Allow unlimited traffic on loopback
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A OUTPUT -o lo -j ACCEPT
# Allow incoming SSH
/sbin/iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
/sbin/iptables -A OUTPUT -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
# Allow established connections
/sbin/iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

333
test/unit/core/filter/tc_base.rb
View File

@@ -1,333 +0,0 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
require 'test/unit'
require '../../core/filters/base'
class TC_Filter < Test::Unit::TestCase
def test_is_non_empty_string
assert((not BeEF::Filters::is_non_empty_string?(nil)), 'Nil string')
assert((not BeEF::Filters::is_non_empty_string?(1)), 'Is integer')
assert((not BeEF::Filters::is_non_empty_string?("")), 'Empty string')
assert((BeEF::Filters::is_non_empty_string?("\x00")), 'Single null')
assert((BeEF::Filters::is_non_empty_string?("0")), 'First char is a num')
assert((BeEF::Filters::is_non_empty_string?("A")), 'First char is a alpha')
assert(BeEF::Filters::is_non_empty_string?("3333"), '4 num chars')
assert((BeEF::Filters::is_non_empty_string?("A3333")), '4 num chars begining with an aplha')
assert((BeEF::Filters::is_non_empty_string?("\x003333")), '4 num chars begining with a null')
end
def test_only
assert((BeEF::Filters::only?('A', 'A')), 'A - A -> success')
assert((not BeEF::Filters::only?('A', 'B')), 'A - B -> fail')
end
def test_exists
assert((BeEF::Filters::exists?('A', 'A')), 'A - A -> success')
assert((not BeEF::Filters::exists?('A', 'B')), 'A - B -> fail')
end
def test_has_null
assert((not BeEF::Filters::has_null?(nil)), 'Nil')
assert((not BeEF::Filters::has_null?("")), 'Empty string')
assert((not BeEF::Filters::has_null?("\x01")), '0x01 string')
assert((not BeEF::Filters::has_null?("\xFF")), '0xFF string')
assert((not BeEF::Filters::has_null?("A")), 'Single char')
assert((not BeEF::Filters::has_null?("A3333")), '4 num chars begining with an aplha')
assert((not BeEF::Filters::has_null?("0")), '0 string')
assert((not BeEF::Filters::has_null?("}")), '} char')
assert((not BeEF::Filters::has_null?(".")), '. char')
assert((not BeEF::Filters::has_null?("+")), '+ char')
assert((not BeEF::Filters::has_null?("-")), '- char')
assert((not BeEF::Filters::has_null?("-1")), '-1 string')
assert((not BeEF::Filters::has_null?("0.A")), '0.A string')
assert((not BeEF::Filters::has_null?("3333")), '33 33 string')
assert((not BeEF::Filters::has_null?("33 33")), '33 33 string')
assert((not BeEF::Filters::has_null?(" AAAAAAAA")), 'white space at start of string')
assert((not BeEF::Filters::has_null?("AAAAAAAA ")), 'white space at end of string')
(1..255).each {|c|
str = ''
str.concat(c)
assert(!(BeEF::Filters::has_null?(str)), 'loop of around every char')
}
assert((BeEF::Filters::has_null?("\x00")), 'Single null')
assert((BeEF::Filters::has_null?("A\x00")), 'Char and null')
assert((BeEF::Filters::has_null?("AAAAAAAA\x00")), 'Char and null')
assert((BeEF::Filters::has_null?("\x00A")), 'Null and char')
assert((BeEF::Filters::has_null?("\x00AAAAAAAAA")), 'Null and chars')
assert((BeEF::Filters::has_null?("A\x00A")), 'Null surrounded by chars')
assert((BeEF::Filters::has_null?("AAAAAAAAA\x00AAAAAAAAA")), 'Null surrounded by chars')
assert((BeEF::Filters::has_null?("A\n\r\x00")), 'new line and carriage return at start of string')
assert((BeEF::Filters::has_null?("\x00\n\rA")), 'new line and carriage return at end of string')
assert((BeEF::Filters::has_null?("A\n\r\x00\n\rA")), 'new line and carriage return at start and end of string')
assert((BeEF::Filters::has_null?("\tA\x00A")), 'tab at start of string')
(1..255).each {|c|
str = ''
str.concat(c)
str += "\x00"
assert((BeEF::Filters::has_null?(str)), 'loop of behind every char')
}
(1..255).each {|c|
str = ''
str += "\x00"
str.concat(c)
assert((BeEF::Filters::has_null?(str)), 'loop of infront every char')
}
(1..255).each {|c|
str = ''
str.concat(c)
str += "\x00"
str.concat(c)
assert((BeEF::Filters::has_null?(str)), 'loop of around every char')
}
end
def test_has_non_printable_char
assert((not BeEF::Filters::has_non_printable_char?(nil)), 'Nil')
assert((not BeEF::Filters::has_non_printable_char?("")), 'Empty string')
assert((not BeEF::Filters::has_non_printable_char?("A")), 'Single char')
assert((not BeEF::Filters::has_non_printable_char?("A3333")), '4 num chars begining with an aplha')
assert((not BeEF::Filters::has_non_printable_char?("0")), '0 string')
assert((not BeEF::Filters::has_non_printable_char?("}")), '} char')
assert((not BeEF::Filters::has_non_printable_char?(".")), '. char')
assert((not BeEF::Filters::has_non_printable_char?("+")), '+ char')
assert((not BeEF::Filters::has_non_printable_char?("-")), '- char')
assert((not BeEF::Filters::has_non_printable_char?("-1")), '-1 string')
assert((not BeEF::Filters::has_non_printable_char?("0.A")), '0.A string')
assert((not BeEF::Filters::has_non_printable_char?("3333")), '4 num chars')
assert((not BeEF::Filters::has_non_printable_char?(" 0AAAAAAAA")), 'white space at start of string')
assert((not BeEF::Filters::has_non_printable_char?(" 0AAAAAAAA ")), 'white space at end of string')
# check lowercase chars
('a'..'z').each {|c|
assert((not BeEF::Filters::has_non_printable_char?(c)), 'lowercase chars')
}
# check uppercase chars
('A'..'Z').each {|c|
assert((not BeEF::Filters::has_non_printable_char?(c)), 'uppercase chars')
}
# check numbers chars
('0'..'9').each {|c|
assert((not BeEF::Filters::has_non_printable_char?(c)), 'number chars')
}
assert((BeEF::Filters::has_non_printable_char?("\x00")), '0x00 string')
assert((BeEF::Filters::has_non_printable_char?("\x01")), '0x01 string')
assert((BeEF::Filters::has_non_printable_char?("\x02")), '0x02 string')
# Commented the below because the UTF-8 handling for \xFF appears to break.
# See Issue #1126
# assert((BeEF::Filters::has_non_printable_char?("\xF0")), '0xFE string')
# assert((BeEF::Filters::has_non_printable_char?("\xFE")), '0xFE string')
# assert((BeEF::Filters::has_non_printable_char?("\xFF")), '0xFF string')
assert((BeEF::Filters::has_non_printable_char?("A\x03")), 'Single char and non printable char')
assert((BeEF::Filters::has_non_printable_char?("\x04A")), 'Single char and non printable char')
assert((BeEF::Filters::has_non_printable_char?("\x003333")), '4 num chars begining with a null')
assert((BeEF::Filters::has_non_printable_char?("\x00AAAAAAAA")), 'null at start of string')
assert((BeEF::Filters::has_non_printable_char?(" AAAAAAAA\x00")), 'null at end of string')
assert((BeEF::Filters::has_non_printable_char?("\t\x00AAAAAAAA")), 'tab at start of string')
assert((BeEF::Filters::has_non_printable_char?("\n\x00AAAAAAAA")), 'new line at start of string')
assert((BeEF::Filters::has_non_printable_char?("\n\r\x00AAAAAAAA")), 'new line and carriage return at start of string')
assert((BeEF::Filters::has_non_printable_char?("AAAAAAAAA\x00AAAAA")), 'Chars and null')
assert((BeEF::Filters::has_non_printable_char?("\n\x00")), 'newline and null')
(0..255).each {|c|
str = ''
str.concat(c)
str += "\x00"
str.concat(c)
assert((BeEF::Filters::has_non_printable_char?(str)), 'loop of around every char')
}
end
def test_is_nums_only
assert((not BeEF::Filters::nums_only?(nil)), 'Nil string')
assert((not BeEF::Filters::nums_only?(1)), 'Is integer')
assert((not BeEF::Filters::nums_only?("")), 'Empty string')
assert((not BeEF::Filters::nums_only?("A")), 'First char is a alpha')
assert((not BeEF::Filters::nums_only?("A3333")), '4 num chars begining with an aplha')
assert((not BeEF::Filters::nums_only?("\x003333")), '4 num chars begining with a null')
assert((not BeEF::Filters::nums_only?("}")), '} char')
assert((not BeEF::Filters::nums_only?(".")), '. char')
assert((not BeEF::Filters::nums_only?("+")), '+ char')
assert((not BeEF::Filters::nums_only?("-")), '- char')
assert((not BeEF::Filters::nums_only?("-1")), '-1 string')
assert((BeEF::Filters::nums_only?("0")), 'First char is a num')
assert((BeEF::Filters::nums_only?("3333")), '4 num chars')
end
def test_is_valid_float
assert((not BeEF::Filters::is_valid_float?(nil)), 'Nil string')
assert((not BeEF::Filters::is_valid_float?(1)), 'Is integer')
assert((not BeEF::Filters::is_valid_float?("")), 'Empty string')
assert((not BeEF::Filters::is_valid_float?("A")), 'First char is a alpha')
assert((not BeEF::Filters::is_valid_float?("A3333")), '4 num chars begining with an aplha')
assert((not BeEF::Filters::is_valid_float?("\x003333")), '4 num chars begining with a null')
assert((not BeEF::Filters::is_valid_float?("}")), '} char')
assert((not BeEF::Filters::is_valid_float?(".")), '. char')
assert((not BeEF::Filters::is_valid_float?("+")), '+ char')
assert((not BeEF::Filters::is_valid_float?("-")), '- char')
assert((not BeEF::Filters::is_valid_float?("-1")), '-1 string')
assert((not BeEF::Filters::is_valid_float?("0")), 'First char is a num')
assert((not BeEF::Filters::is_valid_float?("3333")), '4 num chars')
assert((not BeEF::Filters::is_valid_float?("0.A")), '0.A string')
assert((BeEF::Filters::is_valid_float?("33.33")), '4 num chars')
assert((BeEF::Filters::is_valid_float?("0.0")), '0.0 string')
assert((BeEF::Filters::is_valid_float?("1.0")), '1.0 string')
assert((BeEF::Filters::is_valid_float?("0.1")), '0.1 string')
assert((BeEF::Filters::is_valid_float?("33.33")), '33.33 string')
end
def test_hexs_only
assert((not BeEF::Filters::hexs_only?(nil)), 'Nil string')
assert((not BeEF::Filters::hexs_only?(1)), 'Is integer')
assert((not BeEF::Filters::hexs_only?("")), 'Empty string')
assert((not BeEF::Filters::hexs_only?("\x003333")), '4 num chars begining with a null')
assert((not BeEF::Filters::hexs_only?("}")), '} char')
assert((not BeEF::Filters::hexs_only?(".")), '. char')
assert((not BeEF::Filters::hexs_only?("+")), '+ char')
assert((not BeEF::Filters::hexs_only?("-")), '- char')
assert((not BeEF::Filters::hexs_only?("-1")), '-1 string')
assert((not BeEF::Filters::hexs_only?("0.A")), '0.A string')
assert((not BeEF::Filters::hexs_only?("33.33")), '4 num chars')
assert((not BeEF::Filters::hexs_only?("0.0")), '0.0 string')
assert((not BeEF::Filters::hexs_only?("1.0")), '1.0 string')
assert((not BeEF::Filters::hexs_only?("0.1")), '0.1 string')
assert((not BeEF::Filters::hexs_only?("33.33")), '33.33 string')
assert((BeEF::Filters::hexs_only?("0123456789ABCDEFabcdef")), '0123456789ABCDEFabcdef string')
assert((BeEF::Filters::hexs_only?("0")), 'First char is a num')
assert((BeEF::Filters::hexs_only?("3333")), '4 num chars')
assert((BeEF::Filters::hexs_only?("A3333")), '4 num chars begining with an aplha')
assert((BeEF::Filters::hexs_only?("A")), 'First char is a alpha')
end
def test_first_char_is_num
assert((not BeEF::Filters::first_char_is_num?("")), 'Empty string')
assert((not BeEF::Filters::first_char_is_num?("A")), 'First char is a alpha')
assert((not BeEF::Filters::first_char_is_num?("A3333")), '4 num chars begining with an aplha')
assert((not BeEF::Filters::first_char_is_num?("\x003333")), '4 num chars begining with a null')
assert((BeEF::Filters::first_char_is_num?("3333")), '4 num chars')
assert((BeEF::Filters::first_char_is_num?("0AAAAAAAA")), '0AAAAAAAA string')
assert((BeEF::Filters::first_char_is_num?("0")), 'First char is a num')
end
def test_has_whitespace_char
assert((not BeEF::Filters::has_whitespace_char?("")), 'Empty string')
assert((not BeEF::Filters::has_whitespace_char?("A")), 'First char is a alpha')
assert((not BeEF::Filters::has_whitespace_char?("A3333")), '4 num chars begining with an aplha')
assert((not BeEF::Filters::has_whitespace_char?("\x003333")), '4 num chars begining with a null')
assert((not BeEF::Filters::has_whitespace_char?("0")), 'First char is a num')
assert((not BeEF::Filters::has_whitespace_char?("}")), '} char')
assert((not BeEF::Filters::has_whitespace_char?(".")), '. char')
assert((not BeEF::Filters::has_whitespace_char?("+")), '+ char')
assert((not BeEF::Filters::has_whitespace_char?("-")), '- char')
assert((not BeEF::Filters::has_whitespace_char?("-1")), '-1 string')
assert((not BeEF::Filters::has_whitespace_char?("0.A")), '0.A string')
assert((BeEF::Filters::has_whitespace_char?("33 33")), '4 num chars')
assert((BeEF::Filters::has_whitespace_char?(" ")), 'white space char only')
assert((BeEF::Filters::has_whitespace_char?(" ")), 'white space chars only')
assert((BeEF::Filters::has_whitespace_char?(" 0AAAAAAAA")), 'white space at start of string')
assert((BeEF::Filters::has_whitespace_char?(" 0AAAAAAAA ")), 'white space at start and end of string')
assert((BeEF::Filters::has_whitespace_char?("\t0AAAAAAAA")), 'white space at start of string')
assert((BeEF::Filters::has_whitespace_char?("\n0AAAAAAAA")), 'white space at start of string')
end
def test_alphanums_only
assert((BeEF::Filters::alphanums_only?("A")), 'Single char')
assert((BeEF::Filters::alphanums_only?("A3333")), '4 num chars begining with an aplha')
assert((BeEF::Filters::alphanums_only?("0")), '0 string')
assert((not BeEF::Filters::alphanums_only?(nil)), 'Nil')
assert((not BeEF::Filters::alphanums_only?("")), 'Empty string')
assert((not BeEF::Filters::alphanums_only?("\n")), '\\n string')
assert((not BeEF::Filters::alphanums_only?("\r")), '\\r string')
assert((not BeEF::Filters::alphanums_only?("\x01")), '0x01 string')
# Commented the below because the UTF-8 handling for \xFF appears to break.
# See Issue #1126
# assert((not BeEF::Filters::alphanums_only?("\xFF")), '0xFF string')
assert((not BeEF::Filters::alphanums_only?("}")), '} char')
assert((not BeEF::Filters::alphanums_only?(".")), '. char')
assert((not BeEF::Filters::alphanums_only?("+")), '+ char')
assert((not BeEF::Filters::alphanums_only?("-")), '- char')
assert((not BeEF::Filters::alphanums_only?("-1")), '-1 string')
assert((not BeEF::Filters::alphanums_only?("ee-!@$%^&*}=0.A")), '0.A string')
assert((not BeEF::Filters::alphanums_only?("33 33")), '33 33 string')
assert((not BeEF::Filters::alphanums_only?(" AAAAAAAA")), 'white space at start of string')
assert((not BeEF::Filters::alphanums_only?("AAAAAAAA ")), 'white space at end of string')
# check lowercase chars
('a'..'z').each {|c|
assert((BeEF::Filters::alphanums_only?(c)), 'lowercase chars')
}
# check uppercase chars
('A'..'Z').each {|c|
assert((BeEF::Filters::alphanums_only?(c)), 'uppercase chars')
}
# check numbers chars
('0'..'9').each {|c|
assert((BeEF::Filters::alphanums_only?(c)), 'number chars')
}
assert((not BeEF::Filters::alphanums_only?("\x00")), 'Single null')
assert((not BeEF::Filters::alphanums_only?("A\x00")), 'Char and null')
assert((not BeEF::Filters::alphanums_only?("AAAAAAAA\x00")), 'Char and null')
assert((not BeEF::Filters::alphanums_only?("\x00A")), 'Null and char')
assert((not BeEF::Filters::alphanums_only?("\x00AAAAAAAAA")), 'Null and chars')
assert((not BeEF::Filters::alphanums_only?("A\x00A")), 'Null surrounded by chars')
assert((not BeEF::Filters::alphanums_only?("AAAAAAAAA\x00AAAAAAAAA")), 'Null surrounded by chars')
assert((not BeEF::Filters::alphanums_only?("A\n\r\x00")), 'new line and carriage return at start of string')
assert((not BeEF::Filters::alphanums_only?("\x00\n\rA")), 'new line and carriage return at end of string')
assert((not BeEF::Filters::alphanums_only?("A\n\r\x00\n\rA")), 'new line and carriage return at start and end of string')
assert((not BeEF::Filters::alphanums_only?("\tA\x00A")), 'tab at start of string')
(0..255).each {|c|
str = ''
str.concat(c)
str += "\x00"
assert((not BeEF::Filters::alphanums_only?(str)), 'loop of behind every char')
}
(0..255).each {|c|
str = "\x00"
str.concat(c)
assert((not BeEF::Filters::alphanums_only?(str)), 'loop of behind every char')
}
(0..255).each {|c|
str = ''
str.concat(c)
str += "\x00"
str.concat(c)
assert((not BeEF::Filters::alphanums_only?(str)), 'loop of behind every char')
}
assert((BeEF::Filters::alphanums_only?("3333")), '33 33 string')
end
end

20
test/unit/core/filter/tc_command.rb
View File

@@ -1,20 +0,0 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
require 'test/unit'
require '../../core/filters/base'
require '../../core/filters/command'
class TC_Filter < Test::Unit::TestCase
def test_has_valid_param_chars
assert((not BeEF::Filters::has_valid_param_chars?(nil)), 'Nil')
assert((not BeEF::Filters::has_valid_param_chars?("")), 'Empty string')
assert((BeEF::Filters::has_valid_param_chars?("A")), 'Single char')
assert((not BeEF::Filters::has_valid_param_chars?("+")), 'Single invalid char')
end
end

54
test/unit/core/main/models/tc_browserdetails.rb
View File

@@ -1,54 +0,0 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
require 'test/unit'
class TC_BrowserDetails < Test::Unit::TestCase
def setup
$:.unshift(File.join(File.expand_path(File.dirname(__FILE__)), '.'))
$root_dir = File.expand_path('../../../../', __FILE__)
@session = (0...10).map { ('a'..'z').to_a[rand(26)] }.join
end
def shutdown
$root_dir = nil
end
# Connects to in-memory database (does not test anything)
def test_01_database
DataMapper.setup(:default, 'sqlite3::memory:')
DataMapper.auto_migrate!
end
# Tests nil key value returns empty string
def test_02_set_nil_values
key_value = nil
BeEF::Core::Models::BrowserDetails.set(@session, 'key_with_nil_value', key_value).to_s
assert_equal '', BeEF::Core::Models::BrowserDetails.get(@session, 'key_with_nil_valule').to_s
end
# Tests get/set browser details
def test_03_set_browser_details
key_name = (0...10).map { ('a'..'z').to_a[rand(26)] }.join
key_value = (0...10).map { ('a'..'z').to_a[rand(26)] }.join
BeEF::Core::Models::BrowserDetails.set(@session, key_name, key_value).to_s
assert_equal key_value, BeEF::Core::Models::BrowserDetails.get(@session, key_name).to_s
end
# Tests updating browser details
def test_04_update_browser_details
key_name = (0...10).map { ('a'..'z').to_a[rand(26)] }.join
key_value = (0...10).map { ('a'..'z').to_a[rand(26)] }.join
BeEF::Core::Models::BrowserDetails.set(@session, key_name, key_value).to_s
assert_equal key_value, BeEF::Core::Models::BrowserDetails.get(@session, key_name).to_s
key_value = (0...10).map { ('a'..'z').to_a[rand(26)] }.join
BeEF::Core::Models::BrowserDetails.set(@session, key_name, key_value).to_s
assert_equal key_value, BeEF::Core::Models::BrowserDetails.get(@session, key_name).to_s
end
end

116
test/unit/core/main/network_stack/handlers/dynamicreconstruction.rb
View File

@@ -1,116 +0,0 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
require 'test/unit'
require 'rubygems'
require 'curb'
class TC_DynamicReconstruction < Test::Unit::TestCase
@@port = 20000 + rand(10000)
def setup
$root_dir="../../"
$:.unshift File.join( %w{ ../../ } )
require 'core/loader'
require 'core/main/network_stack/handlers/dynamicreconstruction.rb'
@@port += 1 # cycle through ports because the tcp teardown process is too slow
@port = @@port
config = {}
config[:BindAddress] = '127.0.0.1'
config[:Port] = @port.to_s
@mounts = {}
@mounts['/test'] = BeEF::Core::NetworkStack::Handlers::DynamicReconstruction.new
@rackApp = Rack::URLMap.new(@mounts)
Thin::Logging.silent = true
@server = Thin::Server.new('127.0.0.1', @port.to_s, @rackApp)
trap("INT") { @server.stop }
trap("TERM") { @server.stop }
@pid = fork do
@server.start!
end
end
def teardown
Process.kill("INT",@pid)
$root_dir = nil
end
# the server doesn't offer a mutex or callback
def wait_for_server
max_waits = 3
sleep_length = 0.1
count = 0
while (count < max_waits)
break if @server.running?
count += 1
sleep sleep_length
end
end
def test_delete
wait_for_server
response = Curl::Easy.http_delete("http://127.0.0.1:" + @port.to_s + "/test")
assert_equal 404, response.response_code
end
def test_put
wait_for_server
response = Curl::Easy.http_put("http://127.0.0.1:" + @port.to_s + "/test", nil)
assert_equal 404, response.response_code
end
def test_head
wait_for_server
response = Curl::Easy.http_head("http://127.0.0.1:" + @port.to_s + "/test")
assert_equal 404, response.response_code
end
def test_no_params
wait_for_server
response = Curl::Easy.http_get("http://127.0.0.1:" + @port.to_s + "/test")
assert_equal 404, response.response_code
end
def test_zero_values
wait_for_server
response = Curl::Easy.http_get("http://127.0.0.1:" + @port.to_s + "/test?bh=0&sid=0&pid=0&pc=0&d=0")
assert_equal 200, response.response_code
assert_equal "", response.body_str
end
def test_one_values
wait_for_server
response = Curl::Easy.http_get("http://127.0.0.1:" + @port.to_s + "/test?bh=1&sid=1&pid=1&pc=1&d=1")
assert_equal 200, response.response_code
assert_equal "", response.body_str
end
def test_neg_one_values
wait_for_server
response = Curl::Easy.http_get("http://127.0.0.1:" + @port.to_s + "/test?bh=-1&sid=-1&pid=-1&pc=-1&d=-1")
assert_equal 200, response.response_code
assert_equal "", response.body_str
end
def test_ascii_values
wait_for_server
response = Curl::Easy.http_get("http://127.0.0.1:" + @port.to_s + "/test?bh=z&sid=z&pid=z&pc=z&d=z")
assert_equal 200, response.response_code
assert_equal "", response.body_str
end
def test_array_values
wait_for_server
response = Curl::Easy.http_get("http://127.0.0.1:" + @port.to_s + "/test?bh[]=1&sid[]=1&pid[]=1&pc[]=1&d[]=1")
assert_equal 200, response.response_code
assert_equal "", response.body_str
end
end

66
test/unit/core/main/network_stack/handlers/redirector.rb
View File

@@ -1,66 +0,0 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
require 'test/unit'
require 'rubygems'
require 'curb'
class TC_Redirector < Test::Unit::TestCase
@@port = 20000 + rand(10000)
def setup
$root_dir="../../"
$:.unshift File.join( %w{ ../../ } )
require 'core/loader'
require 'core/main/network_stack/assethandler.rb'
require 'core/main/network_stack/handlers/redirector.rb'
@@port += 1 # cycle through ports because the tcp teardown process is too slow
@port = @@port
config = {}
config[:BindAddress] = '127.0.0.1'
config[:Port] = @port.to_s
@mounts = {}
@mounts['/test'] = BeEF::Core::NetworkStack::Handlers::Redirector.new('http://www.beefproject.com')
@rackApp = Rack::URLMap.new(@mounts)
Thin::Logging.silent = true
@server = Thin::Server.new('127.0.0.1', @port.to_s, @rackApp)
trap("INT") { @server.stop }
trap("TERM") { @server.stop }
@pid = fork do
@server.start!
end
end
def teardown
Process.kill("INT",@pid)
$root_dir = nil
end
# the server doesn't offer a mutex or callback
def wait_for_server
max_waits = 3
sleep_length = 0.1
count = 0
while (count < max_waits)
break if @server.running?
count += 1
sleep sleep_length
end
end
def test_get
wait_for_server
response = Curl::Easy.http_get("http://127.0.0.1:" + @port.to_s + "/test/")
assert_equal 302, response.response_code
assert_equal "302 found", response.body_str
assert_match /Location: http:\/\/www\.beefproject\.com/, response.header_str
end
end

28
test/unit/core/tc_api.rb
View File

@@ -1,28 +0,0 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
require 'test/unit'
class TC_Api < Test::Unit::TestCase
def setup
$root_dir = "../../"
$:.unshift File.join( %w{ ../../ } )
end
def teardown
$root_dir = nil
end
#
# Test the api is functional
#
def test_api
assert_nothing_raised do
require 'core/api'
end
end
end

19
test/unit/core/tc_autorun.rb
View File

@@ -1,19 +0,0 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
require 'test/unit'
class TC_Autorun < Test::Unit::TestCase
def setup
$:.unshift(File.join(File.expand_path(File.dirname(__FILE__)), '.'))
$root_dir = File.expand_path('../../../../', __FILE__)
end
def test_autorun
assert(true)
end
end

30
test/unit/core/tc_bootstrap.rb
View File

@@ -1,30 +0,0 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
require 'test/unit'
class TC_Bootstrap < Test::Unit::TestCase
def setup
$root_dir = "../../"
$:.unshift File.join( %w{ ../../ } )
BeEF::Core::Configuration.new("#{$root_dir}/config.yaml")
end
def teardown
$root_dir = nil
end
#
# Test the core is functional
#
def test_bootstrap
assert_nothing_raised do
require 'core/bootstrap'
end
end
end

29
test/unit/core/tc_core.rb
View File

@@ -1,29 +0,0 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
require 'test/unit'
class TC_Core < Test::Unit::TestCase
def setup
$root_dir = "../../"
$:.unshift File.join( %w{ ../../ } )
end
def teardown
$root_dir = nil
end
#
# Test the core is functional
#
def test_core
assert_nothing_raised do
require 'core/core'
end
end
end

61
test/unit/core/tc_extensions.rb
View File

@@ -1,61 +0,0 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
require 'test/unit'
class TC_Extensions < Test::Unit::TestCase
def setup
$:.unshift(File.join(File.expand_path(File.dirname(__FILE__)), '.'))
$root_dir = File.expand_path('../../../../', __FILE__)
end
#
# Test that extensions are loading properly
#
def test_extensions
assert_nothing_raised do
BeEF::Extensions.load
end
enabled_extensions = BeEF::Core::Configuration.instance.get('beef.extension').select {|k,v|
v['enable'] == true
}
enabled_extensions.each do |k,v|
assert(v.has_key?('name'))
assert(v.has_key?('enable'))
assert(v.has_key?('loaded'))
end
enabled_extensions.each do |k,v|
assert(v['loaded'], 'Extension is enabled but was not loaded')
end
end
def test_safe_client_debug_log
Dir['../../extensions/**/*.js'].each do |path|
next if /extensions\/admin_ui/.match(path) # skip this directory
next unless File.file?(path)
File.open(path) do |f|
f.grep(/\bconsole\.log\W*\(/m) do |line|
assert(false, "Function 'console.log' used instead of 'beef.debug' in extension: " + path + ':' + line)
end
end
end
end
def test_safe_variable_decleration
Dir['../../extensions/**/*.js'].each do |path|
next unless File.file?(path)
File.open(path) do |f|
f.grep(/\blet\W+[a-zA-Z0-9_\.]+\W*=/) do |line|
assert(false, "Variable decleration with 'let' used instead of 'var' in extension: " + path + ':' + line)
end
end
end
end
end

28
test/unit/core/tc_loader.rb
View File

@@ -1,28 +0,0 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
require 'test/unit'
class TC_Loader < Test::Unit::TestCase
def setup
$root_dir = "../../"
$:.unshift File.join( %w{ ../../ } )
end
def teardown
$root_dir = nil
end
#
# Test the loader is functional
#
def test_loader
assert_nothing_raised do
require 'core/loader'
end
end
end

19
test/unit/core/tc_logger.rb
View File

@@ -1,19 +0,0 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
require 'test/unit'
class TC_Logger < Test::Unit::TestCase
def setup
$:.unshift(File.join(File.expand_path(File.dirname(__FILE__)), '.'))
$root_dir = File.expand_path('../../../../', __FILE__)
end
def test_logger
assert(true)
end
end

73
test/unit/core/tc_modules.rb
View File

@@ -1,73 +0,0 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
require 'test/unit'
class TC_Modules < Test::Unit::TestCase
def setup
$:.unshift(File.join(File.expand_path(File.dirname(__FILE__)), '.'))
$root_dir = File.expand_path('../../../../', __FILE__)
end
#
# Test that modules are loading properly
#
def test_modules
assert_nothing_raised do
BeEF::Modules.load
end
BeEF::Core::Configuration.instance.get('beef.module').select {|k,v| v['enable'] == true and v['category'] != nil }.each { |k,v|
assert((BeEF::Module.is_present(k)),"#{k} is not present in config - buh?")
}
BeEF::Core::Configuration.instance.get('beef.module').select {|k,v| v['enable'] == true and v['category'] != nil }.each { |k,v|
assert((BeEF::Module.is_enabled(k)),"#{k} is not enabled in config - ruhhh?")
}
assert_nothing_raised do
BeEF::Core::Configuration.instance.get('beef.module').select {|k,v| v['enable'] == true and v['category'] != nil }.each { |k,v|
BeEF::Module.hard_load(k)
}
end
BeEF::Core::Configuration.instance.get('beef.module').select {|k,v| v['enable'] == true and v['category'] != nil }.each { |k,v|
assert((BeEF::Module.is_loaded(k)), "#{k} is not loaded - even though it should be - rut roh?")
}
BeEF::Core::Configuration.instance.get('beef.module').select {|k,v| v['enable'] == true and v['category'] != nil }.each { |k,v|
BeEF::Core::Configuration.instance.get('beef.module.'+k+'.target').each { |t,tt|
if tt.class == Array
assert_not_equal(tt.length,0,"#{k} does not have valid TARGET configuration")
end
}
}
end
def test_safe_client_debug_log
Dir['../../modules/**/*.js'].each do |path|
next unless File.file?(path)
File.open(path) do |f|
f.grep(/\bconsole\.log\W*\(/m) do |line|
assert(false, "Function 'console.log' used instead of 'beef.debug' in command module: " + path + ':' + line)
end
end
end
end
def test_safe_variable_decleration
Dir['../../modules/**/*.js'].each do |path|
next unless File.file?(path)
File.open(path) do |f|
f.grep(/\blet\W+[a-zA-Z0-9_\.]+\W*=/) do |line|
assert(false, "Variable decleration with 'let' used instead of 'var' in command module: " + path + ':' + line)
end
end
end
end
end

19
test/unit/core/tc_obfuscation.rb
View File

@@ -1,19 +0,0 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
require 'test/unit'
class TC_Obfuscation < Test::Unit::TestCase
def setup
$:.unshift(File.join(File.expand_path(File.dirname(__FILE__)), '.'))
$root_dir = File.expand_path('../../../../', __FILE__)
end
def test_obfuscation
assert(true)
end
end

19
test/unit/core/tc_social_engineering.rb
View File

@@ -1,19 +0,0 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
require 'test/unit'
class TC_SocialEngineering < Test::Unit::TestCase
def setup
$:.unshift(File.join(File.expand_path(File.dirname(__FILE__)), '.'))
$root_dir = File.expand_path('../../../../', __FILE__)
end
def test_social_engineering
assert(true)
end
end

46
test/unit/extensions/tc_console.rb
View File

@@ -1,46 +0,0 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
require 'test/unit'
class TC_Console < Test::Unit::TestCase
class << self
def startup
$root_dir = '../../'
$:.unshift(File.expand_path($root_dir))
# load extension
require 'extensions/console/extension'
# load config
BeEF::Core::Configuration.new(File.join($root_dir, 'config.yaml'))
config = BeEF::Core::Configuration.instance
config.load_extensions_config
@@console_config = config.get('beef.extension.console')
@@console_config_shell = config.get('beef.extension.console.shell')
end
def shutdown
$root_dir = nil
end
end
# Connects to in-memory database (does not test anything)
def test_01_database
DataMapper.setup(:default, 'sqlite3::memory:')
DataMapper.auto_migrate!
end
# Checks for required settings in config file
def test_02_config
assert(@@console_config.has_key?('enable'))
assert(@@console_config_shell.has_key?('historyfolder'))
assert(@@console_config_shell.has_key?('historyfile'))
end
end

359
test/unit/extensions/tc_dns.rb
View File

@@ -1,359 +0,0 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
require 'test/unit'
require 'resolv'
class TC_Dns < Test::Unit::TestCase
IN = Resolv::DNS::Resource::IN
class << self
def startup
$root_dir = '../../'
$:.unshift(File.expand_path($root_dir))
require 'extensions/dns/extension'
BeEF::Core::Configuration.new(File.join($root_dir, 'config.yaml'))
@@config = BeEF::Core::Configuration.instance
@@config.load_extensions_config
@@dns_config = @@config.get('beef.extension.dns')
@@dns = BeEF::Extension::Dns::Server.instance
end
def shutdown
$root_dir = nil
end
end
# Connects to in-memory database (does not test anything)
def test_01_database
DataMapper.setup(:default, 'sqlite3::memory:')
DataMapper.auto_migrate!
end
# Checks for required settings in config file
def test_02_config
assert(@@dns_config.has_key?('protocol'))
assert(@@dns_config.has_key?('address'))
assert(@@dns_config.has_key?('port'))
assert(@@dns_config.has_key?('upstream'))
end
# Verifies public interface
def test_03_interface
assert_respond_to(@@dns, :add_rule)
assert_respond_to(@@dns, :get_rule)
assert_respond_to(@@dns, :remove_rule!)
assert_respond_to(@@dns, :get_ruleset)
assert_respond_to(@@dns, :remove_ruleset!)
end
# Tests procedure for properly adding new DNS rules
def test_04_add_rule_good
id = nil
response = '1.2.3.4'
assert_nothing_raised do
id = @@dns.add_rule(
:pattern => 'foo.bar',
:resource => IN::A,
:response => [response] ) do |transaction|
transaction.respond!(response)
end
end
assert_not_nil(id)
id = nil
response = '9.9.9.9'
assert_nothing_raised do
id = @@dns.add_rule(
:pattern => %r{i\.(love|hate)\.beef\.com?},
:resource => IN::A,
:response => [response] ) do |transaction|
transaction.respond!(response)
end
end
assert_not_nil(id)
domains = %w(
i.hate.beef.com
i.love.beef.com
i.love.beef.co
i.love.beef.co )
assert_nothing_raised do
domains.each do |domain|
id = @@dns.add_rule(
:pattern => %r{i\.(love|hate)\.beef\.com?},
:resource => IN::A,
:response => domain ) do |transaction|
transaction.respond!(domain)
end
assert_not_nil(id)
end
end
end
# Tests addition of new rules with invalid parameters
def test_05_add_rule_bad
id = nil
same_id = nil
pattern = 'j.random.hacker'
response = '4.2.4.2'
# Add the same rule twice
assert_nothing_raised do
id = @@dns.add_rule(
:pattern => pattern,
:resource => IN::A,
:response => [response] ) do |transaction|
transaction.respond!(response)
end
end
assert_nothing_raised do
same_id = @@dns.add_rule(
:pattern => pattern,
:resource => IN::A,
:response => [response] ) do |transaction|
transaction.respond!(response)
end
end
assert_equal(id, same_id)
end
# Verifies the proper format for rule identifiers
def test_06_id_format
pattern = 'dead.beef'
response = '2.2.2.2'
id = nil
assert_nothing_raised do
id = @@dns.add_rule(
:pattern => pattern,
:resource => IN::A,
:response => [response] ) do |transaction|
transaction.respond!(response)
end
end
assert_equal(8, id.length)
assert_not_nil(id =~ /^\h{8}$/)
end
# Tests retrieval of valid DNS rules
def test_07_get_rule_good
pattern = 'be.ef'
response = '1.1.1.1'
id = nil
assert_nothing_raised do
id = @@dns.add_rule(
:pattern => pattern,
:resource => IN::A,
:response => [response] ) do |transaction|
transaction.respond!(response)
end
end
rule = @@dns.get_rule(id)
assert_equal(Hash, rule.class)
assert(rule.length > 0)
assert(rule.has_key?(:id))
assert(rule.has_key?(:pattern))
assert(rule.has_key?(:resource))
assert(rule.has_key?(:response))
assert_equal(id, rule[:id])
assert_equal('be.ef', rule[:pattern])
assert_equal('A', rule[:resource])
assert_equal(Array, rule[:response].class)
assert(rule[:response].length > 0)
assert_equal(response, rule[:response][0])
end
# Tests retrieval of invalid DNS rules
def test_08_get_rule_bad
rule = @@dns.get_rule(42)
assert_equal(nil, rule)
end
# Tests the removal of existing DNS rules
def test_09_remove_rule_good
pattern = 'hack.the.gibson'
response = '1.9.9.5'
id = nil
assert_nothing_raised do
id = @@dns.add_rule(
:pattern => pattern,
:resource => IN::A,
:response => [response] ) do |transaction|
transaction.respond!(response)
end
end
removed = @@dns.remove_rule!(id)
assert(removed)
end
# Tests the removal of unknown DNS rules
def test_10_remove_rule_bad
removed = @@dns.remove_rule!(42)
assert(!removed)
end
# Tests the retrieval of the entire DNS ruleset
def test_11_get_ruleset
ruleset = @@dns.get_ruleset
ruleset.sort! { |a, b| a[:pattern] <=> b[:pattern] }
assert_equal(Array, ruleset.class)
assert_equal(5, ruleset.length)
check_rule(ruleset[0], {:pattern => 'be.ef',
:resource => 'A',
:response => '1.1.1.1' })
check_rule(ruleset[1], {:pattern => 'dead.beef',
:resource => 'A',
:response => '2.2.2.2' })
check_rule(ruleset[2], {:pattern => 'foo.bar',
:resource => 'A',
:response => '1.2.3.4' })
check_rule(ruleset[3], {:pattern => 'i\.(love|hate)\.beef\.com?',
:resource => 'A',
:response => '9.9.9.9' })
check_rule(ruleset[4], {:pattern => 'j.random.hacker',
:resource => 'A',
:response => '4.2.4.2' })
end
# Tests the removal of the entire DNS ruleset
def test_12_remove_ruleset
removed = @@dns.remove_ruleset!
ruleset = @@dns.get_ruleset
assert(removed)
assert_equal(0, ruleset.length)
end
# Tests each supported type of query failure
def test_13_failure_types
begin
id = @@dns.add_rule(
:pattern => 'noerror.beef.com',
:resource => IN::A,
:response => ['1.2.3.4'] ) do |transaction|
transaction.failure!(:NoError)
end
#check_failure_status(id, :NoError)
end
begin
id = @@dns.add_rule(
:pattern => 'formerr.beef.com',
:resource => IN::A,
:response => ['1.2.3.4'] ) do |transaction|
transaction.failure!(:FormErr)
end
#check_failure_status(id, :FormErr)
end
begin
id = @@dns.add_rule(
:pattern => 'servfail.beef.com',
:resource => IN::A,
:response => ['1.2.3.4'] ) do |transaction|
transaction.failure!(:ServFail)
end
#check_failure_status(id, :ServFail)
end
begin
id = @@dns.add_rule(
:pattern => 'nxdomain.beef.com',
:resource => IN::A,
:response => ['1.2.3.4'] ) do |transaction|
transaction.failure!(:NXDomain)
end
#check_failure_status(id, :NXDomain)
end
begin
id = @@dns.add_rule(
:pattern => 'notimp.beef.com',
:resource => IN::A,
:response => ['1.2.3.4'] ) do |transaction|
transaction.failure!(:NotImp)
end
#check_failure_status(id, :NotImp)
end
begin
id = @@dns.add_rule(
:pattern => 'refused.beef.com',
:resource => IN::A,
:response => ['1.2.3.4'] ) do |transaction|
transaction.failure!(:Refused)
end
#check_failure_status(id, :Refused)
end
begin
id = @@dns.add_rule(
:pattern => 'notauth.beef.com',
:resource => IN::A,
:response => ['1.2.3.4'] ) do |transaction|
transaction.failure!(:NotAuth)
end
#check_failure_status(id, :NotAuth)
end
end
private
# Compares each key in hash 'rule' with the respective key in hash 'expected'
def check_rule(rule, expected = {})
assert_equal(expected[:pattern], rule[:pattern])
assert_equal(expected[:resource], rule[:resource])
assert_equal(expected[:response], rule[:response][0])
end
# Confirms that a query for the rule given in 'id' returns a 'resource' failure status
def check_failure_status(id, resource)
rule = @@dns.get_rule(id)
status = resource.to_s.force_encoding('UTF-8').upcase
assert_equal(status, rule[:response][0])
check_dns_response(/status: #{status}/, rule[:resource], rule[:pattern])
end
# Compares output of dig command against regex
def check_dns_response(regex, type, pattern)
address = @@config.get('beef.extension.dns.address')
port = @@config.get('beef.extension.dns.port')
dig_output = IO.popen(["dig", "@#{address}", "-p", "#{port}", "-t", "#{type}", "#{pattern}"], 'r+').read
assert_match(regex, dig_output)
end
end
# Suppresses unnecessary output from RubyDNS
module Kernel
def puts(*args)
;
end
end

22
test/unit/extensions/tc_event_logger.rb
View File

@@ -1,22 +0,0 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
require 'test/unit'
class TC_EventLogger < Test::Unit::TestCase
def setup
$:.unshift(File.join(File.expand_path(File.dirname(__FILE__)), '.'))
$root_dir = File.expand_path('../../../../', __FILE__)
end
def test_event_logger
assert(true)
end
def test_no_params
assert(true)
end
end

19
test/unit/extensions/tc_hooks.rb
View File

@@ -1,19 +0,0 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
require 'test/unit'
class TC_Hooks < Test::Unit::TestCase
def setup
$:.unshift(File.join(File.expand_path(File.dirname(__FILE__)), '.'))
$root_dir = File.expand_path('../../../../', __FILE__)
end
def test_hooks
assert(true)
end
end

49
test/unit/extensions/tc_ipec_tunnel.rb
View File

@@ -1,49 +0,0 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
require 'test/unit'
class TC_IpecTunnel < Test::Unit::TestCase
class << self
def startup
$root_dir = '../../'
$:.unshift(File.expand_path($root_dir))
# load extension
require 'extensions/ipec/extension'
# load config
BeEF::Core::Configuration.new(File.join($root_dir, 'config.yaml'))
config = BeEF::Core::Configuration.instance
config.load_extensions_config
@@ipec_config = config.get('beef.extension.ipec')
end
def shutdown
$root_dir = nil
end
end
# Connects to in-memory database (does not test anything)
def test_01_database
DataMapper.setup(:default, 'sqlite3::memory:')
DataMapper.auto_migrate!
end
# Checks for required settings in config file
def test_02_config
assert(@@ipec_config.has_key?('enable'))
end
# Verifies public interface
def test_03_interface
@@ipec_junk_calc = BeEF::Extension::Ipec::JunkCalculator.instance
assert_respond_to(@@ipec_junk_calc, :bind_junk_calculator)
end
end

44
test/unit/extensions/tc_network.rb
View File

@@ -1,44 +0,0 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
require 'test/unit'
class TC_Network < Test::Unit::TestCase
def setup
$:.unshift(File.join(File.expand_path(File.dirname(__FILE__)), '.'))
$root_dir = File.expand_path('../../../../', __FILE__)
require 'extensions/network/models/network_service'
require 'extensions/network/models/network_host'
end
def shutdown
$root_dir = nil
end
# Connects to in-memory database (does not test anything)
def test_01_database
DataMapper.setup(:default, 'sqlite3::memory:')
DataMapper.auto_migrate!
end
# Tests procedure for properly adding new host
def test_02_add_host_good
assert_nothing_raised do
BeEF::Core::Models::NetworkHost.add(:hooked_browser_id => '1234', :ip => '127.0.0.1')
raise "Adding network host failed" if BeEF::Core::Models::NetworkHost.all(:hooked_browser_id => '1234', :ip => '127.0.0.1').empty?
end
end
# Tests procedure for properly adding new service
def test_03_add_service_good
assert_nothing_raised do
BeEF::Core::Models::NetworkService.add(:hooked_browser_id => '1234', :proto => 'http', :ip => '127.0.0.1', :port => 80, :type => 'Apache')
raise "Adding network service failed" if BeEF::Core::Models::NetworkService.all(:hooked_browser_id => '1234', :ip => '127.0.0.1').empty?
end
end
end

47
test/unit/extensions/tc_proxy.rb
View File

@@ -1,47 +0,0 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
require 'test/unit'
class TC_Proxy < Test::Unit::TestCase
class << self
def startup
$root_dir = '../../'
$:.unshift(File.expand_path($root_dir))
# load extension
require 'extensions/proxy/extension'
# load config
BeEF::Core::Configuration.new(File.join($root_dir, 'config.yaml'))
config = BeEF::Core::Configuration.instance
config.load_extensions_config
@@proxy_config = config.get('beef.extension.proxy')
end
def shutdown
$root_dir = nil
end
end
# Connects to in-memory database (does not test anything)
def test_01_database
DataMapper.setup(:default, 'sqlite3::memory:')
DataMapper.auto_migrate!
end
# Checks for required settings in config file
def test_02_config
assert(@@proxy_config.has_key?('enable'))
assert(@@proxy_config.has_key?('address'))
assert(@@proxy_config.has_key?('port'))
assert(@@proxy_config.has_key?('key'))
assert(@@proxy_config.has_key?('cert'))
end
end

46
test/unit/extensions/tc_qrcode.rb
View File

@@ -1,46 +0,0 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
require 'test/unit'
class TC_Qrcode < Test::Unit::TestCase
class << self
def startup
$root_dir = '../../'
$:.unshift(File.expand_path($root_dir))
# load extension
require 'extensions/qrcode/extension'
# load config
BeEF::Core::Configuration.new(File.join($root_dir, 'config.yaml'))
config = BeEF::Core::Configuration.instance
config.load_extensions_config
@@qrcode_config = config.get('beef.extension.qrcode')
end
def shutdown
$root_dir = nil
end
end
# Connects to in-memory database (does not test anything)
def test_01_database
DataMapper.setup(:default, 'sqlite3::memory:')
DataMapper.auto_migrate!
end
# Checks for required settings in config file
def test_02_config
assert(@@qrcode_config.has_key?('enable'))
assert(@@qrcode_config.has_key?('targets'))
assert(@@qrcode_config.has_key?('qrsize'))
assert(@@qrcode_config.has_key?('qrborder'))
end
end

51
test/unit/extensions/tc_requester.rb
View File

@@ -1,51 +0,0 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
require 'test/unit'
class TC_Requester < Test::Unit::TestCase
class << self
def startup
$root_dir = '../../'
$:.unshift(File.expand_path($root_dir))
# load extension
require 'extensions/requester/extension'
# load config
BeEF::Core::Configuration.new(File.join($root_dir, 'config.yaml'))
config = BeEF::Core::Configuration.instance
config.load_extensions_config
@@requester_config = config.get('beef.extension.requester')
end
def shutdown
$root_dir = nil
end
end
# Connects to in-memory database (does not test anything)
def test_01_database
DataMapper.setup(:default, 'sqlite3::memory:')
DataMapper.auto_migrate!
end
# Checks for required settings in config file
def test_02_config
assert(@@requester_config.has_key?('enable'))
end
# Verifies public interface
def test_03_interface
@@requester = BeEF::Extension::Requester::API::Hook.new
assert_respond_to(@@requester, :requester_run)
assert_respond_to(@@requester, :add_to_body)
assert_respond_to(@@requester, :requester_parse_db_request)
end
end

45
test/unit/extensions/tc_webrtc.rb
View File

@@ -1,45 +0,0 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
require 'test/unit'
class TC_Webrtc < Test::Unit::TestCase
class << self
def startup
$root_dir = '../../'
$:.unshift(File.expand_path($root_dir))
# load extension
require 'extensions/webrtc/extension'
# load config
BeEF::Core::Configuration.new(File.join($root_dir, 'config.yaml'))
config = BeEF::Core::Configuration.instance
config.load_extensions_config
@@webrtc_config = config.get('beef.extension.webrtc')
end
def shutdown
$root_dir = nil
end
end
# Connects to in-memory database (does not test anything)
def test_01_database
DataMapper.setup(:default, 'sqlite3::memory:')
DataMapper.auto_migrate!
end
# Checks for required settings in config file
def test_02_config
assert(@@webrtc_config.has_key?('enable'))
assert(@@webrtc_config.has_key?('stunservers'))
assert(@@webrtc_config.has_key?('turnservers'))
end
end

52
test/unit/extensions/tc_xssrays.rb
View File

@@ -1,52 +0,0 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
require 'test/unit'
class TC_XssRays < Test::Unit::TestCase
class << self
def startup
$root_dir = '../../'
$:.unshift(File.expand_path($root_dir))
# load extension
require 'extensions/xssrays/extension'
# load config
BeEF::Core::Configuration.new(File.join($root_dir, 'config.yaml'))
config = BeEF::Core::Configuration.instance
config.load_extensions_config
@@xssrays_config = config.get('beef.extension.xssrays')
end
def shutdown
$root_dir = nil
end
end
# Connects to in-memory database (does not test anything)
def test_01_database
DataMapper.setup(:default, 'sqlite3::memory:')
DataMapper.auto_migrate!
end
# Checks for required settings in config file
def test_02_config
assert(@@xssrays_config.has_key?('enable'))
assert(@@xssrays_config.has_key?('clean_timeout'))
assert(@@xssrays_config.has_key?('cross_domain'))
end
# Verifies public interface
def test_03_interface
@@xssrays = BeEF::Extension::Xssrays::API::Scan.new
assert_respond_to(@@xssrays, :start_scan)
assert_respond_to(@@xssrays, :add_to_body)
end
end

52
test/unit/tc_filesystem.rb
View File

@@ -1,52 +0,0 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
require 'test/unit'
require 'yaml'
class TC_Filesystem < Test::Unit::TestCase
def setup
$root_dir="../../"
$:.unshift File.join( %w{ ../../ } )
end
def basic_file_test(test_file)
assert((File.file?(test_file)), "The file does not exist: " + test_file)
assert((not File.zero?(test_file)), "The file is empty: " + test_file)
end
#
# Test the consistancy of the filesystem
#
def test_beef_file
test_file = '../../beef'
basic_file_test(test_file)
assert((File.executable?(test_file)), "The file is not executable: " + test_file)
end
def test_config_file
test_file = '../../config.yaml'
user_cred=YAML.load_file(test_file)
x= user_cred['beef']['credentials']
assert_equal({"passwd"=>"beef", "user"=>"beef"}, x, 'The default creds are not set' )
end
def test_install_file
test_file = '../../install'
basic_file_test(test_file)
end
def test_main_directories_exist
assert(File.executable?('../../core'))
assert(File.executable?('../../modules'))
assert(File.executable?('../../extensions'))
end
end

24
test/unit/tc_grep.rb
View File

@@ -1,24 +0,0 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
require 'test/unit'
class TC_Grep < Test::Unit::TestCase
def test_grep_eval
Dir['../../**/*.rb'].each do |path|
File.open(path) do |f|
next if /tc_grep.rb/.match(path) # skip this file
next if /\/msf-test\//.match(path) # skip this file
next if /extensions\/dns/.match(path) # skip this file
f.grep(/\Weval\W/im) do |line|
assert(false, "Illegal use of 'eval' in framework: " + path + ':' + line)
end
end
end
end
end

75
test/unit/ts_unit.rb
View File

@@ -1,75 +0,0 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
# Common lib for BeEF tests
require '../common/ts_common'
require './core/filter/tc_base'
require './core/filter/tc_command'
require './core/main/network_stack/handlers/dynamicreconstruction'
require './core/main/network_stack/handlers/redirector'
require './core/tc_loader'
require './core/tc_core'
require './core/tc_api'
require './core/tc_bootstrap'
require './core/tc_modules'
require './core/tc_extensions'
require './core/tc_social_engineering'
require './core/tc_autorun'
require './core/tc_obfuscation'
require './core/tc_logger'
require './core/main/models/tc_browserdetails'
require './extensions/tc_xssrays'
require './extensions/tc_ipec_tunnel'
require './extensions/tc_hooks'
require './extensions/tc_proxy'
require './extensions/tc_requester'
require './extensions/tc_event_logger'
require './extensions/tc_network'
require './extensions/tc_qrcode'
require './extensions/tc_console'
require './extensions/tc_webrtc'
require './extensions/tc_dns'
require './tc_grep'
require './tc_filesystem'
class TS_BeefTests
def self.suite
suite = Test::Unit::TestSuite.new(name="BeEF Unit Test Suite")
suite << TC_Filter.suite
suite << TC_Loader.suite
suite << TC_Core.suite
suite << TC_Bootstrap.suite
suite << TC_Api.suite
suite << TC_Modules.suite
suite << TC_Extensions.suite
suite << TC_Filesystem.suite
suite << TC_Grep.suite
suite << TC_SocialEngineering.suite
suite << TC_Autorun.suite
suite << TC_XssRays.suite
suite << TC_Obfuscation.suite
suite << TC_Logger.suite
suite << TC_IpecTunnel.suite
suite << TC_Requester.suite
suite << TC_Proxy.suite
suite << TC_EventLogger.suite
suite << TC_Network.suite
suite << TC_Qrcode.suite
suite << TC_Hooks.suite
suite << TC_BrowserDetails.suite
suite << TC_Redirector.suite
suite << TC_DynamicReconstruction.suite
suite << TC_Console.suite
suite << TC_Webrtc.suite
suite << TC_Dns.suite
return suite
end
end
Test::Unit::UI::Console::TestRunner.run(TS_BeefTests)