From ea9a85ac7d11e96c31f155d33b85f1b1e633fc71 Mon Sep 17 00:00:00 2001 From: Jess Williams <42327230+JessW98@users.noreply.github.com> Date: Tue, 7 Jan 2020 13:04:32 +1000 Subject: [PATCH] Add files via upload --- BeEF.postman_environment.json | 49 +++ RESTful-API.postman_collection.json | 567 ++++++++++++++++++++++++++++ 2 files changed, 616 insertions(+) create mode 100644 BeEF.postman_environment.json create mode 100644 RESTful-API.postman_collection.json diff --git a/BeEF.postman_environment.json b/BeEF.postman_environment.json new file mode 100644 index 000000000..332a50b1a --- /dev/null +++ b/BeEF.postman_environment.json @@ -0,0 +1,49 @@ +{ + "id": "3b5f29e6-c8eb-4d23-bf52-c01255f22f08", + "name": "BeEF", + "values": [ + { + "key": "hostname", + "value": "127.0.0.1", + "enabled": true + }, + { + "key": "username", + "value": "beef", + "enabled": true + }, + { + "key": "password", + "value": "beef", + "enabled": true + }, + { + "key": "token", + "value": "", + "enabled": true + }, + { + "key": "session", + "value": "", + "enabled": true + }, + { + "key": "module_id", + "value": "", + "enabled": true + }, + { + "key": "cmd_id", + "value": "", + "enabled": true + }, + { + "key": "dnsrule_id", + "value": "", + "enabled": true + } + ], + "_postman_variable_scope": "environment", + "_postman_exported_at": "2020-01-03T06:00:29.827Z", + "_postman_exported_using": "Postman/7.14.0" +} \ No newline at end of file diff --git a/RESTful-API.postman_collection.json b/RESTful-API.postman_collection.json new file mode 100644 index 000000000..a5d5a723e --- /dev/null +++ b/RESTful-API.postman_collection.json @@ -0,0 +1,567 @@ +{ + "info": { + "_postman_id": "3b47c3ff-c03f-446c-8edb-cacaab481425", + "name": "RESTful API", + "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json" + }, + "item": [ + { + "name": "Authentication", + "event": [ + { + "listen": "test", + "script": { + "id": "8e1a5f48-1d41-469d-a153-6cd5ee751912", + "exec": [ + "var jsonData = JSON.parse(responseBody);", + "pm.environment.set(\"token\", jsonData.token);" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "name": "Content-Type", + "value": "application/json", + "type": "text" + } + ], + "body": { + "mode": "raw", + "raw": "{\n\t\"username\": \"{{username}}\",\n\t\"password\": \"{{password}}\"\n\t\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{hostname}}:3000/api/admin/login", + "protocol": "http", + "host": [ + "{{hostname}}" + ], + "port": "3000", + "path": [ + "api", + "admin", + "login" + ] + }, + "description": "In order to use the API, a token parameter must always be added to requests, otherwise a 401 error (Not Authorized) is returned.\n\nA new pseudo-random token is generated each time BeEF starts, using BeEF::Core::Crypto::api_token. The token is added to the BeEF::Configuration object.\n\nWhen BeEF starts the token is printed to the console. It should look something like:\n\n[16:02:47][*] RESTful API key: 320f3cf4da7bf0df7566a517c5db796e73a23f47\nGrabbing the Token from BeEF's API\n\nYou can issue a POST request to /api/admin/login using the BeEF credentials you have set in the main config.yaml file. This request will return the token in the response. You can parse the JSON and use it for your next requests requiring authentication." + }, + "response": [] + }, + { + "name": "Get All Hooked Browsers", + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{hostname}}:3000/api/hooks?token={{token}}", + "protocol": "http", + "host": [ + "{{hostname}}" + ], + "port": "3000", + "path": [ + "api", + "hooks" + ], + "query": [ + { + "key": "token", + "value": "{{token}}" + } + ] + }, + "description": "Provides information (browser and OS version, cookies, enabled plugins, etc) about all hooked browsers (both online and offline)." + }, + "response": [] + }, + { + "name": "Get Specific Hooked Browser", + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{hostname}}:3000/api/hooks/{{session}}?token={{token}}", + "protocol": "http", + "host": [ + "{{hostname}}" + ], + "port": "3000", + "path": [ + "api", + "hooks", + "{{session}}" + ], + "query": [ + { + "key": "token", + "value": "{{token}}" + } + ] + }, + "description": "\n Provides information (browser and OS version, cookies, enabled plugins, etc) about a specific hooked browser.\n" + }, + "response": [] + }, + { + "name": "Get All Hooked Browsers Logs", + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{hostname}}:3000/api/logs?token={{token}}", + "protocol": "http", + "host": [ + "{{hostname}}" + ], + "port": "3000", + "path": [ + "api", + "logs" + ], + "query": [ + { + "key": "token", + "value": "{{token}}" + } + ] + }, + "description": "The logs handler gives information about all hooked browser's logs, both global and relative." + }, + "response": [] + }, + { + "name": "Get Specific Hooked Browsers Logs", + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{hostname}}:3000/api/logs/{{session}}?token={{token}}", + "protocol": "http", + "host": [ + "{{hostname}}" + ], + "port": "3000", + "path": [ + "api", + "logs", + "{{session}}" + ], + "query": [ + { + "key": "token", + "value": "{{token}}" + } + ] + }, + "description": " The logs handler gives information about a specified hooked browser's logs.\n" + }, + "response": [] + }, + { + "name": "List All Command Modules", + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{hostname}}:3000/api/modules?token={{token}}", + "protocol": "http", + "host": [ + "{{hostname}}" + ], + "port": "3000", + "path": [ + "api", + "modules" + ], + "query": [ + { + "key": "token", + "value": "{{token}}" + } + ] + }, + "description": "List all available BeEF command modules." + }, + "response": [] + }, + { + "name": "Get Information on Specific Module", + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{hostname}}:3000/api/modules/{{module_id}}?token={{token}}", + "protocol": "http", + "host": [ + "{{hostname}}" + ], + "port": "3000", + "path": [ + "api", + "modules", + "{{module_id}}" + ], + "query": [ + { + "key": "token", + "value": "{{token}}" + } + ] + }, + "description": "Get detailed information about a specific BeEF command module.\n" + }, + "response": [] + }, + { + "name": "Launch Command Module on a Specific Browser", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "name": "Content-Type", + "value": "application/json", + "type": "text" + } + ], + "body": { + "mode": "raw", + "raw": "", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{hostname}}:3000/api/modules/{{session}}/{{module_id}}?token={{token}}", + "protocol": "http", + "host": [ + "{{hostname}}" + ], + "port": "3000", + "path": [ + "api", + "modules", + "{{session}}", + "{{module_id}}" + ], + "query": [ + { + "key": "token", + "value": "{{token}}" + } + ] + }, + "description": "Launch a specific BeEF command module on a given hooked browser.\n" + }, + "response": [] + }, + { + "name": "Return Information About Previously Executed Module", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "name": "Content-Type", + "value": "application/json", + "type": "text" + } + ], + "body": { + "mode": "raw", + "raw": "", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{hostname}}:3000/api/modules/{{session}}/{{module_id}}/{{cmd_id}}?token={{token}}", + "protocol": "http", + "host": [ + "{{hostname}}" + ], + "port": "3000", + "path": [ + "api", + "modules", + "{{session}}", + "{{module_id}}", + "{{cmd_id}}" + ], + "query": [ + { + "key": "token", + "value": "{{token}}" + } + ] + }, + "description": "Returns information about a specific previously launched BeEF command module.\n" + }, + "response": [] + }, + { + "name": "Send a Metasploit Module", + "request": { + "method": "POST", + "header": [], + "url": { + "raw": "http://{{hostname}}:3000/api/modules/{{session}}/{{module_id}}?token={{token}}", + "protocol": "http", + "host": [ + "{{hostname}}" + ], + "port": "3000", + "path": [ + "api", + "modules", + "{{session}}", + "{{module_id}}" + ], + "query": [ + { + "key": "token", + "value": "{{token}}" + } + ] + }, + "description": "Launch a specific Metasploit module on a given hooked browser\n" + }, + "response": [] + }, + { + "name": " Send a Module to Multiple Hooked Browsers", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "name": "Content-Type", + "value": "application/json", + "type": "text" + } + ], + "body": { + "mode": "raw", + "raw": "", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{hostname}}:3000/api/modules/multi_browser?token={{token}}", + "protocol": "http", + "host": [ + "{{hostname}}" + ], + "port": "3000", + "path": [ + "api", + "modules", + "multi_browser" + ], + "query": [ + { + "key": "token", + "value": "{{token}}" + } + ] + }, + "description": "Fire a new command module to multiple hooked browsers. Returns the command IDs of the launched module, or 0 if firing got issues." + }, + "response": [] + }, + { + "name": " Send Multiple Modules to a Single Hooked Browser", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "name": "Content-Type", + "value": "application/json", + "type": "text" + } + ], + "body": { + "mode": "raw", + "raw": "", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{hostname}}:3000/api/modules/multi_module?token={{token}}", + "protocol": "http", + "host": [ + "{{hostname}}" + ], + "port": "3000", + "path": [ + "api", + "modules", + "multi_module" + ], + "query": [ + { + "key": "token", + "value": "{{token}}" + } + ] + }, + "description": "Fire multiple command modules to a single hooked browser. Returns the command IDs of the launched modules, or 0 if firing got issues." + }, + "response": [] + }, + { + "name": "List the DNS ruleset", + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{hostname}}:3000/api/dns/ruleset?token={{token}}", + "protocol": "http", + "host": [ + "{{hostname}}" + ], + "port": "3000", + "path": [ + "api", + "dns", + "ruleset" + ], + "query": [ + { + "key": "token", + "value": "{{token}}" + } + ] + }, + "description": "Returns the current set of DNS rules.\n" + }, + "response": [] + }, + { + "name": "List a Specific DNS Rule", + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{hostname}}:3000/api/dns/rule/{{dnsrule_id}}?token={{token}}", + "protocol": "http", + "host": [ + "{{hostname}}" + ], + "port": "3000", + "path": [ + "api", + "dns", + "rule", + "{{dnsrule_id}}" + ], + "query": [ + { + "key": "token", + "value": "{{token}}" + } + ] + }, + "description": "Returns an individual DNS rule given its unique id.\n" + }, + "response": [] + }, + { + "name": "Add a New DNS Rule", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "name": "Content-Type", + "value": "application/json", + "type": "text" + } + ], + "body": { + "mode": "raw", + "raw": "", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{hostname}}:3000/api/dns/rule?token={{token}}", + "protocol": "http", + "host": [ + "{{hostname}}" + ], + "port": "3000", + "path": [ + "api", + "dns", + "rule" + ], + "query": [ + { + "key": "token", + "value": "{{token}}" + } + ] + }, + "description": "Adds a new DNS rule or \"resource record\". Does nothing if rule is already present.\n" + }, + "response": [] + }, + { + "name": "Remove an Existing DNS Rule", + "request": { + "method": "DELETE", + "header": [], + "url": { + "raw": "http://{{hostname}}:3000/api/dns/rule/{{dnsrule_id}}?token={{token}}", + "protocol": "http", + "host": [ + "{{hostname}}" + ], + "port": "3000", + "path": [ + "api", + "dns", + "rule", + "{{dnsrule_id}}" + ], + "query": [ + { + "key": "token", + "value": "{{token}}" + } + ] + }, + "description": "Removes an individual DNS rule with a specified unique ID.\n" + }, + "response": [] + } + ], + "protocolProfileBehavior": {} +} \ No newline at end of file