Change /api/modules/multi_browser to accept 'ALL' for 'hb_ids'

core/main/rest/handlers/modules.rb

@@ -158,6 +158,7 @@ module BeEF
         #
         #@note Fire a new command module to multiple hooked browsers.
         # Returns the command IDs of the launched module, or 0 if firing got issues.
+        # Use "hb_ids":["ALL"] to run on all hooked browsers
         #
         # POST request body example (for modules that don't need parameters, just remove "mod_params")
         #  {
@@ -173,7 +174,7 @@ module BeEF
         # curl example (alert module with custom text, 2 hooked browsers)):
         #
         #curl -H "Content-Type: application/json; charset=UTF-8" -d '{"mod_id":110,"mod_params":{"text":"mucci?"},"hb_ids":[1,2]}'
-        #-X POST http://127.0.0.1:3000/api/modules/multi?token=2316d82702b83a293e2d46a0886a003a6be0a633
+        #-X POST http://127.0.0.1:3000/api/modules/multi_browser?token=2316d82702b83a293e2d46a0886a003a6be0a633
         #
         post '/multi_browser' do
           request.body.rewind
@@ -192,6 +193,14 @@ module BeEF
 
             hb_ids = body["hb_ids"]
             results = Hash.new
+
+            # run on all hooked browsers?
+            if hb_ids.first =~ /\Aall\z/i
+              hb_ids = []
+              BeEF::Core::Models::HookedBrowser.all.each {|hb| hb_ids << hb.id }
+            end
+
+            # run modules
             hb_ids.each do |hb_id|
               hb = BeEF::Core::Models::HookedBrowser.first(:id => hb_id)
               if hb == nil
@@ -204,7 +213,7 @@ module BeEF
             end
             results.to_json
           rescue => e
-            print_error "Invalid JSON input passed to endpoint /api/modules/multi"
+            print_error "Invalid JSON input passed to endpoint /api/modules/multi_browser"
             error 400 # Bad Request
           end
         end