Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,384 Commits 14 Branches 34 Tags
6f56f00a18da2217bcae1082cdcd920481fab13d
Commit Graph

2384 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
bcoles
dbabb379fb Add Iceweasel detection in browser.js 2013-06-02 05:14:33 +09:30
bcoles
5252bea54a Add Get Form Values module 
This module retrieves the name, type, and value of all input
fields for all forms on the page.
 2013-06-02 05:11:45 +09:30
bcoles
7fdfcc3ef0 Add beef.browser.isA() to avant_steal_history module 
Part of issue #774
 2013-06-02 03:19:05 +09:30
bcoles
3c5b68e112 Add beef.browser.isA() to detect Avant Browser 
Fixes issue #774
 2013-06-02 03:14:29 +09:30
Michele Orru
9e17958268 Merge pull request #900 from james-otten/master 
Added Actiontec Q1000 router CSRF module
 2013-05-31 02:36:40 -07:00
James Otten
f2efa533c8 Added Actiontec Q1000 CSRF module 2013-05-30 15:49:47 -05:00
Christian Frichot
9636cb0972 Updated Gmail detection URL. Fixes #Issue 899 2013-05-28 20:34:56 +08:00
bcoles
1dc59f7b01 Add D-Link ShareCenter command execution exploit module 2013-05-27 13:50:12 +09:30
soh_cah_toa
7f4562945a Added new InvalidJsonError class for handling errors in JSON input. 
This is better practice than just (ab)using StandardError.
 2013-05-26 23:46:37 -04:00
soh_cah_toa
38284d5eaa Implemented DELETE handler for removing DNS rules. 2013-05-26 23:26:58 -04:00
bcoles
ff620d42f4 Add belkin_dns_csrf DNS hijack module 
Part of issue #538
 2013-05-27 12:50:06 +09:30
bcoles
61e6337046 Remove zenoss_daemon_csrf module 2013-05-27 12:14:27 +09:30
soh_cah_toa
27b1b530ef Implemented POST handler for /api/dns/rule which adds a new rule. 
A host of other changes got roped into this as well. #match now
silently handles blocks passed as a String in order to handle
the 'block' JSON parameter. This is because sourcify doesn't
work with eval'd data.

Rule id's are no longer incremental integers. It's now a 7-character
"token" generated from #secure_token and is managed by the RubyDNS
module.
 2013-05-26 22:44:11 -04:00
bcoles
639d0611a6 Add command_id to embedded iframe/img IDs for router exploits 
This prevents a race condition where duplicate iframes/imgs are
created if a module is run twice simultaneously. The second iframe/img
was not being removed during `cleanup()`.
 2013-05-27 11:56:01 +09:30
bcoles
ab7a62e8a4 Update version 2013-05-27 10:40:58 +09:30
Michele Orru
71f04d82f5 Merge pull request #849 from geefunkmasterpro/master 
Enhancements to Mass Mailer
beef-0.4.4.5 		2013-05-26 04:58:57 -07:00
bcoles
704b979054 minor syntax changes to php-5.3.9-dos module 2013-05-26 02:48:04 +09:30
bcoles
7aaafc79aa Remove bi-directional communication from IPEC win bindshell module 2013-05-26 02:41:04 +09:30
bcoles
f90ad4a261 Add detection for WebRTC support 2013-05-24 17:06:36 +09:30
bcoles
0dfab0e348 Add EXTRAnet Collaboration Tool Command Execution exploit module 2013-05-24 16:40:02 +09:30
bcoles
018a849e14 Add 'path' argument for beef.dom.createIframeIpecForm() 2013-05-24 14:01:21 +09:30
bcoles
717f63ff0c Add ruby-nntpd Command Execution exploit module 2013-05-24 13:50:04 +09:30
bcoles
9bac6b4fc1 Add support for Firefox 21 2013-05-24 13:47:31 +09:30
bcoles
2dae1d4c07 Add /bin/sh -c to default command 2013-05-22 14:37:01 +09:30
bcoles
7de48ceafb Add GroovyShell Server Command Execution IPEC exploit module 2013-05-22 02:32:27 +09:30
soh_cah_toa
c6f38324d1 Refactored #get_ruleset to be part of RubyDNS. 
All database logic should be inside RubyDNS since BeEF's DNS class
is mostly just a wrapper around it.
 2013-05-18 21:00:22 -04:00
soh_cah_toa
054767c898 Added RESTful API route for /api/dns/rule/:id. 
This will return a single rule given its unique id.
 2013-05-17 23:02:40 -04:00
soh_cah_toa
702595c04c Improved a lot of documentation for BeEF::Extension::DNS::DNS. 2013-05-17 19:12:05 -04:00
soh_cah_toa
c70037f9f4 Began adding support for RESTful API beginning with /api/dns/rules. 2013-05-17 18:25:22 -04:00
soh_cah_toa
13001b9642 Updated README.mkd to mention rubydns and sourcify dependencies. 
This was forgettin in commit 872ce2e.
 2013-05-16 23:24:23 -04:00
soh_cah_toa
18a78b57b2 Fixed load_rules() to rebuild 'pattern' and 'type' as an array. 
This was forgotten in the previous commit.
 2013-05-16 23:20:04 -04:00
soh_cah_toa
24f7e5b6cd Separated 'pattern' and 'type' properties in DNS model. 
This will expose the resource type to the RESTful API (coming soon).
 2013-05-16 23:14:29 -04:00
soh_cah_toa
6d2a771084 Changed model name to BeEF::Core::Models::DNS::Rule. 
This is more descriptive and follows the singular name convention.
 2013-05-15 22:29:42 -04:00
soh_cah_toa
271b2b8e85 Removed RubyDNS::Server#rules attribute accessor since it's unused. 2013-05-15 22:19:58 -04:00
soh_cah_toa
35f25bbeb9 Removed load_rules() and parse_type() since they're unused. 2013-05-15 22:18:16 -04:00
soh_cah_toa
872ce2e92f Updated README to mention rubydns and sourcify dependencies. 2013-05-15 22:15:50 -04:00
soh_cah_toa
992e95f0d7 Added database support when adding/removing rules. 
Needed to add 'sourcify' as a dependency in order to store code blocks
in the database.
 2013-05-15 22:12:37 -04:00
soh_cah_toa
1f7e748afc Removed parse_response() since it's no longer needed. 2013-05-14 19:23:08 -04:00
soh_cah_toa
ddcb040c40 Marked add_rule() and remove_rule() as critical sections. 
Mutual exclusion is imperative here since other modules/extenions may
be simultaneously adding/removing rules, thus putting the value of
@next_id at risk of becoming inconsistent.
 2013-05-14 19:12:23 -04:00
soh_cah_toa
e563a8946b Began implementing new method of adding rules without periodic timer. 
Also added improved documentation for add_rule() and remove_rule().
 2013-05-14 18:47:51 -04:00
soh_cah_toa
86e01b1327 Documented run_server() and add_rule(). 2013-05-10 23:19:58 -04:00
soh_cah_toa
d622bf3e5e New DNS entries can now be added dynamically without a server restart. 
Database is checked every five seconds and adds new rules if there
were any changes.
 2013-05-10 23:01:10 -04:00
Brendan Coles
8ecdceb928 Merge pull request #894 from sgorbaty/master 
New functionality - detect phonegap plugins
 2013-05-09 01:59:49 -07:00
Sergey Gorbaty
498372aef3 Adding phonegap integration with keychain plugin 2013-05-08 13:18:31 -07:00
soh_cah_toa
c7eb1c7fc9 Added DNS database model to load resource records from. 
Now modules/extensions can dynamically add new RR's. However, changes
don't take effect until BeEF restarts (fix incoming).
 2013-05-08 00:03:08 -04:00
soh_cah_toa
d24a00a639 Overrode RubyDNS::Transaction.respond! to use debug logger instead. 
Now all RubyDNS output is properly disabled unless --verbose is given.
 2013-05-07 23:59:27 -04:00
soh_cah_toa
c7981f3c0d Demoted UPSTREAM from constant to local variable. Minimizes scope. 2013-05-07 22:40:26 -04:00
soh_cah_toa
281cde1cbb Added new definition for Logger#warn. 2013-05-07 22:06:13 -04:00
soh_cah_toa
493ed5182b Made BeEF::Extension::DNS::DNS into a singleton object. 
This ensures that all modules/extensions that add new RR's
refer to a single server instance.
 2013-05-07 21:56:11 -04:00
Sergey Gorbaty
55d8506960 Added primitive phonegap plugin detection 2013-05-07 17:10:12 -07:00