Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,070 Commits 14 Branches 34 Tags
7b229a2a206d8dfdc40a46f2340adfdbcaf210ec
Commit Graph

2070 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
soh_cah_toa
7b229a2a20 Added new #validate_pattern method. 
Uses BeEF::Filters to ensure that empty, null, and non-printable
patterns are tossed out. Added new InvalidDnsPatternError exception
class to handle these cases.

Renamed #validate_response to #format_callback since the name is more
appropriate.
 2014-04-24 14:26:37 -04:00
soh_cah_toa
ad25c49b2d Refactored IP filters into parameterized #is_valid_ip?. 
Using parameterized methods is better structured coding style rather
than defining multiple similarly-behaved methods.

annex_region('crimea') # good
vs.
annex_crimea # bad
 2014-04-24 13:11:00 -04:00
soh_cah_toa
01ad87250f Removed unnecessary run_server unit tests. 
Setting the server address:port is now handled by RubyDNS. Therefore,
verifying this via unit tests is no longer necessary.
 2014-04-23 22:02:19 -04:00
soh_cah_toa
820ba3a2e7 Updated interface unit tests with new method names. 2014-04-23 21:50:23 -04:00
soh_cah_toa
3ed4098c2f Added unit test assertions for new config options. 2014-04-23 21:47:45 -04:00
soh_cah_toa
e791fca8a9 Updated #validate_response to use BeEF::Filters. 2014-04-23 18:07:27 -04:00
soh_cah_toa
5d73d7f084 Improved BeEF::Filters support for IPv4 and IPV6. 
Changed regex in #is_valid_ip? to be more strict since it previously
would have matched an invalid IP such as 999.999.999.999. Changed its
name to #is_valid_ipv4?.

Added new #is_valid_ipv6? method that validates IPv6 addresses. It is
very comprehensive and will match normal IPv6 addresses, zero
compressed, link-local with zone index, and IPv6 addresses that have
IPv4 embedded, mapped, and translated.

Added new #is_valid_domain? method that validates domain names.
 2014-04-23 17:49:41 -04:00
soh_cah_toa
6385ddf85b Changed data type of :callback property to Object. 
Using String was sufficient but this way is more consistent.
 2014-04-23 16:50:47 -04:00
soh_cah_toa
bd9891dc4d Implemented #validate_response method in Dns::Rule. 
Perhaps the ugliest part of the DNS extension, it is also the most
crucial. This method ensures that a given resource and response are
appropriate for each other. It must also prevent RCE vulns since the
input is eval'd later on.

However, HINFO, MINFO, and especially TXT validation is not strict
enough. These three need to be reviewed scrupulously since a 100%
anti-RCE solution may prove to be difficult.
 2014-04-23 16:39:26 -04:00
soh_cah_toa
53a54de5fe Added @database to Dns::Server as a model reference. 2014-04-23 16:36:16 -04:00
soh_cah_toa
3029d3cea8 Implemented #process method that handles requests. 
The DNS server now searches for matching rules and sends its response
when handling incoming requests. However, all rules are still assigned
the same callback for the moment.
 2014-04-23 13:28:34 -04:00
soh_cah_toa
0dd9c193ec Appended ! to #remove_rule and #remove_ruleset. 
Adhering to the Ruby convention, this indicates that these methods
mutate the receiver and, therefore, should be considered dangerous.
 2014-04-23 12:53:41 -04:00
soh_cah_toa
2303851498 Implemented #remove_ruleset method. 2014-04-23 12:50:42 -04:00
soh_cah_toa
56c686de64 Implemented #get_ruleset method. 
Also refactored #get_rule to use new #to_hash helper method since
 2014-04-23 12:42:39 -04:00
soh_cah_toa
ed986e4ed5 Implemented #remove_rule method. 2014-04-23 12:07:59 -04:00
soh_cah_toa
b345da0203 Implemented #get_rule method. 2014-04-23 12:00:23 -04:00
soh_cah_toa
007f6302df Re-implemented #generate_id in Core::Main::Crypto. 
This is a better home for it since that is where other OpenSSL
crypto/token generator methods reside.
 2014-04-23 11:41:11 -04:00
soh_cah_toa
861d66207d Implemented new Rule model and #add_rule method. 2014-04-23 11:27:49 -04:00
soh_cah_toa
8c4ece815e Removed obsolete Sourcify reference in loader.rb. 2014-04-23 11:19:17 -04:00
soh_cah_toa
7386a7708b Changed Dns::Server to use RubyDNS 0.7.x API. 
At this point, it is just a prototype that resolves any request to
1.1.1.1.
 2014-04-23 11:14:35 -04:00
soh_cah_toa
f4d3858af6 Removed unneeded files in ruby/ subdirectory. 
Changed Logger overrides to disable logging instead of using BeEF's
print_* methods. RubyDNS logging is too verbose. The DNS extension will
perform debug logging on its own.
 2014-04-22 22:56:21 -04:00
soh_cah_toa
d4ba3ec98c Re-enabled DNS extension in config files. 2014-04-22 22:50:31 -04:00
soh_cah_toa
0f7f86e0f3 Changed Gemfile to use RubyDNS 0.7.0. 
Also removed Sourcify since it's no longer needed.
 2014-04-22 22:46:38 -04:00
Brendan Coles
ed5a11479a Merge pull request #998 from bcoles/geoip 
Add support for MaxMind GeoIP
 2014-04-22 02:31:54 +10:00
bcoles
4529dd1a6c Add support for MaxMind GeoIP 2014-04-22 00:58:49 +09:30
Brendan Coles
a131e670bc Merge pull request #995 from bcoles/update_print 
Update print methods
 2014-04-20 20:20:18 +10:00
Brendan Coles
17f265cb83 module.rb minor code cleanup 2014-04-20 20:12:33 +10:00
bcoles
354c3f1af0 Downgrade error to warning 2014-04-20 18:52:14 +09:30
bcoles
7689af8e2c Add print_warning, print_good and print_status 2014-04-20 17:24:25 +09:30
Brendan Coles
691ae19426 Update Gemfile 
Add comments

Add gems for MySQL/PostgreSQL (commented out)

Add Twitter gem dependency (commented out)
 2014-04-17 13:40:59 +10:00
antisnatchor
f2c83ced4d Merge remote-tracking branch 'origin/master' 2014-04-14 11:48:23 +02:00
antisnatchor
940b03e249 Removed twitter dependency from Gemfile as it's causing depenedencies issues sometimes, and the twitter notification feature isn't that used anyway. 2014-04-14 11:46:42 +02:00
Michele Orru
78a0c689be Merge pull request #992 from RootPrivileges/windows-pretty-theft 
Add a Windows prompt to the pretty_theft module
 2014-04-14 11:41:16 +02:00
RootPrivileges
5ddb88db73 Add a Windows prompt to the pretty_theft module 2014-04-14 10:23:30 +01:00
Brendan Coles
f526f39f10 Warn about Heartbleed if opemnssl is vulnerable 
Warn user if the OpenSSL library is vulnerable to Heartbleed and HTTPS is enabled.

Part of #990
 2014-04-13 03:33:32 +10:00
Brendan Coles
5d1d519fc2 unless proxy_clients.empty? 
replace `unless proxy_clients.nil?` with `unless proxy_clients.empty?`
 2014-04-13 02:31:52 +10:00
Brendan Coles
d9fd2b994e Add browser proxy details to browser summary 2014-04-13 02:29:09 +10:00
Brendan Coles
dde007ce86 Merge pull request #987 from ecneladis/master 
Adding module for getting battery status
 2014-03-25 21:25:57 +11:00
ecneladis
6044de5604 Adding module for getting battery status 2014-03-24 12:46:43 +01:00
Michele Orru
4e3f0366bf Merge pull request #986 from koto/master 
Added payloads for Chrome extensions injector
 2014-03-22 15:39:27 +01:00
antisnatchor
2cf4e7e055 Re-added csrf_to_beef tool (removed for mistake, sorry) 2014-03-22 15:31:55 +01:00
Krzysztof Kotowicz
3947bac044 added payloads 2014-03-22 11:28:27 +01:00
Brendan Coles
99c251610d Merge pull request #985 from veshi/master 
trivial: fix some misspelled words.
 2014-03-20 17:26:25 +11:00
Adrian Kalaveshi
e139ad121e trivial: fix some misspelled words. 2014-03-19 17:06:56 -07:00
Michele Orru
0664ce688e Merge pull request #984 from bcoles/getDefaultBrowser 
Add 'beef.os.getDefaultBrowser'
 2014-03-19 17:20:32 +00:00
bcoles
7d6eb4b714 Add 'beef.os.getDefaultBrowser' 2014-03-20 02:49:08 +10:30
bcoles
97898d453c Moved Detect Default Browser module to Host category 2014-03-20 00:58:16 +10:30
bcoles
fab0bf6b24 Add Detect HP module 2014-03-20 00:52:25 +10:30
bcoles
4a603b9f00 Add IE10 resource URL browser fingerprint 2014-03-19 23:49:21 +10:30
bcoles
73c42f34f6 Add support for Firefox 28 2014-03-19 11:02:25 +10:30