Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,862 Commits 14 Branches 34 Tags
9696b05abaca0ca4ae814b42a8062269fb79ccce
Commit Graph

3862 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
soh_cah_toa
d45bff3a59 Improved #check_dns_response to use config file for address/port. 2013-06-10 18:11:36 -04:00
soh_cah_toa
d2ac9e0f7a Included broken DNS unit tests so others can help debug. 
Temporary 'dns' and 'dns_rest' Rake tasks make it easier to run tests.
 2013-06-08 23:25:23 -04:00
soh_cah_toa
9e1ec69e40 Added tests for GET /api/dns/ruleset handler. 2013-06-08 22:44:51 -04:00
soh_cah_toa
e775748603 Added more tests for GET /api/dns/rule/:id with invalid input. 
Also changed handler to return 404 when rule isn't found.
 2013-06-08 21:58:28 -04:00
soh_cah_toa
3b58518cfd Added tests for GET /api/dns/rule/:id handler. 
Fixed #parse_response so that these tests pass.
 2013-06-08 19:04:42 -04:00
soh_cah_toa
b9d64f0b89 Significantly refactored code in #test_3_add_rule_types. 2013-06-07 23:56:19 -04:00
soh_cah_toa
e527f1ae09 Refactored redundant code in #test_1_add_rule_good. 2013-06-07 23:09:07 -04:00
soh_cah_toa
68e56fa8c0 Added tests for NS, PTR, SOA, TXT, WKS, and invalid RR types. 
All RR's are now tested. Though the tests are yet to be optimized.
 2013-06-07 23:03:10 -04:00
soh_cah_toa
eccbdd6958 Added tests for AAAA, CNAME, HINFO, MINFO, and MX RR types. 
Also fixed #format_response to properly format MS records.
 2013-06-07 18:32:29 -04:00
soh_cah_toa
019ec2f6ed Added new test for attempting to add an existing rule. 2013-06-07 00:05:15 -04:00
soh_cah_toa
cfa9177af1 Added 4 new tests for bad POST /api/dns/rule requests. 2013-06-06 23:58:12 -04:00
soh_cah_toa
1f37ceec9f Began first integration tests for DNS RESTful API interface. 
First test is for POST /api/dns/rule handler.
 2013-06-06 23:16:40 -04:00
soh_cah_toa
6901581ae7 Moved #format_response call to before when RR type is evaled. 
Since #format_response throws an exception for unknown RR types,
calling it first will ensure bad Resolv::DNS::Resource names will
never be evaled.
 2013-06-06 22:59:54 -04:00
soh_cah_toa
09ec09601e Changed hash key syntax from previous commit. 
Besides being consistent, Sinatra actually requires the string
syntax.
 2013-06-05 18:33:08 -04:00
soh_cah_toa
fc6f0aface Changed DELETE handler to return JSON "success" key. 
Prior to this, nothing was returned. This will allow users to
determine whether or not a rule was removed as expected.
 2013-06-05 18:29:18 -04:00
soh_cah_toa
89a5d6fdbb Modified #remove_rule to return a boolean value. 
This is will soon allow the DELETE handler to indicate success
or failure.
 2013-06-05 18:20:48 -04:00
soh_cah_toa
6c61b39d81 Changed 401 status to 403 in filter for non-permitted IP's. 
403 Forbidden is more appropriate since 401 Unauthorized only
indicates that authentication is needed. In the case of a bad IP,
authentication will make no difference which is exactly what 403 is
meant for.
 2013-06-05 17:09:09 -04:00
soh_cah_toa
80ab665054 Added new InvalidParamError class for handling bad named parameters. 
Previously, InvalidJsonError was being used mistakenly for this which
is misleading considering no JSON was involved.
 2013-06-05 16:56:05 -04:00
soh_cah_toa
e56494d486 Renamed /rules GET route to /ruleset for the sake of consistency. 
Also added new "count" key to result that lists the number of rules.
 2013-06-05 16:30:24 -04:00
soh_cah_toa
2f5133e11a Changed GET handlers to return recently fixed rule data. 
Also wrapped all handlers in a begin/end block that catches
internal StandardError exceptions.
 2013-06-05 15:56:33 -04:00
soh_cah_toa
fce4c9196d Modified grep test case to allow #eval use in DNS extension. 
Using #eval is necessary for normal functioning and is now used in
a safe manner.
 2013-06-03 21:53:06 -04:00
soh_cah_toa
0af4029915 Added placeholders necessary to start DNS unit tests. 
Currently does nothing but assert(true).
 2013-06-03 21:42:34 -04:00
soh_cah_toa
44622345d0 s/DNS/Dns/g since that is the BeEF style convention. 2013-06-03 17:55:58 -04:00
soh_cah_toa
0f8221918b Improved coding style (a la ruby-style-guide and rubocop). 
Because I'm too tired to start testing and need a little victory. ;)
 2013-06-03 00:11:41 -04:00
soh_cah_toa
c8c9e1e139 Reimplemented POST handler to avoid unsafe use of #eval. 
Now the desired response is passed an array. Each RR type is handled
specially to craft the necessary response.
 2013-06-02 22:40:58 -04:00
soh_cah_toa
998980b566 Fixed case-statement in #match that prevented adding rules locally. 2013-06-02 22:23:27 -04:00
bcoles
dbabb379fb Add Iceweasel detection in browser.js 2013-06-02 05:14:33 +09:30
bcoles
5252bea54a Add Get Form Values module 
This module retrieves the name, type, and value of all input
fields for all forms on the page.
 2013-06-02 05:11:45 +09:30
bcoles
7fdfcc3ef0 Add beef.browser.isA() to avant_steal_history module 
Part of issue #774
 2013-06-02 03:19:05 +09:30
bcoles
3c5b68e112 Add beef.browser.isA() to detect Avant Browser 
Fixes issue #774
 2013-06-02 03:14:29 +09:30
Michele Orru
9e17958268 Merge pull request #900 from james-otten/master 
Added Actiontec Q1000 router CSRF module
 2013-05-31 02:36:40 -07:00
James Otten
f2efa533c8 Added Actiontec Q1000 CSRF module 2013-05-30 15:49:47 -05:00
Christian Frichot
9636cb0972 Updated Gmail detection URL. Fixes #Issue 899 2013-05-28 20:34:56 +08:00
bcoles
1dc59f7b01 Add D-Link ShareCenter command execution exploit module 2013-05-27 13:50:12 +09:30
soh_cah_toa
7f4562945a Added new InvalidJsonError class for handling errors in JSON input. 
This is better practice than just (ab)using StandardError.
 2013-05-26 23:46:37 -04:00
soh_cah_toa
38284d5eaa Implemented DELETE handler for removing DNS rules. 2013-05-26 23:26:58 -04:00
bcoles
ff620d42f4 Add belkin_dns_csrf DNS hijack module 
Part of issue #538
 2013-05-27 12:50:06 +09:30
bcoles
61e6337046 Remove zenoss_daemon_csrf module 2013-05-27 12:14:27 +09:30
soh_cah_toa
27b1b530ef Implemented POST handler for /api/dns/rule which adds a new rule. 
A host of other changes got roped into this as well. #match now
silently handles blocks passed as a String in order to handle
the 'block' JSON parameter. This is because sourcify doesn't
work with eval'd data.

Rule id's are no longer incremental integers. It's now a 7-character
"token" generated from #secure_token and is managed by the RubyDNS
module.
 2013-05-26 22:44:11 -04:00
bcoles
639d0611a6 Add command_id to embedded iframe/img IDs for router exploits 
This prevents a race condition where duplicate iframes/imgs are
created if a module is run twice simultaneously. The second iframe/img
was not being removed during `cleanup()`.
 2013-05-27 11:56:01 +09:30
bcoles
ab7a62e8a4 Update version 2013-05-27 10:40:58 +09:30
Michele Orru
71f04d82f5 Merge pull request #849 from geefunkmasterpro/master 
Enhancements to Mass Mailer
beef-0.4.4.5 		2013-05-26 04:58:57 -07:00
bcoles
704b979054 minor syntax changes to php-5.3.9-dos module 2013-05-26 02:48:04 +09:30
bcoles
7aaafc79aa Remove bi-directional communication from IPEC win bindshell module 2013-05-26 02:41:04 +09:30
bcoles
f90ad4a261 Add detection for WebRTC support 2013-05-24 17:06:36 +09:30
bcoles
0dfab0e348 Add EXTRAnet Collaboration Tool Command Execution exploit module 2013-05-24 16:40:02 +09:30
bcoles
018a849e14 Add 'path' argument for beef.dom.createIframeIpecForm() 2013-05-24 14:01:21 +09:30
bcoles
717f63ff0c Add ruby-nntpd Command Execution exploit module 2013-05-24 13:50:04 +09:30
bcoles
9bac6b4fc1 Add support for Firefox 21 2013-05-24 13:47:31 +09:30
bcoles
2dae1d4c07 Add /bin/sh -c to default command 2013-05-22 14:37:01 +09:30