Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,226 Commits 14 Branches 34 Tags
9e7f46cb8a42c2eafcbb41ed472e2d74a2145dc9
Commit Graph

115 Commits

Author SHA1 Message Date
Brendan Coles
9e7f46cb8a Add Jenkins RCE CSRF 2014-11-30 05:36:47 +00:00
Brendan Coles
2785dccdf0 Remove author 2014-11-23 23:03:18 +00:00
Brendan Coles
a99b6173d9 Add author 2014-11-23 22:59:53 +00:00
Brendan Coles
1649b87567 Fix YAML for Ruby 1.9.2 2014-11-23 22:54:03 +00:00
Brendan Coles
cc0993a2eb Add Shell Shock Scanner module 2014-10-30 00:09:18 +00:00
Brendan Coles
fb5712131e Re-indent 2014-10-29 21:00:10 +00:00
Brendan Coles
8e3c8e4b88 set reverse shell as default command 2014-10-29 18:07:40 +00:00
Brendan Coles
e8f5c0d265 Add HTTP method option 2014-10-29 17:54:10 +00:00
radoen
cd06076d92 fixed accept type 2014-09-28 13:44:05 +02:00
radoen
ff1199ab87 added module for shell shocked 2014-09-28 13:35:28 +02:00
soh_cah_toa
f490faa858 Added module for DD-WRT v24 SP1 RCE vulnerability (issue #1006). 2014-06-16 09:56:27 -04:00
soh_cah_toa
fd46915bf2 Added module for DD-WRT v24 SP1 CSRF vulnerability (issue #1006). 2014-06-16 09:48:14 -04:00
Brendan Coles
32fab589d6 Add Asus RT Series Get Info module 2014-05-20 16:59:40 +00:00
Brendan Coles
dbeedb1d92 Use beef.net for URI 2014-05-10 09:50:38 +00:00
Brendan Coles
abe1370a50 Add FirePHP <= 0.7.1 RCE module 
@Wireghoul

Fixes issue #885
 2014-05-05 10:32:59 +00:00
bcoles
ee1e29341e Move firefox extension modules to social engineering directory 2014-03-16 18:18:18 +10:30
Kosta Xynos
25550f9cfa Add Asus RT-N66U and DSL-N66U Command Execution via CSRF support 2014-03-06 16:20:44 +00:00
Phil Grohe
f274001a65 Revised comments on beef.dom.createIframe() to reflect removal of 'method' parameter & form submitting behavior. Updated existing function calls to beef.dom.createIframe() to remove 'method' parameter. 2014-02-22 11:57:56 -05:00
bcoles
563296f67b Add malicious FF extension (reverse shell) module 2014-01-27 08:30:37 +10:30
bcoles
d230cfa593 trivial edits for consistency 2014-01-27 07:29:00 +10:30
bcoles
2b44c9184d Add malicious FF bindshell module 2014-01-27 07:21:44 +10:30
bmantra
0e57fb0be1 Inital version of CookieJar overflow module. And minor bugfix of active fax overflow module. 2014-01-19 19:58:14 +01:00
bcoles
83ed8558b7 Add encoding type argument 'enctype' to 'createIframeXsrfForm()' 2014-01-12 02:34:24 +10:30
bcoles
7c977ef1aa Move 'modules/exploits/sqlitemanager_xss/' to 'modules/exploits/xss/' directory 2014-01-04 11:48:10 +10:30
bcoles
f97087c37a Change hard-coded 'hook.js' to 'beef.http.hook_file' 2014-01-04 11:33:58 +10:30
Wade Alcorn
8003f1a47f Updated the copyright year to 2014 2014-01-01 16:34:15 +10:00
bcoles
b307891364 Add 'IE MS13-069 CCaret Use-After-Free' exploit module from MSF 2013-12-30 22:53:18 +10:30
bcoles
f0d989f6e9 Update description 2013-12-30 22:48:51 +10:30
bcoles
fe37a14adc Add 'IE MS12-004 midiOutPlayNextPolyEvent Heap Overflow' exploit module from MSF 2013-12-30 10:59:25 +10:30
bcoles
bece5c1438 Add wifi_pineapple_csrf module (untested and disabled) 2013-12-30 07:58:07 +10:30
bmantra
d7116b8f08 add IPE with ActiveFax 5.01 2013-11-29 19:18:37 +01:00
bcoles
70cac51a5d Add error check for missing dropper 2013-10-11 23:14:56 +10:30
antisnatchor
050da281ac Modified Gemfile. Added missing directory for Firefox Extension dropper module. 2013-10-10 20:47:14 +01:00
antisnatchor
5dd46ffd72 From antisnatchor with love. New module: malicious Firefox Extension dropper. Based on @mihi42 FF extension. 2013-10-10 15:18:03 +01:00
antisnatchor
b280d099f8 From antisnatchor with love. New module: Signed Java Applet dropper (win only for now). 2013-10-08 17:02:02 +01:00
bmantra
fa95ac5b55 initial commit of the beef bind shellcode 2013-09-28 21:18:23 +02:00
bcoles
21417dc3e2 Update BeEF server protocol for multiple modules to use 
`beef.http.https.enable`

Now uses the `beef.net.httpproto` value rather than a hard-coded
protocol string.

Part of issue #745
 2013-08-09 13:21:33 +09:30
bmantra
164ff5bea6 added option for LF only, to use with Linux 2013-06-28 20:42:53 +02:00
Christian Frichot
473f349394 Missing apostrophe in PHP-5.3.9-dos module.rb. This was breaking Rake. Make sure you run rake peeps before pushing! 2013-06-15 13:48:05 +08:00
bcoles
d40486c391 Add airlive_ip_camera_csrf module 2013-06-14 15:28:35 +09:30
James Otten
f2efa533c8 Added Actiontec Q1000 CSRF module 2013-05-30 15:49:47 -05:00
bcoles
1dc59f7b01 Add D-Link ShareCenter command execution exploit module 2013-05-27 13:50:12 +09:30
bcoles
ff620d42f4 Add belkin_dns_csrf DNS hijack module 
Part of issue #538
 2013-05-27 12:50:06 +09:30
bcoles
61e6337046 Remove zenoss_daemon_csrf module 2013-05-27 12:14:27 +09:30
bcoles
639d0611a6 Add command_id to embedded iframe/img IDs for router exploits 
This prevents a race condition where duplicate iframes/imgs are
created if a module is run twice simultaneously. The second iframe/img
was not being removed during `cleanup()`.
 2013-05-27 11:56:01 +09:30
bcoles
704b979054 minor syntax changes to php-5.3.9-dos module 2013-05-26 02:48:04 +09:30
bcoles
0dfab0e348 Add EXTRAnet Collaboration Tool Command Execution exploit module 2013-05-24 16:40:02 +09:30
bcoles
018a849e14 Add 'path' argument for beef.dom.createIframeIpecForm() 2013-05-24 14:01:21 +09:30
bcoles
717f63ff0c Add ruby-nntpd Command Execution exploit module 2013-05-24 13:50:04 +09:30
bcoles
2dae1d4c07 Add /bin/sh -c to default command 2013-05-22 14:37:01 +09:30