Update github_actions.yml

Bump sqlite3 from 1.6.1 to 1.6.6

.bundle/config

@@ -1,2 +1,3 @@
 ---
 BUNDLE_WITHOUT: "development:test"
+BUNDLE_WITH: "geoip:ext_msf:ext_notifications:ext_dns:ext_qrcode"

.dockerignore

@@ -4,6 +4,5 @@
 .gitignore
 doc
 docs
-scripts
 test
-update-beef
+update-beef

.github/workflows/github_actions.yml

@@ -44,13 +44,17 @@ jobs:
         with:
           ruby-version: 3.0.3 # Not needed with a .ruby-version file
 
-      - name: 'Build and run tests'
+      - name: 'Update and Install Dwpendencies'
         run: |
           sudo apt update
           sudo apt install libcurl4 libcurl4-openssl-dev
+      - name: 'Configure Bundle testing and install gems'
+        run: |
           bundle config unset --local without
           bundle config set --local with 'test' 'development'
           bundle install
+      - name: 'Run BrowserStack simple verification'
+        run: |
           bundle exec rake browserstack --trace
 
       - name: 'BrowserStackLocal Stop'  # Terminating the BrowserStackLocal tunnel connection

BeEF.postman_environment.json

@@ -1,49 +0,0 @@
-{
-	"id": "3b5f29e6-c8eb-4d23-bf52-c01255f22f08",
-	"name": "BeEF",
-	"values": [
-		{
-			"key": "hostname",
-			"value": "127.0.0.1",
-			"enabled": true
-		},
-		{
-			"key": "username",
-			"value": "beef",
-			"enabled": true
-		},
-		{
-			"key": "password",
-			"value": "beef",
-			"enabled": true
-		},
-		{
-			"key": "token",
-			"value": "",
-			"enabled": true
-		},
-		{
-			"key": "session",
-			"value": "",
-			"enabled": true
-		},
-		{
-			"key": "module_id",
-			"value": "",
-			"enabled": true
-		},
-		{
-			"key": "cmd_id",
-			"value": "",
-			"enabled": true
-		},
-		{
-			"key": "dnsrule_id",
-			"value": "",
-			"enabled": true
-		}
-	],
-	"_postman_variable_scope": "environment",
-	"_postman_exported_at": "2020-01-03T06:00:29.827Z",
-	"_postman_exported_using": "Postman/7.14.0"
-}

Dockerfile

@@ -4,60 +4,85 @@
 ##   Please read the Wiki Installation section on set-up using Docker prior to building this container.  ##
 ##   BeEF does NOT allow authentication with default credentials. So please, at the very least           ##
 ##   change the username:password in the config.yaml file to something secure that is not beef:beef      ##
-##   before building or you will to denied access and have to rebuild anyway.                            ##
+##   before building or you will be denied access and have to rebuild anyway.                            ##
 ##                                                                                                       ##
 ###########################################################################################################
 ###########################################################################################################
 
 # ---------------------------- Start of Builder 0 - Gemset Build ------------------------------------------
-FROM ruby:2.7.5-alpine AS builder
-LABEL maintainer="Beef Project: github.com/beefproject/beef"
-
-# Install gems in parallel with 4 workers to expedite build process.=
-ARG BUNDLER_ARGS="--jobs=4"
-
-# Set gemrc config to install gems without Ruby Index (ri) and Ruby Documentation (rdoc) files
-RUN echo "gem: --no-ri --no-rdoc" > /etc/gemrc
+FROM ruby:3.2.1-slim-bullseye AS builder
 
 COPY . /beef
 
-# Add bundler/gem dependencies and then install
-RUN apk add --no-cache git curl libcurl curl-dev ruby-dev libffi-dev make g++ gcc musl-dev zlib-dev sqlite-dev && \
-  bundle install --gemfile=/beef/Gemfile $BUNDLER_ARGS && \
-  # Temp fix for https://github.com/bundler/bundler/issues/6680
-  rm -rf /usr/local/bundle/cache
-
-WORKDIR /beef
-
-# So we don't need to run as root
-RUN chmod -R a+r /usr/local/bundle
+# Set gemrc config to install gems without Ruby Index (ri) and Ruby Documentation (rdoc) files.
+# Then add bundler/gem dependencies and install.
+# Finally change permissions of bundle installs so we don't need to run as root.
+RUN echo "gem: --no-ri --no-rdoc" > /etc/gemrc \
+ && apt-get update \
+ && apt-get install -y --no-install-recommends \
+    git \
+    curl \
+    xz-utils \
+    make \
+    g++ \
+    libcurl4-openssl-dev \
+    ruby-dev \
+    libffi-dev \
+    zlib1g-dev \
+    libsqlite3-dev \
+    sqlite3 \
+ && bundle install --gemfile=/beef/Gemfile --jobs=`nproc` \
+ && rm -rf /usr/local/bundle/cache \
+ && chmod -R a+r /usr/local/bundle \
+ && rm -rf /var/lib/apt/lists/*
 # ------------------------------------- End of Builder 0 -------------------------------------------------
 
 
 # ---------------------------- Start of Builder 1 - Final Build ------------------------------------------
-FROM ruby:2.7.5-alpine
-LABEL maintainer="Beef Project: github.com/beefproject/beef"
+FROM ruby:3.2.1-slim-bullseye
+LABEL maintainer="Beef Project" \
+      source_url="github.com/beefproject/beef" \
+      homepage="https://beefproject.com/"
 
-# Create service account to run BeEF
-RUN adduser -h /beef -g beef -D beef
+# BeEF UI/Hook port
+ARG UI_PORT=3000
+ARG PROXY_PORT=6789
+ARG WEBSOCKET_PORT=61985
+ARG WEBSOCKET_SECURE_PORT=61986
 
-COPY --chown=1000:1000 . /beef
+
+# Create service account to run BeEF and install BeEF's runtime dependencies
+RUN adduser --home /beef --gecos beef --disabled-password beef \
+ && apt-get update \
+ && apt-get install -y --no-install-recommends \
+    curl \
+    openssl \
+    libssl-dev \
+    libreadline-dev \
+    libyaml-dev \
+    libxml2-dev \
+    libxslt-dev \
+    libncurses5-dev \
+    libsqlite3-dev \
+    sqlite3 \
+    zlib1g \
+    bison \
+    nodejs \
+ && apt-get -y clean \
+ && rm -rf /var/lib/apt/lists/*
 
 # Use gemset created by the builder above
+COPY --chown=beef:beef . /beef
 COPY --from=builder /usr/local/bundle /usr/local/bundle
 
-# Install BeEF's runtime dependencies
-RUN apk add --no-cache curl git build-base openssl readline-dev zlib zlib-dev libressl-dev yaml-dev sqlite-dev sqlite libxml2-dev libxslt-dev autoconf libc6-compat ncurses automake libtool bison nodejs
-
-WORKDIR /beef
-
 # Ensure we are using our service account by default
 USER beef
 
-# Expose UI, Proxy, WebSocket server, and WebSocketSecure server
-EXPOSE 3000 6789 61985 61986
+# Expose UI, Proxy, WebSocket server, and WebSocketSecure server ports
+EXPOSE $UI_PORT $PROXY_PORT $WEBSOCKET_PORT $WEBSOCKET_SECURE_PORT
 
-HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ "curl", "-fS", "localhost:3000" ]
+HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ "curl", "-fS", "localhost:$UI_PORT" ]
 
+WORKDIR /beef
 ENTRYPOINT ["/beef/beef"]
 # ------------------------------------- End of Builder 1 -------------------------------------------------

Gemfile

@@ -1,90 +1,90 @@
 #
-# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 #gem 'simplecov', require: false, group: :test
 
 gem 'net-smtp', require: false
-
-gem 'eventmachine'
-gem 'thin'
-gem 'sinatra', '>= 2.2.0'
-gem 'rack', '>= 2.2.4'
-gem 'rack-protection', '>= 2.2.0'
-gem 'em-websocket' # WebSocket support
-gem 'uglifier', '>= 4.2.0'
-gem 'mime-types'
-gem 'execjs'
-gem 'ansi'
-gem 'term-ansicolor', :require => 'term/ansicolor'
 gem 'json'
-gem 'rubyzip', '>= 1.2.2'
-gem 'espeak-ruby', '>= 1.0.4' # Text-to-Voice
-gem 'rake', '>= 13.0'
-gem 'otr-activerecord', '>= 1.4.2'
-gem 'sqlite3'
-gem 'rubocop', '~> 1.36.0', require: false
+
+gem 'eventmachine', '~> 1.2', '>= 1.2.7'
+gem 'thin', '~> 1.8'
+gem 'sinatra', '~> 3.0'
+gem 'rack', '~> 2.2'
+gem 'rack-protection', '~> 3.0.5'
+gem 'em-websocket', '~> 0.5.3' # WebSocket support
+gem 'uglifier', '~> 4.2'
+gem 'mime-types', '~> 3.4', '>= 3.4.1'
+gem 'execjs', '~> 2.9'
+gem 'ansi', '~> 1.5'
+gem 'term-ansicolor', :require => 'term/ansicolor'
+gem 'rubyzip', '~> 2.3'
+gem 'espeak-ruby', '~> 1.1.0' # Text-to-Voice
+gem 'rake', '~> 13.0'
+gem 'otr-activerecord', '~> 2.1', '>= 2.1.2'
+gem 'sqlite3', '~> 1.6'
+gem 'rubocop', '~> 1.56.3', require: false
 
 # Geolocation support
 group :geoip do
-  gem 'maxmind-db'
+  gem 'maxmind-db', '~> 1.1', '>= 1.1.1'
 end
 
-gem 'parseconfig'
-gem 'erubis'
+gem 'parseconfig', '~> 1.1', '>= 1.1.2'
+gem 'erubis', '~> 2.7'
 
 # Metasploit Integration extension
 group :ext_msf do
-  gem 'msfrpc-client'
-  gem 'xmlrpc'
+  gem 'msfrpc-client', '~> 1.1', '>= 1.1.2'
+  gem 'xmlrpc', '~> 0.3.3'
 end
 
 # Notifications extension
 group :ext_notifications do
-  gem 'unf'
-  gem 'domain_name', '>= 0.5.20190701'
   # Pushover
-  gem 'rushover'
+  gem 'rushover', '~> 0.3.0'
   # Slack
-  gem 'slack-notifier'
-  # Twitter
-  gem 'twitter', '>= 7.0.0'
+  gem 'slack-notifier', '~> 2.4'
 end
 
 # DNS extension
 group :ext_dns do
-  gem 'async-dns'
+  gem 'async-dns', '~> 1.3'
+  gem 'async', '~> 1.31'
 end
 
 # QRcode extension
 group :ext_qrcode do
-  gem 'qr4r'
+  gem 'qr4r', '~> 0.6.1'
 end
 
 # For running unit tests
 group :test do
-    gem 'test-unit'
-    gem 'test-unit-full'
-    gem 'rspec'
-    gem 'rdoc'
+    gem 'test-unit-full', '~> 0.0.5'
+    gem 'rspec', '~> 3.12'
+    gem 'rdoc', '~> 6.5'
+    gem 'browserstack-local', '~> 1.4'
+
+    gem 'irb', '~> 1.8'
+    gem 'pry-byebug', '~> 3.10', '>= 3.10.1'
+
+    gem 'rest-client', '~> 2.1.0'
+    gem 'websocket-client-simple', '~> 0.6.1'
+
     # curb gem requires curl libraries
     # sudo apt-get install libcurl4-openssl-dev
-    gem 'curb'
+    gem 'curb', '~> 1.0', '>= 1.0.5'
+
     # selenium-webdriver 3.x is incompatible with Firefox version 48 and prior
     # gem 'selenium' # Requires old version of selenium which is no longer available
-    gem 'geckodriver-helper'
-    gem 'selenium-webdriver'
-    # nokogirl is needed by capybara which may require one of the below commands
+    gem 'geckodriver-helper', '~> 0.24.0'
+    gem 'selenium-webdriver', '~> 4.12'
+
+    # nokogiri is needed by capybara which may require one of the below commands
     # sudo apt-get install libxslt-dev libxml2-dev
     # sudo port install libxml2 libxslt
-    gem 'capybara'
-    # RESTful API tests/generic command module tests
-    gem 'rest-client', '>= 2.1.0'
-    gem 'irb'
-    gem 'pry-byebug'
-    gem "websocket-client-simple", "~> 0.6.0"
-    gem "browserstack-local", "~> 1.4"
+    gem 'capybara', '~> 3.39'
 end
 
 source 'https://rubygems.org'

Gemfile.lock

@@ -1,34 +1,34 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    activemodel (7.0.3.1)
-      activesupport (= 7.0.3.1)
-    activerecord (7.0.3.1)
-      activemodel (= 7.0.3.1)
-      activesupport (= 7.0.3.1)
-    activesupport (7.0.3.1)
+    activemodel (7.0.4.3)
+      activesupport (= 7.0.4.3)
+    activerecord (7.0.4.3)
+      activemodel (= 7.0.4.3)
+      activesupport (= 7.0.4.3)
+    activesupport (7.0.4.3)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
       tzinfo (~> 2.0)
-    addressable (2.8.0)
-      public_suffix (>= 2.0.2, < 5.0)
+    addressable (2.8.4)
+      public_suffix (>= 2.0.2, < 6.0)
     ansi (1.5.0)
     archive-zip (0.12.0)
       io-like (~> 0.3.0)
     ast (2.4.2)
-    async (1.30.3)
+    async (1.31.0)
       console (~> 1.10)
       nio4r (~> 2.3)
       timers (~> 4.1)
     async-dns (1.3.0)
       async-io (~> 1.15)
-    async-io (1.33.0)
+    async-io (1.34.3)
       async
-    browserstack-local (1.4.0)
-    buftok (0.2.0)
+    base64 (0.1.1)
+    browserstack-local (1.4.3)
     byebug (11.1.3)
-    capybara (3.37.1)
+    capybara (3.39.2)
       addressable
       matrix
       mini_mime (>= 0.1.3)
@@ -37,173 +37,155 @@ GEM
       rack-test (>= 0.6.3)
       regexp_parser (>= 1.5, < 3.0)
       xpath (~> 3.2)
-    childprocess (4.1.0)
     coderay (1.1.3)
-    concurrent-ruby (1.1.10)
-    console (1.15.3)
+    concurrent-ruby (1.2.2)
+    console (1.16.2)
       fiber-local
-    curb (1.0.1)
+    curb (1.0.5)
     daemons (1.4.1)
     diff-lcs (1.5.0)
-    digest (3.1.0)
     domain_name (0.5.20190701)
       unf (>= 0.0.5, < 1.0.0)
     em-websocket (0.5.3)
       eventmachine (>= 0.12.9)
       http_parser.rb (~> 0)
-    equalizer (0.0.11)
     erubis (2.7.0)
     espeak-ruby (1.1.0)
     event_emitter (0.2.6)
     eventmachine (1.2.7)
-    execjs (2.8.1)
-    ffi (1.15.5)
-    ffi-compiler (1.0.1)
-      ffi (>= 1.0.0)
-      rake
+    execjs (2.9.1)
     fiber-local (1.0.0)
     geckodriver-helper (0.24.0)
       archive-zip (~> 0.7)
     hashie (5.0.0)
     hashie-forbidden_attributes (0.1.1)
       hashie (>= 3.0)
-    http (4.4.1)
-      addressable (~> 2.3)
-      http-cookie (~> 1.0)
-      http-form_data (~> 2.2)
-      http-parser (~> 1.2.0)
     http-accept (1.7.0)
     http-cookie (1.0.5)
       domain_name (~> 0.5)
-    http-form_data (2.3.0)
-    http-parser (1.2.3)
-      ffi-compiler (>= 1.0, < 2.0)
-    http_parser.rb (0.6.0)
+    http_parser.rb (0.8.0)
     i18n (1.12.0)
       concurrent-ruby (~> 1.0)
-    io-console (0.5.11)
+    io-console (0.6.0)
     io-like (0.3.1)
-    irb (1.4.1)
-      reline (>= 0.3.0)
-    json (2.6.2)
+    irb (1.8.1)
+      rdoc
+      reline (>= 0.3.8)
+    json (2.6.3)
+    language_server-protocol (3.17.0.3)
     matrix (0.4.2)
     maxmind-db (1.1.1)
-    memoizable (0.4.2)
-      thread_safe (~> 0.3, >= 0.3.1)
     method_source (1.0.0)
     mime-types (3.4.1)
       mime-types-data (~> 3.2015)
-    mime-types-data (3.2022.0105)
+    mime-types-data (3.2023.0218.1)
     mini_mime (1.1.2)
-    minitest (5.16.2)
+    minitest (5.18.0)
     mojo_magick (0.6.7)
     msfrpc-client (1.1.2)
       msgpack (~> 1)
-    msgpack (1.5.4)
-    multipart-post (2.2.3)
-    mustermann (2.0.2)
+    msgpack (1.6.1)
+    mustermann (3.0.0)
       ruby2_keywords (~> 0.0.1)
-    naught (1.1.0)
-    net-protocol (0.1.3)
+    net-protocol (0.2.1)
       timeout
-    net-smtp (0.3.1)
-      digest
+    net-smtp (0.4.0)
       net-protocol
-      timeout
     netrc (0.11.0)
     nio4r (2.5.8)
-    nokogiri (1.13.8-x86_64-linux)
+    nokogiri (1.15.2-x86_64-linux)
       racc (~> 1.4)
-    otr-activerecord (2.1.1)
+    otr-activerecord (2.1.2)
       activerecord (>= 4.0, < 7.1)
       hashie-forbidden_attributes (~> 0.1)
-    parallel (1.22.1)
+    parallel (1.23.0)
     parseconfig (1.1.2)
-    parser (3.1.2.1)
+    parser (3.2.2.3)
       ast (~> 2.4.1)
-    power_assert (2.0.1)
-    pry (0.14.1)
+      racc
+    power_assert (2.0.3)
+    pry (0.14.2)
       coderay (~> 1.1)
       method_source (~> 1.0)
     pry-byebug (3.10.1)
       byebug (~> 11.0)
       pry (>= 0.13, < 0.15)
-    psych (4.0.4)
+    psych (5.1.0)
       stringio
-    public_suffix (4.0.7)
+    public_suffix (5.0.1)
     qr4r (0.6.1)
       mojo_magick (~> 0.6.5)
       rqrcode_core (~> 0.1)
-    racc (1.6.0)
-    rack (2.2.4)
-    rack-protection (2.2.2)
+    racc (1.7.1)
+    rack (2.2.7)
+    rack-protection (3.0.6)
       rack
-    rack-test (2.0.2)
+    rack-test (2.1.0)
       rack (>= 1.3)
     rainbow (3.1.1)
     rake (13.0.6)
-    rdoc (6.4.0)
+    rdoc (6.5.0)
       psych (>= 4.0.0)
-    regexp_parser (2.5.0)
-    reline (0.3.1)
+    regexp_parser (2.8.1)
+    reline (0.3.8)
       io-console (~> 0.5)
     rest-client (2.1.0)
       http-accept (>= 1.7.0, < 2.0)
       http-cookie (>= 1.0.2, < 2.0)
       mime-types (>= 1.16, < 4.0)
       netrc (~> 0.8)
-    rexml (3.2.5)
+    rexml (3.2.6)
     rqrcode_core (0.2.0)
     rr (3.1.0)
-    rspec (3.11.0)
-      rspec-core (~> 3.11.0)
-      rspec-expectations (~> 3.11.0)
-      rspec-mocks (~> 3.11.0)
-    rspec-core (3.11.0)
-      rspec-support (~> 3.11.0)
-    rspec-expectations (3.11.0)
+    rspec (3.12.0)
+      rspec-core (~> 3.12.0)
+      rspec-expectations (~> 3.12.0)
+      rspec-mocks (~> 3.12.0)
+    rspec-core (3.12.1)
+      rspec-support (~> 3.12.0)
+    rspec-expectations (3.12.2)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.11.0)
-    rspec-mocks (3.11.1)
+      rspec-support (~> 3.12.0)
+    rspec-mocks (3.12.4)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.11.0)
-    rspec-support (3.11.0)
-    rubocop (1.36.0)
+      rspec-support (~> 3.12.0)
+    rspec-support (3.12.0)
+    rubocop (1.56.3)
+      base64 (~> 0.1.1)
       json (~> 2.3)
+      language_server-protocol (>= 3.17.0)
       parallel (~> 1.10)
-      parser (>= 3.1.2.1)
+      parser (>= 3.2.2.3)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 1.8, < 3.0)
       rexml (>= 3.2.5, < 4.0)
-      rubocop-ast (>= 1.20.1, < 2.0)
+      rubocop-ast (>= 1.28.1, < 2.0)
       ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 3.0)
-    rubocop-ast (1.21.0)
-      parser (>= 3.1.1.0)
-    ruby-progressbar (1.11.0)
+      unicode-display_width (>= 2.4.0, < 3.0)
+    rubocop-ast (1.29.0)
+      parser (>= 3.2.1.0)
+    ruby-progressbar (1.13.0)
     ruby2_keywords (0.0.5)
     rubyzip (2.3.2)
     rushover (0.3.0)
       json
       rest-client
-    selenium-webdriver (4.4.0)
-      childprocess (>= 0.5, < 5.0)
+    selenium-webdriver (4.12.0)
       rexml (~> 3.2, >= 3.2.5)
       rubyzip (>= 1.2.2, < 3.0)
       websocket (~> 1.0)
-    simple_oauth (0.3.1)
-    sinatra (2.2.2)
-      mustermann (~> 2.0)
-      rack (~> 2.2)
-      rack-protection (= 2.2.2)
+    sinatra (3.0.6)
+      mustermann (~> 3.0)
+      rack (~> 2.2, >= 2.2.4)
+      rack-protection (= 3.0.6)
       tilt (~> 2.0)
     slack-notifier (2.4.0)
-    sqlite3 (1.5.2-x86_64-linux)
-    stringio (3.0.2)
+    sqlite3 (1.6.6-x86_64-linux)
+    stringio (3.0.5)
     sync (0.5.0)
     term-ansicolor (1.7.1)
       tins (~> 1.0)
-    test-unit (3.5.3)
+    test-unit (3.5.7)
       power_assert
     test-unit-context (0.5.1)
       test-unit (>= 2.4.0)
@@ -220,38 +202,26 @@ GEM
       test-unit (>= 2.5.2)
     test-unit-runner-tap (1.1.2)
       test-unit
-    thin (1.8.1)
+    thin (1.8.2)
       daemons (~> 1.0, >= 1.0.9)
       eventmachine (~> 1.0, >= 1.0.4)
       rack (>= 1, < 3)
-    thread_safe (0.3.6)
-    tilt (2.0.11)
-    timeout (0.3.0)
-    timers (4.3.3)
-    tins (1.31.1)
+    tilt (2.1.0)
+    timeout (0.4.0)
+    timers (4.3.5)
+    tins (1.32.1)
       sync
-    twitter (7.0.0)
-      addressable (~> 2.3)
-      buftok (~> 0.2.0)
-      equalizer (~> 0.0.11)
-      http (~> 4.0)
-      http-form_data (~> 2.0)
-      http_parser.rb (~> 0.6.0)
-      memoizable (~> 0.4.0)
-      multipart-post (~> 2.0)
-      naught (~> 1.0)
-      simple_oauth (~> 0.3.0)
-    tzinfo (2.0.5)
+    tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
     uglifier (4.2.0)
       execjs (>= 0.3.0, < 3)
     unf (0.1.4)
       unf_ext
     unf_ext (0.0.8.2)
-    unicode-display_width (2.2.0)
-    webrick (1.7.0)
+    unicode-display_width (2.4.2)
+    webrick (1.8.1)
     websocket (1.2.9)
-    websocket-client-simple (0.6.0)
+    websocket-client-simple (0.6.1)
       event_emitter
       websocket
     xmlrpc (0.3.2)
@@ -263,50 +233,47 @@ PLATFORMS
   x86_64-linux
 
 DEPENDENCIES
-  ansi
-  async-dns
+  ansi (~> 1.5)
+  async (~> 1.31)
+  async-dns (~> 1.3)
   browserstack-local (~> 1.4)
-  capybara
-  curb
-  domain_name (>= 0.5.20190701)
-  em-websocket
-  erubis
-  espeak-ruby (>= 1.0.4)
-  eventmachine
-  execjs
-  geckodriver-helper
-  irb
+  capybara (~> 3.39)
+  curb (~> 1.0, >= 1.0.5)
+  em-websocket (~> 0.5.3)
+  erubis (~> 2.7)
+  espeak-ruby (~> 1.1.0)
+  eventmachine (~> 1.2, >= 1.2.7)
+  execjs (~> 2.9)
+  geckodriver-helper (~> 0.24.0)
+  irb (~> 1.8)
   json
-  maxmind-db
-  mime-types
-  msfrpc-client
+  maxmind-db (~> 1.1, >= 1.1.1)
+  mime-types (~> 3.4, >= 3.4.1)
+  msfrpc-client (~> 1.1, >= 1.1.2)
   net-smtp
-  otr-activerecord (>= 1.4.2)
-  parseconfig
-  pry-byebug
-  qr4r
-  rack (>= 2.2.4)
-  rack-protection (>= 2.2.0)
-  rake (>= 13.0)
-  rdoc
-  rest-client (>= 2.1.0)
-  rspec
-  rubocop (~> 1.36.0)
-  rubyzip (>= 1.2.2)
-  rushover
-  selenium-webdriver
-  sinatra (>= 2.2.0)
-  slack-notifier
-  sqlite3
+  otr-activerecord (~> 2.1, >= 2.1.2)
+  parseconfig (~> 1.1, >= 1.1.2)
+  pry-byebug (~> 3.10, >= 3.10.1)
+  qr4r (~> 0.6.1)
+  rack (~> 2.2)
+  rack-protection (~> 3.0.5)
+  rake (~> 13.0)
+  rdoc (~> 6.5)
+  rest-client (~> 2.1.0)
+  rspec (~> 3.12)
+  rubocop (~> 1.56.3)
+  rubyzip (~> 2.3)
+  rushover (~> 0.3.0)
+  selenium-webdriver (~> 4.12)
+  sinatra (~> 3.0)
+  slack-notifier (~> 2.4)
+  sqlite3 (~> 1.6)
   term-ansicolor
-  test-unit
-  test-unit-full
-  thin
-  twitter (>= 7.0.0)
-  uglifier (>= 4.2.0)
-  unf
-  websocket-client-simple (~> 0.6.0)
-  xmlrpc
+  test-unit-full (~> 0.0.5)
+  thin (~> 1.8)
+  uglifier (~> 4.2)
+  websocket-client-simple (~> 0.6.1)
+  xmlrpc (~> 0.3.2)
 
 BUNDLED WITH
-   2.3.14
+   2.4.8

INSTALL.txt

@@ -1,6 +1,6 @@
 ===============================================================================
    
-    Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+    Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
     Browser Exploitation Framework (BeEF) - http://beefproject.com
     See the file 'doc/COPYING' for copying permission
 

README.md

@@ -1,6 +1,6 @@
 ===============================================================================
 
-    Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+    Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
     Browser Exploitation Framework (BeEF) - http://beefproject.com
     See the file 'doc/COPYING' for copying permission
 

RESTful-API.postman_collection.json

@@ -1,567 +0,0 @@
-{
-	"info": {
-		"_postman_id": "3b47c3ff-c03f-446c-8edb-cacaab481425",
-		"name": "RESTful API",
-		"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
-	},
-	"item": [
-		{
-			"name": "Authentication",
-			"event": [
-				{
-					"listen": "test",
-					"script": {
-						"id": "8e1a5f48-1d41-469d-a153-6cd5ee751912",
-						"exec": [
-							"var jsonData = JSON.parse(responseBody);",
-							"pm.environment.set(\"token\", jsonData.token);"
-						],
-						"type": "text/javascript"
-					}
-				}
-			],
-			"request": {
-				"method": "POST",
-				"header": [
-					{
-						"key": "Content-Type",
-						"name": "Content-Type",
-						"value": "application/json",
-						"type": "text"
-					}
-				],
-				"body": {
-					"mode": "raw",
-					"raw": "{\n\t\"username\": \"{{username}}\",\n\t\"password\": \"{{password}}\"\n\t\n}",
-					"options": {
-						"raw": {
-							"language": "json"
-						}
-					}
-				},
-				"url": {
-					"raw": "http://{{hostname}}:3000/api/admin/login",
-					"protocol": "http",
-					"host": [
-						"{{hostname}}"
-					],
-					"port": "3000",
-					"path": [
-						"api",
-						"admin",
-						"login"
-					]
-				},
-				"description": "In order to use the API, a token parameter must always be added to requests, otherwise a 401 error (Not Authorized) is returned.\n\nA new pseudo-random token is generated each time BeEF starts, using BeEF::Core::Crypto::api_token. The token is added to the BeEF::Configuration object.\n\nWhen BeEF starts the token is printed to the console. It should look something like:\n\n[16:02:47][*] RESTful API key: 320f3cf4da7bf0df7566a517c5db796e73a23f47\nGrabbing the Token from BeEF's API\n\nYou can issue a POST request to /api/admin/login using the BeEF credentials you have set in the main config.yaml file. This request will return the token in the response. You can parse the JSON and use it for your next requests requiring authentication."
-			},
-			"response": []
-		},
-		{
-			"name": "Get All Hooked Browsers",
-			"request": {
-				"method": "GET",
-				"header": [],
-				"url": {
-					"raw": "http://{{hostname}}:3000/api/hooks?token={{token}}",
-					"protocol": "http",
-					"host": [
-						"{{hostname}}"
-					],
-					"port": "3000",
-					"path": [
-						"api",
-						"hooks"
-					],
-					"query": [
-						{
-							"key": "token",
-							"value": "{{token}}"
-						}
-					]
-				},
-				"description": "Provides information (browser and OS version, cookies, enabled plugins, etc) about all hooked browsers (both online and offline)."
-			},
-			"response": []
-		},
-		{
-			"name": "Get Specific Hooked Browser",
-			"request": {
-				"method": "GET",
-				"header": [],
-				"url": {
-					"raw": "http://{{hostname}}:3000/api/hooks/{{session}}?token={{token}}",
-					"protocol": "http",
-					"host": [
-						"{{hostname}}"
-					],
-					"port": "3000",
-					"path": [
-						"api",
-						"hooks",
-						"{{session}}"
-					],
-					"query": [
-						{
-							"key": "token",
-							"value": "{{token}}"
-						}
-					]
-				},
-				"description": "\n    Provides information (browser and OS version, cookies, enabled plugins, etc) about a specific hooked browser.\n"
-			},
-			"response": []
-		},
-		{
-			"name": "Get All Hooked Browsers Logs",
-			"request": {
-				"method": "GET",
-				"header": [],
-				"url": {
-					"raw": "http://{{hostname}}:3000/api/logs?token={{token}}",
-					"protocol": "http",
-					"host": [
-						"{{hostname}}"
-					],
-					"port": "3000",
-					"path": [
-						"api",
-						"logs"
-					],
-					"query": [
-						{
-							"key": "token",
-							"value": "{{token}}"
-						}
-					]
-				},
-				"description": "The logs handler gives information about all hooked browser's logs, both global and relative."
-			},
-			"response": []
-		},
-		{
-			"name": "Get Specific Hooked Browsers Logs",
-			"request": {
-				"method": "GET",
-				"header": [],
-				"url": {
-					"raw": "http://{{hostname}}:3000/api/logs/{{session}}?token={{token}}",
-					"protocol": "http",
-					"host": [
-						"{{hostname}}"
-					],
-					"port": "3000",
-					"path": [
-						"api",
-						"logs",
-						"{{session}}"
-					],
-					"query": [
-						{
-							"key": "token",
-							"value": "{{token}}"
-						}
-					]
-				},
-				"description": " The logs handler gives information about a specified hooked browser's logs.\n"
-			},
-			"response": []
-		},
-		{
-			"name": "List All Command Modules",
-			"request": {
-				"method": "GET",
-				"header": [],
-				"url": {
-					"raw": "http://{{hostname}}:3000/api/modules?token={{token}}",
-					"protocol": "http",
-					"host": [
-						"{{hostname}}"
-					],
-					"port": "3000",
-					"path": [
-						"api",
-						"modules"
-					],
-					"query": [
-						{
-							"key": "token",
-							"value": "{{token}}"
-						}
-					]
-				},
-				"description": "List all available BeEF command modules."
-			},
-			"response": []
-		},
-		{
-			"name": "Get Information on Specific Module",
-			"request": {
-				"method": "GET",
-				"header": [],
-				"url": {
-					"raw": "http://{{hostname}}:3000/api/modules/{{module_id}}?token={{token}}",
-					"protocol": "http",
-					"host": [
-						"{{hostname}}"
-					],
-					"port": "3000",
-					"path": [
-						"api",
-						"modules",
-						"{{module_id}}"
-					],
-					"query": [
-						{
-							"key": "token",
-							"value": "{{token}}"
-						}
-					]
-				},
-				"description": "Get detailed information about a specific BeEF command module.\n"
-			},
-			"response": []
-		},
-		{
-			"name": "Launch Command Module on a Specific Browser",
-			"request": {
-				"method": "POST",
-				"header": [
-					{
-						"key": "Content-Type",
-						"name": "Content-Type",
-						"value": "application/json",
-						"type": "text"
-					}
-				],
-				"body": {
-					"mode": "raw",
-					"raw": "",
-					"options": {
-						"raw": {
-							"language": "json"
-						}
-					}
-				},
-				"url": {
-					"raw": "http://{{hostname}}:3000/api/modules/{{session}}/{{module_id}}?token={{token}}",
-					"protocol": "http",
-					"host": [
-						"{{hostname}}"
-					],
-					"port": "3000",
-					"path": [
-						"api",
-						"modules",
-						"{{session}}",
-						"{{module_id}}"
-					],
-					"query": [
-						{
-							"key": "token",
-							"value": "{{token}}"
-						}
-					]
-				},
-				"description": "Launch a specific BeEF command module on a given hooked browser.\n"
-			},
-			"response": []
-		},
-		{
-			"name": "Return Information About Previously Executed Module",
-			"protocolProfileBehavior": {
-				"disableBodyPruning": true
-			},
-			"request": {
-				"method": "GET",
-				"header": [
-					{
-						"key": "Content-Type",
-						"name": "Content-Type",
-						"value": "application/json",
-						"type": "text"
-					}
-				],
-				"body": {
-					"mode": "raw",
-					"raw": "",
-					"options": {
-						"raw": {
-							"language": "json"
-						}
-					}
-				},
-				"url": {
-					"raw": "http://{{hostname}}:3000/api/modules/{{session}}/{{module_id}}/{{cmd_id}}?token={{token}}",
-					"protocol": "http",
-					"host": [
-						"{{hostname}}"
-					],
-					"port": "3000",
-					"path": [
-						"api",
-						"modules",
-						"{{session}}",
-						"{{module_id}}",
-						"{{cmd_id}}"
-					],
-					"query": [
-						{
-							"key": "token",
-							"value": "{{token}}"
-						}
-					]
-				},
-				"description": "Returns information about a specific previously launched BeEF command module.\n"
-			},
-			"response": []
-		},
-		{
-			"name": "Send a Metasploit Module",
-			"request": {
-				"method": "POST",
-				"header": [],
-				"url": {
-					"raw": "http://{{hostname}}:3000/api/modules/{{session}}/{{module_id}}?token={{token}}",
-					"protocol": "http",
-					"host": [
-						"{{hostname}}"
-					],
-					"port": "3000",
-					"path": [
-						"api",
-						"modules",
-						"{{session}}",
-						"{{module_id}}"
-					],
-					"query": [
-						{
-							"key": "token",
-							"value": "{{token}}"
-						}
-					]
-				},
-				"description": "Launch a specific Metasploit module on a given hooked browser\n"
-			},
-			"response": []
-		},
-		{
-			"name": " Send a Module to Multiple Hooked Browsers",
-			"request": {
-				"method": "POST",
-				"header": [
-					{
-						"key": "Content-Type",
-						"name": "Content-Type",
-						"value": "application/json",
-						"type": "text"
-					}
-				],
-				"body": {
-					"mode": "raw",
-					"raw": "",
-					"options": {
-						"raw": {
-							"language": "json"
-						}
-					}
-				},
-				"url": {
-					"raw": "http://{{hostname}}:3000/api/modules/multi_browser?token={{token}}",
-					"protocol": "http",
-					"host": [
-						"{{hostname}}"
-					],
-					"port": "3000",
-					"path": [
-						"api",
-						"modules",
-						"multi_browser"
-					],
-					"query": [
-						{
-							"key": "token",
-							"value": "{{token}}"
-						}
-					]
-				},
-				"description": "Fire a new command module to multiple hooked browsers. Returns the command IDs of the launched module, or 0 if firing got issues."
-			},
-			"response": []
-		},
-		{
-			"name": " Send Multiple Modules to a Single Hooked Browser",
-			"request": {
-				"method": "POST",
-				"header": [
-					{
-						"key": "Content-Type",
-						"name": "Content-Type",
-						"value": "application/json",
-						"type": "text"
-					}
-				],
-				"body": {
-					"mode": "raw",
-					"raw": "",
-					"options": {
-						"raw": {
-							"language": "json"
-						}
-					}
-				},
-				"url": {
-					"raw": "http://{{hostname}}:3000/api/modules/multi_module?token={{token}}",
-					"protocol": "http",
-					"host": [
-						"{{hostname}}"
-					],
-					"port": "3000",
-					"path": [
-						"api",
-						"modules",
-						"multi_module"
-					],
-					"query": [
-						{
-							"key": "token",
-							"value": "{{token}}"
-						}
-					]
-				},
-				"description": "Fire multiple command modules to a single hooked browser. Returns the command IDs of the launched modules, or 0 if firing got issues."
-			},
-			"response": []
-		},
-		{
-			"name": "List the DNS ruleset",
-			"request": {
-				"method": "GET",
-				"header": [],
-				"url": {
-					"raw": "http://{{hostname}}:3000/api/dns/ruleset?token={{token}}",
-					"protocol": "http",
-					"host": [
-						"{{hostname}}"
-					],
-					"port": "3000",
-					"path": [
-						"api",
-						"dns",
-						"ruleset"
-					],
-					"query": [
-						{
-							"key": "token",
-							"value": "{{token}}"
-						}
-					]
-				},
-				"description": "Returns the current set of DNS rules.\n"
-			},
-			"response": []
-		},
-		{
-			"name": "List a Specific DNS Rule",
-			"request": {
-				"method": "GET",
-				"header": [],
-				"url": {
-					"raw": "http://{{hostname}}:3000/api/dns/rule/{{dnsrule_id}}?token={{token}}",
-					"protocol": "http",
-					"host": [
-						"{{hostname}}"
-					],
-					"port": "3000",
-					"path": [
-						"api",
-						"dns",
-						"rule",
-						"{{dnsrule_id}}"
-					],
-					"query": [
-						{
-							"key": "token",
-							"value": "{{token}}"
-						}
-					]
-				},
-				"description": "Returns an individual DNS rule given its unique id.\n"
-			},
-			"response": []
-		},
-		{
-			"name": "Add a New DNS Rule",
-			"request": {
-				"method": "POST",
-				"header": [
-					{
-						"key": "Content-Type",
-						"name": "Content-Type",
-						"value": "application/json",
-						"type": "text"
-					}
-				],
-				"body": {
-					"mode": "raw",
-					"raw": "",
-					"options": {
-						"raw": {
-							"language": "json"
-						}
-					}
-				},
-				"url": {
-					"raw": "http://{{hostname}}:3000/api/dns/rule?token={{token}}",
-					"protocol": "http",
-					"host": [
-						"{{hostname}}"
-					],
-					"port": "3000",
-					"path": [
-						"api",
-						"dns",
-						"rule"
-					],
-					"query": [
-						{
-							"key": "token",
-							"value": "{{token}}"
-						}
-					]
-				},
-				"description": "Adds a new DNS rule or \"resource record\". Does nothing if rule is already present.\n"
-			},
-			"response": []
-		},
-		{
-			"name": "Remove an Existing DNS Rule",
-			"request": {
-				"method": "DELETE",
-				"header": [],
-				"url": {
-					"raw": "http://{{hostname}}:3000/api/dns/rule/{{dnsrule_id}}?token={{token}}",
-					"protocol": "http",
-					"host": [
-						"{{hostname}}"
-					],
-					"port": "3000",
-					"path": [
-						"api",
-						"dns",
-						"rule",
-						"{{dnsrule_id}}"
-					],
-					"query": [
-						{
-							"key": "token",
-							"value": "{{token}}"
-						}
-					]
-				},
-				"description": "Removes an individual DNS rule with a specified unique ID.\n"
-			},
-			"response": []
-		}
-	],
-	"protocolProfileBehavior": {}
-}

Rakefile

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -88,15 +88,6 @@ namespace :rdoc do
   end
 end
 
-
-################################
-# Install
-
-#task :install do
-#  sh "export BEEF_TEST=true"
-#end
-
-
 ################################
 # X11 set up
 
@@ -134,7 +125,7 @@ task :beef_start => 'beef' do
   config = YAML.safe_load(File.read('./config.yaml'))
   config['beef']['credentials']['user'] = test_user
   config['beef']['credentials']['passwd'] = test_pass
-  Dir.mkdir('tmp') unless Dir.exists?('tmp')
+  Dir.mkdir('tmp') unless Dir.exist?('tmp')
   File.open(@beef_config_file, 'w') { |f| YAML.dump(config, f) }
 
   # set the environment creds -- in case we're using bad_fred
@@ -217,43 +208,6 @@ task :dmg do
 end
 
 
-################################
-# Create CDE Package
-# This will download and make the CDE Executable and
-# gnereate a CDE Package in cde-package
-
-task :cde do
-  puts "\nCloning and Making CDE...";
-  sh "git clone git://github.com/pgbovine/CDE.git";
-  Dir.chdir "CDE";
-  sh "make";
-  Dir.chdir "..";
-  puts "\nCreating CDE Package...\n";
-  sh "bundle install"
-  Rake::Task['cde_beef_start'].invoke
-  Rake::Task['beef_stop'].invoke
-  puts "\nCleaning Up...\n";
-  sleep (2);
-  sh "rm -rf CDE";
-  puts "\nCDE Package Created...\n";
-end
-
-################################
-# CDE/BeEF environment set up
-
-@beef_process_id = nil;
-
-task :cde_beef_start => 'beef' do
-  printf "Starting CDE BeEF (wait 10 seconds)..."
-  @beef_process_id = IO.popen("./CDE/cde ruby beef -x 2> /dev/null", "w+")
-  delays = [2, 2, 1, 1, 1, 0.5, 0.5, 0.5, 0.3, 0.2, 0.1, 0.1, 0.1, 0.05, 0.05]
-  delays.each do |i| # delay for 10 seconds
-    printf '.'
-    sleep (i)
-  end
-  puts '.'
-end
-
 ################################
 # ActiveRecord
 namespace :db do

VERSION

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

arerules/alert.json

@@ -1,9 +1,5 @@
 {"name": "Display an alert",
   "author": "mgeeky",
-  "browser": "ALL",
-  "browser_version": "ALL",
-  "os": "ALL",
-  "os_version": "ALL",
   "modules": [
     {"name": "alert_dialog",
       "condition": null,

arerules/coinhive_miner.json

@@ -1,20 +0,0 @@
-{"name": "Start CoinHive JavaScript miner",
-  "author": "bcoles",
-  "browser": "ALL",
-  "browser_version": "ALL",
-  "os": "ALL",
-  "os_version": "ALL",
-  "modules": [
-    {"name": "coinhive_miner",
-      "condition": null,
-      "options": {
-        "public_token":"Ofh5MIvjuCBDqwJ9TCTio7TYko0ig5TV",
-        "mode":"FORCE_EXCLUSIVE_TAB",
-        "mobile_enabled":""
-      }
-    }
-  ],
-  "execution_order": [0],
-  "execution_delay": [0],
-  "chain_mode": "sequential"
-}

arerules/confirm_close_tab.json

@@ -1,9 +1,5 @@
 {"name": "Confirm Close Tab",
   "author": "mgeeky",
-  "browser": "ALL",
-  "browser_version": "ALL",
-  "os": "ALL",
-  "os_version": "ALL",
   "modules": [
     {"name": "confirm_close_tab",
       "condition": null,

arerules/ff_osx_extension-dropper.json

@@ -2,7 +2,6 @@
   "name": "Firefox Extension Dropper",
   "author": "antisnatchor",
   "browser": "FF",
-  "browser_version": "ALL",
   "os": "OSX",
   "os_version": ">= 10.8",
   "modules": [{
@@ -17,4 +16,4 @@
   "execution_order": [0],
   "execution_delay": [0],
   "chain_mode": "sequential"
-}
+}

arerules/get_cookie.json

@@ -1,10 +1,6 @@
 {
   "name": "Get Cookie",
   "author": "@benichmt1",
-  "browser": "ALL",
-  "browser_version": "ALL",
-  "os": "ALL",
-  "os_version": "ALL",
   "modules": [
     {"name": "get_cookie",
       "condition": null,

arerules/ie_win_htapowershell.json

@@ -2,7 +2,6 @@
   "name": "HTA PowerShell",
   "author": "antisnatchor",
   "browser": "IE",
-  "browser_version": "ALL",
   "os": "Windows",
   "os_version": ">= 7",
   "modules": [

arerules/lan_cors_scan.json

@@ -1,9 +1,6 @@
 {"name": "LAN CORS Scan",
   "author": "bcoles",
   "browser": ["FF", "C"],
-  "browser_version": "ALL",
-  "os": "ALL",
-  "os_version": "ALL",
   "modules": [
     {"name": "get_internal_ip_webrtc",
       "condition": null,

arerules/lan_cors_scan_common.json

@@ -1,9 +1,5 @@
 {"name": "LAN CORS Scan (Common IPs)",
   "author": "bcoles",
-  "browser": "ALL",
-  "browser_version": "ALL",
-  "os": "ALL",
-  "os_version": "ALL",
   "modules": [
     {"name": "cross_origin_scanner_cors",
       "condition": null,

arerules/lan_fingerprint.json

@@ -1,9 +1,6 @@
 {"name": "LAN Fingerprint",
   "author": "bcoles",
   "browser": ["FF", "C"],
-  "browser_version": "ALL",
-  "os": "ALL",
-  "os_version": "ALL",
   "modules": [
     {"name": "get_internal_ip_webrtc",
       "condition": null,

arerules/lan_fingerprint_common.json

@@ -1,9 +1,5 @@
 {"name": "LAN Fingerprint (Common IPs)",
   "author": "antisnatchor",
-  "browser": "ALL",
-  "browser_version": "ALL",
-  "os": "ALL",
-  "os_version": "ALL",
   "modules": [
     {"name": "internal_network_fingerprinting",
       "condition": null,

arerules/lan_flash_scan.json

@@ -1,9 +1,6 @@
 {"name": "LAN Flash Scan",
   "author": "bcoles",
   "browser": ["FF", "C"],
-  "browser_version": "ALL",
-  "os": "ALL",
-  "os_version": "ALL",
   "modules": [
     {"name": "get_internal_ip_webrtc",
       "condition": null,

arerules/lan_flash_scan_common.json

@@ -1,9 +1,6 @@
 {"name": "LAN Flash Scan (Common IPs)",
   "author": "bcoles",
   "browser": ["FF", "C"],
-  "browser_version": "ALL",
-  "os": "ALL",
-  "os_version": "ALL",
   "modules": [
     {"name": "cross_origin_scanner_flash",
       "condition": null,

arerules/lan_http_scan.json

@@ -1,9 +1,6 @@
 {"name": "LAN HTTP Scan",
   "author": "bcoles",
   "browser": ["FF", "C"],
-  "browser_version": "ALL",
-  "os": "ALL",
-  "os_version": "ALL",
   "modules": [
     {"name": "get_internal_ip_webrtc",
       "condition": null,

arerules/lan_http_scan_common.json

@@ -1,9 +1,5 @@
 {"name": "LAN HTTP Scan (Common IPs)",
   "author": "bcoles",
-  "browser": "ALL",
-  "browser_version": "ALL",
-  "os": "ALL",
-  "os_version": "ALL",
   "modules": [
     {"name": "get_http_servers",
       "condition": null,

arerules/lan_ping_sweep.json

@@ -1,9 +1,6 @@
 {"name": "LAN Ping Sweep",
   "author": "bcoles",
   "browser": "FF",
-  "browser_version": "ALL",
-  "os": "ALL",
-  "os_version": "ALL",
   "modules": [
     {"name": "get_internal_ip_webrtc",
       "condition": null,

arerules/lan_ping_sweep_common.json

@@ -1,9 +1,6 @@
 {"name": "LAN Ping Sweep (Common IPs)",
   "author": "bcoles",
   "browser": "FF",
-  "browser_version": "ALL",
-  "os": "ALL",
-  "os_version": "ALL",
   "modules": [
     {"name": "ping_sweep",
       "condition": null,

arerules/lan_port_scan.json

@@ -1,9 +1,5 @@
 {"name": "LAN Port Scan",
   "author": "aburro & aussieklutz",
-  "browser": "ALL",
-  "browser_version": "ALL",
-  "os": "ALL",
-  "os_version": "ALL",
   "modules": [
     {"name": "get_internal_ip_webrtc",
       "condition": null,

arerules/lan_sw_port_scan.json

@@ -1,9 +1,5 @@
 {"name": "LAN SW Port Scan",
   "author": "aburro & aussieklutz",
-  "browser": "ALL",
-  "browser_version": "ALL",
-  "os": "ALL",
-  "os_version": "ALL",
   "modules": [
     {"name": "get_internal_ip_webrtc",
       "condition": null,

arerules/man_in_the_browser.json

@@ -1,9 +1,5 @@
 {"name": "Perform Man-In-The-Browser",
   "author": "mgeeky",
-  "browser": "ALL",
-  "browser_version": "ALL",
-  "os": "ALL",
-  "os_version": "ALL",
   "modules": [
     {"name": "man_in_the_browser",
       "condition": null,

arerules/raw_javascript.json

@@ -1,10 +1,6 @@
 {
   "name": "Raw JavaScript",
   "author": "wade@bindshell.net",
-  "browser": "ALL",
-  "browser_version": "ALL",
-  "os": "ALL",
-  "os_version": "ALL",
   "modules": [
     {"name": "raw_javascript",
       "condition": null,

arerules/record_snapshots.json

@@ -1,9 +1,5 @@
 {"name": "Collects multiple snapshots of the webpage within Same-Origin",
   "author": "mgeeky",
-  "browser": ["FF", "C", "O", "IE", "S"],
-  "browser_version": "ALL",
-  "os": "ALL",
-  "os_version": "ALL",
   "modules": [
     {"name": "spyder_eye",
       "condition": null,

arerules/win_fake_malware.json

@@ -2,10 +2,7 @@
 {
   "name": "Windows Fake Malware",
   "author": "bcoles",
-  "browser": "ALL",
-  "browser_version": "ALL",
   "os": "Windows",
-  "os_version": "ALL",
   "modules": [
     {
       "name": "blockui",

beef

@@ -1,7 +1,7 @@
 #!/usr/bin/env ruby
 
 #
-# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -185,7 +185,7 @@ db_file = config.get('beef.database.file')
 if BeEF::Core::Console::CommandLine.parse[:resetdb]
   print_info 'Resetting the database for BeEF.'
   begin
-    File.delete(db_file) if File.exists?(db_file)
+    File.delete(db_file) if File.exist?(db_file)
   rescue => e
     print_error("Could not remove '#{db_file}' database file: #{e.message}")
     exit(1)

config.yaml

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -45,22 +45,23 @@ beef:
         # Enabling WebSockets is generally better (beef.websocket.enable)
         xhr_poll_timeout: 1000
 
-        # Host Name / Domain Name
-        # If you want BeEF to be accessible via hostname or domain name (ie, DynDNS),
-        # These settings will be used to create a public facing URL
-        # This public facing URL will be used for all hook related calls
-        # set the public setting below:
-        # public:
-        #     host: "" # public hostname/IP address
-        #     port: "" # public port will default to 80 if no https 443 if https 
-                      # and local if not set but there is a public host
-        #     https: false # true/false
+        # Public Domain Name / Reverse Proxy / Port Forwarding
+        #
+        # In order for the client-side BeEF JavaScript hook to be able to connect to BeEF,
+        # the hook JavaScript needs to be generated with the correct connect-back details.
+        #
+        # If you're using a public domain name, reverse proxy, or port forwarding you must
+        # configure the public-facing connection details here.
 
-        # Reverse Proxy / NAT
-        # If you want BeEF to be accessible behind a reverse proxy or NAT,
-        #   set both the publicly accessible hostname/IP address and port below:
-        # NOTE: Allowing the reverse proxy will enable a vulnerability where the ui/panel can be spoofed
-        #   by altering the X-FORWARDED-FOR ip address in the request header.
+        #public:
+        #    host: "beef.local" # public hostname/IP address
+        #    port: "443" # public port (443 if the public server is using HTTPS)
+        #    https: false # true/false
+
+        # If using any reverse proxy you should also set allow_reverse_proxy to true below.
+        # Note that this causes the BeEF server to trust the X-Forwarded-For HTTP header.
+        # If the BeEF server is directly accessible, clients can spoof their connecting
+        # IP address using this header to bypass the IP address permissions/exclusions.
         allow_reverse_proxy: false
 
         # Hook
@@ -93,8 +94,6 @@ beef:
         # Experimental HTTPS support for the hook / admin / all other Thin managed web services
         https:
             enable: false
-            # Enabled this config setting if you're external facing uri is using https
-            public_enabled: false
             # In production environments, be sure to use a valid certificate signed for the value
             # used in beef.http.public (the domain name of the server where you run BeEF)
             key: "beef_key.pem"
@@ -125,13 +124,6 @@ beef:
         # GeoLite2 City database created by MaxMind, available from https://www.maxmind.com
         database: '/usr/share/GeoIP/GeoLite2-City.mmdb'
 
-    # Integration with PhishingFrenzy
-    # If enabled BeEF will try to get the UID parameter value from the hooked URI, as this is used by PhishingFrenzy
-    # to uniquely identify the victims. In this way you can easily associate phishing emails with hooked browser.
-    integration:
-        phishing_frenzy:
-            enable: false
-
     # You may override default extension configuration parameters here
     # Note: additional experimental extensions are available in the 'extensions' directory
     #       and can be enabled via their respective 'config.yaml' file

core/api.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -184,7 +184,7 @@ module BeEF
         mods = get_owners(clss, mthd, args)
         return nil unless mods.length.positive?
 
-        unless verify_api_path(clss, mthd) && clss.ancestors[0].to_s > 'BeEF::API'
+        unless verify_api_path(clss, mthd) && clss.ancestors.first.to_s.start_with?('BeEF::API')
           print_error "API Path not defined for Class: #{clss} method: #{mthd}"
           return []
         end

core/api/extension.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/extensions.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/main/configuration.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/main/migration.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/main/network_stack/assethandler.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/main/server.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/main/server/hook.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/module.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/modules.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/bootstrap.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/core.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/extension.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/extensions.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/filters.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/filters/base.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/filters/browser.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/filters/command.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/filters/http.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/filters/page.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/hbmanager.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/loader.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/logger.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/ar-migrations/012_create_mass_mailer.rb

@@ -1,7 +0,0 @@
-class CreateMassMailer < ActiveRecord::Migration[6.0]
-  def change
-    create_table :mass_mailers do |t|
-      # TODO: fields
-    end
-  end
-end

core/main/ar-migrations/022_create_ipec_exploit.rb

@@ -1,9 +0,0 @@
-class CreateIpecExploit < ActiveRecord::Migration[6.0]
-  def change
-    create_table :ipec_exploits do |t|
-      t.text :name
-      t.text :protocol
-      t.text :os
-    end
-  end
-end

core/main/ar-migrations/023_create_ipec_exploit_run.rb

@@ -1,9 +0,0 @@
-class CreateIpecExploitRun < ActiveRecord::Migration[6.0]
-  def change
-    create_table :ipec_exploit_runs do |t|
-      t.boolean :launched
-      t.text :http_headers
-      t.text :junk_size
-    end
-  end
-end

core/main/autorun_engine/engine.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -19,31 +19,243 @@ module BeEF
           @debug_on = @config.get('beef.debug')
 
           @VERSION = ['<', '<=', '==', '>=', '>', 'ALL']
-          @VERSION_STR = %w[XP Vista]
+          @VERSION_STR = %w[XP Vista 7]
+        end
+
+        # Checks if there are any ARE rules to be triggered for the specified hooked browser.
+        #
+        # Returns an array with rule IDs that matched and should be triggered.
+        # if rule_id is specified, checks will be executed only against the specified rule (useful
+        #  for dynamic triggering of new rulesets ar runtime)
+        def find_matching_rules_for_zombie(browser, browser_version, os, os_version)
+          rules = BeEF::Core::Models::Rule.all
+
+          return if rules.nil?
+          return if rules.empty?
+
+          # TODO: handle cases where there are multiple ARE rules for the same hooked browser.
+          # maybe rules need to have priority or something?
+
+          print_info '[ARE] Checking if any defined rules should be triggered on target.'
+
+          match_rules = []
+          rules.each do |rule|
+            next unless zombie_matches_rule?(browser, browser_version, os, os_version, rule)
+
+            match_rules.push(rule.id)
+            print_more("Hooked browser and OS match rule: #{rule.name}.")
+          end
+
+          print_more("Found [#{match_rules.length}/#{rules.length}] ARE rules matching the hooked browser.")
+
+          match_rules
+        end
+
+        # @return [Boolean]
+        # Note: browser version checks are supporting only major versions, ex: C 43, IE 11
+        # Note: OS version checks are supporting major/minor versions, ex: OSX 10.10, Windows 8.1
+        def zombie_matches_rule?(browser, browser_version, os, os_version, rule)
+          return false if rule.nil?
+
+          unless zombie_browser_matches_rule?(browser, browser_version, rule)
+            print_debug("Browser version check -> (hook) #{browser_version} #{rule.browser_version} (rule) : does not match")
+            return false
+          end
+
+          print_debug("Browser version check -> (hook) #{browser_version} #{rule.browser_version} (rule) : matched")
+
+          unless zombie_os_matches_rule?(os, os_version, rule)
+            print_debug("OS version check -> (hook) #{os_version} #{rule.os_version} (rule): does not match")
+            return false
+          end
+
+          print_debug("OS version check -> (hook) #{os_version} #{rule.os_version} (rule): matched")
+
+          true
+        rescue StandardError => e
+          print_error e.message
+          print_debug e.backtrace.join("\n")
+        end
+
+        # @return [Boolean]
+        # TODO: This should be updated to support matching multiple OS (like the browser check below)
+        def zombie_os_matches_rule?(os, os_version, rule)
+          return false if rule.nil?
+
+          return false unless rule.os == 'ALL' || os == rule.os
+
+          # check if the OS versions match
+          os_ver_rule_cond = rule.os_version.split(' ').first
+
+          return true if os_ver_rule_cond == 'ALL'
+
+          return false unless @VERSION.include?(os_ver_rule_cond) || @VERSION_STR.include?(os_ver_rule_cond)
+
+          os_ver_rule_maj = rule.os_version.split(' ').last.split('.').first
+          os_ver_rule_min = rule.os_version.split(' ').last.split('.').last
+
+          if os_ver_rule_maj == 'XP'
+            os_ver_rule_maj = 5
+            os_ver_rule_min = 0
+          elsif os_ver_rule_maj == 'Vista'
+            os_ver_rule_maj = 6
+            os_ver_rule_min = 0
+          elsif os_ver_rule_maj == '7'
+            os_ver_rule_maj = 6
+            os_ver_rule_min = 0
+          end
+
+          # Most of the times Linux/*BSD OS doesn't return any version
+          # (TODO: improve OS detection on these operating systems)
+          if !os_version.nil? && !@VERSION_STR.include?(os_version)
+            os_ver_hook_maj = os_version.split('.').first
+            os_ver_hook_min = os_version.split('.').last
+
+            # the following assignments to 0 are need for later checks like:
+            # 8.1 >= 7, because if the version doesn't have minor versions, maj/min are the same
+            os_ver_hook_min = 0 if os_version.split('.').length == 1
+            os_ver_rule_min = 0 if rule.os_version.split('.').length == 1
+          else
+            # XP is Windows 5.0 and Vista is Windows 6.0. Easier for comparison later on.
+            # TODO: BUG: This will fail horribly if the target OS is Windows 7 or newer,
+            # as no version normalization is performed.
+            # TODO: Update this for every OS since Vista/7 ...
+            if os_version == 'XP'
+              os_ver_hook_maj = 5
+              os_ver_hook_min = 0
+            elsif os_version == 'Vista'
+              os_ver_hook_maj = 6
+              os_ver_hook_min = 0
+            elsif os_version == '7'
+              os_ver_hook_maj = 6
+              os_ver_hook_min = 0
+            end
+          end
+
+          if !os_version.nil? || rule.os_version != 'ALL'
+            os_major_version_match = compare_versions(os_ver_hook_maj.to_s, os_ver_rule_cond, os_ver_rule_maj.to_s)
+            os_minor_version_match = compare_versions(os_ver_hook_min.to_s, os_ver_rule_cond, os_ver_rule_min.to_s)
+            return false unless (os_major_version_match && os_minor_version_match)
+          end
+
+          true
+        rescue StandardError => e
+          print_error e.message
+          print_debug e.backtrace.join("\n")
+        end
+
+        # @return [Boolean]
+        def zombie_browser_matches_rule?(browser, browser_version, rule)
+          return false if rule.nil?
+
+          b_ver_cond = rule.browser_version.split(' ').first
+
+          return false unless @VERSION.include?(b_ver_cond)
+
+          b_ver = rule.browser_version.split(' ').last
+
+          return false unless BeEF::Filters.is_valid_browserversion?(b_ver)
+
+          # check if rule specifies multiple browsers
+          if rule.browser =~ /\A[A-Z]+\Z/
+              return false unless rule.browser == 'ALL' || browser == rule.browser
+
+              # check if the browser version matches
+              browser_version_match = compare_versions(browser_version.to_s, b_ver_cond, b_ver.to_s)
+              return false unless browser_version_match
+            else
+              browser_match = false
+              rule.browser.gsub(/[^A-Z,]/i, '').split(',').each do |b|
+                if b == browser || b == 'ALL'
+                  browser_match = true
+                  break
+                end
+              end
+              return false unless browser_match
+          end
+
+          true
+        rescue StandardError => e
+          print_error e.message
+          print_debug e.backtrace.join("\n")
         end
 
         # Check if the hooked browser type/version and OS type/version match any Rule-sets
-        # stored in the BeEF::Core::AutorunEngine::Models::Rule database table
+        # stored in the BeEF::Core::Models::Rule database table
         # If one or more Rule-sets do match, trigger the module chain specified
-        def run(hb_id, browser_name, browser_version, os_name, os_version)
+        def find_and_run_all_matching_rules_for_zombie(hb_id)
+          return if hb_id.nil?
+
+          hb_details = BeEF::Core::Models::BrowserDetails
+          browser_name = hb_details.get(hb_id, 'browser.name')
+          browser_version = hb_details.get(hb_id, 'browser.version')
+          os_name = hb_details.get(hb_id, 'host.os.name')
+          os_version = hb_details.get(hb_id, 'host.os.version')
+
           are = BeEF::Core::AutorunEngine::Engine.instance
-          match_rules = are.match(browser_name, browser_version, os_name, os_version)
-          are.trigger(match_rules, hb_id) if !match_rules.nil? && match_rules.length > 0
+          rules = are.find_matching_rules_for_zombie(browser_name, browser_version, os_name, os_version)
+
+          return if rules.nil?
+          return if rules.empty?
+
+          are.run_rules_on_zombie(rules, hb_id)
         end
 
+        # Run the specified rule IDs on the specified zombie ID
+        # only if the rules match.
+        def run_matching_rules_on_zombie(rule_ids, hb_id)
+          return if rule_ids.nil?
+          return if hb_id.nil?
+
+          rule_ids = [rule_ids.to_i] if rule_ids.is_a?(String)
+
+          hb_details = BeEF::Core::Models::BrowserDetails
+          browser_name = hb_details.get(hb_id, 'browser.name')
+          browser_version = hb_details.get(hb_id, 'browser.version')
+          os_name = hb_details.get(hb_id, 'host.os.name')
+          os_version = hb_details.get(hb_id, 'host.os.version')
+
+          are = BeEF::Core::AutorunEngine::Engine.instance
+          rules = are.find_matching_rules_for_zombie(browser_name, browser_version, os_name, os_version)
+
+          return if rules.nil?
+          return if rules.empty?
+
+          new_rules = []
+          rules.each do |rule|
+            new_rules << rule if rule_ids.include?(rule)
+          end
+
+          return if new_rules.empty?
+
+          are.run_rules_on_zombie(new_rules, hb_id)
+        end
+
+        # Run the specified rule IDs on the specified zombie ID
+        # regardless of whether the rules match.
         # Prepare and return the JavaScript of the modules to be sent.
         # It also updates the rules ARE execution table with timings
-        def trigger(rule_ids, hb_id)
+        def run_rules_on_zombie(rule_ids, hb_id)
+          return if rule_ids.nil?
+          return if hb_id.nil?
+
           hb = BeEF::HBManager.get_by_id(hb_id)
           hb_session = hb.session
 
+          rule_ids = [rule_ids] if rule_ids.is_a?(Integer)
+
           rule_ids.each do |rule_id|
             rule = BeEF::Core::Models::Rule.find(rule_id)
             modules = JSON.parse(rule.modules)
 
             execution_order = JSON.parse(rule.execution_order)
             execution_delay = JSON.parse(rule.execution_delay)
-            chain_mode  = rule.chain_mode
+            chain_mode = rule.chain_mode
+
+            unless %w[sequential nested-forward].include?(chain_mode)
+              print_error("[ARE] Invalid chain mode '#{chain_mode}' for rule")
+              return
+            end
 
             mods_bodies = []
             mods_codes = []
@@ -76,11 +288,13 @@ module BeEF
             when 'sequential'
               wrapper = prepare_sequential_wrapper(mods_bodies, execution_order, execution_delay, rule_token)
             else
-              wrapper = nil
-              print_error 'Chain mode looks wrong!'
-              # TODO: catch error, which should never happen as values are checked way before ;-)
+              # we should never get here. chain mode is validated earlier.
+              print_error("[ARE] Invalid chain mode '#{chain_mode}'")
+              next
             end
 
+            print_more "Triggering rules #{rule_ids} on HB #{hb_id}"
+
             are_exec = BeEF::Core::Models::Execution.new(
               session_id: hb_session,
               mod_count: modules.length,
@@ -88,14 +302,14 @@ module BeEF
               rule_token: rule_token,
               mod_body: wrapper,
               is_sent: false,
-              id: rule_id
+              rule_id: rule_id
             )
             are_exec.save!
-            # Once Engine.check() verified that the hooked browser match a Rule, trigger the Rule ;-)
-            print_more "Triggering ruleset #{rule_ids} on HB #{hb_id}"
           end
         end
 
+        private
+
         # Wraps module bodies in their own function, using setTimeout to trigger them with an eventual delay.
         # Launch order is also taken care of.
         #  - sequential chain with delays (setTimeout stuff)
@@ -339,20 +553,18 @@ module BeEF
           print_error '[ARE] Could not find module end index' if wrapper_end_index.nil?
 
           cleaned_cmd_body = cmd_body.slice(wrapper_start_index..-(wrapper_end_index + 1)).join("\n")
+
           print_error '[ARE] No command to send' if cleaned_cmd_body.eql?('')
 
           # check if <<mod_input>> should be replaced with a variable name (depending if the variable is a string or number)
-          if replace_input
-            if cleaned_cmd_body.include?('"<<mod_input>>"')
-              final_cmd_body = cleaned_cmd_body.gsub('"<<mod_input>>"', 'mod_input')
-            elsif cleaned_cmd_body.include?('\'<<mod_input>>\'')
-              final_cmd_body = cleaned_cmd_body.gsub('\'<<mod_input>>\'', 'mod_input')
-            elsif cleaned_cmd_body.include?('<<mod_input>>')
-              final_cmd_body = cleaned_cmd_body.gsub('\'<<mod_input>>\'', 'mod_input')
-            else
-              return cleaned_cmd_body
-            end
-            final_cmd_body
+          return cleaned_cmd_body unless replace_input
+
+          if cleaned_cmd_body.include?('"<<mod_input>>"')
+            cleaned_cmd_body.gsub('"<<mod_input>>"', 'mod_input')
+          elsif cleaned_cmd_body.include?('\'<<mod_input>>\'')
+            cleaned_cmd_body.gsub('\'<<mod_input>>\'', 'mod_input')
+          elsif cleaned_cmd_body.include?('<<mod_input>>')
+            cleaned_cmd_body.gsub('\'<<mod_input>>\'', 'mod_input')
           else
             cleaned_cmd_body
           end
@@ -360,129 +572,6 @@ module BeEF
           print_error "[ARE] There is likely a problem with the module's command.js parsing. Check Engine.clean_command_body. #{e.message}"
         end
 
-        # Checks if there are any ARE rules to be triggered for the specified hooked browser
-        #
-        # Note: browser version checks are supporting only major versions, ex: C 43, IE 11
-        # Note: OS version checks are supporting major/minor versions, ex: OSX 10.10, Windows 8.1
-        #
-        # Returns an array with rule IDs that matched and should be triggered.
-        # if rule_id is specified, checks will be executed only against the specified rule (useful
-        #  for dynamic triggering of new rulesets ar runtime)
-        def match(browser, browser_version, os, os_version, rule_id = nil)
-          match_rules = []
-          rules = if rule_id.nil?
-                    BeEF::Core::Models::Rule.all
-                  else
-                    [BeEF::Core::Models::Rule.find(rule_id)]
-                  end
-          return nil if rules.nil?
-          return nil unless rules.length > 0
-
-          print_info '[ARE] Checking if any defined rules should be triggered on target.'
-          # TODO: handle cases where there are multiple ARE rules for the same hooked browser.
-          # TODO the above works well, but maybe rules need to have priority or something?
-          rules.each do |rule|
-            browser_match = false
-            os_match = false
-
-            b_ver_cond = rule.browser_version.split(' ').first
-            b_ver = rule.browser_version.split(' ').last
-
-            os_ver_rule_cond = rule.os_version.split(' ').first
-            os_ver_rule_maj = rule.os_version.split(' ').last.split('.').first
-            os_ver_rule_min = rule.os_version.split(' ').last.split('.').last
-
-            # Most of the times Linux/*BSD OS doesn't return any version
-            # (TODO: improve OS detection on these operating systems)
-            if !os_version.nil? && !@VERSION_STR.include?(os_version)
-              os_ver_hook_maj = os_version.split('.').first
-              os_ver_hook_min = os_version.split('.').last
-
-              # the following assignments to 0 are need for later checks like:
-              # 8.1 >= 7, because if the version doesn't have minor versions, maj/min are the same
-              os_ver_hook_min = 0 if os_version.split('.').length == 1
-              os_ver_rule_min = 0 if rule.os_version.split('.').length == 1
-            else
-              # most probably Windows XP or Vista. the following is a hack as Microsoft had the brilliant idea
-              # to switch from strings to numbers in OS versioning. To prevent rewriting code later on,
-              # we say that XP is Windows 5.0 and Vista is Windows 6.0. Easier for comparison later on.
-              if os_version == 'XP'
-                os_ver_hook_maj = 5
-                os_ver_hook_min = 0
-              end
-              if os_version == 'Vista'
-                os_ver_hook_maj = 6
-                os_ver_hook_min = 0
-              end
-            end
-
-            if os_ver_rule_maj == 'XP'
-              os_ver_rule_maj = 5
-              os_ver_rule_min = 0
-            end
-            if os_ver_rule_maj == 'Vista'
-              os_ver_rule_maj = 6
-              os_ver_rule_min = 0
-            end
-
-            next unless @VERSION.include?(b_ver_cond)
-            next unless BeEF::Filters.is_valid_browserversion?(b_ver)
-
-            next unless @VERSION.include?(os_ver_rule_cond) || @VERSION_STR.include?(os_ver_rule_cond)
-
-            # os_ver without checks as it can be very different or even empty, for instance on linux/bsd)
-
-            # skip rule unless the browser matches
-            browser_match = false
-            # check if rule specifies multiple browsers
-            if rule.browser =~ /\A[A-Z]+\Z/
-              next unless rule.browser == 'ALL' || browser == rule.browser
-
-              # check if the browser version matches
-              browser_version_match = compare_versions(browser_version.to_s, b_ver_cond, b_ver.to_s)
-              browser_match = if browser_version_match
-                                true
-                              else
-                                false
-                              end
-              print_more "Browser version check -> (hook) #{browser_version} #{rule.browser_version} (rule) : #{browser_version_match}"
-            else
-              rule.browser.gsub(/[^A-Z,]/i, '').split(',').each do |b|
-                browser_match = true if b == browser || b == 'ALL'
-              end
-              # else, only one browser
-            end
-            next unless browser_match
-
-            # skip rule unless the OS matches
-            next unless rule.os == 'ALL' || os == rule.os
-
-            # check if the OS versions match
-            if !os_version.nil? || rule.os_version != 'ALL'
-              os_major_version_match = compare_versions(os_ver_hook_maj.to_s, os_ver_rule_cond, os_ver_rule_maj.to_s)
-              os_minor_version_match = compare_versions(os_ver_hook_min.to_s, os_ver_rule_cond, os_ver_rule_min.to_s)
-            else
-              # os_version_match = true if (browser doesn't return an OS version || rule OS version is ALL )
-              os_major_version_match = true
-              os_minor_version_match = true
-            end
-
-            os_match = true if os_ver_rule_cond == 'ALL' || (os_major_version_match && os_minor_version_match)
-            print_more "OS version check -> (hook) #{os_version} #{rule.os_version} (rule): #{os_major_version_match && os_minor_version_match}"
-
-            if browser_match && os_match
-              print_more "Hooked browser and OS type/version MATCH rule: #{rule.name}."
-              match_rules.push(rule.id)
-            end
-          rescue StandardError => e
-            print_error e.message
-            print_debug e.backtrace.join("\n")
-          end
-          print_more "Found [#{match_rules.length}/#{rules.length}] ARE rules matching the hooked browser type/version."
-
-          match_rules
-        end
-
         # compare versions
         def compare_versions(ver_a, cond, ver_b)
           return true if cond == 'ALL'

core/main/autorun_engine/parser.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -18,68 +18,63 @@ module BeEF
         VERSION = ['<', '<=', '==', '>=', '>', 'ALL', 'Vista', 'XP']
         CHAIN_MODE = %w[sequential nested-forward]
         MAX_VER_LEN = 15
-        # Parse a JSON ARE file and returns an Hash with the value mappings
-        def parse(name, author, browser, browser_version, os, os_version, modules, exec_order, exec_delay, chain_mode)
-          success = [true]
 
-          return [false, 'Illegal chain_mode definition'] unless CHAIN_MODE.include?(chain_mode)
-          return [false, 'Illegal rule name'] unless BeEF::Filters.is_non_empty_string?(name)
-          return [false, 'Illegal author name'] unless BeEF::Filters.is_non_empty_string?(author)
+        def parse(name, author, browser, browser_version, os, os_version, modules, execution_order, execution_delay, chain_mode)
+          raise ArgumentError, "Invalid rule name: #{name}" unless BeEF::Filters.is_non_empty_string?(name)
+          raise ArgumentError, "Invalid author name: #{author}" unless BeEF::Filters.is_non_empty_string?(author)
+          raise ArgumentError, "Invalid chain_mode definition: #{chain_mode}" unless CHAIN_MODE.include?(chain_mode)
+          raise ArgumentError, "Invalid os definition: #{os}" unless OS.include?(os)
+
+          unless modules.size == execution_delay.size
+            raise ArgumentError, "Number of execution_delay values (#{execution_delay.size}) must be consistent with number of modules (#{modules.size})"
+          end
+          execution_delay.each { |delay| raise TypeError, "Invalid execution_delay value: #{delay}. Values must be Integers." unless delay.is_a?(Integer) }
+
+          unless modules.size == execution_order.size
+            raise ArgumentError, "Number of execution_order values (#{execution_order.size}) must be consistent with number of modules (#{modules.size})"
+          end
+          execution_order.each { |order| raise TypeError, "Invalid execution_order value: #{order}. Values must be Integers." unless order.is_a?(Integer) }
 
           # if multiple browsers were specified, check each browser
           if browser.is_a?(Array)
             browser.each do |b|
-              return [false, 'Illegal browser definition'] unless BROWSER.include?(b)
+              raise ArgumentError, "Invalid browser definition: #{browser}" unless BROWSER.include?(b)
             end
           # else, if only one browser was specified, check browser and browser version
           else
-            return [false, 'Illegal browser definition'] unless BROWSER.include?(browser)
+            raise ArgumentError, "Invalid browser definition: #{browser}" unless BROWSER.include?(browser)
 
             if browser_version != 'ALL' && !(VERSION.include?(browser_version[0, 2].gsub(/\s+/, '')) &&
                   BeEF::Filters.is_valid_browserversion?(browser_version[2..-1].gsub(/\s+/, '')) && browser_version.length < MAX_VER_LEN)
-              return [false, 'Illegal browser_version definition']
+              raise ArgumentError, "Invalid browser_version definition: #{browser_version}"
             end
           end
 
           if os_version != 'ALL' && !(VERSION.include?(os_version[0, 2].gsub(/\s+/, '')) &&
                   BeEF::Filters.is_valid_osversion?(os_version[2..-1].gsub(/\s+/, '')) && os_version.length < MAX_VER_LEN)
-            return [false, 'Illegal os_version definition']
+            return ArgumentError, "Invalid os_version definition: #{os_version}"
           end
 
-          return [false, 'Illegal os definition'] unless OS.include?(os)
-
           # check if module names, conditions and options are ok
           modules.each do |cmd_mod|
             mod = BeEF::Core::Models::CommandModule.where(name: cmd_mod['name']).first
-            if mod.nil?
-              return [false, "The specified module name (#{cmd_mod['name']}) does not exist"]
-            else
-              modk = BeEF::Module.get_key_by_database_id(mod.id)
-              mod_options = BeEF::Module.get_options(modk)
 
-              opt_count = 0
-              mod_options.each do |opt|
-                if opt['name'] == cmd_mod['options'].keys[opt_count]
-                  opt_count += 1
-                else
-                  return [false, "The specified option (#{cmd_mod['options'].keys[opt_count]
-                                                        }) for module (#{cmd_mod['name']}) does not exist"]
-                end
+            raise "The specified module name (#{cmd_mod['name']}) does not exist" if mod.nil?
+
+            modk = BeEF::Module.get_key_by_database_id(mod.id)
+            mod_options = BeEF::Module.get_options(modk)
+
+            opt_count = 0
+            mod_options.each do |opt|
+              if opt['name'] != cmd_mod['options'].keys[opt_count]
+                raise ArgumentError, "The specified option (#{cmd_mod['options'].keys[opt_count]}) for module (#{cmd_mod['name']}) was not specified"
               end
+
+              opt_count += 1
             end
           end
 
-          exec_order.each { |order| return [false, 'execution_order values must be Integers'] unless order.integer? }
-          exec_delay.each { |delay| return [false, 'execution_delay values must be Integers'] unless delay.integer? }
-
-          return [false, 'execution_order and execution_delay values must be consistent with modules numbers'] unless
-              modules.size == exec_order.size && modules.size == exec_delay.size
-
-          success
-        rescue StandardError => e
-          print_error e.message.to_s
-          print_debug e.backtrace.join("\n").to_s
-          [false, 'Something went wrong.']
+          true
         end
       end
     end

core/main/autorun_engine/rule_loader.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -14,76 +14,111 @@ module BeEF
           @debug_on = @config.get('beef.debug')
         end
 
-        # this expects parsed JSON as input
-        def load(data)
-          name = data['name']
-          author = data['author']
+        # Load an ARE rule set
+        # @param [Hash] ARE ruleset as JSON
+        # @return [Hash] {"success": Boolean, "rule_id": Integer, "error": String}
+        def load_rule_json(data)
+          name = data['name'] || ''
+          author = data['author'] || ''
           browser = data['browser'] || 'ALL'
           browser_version = data['browser_version'] || 'ALL'
           os = data['os'] || 'ALL'
           os_version = data['os_version'] || 'ALL'
           modules = data['modules']
-          exec_order = data['execution_order']
-          exec_delay = data['execution_delay']
-          chain_mode = data['chain_mode']
+          execution_order = data['execution_order']
+          execution_delay = data['execution_delay']
+          chain_mode = data['chain_mode'] || 'sequential'
 
-          parser_result = BeEF::Core::AutorunEngine::Parser.instance.parse(
-            name, author, browser, browser_version, os, os_version, modules, exec_order, exec_delay, chain_mode
-          )
-
-          if parser_result.length == 1 && parser_result.first
-            print_info "[ARE] Ruleset (#{name}) parsed and stored successfully."
-            if @debug_on
-              print_more "Target Browser: #{browser} (#{browser_version})"
-              print_more "Target OS: #{os} (#{os_version})"
-              print_more 'Modules to Trigger:'
-              modules.each do |mod|
-                print_more "(*) Name: #{mod['name']}"
-                print_more "(*) Condition: #{mod['condition']}"
-                print_more "(*) Code: #{mod['code']}"
-                print_more '(*) Options:'
-                mod['options'].each do |key, value|
-                  print_more "\t#{key}: (#{value})"
-                end
-              end
-              print_more "Exec order: #{exec_order}"
-              print_more "Exec delay: #{exec_delay}"
-            end
-            are_rule = BeEF::Core::Models::Rule.new(
-              name: name,
-              author: author,
-              browser: browser,
-              browser_version: browser_version,
-              os: os,
-              os_version: os_version,
-              modules: modules.to_json,
-              execution_order: exec_order,
-              execution_delay: exec_delay,
-              chain_mode: chain_mode
+          begin
+            BeEF::Core::AutorunEngine::Parser.instance.parse(
+              name,
+              author,
+              browser,
+              browser_version,
+              os,
+              os_version,
+              modules,
+              execution_order,
+              execution_delay,
+              chain_mode
             )
-            are_rule.save
-            { 'success' => true, 'rule_id' => are_rule.id }
-          else
-            print_error "[ARE] Ruleset (#{name}): ERROR. " + parser_result.last
-            { 'success' => false, 'error' => parser_result.last }
+          rescue => e
+            print_error("[ARE] Error loading ruleset (#{name}): #{e.message}")
+            return { 'success' => false, 'error' => e.message }
           end
-        rescue StandardError => e
-          err = 'Malformed JSON ruleset.'
-          print_error "[ARE] Ruleset (#{name}): ERROR. #{e} #{e.backtrace}"
-          { 'success' => false, 'error' => err }
+
+          existing_rule = BeEF::Core::Models::Rule.where(
+            name: name,
+            author: author,
+            browser: browser,
+            browser_version: browser_version,
+            os: os,
+            os_version: os_version,
+            modules: modules.to_json,
+            execution_order: execution_order.to_s,
+            execution_delay: execution_delay.to_s,
+            chain_mode: chain_mode
+          ).first
+
+          unless existing_rule.nil?
+            msg = "Duplicate rule already exists in the database (ID: #{existing_rule.id})"
+            print_info("[ARE] Skipping ruleset (#{name}): #{msg}")
+            return { 'success' => false, 'error' => msg }
+          end
+
+          are_rule = BeEF::Core::Models::Rule.new(
+            name: name,
+            author: author,
+            browser: browser,
+            browser_version: browser_version,
+            os: os,
+            os_version: os_version,
+            modules: modules.to_json,
+            execution_order: execution_order.to_s,
+            execution_delay: execution_delay.to_s,
+            chain_mode: chain_mode
+          )
+          are_rule.save
+
+          print_info("[ARE] Ruleset (#{name}) parsed and stored successfully.")
+
+          if @debug_on
+            print_more "Target Browser: #{browser} (#{browser_version})"
+            print_more "Target OS: #{os} (#{os_version})"
+            print_more 'Modules to run:'
+            modules.each do |mod|
+              print_more "(*) Name: #{mod['name']}"
+              print_more "(*) Condition: #{mod['condition']}"
+              print_more "(*) Code: #{mod['code']}"
+              print_more '(*) Options:'
+              mod['options'].each do |key, value|
+                print_more "\t#{key}: (#{value})"
+              end
+            end
+            print_more "Exec order: #{execution_order}"
+            print_more "Exec delay: #{exec_delay}"
+          end
+
+          { 'success' => true, 'rule_id' => are_rule.id }
+        rescue TypeError, ArgumentError => e
+          print_error("[ARE] Failed to load ruleset (#{name}): #{e.message}")
+          { 'success' => false, 'error' => e.message }
         end
 
-        def load_file(json_rule_path)
+        # Load an ARE ruleset from file
+        # @param [String] JSON ARE ruleset file path
+        def load_rule_file(json_rule_path)
           rule_file = File.open(json_rule_path, 'r:UTF-8', &:read)
-          self.load JSON.parse(rule_file)
-        rescue StandardError => e
-          print_error "[ARE] Failed to load ruleset from #{json_rule_path}: #{e.message}"
+          self.load_rule_json(JSON.parse(rule_file))
+        rescue => e
+          print_error("[ARE] Failed to load ruleset from #{json_rule_path}: #{e.message}")
         end
 
+        # Load all JSON ARE rule files from arerules/enabled/ directory
         def load_directory
-          Dir.glob("#{$root_dir}/arerules/enabled/**/*.json") do |rule|
-            print_debug "[ARE] Processing rule: #{rule}"
-            load_file rule
+          Dir.glob("#{$root_dir}/arerules/enabled/**/*.json") do |rule_file|
+            print_debug("[ARE] Processing ruleset file: #{rule_file}")
+            load_rule_file(rule_file)
           end
         end
       end

core/main/client/are.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/beef.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/browser.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -4331,24 +4331,6 @@ beef.browser = {
         if (has_wmp) details['browser.capabilities.wmp'] = has_wmp;
         if (has_vlc) details['browser.capabilities.vlc'] = has_vlc;
 
-        var pf_integration = "<%= @phishing_frenzy_enable %>";
-        if (pf_integration) {
-            var pf_param = "uid";
-            var pf_victim_uid = "";
-            var location_search = window.location.search.substring(1);
-            var params = location_search.split('&');
-            for (var i = 0; i < params.length; i++) {
-                var param_entry = params[i].split('=');
-                if (param_entry[0] == pf_param) {
-                    pf_victim_uid = param_entry[1];
-                    details['PhishingFrenzyUID'] = pf_victim_uid;
-                    break;
-                }
-            }
-        } else {
-            details['PhishingFrenzyUID'] = "N/A";
-        }
-
         return details;
     },
 

core/main/client/browser/cookie.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/browser/popup.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/dom.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/encode/base64.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/encode/json.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/geolocation.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/hardware.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/init.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/lib/evercookie.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/logger.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/mitb.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/net.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/net/connection.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/net/dns.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/net/local.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/net/portscanner.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/net/requester.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/os.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/session.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/timeout.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/updater.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -7,7 +7,7 @@
 /**
  * Object in charge of getting new commands from the BeEF framework and execute them.
  * The XHR-polling channel is managed here. If WebSockets are enabled,
- * websocket.ls is used instead.
+ * websocket.js is used instead.
  * @namespace beef.updater
  */
 beef.updater = {

core/main/client/webrtc.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/websocket.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -84,9 +84,17 @@ beef.websocket = {
      * todo: there is probably a more efficient way to do this. Double-check WebSocket API.
      */
     alive: function (){
+        try {
+            if (beef.logger.running) {
+                beef.logger.queue();
+            }
+        } catch(err){}
+
+        beef.net.flush();
+
         beef.websocket.send('{"alive":"'+beef.session.get_hook_session_id()+'"}');
         setTimeout("beef.websocket.alive()", parseInt(beef.websocket.ws_poll_timeout));
     }
 };
 
-beef.regCmp('beef.websocket');
+beef.regCmp('beef.websocket');

core/main/command.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/configuration.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -20,7 +20,7 @@ module BeEF
       # @param [String] configuration_file Configuration file to be loaded,
       #        by default loads $root_dir/config.yaml
       def initialize(config)
-        raise TypeError, "'config' needs to be a string" unless config.string?
+        raise TypeError, "'config' needs to be a string" unless config.is_a?(String)
         raise TypeError, "Configuration file '#{config}' cannot be found" unless File.exist? config
 
         begin

core/main/console/banners.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/console/commandline.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/constants/browsers.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/constants/commandmodule.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #