Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Hiddenden:revert-3226-add_enable_auto_merge
Branches Tags
Hiddenden:master Hiddenden:dependabot/bundler/json-2.19.0 Hiddenden:red/fix_dependabot_automerge Hiddenden:dependabot/bundler/rubocop-1.85.1 Hiddenden:dependabot/bundler/sqlite3-2.9.1 Hiddenden:red/fix_xss_module Hiddenden:red/workflow-security-improvements Hiddenden:red/test_all_modules Hiddenden:red/dev Hiddenden:revert-3226-add_enable_auto_merge Hiddenden:update_copyright Hiddenden:wheatley-patch-2 Hiddenden:revert-2594-revert-2590-master Hiddenden:revert-2590-master
Hiddenden:v0.6.0.0 Hiddenden:v0.5.4.0 Hiddenden:v0.5.2.0 Hiddenden:v0.5.3.0 Hiddenden:v0.5.1.0 Hiddenden:v0.5.0.0 Hiddenden:beef-0.4.7.3 Hiddenden:beef-0.4.7.2 Hiddenden:beef-0.4.7.1 Hiddenden:beef-0.4.7.0 Hiddenden:beef-0.4.6.1 Hiddenden:beef-0.4.5.1 Hiddenden:beef-0.4.5.0 Hiddenden:beef-0.4.4.9 Hiddenden:beef-0.4.4.8 Hiddenden:beef-0.4.4.7 Hiddenden:beef-0.4.4.6.1 Hiddenden:beef-0.4.4.6 Hiddenden:beef-0.4.4.5 Hiddenden:beef-0.4.4.4.1 Hiddenden:beef-0.4.4.4 Hiddenden:beef-0.4.4.3 Hiddenden:beef-0.4.4.2.1 Hiddenden:beef-0.4.4.1 Hiddenden:beef-0.4.4.0 Hiddenden:beef-0.4.3.9 Hiddenden:beef-0.4.3.8 Hiddenden:beef-0.4.3.7 Hiddenden:beef-0.4.3.6 Hiddenden:beef-0.4.3.5 Hiddenden:beef-0.4.3.4 Hiddenden:beef-0.4.3.3 Hiddenden:beef-0.4.3.2 Hiddenden:beef-0.4.3.1
..
compare: Hiddenden:wheatley-patch-2
Branches Tags
Hiddenden:dependabot/bundler/json-2.19.0 Hiddenden:red/fix_dependabot_automerge Hiddenden:dependabot/bundler/rubocop-1.85.1 Hiddenden:dependabot/bundler/sqlite3-2.9.1 Hiddenden:master Hiddenden:red/fix_xss_module Hiddenden:red/workflow-security-improvements Hiddenden:red/test_all_modules Hiddenden:red/dev Hiddenden:revert-3226-add_enable_auto_merge Hiddenden:update_copyright Hiddenden:wheatley-patch-2 Hiddenden:revert-2594-revert-2590-master Hiddenden:revert-2590-master
Hiddenden:v0.6.0.0 Hiddenden:v0.5.4.0 Hiddenden:v0.5.2.0 Hiddenden:v0.5.3.0 Hiddenden:v0.5.1.0 Hiddenden:v0.5.0.0 Hiddenden:beef-0.4.7.3 Hiddenden:beef-0.4.7.2 Hiddenden:beef-0.4.7.1 Hiddenden:beef-0.4.7.0 Hiddenden:beef-0.4.6.1 Hiddenden:beef-0.4.5.1 Hiddenden:beef-0.4.5.0 Hiddenden:beef-0.4.4.9 Hiddenden:beef-0.4.4.8 Hiddenden:beef-0.4.4.7 Hiddenden:beef-0.4.4.6.1 Hiddenden:beef-0.4.4.6 Hiddenden:beef-0.4.4.5 Hiddenden:beef-0.4.4.4.1 Hiddenden:beef-0.4.4.4 Hiddenden:beef-0.4.4.3 Hiddenden:beef-0.4.4.2.1 Hiddenden:beef-0.4.4.1 Hiddenden:beef-0.4.4.0 Hiddenden:beef-0.4.3.9 Hiddenden:beef-0.4.3.8 Hiddenden:beef-0.4.3.7 Hiddenden:beef-0.4.3.6 Hiddenden:beef-0.4.3.5 Hiddenden:beef-0.4.3.4 Hiddenden:beef-0.4.3.3 Hiddenden:beef-0.4.3.2 Hiddenden:beef-0.4.3.1

1 Commits
revert-322 ... wheatley-p

Author SHA1 Message Date
wheatley
73d2cc3c57 Update github_actions.yml 2023-09-24 21:31:45 +10:00
1327 changed files with 25597 additions and 28327 deletions
Expand all files Collapse all files

26
.github/workflows/dependabot-auto-merge.yml vendored
View File

@@ -1,26 +0,0 @@
name: Dependabot auto-merge
on:
pull_request:
branches:
- master
permissions:
contents: write
pull-requests: write
jobs:
dependabot:
runs-on: ubuntu-latest
if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'beefproject/beef'
steps:
- name: Dependabot metadata
id: metadata
uses: dependabot/fetch-metadata@v2
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"
- name: Enable auto-merge for Dependabot PRs
if: success() && (steps.metadata.outputs.update-type == 'version-update:semver-minor' || steps.metadata.outputs.update-type == 'version-update:semver-patch')
run: gh pr merge --auto --merge "$PR_URL"
env:
PR_URL: ${{ github.event.pull_request.html_url }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

16
.github/workflows/github_actions.yml vendored
View File

@@ -4,7 +4,14 @@ on:
pull_request_target:
branches: [ master ]
jobs:
jobs:
approve:
runs-on: ubuntu-latest
steps:
- name: Approve
run: echo For security reasons, all pull requests need to be approved first before running any automated CI.
ubuntu-job:
name: 'BrowserStack Test on Ubuntu'
runs-on: ubuntu-latest # Can be self-hosted runner also
@@ -27,16 +34,17 @@ jobs:
local-identifier: random
- name: 'Checkout the repository'
uses: actions/checkout@v4
uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 2
- name: 'Setting up Ruby'
uses: ruby/setup-ruby@v1
# Ruby version is defined in .ruby-version file
with:
ruby-version: 3.0.3 # Not needed with a .ruby-version file
- name: 'Update and Install Dependencies'
- name: 'Update and Install Dwpendencies'
run: |
sudo apt update
sudo apt install libcurl4 libcurl4-openssl-dev

8
.github/workflows/stale.yml vendored
View File

@@ -21,10 +21,10 @@ jobs:
- uses: actions/stale@v5
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
days-before-stale: 14
days-before-pr-stale: 29
days-before-close: 11
days-before-pr-close: 31
days-before-stale: 7
days-before-pr-stale: 14
days-before-close: 7
days-before-pr-close: 14
stale-issue-message: 'This issue as been marked as stale due to inactivity and will be closed in 7 days'
stale-pr-message: 'Stale pull request message'
stale-issue-label: 'Stale'

5
.gitignore vendored
View File

@@ -1,7 +1,5 @@
### BeEF ###
beef.db
beef.db-shm
beef.db-wal
beef.log
test/msf-test
extensions/admin_ui/media/javascript-min/
@@ -27,9 +25,6 @@ coverage/
# BrowserStack
local.log
# Visual Studio Code
.vscode/
# The following lines were created by https://www.gitignore.io
### Linux ###

2
.ruby-version
View File

@@ -1 +1 @@
3.2.2
3.0.3

5
Dockerfile
View File

@@ -1,8 +1,3 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
###########################################################################################################
###########################################################################################################
## ##

42
Gemfile
View File

@@ -1,34 +1,34 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
#gem 'simplecov', require: false, group: :test
gem 'net-smtp', require: false
gem 'json'
gem 'eventmachine', '~> 1.2', '>= 1.2.7'
gem 'thin', '~> 1.8'
gem 'sinatra', '~> 3.2'
gem 'sinatra', '~> 3.0'
gem 'rack', '~> 2.2'
gem 'rack-protection', '~> 3.2.0'
gem 'rack-protection', '~> 3.0.5'
gem 'em-websocket', '~> 0.5.3' # WebSocket support
gem 'uglifier', '~> 4.2'
gem 'mime-types', '~> 3.6'
gem 'execjs', '~> 2.10'
gem 'mime-types', '~> 3.4', '>= 3.4.1'
gem 'execjs', '~> 2.9'
gem 'ansi', '~> 1.5'
gem 'term-ansicolor', :require => 'term/ansicolor'
gem 'rubyzip', '~> 2.3'
gem 'espeak-ruby', '~> 1.1.0' # Text-to-Voice
gem 'rake', '~> 13.2'
gem 'activerecord', '~> 7.2'
gem 'otr-activerecord', '~> 2.4.0'
gem 'sqlite3', '~> 2.2'
gem 'rubocop', '~> 1.68.0', require: false
gem 'rake', '~> 13.0'
gem 'otr-activerecord', '~> 2.1', '>= 2.1.2'
gem 'sqlite3', '~> 1.6'
gem 'rubocop', '~> 1.56.3', require: false
# Geolocation support
group :geoip do
gem 'maxmind-db', '~> 1.2'
gem 'maxmind-db', '~> 1.1', '>= 1.1.1'
end
gem 'parseconfig', '~> 1.1', '>= 1.1.2'
@@ -51,7 +51,7 @@ end
# DNS extension
group :ext_dns do
gem 'async-dns', '~> 1.3'
gem 'async', '~> 1.32'
gem 'async', '~> 1.31'
end
# QRcode extension
@@ -62,29 +62,29 @@ end
# For running unit tests
group :test do
gem 'test-unit-full', '~> 0.0.5'
gem 'rspec', '~> 3.13'
gem 'rdoc', '~> 6.7'
gem 'rspec', '~> 3.12'
gem 'rdoc', '~> 6.5'
gem 'browserstack-local', '~> 1.4'
gem 'irb', '~> 1.14'
gem 'irb', '~> 1.8'
gem 'pry-byebug', '~> 3.10', '>= 3.10.1'
gem 'rest-client', '~> 2.1.0'
gem 'websocket-client-simple', '~> 0.6.1'
# Note: curb gem requires curl libraries
# curb gem requires curl libraries
# sudo apt-get install libcurl4-openssl-dev
gem 'curb', '~> 1.0', '>= 1.0.5'
# Note: selenium-webdriver 3.x is incompatible with Firefox version 48 and prior
# selenium-webdriver 3.x is incompatible with Firefox version 48 and prior
# gem 'selenium' # Requires old version of selenium which is no longer available
gem 'geckodriver-helper', '~> 0.24.0'
gem 'selenium-webdriver', '~> 4.26'
gem 'selenium-webdriver', '~> 4.12'
# Note: nokogiri is needed by capybara which may require one of the below commands
# nokogiri is needed by capybara which may require one of the below commands
# sudo apt-get install libxslt-dev libxml2-dev
# sudo port install libxml2 libxslt
gem 'capybara', '~> 3.40'
gem 'capybara', '~> 3.39'
end
source 'https://rubygems.org'

275
Gemfile.lock
View File

@@ -1,64 +1,51 @@
GEM
remote: https://rubygems.org/
specs:
activemodel (7.2.2)
activesupport (= 7.2.2)
activerecord (7.2.2)
activemodel (= 7.2.2)
activesupport (= 7.2.2)
timeout (>= 0.4.0)
activesupport (7.2.2)
base64
benchmark (>= 0.3)
bigdecimal
concurrent-ruby (~> 1.0, >= 1.3.1)
connection_pool (>= 2.2.5)
drb
activemodel (7.0.4.3)
activesupport (= 7.0.4.3)
activerecord (7.0.4.3)
activemodel (= 7.0.4.3)
activesupport (= 7.0.4.3)
activesupport (7.0.4.3)
concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 1.6, < 2)
logger (>= 1.4.2)
minitest (>= 5.1)
securerandom (>= 0.3)
tzinfo (~> 2.0, >= 2.0.5)
addressable (2.8.7)
public_suffix (>= 2.0.2, < 7.0)
tzinfo (~> 2.0)
addressable (2.8.4)
public_suffix (>= 2.0.2, < 6.0)
ansi (1.5.0)
archive-zip (0.12.0)
io-like (~> 0.3.0)
ast (2.4.2)
async (1.32.1)
async (1.31.0)
console (~> 1.10)
nio4r (~> 2.3)
timers (~> 4.1)
async-dns (1.3.0)
async-io (~> 1.15)
async-io (1.43.2)
async-io (1.34.3)
async
base64 (0.2.0)
benchmark (0.3.0)
bigdecimal (3.1.8)
base64 (0.1.1)
browserstack-local (1.4.3)
byebug (11.1.3)
capybara (3.40.0)
capybara (3.39.2)
addressable
matrix
mini_mime (>= 0.1.3)
nokogiri (~> 1.11)
nokogiri (~> 1.8)
rack (>= 1.6.0)
rack-test (>= 0.6.3)
regexp_parser (>= 1.5, < 3.0)
xpath (~> 3.2)
coderay (1.1.3)
concurrent-ruby (1.3.4)
connection_pool (2.4.1)
console (1.27.0)
fiber-annotation
fiber-local (~> 1.1)
json
curb (1.0.6)
concurrent-ruby (1.2.2)
console (1.16.2)
fiber-local
curb (1.0.5)
daemons (1.4.1)
diff-lcs (1.5.1)
domain_name (0.6.20240107)
drb (2.2.1)
diff-lcs (1.5.0)
domain_name (0.5.20190701)
unf (>= 0.0.5, < 1.0.0)
em-websocket (0.5.3)
eventmachine (>= 0.12.9)
http_parser.rb (~> 0)
@@ -66,161 +53,139 @@ GEM
espeak-ruby (1.1.0)
event_emitter (0.2.6)
eventmachine (1.2.7)
execjs (2.10.0)
fiber-annotation (0.2.0)
fiber-local (1.1.0)
fiber-storage
fiber-storage (1.0.0)
execjs (2.9.1)
fiber-local (1.0.0)
geckodriver-helper (0.24.0)
archive-zip (~> 0.7)
hashie (5.0.0)
hashie-forbidden_attributes (0.1.1)
hashie (>= 3.0)
http-accept (1.7.0)
http-cookie (1.0.7)
http-cookie (1.0.5)
domain_name (~> 0.5)
http_parser.rb (0.8.0)
i18n (1.14.6)
i18n (1.12.0)
concurrent-ruby (~> 1.0)
io-console (0.7.2)
io-console (0.6.0)
io-like (0.3.1)
irb (1.14.1)
rdoc (>= 4.0.0)
reline (>= 0.4.2)
json (2.8.1)
irb (1.8.1)
rdoc
reline (>= 0.3.8)
json (2.6.3)
language_server-protocol (3.17.0.3)
logger (1.6.1)
matrix (0.4.2)
maxmind-db (1.2.0)
method_source (1.1.0)
mime-types (3.6.0)
logger
maxmind-db (1.1.1)
method_source (1.0.0)
mime-types (3.4.1)
mime-types-data (~> 3.2015)
mime-types-data (3.2024.1001)
mini_mime (1.1.5)
minitest (5.25.1)
mojo_magick (0.6.8)
mime-types-data (3.2023.0218.1)
mini_mime (1.1.2)
minitest (5.18.0)
mojo_magick (0.6.7)
msfrpc-client (1.1.2)
msgpack (~> 1)
msgpack (1.7.3)
mustermann (3.0.3)
msgpack (1.6.1)
mustermann (3.0.0)
ruby2_keywords (~> 0.0.1)
net-protocol (0.2.2)
net-protocol (0.2.1)
timeout
net-smtp (0.5.0)
net-smtp (0.4.0)
net-protocol
netrc (0.11.0)
nio4r (2.7.4)
nokogiri (1.16.7-aarch64-linux)
nio4r (2.5.8)
nokogiri (1.15.2-x86_64-linux)
racc (~> 1.4)
nokogiri (1.16.7-arm-linux)
racc (~> 1.4)
nokogiri (1.16.7-arm64-darwin)
racc (~> 1.4)
nokogiri (1.16.7-x86-linux)
racc (~> 1.4)
nokogiri (1.16.7-x86_64-darwin)
racc (~> 1.4)
nokogiri (1.16.7-x86_64-linux)
racc (~> 1.4)
otr-activerecord (2.4.0)
activerecord (>= 6.0, < 7.3)
otr-activerecord (2.1.2)
activerecord (>= 4.0, < 7.1)
hashie-forbidden_attributes (~> 0.1)
parallel (1.26.3)
parallel (1.23.0)
parseconfig (1.1.2)
parser (3.3.5.1)
parser (3.2.2.3)
ast (~> 2.4.1)
racc
power_assert (2.0.4)
power_assert (2.0.3)
pry (0.14.2)
coderay (~> 1.1)
method_source (~> 1.0)
pry-byebug (3.10.1)
byebug (~> 11.0)
pry (>= 0.13, < 0.15)
psych (5.1.2)
psych (5.1.0)
stringio
public_suffix (6.0.1)
qr4r (0.6.2)
public_suffix (5.0.1)
qr4r (0.6.1)
mojo_magick (~> 0.6.5)
rqrcode_core (~> 1.0)
racc (1.8.1)
rack (2.2.10)
rack-protection (3.2.0)
base64 (>= 0.1.0)
rack (~> 2.2, >= 2.2.4)
rqrcode_core (~> 0.1)
racc (1.7.1)
rack (2.2.7)
rack-protection (3.0.6)
rack
rack-test (2.1.0)
rack (>= 1.3)
rainbow (3.1.1)
rake (13.2.1)
rdoc (6.7.0)
rake (13.0.6)
rdoc (6.5.0)
psych (>= 4.0.0)
regexp_parser (2.9.2)
reline (0.5.10)
regexp_parser (2.8.1)
reline (0.3.8)
io-console (~> 0.5)
rest-client (2.1.0)
http-accept (>= 1.7.0, < 2.0)
http-cookie (>= 1.0.2, < 2.0)
mime-types (>= 1.16, < 4.0)
netrc (~> 0.8)
rexml (3.3.9)
rqrcode_core (1.2.0)
rr (3.1.1)
rspec (3.13.0)
rspec-core (~> 3.13.0)
rspec-expectations (~> 3.13.0)
rspec-mocks (~> 3.13.0)
rspec-core (3.13.2)
rspec-support (~> 3.13.0)
rspec-expectations (3.13.3)
rexml (3.2.6)
rqrcode_core (0.2.0)
rr (3.1.0)
rspec (3.12.0)
rspec-core (~> 3.12.0)
rspec-expectations (~> 3.12.0)
rspec-mocks (~> 3.12.0)
rspec-core (3.12.1)
rspec-support (~> 3.12.0)
rspec-expectations (3.12.2)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.13.0)
rspec-mocks (3.13.2)
rspec-support (~> 3.12.0)
rspec-mocks (3.12.4)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.13.0)
rspec-support (3.13.1)
rubocop (1.68.0)
rspec-support (~> 3.12.0)
rspec-support (3.12.0)
rubocop (1.56.3)
base64 (~> 0.1.1)
json (~> 2.3)
language_server-protocol (>= 3.17.0)
parallel (~> 1.10)
parser (>= 3.3.0.2)
parser (>= 3.2.2.3)
rainbow (>= 2.2.2, < 4.0)
regexp_parser (>= 2.4, < 3.0)
rubocop-ast (>= 1.32.2, < 2.0)
regexp_parser (>= 1.8, < 3.0)
rexml (>= 3.2.5, < 4.0)
rubocop-ast (>= 1.28.1, < 2.0)
ruby-progressbar (~> 1.7)
unicode-display_width (>= 2.4.0, < 3.0)
rubocop-ast (1.33.1)
parser (>= 3.3.1.0)
rubocop-ast (1.29.0)
parser (>= 3.2.1.0)
ruby-progressbar (1.13.0)
ruby2_keywords (0.0.5)
rubyzip (2.3.2)
rushover (0.3.0)
json
rest-client
securerandom (0.3.1)
selenium-webdriver (4.26.0)
base64 (~> 0.2)
logger (~> 1.4)
selenium-webdriver (4.12.0)
rexml (~> 3.2, >= 3.2.5)
rubyzip (>= 1.2.2, < 3.0)
websocket (~> 1.0)
sinatra (3.2.0)
sinatra (3.0.6)
mustermann (~> 3.0)
rack (~> 2.2, >= 2.2.4)
rack-protection (= 3.2.0)
rack-protection (= 3.0.6)
tilt (~> 2.0)
slack-notifier (2.4.0)
sqlite3 (2.2.0-aarch64-linux-gnu)
sqlite3 (2.2.0-arm-linux-gnu)
sqlite3 (2.2.0-arm64-darwin)
sqlite3 (2.2.0-x86-linux-gnu)
sqlite3 (2.2.0-x86_64-darwin)
sqlite3 (2.2.0-x86_64-linux-gnu)
stringio (3.1.1)
sqlite3 (1.6.6-x86_64-linux)
stringio (3.0.5)
sync (0.5.0)
term-ansicolor (1.11.2)
term-ansicolor (1.7.1)
tins (~> 1.0)
test-unit (3.6.2)
test-unit (3.5.7)
power_assert
test-unit-context (0.5.1)
test-unit (>= 2.4.0)
@@ -241,78 +206,74 @@ GEM
daemons (~> 1.0, >= 1.0.9)
eventmachine (~> 1.0, >= 1.0.4)
rack (>= 1, < 3)
tilt (2.4.0)
timeout (0.4.1)
tilt (2.1.0)
timeout (0.4.0)
timers (4.3.5)
tins (1.37.0)
bigdecimal
tins (1.32.1)
sync
tzinfo (2.0.6)
concurrent-ruby (~> 1.0)
uglifier (4.2.1)
uglifier (4.2.0)
execjs (>= 0.3.0, < 3)
unicode-display_width (2.6.0)
webrick (1.9.0)
websocket (1.2.11)
unf (0.1.4)
unf_ext
unf_ext (0.0.8.2)
unicode-display_width (2.4.2)
webrick (1.8.1)
websocket (1.2.9)
websocket-client-simple (0.6.1)
event_emitter
websocket
xmlrpc (0.3.3)
xmlrpc (0.3.2)
webrick
xpath (3.2.0)
nokogiri (~> 1.8)
PLATFORMS
aarch64-linux
arm-linux
arm64-darwin
x86-linux
x86_64-darwin
x86_64-linux
DEPENDENCIES
activerecord (~> 7.2)
ansi (~> 1.5)
async (~> 1.32)
async (~> 1.31)
async-dns (~> 1.3)
browserstack-local (~> 1.4)
capybara (~> 3.40)
capybara (~> 3.39)
curb (~> 1.0, >= 1.0.5)
em-websocket (~> 0.5.3)
erubis (~> 2.7)
espeak-ruby (~> 1.1.0)
eventmachine (~> 1.2, >= 1.2.7)
execjs (~> 2.10)
execjs (~> 2.9)
geckodriver-helper (~> 0.24.0)
irb (~> 1.14)
irb (~> 1.8)
json
maxmind-db (~> 1.2)
mime-types (~> 3.6)
maxmind-db (~> 1.1, >= 1.1.1)
mime-types (~> 3.4, >= 3.4.1)
msfrpc-client (~> 1.1, >= 1.1.2)
net-smtp
otr-activerecord (~> 2.4.0)
otr-activerecord (~> 2.1, >= 2.1.2)
parseconfig (~> 1.1, >= 1.1.2)
pry-byebug (~> 3.10, >= 3.10.1)
qr4r (~> 0.6.1)
rack (~> 2.2)
rack-protection (~> 3.2.0)
rake (~> 13.2)
rdoc (~> 6.7)
rack-protection (~> 3.0.5)
rake (~> 13.0)
rdoc (~> 6.5)
rest-client (~> 2.1.0)
rspec (~> 3.13)
rubocop (~> 1.68.0)
rspec (~> 3.12)
rubocop (~> 1.56.3)
rubyzip (~> 2.3)
rushover (~> 0.3.0)
selenium-webdriver (~> 4.26)
sinatra (~> 3.2)
selenium-webdriver (~> 4.12)
sinatra (~> 3.0)
slack-notifier (~> 2.4)
sqlite3 (~> 2.2)
sqlite3 (~> 1.6)
term-ansicolor
test-unit-full (~> 0.0.5)
thin (~> 1.8)
uglifier (~> 4.2)
websocket-client-simple (~> 0.6.1)
xmlrpc (~> 0.3.3)
xmlrpc (~> 0.3.2)
BUNDLED WITH
2.5.18
2.4.8

8
INSTALL.txt
View File

@@ -1,7 +1,7 @@
===============================================================================
Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
Browser Exploitation Framework (BeEF) - https://beefproject.com
Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
Browser Exploitation Framework (BeEF) - http://beefproject.com
See the file 'doc/COPYING' for copying permission
===============================================================================
@@ -21,9 +21,9 @@ Or cloning the Git repository from Github:
Prerequisites
--------------
BeEF requires Ruby 3.0+.
BeEF requires Ruby 2.7+.
If your operating system package manager does not support Ruby version 3.0,
If your operating system package manager does not support Ruby version 2.7,
you can add the brightbox ppa repository for the latest version of Ruby:
$ sudo apt-add-repository -y ppa:brightbox/ruby-ng

6
README.md
View File

@@ -1,7 +1,7 @@
===============================================================================
Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
Browser Exploitation Framework (BeEF) - https://beefproject.com
Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
Browser Exploitation Framework (BeEF) - http://beefproject.com
See the file 'doc/COPYING' for copying permission
===============================================================================
@@ -36,7 +36,7 @@ Requirements
------------
* Operating System: Mac OSX 10.5.0 or higher / modern Linux. Note: Windows is not supported.
* [Ruby](https://www.ruby-lang.org): 3.0 or newer
* [Ruby](https://www.ruby-lang.org): 2.7 or newer
* [SQLite](http://sqlite.org): 3.x
* [Node.js](https://nodejs.org): 10 or newer
* The gems listed in the Gemfile: https://github.com/beefproject/beef/blob/master/Gemfile

62
Rakefile
View File

@@ -1,27 +1,28 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
require 'yaml'
require 'bundler/setup'
load 'tasks/otr-activerecord.rake'
#require 'pry-byebug'
task :default => ["spec"]
desc 'Generate API documentation to doc/rdocs/index.html'
task :rdoc do
Rake::Task['rdoc:rerdoc'].invoke
end
## RSPEC
require 'rspec/core/rake_task'
task :default => ["short"]
RSpec::Core::RakeTask.new(:short) do |task|
task.rspec_opts = ['--tag ~run_on_browserstack', '--tag ~run_on_long_tests']
end
RSpec::Core::RakeTask.new(:long) do |task|
RSpec::Core::RakeTask.new(:spec) do |task|
task.rspec_opts = ['--tag ~run_on_browserstack']
end
RSpec::Core::RakeTask.new(:long_only) do |task|
task.rspec_opts = ['--tag ~run_on_browserstack', '--tag run_on_long_tests']
end
################################
# Browserstack
RSpec::Core::RakeTask.new(:browserstack) do |task|
task.rspec_opts = ['--tag run_on_browserstack']
end
@@ -54,7 +55,7 @@ namespace :ssl do
end
Rake::Task['ssl:replace'].invoke
end
desc 'Re-generate SSL certificate'
task :replace do
if File.file?('/usr/local/bin/openssl')
@@ -69,14 +70,6 @@ namespace :ssl do
end
end
################################
# Generate API documentation
desc 'Generate API documentation to doc/rdocs/index.html'
task :rdoc do
Rake::Task['rdoc:rerdoc'].invoke
end
################################
# rdoc
@@ -122,6 +115,7 @@ end
@beef_process_id = nil;
@beef_config_file = 'tmp/rk_beef_conf.yaml';
task :beef_start => 'beef' do
# read environment param for creds or use bad_fred
test_user = ENV['TEST_BEEF_USER'] || 'bad_fred'
@@ -196,6 +190,24 @@ file '/tmp/msf-test/msfconsole' do
sh "cd test;git clone https://github.com/rapid7/metasploit-framework.git /tmp/msf-test"
end
################################
# Create Mac DMG File
task :dmg do
puts "\nCreating Working Directory\n";
sh "mkdir dmg";
sh "mkdir dmg/BeEF";
sh "rsync * dmg/BeEF --exclude=dmg -r";
sh "ln -s /Applications dmg/";
puts "\nCreating DMG File\n"
sh "hdiutil create ./BeEF.dmg -srcfolder dmg -volname BeEF -ov";
puts "\nCleaning Up\n"
sh "rm -r dmg";
puts "\nBeEF.dmg created\n"
end
################################
# ActiveRecord
namespace :db do

4
VERSION
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

18
beef
View File

@@ -1,8 +1,8 @@
#!/usr/bin/env ruby
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
@@ -12,9 +12,9 @@
$VERBOSE = nil
#
# @note Version check to ensure BeEF is running Ruby 3.0+
# @note Version check to ensure BeEF is running Ruby 2.7+
#
min_ruby_version = '3.0'
min_ruby_version = '2.7'
if RUBY_VERSION < min_ruby_version
puts
puts "Ruby version #{RUBY_VERSION} is no longer supported. Please upgrade to Ruby version #{min_ruby_version} or later."
@@ -194,6 +194,7 @@ end
# Connect to DB
ActiveRecord::Base.logger = nil
OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')]
OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database:db_file)
# otr-activerecord require you to manually establish the connection with the following line
#Also a check to confirm that the correct Gem version is installed to require it, likely easier for old systems.
@@ -202,13 +203,10 @@ if Gem.loaded_specs['otr-activerecord'].version > Gem::Version.create('1.4.2')
end
# Migrate (if required)
ActiveRecord::Migration.verbose = false # silence activerecord migration stdout messages
ActiveRecord::Migrator.migrations_paths = [File.join('core', 'main', 'ar-migrations')]
context = ActiveRecord::MigrationContext.new(ActiveRecord::Migrator.migrations_paths)
context = ActiveRecord::Migration.new.migration_context
if context.needs_migration?
ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration, context.internal_metadata).migrate
ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration).migrate
end
#
# @note Extensions may take a moment to load, thus we print out a please wait message
#
@@ -244,8 +242,6 @@ BeEF::Core::Console::Banners.print_loaded_extensions
BeEF::Core::Console::Banners.print_loaded_modules
BeEF::Core::Console::Banners.print_network_interfaces_count
BeEF::Core::Console::Banners.print_network_interfaces_routes
BeEF::Core::Console::Banners.print_http_proxy
BeEF::Core::Console::Banners.print_dns
#
# @note Prints the API key needed to use the RESTful API

6
config.yaml
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
# BeEF Configuration file
@@ -146,6 +146,6 @@ beef:
metasploit:
enable: false
social_engineering:
enable: false
enable: true
xssrays:
enable: true

4
core/api.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

4
core/api/extension.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

4
core/api/extensions.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

4
core/api/main/configuration.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

4
core/api/main/migration.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

4
core/api/main/network_stack/assethandler.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

4
core/api/main/server.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

4
core/api/main/server/hook.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

4
core/api/module.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

4
core/api/modules.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

4
core/bootstrap.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

4
core/core.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

4
core/extension.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

4
core/extensions.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

4
core/filters.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

4
core/filters/base.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

6
core/filters/browser.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
@@ -46,7 +46,7 @@ module BeEF
return false if has_non_printable_char?(str)
return true if str.eql? 'UNKNOWN'
return true if str.eql? 'ALL'
return false if !nums_only?(str) and !str.match(/\A(0|[1-9][0-9]{0,3})(\.(0|[1-9][0-9]{0,3})){0,3}\z/)
return false if !nums_only?(str) and !is_valid_float?(str)
return false if str.length > 20
true

4
core/filters/command.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

4
core/filters/http.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

4
core/filters/page.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

4
core/hbmanager.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

4
core/loader.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

4
core/logger.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

6
core/main/ar-migrations/015_create_http.rb
View File

@@ -4,8 +4,8 @@ class CreateHttp < ActiveRecord::Migration[6.0]
t.text :hooked_browser_id
# The http request to perform. In clear text.
t.text :request
# Boolean value as string to say whether cross-origin requests are allowed
t.boolean :allow_cross_origin, default: true
# Boolean value as string to say whether cross-domain requests are allowed
t.boolean :allow_cross_domain, default: true
# The http response body received. In clear text.
t.text :response_data
# The http response code. Useful to handle cases like 404, 500, 302, ...
@@ -26,7 +26,7 @@ class CreateHttp < ActiveRecord::Migration[6.0]
t.text :domain
# The port on which perform the request.
t.text :port
# Boolean value to say if the request was cross-origin
# Boolean value to say if the request was cross-domain
t.text :has_ran, default: 'waiting'
# The path of the request.
# Example: /secret.html

2
core/main/ar-migrations/025_create_xssrays_scan.rb
View File

@@ -5,7 +5,7 @@ class CreateXssraysScan < ActiveRecord::Migration[6.0]
t.datetime :scan_start
t.datetime :scan_finish
t.text :domain
t.text :cross_origin
t.text :cross_domain
t.integer :clean_timeout
t.boolean :is_started
t.boolean :is_finished

4
core/main/autorun_engine/engine.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

4
core/main/autorun_engine/parser.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

97
core/main/autorun_engine/rule_loader.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
@@ -105,99 +105,6 @@ module BeEF
{ 'success' => false, 'error' => e.message }
end
# Update an ARE rule set.
# @param [Hash] ARE rule ID.
# @param [Hash] ARE ruleset as JSON
# @return [Hash] {"success": Boolean, "rule_id": Integer, "error": String}
def update_rule_json(id, data)
# Quite similar in implementation to load_rule_json. Might benefit from a refactor.
name = data['name'] || ''
author = data['author'] || ''
browser = data['browser'] || 'ALL'
browser_version = data['browser_version'] || 'ALL'
os = data['os'] || 'ALL'
os_version = data['os_version'] || 'ALL'
modules = data['modules']
execution_order = data['execution_order']
execution_delay = data['execution_delay']
chain_mode = data['chain_mode'] || 'sequential'
begin
BeEF::Core::AutorunEngine::Parser.instance.parse(
name,
author,
browser,
browser_version,
os,
os_version,
modules,
execution_order,
execution_delay,
chain_mode
)
rescue => e
print_error("[ARE] Error updating ruleset (#{name}): #{e.message}")
return { 'success' => false, 'error' => e.message }
end
existing_rule = BeEF::Core::Models::Rule.where(
name: name,
author: author,
browser: browser,
browser_version: browser_version,
os: os,
os_version: os_version,
modules: modules.to_json,
execution_order: execution_order.to_s,
execution_delay: execution_delay.to_s,
chain_mode: chain_mode
).first
unless existing_rule.nil?
msg = "Duplicate rule already exists in the database (ID: #{existing_rule.id})"
print_info("[ARE] Skipping ruleset (#{name}): #{msg}")
return { 'success' => false, 'error' => msg }
end
old_are_rule = BeEF::Core::Models::Rule.find_by(id: id)
old_are_rule.update(
name: name,
author: author,
browser: browser,
browser_version: browser_version,
os: os,
os_version: os_version,
modules: modules.to_json,
execution_order: execution_order.to_s,
execution_delay: execution_delay.to_s,
chain_mode: chain_mode
)
print_info("[ARE] Ruleset (#{name}) updated successfully.")
if @debug_on
print_more "Target Browser: #{browser} (#{browser_version})"
print_more "Target OS: #{os} (#{os_version})"
print_more 'Modules to run:'
modules.each do |mod|
print_more "(*) Name: #{mod['name']}"
print_more "(*) Condition: #{mod['condition']}"
print_more "(*) Code: #{mod['code']}"
print_more '(*) Options:'
mod['options'].each do |key, value|
print_more "\t#{key}: (#{value})"
end
end
print_more "Exec order: #{execution_order}"
print_more "Exec delay: #{exec_delay}"
end
{ 'success' => true }
rescue TypeError, ArgumentError => e
print_error("[ARE] Failed to update ruleset (#{name}): #{e.message}")
{ 'success' => false, 'error' => e.message }
end
# Load an ARE ruleset from file
# @param [String] JSON ARE ruleset file path
def load_rule_file(json_rule_path)

4
core/main/client/are.js
View File

@@ -1,6 +1,6 @@
//
// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - https://beefproject.com
// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

4
core/main/client/beef.js
View File

@@ -1,6 +1,6 @@
//
// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - https://beefproject.com
// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

48
core/main/client/browser.js
View File

@@ -1,6 +1,6 @@
//
// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - https://beefproject.com
// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
@@ -944,25 +944,14 @@ beef.browser = {
*/
isFF99: function () {
return !!window.devicePixelRatio && !!window.history.replaceState && (this.getProtocol() == "https:" ? typeof navigator.mozGetUserMedia != "undefined" : true) && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/99./) != null;
},
/**
* Returns true if the browser is any version of Firefox.
* @example: beef.browser.isFFbowser()
*/
isFFbowser: function () {
const parser = bowser.getParser(navigator.userAgent);
const browserName = parser.getBrowserName();
return browserName == 'Firefox';
},
/**
* Returns true if the browser is any version of Firefox.
* Returns true if FF.
* @example: beef.browser.isFF()
*/
isFF: function () {
var legacyCheck = this.isFF2() || this.isFF3() || this.isFF3_5() || this.isFF3_6() || this.isFF4() || this.isFF5() || this.isFF6() || this.isFF7() || this.isFF8() || this.isFF9() || this.isFF10() || this.isFF11() || this.isFF12() || this.isFF13() || this.isFF14() || this.isFF15() || this.isFF16() || this.isFF17() || this.isFF18() || this.isFF19() || this.isFF20() || this.isFF21() || this.isFF22() || this.isFF23() || this.isFF24() || this.isFF25() || this.isFF26() || this.isFF27() || this.isFF28() || this.isFF29() || this.isFF30() || this.isFF31() || this.isFF32() || this.isFF33() || this.isFF34() || this.isFF35() || this.isFF36() || this.isFF37() || this.isFF38() || this.isFF39() || this.isFF40() || this.isFF41() || this.isFF42() || this.isFF43() || this.isFF44() || this.isFF45() || this.isFF46() || this.isFF47() || this.isFF48() || this.isFF49() || this.isFF50() || this.isFF51() || this.isFF52() || this.isFF53() || this.isFF54() || this.isFF55() || this.isFF56() || this.isFF57() || this.isFF58()|| this.isFF59() || this.isFF60() || this.isFF61() || this.isFF62() || this.isFF63() || this.isFF64() || this.isFF65() || this.isFF66() || this.isFF67() || this.isFF68() || this.isFF69() || this.isFF70() || this.isFF71() || this.isFF72() || this.isFF73() || this.isFF74() || this.isFF75() || this.isFF76() || this.isFF77() || this.isFF78() || this.isFF79() || this.isFF80() || this.isFF81() || this.isFF82() || this.isFF83() || this.isFF84() || this.isFF85() || this.isFF86() || this.isFF87() || this.isFF88() || this.isFF89() || this.isFF90() || this.isFF91() || this.isFF92() || this.isFF93() || this.isFF94() || this.isFF95() || this.isFF96() || this.isFF97() || this.isFF98() || this.isFF99();
return legacyCheck || this.isFFbowser();
return this.isFF2() || this.isFF3() || this.isFF3_5() || this.isFF3_6() || this.isFF4() || this.isFF5() || this.isFF6() || this.isFF7() || this.isFF8() || this.isFF9() || this.isFF10() || this.isFF11() || this.isFF12() || this.isFF13() || this.isFF14() || this.isFF15() || this.isFF16() || this.isFF17() || this.isFF18() || this.isFF19() || this.isFF20() || this.isFF21() || this.isFF22() || this.isFF23() || this.isFF24() || this.isFF25() || this.isFF26() || this.isFF27() || this.isFF28() || this.isFF29() || this.isFF30() || this.isFF31() || this.isFF32() || this.isFF33() || this.isFF34() || this.isFF35() || this.isFF36() || this.isFF37() || this.isFF38() || this.isFF39() || this.isFF40() || this.isFF41() || this.isFF42() || this.isFF43() || this.isFF44() || this.isFF45() || this.isFF46() || this.isFF47() || this.isFF48() || this.isFF49() || this.isFF50() || this.isFF51() || this.isFF52() || this.isFF53() || this.isFF54() || this.isFF55() || this.isFF56() || this.isFF57() || this.isFF58()|| this.isFF59() || this.isFF60() || this.isFF61() || this.isFF62() || this.isFF63() || this.isFF64() || this.isFF65() || this.isFF66() || this.isFF67() || this.isFF68() || this.isFF69() || this.isFF70() || this.isFF71() || this.isFF72() || this.isFF73() || this.isFF74() || this.isFF75() || this.isFF76() || this.isFF77() || this.isFF78() || this.isFF79() || this.isFF80() || this.isFF81() || this.isFF82() || this.isFF83() || this.isFF84() || this.isFF85() || this.isFF86() || this.isFF87() || this.isFF88() || this.isFF89() || this.isFF90() || this.isFF91() || this.isFF92() || this.isFF93() || this.isFF94() || this.isFF95() || this.isFF96() || this.isFF97() || this.isFF98() || this.isFF99();
},
/**
@@ -2449,23 +2438,12 @@ beef.browser = {
return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./) != null) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 99) ? true : false);
},
/**
* Returns true for modern versions of Chrome (above 9).
* @example: beef.browser.isCbowser()
*/
isCbowser: function () {
const parser = bowser.getParser(navigator.userAgent);
const browserName = parser.getBrowserName();
return browserName == 'Chrome';
},
/**
* Returns true if Chrome.
* @example: beef.browser.isC()
*/
isC: function () {
var legacyCheck = this.isC5() || this.isC6() || this.isC7() || this.isC8() || this.isC9() || this.isC10() || this.isC11() || this.isC12() || this.isC13() || this.isC14() || this.isC15() || this.isC16() || this.isC17() || this.isC18() || this.isC19() || this.isC19iOS() || this.isC20() || this.isC20iOS() || this.isC21() || this.isC21iOS() || this.isC22() || this.isC22iOS() || this.isC23() || this.isC23iOS() || this.isC24() || this.isC24iOS() || this.isC25() || this.isC25iOS() || this.isC26() || this.isC26iOS() || this.isC27() || this.isC27iOS() || this.isC28() || this.isC28iOS() || this.isC29() || this.isC29iOS() || this.isC30() || this.isC30iOS() || this.isC31() || this.isC31iOS() || this.isC32() || this.isC32iOS() || this.isC33() || this.isC33iOS() || this.isC34() || this.isC34iOS() || this.isC35() || this.isC35iOS() || this.isC36() || this.isC36iOS() || this.isC37() || this.isC37iOS() || this.isC38() || this.isC38iOS() || this.isC39() || this.isC39iOS() || this.isC40() || this.isC40iOS() || this.isC41() || this.isC41iOS() || this.isC42() || this.isC42iOS() || this.isC43() || this.isC43iOS() || this.isC44() || this.isC44iOS() || this.isC45() || this.isC45iOS() || this.isC46() || this.isC46iOS() || this.isC47() || this.isC47iOS() || this.isC48() || this.isC48iOS() || this.isC49() || this.isC49iOS() || this.isC50() || this.isC50iOS() || this.isC51() || this.isC51iOS() || this.isC52() || this.isC52iOS() || this.isC53() || this.isC53iOS() || this.isC54() || this.isC54iOS() || this.isC55() || this.isC55iOS() || this.isC56() || this.isC56iOS() || this.isC57() || this.isC57iOS() || this.isC58() || this.isC58iOS() || this.isC59() || this.isC59iOS()|| this.isC60() || this.isC60iOS()|| this.isC61() || this.isC61iOS()|| this.isC62() || this.isC62iOS()|| this.isC63() || this.isC63iOS()|| this.isC64() || this.isC64iOS()|| this.isC65() || this.isC65iOS()|| this.isC66() || this.isC66iOS()|| this.isC67() || this.isC67iOS()|| this.isC68() || this.isC68iOS()|| this.isC69() || this.isC69iOS()|| this.isC70() || this.isC70iOS()|| this.isC71() || this.isC71iOS()|| this.isC72() || this.isC72iOS()|| this.isC73() || this.isC73iOS()|| this.isC74() || this.isC74iOS()|| this.isC75() || this.isC75iOS()|| this.isC76() || this.isC76iOS()|| this.isC77() || this.isC77iOS()|| this.isC78() || this.isC78iOS()|| this.isC79() || this.isC79iOS()|| this.isC80() || this.isC80iOS()|| this.isC81() || this.isC81iOS()|| this.isC82() || this.isC82iOS()|| this.isC83() || this.isC83iOS()|| this.isC84() || this.isC84iOS()|| this.isC85() || this.isC85iOS()|| this.isC86() || this.isC86iOS()|| this.isC87() || this.isC87iOS()|| this.isC88() || this.isC88iOS()|| this.isC89() || this.isC89iOS()|| this.isC90() || this.isC90iOS()|| this.isC91() || this.isC91iOS()|| this.isC92() || this.isC92iOS()|| this.isC93() || this.isC93iOS()|| this.isC94() || this.isC94iOS()|| this.isC95() || this.isC95iOS()|| this.isC96() || this.isC96iOS()|| this.isC97() || this.isC97iOS()|| this.isC98() || this.isC98iOS()|| this.isC99() || this.isC99iOS();
return legacyCheck || this.isCbowser();
return this.isC5() || this.isC6() || this.isC7() || this.isC8() || this.isC9() || this.isC10() || this.isC11() || this.isC12() || this.isC13() || this.isC14() || this.isC15() || this.isC16() || this.isC17() || this.isC18() || this.isC19() || this.isC19iOS() || this.isC20() || this.isC20iOS() || this.isC21() || this.isC21iOS() || this.isC22() || this.isC22iOS() || this.isC23() || this.isC23iOS() || this.isC24() || this.isC24iOS() || this.isC25() || this.isC25iOS() || this.isC26() || this.isC26iOS() || this.isC27() || this.isC27iOS() || this.isC28() || this.isC28iOS() || this.isC29() || this.isC29iOS() || this.isC30() || this.isC30iOS() || this.isC31() || this.isC31iOS() || this.isC32() || this.isC32iOS() || this.isC33() || this.isC33iOS() || this.isC34() || this.isC34iOS() || this.isC35() || this.isC35iOS() || this.isC36() || this.isC36iOS() || this.isC37() || this.isC37iOS() || this.isC38() || this.isC38iOS() || this.isC39() || this.isC39iOS() || this.isC40() || this.isC40iOS() || this.isC41() || this.isC41iOS() || this.isC42() || this.isC42iOS() || this.isC43() || this.isC43iOS() || this.isC44() || this.isC44iOS() || this.isC45() || this.isC45iOS() || this.isC46() || this.isC46iOS() || this.isC47() || this.isC47iOS() || this.isC48() || this.isC48iOS() || this.isC49() || this.isC49iOS() || this.isC50() || this.isC50iOS() || this.isC51() || this.isC51iOS() || this.isC52() || this.isC52iOS() || this.isC53() || this.isC53iOS() || this.isC54() || this.isC54iOS() || this.isC55() || this.isC55iOS() || this.isC56() || this.isC56iOS() || this.isC57() || this.isC57iOS() || this.isC58() || this.isC58iOS() || this.isC59() || this.isC59iOS()|| this.isC60() || this.isC60iOS()|| this.isC61() || this.isC61iOS()|| this.isC62() || this.isC62iOS()|| this.isC63() || this.isC63iOS()|| this.isC64() || this.isC64iOS()|| this.isC65() || this.isC65iOS()|| this.isC66() || this.isC66iOS()|| this.isC67() || this.isC67iOS()|| this.isC68() || this.isC68iOS()|| this.isC69() || this.isC69iOS()|| this.isC70() || this.isC70iOS()|| this.isC71() || this.isC71iOS()|| this.isC72() || this.isC72iOS()|| this.isC73() || this.isC73iOS()|| this.isC74() || this.isC74iOS()|| this.isC75() || this.isC75iOS()|| this.isC76() || this.isC76iOS()|| this.isC77() || this.isC77iOS()|| this.isC78() || this.isC78iOS()|| this.isC79() || this.isC79iOS()|| this.isC80() || this.isC80iOS()|| this.isC81() || this.isC81iOS()|| this.isC82() || this.isC82iOS()|| this.isC83() || this.isC83iOS()|| this.isC84() || this.isC84iOS()|| this.isC85() || this.isC85iOS()|| this.isC86() || this.isC86iOS()|| this.isC87() || this.isC87iOS()|| this.isC88() || this.isC88iOS()|| this.isC89() || this.isC89iOS()|| this.isC90() || this.isC90iOS()|| this.isC91() || this.isC91iOS()|| this.isC92() || this.isC92iOS()|| this.isC93() || this.isC93iOS()|| this.isC94() || this.isC94iOS()|| this.isC95() || this.isC95iOS()|| this.isC96() || this.isC96iOS()|| this.isC97() || this.isC97iOS()|| this.isC98() || this.isC98iOS()|| this.isC99() || this.isC99iOS();
},
/**
@@ -2508,23 +2486,12 @@ beef.browser = {
return (!!window.opera && (window.navigator.userAgent.match(/Opera\/9\.80.*Version\/12\./) != null));
},
/**
* Returns true if the browser is any version of Opera.
* @example: beef.browser.isObowser()
*/
isObowser: function () {
const parser = bowser.getParser(navigator.userAgent);
const browserName = parser.getBrowserName();
return browserName == 'Opera';
},
/**
* Returns true if Opera.
* @example: beef.browser.isO()
*/
isO: function () {
var legacyCheck = this.isO9_52() || this.isO9_60() || this.isO10() || this.isO11() || this.isO12();
return legacyCheck || this.isObowser();
return this.isO9_52() || this.isO9_60() || this.isO10() || this.isO11() || this.isO12();
},
/**
@@ -4298,6 +4265,9 @@ beef.browser = {
try {
var cookies = document.cookie;
/* Never stop the madness dear C.
* var veglol = beef.browser.cookie.veganLol();
*/
if (cookies) details['browser.window.cookies'] = cookies;
} catch (e) {
beef.debug("Cookies can't be read. The hooked origin is most probably using HttpOnly.");

10
core/main/client/browser/cookie.js
View File

@@ -1,6 +1,6 @@
//
// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - https://beefproject.com
// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
@@ -72,7 +72,7 @@ beef.browser.cookie = {
},
/** @memberof beef.browser.cookie */
cookieValueRandomizer: function (){
veganLol: function (){
var to_hell= '';
var min = 17;
var max = 25;
@@ -100,7 +100,7 @@ beef.browser.cookie = {
},
/** @memberof beef.browser.cookie */
hasSessionCookies: function (name){
this.setCookie( name, beef.browser.cookie.cookieValueRandomizer(), '', '/', '', '' );
this.setCookie( name, beef.browser.cookie.veganLol(), '', '/', '', '' );
cookiesEnabled = (this.getCookie(name) == null)? false:true;
this.deleteCookie(name, '/', '');
@@ -109,7 +109,7 @@ beef.browser.cookie = {
},
/** @memberof beef.browser.cookie */
hasPersistentCookies: function (name){
this.setCookie( name, beef.browser.cookie.cookieValueRandomizer(), 1, '/', '', '' );
this.setCookie( name, beef.browser.cookie.veganLol(), 1, '/', '', '' );
cookiesEnabled = (this.getCookie(name) == null)? false:true;
this.deleteCookie(name, '/', '');

4
core/main/client/browser/popup.js
View File

@@ -1,6 +1,6 @@
//
// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - https://beefproject.com
// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

4
core/main/client/dom.js
View File

@@ -1,6 +1,6 @@
//
// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - https://beefproject.com
// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

4
core/main/client/encode/base64.js
View File

@@ -1,6 +1,6 @@
//
// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - https://beefproject.com
// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

4
core/main/client/encode/json.js
View File

@@ -1,6 +1,6 @@
//
// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - https://beefproject.com
// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

4
core/main/client/geolocation.js
View File

@@ -1,6 +1,6 @@
//
// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - https://beefproject.com
// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

4
core/main/client/hardware.js
View File

@@ -1,6 +1,6 @@
//
// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - https://beefproject.com
// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

4
core/main/client/init.js
View File

@@ -1,6 +1,6 @@
//
// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - https://beefproject.com
// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

7
core/main/client/lib/bowser-2.11.0.min.js vendored
View File

File diff suppressed because one or more lines are too long

8
core/main/client/lib/evercookie.js
View File

@@ -1,6 +1,6 @@
//
// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - https://beefproject.com
// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
@@ -31,7 +31,7 @@
* for example, if someone deletes all but one type of cookie, once
* that cookie is re-discovered, all of the other cookie types get reset
*
* !!! SOME OF THESE ARE CROSS-ORIGIN COOKIES, THIS MEANS
* !!! SOME OF THESE ARE CROSS-DOMAIN COOKIES, THIS MEANS
* OTHER SITES WILL BE ABLE TO READ SOME OF THESE COOKIES !!!
*
* USAGE:
@@ -803,7 +803,7 @@ this.evercookie_cookie = function(name, value)
else
return this.getFromStr(name, document.cookie);
}catch(e){
// the hooked origin is using HttpOnly, so we must set the hook ID in a different way.
// the hooked domain is using HttpOnly, so we must set the hook ID in a different way.
// evercookie_userdata and evercookie_window will be used in this case.
}
};

4
core/main/client/logger.js
View File

@@ -1,6 +1,6 @@
//
// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - https://beefproject.com
// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

6
core/main/client/mitb.js
View File

@@ -1,6 +1,6 @@
//
// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - https://beefproject.com
// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
@@ -38,7 +38,7 @@ beef.mitb = {
if (method == "GET") {
//GET request -> cross-origin
if (url.indexOf(document.location.hostname) == -1 || (portR != null && requestPort != document.location.port )) {
beef.mitb.sniff("GET [Ajax CrossOrigin Request]: " + url);
beef.mitb.sniff("GET [Ajax CrossDomain Request]: " + url);
window.open(url);
}else { //GET request -> same-origin
beef.mitb.sniff("GET [Ajax Request]: " + url);

52
core/main/client/net.js
View File

@@ -1,6 +1,6 @@
//
// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - https://beefproject.com
// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
@@ -74,7 +74,7 @@ beef.net = {
this.status_text = null; // success, timeout, error, ...
this.response_body = null; // "<html>…." if not a cross-origin request
this.port_status = null; // tcp port is open, closed or not http
this.was_cross_origin = null; // true or false
this.was_cross_domain = null; // true or false
this.was_timedout = null; // the user specified timeout was reached
this.duration = null; // how long it took for the request to complete
this.headers = null; // full response headers
@@ -217,11 +217,11 @@ beef.net = {
* @return {Object} this object contains the response details
*/
request: function (scheme, method, domain, port, path, anchor, data, timeout, dataType, callback) {
//check if same origin or cross origin
var cross_origin = true;
//check if same domain or cross domain
var cross_domain = true;
if (document.domain == domain.replace(/(\r\n|\n|\r)/gm, "")) { //strip eventual line breaks
if (document.location.port == "" || document.location.port == null) {
cross_origin = !(port == "80" || port == "443");
cross_domain = !(port == "80" || port == "443");
}
}
@@ -238,12 +238,12 @@ beef.net = {
//define response object
var response = new this.response;
response.was_cross_origin = cross_origin;
response.was_cross_domain = cross_domain;
var start_time = new Date().getTime();
/*
* according to http://api.jquery.com/jQuery.ajax/, Note: having 'script':
* This will turn POSTs into GETs for cross origin requests.
* This will turn POSTs into GETs for remote-domain requests.
*/
if (method == "POST") {
$j.ajaxSetup({
@@ -310,7 +310,7 @@ beef.net = {
/**
* Similar to beef.net.request, except from a few things that are needed when dealing with forged requests:
* - requestid: needed on the callback
* - allowCrossOrigin: set cross-origin requests as allowed or blocked
* - allowCrossDomain: set cross-domain requests as allowed or blocked
*
* forge_request is used mainly by the Requester and Tunneling Proxy Extensions.
* Example usage:
@@ -318,20 +318,20 @@ beef.net = {
* true, null, { foo: "bar" }, 5, 'html', false, null, function(response) {
* alert(response.response_body)})
*/
forge_request: function (scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, allowCrossOrigin, requestid, callback) {
forge_request: function (scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, allowCrossDomain, requestid, callback) {
if (domain == "undefined" || path == "undefined") {
beef.debug("[beef.net.forge_request] Error: Malformed request. No host specified.");
return;
}
// check if same origin or cross origin
var cross_origin = true;
// check if same domain or cross domain
var cross_domain = true;
if (document.domain == domain && document.location.protocol == scheme + ':') {
if (document.location.port == "" || document.location.port == null) {
cross_origin = !(port == "80" || port == "443");
cross_domain = !(port == "80" || port == "443");
} else {
if (document.location.port == port) cross_origin = false;
if (document.location.port == port) cross_domain = false;
}
}
@@ -348,23 +348,23 @@ beef.net = {
// define response object
var response = new this.response;
response.was_cross_origin = cross_origin;
response.was_cross_domain = cross_domain;
var start_time = new Date().getTime();
// if cross-origin requests are not allowed and the request is cross-origin
// if cross-domain requests are not allowed and the request is cross-domain
// don't proceed and return
if (allowCrossOrigin == "false" && cross_origin) {
if (allowCrossDomain == "false" && cross_domain) {
beef.debug("[beef.net.forge_request] Error: Cross Domain Request. The request was not sent.");
response.status_code = -1;
response.status_text = "crossorigin";
response.port_status = "crossorigin";
response.status_text = "crossdomain";
response.port_status = "crossdomain";
response.response_body = "ERROR: Cross Domain Request. The request was not sent.\n";
response.headers = "ERROR: Cross Domain Request. The request was not sent.\n";
if (callback != null) callback(response, requestid);
return response;
}
// if the request was cross-origin from a HTTPS origin to HTTP
// if the request was cross-domain from a HTTPS origin to HTTP
// don't proceed and return
if (document.location.protocol == 'https:' && scheme == 'http') {
beef.debug("[beef.net.forge_request] Error: Mixed Active Content. The request was not sent.");
@@ -379,7 +379,7 @@ beef.net = {
/*
* according to http://api.jquery.com/jQuery.ajax/, Note: having 'script':
* This will turn POSTs into GETs for cross origin requests.
* This will turn POSTs into GETs for remote-domain requests.
*/
if (method == "POST") {
$j.ajaxSetup({
@@ -432,10 +432,10 @@ beef.net = {
},
complete: function (xhr, textStatus) {
// cross-origin request
if (cross_origin) {
// cross-domain request
if (cross_domain) {
response.port_status = "crossorigin";
response.port_status = "crossdomain";
if (xhr.status != 0) {
response.status_code = xhr.status;
@@ -446,7 +446,7 @@ beef.net = {
if (textStatus) {
response.status_text = textStatus;
} else {
response.status_text = "crossorigin";
response.status_text = "crossdomain";
}
if (xhr.getAllResponseHeaders()) {
@@ -460,7 +460,7 @@ beef.net = {
}
} else {
// same-origin request
// same-domain request
response.status_code = xhr.status;
response.status_text = textStatus;
response.headers = xhr.getAllResponseHeaders();

4
core/main/client/net/connection.js
View File

@@ -1,6 +1,6 @@
//
// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - https://beefproject.com
// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

4
core/main/client/net/dns.js
View File

@@ -1,6 +1,6 @@
//
// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - https://beefproject.com
// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

4
core/main/client/net/local.js
View File

@@ -1,6 +1,6 @@
//
// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - https://beefproject.com
// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

4
core/main/client/net/portscanner.js
View File

@@ -1,6 +1,6 @@
//
// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - https://beefproject.com
// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

6
core/main/client/net/requester.js
View File

@@ -1,6 +1,6 @@
//
// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - https://beefproject.com
// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
@@ -25,7 +25,7 @@ beef.net.requester = {
request = requests_array[i];
if (request.proto == 'https') var scheme = 'https'; else var scheme = 'http';
beef.debug('[Requester] ' + request.method + ' ' + scheme + '://' + request.host + ':' + request.port + request.uri + ' - Data: ' + request.data);
beef.net.forge_request(scheme, request.method, request.host, request.port, request.uri, null, request.headers, request.data, 10, null, request.allowCrossOrigin, request.id,
beef.net.forge_request(scheme, request.method, request.host, request.port, request.uri, null, request.headers, request.data, 10, null, request.allowCrossDomain, request.id,
function(res, requestid) { beef.net.send('/requester', requestid, {
response_data: res.response_body,
response_status_code: res.status_code,

4
core/main/client/net/xssrays.js
View File

@@ -171,7 +171,7 @@ beef.net.xssrays = {
this.xss({href:url.href, pathname:url.pathname, hostname:url.hostname, port: url.port, protocol: location.protocol,
search:url.search, type: 'url'});//scan each link & param
} else {
beef.debug('Scan is not Cross-origin. URLS\nurl :' + url.hostname.toString());
beef.debug('Scan is not Cross-domain. URLS\nurl :' + url.hostname.toString());
beef.debug('\nlocation :' + location.hostname.toString());
}
}
@@ -251,7 +251,7 @@ beef.net.xssrays = {
continue;
}
if (!this.crossDomain && (this.host(action).toString() != this.host(location.toString()))) {
beef.debug('Scan is not Cross-origin. FormPost\naction :' + this.host(action).toString());
beef.debug('Scan is not Cross-domain. FormPost\naction :' + this.host(action).toString());
beef.debug('location :' + this.host(location));
continue;
}

4
core/main/client/os.js
View File

@@ -1,6 +1,6 @@
//
// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - https://beefproject.com
// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

4
core/main/client/session.js
View File

@@ -1,6 +1,6 @@
//
// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - https://beefproject.com
// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

4
core/main/client/timeout.js
View File

@@ -1,6 +1,6 @@
//
// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - https://beefproject.com
// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

4
core/main/client/updater.js
View File

@@ -1,6 +1,6 @@
//
// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - https://beefproject.com
// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

4
core/main/client/webrtc.js
View File

@@ -1,6 +1,6 @@
//
// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - https://beefproject.com
// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

4
core/main/client/websocket.js
View File

@@ -1,6 +1,6 @@
//
// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - https://beefproject.com
// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

4
core/main/command.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

25
core/main/configuration.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
@@ -26,6 +26,7 @@ module BeEF
begin
# open base config
@config = load(config)
# set default value if key? does not exist
@config.default = nil
@@config = config
rescue StandardError => e
@@ -71,12 +72,10 @@ module BeEF
return unless validate_public_config_variable?(@config)
# Note for developers:
# The configuration path 'beef.http.public_port' is deprecated.
# Use the new format for public_port variables as described in the BeEF project documentation.
# Refer to the BeEF configuration guide for the web server configuration details:
# https://github.com/beefproject/beef/wiki/Configuration#web-server-configuration
if @config['beef']['http']['public_port']
print_error 'Config path beef.http.public_port is deprecated.'
print_error 'Please use the new format for public variables found'
print_error 'https://github.com/beefproject/beef/wiki/Configuration#web-server-configuration'
return
end
@@ -155,7 +154,7 @@ module BeEF
"#{beef_proto}://#{beef_host}:#{beef_port}"
end
# Returns the hook path value stored in the config file
# Returns the hool path value stored in the config file
#
# @return [String] hook file path
def hook_file_path
@@ -256,7 +255,7 @@ module BeEF
#
def load_modules_config
set('beef.module', {})
# support nested sub-categories, like browser/hooked_origin/ajax_fingerprint
# support nested sub-categories, like browser/hooked_domain/ajax_fingerprint
module_configs = File.join("#{$root_dir}/modules/**", 'config.yaml')
Dir.glob(module_configs) do |cf|
y = load(cf)
@@ -278,15 +277,13 @@ module BeEF
private
# Note for developers:
# The configuration path 'beef.http.public' is deprecated.
# Use the new format for public variables as described in the BeEF project documentation.
# Refer to the BeEF configuration guide for the web server configuration details:
# https://github.com/beefproject/beef/wiki/Configuration#web-server-configuration
def validate_public_config_variable?(config)
return true if config['beef']['http']['public'].is_a?(Hash) ||
config['beef']['http']['public'].is_a?(NilClass)
print_error 'Config path beef.http.public is deprecated.'
print_error 'Please use the new format for public variables found'
print_error 'https://github.com/beefproject/beef/wiki/Configuration#web-server-configuration'
false
end
end

29
core/main/console/banners.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
@@ -32,7 +32,7 @@ module BeEF
print_info "Browser Exploitation Framework (BeEF) #{version}"
data = "Twit: @beefproject\n"
data += "Site: https://beefproject.com\n"
# data += "Blog: http://blog.beefproject.com\n"
data += "Blog: http://blog.beefproject.com\n"
data += "Wiki: https://github.com/beefproject/beef/wiki\n"
print_more data
print_info 'Project Creator: ' + 'Wade Alcorn'.red + ' (@WadeAlcorn)'
@@ -134,29 +134,6 @@ module BeEF
print_info "Starting WebSocketSecure server on wss://[#{config.beef_host}:#{config.get('beef.http.websocket.secure_port').to_i} [timer: #{ws_poll_timeout}]"
end
end
# Print WebSocket servers
#
def print_http_proxy
config = BeEF::Core::Configuration.instance
print_info "HTTP Proxy: http://#{config.get('beef.extension.proxy.address')}:#{config.get('beef.extension.proxy.port')}"
end
def print_dns
address = nil
port = nil
protocol = nil
# TODO: fix the following reference - extensions/dns/api.rb
# servers, interfaces, address, port, protocol, upstream_servers = get_dns_config # get the DNS configuration
# Print the DNS server information
unless address.nil? || port.nil? || protocol.nil?
print_info "DNS Server: #{address}:#{port} (#{protocol})"
print_more upstream_servers unless upstream_servers.empty?
end
end
end
end
end

4
core/main/console/commandline.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

4
core/main/constants/browsers.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

4
core/main/constants/commandmodule.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

4
core/main/constants/hardware.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

4
core/main/constants/os.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

4
core/main/crypto.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
require 'securerandom'

6
core/main/geoip.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
@@ -18,7 +18,7 @@ module BeEF
geoip_file = @config.get('beef.geoip.database')
unless File.exist? geoip_file
BeEF::Core::Logger.instance.register('System', "[GeoIP] Could not find MaxMind GeoIP database: '#{geoip_file}'")
print_error "[GeoIP] Could not find MaxMind GeoIP database: '#{geoip_file}'"
@enabled = false
return
end

8
core/main/handlers/browserdetails.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
@@ -400,8 +400,6 @@ module BeEF
browser_plugins = get_param(@data['results'], 'browser.plugins')
if BeEF::Filters.is_valid_browser_plugins?(browser_plugins)
BD.set(session_id, 'browser.plugins', browser_plugins)
elsif browser_plugins == "[]"
err_msg "No browser plugins detected."
else
err_msg "Invalid browser plugins returned from the hook browser's initial connection."
end
@@ -549,7 +547,7 @@ module BeEF
end
# log a few info of newly hooked zombie in the console
print_info "New Hooked Browser [id:#{zombie.id}, ip:#{zombie.ip}, browser:#{browser_name}-#{browser_version}, os:#{os_name}-#{os_version}], hooked origin [#{log_zombie_domain}:#{log_zombie_port}]"
print_info "New Hooked Browser [id:#{zombie.id}, ip:#{zombie.ip}, browser:#{browser_name}-#{browser_version}, os:#{os_name}-#{os_version}], hooked domain [#{log_zombie_domain}:#{log_zombie_port}]"
# add localhost as network host
if config.get('beef.extension.network.enable')

4
core/main/handlers/commands.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

4
core/main/handlers/hookedbrowsers.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

6
core/main/handlers/modules/beefjs.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
@@ -19,7 +19,7 @@ module BeEF
beef_js_path = "#{$root_dir}/core/main/client/"
# @note External libraries (like jQuery) that are not evaluated with Eruby and possibly not obfuscated
ext_js_sub_files = %w[lib/jquery-1.12.4.min.js lib/jquery-migrate-1.4.1.js lib/evercookie.js lib/json2.js lib/mdetect.js lib/platform.js lib/jquery.blockUI.js lib/bowser-2.11.0.min.js]
ext_js_sub_files = %w[lib/jquery-1.12.4.min.js lib/jquery-migrate-1.4.1.js lib/evercookie.js lib/json2.js lib/mdetect.js lib/platform.js lib/jquery.blockUI.js]
# @note BeEF libraries: need Eruby evaluation and obfuscation
beef_js_sub_files = %w[beef.js browser.js browser/cookie.js browser/popup.js session.js os.js hardware.js dom.js logger.js net.js updater.js encode/base64.js

8
core/main/handlers/modules/command.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
@@ -72,8 +72,8 @@ module BeEF
if config.get('beef.http.websocket.enable') && ws.getsocket(hooked_browser.session)
# content = command_module.output.gsub('//
# //
# // Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# // Browser Exploitation Framework (BeEF) - https://beefproject.com
# // Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# // Browser Exploitation Framework (BeEF) - http://beefproject.com
# // See the file 'doc/COPYING' for copying permission
# //
# //', "")

6
core/main/handlers/modules/legacybeefjs.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
@@ -19,7 +19,7 @@ module BeEF
beef_js_path = "#{$root_dir}/core/main/client/"
# @note External libraries (like jQuery) that are not evaluated with Eruby and possibly not obfuscated
ext_js_sub_files = %w[lib/jquery-1.12.4.min.js lib/jquery-migrate-1.4.1.js lib/evercookie.js lib/json2.js lib/mdetect.js lib/platform.js lib/jquery.blockUI.js lib/bowser-2.11.0.min.js]
ext_js_sub_files = %w[lib/jquery-1.12.4.min.js lib/jquery-migrate-1.4.1.js lib/evercookie.js lib/json2.js lib/mdetect.js lib/platform.js lib/jquery.blockUI.js]
# @note BeEF libraries: need Eruby evaluation and obfuscation
beef_js_sub_files = %w[beef.js browser.js browser/cookie.js browser/popup.js session.js os.js hardware.js dom.js logger.js net.js updater.js encode/base64.js

6
core/main/handlers/modules/multistagebeefjs.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
@@ -19,7 +19,7 @@ module BeEF
beef_js_path = "#{$root_dir}/core/main/client/"
# @note External libraries (like jQuery) that are not evaluated with Eruby and possibly not obfuscated
ext_js_sub_files = %w[lib/jquery-1.12.4.min.js lib/jquery-migrate-1.4.1.js lib/evercookie.js lib/json2.js lib/mdetect.js lib/platform.js lib/jquery.blockUI.js lib/bowser-2.11.0.min.js]
ext_js_sub_files = %w[lib/jquery-1.12.4.min.js lib/jquery-migrate-1.4.1.js lib/evercookie.js lib/json2.js lib/mdetect.js lib/platform.js lib/jquery.blockUI.js]
# @note BeEF libraries: need Eruby evaluation and obfuscation
beef_js_sub_files = %w[beef.js browser.js browser/cookie.js browser/popup.js session.js os.js hardware.js dom.js logger.js net.js updater.js encode/base64.js

4
core/main/logger.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

4
core/main/migration.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

4
core/main/model.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

4
core/main/models/browserdetails.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

4
core/main/models/command.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

4
core/main/models/commandmodule.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

4
core/main/models/execution.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

4
core/main/models/hookedbrowser.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

4
core/main/models/legacybrowseruseragents.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

4
core/main/models/log.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

4
core/main/models/optioncache.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

4
core/main/models/result.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

4
core/main/models/rule.rb
View File

@@ -1,6 +1,6 @@
#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

Some files were not shown because too many files have changed in this diff Show More