Build(deps): bump sqlite3 from 2.9.0 to 2.9.1

Bumps [sqlite3](https://github.com/sparklemotion/sqlite3-ruby) from 2.9.0 to 2.9.1. - [Release notes](https://github.com/sparklemotion/sqlite3-ruby/releases) - [Changelog](https://github.com/sparklemotion/sqlite3-ruby/blob/main/CHANGELOG.md) - [Commits](https://github.com/sparklemotion/sqlite3-ruby/compare/v2.9.0...v2.9.1) --- updated-dependencies: - dependency-name: sqlite3 dependency-version: 2.9.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Merge pull request #3521 from beefproject/red/safe_to_test_label
2026-03-02 13:43:31 +00:00 · 2026-03-02 15:56:34 +10:00 · 2026-03-02 15:38:36 +10:00 · 2026-03-02 14:26:20 +10:00 · 2026-03-02 14:10:04 +10:00 · 2026-02-26 13:05:27 +00:00
1369 changed files with 13626 additions and 7195 deletions
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -1,3 +1,8 @@
+---
+name: Bug report
+about: Report a bug to help us improve BeEF
+---
+
 ## First Steps

 1. Confirm that your issue has not been posted previously by searching here: https://github.com/beefproject/beef/issues
@@ -26,6 +31,7 @@
 2. Update `client_debug` to `true`
 3. Retrieve browser logs from your browser's developer console (Ctrl + Shift + I or F12 depending on browser)
 4. Retrieve your server-side logs from `~/.beef/beef.log`
-   * If using **beef-xss** logs found with `journalctl -u beef-xss`
+   * If you have a kali (beef-xss) problem, you can submit a bug here:
+     https://www.kali.org/docs/community/submitting-issues-kali-bug-tracker/

 **If we request additional information and we don't hear back from you within a week, we will be closing the ticket off.**
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1,5 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Questions / Support
+    url: https://github.com/beefproject/beef/wiki
+    about: Please check the wiki before opening an issue.
--- a/.github/workflows/dependabot-auto-merge.yml
+++ b/.github/workflows/dependabot-auto-merge.yml
@@ -0,0 +1,26 @@
+name: Dependabot auto-merge
+on: 
+  pull_request:
+    branches:
+        - master
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'beefproject/beef'
+    steps:
+      - name: Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v2
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+      - name: Enable auto-merge for Dependabot PRs
+        if: success() && (steps.metadata.outputs.update-type == 'version-update:semver-minor' || steps.metadata.outputs.update-type == 'version-update:semver-patch')
+        run: gh pr merge --auto --merge "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/github_actions.yml
+++ b/.github/workflows/github_actions.yml
@@ -3,24 +3,28 @@ name: 'BrowserStack Test'
 on:
  pull_request_target:
    branches: [ master ]
-      
-jobs:
-  approve:
-    runs-on: ubuntu-latest
+    types: [ labeled ]

-    steps:
-    - name: Approve
-      run: echo For security reasons, all pull requests need to be approved first before running any automated CI.
-      
+jobs:
  ubuntu-job:
    name: 'BrowserStack Test on Ubuntu'
-    runs-on: ubuntu-latest  # Can be self-hosted runner also
-    environment:
-      name: Integrate Pull Request
-    env: 
+    runs-on: ubuntu-latest
+    if: github.event.label.name == 'safe_to_test'
+    env:
      GITACTIONS: true
    steps:

+      - name: 'Remove safe_to_test label'
+        uses: actions/github-script@v8
+        with:
+          script: |
+            await github.rest.issues.removeLabel({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.payload.pull_request.number,
+              name: 'safe_to_test'
+            });
+
      - name: 'BrowserStack Env Setup'  # Invokes the setup-env action
        uses: browserstack/github-actions/setup-env@master
        with:
@@ -34,25 +38,26 @@ jobs:
          local-identifier: random

      - name: 'Checkout the repository'
-        uses: actions/checkout@v2
+        uses: actions/checkout@v6
        with:
          ref: ${{ github.event.pull_request.head.sha }}
          fetch-depth: 2

      - name: 'Setting up Ruby'
        uses: ruby/setup-ruby@v1
-        with:
-          ruby-version: 3.0.3 # Not needed with a .ruby-version file
+        # Ruby version is defined in .ruby-version file

-      - name: 'Update and Install Dwpendencies'
+      - name: 'Update and Install Dependencies'
        run: |
          sudo apt update
          sudo apt install libcurl4 libcurl4-openssl-dev
+
      - name: 'Configure Bundle testing and install gems'
        run: |
          bundle config unset --local without
          bundle config set --local with 'test' 'development'
          bundle install
+
      - name: 'Run BrowserStack simple verification'
        run: |
          bundle exec rake browserstack --trace
@@ -60,4 +65,4 @@ jobs:
      - name: 'BrowserStackLocal Stop'  # Terminating the BrowserStackLocal tunnel connection
        uses: browserstack/github-actions/setup-local@master
        with:
-          local-testing: stop
+          local-testing: stop
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -18,18 +18,18 @@ jobs:
      pull-requests: write

    steps:
-    - uses: actions/stale@v5
+    - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v10.0.0
      with:
        repo-token: ${{ secrets.GITHUB_TOKEN }}
-        days-before-stale: 7
-        days-before-pr-stale: 14
+        days-before-stale: 120
+        days-before-pr-stale: 29
        days-before-close: 7
-        days-before-pr-close: 14
-        stale-issue-message: 'This issue as been marked as stale due to inactivity and will be closed in 7 days'
+        days-before-pr-close: 31
+        stale-issue-message: 'This issue has been marked as stale due to inactivity and will be closed in 7 days'
        stale-pr-message: 'Stale pull request message'
        stale-issue-label: 'Stale'
        stale-pr-label: 'no-pr-activity'
        exempt-issue-labels: 'Critical, High, Low, Medium, Review, Backlog'
-        exempt-milestones: true
+        exempt-all-milestones: true
        exempt-draft-pr: true
-        start-date: '2022-06-15'
+        start-date: '2022-06-15T00:00:00Z'
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,7 @@
 ### BeEF ###
 beef.db
+beef.db-shm
+beef.db-wal
 beef.log
 test/msf-test
 extensions/admin_ui/media/javascript-min/
@@ -25,6 +27,9 @@ coverage/
 # BrowserStack
 local.log

+# Visual Studio Code
+.vscode/
+
 # The following lines were created by https://www.gitignore.io

 ### Linux ###
@@ -126,3 +131,6 @@ node_modules/
 # Generated files
 out/
 doc/rdoc/
+
+# Secrets for testing github actions locally
+.secrets
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -4,7 +4,7 @@ AllCops:
    - 'tmp/**/*'
    - 'tools/**/*'
    - 'doc/**/*'
-  TargetRubyVersion: 3.0
+  TargetRubyVersion: <%= File.read(".ruby-version").strip[/^(\d+\.\d+)/, 1] || raise("Ruby version not found") %>
  NewCops: enable

 Layout/LineLength:
--- a/.ruby-version
+++ b/.ruby-version
@@ -1 +1 @@
-3.0.3
+3.4.7
--- a/27
+++ b/27
@@ -1,3 +1,8 @@
+#
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
 ###########################################################################################################
 ###########################################################################################################
 ##                                                                                                       ##
@@ -10,7 +15,7 @@
 ###########################################################################################################

 # ---------------------------- Start of Builder 0 - Gemset Build ------------------------------------------
-FROM ruby:3.2.1-slim-bullseye AS builder
+FROM ruby:3.4.7-slim-bookworm AS builder

 COPY . /beef

@@ -22,11 +27,14 @@ RUN echo "gem: --no-ri --no-rdoc" > /etc/gemrc \
 && apt-get install -y --no-install-recommends \
    git \
    curl \
+    libssl-dev \
    xz-utils \
+    pkg-config \
    make \
    g++ \
    libcurl4-openssl-dev \
    ruby-dev \
+    libyaml-dev \
    libffi-dev \
    zlib1g-dev \
    libsqlite3-dev \
@@ -39,7 +47,7 @@ RUN echo "gem: --no-ri --no-rdoc" > /etc/gemrc \


 # ---------------------------- Start of Builder 1 - Final Build ------------------------------------------
-FROM ruby:3.2.1-slim-bullseye
+FROM ruby:3.4.7-slim-bookworm
 LABEL maintainer="Beef Project" \
      source_url="github.com/beefproject/beef" \
      homepage="https://beefproject.com/"
@@ -56,8 +64,10 @@ RUN adduser --home /beef --gecos beef --disabled-password beef \
 && apt-get update \
 && apt-get install -y --no-install-recommends \
    curl \
+    wget \
+    espeak \
+    lame \
    openssl \
-    libssl-dev \
    libreadline-dev \
    libyaml-dev \
    libxml2-dev \
@@ -68,9 +78,20 @@ RUN adduser --home /beef --gecos beef --disabled-password beef \
    zlib1g \
    bison \
    nodejs \
+    firefox-esr \
 && apt-get -y clean \
 && rm -rf /var/lib/apt/lists/*

+# Install geckodriver for Selenium tests
+# Pin version and verify checksum to mitigate supply chain attacks
+ENV GECKODRIVER_VERSION=v0.36.0
+ENV GECKODRIVER_SHA256=0bde38707eb0a686a20c6bd50f4adcc7d60d4f73c60eb83ee9e0db8f65823e04
+RUN wget -q "https://github.com/mozilla/geckodriver/releases/download/${GECKODRIVER_VERSION}/geckodriver-${GECKODRIVER_VERSION}-linux64.tar.gz" \
+ && echo "${GECKODRIVER_SHA256}  geckodriver-${GECKODRIVER_VERSION}-linux64.tar.gz" | sha256sum -c - \
+ && tar -xzf "geckodriver-${GECKODRIVER_VERSION}-linux64.tar.gz" -C /usr/local/bin \
+ && chmod +x /usr/local/bin/geckodriver \
+ && rm "geckodriver-${GECKODRIVER_VERSION}-linux64.tar.gz"
+
 # Use gemset created by the builder above
 COPY --chown=beef:beef . /beef
 COPY --from=builder /usr/local/bundle /usr/local/bundle
--- a/74
+++ b/74
@@ -1,35 +1,34 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
-#gem 'simplecov', require: false, group: :test

 gem 'net-smtp', require: false
 gem 'json'

 gem 'eventmachine', '~> 1.2', '>= 1.2.7'
-gem 'thin', '~> 1.8'
-gem 'sinatra', '~> 3.0'
-gem 'rack', '~> 2.2'
-gem 'rack-protection', '~> 3.0.5'
+gem 'thin', '~> 2.0'
+gem 'sinatra', '~> 4.1'
+gem 'rack', '~> 3.2'
+gem 'rack-protection', '~> 4.2.1'
 gem 'em-websocket', '~> 0.5.3' # WebSocket support
 gem 'uglifier', '~> 4.2'
-gem 'mime-types', '~> 3.4', '>= 3.4.1'
-gem 'execjs', '~> 2.9'
+gem 'mime-types', '~> 3.7'
+gem 'execjs', '~> 2.10'
 gem 'ansi', '~> 1.5'
 gem 'term-ansicolor', :require => 'term/ansicolor'
-gem 'rubyzip', '~> 2.3'
+gem 'rubyzip', '~> 3.2'
 gem 'espeak-ruby', '~> 1.1.0' # Text-to-Voice
-gem 'rake', '~> 13.1'
-# gem 'otr-activerecord', '~> 2.1', '>= 2.1.2'
-gem 'otr-activerecord', '= 2.1.2'
-gem 'sqlite3', '~> 1.6'
-gem 'rubocop', '~> 1.59.0', require: false
+gem 'rake', '~> 13.3'
+gem 'activerecord', '~> 8.1'
+gem 'otr-activerecord', '~> 2.6.0'
+gem 'sqlite3', '~> 2.9'
+gem 'rubocop', '~> 1.85.0', require: false

 # Geolocation support
 group :geoip do
-  gem 'maxmind-db', '~> 1.2'
+  gem 'maxmind-db', '~> 1.4'
 end

 gem 'parseconfig', '~> 1.1', '>= 1.1.2'
@@ -51,8 +50,8 @@ end

 # DNS extension
 group :ext_dns do
-  gem 'async-dns', '~> 1.3'
-  gem 'async', '~> 1.31'
+  gem 'async-dns', '~> 1.4'
+  gem 'async', '~> 1.32'
 end

 # QRcode extension
@@ -62,30 +61,31 @@ end

 # For running unit tests
 group :test do
-    gem 'test-unit-full', '~> 0.0.5'
-    gem 'rspec', '~> 3.12'
-    gem 'rdoc', '~> 6.6'
-    gem 'browserstack-local', '~> 1.4'
+  gem 'simplecov', '~> 0.22'
+  gem 'test-unit-full', '~> 0.0.5'
+  gem 'rspec', '~> 3.13'
+  gem 'rdoc', '~> 7.2'
+  gem 'browserstack-local', '~> 1.4'

-    gem 'irb', '~> 1.11'
-    gem 'pry-byebug', '~> 3.10', '>= 3.10.1'
+  gem 'irb', '~> 1.17'
+  gem 'pry-byebug', '~> 3.12'

-    gem 'rest-client', '~> 2.1.0'
-    gem 'websocket-client-simple', '~> 0.6.1'
+  gem 'rest-client', '~> 2.1.0'
+  gem 'websocket-client-simple', '~> 0.6.1'

-    # curb gem requires curl libraries
-    # sudo apt-get install libcurl4-openssl-dev
-    gem 'curb', '~> 1.0', '>= 1.0.5'
+  # Note: curb gem requires curl libraries
+  # sudo apt-get install libcurl4-openssl-dev
+  gem 'curb', '~> 1.2'

-    # selenium-webdriver 3.x is incompatible with Firefox version 48 and prior
-    # gem 'selenium' # Requires old version of selenium which is no longer available
-    gem 'geckodriver-helper', '~> 0.24.0'
-    gem 'selenium-webdriver', '~> 4.16'
+  # Note: selenium-webdriver 3.x is incompatible with Firefox version 48 and prior
+  # gem 'selenium' # Requires old version of selenium which is no longer available
+  gem 'geckodriver-helper', '~> 0.24.0'
+  gem 'selenium-webdriver', '~> 4.41'

-    # nokogiri is needed by capybara which may require one of the below commands
-    # sudo apt-get install libxslt-dev libxml2-dev
-    # sudo port install libxml2 libxslt
-    gem 'capybara', '~> 3.39'
+  # Note: nokogiri is needed by capybara which may require one of the below commands
+  # sudo apt-get install libxslt-dev libxml2-dev
+  # sudo port install libxml2 libxslt
+  gem 'capybara', '~> 3.40'
 end

 source 'https://rubygems.org'
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,192 +1,264 @@
 GEM
  remote: https://rubygems.org/
  specs:
-    activemodel (7.0.4.3)
-      activesupport (= 7.0.4.3)
-    activerecord (7.0.4.3)
-      activemodel (= 7.0.4.3)
-      activesupport (= 7.0.4.3)
-    activesupport (7.0.4.3)
-      concurrent-ruby (~> 1.0, >= 1.0.2)
+    activemodel (8.1.2)
+      activesupport (= 8.1.2)
+    activerecord (8.1.2)
+      activemodel (= 8.1.2)
+      activesupport (= 8.1.2)
+      timeout (>= 0.4.0)
+    activesupport (8.1.2)
+      base64
+      bigdecimal
+      concurrent-ruby (~> 1.0, >= 1.3.1)
+      connection_pool (>= 2.2.5)
+      drb
      i18n (>= 1.6, < 2)
+      json
+      logger (>= 1.4.2)
      minitest (>= 5.1)
-      tzinfo (~> 2.0)
-    addressable (2.8.4)
-      public_suffix (>= 2.0.2, < 6.0)
+      securerandom (>= 0.3)
+      tzinfo (~> 2.0, >= 2.0.5)
+      uri (>= 0.13.1)
+    addressable (2.8.7)
+      public_suffix (>= 2.0.2, < 7.0)
    ansi (1.5.0)
-    archive-zip (0.12.0)
-      io-like (~> 0.3.0)
-    ast (2.4.2)
-    async (1.31.0)
+    archive-zip (0.13.1)
+      io-like (~> 0.4.0)
+    ast (2.4.3)
+    async (1.32.1)
      console (~> 1.10)
      nio4r (~> 2.3)
      timers (~> 4.1)
-    async-dns (1.3.0)
-      async-io (~> 1.15)
-    async-io (1.34.3)
+    async-dns (1.4.1)
      async
+      io-endpoint
+    base64 (0.3.0)
+    bigdecimal (4.0.1)
    browserstack-local (1.4.3)
-    byebug (11.1.3)
-    capybara (3.39.2)
+    byebug (13.0.0)
+      reline (>= 0.6.0)
+    capybara (3.40.0)
      addressable
      matrix
      mini_mime (>= 0.1.3)
-      nokogiri (~> 1.8)
+      nokogiri (~> 1.11)
      rack (>= 1.6.0)
      rack-test (>= 0.6.3)
      regexp_parser (>= 1.5, < 3.0)
      xpath (~> 3.2)
    coderay (1.1.3)
-    concurrent-ruby (1.2.2)
-    console (1.16.2)
-      fiber-local
-    curb (1.0.5)
+    concurrent-ruby (1.3.6)
+    connection_pool (3.0.2)
+    console (1.34.0)
+      fiber-annotation
+      fiber-local (~> 1.1)
+      json
+    curb (1.2.2)
    daemons (1.4.1)
-    diff-lcs (1.5.0)
-    domain_name (0.5.20190701)
-      unf (>= 0.0.5, < 1.0.0)
+    date (3.5.1)
+    diff-lcs (1.6.2)
+    docile (1.4.1)
+    domain_name (0.6.20240107)
+    drb (2.2.3)
    em-websocket (0.5.3)
      eventmachine (>= 0.12.9)
      http_parser.rb (~> 0)
+    erb (6.0.1)
    erubis (2.7.0)
    espeak-ruby (1.1.0)
    event_emitter (0.2.6)
    eventmachine (1.2.7)
-    execjs (2.9.1)
-    fiber-local (1.0.0)
+    execjs (2.10.0)
+    fiber-annotation (0.2.0)
+    fiber-local (1.1.0)
+      fiber-storage
+    fiber-storage (1.0.1)
    geckodriver-helper (0.24.0)
      archive-zip (~> 0.7)
-    hashie (5.0.0)
-    hashie-forbidden_attributes (0.1.1)
-      hashie (>= 3.0)
    http-accept (1.7.0)
-    http-cookie (1.0.5)
+    http-cookie (1.0.8)
      domain_name (~> 0.5)
    http_parser.rb (0.8.0)
-    i18n (1.12.0)
+    i18n (1.14.8)
      concurrent-ruby (~> 1.0)
-    io-console (0.7.1)
-    io-like (0.3.1)
-    irb (1.11.0)
-      rdoc
-      reline (>= 0.3.8)
-    json (2.6.3)
-    language_server-protocol (3.17.0.3)
-    matrix (0.4.2)
-    maxmind-db (1.2.0)
-    method_source (1.0.0)
-    mime-types (3.4.1)
-      mime-types-data (~> 3.2015)
-    mime-types-data (3.2023.0218.1)
-    mini_mime (1.1.2)
-    minitest (5.18.0)
-    mojo_magick (0.6.7)
+    io-console (0.8.2)
+    io-endpoint (0.15.2)
+    io-like (0.4.0)
+    irb (1.17.0)
+      pp (>= 0.6.0)
+      prism (>= 1.3.0)
+      rdoc (>= 4.0.0)
+      reline (>= 0.4.2)
+    json (2.18.1)
+    json-schema (6.1.0)
+      addressable (~> 2.8)
+      bigdecimal (>= 3.1, < 5)
+    language_server-protocol (3.17.0.5)
+    lint_roller (1.1.0)
+    logger (1.7.0)
+    matrix (0.4.3)
+    maxmind-db (1.4.0)
+    mcp (0.7.1)
+      json-schema (>= 4.1)
+    method_source (1.1.0)
+    mime-types (3.7.0)
+      logger
+      mime-types-data (~> 3.2025, >= 3.2025.0507)
+    mime-types-data (3.2025.0902)
+    mini_mime (1.1.5)
+    minitest (6.0.1)
+      prism (~> 1.5)
+    mojo_magick (0.6.8)
    msfrpc-client (1.1.2)
      msgpack (~> 1)
-    msgpack (1.6.1)
-    mustermann (3.0.0)
+    msgpack (1.8.0)
+    mustermann (3.0.4)
      ruby2_keywords (~> 0.0.1)
-    net-protocol (0.2.1)
+    net-protocol (0.2.2)
      timeout
-    net-smtp (0.4.0)
+    net-smtp (0.5.1)
      net-protocol
    netrc (0.11.0)
-    nio4r (2.5.8)
-    nokogiri (1.15.2-arm64-darwin)
+    nio4r (2.7.4)
+    nokogiri (1.19.1-aarch64-linux-gnu)
      racc (~> 1.4)
-    nokogiri (1.15.2-x86_64-linux)
+    nokogiri (1.19.1-aarch64-linux-musl)
      racc (~> 1.4)
-    otr-activerecord (2.1.2)
-      activerecord (>= 4.0, < 7.1)
-      hashie-forbidden_attributes (~> 0.1)
-    parallel (1.24.0)
+    nokogiri (1.19.1-arm-linux-gnu)
+      racc (~> 1.4)
+    nokogiri (1.19.1-arm-linux-musl)
+      racc (~> 1.4)
+    nokogiri (1.19.1-arm64-darwin)
+      racc (~> 1.4)
+    nokogiri (1.19.1-x86_64-darwin)
+      racc (~> 1.4)
+    nokogiri (1.19.1-x86_64-linux-gnu)
+      racc (~> 1.4)
+    nokogiri (1.19.1-x86_64-linux-musl)
+      racc (~> 1.4)
+    otr-activerecord (2.6.0)
+      activerecord (>= 6.0, < 9.0)
+    parallel (1.27.0)
    parseconfig (1.1.2)
-    parser (3.2.2.4)
+    parser (3.3.10.2)
      ast (~> 2.4.1)
      racc
-    power_assert (2.0.3)
-    pry (0.14.2)
+    power_assert (2.0.5)
+    pp (0.6.3)
+      prettyprint
+    prettyprint (0.2.0)
+    prism (1.9.0)
+    pry (0.16.0)
      coderay (~> 1.1)
      method_source (~> 1.0)
-    pry-byebug (3.10.1)
-      byebug (~> 11.0)
-      pry (>= 0.13, < 0.15)
-    psych (5.1.2)
+      reline (>= 0.6.0)
+    pry-byebug (3.12.0)
+      byebug (~> 13.0)
+      pry (>= 0.13, < 0.17)
+    psych (5.3.1)
+      date
      stringio
-    public_suffix (5.0.1)
-    qr4r (0.6.1)
+    public_suffix (6.0.2)
+    qr4r (0.6.2)
      mojo_magick (~> 0.6.5)
-      rqrcode_core (~> 0.1)
-    racc (1.7.3)
-    rack (2.2.7)
-    rack-protection (3.0.6)
-      rack
-    rack-test (2.1.0)
+      rqrcode_core (~> 1.0)
+    racc (1.8.1)
+    rack (3.2.5)
+    rack-protection (4.2.1)
+      base64 (>= 0.1.0)
+      logger (>= 1.6.0)
+      rack (>= 3.0.0, < 4)
+    rack-session (2.1.1)
+      base64 (>= 0.1.0)
+      rack (>= 3.0.0)
+    rack-test (2.2.0)
      rack (>= 1.3)
    rainbow (3.1.1)
-    rake (13.1.0)
-    rdoc (6.6.2)
+    rake (13.3.1)
+    rdoc (7.2.0)
+      erb
      psych (>= 4.0.0)
-    regexp_parser (2.8.3)
-    reline (0.4.1)
+      tsort
+    regexp_parser (2.11.3)
+    reline (0.6.3)
      io-console (~> 0.5)
    rest-client (2.1.0)
      http-accept (>= 1.7.0, < 2.0)
      http-cookie (>= 1.0.2, < 2.0)
      mime-types (>= 1.16, < 4.0)
      netrc (~> 0.8)
-    rexml (3.2.6)
-    rqrcode_core (0.2.0)
-    rr (3.1.0)
-    rspec (3.12.0)
-      rspec-core (~> 3.12.0)
-      rspec-expectations (~> 3.12.0)
-      rspec-mocks (~> 3.12.0)
-    rspec-core (3.12.1)
-      rspec-support (~> 3.12.0)
-    rspec-expectations (3.12.2)
+    rexml (3.4.4)
+    rqrcode_core (1.2.0)
+    rr (3.1.2)
+    rspec (3.13.2)
+      rspec-core (~> 3.13.0)
+      rspec-expectations (~> 3.13.0)
+      rspec-mocks (~> 3.13.0)
+    rspec-core (3.13.6)
+      rspec-support (~> 3.13.0)
+    rspec-expectations (3.13.5)
      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.12.0)
-    rspec-mocks (3.12.4)
+      rspec-support (~> 3.13.0)
+    rspec-mocks (3.13.6)
      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.12.0)
-    rspec-support (3.12.0)
-    rubocop (1.59.0)
+      rspec-support (~> 3.13.0)
+    rspec-support (3.13.6)
+    rubocop (1.85.0)
      json (~> 2.3)
-      language_server-protocol (>= 3.17.0)
+      language_server-protocol (~> 3.17.0.2)
+      lint_roller (~> 1.1.0)
+      mcp (~> 0.6)
      parallel (~> 1.10)
-      parser (>= 3.2.2.4)
+      parser (>= 3.3.0.2)
      rainbow (>= 2.2.2, < 4.0)
-      regexp_parser (>= 1.8, < 3.0)
-      rexml (>= 3.2.5, < 4.0)
-      rubocop-ast (>= 1.30.0, < 2.0)
+      regexp_parser (>= 2.9.3, < 3.0)
+      rubocop-ast (>= 1.49.0, < 2.0)
      ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 2.4.0, < 3.0)
-    rubocop-ast (1.30.0)
-      parser (>= 3.2.1.0)
+      unicode-display_width (>= 2.4.0, < 4.0)
+    rubocop-ast (1.49.0)
+      parser (>= 3.3.7.2)
+      prism (~> 1.7)
    ruby-progressbar (1.13.0)
    ruby2_keywords (0.0.5)
-    rubyzip (2.3.2)
+    rubyzip (3.2.2)
    rushover (0.3.0)
      json
      rest-client
-    selenium-webdriver (4.16.0)
+    securerandom (0.4.1)
+    selenium-webdriver (4.41.0)
+      base64 (~> 0.2)
+      logger (~> 1.4)
      rexml (~> 3.2, >= 3.2.5)
-      rubyzip (>= 1.2.2, < 3.0)
+      rubyzip (>= 1.2.2, < 4.0)
      websocket (~> 1.0)
-    sinatra (3.0.6)
+    simplecov (0.22.0)
+      docile (~> 1.1)
+      simplecov-html (~> 0.11)
+      simplecov_json_formatter (~> 0.1)
+    simplecov-html (0.13.2)
+    simplecov_json_formatter (0.1.4)
+    sinatra (4.2.1)
+      logger (>= 1.6.0)
      mustermann (~> 3.0)
-      rack (~> 2.2, >= 2.2.4)
-      rack-protection (= 3.0.6)
+      rack (>= 3.0.0, < 4)
+      rack-protection (= 4.2.1)
+      rack-session (>= 2.0.0, < 3)
      tilt (~> 2.0)
    slack-notifier (2.4.0)
-    sqlite3 (1.6.9-arm64-darwin)
-    sqlite3 (1.6.9-x86_64-linux)
-    stringio (3.1.0)
+    sqlite3 (2.9.1-aarch64-linux-gnu)
+    sqlite3 (2.9.1-aarch64-linux-musl)
+    sqlite3 (2.9.1-arm-linux-gnu)
+    sqlite3 (2.9.1-arm-linux-musl)
+    sqlite3 (2.9.1-arm64-darwin)
+    sqlite3 (2.9.1-x86_64-darwin)
+    sqlite3 (2.9.1-x86_64-linux-gnu)
+    sqlite3 (2.9.1-x86_64-linux-musl)
+    stringio (3.2.0)
    sync (0.5.0)
-    term-ansicolor (1.7.1)
-      tins (~> 1.0)
-    test-unit (3.5.7)
+    term-ansicolor (1.11.3)
+      tins (~> 1)
+    test-unit (3.7.0)
      power_assert
    test-unit-context (0.5.1)
      test-unit (>= 2.4.0)
@@ -203,25 +275,28 @@ GEM
      test-unit (>= 2.5.2)
    test-unit-runner-tap (1.1.2)
      test-unit
-    thin (1.8.2)
+    thin (2.0.1)
      daemons (~> 1.0, >= 1.0.9)
      eventmachine (~> 1.0, >= 1.0.4)
-      rack (>= 1, < 3)
-    tilt (2.1.0)
-    timeout (0.4.0)
-    timers (4.3.5)
-    tins (1.32.1)
+      logger
+      rack (>= 1, < 4)
+    tilt (2.6.1)
+    timeout (0.6.0)
+    timers (4.4.0)
+    tins (1.43.0)
+      bigdecimal
      sync
+    tsort (0.2.0)
    tzinfo (2.0.6)
      concurrent-ruby (~> 1.0)
-    uglifier (4.2.0)
+    uglifier (4.2.1)
      execjs (>= 0.3.0, < 3)
-    unf (0.1.4)
-      unf_ext
-    unf_ext (0.0.8.2)
-    unicode-display_width (2.5.0)
-    webrick (1.8.1)
-    websocket (1.2.10)
+    unicode-display_width (3.2.0)
+      unicode-emoji (~> 4.1)
+    unicode-emoji (4.2.0)
+    uri (1.1.1)
+    webrick (1.9.1)
+    websocket (1.2.11)
    websocket-client-simple (0.6.1)
      event_emitter
      websocket
@@ -231,51 +306,59 @@ GEM
      nokogiri (~> 1.8)

 PLATFORMS
-  arm64-darwin-22
-  x86_64-linux
+  aarch64-linux-gnu
+  aarch64-linux-musl
+  arm-linux-gnu
+  arm-linux-musl
+  arm64-darwin
+  x86_64-darwin
+  x86_64-linux-gnu
+  x86_64-linux-musl

 DEPENDENCIES
+  activerecord (~> 8.1)
  ansi (~> 1.5)
-  async (~> 1.31)
-  async-dns (~> 1.3)
+  async (~> 1.32)
+  async-dns (~> 1.4)
  browserstack-local (~> 1.4)
-  capybara (~> 3.39)
-  curb (~> 1.0, >= 1.0.5)
+  capybara (~> 3.40)
+  curb (~> 1.2)
  em-websocket (~> 0.5.3)
  erubis (~> 2.7)
  espeak-ruby (~> 1.1.0)
  eventmachine (~> 1.2, >= 1.2.7)
-  execjs (~> 2.9)
+  execjs (~> 2.10)
  geckodriver-helper (~> 0.24.0)
-  irb (~> 1.11)
+  irb (~> 1.17)
  json
-  maxmind-db (~> 1.2)
-  mime-types (~> 3.4, >= 3.4.1)
+  maxmind-db (~> 1.4)
+  mime-types (~> 3.7)
  msfrpc-client (~> 1.1, >= 1.1.2)
  net-smtp
-  otr-activerecord (= 2.1.2)
+  otr-activerecord (~> 2.6.0)
  parseconfig (~> 1.1, >= 1.1.2)
-  pry-byebug (~> 3.10, >= 3.10.1)
+  pry-byebug (~> 3.12)
  qr4r (~> 0.6.1)
-  rack (~> 2.2)
-  rack-protection (~> 3.0.5)
-  rake (~> 13.0)
-  rdoc (~> 6.5)
+  rack (~> 3.2)
+  rack-protection (~> 4.2.1)
+  rake (~> 13.3)
+  rdoc (~> 7.2)
  rest-client (~> 2.1.0)
-  rspec (~> 3.12)
-  rubocop (~> 1.59.0)
-  rubyzip (~> 2.3)
+  rspec (~> 3.13)
+  rubocop (~> 1.85.0)
+  rubyzip (~> 3.2)
  rushover (~> 0.3.0)
-  selenium-webdriver (~> 4.16)
-  sinatra (~> 3.0)
+  selenium-webdriver (~> 4.41)
+  simplecov (~> 0.22)
+  sinatra (~> 4.1)
  slack-notifier (~> 2.4)
-  sqlite3 (~> 1.6)
+  sqlite3 (~> 2.9)
  term-ansicolor
  test-unit-full (~> 0.0.5)
-  thin (~> 1.8)
+  thin (~> 2.0)
  uglifier (~> 4.2)
  websocket-client-simple (~> 0.6.1)
  xmlrpc (~> 0.3.3)

 BUNDLED WITH
-   2.4.8
+   2.7.2
--- a/INSTALL.txt
+++ b/INSTALL.txt
@@ -1,7 +1,7 @@
 ===============================================================================
   
-    Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-    Browser Exploitation Framework (BeEF) - http://beefproject.com
+    Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+    Browser Exploitation Framework (BeEF) - https://beefproject.com
    See the file 'doc/COPYING' for copying permission

 ===============================================================================
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
 ===============================================================================

-    Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-    Browser Exploitation Framework (BeEF) - http://beefproject.com
+    Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+    Browser Exploitation Framework (BeEF) - https://beefproject.com
    See the file 'doc/COPYING' for copying permission

 ===============================================================================
@@ -30,7 +30,7 @@ __Security Bugs:__ security@beefproject.com

 __Twitter:__ [@beefproject](https://twitter.com/beefproject)

-__Discord:__ https://discord.gg/ugmKmHarKc
+__Discord:__ https://discord.gg/25wT2P8pwx

 Requirements
 ------------
--- a/62
+++ b/62
@@ -1,28 +1,27 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
-require 'yaml'
-require 'bundler/setup'
-load 'tasks/otr-activerecord.rake'
-#require 'pry-byebug'
-
-
-task :default => ["spec"]
-
-desc 'Generate API documentation to doc/rdocs/index.html'
-task :rdoc do
-  Rake::Task['rdoc:rerdoc'].invoke
-end
-
-## RSPEC
 require 'rspec/core/rake_task'

-RSpec::Core::RakeTask.new(:spec) do |task|
+task :default => ["short"]
+
+RSpec::Core::RakeTask.new(:short) do |task|
+  task.rspec_opts = ['--tag ~run_on_browserstack', '--tag ~run_on_long_tests']
+end
+
+RSpec::Core::RakeTask.new(:long) do |task|
  task.rspec_opts = ['--tag ~run_on_browserstack']
 end

+RSpec::Core::RakeTask.new(:long_only) do |task|
+  task.rspec_opts = ['--tag ~run_on_browserstack', '--tag run_on_long_tests']
+end
+
+################################
+# Browserstack
+
 RSpec::Core::RakeTask.new(:browserstack) do |task|
  task.rspec_opts = ['--tag run_on_browserstack']
 end
@@ -55,7 +54,7 @@ namespace :ssl do
    end
    Rake::Task['ssl:replace'].invoke
  end
-
+  
  desc 'Re-generate SSL certificate'
  task :replace do
    if File.file?('/usr/local/bin/openssl')
@@ -70,6 +69,14 @@ namespace :ssl do
  end
 end

+################################
+# Generate API documentation
+
+desc 'Generate API documentation to doc/rdocs/index.html'
+task :rdoc do
+  Rake::Task['rdoc:rerdoc'].invoke
+end
+
 ################################
 # rdoc

@@ -115,7 +122,6 @@ end
@beef_process_id = nil;
@beef_config_file = 'tmp/rk_beef_conf.yaml';

-
 task :beef_start => 'beef' do
  # read environment param for creds or use bad_fred
  test_user = ENV['TEST_BEEF_USER'] || 'bad_fred'
@@ -190,24 +196,6 @@ file '/tmp/msf-test/msfconsole' do
  sh "cd test;git clone https://github.com/rapid7/metasploit-framework.git /tmp/msf-test"
 end

-
-################################
-# Create Mac DMG File
-
-task :dmg do
-  puts "\nCreating Working Directory\n";
-  sh "mkdir dmg";
-  sh "mkdir dmg/BeEF";
-  sh "rsync * dmg/BeEF --exclude=dmg -r";
-  sh "ln -s /Applications dmg/";
-  puts "\nCreating DMG File\n"
-  sh "hdiutil create ./BeEF.dmg -srcfolder dmg -volname BeEF -ov";
-  puts "\nCleaning Up\n"
-  sh "rm -r dmg";
-  puts "\nBeEF.dmg created\n"
-end
-
-
 ################################
 # ActiveRecord
 namespace :db do
--- a/6
+++ b/6
@@ -1,7 +1,7 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

-0.5.4.0
+0.6.0.0
--- a/18
+++ b/18
@@ -1,8 +1,8 @@
 #!/usr/bin/env ruby

 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

@@ -39,6 +39,10 @@ $root_dir = File.join(File.expand_path(File.dirname(File.realpath(__FILE__))), '
 $:.unshift($root_dir)
 $home_dir = File.expand_path("#{Dir.home}/.beef/", __FILE__).freeze

+# @note Parse BeEF CLI options early (prevents Rack help from taking over)
+require 'core/main/console/commandline'
+BeEF::Core::Console::CommandLine.parse
+
 #
 # @note Require core loader
 #
@@ -194,7 +198,6 @@ end

 # Connect to DB
 ActiveRecord::Base.logger = nil
-OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')]
 OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database:db_file)
 # otr-activerecord require you to manually establish the connection with the following line
 #Also a check to confirm that the correct Gem version is installed to require it, likely easier for old systems.
@@ -203,10 +206,13 @@ if Gem.loaded_specs['otr-activerecord'].version > Gem::Version.create('1.4.2')
 end

 # Migrate (if required)
-context = ActiveRecord::Migration.new.migration_context
+ActiveRecord::Migration.verbose = false # silence activerecord migration stdout messages
+ActiveRecord::Migrator.migrations_paths = [File.join('core', 'main', 'ar-migrations')]
+context = ActiveRecord::MigrationContext.new(ActiveRecord::Migrator.migrations_paths)
 if context.needs_migration?
-  ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration).migrate
+  ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration, context.internal_metadata).migrate
 end
+
 #
 # @note Extensions may take a moment to load, thus we print out a please wait message
 #
@@ -242,6 +248,8 @@ BeEF::Core::Console::Banners.print_loaded_extensions
 BeEF::Core::Console::Banners.print_loaded_modules
 BeEF::Core::Console::Banners.print_network_interfaces_count
 BeEF::Core::Console::Banners.print_network_interfaces_routes
+BeEF::Core::Console::Banners.print_http_proxy
+BeEF::Core::Console::Banners.print_dns

 #
 # @note Prints the API key needed to use the RESTful API
--- a/config.yaml
+++ b/config.yaml
@@ -1,12 +1,12 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 # BeEF Configuration file

 beef:
-    version: '0.5.4.0'
+    version: '0.6.0.0'
    # More verbose messages (server-side)
    debug: false
    # More verbose messages (client-side)
@@ -146,6 +146,6 @@ beef:
        metasploit:
            enable: false
        social_engineering:
-            enable: true
+            enable: false
        xssrays:
            enable: true
--- a/core/api.rb
+++ b/core/api.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

@@ -29,7 +29,7 @@ module BeEF
      #
      def register(owner, clss, method, params = [])
        unless verify_api_path(clss, method)
-          print_error "API Registrar: Attempted to register non-existant API method #{clss} :#{method}"
+          print_error "API Registrar: Attempted to register non-existent API method #{clss} :#{method}"
          return
        end

--- a/core/api/extension.rb
+++ b/core/api/extension.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

--- a/core/api/extensions.rb
+++ b/core/api/extensions.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
--- a/core/api/main/configuration.rb
+++ b/core/api/main/configuration.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
--- a/core/api/main/migration.rb
+++ b/core/api/main/migration.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
--- a/core/api/main/network_stack/assethandler.rb
+++ b/core/api/main/network_stack/assethandler.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
--- a/core/api/main/server.rb
+++ b/core/api/main/server.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
--- a/core/api/main/server/hook.rb
+++ b/core/api/main/server/hook.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
--- a/core/api/module.rb
+++ b/core/api/module.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
--- a/core/api/modules.rb
+++ b/core/api/modules.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
--- a/core/bootstrap.rb
+++ b/core/bootstrap.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
--- a/core/core.rb
+++ b/core/core.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
--- a/core/extension.rb
+++ b/core/extension.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
--- a/core/extensions.rb
+++ b/core/extensions.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
--- a/core/filters.rb
+++ b/core/filters.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
--- a/core/filters/base.rb
+++ b/core/filters/base.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
@@ -187,7 +187,7 @@ module BeEF
    def self.has_valid_browser_details_chars?(str)
      return false unless is_non_empty_string?(str)

-      !(str =~ %r{[^\w\d\s()-.,;:_/!\302\256]}).nil?
+      (str =~ %r{[^\w\d\s()-.,;:_/!\302\256]}).nil?
    end

    # Check for valid base details characters
--- a/core/filters/browser.rb
+++ b/core/filters/browser.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
@@ -8,10 +8,10 @@ module BeEF
    # Check the browser type value - for example, 'FF'
    # @param [String] str String for testing
    # @return [Boolean] If the string has valid browser name characters
-    def self.is_valid_browsername?(str)
+    def self.is_valid_browsername?(str) # rubocop:disable Naming/PredicatePrefix
      return false unless is_non_empty_string?(str)
      return false if str.length > 2
-      return false if has_non_printable_char?(str)
+      return false unless has_valid_browser_details_chars?(str)

      true
    end
@@ -19,9 +19,9 @@ module BeEF
    # Check the Operating System name value - for example, 'Windows XP'
    # @param [String] str String for testing
    # @return [Boolean] If the string has valid Operating System name characters
-    def self.is_valid_osname?(str)
+    def self.is_valid_osname?(str) # rubocop:disable Naming/PredicatePrefix
      return false unless is_non_empty_string?(str)
-      return false if has_non_printable_char?(str)
+      return false unless has_valid_browser_details_chars?(str)
      return false if str.length < 2

      true
@@ -30,9 +30,9 @@ module BeEF
    # Check the Hardware name value - for example, 'iPhone'
    # @param [String] str String for testing
    # @return [Boolean] If the string has valid Hardware name characters
-    def self.is_valid_hwname?(str)
+    def self.is_valid_hwname?(str) # rubocop:disable Naming/PredicatePrefix
      return false unless is_non_empty_string?(str)
-      return false if has_non_printable_char?(str)
+      return false unless has_valid_browser_details_chars?(str)
      return false if str.length < 2

      true
@@ -41,12 +41,12 @@ module BeEF
    # Verify the browser version string is valid
    # @param [String] str String for testing
    # @return [Boolean] If the string has valid browser version characters
-    def self.is_valid_browserversion?(str)
+    def self.is_valid_browserversion?(str) # rubocop:disable Naming/PredicatePrefix
      return false unless is_non_empty_string?(str)
      return false if has_non_printable_char?(str)
      return true if str.eql? 'UNKNOWN'
      return true if str.eql? 'ALL'
-      return false if !nums_only?(str) and !is_valid_float?(str)
+      return false if !nums_only?(str) && !str.match(/\A(0|[1-9][0-9]{0,3})(\.(0|[1-9][0-9]{0,3})){0,3}\z/)
      return false if str.length > 20

      true
@@ -55,7 +55,7 @@ module BeEF
    # Verify the os version string is valid
    # @param [String] str String for testing
    # @return [Boolean] If the string has valid os version characters
-    def self.is_valid_osversion?(str)
+    def self.is_valid_osversion?(str) # rubocop:disable Naming/PredicatePrefix
      return false unless is_non_empty_string?(str)
      return false if has_non_printable_char?(str)
      return true if str.eql? 'UNKNOWN'
@@ -69,9 +69,9 @@ module BeEF
    # Verify the browser/UA string is valid
    # @param [String] str String for testing
    # @return [Boolean] If the string has valid browser / ua string characters
-    def self.is_valid_browserstring?(str)
+    def self.is_valid_browserstring?(str) # rubocop:disable Naming/PredicatePrefix
      return false unless is_non_empty_string?(str)
-      return false if has_non_printable_char?(str)
+      return false unless has_valid_browser_details_chars?(str)
      return false if str.length > 300

      true
@@ -80,7 +80,7 @@ module BeEF
    # Verify the cookies are valid
    # @param [String] str String for testing
    # @return [Boolean] If the string has valid cookie characters
-    def self.is_valid_cookies?(str)
+    def self.is_valid_cookies?(str) # rubocop:disable Naming/PredicatePrefix
      return false unless is_non_empty_string?(str)
      return false if has_non_printable_char?(str)
      return false if str.length > 2000
@@ -91,9 +91,9 @@ module BeEF
    # Verify the system platform is valid
    # @param [String] str String for testing
    # @return [Boolean] If the string has valid system platform characters
-    def self.is_valid_system_platform?(str)
+    def self.is_valid_system_platform?(str) # rubocop:disable Naming/PredicatePrefix
      return false unless is_non_empty_string?(str)
-      return false if has_non_printable_char?(str)
+      return false unless has_valid_browser_details_chars?(str)
      return false if str.length > 200

      true
@@ -102,7 +102,7 @@ module BeEF
    # Verify the date stamp is valid
    # @param [String] str String for testing
    # @return [Boolean] If the string has valid date stamp characters
-    def self.is_valid_date_stamp?(str)
+    def self.is_valid_date_stamp?(str) # rubocop:disable Naming/PredicatePrefix
      return false unless is_non_empty_string?(str)
      return false if has_non_printable_char?(str)
      return false if str.length > 200
@@ -113,7 +113,7 @@ module BeEF
    # Verify the CPU type string is valid
    # @param [String] str String for testing
    # @return [Boolean] If the string has valid CPU type characters
-    def self.is_valid_cpu?(str)
+    def self.is_valid_cpu?(str) # rubocop:disable Naming/PredicatePrefix
      return false unless is_non_empty_string?(str)
      return false if has_non_printable_char?(str)
      return false if str.length > 200
@@ -124,7 +124,7 @@ module BeEF
    # Verify the memory string is valid
    # @param [String] str String for testing
    # @return [Boolean] If the string has valid memory type characters
-    def self.is_valid_memory?(str)
+    def self.is_valid_memory?(str) # rubocop:disable Naming/PredicatePrefix
      return false unless is_non_empty_string?(str)
      return false if has_non_printable_char?(str)
      return false if str.length > 200
@@ -135,7 +135,7 @@ module BeEF
    # Verify the GPU type string is valid
    # @param [String] str String for testing
    # @return [Boolean] If the string has valid GPU type characters
-    def self.is_valid_gpu?(str)
+    def self.is_valid_gpu?(str) # rubocop:disable Naming/PredicatePrefix
      return false unless is_non_empty_string?(str)
      return false if has_non_printable_char?(str)
      return false if str.length > 200
@@ -148,11 +148,11 @@ module BeEF
    # @return [Boolean] If the string has valid browser plugin characters
    # @note This string can be empty if there are no browser plugins
    # @todo Verify if the ruby version statement is still necessary
-    def self.is_valid_browser_plugins?(str)
+    def self.is_valid_browser_plugins?(str) # rubocop:disable Naming/PredicatePrefix
      return false unless is_non_empty_string?(str)
      return false if str.length > 1000

-      if str.encoding === Encoding.find('UTF-8')
+      if str.encoding == Encoding.find('UTF-8') # Style/CaseEquality: Avoid the use of the case equality operator `===`.
        (str =~ /[^\w\d\s()-.,';_!\302\256]/u).nil?
      else
        (str =~ /[^\w\d\s()-.,';_!\302\256]/n).nil?
--- a/core/filters/command.rb
+++ b/core/filters/command.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
--- a/core/filters/http.rb
+++ b/core/filters/http.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
--- a/core/filters/page.rb
+++ b/core/filters/page.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
--- a/core/hbmanager.rb
+++ b/core/hbmanager.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
--- a/core/loader.rb
+++ b/core/loader.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

--- a/core/logger.rb
+++ b/core/logger.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

--- a/core/main/ar-migrations/015_create_http.rb
+++ b/core/main/ar-migrations/015_create_http.rb
@@ -4,8 +4,8 @@ class CreateHttp < ActiveRecord::Migration[6.0]
      t.text :hooked_browser_id
      # The http request to perform. In clear text.
      t.text :request
-      # Boolean value as string to say whether cross-domain requests are allowed
-      t.boolean :allow_cross_domain, default: true
+      # Boolean value as string to say whether cross-origin requests are allowed
+      t.boolean :allow_cross_origin, default: true
      # The http response body received. In clear text.
      t.text :response_data
      # The http response code. Useful to handle cases like 404, 500, 302, ...
@@ -26,7 +26,7 @@ class CreateHttp < ActiveRecord::Migration[6.0]
      t.text :domain
      # The port on which perform the request.
      t.text :port
-      # Boolean value to say if the request was cross-domain
+      # Boolean value to say if the request was cross-origin
      t.text :has_ran, default: 'waiting'
      # The path of the request.
      # Example: /secret.html
--- a/core/main/ar-migrations/025_create_xssrays_scan.rb
+++ b/core/main/ar-migrations/025_create_xssrays_scan.rb
@@ -5,7 +5,7 @@ class CreateXssraysScan < ActiveRecord::Migration[6.0]
      t.datetime :scan_start
      t.datetime :scan_finish
      t.text :domain
-      t.text :cross_domain
+      t.text :cross_origin
      t.integer :clean_timeout
      t.boolean :is_started
      t.boolean :is_finished
--- a/core/main/autorun_engine/engine.rb
+++ b/core/main/autorun_engine/engine.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
--- a/core/main/autorun_engine/parser.rb
+++ b/core/main/autorun_engine/parser.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
--- a/core/main/autorun_engine/rule_loader.rb
+++ b/core/main/autorun_engine/rule_loader.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
@@ -105,6 +105,99 @@ module BeEF
          { 'success' => false, 'error' => e.message }
        end

+        # Update an ARE rule set.
+        # @param [Hash] ARE rule ID.
+        # @param [Hash] ARE ruleset as JSON
+        # @return [Hash] {"success": Boolean, "rule_id": Integer, "error": String}
+        def update_rule_json(id, data)
+          # Quite similar in implementation to load_rule_json. Might benefit from a refactor.
+          name = data['name'] || ''
+          author = data['author'] || ''
+          browser = data['browser'] || 'ALL'
+          browser_version = data['browser_version'] || 'ALL'
+          os = data['os'] || 'ALL'
+          os_version = data['os_version'] || 'ALL'
+          modules = data['modules']
+          execution_order = data['execution_order']
+          execution_delay = data['execution_delay']
+          chain_mode = data['chain_mode'] || 'sequential'
+
+          begin
+            BeEF::Core::AutorunEngine::Parser.instance.parse(
+              name,
+              author,
+              browser,
+              browser_version,
+              os,
+              os_version,
+              modules,
+              execution_order,
+              execution_delay,
+              chain_mode
+            )
+          rescue => e
+            print_error("[ARE] Error updating ruleset (#{name}): #{e.message}")
+            return { 'success' => false, 'error' => e.message }
+          end
+
+          existing_rule = BeEF::Core::Models::Rule.where(
+            name: name,
+            author: author,
+            browser: browser,
+            browser_version: browser_version,
+            os: os,
+            os_version: os_version,
+            modules: modules.to_json,
+            execution_order: execution_order.to_s,
+            execution_delay: execution_delay.to_s,
+            chain_mode: chain_mode
+          ).first
+
+          unless existing_rule.nil?
+            msg = "Duplicate rule already exists in the database (ID: #{existing_rule.id})"
+            print_info("[ARE] Skipping ruleset (#{name}): #{msg}")
+            return { 'success' => false, 'error' => msg }
+          end
+          old_are_rule = BeEF::Core::Models::Rule.find_by(id: id)
+
+          old_are_rule.update(
+            name: name,
+            author: author,
+            browser: browser,
+            browser_version: browser_version,
+            os: os,
+            os_version: os_version,
+            modules: modules.to_json,
+            execution_order: execution_order.to_s,
+            execution_delay: execution_delay.to_s,
+            chain_mode: chain_mode
+          )
+
+          print_info("[ARE] Ruleset (#{name}) updated successfully.")
+
+          if @debug_on
+            print_more "Target Browser: #{browser} (#{browser_version})"
+            print_more "Target OS: #{os} (#{os_version})"
+            print_more 'Modules to run:'
+            modules.each do |mod|
+              print_more "(*) Name: #{mod['name']}"
+              print_more "(*) Condition: #{mod['condition']}"
+              print_more "(*) Code: #{mod['code']}"
+              print_more '(*) Options:'
+              mod['options'].each do |key, value|
+                print_more "\t#{key}: (#{value})"
+              end
+            end
+            print_more "Exec order: #{execution_order}"
+            print_more "Exec delay: #{exec_delay}"
+          end
+
+          { 'success' => true }
+        rescue TypeError, ArgumentError => e
+          print_error("[ARE] Failed to update ruleset (#{name}): #{e.message}")
+          { 'success' => false, 'error' => e.message }
+        end
+
        # Load an ARE ruleset from file
        # @param [String] JSON ARE ruleset file path
        def load_rule_file(json_rule_path)
--- a/core/main/client/are.js
+++ b/core/main/client/are.js
@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

--- a/core/main/client/beef.js
+++ b/core/main/client/beef.js
@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

--- a/core/main/client/browser.js
+++ b/core/main/client/browser.js
@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

@@ -944,14 +944,25 @@ beef.browser = {
     */
    isFF99: function () {
        return !!window.devicePixelRatio && !!window.history.replaceState && (this.getProtocol() == "https:" ? typeof navigator.mozGetUserMedia != "undefined" : true) && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/99./) != null;
+    }, 
+
+    /**
+     * Returns true if the browser is any version of Firefox.
+     * @example: beef.browser.isFFbowser()
+    */
+    isFFbowser: function () {
+        const parser = bowser.getParser(navigator.userAgent);
+        const browserName = parser.getBrowserName();
+        return browserName == 'Firefox';
    },

    /**
-     * Returns true if FF.
+     * Returns true if the browser is any version of Firefox.
     * @example: beef.browser.isFF()
     */
    isFF: function () {
-        return this.isFF2() || this.isFF3() || this.isFF3_5() || this.isFF3_6() || this.isFF4() || this.isFF5() || this.isFF6() || this.isFF7() || this.isFF8() || this.isFF9() || this.isFF10() || this.isFF11() || this.isFF12() || this.isFF13() || this.isFF14() || this.isFF15() || this.isFF16() || this.isFF17() || this.isFF18() || this.isFF19() || this.isFF20() || this.isFF21() || this.isFF22() || this.isFF23() || this.isFF24() || this.isFF25() || this.isFF26() || this.isFF27() || this.isFF28() || this.isFF29() || this.isFF30() || this.isFF31() || this.isFF32() || this.isFF33() || this.isFF34() || this.isFF35() || this.isFF36() || this.isFF37() || this.isFF38() || this.isFF39() || this.isFF40() || this.isFF41() || this.isFF42() || this.isFF43() || this.isFF44() || this.isFF45() || this.isFF46() || this.isFF47() || this.isFF48() || this.isFF49() || this.isFF50() || this.isFF51() || this.isFF52() || this.isFF53() || this.isFF54() || this.isFF55() || this.isFF56() || this.isFF57() || this.isFF58()|| this.isFF59() || this.isFF60() || this.isFF61() || this.isFF62() || this.isFF63() || this.isFF64() || this.isFF65() || this.isFF66() || this.isFF67() || this.isFF68() || this.isFF69() || this.isFF70() || this.isFF71() || this.isFF72() || this.isFF73() || this.isFF74() || this.isFF75() || this.isFF76() || this.isFF77() || this.isFF78() || this.isFF79() || this.isFF80() || this.isFF81() || this.isFF82() || this.isFF83() || this.isFF84() || this.isFF85() || this.isFF86() || this.isFF87() || this.isFF88() || this.isFF89() || this.isFF90() || this.isFF91() || this.isFF92() || this.isFF93() || this.isFF94() || this.isFF95() || this.isFF96() || this.isFF97() || this.isFF98() || this.isFF99();
+        var legacyCheck = this.isFF2() || this.isFF3() || this.isFF3_5() || this.isFF3_6() || this.isFF4() || this.isFF5() || this.isFF6() || this.isFF7() || this.isFF8() || this.isFF9() || this.isFF10() || this.isFF11() || this.isFF12() || this.isFF13() || this.isFF14() || this.isFF15() || this.isFF16() || this.isFF17() || this.isFF18() || this.isFF19() || this.isFF20() || this.isFF21() || this.isFF22() || this.isFF23() || this.isFF24() || this.isFF25() || this.isFF26() || this.isFF27() || this.isFF28() || this.isFF29() || this.isFF30() || this.isFF31() || this.isFF32() || this.isFF33() || this.isFF34() || this.isFF35() || this.isFF36() || this.isFF37() || this.isFF38() || this.isFF39() || this.isFF40() || this.isFF41() || this.isFF42() || this.isFF43() || this.isFF44() || this.isFF45() || this.isFF46() || this.isFF47() || this.isFF48() || this.isFF49() || this.isFF50() || this.isFF51() || this.isFF52() || this.isFF53() || this.isFF54() || this.isFF55() || this.isFF56() || this.isFF57() || this.isFF58()|| this.isFF59() || this.isFF60() || this.isFF61() || this.isFF62() || this.isFF63() || this.isFF64() || this.isFF65() || this.isFF66() || this.isFF67() || this.isFF68() || this.isFF69() || this.isFF70() || this.isFF71() || this.isFF72() || this.isFF73() || this.isFF74() || this.isFF75() || this.isFF76() || this.isFF77() || this.isFF78() || this.isFF79() || this.isFF80() || this.isFF81() || this.isFF82() || this.isFF83() || this.isFF84() || this.isFF85() || this.isFF86() || this.isFF87() || this.isFF88() || this.isFF89() || this.isFF90() || this.isFF91() || this.isFF92() || this.isFF93() || this.isFF94() || this.isFF95() || this.isFF96() || this.isFF97() || this.isFF98() || this.isFF99();
+        return legacyCheck || this.isFFbowser();
    },

    /**
@@ -2438,12 +2449,23 @@ beef.browser = {
        return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./) != null) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 99) ? true : false);
    },

+    /**
+     * Returns true for modern versions of Chrome (above 9).
+     * @example: beef.browser.isCbowser()
+     */
+    isCbowser: function () {
+        const parser = bowser.getParser(navigator.userAgent);
+        const browserName = parser.getBrowserName();
+        return browserName == 'Chrome';
+    },    
+
    /**
     * Returns true if Chrome.
     * @example: beef.browser.isC()
     */
    isC: function () {
-        return this.isC5() || this.isC6() || this.isC7() || this.isC8() || this.isC9() || this.isC10() || this.isC11() || this.isC12() || this.isC13() || this.isC14() || this.isC15() || this.isC16() || this.isC17() || this.isC18() || this.isC19() || this.isC19iOS() || this.isC20() || this.isC20iOS() || this.isC21() || this.isC21iOS() || this.isC22() || this.isC22iOS() || this.isC23() || this.isC23iOS() || this.isC24() || this.isC24iOS() || this.isC25() || this.isC25iOS() || this.isC26() || this.isC26iOS() || this.isC27() || this.isC27iOS() || this.isC28() || this.isC28iOS() || this.isC29() || this.isC29iOS() || this.isC30() || this.isC30iOS() || this.isC31() || this.isC31iOS() || this.isC32() || this.isC32iOS() || this.isC33() || this.isC33iOS() || this.isC34() || this.isC34iOS() || this.isC35() || this.isC35iOS() || this.isC36() || this.isC36iOS() || this.isC37() || this.isC37iOS() || this.isC38() || this.isC38iOS() || this.isC39() || this.isC39iOS() || this.isC40() || this.isC40iOS() || this.isC41() || this.isC41iOS() || this.isC42() || this.isC42iOS() || this.isC43() || this.isC43iOS() || this.isC44() || this.isC44iOS() || this.isC45() || this.isC45iOS() || this.isC46() || this.isC46iOS() || this.isC47() || this.isC47iOS() || this.isC48() || this.isC48iOS() || this.isC49() || this.isC49iOS() || this.isC50() || this.isC50iOS() || this.isC51() || this.isC51iOS() || this.isC52() || this.isC52iOS() || this.isC53() || this.isC53iOS() || this.isC54() || this.isC54iOS() || this.isC55() || this.isC55iOS() || this.isC56() || this.isC56iOS() || this.isC57() || this.isC57iOS() || this.isC58() || this.isC58iOS() || this.isC59() || this.isC59iOS()|| this.isC60() || this.isC60iOS()|| this.isC61() || this.isC61iOS()|| this.isC62() || this.isC62iOS()|| this.isC63() || this.isC63iOS()|| this.isC64() || this.isC64iOS()|| this.isC65() || this.isC65iOS()|| this.isC66() || this.isC66iOS()|| this.isC67() || this.isC67iOS()|| this.isC68() || this.isC68iOS()|| this.isC69() || this.isC69iOS()|| this.isC70() || this.isC70iOS()|| this.isC71() || this.isC71iOS()|| this.isC72() || this.isC72iOS()|| this.isC73() || this.isC73iOS()|| this.isC74() || this.isC74iOS()|| this.isC75() || this.isC75iOS()|| this.isC76() || this.isC76iOS()|| this.isC77() || this.isC77iOS()|| this.isC78() || this.isC78iOS()|| this.isC79() || this.isC79iOS()|| this.isC80() || this.isC80iOS()|| this.isC81() || this.isC81iOS()|| this.isC82() || this.isC82iOS()|| this.isC83() || this.isC83iOS()|| this.isC84() || this.isC84iOS()|| this.isC85() || this.isC85iOS()|| this.isC86() || this.isC86iOS()|| this.isC87() || this.isC87iOS()|| this.isC88() || this.isC88iOS()|| this.isC89() || this.isC89iOS()|| this.isC90() || this.isC90iOS()|| this.isC91() || this.isC91iOS()|| this.isC92() || this.isC92iOS()|| this.isC93() || this.isC93iOS()|| this.isC94() || this.isC94iOS()|| this.isC95() || this.isC95iOS()|| this.isC96() || this.isC96iOS()|| this.isC97() || this.isC97iOS()|| this.isC98() || this.isC98iOS()|| this.isC99() || this.isC99iOS();
+        var legacyCheck = this.isC5() || this.isC6() || this.isC7() || this.isC8() || this.isC9() || this.isC10() || this.isC11() || this.isC12() || this.isC13() || this.isC14() || this.isC15() || this.isC16() || this.isC17() || this.isC18() || this.isC19() || this.isC19iOS() || this.isC20() || this.isC20iOS() || this.isC21() || this.isC21iOS() || this.isC22() || this.isC22iOS() || this.isC23() || this.isC23iOS() || this.isC24() || this.isC24iOS() || this.isC25() || this.isC25iOS() || this.isC26() || this.isC26iOS() || this.isC27() || this.isC27iOS() || this.isC28() || this.isC28iOS() || this.isC29() || this.isC29iOS() || this.isC30() || this.isC30iOS() || this.isC31() || this.isC31iOS() || this.isC32() || this.isC32iOS() || this.isC33() || this.isC33iOS() || this.isC34() || this.isC34iOS() || this.isC35() || this.isC35iOS() || this.isC36() || this.isC36iOS() || this.isC37() || this.isC37iOS() || this.isC38() || this.isC38iOS() || this.isC39() || this.isC39iOS() || this.isC40() || this.isC40iOS() || this.isC41() || this.isC41iOS() || this.isC42() || this.isC42iOS() || this.isC43() || this.isC43iOS() || this.isC44() || this.isC44iOS() || this.isC45() || this.isC45iOS() || this.isC46() || this.isC46iOS() || this.isC47() || this.isC47iOS() || this.isC48() || this.isC48iOS() || this.isC49() || this.isC49iOS() || this.isC50() || this.isC50iOS() || this.isC51() || this.isC51iOS() || this.isC52() || this.isC52iOS() || this.isC53() || this.isC53iOS() || this.isC54() || this.isC54iOS() || this.isC55() || this.isC55iOS() || this.isC56() || this.isC56iOS() || this.isC57() || this.isC57iOS() || this.isC58() || this.isC58iOS() || this.isC59() || this.isC59iOS()|| this.isC60() || this.isC60iOS()|| this.isC61() || this.isC61iOS()|| this.isC62() || this.isC62iOS()|| this.isC63() || this.isC63iOS()|| this.isC64() || this.isC64iOS()|| this.isC65() || this.isC65iOS()|| this.isC66() || this.isC66iOS()|| this.isC67() || this.isC67iOS()|| this.isC68() || this.isC68iOS()|| this.isC69() || this.isC69iOS()|| this.isC70() || this.isC70iOS()|| this.isC71() || this.isC71iOS()|| this.isC72() || this.isC72iOS()|| this.isC73() || this.isC73iOS()|| this.isC74() || this.isC74iOS()|| this.isC75() || this.isC75iOS()|| this.isC76() || this.isC76iOS()|| this.isC77() || this.isC77iOS()|| this.isC78() || this.isC78iOS()|| this.isC79() || this.isC79iOS()|| this.isC80() || this.isC80iOS()|| this.isC81() || this.isC81iOS()|| this.isC82() || this.isC82iOS()|| this.isC83() || this.isC83iOS()|| this.isC84() || this.isC84iOS()|| this.isC85() || this.isC85iOS()|| this.isC86() || this.isC86iOS()|| this.isC87() || this.isC87iOS()|| this.isC88() || this.isC88iOS()|| this.isC89() || this.isC89iOS()|| this.isC90() || this.isC90iOS()|| this.isC91() || this.isC91iOS()|| this.isC92() || this.isC92iOS()|| this.isC93() || this.isC93iOS()|| this.isC94() || this.isC94iOS()|| this.isC95() || this.isC95iOS()|| this.isC96() || this.isC96iOS()|| this.isC97() || this.isC97iOS()|| this.isC98() || this.isC98iOS()|| this.isC99() || this.isC99iOS();
+        return legacyCheck || this.isCbowser();
    },

    /**
@@ -2486,12 +2508,23 @@ beef.browser = {
        return (!!window.opera && (window.navigator.userAgent.match(/Opera\/9\.80.*Version\/12\./) != null));
    },

+    /**
+     * Returns true if the browser is any version of Opera.
+     * @example: beef.browser.isObowser()
+    */
+    isObowser: function () {
+        const parser = bowser.getParser(navigator.userAgent);
+        const browserName = parser.getBrowserName();
+        return browserName == 'Opera';
+    },
+
    /**
     * Returns true if Opera.
     * @example: beef.browser.isO()
     */
    isO: function () {
-        return this.isO9_52() || this.isO9_60() || this.isO10() || this.isO11() || this.isO12();
+        var legacyCheck = this.isO9_52() || this.isO9_60() || this.isO10() || this.isO11() || this.isO12();
+        return legacyCheck || this.isObowser();
    },

    /**
@@ -4265,9 +4298,6 @@ beef.browser = {

        try {
            var cookies = document.cookie;
-            /* Never stop the madness dear C.
-             * var veglol = beef.browser.cookie.veganLol();
-             */
            if (cookies) details['browser.window.cookies'] = cookies;
        } catch (e) {
            beef.debug("Cookies can't be read. The hooked origin is most probably using HttpOnly.");
--- a/core/main/client/browser/cookie.js
+++ b/core/main/client/browser/cookie.js
@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

@@ -72,7 +72,7 @@ beef.browser.cookie = {
 		},

 	    /** @memberof beef.browser.cookie */
-		veganLol: function (){
+		cookieValueRandomizer: function (){
 			var to_hell= '';
 			var min = 17;
 			var max = 25;
@@ -100,7 +100,7 @@ beef.browser.cookie = {
 		},
 		/** @memberof beef.browser.cookie */
 		hasSessionCookies: function (name){
-			this.setCookie( name, beef.browser.cookie.veganLol(), '', '/', '', '' );
+			this.setCookie( name, beef.browser.cookie.cookieValueRandomizer(), '', '/', '', '' );

 			cookiesEnabled = (this.getCookie(name) == null)? false:true;
 			this.deleteCookie(name, '/', '');
@@ -109,7 +109,7 @@ beef.browser.cookie = {
 		},
 		/** @memberof beef.browser.cookie */
 		hasPersistentCookies: function (name){
-			this.setCookie( name, beef.browser.cookie.veganLol(), 1, '/', '', '' );
+			this.setCookie( name, beef.browser.cookie.cookieValueRandomizer(), 1, '/', '', '' );

 			cookiesEnabled = (this.getCookie(name) == null)? false:true;
 			this.deleteCookie(name, '/', '');
--- a/core/main/client/browser/popup.js
+++ b/core/main/client/browser/popup.js
@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

--- a/core/main/client/dom.js
+++ b/core/main/client/dom.js
@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

--- a/core/main/client/encode/base64.js
+++ b/core/main/client/encode/base64.js
@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

--- a/core/main/client/encode/json.js
+++ b/core/main/client/encode/json.js
@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

--- a/core/main/client/geolocation.js
+++ b/core/main/client/geolocation.js
@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

--- a/core/main/client/hardware.js
+++ b/core/main/client/hardware.js
@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

--- a/core/main/client/init.js
+++ b/core/main/client/init.js
@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

--- a/core/main/client/lib/bowser-2.11.0.min.js
+++ b/core/main/client/lib/bowser-2.11.0.min.js
--- a/core/main/client/lib/evercookie.js
+++ b/core/main/client/lib/evercookie.js
@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

@@ -31,7 +31,7 @@
 *  for example, if someone deletes all but one type of cookie, once
 *  that cookie is re-discovered, all of the other cookie types get reset
 *
- *  !!! SOME OF THESE ARE CROSS-DOMAIN COOKIES, THIS MEANS
+ *  !!! SOME OF THESE ARE CROSS-ORIGIN COOKIES, THIS MEANS
 *  OTHER SITES WILL BE ABLE TO READ SOME OF THESE COOKIES !!!
 *
 * USAGE:
@@ -803,7 +803,7 @@ this.evercookie_cookie = function(name, value)
        else
            return this.getFromStr(name, document.cookie);
    }catch(e){
-        // the hooked domain is using HttpOnly, so we must set the hook ID in a different way.
+        // the hooked origin is using HttpOnly, so we must set the hook ID in a different way.
        // evercookie_userdata and evercookie_window will be used in this case.
    }
 };
--- a/core/main/client/logger.js
+++ b/core/main/client/logger.js
@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

--- a/core/main/client/mitb.js
+++ b/core/main/client/mitb.js
@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

@@ -38,7 +38,7 @@ beef.mitb = {
                        if (method == "GET") {
                            //GET request -> cross-origin
                            if (url.indexOf(document.location.hostname) == -1 || (portR != null && requestPort != document.location.port )) {
-                                beef.mitb.sniff("GET [Ajax CrossDomain Request]: " + url);
+                                beef.mitb.sniff("GET [Ajax CrossOrigin Request]: " + url);
                                window.open(url);
                            }else { //GET request -> same-origin
                                beef.mitb.sniff("GET [Ajax Request]: " + url);
--- a/core/main/client/net.js
+++ b/core/main/client/net.js
@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

@@ -74,7 +74,7 @@ beef.net = {
        this.status_text = null;        // success, timeout, error, ...
        this.response_body = null;      // "<html>…." if not a cross-origin request
        this.port_status = null;        // tcp port is open, closed or not http
-        this.was_cross_domain = null;   // true or false
+        this.was_cross_origin = null;   // true or false
        this.was_timedout = null;       // the user specified timeout was reached
        this.duration = null;           // how long it took for the request to complete
        this.headers = null;            // full response headers
@@ -217,11 +217,11 @@ beef.net = {
     * @return {Object} this object contains the response details
     */
    request: function (scheme, method, domain, port, path, anchor, data, timeout, dataType, callback) {
-        //check if same domain or cross domain
-        var cross_domain = true;
+        //check if same origin or cross origin
+        var cross_origin = true;
        if (document.domain == domain.replace(/(\r\n|\n|\r)/gm, "")) { //strip eventual line breaks
            if (document.location.port == "" || document.location.port == null) {
-                cross_domain = !(port == "80" || port == "443");
+                cross_origin = !(port == "80" || port == "443");
            }
        }

@@ -238,12 +238,12 @@ beef.net = {

        //define response object
        var response = new this.response;
-        response.was_cross_domain = cross_domain;
+        response.was_cross_origin = cross_origin;
        var start_time = new Date().getTime();

        /*
         * according to http://api.jquery.com/jQuery.ajax/, Note: having 'script':
-         * This will turn POSTs into GETs for remote-domain requests.
+         * This will turn POSTs into GETs for cross origin requests.
         */
        if (method == "POST") {
            $j.ajaxSetup({
@@ -310,7 +310,7 @@ beef.net = {
    /**
     * Similar to beef.net.request, except from a few things that are needed when dealing with forged requests:
     *  - requestid: needed on the callback
-     *  - allowCrossDomain: set cross-domain requests as allowed or blocked
+     *  - allowCrossOrigin: set cross-origin requests as allowed or blocked
     *
     * forge_request is used mainly by the Requester and Tunneling Proxy Extensions.
     * Example usage:
@@ -318,20 +318,20 @@ beef.net = {
     *   true, null, { foo: "bar" }, 5, 'html', false, null, function(response) {
     *   alert(response.response_body)})
     */
-    forge_request: function (scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, allowCrossDomain, requestid, callback) {
+    forge_request: function (scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, allowCrossOrigin, requestid, callback) {

        if (domain == "undefined" || path == "undefined") {
            beef.debug("[beef.net.forge_request] Error: Malformed request. No host specified.");
            return;
        }

-        // check if same domain or cross domain
-        var cross_domain = true;
+        // check if same origin or cross origin
+        var cross_origin = true;
        if (document.domain == domain && document.location.protocol == scheme + ':') {
            if (document.location.port == "" || document.location.port == null) {
-                cross_domain = !(port == "80" || port == "443");
+                cross_origin = !(port == "80" || port == "443");
            } else {
-                if (document.location.port == port) cross_domain = false;
+                if (document.location.port == port) cross_origin = false;
            }
        }

@@ -348,23 +348,23 @@ beef.net = {

        // define response object
        var response = new this.response;
-        response.was_cross_domain = cross_domain;
+        response.was_cross_origin = cross_origin;
        var start_time = new Date().getTime();

-        // if cross-domain requests are not allowed and the request is cross-domain
+        // if cross-origin requests are not allowed and the request is cross-origin
        // don't proceed and return
-        if (allowCrossDomain == "false" && cross_domain) {
+        if (allowCrossOrigin == "false" && cross_origin) {
            beef.debug("[beef.net.forge_request] Error: Cross Domain Request. The request was not sent.");
            response.status_code = -1;
-            response.status_text = "crossdomain";
-            response.port_status = "crossdomain";
+            response.status_text = "crossorigin";
+            response.port_status = "crossorigin";
            response.response_body = "ERROR: Cross Domain Request. The request was not sent.\n";
            response.headers = "ERROR: Cross Domain Request. The request was not sent.\n";
            if (callback != null) callback(response, requestid);
            return response;
        }

-        // if the request was cross-domain from a HTTPS origin to HTTP
+        // if the request was cross-origin from a HTTPS origin to HTTP
        // don't proceed and return
        if (document.location.protocol == 'https:' && scheme == 'http') {
            beef.debug("[beef.net.forge_request] Error: Mixed Active Content. The request was not sent.");
@@ -379,7 +379,7 @@ beef.net = {

        /*
         * according to http://api.jquery.com/jQuery.ajax/, Note: having 'script':
-         * This will turn POSTs into GETs for remote-domain requests.
+         * This will turn POSTs into GETs for cross origin requests.
         */
        if (method == "POST") {
            $j.ajaxSetup({
@@ -432,10 +432,10 @@ beef.net = {
            },

            complete: function (xhr, textStatus) {
-                // cross-domain request
-                if (cross_domain) {
+                // cross-origin request
+                if (cross_origin) {

-                    response.port_status = "crossdomain";
+                    response.port_status = "crossorigin";

                    if (xhr.status != 0) {
                        response.status_code = xhr.status;
@@ -446,7 +446,7 @@ beef.net = {
                    if (textStatus) {
                        response.status_text = textStatus;
                    } else {
-                        response.status_text = "crossdomain";
+                        response.status_text = "crossorigin";
                    }

                    if (xhr.getAllResponseHeaders()) {
@@ -460,7 +460,7 @@ beef.net = {
                    }

                } else {
-                    // same-domain request
+                    // same-origin request
                    response.status_code = xhr.status;
                    response.status_text = textStatus;
                    response.headers = xhr.getAllResponseHeaders();
--- a/core/main/client/net/connection.js
+++ b/core/main/client/net/connection.js
@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

--- a/core/main/client/net/dns.js
+++ b/core/main/client/net/dns.js
@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

--- a/core/main/client/net/local.js
+++ b/core/main/client/net/local.js
@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

--- a/core/main/client/net/portscanner.js
+++ b/core/main/client/net/portscanner.js
@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

--- a/core/main/client/net/requester.js
+++ b/core/main/client/net/requester.js
@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

@@ -25,7 +25,7 @@ beef.net.requester = {
            request = requests_array[i];
            if (request.proto == 'https') var scheme = 'https'; else var scheme = 'http';
            beef.debug('[Requester] ' + request.method + ' ' + scheme + '://' + request.host + ':' + request.port + request.uri + ' - Data: ' + request.data);
-            beef.net.forge_request(scheme, request.method, request.host, request.port, request.uri, null, request.headers, request.data, 10, null, request.allowCrossDomain, request.id,
+            beef.net.forge_request(scheme, request.method, request.host, request.port, request.uri, null, request.headers, request.data, 10, null, request.allowCrossOrigin, request.id,
                                       function(res, requestid) { beef.net.send('/requester', requestid, {
                                           response_data: res.response_body,
                                           response_status_code: res.status_code,
--- a/core/main/client/net/xssrays.js
+++ b/core/main/client/net/xssrays.js
@@ -171,7 +171,7 @@ beef.net.xssrays = {
                this.xss({href:url.href, pathname:url.pathname, hostname:url.hostname, port: url.port, protocol: location.protocol,
                    search:url.search, type: 'url'});//scan each link & param
            } else {
-                beef.debug('Scan is not Cross-domain.  URLS\nurl :' + url.hostname.toString());
+                beef.debug('Scan is not Cross-origin.  URLS\nurl :' + url.hostname.toString());
                beef.debug('\nlocation :' + location.hostname.toString());
            }
        }
@@ -251,7 +251,7 @@ beef.net.xssrays = {
                            continue;
                        }
                        if (!this.crossDomain && (this.host(action).toString() != this.host(location.toString()))) {
-                            beef.debug('Scan is not Cross-domain. FormPost\naction :' + this.host(action).toString());
+                            beef.debug('Scan is not Cross-origin. FormPost\naction :' + this.host(action).toString());
                            beef.debug('location :' + this.host(location));
                            continue;
                        }
--- a/core/main/client/os.js
+++ b/core/main/client/os.js
@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

--- a/core/main/client/session.js
+++ b/core/main/client/session.js
@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

--- a/core/main/client/timeout.js
+++ b/core/main/client/timeout.js
@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

--- a/core/main/client/updater.js
+++ b/core/main/client/updater.js
@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

--- a/core/main/client/webrtc.js
+++ b/core/main/client/webrtc.js
@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

--- a/core/main/client/websocket.js
+++ b/core/main/client/websocket.js
@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

--- a/core/main/command.rb
+++ b/core/main/command.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

--- a/core/main/configuration.rb
+++ b/core/main/configuration.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

@@ -26,7 +26,6 @@ module BeEF
        begin
          # open base config
          @config = load(config)
-          # set default value if key? does not exist
          @config.default = nil
          @@config = config
        rescue StandardError => e
@@ -72,10 +71,12 @@ module BeEF

        return unless validate_public_config_variable?(@config)

+        # Note for developers:
+        # The configuration path 'beef.http.public_port' is deprecated.
+        # Use the new format for public_port variables as described in the BeEF project documentation.
+        # Refer to the BeEF configuration guide for the web server configuration details:
+        # https://github.com/beefproject/beef/wiki/Configuration#web-server-configuration
        if @config['beef']['http']['public_port']
-          print_error 'Config path beef.http.public_port is deprecated.'
-          print_error 'Please use the new format for public variables found'
-          print_error 'https://github.com/beefproject/beef/wiki/Configuration#web-server-configuration'
          return
        end

@@ -154,7 +155,7 @@ module BeEF
        "#{beef_proto}://#{beef_host}:#{beef_port}"
      end

-      # Returns the hool path value stored in the config file
+      # Returns the hook path value stored in the config file
      #
      # @return [String] hook file path
      def hook_file_path
@@ -255,7 +256,7 @@ module BeEF
      #
      def load_modules_config
        set('beef.module', {})
-        # support nested sub-categories, like browser/hooked_domain/ajax_fingerprint
+        # support nested sub-categories, like browser/hooked_origin/ajax_fingerprint
        module_configs = File.join("#{$root_dir}/modules/**", 'config.yaml')
        Dir.glob(module_configs) do |cf|
          y = load(cf)
@@ -277,13 +278,15 @@ module BeEF

      private

+      # Note for developers:
+      # The configuration path 'beef.http.public' is deprecated.
+      # Use the new format for public variables as described in the BeEF project documentation.
+      # Refer to the BeEF configuration guide for the web server configuration details:
+      # https://github.com/beefproject/beef/wiki/Configuration#web-server-configuration
      def validate_public_config_variable?(config)
        return true if config['beef']['http']['public'].is_a?(Hash) ||
                       config['beef']['http']['public'].is_a?(NilClass)

-        print_error 'Config path beef.http.public is deprecated.'
-        print_error 'Please use the new format for public variables found'
-        print_error 'https://github.com/beefproject/beef/wiki/Configuration#web-server-configuration'
        false
      end
    end
--- a/core/main/console/banners.rb
+++ b/core/main/console/banners.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
@@ -32,7 +32,7 @@ module BeEF
            print_info "Browser Exploitation Framework (BeEF) #{version}"
            data = "Twit: @beefproject\n"
            data += "Site: https://beefproject.com\n"
-            data += "Blog: http://blog.beefproject.com\n"
+            # data += "Blog: http://blog.beefproject.com\n"
            data += "Wiki: https://github.com/beefproject/beef/wiki\n"
            print_more data
            print_info 'Project Creator: ' + 'Wade Alcorn'.red + ' (@WadeAlcorn)'
@@ -134,6 +134,29 @@ module BeEF
              print_info "Starting WebSocketSecure server on wss://[#{config.beef_host}:#{config.get('beef.http.websocket.secure_port').to_i} [timer: #{ws_poll_timeout}]"
            end
          end
+
+          # Print WebSocket servers
+          #
+          def print_http_proxy
+            config = BeEF::Core::Configuration.instance
+            print_info "HTTP Proxy: http://#{config.get('beef.extension.proxy.address')}:#{config.get('beef.extension.proxy.port')}"
+          end
+
+          def print_dns
+            address = nil
+            port = nil
+            protocol = nil
+
+            # TODO: fix the following reference - extensions/dns/api.rb
+            # servers, interfaces, address, port, protocol, upstream_servers = get_dns_config # get the DNS configuration
+
+            # Print the DNS server information
+            unless address.nil? || port.nil? || protocol.nil?
+              print_info "DNS Server: #{address}:#{port} (#{protocol})"
+              print_more upstream_servers unless upstream_servers.empty?
+            end
+          end
+
        end
      end
    end
--- a/core/main/console/commandline.rb
+++ b/core/main/console/commandline.rb
@@ -1,8 +1,10 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
+require 'optparse'
+
 module BeEF
  module Core
    module Console
@@ -17,7 +19,6 @@ module BeEF
        @options[:ext_config] = ''
        @options[:port] = ''
        @options[:ws_port] = ''
-        @options[:interactive] = false
        @options[:update_disabled] = false
        @options[:update_auto] = false

@@ -39,7 +40,7 @@ module BeEF
              @options[:verbose] = true
            end

-            opts.on('-a', '--ascii_art', 'Prints BeEF ascii art') do
+            opts.on('-a', '--ascii-art', 'Prints BeEF ascii art') do
              @options[:ascii_art] = true
            end

@@ -55,17 +56,19 @@ module BeEF
              @options[:ws_port] = ws_port
            end

-            opts.on('-ud', '--update_disabled', 'Skips update') do
+            opts.on('-d', '--update-disabled', 'Skips update') do
              @options[:update_disabled] = true
            end

-            opts.on('-ua', '--update_auto', 'Automatic update with no prompt') do
+            opts.on('-u', '--update-auto', 'Automatic update with no prompt') do
              @options[:update_auto] = true
            end

-            # opts.on('-i', '--interactive', 'Starts with the Console Shell activated') do
-            #  @options[:interactive] = true
-            # end
+            opts.on('-h', '--help', 'Show this help') do
+              puts opts
+              exit 0
+            end
+
          end

          optparse.parse!
--- a/core/main/constants/browsers.rb
+++ b/core/main/constants/browsers.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

--- a/core/main/constants/commandmodule.rb
+++ b/core/main/constants/commandmodule.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

--- a/core/main/constants/hardware.rb
+++ b/core/main/constants/hardware.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

--- a/core/main/constants/os.rb
+++ b/core/main/constants/os.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

--- a/core/main/crypto.rb
+++ b/core/main/crypto.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 require 'securerandom'
--- a/core/main/geoip.rb
+++ b/core/main/geoip.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

@@ -18,7 +18,7 @@ module BeEF
        geoip_file = @config.get('beef.geoip.database')

        unless File.exist? geoip_file
-          print_error "[GeoIP] Could not find MaxMind GeoIP database: '#{geoip_file}'"
+          BeEF::Core::Logger.instance.register('System', "[GeoIP] Could not find MaxMind GeoIP database: '#{geoip_file}'")
          @enabled = false
          return
        end
--- a/core/main/handlers/browserdetails.rb
+++ b/core/main/handlers/browserdetails.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
@@ -44,7 +44,7 @@ module BeEF

          # hooked window host name
          log_zombie_port = 0
-          if !@data['results']['browser.window.hostname'].nil?
+          if !@data['results']['browser.window.hostname'].nil? && BeEF::Filters.is_valid_hostname?(@data['results']['browser.window.hostname'])
            log_zombie_domain = @data['results']['browser.window.hostname']
          elsif !@data['request'].referer.nil? and !@data['request'].referer.empty?
            referer = @data['request'].referer
@@ -59,7 +59,7 @@ module BeEF
          end

          # hooked window host port
-          if @data['results']['browser.window.hostport'].nil?
+          if @data['results']['browser.window.hostport'].nil? || !BeEF::Filters.is_valid_port?(@data['results']['browser.window.hostport'].to_s)
            log_zombie_domain_parts = log_zombie_domain.split(':')
            log_zombie_port = log_zombie_domain_parts[1].to_i if log_zombie_domain_parts.length > 1
          else
@@ -92,6 +92,7 @@ module BeEF
            BD.set(session_id, 'browser.name.friendly', browser_friendly_name)
          else
            err_msg "Invalid browser name returned from the hook browser's initial connection."
+            browser_name = 'Unknown'
          end

          if BeEF::Filters.is_valid_ip?(zombie.ip)
@@ -242,11 +243,17 @@ module BeEF
            X_FORWARDED
            X_FORWARDED_FOR
          ].each do |header|
-            proxy_clients << (JSON.parse(zombie.httpheaders)[header]).to_s unless JSON.parse(zombie.httpheaders)[header].nil?
+            val = JSON.parse(zombie.httpheaders)[header]
+            unless val.nil?
+              val.to_s.split(',').each do |ip|
+                proxy_clients << ip.strip if BeEF::Filters.is_valid_ip?(ip.strip)
+              end
+            end
          end

          # retrieve proxy server
          proxy_server = JSON.parse(zombie.httpheaders)['VIA'] unless JSON.parse(zombie.httpheaders)['VIA'].nil?
+          proxy_server = nil unless proxy_server.nil? || BeEF::Filters.has_valid_browser_details_chars?(proxy_server)

          # store and log proxy details
          if using_proxy == true
@@ -273,6 +280,7 @@ module BeEF
            BD.set(session_id, 'browser.version', browser_version)
          else
            err_msg "Invalid browser version returned from the hook browser's initial connection."
+            browser_version = 'Unknown'
          end

          # get and store browser string
@@ -293,7 +301,11 @@ module BeEF

          # get and store browser language
          browser_lang = get_param(@data['results'], 'browser.language')
-          BD.set(session_id, 'browser.language', browser_lang)
+          if BeEF::Filters.has_valid_browser_details_chars?(browser_lang)
+            BD.set(session_id, 'browser.language', browser_lang)
+          else
+            err_msg "Invalid browser language returned from the hook browser's initial connection."
+          end

          # get and store the cookies
          cookies = get_param(@data['results'], 'browser.window.cookies')
@@ -309,6 +321,7 @@ module BeEF
            BD.set(session_id, 'host.os.name', os_name)
          else
            err_msg "Invalid operating system name returned from the hook browser's initial connection."
+            os_name = 'Unknown'
          end

          # get and store the OS family
@@ -322,15 +335,28 @@ module BeEF
          # get and store the OS version
          # - without checks as it can be very different, for instance on linux/bsd)
          os_version = get_param(@data['results'], 'host.os.version')
-          BD.set(session_id, 'host.os.version', os_version)
+          if BeEF::Filters.has_valid_browser_details_chars?(os_version)
+            BD.set(session_id, 'host.os.version', os_version)
+          else
+            err_msg "Invalid operating system version returned from the hook browser's initial connection."
+            os_version = 'Unknown'
+          end

-          # get and store the OS arch - without checks
+          # get and store the OS arch
          os_arch = get_param(@data['results'], 'host.os.arch')
-          BD.set(session_id, 'host.os.arch', os_arch)
+          if BeEF::Filters.has_valid_browser_details_chars?(os_arch)
+            BD.set(session_id, 'host.os.arch', os_arch)
+          else
+            err_msg "Invalid operating system architecture returned from the hook browser's initial connection."
+          end

          # get and store default browser
          default_browser = get_param(@data['results'], 'host.software.defaultbrowser')
-          BD.set(session_id, 'host.software.defaultbrowser', default_browser)
+          if BeEF::Filters.has_valid_browser_details_chars?(default_browser)
+            BD.set(session_id, 'host.software.defaultbrowser', default_browser)
+          else
+            err_msg "Invalid default browser returned from the hook browser's initial connection."
+          end

          # get and store the hardware type
          hw_type = get_param(@data['results'], 'hardware.type')
@@ -400,6 +426,8 @@ module BeEF
          browser_plugins = get_param(@data['results'], 'browser.plugins')
          if BeEF::Filters.is_valid_browser_plugins?(browser_plugins)
            BD.set(session_id, 'browser.plugins', browser_plugins)
+          elsif browser_plugins == "[]"
+            err_msg "No browser plugins detected."
          else
            err_msg "Invalid browser plugins returned from the hook browser's initial connection."
          end
@@ -547,7 +575,7 @@ module BeEF
          end

          # log a few info of newly hooked zombie in the console
-          print_info "New Hooked Browser [id:#{zombie.id}, ip:#{zombie.ip}, browser:#{browser_name}-#{browser_version}, os:#{os_name}-#{os_version}], hooked domain [#{log_zombie_domain}:#{log_zombie_port}]"
+          print_info "New Hooked Browser [id:#{zombie.id}, ip:#{zombie.ip}, browser:#{browser_name}-#{browser_version}, os:#{os_name}-#{os_version}], hooked origin [#{log_zombie_domain}:#{log_zombie_port}]"

          # add localhost as network host
          if config.get('beef.extension.network.enable')
--- a/core/main/handlers/commands.rb
+++ b/core/main/handlers/commands.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
--- a/core/main/handlers/hookedbrowsers.rb
+++ b/core/main/handlers/hookedbrowsers.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
@@ -71,7 +71,12 @@ module BeEF

          # @note get zombie if already hooked the framework
          hook_session_name = config.get('beef.http.hook_session_name')
-          hook_session_id = request[hook_session_name]
+          hook_session_id =
+            if request.respond_to?(:[])
+              request[hook_session_name]
+            else
+              request.params[hook_session_name] || request.env[hook_session_name]
+            end
          begin
            raise ActiveRecord::RecordNotFound if hook_session_id.nil?

--- a/core/main/handlers/modules/beefjs.rb
+++ b/core/main/handlers/modules/beefjs.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
@@ -19,7 +19,7 @@ module BeEF
            beef_js_path = "#{$root_dir}/core/main/client/"

            # @note External libraries (like jQuery) that are not evaluated with Eruby and possibly not obfuscated
-            ext_js_sub_files = %w[lib/jquery-1.12.4.min.js lib/jquery-migrate-1.4.1.js lib/evercookie.js lib/json2.js lib/mdetect.js lib/platform.js lib/jquery.blockUI.js]
+            ext_js_sub_files = %w[lib/jquery-1.12.4.min.js lib/jquery-migrate-1.4.1.js lib/evercookie.js lib/json2.js lib/mdetect.js lib/platform.js lib/jquery.blockUI.js lib/bowser-2.11.0.min.js]

            # @note BeEF libraries: need Eruby evaluation and obfuscation
            beef_js_sub_files = %w[beef.js browser.js browser/cookie.js browser/popup.js session.js os.js hardware.js dom.js logger.js net.js updater.js encode/base64.js
--- a/core/main/handlers/modules/command.rb
+++ b/core/main/handlers/modules/command.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
@@ -72,8 +72,8 @@ module BeEF
            if config.get('beef.http.websocket.enable') && ws.getsocket(hooked_browser.session)
              # content = command_module.output.gsub('//
              # //
-              # //   Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-              # //   Browser Exploitation Framework (BeEF) - http://beefproject.com
+              # //   Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+              # //   Browser Exploitation Framework (BeEF) - https://beefproject.com
              # //   See the file 'doc/COPYING' for copying permission
              # //
              # //', "")
--- a/core/main/handlers/modules/legacybeefjs.rb
+++ b/core/main/handlers/modules/legacybeefjs.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
@@ -19,7 +19,7 @@ module BeEF
            beef_js_path = "#{$root_dir}/core/main/client/"

            # @note External libraries (like jQuery) that are not evaluated with Eruby and possibly not obfuscated
-            ext_js_sub_files = %w[lib/jquery-1.12.4.min.js lib/jquery-migrate-1.4.1.js lib/evercookie.js lib/json2.js lib/mdetect.js lib/platform.js lib/jquery.blockUI.js]
+            ext_js_sub_files = %w[lib/jquery-1.12.4.min.js lib/jquery-migrate-1.4.1.js lib/evercookie.js lib/json2.js lib/mdetect.js lib/platform.js lib/jquery.blockUI.js lib/bowser-2.11.0.min.js]

            # @note BeEF libraries: need Eruby evaluation and obfuscation
            beef_js_sub_files = %w[beef.js browser.js browser/cookie.js browser/popup.js session.js os.js hardware.js dom.js logger.js net.js updater.js encode/base64.js
--- a/core/main/handlers/modules/multistagebeefjs.rb
+++ b/core/main/handlers/modules/multistagebeefjs.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
@@ -19,7 +19,7 @@ module BeEF
            beef_js_path = "#{$root_dir}/core/main/client/"

            # @note External libraries (like jQuery) that are not evaluated with Eruby and possibly not obfuscated
-            ext_js_sub_files = %w[lib/jquery-1.12.4.min.js lib/jquery-migrate-1.4.1.js lib/evercookie.js lib/json2.js lib/mdetect.js lib/platform.js lib/jquery.blockUI.js]
+            ext_js_sub_files = %w[lib/jquery-1.12.4.min.js lib/jquery-migrate-1.4.1.js lib/evercookie.js lib/json2.js lib/mdetect.js lib/platform.js lib/jquery.blockUI.js lib/bowser-2.11.0.min.js]

            # @note BeEF libraries: need Eruby evaluation and obfuscation
            beef_js_sub_files = %w[beef.js browser.js browser/cookie.js browser/popup.js session.js os.js hardware.js dom.js logger.js net.js updater.js encode/base64.js
--- a/core/main/logger.rb
+++ b/core/main/logger.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

--- a/core/main/migration.rb
+++ b/core/main/migration.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

--- a/core/main/model.rb
+++ b/core/main/model.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

--- a/core/main/models/browserdetails.rb
+++ b/core/main/models/browserdetails.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
--- a/core/main/models/command.rb
+++ b/core/main/models/command.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

--- a/core/main/models/commandmodule.rb
+++ b/core/main/models/commandmodule.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
--- a/core/main/models/execution.rb
+++ b/core/main/models/execution.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

--- a/core/main/models/hookedbrowser.rb
+++ b/core/main/models/hookedbrowser.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
--- a/core/main/models/legacybrowseruseragents.rb
+++ b/core/main/models/legacybrowseruseragents.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
--- a/core/main/models/log.rb
+++ b/core/main/models/log.rb
@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
--- a/Show More
+++ b/Show More
@@ -1 +1 @@
 .0.3
 .4.7