Updated config.yaml to remove "" form public

* fixed offline zombie not deleting

* Bump jsdoc-to-markdown from 6.0.1 to 7.0.1 (#2161)

Bumps [jsdoc-to-markdown](https://github.com/jsdoc2md/jsdoc-to-markdown) from 6.0.1 to 7.0.1.
- [Release notes](https://github.com/jsdoc2md/jsdoc-to-markdown/releases)
- [Commits](https://github.com/jsdoc2md/jsdoc-to-markdown/compare/v6.0.1...v7.0.1)

---
updated-dependencies:
- dependency-name: jsdoc-to-markdown
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bug: Core - 1785 Fixed public hook url configuration settings (#2163)

* added spec file for testing changes

* added local host getter to configuration class

* added default value 0.0.0.0 for local host if it's not set

* added port config getter with default

* added port config getter with default

* fixed spelling errors for port

* added public configuration values and validation

* removed logic from public port as it was not required

* added beef host to configuration class

* added beef port to configuration class and removed default http.port logic from public_port

* fixed rubocop errors and refactored spec tests

* added beef host configuration values used for external resources

* added beef url to configuration

* added spec file for testing changes

* added local host getter to configuration class

* added default value 0.0.0.0 for local host if it's not set

* added port config getter with default

* added port config getter with default

* fixed spelling errors for port

* added public configuration values and validation

* removed logic from public port as it was not required

* added beef host to configuration class

* added beef port to configuration class and removed default http.port logic from public_port

* fixed rubocop errors and refactored spec tests

* added beef host configuration values used for external resources

* added beef url to configuration

* created command spec file

* add before statement to load all enabled modules to test command class

* add spec to check if configuration instance exists by setting and accessing a config variable

* updated http proto for beef host

* reverting changes on this file, dev values set

* removed some unessessary checks

* fixed grammar test now we're only testing one configuration attribute

* added hook url for contextual usage

* refactoring admin_ui with new code usage

* fixed issue with the location of the beef.http.https.public_enabled

* refactored powershell module and extension

* adding the new config setting for public https beign enabled

* refactor qrcode extension

* replace video fake plugin refactor

* social engineering refactoring

* phonegap module refactoring

* exploit refactoing

* network module refactoing

* ipec module refactoring

* host module refactoring

* debug refactoring

* browser refactoring

* social engineering extension refactoring

* core main server refactoring

* core main console banner refactoring

* removing dev test

* fixed area with location of http.https.enabled

* changed the hook url definition to return the hook file path

* updated banners to use new configuration getters

* updated extensions and modules with the hook url change

* added new public.host configuration settings and validations for depicated usage of public

* updated to use public.port configuration

* added validation for old configuration public_port

* updated to use public https configuration setting

* updated config with new settings format

* fixed get to point to new locations

* fixed pointer to hook_file_path

* Update extensions/social_engineering/web_cloner/web_cloner.rb

Co-authored-by: bcoles <bcoles@gmail.com>

* updated enabled to enable

* making sure default configuration file does not have preset values

Co-authored-by: bcoles <bcoles@gmail.com>

* bumped versions to 0.5.2.0

* Usability: #2145. Added user input request for beef update within 'beef' install script (#2162)

* added user input request for beef update

* swaped git pull from system to backticks

* flags added for auto update and timout to input

* updated install.txt to reference the update-beef script (#2160)

Co-authored-by: wheatley <wheatand@gmail.com>
Co-authored-by: Isaac Powell <36595182+DeezyE@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: bcoles <bcoles@gmail.com>

.bundle/config

@@ -0,0 +1,2 @@
+---
+BUNDLE_WITHOUT: "development:test"

.github/CONTRIBUTING.md

@@ -0,0 +1,84 @@
+# Contributing
+### Anyone is welcome to make BeEF better!
+Thank you for wanting to contribute to BeEF. It's effort like yours that helps make BeEF such a great tool.
+
+Following these guidelines shows that you respect the time of the developers developing this open source project and helps them help you. In response to this, they should return that respect in addressing your issue, assisting with changes, and helping you finalize your pull requests.
+
+###  We want any form of helpful contributions!
+
+
+BeEF is an open source project and we love to receive contributions from the community! There are many ways to contribute, from writing tutorials or blog posts, improving or translating the documentation, answering questions on the project, submitting bug reports and feature requests or writing or reviewing code which can be merged into BeEF itself.
+
+# Ground Rules
+
+###  Responsibilities
+> * When making an issue, ensure the issue template is filled out, failure to do so can and will result in a closed ticket and a delay in support.
+> * We now have a two-week of unresponsiveness period before closing a ticket, if this happens, just comment responding to the issue which will re-open the ticket. Ensure to make sure all information requested is provided.
+> * Ensure cross-platform compatibility for every change that's accepted. Mac and Linux are currently supported.
+> * Create issues for any major changes and enhancements that you wish to make. Discuss things transparently and get community feedback.
+> * Ensure language is as respectful and appropriate as possible. 
+> * Keep merges as straightforward as possible, only address one issue per commit where possible.
+> * Be welcoming to newcomers and try to assist where possible, everyone needs help. 
+
+# Where to start
+### Looking to make your first contribution 
+
+ Unsure where to begin contributing to BeEF? You can start by looking through these issues:
+
+ * Good First Issue - issues which should only require a few changes, and are good to start with.
+ * Question - issues which are a question and need a response. A good way to learn more about BeEF is to try to solve a problem.
+
+At this point, you're ready to make your changes! Feel free to ask for help; everyone is a beginner at first.
+
+If a maintainer asks you to "rebase" your PR, they're saying that code has changed, and that you need to update your branch so it's easier to merge.
+
+### Ruby best practise 
+Do read through: https://rubystyle.guide
+Try and follow through with the practices throughout, even going through it once will help keep the codebase consistent.
+Use Rubocop to help ensure that the changes adhere to current standards, we are currently catching up old codebase to match.
+Just run the following in the /beef directory.
+> rubocop
+
+# Getting started
+
+### How to submit a contribution.
+
+1. Create your own fork of the code
+
+2. Checkout the master branch
+> git checkout master
+
+3. Create a new branch for your feature
+> git checkout -b my-cool-new-feature
+
+4. Add your new files
+> git add modules/my-cool-new-module
+
+5. Modify or write a test case/s in Rspec for your changes
+
+6. Commit your changes with a relevant message
+> git commit
+
+7. Push your changes to GitHub
+> git push origin my-cool-new-feature
+
+8. Run all tests again to make sure they all pass
+
+9. Edit existing wiki page / add a new one explaining the new features, including:
+	- sample usage (command snippets, steps and/or screenshots)
+	- internal working (code snippets & explanation)
+
+10. Now browse to the following URL and create your pull request from your fork to beef master
+    - Fill out the Pull Request Template
+    - https://github.com/beefproject/beef/pulls
+
+
+# How to report a bug
+If you find a security vulnerability, do NOT open an issue. Email security@beefproject.com instead.
+
+When the security team receives a security bug email, they will assign it to a primary handler.
+This person will coordinate the fix and release process, involving the following steps:
+
+* Confirm the problem and find the affected versions.
+* Audit code to find any potential similar problems.
+* Prepare fixes

.github/ISSUE_TEMPLATE.md

@@ -1,49 +1,66 @@
+# Submit Issue
+
 Verify first that your issue/request has not been posted previously:
 
 * https://github.com/beefproject/beef/issues
 * https://github.com/beefproject/beef/wiki/FAQ
 
-Ensure you're using the [latest version of BeEF](https://github.com/beefproject/beef/releases/tag/beef-0.4.7.2).
+Ensure you're using the [latest version of BeEF](https://github.com/beefproject/beef/releases/tag/v0.5.2.0).
+
+Please do your best to provide as much information as possible. It will help substantially if you can enable and provide debugging logs with your issue. Instructions for enabling debugging logs are below:
+
+1. In the `config.yaml` file of your BeEF root folder set debug and client_debug (lines 11 & 13 respectively) to `true`
+   * If using a standard installation of `beef-xss` the root folder will typically be `/usr/share/beef-xss`
+2. Reproduce your error
+3. Retrieve your client-side logs from your browser's developer console (Ctrl + Shift + I)
+4. Retrieve your server-side logs from `~/.beef/beef.log`
+5. **If using `beef-xss`:** Retrieve your service logs using `journalctl -u beef-xss`
+
+Thank you, this will greatly aid us in identifying the root cause of your issue :)
+
+**If we request additional information and we don't hear back from you within a week, we will be closing the ticket off.**
+Feel free to open it back up if you continue to have issues. 
+
+## Summary
+
+**Q:** Please provide a brief summary of the issue that you experienced.
+**A:**
+
+## Environment
+
+*Please identify the environment in which your issue occurred.*
+
+1. **BeEF Version:**
+
+2. **Ruby Version:**
+
+3. **Browser Details (e.g. Chrome v81.0):**
+
+4. **Operating System (e.g. OSX Catalina):**
 
 
-#### Environment
+## Configuration
 
-What version/revision of BeEF are you using?
+**Q:** Have you made any changes to your BeEF configuration? 
+**A:**
 
-On what version of Ruby?
+**Q:** Have you enabled or disabled any BeEF extensions?
+**A:**
 
-On what browser?
+## Expected vs. Actual Behaviour
 
-On what operating system?
+**Expected Behaviour:** 
+<br />
+**Actual Behaviour:**
+<br />
+
+## Steps to Reproduce
+
+*Please provide steps to reproduce this issue.*
+
+1.
 
 
-#### Configuration
+## Additional Information
 
-Are you using a non-default configuration?
-
-Have you enabled or disabled any BeEF extensions?
-
-
-#### Summary
-
-Please provide a summary of the issue.
-
-
-#### Expected Behaviour
-
-What was the expected result?
-
-
-#### Actual Behaviour
-
-What was the actual result?
-
-
-#### Steps to Reproduce
-
-Please provide steps to reproduce this issue.
-
-
-#### Additional Information
-
-Please provide any additional information which may be useful in resolving this issue, such as debugging output and relevant screen shots. Debug output can be enabled by specifying `debug: true` in the `config.yaml` configuration file.
+Please provide any additional information which may be useful in resolving this issue, such as debugging output and relevant screen shots. Debug output can be retrieved by following the instructions towards the top of the issue template.

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,20 @@
+# Pull Request
+
+Thanks for submitting a PR! Please fill in this template where appropriate:
+
+## Category
+*e.g. Bug, Module, Extension, Core Functionality, Documentation, Tests*
+
+## Feature/Issue Description
+**Q:** Please give a brief summary of your feature/fix
+**A:**
+
+**Q:** Give a technical rundown of what you have changed (if applicable)
+**A:**
+
+## Test Cases
+**Q:** Describe your test cases, what you have covered and if there are any use cases that still need addressing.
+**A:**
+
+## Wiki Page
+*If you are adding a new feature that is not easily understood without context, please draft a section to be added to the Wiki below.*

.github/SECURITY.md

@@ -0,0 +1,9 @@
+send security bug reports to security@beefproject.com
+
+**A security report should include:**
+
+1. Description of the problem (what it is, what's the impact)
+
+2. Technical steps to replicate it (commands / screenshots)
+
+3. Actionable fix/recommendations to mitigate the issue

.github/dependabot.yml

@@ -0,0 +1,25 @@
+version: 2
+updates:
+- package-ecosystem: npm
+  directory: "/"
+  schedule:
+    interval: daily
+  open-pull-requests-limit: 10
+  ignore:
+  - dependency-name: jsdoc-to-markdown
+    versions:
+    - 7.0.0
+- package-ecosystem: bundler
+  directory: "/"
+  schedule:
+    interval: daily
+  open-pull-requests-limit: 10
+  ignore:
+  - dependency-name: rubocop
+    versions:
+    - 1.10.0
+    - 1.11.0
+    - 1.12.0
+    - 1.12.1
+    - 1.9.0
+    - 1.9.1

.gitignore

@@ -16,6 +16,15 @@ extensions/metasploit/msf-exploits.cache
 # ruby debugging
 .byebug_history
 
+# Bundler
+/.bundle
+/vendor
+
+#simplecov
+coverage/
+
+# BrowserStack
+local.log
 
 # The following lines were created by https://www.gitignore.io
 
@@ -110,3 +119,11 @@ $RECYCLE.BIN/
 
 test/thirdparty/msf/unit/.byebug_history
 /load
+
+### JSDoc ###
+# Dependency directories
+node_modules/
+
+# Generated files
+out/
+doc/rdoc/

.rubocop.yml

@@ -4,21 +4,75 @@ AllCops:
     - 'tmp/**/*'
     - 'tools/**/*'
     - 'doc/**/*'
-  TargetRubyVersion: 2.4
+  TargetRubyVersion: 2.6
+
+Layout/LineLength:
+  Enabled: true
+  Max: 180
 
 Metrics/AbcSize:
   Enabled: false
+
 Metrics/BlockLength:
   Enabled: false
+
 Metrics/ClassLength:
   Enabled: false
-Metrics/LineLength:
-  Enabled: false
+
 Metrics/MethodLength:
   Enabled: false
+
 Metrics/PerceivedComplexity:
   Enabled: false
+
 Metrics/CyclomaticComplexity:
   Enabled: false
+
 Style/FrozenStringLiteralComment:
   Enabled: false
+
+# TODO: review these
+Layout/SpaceBeforeBrackets:
+  Enabled: false
+Lint/AmbiguousAssignment:
+  Enabled: false
+Lint/DeprecatedConstants:
+  Enabled: false
+Lint/DuplicateBranch:
+  Enabled: false
+Lint/DuplicateRegexpCharacterClassElement:
+  Enabled: false
+Lint/EmptyBlock:
+  Enabled: false
+Lint/EmptyClass:
+  Enabled: false
+Lint/LambdaWithoutLiteralBlock:
+  Enabled: false
+Lint/NoReturnInBeginEndBlocks:
+  Enabled: false
+Lint/RedundantDirGlobSort:
+  Enabled: false
+Lint/ToEnumArguments:
+  Enabled: false
+Lint/UnexpectedBlockArity:
+  Enabled: false
+Lint/UnmodifiedReduceAccumulator:
+  Enabled: false
+Style/ArgumentsForwarding:
+  Enabled: false
+Style/CollectionCompact:
+  Enabled: false
+Style/DocumentDynamicEvalDefinition:
+  Enabled: false
+Style/EndlessMethod:
+  Enabled: false
+Style/HashExcept:
+  Enabled: false
+Style/NegatedIfElseCondition:
+  Enabled: false
+Style/NilLambda:
+  Enabled: false
+Style/RedundantArgument:
+  Enabled: false
+Style/SwapValues:
+  Enabled: false

.ruby-version

@@ -1 +1 @@
-2.5.3
+2.7.2

.travis.yml

@@ -1,22 +1,99 @@
 language: ruby
 rvm:
-  - 2.4.0
-  - 2.5.3
-  - 2.6.0
+- 2.5.3
+- 2.6.0
+- 2.6.3
+- 2.6.5
+- 2.7.0
 notifications:
   email:
     recipients:
       - wade@bindshell.net
-    on_success: always
-    on_failure: always
+  on_success: always
+  on_failure: always
+branches:
+  only:
+  - master
+  - browserstack
+before_script:
+  - RUBY_VERSION=/bin/bash rvm current
+  - sed -i -E 's/system\((.*?)\)/""/g' /home/travis/.rvm/gems/$RUBY_VERSION/gems/browserstack-local-1.3.0/lib/browserstack/local.rb
+env:
+  - CONFIG_FILE=osx/catalina/catalina_chrome_41.config.yml
+  - CONFIG_FILE=osx/catalina/catalina_chrome_59.config.yml
+  - CONFIG_FILE=osx/catalina/catalina_chrome_81.config.yml
+  - CONFIG_FILE=osx/catalina/catalina_firefox_11.config.yml
+  - CONFIG_FILE=osx/catalina/catalina_firefox_68esr.config.yml
+  - CONFIG_FILE=osx/catalina/catalina_firefox_75.config.yml
+  - CONFIG_FILE=osx/catalina/catalina_safari_13.config.yml
+  - CONFIG_FILE=osx/elcapitan/elcapitan_chrome_14.config.yml
+  - CONFIG_FILE=osx/elcapitan/elcapitan_chrome_81.config.yml
+  - CONFIG_FILE=osx/elcapitan/elcapitan_firefox_7.config.yml
+  - CONFIG_FILE=osx/elcapitan/elcapitan_firefox_75.config.yml
+  - CONFIG_FILE=osx/elcapitan/elcapitan_safari_9-1.config.yml
+  - CONFIG_FILE=osx/snowleopard/snowleopard_chrome_14.config.yml
+  - CONFIG_FILE=osx/snowleopard/snowleopard_chrome_35.config.yml
+  - CONFIG_FILE=osx/snowleopard/snowleopard_chrome_49.config.yml
+  - CONFIG_FILE=osx/snowleopard/snowleopard_firefox_7.config.yml
+  - CONFIG_FILE=osx/snowleopard/snowleopard_firefox_38esr.config.yml
+  - CONFIG_FILE=osx/snowleopard/snowleopard_firefox_42.config.yml
+  - CONFIG_FILE=osx/snowleopard/snowleopard_safari_5-1.config.yml
+  - CONFIG_FILE=windows/win10/win10_chrome_37.config.yml
+  - CONFIG_FILE=windows/win10/win10_chrome_59.config.yml
+  - CONFIG_FILE=windows/win10/win10_firefox_32.config.yml
+  - CONFIG_FILE=windows/win10/win10_firefox_68esr.config.yml
+  - CONFIG_FILE=windows/win10/win10_firefox_75.config.yml
+  - CONFIG_FILE=windows/win10/win10_edge_81.config.yml
+  - CONFIG_FILE=windows/win10/win10_ie_11.config.yml
+  - CONFIG_FILE=windows/win8/win8_chrome_22.config.yml
+  - CONFIG_FILE=windows/win8/win8_chrome_81.config.yml
+  - CONFIG_FILE=windows/win8/win8_firefox_32.config.yml
+  - CONFIG_FILE=windows/win8/win8_firefox_75.config.yml
+  - CONFIG_FILE=windows/win8/win8_edge_81.config.yml
+  - CONFIG_FILE=windows/win8/win8_ie_10.config.yml
+  - CONFIG_FILE=windows/xp/xp_chrome_14.config.yml
+  - CONFIG_FILE=windows/xp/xp_chrome_28.config.yml
+  - CONFIG_FILE=windows/xp/xp_chrome_43.config.yml
+  - CONFIG_FILE=windows/xp/xp_firefox_16.config.yml
+  - CONFIG_FILE=windows/xp/xp_firefox_26.config.yml
+  - CONFIG_FILE=windows/xp/xp_firefox_45.config.yml
+  - CONFIG_FILE=windows/xp/xp_ie_7.config.yml
+jobs:
+  include:
+    - name: "Full Test Suite 2.5.3"
+      rvm: 2.5.3
+      env: CONFIG_FILE=windows/win10/win10_chrome_81.config.yml
+      script: bundle exec rspec
+    - name: "Full Test Suite 2.6.0"
+      rvm: 2.6.0
+      env: CONFIG_FILE=windows/win10/win10_chrome_81.config.yml
+      script: bundle exec rspec
+    - name: "Full Test Suite 2.6.3"
+      rvm: 2.6.3
+      env: CONFIG_FILE=windows/win10/win10_chrome_81.config.yml
+      script: bundle exec rspec
+    - name: "Full Test Suite 2.6.5"
+      rvm: 2.6.5
+      env: CONFIG_FILE=windows/win10/win10_chrome_81.config.yml
+      script: bundle exec rspec
+    - name: "Full Test Suite 2.7.0"
+      rvm: 2.7.0
+      env: CONFIG_FILE=windows/win10/win10_chrome_81.config.yml
+      script: bundle exec rspec
+script:
+  - bundle exec rspec --tag run_on_browserstack
 addons:
   apt:
     packages:
-      - libsqlite3-dev
-      - build-essential
-      - patch
-      - ruby-dev
-      - zlib1g-dev
-      - liblzma-dev
-      - libcurl4-openssl-dev
-
+    - libsqlite3-dev
+    - build-essential
+    - patch
+    - ruby-dev
+    - zlib1g-dev
+    - liblzma-dev
+    - libcurl4-openssl-dev
+  browserstack:
+    username:
+      secure: "Yj+a2jY56dFqJwXdU6JdSXeKhhS01CiToBoB922SXVnA2D2WclGOFiTi0YrkAS9PuOJX5AjC9eUw7VFUcp8DiLmeDGLWo8klYrWQoJOH55FmSWKjdkqDopJFYr0ZXk/ZuXzzpuMvKkCT5MGFnySXyheTW8aUj33GetJ6/sNq5BoA36jH04OE3iPgdBaFPRNDVXEIWLaLUDQsAyZsHNNYC+/cj3cxjXLHu+mbNuXsXEHgrHJ2A94EWdrdGODWL8mRtlSDNkIaYHZKCBnUlHWwCwBitLsjhzdy0YFrIGVbX96FV+C41sjPWLFjZhjAaNDuJ3FoTplbzFNvrw5oxQAAI8ZZqUwF4MRIrQbN8BLFVISX7JooQjfyrNVWvhpZWGPB4GZTN4CThrlQ7G7CJRYDVyqZ7nen6y0+osBr9DRKN+EemlVG73aNP3mXaZr6BmS1BpQJ6tlqDdLCvC5j/PdguKwvt4EmgHA8Pzn20UElV+8BPblcYGjsWplk/cxW1adW0pu2vIxskKxDKJ/ReY3l5yUpiQPZHbuMidq2ffSX0B3yALe7vx+3AvMb2Fk9yWh52EVJXPkVlLvhP7wDd22MHCemvrC2nLhkVR4MglLWs7dZKHswExlKJdWK4OSXprOStjZSA47sjF2nPdztWTpdI77SKaBcoLGR5WOV+JtcQgk="
+    access_key:
+      secure: "KHlR8NHPnoF9U1CJKgUhS1YhPSeTILI2lIu+JilQ5Xeo7rcbWg9lT2xwQQNnLYrISG1vC6OzsbkcnC/3ZnAv7jYff4iUTc3Syszs5wIhhvnhBx4qCxM+/UD78TJNQ0AuY7NOIK6OXcmwbpZrOBUojZkooEkc8bpG56nb2v7dOIafFLV+tv9xcc5DtMSfh7FavhqRFRO+PCybqOW8yWMc2NiMYy3p9jKBC3qYRqme4hx1NRrLo5BZQ+UIcO3Rf+vAjUP+3gGuhWeu2kDCvZYDnI2GN1/WacRVY2cqDPGiYlD6pHNMqU0raYKyWdK0QD4KwYpfjxBGRmwBfz8xU8KWUEZ3P11mJn+BvIt0qe3VpomR0/60/fok1BEso3nea8oENXur5G/5SOfpkPLjzd4P4f7JYnST1PeeWwpzV305wktDv9aLc+Ne9cFCaxSaaCnOk82rKDhtnktwnK7krFj1lM6oygtOD+arAytPKaURRgV2izaoophiXuLFb+9XKSkMGtJ3e+rQATonnDPaFTzouKaXSEPxZQQ2bnsp9tETAReDrYIwPHuYL778UbbBICgNk54CZSfTeRFLroRGNPb/0gPXbu6SryPnknfCMNd7ksSndVoyKsDo1plTHQJGVweP2hxR3R/9syk9Z6DU6H5H3dc/RbkkmoRPVooUtR/mZ/c="

BeEF.postman_environment.json

@@ -0,0 +1,49 @@
+{
+	"id": "3b5f29e6-c8eb-4d23-bf52-c01255f22f08",
+	"name": "BeEF",
+	"values": [
+		{
+			"key": "hostname",
+			"value": "127.0.0.1",
+			"enabled": true
+		},
+		{
+			"key": "username",
+			"value": "beef",
+			"enabled": true
+		},
+		{
+			"key": "password",
+			"value": "beef",
+			"enabled": true
+		},
+		{
+			"key": "token",
+			"value": "",
+			"enabled": true
+		},
+		{
+			"key": "session",
+			"value": "",
+			"enabled": true
+		},
+		{
+			"key": "module_id",
+			"value": "",
+			"enabled": true
+		},
+		{
+			"key": "cmd_id",
+			"value": "",
+			"enabled": true
+		},
+		{
+			"key": "dnsrule_id",
+			"value": "",
+			"enabled": true
+		}
+	],
+	"_postman_variable_scope": "environment",
+	"_postman_exported_at": "2020-01-03T06:00:29.827Z",
+	"_postman_exported_using": "Postman/7.14.0"
+}

Dockerfile

@@ -0,0 +1,64 @@
+###########################################################################################################
+###########################################################################################################
+##                                                                                                       ##
+##   Please read the Wiki Installation section on set-up using Docker prior to building this container.  ##
+##   BeEF does NOT allow authentication with default credentials. So please, at the very least           ##
+##   change the username:password in the config.yaml file to something secure that is not beef:beef      ##
+##   before building or you will to denied access and have to rebuild anyway.                            ##
+##                                                                                                       ##
+###########################################################################################################
+###########################################################################################################
+
+# ---------------------------- Start of Builder 0 - Gemset Build ------------------------------------------
+FROM ruby:2.6.3-alpine AS builder
+LABEL maintainer="Beef Project: github.com/beefproject/beef"
+
+# Install gems in parallel with 4 workers to expedite build process.=
+ARG BUNDLER_ARGS="--jobs=4" 
+
+# Set gemrc config to install gems without Ruby Index (ri) and Ruby Documentation (rdoc) files
+RUN echo "gem: --no-ri --no-rdoc" > /etc/gemrc
+
+COPY . /beef
+
+# Add bundler/gem dependencies and then install 
+RUN apk add --no-cache git curl libcurl curl-dev ruby-dev libffi-dev make g++ gcc musl-dev zlib-dev sqlite-dev && \
+  bundle install --system --clean --no-cache --gemfile=/beef/Gemfile $BUNDLER_ARGS && \
+  # Temp fix for https://github.com/bundler/bundler/issues/6680
+  rm -rf /usr/local/bundle/cache
+
+WORKDIR /beef
+
+# So we don't need to run as root
+RUN chmod -R a+r /usr/local/bundle
+# ------------------------------------- End of Builder 0 -------------------------------------------------
+
+
+# ---------------------------- Start of Builder 1 - Final Build ------------------------------------------
+FROM ruby:2.6.3-alpine
+LABEL maintainer="Beef Project: github.com/beefproject/beef"
+
+# Create service account to run BeEF
+RUN adduser -h /beef -g beef -D beef
+
+COPY . /beef
+
+# Use gemset created by the builder above
+COPY --from=builder /usr/local/bundle /usr/local/bundle
+
+# Grant beef service account owner and groups rights over our BeEF working directory.
+RUN chown -R beef:beef /beef
+
+# Install BeEF's runtime dependencies
+RUN apk add --no-cache curl git build-base openssl readline-dev zlib zlib-dev libressl-dev yaml-dev sqlite-dev sqlite libxml2-dev libxslt-dev autoconf libc6-compat ncurses5 automake libtool bison nodejs
+
+WORKDIR /beef
+
+# Ensure we are using our service account by default
+USER beef
+
+# Expose UI, Proxy, WebSocket server, and WebSocketSecure server
+EXPOSE 3000 6789 61985 61986
+
+ENTRYPOINT ["/beef/beef"]
+# ------------------------------------- End of Builder 1 -------------------------------------------------

Gemfile

@@ -1,18 +1,18 @@
 # BeEF's Gemfile
 
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
-
+#gem 'simplecov', require: false, group: :test
 gem 'eventmachine'
 gem 'thin'
-gem 'sinatra'
-gem 'rack'
-gem 'rack-protection'
+gem 'sinatra', '>= 2.0.2'
+gem 'rack', '>= 2.2.3'
+gem 'rack-protection', '>= 2.0.0'
 gem 'em-websocket' # WebSocket support
-gem 'uglifier'
+gem 'uglifier', '>= 2.7.2'
 gem 'mime-types'
 gem 'execjs'
 gem 'ansi'
@@ -20,11 +20,11 @@ gem 'term-ansicolor', :require => 'term/ansicolor'
 gem 'json'
 gem 'rubyzip', '>= 1.2.2'
 gem 'espeak-ruby', '>= 1.0.4' # Text-to-Voice
-gem 'nokogiri', '>= 1.10.4'
-gem 'rake'
-
-gem 'otr-activerecord'
+gem 'nokogiri', '>= 1.11.1'
+gem 'rake', '>= 12.3.3'
+gem 'otr-activerecord', '>= 1.4.2'
 gem 'sqlite3'
+gem 'rubocop', '~> 1.20.0', require: false
 
 # Geolocation support
 group :geoip do
@@ -52,7 +52,7 @@ end
 
 # DNS extension
 group :ext_dns do
-  gem 'rubydns', '~> 0.7.3'
+  gem 'async-dns'
 end
 
 # QRcode extension
@@ -65,7 +65,7 @@ group :test do
     gem 'test-unit'
     gem 'test-unit-full'
     gem 'rspec'
-	gem 'rdoc'
+    gem 'rdoc'
     # curb gem requires curl libraries
     # sudo apt-get install libcurl4-openssl-dev
     gem 'curb'
@@ -81,6 +81,13 @@ group :test do
     gem 'rest-client', '>= 2.0.1'
     gem 'irb'
     gem 'pry-byebug'
+    gem "websocket-client-simple", "~> 0.3.0"
+    gem "browserstack-local", "~> 1.3"
 end
 
 source 'https://rubygems.org'
+
+
+
+
+

INSTALL.txt

@@ -1,6 +1,6 @@
 ===============================================================================
    
-    Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+    Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
     Browser Exploitation Framework (BeEF) - http://beefproject.com
     See the file 'doc/COPYING' for copying permission
 
@@ -21,9 +21,9 @@ Or cloning the Git repository from Github:
 Prerequisites
 --------------
 
-BeEF requires Ruby 2.4+.
+BeEF requires Ruby 2.5+.
 
-If your operating system package manager does not support Ruby version 2.4,
+If your operating system package manager does not support Ruby version 2.5,
 you can add the brightbox ppa repository for the latest version of Ruby:
 
   $ sudo apt-add-repository -y ppa:brightbox/ruby-ng
@@ -67,5 +67,11 @@ it's best to regularly update BeEF to the latest version.
 
 If you're using BeEF from the GitHub repository, updating is as simple as:
 
-  $ git pull
+  $ ./update-beef
+
+Or pull the latest repo yourself and then update the gems with:
+  
+  $ git pull
+  
+  $ bundle
 

README.md

@@ -1,6 +1,6 @@
 ===============================================================================
 
-    Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+    Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
     Browser Exploitation Framework (BeEF) - http://beefproject.com
     See the file 'doc/COPYING' for copying permission
 
@@ -28,21 +28,18 @@ __Bugs:__ https://github.com/beefproject/beef/issues
 
 __Security Bugs:__ security@beefproject.com
 
-__IRC:__ ircs://irc.freenode.net/beefproject
-
-__Twitter:__ @beefproject
+__Twitter:__ [@beefproject](https://twitter.com/beefproject)
 
 
 Requirements
 ------------
 
 * Operating System: Mac OSX 10.5.0 or higher / modern Linux. Note: Windows is not supported.
-* [Ruby](http://ruby-lang.org): 2.4 or newer
+* [Ruby](http://ruby-lang.org): 2.5 or newer
 * [SQLite](http://sqlite.org): 3.x
-* [Node.js](https://nodejs.org): 6 or newer
+* [Node.js](https://nodejs.org): 10 or newer
 * The gems listed in the Gemfile: https://github.com/beefproject/beef/blob/master/Gemfile
-* Selenium is required on OSX: brew install selenium-server-standalone (See https://github.com/shvets/selenium)
-
+* Selenium is required on OSX: `brew install selenium-server-standalone` (See https://github.com/shvets/selenium)
 
 Quick Start
 -----------
@@ -55,13 +52,19 @@ The `install` script installs the required operating system packages and all the
 $ ./install
 ```
 
-For full installation details, please refer to [INSTALL.txt](https://github.com/beefproject/beef/blob/master/INSTALL.txt).
-
-We also have an [Installation](https://github.com/beefproject/beef/wiki/Installation) page on the wiki.
+For full installation details, please refer to [INSTALL.txt](https://github.com/beefproject/beef/blob/master/INSTALL.txt) or the [Installation](https://github.com/beefproject/beef/wiki/Installation) page on the wiki.
 
 Upon successful installation, be sure to read the [Configuration](https://github.com/beefproject/beef/wiki/Configuration) page on the wiki for important details on configuring and securing BeEF.
 
 
+Documentation
+---
+
+* [User Guide](https://github.com/beefproject/beef/wiki#user-guide)
+* [Frequently Asked Questions](https://github.com/beefproject/beef/wiki/FAQ)
+* [JSdocs](https://beefproject.github.io/beef/index.html)
+
+
 Usage
 -----
 

RESTful-API.postman_collection.json

@@ -0,0 +1,567 @@
+{
+	"info": {
+		"_postman_id": "3b47c3ff-c03f-446c-8edb-cacaab481425",
+		"name": "RESTful API",
+		"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
+	},
+	"item": [
+		{
+			"name": "Authentication",
+			"event": [
+				{
+					"listen": "test",
+					"script": {
+						"id": "8e1a5f48-1d41-469d-a153-6cd5ee751912",
+						"exec": [
+							"var jsonData = JSON.parse(responseBody);",
+							"pm.environment.set(\"token\", jsonData.token);"
+						],
+						"type": "text/javascript"
+					}
+				}
+			],
+			"request": {
+				"method": "POST",
+				"header": [
+					{
+						"key": "Content-Type",
+						"name": "Content-Type",
+						"value": "application/json",
+						"type": "text"
+					}
+				],
+				"body": {
+					"mode": "raw",
+					"raw": "{\n\t\"username\": \"{{username}}\",\n\t\"password\": \"{{password}}\"\n\t\n}",
+					"options": {
+						"raw": {
+							"language": "json"
+						}
+					}
+				},
+				"url": {
+					"raw": "http://{{hostname}}:3000/api/admin/login",
+					"protocol": "http",
+					"host": [
+						"{{hostname}}"
+					],
+					"port": "3000",
+					"path": [
+						"api",
+						"admin",
+						"login"
+					]
+				},
+				"description": "In order to use the API, a token parameter must always be added to requests, otherwise a 401 error (Not Authorized) is returned.\n\nA new pseudo-random token is generated each time BeEF starts, using BeEF::Core::Crypto::api_token. The token is added to the BeEF::Configuration object.\n\nWhen BeEF starts the token is printed to the console. It should look something like:\n\n[16:02:47][*] RESTful API key: 320f3cf4da7bf0df7566a517c5db796e73a23f47\nGrabbing the Token from BeEF's API\n\nYou can issue a POST request to /api/admin/login using the BeEF credentials you have set in the main config.yaml file. This request will return the token in the response. You can parse the JSON and use it for your next requests requiring authentication."
+			},
+			"response": []
+		},
+		{
+			"name": "Get All Hooked Browsers",
+			"request": {
+				"method": "GET",
+				"header": [],
+				"url": {
+					"raw": "http://{{hostname}}:3000/api/hooks?token={{token}}",
+					"protocol": "http",
+					"host": [
+						"{{hostname}}"
+					],
+					"port": "3000",
+					"path": [
+						"api",
+						"hooks"
+					],
+					"query": [
+						{
+							"key": "token",
+							"value": "{{token}}"
+						}
+					]
+				},
+				"description": "Provides information (browser and OS version, cookies, enabled plugins, etc) about all hooked browsers (both online and offline)."
+			},
+			"response": []
+		},
+		{
+			"name": "Get Specific Hooked Browser",
+			"request": {
+				"method": "GET",
+				"header": [],
+				"url": {
+					"raw": "http://{{hostname}}:3000/api/hooks/{{session}}?token={{token}}",
+					"protocol": "http",
+					"host": [
+						"{{hostname}}"
+					],
+					"port": "3000",
+					"path": [
+						"api",
+						"hooks",
+						"{{session}}"
+					],
+					"query": [
+						{
+							"key": "token",
+							"value": "{{token}}"
+						}
+					]
+				},
+				"description": "\n    Provides information (browser and OS version, cookies, enabled plugins, etc) about a specific hooked browser.\n"
+			},
+			"response": []
+		},
+		{
+			"name": "Get All Hooked Browsers Logs",
+			"request": {
+				"method": "GET",
+				"header": [],
+				"url": {
+					"raw": "http://{{hostname}}:3000/api/logs?token={{token}}",
+					"protocol": "http",
+					"host": [
+						"{{hostname}}"
+					],
+					"port": "3000",
+					"path": [
+						"api",
+						"logs"
+					],
+					"query": [
+						{
+							"key": "token",
+							"value": "{{token}}"
+						}
+					]
+				},
+				"description": "The logs handler gives information about all hooked browser's logs, both global and relative."
+			},
+			"response": []
+		},
+		{
+			"name": "Get Specific Hooked Browsers Logs",
+			"request": {
+				"method": "GET",
+				"header": [],
+				"url": {
+					"raw": "http://{{hostname}}:3000/api/logs/{{session}}?token={{token}}",
+					"protocol": "http",
+					"host": [
+						"{{hostname}}"
+					],
+					"port": "3000",
+					"path": [
+						"api",
+						"logs",
+						"{{session}}"
+					],
+					"query": [
+						{
+							"key": "token",
+							"value": "{{token}}"
+						}
+					]
+				},
+				"description": " The logs handler gives information about a specified hooked browser's logs.\n"
+			},
+			"response": []
+		},
+		{
+			"name": "List All Command Modules",
+			"request": {
+				"method": "GET",
+				"header": [],
+				"url": {
+					"raw": "http://{{hostname}}:3000/api/modules?token={{token}}",
+					"protocol": "http",
+					"host": [
+						"{{hostname}}"
+					],
+					"port": "3000",
+					"path": [
+						"api",
+						"modules"
+					],
+					"query": [
+						{
+							"key": "token",
+							"value": "{{token}}"
+						}
+					]
+				},
+				"description": "List all available BeEF command modules."
+			},
+			"response": []
+		},
+		{
+			"name": "Get Information on Specific Module",
+			"request": {
+				"method": "GET",
+				"header": [],
+				"url": {
+					"raw": "http://{{hostname}}:3000/api/modules/{{module_id}}?token={{token}}",
+					"protocol": "http",
+					"host": [
+						"{{hostname}}"
+					],
+					"port": "3000",
+					"path": [
+						"api",
+						"modules",
+						"{{module_id}}"
+					],
+					"query": [
+						{
+							"key": "token",
+							"value": "{{token}}"
+						}
+					]
+				},
+				"description": "Get detailed information about a specific BeEF command module.\n"
+			},
+			"response": []
+		},
+		{
+			"name": "Launch Command Module on a Specific Browser",
+			"request": {
+				"method": "POST",
+				"header": [
+					{
+						"key": "Content-Type",
+						"name": "Content-Type",
+						"value": "application/json",
+						"type": "text"
+					}
+				],
+				"body": {
+					"mode": "raw",
+					"raw": "",
+					"options": {
+						"raw": {
+							"language": "json"
+						}
+					}
+				},
+				"url": {
+					"raw": "http://{{hostname}}:3000/api/modules/{{session}}/{{module_id}}?token={{token}}",
+					"protocol": "http",
+					"host": [
+						"{{hostname}}"
+					],
+					"port": "3000",
+					"path": [
+						"api",
+						"modules",
+						"{{session}}",
+						"{{module_id}}"
+					],
+					"query": [
+						{
+							"key": "token",
+							"value": "{{token}}"
+						}
+					]
+				},
+				"description": "Launch a specific BeEF command module on a given hooked browser.\n"
+			},
+			"response": []
+		},
+		{
+			"name": "Return Information About Previously Executed Module",
+			"protocolProfileBehavior": {
+				"disableBodyPruning": true
+			},
+			"request": {
+				"method": "GET",
+				"header": [
+					{
+						"key": "Content-Type",
+						"name": "Content-Type",
+						"value": "application/json",
+						"type": "text"
+					}
+				],
+				"body": {
+					"mode": "raw",
+					"raw": "",
+					"options": {
+						"raw": {
+							"language": "json"
+						}
+					}
+				},
+				"url": {
+					"raw": "http://{{hostname}}:3000/api/modules/{{session}}/{{module_id}}/{{cmd_id}}?token={{token}}",
+					"protocol": "http",
+					"host": [
+						"{{hostname}}"
+					],
+					"port": "3000",
+					"path": [
+						"api",
+						"modules",
+						"{{session}}",
+						"{{module_id}}",
+						"{{cmd_id}}"
+					],
+					"query": [
+						{
+							"key": "token",
+							"value": "{{token}}"
+						}
+					]
+				},
+				"description": "Returns information about a specific previously launched BeEF command module.\n"
+			},
+			"response": []
+		},
+		{
+			"name": "Send a Metasploit Module",
+			"request": {
+				"method": "POST",
+				"header": [],
+				"url": {
+					"raw": "http://{{hostname}}:3000/api/modules/{{session}}/{{module_id}}?token={{token}}",
+					"protocol": "http",
+					"host": [
+						"{{hostname}}"
+					],
+					"port": "3000",
+					"path": [
+						"api",
+						"modules",
+						"{{session}}",
+						"{{module_id}}"
+					],
+					"query": [
+						{
+							"key": "token",
+							"value": "{{token}}"
+						}
+					]
+				},
+				"description": "Launch a specific Metasploit module on a given hooked browser\n"
+			},
+			"response": []
+		},
+		{
+			"name": " Send a Module to Multiple Hooked Browsers",
+			"request": {
+				"method": "POST",
+				"header": [
+					{
+						"key": "Content-Type",
+						"name": "Content-Type",
+						"value": "application/json",
+						"type": "text"
+					}
+				],
+				"body": {
+					"mode": "raw",
+					"raw": "",
+					"options": {
+						"raw": {
+							"language": "json"
+						}
+					}
+				},
+				"url": {
+					"raw": "http://{{hostname}}:3000/api/modules/multi_browser?token={{token}}",
+					"protocol": "http",
+					"host": [
+						"{{hostname}}"
+					],
+					"port": "3000",
+					"path": [
+						"api",
+						"modules",
+						"multi_browser"
+					],
+					"query": [
+						{
+							"key": "token",
+							"value": "{{token}}"
+						}
+					]
+				},
+				"description": "Fire a new command module to multiple hooked browsers. Returns the command IDs of the launched module, or 0 if firing got issues."
+			},
+			"response": []
+		},
+		{
+			"name": " Send Multiple Modules to a Single Hooked Browser",
+			"request": {
+				"method": "POST",
+				"header": [
+					{
+						"key": "Content-Type",
+						"name": "Content-Type",
+						"value": "application/json",
+						"type": "text"
+					}
+				],
+				"body": {
+					"mode": "raw",
+					"raw": "",
+					"options": {
+						"raw": {
+							"language": "json"
+						}
+					}
+				},
+				"url": {
+					"raw": "http://{{hostname}}:3000/api/modules/multi_module?token={{token}}",
+					"protocol": "http",
+					"host": [
+						"{{hostname}}"
+					],
+					"port": "3000",
+					"path": [
+						"api",
+						"modules",
+						"multi_module"
+					],
+					"query": [
+						{
+							"key": "token",
+							"value": "{{token}}"
+						}
+					]
+				},
+				"description": "Fire multiple command modules to a single hooked browser. Returns the command IDs of the launched modules, or 0 if firing got issues."
+			},
+			"response": []
+		},
+		{
+			"name": "List the DNS ruleset",
+			"request": {
+				"method": "GET",
+				"header": [],
+				"url": {
+					"raw": "http://{{hostname}}:3000/api/dns/ruleset?token={{token}}",
+					"protocol": "http",
+					"host": [
+						"{{hostname}}"
+					],
+					"port": "3000",
+					"path": [
+						"api",
+						"dns",
+						"ruleset"
+					],
+					"query": [
+						{
+							"key": "token",
+							"value": "{{token}}"
+						}
+					]
+				},
+				"description": "Returns the current set of DNS rules.\n"
+			},
+			"response": []
+		},
+		{
+			"name": "List a Specific DNS Rule",
+			"request": {
+				"method": "GET",
+				"header": [],
+				"url": {
+					"raw": "http://{{hostname}}:3000/api/dns/rule/{{dnsrule_id}}?token={{token}}",
+					"protocol": "http",
+					"host": [
+						"{{hostname}}"
+					],
+					"port": "3000",
+					"path": [
+						"api",
+						"dns",
+						"rule",
+						"{{dnsrule_id}}"
+					],
+					"query": [
+						{
+							"key": "token",
+							"value": "{{token}}"
+						}
+					]
+				},
+				"description": "Returns an individual DNS rule given its unique id.\n"
+			},
+			"response": []
+		},
+		{
+			"name": "Add a New DNS Rule",
+			"request": {
+				"method": "POST",
+				"header": [
+					{
+						"key": "Content-Type",
+						"name": "Content-Type",
+						"value": "application/json",
+						"type": "text"
+					}
+				],
+				"body": {
+					"mode": "raw",
+					"raw": "",
+					"options": {
+						"raw": {
+							"language": "json"
+						}
+					}
+				},
+				"url": {
+					"raw": "http://{{hostname}}:3000/api/dns/rule?token={{token}}",
+					"protocol": "http",
+					"host": [
+						"{{hostname}}"
+					],
+					"port": "3000",
+					"path": [
+						"api",
+						"dns",
+						"rule"
+					],
+					"query": [
+						{
+							"key": "token",
+							"value": "{{token}}"
+						}
+					]
+				},
+				"description": "Adds a new DNS rule or \"resource record\". Does nothing if rule is already present.\n"
+			},
+			"response": []
+		},
+		{
+			"name": "Remove an Existing DNS Rule",
+			"request": {
+				"method": "DELETE",
+				"header": [],
+				"url": {
+					"raw": "http://{{hostname}}:3000/api/dns/rule/{{dnsrule_id}}?token={{token}}",
+					"protocol": "http",
+					"host": [
+						"{{hostname}}"
+					],
+					"port": "3000",
+					"path": [
+						"api",
+						"dns",
+						"rule",
+						"{{dnsrule_id}}"
+					],
+					"query": [
+						{
+							"key": "token",
+							"value": "{{token}}"
+						}
+					]
+				},
+				"description": "Removes an individual DNS rule with a specified unique ID.\n"
+			},
+			"response": []
+		}
+	],
+	"protocolProfileBehavior": {}
+}

Rakefile

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -18,10 +18,10 @@ end
 
 ## RSPEC
 require 'rspec/core/rake_task'
-RSpec::Core::RakeTask.new(:spec)
-
-
 
+RSpec::Core::RakeTask.new(:spec) do |task|
+  task.rspec_opts = ['--tag ~run_on_browserstack']
+end
 
 ################################
 # SSL/TLS certificate
@@ -115,7 +115,7 @@ task :beef_start => 'beef' do
   test_pass = ENV['TEST_BEEF_PASS'] || 'bad_fred_no_access'
 
   # write a rake config file for beef
-  config = YAML.load(File.read('./config.yaml'))
+  config = YAML.safe_load(File.read('./config.yaml'))
   config['beef']['credentials']['user'] = test_user
   config['beef']['credentials']['passwd'] = test_pass
   Dir.mkdir('tmp') unless Dir.exists?('tmp')
@@ -244,4 +244,4 @@ namespace :db do
   task :environment do
     require_relative "beef"
   end
-end
+end

VERSION

@@ -1,7 +1,7 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 
-0.4.7.4-alpha-pre
+0.5.2.0

_config.yml

@@ -0,0 +1 @@
+theme: jekyll-theme-minimal

arerules/lan_port_scan.json

@@ -0,0 +1,29 @@
+{"name": "LAN Port Scan",
+  "author": "aburro & aussieklutz",
+  "browser": "ALL",
+  "browser_version": "ALL",
+  "os": "ALL",
+  "os_version": "ALL",
+  "modules": [
+    {"name": "get_internal_ip_webrtc",
+      "condition": null,
+      "code": null,
+      "options": {}
+    },
+    {"name": "port_scanner",
+      "condition": "status==1",
+      "code": "var s=get_internal_ip_webrtc_mod_output.split('.');var start = s[0]+'.'+s[1]+'.'+s[2]+'.'+s[3]; var mod_input = start;",
+      "options": {
+        "ipHost":"<<mod_input>>",
+        "ports":"80,8080",
+        "closetimeout":"1100",
+        "opentimeout":"2500",
+        "delay":"600",
+        "debug":"false"
+      }
+    }
+  ],
+  "execution_order": [0, 1],
+  "execution_delay": [0, 0],
+  "chain_mode": "nested-forward"
+}

arerules/lan_sw_port_scan.json

@@ -0,0 +1,25 @@
+{"name": "LAN SW Port Scan",
+  "author": "aburro & aussieklutz",
+  "browser": "ALL",
+  "browser_version": "ALL",
+  "os": "ALL",
+  "os_version": "ALL",
+  "modules": [
+    {"name": "get_internal_ip_webrtc",
+      "condition": null,
+      "code": null,
+      "options": {}
+    },
+    {"name": "sw_port_scanner",
+      "condition": "status==1",
+      "code": "var s=get_internal_ip_webrtc_mod_output.split('.');var start = s[0]+'.'+s[1]+'.'+s[2]+'.'+s[3]; var mod_input = start;",
+      "options": {
+        "ipHost":"192.168.1.10",
+        "ports":"80,8080"
+      }
+    }
+  ],
+  "execution_order": [0, 1],
+  "execution_delay": [0, 0],
+  "chain_mode": "nested-forward"
+}

beef

@@ -1,7 +1,7 @@
 #!/usr/bin/env ruby
 
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -12,11 +12,11 @@
 $VERBOSE = nil
 
 #
-# @note Version check to ensure BeEF is running Ruby 2.4+
+# @note Version check to ensure BeEF is running Ruby 2.5+
 #
-if RUBY_VERSION < '2.4'
+if RUBY_VERSION < '2.5'
   puts
-  puts "Ruby version #{RUBY_VERSION} is no longer supported. Please upgrade to Ruby version 2.4 or later."
+  puts "Ruby version #{RUBY_VERSION} is no longer supported. Please upgrade to Ruby version 2.5 or later."
   puts
   exit 1
 end
@@ -42,6 +42,28 @@ $home_dir = File.expand_path("#{Dir.home}/.beef/", __FILE__).freeze
 # @note Require core loader
 #
 require 'core/loader'
+require 'timeout'
+
+#
+# @note Ask user if they would like to update beef
+#
+
+if BeEF::Core::Console::CommandLine.parse[:update_disabled] == false
+  if BeEF::Core::Console::CommandLine.parse[:update_auto] == true
+  print "Pulling latest BeEF repository and updating"
+  `git pull && bundle`  
+  else
+    begin
+      answer = Timeout::timeout(5) do
+        print "Would you like to check and download the latest BeEF update? y/n: " 
+        response = gets
+        `git pull && bundle` if response.strip == 'y' 
+      end
+      rescue Timeout::Error
+        puts "\nUpdate Skipped with input timeout"
+      end
+  end
+end
 
 #
 # @note Create ~/.beef/
@@ -109,13 +131,13 @@ end
 #
 # @note Validate beef.http.public and beef.http.public_port
 #
-unless config.get('beef.http.public').to_s.eql?('') || BeEF::Filters.is_valid_hostname?(config.get('beef.http.public'))
-  print_error "ERROR: Invalid public hostname: #{config.get('beef.http.public')}"
+unless config.get('beef.http.public.host').to_s.eql?('') || BeEF::Filters.is_valid_hostname?(config.get('beef.http.public.host'))
+  print_error "ERROR: Invalid public hostname: #{config.get('beef.http.public.host')}"
   exit 1
 end
 
-unless config.get('beef.http.public_port').to_s.eql?('') || BeEF::Filters.is_valid_port?(config.get('beef.http.public_port'))
-  print_error "ERROR: Invalid public port: #{config.get('beef.http.public_port')}"
+unless config.get('beef.http.public.port').to_s.eql?('') || BeEF::Filters.is_valid_port?(config.get('beef.http.public.port'))
+  print_error "ERROR: Invalid public port: #{config.get('beef.http.public.port')}"
   exit 1
 end
 
@@ -167,12 +189,16 @@ end
 ActiveRecord::Base.logger = nil
 OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')]
 OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database:db_file)
+# otr-activerecord require you to manually establish the connection with the following line
+#Also a check to confirm that the correct Gem version is installed to require it, likely easier for old systems.
+if Gem.loaded_specs['otr-activerecord'].version > Gem::Version.create('1.4.2')
+  OTR::ActiveRecord.establish_connection!
+end
 # Migrate (if required)
 context = ActiveRecord::Migration.new.migration_context
 if context.needs_migration?
   ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration).migrate
 end
-
 #
 # @note Extensions may take a moment to load, thus we print out a please wait message
 #

conf.json

@@ -0,0 +1,16 @@
+{
+    "source": {
+        "include": ["./core/main/client"],
+        "includePattern": ".js$"
+    },
+    "plugins": [
+        "plugins/markdown"
+    ],
+    "opts": {
+        "encoding": "utf8",
+        "readme": "./README.md",
+        "destination": "docs/",
+        "recurse": true,
+        "verbose": true
+    }
+}

config.yaml

@@ -1,12 +1,12 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 # BeEF Configuration file
 
 beef:
-    version: '0.4.7.4-alpha-pre'
+    version: '0.5.2.0'
     # More verbose messages (server-side)
     debug: false
     # More verbose messages (client-side)
@@ -27,6 +27,8 @@ beef:
         # subnet of IP addresses that can connect to the admin UI
         #permitted_ui_subnet: ["127.0.0.1/32", "::1/128"]
         permitted_ui_subnet: ["0.0.0.0/0", "::/0"]
+        # subnet of IP addresses that cannot be hooked by the framework
+        excluded_hooking_subnet: []
         # slow API calls to 1 every  api_attempt_delay  seconds
         api_attempt_delay: "0.05"
 
@@ -45,14 +47,21 @@ beef:
 
         # Host Name / Domain Name
         # If you want BeEF to be accessible via hostname or domain name (ie, DynDNS),
-        #   set the public hostname below:
-        #public: ""      # public hostname/IP address
+        # These settings will be used to create a public facing URL
+        # This public facing URL will be used for all hook related calls
+        # set the public setting below:
+        # public:
+        #     host: "" # public hostname/IP address
+        #     port: "" # public port will default to 80 if no https 443 if https 
+                      # and local if not set but there is a public host
+        #     https: false # true/false
 
         # Reverse Proxy / NAT
         # If you want BeEF to be accessible behind a reverse proxy or NAT,
         #   set both the publicly accessible hostname/IP address and port below:
-        #public: ""      # public hostname/IP address
-        #public_port: "" # public port (experimental)
+        # NOTE: Allowing the reverse proxy will enable a vulnerability where the ui/panel can be spoofed
+        #   by altering the X-FORWARDED-FOR ip address in the request header.
+        allow_reverse_proxy: false
 
         # Hook
         hook_file: "/hook.js"
@@ -72,7 +81,7 @@ beef:
             # NOTE: works only on HTTPS domains and with HTTPS support enabled in BeEF
             secure: true
             secure_port: 61986 # WSSecure
-            ws_poll_timeout: 1000 # poll BeEF every second
+            ws_poll_timeout: 5000 # poll BeEF every x second, this affects how often the browser can have a command execute on it
             ws_connect_timeout: 500 # useful to help fingerprinting finish before establishing the WS channel
 
         # Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header)
@@ -84,6 +93,8 @@ beef:
         # Experimental HTTPS support for the hook / admin / all other Thin managed web services
         https:
             enable: false
+            # Enabled this config setting if you're external facing uri is using https
+            public_enabled: false
             # In production environments, be sure to use a valid certificate signed for the value
             # used in beef.http.public (the domain name of the server where you run BeEF)
             key: "beef_key.pem"

core/api.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/extension.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/extensions.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/main/configuration.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/main/migration.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/main/network_stack/assethandler.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/main/server.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/main/server/hook.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/module.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/modules.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/bootstrap.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -12,11 +12,13 @@ end
 ## @note Include the BeEF router
 require 'core/main/router/router'
 require 'core/main/router/api'
+require 'core/main/router/error_responses'
 
 
 ## @note Include http server functions for beef
 require 'core/main/server'
 require 'core/main/handlers/modules/beefjs'
+require 'core/main/handlers/modules/legacybeefjs'
 require 'core/main/handlers/modules/command'
 require 'core/main/handlers/commands'
 require 'core/main/handlers/hookedbrowsers'

core/core.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/extension.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/extensions.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -10,12 +10,18 @@ module BeEF
     # @return [Array] an array of extension configuration hashes that are enabled
     def self.get_enabled
       BeEF::Core::Configuration.instance.get('beef.extension').select { |k,v| v['enable'] == true }
+    rescue => e
+      print_error "Failed to get enabled extensions: #{e.message}"
+      print_error e.backtrace
     end
 
     # Returns configuration of all loaded extensions
     # @return [Array] an array of extension configuration hashes that are loaded
     def self.get_loaded
       BeEF::Core::Configuration.instance.get('beef.extension').select {|k,v| v['loaded'] == true }
+    rescue => e
+      print_error "Failed to get loaded extensions: #{e.message}"
+      print_error e.backtrace
     end
 
     # Load all enabled extensions
@@ -27,6 +33,9 @@ module BeEF
       }
       # API post extension load
       BeEF::API::Registrar.instance.fire BeEF::API::Extensions, 'post_load'
+    rescue => e
+      print_error "Failed to load extensions: #{e.message}"
+      print_error e.backtrace
     end
   end
 end

core/filters.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/filters/base.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/filters/browser.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/filters/command.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/filters/http.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/filters/page.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/hbmanager.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/loader.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/logger.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/ar-migrations/008_create_executions.rb

@@ -10,6 +10,7 @@ class CreateExecutions < ActiveRecord::Migration[6.0]
 			t.text :exec_time
 			t.text :rule_token
 			t.boolean :is_sent
+			t.integer :rule_id
 		end
 
 	end

core/main/ar-migrations/011_create_web_cloner.rb

@@ -2,7 +2,7 @@ class CreateWebCloner < ActiveRecord::Migration[6.0]
 
 	def change
 
-		create_table :web_cloner do |t|
+		create_table :web_cloners do |t|
             t.text :uri
             t.text :mount
 		end

core/main/ar-migrations/012_create_mass_mailer.rb

@@ -2,7 +2,7 @@ class CreateMassMailer < ActiveRecord::Migration[6.0]
 
 	def change
 
-		create_table :mass_mailer do |t|
+		create_table :mass_mailers do |t|
             #todo fields
 		end
 

core/main/ar-migrations/015_create_http.rb

@@ -2,8 +2,8 @@ class CreateHttp < ActiveRecord::Migration[6.0]
 
 	def change
 
-		create_table :http do |t|
-            t.references :hooked_browser
+		create_table :https do |t|
+            t.text :hooked_browser_id
             # The http request to perform. In clear text.
             t.text :request
             # Boolean value as string to say whether cross-domain requests are allowed

core/main/ar-migrations/016_create_rtc_status.rb

@@ -2,7 +2,7 @@ class CreateRtcStatus < ActiveRecord::Migration[6.0]
 
 	def change
 
-		create_table :rtc_status do |t|
+		create_table :rtc_statuss do |t|
             t.references :hooked_browser
             t.integer :target_hooked_browser_id
             t.text :status

core/main/ar-migrations/017_create_rtc_manage.rb

@@ -2,7 +2,7 @@ class CreateRtcManage < ActiveRecord::Migration[6.0]
 
 	def change
 
-		create_table :rtc_manage do |t|
+		create_table :rtc_manages do |t|
             t.references :hooked_browser
             t.text :message
             t.text :has_sent, default: "waiting"

core/main/ar-migrations/018_create_rtc_signal.rb

@@ -2,7 +2,7 @@ class CreateRtcSignal < ActiveRecord::Migration[6.0]
 
 	def change
 
-		create_table :rtc_signal do |t|
+		create_table :rtc_signals do |t|
             t.references :hooked_browser
             t.integer :target_hooked_browser_id
             t.text :signal

core/main/ar-migrations/019_create_rtc_module_status.rb

@@ -2,7 +2,7 @@ class CreateRtcModuleStatus < ActiveRecord::Migration[6.0]
 
 	def change
 
-		create_table :rtc_module_status do |t|
+		create_table :rtc_module_statuss do |t|
             t.references :hooked_browser
             t.references :command_module
             t.integer :target_hooked_browser_id

core/main/ar-migrations/020_create_xssrays_detail.rb

@@ -2,7 +2,7 @@ class CreateXssraysDetail < ActiveRecord::Migration[6.0]
 
 	def change
 
-		create_table :xssrays_detail do |t|
+		create_table :xssraysdetails do |t|
             t.references :hooked_browser
             t.text :vector_name
             t.text :vector_method

core/main/ar-migrations/021_create_dns_rule.rb

@@ -2,7 +2,7 @@ class CreateDnsRule < ActiveRecord::Migration[6.0]
 
 	def change
 
-		create_table :dns_rule do |t|
+		create_table :dns_rules do |t|
           t.text :pattern
           t.text :resource
           t.text :response

core/main/ar-migrations/022_create_ipec_exploit.rb

@@ -2,7 +2,7 @@ class CreateIpecExploit < ActiveRecord::Migration[6.0]
 
 	def change
 
-		create_table :ipec_exploit do |t|
+		create_table :ipec_exploits do |t|
             t.text :name
             t.text :protocol
             t.text :os

core/main/ar-migrations/023_create_ipec_exploit_run.rb

@@ -2,7 +2,7 @@ class CreateIpecExploitRun < ActiveRecord::Migration[6.0]
 
 	def change
 
-		create_table :ipec_exploit_run do |t|
+		create_table :ipec_exploit_runs do |t|
             t.boolean :launched
             t.text :http_headers
             t.text :junk_size

core/main/ar-migrations/024_create_autoloader.rb

@@ -2,7 +2,7 @@ class CreateAutoloader < ActiveRecord::Migration[6.0]
 
 	def change
 
-		create_table :autoloader do |t|
+		create_table :autoloaders do |t|
             t.references :command
             t.boolean :in_use
 		end

core/main/ar-migrations/025_create_xssrays_scan.rb

@@ -2,7 +2,7 @@ class CreateXssraysScan < ActiveRecord::Migration[6.0]
 
 	def change
 
-		create_table :xssrays_scan do |t|
+		create_table :xssraysscans do |t|
             t.references :hooked_browser
             t.datetime :scan_start
             t.datetime :scan_finish

core/main/autorun_engine/engine.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -86,13 +86,13 @@ module BeEF
             end
 
             are_exec = BeEF::Core::Models::Execution.new(
-                :session => hb_session,
+                :session_id => hb_session,
                 :mod_count => modules.length,
                 :mod_successful => 0,
                 :rule_token => rule_token,
                 :mod_body => wrapper,
                 :is_sent => false,
-                :rule_id => rule_id
+                :id => rule_id
             )
             are_exec.save!
             # Once Engine.check() verified that the hooked browser match a Rule, trigger the Rule ;-)

core/main/autorun_engine/parser.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/autorun_engine/rule_loader.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/client/are.js

@@ -1,16 +1,39 @@
 //
-// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 
+/** 
+ * A series of functions that handle statuses, returns a number based on the function called.
+ * @namespace beef.are
+ */
+
 beef.are = {
+  /**
+   * A function for handling a success status
+   * @memberof beef.are
+   * @method status_success 
+   * @return {number} 1
+   */
   status_success: function(){
     return 1;
   },
+  /**
+   * A function for handling an unknown status
+   * @memberof beef.are
+   * @method status_unknown 
+   * @return {number} 0
+   */  
   status_unknown: function(){
     return 0;
   },
+  /**
+   * A function for handling an error status
+   * @memberof beef.are
+   * @method status_error 
+   * @return {number} -1
+   */  
   status_error: function(){
     return -1;
   }

core/main/client/beef.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -13,23 +13,24 @@ $j = jQuery.noConflict();
 
 if(typeof beef === 'undefined' && typeof window.beef === 'undefined') {
 
+    /**
+     * Register the BeEF JS on the window object.
+     * @namespace {Object} BeefJS 
+     * @property {string} version BeEf Version
+     * @property {boolean} pageIsLoaded This gets set to true during window.onload(). It's a useful hack when messing with document.write().
+     * @property {array} onpopstate An array containing functions to be executed by the window.onpopstate() method.
+     * @property {array} onclose An array containing functions to be executed by the window.onclose() method.
+     * @property {array} commands An array containing functions to be executed by Beef.
+     * @property {array} components An array containing all the BeEF JS components.
+     */
+
     var BeefJS = {
-
+        
         version: '<%= @beef_version %>',
-
-        // This get set to true during window.onload(). It's a useful hack when messing with document.write().
         pageIsLoaded: false,
-
-        // An array containing functions to be executed by the window.onpopstate() method.
         onpopstate: new Array(),
-
-        // An array containing functions to be executed by the window.onclose() method.
         onclose: new Array(),
-
-        // An array containing functions to be executed by Beef.
         commands: new Array(),
-
-        // An array containing all the BeEF JS components.
         components: new Array(),
 
         /**
@@ -37,8 +38,8 @@ if(typeof beef === 'undefined' && typeof window.beef === 'undefined') {
          * @param: {string} the debug string to return
          */
         debug: function(msg) {
-            if (!<%= @client_debug %>) return;
-            if (typeof console == "object" && typeof console.log == "function") {
+            isDebug = '<%= @client_debug %>'
+            if (typeof console == "object" && typeof console.log == "function" && isDebug.localeCompare("true")) {
                 var currentdate = new Date();
                 var pad = function(n){return ("0" + n).slice(-2);}
                 var datetime = currentdate.getFullYear() + "-"

core/main/client/browser.js

@@ -1,16 +1,23 @@
 //
-// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 
 /**
- * @literal object: beef.browser
- *
  * Basic browser functions.
+ * @namespace beef.browser
  */
 beef.browser = {
 
+    /**
+     * Returns the protocol.
+     * @example: beef.browser.getProtocol()
+     */
+    getProtocol: function() {
+        return document.location.protocol;
+    },
+
     /**
      * Returns the user agent that the browser is claiming to be.
      * @example: beef.browser.getBrowserReportedName()
@@ -110,7 +117,7 @@ beef.browser = {
      * @example: beef.browser.isIE10()
      */
     isIE10: function () {
-        return !!window.XMLHttpRequest && !window.chrome && !window.opera && !!document.documentMode && !window.XDomainRequest && !!window.performance && typeof navigator.msMaxTouchPoints !== "undefined";
+        return !!window.XMLHttpRequest && !window.chrome && !window.opera && !!document.documentMode && !!window.XDomainRequest && !!window.performance && typeof navigator.msMaxTouchPoints !== "undefined";
     },
 
     /**
@@ -128,7 +135,7 @@ beef.browser = {
      * @example: beef.browser.isEdge()
      */
     isEdge: function () {
-        return !beef.browser.isIE() && !!window.StyleMedia;
+        return !beef.browser.isIE() && !!window.styleMedia && (/Edg\/\d+\.\d/.test(window.navigator.userAgent) || /Edge\/\d+\.\d/.test(window.navigator.userAgent));
     },
 
     /**
@@ -856,7 +863,7 @@ beef.browser = {
      * @example: beef.browser.isFF89()
      */
     isFF89: function () {
-        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/89./) != null;
+        return !!window.devicePixelRatio && !!window.history.replaceState && (this.getProtocol() == "https:" ? typeof navigator.mozGetUserMedia != "undefined" : true) && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/89./) != null;
     },
 
     /**
@@ -864,7 +871,7 @@ beef.browser = {
      * @example: beef.browser.isFF90()
      */
     isFF90: function () {
-        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/90./) != null;
+        return !!window.devicePixelRatio && !!window.history.replaceState && (this.getProtocol() == "https:" ? typeof navigator.mozGetUserMedia != "undefined" : true) && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/90./) != null;
     },
 
     /**
@@ -872,7 +879,7 @@ beef.browser = {
      * @example: beef.browser.isFF91()
      */
     isFF91: function () {
-        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/91./) != null;
+        return !!window.devicePixelRatio && !!window.history.replaceState && (this.getProtocol() == "https:" ? typeof navigator.mozGetUserMedia != "undefined" : true) && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/91./) != null;
     },
 
     /**
@@ -880,7 +887,7 @@ beef.browser = {
      * @example: beef.browser.isFF92()
      */
     isFF92: function () {
-        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/92./) != null;
+        return !!window.devicePixelRatio && !!window.history.replaceState && (this.getProtocol() == "https:" ? typeof navigator.mozGetUserMedia != "undefined" : true) && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/92./) != null;
     },
 
     /**
@@ -888,7 +895,7 @@ beef.browser = {
      * @example: beef.browser.isFF93()
      */
     isFF93: function () {
-        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/93./) != null;
+        return !!window.devicePixelRatio && !!window.history.replaceState && (this.getProtocol() == "https:" ? typeof navigator.mozGetUserMedia != "undefined" : true) && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/93./) != null;
     },
 
     /**
@@ -896,7 +903,7 @@ beef.browser = {
      * @example: beef.browser.isFF94()
      */
     isFF94: function () {
-        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/94./) != null;
+        return !!window.devicePixelRatio && !!window.history.replaceState && (this.getProtocol() == "https:" ? typeof navigator.mozGetUserMedia != "undefined" : true) && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/94./) != null;
     },
 
     /**
@@ -904,7 +911,7 @@ beef.browser = {
      * @example: beef.browser.isFF95()
      */
     isFF95: function () {
-        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/95./) != null;
+        return !!window.devicePixelRatio && !!window.history.replaceState && (this.getProtocol() == "https:" ? typeof navigator.mozGetUserMedia != "undefined" : true) && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/95./) != null;
     },
 
     /**
@@ -912,7 +919,7 @@ beef.browser = {
      * @example: beef.browser.isFF96()
      */
     isFF96: function () {
-        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/96./) != null;
+        return !!window.devicePixelRatio && !!window.history.replaceState && (this.getProtocol() == "https:" ? typeof navigator.mozGetUserMedia != "undefined" : true) && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/96./) != null;
     },
 
     /**
@@ -920,7 +927,7 @@ beef.browser = {
      * @example: beef.browser.isFF97()
      */
     isFF97: function () {
-        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/97./) != null;
+        return !!window.devicePixelRatio && !!window.history.replaceState && (this.getProtocol() == "https:" ? typeof navigator.mozGetUserMedia != "undefined" : true) && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/97./) != null;
     },
 
     /**
@@ -928,7 +935,7 @@ beef.browser = {
      * @example: beef.browser.isFF98()
      */
     isFF98: function () {
-        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/98./) != null;
+        return !!window.devicePixelRatio && !!window.history.replaceState && (this.getProtocol() == "https:" ? typeof navigator.mozGetUserMedia != "undefined" : true) && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/98./) != null;
     },
 
     /**
@@ -936,7 +943,7 @@ beef.browser = {
      * @example: beef.browser.isFF99()
      */
     isFF99: function () {
-        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/99./) != null;
+        return !!window.devicePixelRatio && !!window.history.replaceState && (this.getProtocol() == "https:" ? typeof navigator.mozGetUserMedia != "undefined" : true) && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/99./) != null;
     },
 
     /**
@@ -997,10 +1004,13 @@ beef.browser = {
 
     /**
      * Returns true if Webkit based
-     *
-     * **** DUPLICATE WARNING **** Changes here may aldo need addressed in /isS\d+/ functions.
      */
+
+
     isWebKitBased: function () {
+        /*
+        * **** DUPLICATE WARNING **** Changes here may aldo need addressed in /isS\d+/ functions.
+        */
         return (!window.opera && !window.chrome
                 && window.navigator.userAgent.match(/ Version\/\d/) != null
                 && !window.globalStorage
@@ -2493,6 +2503,7 @@ beef.browser = {
     type: function () {
 
         return {
+            E: this.isEdge(), // Edge any version
             C5: this.isC5(), // Chrome 5
             C6: this.isC6(), // Chrome 6
             C7: this.isC7(), // Chrome 7
@@ -3914,12 +3925,12 @@ beef.browser = {
     getPlugins: function () {
 
         var results;
-        Array.prototype.unique = function () {
-            var o = {}, i, l = this.length, r = [];
-            for (i = 0; i < l; i += 1) o[this[i]] = this[i];
-            for (i in o) r.push(o[i]);
-            return r;
-        };
+
+        function unique(array) {
+          return $j.grep(array, function(el, index) {
+            return index === $j.inArray(el, array);
+          });
+        }
 
         // Things lacking navigator.plugins
         if (!navigator.plugins) 
@@ -3938,8 +3949,8 @@ beef.browser = {
                 // Sometimes store the version in description (Real, Adobe)
                 else results[i] = navigator.plugins[i].name;// + '-desc.' + navigator.plugins[i].description;
             }
-            results = results.unique().toString();
-
+            results = unique(results).toString();
+            
             // All browsers that don't support navigator.plugins
         } else {
             results = new Array();
@@ -4579,17 +4590,19 @@ beef.browser = {
      *  This code is based on research from browserspy.dk
      *
      * @parameter {ENUM: 'PER_DOMAIN', 'GLOBAL'=>default}
-     * @return {Deferred promise} A jQuery deferred object promise, which when resolved passes
+     * @return {Object} A jQuery deferred object promise, which when resolved passes
      *    the number of connections to the callback function as "this"
-     *
-     *    example usage:
-     *        $j.when(getMaxConnections()).done(function(){
-     *            console.debug("Max Connections: " + this);
-     *            });
-     *
      */
-    getMaxConnections: function (scope) {
 
+
+
+    getMaxConnections: function (scope) {
+        /*
+        *    example usage:
+        *        $j.when(getMaxConnections()).done(function(){
+        *            console.debug("Max Connections: " + this);
+        *            }); 
+        */
         var imagesCount = 30;		// Max number of images to test
         var secondsTimeout = 5;		// Image load timeout threashold
         var testUrl = "";		// The image testing service URL

core/main/client/browser/cookie.js

@@ -1,19 +1,18 @@
 //
-// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 
-/*!
- * @literal object: beef.browser.cookie
- * 
+/**
  * Provides fuctions for working with cookies. 
  * Several functions adopted from http://techpatterns.com/downloads/javascript_cookies.php
  * Original author unknown.
- * 
+ * @namespace beef.browser.cookie
  */
 beef.browser.cookie = {
 	
+		/** @memberof beef.browser.cookie */
 		setCookie: function (name, value, expires, path, domain, secure) 
 		{
 	
@@ -32,7 +31,7 @@ beef.browser.cookie = {
 				( ( domain ) ? ";domain=" + domain : "" ) +
 				( ( secure ) ? ";secure" : "" );
 		},
-
+		/** @memberof beef.browser.cookie */
 		getCookie: function(name) 
 		{
 			var a_all_cookies = document.cookie.split( ';' );
@@ -63,7 +62,7 @@ beef.browser.cookie = {
 				return null;
 			}
 		},
-
+		/** @memberof beef.browser.cookie */
 		deleteCookie: function (name, path, domain) 
 		{
 			if ( this.getCookie(name) ) document.cookie = name + "=" +
@@ -72,7 +71,7 @@ beef.browser.cookie = {
 			";expires=Thu, 01-Jan-1970 00:00:01 GMT";
 		},
 
-	    /* Never stop the madness dear C. */
+	    /** @memberof beef.browser.cookie */
 		veganLol: function (){
 			var to_hell= '';
 			var min = 17;
@@ -99,7 +98,7 @@ beef.browser.cookie = {
 			}
 			return to_hell;
 		},
-		
+		/** @memberof beef.browser.cookie */
 		hasSessionCookies: function (name){
 			this.setCookie( name, beef.browser.cookie.veganLol(), '', '/', '', '' );
 
@@ -108,7 +107,7 @@ beef.browser.cookie = {
 			return cookiesEnabled;
 			
 		},
-
+		/** @memberof beef.browser.cookie */
 		hasPersistentCookies: function (name){
 			this.setCookie( name, beef.browser.cookie.veganLol(), 1, '/', '', '' );
 

core/main/client/browser/popup.js

@@ -1,19 +1,17 @@
 //
-// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 
-/*!
- * @literal object: beef.browser.popup
- * 
+/**
  * Provides fuctions for working with cookies. 
  * Several functions adopted from http://davidwalsh.name/popup-block-javascript
  * Original author unknown.
- * 
+ * @namespace beef.browser.popup
  */
 beef.browser.popup = {
-	
+		/** @memberof beef.browser.popup */
 		blocker_enabled: function ()
 		{
 			screenParams = beef.hardware.getScreenSize();

core/main/client/dom.js

@@ -1,20 +1,19 @@
 //
-// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 
-/*!
- * @literal object: beef.dom
- *
+/**
  * Provides functionality to manipulate the DOM.
+ * @namespace beef.dom
  */
 beef.dom = {
 	
 	/**
 	 * Generates a random ID for HTML elements
-	 * @param: {String} prefix: a custom prefix before the random id. defaults to "beef-"
-	 * @return: generated id
+	 * @param {String} prefix a custom prefix before the random id. defaults to "beef-"
+	 * @return {String} generated id
 	 */
 	generateID: function(prefix) {
 		return ((prefix == null) ? 'beef-' : prefix)+Math.floor(Math.random()*99999);
@@ -22,9 +21,9 @@ beef.dom = {
 		
 	/**
 	 * Creates a new element but does not append it to the DOM.
-	 * @param: {String} the name of the element.
-	 * @param: {Literal Object} the attributes of that element.
-	 * @return: the created element.
+	 * @param {String} type the name of the element.
+	 * @param {Array} attributes the attributes of that element.
+	 * @return {Array} the created element.
 	 */
 	createElement: function(type, attributes) {
 		var el = document.createElement(type);
@@ -40,7 +39,7 @@ beef.dom = {
 	
 	/**
 	 * Removes element from the DOM.
-	 * @param: {String or DOM Object} the target element to be removed.
+	 * @param {Object} el the target element to be removed.
 	 */
 	removeElement: function(el) {
 		if (!beef.dom.isDOMElement(el))
@@ -54,8 +53,8 @@ beef.dom = {
 	
 	/**
 	 * Tests if the object is a DOM element.
-	 * @param: {Object} the DOM element.
-	 * @return: true if the object is a DOM element.
+	 * @param {Object} the DOM element.
+	 * @return {boolean} true if the object is a DOM element.
 	 */
 	isDOMElement: function(obj) {
 		return (obj.nodeType) ? true : false;
@@ -63,7 +62,7 @@ beef.dom = {
 	
 	/**
 	 * Creates an invisible iframe on the hook browser's page.
-	 * @return: the iframe.
+	 * @return {array} the iframe.
 	 */
 	createInvisibleIframe: function() {
 		var iframe = this.createElement('iframe', {
@@ -79,10 +78,10 @@ beef.dom = {
 
 	/**
 	 * Returns the highest current z-index
-	 * @param: {Boolean} whether to return an associative array with the height AND the ID of the element
-	 * @return: {Integer} Highest z-index in the DOM
+	 * @param {Boolean} whether to return an associative array with the height AND the ID of the element
+	 * @return {Integer} Highest z-index in the DOM
 	 * OR
-	 * @return: {Hash} A hash with the height and the ID of the highest element in the DOM {'height': INT, 'elem': STRING}
+	 * @return {Hash} A hash with the height and the ID of the highest element in the DOM {'height': INT, 'elem': STRING}
 	 */
 	getHighestZindex: function(include_id) {
 		var highest = {'height':0, 'elem':''};
@@ -105,11 +104,11 @@ beef.dom = {
      * Create an iFrame element and prepend to document body. URI passed via 'src' property of function's 'params' parameter
      * is assigned to created iframe tag's src attribute resulting in GET request to that URI.
      * example usage in the code: beef.dom.createIframe('fullscreen', {'src':$j(this).attr('href')}, {}, null);
-	 * @param: {String} type: can be 'hidden' or 'fullScreen'. defaults to normal
-	 * @param: {Hash} params: list of params that will be sent in request.
-	 * @param: {Hash} styles: css styling attributes, these are merged with the defaults specified in the type parameter
-	 * @param: {Function} a callback function to fire once the iFrame has loaded
-	 * @return: {Object} the inserted iFrame
+	 * @param {String} type: can be 'hidden' or 'fullScreen'. defaults to normal
+	 * @param {Hash} params: list of params that will be sent in request.
+	 * @param {Hash} styles: css styling attributes, these are merged with the defaults specified in the type parameter
+	 * @param {Function} a callback function to fire once the iFrame has loaded
+	 * @return {Object} the inserted iFrame
      *
 	 */
 	createIframe: function(type, params, styles, onload) {
@@ -150,8 +149,8 @@ beef.dom = {
 
     /**
      * Load a full screen div that is black, or, transparent
-     * @param: {Boolean} vis: whether or not you want the screen dimmer enabled or not
-     * @param: {Hash} options: a collection of options to customise how the div is configured, as follows:
+     * @param {Boolean} vis: whether or not you want the screen dimmer enabled or not
+     * @param {Hash} options: a collection of options to customise how the div is configured, as follows:
      *         opacity:0-100         // Lower number = less grayout higher = more of a blackout
      *           // By default this is 70 
      *         zindex: #             // HTML elements with a higher zindex appear on top of the gray out
@@ -219,9 +218,9 @@ beef.dom = {
 	
 	/**
      * Create a form element with the specified parameters, appending it to the DOM if append == true
-	 * @param: {Hash} params: params to be applied to the form element
-	 * @param: {Boolean} append: automatically append the form to the body
-	 * @return: {Object} a form object
+	 * @param {Hash} params: params to be applied to the form element
+	 * @param {Boolean} append: automatically append the form to the body
+	 * @return {Object} a form object
 	 */
 	createForm: function(params, append) {
 		var form = $j('<form></form>').attr(params);
@@ -239,7 +238,7 @@ beef.dom = {
 
 	/**
 	 * Get the location of the current page.
-	 * @return: the location.
+	 * @return the location.
 	 */
 	getLocation: function() {
 		return document.location.href;
@@ -247,7 +246,7 @@ beef.dom = {
 	
 	/**
 	 * Get links of the current page.
-	 * @return: array of URLs.
+	 * @return array of URLs.
 	 */
 	getLinks: function() {
 		var linksarray = [];
@@ -260,9 +259,9 @@ beef.dom = {
 	
 	/**
 	 * Rewrites all links matched by selector to url, also rebinds the click method to simply return true
-	 * @param: {String} url: the url to be rewritten
-	 * @param: {String} selector: the jquery selector statement to use, defaults to all a tags.
-	 * @return: {Number} the amount of links found in the DOM and rewritten.
+	 * @param {String} url: the url to be rewritten
+	 * @param {String} selector: the jquery selector statement to use, defaults to all a tags.
+	 * @return {Number} the amount of links found in the DOM and rewritten.
 	 */
 	rewriteLinks: function(url, selector) {
 		var sel = (selector == null) ? 'a' : selector;
@@ -277,9 +276,9 @@ beef.dom = {
 	/**
 	 * Rewrites all links matched by selector to url, leveraging Bilawal Hameed's hidden click event overwriting.
 	 * http://bilaw.al/2013/03/17/hacking-the-a-tag-in-100-characters.html
-	 * @param: {String} url: the url to be rewritten
-	 * @param: {String} selector: the jquery selector statement to use, defaults to all a tags.
-	 * @return: {Number} the amount of links found in the DOM and rewritten.
+	 * @param {String} url: the url to be rewritten
+	 * @param {String} selector: the jquery selector statement to use, defaults to all a tags.
+	 * @return {Number} the amount of links found in the DOM and rewritten.
 	 */
 	rewriteLinksClickEvents: function(url, selector) {
 		var sel = (selector == null) ? 'a' : selector;
@@ -293,10 +292,10 @@ beef.dom = {
 
 	/**
      * Parse all links in the page matched by the selector, replacing old_protocol with new_protocol (ex.:https with http)
-	 * @param: {String} old_protocol: the old link protocol to be rewritten
-	 * @param: {String} new_protocol: the new link protocol to be written
-	 * @param: {String} selector: the jquery selector statement to use, defaults to all a tags.
-	 * @return: {Number} the amount of links found in the DOM and rewritten.
+	 * @param {String} old_protocol: the old link protocol to be rewritten
+	 * @param {String} new_protocol: the new link protocol to be written
+	 * @param {String} selector: the jquery selector statement to use, defaults to all a tags.
+	 * @return {Number} the amount of links found in the DOM and rewritten.
 	 */
 	rewriteLinksProtocol: function(old_protocol, new_protocol, selector) {
 
@@ -319,9 +318,9 @@ beef.dom = {
 
 	/**
 	 * Parse all links in the page matched by the selector, replacing all telephone urls ('tel' protocol handler) with a new telephone number
-	 * @param: {String} new_number: the new link telephone number to be written
-	 * @param: {String} selector: the jquery selector statement to use, defaults to all a tags.
-	 * @return: {Number} the amount of links found in the DOM and rewritten.
+	 * @param {String} new_number: the new link telephone number to be written
+	 * @param {String} selector: the jquery selector statement to use, defaults to all a tags.
+	 * @return {Number} the amount of links found in the DOM and rewritten.
 	 */
 	rewriteTelLinks: function(new_number, selector) {
 
@@ -343,9 +342,9 @@ beef.dom = {
 	},
 
     /**
-     *  Given an array of objects (key/value), return a string of param tags ready to append in applet/object/embed
-     * @params: {Array} an array of params for the applet, ex.: [{'argc':'5', 'arg0':'ReverseTCP'}]
-     * @return: {String} the parameters as a string ready to append to applet/embed/object tags (ex.: <param name='abc' value='test' />).
+     * Given an array of objects (key/value), return a string of param tags ready to append in applet/object/embed
+     * @param {Array} an array of params for the applet, ex.: [{'argc':'5', 'arg0':'ReverseTCP'}]
+     * @return {String} the parameters as a string ready to append to applet/embed/object tags (ex.: <param name='abc' value='test' />).
      */
     parseAppletParams: function(params){
          var result = '';
@@ -364,11 +363,11 @@ beef.dom = {
      * beef.dom.attachApplet('appletId', 'appletName', 'SuperMario3D.class', null, 'http://127.0.0.1:3000/ui/media/images/target.jar', [{'param1':'1', 'param2':'2'}]);
      * example usage in the code, using codebase:
      * beef.dom.attachApplet('appletId', 'appletName', 'SuperMario3D', 'http://127.0.0.1:3000/', null, null);
-     * @params: {String} id: reference identifier to the applet.
-     * @params: {String} code: name of the class to be loaded. For example, beef.class.
-     * @params: {String} codebase: the URL of the codebase (usually used when loading a single class for an unsigned applet).
-     * @params: {String} archive: the jar that contains the code.
-     * @params: {String} params: an array of additional params that the applet except.
+     * @param {String} id: reference identifier to the applet.
+     * @param {String} code: name of the class to be loaded. For example, beef.class.
+     * @param {String} codebase: the URL of the codebase (usually used when loading a single class for an unsigned applet).
+     * @param {String} archive: the jar that contains the code.
+     * @param {String} params: an array of additional params that the applet except.
      */
     attachApplet: function(id, name, code, codebase, archive, params) {
         var content = null;
@@ -432,7 +431,7 @@ beef.dom = {
 
     /**
      * Given an id, remove the applet from the DOM.
-     * @params: {String} id: reference identifier to the applet.
+     * @param {String} id: reference identifier to the applet.
      */
     detachApplet: function(id) {
         $j('#' + id + '').detach();
@@ -440,10 +439,10 @@ beef.dom = {
 
     /**
      * Create an invisible iFrame with a form inside, and submit it. Useful for XSRF attacks delivered via POST requests.
-     * @params: {String} action: the form action attribute, where the request will be sent.
-     * @params: {String} method: HTTP method, usually POST.
-     * @params: {String} enctype: form encoding type
-     * @params: {Array} inputs: an array of inputs to be added to the form (type, name, value).
+     * @param {String} action: the form action attribute, where the request will be sent.
+     * @param {String} method: HTTP method, usually POST.
+     * @param {String} enctype: form encoding type
+     * @param {Array} inputs: an array of inputs to be added to the form (type, name, value).
      *         example: [{'type':'hidden', 'name':'1', 'value':''} , {'type':'hidden', 'name':'2', 'value':'3'}]
      */
     createIframeXsrfForm: function(action, method, enctype, inputs){
@@ -477,9 +476,9 @@ beef.dom = {
 
     /**
      * Create an invisible iFrame with a form inside, and POST the form in plain-text. Used for inter-protocol exploitation.
-     * @params: {String} rhost: remote host ip/domain
-     * @params: {String} rport: remote port
-     * @params: {String} commands: protocol commands to be executed by the remote host:port service
+     * @param {String} rhost: remote host ip/domain
+     * @param {String} rport: remote port
+     * @param {String} commands: protocol commands to be executed by the remote host:port service
      */
     createIframeIpecForm: function(rhost, rport, path, commands){
         var iframeIpec = beef.dom.createInvisibleIframe();

core/main/client/encode/base64.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -8,10 +8,18 @@
 
 beef.encode = {};
 
+/** 
+ * Base64 code from http://stackoverflow.com/questions/3774622/how-to-base64-encode-inside-of-javascript/3774662#3774662
+ * @namespace beef.encode.base64 
+ */
 beef.encode.base64 = {
 	
 	keyStr: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",
-
+    /** 
+     * @memberof beef.encode.base64 
+     * @param {string} input
+     * @return {string}
+     */
     encode : function (input) {
         if (window.btoa) {
            return btoa(unescape(encodeURIComponent(input)));
@@ -49,7 +57,11 @@ beef.encode.base64 = {
         return output;
     },
 
-
+    /** 
+     * @memberof beef.encode.base64 
+     * @param {string} input
+     * @return {string}
+     */
     decode : function (input) {
         if (window.atob) {
             return escape(atob(input));
@@ -90,8 +102,12 @@ beef.encode.base64 = {
 
     },
 
-
-   utf8_encode : function (string) {
+    /** 
+     * @memberof beef.encode.base64 
+     * @param {string} string
+     * @return {string}
+     */
+    utf8_encode : function (string) {
         string = string.replace(/\r\n/g,"\n");
         var utftext = "";
 
@@ -116,7 +132,11 @@ beef.encode.base64 = {
 
         return utftext;
     },
-
+    /** 
+     * @memberof beef.encode.base64 
+     * @param {string} utftext
+     * @return {string} 
+     */
     utf8_decode : function (utftext) {
         var string = "";
         var i = 0;

core/main/client/encode/json.js

@@ -1,13 +1,19 @@
 //
-// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 
-// Json code from Brantlye Harris-- http://code.google.com/p/jquery-json/
+/** 
+ * Json code from Brantlye Harris-- http://code.google.com/p/jquery-json/
+ * @namespace beef.encode.json
+ */
 
 beef.encode.json = {
-	
+	/**
+     * @memberof beef.encode.json
+     * @param o 
+     */
 	stringify: function(o) {
         if (typeof(JSON) == 'object' && JSON.stringify) {
             // Error on stringifying cylcic structures caused polling to die
@@ -97,7 +103,10 @@ beef.encode.json = {
             return "{" + pairs.join(", ") + "}";
         }
     },
-
+    /**
+     * @memberof beef.encode.json
+     * @param string 
+     */
     quoteString: function(string) {
         if (string.match(this._escapeable))
         {

core/main/client/geolocation.js

@@ -1,25 +1,30 @@
 //
-// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 
-/*!
- * @literal object: beef.geolocation
- *
+/**
  * Provides functionalities to use the geolocation API.
+ * @namespace beef.geolocation
  */
+
 beef.geolocation = {
 
     /**
-     * check if browser supports the geolocation API
+     * Check if browser supports the geolocation API
+     * @return {boolean}
      */
     isGeolocationEnabled: function(){
 		return !!navigator.geolocation;
     },
 
-    /*
-     * given latitude/longitude retrieves exact street position of the zombie
+    /** 
+     * Given latitude/longitude retrieves exact street position of the zombie
+     * @param command_url
+     * @param command_id
+     * @param latitude
+     * @param longitude
      */
     getOpenStreetMapAddress: function(command_url, command_id, latitude, longitude){
 
@@ -56,8 +61,10 @@ beef.geolocation = {
 
     },
 
-    /*
-     * retrieve latitude/longitude using the geolocation API
+    /**
+     * Retrieve latitude/longitude using the geolocation API
+     * @param command_url
+     * @param command_id
      */
     getGeolocation: function (command_url, command_id){
 

core/main/client/hardware.js

@@ -1,16 +1,20 @@
 //
-// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 
+/**
+ * @namespace beef.hardware
+ */
+
 beef.hardware = {
 
   ua: navigator.userAgent,
 
-  /*
-   * @return: {String} CPU type
-   **/
+  /**
+   * @return {String} CPU type
+   */
   getCpuArch: function() {
     var arch = 'UNKNOWN';
     // note that actually WOW64 means IE 32bit and Windows 64 bit. we are more interested
@@ -39,7 +43,8 @@ beef.hardware = {
 
   /**
    * Returns number of CPU cores
-   **/
+   * @return {String}
+   */
   getCpuCores: function() {
     var cores = 'unknown';
     try {
@@ -54,7 +59,8 @@ beef.hardware = {
 
   /**
    * Returns CPU details
-   **/
+   * @return {String}
+   */
   getCpuDetails: function() {
     return {
       arch: beef.hardware.getCpuArch(),
@@ -64,7 +70,8 @@ beef.hardware = {
 
   /**
    * Returns GPU details
-   **/
+   * @return {object}
+   */
   getGpuDetails: function() {
     var gpu = 'unknown';
     var vendor = 'unknown';
@@ -98,7 +105,8 @@ beef.hardware = {
 
   /**
    * Returns RAM (GiB)
-   **/
+   * @return {String}
+   */
   getMemory: function() {
     var memory = 'unknown';
     try {
@@ -113,7 +121,8 @@ beef.hardware = {
 
   /**
    * Returns battery details
-   **/
+   * @return {Object}
+   */
   getBatteryDetails: function() {
     var battery = navigator.battery || navigator.webkitBattery || navigator.mozBattery;
 
@@ -136,6 +145,7 @@ beef.hardware = {
 
   /**
    * Returns zombie screen size and color depth.
+   * @return {Object}
    */
   getScreenSize: function () {
     return {
@@ -145,17 +155,19 @@ beef.hardware = {
     }
   },
 
-  /*
-   * @return: {Boolean} true or false.
-   **/
+  /**
+   * Is touch enabled?
+   * @return {Boolean} true or false.
+   */
   isTouchEnabled: function() {
     if ('ontouchstart' in document) return true;
     return false;
   },
 
-  /*
-   * @return: {Boolean} true or false.
-   **/
+  /**
+   * Is virtual machine?
+   * @return {Boolean} true or false.
+   */
   isVirtualMachine: function() {
     if (this.getGpuDetails().vendor.match('VMware, Inc'))
       return true;
@@ -171,9 +183,10 @@ beef.hardware = {
     return false;
   },
 
-  /*
-   * @return: {Boolean} true or false.
-   **/
+  /**
+   * Is a Laptop?
+   * @return {Boolean} true or false.
+   */
   isLaptop: function() {
     if (this.isMobileDevice()) return false;
     // Most common laptop screen resolution
@@ -183,64 +196,70 @@ beef.hardware = {
     return false;
   },
 
-  /*
-   * @return: {Boolean} true or false.
-   **/
+  /**
+   * Is Nokia?
+   * @return {Boolean} true or false.
+   */
   isNokia: function() {
     return (this.ua.match('(Maemo Browser)|(Symbian)|(Nokia)|(Lumia )')) ? true : false;
   },
 
-  /*
-   * @return: {Boolean} true or false.
-   **/
+  /**
+   * Is Zune?
+   * @return {Boolean} true or false.
+   */
   isZune: function() {
     return (this.ua.match('ZuneWP7')) ? true : false;
   },
 
-  /*
-   * @return: {Boolean} true or false.
-   **/
+  /**
+   * Is HTC?
+   * @return {Boolean} true or false.
+   */
   isHtc: function() {
     return (this.ua.match('HTC')) ? true : false;
   },
 
-  /*
-   * @return: {Boolean} true or false.
-   **/
+  /**
+   * Is Ericsson?
+   * @return {Boolean} true or false.
+   */
   isEricsson: function() {
     return (this.ua.match('Ericsson')) ? true : false;
   },
 
-  /*
-   * @return: {Boolean} true or false.
-   **/
+  /**
+   * Is Motorola?
+   * @return {Boolean} true or false.
+   */
   isMotorola: function() {
     return (this.ua.match('Motorola')) ? true : false;
   },
 
-  /*
-   * @return: {Boolean} true or false.
-   **/
+  /**
+   * Is Google?
+   * @return {Boolean} true or false.
+   */
   isGoogle: function() {
     return (this.ua.match('Nexus One')) ? true : false;
   },
 
   /**
    * Returns true if the browser is on a Mobile device
-   * @return: {Boolean} true or false
+   * @return {Boolean} true or false
    *
    * @example: if(beef.hardware.isMobileDevice()) { ... }
-   **/
+   */
   isMobileDevice: function() {
     return MobileEsp.DetectMobileQuick();
   },
 
   /**
    * Returns true if the browser is on a game console
-   * @return: {Boolean} true or false
+   * @return {Boolean} true or false
    *
    * @example: if(beef.hardware.isGameConsole()) { ... }
-   **/
+   */
   isGameConsole: function() {
     return MobileEsp.DetectGameConsole();
   },

core/main/client/init.js

@@ -1,17 +1,18 @@
 //
-// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 
 /**
- * @literal object: beef.init
  * Contains the beef_init() method which starts the BeEF client-side
  * logic. Also, it overrides the 'onpopstate' and 'onclose' events on the windows object.
  *
  * If beef.pageIsLoaded is true, then this JS has been loaded >1 times
  * and will have a new session id. The new session id will need to know
  * the brwoser details. So sendback the browser details again.
+ * 
+ * @namespace beef.init
  */
 
 beef.session.get_hook_session_id();
@@ -19,11 +20,15 @@ beef.session.get_hook_session_id();
 if (beef.pageIsLoaded) {
     beef.net.browser_details();
 }
-
+/**
+ * @memberof beef.init
+ */
 window.onload = function () {
     beef_init();
 };
-
+/**
+ * @memberof beef.init
+ */
 window.onpopstate = function (event) {
     if (beef.onpopstate.length > 0) {
         event.preventDefault;
@@ -38,7 +43,9 @@ window.onpopstate = function (event) {
         }
     }
 };
-
+/**
+ * @memberof beef.init
+ */
 window.onclose = function (event) {
     if (beef.onclose.length > 0) {
         event.preventDefault;
@@ -60,6 +67,7 @@ window.onclose = function (event) {
  *  - the polling starts (checks for new commands, and execute them)
  *  - the logger component is initialized (see logger.js)
  *  - the Autorun Engine is initialized (see are.js)
+ * @memberof beef.init
  */
 function beef_init() {
     if (!beef.pageIsLoaded) {

core/main/client/lib/browser_jools.js

@@ -1,3 +1,12 @@
+/**
+ * @namespace browser_jools
+ */
+
+/**
+ * @memberof browser_jools
+ * @param file 
+ * @param cwd 
+ */
 var require = function (file, cwd) {
     var resolved = require.resolve(file, cwd || '/');
     var mod = require.modules[resolved];
@@ -19,7 +28,9 @@ require._core = {
     'path': true,
     'vm': true
 };
-
+/**
+ * @memberof browser_jools
+ */
 require.resolve = (function () {
     return function (x, cwd) {
         if (!cwd) cwd = '/';
@@ -104,7 +115,9 @@ require.resolve = (function () {
         }
     };
 })();
-
+/**
+ * @memberof browser_jools
+ */
 require.alias = function (from, to) {
     var path = require.modules.path();
     var res = null;
@@ -133,7 +146,9 @@ require.alias = function (from, to) {
         }
     }
 };
-
+/**
+ * @memberof browser_jools
+ */
 require.define = function (filename, fn) {
     var dirname = require._core[filename]
         ? ''
@@ -215,10 +230,15 @@ function filter (xs, fn) {
     return res;
 }
 
-// resolves . and .. elements in a path array with directory names there
-// must be no slashes, empty elements, or device names (c:\) in the array
-// (so also no leading and trailing slashes - it does not distinguish
-// relative and absolute paths)
+/**
+ * resolves . and .. elements in a path array with directory names there
+ * must be no slashes, empty elements, or device names (c:\) in the array
+ * (so also no leading and trailing slashes - it does not distinguish
+ * relative and absolute paths)
+ * @memberof browser_jools
+ * @param parts 
+ * @param allowAboveRoot 
+ */
 function normalizeArray(parts, allowAboveRoot) {
   // if the path tries to go above the root, `up` ends up > 0
   var up = 0;
@@ -357,6 +377,7 @@ var utils = require('./utils')
 
 /**
  * version
+ * @memberof browser_jools
  */
 exports.version = '0.0.1';
 
@@ -367,7 +388,7 @@ exports.version = '0.0.1';
  *   - Descriptive name
  *   - One or more conditions
  *   - One or more consequences, which are fired when all conditions evaluate to true.
- *
+ * @memberof browser_jools
  * @param {Object} rules
  */
 function Jools(rules) {
@@ -426,7 +447,7 @@ module.exports = Jools;
 require.define("/node_modules/jools/lib/utils.js", function (require, module, exports, __dirname, __filename) {
 /**
  * Returns an array of parameter names of the function f
- *
+ * @memberof browser_jools
  * @param {Function} f
  */
 module.exports.paramNames = function (f) {
@@ -443,7 +464,7 @@ module.exports.paramNames = function (f) {
 
 /**
  * Creates an array of arguments
- *
+ * @memberof browser_jools
  * @param {Object} obj
  * @param {Array} params
  */

core/main/client/lib/evercookie.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/lib/platform.js

@@ -1,8 +1,9 @@
-/*!
+/**
  * Platform.js
  * Copyright 2014-2018 Benjamin Tan
  * Copyright 2011-2013 John-David Dalton
  * Available under MIT license
+ * @namespace platform
  */
 ;(function() {
   'use strict';
@@ -1032,7 +1033,7 @@
     /**
      * The platform object.
      *
-     * @name platform
+     * @memberof platform
      * @type Object
      */
     var platform = {};

core/main/client/logger.js

@@ -1,13 +1,12 @@
 //
-// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 
-/*!
- * @literal object: beef.logger
- *
+/**
  * Provides logging capabilities.
+ * @namespace beef.logger
  */
 beef.logger = {
 	

core/main/client/mitb.js

@@ -1,15 +1,18 @@
 //
-// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 
-
+/**
+ * @namespace beef.mitb
+ */
 beef.mitb = {
 
     cid:null,
     curl:null,
 
+    /** Initializes */ 
     init:function (cid, curl) {
         beef.mitb.cid = cid;
         beef.mitb.curl = curl;
@@ -61,7 +64,7 @@ beef.mitb = {
         }
     },
 
-    // Initializes the hook on anchors and forms.
+    /** Initializes the hook on anchors and forms. */ 
     hook:function () {
         beef.onpopstate.push(function (event) {
             beef.mitb.fetch(document.location, document.getElementsByTagName("html")[0]);
@@ -92,7 +95,7 @@ beef.mitb = {
         }
     },
 
-    // Hooks anchors and prevents them from linking away
+    /** Hooks anchors and prevents them from linking away */
     poisonAnchor:function (e) {
         try {
             e.preventDefault;
@@ -111,7 +114,7 @@ beef.mitb = {
         return false;
     },
 
-    // Hooks forms and prevents them from linking away
+    /** Hooks forms and prevents them from linking away */
     poisonForm:function (form) {
         form.onsubmit = function (e) {
 
@@ -154,7 +157,7 @@ beef.mitb = {
         }
     },
 
-    // Fetches a hooked form with AJAX
+    /** Fetches a hooked form with AJAX */ 
     fetchForm:function (url, query, target) {
         try {
             var y = new XMLHttpRequest();
@@ -174,7 +177,7 @@ beef.mitb = {
         }
     },
 
-    // Fetches a hooked link with AJAX
+    /** Fetches a hooked link with AJAX */
     fetch:function (url, target) {
         try {
             var y = new XMLHttpRequest();
@@ -195,7 +198,7 @@ beef.mitb = {
         }
     },
 
-    // Fetches a window.location=http://domainname.com and setting up history
+    /** Fetches a window.location=http://domainname.com and setting up history */ 
     fetchOnclick:function (url) {
         try {
             var target = document.getElementsByTagName("html")[0];
@@ -225,7 +228,7 @@ beef.mitb = {
         }
     },
 
-    // Relays an entry to the framework
+    /** Relays an entry to the framework */
     sniff:function (result) {
         try {
             beef.net.send(beef.mitb.cid, beef.mitb.curl, result);
@@ -234,7 +237,7 @@ beef.mitb = {
         return true;
     },
 
-    // Signals the Framework that the user has lost the hook
+    /** Signals the Framework that the user has lost the hook */
     endSession:function () {
         beef.mitb.sniff("Window closed.");
     }

core/main/client/net.js

@@ -1,12 +1,10 @@
 //
-// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 
-/*!
- * @literal object: beef.net
- *
+/**
  * Provides basic networking functions,
  * like beef.net.request and beef.net.forgeRequest,
  * used by BeEF command modules and the Requester extension,
@@ -15,6 +13,8 @@
  *
  * Also, it contains the core methods used by the XHR-polling
  * mechanism (flush, queue)
+ * @namespace beef.net
+ *
  */
 beef.net = {
 
@@ -82,11 +82,11 @@ beef.net = {
 
     /**
      * Queues the specified command results.
-     * @param: {String} handler: the server-side handler that will be called
-     * @param: {Integer} cid: command id
-     * @param: {String} results: the data to send
-     * @param: {Integer} status: the result of the command execution (-1, 0 or 1 for 'error', 'unknown' or 'success')
-     * @param: {Function} callback: the function to call after execution
+     * @param {String} handler the server-side handler that will be called
+     * @param {Integer} cid command id
+     * @param {String} results the data to send
+     * @param {Integer} status the result of the command execution (-1, 0 or 1 for 'error', 'unknown' or 'success')
+     * @param {Function} callback the function to call after execution
      */
     queue: function (handler, cid, results, status, callback) {
         if (typeof(handler) === 'string' && typeof(cid) === 'number' && (callback === undefined || typeof(callback) === 'function')) {
@@ -105,12 +105,12 @@ beef.net = {
      * NOTE: Always send Browser Fingerprinting results
      * (beef.net.browser_details(); -> /init handler) using normal XHR-polling,
      * even if WebSockets are enabled.
-     * @param: {String} handler: the server-side handler that will be called
-     * @param: {Integer} cid: command id
-     * @param: {String} results: the data to send
-     * @param: {Integer} exec_status: the result of the command execution (-1, 0 or 1 for 'error', 'unknown' or 'success')
-     * @param: {Function} callback: the function to call after execution
-     * @return: {Integer} exec_status: the command module execution status (defaults to 0 - 'unknown' if status is null)
+     * @param {String} handler the server-side handler that will be called
+     * @param {Integer} cid command id
+     * @param {String} results the data to send
+     * @param {Integer} exec_status the result of the command execution (-1, 0 or 1 for 'error', 'unknown' or 'success')
+     * @param {Function} callback the function to call after execution
+     * @return {Integer} the command module execution status (defaults to 0 - 'unknown' if status is null)
      */
     send: function (handler, cid, results, exec_status, callback) {
         // defaults to 'unknown' execution status if no parameter is provided, otherwise set the status
@@ -173,8 +173,8 @@ beef.net = {
 
     /**
      * Split the input data into chunk lengths determined by the amount parameter.
-     * @param: {String} str: the input data
-     * @param: {Integer} amount: chunk length
+     * @param {String} str the input data
+     * @param {Integer} amount chunk length
      */
     chunk: function (str, amount) {
         if (typeof amount == 'undefined') n = 2;
@@ -184,7 +184,7 @@ beef.net = {
     /**
      * Push the input stream back to the BeEF server-side components.
      * It uses beef.net.request to send back the data.
-     * @param: {Object} stream: the stream object to be sent back.
+     * @param {Object} stream the stream object to be sent back.
      */
     push: function (stream, callback) {
         //need to implement wait feature here eventually
@@ -203,18 +203,18 @@ beef.net = {
 
     /**
      * Performs http requests
-     * @param: {String} scheme: HTTP or HTTPS
-     * @param: {String} method: GET or POST
-     * @param: {String} domain: bindshell.net, 192.168.3.4, etc
-     * @param: {Int} port: 80, 5900, etc
-     * @param: {String} path: /path/to/resource
-     * @param: {String} anchor: this is the value that comes after the # in the URL
-     * @param: {String} data: This will be used as the query string for a GET or post data for a POST
-     * @param: {Int} timeout: timeout the request after N seconds
-     * @param: {String} dataType: specify the data return type expected (ie text/html/script)
-     * @param: {Function} callback: call the callback function at the completion of the method
+     * @param {String} scheme HTTP or HTTPS
+     * @param {String} method GET or POST
+     * @param {String} domain bindshell.net, 192.168.3.4, etc
+     * @param {Int} port 80, 5900, etc
+     * @param {String} path /path/to/resource
+     * @param {String} anchor this is the value that comes after the # in the URL
+     * @param {String} data This will be used as the query string for a GET or post data for a POST
+     * @param {Int} timeout timeout the request after N seconds
+     * @param {String} dataType specify the data return type expected (ie text/html/script)
+     * @param {Function} callback call the callback function at the completion of the method
      *
-     * @return: {Object} response: this object contains the response details
+     * @return {Object} this object contains the response details
      */
     request: function (scheme, method, domain, port, path, anchor, data, timeout, dataType, callback) {
         //check if same domain or cross domain
@@ -307,7 +307,7 @@ beef.net = {
         return response;
     },
 
-    /*
+    /**
      * Similar to beef.net.request, except from a few things that are needed when dealing with forged requests:
      *  - requestid: needed on the callback
      *  - allowCrossDomain: set cross-domain requests as allowed or blocked
@@ -490,8 +490,9 @@ beef.net = {
         return response;
     },
 
-    //this is a stub, as associative arrays are not parsed by JSON, all key / value pairs should use new Object() or {}
-    //http://andrewdupont.net/2006/05/18/javascript-associative-arrays-considered-harmful/
+    /** this is a stub, as associative arrays are not parsed by JSON, all key / value pairs should use new Object() or {}
+     *  http://andrewdupont.net/2006/05/18/javascript-associative-arrays-considered-harmful/
+     */
     clean: function (r) {
         if (this.array_has_string_key(r)) {
             var obj = {};
@@ -502,7 +503,7 @@ beef.net = {
         return r;
     },
 
-    //Detects if an array has a string key
+    /** Detects if an array has a string key */
     array_has_string_key: function (arr) {
         if ($j.isArray(arr)) {
             try {

core/main/client/net/connection.js

@@ -1,19 +1,22 @@
 //
-// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 
-// beef.net.connection - wraps Mozilla's Network Information API
-// https://developer.mozilla.org/en-US/docs/Web/API/NetworkInformation
-// https://developer.mozilla.org/en-US/docs/Web/API/Navigator/connection
+/**
+ * beef.net.connection - wraps Mozilla's Network Information API
+ * https://developer.mozilla.org/en-US/docs/Web/API/NetworkInformation
+ * https://developer.mozilla.org/en-US/docs/Web/API/Navigator/connection
+ * @namespace beef.net.connection
+ */
 beef.net.connection = {
 
-  /* Returns the connection type
-   * @example: beef.net.connection.type()
-   * @note: https://developer.mozilla.org/en-US/docs/Web/API/NetworkInformation/type
-   * @return: {String} connection type or 'unknown'.
-   **/
+  /**
+   * Returns the connection type. https://developer.mozilla.org/en-US/docs/Web/API/NetworkInformation/type
+   * @example beef.net.connection.type()
+   * @return {String} connection type or 'unknown'.
+   */
   type: function () {
     try {
       var connection = navigator.connection || navigator.mozConnection || navigator.webkitConnection;
@@ -25,11 +28,11 @@ beef.net.connection = {
     }
   },
 
-  /* Returns the maximum downlink speed of the connection
-   * @example: beef.net.connection.downlinkMax()
-   * @note: https://developer.mozilla.org/en-US/docs/Web/API/NetworkInformation/downlinkMax
-   * @return: {String} downlink max or 'unknown'.
-   **/
+  /** 
+   * Returns the maximum downlink speed of the connection. https://developer.mozilla.org/en-US/docs/Web/API/NetworkInformation/downlinkMax
+   * @example beef.net.connection.downlinkMax()
+   * @return {String} downlink max or 'unknown'.
+   */
   downlinkMax: function () {
     try {
       var connection = navigator.connection || navigator.mozConnection || navigator.webkitConnection;

core/main/client/net/cors.js

@@ -1,3 +1,7 @@
+/**
+ * @namespace beef.net.cors
+ */
+
 beef.net.cors = {
 
   handler: "cors",

core/main/client/net/dns.js

@@ -1,23 +1,29 @@
 //
-// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 
-/*!
- * @literal object: beef.net.dns
+/**
  * 
  * request object structure:
  * + msgId: {Integer} Unique message ID for the request.
  * + domain: {String} Remote domain to retrieve the data.
  * + wait: {Integer} Wait time between requests (milliseconds) - NOT IMPLEMENTED
  * + callback: {Function} Callback function to receive the number of requests sent.
+ * @namespace beef.net.dns
  */
 
 beef.net.dns = {
 
 	handler: "dns",
-
+    /**
+     * 
+     * @param msgId 
+     * @param data 
+     * @param domain 
+     * @param callback 
+     */
 	send: function(msgId, data, domain, callback) {
 
         var encode_data = function(str) {

core/main/client/net/local.js

@@ -1,13 +1,12 @@
 //
-// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 
-/*!
- * @literal object: beef.net.local
- * 
+/**
  * Provides networking functions for the local/internal network of the zombie.
+ * @namespace beef.net.local
  */
 beef.net.local = {
 	
@@ -22,7 +21,6 @@ beef.net.local = {
 	 * is invalid:
 	 * sock: new java.net.Socket();
 	 */
-
 	initializeSocket: function() {
 		if(this.checkJava){	
 			if(!beef.browser.hasJava()) {
@@ -50,8 +48,8 @@ beef.net.local = {
 	
 	/**
 	 * Returns the internal IP address of the zombie.
-	 * @return: {String} the internal ip of the zombie.
-	 * @error: return -1 if the internal ip cannot be retrieved.
+	 * @return {String} the internal ip of the zombie.
+	 * @error return -1 if the internal ip cannot be retrieved.
 	 */
 	getLocalAddress: function() {
 		if(!this.hasJava) return false;
@@ -68,8 +66,8 @@ beef.net.local = {
 	
 	/**
 	 * Returns the internal hostname of the zombie.
-	 * @return: {String} the internal hostname of the zombie.
-	 * @error: return -1 if the hostname cannot be retrieved.
+	 * @return {String} the internal hostname of the zombie.
+	 * @error return -1 if the hostname cannot be retrieved.
 	 */
 	getLocalHostname: function() {
 		if(!this.hasJava) return false;

core/main/client/net/portscanner.js

@@ -1,21 +1,27 @@
 //
-// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 
-/*!
- * @literal object: beef.net.portscanner
- * 
+/**
  * Provides port scanning functions for the zombie. A mod of pdp's scanner
  * 
  * Version: '0.1',
  * author: 'Petko Petkov',
  * homepage: 'http://www.gnucitizen.org'
+ * @namespace beef.net.portscanner
  */
 
 beef.net.portscanner = {
 
+		/**
+		 * 
+		 * @param callback 
+		 * @param target 
+		 * @param port 
+		 * @param timeout 
+		 */
 		scanPort: function(callback, target, port, timeout) 
 		{
 			var timeout = (timeout == null)?100:timeout;
@@ -38,7 +44,13 @@ beef.net.portscanner = {
 			}, timeout);
 
 		},
-
+		/**
+		 * 
+		 * @param callback 
+		 * @param target 
+		 * @param ports_str 
+		 * @param timeout 
+		 */
 		scanTarget: function(callback, target, ports_str, timeout)
 		{
 			var ports = ports_str.split(",");

core/main/client/net/requester.js

@@ -1,23 +1,25 @@
 //
-// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 
-/*!
- * @literal object: beef.net.requester
- * 
+/**
  * request object structure:
  * + method: {String} HTTP method to use (GET or POST).
  * + host: {String} hostname
  * + query_string: {String} The query string is a part of the URL which is passed to the program.
  * + uri: {String} The URI syntax consists of a URI scheme name.
  * + headers: {Array} contain the operating parameters of the HTTP request. 
+ * @namespace beef.net.requester
  */
 beef.net.requester = {
 	
 	handler: "requester",
-	
+	/**
+     * 
+     * @param {array} requests_array 
+     */
 	send: function(requests_array) {
         for(var i=0; i<requests_array.length; i++){
             request = requests_array[i];

core/main/client/net/xssrays.js

@@ -26,11 +26,12 @@
  * (E) The software is licensed "as-is." You bear the risk of using it. The contributors give no express warranties, guarantees or conditions. You may have additional consumer rights under your local laws which this license cannot change. To the extent permitted under your local laws, the contributors exclude the implied warranties of merchantability, fitness for a particular purpose and non-infringement.
  */
 
-/*
+/**
  * XssRays 0.5.5 ported to BeEF by Michele "antisnatchor" Orru'
  * The XSS detection mechanisms has been rewritten from scratch: instead of using the location hash trick (that doesn't work anymore),
  * if the vulnerability is triggered the JS code vector will contact back BeEF.
  * Other aspects of the original code have been simplified and improved.
+ * @namespace beef.net.xssrays
  */
 beef.net.xssrays = {
     handler: "xssrays",
@@ -72,7 +73,10 @@ beef.net.xssrays = {
     rays: [],
     stack: [],
 
-    // return true is the attack vector can be launched to the current browser type.
+    /**
+     * return true is the attack vector can be launched to the current browser type.
+     * @param {array} vector_array_index 
+     */
     checkBrowser:function(vector_array_index){
         var result = false;
         var browser_id = this.vectors[vector_array_index].browser;
@@ -101,7 +105,14 @@ beef.net.xssrays = {
         return result;
     },
 
-    // main function, where all starts :-)
+    /**
+     * main function, where all starts :-)
+     * @param xssraysScanId 
+     * @param hookedBrowserSession 
+     * @param beefUrl 
+     * @param crossDomain 
+     * @param timeout 
+     */
     startScan:function(xssraysScanId, hookedBrowserSession, beefUrl, crossDomain, timeout) {
 
         this.xssraysScanId = xssraysScanId;
@@ -284,7 +295,14 @@ beef.net.xssrays = {
         return str;
     },
 
-    // this is the main core function with the detection mechanisms...
+    /**
+     * this is the main core function with the detection mechanisms...
+     * @param url 
+     * @param method 
+     * @param vector 
+     * @param params 
+     * @param urlencode 
+     */
     run: function(url, method, vector, params, urlencode) {
         this.stack.push(function() {
 
@@ -429,7 +447,9 @@ beef.net.xssrays = {
         });
     },
 
-    // run the jobs (run functions added to the stack), and clean the shit (iframes) from the DOM after a timeout value
+    /**
+     * run the jobs (run functions added to the stack), and clean the shit (iframes) from the DOM after a timeout value
+     */
     runJobs: function() {
         var that = this;
         this.totalConnections = this.stack.length;

core/main/client/os.js

@@ -1,9 +1,11 @@
 //
-// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 
+/** @namespace beef.os */
+
 beef.os = {
 
 	ua: navigator.userAgent,
@@ -12,6 +14,7 @@ beef.os = {
 	  * Detect default browser (IE only)
 	  * Written by unsticky
 	  * http://ha.ckers.org/blog/20070319/detecting-default-browser-in-ie/
+	  * @return {string}
 	  */
 	getDefaultBrowser: function() {
 		var result = "Unknown"
@@ -29,144 +32,221 @@ beef.os = {
 		}
 		return result;
 	},
-
+	
 	// the likelihood that we hook Windows 3.11 (which has only Win in the UA string) is zero in 2015
+	/**
+	 * @return {boolean}
+	 */
 	isWin311: function() {
 		return (this.ua.match('(Win16)')) ? true : false;
 	},
-	
+	/**
+	 * @return {boolean}
+	 */
 	isWinNT4: function() {
 		return (this.ua.match('(Windows NT 4.0)')) ? true : false;
 	},
-	
+	/**
+	 * @return {boolean}
+	 */
 	isWin95: function() {
 		return (this.ua.match('(Windows 95)|(Win95)|(Windows_95)')) ? true : false;
 	},
+	/**
+	 * @return {boolean}
+	 */
 	isWinCE: function() {
 		return (this.ua.match('(Windows CE)')) ? true : false;
 	},
-	
+	/**
+	 * @return {boolean}
+	 */
 	isWin98: function() {
 		return (this.ua.match('(Windows 98)|(Win98)')) ? true : false;
 	},
-	
+	/**
+	 * @return {boolean}
+	 */
 	isWinME: function() {
 		return (this.ua.match('(Windows ME)|(Win 9x 4.90)')) ? true : false;
 	},
-	
+	/**
+	 * @return {boolean}
+	 */
 	isWin2000: function() {
 		return (this.ua.match('(Windows NT 5.0)|(Windows 2000)')) ? true : false;
 	},
-
+	/**
+	 * @return {boolean}
+	 */
 	isWin2000SP1: function() {
 		return (this.ua.match('Windows NT 5.01 ')) ? true : false;
 	},
-	
+	/**
+	 * @return {boolean}
+	 */
 	isWinXP: function() {
 		return (this.ua.match('(Windows NT 5.1)|(Windows XP)')) ? true : false;
 	},
-	
+	/**
+	 * @return {boolean}
+	 */
 	isWinServer2003: function() {
 		return (this.ua.match('(Windows NT 5.2)')) ? true : false;
 	},
-	
+	/**
+	 * @return {boolean}
+	 */
 	isWinVista: function() {
 		return (this.ua.match('(Windows NT 6.0)')) ? true : false;
 	},
-	
+	/**
+	 * @return {boolean}
+	 */
 	isWin7: function() {
 		return (this.ua.match('(Windows NT 6.1)|(Windows NT 7.0)')) ? true : false;
 	},
-
+	/**
+	 * @return {boolean}
+	 */
 	isWin8: function() {
 		return (this.ua.match('(Windows NT 6.2)')) ? true : false;
 	},	
-	
+	/**
+	 * @return {boolean}
+	 */
 	isWin81: function() {
 		return (this.ua.match('(Windows NT 6.3)')) ? true : false;
 	},
-	
+	/**
+	 * @return {boolean}
+	 */
 	isWin10: function() {
 		return (this.ua.match('Windows NT 10.0')) ? true : false;
 	},
-	
+	/**
+	 * @return {boolean}
+	 */
 	isOpenBSD: function() {
 		return (this.ua.indexOf('OpenBSD') != -1) ? true : false;
 	},
-	
+	/**
+	 * @return {boolean}
+	 */
 	isSunOS: function() {
 		return (this.ua.indexOf('SunOS') != -1) ? true : false;
 	},
-	
+	/**
+	 * @return {boolean}
+	 */
 	isLinux: function() {
 		return (this.ua.match('(Linux)|(X11)')) ? true : false;
 	},
-	
+	/**
+	 * @return {boolean}
+	 */
 	isMacintosh: function() {
 		return (this.ua.match('(Mac_PowerPC)|(Macintosh)|(MacIntel)')) ? true : false;
 	},
-
+	/**
+	 * @return {boolean}
+	 */
 	isOsxYosemite: function(){ // TODO
 		return (this.ua.match('(OS X 10_10)|(OS X 10.10)')) ? true : false;
 	},
+	/**
+	 * @return {boolean}
+	 */
 	isOsxMavericks: function(){ // TODO
 		return (this.ua.match('(OS X 10_9)|(OS X 10.9)')) ? true : false;
 	},
+	/**
+	 * @return {boolean}
+	 */
 	isOsxSnowLeopard: function(){ // TODO
 		return (this.ua.match('(OS X 10_8)|(OS X 10.8)')) ? true : false;
 	},
+	/**
+	 * @return {boolean}
+	 */
 	isOsxLeopard: function(){ // TODO
 		return (this.ua.match('(OS X 10_7)|(OS X 10.7)')) ? true : false;
 	},
-
+	/**
+	 * @return {boolean}
+	 */
 	isWinPhone: function() {
 		return (this.ua.match('(Windows Phone)')) ? true : false;
 	},
-
+	/**
+	 * @return {boolean}
+	 */
 	isIphone: function() {
 		return (this.ua.indexOf('iPhone') != -1) ? true : false;
 	},
-
+	/**
+	 * @return {boolean}
+	 */
 	isIpad: function() {
 		return (this.ua.indexOf('iPad') != -1) ? true : false;
 	},
-
+	/**
+	 * @return {boolean}
+	 */
 	isIpod: function() {
 		return (this.ua.indexOf('iPod') != -1) ? true : false;
 	},
-
+	/**
+	 * @return {boolean}
+	 */
 	isNokia: function() {
 		return (this.ua.match('(Maemo Browser)|(Symbian)|(Nokia)')) ? true : false;
 	},
-
+	/**
+	 * @return {boolean}
+	 */
 	isAndroid: function() {
 		return (this.ua.match('Android')) ? true : false;
 	},
-
+	/**
+	 * @return {boolean}
+	 */
 	isBlackBerry: function() {
 		return (this.ua.match('BlackBerry')) ? true : false;
 	},
-
+	/**
+	 * @return {boolean}
+	 */
 	isWebOS: function() {
 		return (this.ua.match('webOS')) ? true : false;
 	},
-
+	/**
+	 * @return {boolean}
+	 */
 	isQNX: function() {
 		return (this.ua.match('QNX')) ? true : false;
 	},
-	
+	/**
+	 * @return {boolean}
+	 */
 	isBeOS: function() {
 		return (this.ua.match('BeOS')) ? true : false;
 	},
-
-        isAros: function() {
-                return (this.ua.match('AROS')) ? true : false;
-        },
-
+	/**
+	 * @return {boolean}
+	 */
+	isAros: function() {
+			return (this.ua.match('AROS')) ? true : false;
+	},
+	/**
+	 * @return {boolean}
+	 */
 	isWindows: function() {
 		return (this.ua.match('Windows')) ? true : false;
 	},
-	
+	/**
+	 * @return {string}
+	 */
 	getName: function() {
 		
 		if(this.isWindows()){
@@ -244,6 +324,7 @@ beef.os = {
 
   /**
     * Get OS name
+	* @return {string}
     */
 	getVersion: function(){
 		//Windows

core/main/client/session.js

@@ -1,13 +1,12 @@
 //
-// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 
-/*!
- * @literal object: beef.session
- *
+/**
  * Provides basic session functions.
+ * @namespace beef.session
  */
 beef.session = {
 	

core/main/client/timeout.js

@@ -1,17 +1,23 @@
 //
-// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 
-/*
- Sometimes there are timing issues and looks like beef_init
- is not called at all (always in cross-origin situations,
- for example calling the hook with jquery getScript,
- or sometimes with event handler injections).
-
- To fix this, we call again beef_init after 1 second.
- Cheers to John Wilander that discussed this bug with me at OWASP AppSec Research Greece
- antisnatchor
+/**
+ * Sometimes there are timing issues and looks like beef_init
+ * is not called at all (always in cross-origin situations,
+ * for example calling the hook with jquery getScript,
+ * or sometimes with event handler injections).
+ * 
+ * To fix this, we call again beef_init after 1 second.
+ * Cheers to John Wilander that discussed this bug with me at OWASP AppSec Research Greece
+ * antisnatchor
+ * @namespace beef.timeout
  */
+
+ /**
+  * @memberof beef.timeout 
+  * @function setTimeout 
+  */
 setTimeout(beef_init, 1000);

core/main/client/updater.js

@@ -1,34 +1,35 @@
 //
-// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 
-/*!
- * @Literal object: beef.updater
- *
+/**
  * Object in charge of getting new commands from the BeEF framework and execute them.
  * The XHR-polling channel is managed here. If WebSockets are enabled,
  * websocket.ls is used instead.
+ * @namespace beef.updater
  */
 beef.updater = {
 	
-	// XHR-polling timeout.
-    xhr_poll_timeout: "<%= @xhr_poll_timeout %>",
+	/** XHR-polling timeout. */ 
+	xhr_poll_timeout: "<%= @xhr_poll_timeout %>",
+	
+	/** Hook session name. */ 
     beefhook: "<%= @hook_session_name %>",
 	
-	// A lock.
+	/** A lock. */ 
 	lock: false,
 	
-	// An object containing all values to be registered and sent by the updater.
+	/** An object containing all values to be registered and sent by the updater. */
 	objects: new Object(),
 	
-	/*
+	/**
 	 * Registers an object to always send when requesting new commands to the framework.
-	 * @param: {String} the name of the object.
-	 * @param: {String} the value of that object.
+	 * @param {String} key the name of the object.
+	 * @param {String} value the value of that object.
 	 * 
-	 * @example: beef.updater.regObject('java_enabled', 'true');
+	 * @example beef.updater.regObject('java_enabled', 'true');
 	 */
 	regObject: function(key, value) {
 		this.objects[key] = escape(value);

core/main/client/webrtc.js

@@ -1,13 +1,11 @@
 //
-// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 
 
 /**
- * @Literal object: beef.webrtc
- *
  * Manage the WebRTC peer to peer communication channels.
  * This objects contains all the necessary client-side WebRTC components,
  * allowing browsers to use WebRTC to communicate with each other.
@@ -19,21 +17,43 @@
  * the signalling.
  *
  * This is all mostly a Proof of Concept
+ * @namespace beef.webrtc
  */
 
-beefrtcs = {}; // To handle multiple peers - we need to have a hash of Beefwebrtc objects
-               // The key is the peer id
-globalrtc = {}; // To handle multiple Peers - we have to have a global hash of RTCPeerConnection objects
-                // these objects persist outside of everything else 
-                // The key is the peer id
-rtcstealth = false; // stealth should only be initiated from one peer - this global variable will contain:
-                    // false - i.e not stealthed; or
-                    // <peerid> - i.e. the id of the browser which initiated stealth mode
-rtcrecvchan = {}; // To handle multiple event channels - we need to have a global hash of these
-                  // The key is the peer id
+/** 
+ * To handle multiple peers - we need to have a hash of Beefwebrtc objects. The key is the peer id. 
+ * @memberof beef.webrtc
+*/
+beefrtcs = {};
+/** 
+ * To handle multiple Peers - we have to have a global hash of RTCPeerConnection objects
+ * these objects persist outside of everything else. The key is the peer id.
+ * @memberof beef.webrtc
+ */
+globalrtc = {}; 
+/** 
+ * stealth should only be initiated from one peer - this global variable will contain:
+ * false - i.e not stealthed; or
+ * <peerid> - i.e. the id of the browser which initiated stealth mode
+ * @memberof beef.webrtc
+ */
+rtcstealth = false; 
+/** 
+ * To handle multiple event channels - we need to have a global hash of these. The key is the peer id 
+ * @memberof beef.webrtc
+*/
+rtcrecvchan = {}; 
 
-// Beefwebrtc object - wraps everything together for a peer connection
-// One of these per peer connection, and will be stored in the beefrtc global hash
+/**
+ * Beefwebrtc object - wraps everything together for a peer connection
+ * One of these per peer connection, and will be stored in the beefrtc global hash
+ * @memberof beef.webrtc
+ * @param initiator 
+ * @param peer 
+ * @param turnjson 
+ * @param stunservers 
+ * @param verbparam 
+ */
 function Beefwebrtc(initiator,peer,turnjson,stunservers,verbparam) {
     this.verbose = typeof verbparam !== 'undefined' ? verbparam : false; // whether this object is verbose or not
     this.initiator = typeof initiator !== 'undefined' ? initiator : 0; // if 1 - this is the caller; if 0 - this is the receiver
@@ -59,7 +79,10 @@ function Beefwebrtc(initiator,peer,turnjson,stunservers,verbparam) {
                                     // ["stun:stun.l.google.com:19302","stun:stun1.l.google.com:19302"]
 }
 
-// Initialize the object
+/**
+ * Initialize the object
+ * @memberof beef.webrtc
+ */
 Beefwebrtc.prototype.initialize = function() {
   if (this.peerid == null) {
     return 0; // no peerid - NO DICE
@@ -88,8 +111,11 @@ Beefwebrtc.prototype.initialize = function() {
   return 1; // because .. yeah .. we had a peerid - this is good yar.
 }
 
-//Forces the TURN configuration (we can't query that computeengine thing because it's CORS is restrictive)
-//These values are now simply passed in from the config.yaml for the webrtc extension
+/** 
+ * Forces the TURN configuration (we can't query that computeengine thing because it's CORS is restrictive)
+ * These values are now simply passed in from the config.yaml for the webrtc extension
+ * @memberof beef.webrtc
+ */
 Beefwebrtc.prototype.forceTurn = function(jason) {
     var turnServer = JSON.parse(jason);
     var iceServers = createIceServers(turnServer.uris,
@@ -103,7 +129,10 @@ Beefwebrtc.prototype.forceTurn = function(jason) {
     this.maybeStart();
 }
 
-// Try and establish the RTC connection
+/**
+ * Try and establish the RTC connection
+ * @memberof beef.webrtc
+ */
 Beefwebrtc.prototype.createPeerConnection = function() {
   beef.debug('Creating RTCPeerConnnection with the following options:\n' +
             '  config: \'' + JSON.stringify(this.pcConfig) + '\';\n' +
@@ -129,7 +158,10 @@ Beefwebrtc.prototype.createPeerConnection = function() {
   this.dataChannel = globalrtc[this.peerid].createDataChannel("sendDataChannel", {reliable:false});
 }
 
-// When the PeerConnection receives a new ICE Candidate
+/** 
+ * When the PeerConnection receives a new ICE Candidate 
+ * @memberof beef.webrtc
+ */
 Beefwebrtc.prototype.onIceCandidate = function(event) {
   var peerid = null;
 
@@ -155,9 +187,12 @@ Beefwebrtc.prototype.onIceCandidate = function(event) {
   }
 }
 
-// For all rtc signalling messages we receive as part of hook.js polling - we have to process them with this function
-// This will either add messages to the msgQueue and try and kick off maybeStart - or it'll call processSignalingMessage
-// against the message directly
+/**
+ * For all rtc signalling messages we receive as part of hook.js polling - we have to process them with this function
+ * This will either add messages to the msgQueue and try and kick off maybeStart - or it'll call processSignalingMessage
+ * against the message directly
+ * @memberof beef.webrtc
+ */
 Beefwebrtc.prototype.processMessage = function(message) {
   beef.debug('Signalling Message - S->C: ' + JSON.stringify(message));
   var msg = JSON.parse(message);
@@ -193,14 +228,20 @@ Beefwebrtc.prototype.processMessage = function(message) {
   } 
 }
 
-// Send a signalling message .. 
+/** 
+ * Send a signalling message ..
+ * @memberof beef.webrtc
+ */ 
 Beefwebrtc.prototype.sendSignalMsg = function(message) {
   var msgString = JSON.stringify(message);
   beef.debug('Signalling Message - C->S: ' + msgString);
   beef.net.send('/rtcsignal',0,{targetbeefid: this.peerid, signal: msgString});
 }
 
-// Used to record ICS candidates locally
+/**
+ * Used to record ICS candidates locally
+ * @memberof beef.webrtc
+ */
 Beefwebrtc.prototype.noteIceCandidate = function(location, type) {
   if (this.gatheredIceCandidateTypes[location][type])
     return;
@@ -208,12 +249,19 @@ Beefwebrtc.prototype.noteIceCandidate = function(location, type) {
   // updateInfoDiv();
 }
 
-// When the signalling state changes. We don't actually do anything with this except log it.
+
+/**
+ * When the signalling state changes. We don't actually do anything with this except log it.
+ * @memberof beef.webrtc
+ */
 Beefwebrtc.prototype.onSignalingStateChanged = function(event) {
   beef.debug("Signalling has changed to: " + event.target.signalingState);
 }
 
-// When the ICE Connection State changes - this is useful to determine connection statuses with peers.
+/**
+ * When the ICE Connection State changes - this is useful to determine connection statuses with peers.
+ * @memberof beef.webrtc
+ */
 Beefwebrtc.prototype.onIceConnectionStateChanged = function(event) {
   var peerid = null;
 
@@ -259,7 +307,10 @@ Beefwebrtc.prototype.onIceConnectionStateChanged = function(event) {
 
 }
 
-// This is the function when a peer tells us to go into stealth by sending a dataChannel message of "!gostealth"
+/**
+ * This is the function when a peer tells us to go into stealth by sending a dataChannel message of "!gostealth"
+ * @memberof beef.webrtc
+ */
 Beefwebrtc.prototype.goStealth = function() {
     //stop the beef updater
     rtcstealth = this.peerid; // this is a global variable
@@ -269,7 +320,10 @@ Beefwebrtc.prototype.goStealth = function() {
     setTimeout(function() {rtcpollPeer()}, beef.updater.xhr_poll_timeout * 5);
 }
 
-// This is the actual poller when in stealth, it is global as well because we're using the setTimeout to execute it
+/**
+ * This is the actual poller when in stealth, it is global as well because we're using the setTimeout to execute it
+ * @memberof beef.webrtc
+ */
 rtcpollPeer = function() {
     if (rtcstealth == false) {
         //my peer has disabled stealth mode
@@ -284,7 +338,10 @@ rtcpollPeer = function() {
     setTimeout(function() {rtcpollPeer()}, beef.updater.xhr_poll_timeout * 5);
 }
 
-// When a data channel has been established - within here is the message handling function as well
+/** 
+ * When a data channel has been established - within here is the message handling function as well
+ * @memberof beef.webrtc
+ */
 Beefwebrtc.prototype.onDataChannel = function(event) {
   var peerid = null;
   for (k in globalrtc) {
@@ -351,20 +408,29 @@ Beefwebrtc.prototype.onDataChannel = function(event) {
   } 
 }
 
-// How the browser executes received JS (this is pretty hacky)
+/**
+ * How the browser executes received JS (this is pretty hacky)
+ * @memberof beef.webrtc
+ */
 Beefwebrtc.prototype.execCmd = function(input) {
   var fn = new Function(input);
   var res = fn();
   return res.toString();
 }
 
-// Shortcut function to SEND a data messsage
+/**
+ * Shortcut function to SEND a data messsage
+ * @memberof beef.webrtc
+ */
 Beefwebrtc.prototype.sendPeerMsg = function(msg) {
   beef.debug('sendPeerMsg to ' + this.peerid);
   this.dataChannel.send(msg);
 }
 
-// Try and initiate, will check that system hasn't started, and that signaling is ready, and that TURN servers are ready
+/**
+ * Try and initiate, will check that system hasn't started, and that signaling is ready, and that TURN servers are ready
+ * @memberof beef.webrtc
+ */
 Beefwebrtc.prototype.maybeStart = function() {
   beef.debug("maybe starting ... ");
 
@@ -387,7 +453,10 @@ Beefwebrtc.prototype.maybeStart = function() {
   }
 }
 
-// RTC - create an offer - the caller runs this, while the receiver runs calleeStart()
+/** 
+ * RTC - create an offer - the caller runs this, while the receiver runs calleeStart()
+ * @memberof beef.webrtc
+ */
 Beefwebrtc.prototype.doCall = function() {
   var constraints = this.mergeConstraints(this.offerConstraints, this.sdpConstraints);
   var self = this;
@@ -396,7 +465,10 @@ Beefwebrtc.prototype.doCall = function() {
              '  \'' + JSON.stringify(constraints) + '\'.');
 }
 
-// Helper method to merge SDP constraints
+/**
+ * Helper method to merge SDP constraints
+ * @memberof beef.webrtc
+ */
 Beefwebrtc.prototype.mergeConstraints = function(cons1, cons2) {
   var merged = cons1;
   for (var name in cons2.mandatory) {
@@ -406,14 +478,13 @@ Beefwebrtc.prototype.mergeConstraints = function(cons1, cons2) {
   return merged;
 }
 
-// Sets the local RTC session description, sends this information back (via signalling)
-// The caller uses this to set it's local description, and it then has to send this to the peer (via signalling)
-// The receiver uses this information too - and vice-versa - hence the signaling
+/**
+ * Sets the local RTC session description, sends this information back (via signalling)
+ * The caller uses this to set it's local description, and it then has to send this to the peer (via signalling)
+ * The receiver uses this information too - and vice-versa - hence the signaling
+ * 
+ */
 Beefwebrtc.prototype.setLocalAndSendMessage = function(sessionDescription) {
-  // This fucking function does NOT receive a 'this' state, and you can't pass additional parameters
-  // Stupid .. javascript :(
-  // So I'm hacking it to find the peerid gah - I believe *this* is what means you can't establish peers concurrently
-  // i.e. this browser will have to wait for this peerconnection to establish before attempting to connect to the next one..
   var peerid = null;
 
   for (var k in beefrtcs) {
@@ -435,17 +506,26 @@ Beefwebrtc.prototype.setLocalAndSendMessage = function(sessionDescription) {
   }
 }
 
-// If the browser can't build an SDP
+/**
+ * If the browser can't build an SDP
+ * @memberof beef.webrtc
+ */
 Beefwebrtc.prototype.onCreateSessionDescriptionError = function(error) {
   beef.debug('Failed to create session description: ' + error.toString());
 }
 
-// If the browser successfully sets a remote description
+/**
+ * If the browser successfully sets a remote description
+ * @memberof beef.webrtc
+ */
 Beefwebrtc.prototype.onSetRemoteDescriptionSuccess = function() {
   beef.debug('Set remote session description successfully');
 }
 
-// Check for messages - which includes signaling from a calling peer - this gets kicked off in maybeStart()
+/**
+ * Check for messages - which includes signaling from a calling peer - this gets kicked off in maybeStart()
+ * @memberof beef.webrtc
+ */
 Beefwebrtc.prototype.calleeStart = function() {
   // Callee starts to process cached offer and other messages.
   while (this.msgQueue.length > 0) {
@@ -453,7 +533,10 @@ Beefwebrtc.prototype.calleeStart = function() {
   }
 }
 
-// Process messages, this is how we handle the signaling messages, such as candidate info, offers, answers
+/** 
+ * Process messages, this is how we handle the signaling messages, such as candidate info, offers, answers
+ * @memberof beef.webrtc
+ */
 Beefwebrtc.prototype.processSignalingMessage = function(message) {
   if (!this.started) {
     beef.debug('peerConnection has not been created yet!');
@@ -522,19 +605,28 @@ Beefwebrtc.prototype.processSignalingMessage = function(message) {
   }
 }
 
-// Used to set the RTC remote session
+/**
+ * Used to set the RTC remote session
+ * @memberof beef.webrtc
+ */
 Beefwebrtc.prototype.setRemote = function(message) {
     globalrtc[this.peerid].setRemoteDescription(new RTCSessionDescription(message),
        this.onSetRemoteDescriptionSuccess, this.onSetSessionDescriptionError);
 }
 
-// As part of the processSignalingMessage function, we check for 'offers' from peers. If there's an offer, we answer, as below
+/** 
+ * As part of the processSignalingMessage function, we check for 'offers' from peers. If there's an offer, we answer, as below
+ * @memberof beef.webrtc
+ */
 Beefwebrtc.prototype.doAnswer = function() {
   beef.debug('Sending answer to peer.');
   globalrtc[this.peerid].createAnswer(this.setLocalAndSendMessage, this.onCreateSessionDescriptionError, this.sdpConstraints);
 }
 
-// Helper method to determine what kind of ICE Candidate we've received
+/** 
+ * Helper method to determine what kind of ICE Candidate we've received
+ * @memberof beef.webrtc
+ */
 Beefwebrtc.prototype.iceCandidateType = function(candidateSDP) {
   if (candidateSDP.indexOf("typ relay ") >= 0)
     return "TURN";
@@ -545,17 +637,26 @@ Beefwebrtc.prototype.iceCandidateType = function(candidateSDP) {
   return "UNKNOWN";
 }
 
-// Event handler for successful addition of ICE Candidates
+/**
+ * Event handler for successful addition of ICE Candidates
+ * @memberof beef.webrtc
+ */
 Beefwebrtc.prototype.onAddIceCandidateSuccess = function() {
   beef.debug('AddIceCandidate success.');
 }
 
-// Event handler for unsuccessful addition of ICE Candidates
+/**
+ * Event handler for unsuccessful addition of ICE Candidates
+ * @memberof beef.webrtc
+ */
 Beefwebrtc.prototype.onAddIceCandidateError = function(error) {
   beef.debug('Failed to add Ice Candidate: ' + error.toString());
 }
 
-// If a peer hangs up (we bring down the peerconncetion via the stop() method)
+/** 
+ * If a peer hangs up (we bring down the peerconncetion via the stop() method)
+ * @memberof beef.webrtc
+ */
 Beefwebrtc.prototype.onRemoteHangup = function() {
   beef.debug('Session terminated.');
   this.initiator = 0;
@@ -563,7 +664,10 @@ Beefwebrtc.prototype.onRemoteHangup = function() {
   this.stop();
 }
 
-// Bring down the peer connection
+/** 
+ * Bring down the peer connection
+ * @memberof beef.webrtc
+ */
 Beefwebrtc.prototype.stop = function() {
   this.started = false; // we're no longer started
   this.signalingReady = false; // signalling isn't ready
@@ -574,8 +678,11 @@ Beefwebrtc.prototype.stop = function() {
   this.allgood = false; // allgood .. NAH UH
 }
 
-// The actual beef.webrtc wrapper - this exposes only two functions directly - start, and status
-// These are the methods which are executed via the custom extension of the hook.js
+/**
+ * The actual beef.webrtc wrapper - this exposes only two functions directly - start, and status
+ * These are the methods which are executed via the custom extension of the hook.js
+ * @memberof beef.webrtc
+ */
 beef.webrtc = {
   // Start the RTCPeerConnection process
   start: function(initiator,peer,turnjson,stunservers,verbose) {

core/main/client/websocket.js

@@ -1,16 +1,15 @@
 //
-// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 
 
 /**
- * @Literal object: beef.websocket
- *
  * Manage the WebSocket communication channel.
  * This channel is much faster and responsive, and it's used automatically
  * if the browser supports WebSockets AND beef.http.websocket.enable = true.
+ * @namespace beef.websocket
  */
 
 beef.websocket = {
@@ -44,7 +43,7 @@ beef.websocket = {
     },
 
     /**
-     * Send Helo message to the BeEF server and start async polling.
+     * Send Hello message to the BeEF server and start async polling.
      */
     start:function () {
         new beef.websocket.init();

core/main/command.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -42,7 +42,8 @@ module BeEF
     #       Two instances of this object are created during the execution of command module.
     #
     class Command
-      attr_reader :datastore, :path, :default_command_url, :beefjs_components, :friendlyname
+      attr_reader :datastore, :path, :default_command_url, :beefjs_components, :friendlyname,
+      :config
       attr_accessor :zombie, :command_id, :session_id
 
       include BeEF::Core::CommandUtils
@@ -55,15 +56,15 @@ module BeEF
       # @param [String] key command module key
       #
       def initialize(key)
-        config = BeEF::Core::Configuration.instance
+        @config = BeEF::Core::Configuration.instance
 
         @key = key
         @datastore = {}
-        @friendlyname = config.get("beef.module.#{key}.name")
+        @friendlyname = @config.get("beef.module.#{key}.name")
         @output = ''
-        @path = config.get("beef.module.#{key}.path")
+        @path = @config.get("beef.module.#{key}.path")
         @default_command_url = config.get("beef.module.#{key}.mount")
-        @id = config.get("beef.module.#{key}.db.id")
+        @id = @config.get("beef.module.#{key}.db.id")
         @auto_update_zombie = false
         @results = {}
         @beefjs_components = {}

core/main/configuration.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -73,9 +73,122 @@ module BeEF
           return
         end
 
+        return unless validate_public_config_variable?(@config)
+
+        if @config['beef']['http']['public_port']
+          print_error 'Config path beef.http.public_port is deprecated.'
+          print_error 'Please use the new format for public variables found'
+          print_error 'https://github.com/beefproject/beef/wiki/Configuration#web-server-configuration'
+          return
+        end
+
         true
       end
 
+      #
+      # Returns the configuration value for the http server host
+      # If nothing is set it should default to 0.0.0.0 (all interfaces)
+      def local_host
+        get('beef.http.host') || '0.0.0.0'
+      end
+
+      #
+      # Returns the configuration value for the http server port
+      # If nothing is set it should default to 3000
+      def local_port
+        get('beef.http.port') || '3000'
+      end
+
+      #
+      # Return the local protocol
+      # if nothing is set default to http
+      def local_proto
+        local_https_enabled ? 'https' : 'http'
+      end
+
+      #
+      # Returns the configuration value for the local https enabled
+      # If nothing is set it should default to false
+      def local_https_enabled
+        get('beef.http.https.enable') || false
+      end
+
+      #
+      # Returns the configuration value for the http server host
+      def public_host
+        get('beef.http.public.host')
+      end
+
+      #
+      # Returns the beef host which is used by external resources
+      # e.g. hooked browsers
+      def beef_host
+        public_host || local_host
+      end
+
+      #
+      # Returns the beef port which is used by external resource
+      # e.g. hooked browsers
+      def beef_port
+        public_port || local_port
+      end
+
+      def public_enabled?
+        !get('beef.http.public.host').nil?
+      end
+      
+      #
+      # Returns the beef protocol that is used by external resources
+      # e.g. hooked browsers
+      def beef_proto
+        if public_enabled? && public_https_enabled? then
+          return 'https'
+        elsif public_enabled? && !public_https_enabled?
+          return 'http'
+        elsif !public_enabled?
+          return local_proto
+        end
+      end
+
+      #
+      # Returns the beef scheme://host:port for external resources
+      # e.g. hooked browsers
+      def beef_url_str
+        "#{beef_proto}://#{beef_host}:#{beef_port}"
+      end
+
+      # Returns the hool path value stored in the config file
+      #
+      # @return [String] hook file path
+      def hook_file_path
+        get('beef.http.hook_file') || '/hook.js'
+      end
+
+      # Returns the url to the hook file
+      #
+      # @return [String] the url string
+      def hook_url
+        "#{beef_url_str}#{hook_file_path}"
+      end
+
+      # Returns the configuration value for the http server port
+      # If nothing is set it should default to 3000
+      def public_port
+        return get('beef.http.public.port') unless get('beef.http.public.port').nil?
+
+        return '443' if public_https_enabled?
+        return '80' unless public_host.nil?
+
+        nil
+      end
+
+      #
+      # Returns the configuration value for the local https enabled
+      # If nothing is set it should default to false
+      def public_https_enabled?
+        get('beef.http.public.https') || false
+      end
+
       #
       # Returns the value of a selected key in the configuration file.
       # @param [String] key Key of configuration item
@@ -163,6 +276,19 @@ module BeEF
           )
         end
       end
+
+      private
+
+      def validate_public_config_variable?(config)
+        return true if (config['beef']['http']['public'].is_a?(Hash) || 
+                        config['beef']['http']['public'].is_a?(NilClass))
+
+
+        print_error 'Config path beef.http.public is deprecated.'
+        print_error 'Please use the new format for public variables found'
+        print_error 'https://github.com/beefproject/beef/wiki/Configuration#web-server-configuration'
+        false
+      end
     end
   end
 end

core/main/console/banners.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -48,7 +48,8 @@ module Banners
     def print_network_interfaces_count
       # get the configuration information
       configuration = BeEF::Core::Configuration.instance
-      beef_host = configuration.get('beef.http.host')
+      # local host
+      beef_host = configuration.local_host
 
       # create an array of the interfaces the framework is listening on
       if beef_host == '0.0.0.0' # the framework will listen on all interfaces
@@ -77,27 +78,26 @@ module Banners
     #
     def print_network_interfaces_routes
       configuration = BeEF::Core::Configuration.instance
-      proto = configuration.get("beef.http.https.enable") == true ? 'https' : 'http'
-      hook_file = configuration.get("beef.http.hook_file")
+      # local config settings
+      proto = configuration.local_proto
+      hook_file = configuration.hook_file_path
       admin_ui = configuration.get("beef.extension.admin_ui.enable") ? true : false
       admin_ui_path = configuration.get("beef.extension.admin_ui.base_path")
 
       # display the hook URL and Admin UI URL on each interface from the interfaces array
       self.interfaces.map do |host|
         print_info "running on network interface: #{host}"
-        port = configuration.get("beef.http.port")
+        port = configuration.local_port
         data = "Hook URL: #{proto}://#{host}:#{port}#{hook_file}\n"
         data += "UI URL:   #{proto}://#{host}:#{port}#{admin_ui_path}/panel\n" if admin_ui
         print_more data
       end
 
       # display the public hook URL and Admin UI URL
-      if configuration.get("beef.http.public")
-        host = configuration.get('beef.http.public')
-        port = configuration.get("beef.http.public_port") || configuration.get('beef.http.port')
+      if configuration.public_enabled?
         print_info 'Public:'
-        data = "Hook URL: #{proto}://#{host}:#{port}#{hook_file}\n"
-        data += "UI URL:   #{proto}://#{host}:#{port}#{admin_ui_path}/panel\n" if admin_ui
+        data = "Hook URL: #{configuration.hook_url}\n"
+        data += "UI URL:   #{configuration.beef_url_str}#{admin_ui_path}/panel\n" if admin_ui
         print_more data
       end
     end
@@ -130,9 +130,9 @@ module Banners
     def print_websocket_servers
       config = BeEF::Core::Configuration.instance
       ws_poll_timeout = config.get('beef.http.websocket.ws_poll_timeout')
-      print_info "Starting WebSocket server ws://#{config.get('beef.http.host')}:#{config.get("beef.http.websocket.port").to_i} [timer: #{ws_poll_timeout}]"
+      print_info "Starting WebSocket server ws://#{config.beef_host}:#{config.get("beef.http.websocket.port").to_i} [timer: #{ws_poll_timeout}]"
       if config.get("beef.http.websocket.secure")
-        print_info "Starting WebSocketSecure server on wss://[#{config.get('beef.http.host')}:#{config.get("beef.http.websocket.secure_port").to_i} [timer: #{ws_poll_timeout}]"
+        print_info "Starting WebSocketSecure server on wss://[#{config.beef_host}:#{config.get("beef.http.websocket.secure_port").to_i} [timer: #{ws_poll_timeout}]"
       end
     end
   end

core/main/console/commandline.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -19,6 +19,8 @@ module BeEF
         @options[:port] = ""
         @options[:ws_port] = ""
         @options[:interactive] = false
+        @options[:update_disabled] = false
+        @options[:update_auto] = false
 
         @already_parsed = false
 
@@ -55,6 +57,14 @@ module BeEF
                 @options[:ws_port] = ws_port
               end
 
+              opts.on('-ud', '--update_disabled', 'Skips update') do 
+                @options[:update_disabled] = true
+              end
+
+              opts.on('-ua', '--update_auto', 'Automatic update with no prompt') do 
+                @options[:update_auto] = true
+              end
+
               #opts.on('-i', '--interactive', 'Starts with the Console Shell activated') do
               #  @options[:interactive] = true
               #end

core/main/constants/browsers.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -29,7 +29,7 @@ module Constants
     FRIENDLY_FF_NAME  = 'Firefox'
     FRIENDLY_M_NAME   = 'Mozilla'
     FRIENDLY_IE_NAME  = 'Internet Explorer'
-    FRIENDLY_E_NAME   = 'Microsoft Edge'
+    FRIENDLY_E_NAME   = 'MSEdge'
     FRIENDLY_S_NAME   = 'Safari'
     FRIENDLY_EP_NAME  = 'Epiphany'
     FRIENDLY_K_NAME   = 'Konqueror'

core/main/constants/commandmodule.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #