beef/modules/exploits/beef_admin_panel_xss/module.rb

#
# Copyright (c) 2006-2026 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
class Beef_admin_panel_xss < BeEF::Core::Command
  def self.options
    [
      { 'name' => 'target_beef_url', 'ui_label' => 'Target BeEF URL', 'value' => 'http://localhost:3000', 'width' => '300px' },
      { 'name' => 'xss_payload', 'ui_label' => 'XSS Payload (JavaScript)', 'value' => "alert(String.fromCharCode(88,83,83))", 'width' => '400px' }
    ]
  end

  def post_execute
    save({ 'result' => @datastore['result'] })
  end
end