Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
beefproject
GitHub Repository: beefproject/beef
 Path: blob/master/extensions/network/rest/network.rb
1154 views
1
#

2
# Copyright (c) 2006-2025 Wade Alcorn - [email protected]

3
# Browser Exploitation Framework (BeEF) - https://beefproject.com

4
# See the file 'doc/COPYING' for copying permission

5
#

6
module BeEF

7
  module Extension

8
    module Network

9
      # This class handles the routing of RESTful API requests that interact with network services on the zombie's LAN

10
      class NetworkRest < BeEF::Core::Router::Router

11
        # Filters out bad requests before performing any routing

12
        before do

13
          config = BeEF::Core::Configuration.instance

14
          @nh = BeEF::Core::Models::NetworkHost

15
          @ns = BeEF::Core::Models::NetworkService

16
          @hb = BeEF::Core::Models::HookedBrowser

17


18
          # Require a valid API token from a valid IP address

19
          halt 401 unless params[:token] == config.get('beef.api_token')

20
          halt 403 unless BeEF::Core::Rest.permitted_source?(request.ip)

21


22
          headers 'Content-Type' => 'application/json; charset=UTF-8',

23
                  'Pragma' => 'no-cache',

24
                  'Cache-Control' => 'no-cache',

25
                  'Expires' => '0'

26
        end

27


28
        # Returns the entire list of network hosts for all zombies

29
        get '/hosts' do

30
          hosts = @nh.all.distinct.order(:id)

31
          count = hosts.length

32


33
          result = {}

34
          result[:count] = count

35
          result[:hosts] = []

36
          hosts.each do |host|

37
            result[:hosts] << host.to_h

38
          end

39


40
          result.to_json

41
        rescue StandardError => e

42
          print_error "Internal error while retrieving host list (#{e.message})"

43
          halt 500

44
        end

45


46
        # Returns the entire list of network services for all zombies

47
        get '/services' do

48
          services = @ns.all.distinct.order(:id)

49
          count = services.length

50


51
          result = {}

52
          result[:count] = count

53
          result[:services] = []

54
          services.each do |service|

55
            result[:services] << service.to_h

56
          end

57


58
          result.to_json

59
        rescue StandardError => e

60
          print_error "Internal error while retrieving service list (#{e.message})"

61
          halt 500

62
        end

63


64
        # Returns all hosts given a specific hooked browser id

65
        get '/hosts/:id' do

66
          id = params[:id]

67


68
          hooked_browser = @hb.where(session: id).distinct

69
          hosts = @nh.where(hooked_browser: hooked_browser).distinct.order(:hooked_browser)

70
          count = hosts.length

71


72
          result = {}

73
          result[:count] = count

74
          result[:hosts] = []

75
          hosts.each do |host|

76
            result[:hosts] << host.to_h

77
          end

78


79
          result.to_json

80
        rescue InvalidParamError => e

81
          print_error e.message

82
          halt 400

83
        rescue StandardError => e

84
          print_error "Internal error while retrieving hosts list for hooked browser with id #{id} (#{e.message})"

85
          halt 500

86
        end

87


88
        # Returns all services given a specific hooked browser id

89
        get '/services/:id' do

90
          id = params[:id]

91


92
          services = @ns.where(hooked_browser_id: id).distinct.order(:id)

93
          count = services.length

94


95
          result = {}

96
          result[:count] = count

97
          result[:services] = []

98
          services.each do |service|

99
            result[:services] << service.to_h

100
          end

101


102
          result.to_json

103
        rescue InvalidParamError => e

104
          print_error e.message

105
          halt 400

106
        rescue StandardError => e

107
          print_error "Internal error while retrieving service list for hooked browser with id #{id} (#{e.message})"

108
          halt 500

109
        end

110


111
        # Returns a specific host given its id

112
        get '/host/:id' do

113
          id = params[:id]

114


115
          host = @nh.find(id)

116
          raise InvalidParamError, 'id' if host.nil?

117


118
          halt 404 if host.nil?

119


120
          host.to_h.to_json

121
        rescue InvalidParamError => e

122
          print_error e.message

123
          halt 400

124
        rescue StandardError => e

125
          print_error "Internal error while retrieving host with id #{id} (#{e.message})"

126
          halt 500

127
        end

128


129
        # Deletes a specific host given its id

130
        delete '/host/:id' do

131
          id = params[:id]

132
          raise InvalidParamError, 'id' unless BeEF::Filters.nums_only?(id)

133


134
          host = @nh.find(id)

135
          halt 404 if host.nil?

136


137
          result = {}

138
          result['success'] = @nh.delete(id)

139
          result.to_json

140
        rescue InvalidParamError => e

141
          print_error e.message

142
          halt 400

143
        rescue StandardError => e

144
          print_error "Internal error while removing network host with id #{id} (#{e.message})"

145
          halt 500

146
        end

147


148
        # Returns a specific service given its id

149
        get '/service/:id' do

150
          id = params[:id]

151


152
          service = @ns.find(id)

153
          raise InvalidParamError, 'id' if service.nil?

154


155
          halt 404 if service.empty?

156


157
          service.to_h.to_json

158
        rescue InvalidParamError => e

159
          print_error e.message

160
          halt 400

161
        rescue StandardError => e

162
          print_error "Internal error while retrieving service with id #{id} (#{e.message})"

163
          halt 500

164
        end

165


166
        # Raised when invalid JSON input is passed to an /api/network handler.

167
        class InvalidJsonError < StandardError

168
          DEFAULT_MESSAGE = 'Invalid JSON input passed to /api/network handler'.freeze

169


170
          def initialize(message = nil)

171
            super(message || DEFAULT_MESSAGE)

172
          end

173
        end

174


175
        # Raised when an invalid named parameter is passed to an /api/network handler.

176
        class InvalidParamError < StandardError

177
          DEFAULT_MESSAGE = 'Invalid parameter passed to /api/network handler'.freeze

178


179
          def initialize(message = nil)

180
            message = "Invalid \"#{message}\" parameter passed to /api/network handler" unless message.nil?

181
            super(message)

182
          end

183
        end

184
      end

185
    end

186
  end

187
end

188


189