Path: blob/master/modules/network/cross_origin_scanner_flash/module.rb
1154 views
#1# Copyright (c) 2006-2025 Wade Alcorn - [email protected]2# Browser Exploitation Framework (BeEF) - https://beefproject.com3# See the file 'doc/COPYING' for copying permission4#5class Cross_origin_scanner_flash < BeEF::Core::Command6def pre_send7BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind_cached('/modules/network/cross_origin_scanner_flash/ContentHijacking.swf', '/objects/ContentHijacking', 'swf')8BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind_cached('/modules/network/cross_origin_scanner_flash/swfobject.js', '/swfobject', 'js')9end1011def post_execute12content = {}13content['result'] = @datastore['result']14save content1516configuration = BeEF::Core::Configuration.instance17return unless configuration.get('beef.extension.network.enable') == true1819session_id = @datastore['beefhook']2021# log discovered hosts22case @datastore['results']23when /^ip=(.+)&status=alive$/24ip = Regexp.last_match(1)25if BeEF::Filters.is_valid_ip?(ip)26print_debug("Hooked browser found host #{ip}")27BeEF::Core::Models::NetworkHost.create(hooked_browser_id: session_id, ip: ip)28end29# log discovered network services30when /^proto=(.+)&ip=(.+)&port=(\d+)&title/31proto = Regexp.last_match(1)32ip = Regexp.last_match(2)33port = Regexp.last_match(3)34type = 'HTTP Server (Flash)'35if BeEF::Filters.is_valid_ip?(ip)36print_debug("Hooked browser found HTTP server #{ip}:#{port}")37BeEF::Core::Models::NetworkService.create(hooked_browser_id: session_id, proto: proto, ip: ip, port: port, type: type)38end39end40end4142def self.options43[44{ 'name' => 'ipRange', 'ui_label' => 'Scan IP range (C class)', 'value' => '192.168.0.1-192.168.0.254' },45{ 'name' => 'ports', 'ui_label' => 'Ports', 'value' => '80,8080' },46{ 'name' => 'threads', 'ui_label' => 'Workers', 'value' => '2' },47{ 'name' => 'timeout', 'ui_label' => 'Timeout for each request (s)', 'value' => '5' }48]49end50end515253