Navigation



BeEF – Browser Exploitation Framework

Last updated: July 10, 2010 | 17,094 views

Use Netsparker


There’s been a lot of nice Web relevant testing and hacking tools coming out lately, I’ve gotten quite a collection to post about, so do try them out and let me know what you think.

BeEF is the browser exploitation framework. Its purposes in life is to provide an easily integratable framework to demonstrate the impact of browser and cross-site scripting issues in real-time. The modular structure has focused on making module development a trivial process with the intelligence existing within BeEF.

The current version is 0.2.1 and is still a work in progress.

Modules Loaded

The ‘Load Modules’ area shows what modules are available. Clicking on them will load the module into the module console area. The modules are the parts of the application that provide code to be sent to the controlled browser. One of the main strengths of BeEF is the ease in with modules can be written. The require minimal effort to incorporate into the framework.

The module console area shows the modules input and configuration details. The following screenshot show the input options for the Port Scanning Module.

Zombies

The ‘Zombies’ section of the sidebar displays basic details of the browser(s) under control of BeEF. All modules will execute within the zombies listed here.

Download

You can download BeEF here:

beef-v0.3.1.tgz (md5sum: 8e160e72c7b9f1c292b5894d6b8d672c)

Share17
Tweet2
+1
Share
19 Shares
Posted in: Hacking Tools, Security Software, Web Hacking

, , , , ,


Latest Posts:


Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
November 14, 2018 - 75 Shares
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
November 2, 2018 - 85 Shares
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.
October 29, 2018 - 124 Shares
testssl.sh - Test SSL Security Including Ciphers, Protocols & Detect Flaws testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws
testssl.sh is a free command line tool to test SSL security, it checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.
October 20, 2018 - 231 Shares
Four Year Old libSSH Bug Leaves Servers Wide Open Four Year Old libssh Bug Leaves Servers Wide Open
A fairly serious 4-year old libssh bug has left servers vulnerable to remote compromise, fortunately, the attack surface isn't that big as neither OpenSSH or the GitHub implementation are affected.
October 17, 2018 - 97 Shares
CHIPSEC - Platform Security Assessment Framework CHIPSEC – Platform Security Assessment Framework For Firmware Hacking
CHIPSEC is a platform security assessment framework for PCs including hardware, system firmware (BIOS/UEFI), and platform components for firmware hacking.
October 15, 2018 - 151 Shares


Comments are closed.