Release 0.5.2.0 (#2166)

* fixed offline zombie not deleting

* Bump jsdoc-to-markdown from 6.0.1 to 7.0.1 (#2161)

Bumps [jsdoc-to-markdown](https://github.com/jsdoc2md/jsdoc-to-markdown) from 6.0.1 to 7.0.1.
- [Release notes](https://github.com/jsdoc2md/jsdoc-to-markdown/releases)
- [Commits](jsdoc2md/jsdoc-to-markdown@v6.0.1...v7.0.1)

---
updated-dependencies:
- dependency-name: jsdoc-to-markdown
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bug: Core - 1785 Fixed public hook url configuration settings (#2163)

* added spec file for testing changes

* added local host getter to configuration class

* added default value 0.0.0.0 for local host if it's not set

* added port config getter with default

* added port config getter with default

* fixed spelling errors for port

* added public configuration values and validation

* removed logic from public port as it was not required

* added beef host to configuration class

* added beef port to configuration class and removed default http.port logic from public_port

* fixed rubocop errors and refactored spec tests

* added beef host configuration values used for external resources

* added beef url to configuration

* added spec file for testing changes

* added local host getter to configuration class

* added default value 0.0.0.0 for local host if it's not set

* added port config getter with default

* added port config getter with default

* fixed spelling errors for port

* added public configuration values and validation

* removed logic from public port as it was not required

* added beef host to configuration class

* added beef port to configuration class and removed default http.port logic from public_port

* fixed rubocop errors and refactored spec tests

* added beef host configuration values used for external resources

* added beef url to configuration

* created command spec file

* add before statement to load all enabled modules to test command class

* add spec to check if configuration instance exists by setting and accessing a config variable

* updated http proto for beef host

* reverting changes on this file, dev values set

* removed some unessessary checks

* fixed grammar test now we're only testing one configuration attribute

* added hook url for contextual usage

* refactoring admin_ui with new code usage

* fixed issue with the location of the beef.http.https.public_enabled

* refactored powershell module and extension

* adding the new config setting for public https beign enabled

* refactor qrcode extension

* replace video fake plugin refactor

* social engineering refactoring

* phonegap module refactoring

* exploit refactoing

* network module refactoing

* ipec module refactoring

* host module refactoring

* debug refactoring

* browser refactoring

* social engineering extension refactoring

* core main server refactoring

* core main console banner refactoring

* removing dev test

* fixed area with location of http.https.enabled

* changed the hook url definition to return the hook file path

* updated banners to use new configuration getters

* updated extensions and modules with the hook url change

* added new public.host configuration settings and validations for depicated usage of public

* updated to use public.port configuration

* added validation for old configuration public_port

* updated to use public https configuration setting

* updated config with new settings format

* fixed get to point to new locations

* fixed pointer to hook_file_path

* Update extensions/social_engineering/web_cloner/web_cloner.rb

Co-authored-by: bcoles <bcoles@gmail.com>

* updated enabled to enable

* making sure default configuration file does not have preset values

Co-authored-by: bcoles <bcoles@gmail.com>

* bumped versions to 0.5.2.0

* Usability: #2145. Added user input request for beef update within 'beef' install script (#2162)

* added user input request for beef update

* swaped git pull from system to backticks

* flags added for auto update and timout to input

* updated install.txt to reference the update-beef script (#2160)

Co-authored-by: Andrew Wheatley <a@andrews-mini.home>
Co-authored-by: Isaac Powell <36595182+DeezyE@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: bcoles <bcoles@gmail.com>

INSTALL.txt

@@ -67,5 +67,11 @@ it's best to regularly update BeEF to the latest version.
 
 If you're using BeEF from the GitHub repository, updating is as simple as:
 
+  $ ./update-beef
+
+Or pull the latest repo yourself and then update the gems with:
+
   $ git pull
+
+  $ bundle
 

VERSION

@@ -4,4 +4,4 @@
 # See the file 'doc/COPYING' for copying permission
 #
 
-0.5.1.0
+0.5.2.0

beef

@@ -42,6 +42,28 @@ $home_dir = File.expand_path("#{Dir.home}/.beef/", __FILE__).freeze
 # @note Require core loader
 #
 require 'core/loader'
+require 'timeout'
+
+#
+# @note Ask user if they would like to update beef
+#
+
+if BeEF::Core::Console::CommandLine.parse[:update_disabled] == false
+  if BeEF::Core::Console::CommandLine.parse[:update_auto] == true
+  print "Pulling latest BeEF repository and updating"
+  `git pull && bundle`  
+  else
+    begin
+      answer = Timeout::timeout(5) do
+        print "Would you like to check and download the latest BeEF update? y/n: " 
+        response = gets
+        `git pull && bundle` if response.strip == 'y' 
+      end
+      rescue Timeout::Error
+        puts "\nUpdate Skipped with input timeout"
+      end
+  end
+end
 
 #
 # @note Create ~/.beef/
@@ -109,13 +131,13 @@ end
 #
 # @note Validate beef.http.public and beef.http.public_port
 #
-unless config.get('beef.http.public').to_s.eql?('') || BeEF::Filters.is_valid_hostname?(config.get('beef.http.public'))
-  print_error "ERROR: Invalid public hostname: #{config.get('beef.http.public')}"
+unless config.get('beef.http.public.host').to_s.eql?('') || BeEF::Filters.is_valid_hostname?(config.get('beef.http.public.host'))
+  print_error "ERROR: Invalid public hostname: #{config.get('beef.http.public.host')}"
   exit 1
 end
 
-unless config.get('beef.http.public_port').to_s.eql?('') || BeEF::Filters.is_valid_port?(config.get('beef.http.public_port'))
-  print_error "ERROR: Invalid public port: #{config.get('beef.http.public_port')}"
+unless config.get('beef.http.public.port').to_s.eql?('') || BeEF::Filters.is_valid_port?(config.get('beef.http.public.port'))
+  print_error "ERROR: Invalid public port: #{config.get('beef.http.public.port')}"
   exit 1
 end
 

config.yaml

@@ -6,7 +6,7 @@
 # BeEF Configuration file
 
 beef:
-    version: '0.5.1.0'
+    version: '0.5.2.0'
     # More verbose messages (server-side)
     debug: false
     # More verbose messages (client-side)
@@ -47,17 +47,21 @@ beef:
 
         # Host Name / Domain Name
         # If you want BeEF to be accessible via hostname or domain name (ie, DynDNS),
-        #   set the public hostname below:
-        #public: ""      # public hostname/IP address
+        # These settings will be used to create a public facing URL
+        # This public facing URL will be used for all hook related calls
+        # set the public setting below:
+        # public: ""
+        #     host: "" # public hostname/IP address
+        #     port: "" # public port will default to 80 if no https 443 if https 
+                      # and local if not set but there is a public host
+        #     https: false # true/false
 
         # Reverse Proxy / NAT
         # If you want BeEF to be accessible behind a reverse proxy or NAT,
         #   set both the publicly accessible hostname/IP address and port below:
         # NOTE: Allowing the reverse proxy will enable a vulnerability where the ui/panel can be spoofed
         #   by altering the X-FORWARDED-FOR ip address in the request header.
         allow_reverse_proxy: false
-        #public: ""      # public hostname/IP address
-        #public_port: "" # public port (experimental)
 
         # Hook
         hook_file: "/hook.js"
@@ -89,6 +93,8 @@ beef:
         # Experimental HTTPS support for the hook / admin / all other Thin managed web services
         https:
             enable: false
+            # Enabled this config setting if you're external facing uri is using https
+            public_enabled: false
             # In production environments, be sure to use a valid certificate signed for the value
             # used in beef.http.public (the domain name of the server where you run BeEF)
             key: "beef_key.pem"

core/main/command.rb

@@ -42,7 +42,8 @@ def initialize(hash = nil)
     #       Two instances of this object are created during the execution of command module.
     #
     class Command
-      attr_reader :datastore, :path, :default_command_url, :beefjs_components, :friendlyname
+      attr_reader :datastore, :path, :default_command_url, :beefjs_components, :friendlyname,
+      :config
       attr_accessor :zombie, :command_id, :session_id
 
       include BeEF::Core::CommandUtils
@@ -55,15 +56,15 @@ class Command
       # @param [String] key command module key
       #
       def initialize(key)
-        config = BeEF::Core::Configuration.instance
+        @config = BeEF::Core::Configuration.instance
 
         @key = key
         @datastore = {}
-        @friendlyname = config.get("beef.module.#{key}.name")
+        @friendlyname = @config.get("beef.module.#{key}.name")
         @output = ''
-        @path = config.get("beef.module.#{key}.path")
+        @path = @config.get("beef.module.#{key}.path")
         @default_command_url = config.get("beef.module.#{key}.mount")
-        @id = config.get("beef.module.#{key}.db.id")
+        @id = @config.get("beef.module.#{key}.db.id")
         @auto_update_zombie = false
         @results = {}
         @beefjs_components = {}

core/main/configuration.rb

@@ -73,9 +73,122 @@ def validate
           return
         end
 
+        return unless validate_public_config_variable?(@config)
+
+        if @config['beef']['http']['public_port']
+          print_error 'Config path beef.http.public_port is deprecated.'
+          print_error 'Please use the new format for public variables found'
+          print_error 'https://github.com/beefproject/beef/wiki/Configuration#web-server-configuration'
+          return
+        end
+
         true
       end
 
+      #
+      # Returns the configuration value for the http server host
+      # If nothing is set it should default to 0.0.0.0 (all interfaces)
+      def local_host
+        get('beef.http.host') || '0.0.0.0'
+      end
+
+      #
+      # Returns the configuration value for the http server port
+      # If nothing is set it should default to 3000
+      def local_port
+        get('beef.http.port') || '3000'
+      end
+
+      #
+      # Return the local protocol
+      # if nothing is set default to http
+      def local_proto
+        local_https_enabled ? 'https' : 'http'
+      end
+
+      #
+      # Returns the configuration value for the local https enabled
+      # If nothing is set it should default to false
+      def local_https_enabled
+        get('beef.http.https.enable') || false
+      end
+
+      #
+      # Returns the configuration value for the http server host
+      def public_host
+        get('beef.http.public.host')
+      end
+
+      #
+      # Returns the beef host which is used by external resources
+      # e.g. hooked browsers
+      def beef_host
+        public_host || local_host
+      end
+
+      #
+      # Returns the beef port which is used by external resource
+      # e.g. hooked browsers
+      def beef_port
+        public_port || local_port
+      end
+
+      def public_enabled?
+        !get('beef.http.public.host').nil?
+      end
+
+      #
+      # Returns the beef protocol that is used by external resources
+      # e.g. hooked browsers
+      def beef_proto
+        if public_enabled? && public_https_enabled? then
+          return 'https'
+        elsif public_enabled? && !public_https_enabled?
+          return 'http'
+        elsif !public_enabled?
+          return local_proto
+        end
+      end
+
+      #
+      # Returns the beef scheme://host:port for external resources
+      # e.g. hooked browsers
+      def beef_url_str
+        "#{beef_proto}://#{beef_host}:#{beef_port}"
+      end
+
+      # Returns the hool path value stored in the config file
+      #
+      # @return [String] hook file path
+      def hook_file_path
+        get('beef.http.hook_file') || '/hook.js'
+      end
+
+      # Returns the url to the hook file
+      #
+      # @return [String] the url string
+      def hook_url
+        "#{beef_url_str}#{hook_file_path}"
+      end
+
+      # Returns the configuration value for the http server port
+      # If nothing is set it should default to 3000
+      def public_port
+        return get('beef.http.public.port') unless get('beef.http.public.port').nil?
+
+        return '443' if public_https_enabled?
+        return '80' unless public_host.nil?
+
+        nil
+      end
+
+      #
+      # Returns the configuration value for the local https enabled
+      # If nothing is set it should default to false
+      def public_https_enabled?
+        get('beef.http.public.https') || false
+      end
+
       #
       # Returns the value of a selected key in the configuration file.
       # @param [String] key Key of configuration item
@@ -163,6 +276,19 @@ def load_modules_config
           )
         end
       end
+
+      private
+
+      def validate_public_config_variable?(config)
+        return true if (config['beef']['http']['public'].is_a?(Hash) || 
+                        config['beef']['http']['public'].is_a?(NilClass))
+
+
+        print_error 'Config path beef.http.public is deprecated.'
+        print_error 'Please use the new format for public variables found'
+        print_error 'https://github.com/beefproject/beef/wiki/Configuration#web-server-configuration'
+        false
+      end
     end
   end
 end

core/main/console/banners.rb

@@ -48,7 +48,8 @@ def print_welcome_msg
     def print_network_interfaces_count
       # get the configuration information
       configuration = BeEF::Core::Configuration.instance
-      beef_host = configuration.get('beef.http.host')
+      # local host
+      beef_host = configuration.local_host
 
       # create an array of the interfaces the framework is listening on
       if beef_host == '0.0.0.0' # the framework will listen on all interfaces
@@ -77,27 +78,26 @@ def print_network_interfaces_count
     #
     def print_network_interfaces_routes
       configuration = BeEF::Core::Configuration.instance
-      proto = configuration.get("beef.http.https.enable") == true ? 'https' : 'http'
-      hook_file = configuration.get("beef.http.hook_file")
+      # local config settings
+      proto = configuration.local_proto
+      hook_file = configuration.hook_file_path
       admin_ui = configuration.get("beef.extension.admin_ui.enable") ? true : false
       admin_ui_path = configuration.get("beef.extension.admin_ui.base_path")
 
       # display the hook URL and Admin UI URL on each interface from the interfaces array
       self.interfaces.map do |host|
         print_info "running on network interface: #{host}"
-        port = configuration.get("beef.http.port")
+        port = configuration.local_port
         data = "Hook URL: #{proto}://#{host}:#{port}#{hook_file}\n"
         data += "UI URL:   #{proto}://#{host}:#{port}#{admin_ui_path}/panel\n" if admin_ui
         print_more data
       end
 
       # display the public hook URL and Admin UI URL
-      if configuration.get("beef.http.public")
-        host = configuration.get('beef.http.public')
-        port = configuration.get("beef.http.public_port") || configuration.get('beef.http.port')
+      if configuration.public_enabled?
         print_info 'Public:'
-        data = "Hook URL: #{proto}://#{host}:#{port}#{hook_file}\n"
-        data += "UI URL:   #{proto}://#{host}:#{port}#{admin_ui_path}/panel\n" if admin_ui
+        data = "Hook URL: #{configuration.hook_url}\n"
+        data += "UI URL:   #{configuration.beef_url_str}#{admin_ui_path}/panel\n" if admin_ui
         print_more data
       end
     end
@@ -130,9 +130,9 @@ def print_loaded_modules
     def print_websocket_servers
       config = BeEF::Core::Configuration.instance
       ws_poll_timeout = config.get('beef.http.websocket.ws_poll_timeout')
-      print_info "Starting WebSocket server ws://#{config.get('beef.http.host')}:#{config.get("beef.http.websocket.port").to_i} [timer: #{ws_poll_timeout}]"
+      print_info "Starting WebSocket server ws://#{config.beef_host}:#{config.get("beef.http.websocket.port").to_i} [timer: #{ws_poll_timeout}]"
       if config.get("beef.http.websocket.secure")
-        print_info "Starting WebSocketSecure server on wss://[#{config.get('beef.http.host')}:#{config.get("beef.http.websocket.secure_port").to_i} [timer: #{ws_poll_timeout}]"
+        print_info "Starting WebSocketSecure server on wss://[#{config.beef_host}:#{config.get("beef.http.websocket.secure_port").to_i} [timer: #{ws_poll_timeout}]"
       end
     end
   end

core/main/console/commandline.rb

@@ -19,6 +19,8 @@ module CommandLine
         @options[:port] = ""
         @options[:ws_port] = ""
         @options[:interactive] = false
+        @options[:update_disabled] = false
+        @options[:update_auto] = false
 
         @already_parsed = false
 
@@ -55,6 +57,14 @@ def self.parse
                 @options[:ws_port] = ws_port
               end
 
+              opts.on('-ud', '--update_disabled', 'Skips update') do 
+                @options[:update_disabled] = true
+              end
+
+              opts.on('-ua', '--update_auto', 'Automatic update with no prompt') do 
+                @options[:update_auto] = true
+              end
+
               #opts.on('-i', '--interactive', 'Starts with the Console Shell activated') do
               #  @options[:interactive] = true
               #end