BeEF, the Browser Exploitation Framework is a professional security tool provided for lawful research and testing purposes. It allows the experienced penetration tester or system administrator additional attack vectors when assessing the posture of a target. The user of BeEF will control which browser will launch which exploit and at which target.
BeEF hooks one or more web browsers as beachheads for the launching of directed exploits in real-time. Each browser is likely to be within a different security context. This provides additional vectors that can be exploited by security professionals.BeEF provides an easily integratable framework that demonstrates the impact of browser and Cross-site Scripting issues in real-time. Development has focused on creating a modular framework. This has made module development a very quick and simple process. Current modules include Metasploit, port scanning, keylogging, TOR detection and more.
This release contains support for the XssRays extension, which is still in pilot stage and will be improved further in the next release. The framework now loads faster due to the dynamically loading modules. The core enhancements has had a great impact on the command module navigation. This should be quite noticeable.
Unfortunately, this release also has a bug that prevents MSF from interacting with BeEF. The author mentions that this will be taken care of pretty soon. Until then, it is recommended that the latest version be downloaded via the SVN repository.
To download BeEF v0.4.2.8-alpha here.
Posts
