BeEF stands for The Browser Exploitation Framework. It is a great penetration testing tool that focuses on the web browser.
Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, It looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. It will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.
Install Prerequisites BeEF
sudo apt-get install git curl git libsqlite3-dev sqlite3 imagemagick ghostscript
default using Ruby 2.1.5.
gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 curl -sSL https://get.rvm.io | bash -s stable source ~/.rvm/scripts/rvm echo "source ~/.rvm/scripts/rvm" >> ~/.bashrc source ~/.bashrc rvm install 2.1.5 ruby -v
cd ~ mkdir temp cd temp git clone git://github.com/beefproject/beef.git cd beef rvm use ruby-2.1.5@beef --create gem install bundler bundle install
Fire up Beef
Now let’s open your browser and go to http://127.0.0.1:3000/ui/panel (or whatever kind of IP Address you are using)
username is “beef” while password is also “beef”.
cd ~/temp/beef git pull origin master bundle install ./update-beef