BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. BeEF is pioneering techniques that provide the experienced penetration tester with practical client side attack vectors. Unlike other security frameworks, BeEF focuses on leveraging browser vulnerabilities to assess the security posture of a target. This project is developed solely for lawful research and penetration testing.
First download ruby for windows from here
Install it in C: folder and make sure you select all the options. So Ruby is installed now.
After installing Ruby, you need to download the SQLite dll from here
Now extract the SQLite zip file on the Ruby193bin folder:
Now you need to download the ‘DevKit-tdm-32-4.5.2-20111229-1559-sfx.exe’ from here
Now extract the DevKit-tdm-32-4.5.2-20111229-1559-sfx.exe’ file on the C: folder
Open cmd prompt and go to ‘Devkit’ path and we need to run “ruby dk.rb init
Now we need to run “ruby dk.rb install’
Now a few other steps: - ruby dk.rb review (checks things are ok) –
gem install rdiscount –platform=ruby (you should see the message “Temporarily enhancing PATH to include DevKit…”)
Now you need to download the ‘BeEF Project from here
Now open the BeEF file ‘beefproject-beef-beef-0.4.3.7-0-g69c59bb’ and extract the files to C:beef
Open cmd prompt go to the BeEF path and type the following:
Now type the below commands one by one
gem install bundler
(You will see something similar to this)
Now Type “ruby beef” to start beef.
Of course you will need your Windows Firewall to allow that application
BeEF is installed successfully. Now go to http://127.0.0.1:3000/ui/panel and check if it is available
http://192.168.1.2:3000/ui/panel (beef is the user name and password)
Send the link http://192.168.1.2:3000/demos/basic.html to the victim via chat or email or any social engineering technique to the victim.
HconSTF is Open Source Penetration Testing Framework based on different browser technologies, which helps any security professional to assists in the Penetration testing or vulnerability scanning assessments. contains web tools which are powerful in doing xss(cross site scripting), Sql injection, siXSS, CSRF, Trace XSS, RFI, LFI, etc. Even useful to anybody interested in information security domain – students, Security Professionals, web developers, manual vulnerability assessments and much more.
- Categorized and comprehensive toolset
- Contains hundreds of tools and features and script for different tasks like SQLi, XSS,Dorks, OSINT to name a few
- HconSTF webUI with online tools (same as the Aqua base version of HconSTF)
- Each and every option is configured for penetration testing and Vulnerability assessments
- Specially configured and enhanced for gaining easy & solid anonymity
- Works for web app testing assessments specially for owasp top 10
- Easy to use & collaborative Operating System like interface
- Multi-Language support (feature in heavy development translators needed)
Sandcat Browser is a freeware portable pen-test oriented multi-tabbed web browser with extensions support developed by the Syhunt team, the same creators of the Syhunt Web Application Security Scanner. The Sandcat Browser is built on top of Chromium, the same engine that powers the Google Chrome browser, and uses the Lua language to provide extensions and scripting support.
Sandcat Browser includes the following pen-test oriented features:
- Live HTTP Headers
- Request Editor Extension
- Fuzzer extension with multiple modes and support for filters
- Lua Executor extension — allows you to load and run external Lua scripts
- Syhunt Gelo
- HTTP Brute Force, CGI Scanner scripts and more
BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. The Browser Exploitation Framework (BeEF) is a powerful professional security tool.
BeEF focuses on leveraging browser vulnerabilities to assess the security posture of a target. This project is developed solely for lawful research and penetration testing. BeEF hooks one or more web browsers as beachheads for the launching of directed command modules. Each browser is likely to be within a different security context, and each context may provide a set of unique attack vectors.
How to Install Browser Exploitation Framework in BacTrack
First Open Your backtrack and Follow these path
Applications->Backtrack–>Exploitation Tools->Social Engineering Tools->BEEF XSS Framework->BeEF Installer
Now Beef is Successfully Install in your PC
How to use Browser Exploitation Framework
Open your backtrack and Follow these path
Applications->Backtrack–>Exploitation Tools->Social Engineering Tools->BEEF XSS Framework->BeEF
Then copied the URL and launched it in the browser (this is my URL based on the IP of my virtual box machine yours will be different)
http://192.168.1.3:3000/ui/panel (beef is the user name and password)
Send the link http://192.168.1.3:3000/demos/basic.html to the victim via chat or email or any social engineering technique to the victim
Now you can get access of victim pc