[Extension] Passive Attack Surface Audit / Active Vulnerability Scan / Exploit Suggester / Autopwn

[bcoles]

It would be nice to see a list of known vulnerabilities for the zombie web browser, plugins/extensions/addons, operating system and hardware. The end goal would be point-and-click exploitation (Admin UI), scriptable exploitation (REST API) and automatic exploitation (ARE). This would also be valuable information during phishing assessments.

In the short term this could be as simple as checking whether the software is up to date.

In the short term this should be passive by inferring vulnerabilities from reported software versions, however considerations should be made to allow active fingerprinting/scanning in the future.

Reporting certainty and risk may or may not be a good idea. This is probably overkill in the short term however considerations should be made to allow for this in the future.

This could be extended later to include known vulnerabilities for identified network services on the zombie's LAN.

The extension itself should be designed to be easily extendable as vulnerability details could be populated from anywhere in the framework, such as browser hook initialization and command modules.

This could be extended later to allow exploitation of said vulnerabilities in situations where exploits are available. Additionally, autopwn would be nice.

[antisnatchor]

Yeah good point, send an email to our internal BeEF dev ML so we can discuss there and post back here some definitive thoughts once we agreed on the plan ;-)

[bcoles]

Added invisible active software detection for Internet Explorer using XMLDOM XXE in 683937419977c9e80b93a34e946ef1c3fce54127.

[kalifan]

@bcoles thanks bro, ¿is there a version for google chrome?

[bcoles]

@kalifan is this in reference to XMLDOM XXE ? As far as I know there is no way to enumerate software installed the host using Google Chrome; although I haven't looked.

It used to be possible to enumerate installed extensions on Firefox and Chrome.