The Browser Exploitation Framework (BeEF) is a powerful professional security tool. BeEF is pioneering techniques that provide the experienced penetration tester with practical client side attack vectors. Unlike other security frameworks, BeEF focuses on leveraging browser vulnerabilities to assess the security posture of a target. This project is developed solely for lawful research and penetration testing.
BeEF hooks one or more web browsers as beachheads for the launching of directed command modules. Each browser is likely to be within a different security context, and each context may provide a set of unique attack vectors. The framework allows the penetration tester to select specific modules (in real-time) to target each browser, and therefore each context.
The framework contains numerous command modules that employ BeEF's simple and powerful API. This API is at the heart of the framework’s effectiveness and efficiency. It abstracts complexity and facilitates quick development of custom modules.
New Version:
A lot of bugs from the BeEF requester have been fixed, that has an impact on the efficiency of the proxy, xssrays and other components. The xssrays extension is now functioning more efficiently as smaller bugs have been removed and its ability to crawl a site has been increased. Quite a few number of modules have been added, including many IPEC (inter-protocol exploit and communication) Windows bindshell modules. This effectively allows commands to be sent to a listening bindshell from the victim hooked browser!
This version also adds the autorun functionality, which however breaks Metasploit interoperability. (again!) This version also adds the console interface, which will be fully functional by the end of this year. It is not enabled by default and allows you to use a shell and not the web interface.
Demo videos Here:
http://www.youtube.com/user/TheBeefproject