The Browser Exploitation Framework (BeEF) is a powerful professional security tool. BeEF is pioneering techniques that provide the experienced penetration tester with practical client side attack vectors.

Unlike other security frameworks, BeEF focuses on leveraging browser vulnerabilities to assess the security posture of a target. This project is developed solely for lawful research and penetration testing.

BeEF hooks one or more web browsers as beachheads for the launching of directed command modules. Each browser is likely to be within a different security context, and each context may provide a set of unique attack vectors.

Notable Features

BeEF provides an easily integratable framework that demonstrates the impact of browser and Cross-site Scripting

Cross-site scripting

Cross-site scripting is a type of computer security vulnerability typically found in Web applications that enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same...

 issues in real-time. Development has focused on creating a modular framework. This has made module development a very quick and simple process.

• Browser exploitation modules
• Keystroke logging
  Keystroke logging
  Keystroke logging is the action of tracking the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored...
  
  
• Browser proxying
• Integration with Metasploit via XML-RPC
• Plugin detection
• Intranet service exploitation
• Tor
  Tor (anonymity network)
  Tor is a system intended to enable online anonymity. Tor client software routes Internet traffic through a worldwide volunteer network of servers in order to conceal a user's location or usage from someone conducting network surveillance or traffic analysis...
  
  detection
• Browser functionality detection modules