beef-xss

beef-xss [options]

beef-xss (Browser Exploitation Framework) is a penetration testing tool that focuses on web browser vulnerabilities. It hooks web browsers through XSS or other injection vectors and uses them as beachheads for launching client-side attacks.
The framework provides a web-based control panel for managing hooked browsers, executing JavaScript modules, and assessing client-side security. It examines exploitability from within the browser context rather than the network perimeter.

-c, --config file

Use custom configuration file

Reset the BeEF database

Enable verbose output

Display help message

/etc/beef-xss/config.yaml

Main configuration file on Kali Linux installations. Controls network settings, credentials, and enabled extensions.

Alternative location for the main configuration file in package installations.

Hook (hook.js)

JavaScript file that hooks browsers; inject via XSS or social engineering

Control panel at http://127.0.0.1:3000/ui/panel

Programmatic access to BeEF functionality

Browser exploitation modules (keylogging, phishing, network discovery)

Default credentials must be changed before use. Requires Ruby and various dependencies. Only use in authorized penetration testing engagements. The hook.js file must be injected into target browsers via XSS or other means. Network interfaces and ports are configurable in config.yaml.

BeEF was created by Wade Alcorn and the BeEF development team. It has been an active open-source project since 2006, becoming a standard tool in web application penetration testing for assessing browser-based attack vectors.

metasploit(1), burpsuite(1), nikto(1)