# beefproject/beef **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/beefproject-beef).** 10,728 stars · 2,342 forks · JavaScript ## Links - GitHub: https://github.com/beefproject/beef - Homepage: https://beefproject.com - awesome-repositories: https://awesome-repositories.com/repository/beefproject-beef.md ## Description BeEF is a modular security testing environment designed for browser exploitation and web application auditing. It functions as a platform for security professionals to evaluate client-side defenses by injecting persistent scripts into web browsers, establishing a bidirectional communication channel for remote command execution and data exfiltration. The framework distinguishes itself through its ability to use compromised browser sessions as proxies to conduct internal network reconnaissance, effectively bypassing perimeter security controls. It utilizes an event-driven control interface and asynchronous command queuing to manage multiple hooked sessions, allowing for the coordination of complex, multi-stage assessment workflows. The system supports a modular architecture that enables the development of custom plugins and automated rules to extend its core testing capabilities. It includes comprehensive administrative controls, such as role-based access control, authentication rate limiting, and network access restrictions, to secure the testing environment and manage component lifecycles. ## Tags ### Security & Cryptography - [Exploitation Frameworks](https://awesome-repositories.com/f/security-cryptography/exploitation-frameworks.md) — Functions as a security testing platform that hooks web browsers to execute targeted scripts within compromised sessions. - [Penetration Testing Tools](https://awesome-repositories.com/f/security-cryptography/security/utilities/security-tools/vulnerability-assessment-tools/penetration-testing-tools.md) — Provides a modular environment for security professionals to conduct internal network mapping and client-side assessments. - [Browser Security Testers](https://awesome-repositories.com/f/security-cryptography/application-and-system-security/web-security/browser-security-testers.md) — Provides a framework for launching directed command modules to evaluate client-side browser defenses and identify vulnerabilities. ([source](https://cdn.jsdelivr.net/gh/beefproject/beef@master/README.md)) - [Reconnaissance and Assessment Platforms](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-testing-tools/reconnaissance-assessment-platforms.md) — Acts as a framework for testing browser defenses and simulating real-world attack vectors by injecting scripts into remote clients. - [Network Reconnaissance Tools](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/network-reconnaissance-tools.md) — Uses compromised browser sessions as proxies to conduct internal network reconnaissance and map infrastructure. ([source](https://beefproject.com/)) - [Web Application Penetration Testing](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-testing/web-application-penetration-testing.md) — Simulates attack vectors in a controlled environment to test the resilience of web-based systems against exploitation. - [Role-Based Access Control](https://awesome-repositories.com/f/security-cryptography/role-based-access-control.md) — Enforces authentication and authorization checks at administrative and API layers to restrict sensitive system functions. - [Security Testing Tools](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-testing-tools.md) — Provides a platform for building custom modules and automated rules to extend core security testing functionality. - [Administrative Access Controls](https://awesome-repositories.com/f/security-cryptography/api-access-security/administrative-access-controls.md) — Enforces unique credential requirements for web and programming interfaces to prevent unauthorized access to control panels. ([source](https://github.com/beefproject/beef/wiki/Configuration)) ### Web Development - [Browser API Hooks](https://awesome-repositories.com/f/web-development/browser-api-hooks.md) — Injects persistent client-side scripts into browsers to establish bidirectional communication for remote command execution. - [Browser Scripting Tools](https://awesome-repositories.com/f/web-development/browser-scripting-tools.md) — Injects persistent scripts into web browsers to establish bidirectional communication channels for remote command execution. ([source](https://cdn.jsdelivr.net/gh/beefproject/beef@master/README.md)) ### DevOps & Infrastructure - [Browser-Based Attack Modules](https://awesome-repositories.com/f/devops-infrastructure/automation-orchestration/task-execution-frameworks/task-job-management/remote-task-execution-modules/browser-based-attack-modules.md) — Executes targeted scripts within compromised browser sessions to gather information or perform automated security tasks. ([source](https://beefproject.com/)) ### Networking & Communication - [Reverse Tunnels](https://awesome-repositories.com/f/networking-communication/reverse-tunnels.md) — Routes network traffic through compromised browser sessions to bypass perimeter security controls and interact with internal infrastructure. ### Part of an Awesome List - [Command And Control Frameworks](https://awesome-repositories.com/f/awesome-lists/security/command-and-control-frameworks.md) — Framework for exploiting and controlling compromised web browsers. - [Offensive Security](https://awesome-repositories.com/f/awesome-lists/security/offensive-security.md) — Framework for browser-based exploitation and control. - [Security Frameworks](https://awesome-repositories.com/f/awesome-lists/security/security-frameworks.md) — Framework for exploiting web browsers and client-side security. - [Security Tools](https://awesome-repositories.com/f/awesome-lists/security/security-tools.md) — Browser exploitation framework for client-side attacks ### Software Engineering & Architecture - [Modular Plugin Architectures](https://awesome-repositories.com/f/software-engineering-architecture/modular-plugin-architectures.md) — Supports a modular architecture that allows dynamic loading of functional components at runtime to extend core capabilities. - [Modular Extension Architectures](https://awesome-repositories.com/f/software-engineering-architecture/modular-extension-architectures.md) — Enables users to build custom modules and automated rules to expand core security testing capabilities. ([source](https://beefproject.com/)) - [Event-Driven Architectures](https://awesome-repositories.com/f/software-engineering-architecture/event-driven-architectures.md) — Coordinates state changes and module execution across multiple connected browser sessions using an event-driven architecture. - [Request Queuing](https://awesome-repositories.com/f/software-engineering-architecture/request-queuing.md) — Buffers instructions for hooked clients until the target browser establishes a connection and requests the next operation.