From dd2e95f38cfba280bb3c7ae794421f88a3501ca3 Mon Sep 17 00:00:00 2001 From: bcoles Date: Sun, 19 Mar 2023 23:02:46 +1100 Subject: [PATCH] Update dependencies and remove twitter nofification channel (#2760) * Extensions: Notifications: Remove twitter notification channel * Gemfile: Update dependencies --- Gemfile | 88 ++++++------ Gemfile.lock | 150 ++++++++------------- extensions/notifications/channels/tweet.rb | 39 ------ extensions/notifications/config.yaml | 7 - extensions/notifications/notifications.rb | 6 - 5 files changed, 102 insertions(+), 188 deletions(-) delete mode 100644 extensions/notifications/channels/tweet.rb diff --git a/Gemfile b/Gemfile index 7a9a45cd44..2e55b6bec4 100644 --- a/Gemfile +++ b/Gemfile @@ -6,85 +6,85 @@ #gem 'simplecov', require: false, group: :test gem 'net-smtp', require: false +gem 'json' -gem 'eventmachine' -gem 'thin' -gem 'sinatra', '>= 2.2.0' -gem 'rack', '>= 2.2.4' -gem 'rack-protection', '>= 2.2.0' -gem 'em-websocket' # WebSocket support -gem 'uglifier', '>= 4.2.0' -gem 'mime-types' -gem 'execjs' -gem 'ansi' +gem 'eventmachine', '~> 1.2', '>= 1.2.7' +gem 'thin', '~> 1.8', '>= 1.8.1' +gem 'sinatra', '~> 3.0', '>= 3.0.5' +gem 'rack', '~> 2.2', '>= 2.2.4' +gem 'rack-protection', '~> 3.0.5' +gem 'em-websocket', '~> 0.5.3' # WebSocket support +gem 'uglifier', '~> 4.2' +gem 'mime-types', '~> 3.4', '>= 3.4.1' +gem 'execjs', '~> 2.8', '>= 2.8.1' +gem 'ansi', '~> 1.5' gem 'term-ansicolor', :require => 'term/ansicolor' -gem 'json' -gem 'rubyzip', '>= 1.2.2' -gem 'espeak-ruby', '>= 1.0.4' # Text-to-Voice -gem 'rake', '>= 13.0' -gem 'otr-activerecord', '>= 1.4.2' -gem 'sqlite3' +gem 'rubyzip', '~> 2.3' +gem 'espeak-ruby', '~> 1.1.0' # Text-to-Voice +gem 'rake', '~> 13.0' +gem 'otr-activerecord', '~> 2.1', '>= 2.1.2' +gem 'sqlite3', '~> 1.6', '>= 1.6.1' gem 'rubocop', '~> 1.48.1', require: false # Geolocation support group :geoip do - gem 'maxmind-db' + gem 'maxmind-db', '~> 1.1', '>= 1.1.1' end -gem 'parseconfig' -gem 'erubis' +gem 'parseconfig', '~> 1.1', '>= 1.1.2' +gem 'erubis', '~> 2.7' # Metasploit Integration extension group :ext_msf do - gem 'msfrpc-client' - gem 'xmlrpc' + gem 'msfrpc-client', '~> 1.1', '>= 1.1.2' + gem 'xmlrpc', '~> 0.3.2' end # Notifications extension group :ext_notifications do - gem 'unf' - gem 'domain_name', '>= 0.5.20190701' # Pushover - gem 'rushover' + gem 'rushover', '~> 0.3.0' # Slack - gem 'slack-notifier' - # Twitter - gem 'twitter', '>= 7.0.0' + gem 'slack-notifier', '~> 2.4' end # DNS extension group :ext_dns do - gem 'async-dns' + gem 'async-dns', '~> 1.3' + gem 'async', '~> 1.31' end # QRcode extension group :ext_qrcode do - gem 'qr4r' + gem 'qr4r', '~> 0.6.1' end # For running unit tests group :test do - gem 'test-unit' - gem 'test-unit-full' - gem 'rspec' - gem 'rdoc' + gem 'test-unit-full', '~> 0.0.5' + gem 'rspec', '~> 3.12' + gem 'rdoc', '~> 6.5' + gem 'browserstack-local', '~> 1.4' + + gem 'irb', '~> 1.6', '>= 1.6.3' + gem 'pry-byebug', '~> 3.10', '>= 3.10.1' + + gem 'rest-client', '~> 2.1.0' + gem 'websocket-client-simple', '~> 0.6.1' + # curb gem requires curl libraries # sudo apt-get install libcurl4-openssl-dev - gem 'curb' + gem 'curb', '~> 1.0', '>= 1.0.5' + # selenium-webdriver 3.x is incompatible with Firefox version 48 and prior # gem 'selenium' # Requires old version of selenium which is no longer available - gem 'geckodriver-helper' - gem 'selenium-webdriver' - # nokogirl is needed by capybara which may require one of the below commands + gem 'geckodriver-helper', '~> 0.24.0' + gem 'selenium-webdriver', '~> 4.8', '>= 4.8.1' + + # nokogiri is needed by capybara which may require one of the below commands # sudo apt-get install libxslt-dev libxml2-dev # sudo port install libxml2 libxslt - gem 'capybara' - # RESTful API tests/generic command module tests - gem 'rest-client', '>= 2.1.0' - gem 'irb' - gem 'pry-byebug' - gem "websocket-client-simple", "~> 0.6.1" - gem "browserstack-local", "~> 1.4" + gem 'capybara', '~> 3.38' end source 'https://rubygems.org' diff --git a/Gemfile.lock b/Gemfile.lock index 44da098dbc..e4d0030c70 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -17,16 +17,15 @@ GEM archive-zip (0.12.0) io-like (~> 0.3.0) ast (2.4.2) - async (1.30.3) + async (1.31.0) console (~> 1.10) nio4r (~> 2.3) timers (~> 4.1) async-dns (1.3.0) async-io (~> 1.15) - async-io (1.34.0) + async-io (1.34.3) async browserstack-local (1.4.1) - buftok (0.2.0) byebug (11.1.3) capybara (3.38.0) addressable @@ -49,66 +48,49 @@ GEM em-websocket (0.5.3) eventmachine (>= 0.12.9) http_parser.rb (~> 0) - equalizer (0.0.11) erubis (2.7.0) espeak-ruby (1.1.0) event_emitter (0.2.6) eventmachine (1.2.7) execjs (2.8.1) - ffi (1.15.5) - ffi-compiler (1.0.1) - ffi (>= 1.0.0) - rake fiber-local (1.0.0) geckodriver-helper (0.24.0) archive-zip (~> 0.7) hashie (5.0.0) hashie-forbidden_attributes (0.1.1) hashie (>= 3.0) - http (4.4.1) - addressable (~> 2.3) - http-cookie (~> 1.0) - http-form_data (~> 2.2) - http-parser (~> 1.2.0) http-accept (1.7.0) http-cookie (1.0.5) domain_name (~> 0.5) - http-form_data (2.3.0) - http-parser (1.2.3) - ffi-compiler (>= 1.0, < 2.0) - http_parser.rb (0.6.0) + http_parser.rb (0.8.0) i18n (1.12.0) concurrent-ruby (~> 1.0) io-console (0.6.0) io-like (0.3.1) - irb (1.6.2) + irb (1.6.3) reline (>= 0.3.0) json (2.6.3) matrix (0.4.2) maxmind-db (1.1.1) - memoizable (0.4.2) - thread_safe (~> 0.3, >= 0.3.1) method_source (1.0.0) mime-types (3.4.1) mime-types-data (~> 3.2015) - mime-types-data (3.2022.0105) + mime-types-data (3.2023.0218.1) mini_mime (1.1.2) minitest (5.18.0) mojo_magick (0.6.7) msfrpc-client (1.1.2) msgpack (~> 1) - msgpack (1.6.0) - multipart-post (2.2.3) + msgpack (1.6.1) mustermann (3.0.0) ruby2_keywords (~> 0.0.1) - naught (1.1.0) - net-protocol (0.1.3) + net-protocol (0.2.1) timeout net-smtp (0.3.3) net-protocol netrc (0.11.0) nio4r (2.5.8) - nokogiri (1.13.10-x86_64-linux) + nokogiri (1.14.2-x86_64-linux) racc (~> 1.4) otr-activerecord (2.1.2) activerecord (>= 4.0, < 7.1) @@ -117,24 +99,24 @@ GEM parseconfig (1.1.2) parser (3.2.1.1) ast (~> 2.4.1) - power_assert (2.0.2) - pry (0.14.1) + power_assert (2.0.3) + pry (0.14.2) coderay (~> 1.1) method_source (~> 1.0) pry-byebug (3.10.1) byebug (~> 11.0) pry (>= 0.13, < 0.15) - psych (5.0.0) + psych (5.1.0) stringio - public_suffix (5.0.0) + public_suffix (5.0.1) qr4r (0.6.1) mojo_magick (~> 0.6.5) rqrcode_core (~> 0.1) - racc (1.6.1) + racc (1.6.2) rack (2.2.6.4) rack-protection (3.0.5) rack - rack-test (2.0.2) + rack-test (2.1.0) rack (>= 1.3) rainbow (3.1.1) rake (13.0.6) @@ -155,12 +137,12 @@ GEM rspec-core (~> 3.12.0) rspec-expectations (~> 3.12.0) rspec-mocks (~> 3.12.0) - rspec-core (3.12.0) + rspec-core (3.12.1) rspec-support (~> 3.12.0) - rspec-expectations (3.12.0) + rspec-expectations (3.12.2) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.12.0) - rspec-mocks (3.12.0) + rspec-mocks (3.12.4) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.12.0) rspec-support (3.12.0) @@ -186,7 +168,6 @@ GEM rexml (~> 3.2, >= 3.2.5) rubyzip (>= 1.2.2, < 3.0) websocket (~> 1.0) - simple_oauth (0.3.1) sinatra (3.0.5) mustermann (~> 3.0) rack (~> 2.2, >= 2.2.4) @@ -194,7 +175,7 @@ GEM tilt (~> 2.0) slack-notifier (2.4.0) sqlite3 (1.6.1-x86_64-linux) - stringio (3.0.2) + stringio (3.0.5) sync (0.5.0) term-ansicolor (1.7.1) tins (~> 1.0) @@ -219,23 +200,11 @@ GEM daemons (~> 1.0, >= 1.0.9) eventmachine (~> 1.0, >= 1.0.4) rack (>= 1, < 3) - thread_safe (0.3.6) - tilt (2.0.11) - timeout (0.3.0) + tilt (2.1.0) + timeout (0.3.2) timers (4.3.5) - tins (1.31.1) + tins (1.32.1) sync - twitter (7.0.0) - addressable (~> 2.3) - buftok (~> 0.2.0) - equalizer (~> 0.0.11) - http (~> 4.0) - http-form_data (~> 2.0) - http_parser.rb (~> 0.6.0) - memoizable (~> 0.4.0) - multipart-post (~> 2.0) - naught (~> 1.0) - simple_oauth (~> 0.3.0) tzinfo (2.0.6) concurrent-ruby (~> 1.0) uglifier (4.2.0) @@ -244,7 +213,7 @@ GEM unf_ext unf_ext (0.0.8.2) unicode-display_width (2.4.2) - webrick (1.7.0) + webrick (1.8.1) websocket (1.2.9) websocket-client-simple (0.6.1) event_emitter @@ -258,50 +227,47 @@ PLATFORMS x86_64-linux DEPENDENCIES - ansi - async-dns + ansi (~> 1.5) + async (~> 1.31) + async-dns (~> 1.3) browserstack-local (~> 1.4) - capybara - curb - domain_name (>= 0.5.20190701) - em-websocket - erubis - espeak-ruby (>= 1.0.4) - eventmachine - execjs - geckodriver-helper - irb + capybara (~> 3.38) + curb (~> 1.0, >= 1.0.5) + em-websocket (~> 0.5.3) + erubis (~> 2.7) + espeak-ruby (~> 1.1.0) + eventmachine (~> 1.2, >= 1.2.7) + execjs (~> 2.8, >= 2.8.1) + geckodriver-helper (~> 0.24.0) + irb (~> 1.6, >= 1.6.3) json - maxmind-db - mime-types - msfrpc-client + maxmind-db (~> 1.1, >= 1.1.1) + mime-types (~> 3.4, >= 3.4.1) + msfrpc-client (~> 1.1, >= 1.1.2) net-smtp - otr-activerecord (>= 1.4.2) - parseconfig - pry-byebug - qr4r - rack (>= 2.2.4) - rack-protection (>= 2.2.0) - rake (>= 13.0) - rdoc - rest-client (>= 2.1.0) - rspec + otr-activerecord (~> 2.1, >= 2.1.2) + parseconfig (~> 1.1, >= 1.1.2) + pry-byebug (~> 3.10, >= 3.10.1) + qr4r (~> 0.6.1) + rack (~> 2.2, >= 2.2.4) + rack-protection (~> 3.0.5) + rake (~> 13.0) + rdoc (~> 6.5) + rest-client (~> 2.1.0) + rspec (~> 3.12) rubocop (~> 1.48.1) - rubyzip (>= 1.2.2) - rushover - selenium-webdriver - sinatra (>= 2.2.0) - slack-notifier - sqlite3 + rubyzip (~> 2.3) + rushover (~> 0.3.0) + selenium-webdriver (~> 4.8, >= 4.8.1) + sinatra (~> 3.0, >= 3.0.5) + slack-notifier (~> 2.4) + sqlite3 (~> 1.6, >= 1.6.1) term-ansicolor - test-unit - test-unit-full - thin - twitter (>= 7.0.0) - uglifier (>= 4.2.0) - unf + test-unit-full (~> 0.0.5) + thin (~> 1.8, >= 1.8.1) + uglifier (~> 4.2) websocket-client-simple (~> 0.6.1) - xmlrpc + xmlrpc (~> 0.3.2) BUNDLED WITH - 2.3.19 + 2.4.8 diff --git a/extensions/notifications/channels/tweet.rb b/extensions/notifications/channels/tweet.rb deleted file mode 100644 index 77818aa894..0000000000 --- a/extensions/notifications/channels/tweet.rb +++ /dev/null @@ -1,39 +0,0 @@ -# -# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net -# Browser Exploitation Framework (BeEF) - http://beefproject.com -# See the file 'doc/COPYING' for copying permission -# -# -# -require 'twitter' - -module BeEF - module Extension - module Notifications - module Channels - class Tweet - # - # Constructor - # - def initialize(username, message) - @config = BeEF::Core::Configuration.instance - - # configure the Twitter client - client = Twitter::REST::Client.new do |config| - config.consumer_key = @config.get('beef.extension.notifications.twitter.consumer_key') - config.consumer_secret = @config.get('beef.extension.notifications.twitter.consumer_secret') - config.oauth_token = @config.get('beef.extension.notifications.twitter.oauth_token') - config.oauth_token_secret = @config.get('beef.extension.notifications.twitter.oauth_token_secret') - end - - begin - client.direct_message_create(username, message) - rescue StandardError - print_error 'Twitter send failed, verify tokens have Read/Write/DM acceess...' - end - end - end - end - end - end -end diff --git a/extensions/notifications/config.yaml b/extensions/notifications/config.yaml index 2489b9d777..5473eb7ede 100644 --- a/extensions/notifications/config.yaml +++ b/extensions/notifications/config.yaml @@ -8,13 +8,6 @@ beef: notifications: enable: false name: Notifications - twitter: - enable: false - consumer_key: app_consumer_key - consumer_secret: app_consumer_secret - oauth_token: your_oauth_token_for_this_app - oauth_token_secret: your_oauth_token_secret_for_this_app - target_username: email: enable: false from_address: sender_email_address diff --git a/extensions/notifications/notifications.rb b/extensions/notifications/notifications.rb index afd76db5e8..7d8732ac98 100644 --- a/extensions/notifications/notifications.rb +++ b/extensions/notifications/notifications.rb @@ -4,7 +4,6 @@ # See the file 'doc/COPYING' for copying permission # -require 'extensions/notifications/channels/tweet' require 'extensions/notifications/channels/email' require 'extensions/notifications/channels/pushover' require 'extensions/notifications/channels/slack_workspace' @@ -27,11 +26,6 @@ def initialize(from, event, time_now, hb) message = "#{from} #{event} #{time_now} #{hb}" - if @config.get('beef.extension.notifications.twitter.enable') == true - username = @config.get('beef.extension.notifications.twitter.target_username') - BeEF::Extension::Notifications::Channels::Tweet.new(username, message) - end - if @config.get('beef.extension.notifications.email.enable') == true to_address = @config.get('beef.extension.notifications.email.to_address') BeEF::Extension::Notifications::Channels::Email.new(to_address, message)