beef

BeEF stands for Browser Exploitation Framework. It is a penetration testing tool used by security professionals to assess how vulnerable a target environment is to web browser-based attacks. Unlike tools that probe firewalls, servers, or operating systems, BeEF focuses specifically on the browser as the entry point. The logic behind this approach is that most network defenses harden the perimeter, but the browser remains an open door that connects internal systems to untrusted web content.

When a security tester deploys BeEF, the tool "hooks" one or more web browsers, meaning those browsers connect back to the BeEF control server and can be issued commands. From that position, the tester can probe what an attacker might do with access to that browser context. This is intended for authorized penetration tests where the tester has permission to evaluate the target environment.

To run BeEF, you need Mac OS or Linux (Windows is explicitly not supported), Ruby 3.0 or newer, SQLite 3.x, and Node.js 10 or newer. An install script is included that handles the required operating system packages and Ruby gem dependencies in one step. After installation, starting BeEF launches a local web interface where the tester can see connected browsers, select and run command modules, and review results.

The project has been active since 2006. The README points to a wiki for full installation instructions and configuration guidance, including notes on securing the BeEF instance itself so it is not accidentally exposed. A JavaScript API reference, FAQ, and user guide are also available. Community support runs through a Discord server, and bugs are reported via GitHub Issues.

The README does not describe individual command modules or provide examples of what specific tests look like. For that, the project wiki is the recommended starting point.