Fixes issue/remove-ARE (#3475)

[kaitozaw]

Pull Request

Category

Auto-Run Engine

Feature/Issue Description

Q: Please give a brief summary of your feature/fix
A: Removes the Auto-Run Engine (ARE) - a legacy feature that auto-executed module chains when browsers hooked based on browser/OS rules.

Client-side changes:

• Refactored misleading beef.are.status_() namespace to beef.status.() across 61 modules
• Removed obsolete ARE comments and deleted Admin UI components

Server-side changes:

• Deleted ARE engine, parser, rule loader, models, and REST handlers
• Removed ARE triggers from browser hook and WebSocket handlers
• Created migration 026 to drop executions and rules database tables

Configuration and assets:

• Deleted arerules/ directory
• Removed ARE config section from config.yaml
• Unregistered /api/autorun REST endpoint

Q: Give a technical rundown of what you have changed (if applicable)
A:
Phase 1: Module Status Code Migration
Phase 2: Remove Client-Side ARE Code
Phase 3: Remove Admin UI Components
Phase 4: Remove Server-Side Core
Phase 5: Remove Configuration and Assets

Test Cases

Q: Describe your test cases, what you have covered and if there are any use cases that still need addressing.
A:
Automated tests (bundle exec rake short):

• No new failure: 131 examples, 0 failures, 3 pending

Manual tests:

• BeEF startup: No ARE-related errors, HTTP server responds
• Database migration: Migration 026 ran, executions/rules tables dropped successfully
• Hook script: beef.status namespace present, beef.are removed (verified in 709KB hook.js)
• Access admin UI: verify no ARE tab
• Execute modules: check if they can be implemented without error
• REST API: /api/autorun returns 404, other endpoints functional
• Code cleanup: No ARE remnants found via grep

Detailed File Changes

Phase 1: Module Status Code Migration

Objective: Replace misleading beef.are.status_*() namespace with accurate beef.status.*().

Created Files (1)

core/main/client/status.js                                    [NEW, 42 lines]
  └─ Defines beef.status.success(), .error(), .unknown()

Modified Files (64)

Handler files:

core/main/handlers/modules/beefjs.rb                          [MODIFIED]
  └─ Line 26: are.js → status.js

core/main/handlers/modules/legacybeefjs.rb                     [MODIFIED]
  └─ Line 26: are.js → status.js

core/main/handlers/modules/multistagebeefjs.rb                 [MODIFIED]
  └─ Line 26: are.js → status.js

Module command.js files:

modules/browser/*/command.js                                   [MODIFIED, 12 files]
  └─ beef.are.status_success() → beef.status.success()
  └─ beef.are.status_error() → beef.status.error()
  └─ beef.are.status_unknown() → beef.status.unknown()

modules/debug/*/command.js                                     [MODIFIED, 2 files]
  └─ Removed ARE chaining code (_mod_output variables)

modules/exploits/*/command.js                                  [MODIFIED, 9 files]
modules/host/*/command.js                                        [MODIFIED, 11 files]
modules/misc/*/command.js                                       [MODIFIED, 2 files]
modules/network/*/command.js                                 [MODIFIED, 14 files]
modules/persistence/*/command.js                           [MODIFIED, 4 files]
modules/phonegap/*/command.js                              [MODIFIED, 1 files]
modules/social_engineering/*/command.js               [MODIFIED, 6 files]

Deleted Files (1)

core/main/client/are.js                                        [DELETED, 42 lines]
  └─ Old ARE status namespace, replaced by status.js

---

Phase 2: Remove Client-Side ARE Code

Objective: Remove outdated ARE reference from client initialization.

Modified Files (1)

core/main/client/init.js                                       [MODIFIED]
  └─ Line 69: Removed comment "- the Autorun Engine is initialized"
     (Comment was inaccurate - ARE was never initialized in init.js)

---

Phase 3: Remove Admin UI Components

Objective: Remove Auto Run tab and related UI components from admin panel.

Modified Files (2)

extensions/admin_ui/media/javascript/ui/panel/MainPanel.js    [MODIFIED]
  ├─ Line 41: Removed AutoRunTab instantiation
  └─ Lines 82-90: Removed Auto Run tab definition from tabs array

extensions/admin_ui/api/handler.rb                             [MODIFIED]
  └─ Lines 93-95: Removed AutoRun UI files from asset loader

Deleted Files (3)

extensions/admin_ui/media/javascript/ui/panel/AutoRunTab.js   [DELETED, 185 lines]
  └─ Main rules management interface

extensions/admin_ui/media/javascript/ui/panel/AutoRunRuleForm.js [DELETED, 181 lines]
  └─ Single rule editor form

extensions/admin_ui/media/javascript/ui/panel/AutoRunModuleForm.js [DELETED, 172 lines]
  └─ Module configuration form for rules

---

Phase 4: Remove Server-Side Core

Objective: Remove ARE engine, models, REST handlers, triggers, and tests.

Modified Files (5)

beef                                                           [MODIFIED]
  └─ Lines 265-268: Removed ARE rule loader initialization

core/bootstrap.rb                                              [MODIFIED]
  ├─ Lines 32-35: Removed ARE engine requires
  └─ Line 52: Removed ARE REST handler require

core/core.rb                                                   [MODIFIED]
  ├─ Line 20: Removed require 'core/main/models/rule'
  └─ Line 21: Removed require 'core/main/models/execution'

core/main/handlers/browserdetails.rb                           [MODIFIED]
  └─ Lines 561-563: Removed ARE trigger when browser hooks via XHR
     (Only triggered if WebSocket disabled)

core/main/network_stack/websocket/websocket.rb                 [MODIFIED]
  ├─ Line 111: Removed ARE error message
  ├─ Line 115: Removed ARE trigger on WebSocket connection
  └─ Lines 143-150: Removed ARE execution delivery code

Deleted Files (7)

ARE Engine Core:

core/main/autorun_engine/engine.rb                             [DELETED, 590 lines]
  └─ Main ARE orchestration engine (singleton)

core/main/autorun_engine/parser.rb                             [DELETED, 82 lines]
  └─ JSON rule file parser

core/main/autorun_engine/rule_loader.rb                        [DELETED, 220 lines]
  └─ Rule discovery and loading from arerules/

ARE Models:

core/main/models/execution.rb                                  [DELETED, 14 lines]
  └─ ActiveRecord model for executions table

core/main/models/rule.rb                                       [DELETED, 16 lines]
  └─ ActiveRecord model for rules table

ARE REST API:

core/main/rest/handlers/autorun_engine.rb                      [DELETED, 158 lines]
  └─ REST API handlers for /api/autorun/* endpoints

ARE Tests:

spec/beef/core/main/autorun_engine/autorun_engine_spec.rb     [DELETED, entire directory]
  └─ RSpec tests for ARE functionality

Created Files (1)

core/main/ar-migrations/026_remove_autorun_tables.rb          [NEW, 16 lines]
  └─ Database migration to drop executions and rules tables

---

Phase 5: Remove Configuration and Assets

Objective: Remove ARE configuration, rule files, and REST API registration.

Modified Files (2)

config.yaml                                                    [MODIFIED]
  └─ Lines 105-116: Removed autorun configuration section
     - result_poll_interval
     - result_poll_timeout
     - continue_after_timeout

core/main/rest/api.rb                                          [MODIFIED]
  ├─ Lines 51-55: Removed RegisterAutorunHandler module
  └─ Line 64: Removed Autorun handler API registration

Deleted Files (26)

ARE Rule Files:

arerules/                                                      [DELETED, entire directory]
  ├─ alert.json
  ├─ c_osx_test-return-mods.json
  ├─ confirm_close_tab.json
  ├─ enabled/README
  ├─ ff_osx_extension-dropper.json
  ├─ get_cookie.json
  ├─ ie_win_fakenotification-clippy.json
  ├─ ie_win_htapowershell.json
  ├─ ie_win_missingflash-prettytheft.json
  ├─ ie_win_test-return-mods.json
  ├─ lan_cors_scan.json
  ├─ lan_cors_scan_common.json
  ├─ lan_fingerprint.json
  ├─ lan_fingerprint_common.json
  ├─ lan_flash_scan.json
  ├─ lan_flash_scan_common.json
  ├─ lan_http_scan.json
  ├─ lan_http_scan_common.json
  ├─ lan_ping_sweep.json
  ├─ lan_ping_sweep_common.json
  ├─ lan_port_scan.json
  ├─ lan_sw_port_scan.json
  ├─ man_in_the_browser.json
  ├─ raw_javascript.json
  ├─ record_snapshots.json
  └─ win_fake_malware.json

[kaitozaw]

Once the PR is accepted, I will do the following before merging

• delete the relevant wiki: https://github.com/beefproject/beef/wiki/Autorun-Rule-Engine
• draft a release note with CHANGELOG, ask for review and publish it after acceptance.