1

Is it possible to run the tool called BeEF to do penetration testing on real domains like example.com? As far as I know, BeEF can only be used within localhost.

I can only test my site for XSS on the real domain because of the database running.

Sir Muffington
  • 1,447
  • 2
  • 9
  • 22
Kristijan
  • 11
  • 2

1 Answers1

2

Yes, it's absolutely possible to use this tool in public...

However

Beef is a browser exploitation tool, not a server exploitation tool. If you use beef to attack browsers of other people, who have not given explicit consent to being attacked, then you are likely committing an unlawful act, depending on your jurisdiction.

So yes, technically it is possible. But no, it is likely not lawful and I would recommend against doing it.

  • 1
    @schroeder I wish I could at least say goodbye to my friends, but this will have to do. I can tell I am no longer welcome here by the powers that be, so I'll exit stage left. It's been lovely. I'll miss you all. –  Jun 15 '22 at 16:11
  • Well, then I'm sorry that things didn't work out. You always did a great job here. I'll miss it. –  Jun 15 '22 at 16:30
  • 3
    Sorry, then. See you and thanks for all your contributions. – schroeder Jun 15 '22 at 16:30
  • 4
    I'll miss you and your answers and comments as well, @MechMK1. – vidarlo Jun 15 '22 at 17:25