BeEF是一个用于合法研究和测试目的的专业浏览器漏洞利用框架。它允许有经验的渗透测试人员或系统管理员对目标进行攻击测试。攻击成功以后会加载浏览器劫持会话。BEEF可以利用跨站脚本漏洞。目前beef更新至0.4.2.9 alpha版，新版主要改变如下:
    A lot of bugs from the BeEF requester have been fixed, that has an impact on the efficiency of the proxy, xssrays and other components. The xssrays extension is now functioning more efficiently as smaller bugs have been removed and its ability to crawl a site has been increased. Quite a few number of modules have been added, including many IPEC (inter-protocol exploit and communication) Windows bindshell modules. This effectively allows commands to be sent to a listening bindshell from the victim hooked browser!

     This version also adds the autorun functionality, which however breaks Metasploit interoperability. (again!) This version also adds the console interface, which will be fully functional by the end of this year. It is not enabled by default and allows you to use a shell and not the web interface.
工具下载:http://code.google.com/p/beef/downloads/list