A BeEF-XSS web-based automation tool for controlled lab environments.
Lithium.mp4
This tool is intended for educational purposes only and must be used exclusively in authorized and controlled environments. Do not use it against systems you do not own or do not have explicit permission to test. The objective of Lithium is to automate a setup process, not to harm any system or network. The author is not responsible for any misuse, damage, or illegal activity caused by this tool.
- BeEF-XSS [Browser Exploitation Framework]
- NGROK [For tunneling]
- NGROK Authtoken
- git [To clone this repository]
- chmod [To make the bash script executable]
- Root
- Any Linux-based operating system
Clone the repository:
git clone https://github.com/Zerium-99/Lithium.gitNavigate to the "Lithium" folder
cd LithiumMake the file executable
chmod +x Lithium.shMove Lithium.sh to the path where beef-xss is installed.
mv Lithium.sh <path>Execute the file
sudo ./Lithium.shLithium is a BeEF-XSS automation tool for controlled lab environments. Its purpose is to automate the following task: hosting a hook url using a tunneling service.
It provides four options:
- Install Ngrok: Automatically installs ngrok from its official repository, simplifying tunneling setup.
- Enable Ngrok authtoken: Lets the user input and register their ngrok authentication token to enable secure tunneling.
- Start the Testing Environment
- Exit from the tool
Lithium Sets up:
- BeEF login credentials
- Network and hooking parameters
- Public-facing server configuration
- Launches the BeEF framework ready for use
Lithium modifies the default beEF configuration file config.yaml, replacing it with a custom configuration file where the following parameters are set by the user:
- Username and password (For safety reasons, because using the default credentials is risky and may give unwanted access to the control panel.)
- Host ( Domain used to expose beEF)
- https (Enables secure communication when properly configured)
- allow_reverse_proxy (Required when using tunneling services like Ngrok)
When the replacement is done, BeEF gets automatically executed.
Important
Never share your ngrok authtoken, this could lead to potential attacks by malicious hackers, such as exposing your identity, consuming your network resources or even ban your account for TOS violation.
- Choose the third option on the menu
- Open a second terminal and start the ngrok tunnel on port 3000(Beef-XSS runs on port 3000):
ngrok http 3000
- Lithium will now ask you to insert the NGROK URL: insert it without "https://", otherwise it won't work and you will encounter in an error.
- For security reasons, change your credentials:
- Everything is ready, just wait for the tool to give you the new link.
[!] New credentials
Username: test
Password: test
[+] Panel URL: https://kaod9cns-24-37-88-19.ngrok-free.app/ui/panel
[+] Hook URL: https://kaod9cns-24-37-88-19.ngrok-free.app/hook.js
Lithium is designed to run in Linux-based environments where BeEF and tunneling tools are supported.
| Platform / Device | Supported | Notes |
|---|---|---|
| Arch Linux | β Yes | Recommended environment |
| Debian-based (Kali, Parrot, Ubuntu) | β Yes | Recommended environment |
| Android (Termux) | May require manual setup | |
| Windows (Native) | β No | Not supported due to dependency limitations |
| Windows + WSL | β Yes | Fully tested |
| macOS | β Yes | BeEF and Lithium Work since Mac OS is a unix based OS |
- Browser Exploitation (BeEF)
- XSS Hooking
- Tunneling (Ngrok)
- Configuration Automation
- Reverse Proxy Handling
Lithium is designed for:
- Red Team practice
- XSS exploitation labs
- Browser exploitation simulations
- Educational cybersecurity environments
Parrot OS
Windows 11 + WSL
