A BeEF-XSS web-based automation tool for controlled lab environments.
This tool is intended for educational purposes only and must be used exclusively in authorized and controlled environments. Do not use it against systems you do not own or do not have explicit permission to test. The objective of Lithium is to automate a setup process, not to harm any system or network. The author is not responsible for any misuse, damage, or illegal activity caused by this tool.
- BeEF-XSS [Browser Exploitation Framework]
- NGROK [For tunneling]
- NGROK Authtoken
- git [To clone this repository]
- chmod [To make the bash script executable]
- Root
- Any Linux-based operating system
Clone the repository:
git clone https://github.com/Zerium-99/Lithium.gitNavigate to the "Lithium" folder
cd LithiumMake the file executable
chmod +x Lithium.shMove Lithium.sh to the path where beef-xss is installed.
mv Lithium.sh <path>Execute the file
sudo ./Lithium.shLithium is a BeEF-XSS automation tool for controlled lab environments. Its purpose is to automate the following task: hosting a hook url using a tunneling service.
It provides four options:
- Install Ngrok: Automatically installs ngrok from its official repository, simplifying tunneling setup.
- Enable Ngrok authtoken: Lets the user input and register their ngrok authentication token to enable secure tunneling.
- Start the Testing Environment
- Exit from the tool
Lithium Sets up:
- BeEF login credentials
- Network and hooking parameters
- Public-facing server configuration
- Launches the BeEF framework ready for use
Lithium modifies the default beEF configuration file config.yaml, replacing it with a custom configuration file where the following parameters are set by the user:
- Username and password (For safety reasons, because using the default credentials is risky and may give unwanted access to the control panel.)
- Host ( Domain used to expose beEF)
- https (Enables secure communication when properly configured)
- allow_reverse_proxy (Required when using tunneling services like Ngrok)
When the replacement is done, BeEF gets automatically executed.
- Choose the third option on the menu
- Open a second terminal and start the ngrok tunnel on port 3000(Beef-XSS runs on port 3000):
ngrok http 3000
- Lithium will now ask you to insert the NGROK URL: insert it without "https://", otherwise it won't work and you will encounter in an error.
- For security reasons, change your credentials:
- Everything is ready, just wait for the tool to give you the new link.
[!] New credentials
Username: test
Password: test
[+] Panel URL: https://kaod9cns-24-37-88-19.ngrok-free.app/ui/panel
[+] Hook URL: https://kaod9cns-24-37-88-19.ngrok-free.app/hook.js
Lithium is designed to run in Linux-based environments where BeEF and tunneling tools are supported.
| Platform / Device | Supported | Notes |
|---|---|---|
| Arch Linux | Fully tested(The Ngrok installation doesn't work) | |
| Debian-based (Kali, Parrot, Ubuntu) | ✅ Yes | Recommended environments |
| Android (Termux) | May require manual setup | |
| Windows (Native) | ❌ No | Not supported due to dependency limitations |
| Windows + WSL | ✅ Yes | Fully tested |
| macOS | ❌ No | Not officially tested |
- Browser Exploitation (BeEF)
- XSS Hooking
- Tunneling (Ngrok)
- Configuration Automation
- Reverse Proxy Handling
Lithium is designed for:
- Red Team practice
- XSS exploitation labs
- Browser exploitation simulations
- Educational cybersecurity environments
Parrot OS
Windows 11 + WSL
