How does Beef xss work?

Alright, BeEF is a framework similar to Metasploit. BeEf uses a javascript hook.js, which when executed by a browser, gives a hook to BeEF. With a hooked browser, similar to metasploit, you have an array of exploits in front of you. Some of them are viewing cookies, browser history to the more sophisticated attacks of getting a shell. I know for a fact that there is a shell exploit that uses a JBoss vulnerability. So, how the attack works is as follows: the client visits a malicious page, which contains BeEF's hook.js script running on it, or it can be executed via a BeEF XSS attack. When this is executed, you can see that a browser is hooked to you on your BeEF control panel and thereafter, launch exploits.

More Details: The BeEF launches a BeEF instance which is a combination of the UI server(the UI which is used to launch attacks and shows the various exploits) and the communications server which coordinates and communicates with the hooked browsers. These 2 servers in collaboration make BeEF work.

BeEF has a very clean interface, by organising attacks based on type and also indicating if a particular attack is relevant to a browser (IE, FF, Chrome etc.). So you can just point and click on the attacks to launch. What purpose does it have in the real world? I am curious to know how it would enhance the security in an organisation. It can be used as a serious Pen Test tool. In most cases, when you demonstrate an XSS to a client (assuming you're a pen tester) it does not have that much of an impact when you show them a silly pop up. On the other hand, if you demonstrate XSS using BeEF, now that will give them a scare.

Further reading: http://code.google.com/p/beef/wiki/WindowsInstall