Got-Responded – A Simple Tool To Detect NBT-NS And LLMNR Spoofing – KitPloit
Pentesters, Redteamers and even real attackers love to use tools like Responder to spoof LLMNR and/or NBT-NS responses. There are some awesome other tools to help with detection, such as respounder. But I wanted to figure it out for my self, and at the same time add a way to push "honey" tokens (fake AD credentials) to people using these spoofing tools.
git clone https://github.com/joda32/got-responded.git
cd got-responded
python3 -m venv responded-env
source responded-env/bin/activate
pip install -r requirements.txtHow to use it
Simple mode
This will start it in default mode, will check for both LLMNR and NBT-NS spoofing, but will not send fake SMB creds
python got-responded.py(function(d, s, id){var js, fjs = d.getElementsByTagName(s)[0];if (d.getElementById(id)) return;js = d.createElement(s); js.id = id;js.src = "http://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v2.5";fjs.parentNode.insertBefore(js, fjs);}(document, 'script', 'facebook-jssdk'));
Source link
Gloss