Pentest Tools

Published on July 15th, 2015 📆 | 3437 Views ⚑


Inveigh — Windows LLMNR NBNS Spoofer

TTS Demo

Inveigh is a Windows PowerShell LLMNR/NBNS spoofer designed to assist penetration testers that find themselves limited to a Windows system. This can commonly occur while performing phishing attacks, USB drive attacks, VLAN pivoting, or simply being restricted to a Windows system as part of client imposed restrictions.


[adsense size='1']

  • Currently supports IPv4 LLMNR/NBNS spoofing and HTTP/SMB NTLMv1/NTLMv2 challenge/response capture.
  • LLMNR/NBNS spoofing is performed through sniffing and sending with raw sockets.
  • SMB challenge/response captures are performed by sniffing over the host system’s SMB service.
  • HTTP challenge/response captures are performed with a dedicated listener.
  • The local LLMNR/NBNS services do not need to be disabled on the host system.
  • LLMNR/NBNS spoofer will point victims to host system’s SMB service, keep account lockout scenarios in mind.
  • Kerberos should downgrade for SMB authentication due to spoofed hostnames not being valid in DNS.
  • Ensure that the LMMNR,NBNS,SMB,HTTP ports are open within any local firewall on the host system.
  • Output files will be created in current working directory.
  • If you copy/paste challenge/response captures from output window for password cracking, remove carriage returns.




Obtain an elevated administrator or SYSTEM shell. If necessary, use a method to bypass script execution policy.

To execute with default settings:

Inveigh.ps1 -i localip

To execute with features enabled/disabled:

Inveigh.ps1 -i localip -LLMNR Y/N -NBNS Y/N -HTTP Y/N -HTTPS Y/N -SMB Y/N -Repeat Y/N -ForceWPADAuth Y/N
 [adsense size='1']

Windows LLMNR NBNS Spoofer: Inveigh


Tagged with:

Comments are closed.