Got-Responded - A Simple Tool To Detect NBT-NS And LLMNR Spoofing

2019-03-25T20:23:08
ID KITPLOIT:4069045868243394203
Type kitploit
Reporter KitPloit
Modified 2019-03-25T20:23:08

Description

Pentesters, Redteamers and even real attackers love to use tools like Responder to spoof LLMNR and/or NBT-NS responses. There are some awesome other tools to help with detection, such as respounder . But I wanted to figure it out for my self, and at the same time add a way to push "honey" tokens (fake AD credentials) to people using these spoofing tools.

How to install

git clone https://github.com/joda32/got-responded.git
cd got-responded
python3 -m venv responded-env
source responded-env/bin/activate
pip install -r requirements.txt

How to use it

Simple mode
This will start it in default mode, will check for both LLMNR and NBT-NS spoofing, but will not send fake SMB creds

python got-responded.py

Download Got-Responded