reddit hackernews mail facebook facebook linkedin


Responder is a LLMNR, NBT-NS and MDNS poisoner.

Responder an LLMNR, NBT-NS and MDNS poisoner. It will answer to specific NBT-NS (NetBIOS Name Service) queries based on their name suffix. By default, the tool will only answer to File Server Service request, which is for SMB.

The concept behind this is to target our answers, and be stealthier on the network. This also helps to ensure that we don't break legitimate NBT-NS behavior. You can set the -r option via command line if you want to answer to the Workstation Service request name suffix.

- Built-in SMB Auth server
- Built-in MSSQL Auth server
- Built-in HTTP Auth server
- Built-in HTTPS Auth server
- Built-in LDAP Auth server
- Built-in FTP, POP3, IMAP, SMTP Auth servers
- Built-in DNS server
- Built-in WPAD Proxy Server
- Browser Listener
- Fingerprinting
- Icmp Redirect
- Rogue DHCP
- Analyze mode

All hashes are printed to stdout and dumped in an unique file John Jumbo compliant. Additionally, all captured hashed are logged into an SQLite database.