Responder ⚙️

Responder (Python) is a great tool for LLMNR, NBTNS, MDNS poisoning and WPAD spoofing but it can also be used in "analyze" modes.

BROWSER mode: inspect Browse Service messages and map IP addresses with NetBIOS names
LANMAN mode: passively map domain controllers, servers and workstations joined to a domain with the Browser protocol (see this).
LLMNR, NBTNS, MDNS modes: inspect broadcast and multicast name resolution requests

The following command will enable the analyze modes and will give interesting information like

Domain Controller, SQL servers, workstations
Fully Qualified Domain Name (FQDN)
Windows versions in used
The "enabled" or "disabled" state of protocols like LLMNR, NBTNS, MDNS, LANMAN, BROWSER

responder --interface "eth0" --analyze
responder -I "eth0" -A

Last updated 2 years ago