2 Repos
Fake servers that host multiple protocols simultaneously to capture credentials across diverse authentication mechanisms.
Distinct from Protocol Server Hosting: Distinct from Protocol Server Hosting: focuses on malicious credential-capturing servers rather than legitimate managed hosting.
Explore 2 awesome GitHub repositories matching devops & infrastructure · Rogue Multi-Protocol Servers. Refine with filters or upvote what's useful.
Responder is a network penetration testing tool that intercepts and spoofs link-local name resolution queries, including LLMNR, NBT-NS, and mDNS, to redirect traffic to an attacker-controlled host. It hosts rogue protocol servers for over 15 protocols, capturing authentication credentials during challenge-response handshakes, and stores captured hashes and cleartext credentials in a SQLite database for structured offline analysis. The tool distinguishes itself through its ability to relay captured NTLM authentication challenges to target services for lateral movement without cracking the hash
Hosts fake servers for HTTP, SMB, MSSQL, FTP, LDAP, Kerberos, DNS, RDP, WinRM, and DCERPC to capture credentials.
Responder is a man-in-the-middle framework and network protocol spoofing tool designed to intercept network name queries and impersonate requested resources. It functions as a poisoner for LLMNR, NBT-NS, and MDNS, redirecting network traffic from clients to a controlled listener. The project serves as a credential capture tool that runs rogue servers for SMB, HTTP, and LDAP to collect NTLM hashes and clear text credentials. It enables the harvesting of encrypted authentication tokens and the interception of usernames and passwords sent without encryption. Its broader capabilities include int
Runs concurrent rogue servers for SMB, HTTP, and LDAP to capture authentication credentials.