Merge branch 'master' of https://github.com/lgandx/Responder

Fix pyproject.toml license metadata incompatibility with PDM backend

.gitignore

@@ -1,5 +1,6 @@
 # Python artifacts
 *.pyc
+.venv/
 
 # Responder logs
 *.db
@@ -9,3 +10,6 @@
 # Generated certificates and keys
 certs/*.crt
 certs/*.key
+
+# IDE
+.idea/

README.md

@@ -101,15 +101,32 @@ Edit this file /etc/NetworkManager/NetworkManager.conf and comment the line: `dn
 
 - This tool is not meant to work on Windows.
 
-- For OSX, please note: Responder must be launched with an IP address for the -i flag (e.g. -i YOUR_IP_ADDR). There is no native support in OSX for custom interface binding. Using -i en1 will not work. Also to run Responder with the best experience, run the following as root:
+- For macOS, please note: Responder must be launched with an IP address for the -i flag (e.g. -i YOUR_IP_ADDR). There is no native support in OSX for custom interface binding. Using -i en1 will not work. Also to run Responder with the best experience, run the following as root:
 
-    launchctl unload /System/Library/LaunchDaemons/com.apple.Kerberos.kdc.plist
+```
+launchctl bootout system /System/Library/LaunchDaemons/com.apple.Kerberos.kdc.plist
+launchctl bootout system /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
+launchctl bootout system /System/Library/LaunchDaemons/com.apple.smbd.plist
+launchctl bootout system /System/Library/LaunchDaemons/com.apple.netbiosd.plist
+```
 
-    launchctl unload /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
+## Install ##
 
-    launchctl unload /System/Library/LaunchDaemons/com.apple.smbd.plist
+Using pipx
 
-    launchctl unload /System/Library/LaunchDaemons/com.apple.netbiosd.plist
+```bash
+pipx install git+https://github.com/lgandx/Responder.git
+```
+
+Manual:
+```bash
+git clone https://github.com/lgandx/Responder
+cd Responder/
+python3 -m venv .
+source bin/activate
+python3 -m pip install netifaces
+sudo python3 Responder.py
+```
 
 ## Usage ##
 
@@ -169,10 +186,10 @@ Options:
                         random TTL
     -N ANSWERNAME, --AnswerName=ANSWERNAME
                         Specifies the canonical name returned by the LLMNR
-                        poisoner in tits Answer section. By default, the
+                        poisoner in its Answer section. By default, the
                         answer's canonical name is the same as the query.
                         Changing this value is mainly useful when attempting
-                        to perform Kebreros relaying over HTTP.
+                        to perform Kerberos relaying over HTTP.
     -E, --ErrorCode     Changes the error code returned by the SMB server to
                         STATUS_LOGON_FAILURE. By default, the status is
                         STATUS_ACCESS_DENIED. Changing this value permits to
@@ -182,9 +199,11 @@ Options:
 
 ## Donation ##
 
-You can contribute to this project by donating to the following $XLM (Stellar Lumens) address:
+You can contribute to this project by donating to the following USDT or Bitcoin address:
 
-"GCGBMO772FRLU6V4NDUKIEXEFNVSP774H2TVYQ3WWHK4TEKYUUTLUKUH"
+USDT: TNS8ZhdkeiMCT6BpXnj4qPfWo3HpoACJwv
+
+BTC: 15X984Qco6bUxaxiR8AmTnQQ5v1LJ2zpNo
 
 Paypal:
 

Responder.py

@@ -47,7 +47,7 @@ parser.add_option('--lm',                  action="store_true", help="Force LM h
 parser.add_option('--disable-ess',         action="store_true", help="Force ESS downgrade. Default: False", dest="NOESS_On_Off", default=False)
 parser.add_option('-v','--verbose',        action="store_true", help="Increase verbosity.", dest="Verbose")
 parser.add_option('-t','--ttl',            action="store",      help="Change the default Windows TTL for poisoned answers. Value in hex (30 seconds = 1e). use '-t random' for random TTL", dest="TTL", metavar="1e", default=None)
-parser.add_option('-N', '--AnswerName',	   action="store",      help="Specifies the canonical name returned by the LLMNR poisoner in tits Answer section. By default, the answer's canonical name is the same as the query. Changing this value is mainly useful when attempting to perform Kebreros relaying over HTTP.", dest="AnswerName", default=None)
+parser.add_option('-N', '--AnswerName',	   action="store",      help="Specifies the canonical name returned by the LLMNR poisoner in its Answer section. By default, the answer's canonical name is the same as the query. Changing this value is mainly useful when attempting to perform Kerberos relaying over HTTP.", dest="AnswerName", default=None)
 parser.add_option('-E', '--ErrorCode',     action="store_true",      help="Changes the error code returned by the SMB server to STATUS_LOGON_FAILURE. By default, the status is STATUS_ACCESS_DENIED. Changing this value permits to obtain WebDAV authentications from the poisoned machines where the WebClient service is running.", dest="ErrorCode", default=False)
 options, args = parser.parse_args()
 

poisoners/DHCP.py

@@ -240,8 +240,9 @@ def ParseSrcDSTAddr(data):
 
 def FindIP(data):
     IPPos = data.find(b"\x32\x04") + 2
-    if IPPos == -1 or IPPos + 4 >= len(data):
-        return None
+    if IPPos == -1 or IPPos + 4 >= len(data) or IPPos == 1:
+        #Probably not present in the DHCP options we received, let's grab it from the IP header instead
+        return data[12:16]
     else:
         IP = data[IPPos:IPPos+4]
         return IP

poisoners/LLMNR.py

@@ -71,7 +71,9 @@ class LLMNR(BaseRequestHandler):  # LLMNR Server class
 			if data[2:4] == b'\x00\x00' and LLMNRType:
 				if settings.Config.AnalyzeMode:
 					LineHeader = "[Analyze mode: LLMNR]"
-					print(color("%s Request by %s for %s, ignoring" % (LineHeader, self.client_address[0].replace("::ffff:",""), Name), 2, 1))
+					# Don't print if in Quiet Mode
+					if not settings.Config.Quiet_Mode:
+						print(color("%s Request by %s for %s, ignoring" % (LineHeader, self.client_address[0].replace("::ffff:",""), Name), 2, 1))
 					SavePoisonersToDb({
 							'Poisoner': 'LLMNR', 
 							'SentToIp': self.client_address[0], 

poisoners/MDNS.py

@@ -64,7 +64,9 @@ class MDNS(BaseRequestHandler):
 				return None
 
 			if settings.Config.AnalyzeMode:  # Analyze Mode
-				print(text('[Analyze mode: MDNS] Request by %-15s for %s, ignoring' % (color(self.client_address[0].replace("::ffff:",""), 3), color(Request_Name, 3))))
+				# Don't print if in Quiet Mode
+				if not settings.Config.Quiet_Mode:
+					print(text('[Analyze mode: MDNS] Request by %-15s for %s, ignoring' % (color(self.client_address[0].replace("::ffff:",""), 3), color(Request_Name, 3))))
 				SavePoisonersToDb({
 						'Poisoner': 'MDNS', 
 						'SentToIp': self.client_address[0], 

poisoners/NBTNS.py

@@ -36,7 +36,9 @@ class NBTNS(BaseRequestHandler):
 
 			if data[2:4] == b'\x01\x10':
 				if settings.Config.AnalyzeMode:  # Analyze Mode
-					print(text('[Analyze mode: NBT-NS] Request by %-15s for %s, ignoring' % (color(self.client_address[0].replace("::ffff:",""), 3), color(Name, 3))))
+					# Don't print if in Quiet Mode
+					if not settings.Config.Quiet_Mode:
+						print(text('[Analyze mode: NBT-NS] Request by %-15s for %s, ignoring' % (color(self.client_address[0].replace("::ffff:",""), 3), color(Name, 3))))
 					SavePoisonersToDb({
 							'Poisoner': 'NBT-NS', 
 							'SentToIp': self.client_address[0], 

pyproject.toml

@@ -0,0 +1,30 @@
+[build-system]
+requires = ["pdm-backend >= 2.4.0"]
+build-backend = "pdm.backend"
+
+[project]
+name = "Responder-poisoner" # "responder" is already taken
+description = "LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication."
+readme = "README.md"
+license = "GPL-3.0-only"
+license-files = ["LICENSE"]
+dynamic = ["version"]
+dependencies = ["aioquic", "netifaces>=0.10.4"]
+classifiers = [
+    "Operating System :: MacOS",
+    "Operating System :: POSIX :: Linux",
+    "Topic :: Security"
+]
+
+[project.urls]
+Homepage = "https://github.com/lgandx/Responder"
+Issues = "https://github.com/lgandx/Responder/issues"
+
+[project.scripts]
+responder = "Responder:main"
+
+[tool.pdm.build]
+includes = ["*.py", "files/", "poisoners/", "servers/", "certs/", "tools/", "Responder.conf"]
+
+[tool.pdm.version]
+source = "scm"

settings.py

@@ -23,7 +23,7 @@ import subprocess
 
 from utils import *
 
-__version__ = 'Responder 3.1.6.0'
+__version__ = 'Responder 3.1.7.0'
 
 class Settings:
 	

utils.py

@@ -28,7 +28,7 @@ import random
 try:
 	import netifaces
 except:
-	sys.exit('You need to install python-netifaces or run Responder with python3...\nTry "apt-get install python-netifaces" or "pip install netifaces"')
+	sys.exit('You need to install python3-netifaces or run Responder with python3...\nTry "apt-get install python3-netifaces" or "pip install netifaces"')
 
 try:
 	import aioquic
@@ -485,22 +485,14 @@ def banner():
 	])
 
 	print(banner)
-	print("\n           \033[1;33mNBT-NS, LLMNR & MDNS %s\033[0m" % settings.__version__)
-	print('')
-	print("  To support this project:")
-	print("  Github -> https://github.com/sponsors/lgandx")
-	print("  Paypal  -> https://paypal.me/PythonResponder")
-	print('')
-	print("  Author: Laurent Gaffie (laurent.gaffie@gmail.com)")
-	print("  To kill this script hit CTRL-C")
 	print('')
 
 
 def StartupMessage():
 	enabled  = color('[ON]', 2, 1) 
 	disabled = color('[OFF]', 1, 1)
-
 	print('')
+	print(color("[*] ", 2, 1) + 'Sponsor this project: [USDT: TNS8ZhdkeiMCT6BpXnj4qPfWo3HpoACJwv] , [BTC: 15X984Qco6bUxaxiR8AmTnQQ5v1LJ2zpNo]\n')
 	print(color("[+] ", 2, 1) + "Poisoners:")
 	print('    %-27s' % "LLMNR" + (enabled if (settings.Config.AnalyzeMode == False and settings.Config.LLMNR_On_Off) else disabled))
 	print('    %-27s' % "NBT-NS" + (enabled if (settings.Config.AnalyzeMode == False and settings.Config.NBTNS_On_Off) else disabled))
@@ -579,4 +571,8 @@ def StartupMessage():
 	print('    %-27s' % "Responder Machine Name" + color('[%s]' % settings.Config.MachineName, 5, 1))
 	print('    %-27s' % "Responder Domain Name" + color('[%s]' % settings.Config.DomainName, 5, 1))
 	print('    %-27s' % "Responder DCE-RPC Port " + color('[%s]' % settings.Config.RPCPort, 5, 1))
-
+	
+	#credits
+	print('')
+	print(color("[*] ", 2, 1)+"Version: "+settings.__version__)
+	print(color("[*] ", 2, 1)+"Author: Laurent Gaffie, <lgaffie@secorizon.com>")