github/Responder
1
0
Fork 0
mirror of https://github.com/lgandx/Responder.git synced 2025-08-19 21:03:33 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Print only once a unique llmnr/nbt-ns query from one host during a session

Browse source
This commit is contained in:
lgandx 2013-12-31 15:08:03 -05:00
commit 135ed7db54
1 changed files with 38 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

44
Responder.py
View file

@ -116,6 +116,11 @@ import logging
logging.basicConfig(filename=str(os.path.join(ResponderPATH,SessionLog)),level=logging.INFO,format='%(asctime)s %(message)s', datefmt='%m/%d/%Y %I:%M:%S %p') logging.basicConfig(filename=str(os.path.join(ResponderPATH,SessionLog)),level=logging.INFO,format='%(asctime)s %(message)s', datefmt='%m/%d/%Y %I:%M:%S %p')
logging.warning('Responder Started') logging.warning('Responder Started')
Log2Filename = str(os.path.join(ResponderPATH,"LLMNR-NBT-NS.log"))
logger2 = logging.getLogger('LLMNR/NBT-NS')
logger2.addHandler(logging.FileHandler(Log2Filename,'w'))
logger2.warning('hi')
def Show_Help(ExtraHelpData): def Show_Help(ExtraHelpData):
help = "NBT Name Service/LLMNR Answerer 1.0.\nPlease send bugs/comments to: lgaffie@trustwave.com\nTo kill this script hit CRTL-C\n\n" help = "NBT Name Service/LLMNR Answerer 1.0.\nPlease send bugs/comments to: lgaffie@trustwave.com\nTo kill this script hit CRTL-C\n\n"
help+= ExtraHelpData help+= ExtraHelpData
@ -158,6 +163,20 @@ def PrintData(outfile,user):
else: else:
return True return True
def PrintLLMNRNBTNS(outfile,Message):
if Verbose == True:
return True
if os.path.isfile(outfile) == True:
with open(outfile,"r") as filestr:
if re.search(Message, filestr.read()):
filestr.close()
return False
else:
return True
else:
return True
# Break out challenge for the hexidecimally challenged. Also, avoid 2 different challenges by accident. # Break out challenge for the hexidecimally challenged. Also, avoid 2 different challenges by accident.
Challenge = "" Challenge = ""
for i in range(0,len(NumChal),2): for i in range(0,len(NumChal),2):
@ -269,8 +288,11 @@ class NB(BaseRequestHandler):
buff.calculate(data) buff.calculate(data)
for x in range(1): for x in range(1):
socket.sendto(str(buff), self.client_address) socket.sendto(str(buff), self.client_address)
print "NBT-NS Answer sent to: %s. The requested name was : %s."%(self.client_address[0], Name) Message = 'NBT-NS Answer sent to: %s. The requested name was : %s.'%(self.client_address[0], Name)
logging.warning('NBT-NS Answer sent to: %s. The requested name was : %s.'%(self.client_address[0], Name)) logging.warning(Message)
if PrintLLMNRNBTNS(Log2Filename,Message):
print Message
logger2.warning(Message)
if Is_Finger_On(Finger_On_Off): if Is_Finger_On(Finger_On_Off):
try: try:
Finger = RunSmbFinger((self.client_address[0],445)) Finger = RunSmbFinger((self.client_address[0],445))
@ -289,8 +311,11 @@ class NB(BaseRequestHandler):
buff.calculate(data) buff.calculate(data)
for x in range(1): for x in range(1):
socket.sendto(str(buff), self.client_address) socket.sendto(str(buff), self.client_address)
print "NBT-NS Answer sent to: %s. The requested name was : %s."%(self.client_address[0], Name) Message = 'NBT-NS Answer sent to: %s. The requested name was : %s.'%(self.client_address[0], Name)
logging.warning('NBT-NS Answer sent to: %s. The requested name was : %s.'%(self.client_address[0], Name)) logging.warning(Message)
if PrintLLMNRNBTNS(Log2Filename,Message):
print Message
logger2.warning(Message)
if Is_Finger_On(Finger_On_Off): if Is_Finger_On(Finger_On_Off):
try: try:
Finger = RunSmbFinger((self.client_address[0],445)) Finger = RunSmbFinger((self.client_address[0],445))
@ -791,8 +816,6 @@ class LLMNRAns(Packet):
def Parse_LLMNR_Name(data,addr): def Parse_LLMNR_Name(data,addr):
NameLen = struct.unpack('>B',data[12])[0] NameLen = struct.unpack('>B',data[12])[0]
Name = data[13:13+NameLen] Name = data[13:13+NameLen]
print "LLMNR poisoned answer sent to this IP: %s. The requested name was : %s."%(addr[0],Name)
logging.warning('LLMNR poisoned answer sent to this IP: %s. The requested name was : %s.'%(addr[0],Name))
return Name return Name
def Parse_IPV6_Addr(data): def Parse_IPV6_Addr(data):
@ -847,6 +870,11 @@ def RunLLMNR():
buff.calculate() buff.calculate()
for x in range(1): for x in range(1):
s.sendto(str(buff), addr) s.sendto(str(buff), addr)
Message = "LLMNR poisoned answer sent to this IP: %s. The requested name was : %s."%(addr[0],Name)
logging.warning(Message)
if PrintLLMNRNBTNS(Log2Filename,Message):
print Message
logger2.warning(Message)
if Is_Finger_On(Finger_On_Off): if Is_Finger_On(Finger_On_Off):
try: try:
Finger = RunSmbFinger((addr[0],445)) Finger = RunSmbFinger((addr[0],445))
@ -861,8 +889,12 @@ def RunLLMNR():
Name = Parse_LLMNR_Name(data,addr) Name = Parse_LLMNR_Name(data,addr)
buff = LLMNRAns(Tid=data[0:2],QuestionName=Name, AnswerName=Name) buff = LLMNRAns(Tid=data[0:2],QuestionName=Name, AnswerName=Name)
buff.calculate() buff.calculate()
Message = "LLMNR poisoned answer sent to this IP: %s. The requested name was : %s."%(addr[0],Name)
for x in range(1): for x in range(1):
s.sendto(str(buff), addr) s.sendto(str(buff), addr)
if PrintLLMNRNBTNS(Log2Filename,Message):
print Message
logger2.warning(Message)
if Is_Finger_On(Finger_On_Off): if Is_Finger_On(Finger_On_Off):
try: try:
Finger = RunSmbFinger((addr[0],445)) Finger = RunSmbFinger((addr[0],445))