github/Responder
1
0
Fork 0
mirror of https://github.com/lgandx/Responder.git synced 2025-07-06 04:51:23 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #275 from nodauf/master

Browse source 
Random TTL value added to avoid some EDR detections
This commit is contained in:
lgandx 2024-05-06 07:33:27 -03:00 committed by GitHub
commit bf25abfec8
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
6 changed files with 18 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

12
settings.py
View file

@ -173,6 +173,18 @@ class Settings:
self.ExternalIP6 = options.ExternalIP6
self.Quiet_Mode = options.Quiet
# TTL blacklist. Known to be detected by SOC / XDR
TTL_blacklist = [b"\x00\x00\x00\x1e", b"\x00\x00\x00\x78", b"\x00\x00\x00\xa5"]
# Random TTL
if options.TTL is None:
TTL = bytes.fromhex("000000"+format(random.randint(10,90),'x'))
if TTL in TTL_blacklist:
TTL = int.from_bytes(TTL, "big")+1
TTL = int.to_bytes(TTL, 4)
self.TTL = TTL.decode('utf-8')
else:
self.TTL = bytes.fromhex("000000"+options.TTL).decode('utf-8')
#Do we have IPv6 for real?
self.IPv6 = utils.Probe_IPv6_socket()