|
1 | | -## res·pound·er |
| 1 | +<img src="https://i.imgur.com/o1Gya0D.png" width=300px /> |
| 2 | + |
| 3 | +# res·pound·er |
2 | 4 | <span>/rɪˈspaʊnd dər/</span></span> |
3 | 5 | <i>noun</i> |
4 | 6 | <ul> |
5 | 7 | <li> |
6 | 8 | <div style="margin-left:10px; display:inline;"> |
7 | | - A tool that detects presence of a [Responder](https://github.com/SpiderLabs/Responder) in the network |
| 9 | + A tool that detects presence of a <a href=https://github.com/SpiderLabs/Responder>Responder</a> in the network |
8 | 10 | </div> |
9 | 11 | </li> |
10 | 12 | <li> |
11 | 13 | <div style="margin-left:10px; display:inline;"> |
12 | | - Catches hackers before they run away with the loot (hashes) |
| 14 | + Identifies compromised machines before hackers run away with the loot (hashes) |
13 | 15 | </div> |
14 | 16 | </li> |
15 | 17 | </ul> |
16 | 18 |
|
17 | | - Respounder sends LLMNR name resolution requests for made-up hostnames that do not exist. In a normal non-adversarial network, we do not expect such names to resolve. However, a responder, if present in the network, will resolve such queries and therefore get detected. |
| 19 | + Respounder sends LLMNR name resolution requests for made-up hostnames that do not exist. |
| 20 | + In a normal non-adversarial network we do not expect such names to resolve. |
| 21 | + However, a responder, if present in the network, will resolve such queries |
| 22 | + and therefore will be forced to reveal itself. |
| 23 | + |
| 24 | +## Download |
| 25 | + |
| 26 | +### Latest Releases |
| 27 | +Respounder is available for 32/64 bit linux, OS X and Windows systems. |
| 28 | +Latest versions can be downloaded from the [Release](https://github.com/codeexpress/respounder/releases) tab above. |
| 29 | + |
| 30 | +### Build from source |
| 31 | +This is a golang project with no dependencies. Assuming you have golang compiler installed, |
| 32 | +the following will build the binary from scratch |
| 33 | +``` |
| 34 | +$ git clone blah |
| 35 | +$ cd respounder |
| 36 | +$ go build respounder |
| 37 | +``` |
| 38 | + |
| 39 | +## Usage |
| 40 | + |
| 41 | +Running `respounder` is as simple as invoking it on the command line. |
| 42 | +The following will display output on the terminal. |
| 43 | +``` |
| 44 | +$ ./respounder |
| 45 | +``` |
| 46 | +To detect a compromise as soon as it happens, **run respounder as a cron job running every minute** |
| 47 | + |
| 48 | +### Flags |
| 49 | + |
| 50 | +``` |
| 51 | +$ ./respounder [-json] [-debug] |
| 52 | +
|
| 53 | +Flags: |
| 54 | + -json |
| 55 | + Prints a JSON to STDOUT if a responder is detected on |
| 56 | + network. Other text is sent to STDERR |
| 57 | + -debug |
| 58 | + Creates a debug.log file with a trace of the program |
| 59 | + -help |
| 60 | + Displays this help |
| 61 | +``` |
| 62 | + |
| 63 | +## Demo |
| 64 | + |
| 65 | + |
0 commit comments