LLMNR Support?

[defensivedepth]

Would the project accept a PR for support for a canary LLMNR service?

[-] MiniLLMNR starting on 5355
[-] Starting protocol <opencanary.modules.llmnr.MiniLLMNR object at 0x7fd1d66c89d0>
[stdout#info] Sent 1 packets.
[stdout#info] Received LLMNR response for known query

{"dst_host": "", "dst_port": -1, "level": "warning", "local_time": "2023-12-29 14:32:11.722335", "local_time_adjusted": "2023-12-29 14:32:11.722349", "logdata": "Suspicious LLMNR activity detected. Query: fileserver02, Source IP: 192.168.16.24", "logtype": null, "node_id": "opencanary-1", "src_host": "", "src_port": -1, "utc_time": "2023-12-29 14:32:11.722345"}

{"dst_host": "0.0.0.0", "dst_port": 5355, "local_time": "2023-12-29 14:32:11.722551", "local_time_adjusted": "2023-12-29 14:32:11.722565", "logdata": {"RESPONSE": "DNS Ans "192.168.16.24" ", "SOURCE_IP": "192.168.16.24"}, "logtype": null, "node_id": "opencanary-1", "src_host": "192.168.16.24", "src_port": 5355, "utc_time": "2023-12-29 14:32:11.722561"}`

Responder:

[defensivedepth]

bump :)

[theidiotyouyellat]

I believe the project wanted to move these feature requests to discussions per this post.

I for one would love to see this added to opencanary.

[defensivedepth]

Ah ok.

Well, I already have this module working locally, so at this point it's more about would the project accept a PR for this functionality?

[jayjb]

Hi @defensivedepth,

Im so sorry about the delay. Please please please submit a PR so I can fight for it to be included. It looks great and any indication of badness sounds like a great idea.

[defensivedepth]

no problem! I will get some things cleaned up and get it submitted!

[defensivedepth]

PR is up!

#339