Responder

E192910

Responder is a network analysis and credential-harvesting tool commonly used in penetration testing to capture and manipulate authentication traffic on local networks.

All labels observed (1)

Label Occurrences
Responder canonical 1

How this entity was disambiguated

Statements (50)

Predicate Object
instanceOf credential harvesting tool
network analysis tool
open-source software
penetration testing tool
canBeUsedFor Active Directory environment testing
internal network assessments
canCapture NTLMv1 hashes
NTLMv2 hashes
cleartext credentials in some protocols
category credential capture tool
network spoofing tool
red team toolkit component
domain Windows network security
network security
Offensive Security
surface form: offensive security
implementsAttack HTTP authentication capture
LLMNR poisoning
MDNS poisoning
NBT-NS poisoning
NetNTLM hash capture
SMB authentication capture
WPAD spoofing
credential relay support
license GNU General Public License
surface form: GPLv3
maintainedBy community contributors
recommendedUse authorized penetration testing only
requires network interface in promiscuous or listening mode
risk can be abused by attackers on misconfigured networks
runsOn Linux
Windows
macOS
supportsProtocol DNS
FTP
HTTP
HTTPS
LDAP
LLMNR
MDNS
NBT
surface form: NBT-NS

SMB
typicalUser penetration tester
red team operator
security researcher
usedFor NTLM hash capture
capturing authentication traffic on local networks
credential harvesting during penetration tests
manipulating authentication traffic on local networks
network protocol poisoning
relay attack preparation
writtenInLanguage Python

How these facts were elicited

Referenced by (1)

Full triples — surface form annotated when it differs from this entity's canonical label.

Kali Linux includesTool Responder