Respotter: Open-source Responder honeypot – Help Net Security

Respotter: Open-source Responder honeypot - Help Net Security

Respotter is an open-source honeypot designed to detect attackers when they launch Responder within your environment.

This application identifies active instances of Responder by exploiting its behavior when responding to any DNS query. Respotter leverages LLMNR, mDNS, and NBNS protocols to query a non-existent hostname (default: Loremipsumdolorsitamet). If any of these requests receive a response, Responder is likely operating on your network.

Respotter can send webhooks to Slack, Teams, or Discord. It also supports sending events to a syslog server to be ingested by a SIEM.

“I wanted an easy-to-deploy, lightweight Responder Honeypot. I could not find one, so I wrote a script after trying my hand at red-teaming with Respotter. I designed it with a few features intentionally,” Baden Erb, the creator of Respotter, told Help Net Security.

Respotter is available for free on GitHub.

Respotter: Open-source Responder honeypot - Help Net Security

Must read:



Source link