MCPcopy Index your code
hub / github.com/codeexpress/respounder

github.com/codeexpress/respounder @v1.2

Chat with this repo
repository ↗ · DeepWiki ↗ · release v1.2 ↗ · + Follow
7 symbols 17 edges 1 files 5 documented · 71%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

res·pound·er

/rɪˈspaʊnd dər/ noun

  • A tool that detects presence of a Responder in the network
  • Identifies compromised machines before hackers run away with the loot (hashes)

Respounder sends LLMNR name resolution requests for made-up hostnames that do not exist. In a normal non-adversarial network we do not expect such names to resolve. However, a responder, if present in the network, will resolve such queries and therefore will be forced to reveal itself.

Download

Latest Releases

Respounder is available for 32/64 bit linux, OS X and Windows systems. Latest versions can be downloaded from the Release tab above.

Build from source

This is a golang project with no dependencies. Assuming you have golang compiler installed, the following will build the binary from scratch

$ git clone https://github.com/codeexpress/respounder
$ cd respounder
$ go build -o respounder respounder.go

Usage

Running respounder is as simple as invoking it on the command line. Example invocation:

$ ./respounder


     .´/
    / (           .----------------.
    [ ]░░░░░░░░░░░|// RESPOUNDER //|
    ) (           '----------------'
    '-'

[wlan0]    Sending probe from 192.168.0.19...   responder not detected
[vmnet1]   Sending probe from 172.16.211.1...   responder not detected
[vmnet8]   Sending probe from 172.16.55.1...    responder detected at 172.16.55.128

Flags

$ ./respounder [-json] [-debug] [-hostname testhostname | -rhostname]

Flags:
  -json
        Prints a JSON to STDOUT if a responder is detected on
        the network. Other text is sent to STDERR
  -debug
        Creates a debug.log file with a trace of the program
  -interface string
        Interface where responder will be searched (eg. eth0).
        Not specifying this flag will search on all interfaces.
  -hostname string
        Hostname to search for (default "aweirdcomputername")
  -rhostname
        Searches for a hostname comprised of random string instead
        of the default hostname ("aweirdcomputername")

Typical usage scenario

Personal

Detect rogue hosts running responder on public Wi-Fi networks e.g. like airports, cafés and avoid joining such networks (especially if you are running windows OS)

Corporate

Detect network compromises as soon as they happen by running respounder in a loop

For eg. the following crontab runs respounder every minute and logs a JSON file to syslog whenever a responder is detected.

* * * * * /path/to/respounder -json | /usr/bin/logger -t responder-detected

Example syslog entry:

code@express:~/$ sudo tail -f /var/log/syslog
Feb  9 03:44:07 responder-detected: [{"interface":"vmnet8","responderIP":"172.16.55.128","sourceIP":"172.16.55.1"}]

Demo

Respounder in action

Coming Up Next: Android App

There are plans to port this tool to an android app so that adversarial Wi-Fi networks (eg. WiFi Pineapple or WiFi Pumpkin running responder) can be detected right from a mobile phone.

Core symbols most depended-on inside this repo

checkResponderOnInterface
called by 2
respounder.go
sendLLMNRProbe
called by 1
respounder.go
randomHostname
called by 1
respounder.go
getValidIPv4Addr
called by 1
respounder.go
initFlags
called by 1
respounder.go
init
called by 0
respounder.go
main
called by 0
respounder.go

Shape

Function 7

Languages

Go100%

Modules by API surface

respounder.go7 symbols

For agents

$ claude mcp add respounder \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact