{"id":14153903,"url":"https://github.com/lawndoc/Respotter","last_synced_at":"2025-08-05T23:31:29.515Z","repository":{"id":243905616,"uuid":"813733629","full_name":"lawndoc/Respotter","owner":"lawndoc","description":"Respotter is a Responder honeypot. Detect Responder in your environment as soon as it's spun up.","archived":false,"fork":false,"pushed_at":"2024-09-05T19:16:54.000Z","size":19651,"stargazers_count":183,"open_issues_count":4,"forks_count":10,"subscribers_count":2,"default_branch":"main","last_synced_at":"2024-12-06T15:52:13.026Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lawndoc.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-06-11T16:25:41.000Z","updated_at":"2024-12-03T22:02:20.000Z","dependencies_parsed_at":"2024-08-26T18:57:37.013Z","dependency_job_id":"4a3d6681-7d96-49c4-b784-ad89abf651fd","html_url":"https://github.com/lawndoc/Respotter","commit_stats":null,"previous_names":["lawndoc/respotter"],"tags_count":26,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lawndoc%2FRespotter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lawndoc%2FRespotter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lawndoc%2FRespotter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lawndoc%2FRespotter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lawndoc","download_url":"https://codeload.github.com/lawndoc/Respotter/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":228818897,"owners_count":17976850,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-17T07:01:11.583Z","updated_at":"2024-12-09T01:30:38.119Z","avatar_url":"https://github.com/lawndoc.png","language":"Python","funding_links":[],"categories":["Other Lists"],"sub_categories":["LAB","🧪 LAB"],"readme":"# ![Respotter](./assets/respotter_logo.png)\n\n## The Responder Honeypot\n\nThis application detects active instances of [Responder](https://github.com/lgandx/Responder) by taking advantage of the fact that __Responder will respond to any DNS query__. Respotter uses LLMNR, mDNS, and NBNS protocols to search for a bogus hostname that does not exist (default: Loremipsumdolorsitamet). If any of the requests get a response back, then it means Responder is probably running on your network.\n\nRespotter can send webhooks to Slack, Teams, or Discord. It also supports sending events to a syslog server to be ingested by a SIEM. Webhooks alerts are rate limited to 1 alert per IP per hour.\n\n## Quick start\n\n```bash\ndocker run --rm --net=host ghcr.io/lawndoc/respotter\n```\n\n*Note: `--net=host` is required due to privileged socket usage when crafting request packets*\n\n## Demo\n\n![demo gif](./assets/respotter_demo.gif)\n\n## Advice for disabling vulnerable protocols\n\nRespotter tells you what will break if you disable LLMNR, mDNS, and Netbios protocols on your network devices. If any name queries are found that need to be addressed, Respotter will tell you how to fix it. Once no more remediation advice is given, you can safely disable LLMNR, mDNS, and Netbios on all hosts in Respotter's subnet.\n\nRespotter will log all sniffed queries, but it does NOT attempt to poison responses to them. Use Responder to identify accounts that are vulnerable to poisoning once a vulnerable host has been discovered by Respotter.\n\n## Other notes\n\nTools that are similar to Responder such as [Inveigh](https://github.com/Kevin-Robertson/Inveigh) can also be detected because they perform similar spoofing attacks. See [LLMNR/NTB-NS Poisoning](https://attack.mitre.org/techniques/T1557/001/) on Mitre ATT\u0026CK for more details.\n\n## Additional configuration\n\nDetailed information on configuration and deployment can be found in [the wiki](https://github.com/lawndoc/Respotter/wiki/Deploying-Respotter)\n\n## License\n\n[MIT](https://choosealicense.com/licenses/mit/)\n\n## Contributors\n\nThis project was originally created by [Baden Erb](https://badenerb.com) ([@badenerb](https://github.com/badenerb))\n\nCurrent maintainers:\n\n* [C.J. May](https://cjmay.info) ([@lawndoc](https://github.com/lawndoc))\n* [Matt Perry]() ([@xmjp](https://github.com/xmjp))\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flawndoc%2FRespotter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flawndoc%2FRespotter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flawndoc%2FRespotter/lists"}