Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Optionally send fake credentials to Responder #58

Open
lawndoc opened this issue Jul 19, 2024 · 0 comments
Open

Optionally send fake credentials to Responder #58

lawndoc opened this issue Jul 19, 2024 · 0 comments
Labels
enhancement New feature or request
Milestone
v1.2.0

Comments

@lawndoc
Copy link
Owner

lawndoc commented Jul 19, 2024
edited
Loading

I was recently made aware of another project that is similar to this one: Ben0xA/HoneyCreds

I really like HoneyCreds' strategy of going a step further and sending fake credentials to Responder. If we see the honey creds used on a different host than Responder, it could reveal additional compromised endpoints under the attacker's control.

I'd like to implement a similar feature into Respotter that allows for fake credentials to be sent if a username is configured. If the credential configuration is empty, then Respotter will not send any credentials.
@lawndoc lawndoc added the enhancement New feature or request label Jul 19, 2024
@lawndoc lawndoc added this to the v1.2.0 milestone Jul 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
v1.2.0
Development

No branches or pull requests
1 participant
@lawndoc