evil-ssdp
Spoof SSDP replies to phish for NTLM hashes on a network
Install
- All systems
-
curl cmd.cat/evil-ssdp.sh
- Kali Linux
-
apt-get install evil-ssdp - Dockerfile
- dockerfile.run/evil-ssdp
evil-ssdp
Spoof SSDP replies to phish for NTLM hashes on a network
This tool responds to SSDP multicast discover requests, posing as a generic UPNP device on a local network. Your spoofed device will magically appear in Windows Explorer on machines in your local network. Users who are tempted to open the device are shown a configurable webpage.