Skip to content

schwarztim/sec-responder-mcp

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
package.json
package.json
 
 
tsconfig.json
tsconfig.json
 
 

Repository files navigation

Responder MCP Server

MCP TypeScript License: MIT Kali Linux

An MCP (Model Context Protocol) server for controlling Responder - an LLMNR, NBT-NS, and mDNS poisoner with built-in rogue authentication servers.

Overview

Responder is a penetration testing tool that captures NTLM hashes by poisoning name resolution protocols. This MCP server provides tools to control Responder remotely via SSH on a Kali Linux machine, enabling AI assistants to help with authorized security assessments.

Features

  • Start/Stop Control - Full lifecycle management of Responder with all CLI options
  • Analyze Mode - Passive reconnaissance without active poisoning
  • WPAD Attacks - Rogue proxy server for credential capture
  • Credential Viewing - View captured hashes and cleartext credentials
  • Hash Export - Export hashes in hashcat or john format for cracking
  • Configuration Management - Enable/disable protocol servers (SMB, HTTP, LDAP, etc.)
  • MultiRelay Integration - SMB relay attacks for lateral movement
  • Log Management - View, filter, and clear logs with backup

Prerequisites

  • Node.js 18+
  • SSH access to a Kali Linux machine with Responder installed
  • SSH key-based authentication configured (recommended)

Installation

# Clone the repository
git clone https://github.com/schwarztim/sec-responder-mcp.git
cd sec-responder-mcp

# Install dependencies
npm install

# Build
npm run build

Configuration

Set the following environment variables:

Variable Default Description
KALI_HOST kali SSH hostname of the Kali machine
SSH_USER root SSH username
RESPONDER_PATH /usr/share/responder/Responder.py Path to Responder script
RESPONDER_LOGS /usr/share/responder/logs Log directory
RESPONDER_CONF /etc/responder/Responder.conf Configuration file path

MCP Client Configuration

Add to your MCP client configuration (e.g., Claude Desktop):

{
  "mcpServers": {
    "responder": {
      "command": "node",
      "args": ["/path/to/sec-responder-mcp/dist/index.js"],
      "env": {
        "KALI_HOST": "your-kali-hostname",
        "SSH_USER": "root"
      }
    }
  }
}

Available Tools

Core Operations

Tool Description
responder_start Start Responder with full options support
responder_stop Stop running Responder instance
responder_status Get current status and recent output
responder_analyze Quick start in passive/analyze mode

Credential Capture

Tool Description
responder_logs View captured credentials (filter by type)
responder_hashes Export hashes in hashcat/john format
responder_clear_logs Clear logs (creates backup first)

Configuration

Tool Description
responder_config View Responder configuration
responder_config_update Enable/disable protocol servers
responder_interfaces List available network interfaces

Advanced Attacks

Tool Description
responder_wpad Start WPAD rogue proxy attack
responder_multirelay Start SMB relay attack

Usage Examples

Passive Reconnaissance

responder_analyze interface=eth0 verbose=true fingerprint=true

Active Poisoning

responder_start interface=eth0 verbose=true

WPAD Attack

responder_wpad interface=eth0 forceAuth=true proxyAuth=true

View Captured Hashes

responder_hashes format=hashcat

SMB Relay Attack

# First, disable SMB server
responder_config_update setting=SMB value=Off

# Start Responder
responder_start interface=eth0

# Start relay attack
responder_multirelay targetIp=192.168.1.100 allUsers=true

Tool Options Reference

responder_start

Option Type Description
interface string Required. Network interface (e.g., eth0, wlan0, ALL)
analyze boolean Passive mode - listen without responding
wpad boolean Start WPAD rogue proxy server
forceWpadAuth boolean Force NTLM/Basic auth on WPAD file
proxyAuth boolean Force proxy authentication
dhcp boolean Enable DHCP broadcast response
dhcpDns boolean Inject DNS server in DHCP response
dhcpv6 boolean Enable DHCPv6 attack mode
basic boolean Return Basic HTTP auth instead of NTLM
fingerprint boolean Fingerprint querying hosts
lm boolean Force LM hashing downgrade
disableEss boolean Force ESS downgrade
verbose boolean Verbose output
quiet boolean Minimal output
externalIp string Poison with different IP
externalIpv6 string Poison with different IPv6

Security Considerations

  • This tool executes SSH commands on a remote Kali machine
  • Ensure SSH key authentication is properly configured
  • Use in isolated networks or with proper authorization only
  • All captured credentials should be handled securely
  • Logs may contain sensitive information

Legal Disclaimer

This tool is intended for authorized penetration testing and security assessments only.

Unauthorized use of this tool against systems you do not own or have explicit permission to test is illegal and unethical. Users are responsible for complying with all applicable laws and regulations.

The authors assume no liability for misuse of this software.

Related Resources

License

MIT License - see LICENSE for details.

Contributing

Contributions are welcome! Please ensure any pull requests:

  1. Follow the existing code style
  2. Include appropriate documentation
  3. Do not add features that could facilitate unauthorized access

About

MCP server for Responder - LLMNR/NBT-NS poisoner for authorized penetration testing

Topics

security mcp penetration-testing ntlm responder kali-linux llmnr model-context-protocol

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages