Inveigh - .NET IPv4/IPv6 machine-in-the-middle tool for penetration testers

Age	Commit message (Collapse)	Author	Files	Lines
2016-01-12	Spoofer, HTTP/HTTPS, and WPAD additions/changes1.0.0	Kevin Robertson	2	-165/+480
	LLMNR/NBNS spoofer: SpooferIPsReply/SpooferIPsIgnore - These parameters provide granular control over what systems to respond to when spoofing. SpooferHostsReply/SpooferHostsIgnore - These parameters provide granular control over what requested hostnames to respond to when spoofing. Note that SpooferHostsAccept replaces SpoofList. SpooferRepeat - This parameter replaces Repeat in order to sync the parameter name with the prefix used for other spoofer parameters. HTTP/HTTPS Listener: HTTPAuth - This parameter provides the ability to set the HTTP/HTTPS non-WPAD auth to NTLM, Basic, or Anonymous. Basic authentication can be used to capture cleartext credentials (thanks @xorrior!). HTTPBasicRealm - Set a realm name if Basic auth is enabled. HTTPDir/HTTPDefaultFile/HTTPDefaultEXE/HTTPResponse - These parameters provide control over the content served by the listener. HTTPSCertThumbprint - This parameter provides the ability to more easily set the thumbprint for custom certs. HTTP/HTTPS requests are now reported and/or logged. WPAD: WPADIP/WPADPort - These parameters provide the ability to configure a proxy server on victim systems through WPAD. WPADResponse - These parameters provide the ability to configure a custom wpad.dat response rather than the basic one used by WPADIP and WPADPort. WPADAuth - This parameter provides the ability to set the HTTP/HTTPS WPAD auth to NTLM, Basic, or Anonymous. Basic authentication can be used to capture cleartext credentials (thanks @xorrior!). Note that this parameter replaces ForceWPADAuth. Miscellaneous: Get-InveighCleartext - Gets all captured cleartext credentials. Inspect - This switch parameter serves as an easier way to inspect LLMNR/NBNS traffic. If -Inspect is added to the command line, LLMNR, NBNS, HTTP, HTTPS, and SMB are disabled.
2015-12-09	Added ability to display only one captured challenge/response for each ↵	Kevin Robertson	2	-4/+136
	unique account Added the 'unique' parameter to Get-InveighNTLMv1 and Get-InveighNTLMv2. If 'unique' is enabled, only the first captured challenge/response for each unique account will be displayed.
2015-11-15	SMB relay fix	Kevin Robertson	1	-8/+16
	I found that I had some hard coded packet data that needed to be dynamic. This was causing authentication failures on domain systems that didn't match the specs (domain name length, etc) of my test domain. Sorry!
2015-10-15	Added SpoofList parameter and spoofer improvements	Kevin Robertson	1	-169/+203
	Added the SpoofList parameter for listing specific hostnames to spoof with LLMNR/NBNS. Stopped Inveigh from responding to AAAA LLMNR packets received over IPv4. Fixed a NBNS display bug with 15 characters requests.
2015-10-14	Updated error handling and output	Kevin Robertson	1	-87/+79
	Added additional error handling for the command execution process. The console and file output will now report the name of the temp service created on the relay target. Removed an unnecessary packet and modified some of the bytes within the remaining packets.
2015-10-11	Moved SMB relay code to a dedicated script, also added a Scripts directory ↵	Kevin Robertson	2	-0/+3262
	and psm1 and psd1 files The SMB relay code is now in Inveigh-Relay.ps1. The script can be used either through Invoke-Inveigh or as a standalone function.