Respotter: Open-source Responder honeypot

Respotter is an open-source honeypot designed to detect attackers when they launch Responder within your environment.

This application identifies active instances of Responder by exploiting its behavior when responding to any DNS query. Respotter leverages LLMNR, mDNS, and NBNS protocols to query a non-existent hostname (default: Loremipsumdolorsitamet). If any of these requests receive a response, Responder is likely operating on your network.

Respotter can send webhooks to Slack, Teams, or Discord. It also supports sending events to a syslog server to be ingested by a SIEM.

“I wanted an easy-to-deploy, lightweight Responder Honeypot. I could not find one, so I wrote a script after trying my hand at red-teaming with Respotter. I designed it with a few features intentionally,” Baden Erb, the creator of Respotter, told Help Net Security.

Respotter is available for free on GitHub.

Must read:

• 20 free cybersecurity tools you might have missed
• 15 open-source cybersecurity tools you’ll wish you’d known earlier
• 20 essential open-source cybersecurity tools that save you time

I have read and agree to the terms & conditions

Leave this field empty if you're human: