Inveigh vs Responder
GitHub Stats
About Inveigh
Inveigh is a .NET/PowerShell tool for network protocol poisoning and relay attacks on Windows networks. It spoofs LLMNR, NBNS, mDNS, DNS, and DHCPv6 responses to capture NTLMv1/v2 hashes from hosts attempting name resolution. Beyond simple hash capture, Inveigh includes an SMB relay module that forwards captured authentication to other hosts for immediate code execution without cracking. The .NET version (InveighZero) runs as a standalone executable without PowerShell dependencies, evading script-based detections. It is the Windows-native alternative to Responder.
About Responder
Responder is a network tool designed to poison LLMNR, NBT-NS, and mDNS protocols, capturing NTLMv1/v2 hashes from Windows environments. Written in Python, it acts as a rogue authentication server to intercept and capture credentials on the network. Responder's ability to exploit weaknesses in Windows name resolution protocols makes it a powerful tool for security professionals conducting network assessments and Active Directory penetration testing.
Platform Support
Tags
Shared
Inveigh only
Responder only