Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?


Failed to load latest commit information.
Latest commit message
Commit time
November 12, 2016 12:30

Responder And MultiRelay For Windows

NBT-NS/LLMNR Responder and Cross-Protocol NTLM Relay Windows Version (Beta)

Laurent Gaffie

Follow Responder latest updates on twitter:


This tool is first an LLMNR, NBT-NS and MDNS responder, it will answer to specific NBT-NS (NetBIOS Name Service) queries based on their name suffix (see: By default, the tool will only answers to File Server Service request, which is for SMB. The concept behind this, is to target our answers, and be stealthier on the network. This also helps to ensure that we don't break legitimate NBT-NS behavior. You can set the -r option via command line if you want this tool to answer to the Workstation Service request name suffix.

MultiRelay has also been ported to this Windows version, allowing a pentest to pivot across compromises.


  • Experimental Windows Version.

  • Goal of this version is to be able to propagate compromises across subnets and domains from any compromised Windows machine. This tool can also be used compromise a domain from an external penetration test.

  • This version will disable netbios on all interfaces and the current firewall profile on the target host.

  • Default values will be turned back On when killing Responder (CRTL-C).

  • LLMNR and Netbios works out of the box on any Windows XP-2003 and apparently on Windows 2012/2016.

  • Netbios support works on all versions.

  • Best way to collect hashes with this Windows version: Responder.exe -i IP_Addr -rPv


  • Binary:

Just drop the executable and the configuration file (Responder.conf) inside a directory (eg: c:/temp/responder) and launch it.

  • From source: Install python on a Windows machine.

run "pip install pyinstaller"

cd in Responder source directory

pyinstaller --onedir -F

cd tools/MultiRelay/

pyinstaller --onedir -F

Your binary will be located in the folder dist/

  • Executing the source directly:

You can run Responder as usual from the source folder (with python installed): python


  • Make sure a conventional Responder.conf file is present in Responder running directory.

  • Any rogue server can be turn off in Responder.conf.

  • For now, SMB rogue authentication server is not supported in Responder and MultiRelay.


You can contribute to this project by donating to the following BTC address:



NBT-NS/LLMNR/MDNS Responder Created and maintained by Laurent Gaffie

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see


Responder Windows Version Beta






No packages published