Packages and Binaries:

evil-ssdp

This tool responds to SSDP multicast discover requests, posing as a generic UPNP device on a local network. Your spoofed device will magically appear in Windows Explorer on machines in your local network. Users who are tempted to open the device are shown a configurable webpage.

Installed size: 100 KB
How to install: sudo apt install evil-ssdp

Dependencies:
  • python3
evil-ssdp
root@kali:~# evil-ssdp -h

___________     .__.__    _________ _________________ __________
\_   _____/__  _|__|  |  /   _____//   _____/\______ \\______   \
 |    __)_\  \/ /  |  |  \_____  \ \_____  \  |    |  \|     ___/
 |        \\   /|  |  |__/        \/        \ |    `   \    |
/_______  / \_/ |__|____/_______  /_______  //_______  /____|
        \/                      \/        \/         \/

...by initstring (gitlab.com/initstring)
Additional contributors: Dwight Hohnstein

usage: evil_ssdp.py [-h] [-p PORT] [-t TEMPLATE] [-s SMB] [-b] [-r REALM]
                    [-u URL] [-a]
                    interface

positional arguments:
  interface             Network interface to listen on.

options:
  -h, --help            show this help message and exit
  -p PORT, --port PORT  Port for HTTP server. Defaults to 8888.
  -t TEMPLATE, --template TEMPLATE
                        Name of a folder in the templates directory. Defaults
                        to "office365". This will determine xml and phishing
                        pages used.
  -s SMB, --smb SMB     IP address of your SMB server. Defalts to the primary
                        address of the "interface" provided.
  -b, --basic           Enable base64 authentication for templates and write
                        credentials to log file.
  -r REALM, --realm REALM
                        Realm when prompting target for authentication via
                        Basic Auth.
  -u URL, --url URL     Redirect to this URL. Works with templates that do a
                        POST for logon forms and with templates that include
                        the custom redirect JavaScript (see README for more
                        info).[example: -r https://google.com]
  -a, --analyze         Run in analyze mode. Will NOT respond to any SSDP
                        queries, but will still enable and run the web server
                        for testing.

Updated on: 2022-Nov-18