Pretender is a machine-in-the-middle tool designed for relaying attacks, primarily targeting Windows hosts. Key features include DHCPv6 DNS takeover, mDNS, LLMNR, and NetBIOS-NS spoofing. It's designed to work with tools like Impacket's ntlmrelayx.py and krbrelayx for relaying attacks or hash dumping. It supports stateless DNS configuration via Router Advertisements and can be configured to stop after a certain time period. Filters can be applied based on domains and hosts, with wildcard support.
pretender
A MitM tool for relaying attacks, featuring DHCPv6 DNS takeover and local name resolution spoofing (mDNS, LLMNR, NetBIOS-NS).
Introduction
More Resources
Application SecurityInfrastructure SecurityReconnaissance
ShipSec Studio
Details
ShipSec Studio is an open-source security workflow orchestration platform designed for building, executing, and monitoring automated security workflows at scale.
Red Team OperationsInfrastructure Security
AutoPtT
Details
Automated Pass-the-Ticket (PtT) attack. Standalone alternative to Rubeus and Mimikatz for this attack, implemented in C++ and Python.