From kalilinuxtutorials.com
![Evil SSDP : Create Fake UPnP Devices To Phish For Credentials](https://i1.wp.com/1.bp.blogspot.com/-KiRYCQ2KDIs/XmjHK1i0WrI/AAAAAAAAFYw/XXrG7FMC6ZkuSEjMMZEBAkaI9K84LX6MACLcBGAsYHQ/s1600/Spoof%2BSSDP%25281%2529.png?w=640&ssl=1)
Evil SSDP responds to SSDP multicast discover requests, posing as a generic UPNP device. Your spoofed device will magically appear in Windows Explorer on machines in your local network.
Users who are tempted to open the device are shown a configurable phishing page. This page can load a hidden image over SMB, allowing you to capture or relay the NetNTLM challenge/response.