Inveigh is a PowerShell LLMNR/mDNS/NBNS spoofer and man-in-the-middle tool designed to assist penetration testers/red teamers that find themselves limited to a Windows system.
- PowerShell Empire – https://github.com/PowerShellEmpire/Empire
- PS>Attack – https://github.com/jaredhaight/psattack
- p0wnedShell – https://github.com/Cn33liz/p0wnedShell
- PowerUpSQL – https://github.com/NetSPI/PowerUpSQL
- PoshC2 – https://github.com/nettitude/PoshC2
- pupy – https://github.com/n1nj4sec/pupy
At its core, Inveigh is a .NET packet sniffer that listens for and responds to LLMNR/mDNS/NBNS requests while also capturing incoming NTLMv1/NTLMv2 authentication attempts over the Windows SMB service. The primary advantage of this packet sniffing method on Windows is that port conflicts with default running services are avoided. It also contains HTTP/HTTPS/Proxy listeners for capturing incoming authentication requests and performing attacks. It relies on creating multiple runspaces to load the sniffer, listeners, and control functions within a single shell and PowerShell process.