Code refactored, changes to README

codeexpress · Feb 9, 2018 · e29a0b7 · e29a0b7
1 parent 9599d4e
commit e29a0b7
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -31,19 +31,29 @@ Latest versions can be downloaded from the [Release](https://github.com/codeexpr
 This is a golang project with no dependencies. Assuming you have golang compiler installed,
 the following will build the binary from scratch
 ```
-$ git clone blah
+$ git clone https://github.com/codeexpress/respounder
 $ cd respounder
 $ go build respounder
 ```
 
 ## Usage
 
 Running `respounder` is as simple as invoking it on the command line.
-The following will display output on the terminal.
-```
+Example invocation:
+```bash
 $ ./respounder
+
+
+     .´/
+    / (           .----------------.
+    [ ]░░░░░░░░░░░|// RESPOUNDER //|
+    ) (           '----------------'
+    '-'
+
+[wlan0]    Sending probe from 192.168.0.19...   responder not detected
+[vmnet1]   Sending probe from 172.16.211.1...   responder not detected
+[vmnet8]   Sending probe from 172.16.55.1...    responder detected at 172.16.55.128
 ```
-To detect a compromise as soon as it happens, **run respounder as a cron job running every minute**
 
 ### Flags
 
@@ -60,6 +70,34 @@ Flags:
         Displays this help
 ```
 
+
+### Typical usage scenario
+
+#### Personal
+Detect rogue hosts running responder on public Wi-Fi networks
+e.g. like Airports, Cafés and avoid joining such networks
+(especially if you are running windows OS)
+
+#### Corporate
+Detect network compromises as soon as they happen by running respounder
+in a loop
+
+For eg. the following `crontab` runs respounder every minute and logs a JSON file to syslog
+whenever a responder is detected.
+```bash
+* * * * * /path/to/respounder -json | /usr/bin/logger -t responder-detected
+```
+
+Example `syslog` entry:
+```bash
+code@express:~/$ sudo tail -f /var/log/syslog
+Feb  9 03:44:07 responder-detected: [{"interface":"vmnet8","responderIP":"172.16.55.128","sourceIP":"172.16.55.1"}]
+```
+
 ## Demo
 ![Respounder in action](https://i.imgur.com/ymcDRnJ.gif)
 
+## Coming Up Next: Android App
+There are plans to port this tool to an android app so that adversarial Wi-Fi networks
+(eg. WiFi Pineapple or WiFi Pumpkin running responder) can be
+detected right from a mobile phone.
diff --git a/respounder.go b/respounder.go
@@ -26,6 +26,8 @@ const (
 
 	Version    = 1.0
 	TimeoutSec = 3
+	BcastAddr  = "224.0.0.252"
+	LLMNRPort  = 5355
 )
 
 var (
@@ -73,6 +75,7 @@ func main() {
 	logger.Println("======== Ending RESPOUNDER Session ========")
 }
 
+// Test presence of responder on a given interface
 func checkResponderOnInterface(inf net.Interface) map[string]string {
 	var json map[string]string
 	addrs, _ := inf.Addrs()
@@ -114,7 +117,7 @@ func sendLLMNRProbe(ip net.IP) string {
 		"0000000100000000000012617769657264636f6d70757465726e616d650000010001"
 	n, _ := hex.DecodeString(llmnrRequest)
 
-	remoteAddr := net.UDPAddr{IP: net.ParseIP("224.0.0.252"), Port: 5355}
+	remoteAddr := net.UDPAddr{IP: net.ParseIP(BcastAddr), Port: LLMNRPort}
 
 	conn, err := net.ListenUDP("udp", &net.UDPAddr{IP: ip})
 	if err != nil {