Rapid7
By Rapid7
Archived: 2026-04-05 20:57:22 UTC
module
LLMNR Spoofer
Disclosed Created
N/A May 30, 2018
Disclosed
N/A
Created
May 30, 2018
Description
LLMNR (Link-local Multicast Name Resolution) is the successor of NetBIOS (Windows Vista and up) and is
used to
resolve the names of neighboring computers. This module forges LLMNR responses by listening for LLMNR
requests
sent to the LLMNR multicast address (224.0.0.252) and responding with a user-defined spoofed IP address.
Author
Robin Francois rof@navixia.com
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show
options' or 'show advanced':
 msf > use auxiliary/spoof/llmnr/llmnr_response
 msf auxiliary(llmnr_response) > show actions
 ...actions...
https://www.rapid7.com/db/modules/auxiliary/spoof/llmnr/llmnr_response
Page 1 of 2

msf auxiliary(llmnr_response) > set ACTION < action-name >
 msf auxiliary(llmnr_response) > show options
 ...show and set options...
 msf auxiliary(llmnr_response) > run
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.
Source: https://www.rapid7.com/db/modules/auxiliary/spoof/llmnr/llmnr_response
https://www.rapid7.com/db/modules/auxiliary/spoof/llmnr/llmnr_response
Page 2 of 2