{
	"id": "b9588ea4-da01-4ea1-a192-27be311c4b7e",
	"created_at": "2026-04-06T00:19:59.943631Z",
	"updated_at": "2026-04-10T03:21:49.339444Z",
	"deleted_at": null,
	"sha1_hash": "911af54dd43bd44b15c8b3a1643aa0b0a7a10e56",
	"title": "GitHub - nomex/nbnspoof: NetBIOS Name Service spoofing tool",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 36971,
	"plain_text": "GitHub - nomex/nbnspoof: NetBIOS Name Service spoofing tool\r\nBy nomex\r\nArchived: 2026-04-05 16:23:12 UTC\r\nThis tool was created in 2007 by Robert Wesley McGrew. You can read about the tool and the author in\r\nhttp://www.mcgrewsecurity.com/tools/nbnspoof/\r\nI've made a few changes to add support to targeted spoofing.\r\nIntroduction\r\nNBNSpoof is a tool for automatically crafting responses to NetBIOS Name Service (NBNS) name queries. When\r\nWindows machines fail to resolve domain names by DNS and WINS, they will send a broadcast NBNS query to\r\nsee if the name in question matches any computer names on the local network. Crafting responses to these\r\nrequests can be especially useful to an attacker in situations where the victim mis-types a domain name, or if the\r\nDNS server is unreachable.\r\nNBNSpoof is a penetration testing tool designed to demonstrate this attack, and also serves as a useful illustration\r\nof how to develop small network security tools, as the creation of it has been documented in a short series of posts\r\nto this site.\r\nUsage\r\nnbnspoof.py [-v] -i \u003cinterface\u003e -n \u003cregexp\u003e -h \u003cip address\u003e -m \u003cMAC\u003e [-p \u003cip address\u003e]\r\n-v Verbose output of sniffed NBNS name queries, and responses sent\r\n-i The interface you want to sniff and send on\r\n-n A regular expression applied to each query to determine whether a\r\n spoofed response will be sent\r\n-h The IP address that will be sent in spoofed responses\r\n-p (optional) The IP address of the victim (if unset, pwn all)\r\n-m The source MAC address for spoofed responses\r\nSource: https://github.com/nomex/nbnspoof\r\nhttps://github.com/nomex/nbnspoof\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://github.com/nomex/nbnspoof"
	],
	"report_names": [
		"nbnspoof"
	],
	"threat_actors": [],
	"ts_created_at": 1775434799,
	"ts_updated_at": 1775791309,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/911af54dd43bd44b15c8b3a1643aa0b0a7a10e56.pdf",
		"text": "https://archive.orkl.eu/911af54dd43bd44b15c8b3a1643aa0b0a7a10e56.txt",
		"img": "https://archive.orkl.eu/911af54dd43bd44b15c8b3a1643aa0b0a7a10e56.jpg"
	}
}