LLMNR

Section: [LLMNR]

LLMNR.AnswerName: str

Name to return when responding to queries (can be used for kerberos relay). Example use case can be seen in: LLMNR Answer-Name Spoofing

See also

Synacktiv’s excellent article on how to leverage this behaviour to perform kerberos relay: Abusing multicast poisoning for pre-authenticated Kerberos relay over HTTP with Responder and krbrelayx

LLMNR.Ignore: list[str | dict]

Specifies a list of hosts to be blacklisted. For additional context, see Globals.Ignore. When this attribute is defined, it overrides the global blacklist configuration. If not explicitly set, this attribute has no effect. For a comprehensive explanation of how the blacklist is applied, refer to BlacklistConfigMixin.

LLMNR.AnswerTo: list[str | dict]

Defines a list of hosts to which responses should be sent. See Globals.AnswerTo for more information. When specified, this attribute takes precedence over the global whitelist. If omitted, the global configuration remains in effect. For detailed behavior and usage, refer to WhitelistConfigMixin.

Python Config

class llmnr.LLMNRConfig

Defines the configuration for the [llmnr] section in the TOML file. This class extends both WhitelistConfigMixin and BlacklistConfigMixin, introducing two additional fields. Refer to the respective mixins for a detailed explanation of their functionality.

llmnr_answer_name: str | None = None

Corresponds to LLMNR.AnswerName

Specifies a custom name to use in spoofed LLMNR responses. The default value is None, which disables spoofed answer names.

Default Configuration

LLMNR configuration section (default values)

[LLMNR]
# AnswerName is disabled by default, so this section is empty