Responder is a tool to carry out various types of MiTM attacks. Initially intended to "spoof" the NBNS and LLMNR protocols, which are used to resolve names on local Windows networks where DNS does not work.
Includes fake servers for major protocols: HTTP, SMB, MSSQL, FTP, LDAP, SMTP, POP3. and supports NTLM authentication (all versions of the NTLM protocol) for them. You can steal NTLM hashes and then probe them to obtain user passwords.
You can find a detailed guide on how to use this tool here:
https://www.hackingarticles.in/a-det...mnr-poisoning/ 