and you better read the README

This commit is contained in:
delorean 2024-02-16 18:41:43 -06:00
parent 2cc4a03090
commit 6d87d11057
No known key found for this signature in database
GPG Key ID: 08CFF8565BE941CD

View File

@ -8,27 +8,34 @@
</p> </p>
## Abstract ## Abstract
Patdown probes DNS servers to determine whether they have resolved domains associated with various EDR/XDR solutions. Patdown probes a network's DNS servers to determine whether they have resolved domains associated with various EDR/XDR solutions.
**Example**: if a network's resolver has `assets-public.falcon.crowdstrike.com` in its cache, chances are the '*CrowdStrike Falcon*' EDR solution is present somewhere on the network. **Example**: if a network's resolver has `assets-public.falcon.crowdstrike.com` in its cache, chances are the '*CrowdStrike Falcon*' EDR solution is present somewhere on the network.
These DNS servers can be specified as arguments (the preferred way), or patdown can automatically retrieve and analyze the authoritative nameservers of a target with the `-t` flag. These DNS servers can be specified as arguments (the preferred way), or patdown can automatically retrieve and analyze the authoritative nameservers of a target with the `-t` flag.
⚠️ Authoritative nameservers are rarely used as egress recursive resolvers for networks and are not as efficacious for fingerprinting for EDR/XDR. ⚠️ Authoritative nameservers are rarely used as egress recursive resolvers for networks and are not as efficacious for fingerprinting for EDR/XDR.
## Installation ## Installation
Retrieve a binary corresponding to your architecture from **Releases** Retrieve a binary corresponding to your architecture from **Releases**
*or* *or*
`git clone https://git.supernets.org/delorean/patdown.git && cd patdown/cmd/patdown && go build -o patdown main.go`
`git clone https://git.supernets.org/delorean/patdown.git && cd patdown/cmd/patdown && go build -o patdown main.go && ./patdown`
## Usage ## Usage
**Help** **Help**
`patdown -h` `patdown -h`
**Targeting specific resolvers**
**Target specific resolvers**
`patdown -n ns1.target.resolver -n ns2.another.target.resolver` `patdown -n ns1.target.resolver -n ns2.another.target.resolver`
**Automatically snoop authoritative nameservers** **Automatically snoop authoritative nameservers**
`patdown -t supernets.org` `patdown -t supernets.org`
- - - - - - - -