delorean
/
patdown
2
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

initial

This commit is contained in:
delorean 2023-12-14 22:43:59 -06:00
commit 82f49eb78e
6 changed files with 522 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md Normal file
View File

@ -0,0 +1,6 @@
# patdown
> EDR/XDR (Endpoint Detection & Response) fingerprinting utility useful for predicting defense mechanisms in use on remote systems.
<p align="center">
<img src="https://i.imgur.com/AlQ7N07.png" width="500" title="hover text">
</p>

135
cmd/patdown/main.go Normal file
View File

@ -0,0 +1,135 @@
package main
import (
"flag"
"fmt"
"time"
"patdown/common"
"github.com/miekg/dns"
)
type multiflag []string
type Pair struct {
Nameserver string
Domain string
}
func (m *multiflag) String() string {
return "irc.supernets.org #superbowl"
}
func (m *multiflag) Set(value string) error {
*m = append(*m, value)
return nil
}
var (
domain = flag.String("t", "", "domain to query")
workers = flag.Int("c", 100, "number of workers")
delay = flag.Int("s", 100, "delay (sleep) between queries in milliseconds")
nameserver multiflag
)
func message(domain string, reqtype uint16, ra bool) *dns.Msg {
msg := new(dns.Msg)
msg.Id = dns.Id()
msg.RecursionDesired = ra
msg.Question = make([]dns.Question, 1)
msg.Question[0] = dns.Question{dns.Fqdn(domain), reqtype, dns.ClassINET}
return msg
}
func query(q <-chan Pair, tracker chan<- interface{}) {
for pair := range q {
msg := message(pair.Domain, dns.TypeA, false)
// fmt.Println("Querying ", pair.Domain, " on ", pair.Nameserver)
in, err := dns.Exchange(msg, pair.Nameserver+":53")
if err != nil {
common.Error(err.Error())
continue
}
if len(in.Answer) > 0 {
fmt.Printf("[%s] associated domain %s found on %s\n", common.Vendors[common.Domains[pair.Domain]], pair.Domain, pair.Nameserver)
}
time.Sleep(time.Duration(*delay) * time.Millisecond)
}
tracker <- 1337
}
func testns(ns string) error {
msg := message("supernets.org", dns.TypeA, false)
_, err := dns.Exchange(msg, ns+":53")
if err != nil {
return err
}
return nil
}
func main() {
flag.Var(&nameserver, "n", "nameserver to query")
flag.Usage = common.Usage
flag.Parse()
var nameservers []string
pairs := make(chan Pair)
tracker := make(chan interface{})
common.Banner()
if *domain != "" {
// query domain for nameservers
nsmsg := message(*domain, dns.TypeNS, true)
in, err := dns.Exchange(nsmsg, "1.1.1.1:53")
if err != nil {
panic(err)
}
for _, ans := range in.Answer {
ns, ok := ans.(*dns.NS)
if ok {
nameservers = append(nameservers, ns.Ns)
}
}
fmt.Println(nameservers)
} else if len(nameserver) > 0 {
for _, ns := range nameserver {
nameservers = append(nameservers, ns)
}
} else {
// print usage
}
common.Info("aggregating nameservers...")
for i, ns := range nameservers {
if err := testns(ns); err != nil {
common.Error("nameserver " + ns + " is not responding")
nameservers = append(nameservers[:i], nameservers[i+1:]...)
}
}
common.Info(fmt.Sprintf("snooping EDR domains from %d resolvers...", len(nameservers)))
go func() {
for i := 0; i < *workers; i++ {
query(pairs, tracker)
}
}()
for _, ns := range nameservers {
for k, _ := range common.Domains {
pairs <- Pair{Nameserver: ns, Domain: k}
}
}
close(pairs)
for x := 0; x < *workers; x++ {
<-tracker
}
}

73
common/console.go Normal file
View File

@ -0,0 +1,73 @@
package common
import (
"fmt"
"os"
)
var (
ColorReset = "\033[0m"
ColorRed = "\033[31m"
ColorPurple = "\033[35m"
ColorLightBlue = "\033[34m"
ColorCyan = "\033[36m"
ColorGreen = "\033[32m"
ColorOrange = "\033[91m"
ColorGray = "\033[90m"
ColorYellow = "\033[93m"
)
func Banner() {
fmt.Printf(`%s
_ __________=__
\\@([____]_____()
_/\|-[____]
/ /(( ) ___ __ _____ ___ ___ _ _ _ _
/____|'----' | |_) / /\ | | | | \ / / \ \ \ / | |\ |
\____/ |_| /_/--\ |_| |_|_/ \_\_/ \_\/\/ |_| \|
%s%s
sincerely,
~ delorean%s
`, ColorRed, ColorReset, ColorGray, ColorReset)
}
var Vendors = map[string]string{
"Microsoft Defender for Endpoint": "\033[34mMicrosoft Defender for Endpoint\033[0m",
"VMWare Carbon Black": "\033[36mVMware\033[0m \033[90mCarbon Black\033[0m",
"CrowdStrike Falcon": "\033[31mCrowdStrike\033[0m \033[1mFalcon\033[0m",
"CheckPoint Harmony": "\033[35mCheckPoint\033[0m \033[1mHarmony\033[0m",
"Cybereason": "\033[93mCybereason\033[0m",
"Trellix": "\033[32mTrellix\033[0m",
"Palo Alto Networks": "\033[91mPalo Alto Networks\033[0m",
"SentinelOne": "\033[35mSentinelOne\033[0m",
"Symantec": "\033[93mSymantec\033[0m",
"Tanium": "\033[31mTanium\033[0m",
"Nextron Aurora": "\033[36mNextron\033[0m \033[90mAurora\033[0m",
"Trend Micro": "\033[31mTrend\033[0m \033[1mMicro\033[0m",
}
func Success(msg string) {
fmt.Printf(" %s~+~%s %s\n", ColorGreen, ColorReset, msg)
}
func Info(msg string) {
fmt.Printf(" %s~i~%s %s\n", ColorCyan, ColorReset, msg)
}
func Warning(msg string) {
fmt.Printf(" %s~!~%s %s\n", ColorYellow, ColorReset, msg)
}
func Error(msg string) {
fmt.Printf(" %s~x~%s %s\n", ColorRed, ColorReset, msg)
}
func Fatal(msg string) {
fmt.Printf(" %s~f~%s %s\n", ColorRed, ColorReset, msg)
os.Exit(-1)
}
func Usage() {
fmt.Printf(" %s~u~%s usage:\npatdown -t <domain>\npatdown -n ns1.target.com -n ns2.target.com", ColorOrange, ColorReset)
}

287
common/ref.go Normal file
View File

@ -0,0 +1,287 @@
package common
var Domains = map[string]string{
// Microsoft Defender for Endpoint
//https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-network-connections-microsoft-defender-antivirus?view=o365-worldwide#services-and-urls
"security.microsoft.com": "Microsoft Defender for Endpoint",
"download.microsoft.com": "Microsoft Defender for Endpoint",
"ussus1eastprod.blob.core.windows.net": "Microsoft Defender for Endpoint",
"ussus2eastprod.blob.core.windows.net": "Microsoft Defender for Endpoint",
"ussus3eastprod.blob.core.windows.net": "Microsoft Defender for Endpoint",
"ussus4eastprod.blob.core.windows.net": "Microsoft Defender for Endpoint",
"wsus1eastprod.blob.core.windows.net": "Microsoft Defender for Endpoint",
"wsus2eastprod.blob.core.windows.net": "Microsoft Defender for Endpoint",
"ussus1westprod.blob.core.windows.net": "Microsoft Defender for Endpoint",
"ussus2westprod.blob.core.windows.net": "Microsoft Defender for Endpoint",
"ussus3westprod.blob.core.windows.net": "Microsoft Defender for Endpoint",
"ussus4westprod.blob.core.windows.net": "Microsoft Defender for Endpoint",
"wsus1westprod.blob.core.windows.net": "Microsoft Defender for Endpoint",
"wsus2westprod.blob.core.windows.net": "Microsoft Defender for Endpoint",
"usseu1northprod.blob.core.windows.net": "Microsoft Defender for Endpoint",
"wseu1northprod.blob.core.windows.net": "Microsoft Defender for Endpoint",
"usseu1westprod.blob.core.windows.net": "Microsoft Defender for Endpoint",
"wseu1westprod.blob.core.windows.net": "Microsoft Defender for Endpoint",
"ussuk1southprod.blob.core.windows.net": "Microsoft Defender for Endpoint",
"wsuk1southprod.blob.core.windows.net": "Microsoft Defender for Endpoint",
"ussuk1westprod.blob.core.windows.net": "Microsoft Defender for Endpoint",
"wsuk1westprod.blob.core.windows.net": "Microsoft Defender for Endpoint",
"settings-win.data.microsoft.com": "Microsoft Defender for Endpoint",
"vortex-win.data.microsoft.com": "Microsoft Defender for Endpoint",
"go.microsoft.com": "Microsoft Defender for Endpoint",
"ctldl.windowsupdate.com": "Microsoft Defender for Endpoint",
"windowsupdate.com": "Microsoft Defender for Endpoint",
// VMWare Carbon Black
// https://developer.carbonblack.com/reference/carbon-black-cloud/authentication/#index-of-base-urls
"carbonblack.com": "VMWare Carbon Black",
"carbonblack.io": "VMWare Carbon Black",
"defense-eap01.conferdeploy.net": "VMWare Carbon Black",
"dashboard.confer.net": "VMWare Carbon Black",
"defense.conferdeploy.net": "VMWare Carbon Black",
"defense-prod05.conferdeploy.net": "VMWare Carbon Black",
"defense-eu.conferdeploy.net": "VMWare Carbon Black",
"defense-prodnrt.conferdeploy.net": "VMWare Carbon Black",
"defense-prodsyd.conferdeploy.net": "VMWare Carbon Black",
"ew2.carbonblackcloud.vmware.com": "VMWare Carbon Black",
"gprd1usgw1.carbonblack-us-gov.vmware.com": "VMWare Carbon Black",
"updates.cdc.carbonblack.io": "VMWare Carbon Black",
"updates2.cdc.carbonblack.io": "VMWare Carbon Black",
"carbonblack.vmware.com": "VMWare Carbon Black",
"console.cloud-us-gov.vmware.com": "VMWare Carbon Black",
"console.cloud.vmware.com": "VMWare Carbon Black",
// CrowdStrike Falcon
// https://www.dell.com/support/kbdoc/en-us/000177899/crowdstrike-falcon-sensor-system-requirements
"crowdstrike.com": "CrowdStrike Falcon",
"ts01-b.cloudsink.net": "CrowdStrike Falcon",
"lfodown01-b.cloudsink.net": "CrowdStrike Falcon",
"lfoup01-b.cloudsink.net": "CrowdStrike Falcon",
"falcon.crowdstrike.com": "CrowdStrike Falcon",
"assets.falcon.crowdstrike.com": "CrowdStrike Falcon",
"assets-public.falcon.crowdstrike.com": "CrowdStrike Falcon",
"api.crowdstrike.com": "CrowdStrike Falcon",
"firehose.crowdstrike.com": "CrowdStrike Falcon",
"ts01-gyr-maverick.cloudsink.net": "CrowdStrike Falcon",
"lfodown01-gyr-maverick.cloudsink.net": "CrowdStrike Falcon",
"lfoup01-gyr-maverick.cloudsink.net": "CrowdStrike Falcon",
"falcon.us-2.crowdstrike.com": "CrowdStrike Falcon",
"assets.falcon.us-2.crowdstrike.com": "CrowdStrike Falcon",
"assets-public.us-2.falcon.crowdstrike.com": "CrowdStrike Falcon",
"api.us-2.crowdstrike.com": "CrowdStrike Falcon",
"firehose.us-2.crowdstrike.com": "CrowdStrike Falcon",
"ts01-laggar-gcw.cloudsink.net": "CrowdStrike Falcon",
"sensorproxy-laggar-g-524628337.us-gov-west-1.elb.amazonaws.com": "CrowdStrike Falcon",
"lfodown01-laggar-gcw.cloudsink.net": "CrowdStrike Falcon",
"ELB-Laggar-P-LFO-DOWNLOAD-1265997121.us-gov-west-1.elb.amazonaws.com": "CrowdStrike Falcon",
"falcon.laggar.gcw.crowdstrike.com": "CrowdStrike Falcon",
"laggar-falconui01-g-245478519.us-gov-west-1.elb.amazonaws.com": "CrowdStrike Falcon",
"api.laggar.gcw.crowdstrike.com": "CrowdStrike Falcon",
"firehose.laggar.gcw.crowdstrike.com": "CrowdStrike Falcon",
"falconhose-laggar01-g-720386815.us-gov-west-1.elb.amazonaws.com": "CrowdStrike Falcon",
"ts01-us-gov-2.cloudsink.net": "CrowdStrike Falcon",
"lfodown01-us-gov-2.cloudsink.net": "CrowdStrike Falcon",
"api.us-gov-2.crowdstrike.com": "CrowdStrike Falcon",
"firehose.us-gov-2.crowdstrike.com": "CrowdStrike Falcon",
"ts01-lanner-lion.cloudsink.net": "CrowdStrike Falcon",
"lfodown01-lanner-lion.cloudsink.net": "CrowdStrike Falcon",
"lfoup01-lanner-lion.cloudsink.net": "CrowdStrike Falcon",
"assets.falcon.eu-1.crowdstrike.com": "CrowdStrike Falcon",
"assets-public.falcon.eu-1.crowdstrike.com": "CrowdStrike Falcon",
"api.eu-1.crowdstrike.com": "CrowdStrike Falcon",
"firehose.eu-1.crowdstrike.com": "CrowdStrike Falcon",
// Harmony / CheckPoint
// https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk116590
"checkpoint.com": "CheckPoint Harmony",
"us-east4-chkp-gcp-rnd-threat-hunt-box.cloudfunctions.net": "CheckPoint Harmony",
"europe-west1-datatube-240519.cloudfunctions.net": "CheckPoint Harmony",
"datatube-prod.azurewebsites.net": "CheckPoint Harmony",
"epmgmt.checkpoint.com": "CheckPoint Harmony",
"endpoint-cdn.epmgmt.checkpoint.com": "CheckPoint Harmony",
"ep-repo.epmgmt.checkpoint.com": "CheckPoint Harmony",
"epm-gw-eu.epmgmt.checkpoint.com": "CheckPoint Harmony",
"file-rep.iaas.checkpoint.com": "CheckPoint Harmony",
"url-rep.iaas.checkpoint.com": "CheckPoint Harmony",
"threatcloud.iaas.checkpoint.com": "CheckPoint Harmony",
"te.iaas.checkpoint.com": "CheckPoint Harmony",
"sba-data-collection.iaas.checkpoint.com": "CheckPoint Harmony",
"iaas.checkpoint.com": "CheckPoint Harmony",
"cws.checkpoint.com": "CheckPoint Harmony",
"rep.checkpoint.com": "CheckPoint Harmony",
"te.checkpoint.com": "CheckPoint Harmony",
"threat-emulation.checkpoint.com": "CheckPoint Harmony",
"kav8.checkpoint.com": "CheckPoint Harmony",
"secureupdates.checkpoint.com": "CheckPoint Harmony",
"sc1.checkpoint.com": "CheckPoint Harmony",
"updates.checkpoint.com": "CheckPoint Harmony",
"dl3.checkpoint.com": "CheckPoint Harmony",
"cloudinfra-gw.portal.checkpoint.com": "CheckPoint Harmony",
"gwevents.checkpoint.com": "CheckPoint Harmony",
"teadv.checkpoint.com": "CheckPoint Harmony",
"services.checkpoint.com": "CheckPoint Harmony",
// Cybereason
// https://docs.cybereason.com/en/latest/cloud_deploy/enablecommunication.html
"cybereason.com": "Cybereason",
"probe-dist.cybereason.net": "Cybereason",
"data-epgw.cybereason.net": "Cybereason",
"probe-dist-eu-west-1.cybereason.net": "Cybereason",
"data-epgw-eu-west-1.cybereason.net": "Cybereason",
"probe-dist-asia-northeast-1.cybereason.net": "Cybereason",
"data-epgw-asia-northeast-1.cybereason.net": "Cybereason",
// FireEye / Trellix
// https://kcm.trellix.com/corporate/index?page=content&id=KB90878
"api.manage.trellix.com": "Trellix",
"uam.api.trellix.com": "Trellix",
"cdn-usw001.manage.trellix.com": "Trellix",
"sw-usw001.manage.trellix.com": "Trellix",
"cdn-usw002.manage.trellix.com": "Trellix",
"sw-usw002.manage.trellix.com": "Trellix",
"cdn-usw003.manage.trellix.com": "Trellix",
"sw-usw003.manage.trellix.com": "Trellix",
"cdn-usw004.manage.trellix.com": "Trellix",
"sw-usw004.manage.trellix.com": "Trellix",
"cdn-sgp001.manage.trellix.com": "Trellix",
"sw-sgp001.manage.trellix.com": "Trellix",
"cdn-eu001.manage.trellix.com": "Trellix",
"sw-eu001.manage.trellix.com": "Trellix",
"cdn-au001.manage.trellix.com": "Trellix",
"sw-au001.manage.trellix.com": "Trellix",
"cdn-ind001.manage.trellix.com": "Trellix",
"sw-ind001.manage.trellix.com": "Trellix",
"cds-usw001.manage.trellix.com": "Trellix",
"cds-usw002.manage.trellix.com": "Trellix",
"cds-usw003.manage.trellix.com": "Trellix",
"cds-usw004.manage.trellix.com": "Trellix",
"dxl-usw001.manage.trellix.com": "Trellix",
"dxl-usw002.manage.trellix.com": "Trellix",
"dxl-usw003.manage.trellix.com": "Trellix",
"dxl-usw004.manage.trellix.com": "Trellix",
"dxlweb-usw001.manage.trellix.com": "Trellix",
"dxlweb-usw002.manage.trellix.com": "Trellix",
"dxlweb-usw003.manage.trellix.com": "Trellix",
"dxlweb-usw004.manage.trellix.com": "Trellix",
// Cortex XDR / Palo Alto Networks
// https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Resources-Required-to-Enable-Access
"paloaltonetworks.com": "Palo Alto Networks",
"lrc-us.paloaltonetworks.com": "Palo Alto Networks",
"lrc-eu.paloaltonetworks.com": "Palo Alto Networks",
"lrc-ca.paloaltonetworks.com": "Palo Alto Networks",
"lrc-uk.paloaltonetworks.com": "Palo Alto Networks",
"lrc-jp.paloaltonetworks.com": "Palo Alto Networks",
"lrc-sg.paloaltonetworks.com": "Palo Alto Networks",
"lrc-au.paloaltonetworks.com": "Palo Alto Networks",
"lrc-de.paloaltonetworks.com": "Palo Alto Networks",
"lrc-in.paloaltonetworks.com": "Palo Alto Networks",
"lrc-ch.paloaltonetworks.com": "Palo Alto Networks",
"lrc-pl.paloaltonetworks.com": "Palo Alto Networks",
"lrc-tw.paloaltonetworks.com": "Palo Alto Networks",
"lrc-qt.paloaltonetworks.com": "Palo Alto Networks",
"lrc-fa.paloaltonetworks.com": "Palo Alto Networks",
"panw-xdr-evr-prod-us.storage.googleapis.com": "Palo Alto Networks",
"panw-xdr-evr-prod-eu.storage.googleapis.com": "Palo Alto Networks",
"panw-xdr-evr-prod-ca.storage.googleapis.com": "Palo Alto Networks",
"panw-xdr-evr-prod-uk.storage.googleapis.com": "Palo Alto Networks",
"panw-xdr-evr-prod-jp.storage.googleapis.com": "Palo Alto Networks",
"panw-xdr-evr-prod-sg.storage.googleapis.com": "Palo Alto Networks",
"panw-xdr-evr-prod-au.storage.googleapis.com": "Palo Alto Networks",
"panw-xdr-evr-prod-de.storage.googleapis.com": "Palo Alto Networks",
"panw-xdr-evr-prod-in.storage.googleapis.com": "Palo Alto Networks",
"panw-xdr-evr-prod-ch.storage.googleapis.com": "Palo Alto Networks",
"panw-xdr-evr-prod-pl.storage.googleapis.com": "Palo Alto Networks",
"panw-xdr-evr-prod-tw.storage.googleapis.com": "Palo Alto Networks",
"panw-xdr-evr-prod-qt.storage.googleapis.com": "Palo Alto Networks",
"panw-xdr-evr-prod-fa.storage.googleapis.com": "Palo Alto Networks",
"panw-xdr-installers-prod-us.storage.googleapis.com": "Palo Alto Networks",
"panw-xdr-payloads-prod-us.storage.googleapis.com": "Palo Alto Networks",
"global-content-profiles-policy.storage.googleapis.com": "Palo Alto Networks",
"login.paloaltonetworks.com": "Palo Alto Networks",
"pendo-static-5664029141630976.storage.googleapis.com": "Palo Alto Networks",
// Singularity / SentinelOne
"sentinelone.com": "SentinelOne",
"xdr.intus1.sentinelone.net": "SentinelOne",
"console.mobile.sentinelone.net": "SentinelOne",
"content.mobile.sentinelone.net": "SentinelOne",
"device-api.mobile.sentinelone.net": "SentinelOne",
"eu1-acceptor.mobile.sentinelone.net": "SentinelOne",
"eu1-console.mobile.sentinelone.net": "SentinelOne",
"eu1-content.mobile.sentinelone.net": "SentinelOne",
"eu1-device-api.mobile.sentinelone.net": "SentinelOne",
"eu1-oauth.mobile.sentinelone.net": "SentinelOne",
"eu1-panel.mobile.sentinelone.net": "SentinelOne",
"eu1-qi.mobile.sentinelone.net": "SentinelOne",
"eu1-token.mobile.sentinelone.net": "SentinelOne",
"eu1-vpc.mobile.sentinelone.net": "SentinelOne",
"ut.sentinelone.net": "SentinelOne",
"oauth.mobile.sentinelone.net": "SentinelOne",
"panel.mobile.sentinelone.net": "SentinelOne",
// Symantec / Broadcom
// https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-detection-and-response/4-7/about-v96380626-d38e6/required-firewall-ports-v97213154-d38e5602.html
"symantec.com": "Symantec",
"remotetunnel1.edrc.symantec.com": "Symantec",
"remotetunnel2.edrc.symantec.com": "Symantec",
"remotetunnel3.edrc.symantec.com": "Symantec",
"remotetunnel4.edrc.symantec.com": "Symantec",
"remotetunnel5.edrc.symantec.com": "Symantec",
"api-gateway.symantec.com": "Symantec",
"liveupdate.symantec.com": "Symantec",
"ratings-wrs.symantec.com": "Symantec",
"stnd-avpg.crsi.symantec.com": "Symantec",
"stnd-ipsg.crsi.symantec.com": "Symantec",
"central.b6.crsi.symantec.com": "Symantec",
"bash-avpg.crsi.symantec.com": "Symantec",
"swupdate.brightmail.com": "Symantec",
"shasta-rrs.symantec.com": "Symantec",
"shasta-mrs.symantec.com": "Symantec",
"datafeedapi.symanteccloud.com": "Symantec",
"telemetry.broadcom.com": "Symantec",
"sso1.edrc.symantec.com": "Symantec",
// Tanium
"tanium.com": "Tanium",
"shared.prd-int-manage.mdm.cloud.tanium.com": "Tanium",
"shared.prd-int.mdm.cloud.tanium.com": "Tanium",
"shared.prd-us-1-manage.mdm.cloud.tanium.com": "Tanium",
"shared.prd-us-1.mdm.cloud.tanium.com": "Tanium",
"prd-int-manage.mdm.cloud.tanium.com": "Tanium",
"prd-int.mdm.cloud.tanium.com": "Tanium",
"prd-us-1-manage.mdm.cloud.tanium.com": "Tanium",
"prd-us-1.mdm.cloud.tanium.com": "Tanium",
"prd.mdm.cloud.tanium.com": "Tanium",
"jp.tanium.com": "Tanium",
"docs-es.tanium.com": "Tanium",
"docs-fr.tanium.com": "Tanium",
"docs-ko.tanium.com": "Tanium",
// Aurora
// https://aurora-agent-manual.nextron-systems.com/en/latest/usage/upgrade-and-updates.html
"update-102.nextron-systems.com": "Nextron Aurora",
"update-201.nextron-systems.com": "Nextron Aurora",
"update-202.nextron-systems.com": "Nextron Aurora",
"update-aurora.nextron-systems.com": "Nextron Aurora",
"update-lite.nextron-systems.com": "Nextron Aurora",
// Trend Micro
// https://docs.trendmicro.com/en-us/documentation/article/deep-discovery-director-(consolidated-mode)-53-online-help-service-addresses-an_002
// https://cloudone.trendmicro.com/docs/workload-security/communication-ports-urls-ip/
"api.eu.nacloud.trendmicro.com": "Trend Micro",
"api.jp.nacloud.trendmicro.com": "Trend Micro",
"api.sg.nacloud.trendmicro.com": "Trend Micro",
"api.us.nacloud.trendmicro.com": "Trend Micro",
"docs.trendmicro.com": "Trend Micro",
"licenseupdate.trendmicro.com": "Trend Micro",
"api.nacloud.trendmicro.com": "Trend Micro",
"trendmicro.com": "Trend Micro",
"files.trendmicro.com": "Trend Micro",
"xdr.trendmicro.com": "Trend Micro",
"xdr.trendmicro.co.jp": "Trend Micro",
"trenddefense.com": "Trend Micro",
"ddd53-p.activeupdate.trendmicro.com": "Trend Micro",
"ddd53-threatconnect.trendmicro.com": "Trend Micro",
"threatconnect.trendmicro.com": "Trend Micro",
"cloudone.trendmicro.com": "Trend Micro",
}

11
go.mod Normal file
View File

@ -0,0 +1,11 @@
module patdown
go 1.21.0
require (
github.com/miekg/dns v1.1.57 // indirect
golang.org/x/mod v0.12.0 // indirect
golang.org/x/net v0.17.0 // indirect
golang.org/x/sys v0.13.0 // indirect
golang.org/x/tools v0.13.0 // indirect
)

10
go.sum Normal file
View File

@ -0,0 +1,10 @@
github.com/miekg/dns v1.1.57 h1:Jzi7ApEIzwEPLHWRcafCN9LZSBbqQpxjt/wpgvg7wcM=
github.com/miekg/dns v1.1.57/go.mod h1:uqRjCRUuEAA6qsOiJvDd+CFo/vW+y5WR6SNmHE55hZk=
golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc=
golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/tools v0.13.0 h1:Iey4qkscZuv0VvIt8E0neZjtPVQFSc870HQ448QgEmQ=
golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=