Compare commits
4 Commits
Author | SHA1 | Date |
---|---|---|
delorean | bfd20e8d28 | |
delorean | 110948b745 | |
delorean | 731edcac65 | |
delorean | d5dce5b996 |
25
README.md
25
README.md
|
@ -1,6 +1,6 @@
|
|||
# patdown
|
||||
|
||||
> EDR/XDR (Endpoint Detection & Response) fingerprinting utility useful for predicting defense mechanisms in use on remote systems.
|
||||
> Predicts and identifies the presence of EDR/XDR solutions on remote networks
|
||||
|
||||
|
||||
<p align="center">
|
||||
|
@ -8,13 +8,15 @@
|
|||
</p>
|
||||
|
||||
## Abstract
|
||||
Patdown probes a network's DNS servers to determine whether they have resolved domains associated with various EDR/XDR solutions.
|
||||
patdown is an EDR/XDR *(Endpoint Detection & Response)* fingerprinting utility useful for predicting defense mechanisms in use on a network.
|
||||
|
||||
This is achieved via probing a network's DNS servers to determine whether they have resolved domains associated with various EDR/XDR solutions.
|
||||
|
||||
**Example**: if a network's resolver has `assets-public.falcon.crowdstrike.com` in its cache, chances are the '*CrowdStrike Falcon*' EDR solution is present somewhere on the network.
|
||||
|
||||
These DNS servers can be specified as arguments (the preferred way), or patdown can automatically retrieve and analyze the authoritative nameservers of a target with the `-t` flag.
|
||||
|
||||
⚠️ Authoritative nameservers are rarely used as egress recursive resolvers for networks and are not as efficacious for fingerprinting for EDR/XDR.
|
||||
> ⚠️ Authoritative nameservers are rarely used as egress recursive resolvers for networks and are not as efficacious for fingerprinting EDR/XDR.
|
||||
|
||||
## Installation
|
||||
Retrieve a binary corresponding to your architecture from **Releases**
|
||||
|
@ -38,5 +40,22 @@ Retrieve a binary corresponding to your architecture from **Releases**
|
|||
|
||||
`patdown -t supernets.org`
|
||||
|
||||
|
||||
## Currently Identified Vendors/Solutions:
|
||||
- **CrowdStrike** Falcon
|
||||
- **Microsoft** Defender for Endpoint
|
||||
- **VMWare** Carbon Black
|
||||
- **CheckPoint** Harmony
|
||||
- **Cybereason** EDR
|
||||
- **Trellix** EDR
|
||||
- **Palo Alto Networks** Cortex XDR
|
||||
- **SentinelOne** Singularity
|
||||
- **Symantec** EDR
|
||||
- **Tanium** EDR
|
||||
- **Nextron** Aurora
|
||||
- **Trend Micro** Endpoint Sensor
|
||||
- **Rapid7** InsightIDR
|
||||
|
||||
|
||||
- - - -
|
||||
this is for christian purposes
|
||||
|
|
Loading…
Reference in New Issue