delorean
/
patdown
2
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Compare commits

base: delorean:v1.1
Branches Tags
delorean:main
delorean:v1.1
delorean:v1.0
...
compare: delorean:main
Branches Tags
delorean:main
delorean:v1.1
delorean:v1.0

4 Commits
v1.1 ... main

Author SHA1 Message Date
delorean bfd20e8d28
and you better read the README 2024-02-18 12:43:09 -06:00
delorean 110948b745
and you better read the README 2024-02-17 16:53:45 -06:00
delorean 731edcac65
listed currently supported vendors 2024-02-16 19:09:49 -06:00
delorean d5dce5b996
and you better read the README 2024-02-16 18:55:09 -06:00
1 changed files with 22 additions and 3 deletions
Show Stats Expand all files Collapse all files

25
README.md
View File

@ -1,6 +1,6 @@
# patdown
> EDR/XDR (Endpoint Detection & Response) fingerprinting utility useful for predicting defense mechanisms in use on remote systems.
> Predicts and identifies the presence of EDR/XDR solutions on remote networks
<p align="center">
@ -8,13 +8,15 @@
</p>
## Abstract
Patdown probes a network's DNS servers to determine whether they have resolved domains associated with various EDR/XDR solutions.
patdown is an EDR/XDR *(Endpoint Detection & Response)* fingerprinting utility useful for predicting defense mechanisms in use on a network.
This is achieved via probing a network's DNS servers to determine whether they have resolved domains associated with various EDR/XDR solutions.
**Example**: if a network's resolver has `assets-public.falcon.crowdstrike.com` in its cache, chances are the '*CrowdStrike Falcon*' EDR solution is present somewhere on the network.
These DNS servers can be specified as arguments (the preferred way), or patdown can automatically retrieve and analyze the authoritative nameservers of a target with the `-t` flag.
⚠️ Authoritative nameservers are rarely used as egress recursive resolvers for networks and are not as efficacious for fingerprinting for EDR/XDR.
> ⚠️ Authoritative nameservers are rarely used as egress recursive resolvers for networks and are not as efficacious for fingerprinting EDR/XDR.
## Installation
Retrieve a binary corresponding to your architecture from **Releases**
@ -38,5 +40,22 @@ Retrieve a binary corresponding to your architecture from **Releases**
`patdown -t supernets.org`
## Currently Identified Vendors/Solutions:
- **CrowdStrike** Falcon
- **Microsoft** Defender for Endpoint
- **VMWare** Carbon Black
- **CheckPoint** Harmony
- **Cybereason** EDR
- **Trellix** EDR
- **Palo Alto Networks** Cortex XDR
- **SentinelOne** Singularity
- **Symantec** EDR
- **Tanium** EDR
- **Nextron** Aurora
- **Trend Micro** Endpoint Sensor
- **Rapid7** InsightIDR
- - - -
this is for christian purposes