# patdown > Predicts and identifies the presence of EDR/XDR solutions on remote networks
## Abstract patdown is an EDR/XDR *(Endpoint Detection & Response)* fingerprinting utility useful for predicting defense mechanisms in use on a network. This is achieved via probing a network's DNS servers to determine whether they have resolved domains associated with various EDR/XDR solutions. **Example**: if a network's resolver has `assets-public.falcon.crowdstrike.com` in its cache, chances are the '*CrowdStrike Falcon*' EDR solution is present somewhere on the network. These DNS servers can be specified as arguments (the preferred way), or patdown can automatically retrieve and analyze the authoritative nameservers of a target with the `-t` flag. > ⚠️ Authoritative nameservers are rarely used as egress recursive resolvers for networks and are not as efficacious for fingerprinting EDR/XDR. ## Installation Retrieve a binary corresponding to your architecture from **Releases** *or* `git clone https://git.supernets.org/delorean/patdown.git && cd patdown/cmd/patdown && go build -o patdown main.go && ./patdown` ## Usage **Help** `patdown -h` **Target specific resolvers** `patdown -n ns1.target.resolver -n ns2.another.target.resolver` **Automatically snoop authoritative nameservers** `patdown -t supernets.org` ## Currently Identified Vendors/Solutions: - **CrowdStrike** Falcon - **Microsoft** Defender for Endpoint - **VMWare** Carbon Black - **CheckPoint** Harmony - **Cybereason** EDR - **Trellix** EDR - **Palo Alto Networks** Cortex XDR - **SentinelOne** Singularity - **Symantec** EDR - **Tanium** EDR - **Nextron** Aurora - **Trend Micro** Endpoint Sensor - **Rapid7** InsightIDR - - - - this is for christian purposes