delorean
/
patdown
2
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
Predicts EDR/XDR usage on remote networks
8 Commits 1 Branch 2 Tags 1.9 MiB
Go 100%
Go to file
delorean 6d87d11057
and you better read the README 		2024-02-16 18:41:43 -06:00
cmd/patdown cleanup 2023-12-19 17:26:03 -06:00
common updated TTLs 2024-02-16 17:51:44 -06:00
README.md and you better read the README 2024-02-16 18:41:43 -06:00
go.mod initial 2023-12-14 22:43:59 -06:00
go.sum initial 2023-12-14 22:43:59 -06:00

README.md

patdown

EDR/XDR (Endpoint Detection & Response) fingerprinting utility useful for predicting defense mechanisms in use on remote systems.

Abstract

Patdown probes a network's DNS servers to determine whether they have resolved domains associated with various EDR/XDR solutions.

Example: if a network's resolver has assets-public.falcon.crowdstrike.com in its cache, chances are the 'CrowdStrike Falcon' EDR solution is present somewhere on the network.

These DNS servers can be specified as arguments (the preferred way), or patdown can automatically retrieve and analyze the authoritative nameservers of a target with the -t flag.

⚠️ Authoritative nameservers are rarely used as egress recursive resolvers for networks and are not as efficacious for fingerprinting for EDR/XDR.

Installation

Retrieve a binary corresponding to your architecture from Releases

or

git clone https://git.supernets.org/delorean/patdown.git && cd patdown/cmd/patdown && go build -o patdown main.go && ./patdown

Usage

Help

patdown -h

Target specific resolvers

patdown -n ns1.target.resolver -n ns2.another.target.resolver

Automatically snoop authoritative nameservers

patdown -t supernets.org

this is for christian purposes