Skip to content

Crowdstrike response script containing various functions for IR/triage

Notifications You must be signed in to change notification settings

PrivateSweeney/Menagerie

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
 
 
 
 

Repository files navigation

Menagerie

A CrowdStrike Response script for doing simple initial triage and data collection from a system (autorun information, installed software, files and hashes, etc..)

Setup

Create a new script via Configuration -> Response Scripts & Files and name it Menagerie

Usage:
  -module all           : run all modules
  -module <name>        : run specific module
  -folder <path>        : output folder [Default: C:\Windows\Temp\IR]
  -module help          : display usage

Modules:
  AutoRuns              : Gather files in common startup locations
  Services              : Gather Windows Services
  InstalledSoftware     : Gather Installed Software from Uninstall Key
  DNSCache              : Get clients local DNS cache
  RunningProcesses      : Get all running processes and hashes
  Prefetch              : Get list of files in prefetch
  PEFiles               : Get list of PE files and hashes in user writeable locations
  OfficeFiles           : Get list of office docs and hashes in user writeable locations
  ScriptFiles           : Get list of scripts and hashes in user writeable locations
  EventLogs             : Gather Event Logs
  RecentFiles           : Get history of recent files
  LNKFiles              : Get LNK files on desktop and recent files list
  HiddenFilesDirs       : Get hidden files and directories
  WindowsUpdates        : Get installed windows updates
  BrowserExtensions     : Get list of extensions for Chrome and Firefox
  KrbSessions           : Get list of kerberos sessions

Examples:
  runscript -CloudFile='Menagerie' -CommandLine='-module all'
  runscript -CloudFile='Menagerie' -CommandLine='-module Services'"

About

Crowdstrike response script containing various functions for IR/triage

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • PowerShell 100.0%