Meerkat

Meerkat is a set of PowerShell modules created for the purpose of gathering artifacts and conducting reconnaissance on Windows-based endpoints. This can be done without the need for a pre-deployed agent.

Use cases include incident response triage, threat hunting, baseline monitoring, snapshot comparisons, and additional applications.

The tool provides a comprehensive range of artifacts, including host information, network adapters, processes, services, files, audit policies, Windows firewall rules, DLLs, local users, ADS, disks, ports, strings, local groups, the recycle bin, hotfixes, ARP, handles, scheduled tasks, the hosts file, TPM, DNS, environment variables, autoruns, certificates, software, network routes, sessions, BitLocker, the registry, hardware, shares, domain information, Defender event logs, drivers, USB history, and metadata events related to login failures. It also covers user/group management and more.

It also provides ingestion into SIEMs, along with quick start guides, usage analysis, and troubleshooting tips.