Fierce – Semi-Lightweight Scanner That Helps Locate Non-Contiguous IP Space And Hostnames Against Specified Domains

Fierce - Semi-Lightweight Scanner That Helps Locate Non-Contiguous IP Space And Hostnames Against Specified Domains

Fierce is a semi-light-weight scanner that helps find non-contiguous IP house and hostnames towards specified domains.

It’s actually meant as a pre-cursor to nmap, unicornscan, nessus, nikto, and so forth, since all of these require that you just already know what IP house you might be searching for.

This doesn’t carry out exploitation and doesn’t scan the entire web indiscriminately. It is supposed particularly to find seemingly targets each inside and outdoors a company community.

Because it makes use of DNS primarily you’ll usually discover mis-configured networks that leak inside deal with house. That’s particularly helpful in focused malware.


-connect    Attempt to make http connections to any non RFC1918
    (public) addresses.  This will output the return headers however
    be warned, this might take a very long time towards an organization with
    many targets, relying on community/machine lag.  I would not
    advocate doing this until it is a small firm or you've gotten a
    lot of free time in your palms (may take hours-days).
    Inside the file specified the textual content "Host:n" will likely be changed
    by the host specified. Usage:

perl -dns -connect headers.txt

-delay      The variety of seconds to attend between lookups.
-dns        The area you desire to scanned.
-dnsfile    Use DNS servers supplied by a file (one per line) for
            reverse lookups (brute pressure).
-dnsserver  Use a selected DNS server for reverse lookups
    (most likely needs to be the DNS server of the goal).  Fierce
    makes use of your DNS server for the preliminary SOA question after which makes use of
    the goal's DNS server for all extra queries by default.
-file       A file you wish to output to be logged to.
-fulloutput When mixed with -connect this can output every part
    the webserver sends again, not simply the HTTP headers.
-help       This display screen.
-nopattern  Don't use a search sample when searching for close by
    hosts.  Instead dump every part.  This is de facto noisy however
    is helpful for locating different domains that spammers is perhaps
    utilizing.  It may also provide you with plenty of false positives,
    particularly on massive domains.
-range      Scan an inside IP vary (have to be mixed with
    -dnsserver).  Note, that this doesn't help a sample
    and can merely output something it finds.  Usage:

perl -range 111.222.333.0-255 -dnsserver

-search     Search checklist.  When fierce makes an attempt to traverse up and
    down ipspace it might encounter different servers inside different
    domains which will belong to the identical firm.  If you provide a
    comma delimited checklist to fierce it can report something discovered.
    This is particularly helpful if the company servers are named
    completely different from the general public dealing with web site.  Usage:

perl -dns -search corpcompany,blahcompany

    Note that utilizing search may additionally enormously increase the variety of
    hosts discovered, as it can proceed to traverse as soon as it locates
    servers that you just laid out in your search checklist.  The extra the
-suppress   Suppress all TTY output (when mixed with -file).
-tcptimeout Specify a distinct timeout (default 10 seconds).  You
    could wish to improve this if the DNS server you might be querying
    is sluggish or has lots of community lag.
-threads  Specify what number of threads to make use of whereas scanning (default
  is single threaded).
-traverse   Specify quite a few IPs above and under no matter IP you
    have discovered to search for close by IPs.  Default is 5 above and
    under.  Traverse won't transfer into different C blocks.
-version    Output the model quantity.
-wide       Scan the whole class C after discovering any matching
    hostnames in that class C.  This generates much more visitors
    however can uncover much more info.
-wordlist   Use a seperate wordlist (one phrase per line).  Usage:

perl -dns -wordlist dictionary.txt

fierce Usage Example

[email protected]:~# fierce -dns
  DNS Servers for

Trying zone switch first...
Testing b.iana-servers.web
    Request timed out or switch not allowed.
Testing a.iana-servers.web
    Request timed out or switch not allowed.

Unsuccessful in zone switch (it was price a shot)
Okay, attempting the great quaint approach... brute pressure

Checking for wildcard DNS...
Nope. Good.
Now performing 2280 take a look at(s)...


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.