It’s actually meant as a pre-cursor to nmap, unicornscan, nessus, nikto, and so forth, since all of these require that you just already know what IP house you might be searching for.
Because it makes use of DNS primarily you’ll usually discover mis-configured networks that leak inside deal with house. That’s particularly helpful in focused malware.
-connect Attempt to make http connections to any non RFC1918 (public) addresses. This will output the return headers however be warned, this might take a very long time towards an organization with many targets, relying on community/machine lag. I would not advocate doing this until it is a small firm or you've gotten a lot of free time in your palms (may take hours-days). Inside the file specified the textual content "Host:n" will likely be changed by the host specified. Usage: perl fierce.pl -dns instance.com -connect headers.txt -delay The variety of seconds to attend between lookups. -dns The area you desire to scanned. -dnsfile Use DNS servers supplied by a file (one per line) for reverse lookups (brute pressure). -dnsserver Use a selected DNS server for reverse lookups (most likely needs to be the DNS server of the goal). Fierce makes use of your DNS server for the preliminary SOA question after which makes use of the goal's DNS server for all extra queries by default. -file A file you wish to output to be logged to. -fulloutput When mixed with -connect this can output every part the webserver sends again, not simply the HTTP headers. -help This display screen. -nopattern Don't use a search sample when searching for close by hosts. Instead dump every part. This is de facto noisy however is helpful for locating different domains that spammers is perhaps utilizing. It may also provide you with plenty of false positives, particularly on massive domains. -range Scan an inside IP vary (have to be mixed with -dnsserver). Note, that this doesn't help a sample and can merely output something it finds. Usage: perl fierce.pl -range 111.222.333.0-255 -dnsserver ns1.instance.co -search Search checklist. When fierce makes an attempt to traverse up and down ipspace it might encounter different servers inside different domains which will belong to the identical firm. If you provide a comma delimited checklist to fierce it can report something discovered. This is particularly helpful if the company servers are named completely different from the general public dealing with web site. Usage: perl fierce.pl -dns examplecompany.com -search corpcompany,blahcompany Note that utilizing search may additionally enormously increase the variety of hosts discovered, as it can proceed to traverse as soon as it locates servers that you just laid out in your search checklist. The extra the higher. -suppress Suppress all TTY output (when mixed with -file). -tcptimeout Specify a distinct timeout (default 10 seconds). You could wish to improve this if the DNS server you might be querying is sluggish or has lots of community lag. -threads Specify what number of threads to make use of whereas scanning (default is single threaded). -traverse Specify quite a few IPs above and under no matter IP you have discovered to search for close by IPs. Default is 5 above and under. Traverse won't transfer into different C blocks. -version Output the model quantity. -wide Scan the whole class C after discovering any matching hostnames in that class C. This generates much more visitors however can uncover much more info. -wordlist Use a seperate wordlist (one phrase per line). Usage: perl fierce.pl -dns examplecompany.com -wordlist dictionary.txt
fierce Usage Example
[email protected]:~# fierce -dns instance.com DNS Servers for instance.com: b.iana-servers.web a.iana-servers.web Trying zone switch first... Testing b.iana-servers.web Request timed out or switch not allowed. Testing a.iana-servers.web Request timed out or switch not allowed. Unsuccessful in zone switch (it was price a shot) Okay, attempting the great quaint approach... brute pressure Checking for wildcard DNS... Nope. Good. Now performing 2280 take a look at(s)...