Fierce – Semi-Lightweight Scanner That Helps Locate Non-Contiguous IP Space And Hostnames Against Specified Domains – DigitalMunition

Hacking News Capture

Published on February 1st, 2019 📆 | 5643 Views ⚑


Fierce – Semi-Lightweight Scanner That Helps Locate Non-Contiguous IP Space And Hostnames Against Specified Domains

Fierce is a semi-lightweight scanner that helps locate non-contiguous IP space and hostnames against specified domains.
It’s really meant as a pre-cursor to nmap, unicornscan, nessus, nikto, etc, since all of those require that you already know what IP space you are looking for.
This does not perform exploitation and does not scan the whole internet indiscriminately. It is meant specifically to locate likely targets both inside and outside a corporate network.
Because it uses DNS primarily you will often find mis-configured networks that leak internal address space. That’s especially useful in targeted malware.


-connect    Attempt to make http connections to any non RFC1918
    (public) addresses.  This will output the return headers but
    be warned, this could take a long time against a company with
    many targets, depending on network/machine lag.  I wouldn't
    recommend doing this unless it's a small company or you have a
    lot of free time on your hands (could take hours-days).
    Inside the file specified the text "Host:\n" will be replaced
    by the host specified. Usage:

perl -dns -connect headers.txt

-delay      The number of seconds to wait between lookups.
-dns        The domain you would like scanned.
-dnsfile    Use DNS servers provided by a file (one per line) for
            reverse lookups (brute force).
-dnsserver  Use a particular DNS server for reverse lookups
    (probably should be the DNS server of the target).  Fierce
    uses your DNS server for the initial SOA query and then uses
    the target's DNS server for all additional queries by default.
-file       A file you would like to output to be logged to.
-fulloutput When combined with -connect this will output everything
    the webserver sends back, not just the HTTP headers.
-help       This screen.
-nopattern  Don't use a search pattern when looking for nearby
    hosts.  Instead dump everything.  This is really noisy but
    is useful for finding other domains that spammers might be
    using.  It will also give you lots of false positives,
    especially on large domains.
-range      Scan an internal IP range (must be combined with
    -dnsserver).  Note, that this does not support a pattern
    and will simply output anything it finds.  Usage:

perl -range 111.222.333.0-255 -dnsserver

-search     Search list.  When fierce attempts to traverse up and
    down ipspace it may encounter other servers within other
    domains that may belong to the same company.  If you supply a
    comma delimited list to fierce it will report anything found.
    This is especially useful if the corporate servers are named
    different from the public facing website.  Usage:


perl -dns -search corpcompany,blahcompany Note that using search could also greatly expand the number of hosts found, as it will continue to traverse once it locates servers that you specified in your search list. The more the better. -suppress Suppress all TTY output (when combined with -file). -tcptimeout Specify a different timeout (default 10 seconds). You may want to increase this if the DNS server you are querying is slow or has a lot of network lag. -threads Specify how many threads to use while scanning (default is single threaded). -traverse Specify a number of IPs above and below whatever IP you have found to look for nearby IPs. Default is 5 above and below. Traverse will not move into other C blocks. -version Output the version number. -wide Scan the entire class C after finding any matching hostnames in that class C. This generates a lot more traffic but can uncover a lot more information. -wordlist Use a seperate wordlist (one word per line). Usage: perl -dns -wordlist dictionary.txt

fierce Usage Example

root@kali:~# fierce -dns
  DNS Servers for

Trying zone transfer first...
    Request timed out or transfer not allowed.
    Request timed out or transfer not allowed.

Unsuccessful in zone transfer (it was worth a shot)
Okay, trying the good old fashioned way... brute force

Checking for wildcard DNS...
Nope. Good.
Now performing 2280 test(s)...


Download Fierce-Domain-Scanner
Download Best WordPress Themes Free Download
Download Premium WordPress Themes Free
Download Nulled WordPress Themes
Download Best WordPress Themes Free Download
download udemy paid course for free

Tagged with:

Leave a Reply ✍