Fierce - Semi-Lightweight Scanner That Helps Locate Non-Contiguous Ip Infinite As Well As Hostnames Against Specified Domains


Fierce is a semi-lightweight scanner that helps locate non-contiguous IP infinite in addition to hostnames against specified domains.
It's actually meant equally a pre-cursor to nmap, unicornscan, nessus, nikto, etc, since all of those involve that you lot already know what IP infinite you lot are looking for.
This does non perform exploitation in addition to does non scan the whole network indiscriminately. It is meant specifically to locate probable targets both within in addition to exterior a corporate network.
Because it uses DNS primarily you lot volition oft notice mis-configured networks that leak internal address space. That's peculiarly useful inwards targeted malware.

Options:
-connect    Attempt to brand http connections to whatsoever non RFC1918     (public) addresses.  This volition output the render headers but     live on warned, this could receive got a long fourth dimension against a fellowship amongst     many targets, depending on network/machine lag.  I wouldn't     recommend doing this unless it's a modest fellowship or you lot receive got a     lot of gratuitous fourth dimension on your hands (could receive got hours-days).     Inside the file specified the text "Host:\n" volition live on replaced     past times the host specified. Usage:  perl fierce.pl -dns example.com -connect headers.txt  -delay      The seat out of seconds to hold off betwixt lookups. -dns        The domain you lot would similar scanned. -dnsfile    Use DNS servers provided past times a file (one per line) for             opposite lookups (brute force). -dnsserver  Use a item DNS server for opposite lookups     (probably should live on the DNS server of the target).  Fierce     uses your DNS server for the initial SOA enquiry in addition to and thus uses     the target's DNS server for all additional queries past times default. -file       H5N1 file you lot would similar to output to live on logged to. -fulloutput When combined amongst -connect this volition output everything     the webserver sends back, non exactly the HTTP headers. -help       This screen. -nopattern  Don't role a search blueprint when looking for nearby     hosts.  Instead dump everything.  This is actually noisy but     is useful for finding other domains that spammers mightiness live on     using.  It volition likewise give you lot lots of faux positives,     peculiarly on large domains. -range      Scan an internal IP make (must live on combined amongst     -dnsserver).  Note, that this does non back upwardly a blueprint     in addition to volition only output anything it finds.  Usage:  perl fierce.pl -range 111.222.333.0-255 -dnsserver ns1.example.co  -search     Search list.  When vehement attempts to traverse upwardly in addition to     downwards ipspace it may run across other servers within other     domains that may belong to the same company.  If you lot render a     comma delimited listing to vehement it volition study anything found.     This is peculiarly useful if the corporate servers are named     unlike from Earth facing website.  Usage:  perl fierce.pl -dns examplecompany.com -search corpcompany,blahcompany      Note that using search could likewise greatly expand the seat out of     hosts found, equally it volition perish on to traverse 1 time it locates     servers that you lot specified inwards your search list.  The to a greater extent than the     better. -suppress   Suppress all TTY output (when combined amongst -file). -tcptimeout Specify a unlike timeout (default 10 seconds).  You     may desire to increase this if the DNS server you lot are querying     is wearisome or has a lot of network lag. -threads  Specify how many threads to role piece scanning (default   is unmarried threaded). -traverse   Specify a seat out of IPs to a higher house in addition to below whatever IP you lot     receive got institute to await for nearby IPs.  Default is v to a higher house in addition to     below.  Traverse volition non deed into other C blocks. -version    Output the version number. -wide       Scan the entire flat C later finding whatsoever matching     hostnames inwards that flat C.  This generates a lot to a greater extent than traffic     but tin uncover a lot to a greater extent than information. -wordlist   Use a seperate wordlist (one give-and-take per line).  Usage:  perl fierce.pl -dns examplecompany.com -wordlist dictionary.txt

fierce Usage Example
root@kali: # vehement -dns example.com   DNS Servers for example.com:     b.iana-servers.net     a.iana-servers.net  Trying zone transfer first... Testing b.iana-servers.net     Request timed out or transfer non allowed. Testing a.iana-servers.net     Request timed out or transfer non allowed.  Unsuccessful inwards zone transfer (it was worth a shot) Okay, trying the expert former fashioned way... animal forcefulness  Checking for wildcard DNS... Nope. Good. Now performing 2280 test(s)...