Fierce - Semi-Lightweight Scanner That Helps Locate Non-Contiguous Ip Infinite As Well As Hostnames Against Specified Domains
Fierce is a semi-lightweight scanner that helps locate non-contiguous IP infinite in addition to hostnames against specified domains.
It's actually meant equally a pre-cursor to nmap, unicornscan, nessus, nikto, etc, since all of those involve that you lot already know what IP infinite you lot are looking for.
This does non perform exploitation in addition to does non scan the whole network indiscriminately. It is meant specifically to locate probable targets both within in addition to exterior a corporate network.
Because it uses DNS primarily you lot volition oft notice mis-configured networks that leak internal address space. That's peculiarly useful inwards targeted malware.
Options:
-connect Attempt to brand http connections to whatsoever non RFC1918 (public) addresses. This volition output the render headers but live on warned, this could receive got a long fourth dimension against a fellowship amongst many targets, depending on network/machine lag. I wouldn't recommend doing this unless it's a modest fellowship or you lot receive got a lot of gratuitous fourth dimension on your hands (could receive got hours-days). Inside the file specified the text "Host:\n" volition live on replaced past times the host specified. Usage: perl fierce.pl -dns example.com -connect headers.txt -delay The seat out of seconds to hold off betwixt lookups. -dns The domain you lot would similar scanned. -dnsfile Use DNS servers provided past times a file (one per line) for opposite lookups (brute force). -dnsserver Use a item DNS server for opposite lookups (probably should live on the DNS server of the target). Fierce uses your DNS server for the initial SOA enquiry in addition to and thus uses the target's DNS server for all additional queries past times default. -file H5N1 file you lot would similar to output to live on logged to. -fulloutput When combined amongst -connect this volition output everything the webserver sends back, non exactly the HTTP headers. -help This screen. -nopattern Don't role a search blueprint when looking for nearby hosts. Instead dump everything. This is actually noisy but is useful for finding other domains that spammers mightiness live on using. It volition likewise give you lot lots of faux positives, peculiarly on large domains. -range Scan an internal IP make (must live on combined amongst -dnsserver). Note, that this does non back upwardly a blueprint in addition to volition only output anything it finds. Usage: perl fierce.pl -range 111.222.333.0-255 -dnsserver ns1.example.co -search Search list. When vehement attempts to traverse upwardly in addition to downwards ipspace it may run across other servers within other domains that may belong to the same company. If you lot render a comma delimited listing to vehement it volition study anything found. This is peculiarly useful if the corporate servers are named unlike from Earth facing website. Usage: perl fierce.pl -dns examplecompany.com -search corpcompany,blahcompany Note that using search could likewise greatly expand the seat out of hosts found, equally it volition perish on to traverse 1 time it locates servers that you lot specified inwards your search list. The to a greater extent than the better. -suppress Suppress all TTY output (when combined amongst -file). -tcptimeout Specify a unlike timeout (default 10 seconds). You may desire to increase this if the DNS server you lot are querying is wearisome or has a lot of network lag. -threads Specify how many threads to role piece scanning (default is unmarried threaded). -traverse Specify a seat out of IPs to a higher house in addition to below whatever IP you lot receive got institute to await for nearby IPs. Default is v to a higher house in addition to below. Traverse volition non deed into other C blocks. -version Output the version number. -wide Scan the entire flat C later finding whatsoever matching hostnames inwards that flat C. This generates a lot to a greater extent than traffic but tin uncover a lot to a greater extent than information. -wordlist Use a seperate wordlist (one give-and-take per line). Usage: perl fierce.pl -dns examplecompany.com -wordlist dictionary.txtfierce Usage Example
root@kali: # vehement -dns example.com DNS Servers for example.com: b.iana-servers.net a.iana-servers.net Trying zone transfer first... Testing b.iana-servers.net Request timed out or transfer non allowed. Testing a.iana-servers.net Request timed out or transfer non allowed. Unsuccessful inwards zone transfer (it was worth a shot) Okay, trying the expert former fashioned way... animal forcefulness Checking for wildcard DNS... Nope. Good. Now performing 2280 test(s)...