Friday, March 28, 2014

Fierce locate non-contiguous IP space and hostnames against specified domains

The final tool in the DNS Section is called fierce. It is a perl script written by rsnake. Fierce tries multiple techniques to find all the IP addresses and hostnames used by a target. These include – trying to dump the SOA records, do a zone transfer, searching for commonly used domain names with a dictionary attack, adjacency scan and a few more. Fierce is meant specifically to locate likely targets both inside and outside a corporate network. Only those targets are listed (unless the -nopattern switch is used). No exploitation is performed (unless you do something intentionally malicious with the -connect switch). Fierce is a reconnaissance tool. Fierce is a PERL script that quickly scans domains using several tactics.

root@VH0:~# cd /usr/share/fierce
root@VH0:/usr/share/fierce# wget
--2014-02-18 12:00:12--
Resolving (
Connecting to (||:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 18169 (18K) [text/plain]
Saving to: `'

100%[======================================>] 18,169      37.7K/s   in 0.5s   

2014-02-18 12:00:18 (37.7 KB/s) - `' saved [18169/18169]

root@VH0:/usr/share/fierce# ls  hosts.txt
root@VH0:/usr/share/fierce# wget
--2014-02-18 12:00:33--
Resolving (
Connecting to (||:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 14683 (14K) [text/plain]
Saving to: `hosts.txt.1'

100%[======================================>] 14,683      31.0K/s   in 0.5s   

2014-02-18 12:00:34 (31.0 KB/s) - `hosts.txt.1' saved [14683/14683]


Well the whole story of the author is written on their website – so, I am directly pasting some command that help web sec auditor to find out many things of target terminal.
·      perl -dns -search string1,string2


·      perl -range -dnsserver
·      perl -dns -wide -file output.txt
·      perl -dns -connect headers.txt -fulloutput -file output.txt
·      perl -dns -wordlist dictionary.txt -file output.txt
·      perl -help
Thanks to RSnake and team for wonderful efforts on such perl scripts.
We can easily understand the script and read the function. fierce script is written in PERL.

No comments:

Post a Comment

Google+ Followers

Contact Form


Email *

Message *