Friday, March 28, 2014

Fierce locate non-contiguous IP space and hostnames against specified domains




The final tool in the DNS Section is called fierce. It is a perl script written by rsnake. Fierce tries multiple techniques to find all the IP addresses and hostnames used by a target. These include – trying to dump the SOA records, do a zone transfer, searching for commonly used domain names with a dictionary attack, adjacency scan and a few more. Fierce is meant specifically to locate likely targets both inside and outside a corporate network. Only those targets are listed (unless the -nopattern switch is used). No exploitation is performed (unless you do something intentionally malicious with the -connect switch). Fierce is a reconnaissance tool. Fierce is a PERL script that quickly scans domains using several tactics.

root@VH0:~# cd /usr/share/fierce
root@VH0:/usr/share/fierce# wget http://ha.ckers.org/fierce/fierce.pl
--2014-02-18 12:00:12--  http://ha.ckers.org/fierce/fierce.pl
Resolving ha.ckers.org (ha.ckers.org)... 72.250.204.200
Connecting to ha.ckers.org (ha.ckers.org)|72.250.204.200|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 18169 (18K) [text/plain]
Saving to: `fierce.pl'

100%[======================================>] 18,169      37.7K/s   in 0.5s   

2014-02-18 12:00:18 (37.7 KB/s) - `fierce.pl' saved [18169/18169]

root@VH0:/usr/share/fierce# ls
fierce.pl  hosts.txt
root@VH0:/usr/share/fierce# wget http://ha.ckers.org/fierce/hosts.txt
--2014-02-18 12:00:33--  http://ha.ckers.org/fierce/hosts.txt
Resolving ha.ckers.org (ha.ckers.org)... 72.250.204.200
Connecting to ha.ckers.org (ha.ckers.org)|72.250.204.200|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 14683 (14K) [text/plain]
Saving to: `hosts.txt.1'

100%[======================================>] 14,683      31.0K/s   in 0.5s   

2014-02-18 12:00:34 (31.0 KB/s) - `hosts.txt.1' saved [14683/14683]

root@VH0:/usr/share/fierce#


Well the whole story of the author is written on their website – so, I am directly pasting some command that help web sec auditor to find out many things of target terminal.
·      perl fierce.pl -dns target-domain.com -search string1,string2

 

·      perl fierce.pl -range 10.10.10.0-255 -dnsserver ns1.example.com
·      perl fierce.pl -dns example.com -wide -file output.txt
·      perl fierce.pl -dns example.com -connect headers.txt -fulloutput -file output.txt
·      perl fierce.pl -dns example.com -wordlist dictionary.txt -file output.txt
·      perl fierce.pl -help
Thanks to RSnake and team for wonderful efforts on such perl scripts.
We can easily understand the script and read the function. fierce script is written in PERL.

No comments:

Post a Comment

Google+ Followers

Contact Form

Name

Email *

Message *