Repository files navigation

Fierce is aDNS reconnaissance tool for locating non-contiguous IP space.

Useful links:

• Domain Name System (DNS)
  • Domain Names - Concepts and Facilities
  • Domain Names - Implementation and Specification
  • Threat Analysis of the Domain Name System (DNS)
• Name Servers (NS)
• State of Authority Record (SOA)
• Zone Transfer
  • DNS Zone Transfer Protocol (AXFR)
  • Incremental Zone Transfer in DNS (IXFR)
• Wildcard DNS Record

First, credit where credit is due,fierce wasoriginally writtenby RSnake along with others athttp://ha.ckers.org/. This is simply aconversion to Python 3 to simplify and modernize the codebase.

The original description was very apt, so I'll include it here:

Fierce is a semi-lightweight scanner that helps locate non-contiguousIP space and hostnames against specified domains. It's really meantas a pre-cursor to nmap, unicornscan, nessus, nikto, etc, since allof those require that you already know what IP space you are lookingfor. This does not perform exploitation and does not scan the wholeinternet indiscriminately. It is meant specifically to locate likelytargets both inside and outside a corporate network. Because it usesDNS primarily you will often find mis-configured networks that leakinternal address space. That's especially useful in targeted malware.

$ python -m pip install fierce$ fierce -h

OR

$ git clone https://github.com/mschwager/fierce.git$ cd fierce$ python -m pip install dnspython==1.16.0$ python fierce/fierce.py -h

Let's start with something basic:

$ fierce --domain google.com --subdomains accounts admin ads

Traverse IPs near discovered domains to search for contiguous blocks with the--traverse flag:

$ fierce --domain facebook.com --subdomains admin --traverse 10

Limit nearby IP traversal to certain domains with the--search flag:

$ fierce --domain facebook.com --subdomains admin --search fb.com fb.net

Attempt anHTTP connection on domains discovered with the--connect flag:

$ fierce --domain stackoverflow.com --subdomains mail --connect

Exchange speed for breadth with the--wide flag, which looks for nearbydomains on all IPs of the/24of a discovered domain:

$ fierce --domain facebook.com --wide

Zone transfers are rare these days, but they give us the keys to the DNS castle.zonetransfer.me is a veryuseful service for testing for and learning about zone transfers:

$ fierce --domain zonetransfer.me

To save the results to a file for later use we can simply redirect output:

$ fierce --domain zonetransfer.me > output.txt

Internal networks will often have large blocks of contiguous IP space assigned.We can scan those as well:

$ fierce --dns-servers 10.0.0.1 --range 10.0.0.0/24

Check out--help for further information:

$ fierce --help

First, installpoetry and development packages:

$ poetry install --with dev

$ poetry run pytest

$ poetry run flake8

$ poetry run pytest --cov