A DNS reconnaissance tool for locating non-contiguous IP space.
Project description
Fierce
Fierce is a DNS reconnaissance tool for locating non-contiguous IP space.
Useful links:
- Domain Name System (DNS)
- Name Servers (NS)
- State of Authority Record (SOA)
- Zone Transfer
- Wildcard DNS Record
Overview
First, credit where credit is due, fierce was originally written by RSnake
along with others at http://ha.ckers.org/. This is simply a conversion to
Python 3 to simplify and modernize the codebase.
The original description was very apt, so I'll include it here:
Fierce is a semi-lightweight scanner that helps locate non-contiguous IP space and hostnames against specified domains. It's really meant as a pre-cursor to nmap, unicornscan, nessus, nikto, etc, since all of those require that you already know what IP space you are looking for. This does not perform exploitation and does not scan the whole internet indiscriminately. It is meant specifically to locate likely targets both inside and outside a corporate network. Because it uses DNS primarily you will often find mis-configured networks that leak internal address space. That's especially useful in targeted malware.
Installing
$ python -m pip install fierce
$ fierce -h
OR
$ git clone https://github.com/mschwager/fierce.git
$ cd fierce
$ python -m pip install -r requirements.txt
$ python fierce/fierce.py -h
Requires Python 3.
Using
Let's start with something basic:
$ fierce --domain google.com --subdomains accounts admin ads
Traverse IPs near discovered domains to search for contiguous blocks with the
--traverse flag:
$ fierce --domain facebook.com --subdomains admin --traverse 10
Limit nearby IP traversal to certain domains with the --search flag:
$ fierce --domain facebook.com --subdomains admin --search fb.com fb.net
Attempt an HTTP connection on domains discovered with the --connect flag:
$ fierce --domain stackoverflow.com --subdomains mail --connect
Exchange speed for breadth with the --wide flag, which looks for nearby
domains on all IPs of the /24
of a discovered domain:
$ fierce --domain facebook.com --wide
Zone transfers are rare these days, but they give us the keys to the DNS castle. zonetransfer.me is a very useful service for testing for and learning about zone transfers:
$ fierce --domain zonetransfer.me
To save the results to a file for later use we can simply redirect output:
$ fierce --domain zonetransfer.me > output.txt
Internal networks will often have large blocks of contiguous IP space assigned. We can scan those as well:
$ fierce --dns-servers 10.0.0.1 --range 10.0.0.0/24
Check out --help for further information:
$ fierce --help
Developing
First, install development packages:
$ python -m pip install -r requirements.txt
$ python -m pip install -r requirements-dev.txt
$ python -m pip install -e .
Testing
$ pytest
Linting
$ flake8
Coverage
$ pytest --cov
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
File details
Details for the file fierce-1.4.0-py3-none-any.whl.
File metadata
- Download URL: fierce-1.4.0-py3-none-any.whl
- Upload date:
- Size: 110.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/2.0.0 pkginfo/1.5.0.1 requests/2.20.1 setuptools/41.2.0 requests-toolbelt/0.9.1 tqdm/4.32.2 CPython/3.6.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | bd5cad62c43125dc4a41a038aace38ae16825cff4e3840b544341e16f208fcdf |
|
| MD5 | e6379a9d0c54211c640ef10a1f73801f |
|
| BLAKE2b-256 | 7bbc25f1cfc17ea3c47b916911e3670cfda2255972129751260678e7bcd3c470 |
