Fierce
(Who@What):~$ Fierce is a DNS reconnaissance tool for locating non-contiguous IP space.
(When@Where):~$ Fierce is a reconnaissance tool that is best used in the initial information gathering phase of a penetration test. Fierce is commonly found in penetration testing distros such as Kali Linux. You can also download Fierce from https://github.com/fwaeytens/dnsenum.
(Why@How):~$ You would use Fierce to help gather name server information related to your target. This information would come in the form of IP addresses, domain name servers, mail exchange servers, and host names. This information is collected by way of enumeration from google or by brute force from dictionary files.
In this demonstration, I will be using the version of Fierce that is provided in the Kali Linux distro.
Step 1: Open the Fierce. You have two main options for accomplishing this.
Use the GUI. Click on the Kali icon in the upper right corner. Navigate to Information gathering > DNS Analysis. Click on Fierce.
A terminal window should appear listing the help information for Fierce.
Open the terminal and type “fierce”.
Step 2: To start a scan you will need to type in “fierce” followed by “--domain” and then the target’s hostname or ip address.
Step 3: Pressing enter will run the scan. Depending on your target and the success of the scan, your results will be listed below.
Additional Features and Functions:
Saving: Fierce does not include a builtin function for saving. It also cannot save results in multiple formats. If you wish to save your results your best options are to copy and paste the results from the terminal into a notepad. You can also use the redirect operand to save your results into a file.
Range Scan: Fierce allows you to scan ranges of IP addresses by way of network masks. The example below will scan the 10.0.0.0/24 network.
Dictionary file: Fierce will allow you to use custom wordlists as dictionary files to assist in brute force scanning of subdomains and hostnames. This can be done by using the “--subdomain-file” option. You can also add the entries into the command with the “--subdomains” option.
Leave a Comment