Fierce is a semi-lightweight scanner that helps locate non-contiguous IP space and hostnames against specified domains. It's really meant as a pre-cursor to nmap, unicornscan, nessus, nikto, etc, since all of those require that you already know what IP space you are looking for. This does not perform exploitation and does not scan the whole internet indiscriminately. It is meant specifically to locate likely targets both inside and outside a corporate network. Because it uses DNS primarily you will often find mis-configured networks that leak internal address space. That's especially useful in targeted malware .
Installing
$ python -m pip install fierce
$ fierce -h
OR
$ git clone https://github.com/mschwager/fierce.git
$ cd fierce
$ python -m pip install -r requirements.txt
$ python fierce/fierce.py -h
Requires Python 3.
Using
Let's start with something basic:
$ fierce --domain google.com --subdomains accounts admin ads
Traverse IPs near discovered domains to search for contiguous blocks with the --traverse flag:
$ fierce --domain facebook.com --subdomains admin --traverse 10
Limit nearby IP traversal to certain domains with the --search flag:
$ fierce --domain facebook.com --subdomains admin --search fb.com fb.net
Sources
https://github.com/mschwager/fierce
Comments