Menu
▾
▴
Fierce_Domain_Scanner-en
Fierce_Domain_Scanner
Phase(s):
Primary: Reconnaissance.
Secondary: N/A.
Description:
Tool that performs detection of domains present on a network trough DNS queries and word dictionaries.
Objective:
- Identify domains in relationship with the application.
Features:
Supported technologies: Servers and DNS Servers.
Operative mode: Active.
Visualize the application resources.
- Identify domains in relationship with the application.
- Provides detected domains (IP addresses):
- Provides a pre-defined word dictionary of common domain names.
Reports:
Output reports: ✔
- Plain text file with the execution and results of the scan.
Basic usage:
Perform a basic scan. The following command initiates a basic scan on a domain.
./fierce.pl -dns [domain] -file [directory]/fierce.txt
Where:
- Domain: Domain to be scanned.
- Directory: Output directory to export the results.
The tool will begin with the detection of the DNS server for the specified domain.
Now logging to /security/fierce.txt
DNS Servers for domain.com:
ns1.domain.com
ns2.domain.com
ns3.domain.com
DNS Servers for domain.com:
ns1.domain.com
ns2.domain.com
ns3.domain.com
Once detected, the tool will begin to gather information for the DNS by performing queries on them (zone transfer) with the objective of detecting the listed domains, all in case these are configured in an insecure way.
Trying zone transfer first...
Testing ns1.domain.com
Request timed out or transfer not allowed.
Testing ns2.domain.com
Request timed out or transfer not allowed.
Testing ns3.domain.com
Request timed out or transfer not allowed.
Testing ns1.domain.com
Request timed out or transfer not allowed.
Testing ns2.domain.com
Request timed out or transfer not allowed.
Testing ns3.domain.com
Request timed out or transfer not allowed.
In case this test fails, the tool will move to detect domains by using a word dictionary (in which are present common domain names).
The execution time will be on relation to the size of the word dictionary specified within the tool (Now performing n test(s)...).
Now performing 1895 test(s)...
2xx.xxx.xxx.xxx administracion.domain.com
2xx.xxx.xxx.xxx admin.domain.com
2xx.xxx.xxx.xxx atlas.domain.com
2xx.xxx.xxx.xxx cache.domain.com
2xx.xxx.xxx.xxx cust1.domain.com
2xx.xxx.xxx.xxx administracion.domain.com
2xx.xxx.xxx.xxx admin.domain.com
2xx.xxx.xxx.xxx atlas.domain.com
2xx.xxx.xxx.xxx cache.domain.com
2xx.xxx.xxx.xxx cust1.domain.com
Finally, the tool will export the results on the specified location.
Example of results:
Now logging to /security/fierce.txt
DNS Servers for domain.com:
ns1.domain.com
ns2.domain.com
ns3.domain.com
Trying zone transfer first...
Testing ns1.domain.com
Request timed out or transfer not allowed.
Testing ns2.domain.com
Request timed out or transfer not allowed.
Testing ns3.domain.com
Request timed out or transfer not allowed.
Now performing 1895 test(s)...
2xx.xxx.xxx.xxx administracion.domain.com
2xx.xxx.xxx.xxx admin.domain.com
2xx.xxx.xxx.xxx atlas.domain.com
2xx.xxx.xxx.xxx cache.domain.com
2xx.xxx.xxx.xxx cust1.domain.com
DNS Servers for domain.com:
ns1.domain.com
ns2.domain.com
ns3.domain.com
Trying zone transfer first...
Testing ns1.domain.com
Request timed out or transfer not allowed.
Testing ns2.domain.com
Request timed out or transfer not allowed.
Testing ns3.domain.com
Request timed out or transfer not allowed.
Now performing 1895 test(s)...
2xx.xxx.xxx.xxx administracion.domain.com
2xx.xxx.xxx.xxx admin.domain.com
2xx.xxx.xxx.xxx atlas.domain.com
2xx.xxx.xxx.xxx cache.domain.com
2xx.xxx.xxx.xxx cust1.domain.com
Resources:
Link: http://ha.ckers.org/fierce/
Author(s): RSnake
Contact: http://ha.ckers.org/blog/about/
License: (C) Copywrite 2006,2007 - By RSnake
