Fierce
Related Pages:
The fierce tool is the most helpful tool for the Reconnaissance, Information Gathering, and Scanning phase in the process of Penetration Testing or Network Testing. The working of this tool is very simple. At the very first stage, the tool performs scanning with brute-forcing attacks and can also perform zone transfer attacks on the target is possible. There are massive word lists that contain possible words, through which subdomains of the target can be enumerated. If the subdomain is not in the list, then there is no chance of detection of the subdomain on the target.
Additional Features and Functions
Saving
Unfortunately, there is no inbuilt function available for storing the results of the Fierce scan on the target at your disk. Although no saving function is available, so there is no feature to save the output in various formats. But you can redirect the output of the scan into any text file with some Linux skills and terminal commands.
Range Scan
One of the amazing functions or features of the Fierce tool is the Range scan. You can scan the range of IP address with a single click. –the range is the option that is mandatory while performing a range scan. You need to specify the IP address; like ( 192.168.28.4/24).
Dictionary file
A brute-forcing attack or method approach is used for enumeration or detection of subdomains associated with the target domain. The inbuilt wordlist file is activated when the installation of the Fierce tool is done on the system. But Fierce tool allows users to use custom subdomains wordlists with a massive number of possible subdomains words. –subdomain-file is the option for using the custom wordlists for brute-forcing.
Working with Fierce Tool on Kali Linux
Example 1: Basic
fierce --domain geeksforgeeks.org --subdomains write admin videosIn this Example, We are performing a simple scan using the subdomain words which include write, admin, videos. We have chosen geeksforgeeks.org as our target.
Example 2: Traverse IPs near discovered domains to search for contiguous blocks with the –traverse flag
In this Example, We are scanning domains near discovered records. Our target domain is geeksforgeeks.org
fierce --domain geeksforgeeks.org --subdomains videos --traverse 10
Example 3: Attempt an HTTP connection on domains discovered with the –connect flag
In this Example, We are attempting HTTP connection on the domains using the connect flag. We have chosen a different target for this Example, which is stackoverflow.com.
fierce --domain stackoverflow.com --subdomains mail --connect
Example 4: Exchange speed for breadth with the –wide flag, which looks for nearby domains on all IPs of the /24 of a discovered domain
In this example, We will scan the entire class of discovered records. (Full Detailed Scan)
fierce --domain geeksforgeeks.org --wide
Example 5: Zone transfers are rare these days, but they give us the keys to the DNS castle.
In this Example, We are performing a basic scan without any arguments on geeksforgeeks.org
fierce --domain geeksforgeeks.org
Last updated