Fierce

Last updated 3 months ago

Fierce

The fierce tool is the most helpful tool for the Reconnaissance, Information Gathering, and Scanning phase in the process of Penetration Testing or Network Testing. The working of this tool is very simple. At the very first stage, the tool performs scanning with brute-forcing attacks and can also perform zone transfer attacks on the target is possible. There are massive word lists that contain possible words, through which subdomains of the target can be enumerated. If the subdomain is not in the list, then there is no chance of detection of the subdomain on the target.

Additional Features and Functions

Saving

Unfortunately, there is no inbuilt function available for storing the results of the Fierce scan on the target at your disk. Although no saving function is available, so there is no feature to save the output in various formats. But you can redirect the output of the scan into any text file with some Linux skills and terminal commands.

Range Scan

One of the amazing functions or features of the Fierce tool is the Range scan. You can scan the range of IP address with a single click. –the range is the option that is mandatory while performing a range scan. You need to specify the IP address; like ( 192.168.28.4/24).

Dictionary file

A brute-forcing attack or method approach is used for enumeration or detection of subdomains associated with the target domain. The inbuilt wordlist file is activated when the installation of the Fierce tool is done on the system. But Fierce tool allows users to use custom subdomains wordlists with a massive number of possible subdomains words. –subdomain-file is the option for using the custom wordlists for brute-forcing.

Working with Fierce Tool on Kali Linux

Example 1: Basic

fierce --domain geeksforgeeks.org --subdomains write admin videos

In this Example, We are performing a simple scan using the subdomain words which include write, admin, videos. We have chosen geeksforgeeks.org as our target.

Example 2: Traverse IPs near discovered domains to search for contiguous blocks with the –traverse flag

In this Example, We are scanning domains near discovered records. Our target domain is geeksforgeeks.org

fierce --domain geeksforgeeks.org --subdomains videos --traverse 10

Example 3: Attempt an HTTP connection on domains discovered with the –connect flag

In this Example, We are attempting HTTP connection on the domains using the connect flag. We have chosen a different target for this Example, which is stackoverflow.com.

fierce --domain stackoverflow.com --subdomains mail --connect

Example 4: Exchange speed for breadth with the –wide flag, which looks for nearby domains on all IPs of the /24 of a discovered domain

In this example, We will scan the entire class of discovered records. (Full Detailed Scan)

fierce --domain geeksforgeeks.org --wide

Example 5: Zone transfers are rare these days, but they give us the keys to the DNS castle.

In this Example, We are performing a basic scan without any arguments on geeksforgeeks.org

fierce --domain geeksforgeeks.org

PreviousDNSRecon NextFile Inclusion