Cenzic 232 Patent
Paid Advertising
web application security lab

Fierce 0.9.9 Multi-threading

Fierce domain scannerI’ve been wrestling with Fierce domain scanner for several months now, and upgrade it at least once every few weeks. Thanks to WhiteAcid who got me in touch with IceShaman we have now ported it to use multi-threading options. This is especially useful if you have PERL compiled with the useithreads option compiled into it. That can drastically reduce the time it takes to perform a scan, especially on a large domain. Oh, but that’s not all, I’ve heard a few complaints about not being able to use multiple DNS servers when you are doing lookups (this reduces the noise of a scan as it spreads it out to many DNS servers with the -dnsfile switch).

Fierce also now just assumes you want to use hosts.txt unless you otherwise state so. That can help when you are trying to quickly perform the scan. To take advantage of these new switches, try something like this:

perl fierce.pl -dns testdomain.com -wide -file output.txt -dnsfile dnsfile.txt -threads 40

The -wide switch makes Fierce search the entire class C for any matches - note that it sometimes errors with a deep recursion if it finds a lot of hosts on a single class C, but this doesn’t affect its functionality. It can slow it down around 51x (255/5) but it can also find a lot more hosts than without. Compare rambler.ru old default scan with rambler.ru new scan with -wide switch.

I’ve also fixed the issue with dumping the zone transfers. Now it will query each and every DNS server (primary, secondary and otherwise) and see if they can get zone transfers from each of them. That can drastically speed up the scan now that it works, and also fixes a bug where it would intermittently work (when one DNS server could transfer the zone and another one won’t - that was a frustrating bug fix). There has been a few minor other enhancements since the last time I posted about Fierce, not the least of which is a far better hosts.txt file that does a much better job of locating larger swaths of networks. Hopefully that will quell a lot of people’s feelings about what Fierce was lacking. So a huge thanks to IceShaman for doing a bulk of the changes, and look for more improvements in the future.

7 Responses to “Fierce 0.9.9 Multi-threading”

  1. hackathology Says:

    I am a big fan or fierce as always. Thank you Rsnake.

  2. Kyran Says:

    Wow! It seems like this is a fairly large improvement.
    Thanks RSnake and IceShaman.
    I’ll have to try it again when I get home, as I can’t SSH right now.

  3. hackathology Says:

    tried it just noe. There is a huge improvement in coding.

  4. dusoft Says:

    would it be possible to filter out wildcard domain names?

  5. RSnake Says:

    @dusoft - It is filtered out, I’m not sure what you mean. It does a test for wildcards and then removes anything that matches that IP address going forward to reduce false positives.

  6. dusoft Says:

    OK, because once it seemed to be looping somehow on a wildcard domain. But it was the previous version.

  7. Ralph Says:

    fierce is great dude.
    Cheers rsnake for the news!