Fierce 1.0
Okay, it’s about time. I am finally releasing Fierce 1.0 as a production ready DNS enumeration tool. What does that mean? It means it works. We have now gotten rid of all the kinks that made me think that it was crippled in a way that made me not want to rely on it. So what was fixed? Well, thanks to Jabra we have now patched fierce so that when it does a zone transfer it continues working, in the off chance that someone messes with the zone transfer to fool fierce into stopping before it sees the real output. Alas, it was a small but important issue to fix.
So! Much much more work to be done. Not the least of which is better dictionary support (especially with cnames like www.corp.company.com where “corp” represents a sub dictionary) better enumeration for things like www01, www02, etc… Future support to make it into a PERL module perhaps for bigger projects, etc… Lots to do! It’s a nice release, given that it’s been in beta for a year through countless sub revisions as we worked a lot of the production kinks out.
In other news, Fierce will be part of Backtrack 3.0. No word on when Backtrack 3 will be made production but you can download the beta now. So for those pen testers out there who rely on Backtrack for their toolset you will go without Fierce in your arsenal no longer. Jabra is the one who ported into backtrack as well. Anyway, big thanks to Jabra for the help!
December 20th, 2007 at 10:46 am
Fierce and BackTrack 3.0 in the same news post, it is Christmas after all :). Congrats with the whole project to everyone, and mad props to Jabra for his work!
December 20th, 2007 at 2:48 pm
Good job RSnake
For anyone who wants to know how to build something like it in PHP, I ported the main function to PHP. It’s a light version:
http://www.0×000000.com/index.php?i=42
December 20th, 2007 at 3:23 pm
Someone noticed a minor bug in Fierce actually - I’d recommend waiting until we have a patch before downloading lest you get some false negatives in some special circumstances. Thanks to Sp0oKeR for identifying it.
December 20th, 2007 at 8:49 pm
Alright, it’s been fixed, 1.0.1 released!
December 28th, 2007 at 4:59 pm
Great tool, Thanks.
btw: Backtrack3 kick ass
January 9th, 2008 at 1:21 pm
RSnake-
Have you ever looked at the BiDiBLAH tool from sensepost?
http://www.sensepost.com/research/bidiblah/
It does much of what Fierce does, but also a bit more and allows you to do it interactively. Check it out.
January 9th, 2008 at 5:07 pm
@—, yes I have (haven’t downloaded it but went all through the tutorials several times before). Actually BiDiBLAH is one of my favorite (looking) tool (again because I’ve never actually downloaded it). Part of why I am writing fierce is because I wanted it to be a little more lightweight, I think have some better ideas on how to get deeper recon and ultimately BiDiBLAH relies way too much on search engines (which can be good and can be bad, depending on what you’re doing), where I have a lot of other things I want to integrate with. Plus, because it’s mine I get to make it look and feel however I want, given terrible time constraints, of course.