Cenzic 232 Patent
Paid Advertising
web application security lab

Fierce 1.0

Okay, it’s about time. I am finally releasing Fierce 1.0 as a production ready DNS enumeration tool. What does that mean? It means it works. We have now gotten rid of all the kinks that made me think that it was crippled in a way that made me not want to rely on it. So what was fixed? Well, thanks to Jabra we have now patched fierce so that when it does a zone transfer it continues working, in the off chance that someone messes with the zone transfer to fool fierce into stopping before it sees the real output. Alas, it was a small but important issue to fix.

So! Much much more work to be done. Not the least of which is better dictionary support (especially with cnames like www.corp.company.com where “corp” represents a sub dictionary) better enumeration for things like www01, www02, etc… Future support to make it into a PERL module perhaps for bigger projects, etc… Lots to do! It’s a nice release, given that it’s been in beta for a year through countless sub revisions as we worked a lot of the production kinks out.

In other news, Fierce will be part of Backtrack 3.0. No word on when Backtrack 3 will be made production but you can download the beta now. So for those pen testers out there who rely on Backtrack for their toolset you will go without Fierce in your arsenal no longer. Jabra is the one who ported into backtrack as well. Anyway, big thanks to Jabra for the help!

11 Responses to “Fierce 1.0”

  1. Spyware Says:

    Fierce and BackTrack 3.0 in the same news post, it is Christmas after all :). Congrats with the whole project to everyone, and mad props to Jabra for his work!

  2. Ronald van den Heetkamp Says:

    Good job RSnake ;)

    For anyone who wants to know how to build something like it in PHP, I ported the main function to PHP. It’s a light version:

    http://www.0×000000.com/index.php?i=42

  3. RSnake Says:

    Someone noticed a minor bug in Fierce actually - I’d recommend waiting until we have a patch before downloading lest you get some false negatives in some special circumstances. Thanks to Sp0oKeR for identifying it.

  4. RSnake Says:

    Alright, it’s been fixed, 1.0.1 released!

  5. Guy Mizrahi Says:

    Great tool, Thanks.
    btw: Backtrack3 kick ass :-)

  6. --- Says:

    RSnake-

    Have you ever looked at the BiDiBLAH tool from sensepost?
    http://www.sensepost.com/research/bidiblah/

    It does much of what Fierce does, but also a bit more and allows you to do it interactively. Check it out.

  7. RSnake Says:

    @—, yes I have (haven’t downloaded it but went all through the tutorials several times before). Actually BiDiBLAH is one of my favorite (looking) tool (again because I’ve never actually downloaded it). Part of why I am writing fierce is because I wanted it to be a little more lightweight, I think have some better ideas on how to get deeper recon and ultimately BiDiBLAH relies way too much on search engines (which can be good and can be bad, depending on what you’re doing), where I have a lot of other things I want to integrate with. Plus, because it’s mine I get to make it look and feel however I want, given terrible time constraints, of course.

  8. NetBum Says:

    RSnake, do you have any perl scripts that can take a list of hostnames and convert them to ip addresses? Preferably light weight really fast?

  9. RSnake Says:

    @NetBum Jabra always had a great collection of little scripts to do exactly that kind of thing:

    http://spl0it.org/files/reverse
    http://spl0it.org/files/resolve

    $ cat hostnames.txt | ./resolve

  10. Jabra Says:

    Small update, Fierce 1.0 is included in BackTrack 4 Pre-Final

  11. NetBum Says:

    Thanks that worked perfectly! Only thing is it moves a little slow and doesn’t show the original hostnames alongside of the ip addresses in the results. I found a more advance one on this link http://www.perlmonks.org/?node_id=95821 but I can’t get it to work. It give me the following error.

    Error reading input file “resolve.in”:

    The commands I use to start the program in os x darwin is.
    1. chmod +x ./resolve.pl
    2. ./resolve.pl

    And I created a resolve.in files with domain names.
    Any suggestions?