lunar (1) fierce.1.gz

Provided by: fierce_1.5.0-1_all bug

NAME

       fierce  -  DNS  scanner  that  helps  locate non-contiguous IP space and hostnames against
       specified domains.

SYNOPSIS

       fierce [-h] [--domain DOMAIN] [--connect] [--wide] [--traverse TRAVERSE] [--search  SEARCH
       [SEARCH  ...]] [--range RANGE] [--delay DELAY] [--subdomains SUBDOMAINS [SUBDOMAINS ...] |
       --subdomain-file SUBDOMAIN_FILE] [--dns-servers DNS_SERVERS [DNS_SERVERS ...] | --dns-file
       DNS_FILE] [--tcp]

DESCRIPTION

       Fierce  is  a  semi-lightweight  scanner  that  helps  locate  non-contiguous IP space and
       hostnames against specified domains. It's really meant as a pre-cursor to  nmap,  OpenVAS,
       nikto, etc, since all of those require that you already know what IP space you are looking
       for.   This  does  not  perform  exploitation  and  does  not  scan  the  whole   internet
       indiscriminately.  It  is  meant  specifically  to  locate  likely targets both inside and
       outside a corporate network.  Because it uses DNS  primarily  you  will  often  find  mis-
       configured networks that leak internal address space. That's especially useful in targeted
       malware.  Originally written by RSnake along with others at http://ha.ckers.org/.  This is
       simply a conversion to Python 3 to simplify and modernize the codebase.

OPTIONS

         -h, --help            show this help message and exit
         --domain DOMAIN       domain name to test
         --connect             attempt HTTP connection to non-RFC 1918 hosts
         --wide                scan entire class c of discovered records
         --traverse  TRAVERSE   scan IPs near discovered records, this won't enter adjacent class
       c's
         --search SEARCH [SEARCH ...]
                               filter on these domains when expanding lookup
         --range RANGE         scan an internal IP range, use cidr notation
         --delay DELAY         time to wait between lookups
         --subdomains SUBDOMAINS [SUBDOMAINS ...]
                               use these subdomains
         --subdomain-file SUBDOMAIN_FILE
                               use subdomains specified in this file (one per line)
         --dns-servers DNS_SERVERS [DNS_SERVERS ...]
                               use these dns servers for reverse lookups
         --dns-file DNS_FILE   use dns servers specified in this file for  reverse  lookups  (one
       per line)
         --tcp                 use TCP instead of UDP

EXAMPLES

       Something basic:
              $ fierce --domain google.com --subdomains accounts admin ads

       Traverse IPs near discovered domains to search for contiguous blocks with the `--traverse`
       flag:
              $ fierce --domain facebook.com --subdomains admin --traverse 10

       Limit nearby IP traversal to certain domains with the `--search` flag:
              $ fierce --domain facebook.com --subdomains admin --search fb.com fb.net

       Attempt an `HTTP` connection on domains discovered with the `--connect` flag:
              $ fierce --domain stackoverflow.com --subdomains mail --connect

       Exchange speed for breadth with the `--wide` flag, which looks for nearby domains  on  all
       IPs          of          the          [/24](https://en.wikipedia.org/wiki/Classless_Inter-
       Domain_Routing#IPv4_CIDR_blocks) of a discovered domain:
              $ fierce --domain facebook.com --wide

       Zone transfers are rare these days,  but  they  give  us  the  keys  to  the  DNS  castle.
       [zonetransfer.me](https://digi.ninja/projects/zonetransferme.php) is a very useful service
       for testing for and learning about zone transfers:
              $ fierce --domain zonetransfer.me

       To save the results to a file for later use we can simply redirect output:
              $ fierce --domain zonetransfer.me > output.txt

       Internal networks will often have large blocks of contiguous IP  space  assigned.  We  can
       scan those as well:
              $ fierce --dns-servers 10.0.0.1 --range 10.0.0.0/24

                                                                                        FIERCE(1)