Fierce v2 – Joshua “Jabra” Abraham
I’m Jabra… I do a lot of programming in Perl
What is Fierce?
Written by Robert “rsnake” Hansen, designed to do lots of DNS recon techniques
Since then, it’s been rewritten into a brand new tool, more options, better….
Version 2 – README .:
What is new in 2.0?
Fierce v2.0 is a complete rewrite of version 1.0. Fierce 1.0 was a combination
multiple network enumeration techniques in a single large Perl script. With
Fierce v2.0 the techniques have been abstracted from the main fierce script so
that it is easier to read, modify and maintain. This will enable faster
development and greater flexibility.
Each technique has been coverted into a Perl module that they can be used used
by the main fierce script. There are also several new techniques that been
added with version 2.0, such as virtual host detection, extension bruteforcing
and subdomain bruteforcing. Version 2.0 also included the addition of
a template based output system. We have included stdout/text, html and xml
formats. Leveraging the xml format is very easy, since we have even built an
xml parsing module that is available on CPAN.
(click on Fierce::Parser, this will bring you to the latest version of the
Fierce Version 2 is a lot more complex than the simple brute-force that was used in the earlier versions.
Each technique is a module that’s included in the main script. This allows you to break out the functionality you require and develop modules without changing the core of the script.
Allows for prefixes to be passed through the command line… If none is passed, use default list
Support for top-level domain brute-forcing (i.e check .co.uk, .com, .xxx, …)
Ability to blacklist techniques that shouldn’t be run! Good to avoid triggering alarms on things like Zone Transfer attempts
New technique added to find virtual-hosts based on the IP search through MSN.com
FindNearbyHosts –> By putting in the domain and company name, you can identify PTR records that point back to the same domain
Code is much more readable that Fierce v1 –> Even I can read it…. and I don’t know Perl 😉
Erin Lookups on company names to find possible domains
Modules that use threading are marked with a t at the start of the module name. This allows them to be easily identified.
Threading handled by setting a queue of tasks and iterate through them.
Note: This talk was 100% live demo… no slides. Much respect for that! Checkout the video for the true Fierce v2 Experience