Introduction
Fierce is a very lightweight scanner – written by RSnake in perl.. that helps you locate IP space hostnames against specified targeted domain name. It provides different techniques to gather information about your victim. This tool starts with zone transfer technique and quickly switch into brute force mode if zone transfer feature is restricted.
As you know, we are using World most favourite penetration testing distribution BackTrack Linux 5 😉 and this application is by default available in the distro.
Let see its different usage. I will be analyzing alibaba.com DNS records.
Fierce Usage :
Jump into the application folder
cd /pentest/enumeration/dns/fierce
Usage:
perl fierce.pl [-dns example.com] [OPTIONS]
Some known usage :
-threads ( by default it run using a single thread )
-file ( save output to a file. )
-range ( this is awsome, scan internal ip range.. but it can be only use with -dnsserver option )
In our case 😉
perl fierce -dns alibaba.com -threads 5 -file alibaba-dns.output
You should see the following output :
Now logging to alibaba-dns.output
DNS Servers for alibaba.com:
nshz.alibabaonline.com
nsp2.alibabaonline.com
ns8.alibabaonline.com
nsp.alibabaonline.com
Trying zone transfer first…
Testing nshz.alibabaonline.com
Request timed out or transfer not allowed.
Testing nsp2.alibabaonline.com
Request timed out or transfer not allowed.
Testing ns8.alibabaonline.com
Request timed out or transfer not allowed.
Testing nsp.alibabaonline.com
Request timed out or transfer not allowed.
Unsuccessful in zone transfer (it was worth a shot)
Okay, trying the good old fashioned way… brute force
Checking for wildcard DNS…
** Found 97326869336.alibaba.com at 67.215.65.132.
** High probability of wildcard DNS.
Now performing 1895 test(s)…
205.204.112.6 ad.alibaba.com
205.204.112.1 au.alibaba.com
205.204.112.1 cache.alibaba.com
110.75.203.17 billing.alibaba.com
205.204.112.1 co.alibaba.com
110.75.197.7 cn.alibaba.com
205.204.116.17 channel.alibaba.com
205.204.124.3 crm.alibaba.com
—- Bingooo!! bla bla bla hundreds of thousands of records.