Fierce is a powerful DNS reconnaissance tool designed to help security professionals and developers gather crucial information about network infrastructure. It excels at discovering subdomains, scanning IP ranges, and performing various other DNS-related tasks that are essential for security audits and network analysis.

Fierce Command Examples

Below are common usage examples for the Fierce tool, illustrating its versatility in different scanning scenarios.

Scanning a Domain and Outputting to a File

This command initiates a DNS scan for a specified domain and saves the results to a designated output file. This is useful for later analysis or reporting.

fierce -dns <domain> -file <output_file>

Scanning with a Specific DNS Server

You can direct Fierce to use a particular DNS server for its queries, which can be helpful for testing specific DNS configurations or bypassing certain network restrictions.

fierce -dns <domain> -dnsserver <server>

Scanning an Internal IP Range

This functionality allows for scanning internal network segments to identify active hosts and their DNS records within a given IP range, using a specified DNS server.

fierce -range <ip-range> -dnsserver <server>

Scanning a Domain Using a Custom Wordlist

Leverage a custom wordlist to brute-force potential subdomains for a target domain. This method can uncover hidden or non-standard subdomains.

fierce -dns <domain> -wordlist <wordlist>

Advanced Scanning with Timeout and Traversal

Configure scan parameters such as TCP timeout and the number of IP addresses to branch from discovered addresses, enabling more in-depth and targeted reconnaissance.

fierce -dns <domain> -tcptimeout <# seconds> -traverse <# addresses>

Scanning Multiple Domains from a File

Process a list of domains from a file and perform a wide scan across the entire class C network for each discovered IP address, providing comprehensive network mapping.

fierce -dnsfile <file> -wide

External Resources

• IANA Domain Name System - Official information on domain name registration and management.
• DNS-OARC - A community for DNS operations, research, and analysis.
• OWASP DNS Reconnaissance - Information on DNS reconnaissance vulnerabilities and best practices.