Fierce v2.0 released at (Security BSides Las Vegas 2010)

Fierce is a network enumeration tool that uses many techniques (mostly using DNS) to gather a list of IPs controlled by an organization. The most common method is to provide Fierce with a domain. Last week at Security BSides in Las Vegas, I gave a talk about the newest version of Fierce. Version 2.0 includes tons of new functionality that the original version lacked. I also discussed the new functionality of Fierce v2 on Security Justice Episode 26.

Here is a small breakdown of the new techniques: Interactive mode for scanning IPs ranges, TLD bruteforce (also with an interactive mode), Virtual host detection and enumeration, ARIN lookups including lookups for every Nethandle, Whois enumeration, Reporting engine that includes TXT, XML and HTML report formats, rewrote all of the techniques to be Object Oriented with threading, ability to exclude or include techniques to ensure fine grained control of the scan and a ton more!

I have also been working on an XML parser module to extract data from Fierce using Perl. Parsing XML allows pentesters to extract the data from tools so they can automate the mundane tasks and work on more difficult things. The module is already on CPAN.

The official release of Fierce v2.0 can be found at:

http://trac.assembla.com/fierce

To check out the latest version of Fierce v2 from subversion, simply run the following command:

 svn co https://svn.assembla.com/svn/fierce/fierce2/trunk/ fierce2/

The XML module (known as Fierce::Parser) can be found at:

http://search.cpan.org/~jabra/Fierce-Parser-0.08/lib/Fierce/Parser.pod

If you have any comments, questions or suggestions please let me know.

About these ads

3 Responses to Fierce v2.0 released at (Security BSides Las Vegas 2010)

  1. CarCaBot says:

    Thanks for this tool. is Great!

  2. erwinpdev says:

    Download location does not seem to work due to misconfiguration.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: