Fierce v2.0 released at (Security BSides Las Vegas 2010)

August 5, 2010

Fierce is a network enumeration tool that uses many techniques (mostly using DNS) to gather a list of IPs controlled by an organization. The most common method is to provide Fierce with a domain. Last week at Security BSides in Las Vegas, I gave a talk about the newest version of Fierce. Version 2.0 includes tons of new functionality that the original version lacked. I also discussed the new functionality of Fierce v2 on Security Justice Episode 26.

Here is a small breakdown of the new techniques: Interactive mode for scanning IPs ranges, TLD bruteforce (also with an interactive mode), Virtual host detection and enumeration, ARIN lookups including lookups for every Nethandle, Whois enumeration, Reporting engine that includes TXT, XML and HTML report formats, rewrote all of the techniques to be Object Oriented with threading, ability to exclude or include techniques to ensure fine grained control of the scan and a ton more!

I have also been working on an XML parser module to extract data from Fierce using Perl. Parsing XML allows pentesters to extract the data from tools so they can automate the mundane tasks and work on more difficult things. The module is already on CPAN.

The official release of Fierce v2.0 can be found at:

http://trac.assembla.com/fierce

To check out the latest version of Fierce v2 from subversion, simply run the following command:

 svn co https://svn.assembla.com/svn/fierce/fierce2/trunk/ fierce2/

The XML module (known as Fierce::Parser) can be found at:

http://search.cpan.org/~jabra/Fierce-Parser-0.08/lib/Fierce/Parser.pod

If you have any comments, questions or suggestions please let me know.

Advertisements

Security Justice Episode 26 – “I can replace this podcast with one line of Perl”

August 4, 2010

Back in early July, I was ask to make an appearance on the Security Justice podcast to discuss some of my projects (Fierce v2, Goal Oriented Pentesting and SQL Injection). Security Justice Episode #26.

It was pretty epic and we defiantly went off-topic, but it was a ton of fun.

“I can replace this podcast with one line of Perl!”

Worth a listen. Let me know what you think.

Regards,
Jabra