Changeset 243


Ignore:
Timestamp:
11/03/09 14:24:03 (4 years ago)
Author:
sullo
Message:

Random wording updates ('cause I'm like that) and updated perl mod list

File:
1 edited

Legend:

Unmodified
Added
Removed

  • fierce2/branch/README

    r190 r243  
    1212 
    1313Fierce 2.0 is a complete rewrite of the Fierce code using a modular method of 
    14 development. Therefore, many of the pieces can be used as there own entity. 
     14development. Therefore, many of the pieces can be used as their own entity. 
    1515This will allow people to quickly create scripts using one or more features of 
    1616Fierce. 
    1717 
    1818Obviously, Fierce 2.0 will include the Fierce script which uses the new 
    19 modules. This will allow the code to be more readable and this will enable 
    20 a faster development and greater flexibility. 
     19modules. This will allow the code to be more readable and will enable faster  
     20development and greater flexibility. 
    2121 
    2222Another major improvement in Fierce 2.0, is the testing framework. Each module 
    23 will have an included set of tests. This will allow us to verify things are 
    24 working the way they should. 
     23will have an included set of tests, allowing us to verify things are working  
     24the way they should. 
    2525 
    2626 
     
    4646 
    4747First it queries your DNS for the DNS servers of the target. It then switches 
    48 to using the target's DNS server (you can use a different one if you want using 
    49 the -dnsserver switch but this can cause problems if the server you use won't 
     48to using the target's DNS server (you can use a different one if you want by using 
     49the -dnsserver switch, but this can cause problems if the server you use won't 
    5050tell you information about other people's sites and of course you won't find 
    5151much relevant internal address space). Fierce then attempts to dump the SOA 
     
    7676Also, I've added a "search" option that allows you to find other non-related 
    7777domain names. For example, let's say my target's domain is widget.com but I 
    78 know they have email addresses like soandso@widgetcompany.com and own another 
    79 company called nutsandbolts.com I can add search queries. This won't scan for 
    80 those domains, but if those names pop up, it won't ignore them. Fierce will 
    81 report on anything inside the search pattern as long as it matches. If you want 
    82 everything I guess you could put a,b,c,...,x,y,z but I'll probably make 
     78know they have email addresses like soandso@widgetcompany.com, and own a  
     79company called nutsandbolts.com--for these I can add search queries. This won't  
     80scan for those domains, but if those names pop up, it won't ignore them. Fierce 
     81will report on anything inside the search pattern as long as it matches. If you 
     82want everything you could put a,b,c,...,x,y,z, but I'll probably make 
    8383something in the future to allow for scanning/reporting the entire C block once 
    8484anything is found in it that matches the DNS string. Here's the syntax: 
     
    124124amazing. If you don't get many results, that could be one of three things, 1) 
    125125you aren't scanning their corporate domain, you are only scanning their 
    126 external domain which they only have one or two machines on 2) it's a very 
    127 small company or 3) you typo'd the domain name (I haven't built any checks to 
     126external domain which they only have one or two machines on, 2) it's a very 
     127small company, or 3) you typo'd the domain name (I haven't built any checks to 
    128128make sure the domain you entered is valid). 
    129129 
    130130Requirements: This is a Perl program requiring the Perl interpreter with the 
    131 modules Net::DNS and Net::hostent. You can install modules using CPAN: 
     131additional perl modules listed below. You can install modules using CPAN: 
    132132 
    133     perl -MCPAN -e 'install Net::DNS' 
    134     perl -MCPAN -e 'install Net::hostent' 
     133        perl -MCPAN -e 'install Net::DNS' 
     134        perl -MCPAN -e 'install Net::CIDR' 
     135        perl -MCPAN -e 'install Net::Whois::ARIN' 
     136        perl -MCPAN -e 'install Object::InsideOut' 
     137        perl -MCPAN -e 'install Template' 
     138        perl -MCPAN -e 'install Test::Class' 
     139        perl -MCPAN -e 'install HTML::SimpleLinkExtor' 
     140        perl -MCPAN -e 'install threads' 
     141        perl -MCPAN -e 'install threads::shared' 
     142        perl -MCPAN -e 'install Thread::Queue' 
    135143 
    136144Windows users: You can use Fierce under Windows if you use Cygwin with Perl and 
    137 the above two modules installed. I have not tested this using ActivePerl in 
     145the above modules installed. I have not tested this using ActivePerl in 
    138146Windows, so I would recommend Cygwin until ActivePerl can be thoroughly tested. 
    139147I am/was working on a win32 version of Fierce, but have put the project on 
     
    141149 
    142150Version: Fierce is currently at version 2.0 - 12/20/2007 
    143  
    144 Download: fierce.pl 
    145  
    146 Download: hosts.txt 
    147151 
    148152(Thanks to Robert E Lee for the help with this and to Michael Thumann's 
     
    154158I've performed it's exceptionally effective at finding non-contiguous IP blocks 
    155159and new attack points. This should be considered a pre-cursor to nmap, 
    156 unicornscan or nessus as it gives you enough information to begin a much more 
     160unicornscan or nessus, as it gives you enough information to begin a much more 
    157161thorough scan with one of those other tools. Also, it can point out DNS entries 
    158162for hosts that are no longer up or have not yet been put into production. 
Note: See TracChangeset for help on using the changeset viewer.