Thursday, August 26, 2010

Fierce DomainScanner

About Fierce the DomainScanner

Fierce is currently used as a brute force Domain Scanner. This means that you feed it the domain eg,, along with some of the variations that the domain uses for sub domains rs100,rs101 and so on. It will the then try to find anything matching the Domain within the subnets it find scanning up and down the range for more addresses matching the supplied Domain. Currently I use the following sites to generate the wordlists that will be used for the brute force. to generate the strings that I gather from

How to use Fierce.


This is the default brute force list that fierce will use if another isnt supplied through the –wordlist command.

This is the main script. The for help type perl –help. Default example is perl –dns –file This will scan the rapidshare domain using the default hosts.txt file and output the information to the fire

Other useful commands

-wide   This will scan the whole range as opposed to the default which is 5 either side of a conformed hit.

-wordlist  textfile.txt      This is to supply a custom brute force list.

Example; perl –dns –wide –wordlist rapidshare.txt –file

This will scan using all the variations supplied in the rapidshare.txt file. Any hits it does get it will scan up and down the whole subnet range for more hits and then output the information to a file called


The limitation I have found are if you supply far to many variations to the brute force lists, it can cause the script to either fall over and not complete or to take days to complete. Normally around 30-40 Thousand will run fine, though these can still fall over, over 100 Thousand and its highly unlikely that the script will complete.

Its best to create a wordlist for each domain to keep the number of brute force entries to a minimum.

perl -dns -wide -threads 50 -wordlist filename -file outputfile

Thanks to the Great People at for the code and know how.

No comments:

Post a Comment