Fierce

Fierce is a semi-lightweight DNS scanner designed to help locate non-contiguous IP space and hostnames for specified domains. It's particularly useful as a pre-cursor to scanning tools like nmap, unicornscan, nessus, or nikto, which require prior knowledge of the target IP space. The tool does not perform exploitation or indiscriminate internet scanning but focuses on pinpointing likely targets both within and outside corporate networks.

Because it primarily uses DNS queries, Fierce often reveals misconfigured networks that leak internal address space, making it valuable for targeted reconnaissance and malware development. It first attempts zone transfers and falls back to brute-force techniques when necessary. Originally developed by RSnake and contributors at ha.ckers.org, this version has been modernized with a Python 3 conversion for improved compatibility and maintenance.

Fierce is especially effective against networks with poor DNS configurations, enabling the discovery of hidden subdomains and IP ranges that might otherwise go unnoticed.

Fierce operates primarily through DNS queries, starting with attempts at zone transfers from the domain's nameservers (e.g., testing servers like b.iana-servers.net). If zone transfers fail or are blocked, it resorts to brute-force enumeration of 2280 potential subdomains. It also checks for wildcard DNS records before proceeding with tests. Additional techniques include scanning internal IP ranges in CIDR notation, expanding lookups with search domains, and optionally attempting HTTP connections or TCP checks on discovered non-RFC 1918 hosts. The tool respects Class C boundaries in traversal modes and can widen scans to entire Class C subnets.