# Fierce$ Penetration Testing Course – Section 1: Introduction to Fierce$
## Introduction to Fierce$
Fierce$ is an advanced, powerful domain reconnaissance tool specifically designed for penetration testers and cybersecurity professionals. Its primary function is to perform DNS reconnaissance, allowing users to identify hosts within a domain, discover subdomains, and find useful information that can be leveraged in further penetration testing. In this section, we will delve into the installation, configuration, and practical applications of Fierce$ on the Kali Linux platform.
## Installation and Configuration on Kali Linux
### Prerequisites
Before we proceed with the installation of Fierce$, ensure that your Kali Linux environment is up to date. You can update your system by running the following commands:
"`bash
sudo apt update && sudo apt upgrade -y
"`
### Installing Fierce$
Fierce$ is a Perl-based tool, and it may not be included in older versions of Kali Linux by default. You can install it manually by following these steps:
1. **Install Required Packages**: Fierce$ requires `dnsutils` and `libnet-dns-perl`. Install them using the following command:
sudo apt install dnsutils libnet-dns-perl -y
2. **Download Fierce$**: You can download Fierce$ from its GitHub repository. Use the following command:
git clone https://github.com/mschwager/fierce.git
3. **Navigate to the Directory**: Change your working directory to the newly cloned Fierce$ folder:
cd fierce
4. **Execution Permission**: Make sure the `fierce.pl` script is executable:
chmod +x fierce.pl
5. **Running Fierce$**: You can now run Fierce$ using Perl. The script can be executed with the following command:
perl fierce.pl
### Configuration
Fierce$ does not require extensive configuration. However, you can modify the following parameters in the script to suit your environment:
– **DNS Server**: If you want to specify a particular DNS server for queries, you can adjust the DNS server settings within the script.
– **Timeout Values**: Depending on your network conditions, you may want to modify the timeout settings for DNS queries.
## Step-by-Step Usage of Fierce$
Fierce$ offers a variety of features, including DNS brute-forcing, zone transfers, and host lookups. In this section, we will take a closer look at how to use these features step by step.
### Basic Usage
To get started with Fierce$, you can simply run the following command with the target domain:
"`bash
perl fierce.pl -dns example.com
"`
This command will initiate a basic scan on the provided domain and attempt to gather as much information as possible.
### Options and Features
Fierce$ provides several command-line options to customize your scan. Below are the most commonly used options:
– **`-dns`**: Specify the target domain for reconnaissance.
– **`-search`**: Search for IP addresses associated with the domain.
– **`-sub`**: Perform subdomain enumeration.
– **`-w`**: Use a wordlist for brute-forcing subdomains.
– **`-help`**: Display help information regarding usage.
#### Example Commands
1. **Subdomain Enumeration**:
To enumerate subdomains for a target domain, use the `-sub` option:
perl fierce.pl -dns example.com -sub
2. **Brute-Force Subdomains with a Wordlist**:
You can use a custom wordlist to brute-force subdomains:
perl fierce.pl -dns example.com -w /path/to/wordlist.txt
3. **DNS Search**:
To search for DNS records related to a domain:
perl fierce.pl -dns example.com -search
### Real-World Use Cases
Fierce$ can be effectively used in various real-world scenarios during a penetration test. Here are a few use cases illustrating its power and utility:
#### Use Case 1: Identifying Weaknesses in Subdomain Takeovers
A penetration tester is tasked with assessing the security of a company’s web presence. By running Fierce$ against the target domain, the tester identifies several subdomains, some of which are inactive. This information can be leveraged to perform subdomain takeovers if misconfigurations are found in DNS or web hosting services.
#### Use Case 2: Mapping Out a Network for Further Exploitation
During a red team engagement, a penetration tester uses Fierce$ to map out all active hosts and their subdomains under a target organization. This mapping helps to identify potential entry points and plan the next steps for exploitation, including social engineering and network attacks.
#### Use Case 3: Reconnaissance for Social Engineering Attacks
Fierce$ can also assist in collecting information for social engineering attacks. By enumerating subdomains, a penetration tester can gather email addresses and user accounts associated with those subdomains, which can then be used to impersonate the target in phishing campaigns.
## Detailed Technical Explanations
### DNS Enumeration Techniques
Fierce$ employs various techniques to perform DNS enumeration, including:
1. **Zone Transfers**: If the DNS server allows it, Fierce$ will attempt to perform a zone transfer (AXFR) to gather all DNS records associated with the domain.
2. **Brute Force**: By utilizing a wordlist, Fierce$ can brute-force potential subdomains to discover any that may exist but are not publicly documented.
3. **Common Domain Checks**: Fierce$ checks for common subdomains such as `www`, `mail`, `ftp`, and others, which are often overlooked but can reveal critical insights.
### External Reference Links
For further reading and to gain a deeper understanding of Fierce$ and DNS enumeration techniques, consider the following resources:
– [Fierce GitHub Repository](https://github.com/mschwager/fierce)
– [Kali Linux Official Documentation](https://www.kali.org/docs/)
– [OWASP DNS Enumeration](https://owasp.org/www-community/OWASP_DNS_Enumeration)
– [Penetration Testing Frameworks and Tools](https://www.pentest-standard.org/index.php/Main_Page)
### Code Examples for WordPress
Below are some code examples for WordPress to effectively utilize Fierce$ in your penetration testing operations.
"`markdown
# Installation Instructions for Fierce$ on Kali Linux
"`bash
sudo apt update && sudo apt upgrade -y
sudo apt install dnsutils libnet-dns-perl -y
git clone https://github.com/mschwager/fierce.git
cd fierce
chmod +x fierce.pl
"`
# Basic Usage of Fierce$
To perform a basic scan on a target domain:
"`bash
perl fierce.pl -dns example.com
"`
# Advanced Usage with Subdomains
To enumerate subdomains effectively:
"`bash
perl fierce.pl -dns example.com -sub
"`
# Brute-Force with Custom Wordlist
Running brute-force subdomain enumeration:
"`bash
perl fierce.pl -dns example.com -w /path/to/wordlist.txt
"`
# DNS Search Example
To search for DNS records:
"`bash
perl fierce.pl -dns example.com -search
"`
"`
—
This concludes the introduction to Fierce$ in the context of penetration testing. As we move forward, we will explore more advanced features of Fierce$ and its integration with other penetration testing tools.
Made by pablo rotem / פבלו רותם