Re: Fierce domain scan released

[RSnake <rsnake () shocking com>]

Thanks, Esteban, I actually updated it since yesterday.  I cleaned up
the code so now it connects directly to the target NS server in
question.  In some tests it achieved a 25-50% increase in finding hosts and
the majority of the gain is in RFC1918 (non routable) space if you can
believe that!  Try the new version out (0.5) and let me know what you
think!

http://ha.ckers.org/fierce/

On Mon, 1 Jan 2007, Esteban Ribi?~Mi?~G wrote:

> at first looked like the techniques he used where very common , but tested
> on a few domains and looks quite good...it does the job and speed up the
> search ... so downloaded and stored for future usage !  ... the code is
> bogus in some places ... but well...luckily we are not developers! :-)
>
>
> On 1/1/07, RSnake <rsnake () shocking com> wrote:
> > Hello fellow web app sec folks!  I just released a new beta domain
> > scanner to do initial discover (before the nmap/unicornscan/nessus
> > scans).  It primarily uses DNS to guess and traverse through IP
> > addresses using forward and reverse lookups.  Once it finds hostnames it
> > traverses to find more, and therefore can uncover large groups of
> > hostnames as well as non-contiguous blocks of IP space used by the
> > target and it's partners.  Fierce is written in perl (now you guys get
> > to see what a shoddy programmer I really am):
> >
> > http://ha.ckers.org/fierce/
> >
> > Details are on the site.  It's beta, so forgive bugs, but I'd appreciate
> > questions/comments as I get it into a better state.
> >
> > -RSnake
> > http://ha.ckers.org/
> > http://sla.ckers.org/
> >
> > -------------------------------------------------------------------------
> > Sponsored by: Watchfire
> >
> > Today's hackers exploit web applications to expose, embarrass and even
> > steal. Firewalls and SSL may be commonplace but recent studies indicate 3
> > out of 4 websites remain vulnerable to attack. Watchfire's "Addressing
> > Challenges in Application Security" whitepaper, explains what to do and
> > provides a guideline to improving your own application security.
> > Download this whitepaper today!
> >
> > https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008YTU
> > --------------------------------------------------------------------------


-R

-------------------------------------------------------------------------
Sponsored by: Watchfire

Today's hackers exploit web applications to expose, embarrass and even 
steal. Firewalls and SSL may be commonplace but recent studies indicate 3 
out of 4 websites remain vulnerable to attack. Watchfire's "Addressing 
Challenges in Application Security" whitepaper, explains what to do and 
provides a guideline to improving your own application security. 
Download this whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008YTU
--------------------------------------------------------------------------