Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Whether this is about ha.ckers.org, sla.ckers.org or some other project you are interested in or want to talk about, throw it in here to get feedback. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Fierce
Posted by: rsnake
Date: January 01, 2007 05:34PM

Well I guess fierce is now an official project. If you guys have perl and Net::DNS installed let me know what you think of it. I'd appreciate any feedback. I did get one email of someone who found it to be better than the competitive products out there (much faster and better at finding non-contiguous blocks).

Kuza55 also asked for changes to the -connect function, which I spent very little time working on, but point taken and I'll add that in a future version.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Fierce
Posted by: digi7al64
Date: January 01, 2007 09:22PM

Nice work RSnake.

Couple of things i would like to see regarding fierce (crappy not letting me post on your blog filters are back up again so I'll post it here)

> @common_cnames to be in a seperate file (so we can use dictionary etc attacks)
> PeerPort => 80, to become configurable (single and/or port range support would be great).

----------
'Just because you got the bacon, lettuce, and tomato don't mean I'm gonna give you my toast.'

Options: ReplyQuote
Re: Fierce
Posted by: jungsonn
Date: January 02, 2007 05:58AM

This tool and it's use got my interest ^^

So i've ported a few pieces to PHP, and added some wildcard options.
It doesn't do much from the stuff in Fierce.pl it only scans the A records -> which really are the CNAMES through that php function. Anyhow, ;) Did not have time to fully ported the perl code, but who knows maybe you can use this piece:

<?

# Partly ported piece from Fierce.pl by RSnake.
# Dirty Record lookup.

# script settings:
error_reporting(0);
ini_set("max_execution_time",0);

function QP($host,$wc) {

# Fierce cards, with few added by myself.
$records = array("mirror","database","phpmyadmin","scrape","scraper","torrent",
"webcam","cam","warez","uploads","usenet","config","httpt","ssl","ssh","hidden",
"web","docs","pub","home","jobs","careers","my","public","pub","ir","investor",
"investors","images","img","img01","img02","include","media","static","cdn",
"akamai","ssl","ssl1","ssl01","cache","video","videos","ftp","ajax","xml","mobile",
"wap","sms","isync","cgi","members","login","signin","signup","online","tcl",
"apache","iis","zeus","websphere","domino","search","download","downloads",
"news","support","forum","forums","about","help","helpdesk","en","us","uk","de",
"internal","intl","intranet","www-int","int","corp","mgmt","management","sales",
"marketing","billing","it","eng","eng1","eng01","engineering","ops","ops1","ops01",
"ops2","ops02","operations","dev","dev1","dev01","stage","staging","development",
"pr","test","lab","labs","qa","employees","go","start","tool","tools","problemtracker",
"tracker","bug","bugs","bugzilla","subversion","sv","cvs","rcs","dhcp","ups","irc",
"talk","chat","voip","homebase","call","ms","owa","owa01","outlook","webmail","mail",
"email","strongmail","antivirus","av","spam","smtp","pop","hr","humanresources",
"sharepoint","blog","blogs","wordpress","drupal","rss","cms","wiki","vantive",
"db","db1","db01","db2","db02","mysql","mysql1","mysql01","sql","sql1","sql01",
"mssql","mssql1","mssql01","ldap","oracle","peoplesoft","siebel","crm","erp",
"customer","customers","dns","nameserv","a.auth-ns","b.auth-ns","c.auth-ns","ix",
"mx","mtu","mta","ns","ns1","ns01","ns2","ns02","ns3","ns4","ns5","rtr","rtr1",
"rtr01","att","mci","sprint","router","core","proxy","r1","r01","r2","r02","core01",
"sw","sw1","s1","s2","sw01","cisco","juniper","f5","lb","squid","checkpoint",
"foundry","wireless","ap","wlan","lan","nokia","netgear","netscreen","arcsight",
"citrix","vnc","netscaler","toplayer","opsware","ops","netapp","app","app1",
"app01","nms","nas","san","esm","ism","tivoli","openview","ov","hpov","cricket",
"flow","mrtg","log","log1","log01","log2","log02","logs","syslog","syslogs",
"ias","webstats","analyzer","xlogan","logfile","logfiles","webalizer","alterwind",
"activestat","clicktrack","webtrends","faststats","urchin","z-log","zlog","wusage",
"keynote","stat","stats","remstats","monitoring","splunk","vpn","vpn1","vpn01",
"vpn2","vpn02","connect","outside","inside","snort","ids","cims","sim","fs",
"gw","concentrator","con","console","honeypot","ad","mom","id","sec","securid",
"fwsm","fwsm1","fwsm01","fw","fw1","dialup","dmz","sun","sun1","sun01","sun2",
"sun02","bsd","freebsd","freebsd1","freebsd01","freebsd2","freebsd02","linux",
"linux1","linux01","linux2","linux02","win","win1","win01","win2","win02",
"windows","windows1","windows01","windows2","windows02","quake","counterstrike",
"halflife","mp3");

echo "<b>Hosts found:</b><br />";

foreach($records as $rec){
        
       if(checkdnsrr($rec.$host.'.','A')) {
        # spit results.
        echo $rec.'.'.$host."<br />";
       }
      }
	  
	# Wildcard canonical names
    if($wc) {
         echo "<b>Wildcards found:</b><br />";
         for($a=0;$a<16;$a++){
         if(checkdnsrr('ww'.$a.'.'.$host.'.','A')) {
         # wwX results.
         echo "ww".$a.'.'.$host."<br />";
       }
	  }
	 for($b=0;$b<16;$b++){
         if(checkdnsrr('www'.$b.'.'.$host.'.','A')) {
         # wwwXresults.
         echo "www".$b.'.'.$host."<br />";
       }
	  }
	 for($c=0;$c<16;$c++){
         if(checkdnsrr('bsd'.$c.'.'.$host.'.','A')) {
         # bsdXresults.
         echo "bsd".$c.'.'.$host."<br />";
       }
	  }
	 for($d=0;$d<16;$d++){
         if(checkdnsrr('a'.$d.'.'.$host.'.','A')) {
         # aXresults.
         echo "a".$d.'.'.$host."<br />";
       }
	  }
	 for($e=0;$e<16;$e++){
         if(checkdnsrr('b'.$e.'.'.$host.'.','A')) {
         # bXresults.
         echo "b".$e.'.'.$host."<br />";
       }
	  }
	 for($f=0;$f<16;$f++){
         if(checkdnsrr('mysql'.$f.'.'.$host.'.','A')) {
         # mysqlXresults.
         echo "mysql".$f.'.'.$host."<br />";
       }
      }
         for($g=0;$g<16;$g++){
         if(checkdnsrr('proxy'.$g.'.'.$host.'.','A')) {
         # proxyXresults.
         echo "proxy".$g.'.'.$host."<br />";
       }
      }
     }
    }

# example
# host, wildcards true or leave empty
QP("google.com","true");

?>



Edited 2 time(s). Last edit at 01/02/2007 02:17PM by jungsonn.

Options: ReplyQuote
Re: Fierce
Posted by: rsnake
Date: January 02, 2007 10:42AM

digi7al64, I now provided wordlist support. It will use my built in library if you don't supply anything or if there's nothing in the file. Enjoy!

Jungsonn, cool! I've got a lot more stuff I plan to build into it over the next few weeks, time permitting.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Fierce
Posted by: rsnake
Date: January 02, 2007 01:36PM

Hmmm... I noticed a bug where it double counts if it finds a number of IPs with the same name as it's traversing. It overwrites the hash with the new IP and then when it checks to see if it's found that hash pair, (since it's changed it hasn't) so it overwrites it. I need to change how the hash is built. Hopefully I'll get that done in the next day or so. Even though it's a somewhat rare condition, why have it if you don't have to?

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Fierce
Posted by: rsnake
Date: January 02, 2007 02:26PM

Okay, fixed that annoying double counting problem. Latest version is 0.9.1.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Fierce
Posted by: rsnake
Date: January 02, 2007 05:12PM

0.9.2 fixed one bug when using -search (went from finding practically none in one fortune 500 to finding over 1000 hosts).

Options: ReplyQuote
Re: Fierce
Posted by: malorn
Date: January 12, 2007 12:29AM

Really really stupid question, but could never find a good tutorial on google

I know I can use ActivePerl as my perl interpreter on windows. But how would I go about installing NetDNS and running the fierce perl script? Help would be greatly appreciated as I tried installing NetDNS myself and got really confused as to what I was supposed to do.

thanks

Options: ReplyQuote
Re: Fierce
Posted by: rsnake
Date: January 12, 2007 01:42PM

I always use Cygwin for Windows instead of ActivePerl... it gives me a lot more flexibility. If you have Cygwin perl installed it's just a matter of doing this:

perl -MCPAN -e 'install Net::DNS'

And following the prompts.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Fierce
Posted by: rsnake
Date: January 12, 2007 01:46PM

Er, I should have probably put the Cygwin URL: http://www.cygwin.com/

And if you're looking for CPAN sites to download from try this: http://www.cpan.org/SITES.html

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Fierce
Posted by: malorn
Date: January 14, 2007 04:57PM

Seems like install didn't work correctly. Here is the log:

$ perl -MCPAN -e 'install Net::DNS'
CPAN: Storable loaded ok
Going to read /home/J/.cpan/Metadata
Database was generated on Thu, 11 Jan 2007 23:27:22 GMT
LWP not available
CPAN: Net::FTP loaded ok
Fetching with Net::FTP:
ftp://cpan.cse.msu.edu/authors/01mailrc.txt.gz
Going to read /home/J/.cpan/sources/authors/01mailrc.txt.gz
CPAN: Compress::Zlib loaded ok
LWP not available
Fetching with Net::FTP:
ftp://cpan.cse.msu.edu/modules/02packages.details.txt.gz
Going to read /home/J/.cpan/sources/modules/02packages.details.txt.gz
Database was generated on Sat, 13 Jan 2007 21:25:51 GMT
HTTP::Date not available

There's a new CPAN.pm version (v1.8802) available!
[Current version is v1.7601]
You might want to try
install Bundle::CPAN
reload cpan
without quitting the current session. It should be a seamless upgrade
while we are running...

LWP not available
Fetching with Net::FTP:
ftp://cpan.cse.msu.edu/modules/03modlist.data.gz
Going to read /home/J/.cpan/sources/modules/03modlist.data.gz
Going to write /home/J/.cpan/Metadata
Running install for module Net::DNS
Running make for O/OL/OLAF/Net-DNS-0.59.tar.gz
CPAN: Digest::MD5 loaded ok
Checksum for /home/J/.cpan/sources/authors/id/O/OL/OLAF/Net-DNS-0.59.tar.gz ok
Scanning cache /home/J/.cpan/build for sizes
Net-DNS-0.59
Net-DNS-0.59/lib
etc
etc
Removing previously used /home/J/.cpan/build/Net-DNS-0.59

CPAN.pm: Going to build O/OL/OLAF/Net-DNS-0.59.tar.gz



The libraries needed to support IPv6 transport have not been found.
You will need recent versions of the IO::Socket::INET6 and Socket6
libraries (from CPAN).

Testing if you have a C compiler and the needed header files....
You have a working compiler.

You appear to be directly connected to the Internet. I have some tests
that try to query live nameservers.

Do you want to enable these tests? [y] y
Checking if your kit is complete...
Looks good
Warning: prerequisite Digest::HMAC_MD5 1 not found.
Warning: prerequisite Net::IP 1.2 not found.
Writing Makefile for Net::DNS
---- Unsatisfied dependencies detected during [O/OL/OLAF/Net-DNS-0.59.tar.gz] --
---
Digest::HMAC_MD5
Net::IP
Shall I follow them and prepend them to the queue
of modules we are processing right now? [yes] yes
Running make test
Delayed until after prerequisites
Running make install
Delayed until after prerequisites
Running install for module Digest::HMAC_MD5
Running make for G/GA/GAAS/Digest-HMAC-1.01.tar.gz
Checksum for /home/J/.cpan/sources/authors/id/G/GA/GAAS/Digest-HMAC-1.01.tar.gz
ok
Digest-HMAC-1.01/
Digest-HMAC-1.01/rfc2104.txt
etc
etc
Removing previously used /home/J/.cpan/build/Digest-HMAC-1.01

CPAN.pm: Going to build G/GA/GAAS/Digest-HMAC-1.01.tar.gz

Checking if your kit is complete...
Looks good
Warning: prerequisite Digest::SHA1 1 not found.
Writing Makefile for Digest::HMAC
---- Unsatisfied dependencies detected during [G/GA/GAAS/Digest-HMAC-1.01.tar.gz
] -----
Digest::SHA1
Shall I follow them and prepend them to the queue
of modules we are processing right now? [yes] yes
Running make test
Delayed until after prerequisites
Running make install
Delayed until after prerequisites
Running install for module Digest::SHA1
Running make for G/GA/GAAS/Digest-SHA1-2.11.tar.gz
Checksum for /home/J/.cpan/sources/authors/id/G/GA/GAAS/Digest-SHA1-2.11.tar.gz
ok
Digest-SHA1-2.11/
Digest-SHA1-2.11/README
Digest-SHA1-2.11/t/
etc
etc
Removing previously used /home/J/.cpan/build/Digest-SHA1-2.11

CPAN.pm: Going to build G/GA/GAAS/Digest-SHA1-2.11.tar.gz

Checking if your kit is complete...
Looks good
Writing Makefile for Digest::SHA1
-- NOT OK
Running make test
Can't test without successful make
Running make install
make had returned bad status, install seems impossible
Running make for G/GA/GAAS/Digest-HMAC-1.01.tar.gz
Is already unwrapped into directory /home/J/.cpan/build/Digest-HMAC-1.01

CPAN.pm: Going to build G/GA/GAAS/Digest-HMAC-1.01.tar.gz

-- NOT OK
Running make test
Can't test without successful make
Running make install
make had returned bad status, install seems impossible
Running install for module Net::IP
Running make for M/MA/MANU/Net-IP-1.25.tar.gz
Checksum for /home/J/.cpan/sources/authors/id/M/MA/MANU/Net-IP-1.25.tar.gz ok
Net-IP-1.25/
Net-IP-1.25/iptab
etc
etc
Removing previously used /home/J/.cpan/build/Net-IP-1.25

CPAN.pm: Going to build M/MA/MANU/Net-IP-1.25.tar.gz

Checking if your kit is complete...
Looks good
Writing Makefile for Net::IP
-- NOT OK
Running make test
Can't test without successful make
Running make install
make had returned bad status, install seems impossible
Running make for O/OL/OLAF/Net-DNS-0.59.tar.gz
Is already unwrapped into directory /home/J/.cpan/build/Net-DNS-0.59

CPAN.pm: Going to build O/OL/OLAF/Net-DNS-0.59.tar.gz

-- NOT OK
Running make test
Can't test without successful make
Running make install
make had returned bad status, install seems impossible


Why would make not work? Thanks



Edited 1 time(s). Last edit at 01/14/2007 05:01PM by malorn.

Options: ReplyQuote
Re: Fierce
Posted by: id
Date: January 14, 2007 08:43PM

Try installing Digest::SHA1 again by hand.

-id

Options: ReplyQuote


Sorry, only registered users may post in this forum.