WebApp Sec mailing list archives
Re: Fierce domain scan released
From: RSnake <rsnake () shocking com>
Date: Mon, 1 Jan 2007 15:28:46 -0800 (PST)
Thanks, Esteban, I actually updated it since yesterday. I cleaned up the code so now it connects directly to the target NS server in question. In some tests it achieved a 25-50% increase in finding hosts and the majority of the gain is in RFC1918 (non routable) space if you can believe that! Try the new version out (0.5) and let me know what you think! http://ha.ckers.org/fierce/ On Mon, 1 Jan 2007, Esteban Ribi?~Mi?~G wrote:
at first looked like the techniques he used where very common , but tested on a few domains and looks quite good...it does the job and speed up the search ... so downloaded and stored for future usage ! ... the code is bogus in some places ... but well...luckily we are not developers! :-) On 1/1/07, RSnake <rsnake () shocking com> wrote:Hello fellow web app sec folks! I just released a new beta domain scanner to do initial discover (before the nmap/unicornscan/nessus scans). It primarily uses DNS to guess and traverse through IP addresses using forward and reverse lookups. Once it finds hostnames it traverses to find more, and therefore can uncover large groups of hostnames as well as non-contiguous blocks of IP space used by the target and it's partners. Fierce is written in perl (now you guys get to see what a shoddy programmer I really am): http://ha.ckers.org/fierce/ Details are on the site. It's beta, so forgive bugs, but I'd appreciate questions/comments as I get it into a better state. -RSnake http://ha.ckers.org/ http://sla.ckers.org/ ------------------------------------------------------------------------- Sponsored by: Watchfire Today's hackers exploit web applications to expose, embarrass and even steal. Firewalls and SSL may be commonplace but recent studies indicate 3 out of 4 websites remain vulnerable to attack. Watchfire's "Addressing Challenges in Application Security" whitepaper, explains what to do and provides a guideline to improving your own application security. Download this whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008YTU --------------------------------------------------------------------------
-R
------------------------------------------------------------------------- Sponsored by: Watchfire Today's hackers exploit web applications to expose, embarrass and even steal. Firewalls and SSL may be commonplace but recent studies indicate 3 out of 4 websites remain vulnerable to attack. Watchfire's "Addressing Challenges in Application Security" whitepaper, explains what to do and provides a guideline to improving your own application security. Download this whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008YTU --------------------------------------------------------------------------
Current thread:
- Re: Fierce domain scan released RSnake (Jan 02)