fierce

DNS reconnaissance on domain

$ fierce --domain [example.com]

$ fierce --domain [example.com] --dns-servers [8.8.8.8]

$ fierce --domain [example.com] --subdomain-file [wordlist.txt]

$ fierce --domain [example.com] --wide

$ fierce --domain [example.com] > [output.txt]

fierce [options]

fierce is a DNS reconnaissance tool that locates non-contiguous IP space and hostnames for a target. It performs zone transfers, subdomain brute forcing, and adjacent IP discovery.
The tool attempts DNS zone transfers first, then falls back to dictionary-based subdomain enumeration. When hosts are found, it scans nearby IP addresses to discover additional systems.
fierce is used in penetration testing for initial target enumeration and attack surface mapping.

--domain DOMAIN

Target domain to scan.

Custom DNS servers.

Wordlist for subdomain bruteforce.

Scan entire class C of found hosts.

Scan adjacent IPs.

Delay between queries.

Display help information.

Only use against authorized targets. Zone transfers usually fail on properly configured servers. DNS queries may be logged.

fierce was created by RSnake (Robert Hansen) as a DNS reconnaissance tool for penetration testers. The Python 3 rewrite modernized the original Perl script for current security workflows.

dig(1), nmap(1), dnsenum(1)