fierce

fierce [-h] [-d DOMAIN] [-D DOMAIN_FILE] [-w WORDLIST] [-f RESOLVER_FILE] [-r RANGE] [-dns SERVERS] [-s IP] [-t THREADS] [-v] [-V] [-debug]

-h, --help
    Display help and exit.

-d, --domain DOMAIN
    Target domain for subdomain scan.

-D, --domain-file DOMAIN_FILE
    File containing list of domains to scan.

-w, --wordlist WORDLIST
    Custom wordlist file for brute-forcing subdomains.

-f, --file RESOLVER_FILE
    File with DNS resolver IP addresses.

-r, --range RANGE
    IP range (CIDR) to scan for reverse lookups.

-dns SERVERS
    Comma-separated list of DNS servers to query.

-s IP
    Single IP address for reverse lookup.

-t THREADS
    Number of threads (default: 15).

-v
    Enable verbose output.

-V
    Display version information.

-debug
    Enable debug mode for troubleshooting.

Fierce is a Perl-based reconnaissance tool designed for rapid subdomain enumeration against a target domain. It performs brute-force attacks using a customizable wordlist to guess subdomains, queries specified DNS servers, and identifies valid hosts by checking for NXDOMAIN responses or successful resolutions. Unlike slower tools, Fierce leverages existing DNS infrastructure for speed, making it efficient for large-scale scans.

It supports features like IP range scanning, virtual host detection via HTTP requests, and threading for parallelism. Ideal for penetration testing and security assessments, it helps uncover hidden subdomains that could reveal attack surfaces. Fierce skips obvious wildcards and focuses on real hits, outputting results in a clean format for further analysis.

Developed with efficiency in mind, it requires minimal dependencies (primarily Perl's Net::DNS) and runs on Linux distributions like Kali. Users must provide a domain and optionally a wordlist; default lists target common subdomains. Always use with permission, as unauthorized DNS queries may violate terms of service or laws.

Use only on domains you own or have explicit permission to scan; aggressive use may trigger rate-limiting or IDS alerts. Not for production DNS servers. Requires Perl and Net::DNS module.

fierce -dns 8.8.8.8 -wordlist dict.txt -t 50 example.com
Scans example.com using Google DNS, custom dict, 50 threads.

Results show subdomain, IP, and confidence level (e.g., 'www.example.com - 93.184.216.34 (HIGH)').

Created by RSnake (Ryan Smith) in 2006 as a fast alternative to slow DNS tools. Initially hosted on HackersForCharity.org, now maintained on GitHub. Widely used in Kali Linux toolsuite since early versions; updates focus on compatibility and performance.

dnsenum(1), dnsrecon(1), dig(1), nslookup(1), host(1)