Fierce is an open source active information gathering tool to identify subdomains of a target website. This tool was written by Robert Hansen. It’s a PERL script that quickly scans domains (usually in just a few minutes, assuming no network lag) using several tactics. The tool comes pre-installed by default in Kali Linux from Offensive-Security. The Perl tool uses techniques such as zone transfer and wordlist brute-forcing to find subdomains of the target domain.
How to open it?
Application → Kali Linux → Information gathering → DNS Analysis → Fierce
Open the terminal and write the fierce –h command to open the tool with the help option.
Let’s run it against “iitk.ac.in” for example and see how it performs. It is shown in the following screenshot:
The tool gave us a list of subdomains. One thing to note is that Fierce listed the name servers of “iitk.ac.in”, and then tried to do a zone transfer on each. Luckily one of the name servers was misconfigured and the tool then grabbed a list of DNS entries including the subdomains from the misconfigured server.
Fierce, as usual, tried to discover the name servers linked with the target domain. If name servers didn’t allow zone transfer to take place. The tool then used the brute force method to find the subdomains. By default, the tool uses its own wordlist for subdomain brute force. We can use the wordlist switch and supply our own wordlist to guess the subdomains using Fierce.