A quick Fierce command question

In the slides (3.2.3 Finding Virtual Hosts) they quickly touch on Fierce. The command they use is “fierce -dns elearnsecurity.com”. This command works on my older Kali VM but not on my newer Kali VM. I’m assuming it’s because Fierce was updated. Does anyone know what the new version of “fierce -dns” is? I checked the man pages and didn’t come across anything. No luck on Google either.


You could try: fierce --domain elearnsecurity.com (more info at: GitHub - mschwager/fierce: A DNS reconnaissance tool for locating non-contiguous IP space.)
The output is different to the original version, but it still list nameservers and the results of attempting zone transfer, etc.

1 Like

Yeah, that’s what I tried originally. In the end I got the same output but I was hoping to get the output in the slides. The part where we saw more than one host on a single IP but eLS must have changed up their settings since the slides were posted.

Looks like --subdomain-file will let you supply a wordlist, but as you say, there doesn’t seem to be the same vhost setup as shown in the slides, looks like its all hosted on AWS now on separate IPs.