Article From:


The Use of DNS Dictionary Explosion Tool fierce and dnsdict6 for Subdomain Collection


I. fierce


This tool is a comprehensive tool for domain name scanning. It can quickly access DNS servers with specified domain names and check for Zone Transfer vulnerabilities. If this vulnerability does not exist, violent cracking will be automatically performed to obtain subdomain information. On the acquired IP addressIt also traverses the surrounding IP addresses for more information. Kali 2.0 is installed by default, and finally, IP addresses are segmented to facilitate later scanning of other tools, such as NMAP.


1.Use format

fierce -dnsserver Caching DNS server-dns target domain name-wordlist dictionary file


fierce -dnsserver -dns -wordlist /usr/share/fierce/hosts.txt



2.Here’s how to use it


(1)First, the dictionary explodes, then the dictionary is needed.

/usr/share/fierce/hosts.txtIt is its own dictionary file, you can find all the file locations when it is installed in Kali by dpkg-L command



dpkg -L fierce



(2)More examples


Use local DNS server to query

fierce -dns -wordlist /usr/share/fierce/hosts.txt


 Use Google DNS server query

fierce -dnsserver -dns -wordlist /usr/share/fierce/hosts.txt


(3)Actual use


Be careful:

If you specify a nonexistent dictionary file above, the command can also run.
Because the AXFR zone transfer request is made first, then the file does not exist and exits.

Suppose a.txt is a nonexistent dictionary file



fierce -dnsserver -dns -wordlist a.txt


DNS Servers for
Trying zone transfer first...

Unsuccessful in zone transfer (it was worth a shot)
Okay, trying the good old fashioned way... brute force
Can't open a.txt or the default wordlistExiting...


When you enter the location of the dictionary file correctly


fierce -dnsserver -dns -wordlist /usr/share/fierce/hosts.txt


DNS Servers for
Trying zone transfer first...

Unsuccessful in zone transfer (it was worth a shot)
Okay, trying the good old fashioned way... brute force

Checking for wildcard DNS...
Nope. Good.
Now performing 2280 test(s)...

Note: Ctrl + C stops blasting



 Two, dnsdict6



dnsdict6It’s a tool for getting information about websites. Dnsdict6 can scan websites and display how many domains or subdomains it has, and it can also scan ipv6/ipv4 addresses. Dnsdict6 is a powerful tool, very fast and accurate, it can extract those for use.Household restricted or invisible subdomains. All of this proves that it is a good tool for getting information from websites.

Note: This tool is no longer integrated in Kali 2.0 and needs to be downloaded separately. Certificate errors are prompted by using wget, so download them with a physical machine and then load them into a virtual machine.

Download address:



(1)Download and drag into virtual machine

(2)Environmental installation

apt-get install libpcap-dev libssl-dev libnetfilter-queue-dev


tar xzf thc-ipv6-2.7.tar.gz

(4)Access to root directory

cd thc-ipv6-2.7


make && make install




(1)Use format

dnsdict6 [-d4] [-s|-m|-l|-x|-u] [-t Number of concurrent threads [-D] domain name [dictionary file]


(2)Parameter introduction

-d Display IPv6 results-4 shows IPv4 results.- t Number of concurrent threads, default 8, maximum 32-[smlxu] uses built-in dictionaries, increasing size from left to right-D uses local dictionary files

Note: dnsdict6 only needs to specify the own dictionary – [smlxu], you can also specify the local dictionary file with – D


(3)Actual use


dnsdict6 -4 -t 32 -u


Starting DNS enumeration work on ...
Starting enumerating - creating 32 threads for 16726 words...
Estimated time to completion: 2 to 6 minutes => => => => => =>



Leave a Reply

Your email address will not be published. Required fields are marked *