A DNS Reconnaissance Tool for Locating Non-Contiguous IP Space - Fierce

First, credit where credit is due, fierce was originally written by RSnake along with others at http://ha.ckers.org/ . This is simply a conversion to Python 3 to simplify and modernize the codebase.

The original description was very apt, so I'll include it here:

Fierce is a semi-lightweight scanner that helps locate non-contiguous IP space and hostnames against specified domains. It's really meant as a pre-cursor to nmap, unicornscan, nessus, nikto, etc, since all of those require that you already know what IP space you are looking for. This does not perform exploitation and does not scan the whole internet indiscriminately. It is meant specifically to locate likely targets both inside and outside a corporate network. Because it uses DNS primarily you will often find mis-configured networks that leak internal address space. That's especially useful in targeted malware.

Installing

$ pip3 install fierce
$ fierce -h

OR

$ git clone https://github.com/mschwager/fierce.git
$ cd fierce
$ pip3 install -r requirements.txt
$ python3 fierce.py -h

Using
Let's start with something basic:

$ fierce --domain google.com --subdomains accounts admin ads

Traverse IPs near discovered domains to search for contiguous blocks with the --traverse flag:

$ fierce --domain facebook.com --subdomains admin --traverse 10

Limit nearby IP traversal to certain domains with the --search flag:

$ fierce --domain facebook.com --subdomains admin --search fb.com fb.net

Attempt an HTTP connection on domains discovered with the --connect flag:

$ fierce --domain stackoverflow.com --subdomains mail --connect

Exchange speed for breadth with the --wide flag, which looks for nearby domains on all IPs of the /24 of a discovered domain:

$ fierce --domain facebook.com --wide

Zone transfers are rare these days, but they give us the keys to the DNS castle. zonetransfer.me is a very useful service for testing for and learning about zone transfers:

$ fierce --domain zonetransfer.me

To save the results to a file for later use we can simply redirect output:

$ fierce --domain zonetransfer.me > output.txt

Internal networks will often have large blocks of contiguous IP space assigned. We can scan those as well:

$ fierce --dns-servers 10.0.0.1 --range 10.0.0.0/24

Check out --help for further information:

$ fierce --help

Download Fierce

Read More

Practice Penetration Testing - Labs

I found this page, it has a pretty good mind-map listing all available labs to practice your skill in doing penetration testing.  

Vulnerable Web Applications [36 unique web applications]

OWASP BWA http://code.google.com/p/owaspbwa/
OWASP Hackademic  http://hackademic1.teilar.gr/
Butterfly Security Project  http://thebutterflytmp.sourceforge.net/
Foundstone Hackme Bank  http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx
Foundstone Hackme Books  http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
Foundstone Hackme Casino  http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
Foundstone Hackme Shipping  http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
Foundstone Hackme Travel  http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx
LAMPSecurity  http://sourceforge.net/projects/lampsecurity/
Moth  http://www.bonsai-sec.com/en/research/moth.php
WackoPicko  https://github.com/adamdoupe/WackoPicko
BadStore  http://www.badstore.net/
WebSecurity Dojo  http://www.mavensecurity.com/web_security_dojo/
BodgeIt Store  http://code.google.com/p/bodgeit/
hackxor  http://hackxor.sourceforge.net/cgi-bin/index.pl
SecuriBench  http://suif.stanford.edu/~livshits/securibench/
SQLol  https://github.com/SpiderLabs/SQLol

Vulnerable Operating System Installations [16+ unique OS setups]

Damn Vulnerable Linux  http://sourceforge.net/projects/virtualhacking/files/os/dvl/
Metasploitable v1  http://www.metasploit.com/learn-more/how-do-i-use-it/test-lab.jsp
Metasploitable v2  https://community.rapid7.com/docs/DOC-1875
LAMPSecurity  http://sourceforge.net/projects/lampsecurity/
UltimateLAMP  http://ronaldbradford.com/tmp/UltimateLAMP-0.2.zip
De-ICE, hackerdemia, pWnOS  http://forums.heorot.net/
Holynix  http://pynstrom.net/holynix.php
Kioptrix  http://www.kioptrix.com/
CentOS  http://www.centos.org/

Sites for Downloading Older Versions of Various Software [3 sources]

Old Apps  http://www.oldapps.com/
Old Version  http://www.oldversion.com/
Exploit-DB  http://www.exploit-db.com/

Sites by Vendors of Security Testing Software [8 unique sites]

Acunetix acuforum  http://testasp.vulnweb.com/
Acunetix acublog  http://testaspnet.vulnweb.com/
Acunetix acuart  http://testphp.vulnweb.com/
Cenzic crackmebank  http://crackme.cenzic.com
HP freebank  http://zero.webappsecurity.com
IBM altoromutual  http://demo.testfire.net/
Mavituna testsparker  http://aspnet.testsparker.com
Mavituna testsparker  http://php.testsparker.com

Sites for Improving Your Hacking Skills [16 unique sites]

Google Gruyere  http://google-gruyere.appspot.com/
Hack This Site  http://www.hackthissite.org/
Hacker Challenge  http://www.dareyourmind.net/
HackQuest  http://www.hackquest.com/
Hax.Tor  http://hax.tor.hu/
Hacker Test  http://www.hackertest.net/
OverTheWire  http://www.overthewire.org/wargames/
Root Me  http://www.root-me.org/?lang=en
Smash The Stack  http://www.smashthestack.org/
TheBlackSheep and Erik  http://www.bright-shadows.net/
ThisIsLegal             http://thisislegal.com/
Try2Hack                http://www.try2hack.nl/
EnigmaGroup             http://www.enigmagroup.org/
hACME Game              http://www.hacmegame.org/
Exploit Exercises       http://exploit-exercises.com/
Hacking-Lab             https://www.hacking-lab.com

The link is http://www.amanhardikar.com/mindmaps/PracticewithURLs.html

OffensiveSec Blog

Read More