Knock Subdomain Scan v.3.0

Knockpy is a python tool designed to enumerate subdomains on a target domain through a wordlist.

Usage

knockpy [-h] [-v] [-w WORDLIST] [-r] [-z] domain

positional arguments:

domain         specific target domain, like domain.com

optional arguments:

-h, --help     show this help message and exit
-v, --version  show program's version number and exit
-w WORDLIST    specific path to wordlist file
-r, --resolve  resolve ip or domain name
-z, --zone     check for zone transfer

note: the ALIAS name is marked in yellow.

Example

subdomain scan with internal wordlist

knockpy domain.com

subdomain scan with external wordlist

knockpy domain.com -w wordlist.txt

resolve domain name and get response headers

knockpy -r domain.com

check zone transfer for domain name

knockpy -z domain.com

Install

from pypi (as root)

pip install https://github.com/guelfoweb/knock/archive/knock3.zip

or manually, download zip and extract folder

cd knock-knock3/

(as root)

python setup.py install

note: tested with python 2.7.6 | is recommended to use google dns (8.8.8.8 | 8.8.4.4)

Talk about

Ethical Hacking and Penetration Testing Guide Book by Rafay Baloch

Other

This tool is currently maintained by Gianni 'guelfoweb' Amato, who can be contacted at guelfoweb@gmail.com or twitter @guelfoweb. Suggestions and criticism are welcome.

Sponsored by Security Side