Knock Subdomain Scan
Python
Latest commit 7f25478 Dec 18, 2016 @guelfoweb committed on GitHub Update README.rst
Permalink
Failed to load latest commit information.
knockpy ⬆️ Increase wordlist Nov 8, 2016
CHANGELOG.rst Use headers properly Jul 13, 2015
README.rst Update README.rst Dec 17, 2016
setup.py Update version number Apr 17, 2015

README.rst

Knock Subdomain Scan v.3.0

Knockpy is a python tool designed to enumerate subdomains on a target domain through a wordlist.

NEW: TRY KNOCKPY v.4.0beta

https://cloud.githubusercontent.com/assets/41558/6314173/d22644d6-b9d3-11e4-9e95-e3a72a946bcb.jpg

Usage

knockpy [-h] [-v] [-w WORDLIST] [-r] [-z] domain

positional arguments:

domain         specific target domain, like domain.com

optional arguments:

-h, --help     show this help message and exit
-v, --version  show program's version number and exit
-w WORDLIST    specific path to wordlist file
-r, --resolve  resolve ip or domain name
-z, --zone     check for zone transfer

note: the ALIAS name is marked in yellow.

Example

subdomain scan with internal wordlist

knockpy domain.com

subdomain scan with external wordlist

knockpy domain.com -w wordlist.txt

resolve domain name and get response headers

knockpy -r domain.com

check zone transfer for domain name

knockpy -z domain.com

Install

from pypi (as root)

pip install https://github.com/guelfoweb/knock/archive/knock3.zip

or manually, download zip and extract folder

cd knock-knock3/

(as root)

python setup.py install

note: tested with python 2.7.6 | is recommended to use google dns (8.8.8.8 | 8.8.4.4)

Talk about

Ethical Hacking and Penetration Testing Guide Book by Rafay Baloch

Other

This tool is currently maintained by Gianni 'guelfoweb' Amato, who can be contacted at guelfoweb@gmail.com or twitter @guelfoweb. Suggestions and criticism are welcome.

Sponsored by Security Side