Knock Subdomain Scan v.4.0.0
Knockpy is a python tool designed to enumerate subdomains on a target domain through a wordlist. It is designed to scan for DNS zone transfer and to try to bypass the wildcard DNS record automatically if it is enabled.
Very simply
$ knockpy domain.com
Export full report in JSON
If you want to save full log like this one just type:
$ knockpy domain.com --json
Install
Prerequisites
- Python 2.7.6
Dependencies
- Dnspython
$ sudo apt-get install python-dnspython
Installing with pypi
$ sudo pip install https://github.com/guelfoweb/knock/archive/knock4.zip
Installing manually
Download zip and extract folder:
$ cd knock-knock4/ $ sudo python setup.py install
Installing from Debian repository (Stretch)
$ sudo apt-get update $ sudo apt-ge install knockpy
Note that it's recommended to use Google DNS: 8.8.8.8 and 8.8.4.4
Knockpy arguments
$ knockpy -h usage: knockpy [-h] [-v] [-w WORDLIST] [-r] [-c] [-j] domain ___________________________________________ knock subdomain scan knockpy v.4.0beta Author: Gianni 'guelfoweb' Amato Github: https://github.com/guelfoweb/knock ___________________________________________ positional arguments: domain target to scan, like domain.com optional arguments: -h, --help show this help message and exit -v, --version show program's version number and exit -w WORDLIST specific path to wordlist file -r, --resolve resolve ip or domain name -c, --csv save output in csv -j, --json export full report in JSON example: knockpy domain.com knockpy domain.com -w wordlist.txt knockpy -r domain.com or IP knockpy -c domain.com knockpy -j domain.com
Example
Subdomain scan with internal wordlist
$ knockpy domain.com
Subdomain scan with external wordlist
$ knockpy domain.com -w wordlist.txt
Resolve domain name and get response headers
$ knockpy -r domain.com [or IP]
+ checking for wildcard: NO + checking for zonetransfer: NO + resolving target: YES { "zonetransfer": { "enabled": false, "list": [] }, "target": "google.com", "hostname": "google.com", "alias": [], "wildcard": { "detected": {}, "test_target": "kfwpsxvdnt.google.com", "enabled": false, "http_response": {} }, "ipaddress": [ "216.58.205.142" ], "response_time": "0.0917398929596", "http_response": { "status": { "reason": "Found", "code": 302 }, "http_headers": { "date": "Thu, 22 Dec 2016 09:28:48 GMT", "content-length": "256", "content-type": "text/html; charset=UTF-8", "location": "http://www.google.it/?gfe_rd=cr&ei=0JxbWIGmLofCXruVhcgI", "cache-control": "private" } } }
Save scan output in CSV
$ knockpy -c domain.com
Export full report in JSON
$ knockpy -j domain.com
Talk about
Ethical Hacking and Penetration Testing Guide Book by Rafay Baloch.
Knockpy comes pre-installed on the following security distributions for penetration test:
Other
This tool is currently maintained by Gianni 'guelfoweb' Amato, who can be contacted at guelfoweb@gmail.com or twitter @guelfoweb. Suggestions and criticism are welcome.
Sponsored by Security Side