Knockpy is a python tool designed to enumerate subdomains on a target domain through a wordlist. It is designed to scan for DNS zone transfer and to try to bypass the wildcard DNS record automatically if it is enabled.
Very simply
$ knockpy domain.com
Export full report in JSON
If you want to save full log like this one just type:
$ knockpy domain.com --json
Prerequisites
- Python 2.7.6
Dependencies
- Dnspython
$ sudo apt-get install python-dnspython
Installing with pypi
$ sudo pip install https://github.com/guelfoweb/knock/archive/knock4.zip
Installing manually
Download zip and extract folder:
$ cd knock-knock4/ $ sudo python setup.py install
Installing from Debian repository (Stretch)
$ sudo apt-get update $ sudo apt-get install knockpy
Note that it's recommended to use Google DNS: 8.8.8.8 and 8.8.4.4
$ knockpy -h usage: knockpy [-h] [-v] [-w WORDLIST] [-r] [-c] [-j] domain ___________________________________________ knock subdomain scan knockpy v.4.0beta Author: Gianni 'guelfoweb' Amato Github: https://github.com/guelfoweb/knock ___________________________________________ positional arguments: domain target to scan, like domain.com optional arguments: -h, --help show this help message and exit -v, --version show program's version number and exit -w WORDLIST specific path to wordlist file -r, --resolve resolve ip or domain name -c, --csv save output in csv -j, --json export full report in JSON example: knockpy domain.com knockpy domain.com -w wordlist.txt knockpy -r domain.com or IP knockpy -c domain.com knockpy -j domain.com
Subdomain scan with internal wordlist
$ knockpy domain.com
Subdomain scan with external wordlist
$ knockpy domain.com -w wordlist.txt
Resolve domain name and get response headers
$ knockpy -r domain.com [or IP]
+ checking for wildcard: NO
+ checking for zonetransfer: NO
+ resolving target: YES
{
"zonetransfer": {
"enabled": false,
"list": []
},
"target": "google.com",
"hostname": "google.com",
"alias": [],
"wildcard": {
"detected": {},
"test_target": "kfwpsxvdnt.google.com",
"enabled": false,
"http_response": {}
},
"ipaddress": [
"216.58.205.142"
],
"response_time": "0.0917398929596",
"http_response": {
"status": {
"reason": "Found",
"code": 302
},
"http_headers": {
"date": "Thu, 22 Dec 2016 09:28:48 GMT",
"content-length": "256",
"content-type": "text/html; charset=UTF-8",
"location": "http://www.google.it/?gfe_rd=cr&ei=0JxbWIGmLofCXruVhcgI",
"cache-control": "private"
}
}
}
Save scan output in CSV
$ knockpy -c domain.com
Export full report in JSON
$ knockpy -j domain.com
Ethical Hacking and Penetration Testing Guide Book by Rafay Baloch.
Knockpy comes pre-installed on the following security distributions for penetration test:
This tool is currently maintained by Gianni 'guelfoweb' Amato, who can be contacted at guelfoweb@gmail.com or twitter @guelfoweb. Suggestions and criticism are welcome.
Sponsored by Security Side