Skip to content

ppanphper/knock

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
modules
modules
 
 
README.md
README.md
 
 
changelog.txt
changelog.txt
 
 
knock.py
knock.py
 
 
wordlist.txt
wordlist.txt
 
 

Repository files navigation

knock Subdomain Scan

Knock is a python tool designed to enumerate subdomains on a target domain through a wordlist.

Usage

$ knock.py domain.com

$ knock.py domain.com --wordlist wordlist.txt

Options

	-h, --help      This help
	-v, --version   Show version
	    --wordlist  Use personal wordlist

Options for single domain

	-i, --info      Short information
	-r, --resolve   Resolve domain name
	-w, --wilcard   Check if wildcard is enabled
	-z, --zone      Check if Zonte Transfer is enabled

$ knock.py [-opt, --option] domain.com

Note

The ALIAS name is marked in yellow.

Install

Prerequisites

Python 2.6.5 -> 2.7.x

Download

$ git clone https://github.com/guelfoweb/knock.git

or Download Zip and extract knock folder.

Note

Is recommended to use Google DNS 8.8.8.8 | 8.8.4.4

Example

$ python knock.py yahoo.com

Getting NS records for yahoo.com
 
Ip Address      Server Name
----------      -----------
202.43.223.170  ns6.yahoo.com
68.142.255.16   ns2.yahoo.com
202.165.104.22  ns8.yahoo.com
203.84.221.53   ns3.yahoo.com
68.180.131.16   ns1.yahoo.com
119.160.247.124 ns5.yahoo.com
98.138.11.157   ns4.yahoo.com
 
Getting subdomain for yahoo.com
 
Ip Address      Domain Name
----------      -----------
68.180.194.127  9.yahoo.com
68.180.194.127  studios1.fy9.b.yahoo.com
216.145.48.74   adkit.yahoo.com
216.145.48.74   public.yahoo.com
98.138.253.136  admin.yahoo.com
98.138.253.136  admin.my.lga1.b.yahoo.com
217.163.21.39   ads.yahoo.com

- - - Full output on pastebin - - -

77.238.160.51   za.yahoo.com
77.238.160.51   ir2.fp.vip.ch1.yahoo.com
46.228.47.115   fd-fp2.wg1.b.yahoo.com
46.228.47.115   ir1.fp.vip.ir2.yahoo.com
46.228.47.114   ds-fp2.wg1.b.yahoo.com
46.228.47.114   ir2.fp.vip.ir2.yahoo.com
77.238.160.51   ds-any-fp2.wa1.b.yahoo.com
46.228.47.115   ds-any-fp2.wa1.b.yahoo.com
46.228.47.114   ds-any-fp2.wa1.b.yahoo.com
 
Ip Addr Summary
---------------
68.180.194.127
216.145.48.74
98.138.253.136
217.163.21.39
217.163.21.35
217.163.21.36

- Full output -

66.218.72.112
216.145.54.174
206.190.37.187
68.180.147.88
66.228.160.206
216.252.113.12
66.218.85.160
 
Found 415 subdomain(s) in 88 host(s).

Credit

Thanks to Bob Halley for dnspython toolkit

Other

This tool is currently maintained by Gianni 'guelfoweb' Amato, who can be contacted at [email protected] or twitter @guelfoweb. Suggestions and criticism are welcome.

Sponsored by Security Side.

About

Knock Subdomain Scan

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published