Knock is a python tool designed to enumerate subdomains on a target domain through a wordlist.
!!! Try Knock subdomain scan v.3.rc1 !!!
Usage
$ knock.py domain.com
$ knock.py domain.com --wordlist wordlist.txt
Options
-h, --help This help -v, --version Show version --wordlist Use personal wordlist
Options for single domain
-i, --info Short information -r, --resolve Resolve domain name -w, --wilcard Check if wildcard is enabled -z, --zone Check if Zonte Transfer is enabled
$ knock.py [-opt, --option] domain.com
Note
The ALIAS name is marked in yellow.
Prerequisites
Python 2.6.5 -> 2.7.x
Download
$ git clone https://github.com/guelfoweb/knock.git
or Download Zip and extract knock
folder.
Note
Is recommended to use Google DNS 8.8.8.8
| 8.8.4.4
$ python knock.py yahoo.com
Getting NS records for yahoo.com Ip Address Server Name ---------- ----------- 202.43.223.170 ns6.yahoo.com 68.142.255.16 ns2.yahoo.com 202.165.104.22 ns8.yahoo.com 203.84.221.53 ns3.yahoo.com 68.180.131.16 ns1.yahoo.com 119.160.247.124 ns5.yahoo.com 98.138.11.157 ns4.yahoo.com Getting subdomain for yahoo.com Ip Address Domain Name ---------- ----------- 68.180.194.127 9.yahoo.com 68.180.194.127 studios1.fy9.b.yahoo.com 216.145.48.74 adkit.yahoo.com 216.145.48.74 public.yahoo.com 98.138.253.136 admin.yahoo.com 98.138.253.136 admin.my.lga1.b.yahoo.com 217.163.21.39 ads.yahoo.com - - - Full output on pastebin - - - 77.238.160.51 za.yahoo.com 77.238.160.51 ir2.fp.vip.ch1.yahoo.com 46.228.47.115 fd-fp2.wg1.b.yahoo.com 46.228.47.115 ir1.fp.vip.ir2.yahoo.com 46.228.47.114 ds-fp2.wg1.b.yahoo.com 46.228.47.114 ir2.fp.vip.ir2.yahoo.com 77.238.160.51 ds-any-fp2.wa1.b.yahoo.com 46.228.47.115 ds-any-fp2.wa1.b.yahoo.com 46.228.47.114 ds-any-fp2.wa1.b.yahoo.com Ip Addr Summary --------------- 68.180.194.127 216.145.48.74 98.138.253.136 217.163.21.39 217.163.21.35 217.163.21.36 - Full output - 66.218.72.112 216.145.54.174 206.190.37.187 68.180.147.88 66.228.160.206 216.252.113.12 66.218.85.160 Found 415 subdomain(s) in 88 host(s).
Thanks to Bob Halley for dnspython
toolkit
Talk about...
- Ethical Hacking and Penetration Testing Guide Book by Rafay Baloch
This tool is currently maintained by Gianni 'guelfoweb' Amato, who can be contacted at [email protected] or twitter @guelfoweb. Suggestions and criticism are welcome.
Sponsored by Security Side.