Skip to content

Latest commit

 

History

History
127 lines (92 loc) · 2.96 KB

README.md

File metadata and controls

127 lines (92 loc) · 2.96 KB

knock Subdomain Scan

Knock is a python tool designed to enumerate subdomains on a target domain through a wordlist.

Usage

$ knock.py domain.com

$ knock.py domain.com --wordlist wordlist.txt

Options

	-h, --help      This help
	-v, --version   Show version
	    --wordlist  Use personal wordlist

Options for single domain

	-i, --info      Short information
	-r, --resolve   Resolve domain name
	-w, --wilcard   Check if wildcard is enabled
	-z, --zone      Check if Zonte Transfer is enabled

$ knock.py [-opt, --option] domain.com

Note

The ALIAS name is marked in yellow.

Install

Prerequisites

Python 2.6.5 -> 2.7.x

Download

$ git clone https://github.com/guelfoweb/knock.git

or Download Zip and extract knock folder.

Note

Is recommended to use Google DNS 8.8.8.8 | 8.8.4.4

Example

$ python knock.py yahoo.com

Getting NS records for yahoo.com
 
Ip Address      Server Name
----------      -----------
202.43.223.170  ns6.yahoo.com
68.142.255.16   ns2.yahoo.com
202.165.104.22  ns8.yahoo.com
203.84.221.53   ns3.yahoo.com
68.180.131.16   ns1.yahoo.com
119.160.247.124 ns5.yahoo.com
98.138.11.157   ns4.yahoo.com
 
Getting subdomain for yahoo.com
 
Ip Address      Domain Name
----------      -----------
68.180.194.127  9.yahoo.com
68.180.194.127  studios1.fy9.b.yahoo.com
216.145.48.74   adkit.yahoo.com
216.145.48.74   public.yahoo.com
98.138.253.136  admin.yahoo.com
98.138.253.136  admin.my.lga1.b.yahoo.com
217.163.21.39   ads.yahoo.com

- - - Full output on pastebin - - -

77.238.160.51   za.yahoo.com
77.238.160.51   ir2.fp.vip.ch1.yahoo.com
46.228.47.115   fd-fp2.wg1.b.yahoo.com
46.228.47.115   ir1.fp.vip.ir2.yahoo.com
46.228.47.114   ds-fp2.wg1.b.yahoo.com
46.228.47.114   ir2.fp.vip.ir2.yahoo.com
77.238.160.51   ds-any-fp2.wa1.b.yahoo.com
46.228.47.115   ds-any-fp2.wa1.b.yahoo.com
46.228.47.114   ds-any-fp2.wa1.b.yahoo.com
 
Ip Addr Summary
---------------
68.180.194.127
216.145.48.74
98.138.253.136
217.163.21.39
217.163.21.35
217.163.21.36

- Full output -

66.218.72.112
216.145.54.174
206.190.37.187
68.180.147.88
66.228.160.206
216.252.113.12
66.218.85.160
 
Found 415 subdomain(s) in 88 host(s).

Credit

Thanks to Bob Halley for dnspython toolkit

Other

This tool is currently maintained by Gianni 'guelfoweb' Amato, who can be contacted at guelfoweb@gmail.com or twitter @guelfoweb. Suggestions and criticism are welcome.

Sponsored by Security Side.