Knockpy is a python tool designed to enumerate subdomains on a target domain through a wordlist.
knockpy [-h] [-v] [-w WORDLIST] [-r] [-z] domain
positional arguments:
domain specific target domain, like domain.com
optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit
-w WORDLIST specific path to wordlist file
-r, --resolve resolve ip or domain name
-z, --zone check for zone transfer
note: the ALIAS name is marked in yellow.
subdomain scan with internal wordlist
knockpy domain.com
subdomain scan with external wordlist
knockpy domain.com -w wordlist.txt
resolve domain name and get response headers
knockpy -r domain.com
check zone transfer for domain name
knockpy -z domain.com
from pypi (as root)
pip install https://github.com/guelfoweb/knock/archive/knock3.zip
or manually, download zip and extract folder
cd knock-knock3/
(as root)
python setup.py install
note: tested with python 2.7.6 | is recommended to use google dns (8.8.8.8 | 8.8.4.4)
Ethical Hacking and Penetration Testing Guide Book by Rafay Baloch
This tool is currently maintained by Gianni 'guelfoweb' Amato, who can be contacted at [email protected] or twitter @guelfoweb. Suggestions and criticism are welcome.
Sponsored by Security Side