Jump to content
Fi8sVrs

Knock v1.5 Subdomain Scanner

By Fi8sVrs, in Programe hacking

Recommended Posts

  • Active Members
Fi8sVrs Rookie

Fi8sVrs

Posted
  • Active Members
Posted

Knock Subdomain Scan

Knock is a python script, written by Gianni 'guelfoweb' Amato, designed to enumerate subdomains on a target domain through a wordlist.

Knock is now available on the repository BackBox, Italian distribution for Penetration Test.

In version 1.5 is enabled support to wildcard bypass.

Common usage

This tool can be useful in black box pentest to find vulnerable subdomains. Like testing.domain.com

Current features

Knock is targeted to:

  • Scan subdomains
  • DNS request for zone transfer
  • DNS resolver
  • Wildcard testing
  • Wildcard bypass

Required

Note

Knock works on Linux, Windows, MAC OS X and should theoretically work on some other platforms such as FreeBSD, OpenBSD, and proprietary Unixes with a python version 2.x

Download

Knock 1.5 for all operating system

Usage

$ python knock.py <option> <url>

Rapid Scan

Scanning with internal wordlist:

$ python knock.py <url>

Scanning with external wordlist:

$ python knock.py <url> <wordlist>

Options

-zt Zone Transfer discovery:

$ python knock.py -zt <url>

-dns Dns resolver:

$ python knock.py -dns <url>

-wc Wildcard testing:

$ python knock.py -wc <url>

-bw Wildcard bypass:

$ python knock.py -bw <stringexclude> <url>

Executable on Linux

Download knock tar.gz archive and extract file knock.py

From shell command:

$ sudo cp knock.py /usr/local/bin/knock

$ sudo chmod a+x /usr/local/bin/knock

Now you can use knock as shown in the examples.

Executable on Windows

Download knock zip archive, extract folder and use file knock.exe

Required: Python 2.x and Dnspython

Examples

Scanning with internal wordlist

$ ./knock domain.com

Scanning with external wordlist

$ ./knock domain.com wordlist.txt

Zone Transfer discovery (-zt)

$ ./knock -zt domain.com

Dns resolver (-dns)

$ ./knock -dns domain.com

Wildcard testing (-wc)

$ ./knock -wc domain.com

Wildcard bypass with internal wordlist (-wc)

$ ./knock -bw stringexclude domain.com

Wildcard bypass with external wordlist (-wc)

$ ./knock -bw stringexclude domain.com wordlist.txt

Sample stdout to file

This will cause the ouput of a knock to be written to a text file

$ ./knock domain.com > output.txt

You do not understand how to use knock? Back to play with the Xbox!

Author

Gianni 'guelfoweb' Amato

Contact

guelfoweb@gmail.com

Twitter @ guelfoweb

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...