[Knock] Subdomain Scanner


Knock is a python script, written by Gianni 'guelfoweb' Amato, designed to enumerate subdomains on a target domain through a wordlist.

For more information I have posted a documentation page. If you want to see how it works, you can see this sample output:

  • Simple Scan
  • Zone Transfer Scan
  • Wildcard Bypass

  • New: Knock is now available on BackBox 2, Italian distribution for Penetration Test.
    In version 1.5 is enabled support to wildcard bypass.

    Video of Knock in action


    Common usage

    This tool can be useful in black box pentest to find vulnerable subdomains. Like testing.domain.com


    Current features

    Knock is targeted to:

  • Scan subdomains
  • DNS request for zone transfer
  • DNS resolver
  • Wildcard testing
  • Wildcard bypass

  • Required


  • Python version 2.x
  • DNSpython for Zone Transfer discovery

  • Note

    Knock works on Linux, Windows, MAC OS X and should theoretically work on some other platforms such as FreeBSD, OpenBSD, and proprietary Unixes with a python version 2.x

    Download

    Knock 1.5 for all operating system