Home Unlabelled Knock V.4.1.1 - Subdomain Scan

Knock V.4.1.1 - Subdomain Scan

By
Monday, September 23, 2019
Read
Add Comment

Knockpy is a python tool designed to enumerate subdomains on a target domain through a wordlist. It is designed to scan for DNS zone transfer together with to endeavor to bypass the wildcard DNS record automatically if it is enabled. Now knockpy supports queries to VirusTotal subdomains, you lot tin setting the API_KEY inside the config.json file.

Very simply
$ knockpy domain.com
Export amount study inwards JSON
If you lot desire to relieve amount log like this one precisely type:
$ knockpy domain.com --json

Install
Prerequisites
  • Python 2.7.6
Dependencies
  • Dnspython
$ sudo apt-get install python-dnspython
Installing
$ git clone https://github.com/guelfoweb/knock.git  $ cd knock  $ nano knockpy/config.json <- prepare your virustotal API_KEY  $ sudo python setup.py install
Note that it's recommended to purpose Google DNS: 8.8.8.8 together with 8.8.4.4


Knockpy arguments
$ knockpy -h usage: knockpy [-h] [-v] [-w WORDLIST] [-r] [-c] [-j] domain  ___________________________________________  knock subdomain scan knockpy v.4.1 Author: Gianni 'guelfoweb' Amato Github: https://github.com/guelfoweb/knock ___________________________________________  positional arguments:   domain         target to scan, similar domain.com  optional arguments:   -h, --help      demo this assist message together with operate out   -v, --version   demo program's version number together with operate out   -w WORDLIST     specific path to wordlist file   -r, --resolve   resolve ip or domain mention   -c, --csv       relieve output inwards csv   -f, --csvfields add together fields mention to the origin row of csv output file   -j, --json      export amount study inwards JSON  example:   knockpy domain.com   knockpy domain.com -w wordlist.txt   knockpy -r domain.com or IP   knockpy -c domain.com   knockpy -j domain.com
For virustotal subdomains back upward you lot tin setting your API_KEY inwards the config.json file.


Example
Subdomain scan alongside internal wordlist
$ knockpy domain.com
Subdomain scan alongside external wordlist
$ knockpy domain.com -w wordlist.txt
Resolve domain mention together with larn answer headers
$ knockpy -r domain.com [or IP]
+ checking for virustotal subdomains: YES [         "partnerissuetracker.corp.google.com",         "issuetracker.google.com",         "r5---sn-ogueln7k.c.pack.google.com",         "cse.google.com",          .......too long.......          "612.talkgadget.google.com",         "765.talkgadget.google.com",         "973.talkgadget.google.com" ] + checking for wildcard: NO + checking for zonetransfer: NO + resolving target: YES {         "zonetransfer": {             "enabled": false,             "list": []         },         "target": "google.com",         "hostname": "google.com",         "virustotal": [             "partnerissuetracker.corp.google.com",             "issuetracker.google.com",             "r5---sn-ogueln7k.c.pack.google.com",             "cse.google.com",             "mt0.google.com",             "earth.google.com",             "clients1.google.com",             "pki.google.com",             "www.sites.google.com",             "appengine.google.com",             "fcmatch.google.com",             "dl.google.com",             "translate.google.com",             "feedproxy.google.com",             "hangouts.google.com",             "news.google.com",              .......too long.......              "100.talkgadget.google.com",             "services.google.com",             "301.talkgadget.google.com",             "857.talkgadget.google.com",             "600.talkgadget.google.com",             "992.talkgadget.google.com",             "93.talkgadget.google.com",             "storage.cloud.google.com",             "863.talkgadget.google.com",             "maps.google.com",             "661.talkgadget.google.com",             "325.talkgadget.google.com",             "sites.google.com",             "feedburner.google.com",             "support.google.com",             "code.google.com",             "562.talkgadget.google.com",             "190.talkgadget.google.com",             "58.talkgadget.google.com",             "612.talkgadget.google.com",             "765.talkgadget.google.com",             "973.talkgadget.google.com"         ],         "alias": [],         "wildcard": {             "detected": {},             "test_target": "eqskochdzapjbt.google.com",             "enabled": false,             "http_response": {}         },         "ipaddress": [             "216.58.205.142"         ],         "response_time": "0.0351989269257",         "http_response": {             "status": {                 "reason": "Found",                 "code": 302             },             "http_headers": {                 "content-length": "256",                 "location": "http://www.google.it/?gfe_rd=cr&ei=60WIWdmnDILCXoKbgfgK",                 "cache-control": "private",                 "date": "Mon, 07 Aug 2017 10:50:19 GMT",                 "referrer-policy": "no-referrer",                 "content-type": "text/html; charset=UTF-8"             }         } }
Save scan output inwards CSV
$ knockpy -c domain.com
Export amount study inwards JSON
$ knockpy -j domain.com

Talk about
Ethical Hacking together with Penetration Testing Guide Book past times Rafay Baloch.
Knockpy comes pre-installed on the next safety distributions for penetration test:

Other
This tool is currently maintained past times Gianni 'guelfoweb' Amato, who tin move contacted at guelfoweb@gmail.com or twitter @guelfoweb. Suggestions together with criticism are welcome.


Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us