✔️ Fast ✔️ Easy ✔️ Modular
Knockpy is a portable and modularpython3 tool designed to quickly enumerate subdomains on a target domain throughpassive reconnaissance anddictionary scan.
pip install knock-subdomains
git clone https://github.com/guelfoweb/knock.gitcd knockpip install.
usage: KNOCKPY [-h] [-d DOMAIN] [-f FILE] [-v] [--dns DNS] [--useragent USERAGENT] [--timeout TIMEOUT] [--threads THREADS] [--recon] [--bruteforce] [--wordlist WORDLIST] [--json-output] [--list] [--report REPORT]knockpy v.7.0.1 - Subdomain Scanhttps://github.com/guelfoweb/knockoptions: -h, --help show this help message and exit -d DOMAIN, --domain DOMAIN domain to analyze -f FILE, --file FILE domain list from file path -v, --version show program's version number and exit --dns DNS custom dns --useragent USERAGENT custom useragent --timeout TIMEOUT custom timeout --threads THREADS custom threads --recon subdomain reconnaissance --bruteforce subdomain bruteforce --wordlist WORDLIST wordlist file to import --bruteforce option required --wildcard test wildcard and exit --json shows output in json format --save FOLDER folder to save report --report REPORT shows saved report
- Start scanning domain with
--recon and--bruteforce options
knockpy -d domain.com --recon --bruteforce
- Set API KEY: VirusTotal and Shodan
export API_KEY_VIRUSTOTAL=your-virustotal-api-keyexport API_KEY_SHODAN=your-shodan-api-key
- Save the report in a folder
knockpy -d domain.com --recon --bruteforce --save report
knockpy --report domain.com_yyyy_aa_dd_hh_mm_ss.json
fromknockimportKNOCKPYdomain='domain.com'results=KNOCKPY(domain,dns=None,useragent=None,timeout=None,threads=None,recon=True,bruteforce=True,wordlist=None)print (results)
