Knockpy : How to scan Subdomains of a website
Knockpy is a python tool designed to enumerate subdomains on a target domain through a wordlist. It is designed to scan for DNS zone transfer and to try to bypass the wildcard DNS record automatically if it is enabled. Now knockpy supports queries to VirusTotal subdomains, you can setting the API_KEY within the config.json file.
So its main features are it can search for sub domains using virustotal API, scan for zone transfer vulnerabilities and look for to bypass wildcard DNS records.
![]()
Well inorder to search for subdomains I use dnsdumpster. But today i gave Knockpy a shot and I must say it is really nice tool written in python and work in a very efficient way, It scans subdomains via virustotal API. So in order to use it you need to get a virustotal API by signing up of the virustotal website.
Requirements:
You need to download Knockpy first. You can easily download it from the github or clone it using the following command:
![]()
Once cloned, edit the config.json file and add your VIRUSTOTAL API.
![]()
now go back to /knock directory and type following to install
![]()
USAGE:
In order to use it simply enter
Positional arguments:
domain target to scan, like domain.com
Optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit
-w WORDLIST specific path to wordlist file
-r, --resolve resolve IP or domain name
-c, --csv save output in CSV
-j, --json export full report in JSON
Examples:
knockpy thehackerstore.net
knockpy thehackerstore.net -w wordlist.txt
knockpy -r thehackerstore.net or IP
knockpy -c thehackerstore.net
knockpy -j thehackerstore.net
![]()
And this will scan all the subdomains of the url you have provided and will give the list of IP address,type, and server etc.
Knockpy is a python tool designed to enumerate subdomains on a target domain through a wordlist. It is designed to scan for DNS zone transfer and to try to bypass the wildcard DNS record automatically if it is enabled. Now knockpy supports queries to VirusTotal subdomains, you can setting the API_KEY within the config.json file.
So its main features are it can search for sub domains using virustotal API, scan for zone transfer vulnerabilities and look for to bypass wildcard DNS records.
Well inorder to search for subdomains I use dnsdumpster. But today i gave Knockpy a shot and I must say it is really nice tool written in python and work in a very efficient way, It scans subdomains via virustotal API. So in order to use it you need to get a virustotal API by signing up of the virustotal website.
Requirements:
- You need a linux environment installed on your system(Ubuntu/Kali).
- Dependencis : Dnspython
sudo apt-get install python-dnspython
- Knockpy.
How to Install Knockpy to scan Subdomains:
You need to download Knockpy first. You can easily download it from the github or clone it using the following command:
git clone https://github.com/guelfoweb/knock.git
Once cloned, edit the config.json file and add your VIRUSTOTAL API.
nano /knock/knockpy/config.json
now go back to /knock directory and type following to install
python setup.py install
How to scan Subdomains of a Website using Knockpy
USAGE:
In order to use it simply enter
knockpy<your_URL>There are other options also available simple hit the following on the terminal.
example: knockpy thehackerstore.net
knockpy -hknockpy [-h] [-v] [-w WORDLIST] [-r] [-c] [-j] domain
Positional arguments:
domain target to scan, like domain.com
Optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit
-w WORDLIST specific path to wordlist file
-r, --resolve resolve IP or domain name
-c, --csv save output in CSV
-j, --json export full report in JSON
Examples:
knockpy thehackerstore.net
knockpy thehackerstore.net -w wordlist.txt
knockpy -r thehackerstore.net or IP
knockpy -c thehackerstore.net
knockpy -j thehackerstore.net
And this will scan all the subdomains of the url you have provided and will give the list of IP address,type, and server etc.