✔️ Fast ✔️ Easy ✔️ Modular
Knockpy is a portable and modular python3 tool designed to quickly enumerate subdomains on a target domain through passive reconnaissance and dictionary scan.
pip install knock-subdomains
git clone https://github.com/guelfoweb/knock.git
cd knock
pip install .usage: KNOCKPY [-h] [-d DOMAIN] [-f FILE] [-v] [--dns DNS] [--useragent USERAGENT]
[--timeout TIMEOUT] [--threads THREADS] [--recon] [--bruteforce]
[--wordlist WORDLIST] [--json-output] [--list] [--report REPORT]
knockpy v.7.0.1 - Subdomain Scan
https://github.com/guelfoweb/knock
options:
-h, --help show this help message and exit
-d DOMAIN, --domain DOMAIN
domain to analyze
-f FILE, --file FILE domain list from file path
-v, --version show program's version number and exit
--dns DNS custom dns
--useragent USERAGENT
custom useragent
--timeout TIMEOUT custom timeout
--threads THREADS custom threads
--recon subdomain reconnaissance
--bruteforce subdomain bruteforce
--wordlist WORDLIST wordlist file to import
--bruteforce option required
--wildcard test wildcard and exit
--json shows output in json format
--save FOLDER folder to save report
--report REPORT shows saved report
- Start scanning domain with
--reconand--bruteforceoptions
knockpy -d domain.com --recon --bruteforce- Set API KEY: VirusTotal and Shodan
export API_KEY_VIRUSTOTAL=your-virustotal-api-key
export API_KEY_SHODAN=your-shodan-api-key- Save the report in a folder
knockpy -d domain.com --recon --bruteforce --save report- Shows saved report
knockpy --report domain.com_yyyy_aa_dd_hh_mm_ss.jsonfrom knock import KNOCKPY
domain = 'domain.com'
results = KNOCKPY(domain, dns=None, useragent=None, timeout=None, threads=None, recon=True, bruteforce=True, wordlist=None)
print (results)
