Knock is an open source tool written in python and its purpose is to discover all the subdomains that exist on a page.
Supports the VirusTotal service by setting an API_KEY in the config.json file.
Table of Contents
Installation
git clone https://github.com/guelfoweb/knock.git
cd knock
pip3 install -r requirements.txt
python3 knockpy.py
Use
usage: knockpy [-h] [-v] [–no-local] [–no-remote] [–no-http] [–no-http-code CODE [CODE…]] [-w WORDLIST] [-o FOLDER] [-t SEC] [-th NUM] domain
——————————————————————————–
* SCAN
full scan: knockpy domain.com
ignore code: knockpy domain.com –no-http-code 404 500 530
threads: knockpy domain.com -th 50
timeout: knockpy domain.com -t 2
* REPORT
show report: knockpy –report knockpy_report / domain.com_yyyy_mm_dd_hh_mm_ss.json
plot report: knockpy –plot knockpy_report / domain.com_yyyy_mm_dd_hh_mm_ss.json
csv report: knockpy –csv knockpy_report / domain.com_yyyy_mm_dd_hh_mm_ss.json
* SETTINGS
set apikey: knockpy –set apikey-virustotal = APIKEY
set timeout: knockpy –set timeout = sec
set threads: knockpy –set threads = num
——————————————————————————–
positional arguments:
domain target to scan
optional arguments:
-h, –help show this help message and exit
-v, –version show program's version number and exit
–No-local local wordlist ignore
–No-remote remote wordlist ignore
–No-http http requests ignore
–No-http-code CODE [CODE…] http code list to ignore
-w WORDLIST wordlist file to import
-o FOLDER report folder to store json results
-t SEC timeout in seconds
-th NUM threads num
Subdomain mapping
You can download the program from here.