Knockpy是一款基于python的子域名枚举工具。用户可以通过其自带的字典列表或添加自定义字典列表,来对目标域的子域尝试暴力枚举。
Knockpy是一款基于python的子域名枚举工具。用户可以通过其自带的字典列表或添加自定义字典列表,来对目标域的子域尝试暴力枚举。此外,Knockpy会扫描DNS区域传输,并尝试自动绕过通配符DNS记录(如已启用)。当前knockpy支持VirusTotal子域查询,你可以在config.json文件中设置API_KEY。
使用
$ knockpy domain.com
以json格式导出完整报告
只需输入以下命令:
$ knockpy domain.com --json安装
安装环境
- Python 2.7.6
依赖
- Dnspython
$ sudo apt-get install python-dnspython安装
$ git clone https://github.com/guelfoweb/knock.git
$ cd knock
$ nano knockpy/config.json <- set your virustotal API_KEY
$ sudo python setup.py install注意,在这里我建议大家使用Google DNS:8.8.8.8和8.8.4.4
Knockpy 参数
$ knockpy -h
usage: knockpy [-h] [-v] [-w WORDLIST] [-r] [-c] [-j] domain ___________________________________________ knock subdomain scan
knockpy v.4.1
Author: Gianni 'guelfoweb' Amato
Github: https://github.com/guelfoweb/knock ___________________________________________ positional arguments:
domain 目标域名,例如domain.com
optional arguments:
-h, --help 显示帮助信息并退出
-v, --version 显示项目版本号并退出
-w WORDLIST 指定字典列表文件位置
-r, --resolve 解析IP或域名
-c, --csv 以csv格式保存输出
-j, --json 以json格式导出完整报告
示例:
knockpy domain.com
knockpy domain.com -w wordlist.txt
knockpy -r domain.com or IP
knockpy -c domain.com
knockpy -j domain.comVirusTotal子域查询,你可以在config.json文件中设置API_KEY。
示例
使用自带字典扫描子域
$ knockpy domain.com使用指定字典扫描子域
$ knockpy domain.com -w wordlist.txt解析域名并获取响应头信息
$ knockpy -r domain.com [or IP]+ checking for virustotal subdomains: YES [ "partnerissuetracker.corp.google.com", "issuetracker.google.com", "r5---sn-ogueln7k.c.pack.google.com", "cse.google.com",
.......too long....... "612.talkgadget.google.com", "765.talkgadget.google.com", "973.talkgadget.google.com" ]
+ checking for wildcard: NO + checking for zonetransfer: NO + resolving target: YES { "zonetransfer": { "enabled": false, "list": []
}, "target": "google.com", "hostname": "google.com", "virustotal": [ "partnerissuetracker.corp.google.com", "issuetracker.google.com", "r5---sn-ogueln7k.c.pack.google.com", "cse.google.com", "mt0.google.com", "earth.google.com", "clients1.google.com", "pki.google.com", "www.sites.google.com", "appengine.google.com", "fcmatch.google.com", "dl.google.com", "translate.google.com", "feedproxy.google.com", "hangouts.google.com", "news.google.com",
.......too long....... "100.talkgadget.google.com", "services.google.com", "301.talkgadget.google.com", "857.talkgadget.google.com", "600.talkgadget.google.com", "992.talkgadget.google.com", "93.talkgadget.google.com", "storage.cloud.google.com", "863.talkgadget.google.com", "maps.google.com", "661.talkgadget.google.com", "325.talkgadget.google.com", "sites.google.com", "feedburner.google.com", "support.google.com", "code.google.com", "562.talkgadget.google.com", "190.talkgadget.google.com", "58.talkgadget.google.com", "612.talkgadget.google.com", "765.talkgadget.google.com", "973.talkgadget.google.com" ], "alias": [], "wildcard": { "detected": {}, "test_target": "eqskochdzapjbt.google.com", "enabled": false, "http_response": {}
}, "ipaddress": [ "216.58.205.142" ], "response_time": "0.0351989269257", "http_response": { "status": { "reason": "Found", "code": 302 }, "http_headers": { "content-length": "256", "location": "http://www.google.it/?gfe_rd=cr&ei=60WIWdmnDILCXoKbgfgK", "cache-control": "private", "date": "Mon, 07 Aug 2017 10:50:19 GMT", "referrer-policy": "no-referrer", "content-type": "text/html; charset=UTF-8" }
}
}以CSV格式保存扫描输出
$ knockpy -c domain.com以JSON格式导出完整报告
$ knockpy -j domain.com关于
在以下环境中已预安装了Knockpy:
*参考来源:GitHub,FB小编 secist 编译