• We just launched and are currently in beta. Join us as we build and grow the community.

Knock – Insane Subdomain Enumeration Tool

Vyris47

Backend Admin
V
V Rep
0
0
0
Rep
0
V Vouches
0
0
0
Vouches
0
Posts
62
Likes
47
Bits
0
1 MONTH
1 1 MONTH OF SERVICE
LEVEL 1 300 XP
Blue-3D-Illustration-Guess-The-Word-Game-Fun-Presentation.webp


Hey Folks, in this tutorial we are going to configure another subdomain fuzzer in our Kali Linux operating system to make our penetration testing more vigorous. Knockpy is a python3 tool designed to enumerate subdomains on a target domain through dictionary attack. We are constantly writing articles on subdomain takeover tool, so if you don’t like this tool then you can read our previous article once.

Let’s take a look at this tool 🙂 !!

Installation

Have you ever installed python dependencies and if not then please check our previous article before going directly to the installation of this tool because we will need python dependencies for this tool to run. So first we will download this tool from github and enter the directory.

git clone https://github.com/guelfoweb/knock.git
cd knock12git clone
https://github.com/guelfoweb/knock.gitcd knock

1.png


GOOD 🙂 !! Now go to the last part of installation of this tool and install all required dependencies by executing “python” command.

python3 setup.py install1python3 setup.py install

2.png


Done 🙂 !! After that we have to go to another directory of this tool and then we can operate this tool easily.

cd knockpy
python3 knockpy.py -h12cd knockpypython3 knockpy.py-h

3.png

Full Scan

We take an random domain and perform full scan over it. But actually it takes longer time than the other but gives us good results.

python3 knockpy.py logpac.com1python3 knockpy.py logpac.com

4.png

Fast Scan

This functionality of this tool does not follow http request so we got faster results than in normal mode.

python3 knockpy.py logpac.com --no-http1python3 knockpy.py logpac.com--no-http

5.png

Ignore Response Code

The most common features which comes in each tool is that we can exclude response from output accordingly by giving specific http code.

python3 knockpy.py logpac.com -w /usr/share/wordlists/dirb/common.txt --no-http-code 404 500 5301python3 knockpy.py logpac.com-w/usr/share/wordlists/dirb/common.txt--no-http-code404500530

6.png


Hmm 🙂 !! Apart from this, there are some more features in this tool which you can try easily without any problem. But overall it takes the help of word list and tries to identify the hidden subdomains of the organization.

7.png
About the AuthorShubham Goyal Certified Ethical Hacker, information security analyst, penetration tester and researcher. Can be Contact on Linkedin.
 
You must log in or register to reply here.

432,645

312,569

312,578

L loboalfa2310
Top