（子域名扫描器）Knock Subdomain Scan v.4.1.0

来源：互联网发布：jsp引入java文件编辑：程序博客网时间：2024/06/05 09:18

Knockpy是一款基于python的子域名枚举工具。用户可以通过其自带的字典列表或添加自定义字典列表，来对目标域的子域尝试暴力枚举。此外，Knockpy会扫描DNS区域传输，并尝试自动绕过通配符DNS记录（如已启用）。当前knockpy支持VirusTotal子域查询，你可以在config.json文件中设置API_KEY。

使用

$ knockpy domain.com

2.1.png

以json格式导出完整报告

只需输入以下命令：

$ knockpy domain.com --json

安装

安装环境

Python 2.7.6

依赖

Dnspython

$ sudo apt-get install python-dnspython

安装

$ git clone https://github.com/guelfoweb/knock.git$ cd knock$ nano knockpy/config.json <- set your virustotal API_KEY$ sudo python setup.py install

注意，在这里我建议大家使用Google DNS：8.8.8.8和8.8.4.4

Knockpy 参数

$ knockpy -husage: knockpy [-h] [-v] [-w WORDLIST] [-r] [-c] [-j] domain___________________________________________knock subdomain scanknockpy v.4.1Author: Gianni 'guelfoweb' AmatoGithub: https://github.com/guelfoweb/knock___________________________________________positional arguments:  domain         目标域名，例如domain.comoptional arguments:  -h, --help     显示帮助信息并退出  -v, --version  显示项目版本号并退出  -w WORDLIST    指定字典列表文件位置  -r, --resolve  解析IP或域名  -c, --csv      以csv格式保存输出  -j, --json     以json格式导出完整报告

示例:
  knockpy domain.com
  knockpy domain.com -w wordlist.txt
  knockpy -r domain.com or IP
  knockpy -c domain.com
  knockpy -j domain.com

VirusTotal子域查询，你可以在config.json文件中设置API_KEY。

示例

使用自带字典扫描子域

$ knockpy domain.com

使用指定字典扫描子域

$ knockpy domain.com -w wordlist.txt

解析域名并获取响应头信息

$ knockpy -r domain.com [or IP]

+ checking for virustotal subdomains: YES[        "partnerissuetracker.corp.google.com",        "issuetracker.google.com",        "r5---sn-ogueln7k.c.pack.google.com",        "cse.google.com",        .......too long.......        "612.talkgadget.google.com",        "765.talkgadget.google.com",        "973.talkgadget.google.com"]+ checking for wildcard: NO+ checking for zonetransfer: NO+ resolving target: YES{        "zonetransfer": {            "enabled": false,            "list": []        },        "target": "google.com",        "hostname": "google.com",        "virustotal": [            "partnerissuetracker.corp.google.com",            "issuetracker.google.com",            "r5---sn-ogueln7k.c.pack.google.com",            "cse.google.com",            "mt0.google.com",            "earth.google.com",            "clients1.google.com",            "pki.google.com",            "www.sites.google.com",            "appengine.google.com",            "fcmatch.google.com",            "dl.google.com",            "translate.google.com",            "feedproxy.google.com",            "hangouts.google.com",            "news.google.com",            .......too long.......            "100.talkgadget.google.com",            "services.google.com",            "301.talkgadget.google.com",            "857.talkgadget.google.com",            "600.talkgadget.google.com",            "992.talkgadget.google.com",            "93.talkgadget.google.com",            "storage.cloud.google.com",            "863.talkgadget.google.com",            "maps.google.com",            "661.talkgadget.google.com",            "325.talkgadget.google.com",            "sites.google.com",            "feedburner.google.com",            "support.google.com",            "code.google.com",            "562.talkgadget.google.com",            "190.talkgadget.google.com",            "58.talkgadget.google.com",            "612.talkgadget.google.com",            "765.talkgadget.google.com",            "973.talkgadget.google.com"        ],        "alias": [],        "wildcard": {            "detected": {},            "test_target": "eqskochdzapjbt.google.com",            "enabled": false,            "http_response": {}        },        "ipaddress": [            "216.58.205.142"        ],        "response_time": "0.0351989269257",        "http_response": {            "status": {                "reason": "Found",                "code": 302            },            "http_headers": {                "content-length": "256",                "location": "http://www.google.it/?gfe_rd=cr&ei=60WIWdmnDILCXoKbgfgK",                "cache-control": "private",                "date": "Mon, 07 Aug 2017 10:50:19 GMT",                "referrer-policy": "no-referrer",                "content-type": "text/html; charset=UTF-8"            }        }}

以CSV格式保存扫描输出

$ knockpy -c domain.com

以JSON格式导出完整报告

$ knockpy -j domain.com

关于

在以下环境中已预安装了Knockpy：

BackBox Linux
PentestBox for Windows
Buscador

阅读全文

0 0