KNOCKPY

NAME

knockpy - Python3 tool designed to enumerate subdomains on a target domain

DESCRIPTION

usage: knockpy [-h] [-v] [--no-local] [--no-remote] [--no-scan] [--no-http]

[--no-http-code CODE [CODE ...]] [--no-ip NO_IP [NO_IP ...]] [--dns DNS] [--user-agent USERAGENT] [--plugin-test] [-w WORDLIST] [-o FOLDER] [-t SEC] [-th NUM] [--silent [{False,json,json-pretty,csv}]] [domain]

-------------------------------------------------------------------------------- * SCAN full scan: knockpy domain.com quick scan: knockpy domain.com --no-local faster scan: knockpy domain.com --no-local --no-http ignore code: knockpy domain.com --no-http-code 404 500 530 silent mode: knockpy domain.com --silent

* SUBDOMAINS show recon: knockpy domain.com --no-local --no-scan

* REPORT show report: knockpy --report knockpy_report/domain.com_yyyy_mm_dd_hh_mm_ss.json plot report: knockpy --plot knockpy_report/domain.com_yyyy_mm_dd_hh_mm_ss.json csv report: knockpy --csv knockpy_report/domain.com_yyyy_mm_dd_hh_mm_ss.json --------------------------------------------------------------------------------

positional arguments:

domain

target to scan

options:

-h, --help

show this help message and exit

-v, --version

show program’s version number and exit

--no-local

local wordlist ignore

--no-remote

remote wordlist ignore

--no-scan

scanning ignore, show wordlist and exit

--no-http

http requests ignore

--no-http-code CODE [CODE ...]

http code list to ignore

--no-ip NO_IP [NO_IP ...]

ip address to ignore

--dns DNS

use custom DNS ex. 8.8.8.8

--user-agent USERAGENT

use a custom user agent

--plugin-test

test plugins and exit

-w WORDLIST

wordlist file to import

-o FOLDER

report folder to store json results

-t SEC

timeout in seconds

-th NUM

threads num

--silent [{False,json,json-pretty,csv}]

silent or quiet mode, default output: False

once you get knockpy results, don’t forget to use ’nmap’ and ’dirsearch’

happy hacking ;)