Knock – Subdomain Scanner Tool in Kali Linux
Knock is a tool written in Python and is designed to enumerate subdomains in a target domain through a wordlist.
First clone the tool from the GitHub repository by using the below command.
git clone https://github.com/santiko/KnockPy.git
Then Change to your preferred directory.
How to use:
Run tool: To run the tool and to know its options, type the following command.
python knock.py -h
Show version: To show version of the tool, enter:
python knock.py -v
Short information: To find out short information about any domain, enter:
python knock.py -i domain name (which in our case is google.com)
Resolve: To resolve domain name, type:
python knock.py -r google.com
Zone Transfer: To check if zone transfer is enabled or not, enter the following command.
python knock.py -z youtube.com
Subdomains: To get the subdomain of a website, type the following command
python knock.py tesla.com
As we can see from the image shown below, that knock found 48 subdomains in 12 hosts of tesla.com