Knock is a tool written in Python and is designed to enumerate subdomains in a target domain through a wordlist.
First clone the tool from the GitHub repository by using the below command.
git clone https://github.com/santiko/KnockPy.git
Then Change to your preferred directory.
Fig 1: Cloning tool from GitHub repository.
How to use:
Run tool: To run the tool and to know its options, type the following command.
python knock.py -h
Fig 2: Options provided by Knock.
Show version: To show version of the tool, enter:
python knock.py -v
Fig 3: Version of knock.
Short information: To find out short information about any domain, enter:
python knock.py -i domain name (which in our case is google.com)
Fig 4: Short info about google.com
Resolve: To resolve domain name, type:
python knock.py -r google.com
Fig 5: Resolving domain google.com
Zone Transfer: To check if zone transfer is enabled or not, enter the following command.
python knock.py -z youtube.com
Fig 6: Checking zone transfer enabled or not.
Subdomains: To get the subdomain of a website, type the following command
python knock.py tesla.com
Fig 7: Getting subdomains.
As we can see from the image shown below, that knock found 48 subdomains in 12 hosts of tesla.com
Fig 8: subdomains