Open In App

Knock – Subdomain Scanner Tool in Kali Linux

Knock is a tool written in Python and is designed to enumerate subdomains in a target domain through a wordlist.


First clone the tool from the GitHub repository by using the below command.

git clone

Then Change to your preferred directory.

cd KnockPy

Fig 1: Cloning tool from GitHub repository.

How to use:

Run tool: To run the tool and to know its options, type the following command.

python -h

Fig 2: Options provided by Knock.

Show version: To show version of the tool, enter:

python -v

Fig 3: Version of knock.

Short information: To find out short information about any domain, enter:

python -i domain name (which in our case is

Fig 4: Short info about

Resolve: To resolve domain name, type:

python -r

Fig 5: Resolving domain

Zone Transfer: To check if zone transfer is enabled or not, enter the following command.

python -z

Fig 6: Checking zone transfer enabled or not.

Subdomains: To get the subdomain of a website, type the following command


Fig 7: Getting subdomains.

As we can see from the image shown below, that knock found 48 subdomains in 12 hosts of

Fig 8: subdomains

Article Tags :