Knockpy是一款基于python的子域名枚举工具。用户可以通过其自带的字典列表或添加自定义字典列表,来对目标域的子域尝试暴力枚举。此外,Knockpy会扫描DNS区域传输,并尝试自动绕过通配符DNS记录(如已启用)。当前knockpy支持VirusTotal子域查询,你可以在config.json文件中设置API_KEY。
使用
$ knockpy domain.com
以json格式导出完整报告
只需输入以下命令:
$ knockpy domain.com --json
安装
安装环境
- Python 2.7.6
依赖
- Dnspython
$ sudo apt-get install python-dnspython
安装
$ git clone https://github.com/guelfoweb/knock.git $ cd knock $ nano knockpy/config.json <- set your virustotal API_KEY $ sudo python setup.py install
注意,在这里我建议大家使用Google DNS:8.8.8.8和8.8.4.4
Knockpy 参数
$ knockpy -h usage: knockpy [-h] [-v] [-w WORDLIST] [-r] [-c] [-j] domain ___________________________________________ knock subdomain scan knockpy v.4.1 Author: Gianni 'guelfoweb' Amato Github: https://github.com/guelfoweb/knock ___________________________________________ positional arguments: domain 目标域名,例如domain.com optional arguments: -h, --help 显示帮助信息并退出 -v, --version 显示项目版本号并退出 -w WORDLIST 指定字典列表文件位置 -r, --resolve 解析IP或域名 -c, --csv 以csv格式保存输出 -j, --json 以json格式导出完整报告 示例: ??knockpy?domain.com ??knockpy?domain.com?-w?wordlist.txt ??knockpy?-r?domain.com?or?IP ??knockpy?-c?domain.com ??knockpy?-j?domain.com
VirusTotal子域查询,你可以在config.json文件中设置API_KEY。
示例
使用自带字典扫描子域
$ knockpy domain.com
使用指定字典扫描子域
$ knockpy domain.com -w wordlist.txt
解析域名并获取响应头信息
$ knockpy -r domain.com [or IP]
+ checking for virustotal subdomains: YES
[
"partnerissuetracker.corp.google.com",
"issuetracker.google.com",
"r5---sn-ogueln7k.c.pack.google.com",
"cse.google.com",
.......too long.......
"612.talkgadget.google.com",
"765.talkgadget.google.com",
"973.talkgadget.google.com"
]
+ checking for wildcard: NO
+ checking for zonetransfer: NO
+ resolving target: YES
{
"zonetransfer": {
"enabled": false,
"list": []
},
"target": "google.com",
"hostname": "google.com",
"virustotal": [
"partnerissuetracker.corp.google.com",
"issuetracker.google.com",
"r5---sn-ogueln7k.c.pack.google.com",
"cse.google.com",
"mt0.google.com",
"earth.google.com",
"clients1.google.com",
"pki.google.com",
"www.sites.google.com",
"appengine.google.com",
"fcmatch.google.com",
"dl.google.com",
"translate.google.com",
"feedproxy.google.com",
"hangouts.google.com",
"news.google.com",
.......too long.......
"100.talkgadget.google.com",
"services.google.com",
"301.talkgadget.google.com",
"857.talkgadget.google.com",
"600.talkgadget.google.com",
"992.talkgadget.google.com",
"93.talkgadget.google.com",
"storage.cloud.google.com",
"863.talkgadget.google.com",
"maps.google.com",
"661.talkgadget.google.com",
"325.talkgadget.google.com",
"sites.google.com",
"feedburner.google.com",
"support.google.com",
"code.google.com",
"562.talkgadget.google.com",
"190.talkgadget.google.com",
"58.talkgadget.google.com",
"612.talkgadget.google.com",
"765.talkgadget.google.com",
"973.talkgadget.google.com"
],
"alias": [],
"wildcard": {
"detected": {},
"test_target": "eqskochdzapjbt.google.com",
"enabled": false,
"http_response": {}
},
"ipaddress": [
"216.58.205.142"
],
"response_time": "0.0351989269257",
"http_response": {
"status": {
"reason": "Found",
"code": 302
},
"http_headers": {
"content-length": "256",
"location": "http://www.google.it/?gfe_rd=cr&ei=60WIWdmnDILCXoKbgfgK",
"cache-control": "private",
"date": "Mon, 07 Aug 2017 10:50:19 GMT",
"referrer-policy": "no-referrer",
"content-type": "text/html; charset=UTF-8"
}
}
}
以CSV格式保存扫描输出
$ knockpy -c domain.com
以JSON格式导出完整报告
$ knockpy -j domain.com
关于
在以下环境中已预安装了Knockpy:
?*参考来源:GitHub,FB小编 secist 编译,转载请注明来自FreeBuf.COM
