Description
Knockpy is a Python tool designed to enumerate subdomains through wordlist-based DNS brute forcing. It performs zone transfers, checks for wildcard DNS, and can resolve discovered subdomains. Simple, effective, and produces clean output.
Installation
BASH
# pip
pip3 install knock-subdomains
# From source
git clone https://github.com/guelfoweb/knock.git
cd knock && pip3 install .Basic Usage
BASH
# Enumerate subdomains
knockpy target.com
# Use custom wordlist
knockpy target.com -w /path/to/wordlist.txt
# Without brute force (passive only via VirusTotal)
knockpy target.com --no-localAdvanced Usage
BASH
# Save results as JSON
knockpy target.com -o /output/dir/
# Resolve IP addresses
knockpy target.com --dns 8.8.8.8
# Check for zone transfer
knockpy target.com --zone-transfer
# Use VirusTotal API
export VT_API_KEY="YOUR_KEY"
knockpy target.comCommon Workflows
BASH
# Brute force with SecLists wordlist
knockpy target.com -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt
# Pipe to httpx for live host detection
knockpy target.com 2>/dev/null | grep -oP '[\w.-]+\.target\.com' | httpx -silent