最新消息:

Knock Subdomain Scan v.4.1.0(子域名扫描器)

安全工具 Eternal 2730浏览 0评论
Knockpy是一款基于python的子域名枚举工具。用户可以通过其自带的字典列表或添加自定义字典列表,来对目标域的子域尝试暴力枚举。此外,Knockpy会扫描DNS区域传输,并尝试自动绕过通配符DNS记录(如已启用)。当前knockpy支持VirusTotal子域查询,你可以在config.json文件中设置API_KEY。

使用

$ knockpy domain.com

2.1.png

以json格式导出完整报告

只需输入以下命令:

$ knockpy domain.com --json

安装

安装环境

  • Python 2.7.6

依赖

  • Dnspython
$ sudo apt-get install python-dnspython

安装

$ git clone https://github.com/guelfoweb/knock.git

$ cd knock

$ nano knockpy/config.json <- set your virustotal API_KEY

$ sudo python setup.py install

注意,在这里我建议大家使用Google DNS:8.8.8.8和8.8.4.4

Knockpy 参数

$ knockpy -h
usage: knockpy [-h] [-v] [-w WORDLIST] [-r] [-c] [-j] domain

___________________________________________

knock subdomain scan
knockpy v.4.1
Author: Gianni 'guelfoweb' Amato
Github: https://github.com/guelfoweb/knock
___________________________________________

positional arguments:
  domain         目标域名,例如domain.com

optional arguments:
  -h, --help     显示帮助信息并退出
  -v, --version  显示项目版本号并退出
  -w WORDLIST    指定字典列表文件位置
  -r, --resolve  解析IP或域名
  -c, --csv      以csv格式保存输出
  -j, --json     以json格式导出完整报告

示例:
??knockpy?domain.com
??knockpy?domain.com?-w?wordlist.txt
??knockpy?-r?domain.com?or?IP
??knockpy?-c?domain.com
??knockpy?-j?domain.com

VirusTotal子域查询,你可以在config.json文件中设置API_KEY。

示例

使用自带字典扫描子域

$ knockpy domain.com

使用指定字典扫描子域

$ knockpy domain.com -w wordlist.txt

解析域名并获取响应头信息

$ knockpy -r domain.com [or IP]
+ checking for virustotal subdomains: YES
[
        "partnerissuetracker.corp.google.com",
        "issuetracker.google.com",
        "r5---sn-ogueln7k.c.pack.google.com",
        "cse.google.com",

        .......too long.......

        "612.talkgadget.google.com",
        "765.talkgadget.google.com",
        "973.talkgadget.google.com"
]
+ checking for wildcard: NO
+ checking for zonetransfer: NO
+ resolving target: YES
{
        "zonetransfer": {
            "enabled": false,
            "list": []
        },
        "target": "google.com",
        "hostname": "google.com",
        "virustotal": [
            "partnerissuetracker.corp.google.com",
            "issuetracker.google.com",
            "r5---sn-ogueln7k.c.pack.google.com",
            "cse.google.com",
            "mt0.google.com",
            "earth.google.com",
            "clients1.google.com",
            "pki.google.com",
            "www.sites.google.com",
            "appengine.google.com",
            "fcmatch.google.com",
            "dl.google.com",
            "translate.google.com",
            "feedproxy.google.com",
            "hangouts.google.com",
            "news.google.com",

            .......too long.......

            "100.talkgadget.google.com",
            "services.google.com",
            "301.talkgadget.google.com",
            "857.talkgadget.google.com",
            "600.talkgadget.google.com",
            "992.talkgadget.google.com",
            "93.talkgadget.google.com",
            "storage.cloud.google.com",
            "863.talkgadget.google.com",
            "maps.google.com",
            "661.talkgadget.google.com",
            "325.talkgadget.google.com",
            "sites.google.com",
            "feedburner.google.com",
            "support.google.com",
            "code.google.com",
            "562.talkgadget.google.com",
            "190.talkgadget.google.com",
            "58.talkgadget.google.com",
            "612.talkgadget.google.com",
            "765.talkgadget.google.com",
            "973.talkgadget.google.com"
        ],
        "alias": [],
        "wildcard": {
            "detected": {},
            "test_target": "eqskochdzapjbt.google.com",
            "enabled": false,
            "http_response": {}
        },
        "ipaddress": [
            "216.58.205.142"
        ],
        "response_time": "0.0351989269257",
        "http_response": {
            "status": {
                "reason": "Found",
                "code": 302
            },
            "http_headers": {
                "content-length": "256",
                "location": "http://www.google.it/?gfe_rd=cr&ei=60WIWdmnDILCXoKbgfgK",
                "cache-control": "private",
                "date": "Mon, 07 Aug 2017 10:50:19 GMT",
                "referrer-policy": "no-referrer",
                "content-type": "text/html; charset=UTF-8"
            }
        }
}

以CSV格式保存扫描输出

$ knockpy -c domain.com

以JSON格式导出完整报告

$ knockpy -j domain.com

关于

在以下环境中已预安装了Knockpy:

?*参考来源:GitHub,FB小编 secist 编译,转载请注明来自FreeBuf.COM

转载请注明:即刻安全 » Knock Subdomain Scan v.4.1.0(子域名扫描器)

您必须 登录 才能发表评论!



合作伙伴