Knockpy is a Python script written by security researcher Gianni 'guelfoweb' Amato, that can enumerate subdomains on a target domain through a wordlist. In other words, it is a subdomain scanner that allows you to use your own wordlist.

It is designed to scan for DNS zone transfer and to bypass the wildcard DNS record automatically if it is enabled.

Note: Knockpy requires Python 2.7.6

First, download Knock onto your computer (download link is at the end of this article), extract the zip file, open the folder, then right-click on the empty part of the window while holding the Shift key down. Then select "Open command window here". You will see a window as shown below.

Now, type "setup.py install" ( without quotes), and then hit the Enter key. Then wait for few seconds... 

Now, go to the "Scripts" folder which is located in the Python directory ( C:\Python27\Scripts). 

Then run the "knockpy.exe" using the command-line (right-click while holding the "Shift" key down and select "Open command window here").

Usage:  

knockpy [-h] [-v] [-w WORDLIST] [-r] [-c] [-j] domain

Positional arguments:

domain         target to scan, like domain.com

Optional arguments:

-h, --help     show this help message and exit

-v, --version  show program's version number and exit

-w WORDLIST    specific path to wordlist file

-r, --resolve  resolve IP or domain name

-c, --csv      save output in CSV

-j, --json     export full report in JSON

Examples:

That's all. I hope you liked this article. If you did, please share...