Skip to content

guelfoweb/knock

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

105 Commits
.github/workflows
.github/workflows
Β 
Β 
assets
assets
Β 
Β 
knock
knock
Β 
Β 
tests
tests
Β 
Β 
.gitignore
.gitignore
Β 
Β 
LICENSE
LICENSE
Β 
Β 
README.md
README.md
Β 
Β 
knockpy.py
knockpy.py
Β 
Β 
requirements.txt
requirements.txt
Β 
Β 
setup.py
setup.py
Β 
Β 

Repository files navigation

πŸ” Knock Subdomain Scan v8

βœ… Fast & Async β€’ πŸ” Recon + Brute β€’ πŸ”§ Easy to Extend

KnockPy is a modular Python 3 tool to enumerate subdomains via passive reconnaissance and bruteforce, now with async/await support, enhanced performance, and modern HTTP/TLS handling.

knockpy8

πŸš€ Features (v8)

  • βœ… Async scanning with httpx and DNS resolution
  • βœ… Modular: plug new passive sources easily
  • πŸ” Supports passive recon, bruteforce, or both
  • πŸ“œ Validates HTTP/HTTPS status, TLS cert, and IP
  • πŸ’‘ Supports wildcard DNS detection
  • πŸ§ͺ Output as JSON, optional save & reload
  • πŸ” Supports VirusTotal and Shodan API

πŸ“¦ Installation

From GitHub source (recommended)

git clone https://github.com/guelfoweb/knock.git
cd knock
pip install .

⚠️ Recommended Python version: 3.9+

Using pip

Only after the stable version is released on GitHub

pip install knock-subdomains

πŸ§ͺ Usage

knockpy -d domain.com [options]

Options

Flag Description
-d, --domain Target domain
-f, --file File with list of domains
--recon Enable passive reconnaissance
--bruteforce,brute Enable bruteforce using wordlist
--wordlist Custom wordlist (default included)
--dns Custom DNS resolver
--useragent Custom HTTP user-agent
--timeout Request timeout in seconds
--threads Number of concurrent workers
--wildcard Test wildcard DNS and exit
--json Output results in JSON
--save FOLDER Save report to folder
--report FILE Load and show a saved report
--silent Hide progress bar
--logfile Write debug log to file
--show-settings Print scan settings and continue
--version Show KnockPy version
-h, --help Show help message

πŸ“Œ Examples

πŸ”Ž Recon + Brute

knockpy -d example.com --recon --bruteforce

🧠 API Keys (optional)

export API_KEY_VIRUSTOTAL=your-virustotal-api-key
export API_KEY_SHODAN=your-shodan-api-key

You can use .env file:

API_KEY_VIRUSTOTAL=your-virustotal-api-key
API_KEY_SHODAN=your-shodan-api-key

πŸ’Ύ Save and reload report

knockpy -d example.com --recon --bruteforce --save report/
knockpy --report report/example.com_2025_10_25_14_00_00.json

πŸ§ͺ Wildcard test only

knockpy -d example.com --wildcard

🧬 Python API Usage

KnockPy can be used as a Python module:

from knock import KNOCKPY

domain = 'example.com'

results = KNOCKPY(
    domain,
    dns="8.8.8.8",
    useragent="Mozilla/5.0",
    timeout=2,
    threads=10,
    recon=True,
    bruteforce=True,
    wordlist=None,
    silent=False
)

for entry in results:
    print(entry['domain'], entry['ip'], entry['http'], entry['cert'])

πŸ“‚ Wordlist

A default wordlist is included in knock/wordlist/wordlist.txt. You can supply your own with --wordlist.

Test

python tests/poc.py

πŸ“– License

Licensed under the GPLv3 license.

Gianni Amato (@guelfoweb)

About

Knock Subdomain Scan

github.com/guelfoweb/knock

Topics

security subdomain penetration-testing bugbounty subdomain-scanner subdomain-enumeration knockpy

Resources

Readme

License

GPL-3.0 license
Activity

Stars

4.1k stars

Watchers

131 watching

Forks

885 forks
Report repository

Releases 14

Knockpy Latest
Oct 26, 2025
+ 13 releases

Packages

No packages published

Contributors 9

Languages