pax_global_header00006660000000000000000000000064131420306070014506gustar00rootroot0000000000000052 comment=011e206f46d5a7579f6610fd070ff1c8a100a4b6 knock-4.1.0/000077500000000000000000000000001314203060700126155ustar00rootroot00000000000000knock-4.1.0/CHANGELOG.rst000066400000000000000000000012151314203060700146350ustar00rootroot000000000000004.1 - 2017-08-07 ==================== - added VirusTotal support. Setting the API_KEY within the config.json file 4.0 - 2017-02-03 ==================== - release v.4.0.0 4.0 beta - 2016-12-16 ==================== - rewrited code and options - removed option -z - new -c or --csv option to export CSV output - new -j or --json option to export full output in JSON 3.0 rc1 - 2014-02-21 ==================== - release v.3.0 rc1 2.0 - 2014-02-20 ================ - rewrite code and options - detect ALIAS name - automatic wildcard bypass - resolve single domain 1.x - 2011 ========== - old version on Google Code -> http://code.google.com/p/knock/ knock-4.1.0/README.rst000066400000000000000000000111241314203060700143030ustar00rootroot00000000000000========================== Knock Subdomain Scan v.4.1.0 ========================== **Knockpy** is a python tool designed to enumerate subdomains on a target domain through a wordlist. It is designed to scan for **DNS zone transfer** and to try to bypass the **wildcard DNS record** automatically if it is enabled. Now knockpy supports queries to VirusTotal subdomains, you can setting the API_KEY within the config.json file. **Very simply** .. code-block:: $ knockpy domain.com .. figure:: https://cloud.githubusercontent.com/assets/41558/21270690/f8854cb8-c3b7-11e6-933b-c47e358f4a70.png :align: center :width: 90% :figwidth: 85% **Export full report in JSON** If you want to save full log `like this one `_ just type: .. code-block:: $ knockpy domain.com --json ======= Install ======= **Prerequisites** - Python 2.7.6 **Dependencies** - Dnspython .. code-block:: $ sudo apt-get install python-dnspython **Installing with pypi** .. code-block:: $ sudo pip install https://github.com/guelfoweb/knock/archive/knock4.zip **Installing manually** `Download zip `_ and extract folder: .. code-block:: $ cd knock-knock4/ $ sudo python setup.py install **Installing from Debian repository** `(Stretch) `_ .. code-block:: $ sudo apt-get update $ sudo apt-get install knockpy Note that it's recommended to use `Google DNS `_: 8.8.8.8 and 8.8.4.4 Knockpy arguments ----- .. code-block:: $ knockpy -h usage: knockpy [-h] [-v] [-w WORDLIST] [-r] [-c] [-j] domain ___________________________________________ knock subdomain scan knockpy v.4.0beta Author: Gianni 'guelfoweb' Amato Github: https://github.com/guelfoweb/knock ___________________________________________ positional arguments: domain target to scan, like domain.com optional arguments: -h, --help show this help message and exit -v, --version show program's version number and exit -w WORDLIST specific path to wordlist file -r, --resolve resolve ip or domain name -c, --csv save output in csv -j, --json export full report in JSON example: knockpy domain.com knockpy domain.com -w wordlist.txt knockpy -r domain.com or IP knockpy -c domain.com knockpy -j domain.com Example ------- **Subdomain scan with internal wordlist** .. code-block:: $ knockpy domain.com **Subdomain scan with external wordlist** .. code-block:: $ knockpy domain.com -w wordlist.txt **Resolve domain name and get response headers** .. code-block:: $ knockpy -r domain.com [or IP] .. code-block:: + checking for wildcard: NO + checking for zonetransfer: NO + resolving target: YES { "zonetransfer": { "enabled": false, "list": [] }, "target": "google.com", "hostname": "google.com", "alias": [], "wildcard": { "detected": {}, "test_target": "kfwpsxvdnt.google.com", "enabled": false, "http_response": {} }, "ipaddress": [ "216.58.205.142" ], "response_time": "0.0917398929596", "http_response": { "status": { "reason": "Found", "code": 302 }, "http_headers": { "date": "Thu, 22 Dec 2016 09:28:48 GMT", "content-length": "256", "content-type": "text/html; charset=UTF-8", "location": "http://www.google.it/?gfe_rd=cr&ei=0JxbWIGmLofCXruVhcgI", "cache-control": "private" } } } **Save scan output in CSV** .. code-block:: $ knockpy -c domain.com **Export full report in JSON** .. code-block:: $ knockpy -j domain.com ========== Talk about ========== `Ethical Hacking and Penetration Testing Guide `_ Book by Rafay Baloch. Knockpy comes pre-installed on the following security distributions for penetration test: - `BackBox Linux `_ - `PentestBox for Windows `_ - `Buscador Investigative Operating System `_ ===== Other ===== This tool is currently maintained by Gianni 'guelfoweb' Amato, who can be contacted at guelfoweb@gmail.com or twitter `@guelfoweb `_. Suggestions and criticism are welcome. Sponsored by `Security Side `_ knock-4.1.0/knockpy/000077500000000000000000000000001314203060700142735ustar00rootroot00000000000000knock-4.1.0/knockpy/__init__.py000066400000000000000000000001771314203060700164110ustar00rootroot00000000000000import os _ROOT = os.path.abspath(os.path.dirname(__file__)) def get_data(path): return os.path.join(_ROOT, 'wordlist', path) knock-4.1.0/knockpy/config.json000066400000000000000000000000261314203060700164310ustar00rootroot00000000000000{ "virustotal": "" } knock-4.1.0/knockpy/knockpy.py000066400000000000000000000241351314203060700163300ustar00rootroot00000000000000#!/usr/bin/env python # -*- coding: utf-8 -*- from modules import zonetransfer from modules import header from modules import resolve from modules import wildcard from modules import save_report from modules import virustotal_subdomains from urlparse import urlparse import sys import json import os.path import datetime import argparse __author__='Gianni \'guelfoweb\' Amato' __version__='4.1' __url__='https://github.com/guelfoweb/knock' __description__='''\ ___________________________________________ knock subdomain scan knockpy v.'''+__version__+''' Author: '''+__author__+''' Github: '''+__url__+''' ___________________________________________ ''' __epilog__=''' example: knockpy domain.com knockpy domain.com -w wordlist.txt knockpy -r domain.com or IP knockpy -c domain.com knockpy -j domain.com For virustotal subdomains support you can setting your API KEY in the config.json file. ''' def loadfile_wordlist(filename): filename = open(filename,'r') wlist = filename.read().split('\n') filename.close return filter(None, wlist) def print_header(): print """ _ __ _ | |/ / | | """+__version__+""" | ' / _ __ ___ ___| | ___ __ _ _ | < | '_ \ / _ \ / __| |/ / '_ \| | | | | . \| | | | (_) | (__| <| |_) | |_| | |_|\_\_| |_|\___/ \___|_|\_\ .__/ \__, | | | __/ | |_| |___/ """ def print_header_scan(): print '\nIp Address\tStatus\tType\tDomain Name\t\t\tServer' print '----------\t------\t----\t-----------\t\t\t------' def get_tab(string): if len(str(string)) > 23: return '\t' elif len(str(string)) > 15 and len(str(string)) <= 23: return '\t\t' else: return '\t\t\t' subdomain_csv_list = [] def print_output(data): if data['alias']: for alias in data['alias']: ip_alias = data['ipaddress'][0] try: server_type = str(data['http_response']['http_headers']['server']) except: server_type = '' row = ip_alias+'\t'+str(data['status'])+'\t'+'alias'+'\t'+str(alias)+get_tab(alias)+str(server_type) print (row) subdomain_csv_list.append(ip_alias+','+str(data['status'])+','+'alias'+','+str(alias)+','+str(server_type)) for ip in data['ipaddress']: try: server_type = str(data['http_response']['http_headers']['server']) except: server_type = '' row = ip+'\t'+str(data['status'])+'\t'+'host'+'\t'+str(data['hostname'])+get_tab(data['hostname'])+str(server_type) print (row) subdomain_csv_list.append(ip+','+str(data['status'])+','+'host'+','+str(data['hostname'])+','+str(server_type)) else: for ip in data['ipaddress']: try: server_type = str(data['http_response']['http_headers']['server']) except: server_type = '' row = ip+'\t'+str(data['status'])+'\t'+'host'+'\t'+str(data['hostname'])+get_tab(data['hostname'])+str(server_type) print (row) subdomain_csv_list.append(ip+','+str(data['status'])+','+'host'+','+str(data['hostname'])+','+str(server_type)) def init(text, resp=False): if resp: print(text) else: print(text), def main(): parser = argparse.ArgumentParser( version=__version__, formatter_class=argparse.RawTextHelpFormatter, prog='knockpy', description=__description__, epilog = __epilog__) parser.add_argument('domain', help='target to scan, like domain.com') parser.add_argument('-w', help='specific path to wordlist file', nargs=1, dest='wordlist', required=False) parser.add_argument('-r', '--resolve', help='resolve single ip or domain name', action='store_true', required=False) parser.add_argument('-c', '--csv', help='save output in csv', action='store_true', required=False) parser.add_argument('-j', '--json', help='export full report in JSON', action='store_true', required=False) args = parser.parse_args() target = args.domain wlist = args.wordlist resolve_host = args.resolve save_scan_csv = args.csv save_scan_json = args.json print_header() ''' start ''' time_start = str(datetime.datetime.now()) ''' parse target domain ''' if target.startswith("http") or target.startswith("ftp"): parsed_uri = urlparse(target) target = '{uri.netloc}'.format(uri=parsed_uri) ''' check for virustotal subdomains ''' init('+ checking for virustotal subdomains:', False) subdomain_list = [] if os.path.isfile('config.json'): with open('config.json') as data_file: apikey = json.load(data_file) try: apikey_vt = apikey['virustotal'] if apikey_vt != '': virustotal_list = virustotal_subdomains.get_subdomains(target, apikey_vt) if virustotal_list: init('YES', True) print(json.dumps(virustotal_list, indent=4, separators=(',', ': '))) for item in virustotal_list: subdomain = item.replace('.'+target, '') if subdomain not in subdomain_list: subdomain_list.append(subdomain) else: init('NO', True) else: init('SKIP', True) init('\tVirusTotal API_KEY not found', True) virustotal_list = [] except: init('SKIP', True) init('\tVirusTotal API_KEY not found', True) virustotal_list = [] else: init('SKIP', True) init('\tCONFIG FILE NOT FOUND', True) virustotal_list = [] ''' check for wildcard ''' init('+ checking for wildcard:', False) wildcard_json = json.loads(wildcard.test_wildcard(target)) if wildcard_json['enabled']: init('YES', True) print(json.dumps(wildcard_json['detected'], indent=4, separators=(',', ': '))) else: init('NO', True) ''' check for zonetransfer ''' init('+ checking for zonetransfer:', False) zonetransfer_json = json.loads(zonetransfer.zonetransfer(target)) if zonetransfer_json['enabled']: init('YES', True) print(json.dumps(zonetransfer_json['list'], indent=4, separators=(',', ': '))) for item in zonetransfer_json['list']: subdomain = item.replace('.'+target, '') if subdomain not in subdomain_list: subdomain_list.append(subdomain) else: init('NO', True) ''' optional argument -w WORDLIST ''' if wlist: wordlist = wlist[0] else: _ROOT = os.path.abspath(os.path.dirname(__file__)) wordlist = os.path.join(_ROOT, 'wordlist', 'wordlist.txt') if not os.path.isfile(wordlist): exit('File not found: ' + wordlist) word_list = loadfile_wordlist(wordlist) word_list = [item.lower() for item in word_list] subdomain_list = subdomain_list + word_list subdomain_list = list(set(subdomain_list)) subdomain_list = sorted(subdomain_list) wordlist_count = len(subdomain_list) ''' resolve domain ''' init('+ resolving target:', False) response_resolve = json.loads(resolve.resolve(target)) response_resolve.update({'wildcard': wildcard_json, 'zonetransfer': zonetransfer_json, 'virustotal': virustotal_list}) response_resolve['ipaddress'] if response_resolve['hostname']: init('YES', True) else: init('NO', True) ip_list = [] try: del response_resolve['status'] for ip in response_resolve['ipaddress']: ip_list.append(ip) except: pass time_end = str(datetime.datetime.now()) stats = {'time_start': time_start, 'time_end': time_end} ''' optional argument -r RESOLVE DOMAIN ''' if resolve_host: response_resolve = json.dumps(response_resolve, indent=4, separators=(',', ': ')) print(response_resolve) exit() ''' scan for subdomain ''' init('- scaning for subdomain...', True) print_header_scan() subdomains_json_list = [] import sys for item in subdomain_list: sys.stdout.write("%s\r" % item) sys.stdout.flush() subdomain_target = item+'.'+target subdomain_resolve = json.loads(resolve.resolve(subdomain_target)) if subdomain_resolve['hostname']: try: status_code = subdomain_resolve['http_response']['status']['code'] except: status_code = '' if wildcard_json['enabled']: wildcard_code = wildcard_json['detected']['status_code'] if str(status_code) != '' and str(wildcard_code) != '' and str(status_code) == str(wildcard_code): try: content_length = str(subdomain_resolve['http_response']['http_headers']['content-length']) except: content_length = '' try: wildcard_content_length = wildcard_json['http_response']['http_headers']['content-length'] except: wildcard_content_length = '' ''' Experimental: content_length == '0' => This is a work around. ''' if content_length == '0' or str(content_length) == str(wildcard_content_length): pass else: print_output(subdomain_resolve) subdomains_json_list.append(subdomain_resolve) else: print_output(subdomain_resolve) subdomains_json_list.append(subdomain_resolve) else: print_output(subdomain_resolve) subdomains_json_list.append(subdomain_resolve) sys.stdout.write("%s\r" % (' ') ) sys.stdout.flush() subdomain_found = [] for items in subdomains_json_list: try: del items['status'] except: pass if items['hostname'] not in subdomain_found: subdomain_found.append(str(items['hostname'])) for item in items['alias']: if item not in subdomain_found: subdomain_found.append(str(item)) for item in items['ipaddress']: ip_list.append(str(item)) ipaddr_list = list(set(ip_list)) ip_count = len(ipaddr_list) subdomain_found = list(set(subdomain_found)) sub_count = len(subdomain_found) ''' optional argument -s SAVE FULL SCAN REPORT ''' stats = {'time_start': time_start, 'time_end': time_end, \ 'sub_count': sub_count, 'ip_count': ip_count, \ 'wordlist': {'filename': wordlist, 'item_count': wordlist_count}, \ 'knockpy': {'version': __version__, 'query': sys.argv, 'url': __url__}} try: del resolve_host_report['stats'] except: pass if not resolve_host: if save_scan_csv: exit(save_report.export(target, subdomain_csv_list, 'csv')) elif save_scan_json: report_json = {'target_response': response_resolve, \ 'subdomain_response': subdomains_json_list, \ 'found': {'ipaddress': ipaddr_list, \ 'subdomain': subdomain_found, \ 'csv': subdomain_csv_list}, 'info': stats} report_json = json.dumps(report_json, indent=4, separators=(',', ': ')) exit(save_report.export(target, report_json, 'json')) else: exit() if __name__ == '__main__': main() knock-4.1.0/knockpy/modules/000077500000000000000000000000001314203060700157435ustar00rootroot00000000000000knock-4.1.0/knockpy/modules/__init__.py000066400000000000000000000000021314203060700200440ustar00rootroot00000000000000 knock-4.1.0/knockpy/modules/header.py000066400000000000000000000012111314203060700175400ustar00rootroot00000000000000import json import httplib def header(url, path='/', method='HEAD'): headers = {} response = {} user_agent = "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:35.0) Gecko/20100101 Firefox/35.0" try: conn = httplib.HTTPConnection(url) conn.putrequest(method, path) conn.putheader("User-Agent", user_agent) conn.endheaders() res = conn.getresponse() conn.close() for item in res.getheaders(): headers.update({item[0]: item[1]}) response = {'status': {'code': res.status, 'reason': res.reason}, 'http_headers': headers} response = json.dumps(response, indent=4, separators=(',', ': ')) except: response = {} return response knock-4.1.0/knockpy/modules/resolve.py000066400000000000000000000024131314203060700177740ustar00rootroot00000000000000import json import header import socket import time #import zonetransfer ''' set the default timeout on sockets to 5 seconds ''' if hasattr(socket, 'setdefaulttimeout'): socket.setdefaulttimeout(5) def resolve(target): hostname = '' aliaslist = [] ipaddrlist = [] code = '' header_response = {} iplist = [] response = {} #zonetransfer_json = {} time_start = time.time() try: soc = socket.gethostbyname_ex(target) #zonetransfer_json = json.loads(zonetransfer.zonetransfer(target)) if soc: hostname = soc[0] aliaslist = soc[1] ipaddrlist = soc[2] ''' check for http headers ''' try: header_response = json.loads(header.header(target)) code = header_response['status']['code'] except: header_response = {} code = '' if hostname != target: header_response = json.loads(header.header(hostname)) time_end = time.time() except: time_end = time.time() response_time = str(time_end-time_start) response = {'target': target, 'hostname': hostname, \ 'alias': aliaslist, 'ipaddress': ipaddrlist, \ 'status': code, 'response_time': response_time, \ 'http_response': header_response} #, 'zonetransfer': zonetransfer_json} response = json.dumps(response, indent=4, separators=(',', ': ')) return response knock-4.1.0/knockpy/modules/save_report.py000066400000000000000000000010201314203060700206370ustar00rootroot00000000000000import time import json def touch(filename): fname = filename file = open(fname, 'w') file.close() def export(domain, report, _type): timestamp = time.time() filename = domain.replace('.', '_')+'_'+str(timestamp)+'.'+_type if _type == 'csv': csv_report = '' for item in report: csv_report += item + '\n' report = csv_report try: with open(filename, 'a') as f: f.write(report) f.close() return '\n'+_type.upper()+' report saved in: '+filename except: return '\nCannot write report file: '+filename knock-4.1.0/knockpy/modules/virustotal_subdomains.py000066400000000000000000000005511314203060700227560ustar00rootroot00000000000000import json import urllib def get_subdomains(domain, apikey): url = 'https://www.virustotal.com/vtapi/v2/domain/report' parameters = {'domain': domain, 'apikey': apikey} try: response = urllib.urlopen('%s?%s' % (url, urllib.urlencode(parameters))).read() response_dict = json.loads(response) return response_dict['subdomains'] except: return False knock-4.1.0/knockpy/modules/wildcard.py000066400000000000000000000024261314203060700201120ustar00rootroot00000000000000import json import header import socket import random ''' set the default timeout on sockets to 5 seconds ''' if hasattr(socket, 'setdefaulttimeout'): socket.setdefaulttimeout(5) def rnd(alphabet): min = 5 max = 15 total = 2 random_string = '' for count in xrange(1, total): for x in random.sample(alphabet,random.randint(min,max)): random_string += x return random_string def test_wildcard(target): random_string = rnd('abcdefghijklmnopqrstuvwxyz') random_subdomain = str(random_string)+'.'+target response = {} http_response = {} try: host = socket.gethostbyname(random_subdomain) if host: http_response = header.header(random_subdomain) http_response = json.loads(http_response) code = http_response['status']['code'] try: content_length = str(http_response['http_headers']['content-length']) except: content_length = '' response.update({'test_target': random_subdomain, \ 'enabled': True, 'detected': \ {'status_code': code, 'content_length': content_length}, \ 'http_response': http_response}) except: response = {'test_target': random_subdomain, 'enabled': False, \ 'detected': {}, 'http_response': http_response} response = json.dumps(response, indent=4, separators=(',', ': ')) return response knock-4.1.0/knockpy/modules/zonetransfer.py000066400000000000000000000030461314203060700210400ustar00rootroot00000000000000import json import socket ''' set the default timeout on sockets to 5 seconds ''' if hasattr(socket, 'setdefaulttimeout'): socket.setdefaulttimeout(5) try: import dns.resolver, dns.query, dns.zone except: exit('ImportError: No module named python-dnspython\npip install dnspython') def zonetransfer(target): zonetransfer_list = [] my_resolver = dns.resolver.Resolver() my_resolver.timeout=2.0 my_resolver.lifetime=2.0 try: answers = my_resolver.query(target,'NS') except: response = {'enabled': False, 'list': [] } response = json.dumps(response, indent=4, separators=(',', ': ')) return response ip_from_nslist = [] for name_server in answers: name_server = str(name_server).rstrip('.') ip_from_nslist.append(socket.gethostbyname(name_server)) for ip_from_ns in ip_from_nslist: zone = False try: zone = dns.zone.from_xfr(dns.query.xfr(ip_from_ns, target, timeout = 1)) except: pass if zone: for name, node in zone.nodes.items(): rdataset = node.rdatasets for record in rdataset: name = str(name) if name != '@' and name != '*': zonetransfer_list.append(name+'.'+target) if zonetransfer_list: zonetransfer_list = [item.lower() for item in zonetransfer_list] zonetransfer_list = list(set(zonetransfer_list)) response = {'enabled': True, 'list': zonetransfer_list } response = json.dumps(response, indent=4, separators=(',', ': ')) return response else: response = {'enabled': False, 'list': [] } response = json.dumps(response, indent=4, separators=(',', ': ')) return response knock-4.1.0/knockpy/wordlist/000077500000000000000000000000001314203060700161425ustar00rootroot00000000000000knock-4.1.0/knockpy/wordlist/wordlist.txt000066400000000000000000000273651314203060700205670ustar00rootroot0000000000000001 02 03 1 10 1rer 11 12 13 14 15 16 17 18 19 2 20 2tty 3 3com 4 5 6 7 8 9 a a.auth-ns a01 a02 a1 a2 abc about ac academico acceso access accounting accounts acid activestat ad adam adkit admin administracion administrador administrator administrators admins ads adsense adserver adsl ae af affiliate affiliates affiliati afiliados ag agenda agent ai aix ajax ak akamai al alabama alaska albuquerque alerts alpha alterwind am amarillo americas an anaheim analytics analyzer announce announcements antivirus ao ap apache api apollo app app01 app1 apple application applications apps appserver aq ar archie arcsight argentina arizona arkansas arlington as as400 asia asterix at athena atlanta atlas att au auction austin auth auto av aw ayuda az b b.auth-ns b01 b02 b1 b2 b2b b2c ba back backend backup baker bakersfield balance balancer baltimore banking bayarea bb bbdd bbs bd bdc be bea beta bf bg bh bi billing biz biztalk bj black blackberry blog blogs blue bm bn bnc bo bob bof boise bolsa border boston boulder boy br bravo brazil britian broadcast broker bronze brown bs bsd bsd0 bsd01 bsd02 bsd1 bsd2 bt bug buggalo bugs bugzilla build bulletins burn burner buscador buy bv bw by bz c c.auth-ns ca cache cafe calendar california call calvin canada canal canon careers catalog cc cd cdburner cdn cert certificates certify certserv certsrv cf cg cgi ch channel channels charlie charlotte chat chats chatserver check checkpoint chi chicago ci cims cincinnati cisco citrix ck cl class classes classifieds classroom cleveland clicktrack client clientes clients cloud club clubs cluster clusters cm cmail cms cn co cocoa code coldfusion colombus colorado columbus com comunicare comunicati comunicazione commerce commerceserver communigate community compaq compras con concentrator conf conference conferencing confidential connect connecticut consola console consult consultant consultants consulting consumer contact content contracts core core0 core01 corp corpmail corporate correo correoweb cortafuegos counterstrike courses cr cricket crm crs cs cso css ct cu cust1 cust10 cust100 cust101 cust102 cust103 cust104 cust105 cust106 cust107 cust108 cust109 cust11 cust110 cust111 cust112 cust113 cust114 cust115 cust116 cust117 cust118 cust119 cust12 cust120 cust121 cust122 cust123 cust124 cust125 cust126 cust13 cust14 cust15 cust16 cust17 cust18 cust19 cust2 cust20 cust21 cust22 cust23 cust24 cust25 cust26 cust27 cust28 cust29 cust3 cust30 cust31 cust32 cust33 cust34 cust35 cust36 cust37 cust38 cust39 cust4 cust40 cust41 cust42 cust43 cust44 cust45 cust46 cust47 cust48 cust49 cust5 cust50 cust51 cust52 cust53 cust54 cust55 cust56 cust57 cust58 cust59 cust6 cust60 cust61 cust62 cust63 cust64 cust65 cust66 cust67 cust68 cust69 cust7 cust70 cust71 cust72 cust73 cust74 cust75 cust76 cust77 cust78 cust79 cust8 cust80 cust81 cust82 cust83 cust84 cust85 cust86 cust87 cust88 cust89 cust9 cust90 cust91 cust92 cust93 cust94 cust95 cust96 cust97 cust98 cust99 customer customers cv cvs cx cy cz d dallas data database database01 database02 database1 database2 databases datastore datos david db db0 db01 db02 db1 db2 dc de dealers dec def default defiant delaware dell delta delta1 demo demonstration demos denver depot des desarrollo descargas design designer detroit dev dev0 dev01 dev1 devel develop developer developers development device devserver devsql dhcp dial dialup digital dilbert dir direct directory disc discovery discuss discussion discussions disk disney distributer distributers dj dk dm dmail dmz dnews dns dns-2 dns0 dns1 dns2 dns3 do docs documentacion documentos domain domains dominio domino dominoweb doom download downloads downtown dragon drupal dsl dyn dynamic dynip dz e e-com e-commerce e0 eagle earth east ec echo ecom ecommerce edi edu education edward ee eg eh ejemplo elpaso email employees empresa empresas en enable eng eng01 eng1 engine engineer engineering enterprise epsilon er erp es esd esm espanol estadisticas esx et eta europe events domain exchange exec extern external extranet f f5 falcon farm faststats fax feedback feeds fi field file files fileserv fileserver filestore filter find finger firewall fix fixes fj fk fl flash florida flow fm fo foobar formacion foro foros fortworth forum forums foto fotos foundry fox foxtrot fr france frank fred freebsd freebsd0 freebsd01 freebsd02 freebsd1 freebsd2 freeware fresno front frontdesk fs fsp ftp ftp- ftp0 ftp2 ftp_ ftpserver fw fw-1 fw1 fwsm fwsm0 fwsm01 fwsm1 g ga galeria galerias galleries gallery games gamma gandalf gate gatekeeper gateway gauss gd ge gemini general george georgia germany gf gg gh gi gl glendale gm gmail gn go gold goldmine golf gopher gov govt govyty gp gq gr green group groups groupwise gs gsx gt gu guest gw gw1 gy h hal halflife hawaii hello help helpdesk helponline henry hermes hgfgdf hi hidden hk hm hn hobbes hollywood home homebase homer honeypot honolulu host host1 host3 host4 host5 hotel hotjobs houstin houston howto hp hpov hr ht http https hu hub humanresources i ia ias ibm ibmdb id ida idaho ids ie iis il illinois im image images imail imap imap4 img img0 img01 img02 in inbound inc include incoming india indiana indianapolis info informix inside install int intern internal international internet intl intranet invalid investor investors invia invio io iota iowa iplanet ipmonitor ipsec ipsec-gw iq ir irc ircd ircserver ireland iris irvine irving is isa isaserv isaserver ism israel isync it italy ix j japan java je jedi jenkins jm jo jobs john jp jrun juegos juliet juliette juniper k kansas kansascity kappa kb ke kentucky kerberos keynote kg kh ki kilo king km kn knowledgebase knoxville koe korea kp kr ks kw ky kz l la lab laboratory labs lambda lan laptop laserjet lasvegas launch lb lc ldap legal leo li lib library lima lincoln link linux linux0 linux01 linux02 linux1 linux2 lista lists listserv listserver live lk lkjkui load loadbalancer local localhost log log0 log01 log02 log1 log2 logfile logfiles logger logging loghost login logs london longbeach losangeles lotus louisiana lr ls lt lu luke lv ly lyris m ma mac mac1 mac10 mac11 mac2 mac3 mac4 mac5 mach macintosh madrid mail mail1 mail2 mailer mailgate mailhost mailing maillist maillists mailroom mailserv mailsite mailsrv main maine maint mall manage management manager manufacturing map mapas maps marketing marketplace mars marvin mary maryland massachusetts master max mc mci md mdaemon me media member members memphis mercury merlin messages messenger mg mgmt mh mi miami michigan mickey midwest mike milwaukee minneapolis minnesota mirror mis mississippi missouri mk ml mm mn mngt mo mobile mom monitor monitoring montana moon moscow movies mozart mp mp3 mpeg mpg mq mr mrtg ms ms-exchange ms-sql msexchange mssql mssql0 mssql01 mssql1 mt mta mtu mu multimedia music mv mw mx mx1 my mysql mysql0 mysql01 mysql1 mz n na name names nameserv nameserver nas nashville nat nc nd nds ne nebraska neptune net netapp netdata netgear netmeeting netscaler netscreen netstats network nevada new newhampshire newjersey newmexico neworleans news newsfeed newsfeeds newsgroups newton newyork newzealand nf ng nh ni nigeria nj nl nm nms nntp no node nokia nombres nora north northcarolina northdakota northeast northwest noticias novell november np nr ns ns- ns0 ns01 ns02 ns1 ns2 ns3 ns4 ns5 ns_ nt nt4 nt40 ntmail ntp ntserver nu null nv ny nz o oakland ocean odin office offices oh ohio ok oklahoma oklahomacity old om omaha omega omicron online ontario open openbsd openview operations ops ops0 ops01 ops02 ops1 ops2 opsware or oracle orange order orders oregon orion orlando oscar out outbound outgoing outlook outside ov owa owa01 owa02 owa1 owa2 ows oxnard p pa page pager pages paginas papa paris parners partner partners patch patches paul payroll pbx pc pc01 pc1 pc10 pc101 pc11 pc12 pc13 pc14 pc15 pc16 pc17 pc18 pc19 pc2 pc20 pc21 pc22 pc23 pc24 pc25 pc26 pc27 pc28 pc29 pc3 pc30 pc31 pc32 pc33 pc34 pc35 pc36 pc37 pc38 pc39 pc4 pc40 pc41 pc42 pc43 pc44 pc45 pc46 pc47 pc48 pc49 pc5 pc50 pc51 pc52 pc53 pc54 pc55 pc56 pc57 pc58 pc59 pc6 pc60 pc7 pc8 pc9 pcmail pda pdc pe pegasus pennsylvania peoplesoft personal pf pg pgp ph phi philadelphia phoenix phoeniz phone phones photos pi pics picture pictures pink pipex-gw pittsburgh pix pk pki pl plano platinum pluto pm pm1 pn po policy polls pop pop3 portal portals portfolio portland post posta posta01 posta02 posta03 postales postoffice ppp1 ppp10 ppp11 ppp12 ppp13 ppp14 ppp15 ppp16 ppp17 ppp18 ppp19 ppp2 ppp20 ppp21 ppp3 ppp4 ppp5 ppp6 ppp7 ppp8 ppp9 pptp pr prensa press priv privacy private problemtracker products profiles project projects promo proxy prueba pruebas ps psi pss pt pub public pubs purple pw py q qa qmail qotd quake quebec queen quotes r r01 r02 r1 r2 ra radio radius rapidsite raptor ras rc rcs rd re read realserver recruiting red redhat ref reference reg register registro registry regs relay rem remote remstats reports research reseller reserved resumenes rho rhodeisland ri ris rmi ro robert romeo root rose route router router1 rs rss rtelnet rtr rtr01 rtr1 ru rune rw rwhois s s1 s2 sa sac sacramento sadmin safe sales saltlake sam san sanantonio sandiego sanfrancisco sanjose saskatchewan saturn sb sbs sc scanner schedules scotland scotty sd se search seattle sec secret secure secured securid security sendmail seri serv serv2 server server1 servers service services servicio servidor setup sg sh shared sharepoint shareware shipping shop shoppers shopping si siebel sierra sigma signin signup silver sim sirius site sj sk skywalker sl slackware slmail sm smc sms smtp smtphost sn sniffer snmp snmpd snoopy snort so social software sol solaris solutions soporte source sourcecode sourcesafe south southcarolina southdakota southeast southwest spain spam spider spiderman splunk spock spokane springfield sqa sql sql0 sql01 sql1 sql7 sqlserver squid sr ss ssh ssl ssl0 ssl01 ssl1 st staff stage staging start stat static statistics stats stlouis stock storage store storefront streaming stronghold strongmail studio submit subversion sun sun0 sun01 sun02 sun1 sun2 superman supplier suppliers support sv sw sw0 sw01 sw1 sweden switch switzerland sy sybase sydney sysadmin sysback syslog syslogs system sz t tacoma taiwan talk tampa tango tau tc tcl td team tech technology techsupport telephone telephony telnet temp tennessee terminal terminalserver termserv test test2k testbed testing testlab testlinux testo testserver testsite testsql testxp texas tf tftp tg th thailand theta thor tienda tiger time titan tivoli tj tk tm tn to tokyo toledo tom tool tools toplayer toronto tour tp tr tracker train training transfers trinidad trinity ts ts1 tt tucson tulsa tumb tumblr tunnel tv tw tx tz u ua uddi ug uk um uniform union unitedkingdom unitedstates unix unixware update updates upload ups upsilon uranus urchin us usa usenet user users ut utah utilities uy uz v va vader vantive vault vc ve vega vegas vend vendors venus vermont vg vi victor video videos viking violet vip virginia vista vm vmserver vmware vn vnc voice voicemail voip voyager vpn vpn0 vpn01 vpn02 vpn1 vpn2 vt vu w w1 w2 w3 wa wais wallet wam wan wap warehouse washington wc3 web webaccess webadmin webalizer webboard webcache webcam webcast webdev webdocs webfarm webhelp weblib weblogic webmail webmaster webproxy webring webs webserv webserver webservices website websites websphere websrv websrvr webstats webstore websvr webtrends welcome west westvirginia wf whiskey white whois wi wichita wiki wililiam win win01 win02 win1 win2 win2000 win2003 win2k win2k3 windows windows01 windows02 windows1 windows2 windows2000 windows2003 windowsxp wingate winnt winproxy wins winserve winxp wire wireless wisconsin wlan wordpress work world write ws ws1 ws10 ws11 ws12 ws13 ws2 ws3 ws4 ws5 ws6 ws7 ws8 ws9 wusage wv ww ww1 ww42 www www- www-01 www-02 www-1 www-2 www-int www0 www01 www02 www1 www2 www3 www_ wwwchat wwwdev wwwmail wy wyoming x x-ray xi xlogan xmail xml xp y yankee ye yellow young yt yu z z-log za zebra zera zeus zlog zm zulu zw knock-4.1.0/setup.py000066400000000000000000000051771314203060700143410ustar00rootroot00000000000000#!/usr/bin/env python # -*- coding: utf-8 -*- # ---------------------------------------------------------------------- # This file is part of Knock subdomain scan (aka knockpy) # # Knock is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # Knock is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with Knock. If not, see . # ---------------------------------------------------------------------- from setuptools import setup from codecs import open # To use a consistent encoding from os import path here = path.abspath(path.dirname(__file__)) # Get the long description from the relevant file with open(path.join(here, 'CHANGELOG.rst'), encoding='utf-8') as f: long_description = f.read() setup( name='knockpy', version='4.1', description='Knock is a python tool designed to enumerate subdomains on a target domain through a wordlist.', long_description=long_description, url='https://github.com/guelfoweb/knock', author='Gianni \'guelfoweb\' Amato', author_email='guelfoweb@gmail.com', license='GNU', # See https://pypi.python.org/pypi?%3Aaction=list_classifiers classifiers=[ # How mature is this project? Common values are # 3 - Alpha # 4 - Beta # 5 - Production/Stable 'Development Status :: 3 - Production/Stable', # Indicate who your project is intended for 'Intended Audience :: Developers', 'Topic :: Software Development :: Build Tools', # Pick your license as you wish (should match "license" above) 'License :: OSI Approved :: GNU General Public License (GPL)', # Specify the Python versions you support here. In particular, ensure # that you indicate whether you support Python 2, Python 3 or both. 'Programming Language :: Python :: 2', 'Programming Language :: Python :: 2.6', 'Programming Language :: Python :: 2.7', ], keywords='knock sudbomain scan', packages=["knockpy", "knockpy.modules"], package_data={'knockpy': ['wordlist/wordlist.txt']}, install_requires = ['dnspython>=1.3.5'], entry_points={ 'console_scripts': [ 'knockpy=knockpy.knockpy:main', ], }, )