Knock – Subdomain Scanner

Knock is a python tool designed to enumerate subdomains on a target domain through a wordlist. It is designed to scan for DNS zone transfer and to try to bypass the wildcard DNS record automatically if it is enabled. The tool supports queries to VirusTotal subdomains, you can setting the API_KEY within the config.json file.

Knock – knock Subdomain Scan

Many large companies create subdomains linking DNS records with foreign domains for business purposes, by the time they forget about them and the registered domain expire. As a result, this open the target to several attack vectors open at once.

Subdomains may include highly valuable assets so during a penetration testing or redteam engagement scanning subdomains may allow to identify open security vulnerabilities.

The second possible attack is to register the expired domain and create a malicious website on it for phishing purpose or compromise affected users. the website will look as a legitimate subdomain that were used in the past by this organization.

You can read more and download this tool over here:

Notify of
Inline Feedbacks
View all comments