How to Find Subdomains of a website & Hack
There are two popular Tools for finding Subdomains of the website. These are python based scripts you can work these tools on any platforms. These Tools Allows to bypass wildcards.
The First tool is Knock.py Subdomain Scanner
This is independent tool, There is no need to install in a particular directory.
root@kali:~/Desktop/knock# knockpy -h
usage: knockpy [-h] [-v] [-w WORDLIST] [-r] [-c] [-f] [-j] domain
___________________________________________
knock subdomain scan
knockpy v.4.1.1
Author: Gianni 'guelfoweb' Amato
Github: https://github.com/guelfoweb/knock
___________________________________________
positional arguments:
domain target to scan, like domain.com
optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit
-w WORDLIST specific path to wordlist file
-r, --resolve resolve single ip or domain name
-c, --csv save output in csv
-f, --csvfields add fields name to the first row of csv output file
-j, --json export full report in JSON
example:
knockpy domain.com
knockpy domain.com -w wordlist.txt
knockpy -r domain.com or IP
knockpy -c domain.com
knockpy -j domain.com
For virustotal subdomains support you can setting your API KEY in the
config.json file.
Example :
root@kali:~/Desktop/knock# knockpy google.com
See Result ff the google.com subdomains..
Another Tool Name is Sublister.py subdomain scanner
Example
# python sublist3r.py -d google.com
No comments
Post a Comment
Note: only a member of this blog may post a comment.