Knockpy Agent Setup for Subdomain Enum

Knockpy Command

Using {{rootDomain}} ReconNess replace {{rootDomain}} to the root domain, for example, if we define that as a root domain adding the Target

python /app/knock/knockpy/ {{rootDomain}}

Click here to know more about Knockpy

Knockpy Script

using ReconNess.Core.Models;
if (lineInputCount < 17)
return new ScriptOutput();
var match = System.Text.RegularExpressions.Regex.Match(lineInput, @"(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\s*(\d{1,3})?\s*([a-z]*)\s*(([a-zA-Z0-9][a-zA-Z0-9-_]*\.)*[a-zA-Z0-9]*[a-zA-Z0-9-_]*[[a-zA-Z0-9]+)");
if (match.Success && match.Groups.Count > 4)
return new ScriptOutput
Ip = match.Groups[1].Value,
Subdomain = match.Groups.Count == 5 ? match.Groups[3].Value : match.Groups[4].Value,
Note = lineInput
return new ScriptOutput();

Check the Readme on GitHub to know more about the Script.

Knockpy Dockerfile Entry

# -------- Agents dependencies --------
# To allow run knockpy the docker
RUN apt-get install -y git
RUN apt-get install -y python2.7 python-pip python-dnspython
RUN git clone
RUN cd knock && python install
# -------- End Agents dependencies --------

Knockpy Command for Docker

python /app/knock/knockpy/ {{rootDomain}}