Knock Subdomain Scan

#!/usr/bin/env python

# -------------------------------------------------------
# Knock v1.5 - 23/08/2011
# By Gianni 'guelfoweb' Amato http://knock.googlecode.com
#
# This code is released under the GNU / GPL v3
# You are free to use, edit and redistribuite it 
# under the terms of the GNU / GPL license.
# -------------------------------------------------------

import sys
import os
import httplib
import socket
from time import strftime
import random
import time

wlist_array = ["0","01","02","03","1","10","11","12","13","14","15","16","17","18","19","2","20","3","3com","4","5","6","7","8","9","ILMI","a","a.auth-ns","a01","a02","a1","a2","abc","about","ac","academico","acceso","access","accounting","accounts","acid","activestat","ad","adam","adkit","admin","administracion","administrador","administrator","administrators","admins","ads","adserver","adsl","ae","af","affiliate","affiliates","afiliados","ag","agenda","agent","ai","aix","ajax","ak","akamai","al","alabama","alaska","albuquerque","alerts","alpha","alterwind","am","amarillo","americas","an","anaheim","analyzer","announce","announcements","antivirus","ao","ap","apache","apollo","app","app01","app1","apple","application","applications","apps","appserver","aq","ar","archie","arcsight","argentina","arizona","arkansas","arlington","as","as400","asia","asterix","at","athena","atlanta","atlas","att","au","auction","austin","auth","auto","av","aw","ayuda","az","b","b.auth-ns","b01","b02","b1","b2","b2b","b2c","ba","back","backend","backup","baker","bakersfield","balance","balancer","baltimore","banking","bayarea","bb","bbdd","bbs","bd","bdc","be","bea","beta","bf","bg","bh","bi","billing","biz","biztalk","bj","black","blackberry","blog","blogs","blue","bm","bn","bnc","bo","bob","bof","boise","bolsa","border","boston","boulder","boy","br","bravo","brazil","britian","broadcast","broker","bronze","brown","bs","bsd","bsd0","bsd01","bsd02","bsd1","bsd2","bt","bug","buggalo","bugs","bugzilla","build","bulletins","burn","burner","buscador","buy","bv","bw","by","bz","c","c.auth-ns","ca","cache","cafe","calendar","california","call","calvin","canada","canal","canon","careers","catalog","cc","cd","cdburner","cdn","cert","certificates","certify","certserv","certsrv","cf","cg","cgi","ch","channel","channels","charlie","charlotte","chat","chats","chatserver","check","checkpoint","chi","chicago","ci","cims","cincinnati","cisco","citrix","ck","cl","class","classes","classifieds","classroom","cleveland","clicktrack","client","clientes","clients","club","clubs","cluster","clusters","cm","cmail","cms","cn","co","cocoa","code","coldfusion","colombus","colorado","columbus","com","commerce","commerceserver","communigate","community","compaq","compras","con","concentrator","conf","conference","conferencing","confidential","connect","connecticut","consola","console","consult","consultant","consultants","consulting","consumer","contact","content","contracts","core","core0","core01","corp","corpmail","corporate","correo","correoweb","cortafuegos","counterstrike","courses","cr","cricket","crm","crs","cs","cso","css","ct","cu","cust1","cust10","cust100","cust101","cust102","cust103","cust104","cust105","cust106","cust107","cust108","cust109","cust11","cust110","cust111","cust112","cust113","cust114","cust115","cust116","cust117","cust118","cust119","cust12","cust120","cust121","cust122","cust123","cust124","cust125","cust126","cust13","cust14","cust15","cust16","cust17","cust18","cust19","cust2","cust20","cust21","cust22","cust23","cust24","cust25","cust26","cust27","cust28","cust29","cust3","cust30","cust31","cust32","cust33","cust34","cust35","cust36","cust37","cust38","cust39","cust4","cust40","cust41","cust42","cust43","cust44","cust45","cust46","cust47","cust48","cust49","cust5","cust50","cust51","cust52","cust53","cust54","cust55","cust56","cust57","cust58","cust59","cust6","cust60","cust61","cust62","cust63","cust64","cust65","cust66","cust67","cust68","cust69","cust7","cust70","cust71","cust72","cust73","cust74","cust75","cust76","cust77","cust78","cust79","cust8","cust80","cust81","cust82","cust83","cust84","cust85","cust86","cust87","cust88","cust89","cust9","cust90","cust91","cust92","cust93","cust94","cust95","cust96","cust97","cust98","cust99","customer","customers","cv","cvs","cx","cy","cz","d","dallas","data","database","database01","database02","database1","database2","databases","datastore","datos","david","db","db0","db01","db02","db1","db2","dc","de","dealers","dec","def","default","defiant","delaware","dell","delta","delta1","demo","demonstration","demos","denver","depot","des","desarrollo","descargas","design","designer","detroit","dev","dev0","dev01","dev1","devel","develop","developer","developers","development","device","devserver","devsql","dhcp","dial","dialup","digital","dilbert","dir","direct","directory","disc","discovery","discuss","discussion","discussions","disk","disney","distributer","distributers","dj","dk","dm","dmail","dmz","dnews","dns","dns-2","dns0","dns1","dns2","dns3","do","docs","documentacion","documentos","domain","domains","dominio","domino","dominoweb","doom","download","downloads","downtown","dragon","drupal","dsl","dyn","dynamic","dynip","dz","e","e-com","e-commerce","e0","eagle","earth","east","ec","echo","ecom","ecommerce","edi","edu","education","edward","ee","eg","eh","ejemplo","elpaso","email","employees","empresa","empresas","en","enable","eng","eng01","eng1","engine","engineer","engineering","enterprise","epsilon","er","erp","es","esd","esm","espanol","estadisticas","esx","et","eta","europe","events","domain","exchange","exec","extern","external","extranet","f","f5","falcon","farm","faststats","fax","feedback","feeds","fi","field","file","files","fileserv","fileserver","filestore","filter","find","finger","firewall","fix","fixes","fj","fk","fl","flash","florida","flow","fm","fo","foobar","formacion","foro","foros","fortworth","forum","forums","foto","fotos","foundry","fox","foxtrot","fr","france","frank","fred","freebsd","freebsd0","freebsd01","freebsd02","freebsd1","freebsd2","freeware","fresno","front","frontdesk","fs","fsp","ftp","ftp-","ftp0","ftp2","ftp_","ftpserver","fw","fw-1","fw1","fwsm","fwsm0","fwsm01","fwsm1","g","ga","galeria","galerias","galleries","gallery","games","gamma","gandalf","gate","gatekeeper","gateway","gauss","gd","ge","gemini","general","george","georgia","germany","gf","gg","gh","gi","gl","glendale","gm","gmail","gn","go","gold","goldmine","golf","gopher","gp","gq","gr","green","group","groups","groupwise","gs","gsx","gt","gu","guest","gw","gw1","gy","h","hal","halflife","hawaii","hello","help","helpdesk","helponline","henry","hermes","hi","hidden","hk","hm","hn","hobbes","hollywood","home","homebase","homer","honeypot","honolulu","host","host1","host3","host4","host5","hotel","hotjobs","houstin","houston","howto","hp","hpov","hr","ht","http","https","hu","hub","humanresources","i","ia","ias","ibm","ibmdb","id","ida","idaho","ids","ie","iis","il","illinois","im","images","imail","imap","imap4","img","img0","img01","img02","in","inbound","inc","include","incoming","india","indiana","indianapolis","info","informix","inside","install","int","intern","internal","international","internet","intl","intranet","invalid","investor","investors","invia","invio","io","iota","iowa","iplanet","ipmonitor","ipsec","ipsec-gw","iq","ir","irc","ircd","ircserver","ireland","iris","irvine","irving","is","isa","isaserv","isaserver","ism","israel","isync","it","italy","ix","j","japan","java","je","jedi","jm","jo","jobs","john","jp","jrun","juegos","juliet","juliette","juniper","k","kansas","kansascity","kappa","kb","ke","kentucky","kerberos","keynote","kg","kh","ki","kilo","king","km","kn","knowledgebase","knoxville","koe","korea","kp","kr","ks","kw","ky","kz","l","la","lab","laboratory","labs","lambda","lan","laptop","laserjet","lasvegas","launch","lb","lc","ldap","legal","leo","li","lib","library","lima","lincoln","link","linux","linux0","linux01","linux02","linux1","linux2","lista","lists","listserv","listserver","live","lk","load","loadbalancer","local","localhost","log","log0","log01","log02","log1","log2","logfile","logfiles","logger","logging","loghost","login","logs","london","longbeach","losangeles","lotus","louisiana","lr","ls","lt","lu","luke","lv","ly","lyris","m","ma","mac","mac1","mac10","mac11","mac2","mac3","mac4","mac5","mach","macintosh","madrid","mail","mail2","mailer","mailgate","mailhost","mailing","maillist","maillists","mailroom","mailserv","mailsite","mailsrv","main","maine","maint","mall","manage","management","manager","manufacturing","map","mapas","maps","marketing","marketplace","mars","marvin","mary","maryland","massachusetts","master","max","mc","mci","md","mdaemon","me","media","member","members","memphis","mercury","merlin","messages","messenger","mg","mgmt","mh","mi","miami","michigan","mickey","midwest","mike","milwaukee","minneapolis","minnesota","mirror","mis","mississippi","missouri","mk","ml","mm","mn","mngt","mo","mobile","mom","monitor","monitoring","montana","moon","moscow","movies","mozart","mp","mp3","mpeg","mpg","mq","mr","mrtg","ms","ms-exchange","ms-sql","msexchange","mssql","mssql0","mssql01","mssql1","mt","mta","mtu","mu","multimedia","music","mv","mw","mx","my","mysql","mysql0","mysql01","mysql1","mz","n","na","name","names","nameserv","nameserver","nas","nashville","nat","nc","nd","nds","ne","nebraska","neptune","net","netapp","netdata","netgear","netmeeting","netscaler","netscreen","netstats","network","nevada","new","newhampshire","newjersey","newmexico","neworleans","news","newsfeed","newsfeeds","newsgroups","newton","newyork","newzealand","nf","ng","nh","ni","nigeria","nj","nl","nm","nms","nntp","no","node","nokia","nombres","nora","north","northcarolina","northdakota","northeast","northwest","noticias","novell","november","np","nr","ns","ns-","ns0","ns01","ns02","ns1","ns2","ns3","ns4","ns5","ns_","nt","nt4","nt40","ntmail","ntp","ntserver","nu","null","nv","ny","nz","o","oakland","ocean","odin","office","offices","oh","ohio","ok","oklahoma","oklahomacity","old","om","omaha","omega","omicron","online","ontario","open","openbsd","openview","operations","ops","ops0","ops01","ops02","ops1","ops2","opsware","or","oracle","orange","order","orders","oregon","orion","orlando","oscar","out","outbound","outgoing","outlook","outside","ov","owa","owa01","owa02","owa1","owa2","ows","oxnard","p","pa","page","pager","pages","paginas","papa","paris","parners","partner","partners","patch","patches","paul","payroll","pbx","pc","pc01","pc1","pc10","pc101","pc11","pc12","pc13","pc14","pc15","pc16","pc17","pc18","pc19","pc2","pc20","pc21","pc22","pc23","pc24","pc25","pc26","pc27","pc28","pc29","pc3","pc30","pc31","pc32","pc33","pc34","pc35","pc36","pc37","pc38","pc39","pc4","pc40","pc41","pc42","pc43","pc44","pc45","pc46","pc47","pc48","pc49","pc5","pc50","pc51","pc52","pc53","pc54","pc55","pc56","pc57","pc58","pc59","pc6","pc60","pc7","pc8","pc9","pcmail","pda","pdc","pe","pegasus","pennsylvania","peoplesoft","personal","pf","pg","pgp","ph","phi","philadelphia","phoenix","phoeniz","phone","phones","photos","pi","pics","pictures","pink","pipex-gw","pittsburgh","pix","pk","pki","pl","plano","platinum","pluto","pm","pm1","pn","po","policy","polls","pop","pop3","portal","portals","portfolio","portland","post","posta","posta01","posta02","posta03","postales","postoffice","ppp1","ppp10","ppp11","ppp12","ppp13","ppp14","ppp15","ppp16","ppp17","ppp18","ppp19","ppp2","ppp20","ppp21","ppp3","ppp4","ppp5","ppp6","ppp7","ppp8","ppp9","pptp","pr","prensa","press","print >> sys.stdout,er","print >> sys.stdout,serv","print >> sys.stdout,server","priv","privacy","private","problemtracker","products","profiles","project","projects","promo","proxy","prueba","pruebas","ps","psi","pss","pt","pub","public","pubs","purple","pw","py","q","qa","qmail","qotd","quake","quebec","queen","quotes","r","r01","r02","r1","r2","ra","radio","radius","rapidsite","raptor","ras","rc","rcs","rd","re","read","realserver","recruiting","red","redhat","ref","reference","reg","register","registro","registry","regs","relay","rem","remote","remstats","reports","research","reseller","reserved","resumenes","rho","rhodeisland","ri","ris","rmi","ro","robert","romeo","root","rose","route","router","router1","rs","rss","rtelnet","rtr","rtr01","rtr1","ru","rune","rw","rwhois","s","s1","s2","sa","sac","sacramento","sadmin","safe","sales","saltlake","sam","san","sanantonio","sandiego","sanfrancisco","sanjose","saskatchewan","saturn","sb","sbs","sc","scanner","schedules","scotland","scotty","sd","se","search","seattle","sec","secret","secure","secured","securid","security","sendmail","seri","serv","serv2","server","server1","servers","service","services","servicio","servidor","setup","sg","sh","shared","sharepoint","shareware","shipping","shop","shoppers","shopping","si","siebel","sierra","sigma","signin","signup","silver","sim","sirius","site","sj","sk","skywalker","sl","slackware","slmail","sm","smc","sms","smtp","smtphost","sn","sniffer","snmp","snmpd","snoopy","snort","so","socal","software","sol","solaris","solutions","soporte","source","sourcecode","sourcesafe","south","southcarolina","southdakota","southeast","southwest","spain","spam","spider","spiderman","splunk","spock","spokane","springfield","sprint >> sys.stdout,","sqa","sql","sql0","sql01","sql1","sql7","sqlserver","squid","sr","ss","ssh","ssl","ssl0","ssl01","ssl1","st","staff","stage","staging","start","stat","static","statistics","stats","stlouis","stock","storage","store","storefront","streaming","stronghold","strongmail","studio","submit","subversion","sun","sun0","sun01","sun02","sun1","sun2","superman","supplier","suppliers","support","sv","sw","sw0","sw01","sw1","sweden","switch","switzerland","sy","sybase","sydney","sysadmin","sysback","syslog","syslogs","system","sz","t","tacoma","taiwan","talk","tampa","tango","tau","tc","tcl","td","team","tech","technology","techsupport","telephone","telephony","telnet","temp","tennessee","terminal","terminalserver","termserv","test","test2k","testbed","testing","testlab","testlinux","testo","testserver","testsite","testsql","testxp","texas","tf","tftp","tg","th","thailand","theta","thor","tienda","tiger","time","titan","tivoli","tj","tk","tm","tn","to","tokyo","toledo","tom","tool","tools","toplayer","toronto","tour","tp","tr","tracker","train","training","transfers","trinidad","trinity","ts","ts1","tt","tucson","tulsa","tumb","tumblr","tunnel","tv","tw","tx","tz","u","ua","uddi","ug","uk","um","uniform","union","unitedkingdom","unitedstates","unix","unixware","update","updates","upload","ups","upsilon","uranus","urchin","us","usa","usenet","user","users","ut","utah","utilities","uy","uz","v","va","vader","vantive","vault","vc","ve","vega","vegas","vend","vendors","venus","vermont","vg","vi","victor","video","videos","viking","violet","vip","virginia","vista","vm","vmserver","vmware","vn","vnc","voice","voicemail","voip","voyager","vpn","vpn0","vpn01","vpn02","vpn1","vpn2","vt","vu","w","w1","w2","w3","wa","wais","wallet","wam","wan","wap","warehouse","washington","wc3","web","webaccess","webadmin","webalizer","webboard","webcache","webcam","webcast","webdev","webdocs","webfarm","webhelp","weblib","weblogic","webmail","webmaster","webproxy","webring","webs","webserv","webserver","webservices","website","websites","websphere","websrv","websrvr","webstats","webstore","websvr","webtrends","welcome","west","westvirginia","wf","whiskey","white","whois","wi","wichita","wiki","wililiam","win","win01","win02","win1","win2","win2000","win2003","win2k","win2k3","windows","windows01","windows02","windows1","windows2","windows2000","windows2003","windowsxp","wingate","winnt","winproxy","wins","winserve","winxp","wire","wireless","wisconsin","wlan","wordpress","work","world","write","ws","ws1","ws10","ws11","ws12","ws13","ws2","ws3","ws4","ws5","ws6","ws7","ws8","ws9","wusage","wv","ww","www","www-","www-01","www-02","www-1","www-2","www-int","www0","www01","www02","www1","www2","www3","www_","wwwchat","wwwdev","wwwmail","wy","wyoming","x","x-ray","xi","xlogan","xmail","xml","xp","y","yankee","ye","yellow","young","yt","yu","z","z-log","za","zebra","zera","zeus","zlog","zm","zulu","zw"]

def zonetransfer(URL): # Zone Transfer
	try:
		import dns.query, dns.zone, dns.resolver
		print >> sys.stdout, "[+] Getting NS records for", URL+"\n"
		answers = dns.resolver.query(URL, 'NS')
		ns = []
		for rdata in answers:
				n = str(rdata)
				print >> sys.stdout, "\tFound name server:", n
				ns.append(n)
		print >> sys.stdout
		for n in ns:
				print >> sys.stdout, "[+] Trying a zone transfer for %s from name server %s" % (URL, n)
				try:
					  zone = dns.zone.from_xfr(dns.query.xfr(ns[0], URL))
					  for name, node in zone.nodes.items():
					      rdataset = node.rdatasets
					      for record in rdataset:
					          print >> sys.stdout, "\n%s\t%s" % (name, record)
					  #break
					  print >> sys.stdout
				except:
					  pass

	except(ImportError):
		print >> sys.stdout, "\nSorry, dnspython module missing."
		print >> sys.stdout, "\tDownload dnspython module from [ http://www.dnspython.org/ ]\n"
		sys.exit(0)

def rnd(): # Random String
		alphabet = 'abcdefghijklmnopqrstuvwxyz'
		min = 5
		max = 15
		total = 2
		global rndString
		for count in xrange(1,total):
		  for x in random.sample(alphabet,random.randint(min,max)):
		      rndString+=x

errcode=''
def get_url(host): # Test Wildcard
 try:
		h = httplib.HTTP(host)
		h.putrequest('GET', '/')
		h.putheader('Accept', 'text/xml')
		h.putheader('User-Agent', 'knock.py')
		h.endheaders()
		global errcode
		errcode, errmsg, headers = h.getreply()
		f = h.getfile()
		global data
		data = f.read() # Get HTML Data
		#print >> sys.stdout, data
		f.close()
		h.close()
		print >> sys.stdout, line+"."+URL
 except:
 	 	pass

def bypasswildcard(URL,EXCLUDE): # bypass wildcard, use internal wordlist
		hostlist = ''
		count = 0
		print >> sys.stdout, "[+] Bypass wildcard"
		startTime = time.time()
		for line in wlist_array:
			get_url(line+'.'+URL)
			if not EXCLUDE in data:
				count = count + 1
				subdomain = line+"."+URL
				print >> sys.stdout, "".join([s.center(25) for s in (subdomain,'')])

		seconds = time.time() - t
		print >> sys.stdout, "\nFound %s subdomain(s) in %s second(s)" % (str(count),str(round(seconds,2)))

def bypasswildcardwl(URL,EXCLUDE,WORDLIST): # bypass wildcard, use external wordlist
		hostlist = ''
		count = 0
		print >> sys.stdout, "[+] Bypass wildcard"
		startTime = time.time()
		try:
			wordlist = open(WORDLIST,'r')
			wlist = wordlist.read().split('\n')
			#timestimed = len(wlist) * endTime
		except:
			print >> sys.stdout, "[!] Error wordlist\n\n\tNo wordlist. File not found."
			sys.exit(0)		
		for line in wlist:
			if line != '':
				get_url(line+'.'+URL)
				if not EXCLUDE in data:
					count = count + 1
					subdomain = line+"."+URL
					print >> sys.stdout, "".join([s.center(25) for s in (subdomain,'')])


		seconds = time.time() - t
		print >> sys.stdout, "\nFound %s subdomain(s) in %s second(s)" % (str(count),str(round(seconds,2)))


def subdomainAuto(URL): # wordlist by array
		domain = ''
		hostlist = ''
		count = 0
		totcount = 0
		print >> sys.stdout, "\n[+] Scanning for subdomain on " + str(URL)		
		print >> sys.stdout, "[!] Wordlist not specified. I scannig with my internal wordlist..."
		timestimed = len(wlist_array) * endTime
		print >> sys.stdout, "    Estimated time about "+str(round(timestimed,2))+" seconds\n"
		print >> sys.stdout, "".join([s.center(25) for s in ("Subdomain","Ip address","Name server\n")])
		for line in wlist_array:
			try:
				s = socket.gethostbyname(line+"."+URL)		
				if (s):
						soc = socket.gethostbyname_ex(line+"."+URL)
						if (soc):
								dnsarray = len(soc[2])
								for dns in range(0, dnsarray):
										name = socket.gethostbyaddr(soc[2][dns])
										
						if hostlist.find(s) < 0:
								count = count + 1
						totcount = totcount + 1
						subdomain = line+"."+URL
						print >> sys.stdout, "".join([s.center(25) for s in (subdomain,soc[2][dns],name[0])])
						
				soc.close()		
				s.close()
			except:
				pass		
		seconds = time.time() - t
		print >> sys.stdout, "\nFound %s subdomain(s) in %s host(s) in %s second(s)" % (str(totcount),str(count),str(round(seconds,2)))



def subdomain(URL, WORDLIST): # wordlist by file
		hostlist = ''
		count = 0
		totcount = 0
		try:
			wordlist = open(WORDLIST,'r')
			wlist = wordlist.read().split('\n')
			timestimed = len(wlist) * endTime
		except:
			print >> sys.stdout, "[!] Error wordlist\n\n\tNo wordlist. File not found."
			sys.exit(0)
		print >> sys.stdout, "[+] Scanning for subdomain on " + str(URL)
		print >> sys.stdout, "\tEstimated time about "+str(round(timestimed,2))+" seconds\n"
		print >> sys.stdout, "".join([s.center(25) for s in ("Subdomain","Ip address","Name server\n")])
		for line in wlist:
			try:
				s = socket.gethostbyname(line+"."+URL)	
				if (s):
						soc = socket.gethostbyname_ex(line+"."+URL)
						if (soc):
								dnsarray = len(soc[2])
								for dns in range(0, dnsarray):
										name = socket.gethostbyaddr(soc[2][dns])
									
						if hostlist.find(s) < 0:
								count = count + 1
						totcount = totcount + 1
						subdomain = line+"."+URL
						print >> sys.stdout, "".join([s.center(25) for s in (subdomain,soc[2][dns],name[0])])
					
				soc.close()													
				s.close()
			except:
				pass
		wordlist.close()
		seconds = time.time() - t
		print >> sys.stdout, "\nFound %s subdomain(s) in %s host(s) in %s second(s)" % (str(totcount),str(count),str(round(seconds,2)))


def help():
		print >> sys.stdout, "USAGE:"
		print >> sys.stdout, "\tScanning with internal wordlist:"
		print >> sys.stdout, "\t\tknock [url]\n\t\te.g.\tknock domain.com"
		print >> sys.stdout, "\tScanning with external wordlist:"
		print >> sys.stdout, "\t\tknock [url] [wordlist]\n\t\te.g.\tknock domain.com wordlist.txt"
		print >> sys.stdout, "OPTIONS:\n"
		print >> sys.stdout, "\t-zt\tZone Transfer discovery:"
		print >> sys.stdout, "\t\tknock -zt [url]\n\t\te.g.\tknock -zt domain.com"
		print >> sys.stdout, "\t-wc\tWildcard testing:"
		print >> sys.stdout, "\t\tknock -wc [url]\n\t\te.g.\tknock -wc domain.com"
		print >> sys.stdout, "\t-dns\tDns resolving:"
		print >> sys.stdout, "\t\tknock -dns [url]\n\t\te.g.\tknock -dns domain.com"
		print >> sys.stdout, "\t-bw\tBypass wildcard:"
		print >> sys.stdout, "\t\tknock -bw [stringexclude] [url]\n\t\te.g.\tknock -bw 404 domain.com"
		sys.exit()

def testdomain():
		try:
			stest = socket.gethostbyname("www."+URL)
			if (stest):
					print >> sys.stdout, "[+] Testing domain"
					domaintest = "\twww."+URL
					stest = stest
					print >> sys.stdout, "".join([s.center(25) for s in (domaintest, stest)])
		except:
			help()
			#print >> sys.stdout, "Error:\n\tHost not valid."
			#sys.exit(0)
		
def testwildcard():
		print >> sys.stdout, "[+] Testing wildcard"
		a = 0
		global rndString
		global errcode
		global endTime
		startTime = time.time()
		rndString=''
		rnd()
		#print >> sys.stdout, rndString
		get_url(rndString+'.'+URL) # test wildcard
		#print >> sys.stdout, errcode
		endTime = (time.time() - startTime) / 4
		if errcode <> '':
				print >> sys.stdout, data
				#print >> sys.stdout, "\tRequest response:", errcode
				print >> sys.stdout, '\tWildcard enabled! Try with -bw option'
				print >> sys.stdout, '\tExample: knock -bw 404 '+URL
				sys.exit(0)
		else:
				print >> sys.stdout, "\tOk, no wildcard found."

def dnsresolve(foo):
		print >> sys.stdout, "[+] Dns resolving"
		try:
				s_dns = socket.gethostbyname_ex(foo)
				if (s_dns):
						print >> sys.stdout, "".join([s.center(25) for s in ("Domain name","Ip address","Name server")])
						dnsarray = len(s_dns[2])
						for dns in range(0, dnsarray):
								name = socket.gethostbyaddr(s_dns[2][dns])
								print >> sys.stdout, "".join([s.center(25) for s in (foo, s_dns[2][dns], name[0] )])
						print >> sys.stdout, "Found "+str(dnsarray)+" host(s) for "+foo
		except:
				print >> sys.stdout, "\tNo address associated with hostname " + foo
				pass


################### MAIN ######################


print >> sys.stdout, "Knock v1.5 by Gianni 'guelfoweb' Amato ( http://knock.googlecode.com )\n"

if len(sys.argv) < 2 or len(sys.argv) > 5:
		help()

if len(sys.argv) == 2:
		URL = sys.argv[1]
		t = time.time()
		testdomain()
		dnsresolve(URL)
		testwildcard()
		subdomainAuto(URL)	
		sys.exit(0)
		

if len(sys.argv) == 3:
		URL = sys.argv[2]
		if sys.argv[1] == '-td': # Testing domain (out of help)
				testdomain()
				#dnsresolve(URL)
				sys.exit(0)
		if sys.argv[1] == '-zt': # Zone Transfer
				testdomain()
				dnsresolve(URL)
				zonetransfer(URL)
				sys.exit(0)
		if sys.argv[1] == '-wc': # Wildcard
				testdomain()
				testwildcard()
				sys.exit(0)
		if sys.argv[1] == '-dns': # Dns resolve
				testdomain()
				dnsresolve(URL)
				sys.exit(0)

if len(sys.argv) == 4 and sys.argv[1] == '-bw':
		EXCLUDE = sys.argv[2]
		URL = sys.argv[3]
		t = time.time()
		testdomain()
		dnsresolve(URL)	
		bypasswildcard(URL,EXCLUDE)
		sys.exit(0)

if len(sys.argv) == 5 and sys.argv[1] == '-bw':
		EXCLUDE = sys.argv[2]
		URL = sys.argv[3]
		WORDLIST = sys.argv[4]
		t = time.time()
		testdomain()
		dnsresolve(URL)
		bypasswildcardwl(URL,EXCLUDE,WORDLIST)
		sys.exit(0)
else:
		URL = sys.argv[1]
		t = time.time()
		testdomain()
		dnsresolve(URL)
		testwildcard()
		WORDLIST = sys.argv[2]
		subdomain(URL, WORDLIST)
		sys.exit(0)