_______ _
/ __/ (_)_ __ (_)___
/ _// / /\ \ // / __/
/___/_/_//_\_\/_/_/
Author: B0lg0r0v
https://arthurminasyan.com
Elixir is a fast multi-function DNS Enumeration, Subdomain Enumeration and Attack Surface Mapping tool. It will try to give you a maximum amount of informations out of a given domain name.
usage: elixir.py [-h] [-v] [-d DOMAIN] [-l LIST [LIST ...]] [-a]
[-r RECORD [RECORD ...]] [-asn-db] [-asn]
[-rasn RASN [RASN ...]] [-z] [-i IP_ADDRESS [IP_ADDRESS ...]]
[-sd] [-sdo] [-m] [-s] [-o] [-up]
options:
-h, --help show this help message and exit
-v, --version show program's version number and exit
-d DOMAIN, --domain DOMAIN
Target Domain to search for.
-l LIST [LIST ...], --list LIST [LIST ...]
File with a list of domains to search for.
-a, --all Find all DNS Records.
-r RECORD [RECORD ...], --record RECORD [RECORD ...]
Search for a specific DNS Record. You can also search
for multiple records.
-asn-db, --asn-build Downloades and creates a Database of ASNs in order to
use the ASN Lookup function offline.
-asn, --asn Shows you the origin ASN and the BGP prefix of your
target. Requires the ASN Database first.
-rasn RASN [RASN ...], --rasn RASN [RASN ...]
Reverse ASN Lookup. Shows you the BGP prefixes using
an ASN. Requires the ASN Database first.
-z, --zone-transfer Attempts a zone transfer attack.
-i IP_ADDRESS [IP_ADDRESS ...], --ip-address IP_ADDRESS [IP_ADDRESS ...]
Reverse DNS Lookup. You can also put multiple IP
addresses.
-sd, --subdomains Subdomain brute force using a provided Wordlist. Use
this only if you cannot use the "-sdo" argument.
-sdo, --subdomains-online
Subdomain enumeration which uses free online services.
Works very fast.
-m, --map Attack surface mapping.
-s, --scanning NMAP integration for port scanning & service
detection. Works from port 15 up to 450. It needs NMAP
to be installed on your system.
-o, --output Save results in current directory.
-up, --update Update Elixir. This will overwrite all your changes,
so be careful.
Example: python3 elixir.py -d root.security -r TXT A AAAA -z
Here's a quick overview of Elixir's features:
- Attack Surface Mapping
- DNS Zone Transfer
- ASN Mapping incl. BGP Prefix
- Subdomain Enumeration
- NMAP Integration for portscanning & service enumeration (from port 15 up to 450)
- Auto update functionality
Examples:
Subdomain Enumeration:
NMAP integration:
git clone https://github.com/B0lg0r0v/Elixir.git
cd Elixir/src
pip3 install -r requirements.txt
In order to use the scanning functionality, which contains a NMAP integration, you need to have NMAP installed on your system.
Be careful to build the ASN Database in order to use the ASN functionalities:
python3 elixir.py -asn-db
- Create an ASN database function in order to always have the latest ASNs.
- Create an output function.
- Optimize the subdomain enumeration function.
- Add an argument to give a list of domains instead of just one domain.
- Add custom resolver functionality.
- Enhance the NMAP integration with possibility of giving a custom NMAP command as an argument.
Credits for the Pyasn module and scripts goes to Hadi Asghar (https://hadiasghari.com) and Arman Noroozian (https://anoroozian.nl/).
This tool is primarly created for me as a project to enhance my coding skills and start creating some hacking tools. It is not considered to be the most efficient tool out there.
Also, you are responsible for any trouble you may cause by using this tool.