livex was heavily inspired by the pioneering work of ProjectDiscovery's httpx and tomnomnom's httprobe. These incredible tools laid the foundation for modern web reconnaissance at scale.
Why build livex? While httpx and httprobe are exceptionally fast and versatile, they are optimized for throughput. In high-stakes reconnaissance where accuracy is paramount, dropping a host because of a single failed HTTP GET request or a WAF block leads to false negatives.
livex takes a different approach: it behaves like a persistent investigator. Instead of giving up, it systematically retries across different protocol layers (TCP, TLS, HTTP/1.1, HTTP/2, HTTP/3), User-Agents, paths, and timeouts until it can definitively prove the host is dead.
| Feature | tomnomnom/httprobe |
projectdiscovery/httpx |
livex |
|---|---|---|---|
| Primary Goal | Raw Speed | Speed & Features | Accuracy & Speed |
| Language | Go | Go | Rust |
| Multi-layer Detection | ❌ | Partial | ✅ (TCP, TLS, H1, H2, H3) |
| User-Agent Rotation | ❌ | Partial | ✅ (Cycles 8 different agents) |
| TLS-only Liveness | ❌ | ❌ | ✅ (Handshake = Live) |
| TCP-only Liveness | ❌ | ❌ | ✅ (Open port = Live) |
| HTTP/3 (QUIC) Probing | ❌ | ❌ | ✅ (Native reqwest H3) |
| Tech Fingerprinting | ❌ | ✅ (Built-in) | ✅ (Auto-syncs with ProjectDiscovery database!) |
| CDN/WAF Detection | ❌ | ✅ (Built-in) | ✅ (Embedded signatures) |
| ASN Lookup | ❌ | ✅ | ✅ (Via iptoasn.com) |
| Favicon Hashing | ❌ | ✅ | ✅ (Shodan-compatible MMH3) |
- Rust toolchain (version 1.70 or higher)
Note
Linux Users: livex uses OpenSSL for maximum TLS cipher compatibility. You must install the OpenSSL development headers before compiling.
- Ubuntu/Debian:
sudo apt-get install pkg-config libssl-dev - Fedora/RHEL:
sudo dnf install pkgconf-pkg-config openssl-devel
# 1. Clone the repository
git clone https://github.com/yourusername/livex.git
cd livex/livex
# 2. Build the release binary
cargo build --release
# 3. Move the binary to your PATH
# On Linux / macOS:
sudo mv target/release/livex /usr/local/bin/
# On Windows:
# The executable is located at target\release\livex.exe# Probe a single domain
livex example.com
# Probe a list of domains from a file
livex -l domains.txt
# Read domains from stdin (pipeline mode)
cat domains.txt | livexEnable all intelligence modules (Tech Detection, TLS details, ASN, Favicon) with JSONL output for downstream processing:
# First, download the latest technology signatures!
livex --update-sigs
# Then run your massive scan
livex -l domains.txt --tech-detect --tls-grab --asn --favicon --jsonl -o results.jsonllivex -l domains.txt --csv -o results.csvUSAGE:
livex [OPTIONS] [TARGET]
OPTIONS:
-l, --list <FILE> File of domains (one per line)
-t, --threads <N> Concurrency [default: 50]
--timeout <SECS> Per-probe timeout [default: 5]
--connect-timeout <MS> TCP connect timeout [default: 3000]
-r, --retries <N> Retry attempts [default: 0]
--http2 <BOOL> Enable HTTP/2 [default: true]
--http3 <BOOL> Enable HTTP/3/QUIC [default: false]
--ports <PORTS> Extra ports (comma-separated)
--follow-redirects Follow 302/303/307 redirects automatically
--tech-detect Advanced technology detection
--update-sigs Download latest signatures from ProjectDiscovery
--tls-grab Extract TLS certificate details
--asn ASN lookup via iptoasn.com
--favicon Compute favicon MMH3 hash (Shodan-compatible)
--confidence <N> Minimum confidence to report [default: 20]
--json JSON array output
--jsonl JSONL output (one per line)
--csv CSV output
-o, --output <FILE> Write to file
--include-dead Include dead hosts in output
--progress Show progress bar
--silent Suppress non-result output
-v, --verbose Debug logging
--no-color Disable colors
For each host, livex runs a highly optimized pipeline before declaring it dead:
- Custom DNS Dialer: Bypasses slow OS routers and load-balances directly across Cloudflare, Google, and Quad9 with a 1.5s hard timeout.
- Optimized HTTP Probe: Tests the host natively using
reqwest's connection pool. If it succeeds, it avoids redundant sockets. - Smart 302 Following: Automatically follows temporary redirects to fingerprint the true destination, but halts on 301s to prevent false positives.
- Fallback Probes: If HTTP drops entirely,
livexsystematically tests raw TCP:80, TCP:443, and TLS Handshakes. - Dynamic Signatures: Using
--update-sigs, the engine directly pulls the latest thousands of tech signatures from ProjectDiscovery, caching them locally for lightspeed regex matching.
This project is licensed under the MIT License - see the LICENSE file for details.