Web Application Security

httpx – HTTP toolkit

0

httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads.

 

  • Simple and modular code base making it easy to contribute.
  • Fast And fully configurable flags to probe mutiple elements.
  • Supports multiple HTTP based probings.
  • Smart auto fallback from https to http as default.
  • Supports hosts, URLs and CIDR as input.
  • Handles edge cases doing retries, backoffs etc for handling WAFs.

Supported httpx probes:-

Probes Status
URL
Title
Status Code
Content Length
TLS Certificate
CSP Header
HTTP2
HTTP 1.1 Pipeline
Virtual host
Location Header
Web Server
Web Socket
Path
Ports
Request method
Ip
CNAME
CDN

Installation Instructions

From Binary

The installation is easy. You can download the pre-built binaries for your platform from the Releases page. Extract them using tar, move it to your $PATHand you’re ready to go.

Download latest binary from https://github.com/projectdiscovery/httpx/releases

▶ tar -xvf httpx-linux-amd64.tar
▶ mv httpx-linux-amd64 /usr/local/bin/httpx
▶ httpx -h

From Source

httpx requires go1.14+ to install successfully. Run the following command to get the repo –

▶ GO111MODULE=auto go get -u -v github.com/projectdiscovery/httpx/cmd/httpx

From Github

▶ git clone https://github.com/projectdiscovery/httpx.git; cd httpx/cmd/httpx; go build; mv httpx /usr/local/bin/; httpx -h

Usage

httpx -h

This will display help for the tool. Here are all the switches it supports.

Flag Description Example
-H Custom Header input httpx -H ‘x-bug-bounty: hacker’
-follow-redirects Follow URL redirects (default false) httpx -follow-redirects
-follow-host-redirects Follow URL redirects only on same host(default false) httpx -follow-host-redirects
-http-proxy URL of the proxy server httpx -http-proxy hxxp://proxy-host:80
-l File containing HOST/URLs/CIDR to process httpx -l hosts.txt
-no-color Disable colors in the output. httpx -no-color
-o File to save output result (optional) httpx -o output.txt
-json Prints all the probes in JSON format (default false) httpx -json
-vhost Probes to detect vhost from list of subdomains httpx -vhost
-threads Number of threads (default 50) httpx -threads 100
-http2 HTTP2 probing httpx -http2
-pipeline HTTP1.1 Pipeline probing httpx -pipeline
-ports Ports ranges to probe (nmap syntax: eg 1,2-10,11) httpx -ports 80,443,100-200
-title Prints title of page if available httpx -title
-path Request path/file httpx -path /api
-content-length Prints content length in the output httpx -content-length
-ml Match content length in the output httpx -content-length -ml 125
-fl Filter content length in the output httpx -content-length -fl 0,43
-status-code Prints status code in the output httpx -status-code
-mc Match status code in the output httpx -status-code -mc 200,302
-fc Filter status code in the output httpx -status-code -fc 404,500
-tls-probe Send HTTP probes on the extracted TLS domains httpx -tls-probe
-content-type Prints content-type httpx -content-type
-location Prints location header httpx -location
-csp-probe Send HTTP probes on the extracted CSP domains httpx -csp-probe
-web-server Prints running web sever if available httpx -web-server
-sr Store responses to file (default false) httpx -store-response
-srd Directory to store response (default output) httpx -store-response-dir output
-unsafe Send raw requests skipping golang normalization httpx -unsafe
-request File containing raw request to process httpx -request
-retries Number of retries httpx -retries
-silent Prints only results in the output httpx -silent
-timeout Timeout in seconds (default 5) httpx -timeout 10
-verbose Verbose Mode httpx -verbose
-version Prints current version of the httpx httpx -version
-x Request Method (default ‘GET’) httpx -x HEAD
-method Output requested method httpx -method
-response-in-json Include response in stdout (only works with -json) httpx -response-in-json
-websocket Prints if a websocket is exposed httpx -websocket
-ip Prints the host IP httpx -ip
-cname Prints the cname record if available httpx -cname
-cdn Check if domain’s ip belongs to known CDN httpx -cdn
-filter-string Filter results based on filtered string httpx -filter-string XXX
-match-string Filter results based on matched string httpx -match-string XXX
-filter-regex Filter results based on filtered regex httpx -filter-regex XXX
-match-regex Filter results based on matched regex httpx -match-regex XXX

Running httpx with stdin

This will run the tool against all the hosts and subdomains in hosts.txt and returns URLs running HTTP webserver.

▶ cat hosts.txt | httpx 

    __    __  __       _  __
   / /_  / /_/ /_____ | |/ /
  / __ \/ __/ __/ __ \|   / 
 / / / / /_/ /_/ /_/ /   |  
/_/ /_/\__/\__/ .___/_/|_|   v1.0  
             /_/            

		projectdiscovery.io

[WRN] Use with caution. You are responsible for your actions
[WRN] Developers assume no liability and are not responsible for any misuse or damage.

https://mta-sts.managed.hackerone.com
https://mta-sts.hackerone.com
https://mta-sts.forwarding.hackerone.com
https://docs.hackerone.com
https://www.hackerone.com
https://resources.hackerone.com
https://api.hackerone.com
https://support.hackerone.com

Running httpx with file input

This will run the tool against all the hosts and subdomains in hosts.txt and returns URLs running HTTP webserver.

▶ httpx -l hosts.txt -silent

https://docs.hackerone.com
https://mta-sts.hackerone.com
https://mta-sts.managed.hackerone.com
https://mta-sts.forwarding.hackerone.com
https://www.hackerone.com
https://resources.hackerone.com
https://api.hackerone.com
https://support.hackerone.com

Running httpx with CIDR input

▶ echo 173.0.84.0/24 | httpx -silent

https://173.0.84.29
https://173.0.84.43
https://173.0.84.31
https://173.0.84.44
https://173.0.84.12
https://173.0.84.4
https://173.0.84.36
https://173.0.84.45
https://173.0.84.14
https://173.0.84.25
https://173.0.84.46
https://173.0.84.24
https://173.0.84.32
https://173.0.84.9
https://173.0.84.13
https://173.0.84.6
https://173.0.84.16
https://173.0.84.34

Running httpX with subfinder

▶ subfinder -d hackerone.com -silent | httpx -title -content-length -status-code -silent

https://mta-sts.forwarding.hackerone.com [404] [9339] [Page not found · GitHub Pages]
https://mta-sts.hackerone.com [404] [9339] [Page not found · GitHub Pages]
https://mta-sts.managed.hackerone.com [404] [9339] [Page not found · GitHub Pages]
https://docs.hackerone.com [200] [65444] [HackerOne Platform Documentation]
https://www.hackerone.com [200] [54166] [Bug Bounty - Hacker Powered Security Testing | HackerOne]
https://support.hackerone.com [301] [489] []
https://api.hackerone.com [200] [7791] [HackerOne API]
https://hackerone.com [301] [92] []
https://resources.hackerone.com [301] [0] []

Github

PwnXSS – Vulnerability XSS Scanner Exploit

Previous article

Tweetshell – Twitter Bruteforcer

Next article

You may also like

Comments

Leave a reply

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir