httpx is a fast and multi-purpose HTTP toolkit by ProjectDiscovery. It probes for live hosts, extracts information, and integrates with other tools in recon pipelines.
Basic Usage
- echo "example.com" | httpx - Probe single host
- cat hosts.txt | httpx - Probe multiple hosts
- httpx -l hosts.txt - Read from file
Input Options
- -l, -list - Input file with hosts
- -u, -target - Single target URL
- -ports - Ports to probe (comma-separated)
- -path - Path to append to URLs
Probing Options
- -sc, -status-code - Show status code
- -cl, -content-length - Show content length
- -ct, -content-type - Show content type
- -title - Show page title
- -server - Show server header
- -td, -tech-detect - Detect technologies
- -ip - Show IP address
- -cname - Show CNAME record
- -cdn - Detect CDN
- -location - Show redirect location
- -favicon - Extract favicon hash
- -hash - Show response body hash
- -jarm - Show JARM fingerprint
- -rt, -response-time - Show response time
- -websocket - Detect WebSocket
- -pipeline - Show HTTP pipeline support
- -http2 - Show HTTP/2 support
Filtering Options
- -mc, -match-code - Match status codes
- -ml, -match-length - Match content length
- -ms, -match-string - Match response string
- -mr, -match-regex - Match regex
- -fc, -filter-code - Filter status codes
- -fl, -filter-length - Filter content length
- -fs, -filter-string - Filter response string
- -fr, -filter-regex - Filter regex
Output Options
- -o, -output - Output file
- -json - JSON output
- -csv - CSV output
- -silent - Silent mode (only results)
- -v, -verbose - Verbose output
- -nc, -no-color - Disable colors
- -sr, -store-response - Store response
- -srd, -store-response-dir - Response directory
HTTP Options
- -H, -header - Custom headers
- -x, -http-proxy - HTTP proxy
- -follow-redirects - Follow redirects
- -follow-host-redirects - Follow same-host redirects
- -max-redirects - Maximum redirects
- -timeout - Timeout in seconds
- -retries - Number of retries
- -threads - Concurrent threads
- -rate-limit - Requests per second
Common Examples
Basic Probe
cat subdomains.txt | httpxCheck which subdomains are live.
With Status and Title
cat hosts.txt | httpx -sc -titleShow status codes and page titles.
Tech Detection
cat hosts.txt | httpx -tdDetect technologies (wappalyzer-like).
Full Info
cat hosts.txt | httpx -sc -title -server -td -ipComprehensive host information.
Filter by Status
cat hosts.txt | httpx -mc 200Only show 200 OK responses.
Exclude Status
cat hosts.txt | httpx -fc 404,403Exclude 404 and 403 responses.
JSON Output
cat hosts.txt | httpx -json -o results.jsonSave detailed JSON output.
Multiple Ports
cat hosts.txt | httpx -ports 80,443,8080,8443Check multiple ports.
Silent for Piping
subfinder -d example.com -silent | httpx -silentClean output for pipelines.
With Custom Header
cat hosts.txt | httpx -H "Authorization: Bearer token"Add auth header to requests.
Follow Redirects
cat hosts.txt | httpx -follow-redirects -locationFollow and show redirect locations.
Store Responses
cat hosts.txt | httpx -sr -srd ./responsesSave all response bodies.
Common Pipelines
Full Subdomain Recon
subfinder -d example.com -silent | httpx -silent -sc -title -td | tee results.txtFind Interesting Pages
cat urls.txt | httpx -mc 200 -title | grep -i "admin\|login\|dashboard"Screenshot Pipeline
subfinder -d example.com -silent | httpx -silent | aquatoneTips
- Use -silent for clean pipeline output
- Combine -sc -title -td for quick triage
- Use -json for detailed data extraction
- Filter with -mc/-fc to focus results
- Store responses for later analysis
- Essential tool in recon pipelines
- Part of ProjectDiscovery toolkit (works with nuclei, subfinder)
- Always get authorization before scanning