292 lines
9.0 KiB
HTML
292 lines
9.0 KiB
HTML
<!DOCTYPE html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="UTF-8">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self'; style-src 'self'; font-src 'self' data:; img-src 'self' data:; connect-src 'self'; base-uri 'self'; form-action 'self' https://defcon.social https://bsky.app;">
|
|
<meta http-equiv="X-Content-Type-Options" content="nosniff">
|
|
<link rel="stylesheet" href="../assets/css/style.css">
|
|
<link rel="icon" type="image/x-icon" href="../favicon.ico">
|
|
<script>
|
|
// Apply theme immediately to prevent flash
|
|
(function() {
|
|
const theme = localStorage.getItem('theme') ||
|
|
(window.matchMedia && window.matchMedia('(prefers-color-scheme: dark)').matches ? 'dark' : 'light');
|
|
document.documentElement.setAttribute('data-theme', theme);
|
|
})();
|
|
</script>
|
|
<title>httpx Cheatsheet - Cheatsheets - Launch Pad</title>
|
|
</head>
|
|
<body>
|
|
<button class="theme-toggle" id="themeToggle" aria-label="Toggle dark mode">
|
|
<svg class="theme-icon theme-icon-moon" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1 1 11.21 3 7 7 0 0 0 21 12.79z"></path></svg>
|
|
<svg class="theme-icon theme-icon-sun" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" style="display: none;"><circle cx="12" cy="12" r="5"></circle><line x1="12" y1="1" x2="12" y2="3"></line><line x1="12" y1="21" x2="12" y2="23"></line><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"></line><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"></line><line x1="1" y1="12" x2="3" y2="12"></line><line x1="21" y1="12" x2="23" y2="12"></line><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"></line><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"></line></svg>
|
|
</button>
|
|
<br/><br/>
|
|
<div class="name">
|
|
__ _______________________ _________._________________________
|
|
\_ _____/ \______ \ / _ \ / _____/ / _____/ | | \_ _____/
|
|
| __) | _/ / /_\ \ / \ ___ / \ ___ | | | __)_
|
|
| \ | | \ / | \ \ \_\ \ \ \_\ \ | |___ | \
|
|
\___ / |____|_ / \____|__ / \______ / \______ / |_______ \ /_______ /
|
|
\/ \/ \/ \/ \/ \/ \/
|
|
</div>
|
|
<div class="blog-page-header">
|
|
<div class="blog-header-content">
|
|
<a href="/cheatsheets" class="back-link" title="Back to Cheatsheets">
|
|
<svg xmlns="http://www.w3.org/2000/svg" width="42" height="42" viewBox="0 0 24 24" class="home-icon"><path fill="currentColor" d="M10 20v-6h4v6h5v-8h3L12 3 2 12h3v8z"/></svg>
|
|
</a>
|
|
<h1 class="blog-page-title">httpx Cheatsheet</h1>
|
|
</div>
|
|
</div>
|
|
<div class="blog-post-container">
|
|
<div class="blog-posts-container" style="max-width: 900px; margin: 0 auto;">
|
|
<div class="blog-post">
|
|
<div class="blog-post-content">
|
|
<p><a href="index.html">← Back to cheatsheets</a></p>
|
|
<p><a href="../index.html">← Home</a></p>
|
|
<hr>
|
|
<p>httpx is a fast and multi-purpose HTTP toolkit by ProjectDiscovery. It probes for live hosts, extracts information, and integrates with other tools in recon pipelines.</p>
|
|
<hr>
|
|
<h2>Basic Usage</h2>
|
|
<ul>
|
|
<li>echo "example.com" | httpx - Probe single host</li>
|
|
</ul>
|
|
<ul>
|
|
<li>cat hosts.txt | httpx - Probe multiple hosts</li>
|
|
</ul>
|
|
<ul>
|
|
<li>httpx -l hosts.txt - Read from file</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>Input Options</h2>
|
|
<ul>
|
|
<li>-l, -list - Input file with hosts</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-u, -target - Single target URL</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-ports - Ports to probe (comma-separated)</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-path - Path to append to URLs</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>Probing Options</h2>
|
|
<ul>
|
|
<li>-sc, -status-code - Show status code</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-cl, -content-length - Show content length</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-ct, -content-type - Show content type</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-title - Show page title</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-server - Show server header</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-td, -tech-detect - Detect technologies</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-ip - Show IP address</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-cname - Show CNAME record</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-cdn - Detect CDN</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-location - Show redirect location</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-favicon - Extract favicon hash</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-hash - Show response body hash</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-jarm - Show JARM fingerprint</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-rt, -response-time - Show response time</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-websocket - Detect WebSocket</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-pipeline - Show HTTP pipeline support</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-http2 - Show HTTP/2 support</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>Filtering Options</h2>
|
|
<ul>
|
|
<li>-mc, -match-code - Match status codes</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-ml, -match-length - Match content length</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-ms, -match-string - Match response string</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-mr, -match-regex - Match regex</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-fc, -filter-code - Filter status codes</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-fl, -filter-length - Filter content length</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-fs, -filter-string - Filter response string</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-fr, -filter-regex - Filter regex</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>Output Options</h2>
|
|
<ul>
|
|
<li>-o, -output - Output file</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-json - JSON output</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-csv - CSV output</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-silent - Silent mode (only results)</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-v, -verbose - Verbose output</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-nc, -no-color - Disable colors</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-sr, -store-response - Store response</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-srd, -store-response-dir - Response directory</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>HTTP Options</h2>
|
|
<ul>
|
|
<li>-H, -header - Custom headers</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-x, -http-proxy - HTTP proxy</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-follow-redirects - Follow redirects</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-follow-host-redirects - Follow same-host redirects</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-max-redirects - Maximum redirects</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-timeout - Timeout in seconds</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-retries - Number of retries</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-threads - Concurrent threads</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-rate-limit - Requests per second</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>Common Examples</h2>
|
|
<h3>Basic Probe</h3>
|
|
<pre><code>cat subdomains.txt | httpx</code></pre>
|
|
<p>Check which subdomains are live.</p>
|
|
<h3>With Status and Title</h3>
|
|
<pre><code>cat hosts.txt | httpx -sc -title</code></pre>
|
|
<p>Show status codes and page titles.</p>
|
|
<h3>Tech Detection</h3>
|
|
<pre><code>cat hosts.txt | httpx -td</code></pre>
|
|
<p>Detect technologies (wappalyzer-like).</p>
|
|
<h3>Full Info</h3>
|
|
<pre><code>cat hosts.txt | httpx -sc -title -server -td -ip</code></pre>
|
|
<p>Comprehensive host information.</p>
|
|
<h3>Filter by Status</h3>
|
|
<pre><code>cat hosts.txt | httpx -mc 200</code></pre>
|
|
<p>Only show 200 OK responses.</p>
|
|
<h3>Exclude Status</h3>
|
|
<pre><code>cat hosts.txt | httpx -fc 404,403</code></pre>
|
|
<p>Exclude 404 and 403 responses.</p>
|
|
<h3>JSON Output</h3>
|
|
<pre><code>cat hosts.txt | httpx -json -o results.json</code></pre>
|
|
<p>Save detailed JSON output.</p>
|
|
<h3>Multiple Ports</h3>
|
|
<pre><code>cat hosts.txt | httpx -ports 80,443,8080,8443</code></pre>
|
|
<p>Check multiple ports.</p>
|
|
<h3>Silent for Piping</h3>
|
|
<pre><code>subfinder -d example.com -silent | httpx -silent</code></pre>
|
|
<p>Clean output for pipelines.</p>
|
|
<h3>With Custom Header</h3>
|
|
<pre><code>cat hosts.txt | httpx -H "Authorization: Bearer token"</code></pre>
|
|
<p>Add auth header to requests.</p>
|
|
<h3>Follow Redirects</h3>
|
|
<pre><code>cat hosts.txt | httpx -follow-redirects -location</code></pre>
|
|
<p>Follow and show redirect locations.</p>
|
|
<h3>Store Responses</h3>
|
|
<pre><code>cat hosts.txt | httpx -sr -srd ./responses</code></pre>
|
|
<p>Save all response bodies.</p>
|
|
<hr>
|
|
<h2>Common Pipelines</h2>
|
|
<h3>Full Subdomain Recon</h3>
|
|
<pre><code>subfinder -d example.com -silent | httpx -silent -sc -title -td | tee results.txt</code></pre>
|
|
<h3>Find Interesting Pages</h3>
|
|
<pre><code>cat urls.txt | httpx -mc 200 -title | grep -i "admin\|login\|dashboard"</code></pre>
|
|
<h3>Screenshot Pipeline</h3>
|
|
<pre><code>subfinder -d example.com -silent | httpx -silent | aquatone</code></pre>
|
|
<hr>
|
|
<h2>Tips</h2>
|
|
<ul>
|
|
<li>Use -silent for clean pipeline output</li>
|
|
</ul>
|
|
<ul>
|
|
<li>Combine -sc -title -td for quick triage</li>
|
|
</ul>
|
|
<ul>
|
|
<li>Use -json for detailed data extraction</li>
|
|
</ul>
|
|
<ul>
|
|
<li>Filter with -mc/-fc to focus results</li>
|
|
</ul>
|
|
<ul>
|
|
<li>Store responses for later analysis</li>
|
|
</ul>
|
|
<ul>
|
|
<li>Essential tool in recon pipelines</li>
|
|
</ul>
|
|
<ul>
|
|
<li>Part of ProjectDiscovery toolkit (works with nuclei, subfinder)</li>
|
|
</ul>
|
|
<ul>
|
|
<li>Always get authorization before scanning</li>
|
|
</ul>
|
|
<hr>
|
|
<p><a href="index.html">← Back to cheatsheets</a></p>
|
|
<p><a href="../index.html">← Home</a></p>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<script async type="text/javascript" src="../blog/analytics.js"></script>
|
|
<script src="../theme.js"></script>
|
|
</body>
|
|
</html>
|