HTTPX – Multi-purpose HTTP Toolkit

httpx - Tool To Screenshot and Extract Metadata From List of domains or hosts

HTTPX is a popular tool for bug bounty hunters that provides a fast and efficient way to scan web applications for security vulnerabilities. It is a lightweight and powerful HTTP client that allows testers to perform various types of scans and tests, including fuzzing, reconnaissance, and enumeration. In this article, we will discuss how to use HTTPX for bug bounty hunting and explore some of its features that make it an excellent tool for finding security vulnerabilities.

What is httpx?

HTTPX is an HTTP client developed by Project Discovery, a security company that provides a wide range of security testing tools and services. This tool is designed to be fast, efficient, and scalable, making it an excellent choice for scanning large web applications. It uses a multithreaded design to perform multiple requests simultaneously, enabling testers to scan thousands of URLs in a matter of minutes. And also is designed to be easy to use, with a simple command-line interface that requires minimal setup.

HTTPX is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library. It is designed to maintain result reliability with an increased number of threads.

Httpx Features

HTTPX comes with several features that make it an excellent tool for bug bounty hunting and also web aplication hacking. Here are some of the key features:

  1. Fast and efficient scanning: HTTPX uses a multithreaded design to perform multiple requests simultaneously, enabling testers to scan large web applications quickly and efficiently.
  2. HTTP/2 support: HTTPX supports the HTTP/2 protocol, which can be useful for testing modern web applications that make use of this protocol.
  3. Proxy support: This tool can be configured to use a proxy, which can help to bypass certain security measures and hide your IP address.
  4. Fuzzing and enumeration: HTTPX can perform various types of scans and tests, including fuzzing and enumeration, to help identify security vulnerabilities in web applications.
  5. Custom headers: allows testers to customize headers in their requests, which can help to bypass certain security measures and perform more advanced testing.
  6. Screenshot: feature that allows users to take screenshots of target URLs, pages, or endpoints along with the rendered DOM. This functionality enables the visual content discovery process.

Supported probes

ProbesDefault checkProbesDefault check
URLtrueIPtrue
TitletrueCNAMEtrue
Status CodetrueRaw HTTPfalse
Content LengthtrueHTTP2false
TLS CertificatetrueHTTP Pipelinefalse
CSP HeadertrueVirtual hostfalse
Line CounttrueWord Counttrue
Location HeadertrueCDNfalse
Web ServertruePathsfalse
Web SockettruePortsfalse
Response TimetrueRequest Methodtrue
Favicon HashfalseProbe Statusfalse
Body HashtrueHeader Hashtrue
Redirect chainfalseURL Schemetrue
JARM HashfalseASNfalse

Httpx Installation

httpx equires go1.19 to install successfully. Run the following command to get the repo:

go install -v github.com/projectdiscovery/httpx/cmd/[email protected]

Running httpX

URL Probe

This will run the tool against all the hosts and subdomains in hosts.txt and returns URLs running HTTP webserver.

cat hosts.txt | httpx

File Input

This will run the tool with the -probe flag against all the hosts in hosts.txt and return URLs with probed status.

httpx -list hosts.txt -silent -probe

CIDR Input

echo 173.0.84.0/24 | httpx -silent

Tool Chain

subfinder -d hackerone.com -silent| httpx -title -tech-detect -status-code

File/Path Bruteforce

httpx -l urls.txt -path /v1/api -sc

Screenshot

Latest addition to the project, the addition of the -screenshot option in httpx, a powerful new feature that allows users to take screenshots of target URLs, pages, or endpoints along with the rendered DOM. This functionality enables the visual content discovery process, providing a comprehensive view of the target’s visual appearance.

Rendered DOM body is also included in json line output when -screenshot option is used with -json option.

Usage

To use the screenshot feature, simply add the -screenshot flag to your command:

httpx -screenshot -u https://example.com

Domain, Subdomain, and Path Support The -screenshot option is versatile and can be used to capture screenshots for domains, subdomains, and even specific paths when used in conjunction with the -path option:

httpx -screenshot -u example.com httpx -screenshot -u https://example.com/login httpx -screenshot -path fuzz_path.txt -u https://example.com

Using with other tools:

subfinder -d example.com | httpx -screenshot


You May Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *

8 − 7 =