httpx

Run a probe against a [u]RL, host, IP Address or subnet (CIDR notation) showing probe status

$ httpx -probe [[-u|-target]] [url|host|ipaddress|subnet_with_cidr]

$ subfinder [[-d|-domain]] [example.com] | httpx [[-sc|-status-code]]

$ httpx [[-rl|-rate-limit]] [150] [[-l|-list]] [path/to/newline_separated_hosts_list] [[-td|-tech-detect]] [[-rt|-response-time]]

$ httpx [[-u|-target]] [url] -title -cdn -hash [sha256]

$ httpx -probe [[-u|-target]] [host1,host2,...] [[-p|-ports]] http:[80,8000-8080],https:[443,8443] -timeout [10]

$ httpx [[-u|-target]] [host1,host2,...] [[-fc|-filter-code]] [400,401,404]

$ httpx [[-u|-target]] [host1,host2,...] [[-mc|-match-code]] [200,301,304]

$ httpx [[-u|-target]] [https://www.github.com] -path [/tldr-pages/tldr,/projectdiscovery/httpx] [[-ss|-screenshot]] [[-st|-screenshot-timeout]] [10]

httpx [OPTIONS] -l <TARGETS_FILE>
or
echo <URL> | httpx [OPTIONS]

-l, --list <file>
    Path to a file containing a list of target URLs or hosts to probe.

-u, --url <url>
    Single target URL or host to probe.

-p, --ports <ports>
    Comma-separated list of ports to probe (e.g., 80,443,8080).

-sc, --status-code
    Display HTTP status code for each target.

-t, --title
    Extract and display the HTML title of the page.

-td, --tech-detect
    Perform technology detection to identify web frameworks, libraries, etc.

-json
    Output results in JSON format for programmatic parsing.

-silent
    Show only results, suppressing informational messages.

-timeout <duration>
    Timeout for HTTP requests (e.g., 5s).

-H, --header <header>
    Add a custom HTTP header to requests (e.g., 'User-Agent: MyProbe').

-follow-redirects
    Follow HTTP redirects.

-ip
    Display the resolved IP address of the target.

-cname
    Display CNAME records for the target.

-probe
    Show probe status for all targets, including those that failed.

httpx is a high-performance HTTP client developed by ProjectDiscovery, specifically designed for rapid web server enumeration and content discovery. It allows security researchers, bug bounty hunters, and system administrators to quickly identify active web services, extract critical information like HTTP status codes, page titles, technology fingerprints, and CNAME/IP details.

It supports various input methods, including single URLs or lists of targets from a file, and excels in concurrent scanning to process large numbers of targets efficiently. Its flexible output options, including JSON, make it easily integratable into automated workflows for reconnaissance and asset discovery.

While highly efficient for discovery, httpx is primarily a prober, not a vulnerability scanner. It provides information about web services but doesn't actively test for security flaws.

Using very high concurrency on target systems without prior consent can lead to service disruption or rate limiting. Always ensure responsible and ethical usage.

httpx can be installed via Go (go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest) or by downloading pre-compiled binaries from the ProjectDiscovery GitHub releases page, which are available for various operating systems.

httpx is frequently chained with other tools in security workflows. For example, the output of a subdomain enumeration tool (like subfinder) or a port scanner (like naabu) can be piped as input to httpx for efficient HTTP probing.

Example: subfinder -d example.com | httpx -sc -title -td -json -o results.json
This command finds subdomains for 'example.com', then pipes them to httpx to get status codes, titles, and tech detection, saving the results in JSON format.

httpx is an open-source tool developed and maintained by ProjectDiscovery, a collective known for creating a suite of fast, Go-based command-line utilities for security reconnaissance and bug bounty hunting. It was developed to provide a rapid and reliable way to probe HTTP services, often acting as a foundational step before more in-depth analysis with tools like nuclei.

curl(1), nmap(1), masscan(8), nuclei(1)