LinuxCommandLibrary

httpx

Probe HTTP endpoints for information and status

TLDR

Run a probe against a [u]RL, host, IP Address or subnet (CIDR notation) showing probe status

$ httpx -probe [[-u|-target]] [url|host|ipaddress|subnet_with_cidr]
copy

Run a probe against multiple hosts showing status code with input from subfinder
$ subfinder [[-d|-domain]] [example.com] | httpx [[-sc|-status-code]]
copy

Run a rate limited probe against a list of hosts from a file showing technology detected and response time
$ httpx [[-rl|-rate-limit]] [150] [[-l|-list]] [path/to/newline_separated_hosts_list] [[-td|-tech-detect]] [[-rt|-response-time]]
copy

Run a probe against a [u]RL showing its webpage title, CDN/WAF in use, and page content hash
$ httpx [[-u|-target]] [url] -title -cdn -hash [sha256]
copy

Run a probe against a list of hosts with custom defined ports and timeout after certain seconds
$ httpx -probe [[-u|-target]] [host1,host2,...] [[-p|-ports]] http:[80,8000-8080],https:[443,8443] -timeout [10]
copy

Run a probe against a list of hosts filtering out codes of certain responses
$ httpx [[-u|-target]] [host1,host2,...] [[-fc|-filter-code]] [400,401,404]
copy

Run a probe against a list of hosts matching codes of certain responses
$ httpx [[-u|-target]] [host1,host2,...] [[-mc|-match-code]] [200,301,304]
copy

Run a probe against a URL saving screenshots of certain paths, with screenshot timeouts (assets are saved in output)
$ httpx [[-u|-target]] [https://www.github.com] -path [/tldr-pages/tldr,/projectdiscovery/httpx] [[-ss|-screenshot]] [[-st|-screenshot-timeout]] [10]
copy

SYNOPSIS

httpx [options] [<input-list> | stdin]

PARAMETERS

-a, --anomaly
    Show anomaly information

-al, --auth-login <string>
    HTTP Basic Auth login

-ap, --auth-pass <string>
    HTTP Basic Auth password

-c, --threads <int>
    Number of threads (default 50)

-cl, --content-length
    Display content length

-config <string>
    Path to configuration file

-debug
    Show debug messages

-dl, --delay <string>
    Delay between requests in seconds

-dry
    Dry run without sending packets

-follow-redirects
    Follow redirects (max depth 6)

-H, --header <string[]>
    Custom headers

-http-proxy <string>
    Proxy URL for requests

-json
    JSONL output format

-l, --list <string>
    File with list of hosts/URLs

-la, --location
    Show redirect location

-lc, --location-count
    Show number of redirects

-li, --liked
    Show only liked technologies

-L, --load-config <string[]>
    Load multiple config files

-me, --method <string[]>
    HTTP methods (default GET,HEAD)

-nC, --no-color
    Disable color output

-no-fallback
    Disable HTTP/1 fallback from HTTP/2

-no-http2
    Disable HTTP/2

-no-redirect
    Disable redirects

-no-tech-detect
    Disable technology detection

-o, --output <string>
    Output file

-r, --raw
    Show raw HTTP request/response

-rate-limit <int>
    Max requests per second (default -1)

-rd, --random-delay <int>
    Random delay between requests

-retries <int>
    Retries per host (default 0)

-s, --status-code
    Show response status code

-sc, --system-cpus
    Use all system CPUs

-silent
    Only show results

-sites
    Show only websites

-ssl
    Force HTTPS if no scheme

-store-response-dir <string>
    Directory to store responses

-t, --timeout <int>
    Timeout in seconds (default 7)

-title
    Show page title

-tls-grab
    Perform TLS grab

-tls-imprint
    Show TLS imprint

-tls-probe
    TLS probe

-tls-resume
    Enable TLS session resume

-u, --url <strings>
    Single target URL/domain

-v, --verbose
    Verbose output

-version
    Show version

-web
    Run web server

-ws, --ws-probe
    Probe for websockets

-x, --path <string[]>
    Additional paths to probe

-z, --stdin
    Read from stdin

DESCRIPTION

httpx is a high-performance, multi-threaded HTTP probing tool developed by ProjectDiscovery for security testing, bug bounty hunting, and penetration testing. It scans lists of domains or URLs to detect live web services over HTTP/HTTPS, extracting valuable information such as
status codes, page titles, content lengths, server technologies, TLS fingerprints, and more.

Key strengths include massive concurrency (up to system CPU limits), customizable requests (headers, methods, paths), redirect handling, rate limiting, and output formats like JSONL for automation. It supports probing for websockets, TLS grabs, and anomalies. Ideal for reconnaissance workflows, httpx pipes seamlessly from tools like subfinder or amass and feeds into nuclei for vulnerability scanning.

Unlike basic tools like curl, httpx provides filtered, enriched output at scale, identifying "interesting" endpoints like /robots.txt or admin panels. It's lightweight, written in Go, and actively maintained with frequent feature releases.

CAVEATS

Not a standard Linux command; requires separate installation. High threads/rates can overload networks or consume high CPU/memory. Always respect rate limits and robots.txt. Output may miss edge cases like CAPTCHAs.

INSTALLATION

go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest
Or Docker: docker run -it projectdiscovery/httpx -l hosts.txt

EXAMPLE USAGE

cat hosts.txt | httpx -silent -title -status-code -tech-detect
httpx -l subdomains.txt -o live.txt -threads 100 -rate-limit 100

HISTORY

Developed by ProjectDiscovery since 2020 as part of their open-source arsenal for asset discovery. Evolved from simple HTTP checker to full-featured toolkit with TLS probing, tech detection via wappalyzer datasets, and HTTP/3 support in recent v1.x releases. Widely used in bug bounty communities.

SEE ALSO

curl(1), wget(1), nmap(1), nuclei(1), naabu(1)

Copied to clipboard