HTTPX – A Tool to Fingerprint a Web Server

Httpx is a fast and multi-purpose HTTP toolkit that allows the user to run multiple probers using the retryablehttp library, it is designed to be reliable and fast with increased threads. Other than finding the HTTP server httpx has many silent features like finding a status code, discovering vhost’s, extracting domains from CSP, and many more.

HTTPX Installation

There are 3 ways to install httpx.

Installing from Binary

The easiest way to install is download the pre-built binaries from the releases page. Download the binary that is compatible with your system. Extract them using tar and move the binary to your $PATH.

tar -xvf httpx-linux-amd64.tar
mv httpx-linux-amd64 /usr/local/bin/httpx
httpx -h

The next two methods, require the latest go version install in your system. You can check the install version by using the command “go version“ if go is not installed you can follow this link to install the go.

Installing from Source

GO111MODULE=on go get -v github.com/projectdiscovery/httpx/cmd/httpx

Installing using Github

git clone https://github.com/projectdiscovery/httpx.git 
 httpx/cmd/httpx 
go build 
mv httpx /usr/local/bin/
httpx -version

How HTTPX Works

Scanning a single domain.

echo "google.com" | httpx

Scanning the hosts from a file.

httpx -l file.txt -o output.txt

Making the most from the tool

httpx -l file.txt -csp-probe -tls-probe -silent -content-length -status-code -title -o out.txt
  • -l:- input file contains domains.
  • -csp-probe:- extract domains and subdomains from the CSP.
  • -tls-probe:- extract domains and subdomains from the TLS.
  • -silent:-  prints only the results.
  • -content-length:- prints the content length.
  • -status-code:- prints status code in the output.
  • -title:- print the title of the page if available

What Bunny rating does it get?

The tools have some great and unique feature which is not provided by the similar tools, we will be awarding this tool a rating of 4.5 out of 5 bunnies.

Want to learn more about ethical hacking?

We have a  networking hacking course that is of a similar level to OSCP, get an exclusive 95% discount HERE

Do you know of another GitHub related hacking tool?

Get in touch with us via the contact form if you would like us to look at any other GitHub ethical hacking tools.

Related posts

BruteDum- A network attack bruteforce tool

MHDDoS – A DDoS Attack Script With Over 50 Different Methods

A Review of DNS Enumeration Tool: DNSEnum

1 comment

tom April 6, 2021 - 7:45 am
Good

Comments are closed.

Add Comment