HTTPX Toolkit Cheat Blatt¶
Überblick¶
HTTPX ist ein schnelles und vielseitiges HTTP-Toolkit, das von Project Discovery entwickelt wurde und mehrere Sonden mithilfe der retryablehttp-Bibliothek ausführen kann. Es ist entworfen, um die Ergebnissicherheit bei erhöhten Gewinden zu erhalten und ist für großflächiges Scannen optimiert. HTTPX kann verwendet werden, um mehrere Sonden auf einer Liste von URLs oder Hosts auszuführen, die ein schnelles Webserver Fingerabdrucken und Probieren ermöglichen.
Was HTTPX von anderen HTTP-Tools unterscheidet, ist seine Vielseitigkeit und Geschwindigkeit. Es kann Tausende von Hosts in Minuten verarbeiten und wertvolle Informationen über jedes Ziel, einschließlich Statuscodes, Titel, Content-Typen, Webserver-Technologien und mehr. HTTPX wird häufig in Aufklärungsphasen von Sicherheitsbewertungen und Bug-Bounty-Jagd verwendet, um schnell interessante Ziele für weitere Untersuchungen zu identifizieren.
HTTPX unterstützt verschiedene Eingabeformate und kann problemlos in eine Pipeline mit anderen Tools integriert werden, was es zu einer wesentlichen Komponente in vielen Sicherheitstest-Workflows macht. Seine Fähigkeit, Ergebnisse basierend auf verschiedenen Kriterien zu filtern, hilft Sicherheitsexperten, sich auf die wichtigsten Ziele zu konzentrieren.
Installation¶
Verwenden Sie Go¶
```bash
Install using Go (requires Go 1.20 or later)¶
go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest
Verify installation¶
httpx -version ```_
Verwendung von Docker¶
```bash
Pull the latest Docker image¶
docker pull projectdiscovery/httpx:latest
Run HTTPX using Docker¶
docker run -it projectdiscovery/httpx:latest -h ```_
Verwendung von Homebrew (macOS)¶
```bash
Install using Homebrew¶
brew install httpx
Verify installation¶
httpx -version ```_
Verwendung von PDTM (Projekt Discovery Tools Manager)¶
```bash
Install PDTM first if not already installed¶
go install -v github.com/projectdiscovery/pdtm/cmd/pdtm@latest
Install HTTPX using PDTM¶
pdtm -i httpx
Verify installation¶
httpx -version ```_
Auf Kali Linux¶
```bash
Install using apt¶
sudo apt install httpx
Verify installation¶
httpx -version ```_
Basisnutzung¶
Anmelden von URLs und Hosts¶
```bash
Probe a single URL¶
httpx -u https://example.com
Probe multiple URLs¶
httpx -u https://example.com,https://projectdiscovery.io
Probe from a list of URLs/hosts¶
httpx -l hosts.txt
Probe from STDIN¶
cat hosts.txt|httpx ```_
Ausgabeoptionen¶
```bash
Save results to a file¶
httpx -l hosts.txt -o results.txt
Output in JSON format¶
httpx -l hosts.txt -json -o results.json
Output in CSV format¶
httpx -l hosts.txt -csv -o results.csv
Silent mode (only URLs)¶
httpx -l hosts.txt -silent ```_
Grundfilterung¶
```bash
Filter by status code¶
httpx -l hosts.txt -status-code 200
Filter by content length¶
httpx -l hosts.txt -content-length 100
Match specific title¶
httpx -l hosts.txt -title "Dashboard"
Match specific technology¶
httpx -l hosts.txt -tech wordpress ```_
Erweiterte Nutzung¶
Port Scanning¶
```bash
Scan default ports (80, 443)¶
httpx -l hosts.txt
Scan specific ports¶
httpx -l hosts.txt -ports 80,443,8080,8443
Scan top 100 ports¶
httpx -l hosts.txt -ports top-100
Scan all ports¶
httpx -l hosts.txt -ports all ```_
Wegweiser¶
```bash
Probe specific paths¶
httpx -l hosts.txt -path /api/v1,/admin,/login
Probe from a file containing paths¶
httpx -l hosts.txt -path-file paths.txt
Automatically add trailing slash¶
httpx -l hosts.txt -path /api -add-slash ```_
Protokolloptionen¶
```bash
Force HTTPS¶
httpx -l hosts.txt -https
Probe both HTTP and HTTPS¶
httpx -l hosts.txt -probe
Skip HTTPS verification¶
httpx -l hosts.txt -no-verify ```_
Anfrage Anpassung¶
```bash
Set custom headers¶
httpx -l hosts.txt -H "User-Agent: Mozilla/5.0" -H "Cookie: session=123456"
Set HTTP method¶
httpx -l hosts.txt -method POST
Set request body¶
httpx -l hosts.txt -method POST -body "username=admin&password=admin"
Set content type¶
httpx -l hosts.txt -method POST -H "Content-Type: application/json" -body '\\{"username":"admin","password":"admin"\\}' ```_
Antwort Filtern¶
```bash
Match response containing specific string¶
httpx -l hosts.txt -match-string "admin"
Match response using regex¶
httpx -l hosts.txt -match-regex "admin.*panel"
Filter response not containing string¶
httpx -l hosts.txt -filter-string "not found"
Filter response using regex¶
httpx -l hosts.txt -filter-regex "error|not found" ```_
Bild vergrößern¶
```bash
Capture screenshots¶
httpx -l hosts.txt -screenshot
Specify screenshot output directory¶
httpx -l hosts.txt -screenshot -screenshot-output screenshots/
Set screenshot timeout¶
httpx -l hosts.txt -screenshot -screenshot-timeout 20 ```_
Technologie-Detektion¶
```bash
Detect web technologies¶
httpx -l hosts.txt -tech-detect
Output only specific technologies¶
httpx -l hosts.txt -tech-detect -match-tech wordpress,nginx ```_
Leistungsoptimierung¶
Concurrency und Rate Limiting¶
```bash
Set concurrency (default: 50)¶
httpx -l hosts.txt -concurrency 100
Set rate limit¶
httpx -l hosts.txt -rate-limit 200
Set request timeout¶
httpx -l hosts.txt -timeout 10 ```_
Retry und Delay Optionen¶
```bash
Set maximum retries¶
httpx -l hosts.txt -retries 3
Set delay between requests¶
httpx -l hosts.txt -delay 2s
Set random delay¶
httpx -l hosts.txt -random-agent ```_
Optimierung für große Scans¶
```bash
Use stream mode for large inputs¶
httpx -l large-hosts.txt -stream
Skip default ports probing¶
httpx -l hosts.txt -no-default-ports
Skip failed host probes¶
httpx -l hosts.txt -skip-host-error ```_
Integration mit anderen Tools¶
Pipeline mit Subfinder¶
```bash
Find subdomains and probe them¶
subfinder -d example.com|httpx
Find subdomains, probe them, and check for specific paths¶
subfinder -d example.com|httpx -path /api,/admin -status-code 200 ```_
Pipeline mit Nuclei¶
```bash
Find active hosts and scan for vulnerabilities¶
httpx -l hosts.txt -silent|nuclei -t cves/
Find hosts with specific tech and scan for related vulnerabilities¶
httpx -l hosts.txt -tech-detect -match-tech wordpress -silent|nuclei -t wordpress/ ```_
Pipeline mit Naabu¶
```bash
Scan ports and probe HTTP services¶
naabu -host example.com -top-ports 1000 -silent|httpx
Scan ports, probe HTTP services, and check for vulnerabilities¶
naabu -host example.com -top-ports 1000 -silent|httpx -silent|nuclei -t cves/ ```_
Produktionsanpassung¶
Zollausgabe Format¶
```bash
Define custom output format¶
httpx -l hosts.txt -o results.txt -silent -format "\\{\\{.StatusCode\\}\\} \\{\\{.URL\\}\\} \\{\\{.Title\\}\\}"
Include specific fields in output¶
httpx -l hosts.txt -include-response-time -include-chain -include-cdn ```_
Antwortextraktion¶
```bash
Extract title¶
httpx -l hosts.txt -title
Extract favicon hash¶
httpx -l hosts.txt -favicon
Extract response headers¶
httpx -l hosts.txt -response-header
Extract TLS information¶
httpx -l hosts.txt -tls-grab ```_
Antwortspeicher¶
```bash
Store response bodies¶
httpx -l hosts.txt -store-response
Specify response storage directory¶
httpx -l hosts.txt -store-response -store-response-dir responses/
Store chain responses¶
httpx -l hosts.txt -store-chain ```_
Erweiterte Filterung¶
Status Code Filtern¶
```bash
Match specific status codes¶
httpx -l hosts.txt -status-code 200,301,302
Filter out specific status codes¶
httpx -l hosts.txt -exclude-status-code 404,403 ```_
Inhalt filtern¶
```bash
Filter by content length¶
httpx -l hosts.txt -content-length 100
Match content length range¶
httpx -l hosts.txt -content-length-lt 1000 -content-length-gt 100
Filter by content type¶
httpx -l hosts.txt -content-type "text/html" ```_
Kopffilter¶
```bash
Match specific header¶
httpx -l hosts.txt -match-header "Server: nginx"
Filter by header presence¶
httpx -l hosts.txt -include-headers "Server,Content-Type" ```_
Proxy und Netzwerkoptionen¶
```bash
Use HTTP proxy¶
httpx -l hosts.txt -proxy http://127.0.0.1:8080
Use SOCKS5 proxy¶
httpx -l hosts.txt -proxy socks5://127.0.0.1:1080
Follow redirects¶
httpx -l hosts.txt -follow-redirects
Follow redirects with max depth¶
httpx -l hosts.txt -follow-redirects -follow-max-redirects 5
Follow host redirects¶
httpx -l hosts.txt -follow-host-redirects ```_
Verschiedenes Eigenschaften¶
CRLF Injektionserkennung¶
```bash
Check for CRLF injection¶
httpx -l hosts.txt -crlf ```_
CORS Misconfiguration Check¶
```bash
Check for CORS misconfigurations¶
httpx -l hosts.txt -cors ```_
IP Geolocation¶
```bash
Include IP geolocation information¶
httpx -l hosts.txt -location ```_
Web Cache Detektion¶
```bash
Check for web cache¶
httpx -l hosts.txt -web-cache ```_
Virtuelle Host Discovery¶
```bash
Probe for virtual hosts¶
httpx -l hosts.txt -vhost
Specify vhost wordlist¶
httpx -l hosts.txt -vhost -vhost-wordlist vhosts.txt ```_
Fehlerbehebung¶
Gemeinsame Themen¶
- Verbrauchszeiten ```bash # Increase timeout httpx -l hosts.txt -timeout 15
# Increase retries httpx -l hosts.txt -retries 3 ```_
- **Begrenzung durch Ziel* * ```bash # Reduce concurrency httpx -l hosts.txt -concurrency 10
# Add delay between requests httpx -l hosts.txt -delay 2s ```_
- **Memory Issues* ```bash # Use stream mode for large inputs httpx -l large-hosts.txt -stream
# Reduce concurrency httpx -l hosts.txt -concurrency 25 ```_
- **TLS/SSL Fehler*
bash # Skip TLS verification httpx -l hosts.txt -no-verify_
Debugging¶
```bash
Enable verbose mode¶
httpx -l hosts.txt -verbose
Show request and response details¶
httpx -l hosts.txt -debug
Show only failed requests¶
httpx -l hosts.txt -debug-req -debug-resp -silent ```_
Konfiguration¶
Datei konfigurieren¶
HTTPX verwendet eine Konfigurationsdatei unter $HOME/.config/httpx/config.yaml_. Sie können verschiedene Einstellungen in dieser Datei anpassen:
```yaml
Example configuration file¶
concurrency: 50 timeout: 5 retries: 2 rate-limit: 150 verbose: false silent: false output: httpx_output.txt ```_
Umweltvariablen¶
```bash
Set HTTPX configuration via environment variables¶
export HTTPX_CONCURRENCY=50 export HTTPX_TIMEOUT=5 export HTTPX_RETRIES=2 export HTTPX_RATE_LIMIT=150 ```_
Sachgebiet¶
Kommandozeilenoptionen¶
| Flag | Description |
|---|---|
-u, -target |
Target URL/host to probe |
-l, -list |
File containing list of URLs/hosts to probe |
-o, -output |
File to write output to |
-json |
Write output in JSON format |
-csv |
Write output in CSV format |
-silent |
Show only URLs/hosts in output |
-verbose |
Show verbose output |
-debug |
Show request/response details |
-version |
Show HTTPX version |
-ports |
Ports to probe (default: 80,443) |
-path |
Path(s) to probe |
-method |
HTTP method to use |
-status-code |
Filter by status code |
-title |
Filter by title |
-content-length |
Filter by content length |
-tech-detect |
Detect web technologies |
-follow-redirects |
Follow HTTP redirects |
-no-verify |
Skip TLS verification |
-H, -header |
Custom header to add to all requests |
-match-string |
Match response containing string |
-match-regex |
Match response using regex |
-filter-string |
Filter response not containing string |
-filter-regex |
Filter response not matching regex |
-screenshot |
Take screenshots of websites |
-concurrency |
Number of concurrent requests |
-rate-limit |
Maximum number of requests per second |
-timeout |
Timeout in seconds for HTTP requests |
-retries |
Number of retries for failed requests |
-delay |
Delay between requests |
-proxy |
HTTP/SOCKS5 proxy to use |
Ausgangsfelder¶
| Field | Description |
|---|---|
url |
Target URL |
input |
Original input |
scheme |
URL scheme (http/https) |
host |
Target host |
port |
Target port |
path |
URL path |
status_code |
HTTP status code |
title |
Page title |
content_type |
Content type header |
content_length |
Content length |
response_time |
Response time in seconds |
technologies |
Detected technologies |
server |
Server header |
webserver |
Detected web server |
ip |
Target IP address |
cdn |
CDN information |
favicon |
Favicon hash |
tls |
TLS information |
location |
Redirect location |
vhost |
Virtual host information |
Ressourcen¶
- [offizielle Dokumentation](LINK_3_
- [GitHub Repository](LINK_3_
- [Project Discovery Discord](LINK_3_
--
*Dieses Betrügereiblatt bietet eine umfassende Referenz für die Verwendung von HTTPX, vom Grundvorschlag bis hin zur erweiterten Filterung und Integration mit anderen Tools. Für die aktuellsten Informationen finden Sie immer die offizielle Dokumentation. *