Skip to main content

Httpx

What is the purpose of Httpx?

Httpx is an open source tool. HTTPX is a fully featured HTTP client for Python 3, which provides sync and async APIs, and support for both HTTP/1.1 and HTTP/2.

Here are the primary uses of Httpx:

  • HTTP Request Testing: Httpx is a Python library used for testing HTTP endpoints by sending requests to an endpoint and inspecting a number of status codes and headers in responses.

  • Web Enumeration: Httpx will allow the enumeration of web applications through the discovery of valid endpoints, the identification of subdomains and the collection of information about web servers.

  • Content and Header Discovery: Httpx identifies many content types, a number of response headers, and other useful information from the target server that can help in vulnerability finding process.

  • Fast and Efficient: Httpx tool has high performance. Httpx can accept multiple queries from a single user at a time, making it suitable for large-scale analysis.

  • Integration with Other Tools: Httpx can be integrated easily into security testing workflows. It's normally used as a bundle with other tools, like nuclei and subfinder, for complete assessments These combinations of uses make the analysis of the target system more detailed.

Core Features

  • Fast and Concurrent Requests
  • Flexible Output Formats
  • Support for Multiple Protocols
  • HTTP Method Support
  • Detailed Response Analysis
  • Customizable Options
  • Integration with Other Tools
  • Domain and Subdomain Support

Common Httpx Commands

1. Basic Usage

  • This command sends a request to a target URL provided and then outputs the result.
httpx -url <target_url>

2. File Input

  • This command reads a list of all URLs from a file and tests each one.
httpx -l <file>

3. Output to File

  • This command saves the results of requests to the specified output file. This command facilitates target system analysis after security testing.
httpx -l <file> -o <output_file>

4. Specify HTTP Method

  • This command specifies the HTTP method to use when sending a request to the target system.
httpx -url <target_url> -method <HTTP_method>

5. Follow Redirects

  • This command follows HTTP redirects when testing a URL on the target system.
httpx -url <target_url> -follow

Specify Timeout

  • This command sets the request timeout to the specified number of seconds. Its use eliminates excessive waiting due to some errors.
httpx -url <target_url> -timeout <seconds>

7. Custom Headers

  • This command adds custom headers to the request.
httpx -url <target_url> -H "<Header: value>"

8. Verbose Output

  • This command provides detailed output about the request and response. Security experts can use this command to use the detailed output for deep analysis.
httpx -url <target_url> -verbose

9. JSON Output

  • This command saves the results in JSON format for easier integration with other tools and post-safety test analysis. In many cases, JSON format output can be advantageous.
httpx -l <file> -o <output_file> -json

10. Check for Live Hosts

  • This command checks a list of hosts and returns only the live hosts without additional output.
httpx -l <file> -silent -timeout <seconds>

11. Help and Usage Information

  • Displays the help information, including available commands and options for using Httpx.
httpx -h

Alternative usage:

httpx --help

Output Examples of Httpx Commands

CommandExample UsageFunctionOutput Example
Basic Usagehttpx -url example.comSends a request to the specified target URL.Response from example.com: 200 OK
File Inputhttpx -l urls.txtReads a list of URLs from a file and tests each one.Testing URLs from urls.txt...
Output to Filehttpx -l urls.txt -o results.txtSaves the results of the requests to the specified file.Results saved to results.txt
Output in CSV Formathttpx -l urls.txt -o results.csv -format csvOutputs results in CSV format for easier readability.Results saved to results.csv
Specify Output Formathttpx -l urls.txt -o results.xml -format xmlOutputs results in XML format for easier processing.Results saved to results.xml
JSON Outputhttpx -l urls.txt -o results.json -jsonSaves the results in JSON format for easier integration.Results saved in JSON format to results.json
Specify HTTP Methodhttpx -url example.com -method POSTSends a POST request to the specified target URL.POST request sent to example.com: 200 OK
Follow Redirectshttpx -url example.com -followFollows HTTP redirects when testing a URL.Redirected to new location: example.com/redirect
Specify Timeouthttpx -url example.com -timeout 5Sets the request timeout to 5 seconds.Request to example.com timed out after 5 seconds
Provide Custom Timeouthttpx -url example.com -timeout 10Sets a custom timeout for the request.Request to example.com timed out after 10 seconds
Custom Headershttpx -url example.com -H "Authorization: Bearer token"Adds a custom header to the request.Request with custom header sent to example.com
Specify Custom User Agenthttpx -url example.com -A "Mozilla/5.0"Sets a custom User-Agent string for the request.Request sent with custom User-Agent
Insecure SSLhttpx -url example.com -insecureAllows connections to SSL sites without verification.Connected to example.com with insecure SSL
Check for Live Hostshttpx -l hosts.txt -silent -timeout 5Checks a list of hosts and returns only live hosts.Live hosts found: example.com
Specify Rate Limithttpx -l urls.txt -r 100Limits the number of requests per second during testing.Rate limit set to 100 requests per second
Verbose Outputhttpx -url example.com -verboseProvides detailed output about the request and response.Request details: ... <br /> Response: 200 OK
Filter by Status Codehttpx -l urls.txt -status-codes 200Filters the results based on specific HTTP status codes.Filtering results to only include 200 OK responses
Version Informationhttpx -versionShows the current version of Httpx installed on the system.Httpx version 1.0.0
No Color Outputhttpx -l urls.txt -silent -no-colorDisables colored output in the terminal.(Output without color)
HTTP/2 Supporthttpx -url example.com -http2Enables HTTP/2 for the requests.HTTP/2 request sent to example.com