What is the purpose of Httpx?
Httpx is an open source tool. HTTPX is a fully featured HTTP client for Python 3, which provides sync and async APIs, and support for both HTTP/1.1 and HTTP/2.
Here are the primary uses of Httpx:
-
HTTP Request Testing: Httpx is a Python library used for testing HTTP endpoints by sending requests to an endpoint and inspecting a number of status codes and headers in responses.
-
Web Enumeration: Httpx will allow the enumeration of web applications through the discovery of valid endpoints, the identification of subdomains and the collection of information about web servers.
-
Content and Header Discovery: Httpx identifies many content types, a number of response headers, and other useful information from the target server that can help in vulnerability finding process.
-
Fast and Efficient: Httpx tool has high performance. Httpx can accept multiple queries from a single user at a time, making it suitable for large-scale analysis.
-
Integration with Other Tools: Httpx can be integrated easily into security testing workflows. It's normally used as a bundle with other tools, like nuclei and subfinder, for complete assessments These combinations of uses make the analysis of the target system more detailed.
Core Features
- Fast and Concurrent Requests
- Flexible Output Formats
- Support for Multiple Protocols
- HTTP Method Support
- Detailed Response Analysis
- Customizable Options
- Integration with Other Tools
- Domain and Subdomain Support
Common Httpx Commands
1. Basic Usage
- This command sends a request to a target URL provided and then outputs the result.
httpx -url <target_url>
2. File Input
- This command reads a list of all URLs from a file and tests each one.
httpx -l <file>
3. Output to File
- This command saves the results of requests to the specified output file. This command facilitates target system analysis after security testing.
httpx -l <file> -o <output_file>
4. Specify HTTP Method
- This command specifies the HTTP method to use when sending a request to the target system.
httpx -url <target_url> -method <HTTP_method>
5. Follow Redirects
- This command follows HTTP redirects when testing a URL on the target system.
httpx -url <target_url> -follow
Specify Timeout
- This command sets the request timeout to the specified number of seconds. Its use eliminates excessive waiting due to some errors.
httpx -url <target_url> -timeout <seconds>
7. Custom Headers
- This command adds custom headers to the request.
httpx -url <target_url> -H "<Header: value>"
8. Verbose Output
- This command provides detailed output about the request and response. Security experts can use this command to use the detailed output for deep analysis.
httpx -url <target_url> -verbose
9. JSON Output
- This command saves the results in JSON format for easier integration with other tools and post-safety test analysis. In many cases, JSON format output can be advantageous.
httpx -l <file> -o <output_file> -json
10. Check for Live Hosts
- This command checks a list of hosts and returns only the live hosts without additional output.
httpx -l <file> -silent -timeout <seconds>
11. Help and Usage Information
- Displays the help information, including available commands and options for using Httpx.
httpx -h
Alternative usage:
httpx --help
Output Examples of Httpx Commands
Command| Example Usage| Function| Output Example
---|---|---|---
Basic Usage| httpx -url example.com| Sends a request to the specified target URL.| Response from example.com: 200 OK
File Input| httpx -l urls.txt| Reads a list of URLs from a file and tests each one.| Testing URLs from urls.txt...
Output to File| httpx -l urls.txt -o results.txt| Saves the results of the requests to the specified file.| Results saved to results.txt
Output in CSV Format| httpx -l urls.txt -o results.csv -format csv| Outputs results in CSV format for easier readability.| Results saved to results.csv
Specify Output Format| httpx -l urls.txt -o results.xml -format xml| Outputs results in XML format for easier processing.| Results saved to results.xml
JSON Output| httpx -l urls.txt -o results.json -json| Saves the results in JSON format for easier integration.| Results saved in JSON format to results.json
Specify HTTP Method| httpx -url example.com -method POST| Sends a POST request to the specified target URL.| POST request sent to example.com: 200 OK
Follow Redirects| httpx -url example.com -follow| Follows HTTP redirects when testing a URL.| Redirected to new location: example.com/redirect
Specify Timeout| httpx -url example.com -timeout 5| Sets the request timeout to 5 seconds.| Request to example.com timed out after 5 seconds
Provide Custom Timeout| httpx -url example.com -timeout 10| Sets a custom timeout for the request.| Request to example.com timed out after 10 seconds
Custom Headers| httpx -url example.com -H "Authorization: Bearer token"| Adds a custom header to the request.| Request with custom header sent to example.com
Specify Custom User Agent| httpx -url example.com -A "Mozilla/5.0"| Sets a custom User-Agent string for the request.| Request sent with custom User-Agent
Insecure SSL| httpx -url example.com -insecure| Allows connections to SSL sites without verification.| Connected to example.com with insecure SSL
Check for Live Hosts| httpx -l hosts.txt -silent -timeout 5| Checks a list of hosts and returns only live hosts.| Live hosts found: example.com
Specify Rate Limit| httpx -l urls.txt -r 100| Limits the number of requests per second during testing.| Rate limit set to 100 requests per second
Verbose Output| httpx -url example.com -verbose| Provides detailed output about the request and response.| Request details: ... <br /> Response: 200 OK
Filter by Status Code| httpx -l urls.txt -status-codes 200| Filters the results based on specific HTTP status codes.| Filtering results to only include 200 OK responses
Version Information| httpx -version| Shows the current version of Httpx installed on the system.| Httpx version 1.0.0
No Color Output| httpx -l urls.txt -silent -no-color| Disables colored output in the terminal.| (Output without color)
HTTP/2 Support| httpx -url example.com -http2| Enables HTTP/2 for the requests.| HTTP/2 request sent to example.com