Httpx：一款针对HTTP的安全研究工具

关于Httpx

Httpx是一款运行速度极快的多功能HTTP安全工具，它可以使用retryablehttp库来运行多种网络探针，并使用了多线程机制来维持运行的稳定性和结果的准确性。

功能介绍

• 简单和模块化的代码库，易于贡献代码；

• 快速和完全可配置的参数选项支持探测多个元素；

• 支持多种基于HTTP的探测；

• 默认情况下，智能自动从https回退到http；

• 支持主机、URL和CIDR作为输入；

• 在遇到Web应用防火墙时，能够自动处理边缘情况、进行重试和退避等操作；

支持的探测

工具安装

Httpx要求本地主机安装并配置好Go v1.14+环境，然后可以使用下列命令来获取Httpx代码库：

GO111MODULE=on go get -v github.com/projectdiscovery/httpx/cmd/httpx

工具使用

httpx -h

上述命令将显示工具的帮助信息，下面给出的是该工具支持的所有参数选项：

Usage of ./httpx:

 

  -H value

      Custom Header

  -allow value

      Allowlist ip/cidr

  -body string

      Request Body

  -cdn

      Check if domain's ip belongs to known CDN (akamai, cloudflare, ..)

  -cname

      Output first cname

  -content-length

      Extracts content length

  -content-type

      Extracts content-type

  -csp-probe

      Send HTTP probes on the extracted CSP domains

  -debug

      Debug mode

  -deny value

      Denylist ip/cidr

  -extract-regex string

      Extract Regex

  -fc string

      Filter status code

  -filter-regex string

      Filter Regex

  -filter-string string

      Filter String

  -fl string

      Filter content length

  -follow-host-redirects

      Only follow redirects on the same host

  -follow-redirects

      Follow Redirects

  -http-proxy string

      HTTP Proxy, eg http://127.0.0.1:8080

  -http2

      HTTP2 probe

  -include-chain

      Show Raw HTTP Chain In Output (-json only)

  -include-response

      Show Raw HTTP Response In Output (-json only)

  -ip

      Output target ip

  -json

      JSON Output

  -l string

      File containing domains

  -location

      Extracts location header

  -match-regex string

      Match Regex

  -match-string string

      Match string

  -max-response-body-size int

      Maximum response body size (default 2147483647)

  -mc string

      Match status code

  -method

      Output method

  -ml string

      Match content length

  -no-color

      No Color

  -no-fallback

      If HTTPS on port 443 is successful on default configuration, probes also port 80 for HTTP

  -o string

      File to write output to (optional)

  -path string

      Request path/file (example '/api')

  -paths string

      Command separated paths or file containing one path per line (example '/api/v1,/apiv2')

  -pipeline

      HTTP1.1 Pipeline

  -ports value

      ports range (nmap syntax: eg 1,2-10,11)

  -random-agent

      Use randomly selected HTTP User-Agent header value

  -request string

      File containing raw request

  -response-in-json

      Show Raw HTTP Response In Output (-json only) (deprecated)

  -response-time

      Output the response time

  -retries int

      Number of retries

  -silent

      Silent mode

  -sr

      Save response to file (default 'output')

  -srd string

      Save response directory (default "output")

  -stats

      Enable statistic on keypress (terminal may become unresponsive till the end)

  -status-code

      Extracts status code

  -store-chain

      Save chain to file (default 'output')

  -tech-detect

      Perform wappalyzer based technology detection

  -threads int

      Number of threads (default 50)

  -timeout int

      Timeout in seconds (default 5)

  -title

      Extracts title

  -tls-grab

      Perform TLS data grabbing

  -tls-probe

      Send HTTP probes on the extracted TLS domains

  -unsafe

      Send raw requests skipping golang normalization

  -verbose

      Verbose Mode

  -version

      Show version of httpx

  -vhost

      Check for VHOSTs

  -vhost-input

      Get a list of vhosts as input

  -web-server

      Extracts server header

  -websocket

      Prints out if the server exposes a websocket

  -x string

      Request Methods, use ALL to check all verbs ()