Packages and Binaries:
httpx-toolkit
This package contains the httpX toolkit developed by ProjectDiscovery. It’s a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads.
Features
- Simple and modular code base making it easy to contribute.
- Fast And fully configurable flags to probe multiple elements.
- Supports multiple HTTP based probings.
- Smart auto fallback from https to http as default.
- Supports hosts, URLs and CIDR as input.
- Handles edge cases doing retries, backoffs etc for handling WAFs.
This tool is packaged as ‘httpx-toolkit’ to avoid confusion and conflicts with the package python3-httpx that provides a script /usr/bin/httpx.
Installed size: 11.47 MB
How to install: sudo apt install httpx-toolkit
Dependencies:
- libc6
httpx-toolkit
root@kali:~# httpx-toolkit -h
httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library.
Usage:
httpx-toolkit [flags]
Flags:
INPUT:
-l, -list string Input file containing list of hosts to process
-request string File containing raw request
PROBES:
-sc, -status-code Display Status Code
-td, -tech-detect Display wappalyzer based technology detection
-cl, -content-length Display Content-Length
-server, -web-server Display Server header
-ct, -content-type Display Content-Type header
-lc, -line-count Display Response body line count
-wc, -word-count Display Response body word count
-rt, -response-time Display the response time
-title Display page title
-location Display Location header
-method Display Request method
-websocket Display server using websocket
-ip Display Host IP
-cname Display Host cname
-cdn Display if CDN in use
-probe Display probe status
MATCHERS:
-mc, -match-code string Match response with given status code (-mc 200,302)
-ml, -match-length string Match response with given content length (-ml 100,102)
-ms, -match-string string Match response with given string
-mr, -match-regex string Match response with specific regex
-er, -extract-regex string Display response content with matched regex
-mlc, -match-line-count string Match Response body line count
-mwc, -match-word-count string Match Response body word count
-mfc, -match-favicon string[] Match response with specific favicon
FILTERS:
-fc, -filter-code string Filter response with given status code (-fc 403,401)
-fl, -filter-length string Filter response with given content length (-fl 23,33)
-fs, -filter-string string Filter response with specific string
-fe, -filter-regex string Filter response with specific regex
-flc, -filter-line-count string Filter Response body line count
-fwc, -filter-word-count string Filter Response body word count
-ffc, -filter-favicon string[] Filter response with specific favicon
RATE-LIMIT:
-t, -threads int Number of threads (default 50)
-rl, -rate-limit int Maximum requests to send per second (default 150)
MISCELLANEOUS:
-favicon Probes for favicon ("favicon.ico" as path) and display phythonic hash
-tls-grab Perform TLS(SSL) data grabbing
-tls-probe Send HTTP probes on the extracted TLS domains
-csp-probe Send HTTP probes on the extracted CSP domains
-pipeline HTTP1.1 Pipeline probe
-http2 HTTP2 probe
-vhost VHOST Probe
-p, -ports string[] Port to scan (nmap syntax: eg 1,2-10,11)
-path string File or comma separated paths to request
-paths string File or comma separated paths to request (deprecated)
OUTPUT:
-o, -output string file to write output results
-sr, -store-response store http response to output directory
-srd, -store-response-dir string store http response to custom directory
-csv store output in CSV format
-json store output in JSONL(ines) format
-irr, -include-response include http request/response in JSON output (-json only)
-include-chain include redirect http chain in JSON output (-json only)
-store-chain include http redirect chain in responses (-sr only)
CONFIGURATIONS:
-r, -resolvers string[] List of custom resolvers (file or comma separated)
-allow string[] Allowed list of IP/CIDR's to process (file or comma separated)
-deny string[] Denied list of IP/CIDR's to process (file or comma separated)
-random-agent Enable Random User-Agent to use (default true)
-H, -header string[] Custom Header to send with request
-http-proxy, -proxy string HTTP Proxy, eg http://127.0.0.1:8080
-unsafe Send raw requests skipping golang normalization
-resume Resume scan using resume.cfg
-fr, -follow-redirects Follow HTTP redirects
-maxr, -max-redirects int Max number of redirects to follow per host (default 10)
-fhr, -follow-host-redirects Follow redirects on the same host
-vhost-input Get a list of vhosts as input
-x string Request methods to use, use 'all' to probe all HTTP methods
-body string Post body to include in HTTP request
-s, -stream Stream mode - start elaborating input targets without sorting
-sd, -skip-dedupe Disable dedupe input items (only used with stream mode)
-pa, -probe-all-ips Probe all the ips associated with same host
-ldp, -leave-default-ports Leave default HTTP/HTTPS ports (eg. http://host:80 - https//host:443
DEBUG:
-silent Silent mode
-v, -verbose Verbose mode
-version Display version
-nc, -no-color Disable color in output
-debug Debug mode
-debug-req Show all sent requests
-debug-resp Show all received responses
-stats Display scan statistic
OPTIMIZATIONS:
-nf, -no-fallback Display both probbed protocol (HTTPS and HTTP)
-nfs, -no-fallback-scheme Probe with input protocol scheme
-maxhr, -max-host-error int Max error count per host before skipping remaining path/s (default 30)
-ec, -exclude-cdn Skip full port scans for CDNs (only checks for 80,443)
-retries int Number of retries
-timeout int Timeout in seconds (default 5)
-rsts, -response-size-to-save int Max response size to save in bytes (default 2147483647)
-rstr, -response-size-to-read int Max response size to read in bytes (default 2147483647)
Updated on: 2022-Nov-18