关于Httpx
Httpx是一款运行速度极快的多功能HTTP安全工具,它可以使用retryablehttp库来运行多种网络探针,并使用了多线程机制来维持运行的稳定性和结果的准确性。
功能介绍
简单和模块化的代码库,易于贡献代码;
快速和完全可配置的参数选项支持探测多个元素;
支持多种基于HTTP的探测;
默认情况下,智能自动从https回退到http;
支持主机、URL和CIDR作为输入;
在遇到Web应用防火墙时,能够自动处理边缘情况、进行重试和退避等操作;
支持的探测
探测 |
默认检测 |
探测 |
默认检测 |
URL |
true |
IP |
true |
Title |
true |
CNAME |
true |
Status Code |
true |
Raw HTTP |
false |
Content Length |
true |
HTTP2 |
false |
TLS Certificate |
true |
HTTP 1.1 Pipeline |
false |
CSP Header |
true |
Virtual host |
false |
Location Header |
true |
CDN |
false |
Web Server |
true |
Path |
false |
Web Socket |
true |
Ports |
false |
Response Time |
true |
Request method |
false |
工具安装
Httpx要求本地主机安装并配置好Go v1.14+环境,然后可以使用下列命令来获取Httpx代码库:
GO111MODULE=on go get -v github.com/projectdiscovery/httpx/cmd/httpx
工具使用
httpx -h
上述命令将显示工具的帮助信息,下面给出的是该工具支持的所有参数选项:
Usage of ./httpx: -H value Custom Header -allow value Allowlist ip/cidr -body string Request Body -cdn Check if domain's ip belongs to known CDN (akamai, cloudflare, ..) -cname Output first cname -content-length Extracts content length -content-type Extracts content-type -csp-probe Send HTTP probes on the extracted CSP domains -debug Debug mode -deny value Denylist ip/cidr -extract-regex string Extract Regex -fc string Filter status code -filter-regex string Filter Regex -filter-string string Filter String -fl string Filter content length -follow-host-redirects Only follow redirects on the same host -follow-redirects Follow Redirects -http-proxy string HTTP Proxy, eg http://127.0.0.1:8080 -http2 HTTP2 probe -include-chain Show Raw HTTP Chain In Output (-json only) -include-response Show Raw HTTP Response In Output (-json only) -ip Output target ip -json JSON Output -l string File containing domains -location Extracts location header -match-regex string Match Regex -match-string string Match string -max-response-body-size int Maximum response body size (default 2147483647) -mc string Match status code -method Output method -ml string Match content length -no-color No Color -no-fallback If HTTPS on port 443 is successful on default configuration, probes also port 80 for HTTP -o string File to write output to (optional) -path string Request path/file (example '/api') -paths string Command separated paths or file containing one path per line (example '/api/v1,/apiv2') -pipeline HTTP1.1 Pipeline -ports value ports range (nmap syntax: eg 1,2-10,11) -random-agent Use randomly selected HTTP User-Agent header value -request string File containing raw request -response-in-json Show Raw HTTP Response In Output (-json only) (deprecated) -response-time Output the response time -retries int Number of retries -silent Silent mode -sr Save response to file (default 'output') -srd string Save response directory (default "output") -stats Enable statistic on keypress (terminal may become unresponsive till the end) -status-code Extracts status code -store-chain Save chain to file (default 'output') -tech-detect Perform wappalyzer based technology detection -threads int Number of threads (default 50) -timeout int Timeout in seconds (default 5) -title Extracts title -tls-grab Perform TLS data grabbing -tls-probe Send HTTP probes on the extracted TLS domains -unsafe Send raw requests skipping golang normalization -verbose Verbose Mode -version Show version of httpx -vhost Check for VHOSTs -vhost-input Get a list of vhosts as input -web-server Extracts server header -websocket Prints out if the server exposes a websocket -x string Request Methods, use ALL to check all verbs ()
工具运行
使用stdin运行Httpx
这种方式将使用Httpx针对hosts.txt文件中所有的主机和子域名进行检测,并返回正在运行HTTP Web服务器的URL地址:
▶ cat hosts.txt | httpx __ __ __ _ __ / /_ / /_/ /_____ | |/ / / __ \/ __/ __/ __ \| / / / / / /_/ /_/ /_/ / | /_/ /_/\__/\__/ .___/_/|_| v1.0 /_/ projectdiscovery.io [WRN] Use with caution. You are responsible for your actions [WRN] Developers assume no liability and are not responsible for any misuse or damage. https://mta-sts.managed.hackerone.com https://mta-sts.hackerone.com https://mta-sts.forwarding.hackerone.com https://docs.hackerone.com https://www.hackerone.com https://resources.hackerone.com https://api.hackerone.com https://support.hackerone.com
使用文件输入运行Httpx
这种方式将使用Httpx针对hosts.txt文件中所有的主机和子域名进行检测,并返回正在运行HTTP Web服务器的URL地址:
▶ httpx -l hosts.txt -silent https://docs.hackerone.com https://mta-sts.hackerone.com https://mta-sts.managed.hackerone.com https://mta-sts.forwarding.hackerone.com https://www.hackerone.com https://resources.hackerone.com https://api.hackerone.com https://support.hackerone.com
使用CIDR输入运行Httpx
▶ echo 173.0.84.0/24 | httpx -silent https://173.0.84.29 https://173.0.84.43 https://173.0.84.31 https://173.0.84.44 https://173.0.84.12 https://173.0.84.4 https://173.0.84.36 https://173.0.84.45 https://173.0.84.14 https://173.0.84.25 https://173.0.84.46 https://173.0.84.24 https://173.0.84.32 https://173.0.84.9 https://173.0.84.13 https://173.0.84.6 https://173.0.84.16 https://173.0.84.34
使用subfinder运行Httpx
▶ subfinder -d hackerone.com | httpx -title -tech-detect -status-code -title -follow-redirects __ __ __ _ __ / /_ / /_/ /_____ | |/ / / __ \/ __/ __/ __ \| / / / / / /_/ /_/ /_/ / | /_/ /_/\__/\__/ .___/_/|_| /_/ v1.0.6 projectdiscovery.io Use with caution. You are responsible for your actions Developers assume no liability and are not responsible for any misuse or damage. https://mta-sts.managed.hackerone.com [404] [Page not found · GitHub Pages] [Varnish,GitHub Pages,Ruby on Rails] https://mta-sts.hackerone.com [404] [Page not found · GitHub Pages] [Varnish,GitHub Pages,Ruby on Rails] https://mta-sts.forwarding.hackerone.com [404] [Page not found · GitHub Pages] [GitHub Pages,Ruby on Rails,Varnish] https://docs.hackerone.com [200] [HackerOne Platform Documentation] [Ruby on Rails,jsDelivr,Gatsby,React,webpack,Varnish,GitHub Pages] https://support.hackerone.com [301,302,301,200] [HackerOne] [Cloudflare,Ruby on Rails,Ruby] https://resources.hackerone.com [301,301,404] [Sorry, no Folders found.]
工具运行截图
项目地址
Httpx:【GitHub传送门】
来源:freebuf.com 2021-05-18 12:20:36 by: Alpha_h4ck
请登录后发表评论
注册