【工具分享】httpx的安装使用

unzip httpx_1.3.5_linux_amd64.zip

httpx -h

cp httpx /usr/local/bin/

httpx -h

Usage:  ./httpx [flags]
Flags:INPUT:   -l, -list string      input file containing list of hosts to process   -rr, -request string  file containing raw request   -u, -target string[]  input target host(s) to probe
PROBES:   -sc, -status-code     display response status-code   -cl, -content-length  display response content-length   -ct, -content-type    display response content-type   -location             display response redirect location   -favicon              display mmh3 hash for '/favicon.ico' file   -hash string          display response body hash (supported: md5,mmh3,simhash,sha1,sha256,sha512)   -jarm                 display jarm fingerprint hash   -rt, -response-time   display response time   -lc, -line-count      display response body line count   -wc, -word-count      display response body word count   -title                display page title   -bp, -body-preview    display first N characters of response body (default 100)   -server, -web-server  display server name   -td, -tech-detect     display technology in use based on wappalyzer dataset   -method               display http request method   -websocket            display server using websocket   -ip                   display host ip   -cname                display host cname   -asn                  display host asn information   -cdn                  display cdn/waf in use   -probe                display probe status
HEADLESS:   -ss, -screenshot                 enable saving screenshot of the page using headless browser   -system-chrome                   enable using local installed chrome for screenshot   -esb, -exclude-screenshot-bytes  enable excluding screenshot bytes from json output   -ehb, -exclude-headless-body     enable excluding headless header from json output
MATCHERS:   -mc, -match-code string            match response with specified status code (-mc 200,302)   -ml, -match-length string          match response with specified content length (-ml 100,102)   -mlc, -match-line-count string     match response body with specified line count (-mlc 423,532)   -mwc, -match-word-count string     match response body with specified word count (-mwc 43,55)   -mfc, -match-favicon string[]      match response with specified favicon hash (-mfc 1494302000)   -ms, -match-string string          match response with specified string (-ms admin)   -mr, -match-regex string           match response with specified regex (-mr admin)   -mcdn, -match-cdn string[]         match host with specified cdn provider (cloudfront, fastly, google, leaseweb, stackpath)   -mrt, -match-response-time string  match response with specified response time in seconds (-mrt '< 1')   -mdc, -match-condition string      match response with dsl expression condition
EXTRACTOR:   -er, -extract-regex string[]   display response content with matched regex   -ep, -extract-preset string[]  display response content matched by a pre-defined regex (ipv4,mail,url)
FILTERS:   -fc, -filter-code string            filter response with specified status code (-fc 403,401)   -fep, -filter-error-page            filter response with ML based error page detection   -fl, -filter-length string          filter response with specified content length (-fl 23,33)   -flc, -filter-line-count string     filter response body with specified line count (-flc 423,532)   -fwc, -filter-word-count string     filter response body with specified word count (-fwc 423,532)   -ffc, -filter-favicon string[]      filter response with specified favicon hash (-ffc 1494302000)   -fs, -filter-string string          filter response with specified string (-fs admin)   -fe, -filter-regex string           filter response with specified regex (-fe admin)   -fcdn, -filter-cdn string[]         filter host with specified cdn provider (cloudfront, fastly, google, leaseweb, stackpath)   -frt, -filter-response-time string  filter response with specified response time in seconds (-frt '> 1')   -fdc, -filter-condition string      filter response with dsl expression condition   -strip                              strips all tags in response. supported formats: html,xml (default html)
RATE-LIMIT:   -t, -threads int              number of threads to use (default 50)   -rl, -rate-limit int          maximum requests to send per second (default 150)   -rlm, -rate-limit-minute int  maximum number of requests to send per minute
MISCELLANEOUS:   -pa, -probe-all-ips        probe all the ips associated with same host   -p, -ports string[]        ports to probe (nmap syntax: eg http:1,2-10,11,https:80)   -path string               path or list of paths to probe (comma-separated, file)   -tls-probe                 send http probes on the extracted TLS domains (dns_name)   -csp-probe                 send http probes on the extracted CSP domains   -tls-grab                  perform TLS(SSL) data grabbing   -pipeline                  probe and display server supporting HTTP1.1 pipeline   -http2                     probe and display server supporting HTTP2   -vhost                     probe and display server supporting VHOST   -ldv, -list-dsl-variables  list json output field keys name that support dsl matcher/filter
UPDATE:   -up, -update                 update httpx to latest version   -duc, -disable-update-check  disable automatic httpx update check
OUTPUT:   -o, -output string                  file to write output results   -oa, -output-all                    filename to write output results in all formats   -sr, -store-response                store http response to output directory   -srd, -store-response-dir string    store http response to custom directory   -csv                                store output in csv format   -csvo, -csv-output-encoding string  define output encoding   -j, -json                           store output in JSONL(ines) format   -irh, -include-response-header      include http response (headers) in JSON output (-json only)   -irr, -include-response             include http request/response (headers + body) in JSON output (-json only)   -irrb, -include-response-base64     include base64 encoded http request/response in JSON output (-json only)   -include-chain                      include redirect http chain in JSON output (-json only)   -store-chain                        include http redirect chain in responses (-sr only)
CONFIGURATIONS:   -config string                path to the httpx configuration file (default $HOME/.config/httpx/config.yaml)   -r, -resolvers string[]       list of custom resolver (file or comma separated)   -allow string[]               allowed list of IP/CIDR's to process (file or comma separated)   -deny string[]                denied list of IP/CIDR's to process (file or comma separated)   -sni, -sni-name string        custom TLS SNI name   -random-agent                 enable Random User-Agent to use (default true)   -H, -header string[]          custom http headers to send with request   -http-proxy, -proxy string    http proxy to use (eg http://127.0.0.1:8080)   -unsafe                       send raw requests skipping golang normalization   -resume                       resume scan using resume.cfg   -fr, -follow-redirects        follow http redirects   -maxr, -max-redirects int     max number of redirects to follow per host (default 10)   -fhr, -follow-host-redirects  follow redirects on the same host   -rhsts, -respect-hsts         respect HSTS response headers for redirect requests   -vhost-input                  get a list of vhosts as input   -x string                     request methods to probe, use 'all' to probe all HTTP methods   -body string                  post body to include in http request   -s, -stream                   stream mode - start elaborating input targets without sorting   -sd, -skip-dedupe             disable dedupe input items (only used with stream mode)   -ldp, -leave-default-ports    leave default http/https ports in host header (eg. http://host:80 - https://host:443   -ztls                         use ztls library with autofallback to standard one for tls13   -no-decode                    avoid decoding body   -tlsi, -tls-impersonate       enable experimental client hello (ja3) tls randomization   -no-stdin                     Disable Stdin processing
DEBUG:   -health-check, -hc        run diagnostic check up   -debug                    display request/response content in cli   -debug-req                display request content in cli   -debug-resp               display response content in cli   -version                  display httpx version   -stats                    display scan statistic   -profile-mem string       optional httpx memory profile dump file   -silent                   silent mode   -v, -verbose              verbose mode   -si, -stats-interval int  number of seconds to wait between showing a statistics update (default: 5)   -nc, -no-color            disable colors in cli output
OPTIMIZATIONS:   -nf, -no-fallback                  display both probed protocol (HTTPS and HTTP)   -nfs, -no-fallback-scheme          probe with protocol scheme specified in input    -maxhr, -max-host-error int        max error count per host before skipping remaining path/s (default 30)   -ec, -exclude-cdn                  skip full port scans for CDN/WAF (only checks for 80,443)   -retries int                       number of retries   -timeout int                       timeout in seconds (default 10)   -delay value                       duration between each http request (eg: 200ms, 1s) (default -1ns)   -rsts, -response-size-to-save int  max response size to save in bytes (default 2147483647)   -rstr, -response-size-to-read int  max response size to read in bytes (default 2147483647)

Usage:  ./httpx [flags]
Flags:INPUT:   -l, -list string      包含要处理的主机列表的输入文件   -rr, -request string  包含原始请求的文件   -u, -target string[]  输入要探测的目标主机
PROBES:   -sc, -status-code     显示响应状态代码   -cl, -content-length  显示响应内容长度   -ct, -content-type    显示响应内容类型   -location             显示响应重定向位置   -favicon              显示'/faveicon.ico'文件的mmh3哈希   -hash string          显示响应主体哈希(supported: md5,mmh3,simhash,sha1,sha256,sha512)   -jarm                 显示jarm指纹散列   -rt, -response-time   显示响应时间   -lc, -line-count      显示响应正文行计数   -wc, -word-count      显示响应正文字数   -title                显示页面标题   -bp, -body-preview    显示响应主体的前N个字符（默认值为100）   -server, -web-server  显示服务器名称   -td, -tech-detect     基于wappalyzer数据集的显示技术   -method               显示http请求方法   -websocket            使用websocket显示服务器   -ip                   显示主机ip   -cname                显示主机cname   -asn                  显示主机asn信息   -cdn                  显示使用中的cdn/waf   -probe                显示探头状态
HEADLESS:   -ss, -screenshot                 启用使用无头浏览器保存页面的屏幕截图   -system-chrome                   启用使用本地安装的chrome进行屏幕截图   -esb, -exclude-screenshot-bytes  启用从json输出中排除屏幕截图字节   -ehb, -exclude-headless-body     启用从json输出中排除headless头
MATCHERS:   -mc, -match-code string            将响应与指定的状态代码匹配 (-mc 200,302)   -ml, -match-length string          将响应与指定的内容长度匹配 (-ml 100,102)   -mlc, -match-line-count string     将响应正文与指定的行数匹配 (-mlc 423,532)   -mwc, -match-word-count string     将响应正文与指定的字数匹配 (-mwc 43,55)   -mfc, -match-favicon string[]      将响应与指定的收藏夹哈希匹配 (-mfc 1494302000)   -ms, -match-string string          将响应与指定字符串匹配 (-ms admin)   -mr, -match-regex string           将响应与指定的正则表达式匹配 (-mr admin)   -mcdn, -match-cdn string[]         将主机与指定的cdn提供程序匹配 (cloudfront, fastly, google, leaseweb, stackpath)   -mrt, -match-response-time string  将响应与指定的响应时间匹配 (-mrt '< 1')   -mdc, -match-condition string      将响应与dsl表达式条件匹配
EXTRACTOR:   -er, -extract-regex string[]   使用匹配的正则表达式显示响应内容   -ep, -extract-preset string[]  显示与预定义regex匹配的响应内容 (ipv4,mail,url)
FILTERS:   -fc, -filter-code string            筛选具有指定状态代码的响应 (-fc 403,401)   -fep, -filter-error-page            基于ML的错误页面检测的过滤器响应   -fl, -filter-length string          筛选具有指定内容长度的响应 (-fl 23,33)   -flc, -filter-line-count string     具有指定行计数的筛选器响应正文 (-flc 423,532)   -fwc, -filter-word-count string     具有指定字数的筛选器响应正文 (-fwc 423,532)   -ffc, -filter-favicon string[]      使用指定的收藏夹哈希筛选响应 (-ffc 1494302000)   -fs, -filter-string string          使用指定字符串筛选响应 (-fs admin)   -fe, -filter-regex string           使用指定的正则表达式筛选响应 (-fe admin)   -fcdn, -filter-cdn string[]         使用指定的cdn提供程序筛选主机 (cloudfront, fastly, google, leaseweb, stackpath)   -frt, -filter-response-time string  筛选具有指定响应时间（秒）的响应 (-frt '> 1')   -fdc, -filter-condition string      具有dsl表达式条件的滤波器响应   -strip                              剥离所有标签作为响应。支持的格式: html,xml (default html)
RATE-LIMIT:   -t, -threads int              要使用的线程数 (default 50)   -rl, -rate-limit int          每秒发送的最大请求数 (default 150)   -rlm, -rate-limit-minute int  每分钟发送的最大请求数
MISCELLANEOUS:   -pa, -probe-all-ips        探测与同一主机相关的所有ip   -p, -ports string[]        要探测的端口 (nmap syntax: eg http:1,2-10,11,https:80)   -path string               要探测的路径或路径列表 (comma-separated, file)   -tls-probe                 在提取的TLS域上发送http探测 (dns_name)   -csp-probe                 在提取的CSP域上发送http探测   -tls-grab                  执行TLS（SSL）数据抓取   -pipeline                  支持HTTP1.1管道的探测和显示服务器   -http2                     支持HTTP2的探测和显示服务器   -vhost                     支持VHOST的探测和显示服务器   -ldv, -list-dsl-variables  列出支持dsl matcher/filter的json输出字段密钥名称
UPDATE:   -up, -update                 将httpx更新到最新版本   -duc, -disable-update-check  禁用httpx自动更新检查
OUTPUT:   -o, -output string                  用于写入输出结果的文件   -oa, -output-all                    以所有格式写入输出结果的filename   -sr, -store-response                将http响应存储到输出目录   -srd, -store-response-dir string    将http响应存储到自定义目录   -csv                                以csv格式存储输出   -csvo, -csv-output-encoding string  定义输出编码   -j, -json                           以JSONL（ines）格式存储输出   -irh, -include-response-header      在JSON输出中包含http响应（标头）（仅限-JSON）   -irr, -include-response             在JSON输出中包含http请求/响应（头+正文）（仅限-JSON）   -irrb, -include-response-base64     在JSON输出中包含base64编码的http请求/响应（仅限-JSON）   -include-chain                      在JSON输出中包含重定向http链（仅限-JSON）   -store-chain                        在响应中包括http重定向链（仅限-sr）
CONFIGURATIONS:   -config string                httpx配置文件的路径 (default $HOME/.config/httpx/config.yaml)   -r, -resolvers string[]       自定义冲突解决程序列表（以文件或逗号分隔）   -allow string[]               允许处理的IP/CIDR列表（文件或逗号分隔）   -deny string[]                要处理的IP/CIDR的拒绝列表（文件或逗号分隔）   -sni, -sni-name string        自定义TLS SNI名称   -random-agent                 允许随机用户代理使用（默认为true）   -H, -header string[]          要随请求一起发送的自定义http标头   -http-proxy, -proxy string    要使用的http代理（例如http://127.0.0.1:8080)   -unsafe                       跳过golang规范化发送原始请求   -resume                       使用resume.cfg恢复扫描   -fr, -follow-redirects        遵循http重定向   -maxr, -max-redirects int     每个主机要遵循的最大重定向数（默认为10）   -fhr, -follow-host-redirects  在同一主机上跟踪重定向   -rhsts, -respect-hsts         重定向请求的HSTS响应标头   -vhost-input                  获取vhosts列表作为输入   -x string                     请求要探测的方法，使用“all”探测所有HTTP方法   -body string                  要包含在http请求中的帖子正文   -s, -stream                   流模式-开始详细说明输入目标而不进行排序   -sd, -skip-dedupe             禁用重复数据消除输入项目（仅用于流模式）   -ldp, -leave-default-ports    在主机标头中保留默认的http/https端口 (eg. http://host:80 - https://host:443   -ztls                         使用ztls库并自动回调到tls13的标准库   -no-decode                    避免解码主体   -tlsi, -tls-impersonate       启用实验客户端hello（ja3）tls随机化   -no-stdin                     禁用Stdin处理
DEBUG:   -health-check, -hc        运行诊断检查   -debug                    在cli中显示请求/响应内容   -debug-req                在cli中显示请求内容   -debug-resp               在cli中显示响应内容   -version                  显示httpx版本   -stats                    显示扫描统计   -profile-mem string       可选httpx内存配置文件转储文件   -silent                   静音模式   -v, -verbose              详细模式   -si, -stats-interval int  显示统计信息更新之间等待的秒数 (default: 5)   -nc, -no-color            禁用cli输出中的颜色
OPTIMIZATIONS:   -nf, -no-fallback                  显示两个探测的协议 (HTTPS and HTTP)   -nfs, -no-fallback-scheme          使用输入中指定的协议方案进行探测   -maxhr, -max-host-error int        跳过剩余路径之前每个主机的最大错误计数 (default 30)   -ec, -exclude-cdn                  跳过CDN/WAF的完整端口扫描 (only checks for 80,443)   -retries int                       重试次数   -timeout int                       超时时间 (default 10)   -delay value                       每个http请求之间的持续时间 (eg: 200ms, 1s) (default -1ns)   -rsts, -response-size-to-save int  要保存的最大响应大小（字节） (default 2147483647)   -rstr, -response-size-to-read int  要读取的最大响应大小（字节） (default 2147483647)

httpx -l url.txt -fep -o url_ok.txt

httpx -l url.txt -sc -ct -location -favicon -jarm -rt -title -server -probe -asn -fep  -irr -include-chain -ss -j -o jjjj

cat hosts.txt | httpx 
    __    __  __       _  __   / /_  / /_/ /_____ | |/ /  / __ / __/ __/ __ |   /  / / / / /_/ /_/ /_/ /   |  /_/ /_/__/__/ .___/_/|_|   v1.1.1               /_/            
    projectdiscovery.io
[WRN] Use with caution. You are responsible for your actions[WRN] Developers assume no liability and are not responsible for any misuse or damage.
https://mta-sts.managed.hackerone.comhttps://mta-sts.hackerone.comhttps://mta-sts.forwarding.hackerone.comhttps://docs.hackerone.comhttps://www.hackerone.comhttps://resources.hackerone.comhttps://api.hackerone.comhttps://support.hackerone.com

httpx -list hosts.txt -silent -probe
http://ns.hackerone.com [FAILED]https://docs.hackerone.com [SUCCESS]https://mta-sts.hackerone.com [SUCCESS]https://mta-sts.managed.hackerone.com [SUCCESS]http://email.hackerone.com [FAILED]https://mta-sts.forwarding.hackerone.com [SUCCESS]http://links.hackerone.com [FAILED]https://api.hackerone.com [SUCCESS]https://www.hackerone.com [SUCCESS]http://events.hackerone.com [FAILED]https://support.hackerone.com [SUCCESS]https://gslink.hackerone.com [SUCCESS]http://o1.email.hackerone.com [FAILED]http://info.hackerone.com [FAILED]https://resources.hackerone.com [SUCCESS]http://o2.email.hackerone.com [FAILED]http://o3.email.hackerone.com [FAILED]http://go.hackerone.com [FAILED]http://a.ns.hackerone.com [FAILED]http://b.ns.hackerone.com [FAILED]

echo 173.0.84.0/24 | httpx -silent
https://173.0.84.29https://173.0.84.43https://173.0.84.31https://173.0.84.44https://173.0.84.12https://173.0.84.4https://173.0.84.36https://173.0.84.45https://173.0.84.14https://173.0.84.25https://173.0.84.46https://173.0.84.24https://173.0.84.32https://173.0.84.9https://173.0.84.13https://173.0.84.6https://173.0.84.16https://173.0.84.34

echo AS14421 | httpx -silent
https://216.101.17.248https://216.101.17.249https://216.101.17.250https://216.101.17.251https://216.101.17.252

httpx -l urls.txt -path /v1/api -fep
    __    __  __       _  __   / /_  / /_/ /_____ | |/ /  / __ / __/ __/ __ |   / / / / / /_/ /_/ /_/ /   |/_/ /_/__/__/ .___/_/|_|             /_/
                projectdiscovery.io
[INF] Current httpx version v1.3.3 (latest)https://scanme.sh/v1/api

subfinder -d hackerone.com -silent | httpx -favicon
    __    __  __       _  __   / /_  / /_/ /_____ | |/ /  / __ / __/ __/ __ |   / / / / / /_/ /_/ /_/ /   |/_/ /_/__/__/ .___/_/|_|             /_/              v1.1.5
      projectdiscovery.io
Use with caution. You are responsible for your actions.Developers assume no liability and are not responsible for any misuse or damage.https://docs.hackerone.com/favicon.ico [595148549]https://hackerone.com/favicon.ico [595148549]https://mta-sts.managed.hackerone.com/favicon.ico [-1700323260]https://mta-sts.forwarding.hackerone.com/favicon.ico [-1700323260]https://support.hackerone.com/favicon.ico [-1279294674]https://gslink.hackerone.com/favicon.ico [1506877856]https://resources.hackerone.com/favicon.ico [-1840324437]https://api.hackerone.com/favicon.ico [566218143]https://mta-sts.hackerone.com/favicon.ico [-1700323260]https://www.hackerone.com/favicon.ico [778073381]

subfinder -d hackerone.com -silent | httpx -jarm    __    __  __       _  __   / /_  / /_/ /_____ | |/ /  / __ / __/ __/ __ |   / / / / / /_/ /_/ /_/ /   |/_/ /_/__/__/ .___/_/|_|             /_/              v1.2.1
      projectdiscovery.io
Use with caution. You are responsible for your actions.Developers assume no liability and are not responsible for any misuse or damage.https://www.hackerone.com [29d3dd00029d29d00042d43d00041d5de67cc9954cc85372523050f20b5007]https://mta-sts.hackerone.com [29d29d00029d29d00042d43d00041d2aa5ce6a70de7ba95aef77a77b00a0af]https://mta-sts.managed.hackerone.com [29d29d00029d29d00042d43d00041d2aa5ce6a70de7ba95aef77a77b00a0af]https://docs.hackerone.com [29d29d00029d29d00042d43d00041d2aa5ce6a70de7ba95aef77a77b00a0af]https://support.hackerone.com [29d3dd00029d29d00029d3dd29d29d5a74e95248e58a6162e37847a24849f7]https://api.hackerone.com [29d3dd00029d29d00042d43d00041d5de67cc9954cc85372523050f20b5007]https://mta-sts.forwarding.hackerone.com [29d29d00029d29d00042d43d00041d2aa5ce6a70de7ba95aef77a77b00a0af]https://resources.hackerone.com [2ad2ad0002ad2ad0002ad2ad2ad2ad043bfbd87c13813505a1b60adf4f6ff5]

subfinder -d hackerone.com -silent | httpx -asn    __    __  __       _  __   / /_  / /_/ /_____ | |/ /  / __ / __/ __/ __ |   / / / / / /_/ /_/ /_/ /   |/_/ /_/__/__/ .___/_/|_|             /_/              v1.2.1
      projectdiscovery.io
Use with caution. You are responsible for your actions.Developers assume no liability and are not responsible for any misuse or damage.https://mta-sts.managed.hackerone.com [AS54113, FASTLY, US]https://gslink.hackerone.com [AS16509, AMAZON-02, US]https://www.hackerone.com [AS13335, CLOUDFLARENET, US]https://mta-sts.forwarding.hackerone.com [AS54113, FASTLY, US]https://resources.hackerone.com [AS16509, AMAZON-02, US]https://support.hackerone.com [AS13335, CLOUDFLARENET, US]https://mta-sts.hackerone.com [AS54113, FASTLY, US]https://docs.hackerone.com [AS54113, FASTLY, US]https://api.hackerone.com [AS13335, CLOUDFLARENET, US]