Httpx Advanced tool for Penetration Tester

Greeting Everyone , Hope everyone Good Today we are Going to look On One of Project Discovery Tool For Penetration tester httpx . httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads.

Httpx is a new generation tool for gather Information about our target which developed based on golang httpx make Testing phase More easy and complex .

Advantage Of httpx tool?

  • Simple and modular code base making it easy to contribute .
  • Fast And fully configurable flags to probe mutiple elements.
  • Supports vhost, urls, ports, title, content-length, status-code, response-body probbing.
  • Smart auto fallback from https to http as default.
  • Supports hosts, URLs and CIDR as input.
  • Handles edge cases doing retries, backoffs etc for handling WAFs.
  • Easy to use User friendly

Why Httpx ?

Httpx which help to gather information which help to find vulnerabilities and verify attack vectors that are affecting web applications. Which basically Based On domain enumerate which help to detect status code from given subdomains, Prints content-type, Prints title of page if available, detect vhost from list of subdomains & we can define specific Ports ranges .

Usage Of Httpx : How To Install:

→ git clone https://github.com/projectdiscovery/httpx.git

→ cd httpx/cmd/httpx
→ go build .
→ mv httpx /usr/local/bin/
→ httpx -h

Now, To Open httpx After successfully Installed We need to run command :

→ httpx -h

As above command using -h we can verify Usage of httpx .

Now, Running httpx with stdin Standard Input We will use command :

-> cat domains.txt | httpx

As above pic which return all the matches from Our given domain List .

Now, Running httpx with CIDR input Classless inter-domain routing here we will use command:

→ echo 123.0.84.0/24 | httpx

As above picture which help to find out all the ip ranges As we used CIDR Input to find out all possible ranges from Our supplied Target.

Now, We can use httpx with subfinder to find all subdomain with their Response & title of all subdomains , Here we will use : (You must need to subfinder pre installed ) Command :

→ subfinder -d target.com -silent | httpx -title -content-length -status-code

As above Picture As we Find out possble Subdomain from Our target domain with title length & status code We used -d for Domain extension -title for output Title with length -status-code for their Response

So Today we have discussed how httpx make our testing phase more easy and flexible we can gather possible information Of our target which also refer as time consuming . We Discussed How Different Command We used to find Possible Information About our target .

Hope You enjoyed & learn one more interesting tool for penetration tester .

For More References : https://github.com/encode/httpx

Stick With Our Blog : https://securiumsolutions.com/blog/

Author : Pallab Jyoti Borah | VAPT Analyst

Leave a Comment

Your email address will not be published. Required fields are marked *