freeBuf
主站

分类

漏洞 工具 极客 Web安全 系统安全 网络安全 无线安全 设备/客户端安全 数据安全 安全管理 企业安全 工控安全

特色

头条 人物志 活动 视频 观点 招聘 报告 资讯 区块链安全 标准与合规 容器安全 公开课

官方公众号企业安全新浪微博

FreeBuf.COM网络安全行业门户,每日发布专业的安全资讯、技术剖析。

FreeBuf+小程序

FreeBuf+小程序

Httpx:一款针对HTTP的安全研究工具
2021-05-18 12:20:36

关于Httpx

Httpx是一款运行速度极快的多功能HTTP安全工具,它可以使用retryablehttp库来运行多种网络探针,并使用了多线程机制来维持运行的稳定性和结果的准确性。

功能介绍

简单和模块化的代码库,易于贡献代码;

快速和完全可配置的参数选项支持探测多个元素;

支持多种基于HTTP的探测;

默认情况下,智能自动从https回退到http;

支持主机、URL和CIDR作为输入;

在遇到Web应用防火墙时,能够自动处理边缘情况、进行重试和退避等操作;

支持的探测

探测

默认检测

探测

默认检测

URL

true

IP

true

Title

true

CNAME

true

Status Code

true

Raw HTTP

false

Content Length

true

HTTP2

false

TLS Certificate

true

HTTP 1.1 Pipeline

false

CSP Header

true

Virtual host

false

Location Header

true

CDN

false

Web Server

true

Path

false

Web Socket

true

Ports

false

Response Time

true

Request method

false

工具安装

Httpx要求本地主机安装并配置好Go v1.14+环境,然后可以使用下列命令来获取Httpx代码库:

GO111MODULE=on go get -v github.com/projectdiscovery/httpx/cmd/httpx

工具使用

httpx -h

上述命令将显示工具的帮助信息,下面给出的是该工具支持的所有参数选项:

Usage of ./httpx:

 

  -H value

      Custom Header

  -allow value

      Allowlist ip/cidr

  -body string

      Request Body

  -cdn

      Check if domain's ip belongs to known CDN (akamai, cloudflare, ..)

  -cname

      Output first cname

  -content-length

      Extracts content length

  -content-type

      Extracts content-type

  -csp-probe

      Send HTTP probes on the extracted CSP domains

  -debug

      Debug mode

  -deny value

      Denylist ip/cidr

  -extract-regex string

      Extract Regex

  -fc string

      Filter status code

  -filter-regex string

      Filter Regex

  -filter-string string

      Filter String

  -fl string

      Filter content length

  -follow-host-redirects

      Only follow redirects on the same host

  -follow-redirects

      Follow Redirects

  -http-proxy string

      HTTP Proxy, eg http://127.0.0.1:8080

  -http2

      HTTP2 probe

  -include-chain

      Show Raw HTTP Chain In Output (-json only)

  -include-response

      Show Raw HTTP Response In Output (-json only)

  -ip

      Output target ip

  -json

      JSON Output

  -l string

      File containing domains

  -location

      Extracts location header

  -match-regex string

      Match Regex

  -match-string string

      Match string

  -max-response-body-size int

      Maximum response body size (default 2147483647)

  -mc string

      Match status code

  -method

      Output method

  -ml string

      Match content length

  -no-color

      No Color

  -no-fallback

      If HTTPS on port 443 is successful on default configuration, probes also port 80 for HTTP

  -o string

      File to write output to (optional)

  -path string

      Request path/file (example '/api')

  -paths string

      Command separated paths or file containing one path per line (example '/api/v1,/apiv2')

  -pipeline

      HTTP1.1 Pipeline

  -ports value

      ports range (nmap syntax: eg 1,2-10,11)

  -random-agent

      Use randomly selected HTTP User-Agent header value

  -request string

      File containing raw request

  -response-in-json

      Show Raw HTTP Response In Output (-json only) (deprecated)

  -response-time

      Output the response time

  -retries int

      Number of retries

  -silent

      Silent mode

  -sr

      Save response to file (default 'output')

  -srd string

      Save response directory (default "output")

  -stats

      Enable statistic on keypress (terminal may become unresponsive till the end)

  -status-code

      Extracts status code

  -store-chain

      Save chain to file (default 'output')

  -tech-detect

      Perform wappalyzer based technology detection

  -threads int

      Number of threads (default 50)

  -timeout int

      Timeout in seconds (default 5)

  -title

      Extracts title

  -tls-grab

      Perform TLS data grabbing

  -tls-probe

      Send HTTP probes on the extracted TLS domains

  -unsafe

      Send raw requests skipping golang normalization

  -verbose

      Verbose Mode

  -version

      Show version of httpx

  -vhost

      Check for VHOSTs

  -vhost-input

      Get a list of vhosts as input

  -web-server

      Extracts server header

  -websocket

      Prints out if the server exposes a websocket

  -x string

      Request Methods, use ALL to check all verbs ()

工具运行

使用stdin运行Httpx

这种方式将使用Httpx针对hosts.txt文件中所有的主机和子域名进行检测,并返回正在运行HTTP Web服务器的URL地址:

▶ cat hosts.txt | httpx

 

    __    __  __       _  __

   / /_  / /_/ /_____ | |/ /

  / __ \/ __/ __/ __ \|   /

 / / / / /_/ /_/ /_/ /   |  

/_/ /_/\__/\__/ .___/_/|_|   v1.0  

             /_/            

 

    projectdiscovery.io

 

[WRN] Use with caution. You are responsible for your actions

[WRN] Developers assume no liability and are not responsible for any misuse or damage.

 

https://mta-sts.managed.hackerone.com

https://mta-sts.hackerone.com

https://mta-sts.forwarding.hackerone.com

https://docs.hackerone.com

https://www.hackerone.com

https://resources.hackerone.com

https://api.hackerone.com

https://support.hackerone.com

使用文件输入运行Httpx

这种方式将使用Httpx针对hosts.txt文件中所有的主机和子域名进行检测,并返回正在运行HTTP Web服务器的URL地址:

▶ httpx -l hosts.txt -silent

 

https://docs.hackerone.com

https://mta-sts.hackerone.com

https://mta-sts.managed.hackerone.com

https://mta-sts.forwarding.hackerone.com

https://www.hackerone.com

https://resources.hackerone.com

https://api.hackerone.com

https://support.hackerone.com

使用CIDR输入运行Httpx

▶ echo 173.0.84.0/24 | httpx -silent

 

https://173.0.84.29

https://173.0.84.43

https://173.0.84.31

https://173.0.84.44

https://173.0.84.12

https://173.0.84.4

https://173.0.84.36

https://173.0.84.45

https://173.0.84.14

https://173.0.84.25

https://173.0.84.46

https://173.0.84.24

https://173.0.84.32

https://173.0.84.9

https://173.0.84.13

https://173.0.84.6

https://173.0.84.16

https://173.0.84.34

使用subfinder运行Httpx

▶ subfinder -d hackerone.com | httpx -title -tech-detect -status-code -title -follow-redirects

 

    __    __  __       _  __

   / /_  / /_/ /_____ | |/ /

  / __ \/ __/ __/ __ \|   /

 / / / / /_/ /_/ /_/ /   |

/_/ /_/\__/\__/ .___/_/|_|

             /_/              v1.0.6

 

    projectdiscovery.io

 

Use with caution. You are responsible for your actions

Developers assume no liability and are not responsible for any misuse or damage.

https://mta-sts.managed.hackerone.com [404] [Page not found · GitHub Pages] [Varnish,GitHub Pages,Ruby on Rails]

https://mta-sts.hackerone.com [404] [Page not found · GitHub Pages] [Varnish,GitHub Pages,Ruby on Rails]

https://mta-sts.forwarding.hackerone.com [404] [Page not found · GitHub Pages] [GitHub Pages,Ruby on Rails,Varnish]

https://docs.hackerone.com [200] [HackerOne Platform Documentation] [Ruby on Rails,jsDelivr,Gatsby,React,webpack,Varnish,GitHub Pages]

https://support.hackerone.com [301,302,301,200] [HackerOne] [Cloudflare,Ruby on Rails,Ruby]

https://resources.hackerone.com [301,301,404] [Sorry, no Folders found.]

工具运行截图

项目地址

Httpx:GitHub传送门

# HTTP # HTTP安全
本文为 独立观点,未经允许不得转载,授权请联系FreeBuf客服小蜜蜂,微信:freebee2022
被以下专辑收录,发现更多精彩内容
+ 收入我的专辑
+ 加入我的收藏
相关推荐
  • 0 文章数
  • 0 关注者
文章目录