CyberCheatsheets

httpx Cheat Sheet

Fast HTTP probe for live URLs, status codes, titles, and tech fingerprinting from host lists.

Scanning & EnumerationhttpprobingprojectdiscoverywebUpdated 2026-06-02

Overview

ProjectDiscovery’s httpx takes hostnames or URLs and returns which endpoints respond over HTTP/HTTPS, with metadata (status, title, TLS, CDN, etc.). Essential after subdomain enumeration and before content discovery or nuclei.

Authorized testing only. Probing can generate significant traffic and touch login pages—stay within scope and respect rate limits.

Install

go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest

or

sudo apt install -y httpx-toolkit  # some distros; verify binary is PD httpx
httpx -version

Essential commands

Probe list of hosts (adds http/https)

cat subdomains.txt | httpx -silent

Full URLs with status and title

httpx -l hosts.txt -status-code -title -tech-detect

Single target

echo https://target.example.com | httpx -probe -ip -cdn

Common workflows

Subdomains → live web assets —

subfinder -d target.example.com -silent | httpx -status-code -title -o live.txt

JSON for automation —

httpx -l hosts.txt -json -o httpx.json
jq -r 'select(.status_code==200) | .url' httpx.json > urls_200.txt

Screenshots / response dump (when enabled) —

httpx -l urls.txt -screenshot -screenshot-timeout 10 -path screenshots/
httpx -l urls.txt -response -o responses/

Match and filter —

httpx -l hosts.txt -mc 200,301,302 -ms "Login"
httpx -l hosts.txt -fc 403,404 -location

Flags reference

-l

Input file

-silent

URLs only on stdout

-status-code

Show HTTP status

-title

Page title

-tech-detect

Wappalyzer-style tech

-ip / -cdn

Resolve IP / CDN info

-follow-redirects

Follow redirects

-json

JSON lines output

-mc / -fc

Match / filter status codes

-ms / -fs

Match / filter string in body

-path

Path append (e.g. /api)

-threads

Concurrency

-rate-limit

Requests/sec

-H

Custom header

Tips

  • Pipe from subfinder, amass, or cat subs.txt—httpx expects host or URL per line.
  • Use -random-agent and -H "Authorization: Bearer …" when testing authenticated routes (in scope).
  • Pair with nuclei -l live.txt and katana for crawling.
  • Distinguish from the Python httpx library; the CLI is ProjectDiscovery’s Go binary.

References

Aide-mémoires similaires