Login
Bug Bounty: Get Started with httpx
Welcome back, aspiring cyberwarriors!
Before we can exploit a target, we need to understand its attack surface completely. This means identifying web servers, discovering hidden endpoints, analyzing response headers, and mapping out the entire web infrastructure. Traditional tools like curl and wget are useful, but theyโre slow and cumbersome when youโre dealing with hundreds or thousands of targets. You need something faster and more flexible.
Httpx is a fast and multi-purpose HTTP toolkit developed by ProjectDiscovery that allows running multiple probes using a simple command-line interface. It supports HTTP/1.1, HTTP/2, and can probe for various web technologies, response codes, title extraction, and much more.
In this article, we will explore how to install httpx, how to use it, and how to extract detailed information about a target. We will also cover advanced filtering techniques and discuss how to use this tool effectively. Letโs get rolling!
Step #1 Install Go Programming Language
Httpx is written in Go, so we need to have the Go programming language installed on our system.
To install Go on Kali Linux, use the following command:
kali > sudo apt install golang-go
Once the installation completes, verify it worked by checking the version:
kali > go version
Step #2 Install httpx Using Go
To install httpx, enter the following command:
kali > go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest
The โ-vโ flag enables verbose output so you can see whatโs happening during the installation. The โ@latestโ tag ensures youโre getting the most recent stable version of httpx. This command will download the source code, compile it, and install the binary in your Go bin directory.
To make sure httpx is accessible from anywhere in your terminal, you need to add the Go bin directory to your PATH if itโs not already there. Check if itโs in your PATH by typing:
kali > echo $PATH
If you donโt see something like โ/home/kali/go/binโ in the output, youโll need to add it. Open your .bashrc or .zshrc file (depending on which shell you use) and add this line:
export PATH=$PATH:~/go/bin
Then reload your shell configuration:
kali > source ~/.bashrc
Now verify that httpx is installed correctly by checking its version:
kali > httpx -version
Step #3 Basic httpx Usage and Probing
Letโs start with some basic httpx usage to understand how the tool works. Httpx is designed to take a list of hosts and probe them to determine if theyโre running web servers and extract information about them.
The simplest way to use httpx is to provide a single target directly on the command line. Letโs probe a single domain:
kali> httpx -u โexample.comโ -probe
This command initiates an HTTP probe on the website. This is useful for quickly checking the availability of the web page.
Now letโs try probing multiple targets at once. Create a file with several domains you want to probe.
Now run httpx against this file:
kali > httpx -l hosts.txt -probe
Step #4 Extracting Detailed Information
One of httpxโs most powerful features is its ability to extract detailed information about web servers in a single pass.
Letโs quickly identify what web server is hosting each target:
kali > httpx -l hosts.txt -server
Now letโs extract even more information using multiple flags:
kali> httpx -l hosts.txt -title -tech-detect -status-code -content-length -response-time
This command will extract the page title, detect web technologies, show the HTTP status code, display the content length, and measure the response time.
The โ-tech-detectโ flag is particularly valuable because it uses Wappalyzer fingerprints to identify the technologies running on each web server. This can reveal content management systems, web frameworks, and other technologies that might have known vulnerabilities.
Step #5 Advanced Filtering and Matchers
Filters in httpx allow you to exclude unwanted responses based on specific criteria, such as HTTP status codes or text content.
Letโs say you donโt want to see targets that return a 301 status code. For this purpose, the -filter-code or -fc flag exists. To see the results clearly, Iโve added the -status-code or -sc flag as well:
kali > httpx -l hosts.txt -sc -fc 301
Httpx outputs filtered results without status code 301. Besides that, you can filter โdeadโ or default/error responses with -filter-error-page or -fep flag.
kali> httpx -l hosts.txt -sc -fep
This flag enables โfilter response with ML-based error page detectionโ. In other words, when you use -fep, httpx tries to detect and filter out responses that look like generic or error pages.
In addition to filters, httpx has matchers. While filters exclude unwanted responses, matchers include only the responses that meet specific criteria. Think of filters as removing noise, and matchers as focusing on exactly what youโre looking for.
For example, letโs output only responses with 200 status code using the -match-code or -mc flag:
kali> httpx -l hosts.txt -status-code -match-code 200
For more advanced filtering, you can use regex patterns to match specific content in the response (-match-regex or -mr flag):
kali> httpx -l hosts.txt -match-regex โadmin|login|dashboardโ
This will only show targets whose response body contains the words โadmin,โ โlogin,โ or โdashboard,โ helping you quickly identify administrative interfaces or login pages.
Step #6 Probing for Specific Vulnerabilities and Misconfigurations
Httpx can be used to quickly identify common vulnerabilities and misconfigurations across large numbers of targets. While itโs not a full vulnerability scanner, it can detect certain issues that indicate potential security problems.
For example, letโs probe for specific paths that might indicate vulnerabilities or interesting endpoints:
kali > httpx -l targets.txt -path โ/admin,/login,/.git,/backup,/.envโ
The -path flag, as the name suggests, tells httpx to probe specific paths on each target.
Another useful technique is probing for different HTTP methods:
kali > httpx -l targets.txt -sc -method -x all
In the command above, the -method flag is used to display HTTP request method, and -x all to probe all of these methods.
Summary
Traditional HTTP probing tools are too slow and limited for the kind of large-scale reconnaissance that modern bug bounty and pentesting demands. Httpx provides a fast, flexible, and powerful solution thatโs specifically designed for security researchers who need to quickly analyze hundreds or thousands of web targets while extracting comprehensive information about each one.
In this article, we covered how to install httpx, basic and advanced usage examples as well as shared ideas on how httpx might be used for vulnerability detections. This tool really fast and can significantly boost your productivity whether youโre conducting bug bounty hunting or web app security testing. Check this out, maybe it will find a place in your cyberwarriors toolbox.
