{"id":27451006,"url":"https://github.com/byt3n33dl3/httpx","last_synced_at":"2025-10-16T08:58:19.992Z","repository":{"id":261350419,"uuid":"884044513","full_name":"byt3n33dl3/httpX","owner":"byt3n33dl3","description":"Sharp Karambit for Web Domain Crucifixion and Account Takeover.","archived":false,"fork":false,"pushed_at":"2025-01-04T00:47:49.000Z","size":1089,"stargazers_count":12,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-06T02:48:49.880Z","etag":null,"topics":["domain","fuzzing","httpx","linux","logic","offensive-security","penetration-testing","server","takeover","web"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/byt3n33dl3.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/funding.yml","license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"custom":"s.id/byt3n33dl3","patreon":"byt3n33dl3","ko_fi":"byt3n33dl3"}},"created_at":"2024-11-06T03:14:04.000Z","updated_at":"2025-01-17T01:17:35.000Z","dependencies_parsed_at":"2024-11-06T04:28:45.137Z","dependency_job_id":null,"html_url":"https://github.com/byt3n33dl3/httpX","commit_stats":null,"previous_names":["byt3n33dl3/httpx"],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/byt3n33dl3%2FhttpX","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/byt3n33dl3%2FhttpX/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/byt3n33dl3%2FhttpX/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/byt3n33dl3%2FhttpX/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/byt3n33dl3","download_url":"https://codeload.github.com/byt3n33dl3/httpX/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249048712,"owners_count":21204305,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["domain","fuzzing","httpx","linux","logic","offensive-security","penetration-testing","server","takeover","web"],"created_at":"2025-04-15T09:52:31.453Z","updated_at":"2025-10-16T08:58:14.944Z","avatar_url":"https://github.com/byt3n33dl3.png","language":"C","funding_links":["s.id/byt3n33dl3","https://patreon.com/byt3n33dl3","https://ko-fi.com/byt3n33dl3"],"categories":[],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003e\n  \u003ca href=https://github.com/byt3n33dl3/httpX\u003e\u003cimg src=\"/doc/yari.webp\" alt=\"httpX\" width=\"280px\"\u003e\n  \u003cbr\u003e\n\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"#sharp-karambit\"\u003eKarambit\u003c/a\u003e •\n  \u003ca href=\"#probes\"\u003eCapability\u003c/a\u003e •\n  \u003ca href=\"#notes\"\u003eUsage\u003c/a\u003e •\n  \u003ca href=\"#credits\"\u003eMaster\u003c/a\u003e\n\u003c/p\u003e\n\n\u003ch2 align=\"center\"\u003e\n  \u003cimg src=\"/doc/red-logo.png\" alt=\"httpx\" width=\"200px\"\u003e\n\u003c/h2\u003e\n\nFast and multi purpose HTTP toolkit that allows running multiple probes using the retryable HTTP library. It is designed to maintain result `reliability` with an increased number of threads. httpX has been an essential asset in the arsenal of `Security` professionals and researchers.\n\n# [httpX](https://github.com/byt3n33dl3/httpX/) / `Assessor`\n\n```hs\n    __    __  __       _  __\n   / /_  / /_/ /_____ | |/ /\n  / __ \\/ __/ __/ __ \\|   / \n / / / / /_/ /_/ /_/ /   |  \n/_/ /_/\\__/\\__/ .___/_/|_|v2  \n             /_/\n\n```\n\n\u003cdiv align=\"center\"\u003e\n\u003ch1\u003ehttpX\u003c/h1\u003e\nhttpX can be used as a library by creating an instance of the Option struct and populating it with the same options that would be specified via CLI. Once validated, the struct should be passed to a runner instance to be closed at the end of the program and the RunEnumeration method should be called.\n\u003cp\u003e\u003c/div\u003e\n\n\u003cp align=\"center\"\u003e\n\u003ca href=\"https://opensource.org/licenses/AGPL\"\u003e\u003cimg src=\"https://img.shields.io/badge/license-AGPL-_red.svg\"\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/byt3n33dl3/httpx/releases\"\u003e\u003cimg src=\"https://img.shields.io/github/release/byt3n33dl3/httpx\"\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/byt3n33dl3/\"\u003e\u003cimg src=\"https://img.shields.io/badge/Offensive httpX-_red.svg\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n# Sharp Karambit \nA CLI software for Web `Domain` Crucifixion and `Account` Takeover.\n\nAn Open source Penetration Testing tool that automates the process of detecting and exploiting `HTTP` and `HTTPs` flaws and taking over of the Insecure Domain services. It comes with a powerful detection engine, many niche features for the ultimate Penetration Tester, and a broad range of switches including Domain fingerprinting, over data fetching from any services, accessing the underlying file systems.\n\n - Simple and modular code base making it easy to contribute.\n - Fast And fully configurable flags to probe multiple elements.\n - Supports multiple `HTTP` based probings.\n - Smart auto fallback from https to http as default. \n - Supports hosts, URLs and CIDR as input.\n - Account Takeover\n   - Domain Escalation\n - Handles edge cases doing retries, backoffs etc for handling WAFs.\n\n| :vampire:  **Disclaimer**  |\n|---------------------------------|\n| **This project is in active development**. Expect breaking changes with releases. Review the changelog before updating. |\n| This project was primarily built to be used as a standalone CLI tool. **Running it as a service may pose security risks.** It's recommended to use with caution and additional security measures. |\n\n\n# Interface\n\n\u003ch1 align=\"center\"\u003e\n  \u003cimg src=\"/doc/show.png\" alt=\"httpx\" width=\"700px\"\u003e\n  \u003cbr\u003e\n\u003c/h1\u003e\n\n# Probes\n\n| Probes          | Default check | Probes         | Default check |\n|-----------------|---------------|----------------|---------------|\n| URL             | true          | IP             | true          |\n| Title           | true          | CNAME          | true          |\n| Status Code     | true          | Raw HTTP       | true          |\n| Content Length  | true          | HTTP2          | true          |\n| TLS Certificate | true          | HTTP Pipeline  | true          |\n| CSP Header      | true          | Virtual host   | true          |\n| Line Count      | true          | Word Count     | true          |\n| Location Header | true          | CDN            | true          |\n| Web Server      | true          | Paths          | true          |\n| Web Socket      | true          | Ports          | true          |\n| Response Time   | true          | Request Method | true          |\n| Favicon Hash    | false         | Probe  Status  | true          |\n| Body Hash       | true          | Header  Hash   | true          |\n| Redirect chain  | false         | URL Scheme     | true          |\n| JARM Hash       | false         | ASN            | true          |\n\n# Notes\n\n- As default, `httpx` probe with **HTTPs** scheme and fall-back to **HTTP** only if **HTTPs** is not reachable.\n- The `-no-fallback` flag can be used to probe and display both **HTTP** and **HTTPs** result.\n- Custom scheme for ports can be defined, for example `-ports` http:443,http:80,https:8443\n- Custom resolver supports multiple protocol (**doh|tcp|udp**) in form of `protocol:`resolver:port (e.g. `udp:`127.0.0.1:53)\n- The following flags should be used for specific use cases instead of running them as default with other probes:\n   - `-ports`\n   - `-path`\n   - `-vhost`\n   - `-screenshot`\n   - `-csp-probe`\n   - `-tls-probe`\n   - `-favicon`\n   - `-http2`\n   - `-pipeline`\n   - `-tls-impersonate`\n \n# Credits / `main`\n\n\u003cp align=\"left\"\u003e\n\u003ca href=\"https://github.com/byt3n33dl3\"\u003e\u003cimg src=\"https://avatars.githubusercontent.com/u/151133481?v=4\" width=\"50\" height=\"50\" alt=\"\" style=\"max-width: 100%;\"\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/r-spacex\"\u003e\u003cimg src=\"https://avatars.githubusercontent.com/u/29695396?s=200\u0026v=4\" width=\"50\" height=\"50\" alt=\"\" style=\"max-width: 100%;\"\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/projectdiscovery\"\u003e\u003cimg src=\"https://avatars.githubusercontent.com/u/50994705?s=200\u0026v=4\" width=\"50\" height=\"50\" alt=\"\" style=\"max-width: 100%;\"\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003cimg src=\"https://avatars.githubusercontent.com/in/29110?v=4\" width=\"50\" height=\"50\" alt=\"\" style=\"max-width: 100%;\"\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/ehsandeep\"\u003e\u003cimg src=\"https://avatars.githubusercontent.com/u/8293321?v=4\" width=\"50\" height=\"50\" alt=\"\" style=\"max-width: 100%;\"\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/Mzack9999\"\u003e\u003cimg src=\"https://avatars.githubusercontent.com/u/13421144?v=4\" width=\"50\" height=\"50\" alt=\"\" style=\"max-width: 100%;\"\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/OceanExec\"\u003e\u003cimg src=\"https://avatars.githubusercontent.com/u/171657497?s=200\u0026v=4\" width=\"50\" height=\"50\" alt=\"\" style=\"max-width: 100%;\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003e- Projectdiscovery [projectdiscovery.io](https://docs.projectdiscovery.io/tools/httpx)\n\n## `AGPL` / [LICENSE](https://github.com/byt3n33dl3/httpX/main/LICENSE.md)\n\nGNU AFFERO GENERAL `PUBLIC` LICENSE 3.0\n\nThe GNU Affero General Public License is a free, copyleft license for software and other kinds of works, \nspecifically designed to ensure cooperation with the community in the case of network server software. \nThe licenses for most software and other practical works are designed to take away your freedom to \nshare and change the works. By contrast, our General Public Licenses are intended to guarantee your \nfreedom to share and change all versions of a program--to make sure it remains free software for all its users.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbyt3n33dl3%2Fhttpx","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbyt3n33dl3%2Fhttpx","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbyt3n33dl3%2Fhttpx/lists"}