{"id":13461383,"url":"https://github.com/projectdiscovery/httpx","last_synced_at":"2026-01-22T10:28:35.432Z","repository":{"id":37208941,"uuid":"267713284","full_name":"projectdiscovery/httpx","owner":"projectdiscovery","description":"httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.","archived":false,"fork":false,"pushed_at":"2025-05-09T14:51:59.000Z","size":10555,"stargazers_count":8478,"open_issues_count":42,"forks_count":910,"subscribers_count":80,"default_branch":"main","last_synced_at":"2025-05-12T02:43:18.528Z","etag":null,"topics":["bugbounty","cli","cybersecurity","hacktoberfest","http","lib","osint","pentest-tool","pipeline","ssl-certificate"],"latest_commit_sha":null,"homepage":"https://docs.projectdiscovery.io/tools/httpx","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/projectdiscovery.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2020-05-28T22:51:24.000Z","updated_at":"2025-05-12T01:22:30.000Z","dependencies_parsed_at":"2024-07-14T23:25:03.011Z","dependency_job_id":"e1c16645-451c-4816-a71c-4bd42931cfd0","html_url":"https://github.com/projectdiscovery/httpx","commit_stats":{"total_commits":1433,"total_committers":92,"mean_commits":"15.576086956521738","dds":0.5854849965108164,"last_synced_commit":"ca398ed3ab0ca1ec7dc4ac636559c8527aa1a307"},"previous_names":[],"tags_count":58,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/projectdiscovery%2Fhttpx","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/projectdiscovery%2Fhttpx/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/projectdiscovery%2Fhttpx/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/projectdiscovery%2Fhttpx/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/projectdiscovery","download_url":"https://codeload.github.com/projectdiscovery/httpx/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253672675,"owners_count":21945479,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","cli","cybersecurity","hacktoberfest","http","lib","osint","pentest-tool","pipeline","ssl-certificate"],"created_at":"2024-07-31T11:00:37.197Z","updated_at":"2025-05-12T05:16:31.574Z","avatar_url":"https://github.com/projectdiscovery.png","language":"Go","readme":"\u003ch1 align=\"center\"\u003e\n \u003cimg src=\"static/httpx-logo.png\" alt=\"httpx\" width=\"200px\"\u003e\n \u003cbr\u003e\n\u003c/h1\u003e\n\n\n\n\u003cp align=\"center\"\u003e\n\u003ca href=\"https://opensource.org/licenses/MIT\"\u003e\u003cimg src=\"https://img.shields.io/badge/license-MIT-_red.svg\"\u003e\u003c/a\u003e\n\u003ca href=\"https://goreportcard.com/badge/github.com/projectdiscovery/httpx\"\u003e\u003cimg src=\"https://goreportcard.com/badge/github.com/projectdiscovery/httpx\"\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/projectdiscovery/httpx/releases\"\u003e\u003cimg src=\"https://img.shields.io/github/release/projectdiscovery/httpx\"\u003e\u003c/a\u003e\n\u003ca href=\"https://hub.docker.com/r/projectdiscovery/httpx\"\u003e\u003cimg src=\"https://img.shields.io/docker/pulls/projectdiscovery/httpx.svg\"\u003e\u003c/a\u003e\n\u003ca href=\"https://twitter.com/pdiscoveryio\"\u003e\u003cimg src=\"https://img.shields.io/twitter/follow/pdiscoveryio.svg?logo=twitter\"\u003e\u003c/a\u003e\n\u003ca href=\"https://discord.gg/projectdiscovery\"\u003e\u003cimg src=\"https://img.shields.io/discord/695645237418131507.svg?logo=discord\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n \u003ca href=\"#features\"\u003eFeatures\u003c/a\u003e •\n \u003ca href=\"#installation-instructions\"\u003eInstallation\u003c/a\u003e •\n \u003ca href=\"#usage\"\u003eUsage\u003c/a\u003e •\n \u003ca href=\"https://docs.projectdiscovery.io/tools/httpx/\"\u003eDocumentation\u003c/a\u003e •\n \u003ca href=\"#notes\"\u003eNotes\u003c/a\u003e •\n \u003ca href=\"https://discord.gg/projectdiscovery\"\u003eJoin Discord\u003c/a\u003e\n\u003c/p\u003e\n\n\n`httpx` is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the [retryablehttp](https://github.com/projectdiscovery/retryablehttp-go) library. It is designed to maintain result reliability with an increased number of threads.\n\n# Features\n\n\u003ch1 align=\"center\"\u003e\n \u003cimg src=\"https://user-images.githubusercontent.com/8293321/135731750-4c1d38b1-bd2a-40f9-88e9-3c4b9f6da378.png\" alt=\"httpx\" width=\"700px\"\u003e\n \u003cbr\u003e\n\u003c/h1\u003e\n\n - Simple and modular code base making it easy to contribute.\n - Fast And fully configurable flags to probe multiple elements.\n - Supports multiple HTTP based probings.\n - Smart auto fallback from https to http as default. \n - Supports hosts, URLs and CIDR as input.\n - Handles edge cases doing retries, backoffs etc for handling WAFs.\n\n### Supported probes\n\n| Probes | Default check | Probes | Default check |\n|-----------------|---------------|----------------|---------------|\n| URL | true | IP | true |\n| Title | true | CNAME | true |\n| Status Code | true | Raw HTTP | false |\n| Content Length | true | HTTP2 | false |\n| TLS Certificate | true | HTTP Pipeline | false |\n| CSP Header | true | Virtual host | false |\n| Line Count | true | Word Count | true |\n| Location Header | true | CDN | false |\n| Web Server | true | Paths | false |\n| Web Socket | true | Ports | false |\n| Response Time | true | Request Method | true |\n| Favicon Hash | false | Probe Status | false |\n| Body Hash | true | Header Hash | true |\n| Redirect chain | false | URL Scheme | true |\n| JARM Hash | false | ASN | false |\n\n# Installation Instructions\n\n`httpx` requires **go1.21** to install successfully. Run the following command to get the repo:\n\n```sh\ngo install -v github.com/projectdiscovery/httpx/cmd/httpx@latest\n```\n\nTo learn more about installing httpx, see https://docs.projectdiscovery.io/tools/httpx/install.\n\n| :exclamation: **Disclaimer** |\n|---------------------------------|\n| **This project is in active development**. Expect breaking changes with releases. Review the changelog before updating. |\n| This project was primarily built to be used as a standalone CLI tool. **Running it as a service may pose security risks.** It's recommended to use with caution and additional security measures. |\n\n# Usage\n\n```sh\nhttpx -h\n```\n\nThis will display help for the tool. Here are all the switches it supports.\n\n\n```console\nUsage:\n ./httpx [flags]\n\nFlags:\nhttpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.\n\nUsage:\n ./httpx [flags]\n\nFlags:\nINPUT:\n -l, -list string input file containing list of hosts to process\n -rr, -request string file containing raw request\n -u, -target string[] input target host(s) to probe\n\nPROBES:\n -sc, -status-code display response status-code\n -cl, -content-length display response content-length\n -ct, -content-type display response content-type\n -location display response redirect location\n -favicon display mmh3 hash for '/favicon.ico' file\n -hash string display response body hash (supported: md5,mmh3,simhash,sha1,sha256,sha512)\n -jarm display jarm fingerprint hash\n -rt, -response-time display response time\n -lc, -line-count display response body line count\n -wc, -word-count display response body word count\n -title display page title\n -bp, -body-preview display first N characters of response body (default 100)\n -server, -web-server display server name\n -td, -tech-detect display technology in use based on wappalyzer dataset\n -method display http request method\n -websocket display server using websocket\n -ip display host ip\n -cname display host cname\n -extract-fqdn, -efqdn get domain and subdomains from response body and header in jsonl/csv output\n -asn display host asn information\n -cdn display cdn/waf in use (default true)\n -probe display probe status\n\nHEADLESS:\n -ss, -screenshot enable saving screenshot of the page using headless browser\n -system-chrome enable using local installed chrome for screenshot\n -ho, -headless-options string[] start headless chrome with additional options\n -esb, -exclude-screenshot-bytes enable excluding screenshot bytes from json output\n -no-screenshot-full-page disable saving full page screenshot\n -ehb, -exclude-headless-body enable excluding headless header from json output\n -st, -screenshot-timeout value set timeout for screenshot in seconds (default 10s)\n -sid, -screenshot-idle value set idle time before taking screenshot in seconds (default 1s)\n\nMATCHERS:\n -mc, -match-code string match response with specified status code (-mc 200,302)\n -ml, -match-length string match response with specified content length (-ml 100,102)\n -mlc, -match-line-count string match response body with specified line count (-mlc 423,532)\n -mwc, -match-word-count string match response body with specified word count (-mwc 43,55)\n -mfc, -match-favicon string[] match response with specified favicon hash (-mfc 1494302000)\n -ms, -match-string string[] match response with specified string (-ms admin)\n -mr, -match-regex string[] match response with specified regex (-mr admin)\n -mcdn, -match-cdn string[] match host with specified cdn provider (cloudfront, fastly, google)\n -mrt, -match-response-time string match response with specified response time in seconds (-mrt '\u003c 1')\n -mdc, -match-condition string match response with dsl expression condition\n\nEXTRACTOR:\n -er, -extract-regex string[] display response content with matched regex\n -ep, -extract-preset string[] display response content matched by a pre-defined regex (url,ipv4,mail)\n\nFILTERS:\n -fc, -filter-code string filter response with specified status code (-fc 403,401)\n -fep, -filter-error-page filter response with ML based error page detection\n -fd, -filter-duplicates filter out near-duplicate responses (only first response is retained)\n -fl, -filter-length string filter response with specified content length (-fl 23,33)\n -flc, -filter-line-count string filter response body with specified line count (-flc 423,532)\n -fwc, -filter-word-count string filter response body with specified word count (-fwc 423,532)\n -ffc, -filter-favicon string[] filter response with specified favicon hash (-ffc 1494302000)\n -fs, -filter-string string[] filter response with specified string (-fs admin)\n -fe, -filter-regex string[] filter response with specified regex (-fe admin)\n -fcdn, -filter-cdn string[] filter host with specified cdn provider (cloudfront, fastly, google)\n -frt, -filter-response-time string filter response with specified response time in seconds (-frt '\u003e 1')\n -fdc, -filter-condition string filter response with dsl expression condition\n -strip strips all tags in response. supported formats: html,xml (default html)\n\nRATE-LIMIT:\n -t, -threads int number of threads to use (default 50)\n -rl, -rate-limit int maximum requests to send per second (default 150)\n -rlm, -rate-limit-minute int maximum number of requests to send per minute\n\nMISCELLANEOUS:\n -pa, -probe-all-ips probe all the ips associated with same host\n -p, -ports string[] ports to probe (nmap syntax: eg http:1,2-10,11,https:80)\n -path string path or list of paths to probe (comma-separated, file)\n -tls-probe send http probes on the extracted TLS domains (dns_name)\n -csp-probe send http probes on the extracted CSP domains\n -tls-grab perform TLS(SSL) data grabbing\n -pipeline probe and display server supporting HTTP1.1 pipeline\n -http2 probe and display server supporting HTTP2\n -vhost probe and display server supporting VHOST\n -ldv, -list-dsl-variables list json output field keys name that support dsl matcher/filter\n\nUPDATE:\n -up, -update update httpx to latest version\n -duc, -disable-update-check disable automatic httpx update check\n\nOUTPUT:\n -o, -output string file to write output results\n -oa, -output-all filename to write output results in all formats\n -sr, -store-response store http response to output directory\n -srd, -store-response-dir string store http response to custom directory\n -ob, -omit-body omit response body in output\n -csv store output in csv format\n -csvo, -csv-output-encoding string define output encoding\n -j, -json store output in JSONL(ines) format\n -irh, -include-response-header include http response (headers) in JSON output (-json only)\n -irr, -include-response include http request/response (headers + body) in JSON output (-json only)\n -irrb, -include-response-base64 include base64 encoded http request/response in JSON output (-json only)\n -include-chain include redirect http chain in JSON output (-json only)\n -store-chain include http redirect chain in responses (-sr only)\n -svrc, -store-vision-recon-cluster include visual recon clusters (-ss and -sr only)\n -pr, -protocol string protocol to use (unknown, http11)\n -fepp, -filter-error-page-path string path to store filtered error pages (default \"filtered_error_page.json\")\n\nCONFIGURATIONS:\n -config string path to the httpx configuration file (default $HOME/.config/httpx/config.yaml)\n -r, -resolvers string[] list of custom resolver (file or comma separated)\n -allow string[] allowed list of IP/CIDR's to process (file or comma separated)\n -deny string[] denied list of IP/CIDR's to process (file or comma separated)\n -sni, -sni-name string custom TLS SNI name\n -random-agent enable Random User-Agent to use (default true)\n -H, -header string[] custom http headers to send with request\n -http-proxy, -proxy string http proxy to use (eg http://127.0.0.1:8080)\n -unsafe send raw requests skipping golang normalization\n -resume resume scan using resume.cfg\n -fr, -follow-redirects follow http redirects\n -maxr, -max-redirects int max number of redirects to follow per host (default 10)\n -fhr, -follow-host-redirects follow redirects on the same host\n -rhsts, -respect-hsts respect HSTS response headers for redirect requests\n -vhost-input get a list of vhosts as input\n -x string request methods to probe, use 'all' to probe all HTTP methods\n -body string post body to include in http request\n -s, -stream stream mode - start elaborating input targets without sorting\n -sd, -skip-dedupe disable dedupe input items (only used with stream mode)\n -ldp, -leave-default-ports leave default http/https ports in host header (eg. http://host:80 - https://host:443\n -ztls use ztls library with autofallback to standard one for tls13\n -no-decode avoid decoding body\n -tlsi, -tls-impersonate enable experimental client hello (ja3) tls randomization\n -no-stdin Disable Stdin processing\n -hae, -http-api-endpoint string experimental http api endpoint\n\nDEBUG:\n -health-check, -hc run diagnostic check up\n -debug display request/response content in cli\n -debug-req display request content in cli\n -debug-resp display response content in cli\n -version display httpx version\n -stats display scan statistic\n -profile-mem string optional httpx memory profile dump file\n -silent silent mode\n -v, -verbose verbose mode\n -si, -stats-interval int number of seconds to wait between showing a statistics update (default: 5)\n -nc, -no-color disable colors in cli output\n -tr, -trace trace\n\nOPTIMIZATIONS:\n -nf, -no-fallback display both probed protocol (HTTPS and HTTP)\n -nfs, -no-fallback-scheme probe with protocol scheme specified in input \n -maxhr, -max-host-error int max error count per host before skipping remaining path/s (default 30)\n -e, -exclude string[] exclude host matching specified filter ('cdn', 'private-ips', cidr, ip, regex)\n -retries int number of retries\n -timeout int timeout in seconds (default 10)\n -delay value duration between each http request (eg: 200ms, 1s) (default -1ns)\n -rsts, -response-size-to-save int max response size to save in bytes (default 2147483647)\n -rstr, -response-size-to-read int max response size to read in bytes (default 2147483647)\n\nCLOUD:\n -auth configure projectdiscovery cloud (pdcp) api key (default true)\n -ac, -auth-config string configure projectdiscovery cloud (pdcp) api key credential file\n -pd, -dashboard upload / view output in projectdiscovery cloud (pdcp) UI dashboard\n -tid, -team-id string upload asset results to given team id (optional)\n -aid, -asset-id string upload new assets to existing asset id (optional)\n -aname, -asset-name string assets group name to set (optional)\n -pdu, -dashboard-upload string upload httpx output file (jsonl) in projectdiscovery cloud (pdcp) UI dashboard\n```\n\n# Running httpx\n\nFor details about running httpx, see https://docs.projectdiscovery.io/tools/httpx/running.\n\n### Using `httpx` as a library\n`httpx` can be used as a library by creating an instance of the `Option` struct and populating it with the same options that would be specified via CLI. Once validated, the struct should be passed to a runner instance (to be closed at the end of the program) and the `RunEnumeration` method should be called. A minimal example of how to do it is in the [examples](examples/) folder\n\n# Notes\n\n- As default, `httpx` probe with **HTTPS** scheme and fall-back to **HTTP** only if **HTTPS** is not reachable.\n- The `-no-fallback` flag can be used to probe and display both **HTTP** and **HTTPS** result.\n- Custom scheme for ports can be defined, for example `-ports http:443,http:80,https:8443`\n- Custom resolver supports multiple protocol (**doh|tcp|udp**) in form of `protocol:resolver:port` (e.g. `udp:127.0.0.1:53`)\n- The following flags should be used for specific use cases instead of running them as default with other probes:\n - `-ports`\n - `-path`\n - `-vhost`\n - `-screenshot`\n - `-csp-probe`\n - `-tls-probe`\n - `-favicon`\n - `-http2`\n - `-pipeline`\n - `-tls-impersonate`\n\n\n# Acknowledgement\n\nProbing feature is inspired by [@tomnomnom/httprobe](https://github.com/tomnomnom/httprobe) work ❤️\n\n\n--------\n\n\u003cdiv align=\"center\"\u003e\n\n`httpx` is made with 💙 by the [projectdiscovery](https://projectdiscovery.io) team and distributed under [MIT License](LICENSE.md).\n\n\n\u003ca href=\"https://discord.gg/projectdiscovery\"\u003e\u003cimg src=\"https://raw.githubusercontent.com/projectdiscovery/nuclei-burp-plugin/main/static/join-discord.png\" width=\"300\" alt=\"Join Discord\"\u003e\u003c/a\u003e\n\n\u003c/div\u003e\n","funding_links":[],"categories":["Go","Weapons","Go (531)","其他_安全与渗透","Recon","2. [↑](#-content) Pentesting","cli","Miscellaneous","Network","Pentesting","🔒 Security"],"sub_categories":["Tools","网络服务_其他","Technologies","2.5 [↑](#-content) Web","Uncategorized","Monitoring / Logging / Event Management","Payloads","☸️ Kubernetes"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprojectdiscovery%2Fhttpx","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fprojectdiscovery%2Fhttpx","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprojectdiscovery%2Fhttpx/lists"}