[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-5067":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":20,"compositeScore":21,"rankGlobal":10,"rankLanguage":10,"license":22,"archived":23,"fork":23,"defaultBranch":24,"hasWiki":25,"hasPages":23,"topics":26,"createdAt":10,"pushedAt":10,"updatedAt":37,"readmeContent":38,"aiSummary":39,"trendingCount":16,"starSnapshotCount":16,"syncStatus":40,"lastSyncTime":41,"discoverSource":42},5067,"httpx","projectdiscovery\u002Fhttpx","projectdiscovery","httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.","https:\u002F\u002Fdocs.projectdiscovery.io\u002Ftools\u002Fhttpx",null,"Go",10028,1074,83,4,0,5,27,117,19,44.09,"MIT License",false,"dev",true,[27,28,29,30,31,32,33,34,35,36],"bugbounty","cli","cybersecurity","hacktoberfest","http","lib","osint","pentest-tool","pipeline","ssl-certificate","2026-06-12 02:01:08","\u003Ch1 align=\"center\">\n \u003Cimg src=\"static\u002Fhttpx-logo.png\" alt=\"httpx\" width=\"200px\">\n \u003Cbr>\n\u003C\u002Fh1>\n\n\n\n\u003Cp align=\"center\">\n\u003Ca href=\"https:\u002F\u002Fopensource.org\u002Flicenses\u002FMIT\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Flicense-MIT-_red.svg\">\u003C\u002Fa>\n\u003Ca href=\"https:\u002F\u002Fgoreportcard.com\u002Fbadge\u002Fgithub.com\u002Fprojectdiscovery\u002Fhttpx\">\u003Cimg src=\"https:\u002F\u002Fgoreportcard.com\u002Fbadge\u002Fgithub.com\u002Fprojectdiscovery\u002Fhttpx\">\u003C\u002Fa>\n\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fprojectdiscovery\u002Fhttpx\u002Freleases\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Frelease\u002Fprojectdiscovery\u002Fhttpx\">\u003C\u002Fa>\n\u003Ca href=\"https:\u002F\u002Fhub.docker.com\u002Fr\u002Fprojectdiscovery\u002Fhttpx\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fdocker\u002Fpulls\u002Fprojectdiscovery\u002Fhttpx.svg\">\u003C\u002Fa>\n\u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fpdiscoveryio\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Ftwitter\u002Ffollow\u002Fpdiscoveryio.svg?logo=twitter\">\u003C\u002Fa>\n\u003Ca href=\"https:\u002F\u002Fdiscord.gg\u002Fprojectdiscovery\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fdiscord\u002F695645237418131507.svg?logo=discord\">\u003C\u002Fa>\n\u003C\u002Fp>\n\n\u003Cp align=\"center\">\n \u003Ca href=\"#features\">Features\u003C\u002Fa> •\n \u003Ca href=\"#installation-instructions\">Installation\u003C\u002Fa> •\n \u003Ca href=\"#usage\">Usage\u003C\u002Fa> •\n \u003Ca href=\"https:\u002F\u002Fdocs.projectdiscovery.io\u002Ftools\u002Fhttpx\u002F\">Documentation\u003C\u002Fa> •\n \u003Ca href=\"#notes\">Notes\u003C\u002Fa> •\n \u003Ca href=\"https:\u002F\u002Fdiscord.gg\u002Fprojectdiscovery\">Join Discord\u003C\u002Fa>\n\u003C\u002Fp>\n\n\n`httpx` is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the [retryablehttp](https:\u002F\u002Fgithub.com\u002Fprojectdiscovery\u002Fretryablehttp-go) library. It is designed to maintain result reliability with an increased number of threads.\n\n# Features\n\n\u003Ch1 align=\"center\">\n \u003Cimg src=\"https:\u002F\u002Fuser-images.githubusercontent.com\u002F8293321\u002F135731750-4c1d38b1-bd2a-40f9-88e9-3c4b9f6da378.png\" alt=\"httpx\" width=\"700px\">\n \u003Cbr>\n\u003C\u002Fh1>\n\n - Simple and modular code base making it easy to contribute.\n - Fast And fully configurable flags to probe multiple elements.\n - Supports multiple HTTP based probings.\n - Smart auto fallback from https to http by default. \n - Supports hosts, URLs and CIDR as input.\n - Handles edge cases doing retries, backoffs etc for handling WAFs.\n\n### Supported probes\n\n| Probes | Default check | Probes | Default check |\n|-----------------|---------------|----------------|---------------|\n| URL | true | IP | true |\n| Title | true | CNAME | true |\n| Status Code | true | Raw HTTP | false |\n| Content Length | true | HTTP2 | false |\n| TLS Certificate | true | HTTP Pipeline | false |\n| CSP Header | true | Virtual host | false |\n| Line Count | true | Word Count | true |\n| Location Header | true | CDN | false |\n| Web Server | true | Paths | false |\n| Web Socket | true | Ports | false |\n| Response Time | true | Request Method | true |\n| Favicon Hash | false | Probe Status | false |\n| Body Hash | true | Header Hash | true |\n| Redirect chain | false | URL Scheme | true |\n| JARM Hash | false | ASN | false |\n\n# Installation Instructions\n\n`httpx` requires **go >=1.25.0** to install successfully. Run the following command to get the repo:\n\n```sh\ngo install -v github.com\u002Fprojectdiscovery\u002Fhttpx\u002Fcmd\u002Fhttpx@latest\n```\n\nTo learn more about installing httpx, see https:\u002F\u002Fdocs.projectdiscovery.io\u002Ftools\u002Fhttpx\u002Finstall.\n\n| :exclamation: **Disclaimer** |\n|---------------------------------|\n| **This project is in active development**. Expect breaking changes with releases. Review the changelog before updating. |\n| This project was primarily built to be used as a standalone CLI tool. **Running it as a service may pose security risks.** It's recommended to use with caution and additional security measures. |\n\n# Usage\n\n```sh\nhttpx -h\n```\n\nThis will display help for the tool. Here are all the switches it supports.\n\n\n```console\nhttpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.\n\nUsage:\n .\u002Fhttpx [flags]\n\nFlags:\nINPUT:\n -l, -list string input file containing list of hosts to process\n -rr, -request string file containing raw request\n -u, -target string[] input target host(s) to probe\n -im, -input-mode string mode of input file (burp)\n\nPROBES:\n -sc, -status-code display response status-code\n -cl, -content-length display response content-length\n -ct, -content-type display response content-type\n -location display response redirect location\n -favicon display mmh3 hash for '\u002Ffavicon.ico' file\n -hash string display response body hash (supported: md5,mmh3,simhash,sha1,sha256,sha512)\n -jarm display jarm fingerprint hash\n -rt, -response-time display response time\n -lc, -line-count display response body line count\n -wc, -word-count display response body word count\n -title display page title\n -bp, -body-preview display first N characters of response body (default 100)\n -server, -web-server display server name\n -td, -tech-detect display technology in use based on wappalyzer dataset\n -cff, -custom-fingerprint-file string path to a custom fingerprint file for technology detection\n -method display http request method\n -ws, -websocket display server using websocket\n -ip display host ip\n -cname display host cname\n -extract-fqdn, -efqdn get domain and subdomains from response body and header in jsonl\u002Fcsv output\n -asn display host asn information\n -cdn display cdn\u002Fwaf in use (default true)\n -probe display probe status\n\nHEADLESS:\n -ss, -screenshot enable saving screenshot of the page using headless browser\n -system-chrome enable using local installed chrome for screenshot\n -ho, -headless-options string[] start headless chrome with additional options\n -esb, -exclude-screenshot-bytes enable excluding screenshot bytes from json output\n -ehb, -exclude-headless-body enable excluding headless header from json output\n -no-screenshot-full-page disable saving full page screenshot\n -st, -screenshot-timeout value set timeout for screenshot in seconds (default 10s)\n -sid, -screenshot-idle value set idle time before taking screenshot in seconds (default 1s)\n -jsc, -javascript-code string[] execute JavaScript code after navigation\n\nMATCHERS:\n -mc, -match-code string match response with specified status code (-mc 200,302)\n -ml, -match-length string match response with specified content length (-ml 100,102)\n -mlc, -match-line-count string match response body with specified line count (-mlc 423,532)\n -mwc, -match-word-count string match response body with specified word count (-mwc 43,55)\n -mfc, -match-favicon string[] match response with specified favicon hash (-mfc 1494302000)\n -ms, -match-string string[] match response with specified string (-ms admin)\n -mr, -match-regex string[] match response with specified regex (-mr admin)\n -mcdn, -match-cdn string[] match host with specified cdn provider (cloudfront, fastly, google, etc.)\n -mrt, -match-response-time string match response with specified response time in seconds (-mrt '\u003C 1')\n -mdc, -match-condition string match response with dsl expression condition\n\nEXTRACTOR:\n -er, -extract-regex string[] display response content with matched regex\n -ep, -extract-preset string[] display response content matched by a pre-defined regex (url,ipv4,mail)\n\nFILTERS:\n -fc, -filter-code string filter response with specified status code (-fc 403,401)\n -fpt, -filter-page-type string[] filter response with specified page type (e.g. -fpt login,captcha,parked)\n -fep, -filter-error-page [DEPRECATED: use -fpt] filter response with ML based error page detection\n -fd, -filter-duplicates filter out near-duplicate responses (only first response is retained)\n -fl, -filter-length string filter response with specified content length (-fl 23,33)\n -flc, -filter-line-count string filter response body with specified line count (-flc 423,532)\n -fwc, -filter-word-count string filter response body with specified word count (-fwc 423,532)\n -ffc, -filter-favicon string[] filter response with specified favicon hash (-ffc 1494302000)\n -fs, -filter-string string[] filter response with specified string (-fs admin)\n -fe, -filter-regex string[] filter response with specified regex (-fe admin)\n -fcdn, -filter-cdn string[] filter host with specified cdn provider (cloudfront, fastly, google, etc.)\n -frt, -filter-response-time string filter response with specified response time in seconds (-frt '> 1')\n -fdc, -filter-condition string filter response with dsl expression condition\n -strip strips all tags in response. supported formats: html,xml (default html)\n -lof, -list-output-fields list of fields to output (comma separated)\n -eof, -exclude-output-fields string[] exclude output fields output based on a condition\n\nRATE-LIMIT:\n -t, -threads int number of threads to use (default 50)\n -rl, -rate-limit int maximum requests to send per second (default 150)\n -rlm, -rate-limit-minute int maximum number of requests to send per minute\n\nMISCELLANEOUS:\n -pa, -probe-all-ips probe all the ips associated with same host\n -p, -ports string[] ports to probe (nmap syntax: eg http:1,2-10,11,https:80)\n -path string path or list of paths to probe (comma-separated, file)\n -tls-probe send http probes on the extracted TLS domains (dns_name)\n -csp-probe send http probes on the extracted CSP domains\n -tls-grab perform TLS(SSL) data grabbing\n -pipeline probe and display server supporting HTTP1.1 pipeline\n -http2 probe and display server supporting HTTP2\n -vhost probe and display server supporting VHOST\n -ldv, -list-dsl-variables list json output field keys name that support dsl matcher\u002Ffilter\n\nUPDATE:\n -up, -update update httpx to latest version\n -duc, -disable-update-check disable automatic httpx update check\n\nOUTPUT:\n -o, -output string file to write output results\n -oa, -output-all filename to write output results in all formats\n -sr, -store-response store http response to output directory\n -srd, -store-response-dir string store http response to custom directory\n -ob, -omit-body omit response body in output\n -csv store output in csv format\n -csvo, -csv-output-encoding string define output encoding\n -j, -json store output in JSONL(ines) format\n -irh, -include-response-header include http response (headers) in JSON output (-json only)\n -irr, -include-response include http request\u002Fresponse (headers + body) in JSON output (-json only)\n -irrb, -include-response-base64 include base64 encoded http request\u002Fresponse in JSON output (-json only)\n -include-chain include redirect http chain in JSON output (-json only)\n -store-chain include http redirect chain in responses (-sr only)\n -svrc, -store-vision-recon-cluster include visual recon clusters (-ss and -sr only)\n -pr, -protocol string protocol to use (unknown, http11, http2, http3)\n -fepp, -filter-error-page-path string path to store filtered error pages (default \"filtered_error_page.json\")\n -rdb, -result-db store results in database\n -rdbc, -result-db-config string path to database config file\n -rdbt, -result-db-type string database type (mongodb, postgres, mysql)\n -rdbcs, -result-db-conn string database connection string (env: HTTPX_DB_CONNECTION_STRING)\n -rdbn, -result-db-name string database name (default \"httpx\")\n -rdbtb, -result-db-table string table\u002Fcollection name (default \"results\")\n -rdbbs, -result-db-batch-size int batch size for database inserts (default 100)\n -rdbor, -result-db-omit-raw omit raw request\u002Fresponse data from database\n\nCONFIGURATIONS:\n -config string path to the httpx configuration file (default $HOME\u002F.config\u002Fhttpx\u002Fconfig.yaml)\n -r, -resolvers string[] list of custom resolver (file or comma separated)\n -allow string[] allowed list of IP\u002FCIDR's to process (file or comma separated)\n -deny string[] denied list of IP\u002FCIDR's to process (file or comma separated)\n -sni, -sni-name string custom TLS SNI name\n -random-agent enable Random User-Agent to use (default true)\n -auto-referer set the Referer header to the current URL\n -H, -header string[] custom http headers to send with request\n -http-proxy, -proxy string proxy (http|socks) to use (eg http:\u002F\u002F127.0.0.1:8080)\n -unsafe send raw requests skipping golang normalization\n -resume resume scan using resume.cfg\n -fr, -follow-redirects follow http redirects\n -maxr, -max-redirects int max number of redirects to follow per host (default 10)\n -fhr, -follow-host-redirects follow redirects on the same host\n -rhsts, -respect-hsts respect HSTS response headers for redirect requests\n -vhost-input get a list of vhosts as input\n -x string request methods to probe, use 'all' to probe all HTTP methods\n -body string post body to include in http request\n -s, -stream stream mode - start elaborating input targets without sorting\n -sd, -skip-dedupe disable dedupe input items (only used with stream mode)\n -ldp, -leave-default-ports leave default http\u002Fhttps ports in host header (eg. http:\u002F\u002Fhost:80 - https:\u002F\u002Fhost:443\n -ztls use ztls library with autofallback to standard one for tls13\n -no-decode avoid decoding body\n -tlsi, -tls-impersonate enable experimental client hello (ja3) tls randomization\n -no-stdin Disable Stdin processing\n -hae, -http-api-endpoint string experimental http api endpoint\n -sf, -secret-file string path to secret file for authentication\n\nDEBUG:\n -health-check, -hc run diagnostic check up\n -debug display request\u002Fresponse content in cli\n -debug-req display request content in cli\n -debug-resp display response content in cli\n -version display httpx version\n -stats display scan statistic\n -profile-mem string optional httpx memory profile dump file\n -silent silent mode\n -v, -verbose verbose mode\n -si, -stats-interval int number of seconds to wait between showing a statistics update (default: 5)\n -nc, -no-color disable colors in cli output\n -tr, -trace trace\n\nOPTIMIZATIONS:\n -nf, -no-fallback display both probed protocol (HTTPS and HTTP)\n -nfs, -no-fallback-scheme probe with protocol scheme specified in input\n -maxhr, -max-host-error int max error count per host before skipping remaining path\u002Fs (default 30)\n -e, -exclude string[] exclude host matching specified filter ('cdn', 'private-ips', cidr, ip, regex)\n -retries int number of retries\n -timeout int timeout in seconds (default 10)\n -delay value duration between each http request (eg: 200ms, 1s) (default -1ns)\n -rsts, -response-size-to-save int max response size to save in bytes (default 512000000)\n -rstr, -response-size-to-read int max response size to read in bytes (default 512000000)\n\nCLOUD:\n -auth configure projectdiscovery cloud (pdcp) api key (default true)\n -ac, -auth-config string configure projectdiscovery cloud (pdcp) api key credential file\n -pd, -dashboard upload \u002F view output in projectdiscovery cloud (pdcp) UI dashboard\n -tid, -team-id string upload asset results to given team id (optional)\n -aid, -asset-id string upload new assets to existing asset id (optional)\n -aname, -asset-name string assets group name to set (optional)\n -pdu, -dashboard-upload string upload httpx output file (jsonl) in projectdiscovery cloud (pdcp) UI dashboard\n```\n\n# Running httpx\n\nFor details about running httpx, see https:\u002F\u002Fdocs.projectdiscovery.io\u002Ftools\u002Fhttpx\u002Frunning.\n\n### Using `httpx` as a library\n`httpx` can be used as a library by creating an instance of the `Option` struct and populating it with the same options that would be specified via CLI. Once validated, the struct should be passed to a runner instance (to be closed at the end of the program) and the `RunEnumeration` method should be called. A minimal example of how to do it is in the [examples](examples\u002F) folder.\n\n# Notes\n\n- As default, `httpx` probe with **HTTPS** scheme and fall-back to **HTTP** only if **HTTPS** is not reachable.\n- Burp Suite XML exports can be used as input with `-l burp-export.xml -im burp`\n- The `-no-fallback` flag can be used to probe and display both **HTTP** and **HTTPS** result.\n- Custom scheme for ports can be defined, for example `-ports http:443,http:80,https:8443`\n- Custom resolver supports multiple protocol (**doh|tcp|udp**) in form of `protocol:resolver:port` (e.g. `udp:127.0.0.1:53`)\n- Secret files can be used for domain-based authentication via `-sf secrets.yaml`. Supported auth types: `BasicAuth`, `BearerToken`, `Header`, `Cookie`, `Query`. Example:\n ```yaml\n id: example-auth\n info:\n name: Example Auth Config\n static:\n - type: Header\n domains:\n - api.example.com\n headers:\n - key: X-API-Key\n value: secret-key-here\n - type: BasicAuth\n domains-regex:\n - \".*\\\\.internal\\\\.com$\"\n username: admin\n password: secret\n ```\n- The following flags should be used for specific use cases instead of running them as default with other probes:\n - `-ports`\n - `-path`\n - `-vhost`\n - `-screenshot`\n - `-csp-probe`\n - `-tls-probe`\n - `-favicon`\n - `-http2`\n - `-pipeline`\n - `-tls-impersonate`\n\n\n# Acknowledgement\n\nProbing feature is inspired by [@tomnomnom\u002Fhttprobe](https:\u002F\u002Fgithub.com\u002Ftomnomnom\u002Fhttprobe) work ❤️\n\n\n--------\n\n\u003Cdiv align=\"center\">\n\n`httpx` is made with 💙 by the [projectdiscovery](https:\u002F\u002Fprojectdiscovery.io) team and distributed under [MIT License](LICENSE.md).\n\n\n\u003Ca href=\"https:\u002F\u002Fdiscord.gg\u002Fprojectdiscovery\">\u003Cimg src=\"https:\u002F\u002Fraw.githubusercontent.com\u002Fprojectdiscovery\u002Fnuclei-burp-plugin\u002Fmain\u002Fstatic\u002Fjoin-discord.png\" width=\"300\" alt=\"Join Discord\">\u003C\u002Fa>\n\n\u003C\u002Fdiv>\n","httpx 是一个快速且多用途的 HTTP 工具包,使用 retryablehttp 库来执行多种探测任务。其核心功能包括支持多种基于 HTTP 的探测、智能自动从 HTTPS 回退到 HTTP 以及处理 WAF 等边缘情况时进行重试和回退。此外,它还提供了高度可配置的标志以适应不同的探测需求,并能接受主机、URL 和 CIDR 作为输入源。httpx 适用于网络安全测试、漏洞赏金狩猎、渗透测试等场景,特别适合需要对大量目标进行高效网络扫描的情况。",2,"2026-06-11 03:02:21","top_language"]