httpx (ProjectDiscovery) — Install, Use, Optimise (2026)

Manish Garg
Manish Garg Associate of (ISC)² · RingSafe
Apr 29, 2026
2 min read

Fast multi-purpose HTTP toolkit — probe live hosts, fingerprint tech stacks, screenshot, take headers, status codes, in parallel.

Use case: ReconnaissanceDifficulty: BeginnerHomepage: https://github.com/projectdiscovery/httpx

Installation

Pick the install method that matches your stack. The Docker option is the cleanest for one-off scans where you don’t want to pollute your workstation.

Go install

go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest

Docker

docker run projectdiscovery/httpx -u target.com

Binary release

curl -L https://github.com/projectdiscovery/httpx/releases/latest/download/httpx_linux_amd64.zip -o httpx.zip

Core commands

The handful of invocations you’ll actually run on 90% of engagements:

Probe hostlist for live sites

cat hosts.txt | httpx -silent

Status + tech stack + title

cat hosts.txt | httpx -title -tech-detect -status-code

Take screenshots

cat hosts.txt | httpx -screenshot -o ./screens/

Custom probe path

cat hosts.txt | httpx -path /admin,/login,/api

Output JSON

cat hosts.txt | httpx -json -o probes.json

Match strings in body

cat hosts.txt | httpx -ms "admin login" -mc 200

Performance optimisation

What separates a junior who runs the default invocation from a practitioner who knows the knobs:

  • -threads 100 default; bump to 250 on bulk scans of 10k+ hosts.
  • -rate-limit 200 caps req/sec absolutely.
  • -timeout 5 per-request timeout. Default 5s; raise on slow targets.
  • -no-color -silent for clean JSON pipes into nuclei/dnsx.
  • -store-response saves full HTTP responses — useful for offline analysis.
  • -favicon hashes favicons (Shodan-style) — clusters infra by favicon hash.

Common pitfalls

Real failure modes that bite people on engagements. Most are recoverable; a few are reputation-damaging.

  • Default fetches root /. For routes like /api/v1/, specify with -path.
  • -screenshot uses headless Chrome — heavyweight, much slower than text probes.
  • TLS errors return as failures — use -tls-grab to inspect cert despite errors.

Modern alternatives in 2026

The ecosystem moves fast. These are tools you should at least be aware of:

  • aquatone — older, screenshot-focused.
  • gowitness — pure screenshot tool.
  • uncover — Shodan/Censys CLI.

India context and engagement notes

httpx is the second tool in the ProjectDiscovery pipe (subfinder | dnsx | httpx | nuclei). Run on every domain inventory monthly — diffs between runs reveal new hosts going live, often before your CMDB knows.


⚖️ Legal: Use only on systems you own or have explicit written authorisation to test. In India, unauthorised access is punishable under Section 66 of the IT Act, 2000 (up to 3 years imprisonment + fine). Pair every engagement with a signed Statement of Work or Rules of Engagement before running anything from this page.

Want this for your team?

Custom team training + practitioner advisory

Beyond the free academy — we run private workshops, vCISO advisory, and red-team exercises tailored to your stack. For Indian SMBs scaling past their first hire.

Book team training call Replies in 4 working hrs · India-only · Senior consultants