Fast multi-purpose HTTP toolkit — probe live hosts, fingerprint tech stacks, screenshot, take headers, status codes, in parallel.
Installation
Pick the install method that matches your stack. The Docker option is the cleanest for one-off scans where you don’t want to pollute your workstation.
Go install
go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest
Docker
docker run projectdiscovery/httpx -u target.com
Binary release
curl -L https://github.com/projectdiscovery/httpx/releases/latest/download/httpx_linux_amd64.zip -o httpx.zip
Core commands
The handful of invocations you’ll actually run on 90% of engagements:
Probe hostlist for live sites
cat hosts.txt | httpx -silent
Status + tech stack + title
cat hosts.txt | httpx -title -tech-detect -status-code
Take screenshots
cat hosts.txt | httpx -screenshot -o ./screens/
Custom probe path
cat hosts.txt | httpx -path /admin,/login,/api
Output JSON
cat hosts.txt | httpx -json -o probes.json
Match strings in body
cat hosts.txt | httpx -ms "admin login" -mc 200
Performance optimisation
What separates a junior who runs the default invocation from a practitioner who knows the knobs:
-threads 100default; bump to 250 on bulk scans of 10k+ hosts.-rate-limit 200caps req/sec absolutely.-timeout 5per-request timeout. Default 5s; raise on slow targets.-no-color -silentfor clean JSON pipes into nuclei/dnsx.-store-responsesaves full HTTP responses — useful for offline analysis.-faviconhashes favicons (Shodan-style) — clusters infra by favicon hash.
Common pitfalls
Real failure modes that bite people on engagements. Most are recoverable; a few are reputation-damaging.
- Default fetches root /. For routes like /api/v1/, specify with
-path. -screenshotuses headless Chrome — heavyweight, much slower than text probes.- TLS errors return as failures — use
-tls-grabto inspect cert despite errors.
Modern alternatives in 2026
The ecosystem moves fast. These are tools you should at least be aware of:
- aquatone — older, screenshot-focused.
- gowitness — pure screenshot tool.
- uncover — Shodan/Censys CLI.
India context and engagement notes
httpx is the second tool in the ProjectDiscovery pipe (subfinder | dnsx | httpx | nuclei). Run on every domain inventory monthly — diffs between runs reveal new hosts going live, often before your CMDB knows.
⚖️ Legal: Use only on systems you own or have explicit written authorisation to test. In India, unauthorised access is punishable under Section 66 of the IT Act, 2000 (up to 3 years imprisonment + fine). Pair every engagement with a signed Statement of Work or Rules of Engagement before running anything from this page.
Custom team training + practitioner advisory
Beyond the free academy — we run private workshops, vCISO advisory, and red-team exercises tailored to your stack. For Indian SMBs scaling past their first hire.