aeondave/httpx
offensive-tools/recon/httpx/SKILL.md
Fast HTTP probing tool for bulk URL processing, status codes, title extraction, tech detection, and web fingerprinting. Use when asked to probe a list of hosts/URLs for live web servers, find HTTP services, check status codes, extract page titles, or fingerprint web technologies.
$ install --global
skillsauthnpx skillsauth add aeondave/malskill httpxInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 19, 2026, 4:52 AM164.1s2 files scanned
SKILL.md
- name:
- httpx
- description:
- Fast HTTP probing tool for bulk URL processing, status codes, title extraction, tech detection, and web fingerprinting. Use when asked to probe a list of hosts/URLs for live web servers, find HTTP services, check status codes, extract page titles, or fingerprint web technologies.
- license:
- MIT
- compatibility:
- Linux, Windows, macOS. Install: go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest or download binary. Pre-installed on Kali.
- author:
- AeonDave
- version:
- 1.1
httpx
Fast HTTP toolkit from ProjectDiscovery — probe and fingerprint web servers at scale.
Quick Start
# Probe a list of hosts
cat hosts.txt | httpx
# Probe with status + title
httpx -l hosts.txt -status-code -title
# Silent (URLs only for live hosts)
cat subs.txt | httpx -silent
Core Flags
| Flag | Description |
|------|-------------|
| -l <file> | Input file with hosts |
| -u <url> | Single target |
| -silent | Print live URLs only |
| -status-code, -sc | Show HTTP status code |
| -title | Extract page title |
| -tech-detect, -td | Detect technologies (Wappalyzer) |
| -web-server, -server | Show web server header |
| -content-type, -ct | Show Content-Type header |
| -ip | Resolve and show IP |
| -cname | Show CNAME |
| -location | Show redirect location |
| -content-length, -cl | Show response size |
| -hash <algo> | Hash response body (md5,sha1,sha256) |
| -favicon | Extract favicon hash (Shodan mmh3) |
| -follow-redirects, -fr | Follow HTTP redirects |
| -threads <n>, -t <n> | Concurrent threads (default 50) |
| -rate-limit <n>, -rl <n> | Requests per second |
| -timeout <n> | Timeout in seconds (default 5) |
| -retries <n> | Retry count |
| -H <header> | Custom header |
| -proxy <url> | HTTP/SOCKS5 proxy |
| -o <file> | Output file |
| -json, -j | JSONL output |
| -csv | CSV output |
| -ports <p> | Probe specific ports (e.g., 80,443,8080) |
| -path <path-or-file> | Probe specific path(s) on each host |
| -no-fallback, -nf | Probe both HTTP and HTTPS instead of fallback behavior |
| -no-fallback-scheme, -nfs | Do not auto-switch schemes |
| -store-response, -sr | Store request/response artifacts |
| -store-response-dir, -srd <dir> | Directory for stored artifacts |
| -tls-impersonate, -tlsi | Experimental TLS impersonation |
| -tls-probe | Probe for TLS |
| -http2 | Enable HTTP/2 |
| -screenshot | Take screenshots (requires chromium) |
Common Workflows
# Full recon pipeline: subfinder -> httpx
subfinder -d target.com -silent | httpx -status-code -title -tech-detect -o live.txt
# Probe list with all metadata
httpx -l hosts.txt -status-code -title -tech-detect -web-server -ip -o full.json -json
# Agent-safe JSONL baseline with explicit throughput
httpx -l hosts.txt -sc -title -server -td -fr -timeout 10 -retries 1 -rl 50 -t 25 -silent -j -o httpx.jsonl
# Probe known paths and store responses for downstream route/JS parsing
httpx -l hosts.txt -path /,/login,/admin -sc -title -sr -srd recon/httpx_store -silent -j -o httpx_paths.jsonl
# Find admin/login panels
httpx -l hosts.txt -title -silent | grep -iE "admin|login|portal|dashboard"
# Port-specific probing
httpx -l hosts.txt -ports 80,443,8080,8443,3000,8888 -status-code -silent
# Probe both schemes from host-only input
httpx -l hosts.txt -nf -sc -title -silent
# Favicon hash (for Shodan pivot)
httpx -u https://target.com -favicon
# Screenshot all live hosts
httpx -l hosts.txt -screenshot -output screenshots/
Filter Results
# Only 200s
httpx -l hosts.txt -silent -mc 200
# Exclude CDN/redirect noise
httpx -l hosts.txt -silent -fc 301,302 -filter-string "cloudflare"
# Match by response body content
httpx -l hosts.txt -match-string "password" -silent
# Match by response size
httpx -l hosts.txt -ms 1024 -silent
Resources
| File | When to load |
|------|--------------|
| references/output-fields.md | All output field flags, JSON schema, match/filter options, pipeline patterns |
Related Skills
aeondave/offensive-linux-role
data-ai
VerifiedTrustedCommunity
Scoped routing: Linux operator; hosts, sessions, users, services, packages, logs, containers, SSH, network paths, privilege evidence.
4SKILL.mdUpdated Jun 5, 2026
aeondave/ics-technique
development
VerifiedTrustedCommunity
Offensive methodology for ICS/OT/SCADA environments in authorized industrial penetration testing and red team operations. Use when assessing PLCs, RTUs, HMIs, engineering workstations, historians, or field devices running Modbus, DNP3, EtherNet/IP, S7comm/S7+, Profinet, IEC 60870-5-104, BACnet, or OPC-UA. Covers passive OT network enumeration, protocol-level device interrogation, PLC coil/register read-write attacks, HMI session exploitation, historian and engineering workstation compromise, and safe escalation rules for critical infrastructure scope. Does not cover: general IT network exploitation (network-technique), physical hardware interfaces UART/JTAG/SPI (hardware-technique), wireless sensor network attacks (wireless-technique), RF/SDR signal analysis (hardware-ctf or wireless-technique), or CTF-framed ICS lab tasks (ics-ctf).
4SKILL.mdUpdated Jun 2, 2026
aeondave/game-technique
tools
VerifiedTrustedCommunity
Offensive methodology for authorized game security assessments, game client security research, and game-adjacent penetration testing in real-world engagements. Use when assessing game clients for cheating vulnerabilities, testing anti-cheat effectiveness, auditing game server protocols for score manipulation or economic fraud, reverse engineering game DRM or license validation, analyzing game save file protection, or assessing game mod/plugin security. Covers: process memory scanning and manipulation (Cheat Engine methodology), game binary reversing for license and DRM bypass, game network protocol analysis and packet replay, anti-cheat mechanism analysis, save file format reversing and tampering, speed hack and value injection techniques. Does NOT cover: CTF game challenges (game-ctf), game engine source code auditing (web-exploit-technique or vuln-search-technique for the backend), or general binary exploitation (pwn-ctf or reversing-technique).
4SKILL.mdUpdated Jun 2, 2026
aeondave/hardware-technique
development
VerifiedTrustedCommunity
Auth assessment: hardware/embedded methodology; UART/JTAG/SWD/SPI/I2C, firmware extraction, boot/debug paths, embedded OS evidence.
4SKILL.mdUpdated Jun 2, 2026