Bug Bounty for Beginners - Reference Little Book
  • 📘Little Bug Bounty Book
  • ❓What is Bug Bounty
  • 🎯Bug Bounty Platforms
  • 🪜Phases of Bug Hunting
  • ⚠️Required Knowledge
  • 📣So, where do I start?
    • Network Security
    • Application Security
    • Mobile Security
    • Code Review and SAST
    • OWASP?
  • 🔎Reconnaissance Phase
    • Footprinting
      • OSINT
      • Google Dorks
      • Censys
      • Shodan
    • Subdomain Enumeration
      • Amass
      • Subfinder
      • Assetfinder
      • Aquatone
      • DNSrecon
      • DNSEnum
      • HTTPX
      • ReconFTW
    • Fingerprint
      • Nmap
      • Rustscan
      • Masscan
  • 🐞Scanning Phase
    • OpenVAS
    • Nuclei
    • OWASP Zap
    • NMAP
    • Looking for Parameters with Katana
    • Searching for XSS
    • SQL Injection (SQLi)
  • ♨️Testing Phase
    • Manual Validation
    • Severity Assessment in Vulnerability Testing
    • Exploitation Phase
    • Documentation of Findings
  • 📖Reporting Phase
Powered by GitBook
On this page
  1. Reconnaissance Phase
  2. Subdomain Enumeration

HTTPX

Testing for online subdomains

PreviousDNSEnumNextReconFTW

Last updated 6 months ago

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the library. It is designed to maintain result reliability with an increased number of threads.

Here are the steps to test all the enumerated subdomains from the domain "example.com" using the httpx tool:

  1. First, you will need to have the httpx tool installed on your system. You can install it using the following command:

go install github.com/projectdiscovery/httpx/cmd/httpx@latest
  1. Once httpx is installed, you can use it to test the enumerated subdomains. The basic syntax is:

httpx -threads 100 -l subdomains.txt -o httpx_output.txt

Where subdomains.txt is a file containing the list of subdomains, and httpx_output.txt is the output file that will contain the results of the scan. The -threads option specifies the number of concurrent requests that httpx will make.

  1. To test all the enumerated subdomains from the "example.com" domain, you can use the following command:

httpx -threads 100 -l subdomains.txt -o httpx_output.txt -t 200 -m GET -follow-redirects -no-color

This will send a GET request to each subdomain and follow any redirects. The -t option specifies the timeout for each request and the -no-color option disables colored output.

The output file httpx_output.txt will contain information on the HTTP response code, response time, and any other relevant information for each subdomain tested. You can use this information to identify any subdomains that are potentially vulnerable or interesting for further testing.

🔎
retryablehttp