HTTPX

HTTP Probe & Technology Fingerprinting

"Fast HTTP/HTTPS prober — discover live hosts, technologies, redirects, and response details."

What it does

httpx is the essential first step before running any deeper web scanner. It probes each target over HTTP and HTTPS, determines if the host is alive and responding, and collects a wealth of information from the response: status codes, titles, content-type, server headers, redirect chains, content length, and detected technologies.

For bulk scanning scenarios, running httpx first across all discovered subdomains tells you which ones are live HTTP services worth scanning further. Dead hosts, HTTPS redirects, and parked domains are identified immediately — saving hours of scanner time on targets that aren't real web applications.

httpx has no configurable options in PTK — it runs with sensible defaults and completes in seconds per host.

Example findings

HIGHHTTP Basic Auth Dialog on /admin — Credential Brute-Force Riskhttpx

MEDIUMHTTP Used Instead of HTTPS — Unencrypted Traffichttpx

MEDIUMServer Header Exposes nginx/1.14.0 — Outdated Versionhttpx

INFOWordPress 6.2 Detected — title: "Just another WordPress site"httpx

← Back to all tools ▶ Scan with HTTPX

What it finds

▸HTTP and HTTPS availability (which hosts are live)
▸HTTP status codes (200, 301, 403, 500, etc.)
▸Page titles — often reveals application type
▸Server header (nginx, Apache, IIS, Cloudflare)
▸Technology fingerprinting (React, WordPress, Laravel, etc.)
▸Redirect chains and final destination
▸CDN detection (Cloudflare, Fastly, AWS CloudFront)

Works well with

Nmap →Nuclei →Subfinder →Headers →