Skip to main content

httpx

httpx is an essential HTTP toolkit within Canva workflows designed for identifying web application technologies and capturing screenshots. It plays a crucial role in automated security workflows by facilitating effective reconnaissance through detailed HTTP probing.

Ideal Use Cases & Fit

httpx excels in scenarios requiring extensive analysis of web applications, including:

  • Web Content Extraction: Efficiently retrieving HTML content, headers, and response data from websites for analysis.
  • Subdomain Enumeration: Analyzing lists of subdomains to detect underlying technologies.
  • Web Application Fingerprinting: Identifying the technologies used within a web application and assessing their configurations.
  • Compatibility Testing: Validating HTTP behaviors across multiple subdomains.

This tool is optimal for early-stage reconnaissance; however, it may not be suitable for deep vulnerability assessments or activities that require active exploitation.

Value in Workflows

In security workflows, httpx enhances integration by automating information gathering and aiding in situational awareness. It typically fits within the reconnaissance phase, providing foundational data that informs subsequent actions, such as vulnerability scanning or penetration testing. The tool is particularly resource-efficient, making it ideal for initial data collection and basic content extraction tasks. The output can seamlessly feed into analysis tools or be utilized for reporting purposes.

Input Data

httpx expects input data in the following format:

  • Type: File
  • Format: Newline separated subdomains
  • Function: Target
  • Required Fields:
    • Example: 
      subdomain.example.com
      subdomain2.example.com

Configuration

  • Input Parameters:

    • target: Specifies the target subdomains file.

  • General Parameters:

    • silent: Controls whether to silently save output to a file.
    • proxy: Sets the proxy for HTTP requests.
    • json: Indicates whether to format the output in JSON.

  • Response Control:

    • status-code: Displays the response status code.
    • content-length: Shows response content length.
    • content-type: Provides the content type of responses.

  • Probing Specifics:

    • tech-detect: Activates technology detection in use.
    • web-server: Displays the server name.
    • favicon: Retrieves the hash for the favicon.

  • Filtering Options:

    • filter_by_string: Filters responses based on specific strings.
    • filter_duplicates: Removes duplicate responses.

These parameters empower workflow builders to tailor the tool’s functionality to their specific needs, ensuring comprehensive probing and output management. Updated: 2026-02-17