214 lines
8.0 KiB
Markdown
214 lines
8.0 KiB
Markdown
# HTTPZ Web Scanner
|
|
|
|
|
|
|
|
A high-performance concurrent web scanner written in Python. HTTPZ efficiently scans domains for HTTP/HTTPS services, extracting valuable information like status codes, titles, SSL certificates, and more.
|
|
|
|
## Requirements
|
|
|
|
- [Python](https://www.python.org/downloads/)
|
|
- [aiohttp](https://pypi.org/project/aiohttp/)
|
|
- [beautifulsoup4](https://pypi.org/project/beautifulsoup4/)
|
|
- [cryptography](https://pypi.org/project/cryptography/)
|
|
- [dnspython](https://pypi.org/project/dnspython/)
|
|
- [mmh3](https://pypi.org/project/mmh3/)
|
|
- [python-dotenv](https://pypi.org/project/python-dotenv/)
|
|
|
|
## Installation
|
|
|
|
### Via pip *(recommended)*
|
|
```bash
|
|
# Install from PyPI
|
|
pip install httpz_scanner
|
|
|
|
# The 'httpz' command will now be available in your terminal
|
|
httpz --help
|
|
```
|
|
|
|
### From source
|
|
```bash
|
|
# Clone the repository
|
|
git clone https://github.com/acidvegas/httpz
|
|
cd httpz
|
|
pip install -r requirements.txt
|
|
```
|
|
|
|
## Usage
|
|
|
|
### Command Line Interface
|
|
|
|
Basic usage:
|
|
```bash
|
|
python -m httpz_scanner domains.txt
|
|
```
|
|
|
|
Scan with all flags enabled and output to JSONL:
|
|
```bash
|
|
python -m httpz_scanner domains.txt -all -c 100 -o results.jsonl -j -p
|
|
```
|
|
|
|
Read from stdin:
|
|
```bash
|
|
cat domains.txt | python -m httpz_scanner - -all -c 100
|
|
echo "example.com" | python -m httpz_scanner - -all
|
|
```
|
|
|
|
Filter by status codes and follow redirects:
|
|
```bash
|
|
python -m httpz_scanner domains.txt -mc 200,301-399 -ec 404,500 -fr -p
|
|
```
|
|
|
|
Show specific fields with custom timeout and resolvers:
|
|
```bash
|
|
python -m httpz_scanner domains.txt -sc -ti -i -tls -to 10 -r resolvers.txt
|
|
```
|
|
|
|
Full scan with all options:
|
|
```bash
|
|
python -m httpz_scanner domains.txt -c 100 -o output.jsonl -j -all -to 10 -mc 200,301 -ec 404,500 -p -ax -r resolvers.txt
|
|
```
|
|
|
|
### Distributed Scanning
|
|
Split scanning across multiple machines using the `--shard` argument:
|
|
|
|
```bash
|
|
# Machine 1
|
|
httpz domains.txt --shard 1/3
|
|
|
|
# Machine 2
|
|
httpz domains.txt --shard 2/3
|
|
|
|
# Machine 3
|
|
httpz domains.txt --shard 3/3
|
|
```
|
|
|
|
Each machine will process a different subset of domains without overlap. For example, with 3 shards:
|
|
- Machine 1 processes lines 0,3,6,9,...
|
|
- Machine 2 processes lines 1,4,7,10,...
|
|
- Machine 3 processes lines 2,5,8,11,...
|
|
|
|
This allows efficient distribution of large scans across multiple machines.
|
|
|
|
### Python Library
|
|
```python
|
|
import asyncio
|
|
import urllib.request
|
|
from httpz_scanner import HTTPZScanner
|
|
|
|
async def scan_from_list() -> list:
|
|
with urllib.request.urlopen('https://example.com/domains.txt') as response:
|
|
content = response.read().decode()
|
|
return [line.strip() for line in content.splitlines() if line.strip()][:20]
|
|
|
|
async def scan_from_url():
|
|
with urllib.request.urlopen('https://example.com/domains.txt') as response:
|
|
for line in response:
|
|
if line := line.strip():
|
|
yield line.decode().strip()
|
|
|
|
async def scan_from_file():
|
|
with open('domains.txt', 'r') as file:
|
|
for line in file:
|
|
if line := line.strip():
|
|
yield line
|
|
|
|
async def main():
|
|
# Initialize scanner with all possible options (showing defaults)
|
|
scanner = HTTPZScanner(
|
|
concurrent_limit=100, # Number of concurrent requests
|
|
timeout=5, # Request timeout in seconds
|
|
follow_redirects=False, # Follow redirects (max 10)
|
|
check_axfr=False, # Try AXFR transfer against nameservers
|
|
resolver_file=None, # Path to custom DNS resolvers file
|
|
output_file=None, # Path to JSONL output file
|
|
show_progress=False, # Show progress counter
|
|
debug_mode=False, # Show error states and debug info
|
|
jsonl_output=False, # Output in JSONL format
|
|
shard=None, # Tuple of (shard_index, total_shards) for distributed scanning
|
|
|
|
# Control which fields to show (all False by default unless show_fields is None)
|
|
show_fields={
|
|
'status_code': True, # Show status code
|
|
'content_type': True, # Show content type
|
|
'content_length': True, # Show content length
|
|
'title': True, # Show page title
|
|
'body': True, # Show body preview
|
|
'ip': True, # Show IP addresses
|
|
'favicon': True, # Show favicon hash
|
|
'headers': True, # Show response headers
|
|
'follow_redirects': True, # Show redirect chain
|
|
'cname': True, # Show CNAME records
|
|
'tls': True # Show TLS certificate info
|
|
},
|
|
|
|
# Filter results
|
|
match_codes={200,301,302}, # Only show these status codes
|
|
exclude_codes={404,500,503} # Exclude these status codes
|
|
)
|
|
|
|
# Example 1: Process file
|
|
print('\nProcessing file:')
|
|
async for result in scanner.scan(scan_from_file()):
|
|
print(f"{result['domain']}: {result['status']}")
|
|
|
|
# Example 2: Stream URLs
|
|
print('\nStreaming URLs:')
|
|
async for result in scanner.scan(scan_from_url()):
|
|
print(f"{result['domain']}: {result['status']}")
|
|
|
|
# Example 3: Process list
|
|
print('\nProcessing list:')
|
|
domains = await scan_from_list()
|
|
async for result in scanner.scan(domains):
|
|
print(f"{result['domain']}: {result['status']}")
|
|
|
|
if __name__ == '__main__':
|
|
asyncio.run(main())
|
|
```
|
|
|
|
The scanner accepts various input types:
|
|
- File paths (string)
|
|
- Lists/tuples of domains
|
|
- stdin (using '-')
|
|
- Async generators that yield domains
|
|
|
|
All inputs support sharding for distributed scanning using the `shard` parameter.
|
|
|
|
## Arguments
|
|
|
|
| Argument | Long Form | Description |
|
|
|---------------|------------------|-------------------------------------------------------------|
|
|
| `file` | | File containing domains *(one per line)*, use `-` for stdin |
|
|
| `-d` | `--debug` | Show error states and debug information |
|
|
| `-c N` | `--concurrent N` | Number of concurrent checks *(default: 100)* |
|
|
| `-o FILE` | `--output FILE` | Output file path *(JSONL format)* |
|
|
| `-j` | `--jsonl` | Output JSON Lines format to console |
|
|
| `-all` | `--all-flags` | Enable all output flags |
|
|
| `-sh` | `--shard N/T` | Process shard N of T total shards *(e.g., 1/3)* |
|
|
|
|
### Output Field Flags
|
|
|
|
| Flag | Long Form | Description |
|
|
|--------| ---------------------|----------------------------------|
|
|
| `-sc` | `--status-code` | Show status code |
|
|
| `-ct` | `--content-type` | Show content type |
|
|
| `-ti` | `--title` | Show page title |
|
|
| `-b` | `--body` | Show body preview |
|
|
| `-i` | `--ip` | Show IP addresses |
|
|
| `-f` | `--favicon` | Show favicon hash |
|
|
| `-hr` | `--headers` | Show response headers |
|
|
| `-cl` | `--content-length` | Show content length |
|
|
| `-fr` | `--follow-redirects` | Follow redirects *(max 10)* |
|
|
| `-cn` | `--cname` | Show CNAME records |
|
|
| `-tls` | `--tls-info` | Show TLS certificate information |
|
|
|
|
### Other Options
|
|
|
|
| Option | Long Form | Description |
|
|
|-------------|-------------------------|-----------------------------------------------------|
|
|
| `-to N` | `--timeout N` | Request timeout in seconds *(default: 5)* |
|
|
| `-mc CODES` | `--match-codes CODES` | Only show specific status codes *(comma-separated)* |
|
|
| `-ec CODES` | `--exclude-codes CODES` | Exclude specific status codes *(comma-separated)* |
|
|
| `-p` | `--progress` | Show progress counter |
|
|
| `-ax` | `--axfr` | Try AXFR transfer against nameservers |
|
|
| `-r FILE` | `--resolvers FILE` | File containing DNS resolvers *(one per line)* | |