Skip to main content
Name:httpx-screenshot
Category:Discovery
Publisher:trickest-mhmdiaa
Created:11/9/2023
Container:quay.io/trickest/httpx-screenshot:v1.7.1
Output Type:
License:Unknown

Parameters

x
string
-xrequest methods to probe, use 'all' to probe all HTTP methods
ip
boolean
-ipdisplay host ip
asn
boolean
-asndisplay host asn information
cdn
boolean
-cdndisplay cdn in use
csv
boolean
-csvstore output in csv format
body
file
-bodypost body to include in http request
deny
string
-denydenied list of IP/CIDR's to process (comma separated)
hash
string
-hashdisplay response body hash (supported: md5,mmh3,simhash,sha1,sha256,sha512)
jarm
boolean
-jarmdisplay jarm fingerprint hash
json
boolean
-jsonstore output in JSONL(ines) format
list
file
required
-listinput file containing list of hosts to process
path
string
-pathpath or list of paths to probe (comma-separated)
ztls
boolean
-ztlsuse ztls library with autofallback to standard one for tls13
allow
string
-allowallowed list of IP/CIDR's to process (comma separated)
cname
boolean
-cnamedisplay host cname
debug
boolean
-debugdisplay request/response content in cli
delay
string
-delayduration between each http request (eg: 200ms, 1s) (default -1ns)
http2
boolean
-http2probe and display server supporting HTTP2
ports
string
-portsports to probe (nmap syntax: eg http:1,2-10,11,https:80)
probe
boolean
-probedisplay probe status
stats
boolean
-statsdisplay scan statistic
title
boolean
-titledisplay page title
trace
boolean
-tracetrace
vhost
boolean
-vhostprobe and display server supporting VHOST
config
file
-configpath to the httpx configuration file
header
string
-headercustom http headers to send with request
method
boolean
-methoddisplay http request method
silent
boolean
-silentsilent mode
target
string
-targetinput target host(s) to probe
unsafe
boolean
-unsafesend raw requests skipping golang normalization
exclude
string
-excludeexclude host matching specified filter ('cdn', 'private-ips', cidr, ip, regex)
favicon
boolean
-favicondisplay mmh3 hash for '/favicon.ico' file
request
file
-requestfile containing raw request
retries
string
-retriesnumber of retries
threads
string
-threadsnumber of threads to use (default 50)
timeout
string
-timeouttimeout in seconds (default 5)
verbose
boolean
-verboseverbose mode
location
boolean
-locationdisplay response redirect location
pipeline
boolean
-pipelineprobe and display server supporting HTTP1.1 pipeline
protocol
string
-protocolprotocol to use (unknown, http11)
sni-name
string
-sni-namecustom TLS SNI name
tls-grab
boolean
-tls-grabperform TLS(SSL) data grabbing
csp-probe
boolean
-csp-probesend http probes on the extracted CSP domains
debug-req
boolean
-debug-reqdisplay request content in cli
deny-list
file
-denydenied list of IP/CIDR's to process
match-cdn
string
-match-cdnmatch host with specified cdn provider (azure, cloudflare, cloudfront, fastly, incapsula, oracle, google, sucuri, leaseweb, akamai)
no-decode
boolean
-no-decodeavoid decoding body
omit-body
boolean
-omit-bodyomit response body in output
path-list
file
-pathlist of paths to probe
resolvers
string
-resolverslist of custom resolvers (comma separated)
tls-probe
boolean
-tls-probesend http probes on the extracted TLS domains (dns_name)
websocket
boolean
-websocketdisplay server using websocket
allow-list
file
-allowallowed list of IP/CIDR's to process
debug-resp
boolean
-debug-respdisplay response content in cli
filter-cdn
string
-filter-cdnfilter host with specified cdn provider (azure, cloudflare, cloudfront, fastly, incapsula, oracle, google, sucuri, leaseweb, akamai)
http-proxy
string
-http-proxyhttp proxy to use (eg http://127.0.0.1:8080)
line-count
boolean
-line-countdisplay response body line count
match-code
string
-match-codematch response with specified status code (-mc 200,302)
rate-limit
string
-rate-limitmaximum requests to send per second (default 150)
web-server
boolean
-web-serverdisplay server name
word-count
boolean
-word-countdisplay response body word count
filter-code
string
-filter-codefilter response with specified status code (-fc 403,401)
header-file
file
-header-filecustom http headers to send with request
match-regex
string
-match-regexmatch response with specified regex (-mr admin)
no-fallback
boolean
-no-fallbackdisplay both probed protocol (HTTPS and HTTP)
status-code
boolean
-status-codedisplay response status-code
store-chain
boolean
-store-chaininclude http redirect chain in responses (-sr only)
tech-detect
boolean
-tech-detectdisplay technology in use based on wappalyzer dataset
vhost-input
boolean
-vhost-inputget a list of vhosts as input
body-preview
boolean
-body-previewdisplay first N characters of response body (default 100)
content-type
boolean
-content-typedisplay response content-type
extract-fqdn
boolean
-extract-fqdnget domain and subdomains from response body and header in jsonl/csv output
filter-regex
string
-filter-regexfilter response with specified regex (-fe admin)
health-check
boolean
-health-checkrun diagnostic check up
match-length
string
-match-lengthmatch response with specified content length (-ml 100,102)
match-string
string
-match-stringmatch response with specified string (-ms admin)
random-agent
boolean
-random-agentenable Random User-Agent to use (default true)
respect-hsts
boolean
-respect-hstsrespect HSTS response headers for redirect requests
extract-regex
string
-extract-regexdisplay response content with matched regex
filter-length
string
-filter-lengthfilter response with specified content length (-fl 23,33)
filter-string
string
-filter-stringfilter response with specified string (-fs admin)
include-chain
boolean
-include-chaininclude redirect http chain in JSON output (-json only)
match-favicon
string
-match-faviconmatch response with specified favicon hash (-mfc 1494302000)
max-redirects
string
-max-redirectsmax number of redirects to follow per host (default 10)
probe-all-ips
boolean
-probe-all-ipsprobe all the ips associated with same host
response-time
boolean
-response-timedisplay response time
content-length
boolean
-content-lengthdisplay response content-length
extract-preset
string
-extract-presetdisplay response content matched by a pre-defined regex (url,ipv4,mail)
filter-favicon
string
-filter-faviconfilter response with specified favicon hash (-mfc 1494302000)
max-host-error
string
-max-host-errormax error count per host before skipping remaining path/s (default 30)
resolvers-file
file
-resolverslist of custom resolvers
stats-interval
string
-stats-intervalnumber of seconds to wait between showing a statistics update (default: 5)
store-response
boolean
-store-responsestore http response to output directory
match-condition
string
-match-conditionmatch response with dsl expression condition
screenshot-idle
string
-screenshot-idleset idle time before taking screenshot in seconds (default 1s)
tls-impersonate
boolean
-tls-impersonateenable random tls client (ja3) impersonation (experimental)
filter-condition
string
-filter-conditionfilter response with dsl expression condition
follow-redirects
boolean
-follow-redirectsfollow http redirects
headless-options
string
-headless-optionsstart headless chrome with additional options
include-response
boolean
-include-responseinclude http request/response in JSON output (-json only)
match-line-count
string
-match-line-countmatch response body with specified line count (-mlc 423,532)
match-word-count
string
-match-word-countmatch response body with specified word count (-mwc 43,55)
filter-duplicates
boolean
-filter-duplicatesfilter out near-duplicate responses (only first response is retained)
filter-error-page
boolean
-filter-error-pagefilter response with ML based error page detection
filter-line-count
string
-filter-line-countfilter response body with specified line count (-flc 423,532)
filter-word-count
string
-filter-word-countfilter response body with specified word count (-fwc 423,532)
rate-limit-minute
string
-rate-limit-minutemaximum number of requests to send per minute
list-dsl-variables
boolean
-list-dsl-variableslist json output field keys name that support dsl matcher/filter
no-fallback-scheme
boolean
-no-fallback-schemeprobe with protocol scheme specified in input
screenshot-timeout
string
-screenshot-timeoutset timeout for screenshot in seconds (default 10)
csv-output-encoding
string
-csv-output-encodingdefine output encoding
leave-default-ports
boolean
-leave-default-portsleave default http/https ports in host header (eg. http://host:80 - https//host:443
match-response-time
string
-match-response-timematch response with specified response time in seconds (-mrt '< 1')
filter-response-time
string
-filter-response-timefilter response with specified response time in seconds (-frt '> 1')
exclude-headless-body
boolean
-exclude-headless-bodyenable excluding headless header from json output
follow-host-redirects
boolean
-follow-host-redirectsfollow redirects on the same host
response-size-to-read
string
-response-size-to-readmax response size to read in bytes (default 2147483647)
response-size-to-save
string
-response-size-to-savemax response size to save in bytes (default 2147483647)
include-response-base64
boolean
-include-response-base64include base64 encoded http request/response in JSON output (-json only)
include-response-header
boolean
-include-response-headerinclude http response (headers) in JSON output (-json only)
no-screenshot-full-page
boolean
-no-screenshot-full-pagedisable saving full page screenshot
exclude-screenshot-bytes
boolean
-exclude-screenshot-bytesenable excluding screenshot bytes from json output
store-vision-recon-cluster
boolean
-store-vision-recon-clusterinclude visual recon clusters (-ss and -sr only)