Comments (16)
It works without port flag? @marcopolo157
from httpx.
Also it sometimes randomly returns double results for the same http port:
echo 192.168.8.0/24 | ./httpx -title -content-length -status-code -ports 80,443,8080
__ __ __ _ __
/ /_ / /_/ /_____ | |/ /
/ __ \/ __/ __/ __ \| /
/ / / / /_/ /_/ /_/ / |
/_/ /_/\__/\__/ .___/_/|_|
/_/ v1
projectdiscovery.io
[WRN] Use with caution. You are responsible for your actions
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
http://192.168.8.100:8080 [200] [1409] [Burp Suite Professional]
http://192.168.8.100:8080 [200] [1409] [Burp Suite Professional]
from httpx.
@bauthard yes without port flag works fine.
from httpx.
Thank you, we will confirm and fix this.
from httpx.
@marcopolo157 I'm not able to reproduce this, it's working fine as you can see here, and that duplicate is not random, when you request for port, 80 and 443, You see result for both request, other one for port 443 which fallback to 80 as that host was not accessible on port 443.
> echo 173.0.84.0/24 | httpx -title -content-length -status-code -ports 80,443 -silent
http://173.0.84.22:80 [302] [0] []
http://173.0.84.12:80 [404] [42] []
http://173.0.84.13:80 [302] [0] []
https://173.0.84.4:443 [301] [0] []
https://173.0.84.4:443 [301] [0] []
http://173.0.84.4:80 [302] [0] []
http://173.0.84.13:80 [302] [0] []
http://173.0.84.14:80 [404] [42] []
https://173.0.84.6:443 [200] [7543] []
https://173.0.84.6:443 [200] [7543] []
https://173.0.84.6:443 [200] [7543] []
https://173.0.84.12:443 [404] [42] []
https://173.0.84.12:443 [404] [42] []
https://173.0.84.14:443 [404] [42] []
https://173.0.84.24:443 [302] [35] []
https://173.0.84.24:443 [302] [35] []
https://173.0.84.24:443 [302] [35] []
https://173.0.84.16:443 [200] [7543] []
https://173.0.84.16:443 [200] [7525] []
https://173.0.84.16:443 [200] [7543] []
https://173.0.84.2:443 [200] [7543] []
http://173.0.84.2:80 [301] [0] []
https://173.0.84.29:443 [404] [169] [404 Not Found]
http://173.0.84.27:80 [302] [0] []
http://173.0.84.28:80 [302] [0] []
http://173.0.84.27:80 [302] [0] []
from httpx.
@bauthard Idk why this is happening, but I noticed when the threads are set to 1, it works fine.
echo 192.168.8.0/24 | ./httpx -title -content-length -status-code -ports 80,443,8080 -silent -threads 1
http://192.168.8.1:80 [307] [13] []
Btw try on CIDR where the x.x.x.1 is alive.
from httpx.
I can not test or confirm as you are testing this on your local network, would like to know if you facing this issue on any public IP which we can use to reproduce @marcopolo157
from httpx.
@bauthard try this one
echo 1.1.1.1 | ./httpx -title -content-length -status-code -ports 80,443 -silent
http://1.1.1.1:80 [301] [186] [301 Moved Permanently]
https://1.1.1.1:443 [200] [47069] [1.1.1.1 — The free app that makes your Internet faster.]
echo 1.1.1.0/24 | ./httpx -title -content-length -status-code -ports 80,443 -silent
http://1.1.1.4:80 [403] [16] []
https://1.1.1.2:443 [302] [0] []
https://1.1.1.2:443 [302] [0] []
http://1.1.1.8:80 [403] [16] []
http://1.1.1.14:80 [403] [16] []
http://1.1.1.22:443 [400] [253] [400 The plain HTTP request was sent to HTTPS port]
http://1.1.1.12:443 [400] [253] [400 The plain HTTP request was sent to HTTPS port]
http://1.1.1.16:443 [400] [253] [400 The plain HTTP request was sent to HTTPS port]
http://1.1.1.6:443 [400] [253] [400 The plain HTTP request was sent to HTTPS port]
....
....
from httpx.
it's a valid issue @marcopolo157, thank you for pointing this out.
from httpx.
Thank you!
from httpx.
To reproduce:-
> prips 1.1.1.0/24 | httpx -title -content-length -status-code -ports 80,443 -silent | grep 1.1.1.1:80
http://1.1.1.1:80 [301] [186] [301 Moved Permanently]
> echo 1.1.1.0/24 | httpx -title -content-length -status-code -ports 80,443 -silent | grep 1.1.1.1:80
from httpx.
@bauthard duplicate bug reproduce:
echo 1.1.1.0/24 | ./httpx -title -content-length -status-code -ports 80,443 -silent | sort | uniq -d
from httpx.
Hey @marcopolo157,
Please have a look at last comment:-
and that duplicate is not random, when you request for port, 80 and 443, You see the result for both request, other one for port 443 which fallback to 80 as that host was not accessible on port 443.
that's not a bug, but expected behavior to auto fallback to HTTP when HTTPs is not working.
from httpx.
hi @bauthard it's a bug, sometimes it gives triple duplicates randomly.
Run the following command multiple times:
echo 1.1.1.0/24 | ./httpx -title -content-length -status-code -ports 80,443 -silent | sort
http://1.1.1.24:80 [403] [16] []
http://1.1.1.24:80 [403] [16] []
http://1.1.1.24:80 [403] [16] []
http://1.1.1.22:443 [400] [253] [400 The plain HTTP request was sent to HTTPS port]
http://1.1.1.22:443 [400] [253] [400 The plain HTTP request was sent to HTTPS port]
http://1.1.1.22:443 [400] [253] [400 The plain HTTP request was sent to HTTPS port]
from httpx.
@marcopolo157 thank you, now I see, something is not right with CIDR handling, I've reproduced this issue as well and will be fixed with CIDR bug.
from httpx.
@marcopolo157 this is fixed in the master code.
from httpx.
Related Issues (20)
- issue with custom resolvers in httpx
- JSONL/CSV default output fields improvements
- exclude option still has bugs in version 1.5.0 HOT 5
- Rate Limit Minute (-rlm) behavior does not distribute requests evenly
- Attributes Error : module ' collection' has mo attribute 'Mutable Set' HOT 1
- How to match an empty response body? HOT 1
- aaaa (ipv6) records in "a"
- Force HTTP1.1 Only
- Split the response file into a header file and a body file. HOT 4
- Using HTTPX as a library response callback body data was Zero resulting in the same Hash HOT 2
- Multiple string matchers with an AND operator
- An ability to get multiple hash types at the same type HOT 2
- error during httpx HOT 1
- I call httpx in my program. When a no address found for host appears in the target list, it will cause other ones to exit. How can I turn off this function? HOT 2
- Identify apps with login page HOT 4
- Changing runner.Options doesn't change live domain output, only goes to stdout HOT 1
- Cannot use `gophish` from outside install directory (stand-alone bin) HOT 2
- Change options.TechDetect variable type from string to boolean
- While using list of resolver can we check specifically which resolver is used to find if website is alive or not. HOT 1
- Identifying unmaintained/unmanaged/abandoned assets using expired certificates and home page content analysis HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from httpx.