Skip to content

Home

Jump to bottom
YogSec edited this page Feb 19, 2025 · 1 revision

HTTP FILTER | Designed By YogSec

Overview

HTTP FILTER is a Bash tool created by YogSec to streamline the process of analyzing HTTP responses from a list of URLs. It is designed for security researchers, penetration testers, and bug bounty hunters to efficiently identify interesting and anomalous HTTP responses.

When working with large URL datasets, manually inspecting each response code is tedious. HTTP FILTER automates this by concurrently sending HTTP requests and categorizing responses based on status codes into separate files. This tool is optimized for speed, making it a valuable resource for cybersecurity professionals.

Key Features

  • Concurrent processing for faster analysis.
  • Categorizes URLs based on HTTP response codes (e.g., 200.txt, 404.txt, 500.txt).
  • Logs failed requests into failed.txt.
  • Results are stored in a directory named after the input file.
  • Supports both single URL checks and bulk processing from a file.
  • Color-coded terminal output for easy status visibility.
  • User-friendly and straightforward interface.

Problem

Security professionals often work with large URL lists during reconnaissance and testing. Manually checking each HTTP response is inefficient and prone to errors. Identifying URLs with significant responses like 500 Internal Server Error or 403 Forbidden is vital for detecting vulnerabilities, but conventional methods can be slow.

Solution

HTTP FILTER automates HTTP response analysis by:

  • Concurrently fetching HTTP responses.
  • Logging URLs into files based on status codes.
  • Highlighting potentially vulnerable endpoints.
  • Enhancing efficiency and reducing errors during URL analysis.

Usage

./http_filter.sh [options]

Options

  • -h : Show help message
  • -v : Show version information
  • -l <file> : Process URLs from a file
  • -d <url> : Check a single URL

Examples

Check a single URL

./http_filter.sh -d https://example.com

Process a list of URLs

./http_filter.sh -l urls.txt

This generates a directory named urls_responses containing files like:

  • 200.txt – URLs with 200 OK
  • 404.txt – URLs with 404 Not Found
  • 500.txt – URLs with 500 Internal Server Error
  • failed.txt – URLs that failed to respond

Sample Output

[200] https://example.com
[404] https://example.com/notfound
[500] https://example.com/servererror
[FAILED] https://example.com/timeout

Requirements

  • Bash
  • curl

Installation

chmod +x http_filter.sh

Comparison with httpx

Feature HTTP FILTER httpx (ProjectDiscovery)
Language Bash Go
Focus Status code filtering Advanced HTTP probing
Concurrency Basic High-performance
Output Status code files JSON, CSV, Custom
Features Minimal TLS, Ports, Titles, etc.
Speed Good Very Fast
Learning Curve Easy Moderate

HTTP FILTER is ideal for quick status-based filtering, while httpx offers advanced functionality for large-scale automation.

Clone this wiki locally