http
A command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET, TFTP, WS and WSS. libcurl offers a myriad of powerful features.
curl is used in command lines or scripts to transfer data. curl is also libcurl, used in cars, television sets, routers, printers, audio equipment, mobile phones, tablets, medical devices, settop boxes, computer games, media players and is the Internet transfer engine for countless software applications in over twenty billion installations.
Related contents:
A modular Ruby web server interface.
Rack provides a minimal, modular, and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the bridge between web servers, web frameworks, and web application into a single method call.
Related contents:
HTTP load testing tool and library. It's over 9000!'
Vegeta is a versatile HTTP load testing tool built out of a need to drill HTTP services with a constant request rate. It's over 9000!
HTTP API for Claude Code, Goose, Aider, and Codex.
Control Claude Code, Goose, Aider, and Codex with an HTTP API.
gallery of error 404 page designs.
A place to find all those lost pages, worth finding.
Hurl, run and test HTTP requests with plain text.
Hurl is a command line tool that runs HTTP requests defined in a simple plain text format.
It can chain requests, capture values and evaluate queries on headers and body response. Hurl is very versatile: it can be used for both fetching data and testing HTTP sessions.
Hurl makes it easy to work with HTML content, REST / SOAP / GraphQL APIs, or any other XML / JSON based APIs.
Docker image that echoes request data as JSON; listens on HTTP/S, useful for debugging.
a fast, memory-safe web server written in Rust. A fast, memory-safe web server powered by Rust
Ferron is a web server optimized for speed, security, and efficiency. Written in Rust, it offers memory safety and performance, making it ideal for modern websites.
A middleware framework for JavaScript and TypeScript
oak is a middleware framework for handling HTTP requests across Deno, Node.js, Bun and Cloudflare Workers.
Header Exploitation HTTP.
HExHTTP is a tool designed to perform tests on HTTP headers and analyze the results to identify vulnerabilities and interesting behaviors.
Related contents:
AmphiPod is a lightweight, HTTP-based Model Context Protocol (MCP) server implementation written in Go. It simplifies the integration of AI tools by providing an HTTP interface to the MCP specification and executing tools through WebAssembly plugins.
A humble, and 𝗳𝗮𝘀𝘁, security-oriented HTTP headers analyzer.
Elegant HTTP Networking in Swift.
Alamofire is an HTTP networking library written in Swift.
Lightweight modern Python library to add security headers (CSP, HSTS, etc.) to Django, Flask, FastAPI, and more. Secure defaults or fully customizable.
redirection.io is a complete suite for optimizing your website traffic, user experience and SEO efficiency.
Log all your HTTP traffic, detect and fix errors in minutes. The perfect toolkit for SEO companies, marketing managers, CTOs or IT teams.
A file server that supports static serving, uploading, searching, accessing control, webdav...
Source: Dufs - Le serveur de fichiers minimaliste qui simplifie tout @ Korben :fr:.
A lightweight, idiomatic and composable router for building Go HTTP services.
chi is a lightweight, idiomatic and composable router for building Go HTTP services. It's especially good at helping you write large REST API services that are kept maintainable as your project grows and changes. chi is built on the new context package introduced in Go 1.7 to handle signaling, cancelation and request-scoped values across a handler chain.
Seamless multi-master sync, that scales from Big Data to Mobile, with an Intuitive HTTP/JSON API and designed for Reliability.
CouchDB is a database that completely embraces the web. Store your data with JSON documents. Access your documents with your web browser, via HTTP. Query, combine, and transform your documents with JavaScript. CouchDB works well with modern web and mobile apps. You can distribute your data, efficiently using CouchDB’s incremental replication. CouchDB supports master-master setups with automatic conflict detection.
Related contents:
HTTP client for PostgreSQL, retrieve a web page from inside the database.
🚀 A lightweight HTTP library inspired by JavaScript's fetch, bringing simplicity and flexibility to PHP HTTP requests.
FetchPHP is a modern HTTP client library for PHP, built on top of the Guzzle HTTP client, designed to mimic the behavior of JavaScript’s fetch API. Leveraging Matrix for true asynchronous capabilities with PHP Fibers, FetchPHP allows developers to use a JavaScript-like async/await syntax. FetchPHP also offers a fluent API inspired by Laravel's HTTP client, making request building both flexible and readable.
Wireguard client that exposes itself as a socks5 proxy.
wireproxy is a completely userspace application that connects to a wireguard peer, and exposes a socks5/http proxy or tunnels on the machine. This can be useful if you need to connect to certain sites via a wireguard peer, but can't be bothered to setup a new network interface for whatever reasons.
next generation web framework for node.js.
Expressive HTTP middleware framework for node.js to make web applications and APIs more enjoyable to write. Koa's middleware stack flows in a stack-like manner, allowing you to perform actions downstream then filter and manipulate the response upstream.
Koa is a new web framework designed by the team behind Express, which aims to be a smaller, more expressive, and more robust foundation for web applications and APIs. By leveraging async functions, Koa allows you to ditch callbacks and greatly increase error-handling. Koa does not bundle any middleware within its core, and it provides an elegant suite of methods that make writing servers fast and enjoyable.
The modern API client that lives in your terminal. A powerful HTTP client that lives in your terminal.
Posting is an HTTP client, not unlike Postman and Insomnia. As a TUI application, it can be used over SSH and enables efficient keyboard-centric workflows. Your requests are stored locally in simple YAML files, meaning they're easy to read and version control.
You can use this tool to generate a valid Permissions Policy HTTP Header, which can be provided by your web server / web application in order to improve the security of your visitors and the data they may be accessing on your site.
A flexible tool for redirecting a given program's TCP traffic to SOCKS5 or HTTP proxy.
graftcp can redirect the TCP connection made by the given program [application, script, shell, etc.] to SOCKS5 or HTTP proxy.
An HTTP toolkit for security research.
Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community.
Related contents:
WebCopilot is an automation tool designed to enumerate subdomains of the target and detect bugs using different open-source tools.
An automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.
Intercept & view all your HTTP(S). Mock endpoints or entire servers. Rewrite, redirect, or inject errors.
HTTP Toolkit is a beautiful & open-source tool for debugging, testing and building with HTTP(S) on Windows, Linux & Mac.
This document defines a "problem detail" as a way to carry machine-readable details of errors in a HTTP response to avoid the need to define new error response formats for HTTP APIs.
The HTTP client abstraction for PHP.
HTTP client standard built on PSR-7 HTTP messages. The HttpAsyncClient defines an asynchronous HTTP client for PHP. This package also provides a synchronous HttpClient interface with the same method signature as the PSR-18 client. For synchronous requests, we recommend using PSR-18 directly.
The freenginx.org project. The goal of the project is to keep nginx development free from arbitrary corporate actions.
Real-time HTTP Intrusion Detection.
teler is an real-time intrusion detection and threat alert based on web log that runs in a terminal with resources that we collect and provide by the community. ❤️
SSH3: faster and rich secure shell using HTTP/3.
SSH3 is a complete revisit of the SSH protocol, mapping its semantics on top of the HTTP mechanisms. In a nutshell, SSH3 uses QUIC+TLS1.3 for secure channel establishment and the HTTP Authorization mechanisms for user authentication.
A fast TCP/UDP tunnel over HTTP.
Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. Single executable including both client and server. Written in Go (golang). Chisel is mainly useful for passing through firewalls, though it can also be used to provide a secure endpoint into your network.
HttpFy is a fast and multi-purpose HTTP toolkit.
A fast and powerful http toolkit that take a list of domains to find active domains and other information such as status-code, title, response-time , server, content-type and many other
Apache Traffic Server™ software is a fast, scalable and extensible HTTP/1.1 and HTTP/2 compliant caching proxy server. Formerly a commercial product, Yahoo! donated it to the Apache Foundation, and currently used by several major CDNs and content owners.
OpenLiteSpeed is the Open Source edition of LiteSpeed Web Server Enterprise.
OpenLiteSpeed is a high-performance, lightweight, open source HTTP server developed and copyrighted by LiteSpeed Technologies. Users are free to download, use, distribute, and modify OpenLiteSpeed and its source code in accordance with the precepts of the GPLv3 license.
All-in-one website OSINT tool for analysing any website. Comprehensive, on-demand open source intelligence for any website.
Get an insight into the inner-workings of a given website: uncover potential attack vectors, analyse server architecture, view security configurations, and learn what technologies a site is using.
Currently the dashboard will show: IP info, SSL chain, DNS records, cookies, headers, domain info, search crawl rules, page map, server location, redirect ledger, open ports, traceroute, DNS security extensions, site performance, trackers, associated hostnames, carbon footprint. Stay tuned, as I'll add more soon!
Simple and configurable command-line HTTP server
Capture is a reverse proxy that takes an incoming HTTP request and sends it to another server, proxying the response back to the client, while showing them in a dashboard.
Fast, simple, scalable, Docker-ready HTTP microservice for high-level image processing.
Fast HTTP microservice written in Go for high-level image processing backed by bimg and libvips. imaginary can be used as private or public HTTP service for massive image processing with first-class support for Docker & Fly.io. It's almost dependency-free and only uses net/http native package without additional abstractions for better performance.
Command-line URL Checker (and notifier).
CUC (English pronunciation: [cuc] / λευκός) is a very simple CLI tool to check various HTTP status for example if a webpage is available (200) or not found (404).
Expose your services easily and securely.
This project comes as a pre-built docker image that enables you to easily forward to your websites running at home or otherwise, including free SSL, without having to know too much about Nginx or Letsencrypt.
Related contents:
HTTP Monitor / HTTP Proxy / HTTPS & SSL Proxy / Reverse Proxy. Charles is an HTTP proxy / HTTP monitor / Reverse Proxy that enables a developer to view all of the HTTP and SSL / HTTPS traffic between their machine and the Internet. This includes requests, responses and the HTTP headers (which contain the cookies and caching information).
For when you really just want to serve some files over HTTP right now! miniserve is a small, self-contained cross-platform CLI tool that allows you to just grab the binary and serve some file(s) via HTTP. Sometimes this is just a more practical and quick way than doing things properly.
The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit. XSRFProbe is an advanced Cross Site Request Forgery (CSRF/XSRF) Audit and Exploitation Toolkit. Equipped with a powerful crawling engine and numerous systematic checks, it is able to detect most cases of CSRF vulnerabilities, their related bypasses and futher generate (maliciously) exploitable proof of concepts with each found vulnerability. For more info on how XSRFProbe works, see XSRFProbe Internals on wiki.
An interactive console program that allows traffic flows to be intercepted, inspected, modified and replayed.
The HTTP/2 Web Server with Fully Managed TLS (automatic HTTPS).
Caddy 2 is a powerful, enterprise-ready, open source web server with automatic HTTPS written in Go
Analyse your HTTP response headers and find security breaches
IPFS is a new hypermedia distribution protocol, addressed by content and identities. IPFS enables the creation of completely distributed applications. It aims to make the web faster, safer, and more open.
mitmproxy is a console tool that allows interactive examination and modification of HTTP traffic. It differs from mitmdump in that all flows are kept in memory, which means that it's intended for taking and manipulating small-ish samples. Use the ? shortcut key to view, context-sensitive documentation from any mitmproxy screen.
HTTPie is a command line HTTP client, a user-friendly cURL replacement.
Requests is a humble HTTP request library. It simplifies how you interact with other sites and takes away all your worries.
Nikto web server scanner.
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers.
It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.