http
A humble, and 𝗳𝗮𝘀𝘁, security-oriented HTTP headers analyzer.
The HTTP/2 Web Server with Fully Managed TLS (automatic HTTPS).
Caddy 2 is a powerful, enterprise-ready, open source web server with automatic HTTPS written in Go
Mock the APIs You Depend On. flexible, open source API mocking. A tool for mocking HTTP services.
WireMock supports several approaches for creating mock APIs - in code, via its REST API, as JSON files and by recording HTTP traffic proxied to another destination. WireMock has a rich matching system, allowing any part of an incoming request to be matched against complex and precise criteria. Responses of any complexity can be dynamically generated via the Handlebars based templating system. Finally, WireMock is easy to integrate into any workflow due to its numerous extension points and comprehensive APIs.
All-in-one website OSINT tool for analysing any website. Comprehensive, on-demand open source intelligence for any website.
Get an insight into the inner-workings of a given website: uncover potential attack vectors, analyse server architecture, view security configurations, and learn what technologies a site is using.
Currently the dashboard will show: IP info, SSL chain, DNS records, cookies, headers, domain info, search crawl rules, page map, server location, redirect ledger, open ports, traceroute, DNS security extensions, site performance, trackers, associated hostnames, carbon footprint. Stay tuned, as I'll add more soon!
A modular Ruby web server interface.
Rack provides a minimal, modular, and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the bridge between web servers, web frameworks, and web application into a single method call.
Related contents:
redirection.io is a complete suite for optimizing your website traffic, user experience and SEO efficiency.
Log all your HTTP traffic, detect and fix errors in minutes. The perfect toolkit for SEO companies, marketing managers, CTOs or IT teams.
HTTP Monitor / HTTP Proxy / HTTPS & SSL Proxy / Reverse Proxy. Charles is an HTTP proxy / HTTP monitor / Reverse Proxy that enables a developer to view all of the HTTP and SSL / HTTPS traffic between their machine and the Internet. This includes requests, responses and the HTTP headers (which contain the cookies and caching information).
Nikto web server scanner.
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers.
It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.
A middleware framework for JavaScript and TypeScript
oak is a middleware framework for handling HTTP requests across Deno, Node.js, Bun and Cloudflare Workers.
This document specifies a mechanism for dictionary-based compression in the Hypertext Transfer Protocol (HTTP). By utilizing this technique, clients and servers can reduce the size of transmitted data, leading to improved performance and reduced bandwidth consumption. This document extends existing HTTP compression methods and provides guidelines for the delivery and use of compression dictionaries within the HTTP protocol.
Related content:
Simple and configurable command-line HTTP server
An interactive console program that allows traffic flows to be intercepted, inspected, modified and replayed. An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
Related contents:
AmphiPod is a lightweight, HTTP-based Model Context Protocol (MCP) server implementation written in Go. It simplifies the integration of AI tools by providing an HTTP interface to the MCP specification and executing tools through WebAssembly plugins.
Gin is a HTTP web framework written in Go (Golang). It features a Martini-like API with much better performance -- up to 40 times faster. If you need smashing performance, get yourself some Gin.
Related contents:
The HTTP client abstraction for PHP.
HTTP client standard built on PSR-7 HTTP messages. The HttpAsyncClient defines an asynchronous HTTP client for PHP. This package also provides a synchronous HttpClient interface with the same method signature as the PSR-18 client. For synchronous requests, we recommend using PSR-18 directly.
test your system with real data.
GoReplay is an innovative open-source solution which allows you to capture your existing users activity and re-use it for testing your application. With GoReplay you can perform shadowing, load testing, or detailed analysis and monitoring.
Gor is an open-source tool for capturing and replaying live HTTP traffic into a test environment in order to continuously test your system with real data. It can be used to increase confidence in code deployments, configuration changes and infrastructure changes.
A command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET, TFTP, WS and WSS. libcurl offers a myriad of powerful features.
curl is used in command lines or scripts to transfer data. curl is also libcurl, used in cars, television sets, routers, printers, audio equipment, mobile phones, tablets, medical devices, settop boxes, computer games, media players and is the Internet transfer engine for countless software applications in over twenty billion installations.
Related contents:
Lightweight modern Python library to add security headers (CSP, HSTS, etc.) to Django, Flask, FastAPI, and more. Secure defaults or fully customizable.
next generation web framework for node.js.
Expressive HTTP middleware framework for node.js to make web applications and APIs more enjoyable to write. Koa's middleware stack flows in a stack-like manner, allowing you to perform actions downstream then filter and manipulate the response upstream.
Koa is a new web framework designed by the team behind Express, which aims to be a smaller, more expressive, and more robust foundation for web applications and APIs. By leveraging async functions, Koa allows you to ditch callbacks and greatly increase error-handling. Koa does not bundle any middleware within its core, and it provides an elegant suite of methods that make writing servers fast and enjoyable.
A high-speed covert tunnel that disguises TCP traffic as SMTP email communication to bypass Deep Packet Inspection (DPI) firewalls.
Related contents:
WebCopilot is an automation tool designed to enumerate subdomains of the target and detect bugs using different open-source tools.
An automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.
Intercept & view all your HTTP(S). Mock endpoints or entire servers. Rewrite, redirect, or inject errors.
HTTP Toolkit is a beautiful & open-source tool for debugging, testing and building with HTTP(S) on Windows, Linux & Mac.
Requests is a humble HTTP request library. It simplifies how you interact with other sites and takes away all your worries.
OpenLiteSpeed is the Open Source edition of LiteSpeed Web Server Enterprise.
OpenLiteSpeed is a high-performance, lightweight, open source HTTP server developed and copyrighted by LiteSpeed Technologies. Users are free to download, use, distribute, and modify OpenLiteSpeed and its source code in accordance with the precepts of the GPLv3 license.
HttpFy is a fast and multi-purpose HTTP toolkit.
A fast and powerful http toolkit that take a list of domains to find active domains and other information such as status-code, title, response-time , server, content-type and many other
Requests is an elegant and simple HTTP library for Python, built for human beings.
Related contents:
HTTP API for Claude Code, Goose, Aider, and Codex.
Control Claude Code, Goose, Aider, and Codex with an HTTP API.
A lightweight, idiomatic and composable router for building Go HTTP services.
chi is a lightweight, idiomatic and composable router for building Go HTTP services. It's especially good at helping you write large REST API services that are kept maintainable as your project grows and changes. chi is built on the new context package introduced in Go 1.7 to handle signaling, cancelation and request-scoped values across a handler chain.
IPFS is a new hypermedia distribution protocol, addressed by content and identities. IPFS enables the creation of completely distributed applications. It aims to make the web faster, safer, and more open.
Square’s meticulous HTTP client for the JVM, Android, and GraalVM.
Related contents:
HTTP client for PostgreSQL, retrieve a web page from inside the database.
Header Exploitation HTTP.
HExHTTP is a tool designed to perform tests on HTTP headers and analyze the results to identify vulnerabilities and interesting behaviors.
Related contents:
SSH3: faster and rich secure shell using HTTP/3.
SSH3 is a complete revisit of the SSH protocol, mapping its semantics on top of the HTTP mechanisms. In a nutshell, SSH3 uses QUIC+TLS1.3 for secure channel establishment and the HTTP Authorization mechanisms for user authentication.
Fast, simple, scalable, Docker-ready HTTP microservice for high-level image processing.
Fast HTTP microservice written in Go for high-level image processing backed by bimg and libvips. imaginary can be used as private or public HTTP service for massive image processing with first-class support for Docker & Fly.io. It's almost dependency-free and only uses net/http native package without additional abstractions for better performance.
Varnish Cache is a web application accelerator also known as a caching HTTP reverse proxy. You install it in front of any server that speaks HTTP and configure it to cache the contents. Varnish Cache is really, really fast. It typically speeds up delivery with a factor of 300 - 1000x, depending on your architecture. A high level overview of what Varnish does can be seen in this video.
The open protocol for real-time sync to client applications.
HTTP-based durable streams for streaming data reliably to web browsers, mobile apps, and native clients with offset-based resumability.
Durable Streams provides a simple, production-proven protocol for creating and consuming ordered, replayable data streams with support for catch-up reads and live tailing.
MITM Proxy for Thick Client & non-HTTP Protocol.
A TLS MITM proxy for TCP/TLS/UDP traffic, with support for TLS upgrades like STARTTLS, PostgreSQL, and more.
Non-HTTP proxy that supports TCP to TLS upgrade protocols like STARTTLS and custom protocols. Perfect for thick client intercept and database protocol analysis.
The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit. XSRFProbe is an advanced Cross Site Request Forgery (CSRF/XSRF) Audit and Exploitation Toolkit. Equipped with a powerful crawling engine and numerous systematic checks, it is able to detect most cases of CSRF vulnerabilities, their related bypasses and futher generate (maliciously) exploitable proof of concepts with each found vulnerability. For more info on how XSRFProbe works, see XSRFProbe Internals on wiki.
a light-weight HTTP/HTTPS proxy daemon for POSIX operating systems.
Tinyproxy is a small, efficient HTTP/SSL proxy daemon released under the GNU General Public License. Tinyproxy is very useful in a small network setting, where a larger proxy would either be too resource intensive, or a security risk. One of the key features of Tinyproxy is the buffering connection concept. In effect, Tinyproxy will buffer a high speed response from a server, and then relay it to a client at the highest speed the client will accept. This feature greatly reduces the problems with sluggishness on the Internet. If you are sharing an Internet connection with a small network, and you only want to allow HTTP requests to be allowed, then Tinyproxy is a great tool for the network administrator.
Related contents:
HTTP load testing tool and library. It's over 9000!'
Vegeta is a versatile HTTP load testing tool built out of a need to drill HTTP services with a constant request rate. It's over 9000!
You can use this tool to generate a valid Permissions Policy HTTP Header, which can be provided by your web server / web application in order to improve the security of your visitors and the data they may be accessing on your site.
Hurl, run and test HTTP requests with plain text.
Hurl is a command line tool that runs HTTP requests defined in a simple plain text format.
It can chain requests, capture values and evaluate queries on headers and body response. Hurl is very versatile: it can be used for both fetching data and testing HTTP sessions.
Hurl makes it easy to work with HTML content, REST / SOAP / GraphQL APIs, or any other XML / JSON based APIs.
Analyse your HTTP response headers and find security breaches
Apache Traffic Server™ software is a fast, scalable and extensible HTTP/1.1 and HTTP/2 compliant caching proxy server. Formerly a commercial product, Yahoo! donated it to the Apache Foundation, and currently used by several major CDNs and content owners.
This document defines a "problem detail" as a way to carry machine-readable details of errors in a HTTP response to avoid the need to define new error response formats for HTTP APIs.
The freenginx.org project. The goal of the project is to keep nginx development free from arbitrary corporate actions.
Capture is a reverse proxy that takes an incoming HTTP request and sends it to another server, proxying the response back to the client, while showing them in a dashboard.
A next-generation HTTP client for Python.
HTTPXYZ (pronounced "HTTP-ex-why-zee") is a fully featured HTTP client for Python 3, which provides sync and async APIs, and support for both HTTP/1.1 and HTTP/2.
Related contents:
Command-line URL Checker (and notifier).
CUC (English pronunciation: [cuc] / λευκός) is a very simple CLI tool to check various HTTP status for example if a webpage is available (200) or not found (404).
Monitor and restrict HTTP/HTTPS requests from processes.
A cross-platform tool for monitoring and restricting HTTP/HTTPS requests from processes using network isolation and transparent proxy interception.
Related contents:
A fast TCP/UDP tunnel over HTTP.
Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. Single executable including both client and server. Written in Go (golang). Chisel is mainly useful for passing through firewalls, though it can also be used to provide a secure endpoint into your network.
🚀 A lightweight HTTP library inspired by JavaScript's fetch, bringing simplicity and flexibility to PHP HTTP requests.
FetchPHP is a modern HTTP client library for PHP, built on top of the Guzzle HTTP client, designed to mimic the behavior of JavaScript’s fetch API. Leveraging Matrix for true asynchronous capabilities with PHP Fibers, FetchPHP allows developers to use a JavaScript-like async/await syntax. FetchPHP also offers a fluent API inspired by Laravel's HTTP client, making request building both flexible and readable.
A flexible tool for redirecting a given program's TCP traffic to SOCKS5 or HTTP proxy.
graftcp can redirect the TCP connection made by the given program [application, script, shell, etc.] to SOCKS5 or HTTP proxy.
Launched in 2016, the HTTP Observatory enhances web security by analyzing compliance with best security practices. It has provided insights to over 6.9 million websites through 47 million scans.
Related contents:
gallery of error 404 page designs.
A place to find all those lost pages, worth finding.
For when you really just want to serve some files over HTTP right now! miniserve is a small, self-contained cross-platform CLI tool that allows you to just grab the binary and serve some file(s) via HTTP. Sometimes this is just a more practical and quick way than doing things properly.
a fast, memory-safe web server written in Rust. A fast, memory-safe web server powered by Rust
Ferron is a web server optimized for speed, security, and efficiency. Written in Rust, it offers memory safety and performance, making it ideal for modern websites.
An executable to convert SOCKS5 proxy into HTTP proxy.
Related contents: