HTTPS Finder is a lightweight, multithreaded Python tool for internal network reconnaissance.
It uses Nmap to detect open web-related ports and HTTPX to enumerate live HTTP/HTTPS services (title, status code, technology detection).
This tool is intended for authorized internal assessments only. Do not scan systems you do not have permission to test. Unauthorized scanning may be illegal and unethical.
By using this repository you confirm you have permission to scan the target network(s).
- Fast, multithreaded scanning using
ThreadPoolExecutor - Detects open web-related ports via Nmap
- Detects live HTTP/HTTPS endpoints with HTTPX
- Supports single IP/CIDR or list-of-targets input
- Saves structured output per-target in an output directory
Install the runtime tools used by the script:
- Python 3.8+
- Nmap (must be available in
$PATH) — install via your package manager, e.g.apt,yum,brew - Go (optional, for installing httpx)
- HTTPX (ProjectDiscovery) — either add binary to
$PATHor update script path
Install httpx (example):
# with Go
go install github.com/projectdiscovery/httpx/cmd/httpx@latest
# or use prebuilt binary per ProjectDiscovery releases# Clone repo
git clone https://github.com/bolbolabadi/https-finder.git
cd https-finder
# Make script executable (optional)
chmod +x https_finder.pyIf httpx binary is not in your PATH, edit https_finder.py and update the httpx path:
# find this line in the script and update path if needed
subprocess.run(["/home/alireza/go/bin/httpx", "-l", input_file, "-title", ...])python3 https_finder.py -u 192.168.1.0/24Output directory will be named 192.168.1.0_24 (slashes replaced) and will contain .gnmap and *_httpx.txt files.
Prepare targets.txt:
192.168.1.10
10.0.0.0/28
Run:
python3 https_finder.py -l targets.txtOutput directory will be named after the file (e.g. targets).
*.gnmap— Nmap greppable output for each scanned IP*_targets.txt— list of host:port targets given tohttpx*_httpx.txt—httpxresults (title, status-code, tech-detect etc.)
Example line from *_httpx.txt:
https://192.168.1.10:443 [200] [nginx] Example Dashboard
- Thread Count: Default is 20 threads (
ThreadPoolExecutor(max_workers=20)). Adjustmax_workersin the script for your environment and load expectations. - Nmap Ports: The script contains a long list of common web-related ports in the
NMAP_PORTSvariable. Edit that string if you want to narrow or expand ports. - httpx Path: Change
/home/alireza/go/bin/httpxto the path wherehttpxis installed or add it to yourPATHand callhttpxdirectly.
# single CIDR
python3 https_finder.py -u 10.10.0.0/24
# from file
python3 https_finder.py -l my_targets.txt
# then inspect outputs
ls 10.10.0.0_24
cat 10.10.0.1_httpx.txtExample Action: run basic linting and a quick smoke test (do not run network scans on CI unless you control targets).
Create .github/workflows/ci.yml:
name: CI
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: "3.10"
- name: Lint (basic)
run: |
python -m pyflakes https_finder.py || true
- name: Run unit-style smoke check
run: |
python -c "import argparse,ipaddress,subprocess; print('imports ok')"Note: This CI job keeps it safe by not invoking Nmap/HTTPX in shared CI runners.
- If
nmapfails: confirmnmapinstalled and you have permission to run (raw socket privileges may be required for-sS). - If
httpxoutput is empty: confirmhttpxbinary path or PATH and that the*_targets.txtfiles contain valid host:port entries. - For permission issues run Nmap as a user with required privileges or switch scan type (e.g., remove
-sS).
If you discover a security vulnerability, please do not open a public issue. Contact the repository owner directly (provide an email in the repo or a direct GitHub contact) with full details and reproduction steps.
This project is licensed under the MIT License — see the LICENSE file for details.
Developed by Alireza Bolbolabadi (github.com/bolbolabadi)
If you liked this project, give it a ⭐ on GitHub!