Please describe your feature request:
I would like to request a dedicated flag (e.g., -security-txt to automatically detect the presence of a valid security.txt file on target hosts.
While it is currently possible to achieve this using -path "/.well-known/security.txt,/security.txt" -mc 200 -ms "Contact:", having a built-in toggle would automate checking the standard paths, validating the HTTP 200 response, and verifying the file contents (such as looking for the Contact: field) to prevent false positives from soft 404s or misconfigured wildcards.
Describe the use case of this feature:
Bug bounty hunters, security analysts, and pentesters routinely check for security.txt files to find responsible disclosure programs and contact information. httpx is almost always the first tool used in the recon pipeline to probe live hosts.
Although nuclei handles this perfectly via templates, bringing this as a quick, native toggle into httpx allows researchers to instantly identify targets with disclosure policies right at the live-host discovery stage. It streamlines workflows and prevents the need to write and maintain long -path, -mc, and -ms flag combinations for such a standard, universally sought-after file.
Please describe your feature request:
I would like to request a dedicated flag (e.g.,
-security-txtto automatically detect the presence of a validsecurity.txtfile on target hosts.While it is currently possible to achieve this using
-path "/.well-known/security.txt,/security.txt" -mc 200 -ms "Contact:", having a built-in toggle would automate checking the standard paths, validating the HTTP 200 response, and verifying the file contents (such as looking for theContact:field) to prevent false positives from soft 404s or misconfigured wildcards.Describe the use case of this feature:
Bug bounty hunters, security analysts, and pentesters routinely check for
security.txtfiles to find responsible disclosure programs and contact information.httpxis almost always the first tool used in the recon pipeline to probe live hosts.Although
nucleihandles this perfectly via templates, bringing this as a quick, native toggle intohttpxallows researchers to instantly identify targets with disclosure policies right at the live-host discovery stage. It streamlines workflows and prevents the need to write and maintain long-path,-mc, and-msflag combinations for such a standard, universally sought-after file.