# HTTP

It is not uncommon to come across vulnerable applications or applications using authentication screens with default passwords.

For a first try, it is possible to use [httpx ](https://github.com/projectdiscovery/httpx)and [nuclei](https://github.com/projectdiscovery/nuclei), two great projects from [projectdiscovery](https://github.com/projectdiscovery), to sort out open HTTP/HTTPS services and perform a first vulnerability scan on them. Httpx and Nuclei will report a lot of information on the type of service/applications used and will do a first vulnerability scan.  

```bash
cat targets.txt | httpx -silent | nuclei 
```