HTTP|HTTPS Port priority optimization

[Mzack9999]

Summary by CodeRabbit

Embedded nuclei logic for http ports (ref: projectdiscovery/nuclei#6538)

Release Notes

• New Features
  • Intelligent URL scheme detection now infers HTTP or HTTPS based on target port numbers. Common HTTP ports (80, 8080) and ports above 1024 default to HTTP, while others default to HTTPS for improved compatibility and reduced connection failures.

[coderabbitai]

Walkthrough

A new file ports_optimization.go is introduced containing logic to infer URL scheme from host:port input. The runner.go file is modified to use this function for dynamic scheme selection instead of always defaulting to HTTPS when protocol is mixed.

Changes

Cohort / File(s)	Summary
Scheme Inference Logic runner/ports_optimization.go	New file with determineMostLikelySchemeOrder() function that analyzes port numbers to determine HTTP or HTTPS scheme; common HTTP ports (80, 8080) and ports >1024 return HTTP, otherwise HTTPS.
Runner Analysis Update runner/runner.go	Modified Runner.analyze method to use dynamic scheme selection via determineMostLikelySchemeOrder(target.Host) instead of forcing HTTPS for HTTPorHTTPS and HTTPandHTTPS protocol modes.

Sequence Diagram

sequenceDiagram
    participant A as Runner.analyze
    participant P as Port Optimization
    participant R as Request Builder

    A->>A: protocol is HTTPorHTTPS/HTTPandHTTPS?

    rect rgb(240, 248, 255)
    Note over A,P: Old behavior
    A->>R: scheme = HTTPS (forced)
    end

    rect rgb(230, 245, 230)
    Note over A,P: New behavior
    A->>P: determineMostLikelySchemeOrder(target.Host)
    P->>P: Extract port from host
    P->>P: Check against common HTTP ports
    P-->>A: Return HTTP or HTTPS
    A->>R: scheme = determined value
    end

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

The change introduces straightforward port-based scheme detection with limited logic paths. One new file adds a single utility function, and the modification in runner.go is a localized replacement of hardcoded scheme logic with a function call. Homogeneous in nature with predictable behavior.

Poem

🐰 A port whispers its secrets true,
Eighty and eighty-hundred knew,
To choose their HTTP way,
While others default to HTTPS's sway,
Our optimization hops through, clever and new! 🔄

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The pull request title "HTTP|HTTPS Port priority optimization" is directly and specifically related to the main changes in the changeset. The PR adds a new function determineMostLikelySchemeOrder() that intelligently selects between HTTP and HTTPS schemes based on port analysis, and integrates this logic into the runner to replace the previous behavior of forcing HTTPS. The title accurately captures the core optimization being introduced—prioritizing the appropriate scheme based on port intelligence rather than defaulting to one scheme. The title is concise, clear, and free from vague terminology.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat-ports-optimization

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

runner/ports_optimization.go (2)

11-14: Expand the common HTTP ports list.

The current list only includes ports 80 and 8080, but many other ports commonly serve HTTP traffic. Consider adding well-known HTTP ports such as 8000, 8008, 8888, 3000, 5000, 9090, etc.

Apply this diff to expand the list:

 var commonHttpPorts = []string{
 	"80",
 	"8080",
+	"8000",
+	"8008",
+	"8888",
+	"3000",
+	"5000",
+	"9090",
 }

---

17-33: Consider refining the function name and port > 1024 heuristic.

Two observations:

1. The function name determineMostLikelySchemeOrder suggests it returns an ordering, but it actually returns a single scheme. Consider renaming to determineMostLikelyScheme for clarity.

2. The heuristic that ports > 1024 are "more likely to expose HTTP" is a broad generalization. While it may be statistically true based on Shodan data, it could produce false positives for services like development servers on high ports that use HTTPS. The existing retry logic in runner.go (lines 1748-1756) will recover from incorrect guesses, but being more conservative here (e.g., defaulting to HTTPS for unknown ports) might reduce unnecessary retries.

Optional refinement to be more conservative:

-// determineMostLikelySchemeOrder for the input
-func determineMostLikelySchemeOrder(input string) string {
+// determineMostLikelyScheme for the input
+func determineMostLikelyScheme(input string) string {
 	if _, port, err := net.SplitHostPort(input); err == nil {
 		// if input has port that is commonly used for HTTP, return http then https
 		if sliceutil.Contains(commonHttpPorts, port) {
 			return httpx.HTTP
 		}
 
-		// As of 10/2025 shodan shows that ports > 1024 are more likely to expose HTTP
-		// hence we test first http then https on higher ports
-		// if input has port > 1024, return http then https
-		if port, err := strconv.Atoi(port); err == nil && port > 1024 {
+		// Explicitly check for HTTPS port
+		if port == "443" {
+			return httpx.HTTPS
+		}
+
+		// For high ports in specific ranges commonly used for HTTP dev servers
+		if port, err := strconv.Atoi(port); err == nil && port >= 8000 && port <= 9000 {
 			return httpx.HTTP
 		}
 	}
 
 	return httpx.HTTPS
 }

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7b8fd15 and 1814fc4.

📒 Files selected for processing (2)

• runner/ports_optimization.go (1 hunks)
• runner/runner.go (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

runner/ports_optimization.go (1)

common/httpx/http2.go (2)

• HTTP (15-15)
• HTTPS (17-17)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: Functional Test (macOS-latest)
• GitHub Check: Functional Test (ubuntu-latest)
• GitHub Check: Functional Test (windows-latest)
• GitHub Check: Analyze (go)
• GitHub Check: Lint Test
• GitHub Check: release-test

🔇 Additional comments (1)

runner/runner.go (1)

1580-1583: Good optimization for mixed-protocol handling.

The integration of determineMostLikelySchemeOrder improves the efficiency of mixed-protocol probing by intelligently selecting the initial scheme based on port heuristics. The existing retry logic (lines 1748-1756) provides a safety net if the heuristic guess is incorrect, ensuring reliability.

[Mzack9999]

@coderabbitai create an issue for this PR

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Fetch PR details including description and comments
gh pr view 2298 --repo projectdiscovery/httpx --json title,body,comments --jq '.'

Length of output: 13203

---

@Mzack9999, I'd be happy to create an issue for you! However, I need a bit more information to create a meaningful issue:

1. What should the issue be about?

   • Is it to track testing/validation of this port optimization feature?
   • Is it for follow-up work or enhancements related to this PR?
   • Is it to document a specific problem or limitation you've identified?
   • Or something else?

2. What title would you like for the issue?

3. Any specific details you'd like included in the issue description?

Once you provide these details, I'll create the issue with a link back to this PR (#2298) and assign it to you.

[Mzack9999]

@coderabbitai Create an issue related to this PR. The issue is about port priority optimization, where we try to guess the most like protocol based on port number and global service distribution

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Create a GitHub issue for port priority optimization

gh issue create \
  --repo projectdiscovery/httpx \
  --title "Port Priority Optimization: Intelligent Protocol Detection Based on Port Numbers" \
  --body "## Description

This issue tracks the port priority optimization feature where httpx attempts to intelligently guess the most likely protocol (HTTP or HTTPS) based on port numbers and global service distribution patterns.

## Background

When scanning targets with mixed protocols (HTTPorHTTPS or HTTPandHTTPS), httpx needs to determine which protocol to try first. This optimization improves efficiency by making educated guesses based on:

- **Common HTTP ports**: Ports like 80, 8080 are more likely to serve HTTP
- **Port ranges**: Numeric ports greater than 1024 often serve HTTP
- **Default behavior**: When no specific pattern matches, defaults to HTTPS

## Implementation

The implementation includes:
- A \`determineMostLikelySchemeOrder()\` function that analyzes the target host:port
- Logic to prioritize HTTP for common HTTP ports and high-numbered ports
- Fallback to HTTPS as the default scheme

## Related PR

This issue is related to PR #2298 which implements the initial version of this optimization.

**PR Link**: https://github.com/projectdiscovery/httpx/pull/2298  
**Requested by**: @Mzack9999

## Potential Future Enhancements

- Expand the list of known service ports
- Add configuration options for custom port-to-protocol mappings
- Consider service fingerprinting data from global internet scans
- Performance metrics to validate the optimization effectiveness" \
  --assignee Mzack9999

Length of output: 53

---

@Mzack9999, I've successfully created issue #2299 for port priority optimization!

Issue: #2299

The issue describes the feature where httpx intelligently guesses the most likely protocol (HTTP or HTTPS) based on port numbers and global service distribution patterns. It includes:

• Background on the optimization approach
• Implementation details about the determineMostLikelySchemeOrder() function
• A backlink to this PR (HTTP|HTTPS Port priority optimization #2298)
• Potential future enhancements

The issue has been assigned to you as requested.

[matejsmycka]

Nice