Docs
Quick Start

Getting started

A quick guide to get you started right away with rwalk. This tool's philosophy is to provide a simple and fast way to scan websites for files and directories.

API documentation is available on docs.rs (opens in a new tab).

Installation

The easiest way to install rwalk is to use the pre-built binaries. You can also install it using cargo, the Rust package manager. The pre-built binaries are available for macOS, Linux and Windows and can be downloaded from the releases page (opens in a new tab).

Using homebrew (recommended)

brew install cestef/tap/rwalk

Using cargo

cargo install rwalk

or with cargo-binstall (opens in a new tab):

cargo binstall rwalk

This will directly download the binary from the latest release and install it in ~/.cargo/bin.

From source

git clone https://github.com/cestef/rwalk
cd rwalk
cargo install --path .

Usage

Modes

The core concept of rwalk revolves around different scanning modes. Each of these modes is designed to provide a different way to scan a website. The available modes are:

  • recursive: Start from a given path and check each of its subdirectories
  • classic: Standard Fuzzing mode, where you provide a list of patterns to check
  • spider: Start from a given path and follow all links found until a certain depth

The mode can be specified using the --mode (-m) option. If not specified, the mode will be automatically detected based on the provided arguments. To read more about the modes, check the modes documentation.

Basic usage

To get a list of all available options, you can run:

rwalk --help

A markdown version of the help message is also available here.

The basic syntax for running rwalk is as follows:

rwalk [OPTIONS] [URL] [FILE:KEY]...

Where:

  • [OPTIONS] are the various options that can be used to customize the scan.
  • [URL] is the target URL (http://example.com)
  • [FILE:KEY] are the wordlists to use for fuzzing. Each wordlist is identified by an optional key, which is used to reference it in some options. (/path/to/wordlist:KEY)

Examples

In these examples, we will use the onelistforallmicro.txt (opens in a new tab). You can download it using curl:

curl https://raw.githubusercontent.com/six2dez/OneListForAll/main/onelistforallmicro.txt -o common.txt

In most of our examples, ffuf.me (opens in a new tab) will be used as the target URL. A huge thanks to BuildHackSecure (opens in a new tab) for providing this service.

Recursive mode

rwalk http://ffuf.me/cd/recursion common.txt -d 3

We are scanning the /cd/recursion path with a depth of 3 (-d 3).

This should output:

βœ“ 200 /cd/recursion (dir)
└─ βœ– 403 /admin (dir)
   └─ βœ– 403 /users (dir)
      └─ βœ“ 200 /96 (text/html)

Classic mode

For this example, we will try to find any path leading to a development.log or class file.

We will create a file named files.txt with the following content:

development.log
class

Then we can run:

rwalk http://ffuf.me/cd/W1/FILE common.txt:W1 files.txt:FILE

Note that the W1 and FILE keys are used to reference the wordlists in the command.

Expected output:

⚠ 404 /cd (dir)
β”œβ”€ βœ“ 200 /basic/class (text/html)
└─ βœ“ 200 /basic/development.log (text/html)

Spider mode

rwalk https://cstef.dev/ -m spider -d 3 --subdomains
πŸ’‘

By default, the spider mode will only follow links on the same domain. The --subdomains flag will make it follow links to subdomains as well. You can also use --external to follow links to external domains.

βœ“ 200 / (dir)
β”œβ”€ πŸ” ctf.cstef.dev
β”‚  └─ βœ“ 200 /api/login (text/html)
β”œβ”€ πŸ” blog.cstef.dev
β”‚  └─ βœ“ 200 / (dir)
└─ πŸ” cstef.dev
   β”œβ”€ βœ“ 200 / (dir)
   β”œβ”€ βœ“ 200 /android-chrome-512x512.png (image/png)
   β”œβ”€ βœ“ 200 /favicon.ico (image/vnd.microsoft.icon)
   └─ βœ“ 200 /assets (text/css)
      β”œβ”€ βœ“ 200 /index-81baf222.css (text/css)
      └─ βœ“ 200 /index-d18fbe59.js (application/javascript)