diff --git a/README.md b/README.md index 88726f6..732b62b 100644 --- a/README.md +++ b/README.md @@ -75,38 +75,6 @@ cargo run --release -- https://example.com path/to/wordlist.txt You can run `rwalk --help` or [read the help file](HELP.md) for more information. - -### Passing parameters as environment variables - -You can pass parameters as environment variables. For example, to set the number of threads to `10`: - -```bash -THREADS=10 rwalk https://example.com path/to/wordlist.txt -``` - -is equivalent to: - -```bash -rwalk https://example.com path/to/wordlist.txt -t 10 -``` -The env file located at `~/.config/rwalk/.env` will be loaded automatically. - -### Inputting ranges - -In some cases , you may want to input a `` of values. -You can use the following formats: - -| Format | Description | -| :----------- | :-------------------------------------------------------- | -| `5` | Exactly `5` | -| `5-10` | Between `5` and `10` (inclusive) | -| `5,10` | Exactly `5` or `10` | -| `>5` | Greater than `5` | -| `<5` | Less than `5` | -| `5,10,15` | Exactly `5`, `10`, or `15` | -| `>5,10,15` | Greater than `5`, or exactly `10` or `15` | -| `5-10,15-20` | Between `5` and `10` or between `15` and `20` (inclusive) | - ### Response Filtering To cherry-pick the responses, you can use the `--filter` (`-f`) flags to filter specific responses. For example, to only show responses that contain `admin`: @@ -138,6 +106,22 @@ Available filters: rwalk https://example.com path/to/wordlist.txt --filter "!contains:admin" ``` +### Inputting ranges + +In some cases , you may want to input a `` of values. +You can use the following formats: + +| Format | Description | +| :----------- | :-------------------------------------------------------- | +| `5` | Exactly `5` | +| `5-10` | Between `5` and `10` (inclusive) | +| `5,10` | Exactly `5` or `10` | +| `>5` | Greater than `5` | +| `<5` | Less than `5` | +| `5,10,15` | Exactly `5`, `10`, or `15` | +| `>5,10,15` | Greater than `5`, or exactly `10` or `15` | +| `5-10,15-20` | Between `5` and `10` or between `15` and `20` (inclusive) | + ### Wordlists You can pass multiple wordlists to `rwalk`. For example: @@ -217,6 +201,40 @@ Available details: - `headers_length` - `headers_hash` +### Scanning modes + +By default `rwalk` will use a recursive-like scan. You can change the depth of the scan with the `--depth` (`-d`) flag: + +```bash +rwalk https://example.com path/to/wordlist.txt -d 3 +``` + +A more traditional scan can be done with the `--mode classic` flag: + +```bash +rwalk https://example.com/$ path/to/wordlist.txt --mode classic +``` + +Notice that the `$` character is used to indicate the position of the wordlist in the URL. +This character can be changed with the `--fuzz-key` flag. + +In case you want to explore more complex URL structures, you can use the `classic` mode in combination with the `--permutations` flag, which will generate all possible permutations of the wordlist: + +```bash +rwalk https://example.com/$/abcd/$ path/to/wordlist.txt --mode classic --permutations +``` + +This will generate all possible combinations of the wordlist in the URL, e.g.: + +``` +https://example.com/word1/abcd/word1 +https://example.com/word1/abcd/word2 +https://example.com/word1/abcd/word3 +https://example.com/word2/abcd/word1 +https://example.com/word2/abcd/word2 +... +``` + ### Interactive mode You can use the `--interactive` (`-i`) flag to enter interactive mode. In this mode, you can set parameters one by one and run the scan when you're ready. @@ -284,6 +302,21 @@ Authentication is also supported with `--proxy-auth`: rwalk https://example.com path/to/wordlist.txt --proxy http://pro.xy:8080 --proxy-auth username:password ``` +### Passing parameters as environment variables + +You can pass parameters as environment variables. For example, to set the number of threads to `10`: + +```bash +THREADS=10 rwalk https://example.com path/to/wordlist.txt +``` + +is equivalent to: + +```bash +rwalk https://example.com path/to/wordlist.txt -t 10 +``` +The env file located at `~/.config/rwalk/.env` will be loaded automatically. + ## Examples ### Basic scan