From a3e003fd8055b5c69083075a6d6fc80a642eeb75 Mon Sep 17 00:00:00 2001 From: x9xhack Date: Mon, 2 Jun 2025 21:08:48 +0300 Subject: [PATCH 1/2] fix: append raw paths to base URL as string to avoid unwanted encoding --- crates/rwalk/src/utils/format.rs | 10 +++------- crates/rwalk/src/wordlist/mod.rs | 12 ++++++++---- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/crates/rwalk/src/utils/format.rs b/crates/rwalk/src/utils/format.rs index 52d37d5..f284e8e 100644 --- a/crates/rwalk/src/utils/format.rs +++ b/crates/rwalk/src/utils/format.rs @@ -1,4 +1,4 @@ -use std::{borrow::Cow, fmt::Display}; +use std::fmt::Display; use owo_colors::OwoColorize; @@ -8,7 +8,7 @@ pub fn response(response: &RwalkResponse, show: &[String]) -> String { format!( "{} {} {} {}", display_status_code(response.status as u16), - display_url(response.url.as_str()), + response.url.as_str(), display_time(response.time), { let showed = response.display_show(show); @@ -21,10 +21,6 @@ pub fn response(response: &RwalkResponse, show: &[String]) -> String { ) } -fn display_url(url: &str) -> Cow<'_, str> { - urlencoding::decode(url).unwrap_or(url.into()) -} - pub fn display_time(t: i64) -> String { let t = t as f64 / 1_000.0; let mut unit: &str = "ms"; @@ -143,7 +139,7 @@ pub fn skip(response: &RwalkResponse, reason: SkipReason, show: &[String]) -> St "{} {} {} {} {} {}", "↷".blue(), response.status.dimmed(), - display_url(response.url.as_str()), + response.url.as_str(), display_time(response.time), format!("({})", reason).dimmed(), { diff --git a/crates/rwalk/src/wordlist/mod.rs b/crates/rwalk/src/wordlist/mod.rs index 409097e..87ff9f9 100644 --- a/crates/rwalk/src/wordlist/mod.rs +++ b/crates/rwalk/src/wordlist/mod.rs @@ -5,6 +5,7 @@ use crossbeam::deque::Injector; use rayon::iter::{IntoParallelRefIterator, IntoParallelRefMutIterator, ParallelIterator}; use transformation::Transformer; use url::Url; +use url::Position; pub mod filters; pub mod processor; @@ -44,11 +45,14 @@ impl Wordlist { } pub fn inject_into(&self, injector: &Injector, url: &Url, depth: usize) -> Result<()> { - let base_url = url.clone(); + let base_prefix = url[..Position::BeforePath] + .to_string() + .trim_end_matches('/') + .to_string(); // cache prefix once + self.words.par_iter().try_for_each(|word| { - let mut url = base_url.clone(); - url.path_segments_mut().unwrap().pop_if_empty().push(word); - injector.push(Task::new_recursive(url.to_string(), depth)); + let full_url = format!("{}/{}", base_prefix, word); + injector.push(Task::new_recursive(full_url, depth)); Ok(()) }) } From 2521ef52b352ca9ef72aad77409cdf6b51f1fa24 Mon Sep 17 00:00:00 2001 From: x9xhack Date: Mon, 2 Jun 2025 21:46:33 +0300 Subject: [PATCH 2/2] fix: prevent accidental double slashes when joining base URL and word --- crates/rwalk/src/wordlist/mod.rs | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/crates/rwalk/src/wordlist/mod.rs b/crates/rwalk/src/wordlist/mod.rs index 87ff9f9..36ebd1a 100644 --- a/crates/rwalk/src/wordlist/mod.rs +++ b/crates/rwalk/src/wordlist/mod.rs @@ -45,13 +45,14 @@ impl Wordlist { } pub fn inject_into(&self, injector: &Injector, url: &Url, depth: usize) -> Result<()> { - let base_prefix = url[..Position::BeforePath] - .to_string() - .trim_end_matches('/') - .to_string(); // cache prefix once + let base_prefix = url[..Position::BeforePath].to_string(); self.words.par_iter().try_for_each(|word| { - let full_url = format!("{}/{}", base_prefix, word); + let full_url = if base_prefix.ends_with('/') || word.starts_with('/') { + format!("{}{}", base_prefix.trim_end_matches('/'), word) + } else { + format!("{}/{}", base_prefix, word) + }; injector.push(Task::new_recursive(full_url, depth)); Ok(()) })