version bumped to v1.0.2

timeouts logged as warnings, other errors remain the same

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "feroxbuster"
-version = "1.0.0"
+version = "1.0.2"
 authors = ["Ben 'epi' Risher <epibar052@gmail.com>"]
 license = "MIT"
 edition = "2018"
@@ -49,4 +49,4 @@ conf-files = ["/etc/feroxbuster/ferox-config.toml"]
 assets = [
     ["target/release/feroxbuster", "/usr/bin/", "755"],
     ["ferox-config.toml.example", "/etc/feroxbuster/ferox-config.toml", "644"],
-]
+]

Dockerfile

@@ -0,0 +1,12 @@
+FROM alpine:latest
+LABEL maintainer="wfnintr@null.net"
+
+# download default wordlists 
+RUN apk add --no-cache --virtual .depends subversion && \
+	svn export https://github.com/danielmiessler/SecLists/trunk/Discovery/Web-Content /usr/share/seclists/Discovery/Web-Content && \
+	apk del .depends
+
+# install latest release
+RUN wget https://github.com/epi052/feroxbuster/releases/latest/download/x86_64-linux-feroxbuster.zip -qO feroxbuster.zip && unzip -d /usr/local/bin/ feroxbuster.zip feroxbuster && rm feroxbuster.zip && chmod +x /usr/local/bin/feroxbuster
+
+ENTRYPOINT ["feroxbuster"]

README.md

@@ -47,6 +47,16 @@
 
 Ferox is short for Ferric Oxide. Ferric Oxide, simply put, is rust.  The name rustbuster was taken, so I decided on a variation.  🤷	
 
+## 🤔 What's it do tho? 
+
+`feroxbuster` is a tool designed to perform [Forced Browsing](https://owasp.org/www-community/attacks/Forced_browsing).  
+
+Forced browsing is an attack where the aim is to enumerate and access resources that are not referenced by the web application, but are still accessible by an attacker.
+
+`feroxbuster` uses brute force combined with a wordlist to search for unlinked content in target directories. These resources may store sensitive information about web applications and operational systems, such as source code, credentials, internal network addressing, etc...
+
+This attack is also known as Predictable Resource Location, File Enumeration, Directory Enumeration, and Resource Enumeration.
+
 📖 Table of Contents
 -----------------
 - [Downloads](#-downloads)
@@ -54,6 +64,7 @@ Ferox is short for Ferric Oxide. Ferric Oxide, simply put, is rust.  The name ru
     - [Download a Release](#download-a-release)
     - [Cargo Install](#cargo-install)
     - [apt Install](#apt-install)
+    - [Docker Install](#docker-install)
 - [Configuration](#-configuration)
     - [Default Values](#default-values)
     - [ferox-config.toml](#ferox-configtoml)
@@ -96,6 +107,61 @@ Head to the [Releases](https://github.com/epi052/feroxbuster/releases) section a
 sudo apt install ./feroxbuster_amd64.deb
 ```
 
+### Docker Install
+
+> The following steps assume you have docker installed / setup
+
+First, clone the repository.
+
+```
+git clone https://github.com/epi052/feroxbuster.git
+cd feroxbuster
+```
+
+Next, build the image.
+
+```
+sudo docker build -t feroxbuster .
+```
+
+After that, you should be able to use `docker run` to perform scans with `feroxbuster`.
+
+#### Basic usage
+
+```
+sudo docker run --init -it feroxbuster -u http://example.com -x js,html
+```
+
+#### Piping from stdin and proxying all requests through socks5 proxy
+
+```
+cat targets.txt | sudo docker run --net=host --init -i feroxbuster --stdin -x js,html --proxy socks5://127.0.0.1:9050
+```
+
+#### Mount a volume to pass in `ferox-config.toml`
+
+You've got some options available if you want to pass in a config file.  [`ferox-buster.toml`](#ferox-configtoml) can live in multiple locations and still be valid, so it's up to you how you'd like to pass it in.  Below are a few valid examples:
+
+```
+sudo docker run --init -v $(pwd)/ferox-config.toml:/etc/feroxbuster/ferox-config.toml -it feroxbuster -u http://example.com
+```
+
+```
+sudo docker run --init -v ~/.config/feroxbuster:/root/.config/feroxbuster -it feroxbuster -u http://example.com
+```
+
+Note: If you are on a SELinux enforced system, you will need to pass the `:Z` attribute also.
+
+```
+docker run --init -v (pwd)/ferox-config.toml:/etc/feroxbuster/ferox-config.toml:Z -it feroxbuster -u http://example.com
+```
+
+#### Define an alias for simplicity
+
+```
+alias feroxbuster="sudo docker run --init -v ~/.config/feroxbuster:/root/.config/feroxbuster -i feroxbuster"
+```
+
 ## ⚙️ Configuration
 ### Default Values
 Configuration begins with with the following built-in default values baked into the binary:
@@ -295,10 +361,10 @@ a few of the use-cases in which feroxbuster may be a better fit:
 | allows recursion                                    | ✔ |   | ✔ |
 | can specify query parameters                        | ✔ |   | ✔ |
 | SOCKS proxy support                                 | ✔ |   |   |
-| multiple target scan (via stdin or multiple -u)     | ✔ |   |   |
+| multiple target scan (via stdin or multiple -u)     | ✔ |   | ✔ |
 | configuration file for default value override       | ✔ |   | ✔ |
-| can accept urls via STDIN as part of a pipeline     | ✔ |   |   |
-| can accept wordlists via STDIN                      |   | ✔ |   |
+| can accept urls via STDIN as part of a pipeline     | ✔ |   | ✔ |
+| can accept wordlists via STDIN                      |   | ✔ | ✔ |
 | filter by response size                             | ✔ |   | ✔ |
 | auto-filter wildcard responses                      | ✔ |   | ✔ |
 | performs other scans (vhost, dns, etc)              |   | ✔ | ✔ |

src/scanner.rs

@@ -10,12 +10,15 @@ use reqwest::{Response, Url};
 use std::collections::HashSet;
 use std::convert::TryInto;
 use std::ops::Deref;
+use std::sync::atomic::{AtomicUsize, Ordering};
 use std::sync::Arc;
 use tokio::fs;
 use tokio::io::{self, AsyncWriteExt};
 use tokio::sync::mpsc::{self, UnboundedReceiver, UnboundedSender};
 use tokio::task::JoinHandle;
 
+static CALL_COUNT: AtomicUsize = AtomicUsize::new(0);
+
 /// Spawn a single consumer task (sc side of mpsc)
 ///
 /// The consumer simply receives responses and writes them to the given output file if they meet
@@ -430,10 +433,10 @@ pub async fn scan_url(target_url: &str, wordlist: Arc<HashSet<String>>, base_dep
     let progress_bar = progress::add_bar(&target_url, num_reqs_expected, false);
     progress_bar.reset_elapsed();
 
-    if get_current_depth(&target_url) - base_depth == 0 {
+    if CALL_COUNT.load(Ordering::Relaxed) == 0 {
         // join can only be called once, otherwise it causes the thread to panic
-        // when current depth - base depth equals zero, we're in the first call to scan_url
         tokio::task::spawn_blocking(move || PROGRESS_BAR.join().unwrap());
+        CALL_COUNT.fetch_add(1, Ordering::Relaxed);
     }
 
     let wildcard_bar = progress_bar.clone();

src/utils.rs

@@ -223,7 +223,12 @@ pub async fn make_request(client: &Client, url: &Url) -> FeroxResult<Response> {
         }
         Err(e) => {
             log::trace!("exit: make_request -> {}", e);
-            log::error!("Error while making request: {}", e);
+            if e.to_string().contains("operation timed out") {
+                // only warn for timeouts, while actual errors are still left as errors
+                log::warn!("Error while making request: {}", e);
+            } else {
+                log::error!("Error while making request: {}", e);
+            }
             Err(Box::new(e))
         }
     }