Contributing
Contribute to smugglex development
This guide provides information for developers who want to contribute to smugglex.
Overview
Smugglex is written in Rust and uses modern async/await patterns with Tokio. The codebase is organized into modular components for maintainability and testability.
Getting Started
Prerequisites
To develop smugglex, you need:
- Rust 1.70 or later
- Cargo package manager
- Git
- A code editor (VS Code, IntelliJ IDEA with Rust plugin, etc.)
Clone the Repository
git clone https://github.com/hahwul/smugglex
cd smugglex
Build the Project
cargo build
Run Tests
cargo test
Run the Tool
cargo run -- https://target.com/
Development Workflow
Making Changes
- Create a new branch for your feature or fix
- Make your changes
- Format your code:
cargo fmt - Check for issues:
cargo clippy - Run tests:
cargo test - Commit your changes
- Submit a pull request
Code Style
- Follow Rust conventions and idioms
- Run
cargo fmtbefore committing - Address
cargo clippywarnings - Write descriptive function and variable names
- Add comments for complex logic
Testing
Write tests for new functionality:
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn test_payload_generation() {
let payloads = get_cl_te_payloads("/", "example.com", "POST", &[], &[]);
assert!(!payloads.is_empty());
}
}
Project Structure
smugglex/
├── src/
│ ├── main.rs # Entry point and orchestration
│ ├── cli.rs # CLI argument parsing
│ ├── scanner.rs # Vulnerability scanning logic
│ ├── payloads.rs # Attack payload generation
│ ├── http.rs # HTTP communication layer
│ ├── model.rs # Data structures
│ ├── error.rs # Error handling
│ └── utils.rs # Utility functions
├── tests/ # Integration tests
├── docs/ # Documentation site
├── Cargo.toml # Dependencies and metadata
└── README.md # Project overview
Key Components
main.rs
Entry point that orchestrates the scanning workflow:
- Parses CLI arguments
- Processes URLs (command line and stdin)
- Coordinates scan execution
- Reports results
scanner.rs
Core vulnerability detection logic:
- Timing-based detection algorithms
- Progress tracking
- Payload export functionality
payloads.rs
Generates attack payloads for different vulnerability types:
get_cl_te_payloads()- CL.TE attacksget_te_cl_payloads()- TE.CL attacksget_te_te_payloads()- TE.TE obfuscationget_h2c_payloads()- HTTP/2 Cleartext smugglingget_h2_payloads()- HTTP/2 protocol smuggling
http.rs
Low-level HTTP communication:
- Raw socket communication (TCP and TLS)
- Request sending and response parsing
- Timeout handling
Contributing
Areas for Contribution
- Adding new payload variations
- Improving detection algorithms
- Enhancing documentation
- Writing tests
- Reporting bugs
- Suggesting features
Submitting Pull Requests
- Fork the repository
- Create a feature branch
- Make your changes
- Ensure tests pass
- Submit a pull request with a clear description
Reporting Issues
When reporting bugs, include:
- Smugglex version
- Operating system
- Steps to reproduce
- Expected vs actual behavior
- Relevant logs or error messages
Build Instructions
Development Build
Build in debug mode (faster compilation, slower execution):
cargo build
The binary is located at ./target/debug/smugglex.
Release Build
Build in release mode (optimized for performance):
cargo build --release
The binary is located at ./target/release/smugglex.
Install Locally
Install the binary to ~/.cargo/bin/:
cargo install --path .
Development Tasks
Format Code
Format code according to Rust style guidelines:
cargo fmt
Lint Code
Run Clippy to catch common mistakes:
cargo clippy
Treat warnings as errors:
cargo clippy -- -D warnings
Run Tests
Run all tests:
cargo test
Run specific test:
cargo test test_name
Run tests with output:
cargo test -- --nocapture
Build Documentation
Generate and view documentation:
cargo doc --open