404. That’s an error. +
The requested URL /another-page was not found on this server. That’s all we know.
+
+
+
+#### 1.1.2 Crafting Stealthy Requests with User-Agents
+
+User-agents convey information about the client's browser and system to the server. Crafting stealthy requests involves manipulating the user-agent string to mimic various browsers or devices. In Rust, Reqwest facilitates this through its header manipulation capabilities. The following example illustrates how to set a custom user-agent header in a Reqwest request:
+
+```rust
+use reqwest;
+
+async fn browse_with_custom_user_agent(url: &str) -> Result<(), reqwest::Error> {
+ let client = reqwest::Client::builder()
+ .user_agent("Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3")
+ .build()?;
+
+ let response = client.get(url).send().await?;
+
+ println!("{}", response.text().await?);
+
+ Ok(())
+}
+
+fn main() {
+ browse_with_custom_user_agent("http://www.google.com/invalid").await.unwrap();
+}
+```
+
+In this example, we create a Reqwest client with a custom user-agent header, making the request appear as if it originates from a specific browser and platform. This manipulation enhances stealth and reduces the likelihood of detection.
+
+```sh
+
++------------------------+
+| |
+| +------------------+ |
+| | Manipulate | |
+| | User-Agent | |
+| +------------------+ |
+| | |
+| V |
+| +--------------+ |
+| | Request | |
+| | (Custom | |
+| | User-Agent) | |
+| +--------------+ |
+| | |
+| V |
+| +--------------+ |
+| | HTTP | |
+| | Request | |
+| | Sent | |
+| +--------------+ |
+| | |
+| V |
+| +--------------+ |
+| | Server | |
+| | Response | |
+| +--------------+ |
+| | |
+| V |
+| +--------------+ |
+| | Print | |
+| | Response | |
+| +--------------+ |
+| |
++------------------------+
+```
+
+
+```Rust
+use reqwest;
+
+async fn browse_with_custom_user_agent(url: &str) -> Result<(), reqwest::Error> {
+ let client = reqwest::Client::builder()
+ .user_agent("Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3")
+ .build()?;
+
+ let response = client.get(url).send().await?;
+
+ println!("{}", response.text().await?);
+
+ Ok(())
+}
+
+
+browse_with_custom_user_agent("http://www.google.com/invalid").await.unwrap();
+```
+
+
+
+
+
+
404. That’s an error. +
The requested URL /invalid was not found on this server. That’s all we know.
+
+
+
+#### 1.1.3 Leveraging Proxies with Reqwest
+
+Anonymity is a cornerstone of effective web reconnaissance. Reqwest provides support for proxy configurations, allowing us to route requests through different IP addresses to further obfuscate our origin. The following example demonstrates how to configure Reqwest to use a proxy for web requests:
+
+```rust
+use reqwest;
+
+async fn browse_with_proxy(url: &str, proxy: reqwest::Proxy) -> Result<(), reqwest::Error> {
+ let client = reqwest::Client::builder()
+ .build()?;
+
+ let response = client.get(url).send().await?;
+
+ println!("{}", response.text().await?);
+
+ Ok(())
+}
+
+fn main() {
+ let proxy = reqwest::Proxy::all("socks5://192.168.1.1:9000")?;
+ browse_with_proxy("https://www.google.com/invalid", proxy).await.unwrap();
+}
+```
+
+In this example, we configure Reqwest to use a proxy, directing the requests through the specified proxy URL. This enhances anonymity by masking the original source IP address.
+
+```sh
++-------------------------+
+| Proxies and Reqwest |
+| for Web Anonymity |
++-------------------------+
+ |
+ V
++-------------+-----------+
+| Configure Proxy |
+|socks5://192.168.1.1:9000|
++-------------+-----------+
+ |
+ V
++------------------------+
+| Reqwest Client |
+| Configure Proxy |
+|URL: socks5://192.168...|
++------------------------+
+ |
+ V
++------------------------+
+| Make Request through |
+| Configured Proxy |
++------------------------+
+ |
+ V
++------------------------+
+| Get Response via Proxy |
+| (Hidden Origin) |
++------------------------+
+ |
+ V
++------------------------+
+| Print Response |
++------------------------+
+
+```
+
+
+```Rust
+use reqwest;
+
+async fn browse_with_proxy(url: &str, proxy: reqwest::Proxy) -> Result<(), reqwest::Error> {
+ let client = reqwest::Client::builder()
+ .build()?;
+
+ let response = client.get(url).send().await?;
+
+ println!("{}", response.text().await?);
+
+ Ok(())
+}
+
+let proxy = reqwest::Proxy::all("socks5://192.168.1.1:9000")?;
+browse_with_proxy("https://www.google.com/invalid", proxy).await.unwrap();
+```
+
+
+
+
+
+
404. That’s an error. +
The requested URL 404. That’s an error.
+ The requested URL /invalid was not found on this server. That’s all we know.
+
+
+
+#### 1.1.4 Building a Browser Struct
+
+To encapsulate the techniques discussed into a cohesive tool, we can construct a `Browser` struct in Rust. This struct can encapsulate the configuration of cookies, user agents, and proxies, providing a modular and reusable solution for web browsing. The following is a simplified example, and in practice, additional error handling and feature customization would be necessary:
+
+```rust
+use reqwest;
+
+struct Browser {
+ client: reqwest::Client,
+}
+
+impl Browser {
+ fn new() -> Result/invalid was not found on this server. That’s all we know.
+
+
+
+## 2. Social Engineering Automation
+
+In the world of cybersecurity, social engineering plays a crucial role in orchestrating cyber attacks. Moving beyond conventional browsing, the automation of social engineering attacks with Rust becomes a strategic manner, harnessing the language's capabilities to manipulate user behavior effectively. This section not only explores the theoretical foundations but also delves into practical applications by demonstrating how Rust can serve as a crucial tool for social engineering in specific contexts, such as interacting with DuckDuckGo and Twitter.
+
+Before launching any social-engineering attack, obtaining comprehensive information about the target is crucial. Rust's versatility extends beyond conventional web interactions, allowing for seamless communication with external services. In particular, Rust's capabilities facilitate interacting with the DuckDuckGo API, presenting a robust avenue for information gathering. This section of exploration dives into Rust's approach to querying DuckDuckGo, illustrating how the language can be employed for collecting relevant data and gaining valuable insights. By understanding and harnessing Rust's features for social engineering automation, individuals and organizations can enhance their cybersecurity practices and fortify defenses against evolving cyber threats.
+
+### 2.1 DuckDuckGo API Interaction in Rust
+
+Rust's `reqwest` library seamlessly integrates with DuckDuckGo's API, offering a Rustic interface to interact with the search giant's wealth of information. The following example showcases a basic Rust script that queries DuckDuckGo for search results:
+
+```rust
+use reqwest;
+
+async fn duckduckgo_search(query: &str) -> Result<(), reqwest::Error> {
+ let url = format!("https://api.duckduckgo.com/?q={}&format=json", query);
+
+ let body = reqwest::get(&url).await?.text().await?;
+ println!("{}", body);
+
+ Ok(())
+}
+
+fn main() {
+ duckduckgo_search("Rust programming language").await.unwrap();
+}
+```
+
+This script queries DuckDuckGo for search results related to the Rust programming language.
+
+
+```Rust
+use reqwest;
+
+async fn duckduckgo_search(query: &str) -> Result<(), reqwest::Error> {
+ let url = format!("https://api.duckduckgo.com/?q={}&format=json", query);
+
+ let body = reqwest::get(&url).await?.text().await?;
+ println!("{}", body);
+
+ Ok(())
+}
+
+duckduckgo_search("Rust programming language").await.unwrap();
+```
+
+ {"Abstract":"Rust is a multi-paradigm, general-purpose programming language that emphasizes performance, type safety, and concurrency. It enforces memory safety, meaning that all references point to valid memory, without requiring the use of automated memory management techniques such as garbage collection. To simultaneously enforce memory safety and prevent data races, its \"borrow checker\" tracks the object lifetime of all references in a program during compilation. Rust was influenced by ideas from functional programming, including immutability, higher-order functions, and algebraic data types. It is popular for systems programming. Software developer Graydon Hoare created Rust as a personal project while working at Mozilla Research in 2006. Mozilla officially sponsored the project in 2009. In the years following the first stable release in May 2015, Rust was adopted by companies including Amazon, Discord, Dropbox, Google, Meta, and Microsoft.","AbstractSource":"Wikipedia","AbstractText":"Rust is a multi-paradigm, general-purpose programming language that emphasizes performance, type safety, and concurrency. It enforces memory safety, meaning that all references point to valid memory, without requiring the use of automated memory management techniques such as garbage collection. To simultaneously enforce memory safety and prevent data races, its \"borrow checker\" tracks the object lifetime of all references in a program during compilation. Rust was influenced by ideas from functional programming, including immutability, higher-order functions, and algebraic data types. It is popular for systems programming. Software developer Graydon Hoare created Rust as a personal project while working at Mozilla Research in 2006. Mozilla officially sponsored the project in 2009. In the years following the first stable release in May 2015, Rust was adopted by companies including Amazon, Discord, Dropbox, Google, Meta, and Microsoft.","AbstractURL":"https://en.wikipedia.org/wiki/Rust_(programming_language)","Answer":"","AnswerType":"","Definition":"","DefinitionSource":"","DefinitionURL":"","Entity":"programming language","Heading":"Rust (programming language)","Image":"/i/832f249b.png","ImageHeight":200,"ImageIsLogo":1,"ImageWidth":200,"Infobox":{"content":[{"data_type":"string","label":"Designed by","value":"Graydon Hoare","wiki_order":0},{"data_type":"string","label":"Developer","value":"Rust Foundation","wiki_order":1},{"data_type":"string","label":"First appeared","value":"May 15, 2015","wiki_order":2},{"data_type":"string","label":"Implementation language","value":"Rust","wiki_order":3},{"data_type":"string","label":"Platform","value":"Cross-platform","wiki_order":4},{"data_type":"string","label":"OS","value":"Cross-platform","wiki_order":5},{"data_type":"string","label":"License","value":"MIT and Apache 2.0","wiki_order":6},{"data_type":"string","label":"Filename extensions","value":"rs.rlib","wiki_order":7},{"data_type":"github_profile","label":"GitHub profile","value":"rust-lang","wiki_order":"101"},{"data_type":"twitter_profile","label":"Twitter profile","value":"rustlang","wiki_order":"102"},{"data_type":"youtube_channel","label":"Youtube channel","value":"UCaYhcUwRBNscFNUKTjgPFiA","wiki_order":"105"},{"data_type":"instance","label":"Instance of","value":{"entity-type":"item","id":"Q28922885","numeric-id":28922885},"wiki_order":"207"},{"data_type":"instance_2","label":"Instance of","value":{"entity-type":"item","id":"Q3839507","numeric-id":3839507},"wiki_order":"207"},{"data_type":"instance_3","label":"Instance of","value":{"entity-type":"item","id":"Q12772052","numeric-id":12772052},"wiki_order":"207"},{"data_type":"instance_4","label":"Instance of","value":{"entity-type":"item","id":"Q21562092","numeric-id":21562092},"wiki_order":"207"},{"data_type":"instance_5","label":"Instance of","value":{"entity-type":"item","id":"Q4117397","numeric-id":4117397},"wiki_order":"207"},{"data_type":"instance_6","label":"Instance of","value":{"entity-type":"item","id":"Q506883","numeric-id":506883},"wiki_order":"207"},{"data_type":"instance_7","label":"Instance of","value":{"entity-type":"item","id":"Q651794","numeric-id":651794},"wiki_order":"207"},{"data_type":"instance_8","label":"Instance of","value":{"entity-type":"item","id":"Q9143","numeric-id":9143},"wiki_order":"207"},{"data_type":"wd_description","label":"Wikidata description","value":"memory-safe programming language without garbage collection","wiki_order":"210"},{"data_type":"wikidata_id","label":"Wikidata id","value":"Q575650","wiki_order":"211"}],"meta":[{"data_type":"string","label":"article_title","value":"Rust (programming language)"},{"data_type":"string","label":"template_name","value":"infobox programming language"},{"data_type":"string","label":"caption","value":"The official Rust logo"}]},"OfficialDomain":"rust-lang.org","OfficialWebsite":"https://foundation.rust-lang.org","Redirect":"","RelatedTopics":[{"FirstURL":"https://duckduckgo.com/c/Rust_(programming_language)","Icon":{"Height":"","URL":"","Width":""},"Result":"Rust (programming language) Category","Text":"Rust (programming language) Category"},{"FirstURL":"https://duckduckgo.com/History_of_programming_languages","Icon":{"Height":"","URL":"","Width":""},"Result":"History of programming languages - The history of programming languages spans from documentation of early mechanical computers to modern tools for software development. Early programming languages were highly specialized, relying on mathematical notation and similarly obscure syntax.","Text":"History of programming languages - The history of programming languages spans from documentation of early mechanical computers to modern tools for software development. Early programming languages were highly specialized, relying on mathematical notation and similarly obscure syntax."},{"FirstURL":"https://duckduckgo.com/c/Pattern_matching_programming_languages","Icon":{"Height":"","URL":"","Width":""},"Result":"Pattern matching programming languages","Text":"Pattern matching programming languages"},{"FirstURL":"https://duckduckgo.com/c/Multi-paradigm_programming_languages","Icon":{"Height":"","URL":"","Width":""},"Result":"Multi-paradigm programming languages","Text":"Multi-paradigm programming languages"},{"FirstURL":"https://duckduckgo.com/c/Statically_typed_programming_languages","Icon":{"Height":"","URL":"","Width":""},"Result":"Statically typed programming languages","Text":"Statically typed programming languages"},{"FirstURL":"https://duckduckgo.com/c/Systems_programming_languages","Icon":{"Height":"","URL":"","Width":""},"Result":"Systems programming languages","Text":"Systems programming languages"},{"FirstURL":"https://duckduckgo.com/c/Concurrent_programming_languages","Icon":{"Height":"","URL":"","Width":""},"Result":"Concurrent programming languages","Text":"Concurrent programming languages"},{"FirstURL":"https://duckduckgo.com/c/High-level_programming_languages","Icon":{"Height":"","URL":"","Width":""},"Result":"High-level programming languages","Text":"High-level programming languages"},{"FirstURL":"https://duckduckgo.com/c/Mozilla","Icon":{"Height":"","URL":"","Width":""},"Result":"Mozilla","Text":"Mozilla"},{"FirstURL":"https://duckduckgo.com/c/Free_software_projects","Icon":{"Height":"","URL":"","Width":""},"Result":"Free software projects","Text":"Free software projects"},{"FirstURL":"https://duckduckgo.com/c/Functional_languages","Icon":{"Height":"","URL":"","Width":""},"Result":"Functional languages","Text":"Functional languages"},{"FirstURL":"https://duckduckgo.com/c/Procedural_programming_languages","Icon":{"Height":"","URL":"","Width":""},"Result":"Procedural programming languages","Text":"Procedural programming languages"},{"FirstURL":"https://duckduckgo.com/c/Free_compilers_and_interpreters","Icon":{"Height":"","URL":"","Width":""},"Result":"Free compilers and interpreters","Text":"Free compilers and interpreters"},{"FirstURL":"https://duckduckgo.com/c/Software_using_the_Apache_license","Icon":{"Height":"","URL":"","Width":""},"Result":"Software using the Apache license","Text":"Software using the Apache license"},{"FirstURL":"https://duckduckgo.com/c/Software_using_the_MIT_license","Icon":{"Height":"","URL":"","Width":""},"Result":"Software using the MIT license","Text":"Software using the MIT license"}],"Results":[{"FirstURL":"https://foundation.rust-lang.org","Icon":{"Height":16,"URL":"/i/foundation.rust-lang.org.ico","Width":16},"Result":"Official site","Text":"Official site"}],"Type":"A","meta":{"attribution":null,"blockgroup":null,"created_date":null,"description":"Wikipedia","designer":null,"dev_date":null,"dev_milestone":"live","developer":[{"name":"DDG Team","type":"ddg","url":"http://www.duckduckhack.com"}],"example_query":"nikola tesla","id":"wikipedia_fathead","is_stackexchange":null,"js_callback_name":"wikipedia","live_date":null,"maintainer":{"github":"duckduckgo"},"name":"Wikipedia","perl_module":"DDG::Fathead::Wikipedia","producer":null,"production_state":"online","repo":"fathead","signal_from":"wikipedia_fathead","src_domain":"en.wikipedia.org","src_id":1,"src_name":"Wikipedia","src_options":{"directory":"","is_fanon":0,"is_mediawiki":1,"is_wikipedia":1,"language":"en","min_abstract_length":"20","skip_abstract":0,"skip_abstract_paren":0,"skip_end":"0","skip_icon":0,"skip_image_name":0,"skip_qr":"","source_skip":"","src_info":""},"src_url":null,"status":"live","tab":"About","topic":["productivity"],"unsafe":0}}
+
+
+#### 2.1.1 Parsing DuckDuckGo Search Results
+
+Interacting with the DuckDuckGo API is just the beginning; the real power lies in parsing and extracting meaningful information from the search results. Rust's capabilities in pattern matching and data manipulation become evident in the following example, where we parse and print the titles and URLs of search results:
+
+```rust
+use reqwest;
+use serde_json::Value;
+
+async fn parse_duckduckgo_results(query: &str) -> Result<(), reqwest::Error> {
+ let url = format!("https://api.duckduckgo.com/?q={}&format=json", query);
+
+ let body = reqwest::get(&url).await?.text().await?;
+ let json: Value = serde_json::from_str(&body).unwrap();
+
+ if let Some(results) = json["RelatedTopics"].as_array() {
+ for result in results {
+ if let Some(text) = result["Text"].as_str() {
+ println!("Result: {}", text);
+ println!("---");
+ }
+ }
+ }
+
+ Ok(())
+}
+
+fn main() {
+ parse_duckduckgo_results("Rust programming language").await.unwrap();
+}
+```
+
+In this example, the script queries DuckDuckGo parses the JSON response, and prints the titles and URLs of the search results. The serde_json crate facilitates JSON parsing in Rust.
+
+
+```Rust
+:dep serde_json = { version="1.0.108" }
+```
+
+
+```Rust
+use reqwest;
+use serde_json::Value;
+
+async fn parse_duckduckgo_results(query: &str) -> Result<(), reqwest::Error> {
+ let url = format!("https://api.duckduckgo.com/?q={}&format=json", query);
+
+ let body = reqwest::get(&url).await?.text().await?;
+ let json: Value = serde_json::from_str(&body).unwrap();
+
+ if let Some(results) = json["RelatedTopics"].as_array() {
+ for result in results {
+ if let Some(text) = result["Text"].as_str() {
+ println!("Result: {}", text);
+ println!("---");
+ }
+ }
+ }
+
+ Ok(())
+}
+
+parse_duckduckgo_results("Rust programming language").await.unwrap();
+```
+
+ Result: Rust (programming language) Category
+ ---
+ Result: History of programming languages - The history of programming languages spans from documentation of early mechanical computers to modern tools for software development. Early programming languages were highly specialized, relying on mathematical notation and similarly obscure syntax.
+ ---
+ Result: Pattern matching programming languages
+ ---
+ Result: Multi-paradigm programming languages
+ ---
+ Result: Statically typed programming languages
+ ---
+ Result: Systems programming languages
+ ---
+ Result: Concurrent programming languages
+ ---
+ Result: High-level programming languages
+ ---
+ Result: Mozilla
+ ---
+ Result: Free software projects
+ ---
+ Result: Functional languages
+ ---
+ Result: Procedural programming languages
+ ---
+ Result: Free compilers and interpreters
+ ---
+ Result: Software using the Apache license
+ ---
+ Result: Software using the MIT license
+ ---
+
+
+### 2.2 Advanced DuckDuckGo Interactions
+
+Beyond basic search queries, Rust empowers us to undertake more advanced interactions with the DuckDuckGo API. For instance, we can explore features like image search, news search, or even querying specific websites for information. Rust's flexibility allows for the expansion of capabilities based on the requirements of the reconnaissance.
+
+#### 2.2.1 DuckDuckGo Image Search
+
+Expanding our Rust script to include image search functionality involves modifying the DuckDuckGo API endpoint and adapting the parsing logic. The following example demonstrates a basic Rust script for querying DuckDuckGo for image search results:
+
+```rust
+use reqwest;
+use serde_json::Value;
+
+async fn duckduckgo_image_search(query: &str) -> Result<(), reqwest::Error> {
+ let url = format!("https://api.duckduckgo.com/?q={}&format=json&iax=images&ia=images", query);
+
+ let body = reqwest::get(&url).await?.text().await?;
+ let json: Value = serde_json::from_str(&body).unwrap();
+
+ if let Some(related_topics) = json["RelatedTopics"].as_array() {
+ for topic in related_topics {
+ if let Some(icon) = topic["Icon"].as_object() {
+ if let Some(icon_url) = icon["URL"].as_str() {
+ if !icon_url.is_empty() {
+ let full_url = format!("https://duckduckgo.com{}", icon_url);
+ println!("Image URL: {}", full_url);
+ println!("---");
+ }
+ }
+ }
+ }
+ }
+
+ Ok(())
+}
+
+fn main() {
+ duckduckgo_image_search("Rust").await.unwrap();
+}
+```
+
+In this example, the script queries DuckDuckGo for image search results related to the Rust programming language and prints the image URLs.
+
+
+```Rust
+use reqwest;
+use serde_json::Value;
+
+async fn duckduckgo_image_search(query: &str) -> Result<(), reqwest::Error> {
+ let url = format!("https://api.duckduckgo.com/?q={}&format=json&iax=images&ia=images", query);
+
+ let body = reqwest::get(&url).await?.text().await?;
+ let json: Value = serde_json::from_str(&body).unwrap();
+
+ if let Some(related_topics) = json["RelatedTopics"].as_array() {
+ for topic in related_topics {
+ if let Some(icon) = topic["Icon"].as_object() {
+ if let Some(icon_url) = icon["URL"].as_str() {
+ if !icon_url.is_empty() {
+ let full_url = format!("https://duckduckgo.com{}", icon_url);
+ println!("Image URL: {}", full_url);
+ println!("---");
+ }
+ }
+ }
+ }
+ }
+
+ Ok(())
+}
+
+duckduckgo_image_search("Rust").await.unwrap();
+```
+
+ Image URL: https://duckduckgo.com/i/2f16ac81.jpg
+ ---
+ Image URL: https://duckduckgo.com/i/832f249b.png
+ ---
+ Image URL: https://duckduckgo.com/i/playrust.com.ico
+ ---
+
+
+#### 2.2.2 Customized DuckDuckGo Searches
+
+Tailoring DuckDuckGo searches to specific websites or domains enhances the precision of information retrieval. Rust's expressive syntax facilitates the creation of scripts that target particular domains or types of content. The following example illustrates a Rust script that searches for Rust-related content specifically on Wikipedia:
+
+```rust
+use reqwest;
+use serde_json::Value;
+
+async fn duckduckgo_web_search(query: &str, site: &str) -> Result<(), reqwest::Error> {
+ let url = format!("https://api.duckduckgo.com/?q={}&site:{}&format=json", query, site);
+
+ let body = reqwest::get(&url).await?.text().await?;
+ let json: Value = serde_json::from_str(&body).unwrap();
+
+ if let Some(results) = json["RelatedTopics"].as_array() {
+ for result in results {
+ if let (Some(title), Some(url)) = (result["Text"].as_str(), result["FirstURL"].as_str()) {
+ println!("Title: {}", title);
+ println!("URL: {}", url);
+ println!("---");
+ }
+ }
+ }
+
+ Ok(())
+}
+
+fn main() {
+ duckduckgo_web_search("rust", "wikipedia.org").await.unwrap();
+}
+```
+
+In this example, the script queries DuckDuckGo for results related to the Rust programming language but restricts the search to the Wikipedia domain. This showcases the adaptability of Rust in tailoring searches to specific contexts.
+
+
+
+```Rust
+use reqwest;
+use serde_json::Value;
+
+async fn duckduckgo_web_search(query: &str, site: &str) -> Result<(), reqwest::Error> {
+ let url = format!("https://api.duckduckgo.com/?q={}&site:{}&format=json", query, site);
+
+ let body = reqwest::get(&url).await?.text().await?;
+ let json: Value = serde_json::from_str(&body).unwrap();
+
+ if let Some(results) = json["RelatedTopics"].as_array() {
+ for result in results {
+ if let (Some(title), Some(url)) = (result["Text"].as_str(), result["FirstURL"].as_str()) {
+ println!("Title: {}", title);
+ println!("URL: {}", url);
+ println!("---");
+ }
+ }
+ }
+
+ Ok(())
+}
+
+duckduckgo_web_search("rust", "wikipedia.org").await.unwrap();
+```
+
+ Title: Rust An iron oxide, a usually reddish-brown oxide formed by the reaction of iron and oxygen in the...
+ URL: https://duckduckgo.com/Rust
+ ---
+ Title: Rust (programming language) A multi-paradigm, general-purpose programming language.
+ URL: https://duckduckgo.com/Rust_(programming_language)
+ ---
+ Title: Rust (video game) A multiplayer-only survival video game developed by Facepunch Studios.
+ URL: https://duckduckgo.com/Rust_(video_game)
+ ---
+
+
+### 2.3 X Interaction in Rust
+
+Social media platforms are a treasure of information, and X, formerly known as Twitter, with its wealth of real-time data, becomes a prime target for social engineering reconnaissance. In this section, we explore Rust's capabilities in interacting with Twitter API, parsing tweets, and extracting valuable insights.
+
+#### 2.3.1 Parsing Xeets In Rust
+
+Rust's `reqwest` library seamlessly integrates with the X API, providing a gateway to the vast ocean of tweets. The following example demonstrates a Rust script that queries X for xeets containing a specific hashtag:
+
+```rust
+use reqwest;
+use serde_json::Value;
+use base64::{Engine as _, engine::{self, general_purpose}};
+
+async fn twitter_search(hashtag: &str) -> Result<(), reqwest::Error> {
+ let consumer_key = "YOUR_TWITTER_CONSUMER_KEY";
+ let consumer_secret = "YOUR_TWITTER_CONSUMER_SECRET";
+ let access_token = "YOUR_TWITTER_ACCESS_TOKEN";
+ let access_token_secret = "YOUR_TWITTER_ACCESS_TOKEN_SECRET";
+
+ let bearer_token = general_purpose::STANDARD.encode(&format!("{}:{}", consumer_key, consumer_secret));
+ let auth_header = format!("Basic {}", bearer_token);
+
+ let auth_response = reqwest::Client::new()
+ .post("https://api.twitter.com/oauth2/token")
+ .header("Authorization", auth_header)
+ .form(&[("grant_type", "client_credentials")])
+ .send()
+ .await?
+ .text()
+ .await?;
+
+ let auth_body: Value = serde_json::from_str(&auth_response).unwrap();
+ let token = auth_body["access_token"].as_str().ok_or("Twitter API Auth Failed!").unwrap();
+
+ let url = format!("https://api.twitter.com/2/tweets/search/recent?query=%23{}&max_results=5", hashtag);
+ let response = reqwest::Client::new()
+ .get(&url)
+ .header("Authorization", format!("Bearer {}", token))
+ .send()
+ .await?
+ .text()
+ .await?;
+
+ let json: Value = serde_json::from_str(&response).unwrap();
+
+ if let Some(data) = json["data"].as_array() {
+ for tweet in data {
+ if let Some(text) = tweet["text"].as_str() {
+ println!("Tweet: {}", text);
+ println!("---");
+ }
+ }
+ }
+
+ Ok(())
+}
+
+
+fn main() {
+twitter_search("rustlang").await.unwrap();
+}
+```
+
+Replace the placeholder values in the script with your actual X API credentials. This script queries X for recent tweets containing the specified hashtag and prints the text of the xeets.
+
+
+```Rust
+:dep base64 = {version="0.21.5"}
+```
+
+
+```Rust
+use reqwest;
+use serde_json::Value;
+use base64::{Engine as _, engine::{self, general_purpose}};
+
+async fn twitter_search(hashtag: &str) -> Result<(), reqwest::Error> {
+ let consumer_key = "YOUR_TWITTER_CONSUMER_KEY";
+ let consumer_secret = "YOUR_TWITTER_CONSUMER_SECRET";
+ let access_token = "YOUR_TWITTER_ACCESS_TOKEN";
+ let access_token_secret = "YOUR_TWITTER_ACCESS_TOKEN_SECRET";
+
+ let bearer_token = general_purpose::STANDARD.encode(&format!("{}:{}", consumer_key, consumer_secret));
+ let auth_header = format!("Basic {}", bearer_token);
+
+ let auth_response = reqwest::Client::new()
+ .post("https://api.twitter.com/oauth2/token")
+ .header("Authorization", auth_header)
+ .form(&[("grant_type", "client_credentials")])
+ .send()
+ .await?
+ .text()
+ .await?;
+
+ let auth_body: Value = serde_json::from_str(&auth_response).unwrap();
+ let token = auth_body["access_token"].as_str().ok_or("Twitter API Auth Failed!").unwrap();
+
+ let url = format!("https://api.twitter.com/2/tweets/search/recent?query=%23{}&max_results=5", hashtag);
+ let response = reqwest::Client::new()
+ .get(&url)
+ .header("Authorization", format!("Bearer {}", token))
+ .send()
+ .await?
+ .text()
+ .await?;
+
+ let json: Value = serde_json::from_str(&response).unwrap();
+ println!("Tweet: {}", json);
+ if let Some(data) = json["data"].as_array() {
+ for tweet in data {
+ if let Some(text) = tweet["text"].as_str() {
+ println!("Tweet: {}", text);
+ println!("---");
+ }
+ }
+ }
+
+ Ok(())
+}
+
+twitter_search("rustlang").await.unwrap();
+```
+
+ Tweet: {"client_id":"28218887","detail":"When authenticating requests to the Twitter API v2 endpoints, you must use keys and tokens from a Twitter developer App that is attached to a Project. You can create a project via the developer portal.","reason":"client-not-enrolled","registration_url":"https://developer.twitter.com/en/docs/projects/overview","required_enrollment":"Appropriate Level of API Access","title":"Client Forbidden","type":"https://api.twitter.com/2/problems/client-forbidden"}
+
+
+As the output suggests, we are encountering Twitter API call failures with the error message "Client Forbidden" and we are prompted to upgrade from the free plan to the basic plan. [As of the recent announcement](https://twittercommunity.com/t/announcing-the-users-search-and-trends-lookup-endpoints-in-the-x-api-v2/210567), X API v2 introduces two new endpoints, Users Search and Trends lookup, available exclusively to developers with Pro access in the X API.
+
+### 2.4 Advanced Social Engineering
+
+Social engineering extends beyond web reconnaissance, encompassing email manipulation and mass social engineering. In this section, we explore advanced Rust scripts that interact with email services, send anonymous emails, and orchestrate mass social engineering attacks.
+
+#### 2.4.1 Anonymous Email Communication
+
+Maintaining anonymity extends beyond web browsing into email communication. Rust's capabilities enable us to interact with email services and send anonymous emails. The following example demonstrates a Rust script that sends an anonymous email using the Reqwest library:
+
+```rust
+use reqwest;
+use serde_json::Value;
+
+async fn send_anonymous_email(subject: &str, body: &str) -> Result<(), reqwest::Error> {
+ let sender_email = "your_sender_email@example.com";
+ let receiver_email = "recipient@example.com";
+ let api_key = "YOUR_EMAIL_API_KEY";
+
+ let url = format!("https://api.mailgun.net/v3/YOUR_DOMAIN_NAME/messages");
+ let client = reqwest::Client::new();
+
+ let response = client.post(&url)
+ .basic_auth("api", Some(api_key))
+ .form(&[
+ ("from", format!("Anonymous <{}>", sender_email)),
+ ("to", receiver_email.to_string()),
+ ("subject", subject.to_string()),
+ ("text", body.to_string()),
+ ])
+ .send()
+ .await?
+ .text()
+ .await?;
+
+
+ let json: Value = serde_json::from_str(&response).unwrap();
+
+ if let Some(message) = json["message"].as_str() {
+ println!("Email Sent: {}", message);
+ }
+
+ Ok(())
+}
+
+fn main() {
+ send_anonymous_email("Hello World", "This is an anonymous email sent from Rust.").await.unwrap();
+}
+```
+
+Replace the placeholder values in the script with your actual sender email, receiver email, domain name, and [**Mailgun API key**](https://app.mailgun.com/settings/api_security). This script sends an anonymous email using the Mailgun email service.
+
+
+```Rust
+use reqwest;
+use serde_json::Value;
+
+async fn send_anonymous_email(subject: &str, body: &str) -> Result<(), reqwest::Error> {
+ let sender_email = "your_sender_email@example.com";
+ let receiver_email = "recipient@example.com";
+ let api_key = "YOUR_EMAIL_API_KEY";
+
+ let url = format!("https://api.mailgun.net/v3/YOUR_DOMAIN_NAME/messages");
+ let client = reqwest::Client::new();
+
+ let response = client.post(&url)
+ .basic_auth("api", Some(api_key))
+ .form(&[
+ ("from", format!("Anonymous <{}>", sender_email)),
+ ("to", receiver_email.to_string()),
+ ("subject", subject.to_string()),
+ ("text", body.to_string()),
+ ])
+ .send()
+ .await?
+ .text()
+ .await?;
+
+ let json: Value = serde_json::from_str(&response).unwrap();
+
+ if let Some(message) = json["message"].as_str() {
+ println!("Email Sent: {}", message);
+ }
+
+ Ok(())
+}
+
+send_anonymous_email("Hello World", "This is an anonymous email sent from Rust.").await.unwrap();
+```
+
+ Email Sent: Queued. Thank you.
+
+
+
+
+### 2.4.2 Mass Social Engineering
+
+Mass social engineering requires automation, and Rust excels in providing the tools necessary for orchestrating large-scale attacks. The following example illustrates a Rust script that utilizes the `reqwest` library to send spear-phishing emails to multiple targets:
+
+```rust
+use reqwest;
+use serde_json::Value;
+
+async fn send_spear_phishing_email(subject: &str, body: &str, recipients: Vec<&str>) -> Result<(), reqwest::Error> {
+ let sender_email = "your_sender_email@example.com";
+ let api_key = "YOUR_EMAIL_API_KEY";
+
+ let url = format!("https://api.mailgun.net/v3/YOUR_DOMAIN_NAME/messages");
+ let client = reqwest::Client::new();
+
+ let recipient_emails = recipients.join(",");
+
+ let response = client.post(&url)
+ .basic_auth("api", Some(api_key))
+ .form(&[
+ ("from", format!("Anonymous <{}>", sender_email)),
+ ("to", recipient_emails),
+ ("subject", subject.to_string()),
+ ("text", body.to_string()),
+ ])
+ .send()
+ .await?
+ .text()
+ .await?;
+
+ let json: Value = serde_json::from_str(&response).unwrap();
+
+ if let Some(message) = json["message"].as_str() {
+ println!("Email Sent: {}", message);
+ }
+
+ Ok(())
+}
+
+fn main() {
+ let target_emails = ["target1@example.com", "target2@example.com", "target3@example.com"];
+ send_spear_phishing_email("Important Security Update", "Dear User, we require you to update your credentials immediately.", target_emails).await.unwrap();
+}
+```
+
+Replace the placeholder values in the script with your actual [**Mailgun API key**](https://app.mailgun.com/settings/api_security). This script utilizes the `reqwest` library to send spear-phishing emails to multiple targets, demonstrating the scalability and automation capabilities of Rust in the world of social engineering.
+
+
+```Rust
+use reqwest;
+use serde_json::Value;
+
+async fn send_spear_phishing_email(subject: &str, body: &str, recipients: Vec<&str>) -> Result<(), reqwest::Error> {
+ let sender_email = "your_sender_email@example.com";
+ let api_key = "YOUR_EMAIL_API_KEY";
+
+ let url = format!("https://api.mailgun.net/v3/YOUR_DOMAIN_NAME/messages");
+ let client = reqwest::Client::new();
+
+ let recipient_emails = recipients.join(",");
+
+ let response = client.post(&url)
+ .basic_auth("api", Some(api_key))
+ .form(&[
+ ("from", format!("Anonymous <{}>", sender_email)),
+ ("to", recipient_emails),
+ ("subject", subject.to_string()),
+ ("text", body.to_string()),
+ ])
+ .send()
+ .await?
+ .text()
+ .await?;
+
+ let json: Value = serde_json::from_str(&response).unwrap();
+
+ if let Some(message) = json["message"].as_str() {
+ println!("Email Sent: {}", message);
+ }
+
+ Ok(())
+}
+
+let target_emails = ["target1@example.com", "target2@example.com", "target3@example.com"];
+send_spear_phishing_email("Important Security Update", "Dear User, we require you to update your credentials immediately.", target_emails).await.unwrap();
+```
+
+ Email Sent: Queued. Thank you.
+
+
+
+
+### 3. Conclusion
+
+In this extensive exploration, we've witnessed the fusion of character and technology in the world of web reconnaissance using Rust. From anonymously browsing the Internet and interacting with DuckDuckGo and X to advanced social engineering techniques, Rust has proven to be a versatile and robust language for cybersecurity professionals. As we navigate the evolving landscape of cyber threats, Rust stands as a sweet companion, empowering us to safeguard digital landscapes with resilience.
+
+---
+---
diff --git a/chapter-4/chapter-4.pdf b/chapter-4/chapter-4.pdf
new file mode 100644
index 0000000..7c66987
Binary files /dev/null and b/chapter-4/chapter-4.pdf differ