Part 1: Getting Started with Rust - Setting Up and Basic Types

Introduction

When I decided to build a WAF bypass scanner, I needed a language that was fast, safe, and had excellent async support. Python was too slow for concurrent HTTP requests, and C/C++ required too much manual memory management. Rust offered the perfect balance: performance close to C with memory safety guarantees.

This article covers setting up Rust and understanding the basic types and structures I used in simple-waf-scanner.

Why Rust for a Security Tool?

My Decision Process

I evaluated several languages before choosing Rust:

Why not Python?

Too slow for hundreds of concurrent HTTP requests
GIL limits true parallelism
Runtime errors instead of compile-time safety

Why not Go?

Garbage collection pauses
Less control over memory
Weaker type system

Why Rust?

Zero-cost abstractions - performance without overhead
Memory safety without garbage collection
Fearless concurrency - compiler prevents data races
Rich type system - errors caught at compile time
Excellent HTTP and async libraries

Installing Rust

macOS/Linux

# Install rustup (Rust toolchain installer)
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

# Follow prompts, then reload shell
source $HOME/.cargo/env

# Verify installation
rustc --version  # Rust compiler
cargo --version  # Package manager

Windows

Download and run rustup-init.exe

Update Rust

rustup update

Creating the Project

Initial Setup

# Create new binary project
cargo new simple-waf-scanner
cd simple-waf-scanner

# Project structure
# simple-waf-scanner/
# ├── Cargo.toml      # Project manifest (like package.json)
# ├── src/
# │   └── main.rs     # Entry point
# └── target/         # Build artifacts (gitignored)

Cargo.toml - Project Manifest

This is my actual project configuration:

[package]
name = "simple-waf-scanner"
version = "0.1.2"
edition = "2021"
authors = ["Your Name <[email protected]>"]
description = "A WAF detection and bypass testing tool"
license = "MIT"
repository = "https://github.com/Htunn/simple-waf-scanner"

[dependencies]
# Async runtime
tokio = { version = "1", features = ["full"] }

# HTTP client
reqwest = { version = "0.11", features = ["json"] }

# Serialization
serde = { version = "1.0", features = ["derive"] }
serde_json = "1.0"

# CLI
clap = { version = "4.0", features = ["derive"] }

# Terminal output
colored = "2.0"

# URL encoding
urlencoding = "2.1"

[lib]
name = "simple_waf_scanner"
path = "src/lib.rs"

[[bin]]
name = "waf-scan"
path = "src/main.rs"

Building and Running

# Check code compiles
cargo check

# Build in debug mode
cargo build

# Build optimized release
cargo build --release

# Run directly
cargo run

# Run tests
cargo test

# Clean build artifacts
cargo clean

Basic Rust Types in My Project

Primitive Types

// Integers
let timeout: u64 = 5000;        // Unsigned 64-bit (milliseconds)
let concurrency: usize = 10;    // Platform-specific unsigned
let status_code: u16 = 200;     // HTTP status codes

// Floating point
let score: f64 = 2.5;           // WAF detection score

// Boolean
let waf_detected: bool = true;

// String types
let url: String = "https://example.com".to_string();  // Owned
let method: &str = "GET";                              // String slice (borrowed)

Strings in Rust

One of Rust's initially confusing aspects:

// String - owned, heap-allocated, growable
let mut owned = String::from("https://");
owned.push_str("example.com");  // Can modify

// &str - borrowed string slice, usually stack or static
let borrowed: &str = "example.com";
let slice: &str = &owned[0..5];  // Reference to part of owned string

// Real example from my project
fn build_url(base: &str, path: &str) -> String {
    format!("{}{}", base, path)  // Returns owned String
}

let url = build_url("https://example.com", "/api/test");

When to use which?

String: When you own the data and may modify it
&str: When you're just reading/borrowing the string

Collections

Vectors - Dynamic Arrays

// Vector of payload strings
let mut payloads: Vec<String> = Vec::new();
payloads.push("<script>alert(1)</script>".to_string());
payloads.push("' OR '1'='1".to_string());

// Alternative initialization
let techniques = vec!["encoding", "case", "null-bytes"];

// Iteration
for payload in &payloads {
    println!("Testing: {}", payload);
}

// Real example from my project
let mut findings: Vec<Finding> = Vec::new();
for payload in &config.payloads {
    if test_payload(payload).await? {
        findings.push(Finding::new(payload));
    }
}

HashMaps - Key-Value Storage

use std::collections::HashMap;

// Store WAF detection scores
let mut scores: HashMap<String, f64> = HashMap::new();
scores.insert("Cloudflare".to_string(), 3.0);
scores.insert("AWS WAF".to_string(), 2.5);

// Access values
if let Some(score) = scores.get("Cloudflare") {
    println!("Score: {}", score);
}

// Real usage - tracking detected techniques
let mut technique_success: HashMap<String, usize> = HashMap::new();
for finding in &findings {
    let counter = technique_success.entry(finding.technique.clone()).or_insert(0);
    *counter += 1;
}

Enums - Core to Rust

Simple Enums

// Severity levels for findings
#[derive(Debug, Clone, PartialEq)]
pub enum Severity {
    Critical,
    High,
    Medium,
    Low,
    Info,
}

// Usage
let severity = Severity::Critical;

match severity {
    Severity::Critical => println!("🔴 Critical vulnerability"),
    Severity::High => println!("🟠 High severity"),
    Severity::Medium => println!("🟡 Medium severity"),
    Severity::Low => println!("🟢 Low severity"),
    Severity::Info => println!("ℹ️ Information"),
}

Enums with Data

// HTTP methods
pub enum HttpMethod {
    Get,
    Post(String),  // POST with body
    Put(String),
}

// Usage
let request = HttpMethod::Post("{\"test\":true}".to_string());

match request {
    HttpMethod::Get => send_get_request(),
    HttpMethod::Post(body) => send_post_request(&body),
    HttpMethod::Put(body) => send_put_request(&body),
}

Option - Handling Null

Rust has no null. Instead, we use Option<T>:

// Function that might not return a value
fn find_waf(headers: &HashMap<String, String>) -> Option<String> {
    if let Some(server) = headers.get("server") {
        if server.contains("cloudflare") {
            return Some("Cloudflare".to_string());
        }
    }
    None  // No WAF detected
}

// Using Option
let waf = find_waf(&headers);
match waf {
    Some(name) => println!("Detected: {}", name),
    None => println!("No WAF detected"),
}

// Or use if let
if let Some(name) = find_waf(&headers) {
    println!("Detected: {}", name);
}

// Or unwrap_or for default
let waf_name = find_waf(&headers).unwrap_or("Unknown".to_string());

Structs - Building Data Models

Basic Structs

// Configuration for the scanner
pub struct Config {
    pub target_url: String,
    pub concurrency: usize,
    pub delay_ms: u64,
    pub verbose: bool,
}

// Implementation block
impl Config {
    // Constructor
    pub fn new(url: String) -> Self {
        Config {
            target_url: url,
            concurrency: 10,
            delay_ms: 100,
            verbose: false,
        }
    }
    
    // Method
    pub fn set_concurrency(&mut self, value: usize) {
        self.concurrency = value;
    }
}

// Usage
let mut config = Config::new("https://example.com".to_string());
config.set_concurrency(5);
config.verbose = true;

Structs with Derive Macros

use serde::{Deserialize, Serialize};

// Payload structure from JSON
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct Payload {
    pub id: String,
    pub info: PayloadInfo,
    pub payloads: Vec<PayloadVariant>,
    pub matchers: Vec<Matcher>,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct PayloadInfo {
    pub name: String,
    pub severity: String,
    pub category: String,
    pub description: String,
    pub references: Vec<String>,
    pub tags: Vec<String>,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct PayloadVariant {
    pub value: String,
    pub encoding: String,
    pub method: String,
}

Derive macros explained:

Debug: Allows printing with {:?}
Clone: Enables .clone() to duplicate data
Serialize/Deserialize: Converts to/from JSON (from serde)

Reading JSON into Structs

use serde_json;

// Read payload file
fn load_payloads(path: &str) -> Result<Vec<Payload>, Box<dyn std::error::Error>> {
    let content = std::fs::read_to_string(path)?;
    let payloads: Vec<Payload> = serde_json::from_str(&content)?;
    Ok(payloads)
}

// Usage
match load_payloads("payloads.json") {
    Ok(payloads) => {
        println!("Loaded {} payloads", payloads.len());
        for payload in payloads {
            println!("- {}: {}", payload.id, payload.info.name);
        }
    }
    Err(e) => eprintln!("Failed to load payloads: {}", e),
}

Pattern Matching - Rust's Superpower

Matching Enums

pub enum ScanResult {
    Blocked,
    Allowed,
    Error(String),
    Timeout,
}

fn handle_result(result: ScanResult) {
    match result {
        ScanResult::Blocked => {
            println!("Request blocked by WAF");
        }
        ScanResult::Allowed => {
            println!("Payload bypassed WAF!");
        }
        ScanResult::Error(msg) => {
            eprintln!("Error: {}", msg);
        }
        ScanResult::Timeout => {
            eprintln!("Request timed out");
        }
    }
}

Matching with Guards

fn analyze_status_code(code: u16) -> &'static str {
    match code {
        200 => "Success - potential bypass",
        403 | 406 => "Blocked by WAF",
        code if code >= 500 => "Server error",
        code if code >= 400 => "Client error",
        _ => "Other",
    }
}

Destructuring

// Matching struct fields
match finding {
    Finding { severity: Severity::Critical, .. } => {
        println!("Critical finding!");
    }
    Finding { category, payload, .. } => {
        println!("Found {} in category {}", payload, category);
    }
}

Result Type - Error Handling

Basic Result Usage

// Function that can fail
fn parse_severity(s: &str) -> Result<Severity, String> {
    match s.to_lowercase().as_str() {
        "critical" => Ok(Severity::Critical),
        "high" => Ok(Severity::High),
        "medium" => Ok(Severity::Medium),
        "low" => Ok(Severity::Low),
        "info" => Ok(Severity::Info),
        _ => Err(format!("Invalid severity: {}", s)),
    }
}

// Usage
match parse_severity("high") {
    Ok(sev) => println!("Severity: {:?}", sev),
    Err(e) => eprintln!("Error: {}", e),
}

The `?` Operator

use std::fs;
use std::io;

// Without ?
fn read_config_verbose(path: &str) -> Result<String, io::Error> {
    match fs::read_to_string(path) {
        Ok(content) => Ok(content),
        Err(e) => Err(e),
    }
}

// With ? - much cleaner!
fn read_config(path: &str) -> Result<String, io::Error> {
    let content = fs::read_to_string(path)?;  // Returns early if error
    Ok(content)
}

// Chaining with ?
fn load_and_parse(path: &str) -> Result<Config, Box<dyn std::error::Error>> {
    let content = fs::read_to_string(path)?;
    let config: Config = serde_json::from_str(&content)?;
    Ok(config)
}

Real Example: WAF Detection Structure

Here's actual code from my project:

use serde::{Deserialize, Serialize};
use std::collections::HashMap;

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct WafFingerprint {
    pub name: String,
    pub headers: HashMap<String, Vec<String>>,
    pub response_patterns: Vec<String>,
    pub status_codes: Vec<u16>,
    pub cookies: Vec<String>,
}

impl WafFingerprint {
    pub fn matches(&self, response: &HttpResponse) -> bool {
        let mut score = 0;
        
        // Check headers (2 points each)
        for (header, patterns) in &self.headers {
            if let Some(value) = response.headers.get(header) {
                for pattern in patterns {
                    if value.to_lowercase().contains(&pattern.to_lowercase()) {
                        score += 2;
                    }
                }
            }
        }
        
        // Check response body (1 point each)
        for pattern in &self.response_patterns {
            if response.body.contains(pattern) {
                score += 1;
            }
        }
        
        // Check status codes (1 point)
        if self.status_codes.contains(&response.status) {
            score += 1;
        }
        
        // Threshold: score >= 2 means detection
        score >= 2
    }
}

pub struct HttpResponse {
    pub status: u16,
    pub headers: HashMap<String, String>,
    pub body: String,
}

Common Patterns I Use

Builder Pattern

pub struct ScanConfig {
    url: String,
    concurrency: usize,
    delay_ms: u64,
    techniques: Vec<String>,
}

impl ScanConfig {
    pub fn new(url: String) -> Self {
        ScanConfig {
            url,
            concurrency: 10,
            delay_ms: 100,
            techniques: Vec::new(),
        }
    }
    
    pub fn concurrency(mut self, value: usize) -> Self {
        self.concurrency = value;
        self
    }
    
    pub fn delay(mut self, ms: u64) -> Self {
        self.delay_ms = ms;
        self
    }
    
    pub fn add_technique(mut self, technique: String) -> Self {
        self.techniques.push(technique);
        self
    }
}

// Usage - method chaining
let config = ScanConfig::new("https://example.com".to_string())
    .concurrency(5)
    .delay(200)
    .add_technique("encoding".to_string())
    .add_technique("case".to_string());

Iterator Chains

// Filter and transform payloads
let critical_payloads: Vec<&Payload> = payloads
    .iter()
    .filter(|p| p.info.severity == "critical")
    .filter(|p| p.info.category == "injection")
    .collect();

// Count by category
use std::collections::HashMap;
let mut counts: HashMap<String, usize> = HashMap::new();
for payload in &payloads {
    *counts.entry(payload.info.category.clone()).or_insert(0) += 1;
}

Build and Test

Creating a Simple Binary

// src/main.rs
fn main() {
    println!("WAF Scanner starting...");
    
    let config = Config::new("https://example.com".to_string());
    println!("Target: {}", config.target_url);
    println!("Concurrency: {}", config.concurrency);
}

struct Config {
    target_url: String,
    concurrency: usize,
}

impl Config {
    fn new(url: String) -> Self {
        Config {
            target_url: url,
            concurrency: 10,
        }
    }
}

Building

# Development build
cargo build

# Run
./target/debug/waf-scan

# Or build and run in one command
cargo run

# Release build (optimized)
cargo build --release
./target/release/waf-scan

Key Takeaways

Cargo manages everything: Dependencies, builds, tests, documentation
Strong typing prevents bugs: Compiler catches errors before runtime
Enums are powerful: Not just constants, they carry data
Option/Result replace null: Explicit handling of missing/error cases
Pattern matching is exhaustive: Compiler ensures all cases handled
Strings have two types: String (owned) vs &str (borrowed)
Derive macros save time: Auto-implement common traits

Common Beginner Mistakes I Made

String Confusion

// Error: expected &str, found String
fn take_str(s: &str) {}
let owned = String::from("test");
take_str(owned);  // Wrong!

// Fix: borrow the String
take_str(&owned);  // Correct!

Forgetting mut

let vec = Vec::new();
vec.push(1);  // Error: cannot mutate immutable variable

// Fix
let mut vec = Vec::new();
vec.push(1);  // Works!

Not Handling Results

let content = fs::read_to_string("file.txt");  // Warning: unused Result

// Fix: handle the Result
let content = fs::read_to_string("file.txt")?;
// Or
match fs::read_to_string("file.txt") {
    Ok(c) => println!("{}", c),
    Err(e) => eprintln!("Error: {}", e),
}

Next in Series

In Part 2: Ownership, Borrowing, and Lifetimes, we'll dive into Rust's most unique feature: the ownership system. We'll explore how it enables memory safety without garbage collection and how I use it to share data across concurrent HTTP requests in the scanner.

Based on building simple-waf-scanner, a production security tool written in Rust and published on crates.io.

PreviousRust 101 NextPart 2: Ownership, Borrowing, and Lifetimes - Rust's Memory Safety

Last updated 15 hours ago

hashtagIntroduction

hashtagWhy Rust for a Security Tool?

hashtagMy Decision Process

hashtagInstalling Rust

hashtagmacOS/Linux

hashtagWindows

hashtagUpdate Rust

hashtagCreating the Project

hashtagInitial Setup

hashtagCargo.toml - Project Manifest

hashtagBuilding and Running

hashtagBasic Rust Types in My Project

hashtagPrimitive Types

hashtagStrings in Rust

hashtagCollections

hashtagVectors - Dynamic Arrays

hashtagHashMaps - Key-Value Storage

hashtagEnums - Core to Rust

hashtagSimple Enums

hashtagEnums with Data

hashtagOption - Handling Null

hashtagStructs - Building Data Models

hashtagBasic Structs

hashtagStructs with Derive Macros

hashtagReading JSON into Structs

hashtagPattern Matching - Rust's Superpower

hashtagMatching Enums

hashtagMatching with Guards

hashtagDestructuring

hashtagResult Type - Error Handling

hashtagBasic Result Usage

hashtagThe ? Operator

hashtagReal Example: WAF Detection Structure

hashtagCommon Patterns I Use

hashtagBuilder Pattern

hashtagIterator Chains

hashtagBuild and Test

hashtagCreating a Simple Binary

hashtagBuilding

hashtagKey Takeaways

hashtagCommon Beginner Mistakes I Made

hashtagString Confusion

hashtagForgetting mut

hashtagNot Handling Results

hashtagNext in Series