Metadata-Version: 2.4
Name: fckr
Version: 1.0
Summary: FCKR – The Ultimate Brute Forcer
Home-page: https://github.com/IMApurbo/fck
Author: AKM Korishee Apurbo
Author-email: bandinvisible8@gmail.com
License: MIT
Classifier: Programming Language :: Python :: 3
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Requires-Python: >=3.7
Description-Content-Type: text/markdown
Requires-Dist: requests>=2.25.1
Requires-Dist: rich>=13.3.5
Dynamic: author
Dynamic: author-email
Dynamic: classifier
Dynamic: description
Dynamic: description-content-type
Dynamic: home-page
Dynamic: license
Dynamic: requires-dist
Dynamic: requires-python
Dynamic: summary

# FCKR – The Ultimate Brute Forcer

**FCKR** is a command-line tool designed for **security researchers** and **penetration testers** to brute-force HTTP requests with powerful and customizable filtering capabilities. It replaces the `FCK` placeholder in URLs or POST bodies with values from a wordlist, allowing you to test web endpoints and inspect/filter responses.

> ✨ Developed by **[@IMApurbo](https://github.com/imapurbo)**  
> 🛡️ Use responsibly. Authorized testing only.

---

## 🚀 Features

- **Flexible Brute-Forcing**  
  Replace `FCK` placeholders in URLs or POST bodies with wordlist entries.

- **HTTP Method Support**  
  Supports both `GET` and `POST` methods.

- **Advanced Filtering**  
  - **Response Filters (-f)**: Filter based on:
    - `s`: status code
    - `l`: content length
    - `c`: response body
  - Filter types:
    - `e`: exact
    - `c`: contains
    - `nc`: not contains

- **Output Saving (-o)**  
  Save results to a file (e.g., result.txt).

- **Response Inspection (-r)**  
  Fetch full HTML responses for specific inputs.

- **Debug Mode (-d)**  
  Logs all requests and mismatched filters.

- **Threading (-T)**  
  Speed up Brute-Forcing

- **Define Header (-H)**  
  HTTP headers as a semicolon-separated string (e.g., "Cookie:JSESSIONID=abc123;Content-Type:application/json")

- **Progress Bar**  
  Stylish visual feedback during brute-forcing.

- **User-Friendly Output**  
  Concise results like:  
  `Word: <word> | Status: <status> | Length: <length> | Time: <time>s`

---

## 🧪 Installation

Install directly from PyPI:

```bash
pip install fckr
````

### Requirements

* Python 3.6+
* Terminal with ANSI support (Linux, macOS, or Windows Terminal)

---

## ⚙️ Usage

```bash
fckr -u "<url_with_FCK>" -w <wordlist> [options]
```

### Common Flags

| Short | Long               | Description                                      | Required  | Default |
| ----- | ------------------ | ------------------------------------------------ | --------- | ------- |
| `-u`  | `--url`            | Target URL with `FCK` placeholder                | ✅        | -       |
| `-b`  | `--body`           | POST body with `FCK` (use with POST only)        | 🟡        | -       |
| `-w`  | `--wordlist`       | Path to wordlist                                 | ✅        | -       |
| `-m`  | `--method`         | HTTP method (`GET` or `POST`)                    | ❌        | GET     |
| `-t`  | `--timeout`        | Timeout in seconds                               | ❌        | 5.0     |
| `-f`  | `--filter`         | Filter response (e.g., `s:e:200`, `c:c:success`) | ❌        | -       |
| `-o`  | `--output`         | Save results to a file (e.g., `result.txt`)      | ❌        | -       |
| `-r`  | `--fetch-response` | Fetch full HTML for a specific word              | ❌        | -       |
| `-d`  | `--debug`          | Show request and filter logs                     | ❌        | False   |
| `-H`  | `--header`         | HTTP headers as a semicolon-separated string     | ❌        | -       |
| `-T`  | `--threads`        | Number of concurrent threads                     | ❌        | 10      |
| `-h`  | `--help`           | Show this help message and exit                  | ❌        | -       |

---

## 🔍 Filtering Syntax

Format:

```
<field>:<type>:<value>
```

### Fields

* `s`: HTTP status code
* `l`: Content length
* `c`: Response body content

### Types

* `e`: Exact match
* `c`: Contains
* `nc`: Not contains

### Examples

```bash
-f s:e:200             # Show only 200 OK
-f c:nc:error          # Show results that do not contain "error"
-f c:c:login           # Show responses containing "login"
-f l:e:1000            # Show only 1000-byte responses
```

---

## 🔧 Examples

**Brute-force with GET:**

```bash
fckr -u "https://test.com/search?q=FCK" -w list.txt -m GET
```

**POST request with body:**

```bash
fckr -u "http://test.com/search" -b "query=FCK&submit=1" -w list.txt -m POST
```

**Filter by content:**

```bash
-o c:nc:"<h2>Not found</h2>"
```

**Inspect full response for a word:**

```bash
-r "admin"
```

**Verbose debugging:**

```bash
-d
```

---

## 📂 Wordlist Format

Plain text file, one word per line:

```
admin
test
search
```


---

## 🛠️ Development

```bash
git clone https://github.com/IMApurbo/fckr.git
cd fckr
pip install -r requirements.txt
python -m fckr -u "https://example.com/?q=FCK" -w list.txt
```

---

## ⚠️ Legal Notice

> 🛑 Use **only on systems you have explicit permission** to test.
> Misuse may violate laws and ethical guidelines.

---

## ⭐ Credits

* Developed by **IMApurbo**

---

## 📃 License

This project is licensed under the MIT License. See the [LICENSE](LICENSE) file for details.
