Metadata-Version: 2.4
Name: ansferatu
Version: 0.1.1
Summary: Multifunctional tool for HTTP reconnaissance, web crawling and web directory bruteforce.
Author: frostbits-security
License: MIT License
        
        Copyright (c) 2022 frostbits-security
        
        Permission is hereby granted, free of charge, to any person obtaining a copy
        of this software and associated documentation files (the "Software"), to deal
        in the Software without restriction, including without limitation the rights
        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
        copies of the Software, and to permit persons to whom the Software is
        furnished to do so, subject to the following conditions:
        
        The above copyright notice and this permission notice shall be included in all
        copies or substantial portions of the Software.
        
        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
        SOFTWARE.
        
Project-URL: Homepage, https://github.com/frostbits-security/ansferatu
Project-URL: Repository, https://github.com/frostbits-security/ansferatu
Keywords: crawler,spider,bruteforce,reconnaissance,security,web
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Information Technology
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3 :: Only
Classifier: Topic :: Internet :: WWW/HTTP :: Indexing/Search
Classifier: Topic :: Security
Requires-Python: >=3.8
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: requests
Requires-Dist: urllib3
Requires-Dist: beautifulsoup4
Requires-Dist: simhash
Requires-Dist: tldextract
Requires-Dist: validators
Requires-Dist: psutil
Provides-Extra: headless
Requires-Dist: playwright; extra == "headless"
Provides-Extra: dev
Requires-Dist: pytest; extra == "dev"
Requires-Dist: build; extra == "dev"
Requires-Dist: twine; extra == "dev"
Dynamic: license-file

# Ansferatu

Multifunctional tool for HTTP reconnaissance, web crawling and web directory bruteforce.
Based on [PSpider](https://github.com/xianhu/PSpider).

## Features

- Fast multi-URL crawling
- Fast multi-URL directory bruteforce
- Discover new subdomains without DNS bruteforce (e.g. `https://example.com` → many `*.example.com` hosts)
- Optional headless browsing and automatic form fill-up (via Playwright)
- JSONL output (Nuclei/proxify-compatible)

## Installation

Ansferatu is a regular Python package and requires Python 3.8+.

From PyPI:
```bash
pip3 install ansferatu
```

From source / GitHub:
```bash
pip3 install git+https://github.com/frostbits-security/ansferatu.git
# or, from a local checkout:
pip3 install .
```

Headless / form-filling support is optional. The `--headless` and `--fill-forms`
modes rely on [Playwright](https://playwright.dev/python/). Install the extra and
download the Chromium runtime:
```bash
pip3 install 'ansferatu[headless]'
playwright install chromium
```

Installing the package exposes an `ansferatu` console command (equivalent to
`python3 -m ansferatu`).

## How to run

Run via the `ansferatu` command. Use `ansferatu --help` (or `ansferatu crawl --help`)
to see all options.

### crawl

Crawl one or more web sites. The main parameter is `--limit` (requests per subdirectory).
```bash
ansferatu crawl --url https://example.com -o ./results/ --limit 1
```

### crawl --headless

Same crawl, but with Playwright headless extraction for qualifying pages.
Requires the headless extra (`pip install 'ansferatu[headless]' && playwright install chromium`).
```bash
ansferatu crawl --headless --url https://example.com -o ./results/
```

### crawl --fill-forms

Extends the headless crawl with form detection and interaction: detects `<form>`
elements, fills fields with smart defaults (email, password, search, etc.), submits
them, and captures the resulting responses and new URLs. Implies `--headless`.
```bash
ansferatu crawl --fill-forms --url https://example.com -o ./results/
```

### brute

Classic web directory bruteforce. Needs a wordlist.
```bash
ansferatu brute --url https://example.com -w ./wordlists/fuzz_big.txt -o ./results/
```

## Use as a library

The package can be imported into other Python tools:
```python
from ansferatu import common_crawler, common_brute_from_file

common_crawler(
    url_list=["https://example.com"],
    scope=["example.com"],
    exclude_codes_list=[403, 404, 401],
    visit_count_limit=10,
    max_deep=2,
    threads=10,
    output_file="results.jsonl",
)
```

For lower-level control, build the spider directly:
```python
from ansferatu.spider import WebSpider, TaskFetch
```

## Docker

Build the image:
```bash
docker build -t ansferatu .
```

Run the container (the image's entrypoint is the `ansferatu` command):
```bash
docker run --rm -it -v /tmp/ansferatu_out:/ansferatu/results ansferatu \
  crawl --url https://example.com -o /ansferatu/results/ --limit 1
```

## Development

Editable install (source changes are picked up immediately):
```bash
pip3 install -e '.[headless,dev]'
```

Run the test suite:
```bash
pytest
```

## Building & publishing to PyPI

The project is configured with `pyproject.toml` (PEP 621). Build the distribution
artifacts (source distribution + wheel):
```bash
pip3 install build
python3 -m build          # writes dist/ansferatu-<version>.tar.gz and .whl
```

Validate and upload with [Twine](https://twine.readthedocs.io/):
```bash
pip3 install twine
twine check dist/*

# Test upload first (recommended): https://test.pypi.org
twine upload --repository testpypi dist/*

# Real upload
twine upload dist/*
```

Notes:
- Bump `version` in `pyproject.toml` (and `__version__` in `ansferatu/__init__.py`)
  before each release; PyPI rejects re-uploads of an existing version.
- Uploading requires a PyPI account and an API token (configured via `~/.pypirc`
  or the `TWINE_USERNAME=__token__` / `TWINE_PASSWORD=<token>` environment variables).

## Roadmap

- Dynamic dictionary generation for bruteforce
- Improved deduplication (Simhash / page-hash similarity)
- HTML reports alongside JSONL output
- Collect query parameters (GET and POST)

## License

MIT — see [LICENSE](LICENSE).
