Importing old wfuzz1.4c from google code

README

@@ -0,0 +1,96 @@
+*************************************
+* Wfuzz  1.4c - The web bruteforcer  *
+* Coded by:                         *
+* Christian Martorella              *
+*   - cmartorella@edge-security.com *
+* Carlos del ojo                    *
+*   - deepbit@gmail.com             *
+*************************************
+
+What is this?
+-------------
+
+Wfuzz is a tool designed to  brutefore web applications, it's very flexible, it supports:
+
+	-Recursion (When doing directory discovery)
+	-Post data bruteforcing
+	-Header bruteforcing
+	-Output to HTML (easy for just clicking the links and checking the page, even with postdata!)
+	-Colored output 
+	-Hide results by return code, word numbers, line numbers, etc.
+	-Url encoding
+	-Cookies
+	-Multithreading
+	-Proxy support 
+	-All parameter fuzzing
+
+It was created to facilitate the task in web applications assessments, it's a tool by pentesters for pentesters ;)
+
+How does it works?
+------------------
+
+The tool is based on dictionaries or ranges, then you choose where you want to bruteforce just by replacing the value by the word FUZZ.
+
+Examples:
+
+	-  wfuzz.py -c -z file -f wordlists/commons.txt --hc 404 --html http://www.mysite.com/FUZZ 2> results.html
+
+	 This will bruteforce the site http://www.mysyte.com/FUZZ in search of resources i
+	 (directories, scripts, files,etc), it will hide from the output the return code 404 
+	 (for easy reading results), it will use the dictionary commons.txt for the bruteforce
+	 , and also will output the results to the results.html file (with a cool format to work).
+
+
+	-  wfuzz.py -c -z range -r 1-100 --hc 404 http://www.mysite.com/list.asp?id=FUZZ
+	  In this example instead of using a file as dictionary, it will use a range from 1-100,
+	  and will bruteforce the parameter "id".
+
+	-  wfuzz.py -c -z file -f wordlists/commons.txt --hc 404 --html -d "id=1&catalogue=FUZZ" 
+	   http://www.mysite.com/check.asp 2> results.html 
+	   Here you can see the use of POST data, with the option "-d".
+
+	- wfuzz.py -c -z file -f wordlists/commons.txt --hc 404 -R 2 http://www.mysite.com/FUZZ
+	  Example of path discovery, using a recursive level of 2 paths.
+
+Platforms:
+----------
+
+wfuzz was tested on Linux, Os X and Windows.
+On windows the colored output, it doesn't work, we are working towards fixing this problem.
+
+
+Dependencies:
+------------
+
+On *nix systems, need pycurl to work.
+On Windows just run the wfuzz.exe
+
+Thanks:
+-------
+
+Shouts goes to: Trompeti an all the S21sec Team. (www.s21sec.com)
+
+Special thanks to DarkRaver for the tool Dirb, part of wfuzz  is based on the functionallity of dirb. (www.open-labs.org) and most of the wordlist are from his tool.
+
+Andres Andreu, all Injection payloads are taken from wsFuzzer (www.neurofuzz.com)
+Stay tunned for the GUI it rocks..
+
+Changelog 1.4c:
+==============
+-Fixed Headers parsing, thanks to Osama
+-Fixed encoding naming problems, thanks to Osama
+-Added support to Hexa-Random payload (hexa-rand), thanks to Kaerast
+
+Changelog 1.4:
+==============
+-More encodings:
+-Performance improving
+-Some bugs fixed
+
+Changelog 1.3:
+=========
+-Creada funcion select_encoding
+-Multiple encoding, it's possible to encode both dictionries with different encodings.
+-Hidecode XXX (cuando da muchos errores, pero puede servir)
+-Word count fixed
+-More encoders (binascii,md5,sha1)

TextParser.py

@@ -0,0 +1,139 @@
+#Covered by GPL V2.0
+#Coded by Carlos del Ojo Elias (deepbit@gmail.com)
+
+import sys
+import re
+
+
+class TextParser:
+	def __init__ (self):
+		self.string=""
+		self.oldindex=0
+		self.newindex=0
+		self.type=""
+		self.lastFull_line=None
+		self.lastline = None
+		pass
+
+	def __del__ (self):
+		if self.type=="file":
+			self.fd.close()
+
+	def setSource (self,t,*args):
+		'''Se especifica el tipo de entrada. Puede ser fichero o entrada estandard
+
+		Ejemplos: setSource("file","/tmp/file")
+			  setSource("stdin")\n'''
+
+		if t=="file":
+			self.type=t
+			self.fd=file(args[0],"r")
+		elif t=="stdin":
+			if self.type=="file":
+				self.fd.close()
+			self.type=t
+		elif t=="string":
+			if self.type=="file":
+				self.fd.close()
+			self.type=t
+			self.string=args[0]
+			self.oldindex=0
+			self.newindex=0
+		else:
+			print "Bad argument -- TextParser.setSource()\n"
+			sys.exit (-1)
+
+
+	def seekinit(self):
+		self.oldindex=0;
+		self.newindex=0;
+
+
+	def readUntil (self,pattern,caseSens=True):
+		"Lee lineas hasta que el patron (pattern) conincide en alguna linea"
+
+		while True:
+			if (self.readLine() == 0):
+				return False
+			if (self.search(pattern,caseSens) == True):
+				break
+
+		return True
+
+
+
+	def search (self,pattern,caseSens=True,debug=0):
+		"Intenta hacer Matching entre el pattern pasado por parametro y la ultima linea leida"
+
+		if not caseSens:
+			self.regexp=re.compile(pattern,re.IGNORECASE)
+		else:
+			self.regexp=re.compile(pattern)
+		self.matches=self.regexp.findall(self.lastline)
+		j=0
+		for i in self.matches:
+			if not type(i)==type(()):
+				self.matches[j]=tuple([self.matches[j]])
+			j+=1
+
+#		DEBUG PARA MATCHING
+		if (debug==1):
+			print "[",self.lastline,"-",pattern,"]"
+			print len(self.matches)
+			print self.matches
+
+		if len(self.matches)==0:
+			return False
+		else:
+			return True
+
+
+	def __getitem__ (self,key):
+		"Para acceder a cada uno de los patrones que coinciden, esta preparado paragrupos de patrones, no para solo un patron"
+
+		return self.matches[key]
+
+	def skip (self,lines):
+		"Salta las lines que se indiquen en el parametro"
+
+		for i in range(lines):
+			if (self.readLine() == 0):
+				return False
+
+		return True
+
+	def readLine(self):
+		"Lee la siguiente linea eliminando retornos de carro"
+
+		if self.type=="file":
+			self.lastFull_line=self.fd.readline()
+		elif self.type=="stdin":
+			self.lastFull_line=raw_input()
+		elif self.type=="string":
+			if self.newindex==-1:
+				return 0
+
+			if self.oldindex>=0:
+				self.newindex=self.string.find("\n",self.oldindex,len(self.string))
+				if self.newindex==-1:
+					self.lastFull_line=self.string[self.oldindex:len(self.string)]
+				else:
+					self.lastFull_line=self.string[self.oldindex:self.newindex+1]
+
+				self.oldindex=self.newindex+1
+			else:
+				self.lastFull_line=''
+
+		bytes_read = len(self.lastFull_line)
+
+		s=self.lastFull_line
+		self.lastline=s
+
+		if s[-2:] == '\r\n':
+			self.lastline = s[:-2]
+		elif s[-1:] == '\r' or s[-1:] == '\n':
+			self.lastline = s[:-1]
+
+		return bytes_read	
+
+

dictio.py

@@ -0,0 +1,51 @@
+#!/usr/bin/python
+
+#Covered by GPL V2.0
+
+from encoders import *
+from payloads import *
+
+# generate_dictio evolution		
+class dictionary:
+	def __init__(self,dicc=None):
+		if dicc:
+			self.__payload=dicc.getpayload()
+			self.__encoder=dicc.getencoder()
+		else:	
+			self.__payload=payload()
+			self.__encoder=encoder()
+		self.iter=self.__payload.__iter__()
+
+	def count (self):
+		return self.__payload.count()
+
+	def setpayload(self,payl):
+		self.__payload=payl
+		self.iter=self.__payload.__iter__()
+
+	def setencoder(self,encd):
+		self.__encoder=encd
+
+	def getpayload (self):
+		return self.__payload
+
+	def getencoder (self):
+		return self.__encoder
+
+	def generate_all(self):
+		dicc=[]
+		for i in self.__payload:
+			dicc.append(self.__encoder.encode(i))
+		return dicc
+
+	def __iter__(self):
+		self.restart()
+		return self
+
+	def next(self):
+		pl=self.iter.next()
+		return self.__encoder.encode(pl)
+
+	def restart(self):
+		self.iter=self.__payload.__iter__()
+