DragonFly On-Line Manual Pages

Search: Section:  

AUTHFORCE(1)           DragonFly General Commands Manual          AUTHFORCE(1)


NAME

       authforce - HTTP authentication brute forcer


SYNOPSIS

       authforce [options] URL


DESCRIPTION

       Authforce is an HTTP Authentication brute forcer. Using various
       methods, it attempts brute force username and password pairs for a
       site. It has the ability to try common username and passwords, username
       derivations, and common username/password pairs. It is used to both
       test the security of your site and to prove the insecurity of HTTP
       Authentication based on the fact that users just don't pick good
       passwords.

   OPTIONS
       -b     Beep when a match is found

       -d, --debug
              Set debugging level between 0 and 5

       --dummy-file
              File containing dummy matches. [username:password form]

       -h, --help
              Display help and exit

       -l FILE, --logfile=FILE
              Set logfile to FILE

       -r, --resume[=FILE]
              Resume old session (using FILE) [default session.save]

       -s, --save[=FILE]
              Save session on SIGUSR1 (to FILE) [default session.save]

       -c, --max-connects=NUMBER
              Don't make more than NUMBER connections

       -u, --max-users=NUMBER
              Don't try more than NUMBER users

       -U, --user-agent=STRING
              Set user agent to STRING

       --pairs-file=FILE
              File containing username:password pairs

       --password-delay=NUMBER
              Delay for NUMBER seconds between attempts

       --password-file=FILE
              File containing common passwords

       -p, --path=STRING
              Look for pathlist STRING

       -P, --proxy=STRING
              Set proxy to STRING

       -q, --quiet
              Don't output to stdout

       --user-delay=NUMBER
              Delay for NUMBER seconds between usernames

       --username-file=FILE
              File containing list of usernames

       -v, --verbose
              be verbose (default), opposite of --quiet

       -V, --version
              Print version information and exist


RETURN VALUE

       The program returns 0 if no matches were found, and 1 if atleast one
       match is found.


FILES

       /usr[/local]/share/authforce
              Data files containing usernames and passwords


BUGS

       \r printed items leave garbage at end of line sometimes

       Invalid chars are not filtered, curl will prompt for password:

       If a password has a space, only chars up to the space will be submitted

       Assumes authentication is needed, reporting false successes (sorta)

       Downloads the page, shouldnt do this

       No way of setting debug before parse_config


AUTHOR

       Zachary P. Landau <kapheine@hypa.net>


BUG REPORTS

       Report bugs to kapheine@hypa.net

Contact
       Email: kapheine@hypa.net
       URL: http://kapheine.hypa.net/authforce
       GPG Key: http://kapheine.hypa.net/kapheine.asc

                                                                  AUTHFORCE(1)

Search: Section: