Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   44335 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

AUTHFORCE(1)							  AUTHFORCE(1)

NAME
       authforce - HTTP authentication brute forcer

SYNOPSIS
       authforce [options] URL

DESCRIPTION
       Authforce  is  an HTTP Authentication brute forcer. Using various meth‐
       ods, it attempts brute force username and password pairs for a site. It
       has  the ability to try common username and passwords, username deriva‐
       tions, and common username/password pairs. It is used to both test  the
       security	 of  your site and to prove the insecurity of HTTP Authentica‐
       tion based on the fact that users just don't pick good passwords.

   OPTIONS
       -b     Beep when a match is found

       -d, --debug
	      Set debugging level between 0 and 5

       --dummy-file
	      File containing dummy matches. [username:password form]

       -h, --help
	      Display help and exit

       -l FILE, --logfile=FILE
	      Set logfile to FILE

       -r, --resume[=FILE]
	      Resume old session (using FILE) [default session.save]

       -s, --save[=FILE]
	      Save session on SIGUSR1 (to FILE) [default session.save]

       -c, --max-connects=NUMBER
	      Don't make more than NUMBER connections

       -u, --max-users=NUMBER
	      Don't try more than NUMBER users

       -U, --user-agent=STRING
	      Set user agent to STRING

       --pairs-file=FILE
	      File containing username:password pairs

       --password-delay=NUMBER
	      Delay for NUMBER seconds between attempts

       --password-file=FILE
	      File containing common passwords

       -p, --path=STRING
	      Look for pathlist STRING

       -P, --proxy=STRING
	      Set proxy to STRING

       -q, --quiet
	      Don't output to stdout

       --user-delay=NUMBER
	      Delay for NUMBER seconds between usernames

       --username-file=FILE
	      File containing list of usernames

       -v, --verbose
	      be verbose (default), opposite of --quiet

       -V, --version
	      Print version information and exist

RETURN VALUE
       The program returns 0 if no matches were found, and 1  if  atleast  one
       match is found.

FILES
       /usr[/local]/share/authforce
	      Data files containing usernames and passwords

BUGS
       \r printed items leave garbage at end of line sometimes

       Invalid chars are not filtered, curl will prompt for password:

       If a password has a space, only chars up to the space will be submitted

       Assumes authentication is needed, reporting false successes (sorta)

       Downloads the page, shouldnt do this

       No way of setting debug before parse_config

AUTHOR
       Zachary P. Landau <kapheine@hypa.net>

BUG REPORTS
       Report bugs to kapheine@hypa.net

Contact
       Email: kapheine@hypa.net
       URL: http://kapheine.hypa.net/authforce
       GPG Key: http://kapheine.hypa.net/kapheine.asc

								  AUTHFORCE(1)

Vote for polarhome