AUTHFORCE(1)					     AUTHFORCE(1)


NAME
       authforce - HTTP authentication brute forcer

SYNOPSIS
       authforce [options] URL

DESCRIPTION
       Authforce  is  an  HTTP Authentication brute forcer. Using
       various methods, it  attempts  brute  force  username  and
       password	 pairs for a site. It has the ability to try com-
       mon username and passwords, username derivations, and com-
       mon  username/password  pairs. It is used to both test the
       security of your site and to prove the insecurity of  HTTP
       Authentication  based  on  the  fact that users just don't
       pick good passwords.

   OPTIONS
       -b     Beep when a match is found

       -d, --debug
	      Set debugging level between 0 and 5

       --dummy-file
	      File containing dummy  matches.  [username:password
	      form]

       -h, --help
	      Display help and exit

       -l FILE, --logfile=FILE
	      Set logfile to FILE

       -r, --resume[=FILE]
	      Resume  old  session  (using  FILE)  [default  ses-
	      sion.save]

       -s, --save[=FILE]
	      Save session on SIGUSR1  (to  FILE)  [default  ses-
	      sion.save]

       -c, --max-connects=NUMBER
	      Don't make more than NUMBER connections

       -u, --max-users=NUMBER
	      Don't try more than NUMBER users

       -U, --user-agent=STRING
	      Set user agent to STRING

       --pairs-file=FILE
	      File containing username:password pairs

       --password-delay=NUMBER
	      Delay for NUMBER seconds between attempts

       --password-file=FILE
	      File containing common passwords

       -p, --path=STRING
	      Look for pathlist STRING

       -P, --proxy=STRING
	      Set proxy to STRING

       -q, --quiet
	      Don't output to stdout

       --user-delay=NUMBER
	      Delay for NUMBER seconds between usernames

       --username-file=FILE
	      File containing list of usernames

       -v, --verbose
	      be verbose (default), opposite of --quiet

       -V, --version
	      Print version information and exist

RETURN VALUE
       The  program  returns 0 if no matches were found, and 1 if
       atleast one match is found.

FILES
       /usr[/local]/share/authforce
	      Data files containing usernames and passwords

BUGS
       \r printed items leave garbage at end of line sometimes

       Invalid chars are not filtered, curl will prompt for pass-
       word:

       If a password has a space, only chars up to the space will
       be submitted

       Assumes authentication is  needed,  reporting  false  suc-
       cesses (sorta)

       Downloads the page, shouldnt do this

       No way of setting debug before parse_config

AUTHOR
       Zachary P. Landau <kapheine@hypa.net>

BUG REPORTS
       Report bugs to kapheine@hypa.net

Contact
       Email: kapheine@hypa.net
       URL: http://kapheine.hypa.net/authforce
       GPG Key: http://kapheine.hypa.net/kapheine.asc


