Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
AUTHFORCE(1)		    General Commands Manual		  AUTHFORCE(1)

NAME
       authforce - HTTP	authentication brute forcer

SYNOPSIS
       authforce [options] URL

DESCRIPTION
       Authforce  is  an HTTP Authentication brute forcer. Using various meth-
       ods, it attempts	brute force username and password pairs	for a site. It
       has  the	ability	to try common username and passwords, username deriva-
       tions, and common username/password pairs. It is	used to	both test  the
       security	 of  your site and to prove the	insecurity of HTTP Authentica-
       tion based on the fact that users just don't pick good passwords.

   OPTIONS
       -b     Beep when	a match	is found

       -d, --debug
	      Set debugging level between 0 and	5

       --dummy-file
	      File containing dummy matches. [username:password	form]

       -h, --help
	      Display help and exit

       -l FILE,	--logfile=FILE
	      Set logfile to FILE

       -r, --resume[=FILE]
	      Resume old session (using	FILE) [default session.save]

       -s, --save[=FILE]
	      Save session on SIGUSR1 (to FILE)	[default session.save]

       -c, --max-connects=NUMBER
	      Don't make more than NUMBER connections

       -u, --max-users=NUMBER
	      Don't try	more than NUMBER users

       -U, --user-agent=STRING
	      Set user agent to	STRING

       --pairs-file=FILE
	      File containing username:password	pairs

       --password-delay=NUMBER
	      Delay for	NUMBER seconds between attempts

       --password-file=FILE
	      File containing common passwords

       -p, --path=STRING
	      Look for pathlist	STRING

       -P, --proxy=STRING
	      Set proxy	to STRING

       -q, --quiet
	      Don't output to stdout

       --user-delay=NUMBER
	      Delay for	NUMBER seconds between usernames

       --username-file=FILE
	      File containing list of usernames

       -v, --verbose
	      be verbose (default), opposite of	--quiet

       -V, --version
	      Print version information	and exist

RETURN VALUE
       The program returns 0 if	no matches were	found, and 1  if  atleast  one
       match is	found.

FILES
       /usr[/local]/share/authforce
	      Data files containing usernames and passwords

BUGS
       \r printed items	leave garbage at end of	line sometimes

       Invalid chars are not filtered, curl will prompt	for password:

       If a password has a space, only chars up	to the space will be submitted

       Assumes authentication is needed, reporting false successes (sorta)

       Downloads the page, shouldnt do this

       No way of setting debug before parse_config

AUTHOR
       Zachary P. Landau <kapheine@hypa.net>

BUG REPORTS
       Report bugs to kapheine@hypa.net

Contact
       Email: kapheine@hypa.net
       URL: http://kapheine.hypa.net/authforce
       GPG Key:	http://kapheine.hypa.net/kapheine.asc

								  AUTHFORCE(1)

NAME | SYNOPSIS | DESCRIPTION | RETURN VALUE | FILES | BUGS | AUTHOR | BUG REPORTS | Contact

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=authforce&sektion=1&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help