"Fossies" - the Fresh Open Source Software Archive

Member "authforce-0.9.9/README" (13 May 2007, 3614 Bytes) of package /linux/www/old/authforce-0.9.9.tar.gz:

As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1                       [ authforce v0.9.9 README]
    2                          by Zachary P. Landau
    4 [ description ]
    6 	Authforce is an HTTP authentication brute forcer. Using various methods,
    7 	it attempts brute force username and password pairs for a site. It has 
    8 	the ability to try common username and passwords, username derivations,
    9 	and common username/password pairs. It is used to both test the security
   10 	of your site and to prove the insecurity of HTTP authentication based on
   11 	the fact that users just don't pick good passwords.
   13 [ installation ]
   15 	See INSTALL.
   17 [ how to use ]
   19 	For basic usage, make sure the data files have the data you want, and then
   20 	run authforce with the argument being the url of the site you want to brute
   21 	force. At the moment, it is not possible to disable a method, but you can
   22 	get the same effect by making it use an empty data file. For example, I
   23 	don't usually use the concat method, because the datalist I have for it
   24 	sucks.
   26 	The major special item that may cause a little confusion is the session 
   27 	support. I think it works :P. Start up authforce with the -s option (for
   28 	session support) and let it run. When you want to stop it, kill it with
   29 	USRINT (^C or kill -INT pid) which will cause the program to write its 
   30 	current position to session.save (by default) and quit. Then when you want
   31 	to resume the session, type authforce -r.
   33 	The data lists are very sparse at the moment. Make your own or find one.
   34 	Programs like John the Ripper have good lists, although you usually don't
   35 	want yours that long. If you make a good list of your own, please 
   36 	contribute it.
   38 	The password.lst file has a new syntax now. Along with regular passwords
   39 	are the keywords {username} and {emanresu} which insert the username and
   40 	the username reversed, respectively. Things like {username}123 and
   41 	{username}{emanresu} are valid (and encouraged!). If you have any ideas
   42 	for other keywords, please let me know.
   44 [ notes ]
   46 	First, a note on contributing. Please do it :P It would be immensely 
   47 	helpful to get any type of contribution. If you find a bug, don't assume
   48 	it has already been reported, report it to me (with information about your
   49 	system etc, please) If there are misspellings or tiny mistakes, notify me
   50 	or submit a patch. If you would like to add something, do it (you may want
   51 	to email me about it before hand, just in case I want to discuss it with
   52 	you). Better documentation would be fine. Nice data files with common 
   53 	passwords would help. (see TODO && BUGS)
   55 	Secondly, I wrote this because I couldn't find a program that did it. I
   56 	know I saw one a while ago, but I couldn't find it. If someone knows of
   57 	a program like this, please tell me. If I think it's better, perhaps I'll
   58 	abandon this and maybe help with that. 
   60 	If you compile with the development CFLAGS, and you wish to leave in 
   61 	-DMEMWATCH, you'll need to get memwatch from:
   62 	http://www.link-data.com/memwatch-2.64.tar.gz
   63 	Put memwatch.c and memwatch.h in the authforce directory and compile. It
   64 	is really a great program and I recommend you use it for your own projects.
   66 	Please contact me. Even if it is just to say that you are using the 
   67 	program. Feedback helps me understand how well I'm doing :P Feel free to
   68 	send it gpg encrypted too. You know, so 'they' can't intercept it.
   70 	P.S. Memory leaks are spawned by the devil. Elimate them for me and I
   71 	will be very happy. To find the ones I know about, grep for MEMWATCH.
   72 	End Transmission.
   74 [ contact ]
   76 	URL: http://divineinvasion.net/authforce
   77 	Email: kapheine@divineinvasion.net
   78 	GPG Key: http://divineinvasion.net/kapheine.asc