.TH AUTHFORCE 1
.SH NAME
authforce \- HTTP authentication brute forcer
.SH SYNOPSIS
.BI "authforce [" options "] URL
.SH DESCRIPTION
Authforce is an HTTP Authentication brute forcer. Using various methods,
it attempts brute force username and password pairs for a site. It has
the ability to try common username and passwords, username derivations,
and common username/password pairs. It is used to both test the security
of your site and to prove the insecurity of HTTP Authentication based on
the fact that users just don't pick good passwords.
.SS OPTIONS
.TP
.I \-b
Beep when a match is found
.TP
.I "-d, --debug"
Set debugging level between 0 and 5
.TP
.I "--dummy-file"
File containing dummy matches. [username:password form]
.TP
.I "-h, --help"
Display help and exit
.TP
.I "-l FILE, --logfile=FILE"
Set logfile to \fIFILE\fP
.TP
.I "-r, --resume[=FILE]"
Resume old session (using \fIFILE\fP) [default session.save]
.TP
.I "-s, --save[=FILE]
Save session on SIGUSR1 (to \fIFILE\fP) [default session.save]
.TP
.I "-c, --max-connects=NUMBER"
Don't make more than \fINUMBER\fP connections
.TP
.I "-u, --max-users=NUMBER"
Don't try more than \fINUMBER\fP users
.TP
.I "-U, --user-agent=STRING"
Set user agent to STRING
.TP
.I "--pairs-file=FILE"
File containing username:password pairs
.TP
.I "--password-delay=NUMBER"
Delay for \fINUMBER\fP seconds between attempts
.TP
.I "--password-file=FILE"
File containing common passwords
.TP
.I "-p, --path=STRING"
Look for pathlist \fISTRING\fP
.TP
.I "-P, --proxy=STRING"
Set proxy to \fISTRING\fP
.TP
.I "-q, --quiet"
Don't output to stdout
.TP
.I "--user-delay=NUMBER"
Delay for \fINUMBER\fP seconds between usernames
.TP
.I "--username-file=FILE"
File containing list of usernames
.TP
.I "-v, --verbose"
be verbose (default), opposite of --quiet
.TP
.I "-V, --version"
Print version information and exist
.SH RETURN VALUE
The program returns 0 if no matches were found, and 1 if atleast one match
is found.
.SH FILES
.IP /usr[/local]/share/authforce
Data files containing usernames and passwords
.SH BUGS
.PP
\\r printed items leave garbage at end of line sometimes
.PP
Invalid chars are not filtered, curl will prompt for password:
.PP
If a password has a space, only chars up to the space will be submitted
.PP
Assumes authentication is needed, reporting false successes (sorta)
.PP
Downloads the page, shouldnt do this
.PP
No way of setting debug before parse_config
.SH AUTHOR
Zachary P. Landau <kapheine@hypa.net>
.SH BUG REPORTS
Report bugs to kapheine@hypa.net
.SH Contact
.PD 0
.TP
Email: kapheine@hypa.net
.TP
URL: http://kapheine.hypa.net/authforce
.TP
GPG Key: http://kapheine.hypa.net/kapheine.asc
.FI