authforce 0.9.9 Description:
Authforce is an HTTP authentication brute forcer. Using various methods, it attempts brute force username and password pairs for a site. It has the ability to try common username and passwords, username derivations, and common username/password pairs. It is used to both test the security of your site and to prove the insecurity of HTTP authentication based on the fact that users just don't pick good passwords. For basic usage, make sure the data files have the data you want, and then run authforce with the argument being the url of the site you want to brute force. At the moment, it is not possible to disable a method, but you can get the same effect by making it use an empty data file. For example, I don't usually use the concat method, because the datalist I have for it sucks. The major special item that may cause a little confusion is the session support. I think it works :P. Start up authforce with the -s option (for session support) and let it run. When you want to stop it, kill it with USRINT (^C or kill -INT pid) which will cause the program to write its current position to session.save (by default) and quit.