                       [ authforce v0.8.0 README]
                         by Zachary P. Landau

[ description ]

	Authforce is an HTTP Authentication brute forcer. Using various methods,
	it attempts brute force username and password pairs for a site. It has 
	the ability to try common username and passwords, username derivations,
	and common username/password pairs. It is used to both test the security
	of your site and to prove the insecurity of HTTP Authentication based on
	the fact that users just don't pick good passwords.

[ installation ]

	See INSTALL.

[ how to use ]

	For basic usage, make sure the data files have the data you want, and then
	run authforce with the argument being the url of the site you want to brute
	force. At the moment, it is not possible to disable a method, but you can
	get the same effect by making it use an empty data file. For example, I
	don't usually use the concat method, because the datalist I have for it
	sucks.

	The major special item that may cause a little confusion is the session 
	support. I think it works :P. Start up authforce with the -s option (for
	session support) and let it run. When you want to stop it, kill it with
	USRSIG1 (kill -USR1 pid) which will cause the program to write its current
	position to session.save (by default) and quit. Then when you want to 
	resume the session, type authforce -r.

	The data lists are very sparse at the moment. Make your own or find one.
	Programs like John the Ripper have good lists, although you usually don't
	want yours that long. If you make a good list of your own, please 
	contribute it.

[ notes ]

	First, a note on contributing. Please do it :P It would be immensely 
	helpful to get any type of contribution. If you find a bug, don't assume
	it has already been reported, report it to me (with information about your
	system etc, please) If there are misspellings or tiny mistakes, notify me
	or submit a patch. If you would like to add something, do it (you may want
	to email me about it before hand, just in case I want to discuss it with
	you). Better documentation would be fine. Nice data files with common 
	passwords would help. (see TODO && BUGS)

	Secondly, I wrote this because I couldn't find a program that did it. I
	know I saw one a while ago, but I couldn't find it. If someone knows of
	a program like this, please tell me. If I think it's better, perhaps I'll
	abandon this and maybe help with that. 

	Please contact me. Even if it is just to say that you are using the 
	program. Feedback helps me understand how well I'm doing :P Feel free to
	send it gpg encrypted too. You know, so 'they' can't intercept it.
	
[ contact ]

	URL: http://kapheine.hypa.net/authforce
	Email: kapheine@hypa.net
	GPG Key: http://kapheine.hypa.net/kapheine.asc
