From http://kapheine.hypa.net/authforce/: Authforce is an HTTP authentication brute forcer. Using various methods, it attempts brute force username and password pairs for a site. It has the ability to try common username and passwords, username derivations, and common username/password pairs. It is used to both test the security of your site and to prove the insecurity of HTTP authentication based on the fact that users just don't pick good passwords.
Created attachment 23821 [details] authforce-0.9.6.ebuild
Created attachment 23872 [details] authforce-0.9.6.ebuild made a stupid error with enabling the USE flags. src_compile() { [ `use curl` ] || myconf="--without-curl " - [ `use nls` ] || myconf="--disable-nls " + [ `use nls` ] || myconf="${myconf} --disable-nls " econf ${myconf} --with-path=/usr/share/${P}:. || die emake || die }
Hiya, Okay, this is now in Portage, and should appear on an rsync mirror near you in about an hour. Could you test this please, and let me know whether it works or not? Thanks, Stu
Created attachment 29916 [details] authforce-0.9.6.ebuild I didn't know I used to make ebuilds this crappy! ;-) Well, in the new ebuild I cleaned it up quite a bit. I also took curl out of the USE flags. If you use --without-curl it'll use a dummy submit() function in src/http.c. Since all the dummy function does is parse the username and password files, authforce becomes pretty useless without curl. Could you test the nls stuff too? I hardly know anything about nls right now, since i never need to use it. I'm thinking about trying it out just to learn more.
Okay, I've taken the curl stuff out. Closing old bug.