Fast HTTP Auth Scanner

Fast HTTP Auth Scanner is a new Security Tool developed by Andres Tarasco to allow pentesters to bruteforce web based authentication schemes on large networks.

The bruteforce engine is dictionary based, with default users and passwords for most routers and the current release, available for both Windows and *NIX platforms, have been designed to allow both basic and webform based authentication against HTTP and HTTPS.

More routers can be supported just adding signatures like this one (example for webform Auth)

#default account admin:motorola
Model=Motorola CableModem SBG900
status=400
server=GoAhead-Webs
Matchstring=<h2>Access Error: Page not found</h2>
authurl=/frames.asp
authmethod=POST
authform=userId=!!!RAWUSER!!!&password=!!!RAWPASS!!!&btnLogin=Log+In
requireloginandpass=1
validauthstring=(c) 2002 Motorola, Inc. All Rights Reserved.
invalidauthstring=This document has moved to a new [http://!!!RAWIPAD!!!/redirect.asp location].
invalidauthstringalt=

Current version 0.6 is available Here for download
English Readme: README-EN
Spanish link: www.514.es

See Also

CBL Index

The CBL Index is a ratio between the number of IP addresses in a given IP subnet (Subnetwork) to...

Shibboleth (computer security)

Within the field of computer security, the word shibboleth is sometimes used with a different...

AR380-19

US AR 380-19 is Information Systems Security US Army Regulation. Major sections: Computer Security....

Secure by default

Secure by default, in software, means that the default configuration settings are the most secure...

System Security Authorization Agreement

A System Security Authorization Agreement (SSAA), is an information security document used in the...