authoscope¶
authoscope (formerly badtouch) is a scriptable network authentication cracker. While the space for common service bruteforce is already very well saturated, you may still end up writing your own python scripts when testing credentials for web applications.
The scope of authoscope is specifically cracking custom services. This is done
by writing scripts that are loaded into a lua runtime. Those scripts represent
a single service and provide a verify(user, password)
function that returns
either true or false. Concurrency, progress indication and reporting is
magically provided by the authoscope runtime.
Getting Started¶
- Installation
- Usage
- Scripting
- base64_decode
- base64_encode
- clear_err
- execve
- hex
- hmac_md5
- hmac_sha1
- hmac_sha2_256
- hmac_sha2_512
- hmac_sha3_256
- hmac_sha3_512
- html_select
- html_select_list
- http_basic_auth
- http_mksession
- http_request
- http_send
- json_decode
- json_encode
- last_err
- ldap_bind
- ldap_escape
- ldap_search_bind
- md5
- mysql_connect
- mysql_query
- rand
- randombytes
- sha1
- sha2_256
- sha2_512
- sha3_256
- sha3_512
- sleep
- sock_connect
- sock_send
- sock_recv
- sock_sendline
- sock_recvline
- sock_recvall
- sock_recvline_contains
- sock_recvline_regex
- sock_recvn
- sock_recvuntil
- sock_sendafter
- sock_newline
- Wrapping python scripts
- Configuration