Many webapps don't perform authentication in constant-time operations which can result in a timing difference for authentication between valid and invalid user accounts. This can be used to enumerate valid and invalid usernames. This script tests the authentication pages for such issues.