Brutus : An Old Brute Force Remote Attacker

    This tool will hack for you any login page by trying all password possibilities remotely. Brutus is one of the fastest, most flexible remote password crackers you can get your hands on.  It has few options to customize and when press 'Start' and you've done. It goes automatic with the pass list. Use Pass List Generator to generate password lists so easily.

In simple terms, Brutus is an online or remote password cracker. More specifically it is a remote interactive authentication agent. Brutus is used to recover valid access tokens (usually a username and password) for a given target system. Examples of a supported target system might be an FTP server, a password protected web page, a router console a POP3 server etc. It is used primarily in two contexts :

  • To obtain the valid access tokens for a particular user on a particular target.
  • To obtain any valid access tokens on a particular target where only target penetration is required

What is a target?
Well that depends on you. As far as Brutus is concerned a target is a remote system and possibly a remote user on a remote system, there is more. To engage any given target we require an attack method, generally we only perform one type of remote attack - that is we attempt to positively authenticate to the target by using a number of access token combinations. A target may provide no available attack methods, it may provide one or it may provide several.

What is an attack method?
In the context of Brutus, it is a service provided by the target that allows a remote client to authenticate against the target using client supplied credentials. For instance a UNIX server sat on a network somewhere may be offering Telnet and FTP services to remote users. Both telnet and FTP require the remote user to authenticate themselves before access is granted. For both these services the required credentials are usually a username and a password, therefore we have two available attack methods : FTP or Telnet. Some target systems will provide no opportunity for attack (at least not a remote authentication attack), perhaps they offer no remote services, perhaps they only offer anonymous remote services (that require no authentication) or perhaps they offer authenticated remote services but use mechanisms to prevent authentication attacks such as account lockout or one time passwords of some sort.

Which attack method is best?
Again, that depends on some factors which may include :
Is the target service available for any remote system? (Yes is good)
Does the target service require a single token (e.g. Just a password) or multiple tokens (e.g. Username & password & domain?) (Single tends to be easier)
Does the target service feature account lockouts or large delays before returning the result of the authentication attempt? (Yes is bad)
Does the target service allow us to maintain a persistent connection? (Yes is good)
Is the service supported by Brutus, if not can it be defined? (Yes is essential)
Will a positive authentication against the service actually be useful for the overall objective? (Yes helps)
Basically, the fastest most reliable attack method is always the one to choose if you have a choice. Generally trouble free methods include HTTP (Basic Auth) which is pretty fast, does not include lockouts or authentication delays - however the results may not be much use as often HTTP (Basic Auth) account information is separate from system account databases. The fastest remote service I have found to date is NetBus! Not only is it incredibly quick to authenticate against but a successful password acquisition will yield extreme target penetration. 

I still don't get it, what does it do?
Find some service where you need to enter your username and password to gain access, type in a username and password and see what happens, then do it again, and again, and again, and again until you gain access and are positively authenticated or until you get bored. Pretty straightforward really.

Download with Overview [260KB]
Password :

Don't forget to check out Pass List Generator to create password lists for brute force attack


  1. Nice share.. It works. Thank you

  2. Multiplayer versions is more exciting as in this,
    you'll be able to team up or even contend with other participants to defeat the enemies. Don't leave the landscape designing and terrain optimization to the last
    moment. It can go as far as ruining their experience since it is the last
    interaction they have with a game.

    my site ... kostenlos spielen

  3. She loves to share hers positive and negative experiences, and staying
    at , booked through chilloutbali. Manual; this is the instructions;
    same again is it in good condition. Powerful hollow waves form here and can hold a sizeable swell.

    Here is my weblog :: chillout Radio