Printable View
Does BT4 have any tools to test a server for protection from a brute-force attack? I have a good wordlist to use, but before I start running it, I want to be sure I'm not wasting my time doing it if the server will simply ignore all request after a certain number.
First, a brute-force attack does not use word lists. Read this article: https://www.infosecisland.com/blogvi...y-Attacks.html
For pure brute force attacks, all you need is the math about how many passwords you may be able to check in a certain time (check server restrictions here!) and the time it would then take to find a certain password of a certain length and contents. Use this: http://lastbit.com/pswcalc.asp
thanks, but that has absolutly nothing to do with my question, regardless of what it's called. I simply called it a brute-force because i'm using wordlist with over 3,000,000 words.
My question, again, was if there is a way to check the target server for protection against brute-force attacks, such as timeouts, lockouts, etc.
hydra or if you want the gui version hydra-gtk
Yeah, know what you are attacking and watch the traffic.
What you are doing is called a dictionary attack and you should know the difference before you even do it.