Jim Manico is the founder of Manicode Security where he trains software developers on security engineering.

By far one of the most notorious threats to account takeovers is through brute-forcing credentials. Brute forcing is when an attacker will try to guess your password. And guessing is not complicated, given there are GitHub repositories such as Seclists. SecLists is a compilation of the most used online passwords, usernames, directories available to the public for security researchers, CTF players, pentesters, and red teamers. 

Pairing a massive compilation of default credentials from Seclists with a brute-forcing automation command line tool such as Hydra, an attacker can gain unauthorized access to your account. 

The screenshot below shows how to use the command line tool Hydra to automate brute-forcing a login form:

This guide was first published on May 24, 2019. It was last updated on Mar 08, 2024.

This page (Brute-Forcing) was last updated on Mar 08, 2024.

Text editor powered by tinymce.