BruteForceAI is a penetration testing tool that uses LLMs to improve the way brute-force attacks are carried out. Instead of relying on manual setup, the tool can analyze HTML content, detect login form selectors, and prepare the attack process automatically. It is built to mimic realistic human behavior while running multi-threaded attacks, which makes testing more effective and accurate.
How BruteForceAI works
The process starts with the AI analyzing the page to identify login fields. Once the selectors are mapped, the tool launches a targeted attack using that information. It supports both brute-force and password spray modes, while adding small delays, random timing, and varied user-agent strings to avoid detection.
BruteForceAI also includes features for managing results and alerts. Testers can receive webhook notifications through services like Discord, Slack, Teams, or Telegram. All activity is logged and stored in an SQLite database, giving security teams a full record of their tests.
Download
This tool is designed for responsible and ethical use, including authorized penetration testing, security research and education, testing your own applications, and participating in bug bounty programs within the proper scope.
BruteForceAI is available for free on GitHub.
Must read:
Subscribe to the Help Net Security ad-free monthly newsletter to stay informed on the essential open-source cybersecurity tools. Subscribe here!
