BruteForceAI: The AI‑Powered Intelligent Login Brute‑Force Tool for Next‑Gen Penetration Testing

TL;DR (≤100 words):
BruteForceAI combines Large Language Model (LLM) intelligence with multi‑threaded attack engines to automatically detect login forms, simulate human‑like timing, and support both brute‑force and password‑spray modes. It features configurable delays & jitter, User‑Agent rotation, proxy support, SQLite‑backed logging, and real‑time Webhook alerts—making it a powerful, compliant, and extensible tool for authorized security assessments.

1. Introduction: Why Choose BruteForceAI?

In today’s security landscape, login forms are prime targets for attackers. BruteForceAI elevates traditional brute‑force tools by integrating LLM‑powered form analysis to automatically locate username/password fields and submission buttons. Coupled with intelligent brute forcing and password spray strategies, it delivers an all‑in‑one solution for penetration testers looking to streamline their workflows and maximize efficiency.

2. Core Features

2.1 LLM‑Powered Form Analysis

  • Automatic Selector Identification: Utilizes local (Ollama) or cloud‑based (Groq) language models to pinpoint form elements with high accuracy.
  • Adaptive Retry & Feedback: Learns from failed attempts to refine selectors and handle dynamic DOM changes.
  • Scalable Multi‑Threading: Supports 1–100+ threads for parallelized testing, dramatically speeding up assessments.

2.2 Versatile Attack Modes

  • Brute‑Force Mode: Exhaustively tests username/password combinations for maximum coverage.
  • Password Spray Mode: Applies a small set of high‑value passwords across multiple usernames to avoid lockouts and detection.

2.3 Human‑Like Evasion Techniques

  • Configurable Delay & Jitter: Mimic real user behavior with randomized wait times between attempts.
  • User‑Agent Rotation & Proxy Support: Cycle through custom User‑Agents and proxies to reduce fingerprinting and blocking.
  • Browser Visibility Control: Run headless or visible browser sessions for debugging or stealth.

2.4 Real‑Time Monitoring & Notifications

  • SQLite‑Backed Logging: Records each attempt’s outcome, metadata, and timestamps for post‑test analysis.
  • Webhook Alerts: Instantly notify via Discord, Slack, Teams, or Telegram upon first successful login.

SEO Keyword Integration Example:
Learn how BruteForceAI’s multi‑threaded attacks and LLM‑powered form analysis can revolutionize your next penetration test.

3. Installation & Quick Start

  1. Prepare Your Environment

    python --version  # Requires ≥3.8
playwright install chromium
pip install -r requirements.txt

  2. Configure Your LLM

    • Ollama (Local):

      curl -fsSL https://ollama.ai/install.sh | sh
ollama pull llama3.2:3b

    • Groq (Cloud):

      1. Obtain an API key from the Groq Console
      2. Run with --llm-provider groq --llm-api-key YOUR_KEY

  3. Run the Tool

    • Analyze Forms:

      python main.py analyze --urls targets.txt --llm-provider ollama

    • Execute Attack:

      python main.py attack \
  --urls targets.txt \
  --usernames users.txt \
  --passwords passwords.txt \
  --threads 20 \
  --delay 5 --jitter 2 \
  --discord-webhook YOUR_DISCORD_WEBHOOK

4. Advanced Configuration Options

Parameter Description Default
--mode Attack mode (bruteforce/passwordspray) bruteforce
--threads Number of concurrent threads 1
--delay / --jitter Fixed delay / random jitter (seconds) 0 / 0
--user-agents File of custom User‑Agent strings None
--proxy HTTP/SOCKS proxy URL None
--success-exit Stop on first successful login False
--verbose / --debug Enable detailed logging or debug output False

5. Compliance & Legal Disclaimer

FOR EDUCATIONAL & AUTHORIZED TESTING ONLY
BruteForceAI is intended solely for legitimate penetration testing, security research, and bug bounty engagements. Do not use against systems without explicit permission. Users assume full responsibility for legal compliance.

6. E‑E‑A‑T & Credibility

  • Author:
    Mor David — Offensive Security Specialist & AI Security Researcher with extensive experience integrating LLMs into red‑team workflows.

  • Community & Source:

    • GitHub: github.com/MorDavid/BruteForceAI
    • RootSec Security Community: t.me/root_sec

  • License:
    Non‑Commercial License (see LICENSE.md)

7. Keyword List

BruteForceAI, LLM-powered form analysis, intelligent brute forcing, password spray, multi-threaded attacks, human-like timing, Webhook notifications, SQLite logging, penetration testing tool

8. References

  1. Playwright Documentation
  2. Ollama Installation Guide
  3. Groq API Console

Supercharge your penetration tests with BruteForceAI’s AI‑driven automation, and experience faster, smarter, and more stealthy login assessments.