Configure Password Brute Forcing

A password brute force attack is an attempt to gain unauthorized access to a system or network using a password-cracking technique. Common targets of brute force attacks are hosts running FTP, SSH and Windows.

Are my hosts vulnerable?

You can find out if hosts on your network are vulnerable to brute force attacks by performing password brute force tests at scan time. Just enable password brute forcing in an option profile and then apply that profile to a scan.

What are my options for password lists?

- Use system-generated password lists. We attempt to guess the password corresponding to each detected user login name on the host.

- Create and use custom password brute force lists.

- Use both system-generated and custom password brute force lists (system lists are tested first).

Tell me about brute force password tests

There are 5 levels of password testing available: None, Minimal, Limited, Standard, Exhaustive.

Tell me about the testing levels

For Windows hosts, Standard is the same as Limited

Is the scan against a Domain Controller?

Still have questions?

Actual number of attempts at each level

How to create a custom list

How to verify brute force test