BruteForceAI is an advanced penetration testing tool that leverages Large Language Models (LLMs) to automate and enhance traditional brute-force login attacks. It is designed for security professionals and researchers performing authorized penetration testing and security research.

How It Works

The tool operates in two stages: AI-powered form analysis and intelligent attack execution. First, an LLM analyzes HTML content to automatically identify login form selectors. Second, it performs multi-threaded brute-force or password spray attacks using these AI-discovered selectors, incorporating human-like timing, User-Agent rotation, and proxy support for evasion.

Quick Start & Requirements

• Install: pip install -r requirements.txt
• Prerequisites: Python 3.8+, Playwright browsers (playwright install chromium).
• LLM Setup: Ollama (local) or Groq (cloud API key).
• Setup Time: Minimal, dependent on LLM setup.
• Docs: Features, Installation, Usage

Highlighted Details

• LLM-powered form selector identification using Ollama or Groq.
• Supports multi-threaded brute-force and password spray attack modes.
• Features human-like timing with jitter, User-Agent rotation, and proxy support.
• Includes webhook notifications for Discord, Slack, Teams, and Telegram.
• Comprehensive logging via SQLite database.

Maintenance & Community

• Developed by Mor David, an Offensive Security Specialist & AI Security Researcher.
• Community: RootSec Community on Telegram.
• Update checks are performed against mordavid.com/md_versions.yaml.

Licensing & Compatibility

• License: Non-Commercial License.
• Restrictions: Prohibits commercial use, redistribution for profit, and unauthorized attacks. Permitted for personal use, education, research, and authorized testing.

Limitations & Caveats

The tool is explicitly for "EDUCATIONAL AND AUTHORIZED TESTING ONLY" and carries a legal disclaimer regarding misuse. The "llama-3.1-8b-instant" model on Groq is noted as not recommended due to potential rate limiting issues.