Overview
BruteForceAI is an advanced penetration testing tool that revolutionizes traditional brute-force attacks by integrating Large Language Models (LLM) for intelligent form analysis. The tool automatically identifies login form selectors using AI, then executes sophisticated multi-threaded attacks with human-like behavior patterns.
LLM-Powered Form Analysis
- Stage 1 (AI Analysis): LLM analyzes HTML content to identify login form elements and selectors
- Stage 2 (Smart Attack): Executes intelligent brute-force attacks using AI-discovered selectors
Advanced Attack Features
- Multi-threaded execution with synchronized delays
- Bruteforce & Password Spray attack modes
- Human-like timing with jitter and randomization
- User-Agent rotation for better evasion
- Webhook notifications (Discord, Slack, Teams, Telegram)
- Comprehensive logging with SQLite database
Installation
Prerequisites
python --version
playwright install chromium
pip install -r requirements.txt
Required packages:
- playwright - Browser automation
- requests - HTTP requests
- PyYAML - YAML parsing for update checks
LLM Setup
curl -fsSL https://ollama.ai/install.sh | sh
ollama pull llama3.2:3b
Usage
Basic Commands
Stage 1: Analyze Login Forms
python BruteForceAI.py analyze --urls urls.txt --llm-provider ollama
Stage 2: Execute Attack
python BruteForceAI.py attack --urls urls.txt --usernames users.txt --passwords passwords.txt --threads 10
Command Structure
python BruteForceAI.py
Available Commands
- analyze - Analyze login forms with LLM
- attack - Execute brute-force attacks
- clean-db - Clean database tables
- check-updates - Check for software updates