In a brute-forcing attack against a service like SSH, it can be done from the command line easily by tools like Sshtrix. More targeted brute-force attacks use a list of common passwords to speed this up, called dictionary attacks, and using this technique to check for weak passwords is often the first attack a hacker will try against a system. How Brute-Force Attacks Workīrute-force attacks take advantage of automation to try many more passwords than a human could, breaking into a system through trial and error. Thanks to a Python tool for brute-forcing websites called Hatch, this process has been simplified to the point that even a beginner can try it. For something like a website login page, we must identify different elements of the page first. The tactic of brute-forcing a login, i.e., trying many passwords very quickly until the correct one is discovered, can be easy for services like SSH or Telnet.