EncryptCodecencryptcodec
Simulations/Brute Force Attack

Brute Force Attack

Beginner

Watch a dictionary attack hammer a login endpoint in real time. Configure rate limiting and account lockout — then try to bypass them. See exactly which defenses work and which don't.

Progress:
1
Crack the Password
2
Bypass Rate Limiting
3
Defend the Endpoint
🛡 Server protection
⚡ Attacker settings
Attack speed
Idle
0
Attempts
0
Blocked
0s
Elapsed
Rate
Wordlist progress0 / 26
Request log — POST /api/login
Waiting for attack to start…

Challenges

1
Crack the Password
Run an attack with no protection and find the password in the wordlist.
hints
2
Bypass Rate Limiting
Enable 'Rate limit' protection, then bypass it using IP rotation.
hints
3
Defend the Endpoint
Configure protection that stops the attack before the password is found.
hints
How to defend against brute force
Rate limiting, lockout, MFA — layered defence

Frequently Asked Questions