BruteforceLab2
BruteforceLab2 is a self-contained, hands-on web security lab that demonstrates credential brute-force attacks and basic defenses. It includes a Flask login app, a CLI attacker simulator, optional in-memory rate limiting and lockout, automated tests and CI, and configuration knobs (rate window/max, enforce regex). Run locally to observe attacks, to
Install / Use
/learn @SagarBiswas-MultiHAT/BruteforceLab2README
BruteforceLab2
<div align="right">
An educational, self-contained lab that demonstrates how weak authentication falls to brute-force attacks and how basic defenses change the outcome. The project is intentionally small so you can run it quickly, read the code end-to-end, and understand each failure mode without extra setup.
Use this only in your own isolated environment. Never target systems you do not own or lack explicit permission to test.
<br> <details> <br> <summary><b>Click here to view photos and terminal outputs</b></summary>
Attack_(OpenWithOtherVSCodeWindow)\Attack.
(.venv) PS H:\updatedReposV2\web-login-brute-force-simulation> python ".\Attack_(OpenWithOtherVSCodeWindow)\Attack.py"
[1] ==> Failed: username=admin password=123456
[2] ==> Failed: username=admin password=password
[3] ==> Failed: username=admin password=admin123
[4] ==> Failed: username=admin password=welcome
[5] ==> Failed: username=admin password=admin_123
[6] ==> Failed: username=admin password=letmein
[7] ==> Failed: username=admin password=admin
[8] ==> Failed: username=admin password=password1
[9] ==> Failed: username=user password=123456
[10] ==> Failed: username=user password=password
[11] ==> Failed: username=user password=admin123
[12] ==> Failed: username=user password=welcome
[13] ==> Failed: username=user password=admin_123
[14] ==> Failed: username=user password=letmein
[15] ==> Failed: username=user password=admin
[16] ==> Failed: username=user password=password1
[17] ==> Failed: username=guest password=123456
[18] ==> Failed: username=guest password=password
[19] ==> Failed: username=guest password=admin123
[20] ==> Failed: username=guest password=welcome
[21] ==> Failed: username=guest password=admin_123
[22] ==> Failed: username=guest password=letmein
[23] ==> Failed: username=guest password=admin
[24] ==> Failed: username=guest password=password1
[25] ==> Failed: username=root password=123456
[26] ==> Failed: username=root password=password
[27] ==> Failed: username=root password=admin123
[28] ==> Failed: username=root password=welcome
[29] ==> Failed: username=root password=admin_123
[30] ==> Failed: username=root password=letmein
[31] ==> Failed: username=root password=admin
[32] ==> Failed: username=root password=password1
[33] ==> Failed: username=test password=123456
[34] ==> Failed: username=test password=password
[35] ==> Failed: username=test password=admin123
[36] ==> Failed: username=test password=welcome
[37] ==> Failed: username=test password=admin_123
[38] ==> Failed: username=test password=letmein
[39] ==> Failed: username=test password=admin
[40] ==> Failed: username=test password=password1
[41] ==> Failed: username=administrator_ password=123456
[42] ==> Failed: username=administrator_ password=password
[43] ==> Failed: username=administrator_ password=admin123
[44] ==> Failed: username=administrator_ password=welcome
..:: [45] Success: username=administrator_ password=admin_123
(.venv) PS H:\updatedReposV2\web-login-brute-force-simulation>
LoginPage\Login_Page.py"
(.venv) PS H:\updatedReposV2\web-login-brute-force-simulation> python ".\LoginPage\Login_Page.py"
* Serving Flask app 'Login_Page'
* Debug mode: off
WARNING: This is a development server. Do not use it in a production deployment. Use a production WSGI server instead.
* Running on http://localhost:8080
Press CTRL+C to quit
127.0.0.1 - - [11/Feb/2026 20:27:13] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:27:15] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:27:17] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:27:19] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:27:22] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:27:24] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:27:26] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:27:28] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:27:30] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:27:53] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:27:55] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:27:57] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:27:59] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:01] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:03] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:05] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:07] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:09] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:11] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:13] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:15] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:17] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:19] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:22] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:24] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:26] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:28] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:30] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:32] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:34] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:36] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:38] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:40] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:42] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:44] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:46] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:48] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:50] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:52] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:55] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:57] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:59] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:29:01] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:29:03] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:29:05] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:29:07] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:27:22] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:27:24] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:27:26] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:27:28] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:27:30] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:27:53] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:27:55] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:27:57] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:27:59] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:01] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:03] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:05] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:07] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:09] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:11] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:13] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:15] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:17] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:19] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:22] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:24] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:26] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:28] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:30] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:32] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:34] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:36] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:38] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:40] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:42] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:44] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:46] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:48] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:50] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:52] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:55] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:57] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:59] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:29:01] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:29:03] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:29:05] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:29:07] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:30] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:32] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:34] "POST /login HTTP/1.1" 401 -
127.0.0.1 - - [11/Feb/2026 20:28:36] "POST /lo
