06 September 2006 | 1,114,432 views

Brutus Password Cracker – Download brutus-aet2.zip AET2

Check For Vulnerabilities with Acunetix

If you don’t know, Brutus is one of the fastest, most flexible remote password crackers you can get your hands on – it’s also free. It is available for Windows 9x, NT and 2000, there is no UN*X version available although it is a possibility at some point in the future. Brutus was first made publicly available in October 1998 and since that time there have been at least 70,000 downloads and over 175,000 visitors to this page. Development continues so new releases will be available in the near future.

Download brutus-aet2.zip

Brutus was written originally to help me check routers etc. for default and common passwords.


Brutus version AET2 is the current release and includes the following authentication types :

  • HTTP (Basic Authentication)
  • HTTP (HTML Form/CGI)
  • POP3
  • FTP
  • SMB
  • Telnet

Other types such as IMAP, NNTP, NetBus etc are freely downloadable from this site and simply imported into your copy of Brutus. You can create your own types or use other peoples.

The current release includes the following functionality :

  • Multi-stage authentication engine
  • 60 simultaneous target connections
  • No username, single username and multiple username modes
  • Password list, combo (user/password) list and configurable brute force modes
  • Highly customisable authentication sequences
  • Load and resume position
  • Import and Export custom authentication types as BAD files seamlessly
  • SOCKS proxy support for all authentication types
  • User and password list generation and manipulation functionality
  • HTML Form interpretation for HTML Form/CGI authentication types
  • Error handling and recovery capability inc. resume after crash/failure.

You can download brutus-aet2.zip here (the password is darknet123):

Brutus AET2


Recent in Hacking Tools:
- XSSYA v2.0 Released – XSS Vulnerability Confirmation Tool
- wig – CMS Identification & Information Gathering Tool
- Appie – Portable Android Security Testing Suite

Related Posts:
- lm2ntcrack – Microsoft Windows NT Hash Cracker (MD4 -LM)
- Retarded E-mails – Satilight Hacking, Website Cloning, Detailo & More!
- LCP – A Good FREE Alternative to L0phtcrack (LC5)

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,896,886 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,114,432 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 637,350 views

Low-cost VPS Hosting

63 Responses to “Brutus Password Cracker – Download brutus-aet2.zip AET2”

  1. ZDF 7 September 2006 at 6:37 pm Permalink


  2. Emma 8 September 2006 at 12:22 am Permalink

    bebo has been blocked at out school. wats a website that we can get onto it at school?

  3. alex 8 September 2006 at 9:20 pm Permalink

    So why did you have to remove the file due to Homeland Security?

  4. Darknet 10 September 2006 at 6:07 am Permalink

    alex: Because my host pulled the plug on the server until all the files were deleted because they got notifaction that it was malware and contrivined the homeland security act or something like that.

  5. nsidiuz 11 September 2006 at 4:25 am Permalink

    Brutus is a really old tool that hasn’t been updated since 2000. It has always been buggy and slow. The best remote password cracker has to be Hydra, there’s even Windows port.

  6. Darknet 11 September 2006 at 6:21 am Permalink

    There are other alternative too don’t forget..

    Jack the Ripper is still king
    Medusa is good
    Ophcrack for Rainbow Tables
    LCP for a good free alternative to L0phtcrack

  7. nsidiuz 12 September 2006 at 10:05 am Permalink

    Agreed all great tools but your not comparing apples with apples, only Medusa is a *remote* password cracker. Also check out LMCrack for fast offline Windows password cracking.

    Great site, keep up the good work!

  8. Darknet 12 September 2006 at 11:49 am Permalink

    Yah I would agree, thc-hydra probably is the best when it comes to remote, Medusa is looking good though. Will check out LMCrack, will write about it if it’s cool :)

  9. salaikapte 15 September 2006 at 3:45 am Permalink

    I am from myanmar and I used Dial-up connection to Bagan (ISP)

    And I connect from Chin Land (Falam)

    My connection was 30 Kps.

    And Pls advice me… I want to learn more and more about Computer.

  10. Aditya 16 September 2006 at 7:57 pm Permalink

    i downloaded brutus-aet2.zip from hobbie.net, but the zip dosen’t contains any exe or something. It contains some .doc files and .bad file.
    How Iam I supposed to make it work ?… I mean from where can I get the UI part as it is not included in download package..

    Any help on this will be greatly appreciated…


  11. Darknet 20 September 2006 at 12:00 pm Permalink

    I just downloaded the file again as a test and the EXE is there named BrutusA2.exe within the brutus-aet2.zip from hobbie.net. Maybe your net connection is scanned and it was removed as malware?

  12. zuma 6 October 2006 at 12:30 am Permalink

    hello there…where can i get from an very efficient password stealer? please help

  13. Brain devil 19 October 2006 at 10:09 pm Permalink

    Does anyone know how to hack hotmail accounts ?

  14. Fancy 22 October 2006 at 12:35 pm Permalink

    I’m looking for a TOP hacker, to hack a few yahoo screen names. $$ “rewarded” if names are recovered.

    E-mail: x_beautiful_illusion_x@yahoo.com
    screen name is also the same, or oh_so_fancy

  15. Bigman 24 October 2006 at 2:19 am Permalink

    Does anyone have any info on being able to steal facebook passwords?

  16. Lina Z 22 December 2006 at 10:58 pm Permalink

    Please help me. Can you refer me to someone who can obtain my cheating husbands email password? I need help badly.


  17. reno volpe 23 December 2006 at 6:14 pm Permalink

    I get Brutus

  18. eric 1 January 2007 at 12:03 am Permalink

    i downloaded some prog from your site but whene i extract the files it always askes me for a password can i know what the password is or how to avoid this. (i am subscribed)

  19. Darknet 1 January 2007 at 7:40 am Permalink

    The password would be darknet123

  20. eric 2 January 2007 at 12:29 am Permalink

    thanks man and because i am a newb at hacking how could i penetrate into my friends e-mail? (just a practical joke) nothing evil

  21. adam 3 January 2007 at 4:28 pm Permalink

    what is this for???

  22. eric 7 January 2007 at 1:12 am Permalink

    to spam all of his friends

  23. yso 16 January 2007 at 3:25 pm Permalink


  24. sadwife 24 January 2007 at 6:55 pm Permalink

    Need help cracking facebook password. Will pay for help.

  25. eric 24 January 2007 at 10:46 pm Permalink

    hehehe hom much? i just want to learn how to not have somebody do it 4 me? is there any way u can tell me for free? pleaz :)

  26. mercurysolace 25 January 2007 at 12:54 pm Permalink

    can brutus be used for hacking email – yahoo & hotmail? or even friendster?

  27. cantor 26 January 2007 at 7:17 pm Permalink

    brutus is far from the fastest and most flexible remote password crackers….imo.

  28. another sadwife 27 January 2007 at 12:29 am Permalink

    also need help with cracking password for email from cheating husband. :-( please contact me.

  29. matthew 2 February 2007 at 3:11 am Permalink

    I tried to download Brutus from hobbie.net (the master image)and Avast found a Trojan in the .zip file:


    So much for wanting to try a software that suppose to crack passwords… “Hack to learn” is the motto, eh?

    Nice “touch” inserting a trojan into the zip file just to fuck up with people’s computers, eh ….darknet?
    Good thing Avast rocks and douche bags like you are stopped every now and then.

    Oh, by the way….. specify in the stupid box with “please add 5 and 8″ or whatever numbers that what the system requires is not to just write those numbers in the box, but requires a mathematical operation… Who said that all the hackers are smart?

  30. samantha 24 February 2007 at 1:58 pm Permalink

    hi i need help getting a facebook password. can anyone help??? i am willing to pay!

  31. An annoyed male 7 March 2007 at 2:26 am Permalink

    Hi all, I need some help… I need to hack into my ex-girlfriends e-mail account but have no idea how to go about it as i am a complete newbie at this hacking… She is using a freeserve/orange account if that helps and i am willing to pay a reward if anyone has any luck… Cheers

  32. darren 8 March 2007 at 10:37 am Permalink

    can u please tell me how too crack my bebo password.. i have forgotton it and REALLY dont want to set up a new one. thanks!

  33. giokun 10 March 2007 at 1:46 pm Permalink

    ok i already have the brutus thing. but can anyone pls tell me how to use it to steal a password from a yahoo mail account? i have the username, i want to know the password… pls help… (good intentions)

  34. solusvir 11 March 2007 at 8:12 pm Permalink

    yea ok… i’ve got the Brutus, but how do i use it crack yahoo/hotmail passwords? can u plz help?

  35. Bastard 14 March 2007 at 4:04 am Permalink

    For idiots who can’t figure out to use brutus visit this site:
    Being a programmer myself, getting software for free even with a trojan is worth it. I used to add keyloggers into my programs to see what people did with them and I could know every word they typed on their computers, you wouldnt believe how dumb ppl are.
    Hacking yahoo and other emails accounts are fairly hard but if you know what to do might as well give it a shot.

  36. wulfi 15 March 2007 at 3:16 pm Permalink

    my keylogger doesn’t work with a penson im trying to get a password. i’ve got the Brutus too, but how do i use it crack yahoo/hotmail/gmail passwords too? can u plz help?

  37. john 19 March 2007 at 7:10 am Permalink

    trying to get girlfriends facebook password….willing to pay for quick replys!!!

  38. brian 3 April 2007 at 9:57 pm Permalink

    how do i hack bebo accounts? (some freak is bulling my little sister)

  39. lee 3 April 2007 at 10:55 pm Permalink

    can any one tell me how to install hydra coz i cant do it

  40. ceecee 17 April 2007 at 11:47 am Permalink

    situatuion: someone some how hacked into my bebo and changed my password.. so i tried to reset the password. buut, i cudnt get into my hotmail account, as they changed this password aswel. soo i tried to rest my hotmail password.. but they changed my secret question and i have no idea wat the answer is… any ideas of what to do?

  41. Urboshy 6 May 2007 at 10:45 am Permalink

    Just out of curiocity.. what is Hacking means
    IS It just going on other ppl computer? Or just reading some one’s else email and conversation?

  42. onlyforfun 25 June 2007 at 12:32 pm Permalink

    hello,this is a good site for learing crack, thank you all.

    I am looking for some tools for cracking encrypted proxy(proxy need username and password), I need it very much.

    would you please tell me?

    thanks in advance

  43. Des 5 August 2007 at 12:41 pm Permalink

    Please can someone tell me why Brutus will tell me there is ‘positive authentication’ with a certain user name but it will not tell me the password. I’ve tried it in ‘brute force’ mode but it does exactly the same. Thanks in advance.
    Also, Bastard, I tried your link for the tutorials but it doesn’t seem to work.
    Thanks again.

  44. Des 5 August 2007 at 6:17 pm Permalink

    Now it keeps giving me a one letter password (different each time), or telling me the password is academia (sometimes academic).
    None of them are right. I don’t understand.
    Am I doing something wrong?
    Please get back to me.

  45. ADdsa 18 August 2007 at 2:39 pm Permalink

    Brutus on Rapidshare

  46. fever 8 April 2008 at 6:46 pm Permalink

    wow didn’t know you could hire a hacker on this site. anyways brute crackers are great if you can’t get the pass any other way. there is always a chance of being detected though. that is if someone is paying attention or setup a tries limit. otherwise it requires password files or hashes or something of the nature to use some of the other progs mentioned.

  47. Marie 2 May 2008 at 1:32 am Permalink

    Can anyone tell me what program would be best to retrieve a password to a blog/message board? Thank you so much.

  48. Bogwitch 2 May 2008 at 8:54 am Permalink

    You will notice that your previos message was deleted by the moderators as you were asking for advice as to how to perform an illegal act.

    I sympathise with your situation but breaking the law will not help you. As you have little knowledge of Information Security, etc, you would get caught and I’m sure you and your daughter would not benefit from that.

    If you are concerned with what your daughter is doing online, might I suggest that you monitor her activities, physically, by locating your computer into a shared area in your house.

    There are other methods which will fall into greyer areas of the law depending on ownership of the computer system, the country you are in, the age of your daughter, etc.

    I apologise if I am coming across as a bit preachy but there is no substitute for proper parenting.

  49. Marie 2 May 2008 at 9:59 am Permalink

    I’m sorry, but you may be confused. I posted right above your last post (my post is still there and hasn’t been removed) and I do not have a daughter. I have no idea what you’re talking about. The same message was also sent to my private email, so I think you accidentally answered me but meant to answer someone else. Please see my post above. Thank you.

  50. Bogwitch 2 May 2008 at 11:24 am Permalink

    My apologies,

    Someone using the exact same name posted a message onto this thread asking the same question as you, although with a bit more detail, that message was deleted by the moderators. I assumed that Marie and Marie were the same person.

    Easy mistake to make!

  51. Marie 2 May 2008 at 1:46 pm Permalink

    No problem at all. I should have used a symbol after my name but didn’t notice the other user. BTW, is my question one that you can answer or does it fall into the same category as the other Marie? Thank you

  52. Bogwitch 2 May 2008 at 9:00 pm Permalink

    I’ll try.
    If you want to retrieve a password for a blog or message site, there is usually a link to follow entitled ‘Forgot password?’ or similar, that would be the way to go.

  53. Takehiko 4 May 2008 at 9:32 am Permalink

    Ummm….Okay it goes like this. I really wanna learn some what of hacking just to get to know what I might deal with in the future with me getting more indepth with computers. I’ve tried to download Brute Force but for some reason everytime I go to hoobie.com -or what ever it is- the web page doesn’t load. Could anyone give me another site or something, I’m new to this but I really wanna learn.

  54. Johnny 11 May 2008 at 8:12 am Permalink

    common guys google-it and you find plentiful downloads

    Can I also suggest something: Why not move this website some on a Russian server? At lease no homeland narrow-minded idiots will interfere :)

  55. deeofborg 20 May 2008 at 2:27 am Permalink

    Johnny you so right haha i love ? ????? ??? ???????? ????? lol

  56. watcher 20 May 2008 at 1:59 pm Permalink

    brutus was pretty awesome back in the day, its still a great program for someone taking their first steps in to password auditing.
    If a new version came out I’d personally love to see it be able to compete with hydra as far as performance, and effectiveness.

  57. grav 28 June 2008 at 7:56 pm Permalink

    Has anybody found that brute force hacking is highly ineffective?
    The best way is to find some vulnerability on the page and exploit it.
    I think brute force should be the last thing tried.
    FOr one thing, it is highly suspicious in the logs as having one IP address go through a couple hundred, or even thousand, tries to log in unsuccessfully!

  58. Navin 29 June 2008 at 5:28 am Permalink

    @ phantom, it’d depend on the type of “login” used to hook onto the MMORPG server

    @grav obviously man, and now some servers prevent multiple login attempts from a given ip to prevent such attacks…. thats the reason phishing is preferred….most skiddies go for it and succeed coz us humans are after all the dumbest species in the universe!!The percentage of people who know even a bit about ARP poisoning or BlindSQL attacks is miniscule outside the security professional world

  59. zupakomputer 30 June 2008 at 4:54 pm Permalink

    Well, thanks for that gem of wisdom there hikup.

    I’d agree with grav there too – even if you sit behind an fortress doing brute attacks, you’re going to get seen by someone. Maybe not the people who are meant to be the network admin on the sites or servers being bruted – but someone is going to see that traffic, and they’ll certainly be taking all kinds of interests in you or at the least, your own hardware / network / etc.

    I think brutes are best used – in testing, cause you need to account for the possibility of someone else (or their botnet) using such methods, and not-online brutes, eg – decrypting a drive or some such that you have actually with you. Which is also of course, why they are legit apps also.

  60. grav 30 June 2008 at 6:16 pm Permalink

    The best way to get a password – or for that matter any personal information is social engineering. A system can be impenetrable, but there is always one flaw, and that is the human element. Social engineers run the most risks (there is no proxy string to hide behind)
    but in the long run, they are the ones that get the most out of anything with the least amount of actual “hacking”

    A really good example is with the “hacking” of Paris Hilton’s SideKick. The ppl who stole all of her photos and stuff were pretty much hacking amateurs, but they were able to convince one of the T-Mobile personnel to give them the correct access codes and such to allow them to pull off the “heist”

    Its the same thing with brute forcing, either you can try to brute force a website or ftp server or whatever, or with a quick phone call, you can find out everything you wanted to find out.

  61. zupakomputer 30 June 2008 at 7:11 pm Permalink

    ? – the personnel shouldn’t ever have anyone’s actual passwords and details to give away, they’re only allowed to reset passwords.

    And that shouldn’t ever happen over a phonecall, unless you can verify the number calling and say they use a videophone and then you can see it’s them too.

    Mind you T-mobile are off their heads so that doesn’t surprise me anyway.

  62. dakota 9 September 2008 at 10:05 pm Permalink

    Interested in getting as much info on this program as possible. Im trying to bruteforce or dictionary attack a router login, and keep getting timeout/throttle and no results (allready have password and login) ….just curious