These commands should NEVER BE USED against any service that you do not own or have express written consent. Below is a collection of commands that can be used to either bypass authentication in some way or discover credentials and passphrases. A brute-force attack is when an attacker attempts to discover account credentials with the use of a list of possible passwords or passphrases. The attacker systematically checks all possible passwords and passphrases until the correct one is found. This method can also be used to crack the password of an SSH key or to discover a token submitted in a POST request to a website.