Just like using an automated vulnerability scanner, we can leverage tools to automatically attempt to log in to services and find valid credentials. These tools are designed to automate online password attacks until the server responds with a valid login. An online password attack can be defined as trying to log in to a live service by brute forcing credentials until a valid combination is discovered.
The trouble with online password attacks is that they can be noisy, and trigger alarms. Let's look at some of the online password attack tools that are commonly used.