ZeroTrace HID
BRUTEFORCE Primitive
Hardware-rate credential brute-forcing via HID
The bruteForce script primitive types candidate passwords at full HID speed against any input field on the target.
Syntax
bruteForce <length> <delay_ms> <upper> <lower> <symbols> <numbers> <space> <enterPolicy>
| Parameter | Type | Meaning |
|---|---|---|
length | int | Password length |
delay_ms | int | Per-attempt delay in milliseconds |
upper | bool | Include A–Z |
lower | bool | Include a–z |
symbols | bool | Include common symbols |
numbers | bool | Include 0–9 |
space | bool | Include space |
enterPolicy | enum | none / after / each |
Example
# 4-digit numeric PIN brute-force, 500 ms between attempts, press Enter after each
bruteForce 4 500 false false false true false each
Performance
Throughput is bounded by the host's input field acceptance rate, not the device. Most lock screens cap at ~5 attempts before lockout — delay_ms and enterPolicy exist to let you tune around that without scripting timing manually.
When NOT to use
- Anything subject to lockout policy without the policy disabled.
- Production systems without explicit written authorization.
- Networks where BRUTEFORCE traffic could trigger an IDS — the device emits HID keyboard events, not network traffic, but the host's audit log will see them.
This primitive exists for authorized credential testing. The device cannot tell whether your authorization covers the target — the operator carries that responsibility.