Bruteforcing Email Accounts With

Hi Friends, I’m going to be talking about how to bruteforce an email account.

Theory Behind Bruteforcing

Bruteforcing a password is very simple, but very time to consuming, the way it works is that you use a dictionary and attempt to log in to the server with each password in the dictionary.

Dictionaries or wordlists are a text file with a whole list of potential passwords, wordlists  can be generated with tools such as,




Once there is a successful login then it will return the password.

Rule of Thumb

The larger the wordlist, the greater the chance of retrieving the password but it takes longer.

The smaller the wordlist, the less chance of retrieving the password but takes less time.

Why Is Gmail So Hard To Crack?

some services like Gmail use a feature called less secure apps, which prevents brute-forcing attacks, with this turned off you will get a lot of false positives but, on the other hand, if it’s turned on you will be able to brute-force a Gmail password.

Setting up Specter Bruteforcer

Download specter from GitHub with the following command.


Install Specter

git clone

How to use it?

This command will show you the arguments that are needed.

python -h



python --username "email" --wordlist "wordlist" --server "smtp server" --port "smtp port" --verbosity "level"



If you have any questions or problems please feel free to comment.

Leave a Reply