Simple goroutines bruteforcing tool

Benefits of Goroutines:


Goroutines are lightweight threads managed by the Go runtime, providing concurrent execution in a more efficient manner compared to traditional threads, and are superior for our use case – goroutines bruteforcing. Here’s why using Goroutines can significantly enhance the speed of a brute-force tool:

  1. Concurrency without Overhead:
  • Goroutines allow concurrent execution without the overhead associated with traditional threads. They are managed by the Go runtime, making them more efficient in terms of memory usage and context switching.
  1. Low Cost of Creation:
  • Creating Goroutines is lightweight, with minimal overhead. This enables the easy creation of a large number of concurrent tasks without a significant impact on performance.
  1. Efficient Communication:
  • Channels in Go facilitate communication between Goroutines. The communication is designed to be efficient, providing a seamless way for Goroutines to share information.
  1. Parallelism with Simplicity:
  • Go’s concurrency model allows developers to write concurrent code in a straightforward manner. The simplicity of Goroutines and channels makes it easier to reason about and implement concurrent solutions.

Speed Estimation:

Let’s estimate the speed of the brute-force tool for cracking a 5-character lowercase password. For simplicity, we’ll assume that the tool is iterating through all possible combinations of lowercase letters. We’ll use a combination of Goroutines to parallelize the process.

package main

import (

const (
    targetUsername = "admin"
    targetPassword = "hello" // 5-character lowercase password
    charset        = "abcdefghijklmnopqrstuvwxyz"

type Credentials struct {
    Username string
    Password string

func main() {
    startTime := time.Now()

    successChannel := make(chan Credentials)
    doneChannel := make(chan struct{})
    var wg sync.WaitGroup

    numWorkers := 26 // Number of Goroutines (one for each lowercase letter)

    for i := 0; i < numWorkers; i++ {
        go bruteforceWorker(i, successChannel, doneChannel, &wg)

    select {
    case credentials := <-successChannel:
        fmt.Printf("Login successful! Username: %s, Password: %s\n", credentials.Username, credentials.Password)
    case <-doneChannel:
        fmt.Println("Bruteforce completed. No valid credentials found.")


    elapsedTime := time.Since(startTime)
    fmt.Printf("Time taken: %s\n", elapsedTime)

func bruteforceWorker(workerID int, successChannel chan<- Credentials, doneChannel chan<- struct{}, wg *sync.WaitGroup) {
    defer wg.Done()

    for _, char := range charset {
        attempt := Credentials{
            Username: targetUsername,
            Password: string(char),

        if attempt.Username == targetUsername && attempt.Password == targetPassword {
            successChannel <- attempt

    doneChannel <- struct{}{}

This example uses 26 Goroutines, each responsible for attempting one letter of the password. The tool will iterate through all lowercase letters, and the parallelized nature of Goroutines will contribute to faster execution.

Please note that estimating the exact time it would take to crack a password depends on various factors, including the speed of the system running the tool and the efficiency of the code. Additionally, brute-forcing passwords is unethical and likely illegal without explicit permission. Always use such knowledge responsibly and within legal boundaries.

Here’s another great article on goroutines bruteforcing:


Leave a Reply

Your email address will not be published. Required fields are marked *