Hello, i new.

Question and curiosity: why does brute force is always forbiden?

It is question. Brute force is useful some cases.

I had report flaged as out of scope proven Ato using hard brute force on weak auth on program.

I know it was going to be out of scope, but if i would robbery their site is still valid cenário. No rate limit with 130 paralell workers bypassing captcha to get ATO no click in 4 digit case.

Reported anyway. Big site and Ato there could lead to integrate login. Conpany now knows. Low pay, did for free.

I wonder. Do the company knows we use this to steal when they mark brute force as out of scope? Real crime does not care