[redN00ws]

I won't pretend to have this massive knowledge in the matter, but aren't bruteforcers in general growing obsolete? Most sites do have preventive measures against bruteforcing, and I've yet to find one able to get into something that isn't MySpace.

It's true what you are saying but I regularly use brute forcers against my clients. It often shows that older companies, who grew through the years, are still working on older pc's and older in-company servers with security of the beginning of this millennium or even older.

Last week I was in a building construction company with about 30 employees and no real IT professionals. I immediately saw an old computer with Windows XP on it. They told me they have a server running that mostly handles their e-mails.
This kind of company is a good one to test a brute forcer on... It's always an eye opener when you can say that you were able to triy X-thousends of password combinations and got in...

Of course... unless the client wants it... I don't start a penetration test with a brute forcer.

By the way... I often have to perform a security audit. Most of the time I use scans like Nessus or OpenVAS. Very, very often I can perform such a scan without being blocked. That says a lot about their security.