It is not recommended performing brute force attacks or dictionary attacks with large numbers of passwords on production servers because we risk interrupting the service, blocking valid users, or being blocked by our client's protection mechanisms.

It is recommended, as a penetration tester, performing this kind of attack using a maximum of four login attempts per user to avoid a blockage; for example, we could try -e ns, as we did here, and add -p 123456 to cover three possibilities: no password, the password is the same as the username, and the password is 123456, which is one of the most common passwords in the world.