From the doc: 'SQL Server Password Auditing Tool. The features of v2.0 are: 1. Easy Command-Line Control 2. Dictionary Attack 3. Brute Force Attack 4. Much faster than v1.0 This tool just needs the IP address or machine name of the SQL Server and the user ID that you wish to check. If you choose to brute force, enter the characters to search for in the 'charset.txt' file and the maximum password length at the command line (see Usage below). Also make sure to include the dictionary file ' words.txt ' in the same place as forceSQL.exe for the dictionary attack.'
forcesql.exe