Hydra
Hydra (also known as THC-Hydra) is a popular and powerful password-cracking tool designed to perform brute-force attacks on various network protocols and services. It is commonly used by penetration testers and security researchers to test the strength of passwords in systems with services that rely on authentication, like SSH, FTP, HTTP, and many others.
Installation
sudo apt install hydra
Example Usage
hydra [-l username | -L username_file] [-p password | -P password_file] [-C combo_file] -m module [service://target[:port][/options]]
-l usernameor-L username_file: Single username or file with usernames.-p passwordor-P password_file: Single password or file with passwords.-C combo_file: File withusername:passwordpairs.-m module: Specify a specific module for the service (if needed).service://target[:port][/options]: Protocol, target IP/hostname, optional port, and additional options.
Cheat sheet
| Service | Command Example |
|---|---|
| FTP | hydra -l admin -P password.txt ftp://10.10.10.10 |
| SSH | hydra -l admin -P password.txt ssh://10.10.10.10 |
| HTTP GET | hydra -l admin -P password.txt http-get://10.10.10.10/login |
| HTTP POST | hydra -l admin -P password.txt 10.10.10.10 http-post-form "/login.php:user=^USER^&pass=^PASS^:F=incorrect" |
| HTTP Basic Auth | hydra -l admin -P password.txt 10.10.10.10 http-get / |
| RDP | hydra -l admin -P password.txt rdp://10.10.10.10 |
| SMB | hydra -L users.txt -P password.txt smb://10.10.10.10 |
| MySQL | hydra -L users.txt -P password.txt mysql://10.10.10.10 |
| Telnet | hydra -l admin -P password.txt telnet://10.10.10.10 |
| POP3 | hydra -l admin -P password.txt pop3://10.10.10.10 |
| SMTP | hydra -L users.txt -P password.txt smtp://10.10.10.10 |
Some Flags
| Flag | Description | Example |
|---|---|---|
-s PORT | Specify a non-default port for the service. | hydra -l admin -P password.txt -s 8080 ssh://10.10.10.10 |
-t TASKS | Number of parallel connections per target (default: 16). | hydra -l admin -P password.txt -t 32 ftp://10.10.10.10 |
-T TASKS | Number of overall parallel connections when attacking multiple targets with -M. | hydra -L users.txt -P password.txt -M targets.txt -T 100 ssh |
-R | Resume a previous session (useful after an interruption). | hydra -R |
-I | Ignore an existing restore file and start fresh. | hydra -l admin -P password.txt -I ssh://10.10.10.10 |
-M FILE | File containing a list of targets, one per line. | hydra -L users.txt -P password.txt -M targets.txt ssh |
-o FILE | Output the results to a file instead of printing to stdout. | hydra -l admin -P password.txt -o results.txt ftp://10.10.10.10 |
-f / -F | Stop after finding the first valid credential (-f per host, -F globally for all targets). | hydra -l admin -P password.txt -f ssh://10.10.10.10 |
-c TIME | Wait time for login attempts across all threads (enforces -t 1). | hydra -l admin -P password.txt -c 5 ssh://10.10.10.10 |
-v / -V | Verbose modes: -v shows ongoing attempts, -V shows username/password for each attempt. | hydra -l admin -P password.txt -v ssh://10.10.10.10 |
-q | Suppress connection error messages in output. | hydra -l admin -P password.txt -q ssh://10.10.10.10 |