hydra
Brute-force password cracking of online services
TLDR
Start Hydra's wizard
Guess SSH credentials using a given username and a list of passwords
Guess HTTPS webform credentials using two specific lists of usernames and passwords ("https_post_request" can be like "username=^USER^&password=^PASS^")
Guess FTP credentials using usernames and passwords lists, specifying the number of threads
Guess MySQL credentials using a username and a passwords list, exiting when a username/password pair is found
Guess RDP credentials using a username and a passwords list, showing each attempt
Guess IMAP credentials on a range of hosts using a list of colon-separated username/password pairs
Guess POP3 credentials on a list of hosts using usernames and passwords lists, exiting when a username/password pair is found
SYNOPSIS
hydra [<credentials>] [<general options>] <target> <service> [<service specific options>]
Examples of <credentials> options:
-l <login> : Specify a single login username.
-L <file> : Load usernames from <file>.
-p <password> : Specify a single password.
-P <file> : Load passwords from <file>.
-C <file> : Load 'user:pass' combinations from <file>.
<target> : The target host (IP address or hostname) or URL (e.g., ssh://192.168.1.1).
<service> : The service to attack (e.g., ssh, ftp, http-get, smb, mysql).
PARAMETERS
-l <login>
Specifies a single login username to be used.
-L <file>
Loads a list of usernames from the specified <file>.
-p <password>
Specifies a single password to be used.
-P <file>
Loads a list of passwords from the specified <file>.
-C <file>
Loads a colon-separated user:pass list from the specified <file>.
-s <port>
Specifies the target port. Overrides the default port for the service.
-t <tasks>
Sets the number of parallel tasks (connections) per target.
-vV
Enables very verbose mode, showing every password attempt and additional debugging info.
-V
Enables verbose mode, showing the login:password combination currently being attempted.
-o <file>
Writes all discovered valid credentials to the specified output <file>.
-F
Exits immediately after finding the first successful login/password combination for any target.
-f
Exits after finding the first successful login/password combination for a specific target.
-e <nsr>
Performs additional password checks: n (null password), s (login as password), r (reverse login as password).
-S
Connects to the service using SSL/TLS.
-d
Enables debug mode, providing more detailed output for troubleshooting.
-x <min:max:charset>
Performs a character-set brute force attack. Example: -x 4:6:aA1 for 4-6 char alphanumeric.
-M <file>
Loads a list of target servers (IPs or hostnames) from the specified <file>.
-W <time>
Sets a wait time in milliseconds between attempts to prevent detection or overwhelming the target.
DESCRIPTION
Hydra is a powerful and very fast network login cracker that supports numerous protocols to attack. It is widely used by penetration testers and security researchers to demonstrate the ease of guessing or brute-forcing weak credentials on various network services. By attempting a large number of username and password combinations, Hydra aims to find valid login credentials.
The tool is highly versatile, capable of performing dictionary attacks, brute-force attacks, and even combining user and password lists. Its extensive protocol support includes, but is not limited to, FTP, SSH, HTTP (Basic, Digest, Form-Auth), SMB, SMTP, POP3, IMAP, VNC, Telnet, RDP, MySQL, PostgreSQL, Cisco, and many others. Hydra is an essential tool for auditing password security, identifying weak points in network services, and ensuring robust access control mechanisms are in place.
CAVEATS
Using Hydra (or any brute-forcing tool) against systems you do not have explicit permission to test is illegal and unethical.
Be aware that extensive use can generate significant network traffic, potentially trigger Intrusion Detection/Prevention Systems (IDS/IPS), or cause account lockouts on the target system. Always understand the target's security policies and potential consequences before running Hydra.
SUPPORTED PROTOCOLS
Hydra boasts extensive support for a wide range of network protocols. These include common services like FTP, SSH, Telnet, HTTP/HTTPS (supporting Basic, Digest, GET/POST forms, and NTLM), SMB, VNC, RDP, and database services such as MySQL, PostgreSQL, and MS-SQL. It also supports less common protocols like Cisco AAA, SIP, POP3, IMAP, SMTP, IRC, and many others, making it highly versatile for diverse auditing scenarios.
HISTORY
Hydra was developed by van Hauser and the THC (The Hacker's Choice) crew. It first emerged in the early 2000s and has since become one of the most widely used and actively maintained open-source network login cracking tools. Its development has consistently focused on expanding protocol support and improving attack speed, making it a staple in penetration testing distributions like Kali Linux and Parrot OS for over two decades.