LinuxCommandLibrary

hydra

Brute-force password cracking of online services

TLDR

Start Hydra's wizard

$ hydra-wizard
copy

Guess SSH credentials using a given username and a list of passwords
$ hydra -l [username] -P [path/to/wordlist.txt] [host_ip] [ssh]
copy

Guess HTTPS webform credentials using two specific lists of usernames and passwords ("https_post_request" can be like "username=^USER^&password=^PASS^")
$ hydra -L [path/to/usernames.txt] -P [path/to/wordlist.txt] [host_ip] [https-post-form] "[url_without_host]:[https_post_request]:[login_failed_string]"
copy

Guess FTP credentials using usernames and passwords lists, specifying the number of threads
$ hydra -L [path/to/usernames.txt] -P [path/to/wordlist.txt] -t [n_tasks] [host_ip] [ftp]
copy

Guess MySQL credentials using a username and a passwords list, exiting when a username/password pair is found
$ hydra -l [username] -P [path/to/wordlist.txt] -f [host_ip] [mysql]
copy

Guess RDP credentials using a username and a passwords list, showing each attempt
$ hydra -l [username] -P [path/to/wordlist.txt] -V [rdp://host_ip]
copy

Guess IMAP credentials on a range of hosts using a list of colon-separated username/password pairs
$ hydra -C [path/to/username_password_pairs.txt] [imap://[host_range_cidr]]
copy

Guess POP3 credentials on a list of hosts using usernames and passwords lists, exiting when a username/password pair is found
$ hydra -L [path/to/usernames.txt] -P [path/to/wordlist.txt] -M [path/to/hosts.txt] -F [pop3]
copy

SYNOPSIS

hydra [<credentials>] [<general options>] <target> <service> [<service specific options>]

Examples of <credentials> options:
  -l <login> : Specify a single login username.
  -L <file> : Load usernames from <file>.
  -p <password> : Specify a single password.
  -P <file> : Load passwords from <file>.
  -C <file> : Load 'user:pass' combinations from <file>.

<target> : The target host (IP address or hostname) or URL (e.g., ssh://192.168.1.1).
<service> : The service to attack (e.g., ssh, ftp, http-get, smb, mysql).

PARAMETERS

-l <login>
    Specifies a single login username to be used.

-L <file>
    Loads a list of usernames from the specified <file>.

-p <password>
    Specifies a single password to be used.

-P <file>
    Loads a list of passwords from the specified <file>.

-C <file>
    Loads a colon-separated user:pass list from the specified <file>.

-s <port>
    Specifies the target port. Overrides the default port for the service.

-t <tasks>
    Sets the number of parallel tasks (connections) per target.

-vV
    Enables very verbose mode, showing every password attempt and additional debugging info.

-V
    Enables verbose mode, showing the login:password combination currently being attempted.

-o <file>
    Writes all discovered valid credentials to the specified output <file>.

-F
    Exits immediately after finding the first successful login/password combination for any target.

-f
    Exits after finding the first successful login/password combination for a specific target.

-e <nsr>
    Performs additional password checks: n (null password), s (login as password), r (reverse login as password).

-S
    Connects to the service using SSL/TLS.

-d
    Enables debug mode, providing more detailed output for troubleshooting.

-x <min:max:charset>
    Performs a character-set brute force attack. Example: -x 4:6:aA1 for 4-6 char alphanumeric.

-M <file>
    Loads a list of target servers (IPs or hostnames) from the specified <file>.

-W <time>
    Sets a wait time in milliseconds between attempts to prevent detection or overwhelming the target.

DESCRIPTION

Hydra is a powerful and very fast network login cracker that supports numerous protocols to attack. It is widely used by penetration testers and security researchers to demonstrate the ease of guessing or brute-forcing weak credentials on various network services. By attempting a large number of username and password combinations, Hydra aims to find valid login credentials.

The tool is highly versatile, capable of performing dictionary attacks, brute-force attacks, and even combining user and password lists. Its extensive protocol support includes, but is not limited to, FTP, SSH, HTTP (Basic, Digest, Form-Auth), SMB, SMTP, POP3, IMAP, VNC, Telnet, RDP, MySQL, PostgreSQL, Cisco, and many others. Hydra is an essential tool for auditing password security, identifying weak points in network services, and ensuring robust access control mechanisms are in place.

CAVEATS

Using Hydra (or any brute-forcing tool) against systems you do not have explicit permission to test is illegal and unethical.

Be aware that extensive use can generate significant network traffic, potentially trigger Intrusion Detection/Prevention Systems (IDS/IPS), or cause account lockouts on the target system. Always understand the target's security policies and potential consequences before running Hydra.

SUPPORTED PROTOCOLS

Hydra boasts extensive support for a wide range of network protocols. These include common services like FTP, SSH, Telnet, HTTP/HTTPS (supporting Basic, Digest, GET/POST forms, and NTLM), SMB, VNC, RDP, and database services such as MySQL, PostgreSQL, and MS-SQL. It also supports less common protocols like Cisco AAA, SIP, POP3, IMAP, SMTP, IRC, and many others, making it highly versatile for diverse auditing scenarios.

HISTORY

Hydra was developed by van Hauser and the THC (The Hacker's Choice) crew. It first emerged in the early 2000s and has since become one of the most widely used and actively maintained open-source network login cracking tools. Its development has consistently focused on expanding protocol support and improving attack speed, making it a staple in penetration testing distributions like Kali Linux and Parrot OS for over two decades.

SEE ALSO

nmap(1), medusa(1), john(8), hashcat(1), netcat(1)

Copied to clipboard