• Diniz Martins

Hydra | Brute force

Hydra is a parallelized login cracker which supports numerous protocols to attack. It is very fast and flexible, and new modules are easy to add. This tool makes it possible for researchers and security consultants to show how easy it would be to gain unauthorized access to a system remotely.


It supports: Cisco AAA, Cisco auth, Cisco enable, CVS, FTP, HTTP(S)-FORM-GET, HTTP(S)-FORM-POST, HTTP(S)-GET, HTTP(S)-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MySQL, NNTP, Oracle Listener, Oracle SID, PC-Anywhere, PC-NFS, POP3, PostgreSQL, RDP, Rexec, Rlogin, Rsh, SIP, SMB(NT), SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.


Installing Hydra on Linux:

Create some files into hydra folder:

Edit your new text files, inserting some supposed logins and passwords:


> login.txt:

> pass.txt:


Now type the command below to run your script:


In this case, I insert "admin" as username... You can change it, it's up to you

One more example:


Multiple Feature of Hydra:


-R :                              restore a previous aborted/crashed session

-I :                               ignore an existing restore file.

-S :                              perform an SSL connect

-s :                              PORT   if the service is on a different default port, define it here

-l LOGIN or -L :                FILE login with LOGIN name, or load several logins from FILE

-p PASS  or -P :               FILE  try password PASS, or load several passwords from FILE

-x MIN:MAX:CHARSET : password bruteforce generation, type “-x -h” to get help

-e nsr :                         try “n” null password, “s” login as pass and/or “r” reversed login

-u :                              loop around users, not passwords (effective! implied with -x)

-C FILE :                        colon separated “login:pass” format, instead of -L/-P options

-M FILE :                       list of servers to be attacked in parallel, one entry per line

-o FILE :                        write found login/password pairs to FILE instead of stdout

-f / -F :                         exit when a login/pass pair is found (-M: -f per host, -F global)

-t TASKS :                      run TASKS number of connects in parallel (per host, default: 16)

-w / -W TIME :                wait time for responses (32s) / between connects per thread

-4 / -6 :                         prefer IPv4 (default) or IPv6 addresses

-v / -V / -d :                    verbose mode / show login+pass for each attempt / debug mode

-U :                              service module usage details

server :                         the target server (use either this OR the -M option)

service :                         the service to crack (see below for supported protocols)

OPT :                            some service modules support additional input (-U for module help)



The real attack output is something like that:

Be careful, because your IP will also logged into the attacked equipment.

41 views0 comments

Recent Posts

See All

G00gle Dorks | Vulnerable Services

Google serves some 80 percent of all search queries on the Internet, making it by far the most popular search engine. Its popularity is due not only to excellent search effectiveness, but also extensi

OpenSSH via PowerShell

This is an alternative to connect to a server via SSH without leaving PowerShell or Command Prompt. ◼️ Free download HERE ◼️ #1 Download OpenSSH-Win64.zip and unzip it. #2 Open Windows PowerShell and

Vega | Web Security Scanner

Vega is a free and open source web security scanner and web security testing platform to test the security of web applications. It can help you find and validate SQL Injection, Cross-Site Scripting (X