Hydra (software)

Hydra is a parallelized network login cracker built in various operating systems like Kali Linux, Parrot and other major penetration testing environments. Hydra works by using different approaches to perform brute-force attacks in order to guess the right username and password combination. Hydra is commonly used by penetration testers together with a set of programmes like crunch,^[2] cupp^[3] etc, which are used to generate wordlists. Hydra is then used to test the attacks using the wordlists that these programmes created.

Hydra is set to be updated over time as more services become supported. The creator of Hydra publishes his work in repositories like GitHub.

Supported protocols[]

Hydra supports many common login protocols like forms on websites, FTP, SMB, POP3, IMAP, MySQL, VNC, SSH and others.^[4]

Examples[]

Here is a sample output in a Debian environment.

$ hydra -L names -P pws ftp://wanne.t-8ch.de 
[names = Username file, commonly with .txt extestion]
[pws = Password file, commonly with .txt extestion]


Hydra v7.3 (c)2012 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2013-02-09 00:54:40
[DATA] 16 tasks, 1 server, 516 login tries (l:43/p:12), ~32 tries per task
[DATA] attacking service ftp on port 21
[21][ftp] host: 78.47.172.244   login: john   password: passwd
[STATUS] attack finished for wanne.t-8ch.de (waiting for children to finish)
1 of 1 target successfully completed, 1 valid password found
Hydra (http://www.thc.org/thc-hydra) finished at 2013-02-09 00:54:51

References[]

External links[]

• Official website