Programmers Tools | UUID Generator, MD5 Hash Encoders and Decoders, Text Generators, Encryption and Decryption, THM and HTB Writeup | Information Hub

Information Hub > Hydra

Information Hub

Penetration Testing Tools

Hydra

Created 18 April, 2024

Hydra is an online/network password cracking program that uses brute force to crack passwords. Hydra can run through a defined list of passwords and brute force to acquire the correct authentication details.

According to the Official repository for Hydra "Number one of the biggest security holes are passwords, as every password security study shows". Hydra enables penetration testers to test this vulnerability in many protocols.

Following protocols are supported by Hydra as of April 2024.
Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MEMCACHED, MONGODB, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, Radmin, RDP, Rexec, Rlogin, Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP

Hydra is supported by many operating systems including mobile.

All UNIX platforms (Linux, *BSD, Solaris, Kali, Parrot, etc.)
MacOS
Windows with Cygwin (both IPv4 and IPv6)
Mobile systems based on Linux, MacOS or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq)

By just typing hydra and pressing ENTER key in the command terminal, users can access the short summary of important options available for use in Hydra.
Users can access the full list options and some examples in command line by typing hydra -h and pressing ENTER key in the command terminal.

Full list of Hydra options :-
root@MACHINE-IP:~# hydra -h
Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.

Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr] [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT] [-x MIN:MAX:CHARSET] [-c TIME] [-ISOuvVd46] [service://server[:PORT][/OPT]]

Options:
-R       restore a previous aborted/crashed session
-I       ignore an existing restore file (don't wait 10 seconds)
-S       perform an SSL connect
-s PORT       if the service is on a different default port, define it here
-l LOGIN or -L FILE       login with LOGIN name, or load several logins from FILE
-p PASS or -P FILE       try password PASS, or load several passwords from FILE
-x MIN:MAX:CHARSET       password bruteforce generation, type "-x -h" to get help
-y       disable use of symbols in bruteforce, see above
-e nsr       try "n" null password, "s" login as pass and/or "r" reversed login
-u       loop around users, not passwords (effective! implied with -x)
-C FILE       colon separated "login:pass" format, instead of -L/-P options
-M FILE       list of servers to attack, one entry per line, ':' to specify port
-o FILE       write found login/password pairs to FILE instead of stdout
-b FORMAT       specify the format for the -o FILE: text(default), json, jsonv1
-f / -F       exit when a login/pass pair is found (-M: -f per host, -F global)
-t TASKS       run TASKS number of connects in parallel per target (default: 16)
-T TASKS       run TASKS connects in parallel overall (for -M, default: 64)
-w / -W TIME       wait time for a response (32) / between connects per thread (0)
-c TIME       wait time per login attempt over all threads (enforces -t 1)
-4 / -6       use IPv4 (default) / IPv6 addresses (put always in [] also in -M)
-v / -V / -d       verbose mode / show login+pass for each attempt / debug mode
-O       use old SSL v2 and v3
-q       do not print messages about connection errors
-U       service module usage details
-h       more command line options (COMPLETE HELP)
server       the target: DNS, IP or 192.168.0.0/24 (this OR the -M option)
service       the service to crack (see below for supported protocols)
OPT       some service modules support additional input (-U for module help)

Supported services: adam6500 asterisk cisco cisco-enable cvs firebird ftp ftps http[s]-{head|get|post} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] mssql mysql nntp oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres radmin2 rdp redis rexec rlogin rpcap rsh rtsp s7-300 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak telnet[s] vmauthd vnc xmpp

Hydra is a tool to guess/crack valid login/password pairs. Licensed under AGPL v3.0. The newest version is always available at http://www.thc.org/thc-hydra Don't use in military or secret service organizations, or for illegal purposes. These services were not compiled in: afp ncp oracle sapr3.

Use HYDRA_PROXY_HTTP or HYDRA_PROXY environment variables for a proxy setup.
E.g.
      % export HYDRA_PROXY=socks5://l:p@127.0.0.1:9150 (or: socks4:// connect://)
      % export HYDRA_PROXY=connect_and_socks_proxylist.txt (up to 64 entries)
      % export HYDRA_PROXY_HTTP=http://login:pass@proxy:8080
      % export HYDRA_PROXY_HTTP=proxylist.txt (up to 64 entries)

Examples:
      hydra -l user -P passlist.txt ftp://192.168.0.1
      hydra -L userlist.txt -p defaultpw imap://192.168.0.1/PLAIN
      hydra -C defaults.txt -6 pop3s://[2001:db8::1]:143/TLS:DIGEST-MD5
     hydra -l admin -p password ftp://[192.168.0.0/24]/
      hydra -L logins.txt -P pws.txt -M targets.txt ssh

NOTE :- Above list of option is an unedited (raw) dump of the Hydra options that appear on the terminal when hydra -h command is used.