hydra
Hydra is a parallelized login cracker which supports numerous protocols to attack.
Currently this tool supports: adam6500 afp asterisk cisco cisco-enable cvs firebird ftp ftps http[s]-{head|get|post} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] mssql mysql(v4) mysql5 ncp nntp oracle oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres rdp radmin2 redis rexec rlogin rpcap rsh rtsp s7-300 sapr3 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak telnet[s] vmauthd vnc xmpp
Usage
Usage: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE|-x OPT -y]] | [-C FILE]] [-e nsr] [-u] [-f|-F] [-M FILE] [-o FILE] [-b FORMAT] [-t TASKS] [-T TASKS] [-w TIME] [-W TIME] [-m OPTIONS] [-s PORT] [-c TIME] [-S] [-O] [-4|6] [-I] [-vV] [-d] server service [OPTIONS]
Options
target: a target to attack, can be an IPv4 address, IPv6 address or DNS name.service: a service to attack, see the list of protocols available
Some modules have optional or mandatory options. type hydra -U <servicename> to get help on on the options of a service.
| Option | Description |
|---|---|
-R | Restore a previously aborted session. Requires a hydra.restore file was written. Options are restored, but can be changed by setting them after -R on the command line. |
-S | Connect via SSL. |
-O | Use old SSL v2 and v3. |
-s PORT | If the service is on a different default port, define it here. |
-l LOGIN | Login with LOGIN name. |
-L FILE | Load several logins from FILE. |
-p PASS | Try password PASS. |
-P FILE | Load several passwords from FILE. |
-x min:max:charset | Generate passwords from min to max length. Charset can contain 1 for numbers, a for lowercase, and A for uppercase characters. Any other character is added to the list. Example: 1:2:a1%. Generated passwords will be of length 1 to 2 and contain lowercase letters, numbers, and/or percent signs and dots. |
-y | Disable use of symbols in -x brute force. |
-e nsr | Additional checks: “n” for null password, “s” try login as pass, “r” try the reverse login as pass. |
-C FILE | Colon separated login:pass format, instead of -L/-P options. |
-u | By default, Hydra checks all passwords for one login and then tries the next login. This option loops around the passwords, so the first password is tried on all logins, then the next password. |
-f | Exit after the first found login/password pair (per host if -M). |
-F | Exit after the first found login/password pair for any host (for usage with -M). |
-M FILE | Server list for parallel attacks, one entry per line. |
-o FILE | Write found login/password pairs to FILE instead of stdout. |
-b FORMAT | Specify the format for the -o FILE: text (default), json, jsonv1. |
-t TASKS | Run TASKS number of connections in parallel (default: 16). |
-m OPTIONS | Module specific options. See hydra -U <module> for available options. |
-w TIME | Defines the max wait time in seconds for responses (default: 32). |
-W TIME | Defines a wait time between each connection a task performs. This usually only makes sense if a low task number is used, e.g. -t 1. |
-c TIME | The wait time in seconds per login attempt over all threads (-t 1 is recommended). Usually only makes sense if a low task number is used. |
-4 / -6 | Prefer IPv4 (default) or IPv6 addresses. |
-v / -V | Verbose mode / show login+pass combination for each attempt. |
-d | Debug mode. |
-I | Ignore an existing restore file (don’t wait 10 seconds). |