hydra
Hydra is a command line tool used to brute force credentials. Hydra supports a multitude of protocols and schemes.
Simple usage
GET Requests with HTTP basic auth
-C
: Singular, combined (username:password
) wordlist to use.1.2.3.4
: Target system.-s
: Target port.-u
: Iterate through users before passwords. E.g. Try all users on a password before trying the next password.-f
: Stop searching for more valid credentials after finding the first valid.http-get
: Try the credentials via HTTP basic auth./path
: The path to try the credentials on with HTTP basic auth.
Separate username and password list
-L
: Wordlist to use for usernames.-P
: Wordlist to use for passwords.-u
: Iterate through users before passwords. E.g. Try all users on a password before trying the next password.-f
: Stop searching for more valid credentials after finding the first valid.1.2.3.4
: Target system.-s
: Target port.<attack-method>
: How hydra should try to use the credentials. For instance, HTTP basic auth.
Known/static username or password
You can have either -p
or -l
lowercase, which makes hydra use it as a known, static credential. Uppercase on the
other hand will refer to the given wordlist for credentials.
-P
: Wordlist to use for passwords.-p
: Known, static password.-L
: Wordlist to use for usernames.-l
: Known, static username.1.2.3.4
: Target system.-s
: Target port.-f
: Stop searching for more valid credentials after finding the first valid.http-get
: Try the credentials via HTTP basic auth./path
: The path to try the credentials on with HTTP basic auth.
HTTP POST form encoded data
-L
: Wordlist to use for usernames.-P
: Wordlist to use for passwords.1.2.3.4
: Target system.-s
: Target port.-u
: Iterate through users before passwords. E.g. Try all users on a password before trying the next password.-f
: Stop searching for more valid credentials after finding the first valid.http-post-form
: Send a post request with the following form encoded data./path
: The path to try the credentials on with HTTP basic auth.^USER^
: Where in the form encoded data to inject the username.^PASS^
: Where in the form encoded data to inject the password.<failure-string>
: A string which, when present in the response, indicates a login failure.
SSH
-L
: Wordlist to use for usernames.-P
: Wordlist to use for passwords.-u
: Iterate through users before passwords. E.g. Try all users on a password before trying the next password.-f
: Stop searching for more valid credentials after finding the first valid.1.2.3.4
: Target system.:1337
: Target port.-t
: Reduce the number of threads to 4. SSH, by default, blocks more than 4 simultaneous connections.
FTP
-L
: Wordlist to use for usernames.-P
: Wordlist to use for passwords.-u
: Iterate through users before passwords. E.g. Try all users on a password before trying the next password.-f
: Stop searching for more valid credentials after finding the first valid.1.2.3.4
: Target system.
Saving progress
Hydra by default saves the current progress when aborting a scan. Using hydra -R
the last run can be resumed from
where it was aborted.