tools/hydra

Hydra

Hydra is a fast and flexible password-cracking tool used to perform brute-force attacks on login pages and network services.

Usage

Basic Usage

# Password Spraying
hydra -L USER_DICT -p PASS TARGET SERVICE
# Dictionary Attack
hydra -l USER -P PASS_DICT TARGET SERVICE
hydra -L USER_DICT -P PASS_DICT TARGET SERVICE

Other Usages

# Service Specification Alternative
hydra -L USER_DICT -P PASS_DICT SERVICE://TARGET
# Service on Custom Port
hydra -L USER_DICT -P PASS_DICT TARGET SERVICE -s PORT
# Multiple Host Attack
hydra -L USER_DICT -P PASS_DICT -M TARGETS_FILE SERVICE
# Targeted Combinations (user:pass format)
hydra -C COMBINATION_FILE TARGET SERVICE

Useful Options

# Save results
hydra -L USER_DICT -P PASS_DICT TARGET SERVICE -o OUTPUT_FILE
# Stop on Success
hydra -L USER_DICT -P PASS_DICT TARGET SERVICE -F

Hydra can handle HTTP login forms with special options to specify the URL, request type, parameters, and error messages.

# POST Login Form
hydra -L USER_LIST -P PASS_LIST TARGET_URL http-post-form PATH_LOGIN

The LOGIN_PATH string has the following combination: PATH:FORM_DATA:CONDITION

# Redirect
PATH_LOGIN example -> '/login.php:user=^USER^&pass=^PASS^:S=302'
# Message Error
PATH_LOGIN example -> '/login.php:user=^USER^&pass=^PASS^:F=Invalid user'

Previousexploit/technologies Nexttools/ffuf

Last updated 1 year ago

Hydra

Usage

Basic Usage

Other Usages

Useful Options

HTTP Login Forms

Login Form Type

Login Path