tools/hydra

Hydra

Hydra is a fast and flexible password-cracking tool used to perform brute-force attacks on login pages and network services.

Usage

Basic Usage

# Password Spraying
hydra -L USER_DICT -p PASS TARGET SERVICE
# Dictionary Attack
hydra -l USER -P PASS_DICT TARGET SERVICE
hydra -L USER_DICT -P PASS_DICT TARGET SERVICE

Other Usages

# Service Specification Alternative
hydra -L USER_DICT -P PASS_DICT SERVICE://TARGET
# Service on Custom Port
hydra -L USER_DICT -P PASS_DICT TARGET SERVICE -s PORT
# Multiple Host Attack
hydra -L USER_DICT -P PASS_DICT -M TARGETS_FILE SERVICE
# Targeted Combinations (user:pass format)
hydra -C COMBINATION_FILE TARGET SERVICE

Useful Options

# Save results
hydra -L USER_DICT -P PASS_DICT TARGET SERVICE -o OUTPUT_FILE
# Stop on Success
hydra -L USER_DICT -P PASS_DICT TARGET SERVICE -F

Hydra can handle HTTP login forms with special options to specify the URL, request type, parameters, and error messages.

# POST Login Form
hydra -L USER_LIST -P PASS_LIST TARGET_URL http-post-form PATH_LOGIN

The LOGIN_PATH string has the following combination: PATH:FORM_DATA:CONDITION

# Redirect
PATH_LOGIN example -> '/login.php:user=^USER^&pass=^PASS^:S=302'
# Message Error
PATH_LOGIN example -> '/login.php:user=^USER^&pass=^PASS^:F=Invalid user'

Previousexploit/technologies Nexttools/ffuf

Last updated 1 year ago

hashtagHydra

hashtagUsage

hashtagBasic Usage

hashtagOther Usages

hashtagUseful Options

hashtagHTTP Login Forms

hashtagLogin Form Type

hashtagLogin Path

Hydra

Usage

Basic Usage

Other Usages

Useful Options

HTTP Login Forms

Login Form Type

Login Path