HYDRA

https://github.com/vanhauser-thc/thc-hydra

Basis

hydra -l username -P wordlist.txt [TARGET_IP] service

Flags

-V
Verbose.
-vV
Very Verbose.

-L myUsersFile
Specify usernames file list.
-l myUser
Specify username.

-P myPassFile
Specify password file list.
-p myPass
Specify password.

-s
Specify port.
-t 4
Number of parallel connections per target.

SSH

hydra -L myUsersFile -P myPassFile [TARGET_IP] ssh
Brute Force SSH.

POST

hydra -vV -L myUsersFile.txt -P /usr/share/wordlists/rockyou.txt [TARGET_IP] http-post-form ‘/path/to/form.php:username=^USER^&password=^PASS^&login=Login:F=ChainNotOK’
Brute Force HTTP POST form with valid username.

Basic Access Auth

hydra -vV -l myUser -P /usr/share/wordlists/rockyou.txt [TARGET_IP] http-get /path/
Brute Force HTTP Basic Access Authentication.

FTP

hydra -vV -l myUser -P /usr/share/wordlists/rockyou.txt [TARGET_IP] ftp
Brute Force FTP Login.

Basis#

Flags#

SSH#

POST#

Basic Access Auth#

FTP#

Basis

Flags

SSH

POST

Basic Access Auth

FTP