Password Attackspasswordcrackerbruteforceloginsshftpnetwork

Hydra

Hydra is a parallelized login cracker which supports numerous protocols to attack. It is very fast and flexible, enabling researchers and security consultants to demonstrate unauthorized remote system access.

Description

Hydra is a very fast network logon cracker that supports numerous protocols including Cisco AAA, FTP, HTTP(S), SSH, SMB, SMTP, SNMP, Telnet, VNC and many others. This tool makes it possible for researchers and security consultants to show how easy it would be to gain unauthorized access to a system remotely. New modules are easy to add, making it highly extensible.

Use cases include testing network service logins for weak credentials, demonstrating brute-force vulnerabilities, and auditing password strength across multiple protocols. It operates by attempting login/password combinations in parallel across specified targets and services.

The package also includes companion tools like dpl4hydra for generating default password lists, pw-inspector for filtering password lists, and hydra-wizard for simplifying command-line usage.

How It Works

Hydra performs parallelized brute-force attacks by generating or loading login/password combinations and attempting them against specified services on target servers. It supports single logins (-l), password lists (-P), login lists (-L), or combo files (-C), with configurable threads (-t), timing (-w, -W, -c), and service-specific options. Protocols are modular, handling authentication mechanisms like plain text, SSL/TLS, digest-md5, and more, with output to files or restore sessions (-R). Proxy support via environment variables enhances stealth.

Installation

bash

sudo apt install hydra

Flags

-l LOGINlogin with LOGIN name

-L FILEload several logins from FILE

-p PASStry password PASS

-P FILEload several passwords from FILE

-C FILEuse colon separated "login:pass" format file

-t TASKSnumber of parallel tasks

-e nsrtry empty pass, login as pass, reverse login/pass

-o FILEoutput file for found logins

-s PORTservice on different default port

-x MIN:MAX:CHARSETpassword bruteforce generation

-fstop after first found login/password

-m MODULE_OPTmodule-specific options

Examples

Attempt to login as root using a password list with 6 threads on SSH server

hydra -l root -P /usr/share/wordlists/metasploit/unix_passwords.txt -t 6 ssh://192.168.1.123

Filter password list to lengths 6-10 and save to file

pw-inspector -i /usr/share/wordlists/nmap.lst -o /root/passes.txt -m 6 -M 10

Attack FTP server with single user and password list

hydra -l user -P passlist.txt ftp://192.168.0.1

Attack IMAP server with user list and single password

hydra -L userlist.txt -p defaultpw imap://192.168.0.1/PLAIN

IPv6 POP3S attack with combo file and TLS digest-md5

hydra -C defaults.txt -6 pop3s://[2001:db8::1]:143/TLS:DIGEST-MD5

Attack FTP on entire subnet with single credentials

hydra -l admin -p password ftp://[192.168.0.0/24]/

SSH attack using login/pass lists and multiple targets

hydra -L logins.txt -P pws.txt -M targets.txt ssh

Generate Linksys default creds list and attack HTTP-GET

dpl4hydra linksys && hydra -C ./dpl4hydra_linksys.lst -t 1 192.168.1.1 http-get /index.asp

Updated 2026-04-16kali.org ↗