provocativo_
back to the arsenal
// arsenal·Password CrackingBeginnerFOSS

THC-Hydra

Parallelized online password-guessing across 50+ protocols.

Password Cracking

$ thc-hydra --help

THC-Hydra

// what it is

Description

Van Hauser / THC's classic. Sprays credentials at SSH, FTP, RDP, HTTP forms, SMTP, MySQL, MSSQL, Telnet, VNC, and dozens more. The default tool when you have a 'login form + a credential list'.

// use cases

What people use it for

  • Brute-forcing SSH on a CTF box
  • HTTP login form spraying
  • RDP / VNC credential testing

// commands

The commands you'll type

SSH brute

$ hydra -L users.txt -P pass.txt ssh://10.0.0.5 -t 4

HTTP form (POST)

$ hydra -l admin -P pass.txt target.tld http-post-form '/login.php:user=^USER^&pass=^PASS^:F=invalid'

// facts

category
Password Cracking
platforms
LIN · WIN · MAC
license
FOSS
difficulty
Beginner

// links

// related in Password Cracking

Password CrackingIntermediate

Hashcat

The fastest open-source password recovery tool — GPU acceleration on every hash mode.

FOSS
LIN·WIN·MAC
open entry →
Password CrackingIntermediate

John the Ripper

Open-source password cracker with the most diverse hash format support of any open tool.

FOSS
LIN·WIN·MAC
open entry →
Password CrackingBeginner

Medusa

Parallel network login brute-forcer — Hydra's older sibling.

FOSS
LIN
open entry →