Hydra

Fast online password brute-forcing tool supporting many protocols

Methods10 commands

#bruteforce#password#authentication#networking

Installation

1Install via package manager

2Or compile from source

3Verify installation

# Kali Linux
apt install hydra

# macOS
brew install hydra

# Verify
hydra --help

Basic Usage

Brute-force login credentials for various network services

# SSH bruteforce
hydra -l admin -P passwords.txt ssh://target.com

# Web form bruteforce
hydra -l user -P pass.txt target.com http-post-form "/login:user=^USER^&pass=^PASS^:F=incorrect"

# FTP bruteforce
hydra -L users.txt -P passwords.txt ftp://target.com

Command Reference

10 commands

1Single username

-l

2Username wordlist

-L

3Single password

-p

4Password wordlist

-P

5Tasks per target (threads)

-t

6Verbose output

-v

7Stop after first success

-f

8Custom port

-s

9Output file

-o

10Web form attack module

http-post-form

When to Use

Password auditing and recovery

Testing weak credentials

CTF challenges

Post-exploitation lateral movement

Validating password policies

Notes & Tips

Supports 50+ protocols (SSH, FTP, HTTP, MySQL, etc.)

Use -f flag to stop on first valid password

Combine with CeWL for targeted wordlists

Rate limiting may cause false negatives

Common Errors & Solutions

Connection refused

Check if service is running on the target

Too many connections

Reduce threads with -t flag

Invalid module

Use hydra -h to list available modules

Hydra

Fast online password brute-forcing tool supporting many protocols

Methods10 commands

#bruteforce#password#authentication#networking

Installation

1Install via package manager

2Or compile from source

3Verify installation

# Kali Linux
apt install hydra

# macOS
brew install hydra

# Verify
hydra --help

Basic Usage

Brute-force login credentials for various network services

# SSH bruteforce
hydra -l admin -P passwords.txt ssh://target.com

# Web form bruteforce
hydra -l user -P pass.txt target.com http-post-form "/login:user=^USER^&pass=^PASS^:F=incorrect"

# FTP bruteforce
hydra -L users.txt -P passwords.txt ftp://target.com

Command Reference

10 commands

1Single username

-l

2Username wordlist

-L

3Single password

-p

4Password wordlist

-P

5Tasks per target (threads)

-t

6Verbose output

-v

7Stop after first success

-f

8Custom port

-s

9Output file

-o

10Web form attack module

http-post-form

When to Use

Password auditing and recovery

Testing weak credentials

CTF challenges

Post-exploitation lateral movement

Validating password policies

Notes & Tips

Supports 50+ protocols (SSH, FTP, HTTP, MySQL, etc.)

Use -f flag to stop on first valid password

Combine with CeWL for targeted wordlists

Rate limiting may cause false negatives

Common Errors & Solutions

Connection refused

Check if service is running on the target

Too many connections

Reduce threads with -t flag

Invalid module

Use hydra -h to list available modules