THC Hydra

THC Hydra Logo
THC Hydra is a fast and powerful password-cracking tool used for brute-force attacks against various protocols and services like FTP, SSH, Telnet, and HTTP. It supports multiple authentication methods, making it a go-to tool for penetration testers to assess password security across networks, web applications, and remote systems. Hydra helps identify weak credentials.
Download Hydra
Navigation

Installation and Setup

Install on Kali Linux (Pre-installed)

sudo apt update && sudo apt install hydra

Install on Debian/Ubuntu

sudo apt update && sudo apt install hydra

Install on macOS

brew install hydra

Compile from Source

git clone https://github.com/vanhauser-thc/thc-hydra.git
cd thc-hydra
./configure
make
sudo make install

Basic Usage

hydra -L users.txt -P passwords.txt 10.1.1.1 ssh            #Basic SSH Brute-Force
hydra -l admin -P rockyou.txt ftp://10.1.1.1                #FTP Brute-Force with a Single User
hydra -L users.txt -P passwords.txt -t 4 ssh://10.1.1.1     #Limit Concurrent Threads (4)
hydra -L users.txt -P passwords.txt -M targets.txt ssh      #Attack Multiple Targets from File

Supported Authentication Protocols

hydra -U                                                                     #List all supported protocols
hydra -L users.txt -P passwords.txt ssh://10.1.1.1                           #SSH Attack
hydra -L users.txt -P passwords.txt ftp://10.1.1.1                           #FTP Attack
hydra -L users.txt -P passwords.txt rdp://10.1.1.1                           #RDP Attack
hydra -L users.txt -P passwords.txt smb://10.1.1.1                           #SMB Attack
hydra -L users.txt -P passwords.txt mysql://10.1.1.1                         #MySQL Attack
hydra -L users.txt -P passwords.txt postgres://10.1.1.1                      #PostgreSQL Attack
hydra -L users.txt -P passwords.txt http-post-form://example.com/login.php   #Web Login Form
hydra -L users.txt -P passwords.txt snmp://10.1.1.1                          #SNMP Brute-Force

Common Attack Scenarios

Brute-Force SSH

hydra -L users.txt -P passwords.txt ssh://10.1.1.1                  #SSH Attack
hydra -l root -P rockyou.txt ssh://10.1.1.1                         #Target Root Account
hydra -L users.txt -P passwords.txt -s 2222 ssh://10.1.1.1          #Attack Custom SSH Port

Brute-Force FTP

hydra -L users.txt -P passwords.txt ftp://10.1.1.1                  #FTP Attack
hydra -L users.txt -P passwords.txt -s 21 ftp://10.1.1.1            #FTP on Port 21
hydra -L users.txt -P passwords.txt -u anonymous ftp://10.1.1.1     #FTP Anonymous Login Check

Brute-Force SMB

hydra -L users.txt -P passwords.txt smb://10.1.1.1                  #SMB Brute-Force Attack
hydra -L users.txt -P passwords.txt -t 5 smb://10.1.1.1             #SMB Brute-Force Attack with Thread Control
hydra -L users.txt -P passwords.txt -e nsr smb://10.1.1.1           #Try Null, Same-as-User, and Reverse

Brute-Force RDP

hydra -L users.txt -P passwords.txt rdp://10.1.1.1                  #RDP Brute-Force Attack
hydra -L users.txt -P passwords.txt -s 3389 rdp://10.1.1.1          #RDP Brute-Force Attack on Port 3389

Brute-Force Web Login Forms

hydra -L users.txt -P passwords.txt http-post-form://example.com/login.php:user=^USER^&pass=^PASS^:S=200            #HTTP Login Brute-Force Attack
hydra -L users.txt -P passwords.txt http-get-form://example.com/login.php:user=^USER^&pass=^PASS^:F=incorrect       #HTTP GET Form Brute-Force Attack

Advanced Options

hydra -L users.txt -P passwords.txt -M targets.txt ssh            #Brute-Force Multiple Targets
hydra -l root -P rockyou.txt -vV ssh://10.1.1.1                   #Verbose Mode
hydra -L users.txt -P passwords.txt -t 10 -T 20 ssh://10.1.1.1    #Increase Parallel Tasks
hydra -l admin -P passwords.txt -w 5 ftp://10.1.1.1               #Add a Wait Time Between Brute-Force Attempts
hydra -L users.txt -P passwords.txt -m 2 ssh://10.1.1.1           #Retry Each Password Twice

Performance Tuning

hydra -t 10 -L users.txt -P passwords.txt ssh://10.1.1.1       #Increase Threads
hydra -L users.txt -P passwords.txt -T 30 ssh://10.1.1.1       #Optimize Connection Attempts
hydra -L users.txt -P passwords.txt -w 10 ssh://10.1.1.1       #Add a 10-second Wait Between Brute-Force Attempts

Bypass and Obfuscation Techniques

hydra -L users.txt -P passwords.txt -e ns ssh://10.1.1.1     #Try Null and Same-Name Passwords
hydra -L users.txt -P passwords.txt -m 2 ssh://10.1.1.1      #Retry Each Password Twice
hydra -L users.txt -P passwords.txt -W 5 ssh://10.1.1.1      #Delay Between Retries

Proxy and VPN Support

hydra -L users.txt -P passwords.txt -s 2222 ssh://10.1.1.1        #Use a Custom Port
hydra -L users.txt -P passwords.txt -x 5:8:A1 ssh://10.1.1.1      #Generate Passwords
hydra -L users.txt -P passwords.txt -V -F ssh://10.1.1.1          #Exit After First Match

Troubleshooting and Debugging

hydra -L users.txt -P passwords.txt -V ssh://10.1.1.1      #Enable Verbose Output
hydra -L users.txt -P passwords.txt -d ssh://10.1.1.1      #Enable Debug Mode
hydra -R                                                   #Resume Last Cracked Session

Best Practices

hydra -L users.txt -P rockyou.txt -t 10 -V ssh://10.1.1.1           #Optimize SSH Attack
hydra -L users.txt -P passwords.txt -M targets.txt -T 25 -V ssh     #Large-Scale Attack
hydra -L users.txt -P passwords.txt -w 10 -I ssh://10.1.1.1         #Ignore Invalid Logins