1HYDRA(1) General Commands Manual HYDRA(1)
2
6 hydra - a very fast network logon cracker which support many different
7 services
8
10 hydra
11 [[[-l LOGIN|-L FILE] [-p PASS|-P FILE|-x OPT -y]] | [-C FILE]]
12 [-e nsr] [-u] [-f|-F] [-M FILE] [-o FILE] [-b FORMAT]
13 [-t TASKS] [-T TASKS] [-w TIME] [-W TIME] [-m OPTIONS] [-s PORT]
14 [-c TIME] [-S] [-O] [-4|6] [-I] [-vV] [-d]
15 server service [OPTIONS]
16
18 Hydra is a parallelized login cracker which supports numerous protocols
19 to attack. New modules are easy to add, beside that, it is flexible and
20 very fast.
21 This tool gives researchers and security consultants the possibility to
23 show how easy it would be to gain unauthorized access from remote to a
24 system.
25 Currently this tool supports:
27 adam6500 afp asterisk cisco cisco-enable cvs firebird ftp ftps
28 http[s]-{head|get|post} http[s]-{get|post}-form http-proxy http-
29 proxy-urlenum icq imap[s] irc ldap2[s]
30 ldap3[-{cram|digest}md5][s] mssql mysql(v4) mysql5 ncp nntp ora‐
31 cle oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres
32 rdp radmin2 redis rexec rlogin rpcap rsh rtsp s7-300 sapr3 sip
33 smb smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak tel‐
34 net[s] vmauthd vnc xmpp
35 For most protocols SSL is supported (e.g. https-get, ftp-ssl, etc.).
37 If not all necessary libraries are found during compile time, your
38 available services will be less. Type "hydra" to see what is avail‐
39 able.
40
42 target a target to attack, can be an IPv4 address, IPv6 address or DNS
43 name.
44 service
46 a service to attack, see the list of protocols available
47 OPTIONAL SERVICE PARAMETER
49 Some modules have optional or mandatory options. type "hydra -U
50 <servicename>"
51 to get help on on the options of a service.
52 -R restore a previously aborted session. Requires a hydra.restore
54 file was written. Options are restored, but can be changed by
55 setting them after -R on the command line
56 -S connect via SSL
58 -O use old SSL v2 and v3
61 -s PORT
63 if the service is on a different default port, define it
64 here
65 -l LOGIN
67 or -L FILE login with LOGIN name, or load several logins
68 from FILE
69 -p PASS
71 or -P FILE try password PASS, or load several passwords
72 from FILE
73 -x min:max:charset
75 generate passwords from min to max length. charset can
76 contain 1
77 for numbers, a for lowcase and A for upcase characters.
78 Any other character is added is put to the list.
79 Example: 1:2:a1%.
80 The generated passwords will be of length 1 to 2 and
81 contain
82 lowcase letters, numbers and/or percent signs and
83 dots.
84 -y disable use of symbols in -x bruteforce, see above
86 -e nsr additional checks, "n" for null password, "s" try login
88 as pass, "r" try the reverse login as pass
89 -C FILE
91 colon separated "login:pass" format, instead of -L/-P
92 options
93 -u by default Hydra checks all passwords for one login and
95 then tries the next login. This option loops around the
96 passwords, so the first password is tried on all logins,
97 then the next password.
98 -f exit after the first found login/password pair (per host
100 if -M)
101 -F exit after the first found login/password pair for any
103 host (for usage with -M)
104 -M FILE
106 server list for parallel attacks, one entry per line
107 -o FILE
109 write found login/password pairs to FILE instead of std‐
110 out
111 -b FORMAT
113 specify the format for the -o FILE: text(default), json,
114 jsonv1
115 -t TASKS
117 run TASKS number of connects in parallel (default: 16)
118 -m OPTIONS
120 module specific options. See hydra -U <module> what
121 options are available.
122 -w TIME
124 defines the max wait time in seconds for responses
125 (default: 32)
126 -W TIME
128 defines a wait time between each connection a task per‐
129 forms. This usually only makes sense if a low task number
130 is used, .e.g -t 1
131 -c TIME
133 the wait time in seconds per login attempt over all
134 threads (-t 1 is recommended) This usually only makes
135 sense if a low task number is used, .e.g -t 1
136 -4 / -6
138 prefer IPv4 (default) or IPv6 addresses
139 -v / -V
141 verbose mode / show login+pass combination for each
142 attempt
143 -d debug mode
145 -I ignore an existing restore file (don't wait 10 seconds)
147 -h, --help
149 Show summary of options.
150
152 xhydra(1), pw-inspector(1).
153 The programs are documented fully by van Hauser <vh@thc.org>
154
156 hydra was written by van Hauser / THC <vh@thc.org> Find new ver‐
157 sions or report bugs at https://github.com/vanhauser-thc/thc-
158 hydra
159 This manual page was written by Daniel Echeverry
161 <epsilon77@gmail.com>, for the Debian project (and may be used
162 by others).
163 01/01/2019 HYDRA(1)