thc-hydra
by vanhauser-thc
Hydra is a fast and flexible network login cracker supporting numerous protocols to test password security.
hydra
Primary Use Case
Hydra is primarily used by security professionals and penetration testers to perform brute-force attacks on authentication systems and identify weak passwords across various network services. It helps organizations assess the strength of their password policies and improve overall identity and access management security.
- Supports a wide range of protocols including FTP, HTTP, SMB, SSH, and more
- Highly parallelized to speed up brute-force attacks
- Flexible password and username input options
- Supports both dictionary and brute-force attacks
- Customizable attack parameters and options
- Detailed output and logging capabilities
- Open source and actively maintained
Installation
- Clone the repository: git clone https://github.com/vanhauser-thc/thc-hydra.git
- Change directory: cd thc-hydra
- Run configuration script: ./configure
- Build the tool: make
- Install the tool (optional): sudo make install
Usage
>_ hydra -L users.txt -P passwords.txt ftp://192.168.1.100Perform a brute-force attack on an FTP server using a list of usernames and passwords.
>_ hydra -l admin -p 123456 ssh://192.168.1.100Attempt to login to an SSH server with a single username and password.
>_ hydra -C credentials.txt -t 4 http-get://192.168.1.100Use a credentials file with username:password pairs to attack an HTTP GET authentication with 4 parallel tasks.
>_ hydra -M targets.txt -P passwords.txt smbAttack multiple SMB targets listed in targets.txt using a password list.
- Can be chained with Metasploit for automated exploitation workflows.
- Integrate into CI/CD pipelines for continuous password policy validation.
- Use Hydra output to proactively harden weak authentication points.
- Combine with threat intelligence feeds to prioritize high-risk targets.
- Leverage parallelized attacks to simulate real-world brute force scenarios efficiently.
Docs Take 2 Hours. AI Takes 10 Seconds.
Ask anything about thc-hydra. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.
3 free chats per tool • Instant responses • No credit card
Related Tools
vaultwarden
dani-garcia/vaultwarden
Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs
authelia
authelia/authelia
The Single Sign-On Multi-Factor portal for web apps, now OpenID Certified™
keepassxc
keepassxreboot/keepassxc
KeePassXC is a cross-platform community-driven port of the Windows application “KeePass Password Safe”.
infisical
Infisical/infisical
Infisical is the open-source platform for secrets, certificates, and privileged access management.
authentik
goauthentik/authentik
The authentication glue you need.
teleport
gravitational/teleport
The easiest, and most secure way to access and protect all of your infrastructure.