___________ __________ _____ ________ ________ .____ ___________ \_ _____/ \______ \ / _ \ / _____/ / _____/ | | \_ _____/ | __) | _/ / /_\ \ / \ ___ / \ ___ | | | __)_ | \ | | \ / | \ \ \_\ \ \ \_\ \ | |___ | \ \___ / |____|_ / \____|__ / \______ / \______ / |_______ \ /_______ / \/ \/ \/ \/ \/ \/ \/

hydra Cheatsheet

← Back to cheatsheets

← Home

hydra is a fast and flexible brute force authentication tool. It supports parallel attacks on many protocols including SSH, HTTP, FTP, SMB, and more.

Basic Syntax

  • hydra -l <user> -P <wordlist> <target> <service> - Basic brute force
  • hydra -L <userlist> -p <password> <target> <service> - User enumeration
  • hydra -L <userlist> -P <wordlist> <target> <service> - Full brute force

Common Options

  • -l <login> - Single login name
  • -L <file> - Login file (one per line)
  • -p <password> - Single password
  • -P <file> - Password file (one per line)
  • -t <tasks> - Number of parallel tasks (default 16)
  • -w <timeout> - Wait time between attempts (default 32)
  • -f - Exit on first valid login
  • -s <port> - Port number (if non-standard)
  • -v - Verbose mode
  • -V - Show login/password attempts
  • -o <file> - Output file for found credentials

SSH Brute Force

  • hydra -l <user> -P <wordlist> ssh://<target> - SSH attack
  • hydra -l <user> -P <wordlist> -s 2222 ssh://<target> - Custom SSH port
  • hydra -L users.txt -P passwords.txt ssh://<target> - Multiple users

HTTP/HTTPS Brute Force

  • hydra -l <user> -P <wordlist> http-get://<target>/login - HTTP GET
  • hydra -l <user> -P <wordlist> http-post-form://<target>/login:"user=^USER^&pass=^PASS^":"F=incorrect" - POST form
  • hydra -l <user> -P <wordlist> https://<target>/login - HTTPS
  • hydra -L users.txt -P passwords.txt http-get://<target>/protected - HTTP basic auth

FTP Brute Force

  • hydra -l <user> -P <wordlist> ftp://<target> - FTP attack
  • hydra -L users.txt -P passwords.txt ftp://<target> - Multiple users
  • hydra -l anonymous -P passwords.txt ftp://<target> - Anonymous FTP

SMB Brute Force

  • hydra -l <user> -P <wordlist> smb://<target> - SMB attack
  • hydra -L users.txt -P passwords.txt smb://<target> - Multiple users
  • hydra -L users.txt -P passwords.txt smb://<target>/share - Specific share

RDP Brute Force

  • hydra -l <user> -P <wordlist> rdp://<target> - RDP attack
  • hydra -L users.txt -P passwords.txt rdp://<target> - Multiple users

MySQL Brute Force

  • hydra -l <user> -P <wordlist> mysql://<target> - MySQL attack
  • hydra -L users.txt -P passwords.txt mysql://<target> - Multiple users

PostgreSQL Brute Force

  • hydra -l <user> -P <wordlist> postgresql://<target> - PostgreSQL attack
  • hydra -L users.txt -P passwords.txt postgresql://<target> - Multiple users

VNC Brute Force

  • hydra -l <user> -P <wordlist> vnc://<target> - VNC attack
  • hydra -p <password> vnc://<target> - Password only (no user)

Advanced Options

  • -e nsr - Try null password, same as login, reversed login
  • -e n - Try null password
  • -e s - Try same as login
  • -e r - Try reversed login
  • -M <file> - Target list file
  • -C <file> - Colon-separated "login:pass" format
  • -S - Use SSL
  • -u - Loop around users, not passwords
  • -x min:max:charset - Password generation (e.g., -x 6:8:aA1)

Common Examples

SSH Attack

hydra -l root -P /usr/share/wordlists/rockyou.txt ssh://192.168.1.100

HTTP POST Form

hydra -l admin -P passwords.txt http-post-form://target.com/login.php:"user=^USER^&pass=^PASS^":"Invalid"

Multiple Users SSH

hydra -L users.txt -P passwords.txt -t 4 ssh://192.168.1.100

FTP Attack

hydra -L users.txt -P passwords.txt ftp://192.168.1.100

SMB Attack

hydra -L users.txt -P passwords.txt smb://192.168.1.100

RDP Attack

hydra -L users.txt -P passwords.txt rdp://192.168.1.100

MySQL Attack

hydra -l root -P passwords.txt mysql://192.168.1.100

VNC Attack

hydra -P passwords.txt vnc://192.168.1.100

Wordlist Generation

hydra -l admin -x 6:8:aA1 http-get://target.com/protected

Output to File

hydra -l admin -P passwords.txt -o results.txt ssh://192.168.1.100

Tips

  • Use -t to adjust parallel tasks (higher = faster but more detectable)
  • Use -f to stop on first valid login
  • Use -e nsr to try common weak passwords
  • Use -V for verbose output to see attempts
  • Always test on authorized systems only
  • Lower -t value reduces detection but increases time
  • Use -x for password generation when no wordlist available
  • Combine -L and -P for comprehensive testing
  • Use -o to save results for documentation
  • HTTP POST forms require proper syntax: "field=^USER^&field2=^PASS^":"error message"

← Back to cheatsheets

← Home