A very fast network logon cracker which support many different services.
See feature sets and services coverage page - incl. a speed comparison against ncrack and medusa.Number one of the biggest security holes are passwords, as every password security study shows.
This tool is a proof of concept code, to give researchers and security consultants the possiblity to show how easy it would be to gain unauthorized access from remote to a system.
There are already several login hacker tools available, however none does either support more than one protocol to attack or support parallized connects.
It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, FreeBSD/OpenBSD, QNX (Blackberry 10) and OSX.
Currently this tool supports the following protocols:
Currently this tool supports the following protocols:
Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.
CHANGELOG for 8.1
! Development moved to a public github repository: https://github.com/vanhauser-thc/thc-hydra
* David Maciejak, my co-maintainer moved to a different job and country and can not help with Hydra anymore - sadly! Wish you all the best!
* Added patch from Ander Juaristi which adds h/H header options for http-form-*, great work, thanks!
* Found login:password combinations are now printed with the name specified (hostname or IP), not always IP
* Fixed the -M option, works now with many many targets :-)
* -M option now supports ports, add a colon in between: "host:port", or, if IPv6, "[ipv6ipaddress]:port"
* Fixed for cisco-enable if an intial Login/Password is used (thanks to joswr1te for reporting)
* Added patch by tux-mind for better MySQL compilation and an Android patches and Makefile. Thanks!
* Added xhydra gtk patches by Petar Kaleychev to support -h, -U, -f, -F, -q and -e r options, thanks!
* Added patch for teamspeak to better identify server errors and auth failures (thanks to Petar Kaleychev)
* Fixed a crash in the cisco module (thanks to Anatoly Mamaev for reporting)
* Small fix for HTTP form module for redirect pages where a S= string match would not work (thanks to mkosmach for reporting)
* Updated configure to detect subversion packages on current Cygwin
* Fixed RDP module to support the port option (thanks to and.enshin(at)gmail.com)
