SecTools.Org: Top 125 Network Security Tools

For more than a decade, the NmapProject has been cataloguing the network security community'sfavorite tools. In 2011 this site became much more dynamic, offeringratings, reviews, searching, sorting, and a new tool suggestion form.This site allows open source and commercial tools on any platform,except those tools that we maintain (such as the Nmap Security Scanner, Ncat network connector, and Nping packet manipulator).

We're very impressed by the collective smarts of the security community and we highly recommend reading the whole list and investigating any tools you are unfamiliar with. Click any tool name for more details on that particular application, including the chance to read (and write) reviews. Many site elements are explained by tool tips if you hover your mouse over them. Enjoy!

Tools 1–25 of 107next page →

  1. « Hydra-GUI » is a graphical user interface for the windows version of « THC Hydra ».
  2. SecTools.Org: Top 125 Network Security Tools. For more than a decade, the Nmap Project has been cataloguing the network security community's favorite tools. In 2011 this site became much more dynamic, offering ratings, reviews, searching, sorting, and a new tool suggestion form.This site allows open source and commercial tools on any platform, except those tools that we maintain (such as the.

When you need to brute force crack a remote authentication service, Hydra is often the tool of choice. It can perform rapid dictionary attacks against more than 50 protocols, including telnet, ftp, http, https, smb, several databases, and much more. Like THC Amap this release is from the fine folks at THC. Hydra GTK is a GUI front end for hydra, as this is a GUI for hydra you do have to have THC-hydra already installed. I f you are running Kali Linux this will already be pre-installed for everyone else you can install it by typing. Sudo apt-get install hydra-gtk.

(28)★★★★★Wireshark (#1, 1)

Wireshark (known as Ethereal until a trademark dispute in Summer 2006) is a fantastic open source multi-platform network protocol analyzer. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, delving down into just the level of packet detail you need. Wireshark has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session. It also supports hundreds of protocols and media types. A tcpdump-like console version named tshark is included. One word of caution is that Wireshark has suffered from dozens of remotely exploitable security holes, so stay up-to-date and be wary of running it on untrusted or hostile networks (such as security conferences). Read 47 reviews.

Latest release: version 1.12.7 on Aug. 12, 2015 (5 years, 4 months ago).

(11)★★★★½Metasploit (#2, 3)

Metasploit took the security world by storm when it was released in 2004. It is an advanced open-source platform for developing, testing, and using exploit code. The extensible model through which payloads, encoders, no-op generators, and exploits can be integrated has made it possible to use the Metasploit Framework as an outlet for cutting-edge exploitation research. It ships with hundreds of exploits, as you can see in their list of modules. This makes writing your own exploits easier, and it certainly beats scouring the darkest corners of the Internet for illicit shellcode of dubious quality. One free extra is Metasploitable, an intentionally insecure Linux virtual machine you can use for testing Metasploit and other exploitation tools without hitting live servers.

Metasploit was completely free, but the project was acquired by Rapid7 in 2009 and it soon sprouted commercial variants. The Framework itself is still free and open source, but they now also offer a free-but-limited Community edition, a more advanced Express edition ($5,000 per year per user), and a full-featured Pro edition. Other paid exploitation tools to consider are Core Impact (more expensive) and Canvas (less).

The Metasploit Framework now includes an official Java-based GUI and also Raphael Mudge's excellent Armitage. The Community, Express, and Pro editions have web-based GUIs. Read 19 reviews.

Latest release: version 4.11 on Dec. 18, 2014 (5 years, 11 months ago).

(16)★★★Nessus (#3, 2)

Nessus is one of the most popular and capable vulnerability scanners, particularly for UNIX systems. It was initially free and open source, but they closed the source code in 2005 and removed the free 'Registered Feed' version in 2008. It now costs $2,190 per year, which still beats many of its competitors. A free “Nessus Home” version is also available, though it is limited and only licensed for home network use.

Nessus is constantly updated, with more than 70,000 plugins. Key features include remote and local (authenticated) security checks, a client/server architecture with a web-based interface, and an embedded scripting language for writing your own plugins or understanding the existing ones. Read 25 reviews.

Latest release: version 6.3.3 on March 16, 2015 (5 years, 8 months ago).

(13)★★★★Aircrack (#4, 17)

Aircrack is a suite of tools for 802.11a/b/g WEP and WPA cracking. It implements the best known cracking algorithms to recover wireless keys once enough encrypted packets have been gathered. . The suite comprises over a dozen discrete tools, including airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), and airdecap (decrypts WEP/WPA capture files). Read 27 reviews.

Latest release: version 1.1 on April 24, 2010 (10 years, 7 months ago).

(3)★★★½Snort (#5, 2)

Hydra Gui Windows Xp

This network intrusion detection and prevention system excels at traffic analysis and packet logging on IP networks. Through protocol analysis, content searching, and various pre-processors, Snort detects thousands of worms, vulnerability exploit attempts, port scans, and other suspicious behavior. Snort uses a flexible rule-based language to describe traffic that it should collect or pass, and a modular detection engine. Also check out the free Basic Analysis and Security Engine (BASE), a web interface for analyzing Snort alerts.

While Snort itself is free and open source, parent company SourceFire offers their VRT-certified rules for $499 per sensor per year and a complementary product line of software and appliances with more enterprise-level features. Sourcefire also offers a free 30-day delayed feed. Read 4 reviews.

Latest release: version 2.9.7.5 on July 23, 2015 (5 years, 4 months ago).

(12)★★★½Cain and Abel (#6, 3)

UNIX users often smugly assert that the best free security tools support their platform first, and Windows ports are often an afterthought. They are usually right, but Cain & Abel is a glaring exception. This Windows-only password recovery tool handles an enormous variety of tasks. It can recover passwords by sniffing the network, cracking encrypted passwords using dictionary, brute-force and cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. It is also well documented. Read 29 reviews.

Latest release: version 4.9.56 on April 7, 2014 (6 years, 8 months ago).

(24)★★★★½Netcat (#8, 4)

This simple utility reads and writes data across TCP or UDP network connections. It is designed to be a reliable back-end tool to use directly or easily drive by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need, including port binding to accept incoming connections.

The original Netcat was released by Hobbit in 1995, but it hasn't been maintained despite its popularity. It can sometimes even be hard to find a copy of the v1.10 source code. The flexibility and usefulness of this tool prompted the Nmap Project to produce Ncat, a modern reimplementation which supports SSL, IPv6, SOCKS and http proxies, connection brokering, and more. Other takes on this classic tool include the amazingly versatile Socat, OpenBSD's nc, Cryptcat, Netcat6, pnetcat, SBD, and so-called GNU Netcat. Read 47 reviews.

Latest release: version 1.10 on March 20, 1996 (24 years, 8 months ago).

(4)★★★★tcpdump (#9, 1)

Tcpdump is the network sniffer we all used before (Wireshark) came on the scene, and many of us continue to use it frequently. It may not have the bells and whistles (such as a pretty GUI and parsing logic for hundreds of application protocols) that Wireshark has, but it does the job well and with less security risk. It also requires fewer system resources. While Tcpdump doesn't receive new features often, it is actively maintained to fix bugs and portability problems. It is great for tracking down network problems or monitoring activity. There is a separate Windows port named WinDump. tcpdump is the source of the Libpcap/WinPcap packet capture library, which is used by Nmap and many other tools. Read 5 reviews.

Latest release: version 4.7.4 on April 22, 2015 (5 years, 7 months ago).

(7)★★★★John the Ripper (#10, unchanged)

John the Ripper is a fast password cracker for UNIX/Linux and Mac OS X.. Its primary purpose is to detect weak Unix passwords, though it supports hashes for many other platforms as well. There is an official free version, a community-enhanced version (with many contributed patches but not as much quality assurance), and an inexpensive pro version. You will probably want to start with some wordlists, which you can find here, here, or here. Read 19 reviews.

Latest release: version 1.8.0 on May 30, 2013 (7 years, 6 months ago).

(3)★★★★½Kismet (#11, 4)

Kismet is a console (ncurses) based 802.11 layer-2 wireless network detector, sniffer, and intrusion detection system. It identifies networks by passively sniffing (as opposed to more active tools such as NetStumbler), and can even decloak hidden (non-beaconing) networks if they are in use. It can automatically detect network IP blocks by sniffing TCP, UDP, ARP, and DHCP packets, log traffic in Wireshark/tcpdump compatible format, and even plot detected networks and estimated ranges on downloaded maps. As you might expect, this tool is commonly used for wardriving. Oh, and also warwalking, warflying, and warskating, etc. Read 3 reviews.

Latest release: version Kismet-2013-03-R1b on April 8, 2013 (7 years, 8 months ago).

(2)★★★★★OpenSSH/PuTTY/SSH (#12, 2)

SSH (Secure Shell) is the now ubiquitous program for logging into or executing commands on a remote machine. It provides secure encrypted communications between two untrusted hosts over an insecure network, replacing the hideously insecure telnet/rlogin/rsh alternatives. Most UNIX users run the open source OpenSSH server and client. Windows users often prefer the free PuTTY client, which is also available for many mobile devices, and WinSCP. Other Windows users prefer the nice terminal-based port of OpenSSH that comes with Cygwin. There are dozens of other free and proprietary clients to consider as well. Read 2 reviews.

(23)★★★★½Burp Suite (#13, 63)

Burp Suite is an integrated platform for attacking web applications. It contains a variety of tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All of the tools share the same framework for handling and displaying HTTP messages, persistence, authentication, proxies, logging, alerting and extensibility. There is a limited free version and also Burp Suite Professional ($299 per user per year). Read 27 reviews.

Latest release: version 1.4.01 on June 3, 2011 (9 years, 6 months ago).

(45)★★★★½Nikto (#14, 2)

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated. Read 106 reviews.

Latest release: version 2.1.4 on Feb. 20, 2011 (9 years, 9 months ago).

(4)★★★★Hping (#15, 9)

This handy little utility assembles and sends custom ICMP, UDP, or TCP packets and then displays any replies. It was inspired by the ping command, but offers far more control over the probes sent. It also has a handy traceroute mode and supports IP fragmentation. Hping is particularly useful when trying to traceroute/ping/probe hosts behind a firewall that blocks attempts using the standard utilities. This often allows you to map out firewall rule sets. It is also great for learning more about TCP/IP and experimenting with IP protocols. Unfortunately, it hasn't been updated since 2005. The Nmap Project created and maintains Nping, a similar program with more modern features such as IPv6 support, and a unique echo mode. Read 6 reviews.

Latest release: version hping3-20051105 on Nov. 5, 2005 (15 years, 1 month ago).

(14)★★★★½Ettercap (#16, 5)

Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis. Read 38 reviews.

Latest release: version 0.8.2-Ferri on March 14, 2015 (5 years, 9 months ago).

(2)★★★★★Sysinternals (#17, 7)

Sysinternals provides many small windows utilities that are quite useful for low-level windows hacking. Some are free of cost and/or include source code, while others are proprietary. Survey respondents were most enamored with:

  • ProcessExplorer for keeping an eye on the files and directories open by any process (like lsof on UNIX).
  • PsTools for managing (executing, suspending, killing, detailing) local and remote processes.
  • Autoruns for discovering what executables are set to run during system boot up or login.
  • RootkitRevealer for detecting registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit.
  • TCPView, for viewing TCP and UDP traffic endpoints used by each process (like Netstat on UNIX).

Many of the Sysinternals tools originally came with source code and there were even Linux versions. Microsoft acquired Sysinternals in July 2006, promising that “Customers will be able to continue building on Sysinternals' advanced utilities, technical information and source code”. Less than four months later, Microsoft removed most of that source code. Read 2 reviews.

Latest release: Feb. 4, 2011 (9 years, 10 months ago).

(15)★★★½w3af (#18, new!)

W3af is an extremely popular, powerful, and flexible framework for finding and exploiting web application vulnerabilities. It is easy to use and extend and features dozens of web assessment and exploitation plugins. In some ways it is like a web-focused Metasploit. Read 18 reviews.

Latest release: version 1.1 on Oct. 11, 2011 (9 years, 2 months ago).

(32)★★★★OpenVAS (#19, new!)

OpenVAS is a vulnerability scanner that was forked from the last free version of Nessus after that tool went proprietary in 2005. OpenVAS plugins are still written in the Nessus NASL language. The project seemed dead for a while, but development has restarted. Read 40 reviews.

Latest release: version 8.0 on April 2, 2015 (5 years, 8 months ago).

(11)★★★★★Scapy (#20, 8)

Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. Note that Scapy is a very low-level tool—you interact with it using the Python programming language. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from the wire, match answers and replies, and more. Read 15 reviews.

Latest release: version 2.2.0 on Feb. 28, 2011 (9 years, 9 months ago).

(2)★★★★★Ping/telnet/dig/traceroute/whois/netstat (#21, 8)

While there are many advanced high-tech tools out there to assist in security auditing, don't forget about the basics! Everyone should be very familiar with these tools as they come with most operating systems (except that Windows omits whois and uses the name tracert). They can be very handy in a pinch, although more advanced functionality is available from Hping and Netcat. Read 4 reviews.

(18)★★★★THC Hydra (#22, 7)

Hydra Gui Windows 10 Pro

When you need to brute force crack a remote authentication service, Hydra is often the tool of choice. It can perform rapid dictionary attacks against more than 50 protocols, including telnet, ftp, http, https, smb, several databases, and much more. Like THC Amap this release is from the fine folks at THC. Other online crackers are Medusa and Ncrack. The Nmap Security Scanner also contains many online brute force password cracking modules. Read 62 reviews.

Latest release: version 8.2 on June 16, 2016 (4 years, 5 months ago).

no ratingPerl/Python/Ruby (#23, 3)

While many canned security tools are available on this site for handling common tasks, scripting languages allow you to write your own (or modify existing ones) when you need something more custom. Quick, portable scripts can test, exploit, or even fix systems. Archives like CPAN are filled with modules such as Net::RawIP and protocol implementations to make your tasks even easier. Many security tools use scripting languages heavily for extensibility. For example Scapy interaction is through a Python interpreter, Metasploit modules are written in Ruby, and Nmap's scripting engine uses Lua. Read 1 review.

(2)★★½Paros proxy (#24, 8)

A Java-based web proxy for assessing web application vulnerability. It supports editing/viewing HTTP/HTTPS messages on-the-fly to change items such as cookies and form fields. It includes a web traffic recorder, web spider, hash calculator, and a scanner for testing common web application attacks such as SQL injection and cross-site scripting. Read 7 reviews.

Latest release: version 3.2.13 on Aug. 8, 2006 (14 years, 4 months ago).

(2)★★★★½NetStumbler (#25, 7)

Netstumbler is the best known Windows tool for finding open wireless access points ('wardriving'). They also distribute a WinCE version for PDAs and such named MiniStumbler. The tool is currently free but Windows-only and no source code is provided. It uses a more active approach to finding WAPs than passive sniffers such as Kismet or KisMAC. Read 3 reviews.

Latest release: version 0.4.0 on April 1, 2004 (16 years, 8 months ago).

(5)★★★★Google (#26, 8)

While it is far more than a security tool, Google's massive database is a gold mine for security researchers and penetration testers. You can use it to dig up information about a target company by using directives such as “site:target-domain.com” and find employee names, sensitive information that they wrongly thought was hidden, vulnerable software installations, and more. Similarly, when a bug is found in yet another popular webapp, Google can often provide a list of vulnerable servers worldwide within seconds. Check out the Google Hacking Database and Johnny Long's excellent book: Google Hacking for Penetration Testers. Read 6 reviews.

Tools 1–25 of 107next page →

Categories

Hydra Gui Windows

Hydra Description

A very fast network logon cracker which support many different services.

Currently this tool supports the following protocols: Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.

Homepage: https://www.thc.org/thc-hydra/

Author: Van Hauser, Roland Kessler

License: AGPL-3.0

Hydra Help

Syntax:

Options:

Hydra bruteforce password generation option usage:

Examples:

Hydra Supported Protocols

Supported protocols:

  • asterisk
  • afp
  • cisco
  • cisco-enable
  • cvs
  • firebird
  • ftp
  • ftps
  • http-head
  • https-head
  • http-get
  • https-get
  • http-post
  • https-post
  • http-get-form
  • https-get-form
  • http-post-form
  • https-post-form
  • http-proxy
  • http-proxy-urlenum
  • icq
  • imap
  • imaps
  • irc
  • ldap2
  • ldap2s
  • ldap3
  • ldap3s
  • ldap3-crammd5
  • ldap3-crammd5s
  • ldap3-digestmd5
  • ldap3-digestmd5s
  • mssql
  • mysql
  • nntp
  • oracle-listener
  • oracle-sid
  • pcanywhere
  • pcnfs
  • pop3
  • pop3s
  • postgres
  • rdp
  • redis
  • rexec
  • rlogin
  • rsh
  • rtsp
  • s7-300
  • sip
  • smb
  • smtp
  • smtps
  • smtp-enum
  • snmp
  • socks5
  • ssh
  • sshkey
  • svn
  • teamspeak
  • telnet
  • telnets
  • vmauthd
  • vnc
  • xmpp

Options of Hydra Supported protocols

cisco

Module cisco is optionally taking the keyword ENTER, it then sends an initial ENTER when connecting to the service.

cisco-enable

Module cisco-enable is optionally taking the logon password for the cisco device

Note: if AAA authentication is used, use the -l option for the username and the optional parameter for the password of the user.

Examples:

cvs

Module cvs is optionally taking the repository name to attack, default is '/root'

firebird

Module firebird is optionally taking the database path to attack, default is 'C:Program FilesFirebirdFirebird_1_5security.fdb'

http-get, https-get, http-post, https-post

Module http-get requires the page to authenticate.

For example: '/secret' or 'http://bla.com/foo/bar' or 'https://test.com:8080/members'

http-get-form, https-get-form, http-post-form, https-post-form

Module http-get-form requires the page and the parameters for the web form.

By default this module is configured to follow a maximum of 5 redirections in a row. It always gathers a new cookie from the same URL without variables The parameters take three ':' separated values, plus optional values.

(Note: if you need a colon in the option string as value, escape it with ':', but do not escape a ' with '.)

Syntax:

  • First is the page on the server to GET or POST to (URL).
  • Second is the POST/GET variables (taken from either the browser, proxy, etc. with usernames and passwords being replaced in the '^USER^' and '^PASS^' placeholders (FORM PARAMETERS)
  • Third is the string that it checks for an *invalid* login (by default). Invalid condition login check can be preceded by 'F=', successful condition login check must be preceded by 'S='. This is where most people get it wrong. You have to check the webapp what a failed string looks like and put it in this parameter!

The following parameters are optional:

C=/page/uri

to define a different page to gather initial cookies from

(h|H)=My-Hdr: foo

to send a user defined HTTP header with each request

^USER^ and ^PASS^ can also be put into these headers!

Note: 'h' will add the user-defined header at the end regardless it's already being sent by Hydra or not.

'H' will replace the value of that header if it exists, by the one supplied by the user, or add the header at the end.

Note that if you are going to put colons (:) in your headers you should escape them with a backslash (). All colons that are not option separators should be escaped (see the examples above and below).

You can specify a header without escaping the colons, but that way you will not be able to put colons in the header value itself, as they will be interpreted by hydra as option separators.

Examples:

http-proxy

Module http-proxy is optionally taking the page to authenticate at.

Default is http://www.microsoft.com/)

Basic, DIGEST-MD5 and NTLM are supported and negotiated automatically.

Hydra download pc

http-proxy-urlenum

Module http-proxy-urlenum only uses the -L option, not -x or -p/-P option. The -L loginfile must contain the URL list to try through the proxy. The proxy credentials cann be put as the optional parameter, e.g.

imap, imaps

Module imap is optionally taking one authentication type of: CLEAR or APOP (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1, CRAM-SHA256, DIGEST-MD5, NTLM

Additionally TLS encryption via STARTTLS can be enforced with the TLS option.

Example: imap://target/TLS:PLAIN

irc

Module irc is optionally taking the general server password, if the server is requiring one and none is passed the password from -p/-P will be used

ldap2, ldap2s, ldap3, ldap3s, ldap3-crammd5, ldap3-crammd5s, ldap3-digestmd5, ldap3-digestmd5s

Module ldap2 is optionally taking the DN (depending of the auth method choosed

Note: you can also specify the DN as login when Simple auth method is used).

The keyword '^USER^' is replaced with the login.

Special notes for Simple method has 3 operation modes: anonymous, (no user no pass), unauthenticated (user but no pass), user/pass authenticated (user and pass).

So don't forget to set empty string as user/pass to test all modes.

Hint: to authenticate to a windows active directy ldap, this is usually cn=^USER^,cn=users,dc=foo,dc=bar,dc=com for domain foo.bar.com

mysql

Module mysql is optionally taking the database to attack, default is 'mysql'

nntp

Module nntp is optionally taking one authentication type of: USER (default), LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, NTLM

oracle-listener

Module oracle-listener / tns is optionally taking the mode the password is stored as, could be PLAIN (default) or CLEAR

pop3, pop3s

Module pop3 is optionally taking one authentication type of: CLEAR (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1, CRAM-SHA256, DIGEST-MD5, NTLM.

Additionally TLS encryption via STLS can be enforced with the TLS option.

Example: pop3://target/TLS:PLAIN

postgres

Hydra Gui Windows Operating System

Module postgres is optionally taking the database to attack, default is 'template1'

rdp

Module rdp is optionally taking the windows domain name.

For example:

s7-300

Module S7-300 is for a special Siemens PLC. It either requires only a password or no authentication, so just use the -p or -P option.

smb

Module smb default value is set to test both local and domain account, using a simple password with NTLM dialect.

Note: you can set the group type using LOCAL or DOMAIN keyword or other_domain:{value} to specify a trusted domain.

You can set the password type using HASH or MACHINE keyword (to use the Machine's NetBIOS name as the password).

You can set the dialect using NTLMV2, NTLM, LMV2, LM keyword.

Example:

smtp, smtps

Module smtp is optionally taking one authentication type of: LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, NTLM

Additionally TLS encryption via STARTTLS can be enforced with the TLS option.

Example: smtp://target/TLS:PLAIN

smtp-enum

Hydra Gui Windows

Module smtp-enum is optionally taking one SMTP command of: VRFY (default), EXPN, RCPT (which will connect using 'root' account) login parameter is used as username and password parameter as the domain name

For example to test if john@localhost exists on 192.168.0.1:

snmp

Module snmp is optionally taking the following parameters:

To combine the options, use colons (':'), e.g.:

sshkey

Module sshkey does not provide additional options, although the semantic for options -p and -P is changed:

  • -p expects a path to an unencrypted private key in PEM format.
  • -P expects a filename containing a list of path to some unencrypted private keys in PEM format.

svn

Module svn is optionally taking the repository name to attack, default is 'trunk'

telnet, telnets

Module telnet is optionally taking the string which is displayed after a successful login (case insensitive), use if the default in the telnet module produces too many false positives

xmpp

Module xmpp is optionally taking one authentication type of: LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1

Note, the target passed should be a fdqn as the value is used in the Jabber init request, example: hermes.jabber.org

Hydra Usage Example

Attempt to login as the root user (-l root) using a password list (-P /usr/share/wordlists/metasploit/unix_passwords.txt) with 6 threads (-t 6) on the given SSH server (ssh://192.168.1.123):

Attempt to login as the user (-l user) using a password list (-P passlist.txt) on the given FTP server (ftp://192.168.0.1):

Attempt to login on the given SSH servers (ssh) from the list (-M targets.txt) using a user list (-L logins.txt) and password list (-P pws.txt):

Attempt to login on the given FTP servers on the given subnet (ftp://[192.168.0.0/24]/) as the user admin (-l admin) and the password password (-p password):

Attempt to login on the given mail server (imap://192.168.0.1/), using IMAP protocol with a user list (-L userlist.txt) and the password defaultpw (-p defaultpw), taking the authentication type PLAIN:

Attempt to login on the given mail server using POP3S on the given IPv6 (-6) address 2001:db8::1, on port 143 using the credential list 'login:password' from the defaults.txt file (-C defaults.txt) taking the authentication type DIGEST-MD5 and enforced TLS encryption via STLS (TLS).

xHydra (GUI for THC-Hydra)

xhydra is Gtk+2 frontend for thc-hydra.

To start xHydra GUI issue:

Tools included in the hydra package

  • hydra – Very fast network logon cracker
  • pw-inspector – Reads passwords in and prints those which meet the requirements

Help pw-inspector

PW-Inspector reads passwords in and prints those which meet the requirements. The return code is the number of valid passwords found, 0 if none was found. Use for security: check passwords, if 0 is returned, reject password choice.

Use for hacking: trim your dictionary file to the pw requirements of the target.

Syntax:

How to install Hydra

Windows

The program is pre-installed on Kali Linux.

Installation on Linux (Debian, Mint, Ubuntu)

Hydra Screenshots

Hydra Tutorials

Coming soon…

Related tools

  • patator (97.6%)
  • oclHashcat (53%)
  • hashcat (Hashcat & oclHashcat) (53%)
  • Medusa (53%)
  • Maltego (52.4%)
  • Aircrack-ng (Suite of Tools) (RANDOM - 1.1%)