When you need to brute force crack a remote authentication service, Hydra is often the tool of choice. It can perform rapid dictionary attacks against more than 50 protocols, including telnet, ftp, http, https, smb, several databases, and much more. Like THC Amap this release is from the fine folks at THC. Other online crackers are Medusa and Ncrack. The Nmap Security Scanner also contains many online brute force password cracking modules.
News and Changelog on Hydra 8.2
- Added RTSP module, thanks to jjavi89 for supplying!
- Added patch for ssh that fixes hyra stopping to connect, thanks to ShantonRU for the patch
- Added new -O option to hydra to support SSL servers that do not suport TLS
- Added xhydra gtk patche by Petar Kaleychev to support modules that do not use usernames
- Added patch to redis for initial service checking by Petar Kaleychev – thanks a lot!
- Added support in hydra-http for http-post (content length 0)
- Fixed important bug in http-*://server/url command line processing
- Added SSL SNI support
- Fixed bug in HTTP Form redirection following – thanks for everyone who reported and especially to Hayden Young for setting up a test page for debugging
- Better library finding in ./configure for SVN + support for Darwin Homebrew (and further enhanced)
- Fixed http-form module crash that only occurs on *BSD/OSX systems. Thanks to zdk for reporting!
- Fixed for SSL connection to support TLSv1.2 etc.
- Support for different RSA keylengths, thanks to fann95 for the patch
- Fixed a bug where the cisco-enable module was not working with the password-only logon mode
- Fixed an out of memory bug in http-form
- Fixed imap PLAIN method
- Fixed -x option to bail if it would generate too many passwords (more than 4 billion)
- Added warning if HYDRA_PROXY_CONNECT environment is detected, that is an outdated settingAdded –fhs switch to configure (for Linux distribution usage)
Where to Download hydra:
You can always find the newest release/production version of hydra at its
project page at https://www.thc.org/thc-hydra
If you are interested in the current development state, the public development
repository is at Github:
svn co https://github.com/vanhauser-thc/thc-hydra
git clone https://github.com/vanhauser-thc/thc-hydra.git
Note:
Use the development version at your own risk. It contains new features and
new bugs. Things might not work!
How to Compile Hydra:
To configure, compile and install hydra, just type:
./configure make make install
If you want the ssh module, you have to setup libssh (not libssh2!) on your
system, get it from http://www.libssh.org, for ssh v1 support you also need
to add “-DWITH_SSH1=On” option in the cmake command line.
If you use Ubuntu/Debian, this will install supplementary libraries needed
for a few optional modules:\
apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \ libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \ firebird2.1-dev libncp-dev
This enables all optional modules and features with the exception of Oracle,
SAP R/3 and the apple filing protocol – which you will need to download and
install from the vendor’s web sites.
Supported Platforms:
- All UNIX platforms (linux, *bsd, solaris, etc.)
- Mac OS/X
- Windows with Cygwin (both IPv4 and IPv6)
- Mobile systems based on Linux, Mac OS/X or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq)