THC Hydra – Bruteforce and Dictionary Attack Tool

Number one of the biggest security holes are passwords, as every password security study shows. THC Hydra is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system.

THC Hydra - Bruteforce Attack Tool
THC Hydra – Bruteforce Attack Tool

Currently this tool supports the following protocols:

Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MEMCACHED, MONGODB, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.

The tool can be used on the following platforms:

  • All UNIX platforms (Linux, *BSD, Solaris, etc.)
  • MacOS (basically a BSD clone)
  • Windows with Cygwin (both IPv4 and IPv6)
  • Mobile systems based on Linux, MacOS or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq)

The user may automate the attack and run a parallel login to different systems or any of the supported protocols.

You can read more and download this tool over here: https://github.com/vanhauser-thc/thc-hydra

Share