Hydra is a parallelized login cracker which supports numerous protocols to attack. It is very fast and flexible, and new modules are easy to add. This tool makes it possible for researchers and security consultants to show how easy it would be to gain unauthorized access to a system remotely.
`It supports: Cisco AAA, Cisco auth, Cisco enable, CVS, FTP, HTTP(S)-FORM-GET, HTTP(S)-FORM-POST, HTTP(S)-GET, HTTP(S)-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MySQL, NNTP, Oracle Listener, Oracle SID, PC-Anywhere, PC-NFS, POP3, PostgreSQL, RDP, Rexec, Rlogin, Rsh, SIP, SMB(NT), SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.
Running hydra to brute force a specific service such ssh or ftp is simple, here we try with ssh and we use the flag “-l” to provide the user name root and the flag “-P” as the path to the wordlist, “-vV” is for verbose output to be displayed.
Let’s try brute forcing ftp service:
Let’s say the service you trying to brute force is not on the usual port, for example ssh service is on port 22 but you can change the port to something like 2222, so now we need to use the flag “-s” and specify the new port:
We also have another application xHydra which is a GUI frontend for Hydra. xHydra can be used for both offline and online password cracking. xHydra can be used for many types of online attacks, including attacks against MySQL, SMB, MSSQL, and many types of HTTP/HTTPS logins, just to name a few.
You can start xHydra from the application menu