Hydra Password Brute Force

Hydra 2022 update version 9.4

Updated Dec 2022:

The latest version of Hydra as at the time of this article is Hydra 9.4 released in Sept 2022.

Hydra examples

Hydra continues to be a recognised and widely used method for brute force attacks for password cracking. The tool supports many protocols, a few of which are SSH, SMTP, IMAP, MONGODB, CISCO AAA, VNC, RDP amongst many others.

From the command line the basic syntax structure for brute forcing logins with username and/or passwords is as follows:

$ hydra -l username -P wordlist protocol host

this could look like this:

$ hydra -l admin -P wordlist /user/share/wordlists/rockyou.txt ssh

or the same search using :// option

$ hydra -l admin -P wordlist /user/share/wordlists/rockyou.txt ssh:// 


Problems noted in post comparing hydra with ncrack and medusa have been addressed and after testing it can be confirmed these issues are no longer present.


* Update SIP module to extract and use external IP addr return from server error to bypass NAT
* Update SIP module to use SASL lib
* Update email modules to check clear mode when TLS mode failed
* Update Oracle Listener module to work with Oracle DB 9.2
* Update LDAP module to support Windows 2008 active directory simple auth
* Fix to the connection adaptation engine which would loose planned attempts
* Fix make script for CentOS, reported by ya0wei
* Print error when a service limits connections and few pairs have to be tested
* Improved Mysql module to only init/close when needed
* Added patch from the FreeBSD maintainers
* Module usage help does not need a target to be specified anymore
* configure script now honors /etc/ directory