install hydra using apt

apt install hydra

Examples command

hydra –l user1 -P rockyou.txt smbBrute-forcing the SMB service
hydra -l user1 -P rockyou.txt the FTP service
hydra -L users.txt -P passwords.txt -u -f ssh:// -t 4SSH Attack
hydra -C /opt/useful/SecLists/Passwords/Default-Credentials/ftp-betterdefaultpasslist.txt -s 8080 http-get /Basic Auth Brute Force – Combined the most used Default-Credentials
hydra -L /opt/useful/SecLists/Usernames/Names/names.txt -P /opt/useful/SecLists/Passwords/Leaked-Databases/rockyou.txt -u -f -s 8080 http-get /Username/Password Attack
hydra -L /opt/useful/SecLists/Usernames/Names/usernames.txt -p Aa123456 -u -f -s 8080 http-get /Username Brute Force/passwordspray
hydra -C /opt/useful/SecLists/Passwords/Default-Credentials/ftp-betterdefaultpasslist.txt -s 8080 http-post-form
“/login.php:username=^USER^&password=^PASS^:F=<form name=’login
hydra -l administrator -P /opt/useful/SecLists/Passwords/Leaked-Databases/rockyou.txt -f -s 8080 http-post-form “/login.php:username=^USER^&password=^PASS^:F=<form name=’login'”
example for hydra with http-post-form


usful command to locate rockyou.txt file

locate rockyou.txt

usernames wordlist from SecLists

locate names.txt

Hydra list supported services:

hydra -h | grep "Supported services" | tr ":" "\n" | tr " " "\n" | column -e

find out how to use the http-post-form module

hydra http-post-form -U

http request options

http[s]-{head|get|post}used for basic HTTP authentication

http[s]-post-form used for login forms, like .php or .aspx and others

speed up broute force

“-u” flag, tries all users on each password, instead of trying all passwords on one user

Screenshots gallery

Like this article?

You may also enjoy these articles

SearchSploit: Guide to Exploit Database Search

Searchsploit is a command-line tool that allows users to search the Exploit Database, which is a repository of publicly disclosed vulnerabilities and exploitation techniques. It

fuzzing with ffuf tool

Guide to FFUF tool – Web Application Fuzzing

FFUF is a powerful and flexible open-source tool for performing web application fuzzing. Whether you’re a security professional looking to identify vulnerabilities or a developer

Guide to sqlmap tool – sql injection

SQLmap is an powerful open source tool used by hackers to detect and exploit SQL
injection flaws. SQLmap automates the process of detecting and exploiting

Scroll to Top