← 返回命令列表

Linux command

hydra 命令

网络

需要网络或远程资源。

常用示例

Brute force SSH

hydra -l [user] -P [passwords.txt] ssh://[target]

HTTP form brute force

hydra -l [admin] -P [pass.txt] [target] http-post-form "/login:user=^USER^&pass=^PASS^:Invalid"

FTP brute force

hydra -L [users.txt] -P [pass.txt] ftp://[target]

Specify threads

hydra -t [4] -l [user] -P [pass.txt] [target] [service]

Verbose output

hydra -v -l [user] -P [pass.txt] [target] ssh

说明

Hydra is a parallelized network login cracker used in authorized penetration testing and security auditing. It systematically attempts username and password combinations against remote authentication services, drawing credentials from user-supplied wordlists or single values. Multiple connection threads run in parallel (configurable with `-t`), allowing it to test a large number of combinations efficiently. Hydra supports over 50 protocols and services out of the box, including SSH, FTP, HTTP/HTTPS (basic auth, form-based, and digest), SMB, RDP, MySQL, PostgreSQL, SMTP, IMAP, LDAP, VNC, and many more. For web applications, its `http-post-form` and `http-get-form` modules accept custom request templates with placeholder markers for injecting credentials. Results can be saved to a file for later analysis, and the tool can resume interrupted sessions.

参数

-l _LOGIN_
Single username.
-L _FILE_
Username list.
-p _PASS_
Single password.
-P _FILE_
Password list.
-t _NUM_
Parallel connections.
-v
Verbose output.
--help
Display help information.

FAQ

What is the hydra command used for?

Hydra is a parallelized network login cracker used in authorized penetration testing and security auditing. It systematically attempts username and password combinations against remote authentication services, drawing credentials from user-supplied wordlists or single values. Multiple connection threads run in parallel (configurable with `-t`), allowing it to test a large number of combinations efficiently. Hydra supports over 50 protocols and services out of the box, including SSH, FTP, HTTP/HTTPS (basic auth, form-based, and digest), SMB, RDP, MySQL, PostgreSQL, SMTP, IMAP, LDAP, VNC, and many more. For web applications, its `http-post-form` and `http-get-form` modules accept custom request templates with placeholder markers for injecting credentials. Results can be saved to a file for later analysis, and the tool can resume interrupted sessions.

How do I run a basic hydra example?

Run `hydra -l [user] -P [passwords.txt] ssh://[target]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.

What does -l _LOGIN_ do in hydra?

Single username.