Hydra (software)

Hydra is a parallelized network login cracker built in various operating systems like Kali Linux, Parrot and other major penetration testing environments. Hydra works by using different approaches to perform brute-force attacks in order to guess the right username and password combination. Hydra is commonly used by penetration testers together with a set of programmes like crunch,[2] cupp[3] etc, which are used to generate wordlists. Hydra is then used to test the attacks using the wordlists that these programmes created.

THC Hydra
Stable release
9.2 / March 15, 2021; 30 days ago (2021-03-15)[1]
Written inC
Operating systemCross-platform
TypePassword cracking
LicenseGNU General Public License (version 3 or later)

Hydra is set to be updated over time as more services become supported. The creator of Hydra publishes his work in repositories like GitHub.

Supported protocolsEdit

Hydra supports many common login protocols like forms on websites, FTP, SMB, POP3, IMAP, MySQL, VNC, SSH and others.[4]


Here is a sample output in a Debian environment.

$ hydra -L names -P pws ftp://wanne.t-8ch.de 
[names = Username file, commonly with .txt extestion]
[pws = Password file, commonly with .txt extestion]

Hydra v7.3 (c)2012 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2013-02-09 00:54:40
[DATA] 16 tasks, 1 server, 516 login tries (l:43/p:12), ~32 tries per task
[DATA] attacking service ftp on port 21
[21][ftp] host:   login: john   password: passwd
[STATUS] attack finished for wanne.t-8ch.de (waiting for children to finish)
1 of 1 target successfully completed, 1 valid password found
Hydra (http://www.thc.org/thc-hydra) finished at 2013-02-09 00:54:51


  1. ^ "Releases · vanhauser-thc/thc-hydra". github.com. Retrieved 2021-04-12.
  2. ^ https://tools.kali.org/password-attacks/crunch
  3. ^ "CUPP - Common User Passwords Profiler". GitHub. Retrieved 2021-02-04.
  4. ^ "Debian -- Details of package hydra in buster". packages.debian.org. Retrieved 2020-05-26.

External linksEdit