THC-Hydra

A very fast network logon cracker which support many different services.
 See feature sets and services coverage - incl. a speed comparison against ncrack and medusa

Thc-hydraDOWNLOAD


 Current Version: 7.5
 Last update 2013-09-18

 [0x00] News and Changelog

        Check out the feature sets and services coverage page - including a speed comparison against ncrack and medusa (yes, we win :-) )

        Read below for Linux compilation notes.
        And there is a new section below for online tutorials.
        

        CHANGELOG for 7.5
        ===================

        Note: The archive was updated on the 6th of August to include a
        license exception for OpenSSL but the version number preserved.
        * Moved the license from GPLv3 to AGPLv3 (see LICENSE file)
        * Added module for Asterisk Call Manager
        * Added support for Android where some functions are not available
        * hydra main:
           - reduced the screen output if run without -h, full screen with -h
           - fix for ipv6 and port parsing with service://[ipv6address]:port/OPTIONS
           - fixed -o output (thanks to www417)
           - warning if HYDRA_PROXY is defined but the module does not use it
           - fixed an issue with large input files and long entries
        * hydra library:
           - SSL connections are now fixed to SSLv3 as some SSL servers fail otherwise, report if this gives you problems
           - removed support for old OPENSSL libraries
        * HTTP Form module:
           - login and password values are now encoded if special characters are present
           - ^USER^ and ^PASS^ are now also supported in H= header values
           - if you the colon as a value in your option string, you can now escape it with \: - but do not encode a \ with \\
        * Mysql module: protocol 10 is now supported
        * SMTP, POP3, IMAP modules: Disabled the TLS in default. TLS must now be defined as an option "TLS" if required. This increases performance.
        * Cisco module: fixed a small bug (thanks to Vitaly McLain)
        * Postgres module: libraries on Cygwin are buggy at the moment, module is therefore disabled on Cygwin

 You can also take a look at the full CHANGES file


 [0x01] Introduction

 Welcome to the mini website of the THC Hydra project.

 Number one of the biggest security holes are passwords, as every password security study shows.
 Hydra is a parallized login cracker which supports numerous protocols to attack. New modules
 are easy to add, beside that, it is flexible and very fast.

        Hydra was tested to compile on Linux, Windows/Cygwin, Solaris 11, FreeBSD 8.1 and OSX, and
        is made available under GPLv3 with a special OpenSSL license expansion.

 Currently this tool supports:
   Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST,
   HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD,
   HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle,
   PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, SMTP Enum,
   SNMP, SOCKS5, SSH (v1 and v2), Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.

        For HTTP, POP3, IMAP and SMTP, several login mechanisms like plain and MD5 digest etc. are supported.

 This tool is a proof of concept code, to give researchers and security consultants the 
 possiblity to show how easy it would be to gain unauthorized access from remote to a system.

        The program is maintained by van Hauser and David Maciejak.

http://savehackers.blogspot.com