Brute force attack with Hydra and Kali Linux

Ivan (이반) Porta
4 min readJun 18, 2020

Hydra is a fast and flexible login cracker which can be used on both Linux and Windows, and supports protocols like AFP, HTTP-FORM-GET, HTTP-GET, HTTP-FORM-POST, HTTP-HEAD, HTTP-PROXY, and many more.

Hydra is installed by default on Kali Linux. There are both command line and graphical versions of Hydra, but real developers use command line, right?! ;-)

To familiarize yourself with Hydra’s syntax open your terminal and execute the command:

hydra -h

Immediately, the hydra helper will be prompted on the screen showing the possible flags, so take a moment to read the descriptions.

root@kali:~# hydra -h
Hydra v7.6 (c)2013 by van Hauser/THC & David Maciejak - for legal purposes only
Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr] [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT] [-x MIN:MAX:CHARSET] [-SuvV46] [service://server[:PORT][/OPT]]Options:
-R restore a previous aborted/crashed session
-S perform an SSL connect
-s PORT if the service is on a different default port, define it here
-l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE
-p PASS or -P FILE try password PASS, or load several passwords from FILE…



Ivan (이반) Porta

Senior DevOps Engineer | Terraform Associate | Certified Argo Project Associate