Pentesting

🛠️ Hydra Cheat Sheet 💡 Hydra is a powerful password-cracking tool for brute-forcing authentication protocols. It supports various protocols and is highly customizable for complex scenarios. 📌 1. Basic Syntax hydra [options] <IP/Target> <protocol> Examples: Brute-force SSH login with a single username and password list: hydra -l admin -P passwords.txt 192.168.1.10 ssh Brute-force HTTP POST login form: hydra -l admin -P passwords.txt 192.168.1.10 http-post-form "/login:username=^USER^&password=^PASS^:F=Invalid login" 📌 2. Common Flags Flag Description -h Display help menu. -l <user> Single username/login. -L <file> Wordlist for usernames. -p <pass> Single password. -P <file> Wordlist for passwords. -s <port> Specify target port. -f Stop after finding valid credentials. -R Restore previous session. -t <num> Number of parallel threads (default: 16). -V Verbose output (show each attempt). -I Ignore an existing restore file. -u Loop usernames with each password attempt. -w <sec> Wait seconds between retries. -o <file> Write found credentials to a file. 📌 3. Supported Protocols Hydra supports a wide range of protocols, including: ...