Description

Number one of the biggest security holes are passwords, as every password security study shows.

There are already several login hacker tools available, however, none does either support more than one protocol to attack or support parallelized connects.

It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, FreeBSD/OpenBSD, QNX (Blackberry 10) and MacOS.

Currently this tool supports the following protocols:

Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MEMCACHED, MONGODB, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, Radmin, RDP, Rexec, Rlogin, Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.

However the module engine for new services is very easy so it won't take a long time until even more services are supported.

Cheatsheet

SSH Bruteforce

docker run -it --rm -v <wordlist_src_dir>:/usr/share/wordlists secsi/hydra -L root -P /usr/share/wordlists/<wordlist_file> -t 3 -s port <target_port> ssh 

FTP Bruteforce

docker run -it --rm -v <input_dir>:/usr/share/wordlists secsi/hydra -L <input_dir>/users.txt -P <input_dir>/passwords.txt -t 3 -s 21 <target_ip> ftp