THC HYDRA

Network Mapper

THC Hydra is a popular password cracking tool developed by the hacking group THC (The Hacker’s Choice). It is designed for online brute-force attacks and can be used to test the strength of passwords in various network protocols such as SSH, RDP, HTTP, and HTML forms. Hydra is known for its flexibility and high performance due to its parallelization feature that allows multiple threads to operate in parallel, optimizing efficiency and speeding up the brute-forcing process.

DOWNLOADS

SYSTEM REQUIREMENTS

RAM : At least 3 GB for better performance.

Storage : Minimam 1 GB of storage.

OS : Linux, Windows (via Cygwin), macOS, Solaris, FreeBSD/OpenBSD, and QNX.

Architecture : Compatible with x86 and x64 systems.

Available On : PC


ADDITIONAL INFORMATION

Published By

THC (The Hacker's Choice).

Release Date

Early 2000s

Approximate Size

956 KB (lightweight tool).

Publisher Info

THC is a group of security researchers and developers.

Supported Languages

English

Last Update

12 June 2023, version 9.5

Programming Language

Primarily written in C.

Operating System

Cross-platform.

License

Open-source (GNU Affero General Public License).

  1. Supports many common login protocols, including forms on websites, FTP, SMB, POP3, IMAP, MySQL, VNC, SSH, HTTP(S), and others.
  2. Works online, unlike some other tools that work offline.
  3. Uses both dictionary and brute-force attacks to attack login pages.
  4. Fast network logon cracker, making it one of the most efficient password cracking tools available.
  5. Supports numerous protocols to attack, making it highly flexible.
  6. Easy to add new modules, allowing for constant updates and improvements.
  7. Can be used by researchers and security consultants to demonstrate how easy it is to gain unauthorized access to a system remotely.

  1. The THC Hydra tool is a parallelized network login cracker designed to perform brute-force attacks to guess the correct username and password combinations.
  2. . It works by trying different username and password combinations using a wordlist.
  3. Hydra supports various login protocols including FTP, SMB, POP3, IMAP, MySQL, VNC, SSH, and HTTP(S) among others.
  4. . It’s commonly used in conjunction with tools like crunch or cupp, which are used to generate wordlists.
  5. As more services are developed, Hydra’s creator updates the tool to support these new services.
  6. It can be found in operating systems like Kali Linux, Parrot, and other major penetration testing environments.

  1. This tool is very effective against some databases like LDAP, SMB, VNC, SSH. This tool works really very simple the hacker should just give the login page of the targeted user and the tool runs and finds the correct username and password.
  2. Comparing to john the ripper this tool is quite powerful because some modern keywords are stored in the memory of the tool.
  3. This tool is quite aggressive so, how to defend yourself from this kind of attack?

Here are the three possible ways :

  • Continueous monitoring
  • MFA (Multi factor authentication)
  • File level encrypeion or disk level encryption.

THC Hydra is a versatile tool for password cracking and penetration testing. Here are some examples of its usage :

  1. Brute-Force Attacks : Hydra can perform rapid brute-force attacks on various protocols like SSH, FTP, HTTP, and more. For instance, to test SSH login credentials :

    2. $ hydra -l username -P passwordlist.txt ssh://192.168.1.1

    This command attempts to log in using a list of passwords.

  2. Web Form Testing : Hydra can target web forms to test login credentials. For example :

    3. $ hydra -l admin -P passwords.txt http-post-form "/login.php:user=^USER^&pass=^PASS^:Invalid login"

    This tests a web form for valid username-password combinations.

  3. Parallel Testing : Hydra supports parallel connections, making it faster. You can specify the number of threads to use :

    4. $ hydra -t 16 -l user -P passwords.txt ftp://192.168.1.1

    This uses 16 threads for FTP login testing.

  4. Password Spraying : If you know a common password but not the username, Hydra can test multiple usernames with the same password :

    5. $ hydra -L usernames.txt -p commonpassword ssh://192.168.1.1
  5. Custom Protocols : Hydra allows testing custom protocols by creating modules. This flexibility makes it suitable for unique penetration testing scenarios.

Remember, ethical use is crucial—always obtain permission before testing systems!

  • libapr1
  • libbson-1.0-0
  • libc6
  • libfbclient2
  • libfreerdp2-2
  • libgcrypt20
  • libidn12
  • libmariadb3
  • libmemcached11
  • libmongoc-1.0-0
  • libpcre2-8-0
  • libpq5
  • libssh-4
  • libssl3
  • libsvn1
  • libtinfo6
  • libwinpr2-2
  • zlib1g

Terminal Installation Commands ...

$ sudo apt-get update

$ git clone https://github.com/vanhauser-thc/thc-hydra

GUI Installation Steps ...
Linux

THC Hydra's GUI version, Hydra-GTK, is available for Linux, but installation requires some manual steps. Here's how you can install and uninstall it :

  1. Update your system : sudo apt update && sudo apt upgrade -y
  2. Install dependencies : sudo apt install hydra-gtk
  3. Verify installation : hydra-gtk

If the GUI launches, you're good to go!

Windows

This GUI is limited to FTP, RDP, HTTP Auth, and HTTP form attacks.

  1. Download the compiled version of THC Hydra from here.
  2. Extract the archive and run hydra.exe.
  3. Ensure you have Microsoft Visual C++ 2008 Redistributable Package installed, download from here.
MacOS

To install THC Hydra on macOS, you can use Homebrew :

  1. Open Terminal.
  2. Install Homebrew (if not already installed) using :

    3. $ /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
  3. Make Homebrew available : echo 'eval "$(brew shellenv)"' >> ~/.zprofile
  4. Install Hydra : brew install hydra

Terminal Uninstallation Commands ...

$ sudo apt-get remove hydra

$ sudo apt autoclean && apt autoremove

GUI Uninstallation Steps ...
Linux
  1. Remove Hydra-GTK : sudo apt remove --purge hydra-gtk -y
  2. Clean up residual files : sudo apt autoremove && sudo apt clean
Windows
  1. Delete the extracted files and folders.
  2. Remove any related dependencies if installed.
MacOS

Hydra supports make uninstall, but if installed via Homebrew, remove it using : brew uninstall hydra

Copyright © 2025 HACKERSPOT

All original content, including tools, software, and other information, is protected by copyright and remains the property of its respective owners.

Subscribe for more Information
HACKERSPOT

HackerSpot is an informational platform that offers resources such as tools, software, courses, internships, and various other materials aimed at supporting individuals passionate about CyberSecurity and IT.

About Us
Docs / Links

Documentation

Tools

Softwares

Operating Systems

Learning

Courses

Internships

Virtual Labs

Colleges

Youtube Channels

Resources

Devices & Hardware

Browsers

Cyber Threat Maps

Other Resources

Contacts

Bapatla, Andhrapradesh, India 237101

bablunannam@gmail.com

+91 7995819235