hydra

-4use IPv4 addresses (default)

-6use IPv6 addresses (put always in [] also in servers-to-attack)

-sif the service is on a different default port, define it here

-ddebug mode

-llogin with login name

-qdo not print messages about connection errors

-Lload several logins from file

the target: DNS, IP or 192.168.0.0/24 (this OR the servers-to-attack option)

-Ouse old SSL v2 and v3

-MList of servers to attack, one entry per line, ':' to specify port

the service to crack. Supported: adam6500 asterisk cisco cisco-enable cvs ftp[s] http[s]-{head|get|post} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] mssql mysql(v4) nntp oracle-listener oracle-sid pcanywhere pcnfs pop3[s] redis rexec rlogin rpcap rsh rtsp s7-300 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey teamspeak telnet[s] vmauthd vnc xmpp

-vverbose mode

-ptry password

-Pload several passwords from FILE

-fexit when a login/pass pair is found per host

-etry n null password, s login as pass and/or r reversed login

-boutput format: text(default), json, jsonv1

-Trun a number of connects in parallel overall (default: 64)

-Ccolon separated login:pass format, instead of usernames/passwords files

-xMIN:MAX:CHARSET password bruteforce generation. e.g 5:8:A1 generate passwords from length 5 to 8 with uppercase characters and numbers

-Vshow login+pass for each attempt

-Kdo not redo failed attempts (good for servers-to-attack mass scanning)

-Fexit when any login/pass pair is found globally

-uloop around users, not passwords (effective! implied with -x)

-tRun a number of connects in parallel per target (default: 16)

-ruse a non-random shuffling method for option -x

-Sperform an SSL connect

-cwait time per login attempt over all threads (enforces threads-per-target: 1)

-wwait time for a response (default: 32)

-ydisable use of symbols in bruteforce

-Wwait time between connects per thread (default: 0)