THC-Hydra v8.0 Released
THC-Hydra – the best parallized login hacker: for Samba, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support and is part of Nessus.
- Development moved to a public github repository: https://github.com/vanhauser-thc/thc-hydra
- Added module for redis (submitted by Alejandro Ramos, thanks!)
- Added patch which adds Unicode support for the SMB module (thanks to Max Kosmach)
- Added initial interactive password authentication test for ssh (thanks to Joshua Houghton)
- Added patch for xhydra that adds bruteforce generator to the GUI (thanks to Petar Kaleychev)
- Target on the command line can now be a CIDR definition, e.g. 192.168.0.0/24
- with “-M targetfile”, you can now specify a port for each entry (use “target:port” per line)
- Verified that hydra compiles cleanly on QNX / Blackberry 10 🙂
- Bugfixes for -x option:
- password tries were lost when connection errors happened (thanks to Vineet Kumar for reporting)
- fixed crash when used together with -e option
- Fixed a bug that hydra would not compile without libssh (introduced in v7.6)
- Various bugfixes if many targets where attacked in parallel
- Cygwin’s Postgresql is working again, hence configure detection re-enabled
- Added gcc compilation security options (if detected to be supported by configure script)
- Enhancements to the secure compilation options
- Checked code with cppcheck and fixed some minor issues.
- Checked code with Coverity. Fixed a lot of small and medium issues.
Hydra was tested to compile on Linux, Windows/Cygwin, Solaris 11, FreeBSD 8.1, OpenBSD, OSX, QNX/Blackberry, and is made available under GPLv3 with a special OpenSSL license expansion.
Currently this tool supports:
Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, S7-300, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP, SOCKS5, SSH (v1 and v2), Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.
For HTTP, POP3, IMAP and SMTP, several login mechanisms like plain and MD5 digest etc. are supported.