THC-Hydra v8.0 Released

THC-Hydra – the best parallized login hacker: for Samba, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support and is part of Nessus.

Changelog v8.0

  • Development moved to a public github repository: https://github.com/vanhauser-thc/thc-hydra
  • Added module for redis (submitted by Alejandro Ramos, thanks!)
  • Added patch which adds Unicode support for the SMB module (thanks to Max Kosmach)
  • Added initial interactive password authentication test for ssh (thanks to Joshua Houghton)
  • Added patch for xhydra that adds bruteforce generator to the GUI (thanks to Petar Kaleychev)
  • Target on the command line can now be a CIDR definition, e.g. 192.168.0.0/24
  • with “-M targetfile”, you can now specify a port for each entry (use “target:port” per line)
  • Verified that hydra compiles cleanly on QNX / Blackberry 10 🙂
  • Bugfixes for -x option:
    • password tries were lost when connection errors happened (thanks to Vineet Kumar for reporting)
    • fixed crash when used together with -e option
  • Fixed a bug that hydra would not compile without libssh (introduced in v7.6)
  • Various bugfixes if many targets where attacked in parallel
  • Cygwin’s Postgresql is working again, hence configure detection re-enabled
  • Added gcc compilation security options (if detected to be supported by configure script)
  • Enhancements to the secure compilation options
  • Checked code with cppcheck and fixed some minor issues.
  • Checked code with Coverity. Fixed a lot of small and medium issues.

 

Hydra was tested to compile on Linux, Windows/Cygwin, Solaris 11, FreeBSD 8.1, OpenBSD, OSX, QNX/Blackberry, and is made available under GPLv3 with a special OpenSSL license expansion.

Currently this tool supports:
Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, S7-300, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP, SOCKS5, SSH (v1 and v2), Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.

For HTTP, POP3, IMAP and SMTP, several login mechanisms like plain and MD5 digest etc. are supported.

 

More Information:

Download THC-Hydra v8.0

MaxiSoler

www.artssec.com @maxisoler
Strengthening Security: ToolsWatch Welcomes Dr. Magda Lilia Chelly and Vivek Ramachandran to Black Hat Arsenal’s Board of Review

Strengthening Security: ToolsWatch Welcomes Dr. Magda Lilia Chelly and Vivek Ramachandran to Black Hat Arsenal’s Board of Review

GISEC Armory Edition 1 Dubai 2024 – Call For Tools is Open

GISEC Armory Edition 1 Dubai 2024 – Call For Tools is Open

Black Hat Arsenal 2024 Next Stop Singapore !

Black Hat Arsenal 2024 Next Stop Singapore !

ToolsWatch introducing Armory at Gisec 2024 in Dubai: A New Arena for Cybersecurity Open Source Tools Announced

ToolsWatch introducing Armory at Gisec 2024 in Dubai: A New Arena for Cybersecurity Open Source Tools Announced

Unveiling the Awesome Lineup for Black Hat MEA Arsenal 2023 in Riyadh, KSA

Unveiling the Awesome Lineup for Black Hat MEA Arsenal 2023 in Riyadh, KSA

Announcing the First Black Hat / ToolsWatch SecTor Toronto 2023 Arsenal Tools and Their Impact on the Community

Announcing the First Black Hat / ToolsWatch SecTor Toronto 2023 Arsenal Tools and Their Impact on the Community