thc-hydra

Hydra is an open-source login testing tool written in C, originally released in 2001 by the THC security research group. Security professionals and penetration testers use it to check whether a target system's login credentials can be found by trying many username and password combinations in an automated way. The README explicitly states the tool is for legal purposes only and for use by researchers and consultants demonstrating how weak passwords create access risks.

The primary feature that distinguishes Hydra from similar tools is its support for a large number of protocols in a single program. It can test logins over SSH, FTP, Telnet, HTTP, HTTPS, SMTP, POP3, IMAP, MySQL, PostgreSQL, MS-SQL, Oracle, RDP, VNC, SMB, LDAP, SNMP, SIP, and more than 50 other protocols and services. The module system for adding new protocols is described as straightforward, and community contributions of new modules are welcomed.

From the command line, you specify the protocol, the target system, and lists of usernames and passwords to try. Hydra runs multiple parallel connection attempts at the same time, which can be configured with a number-of-tasks option. Both single targets and ranges of IP addresses are supported. A text file can supply a list of individual targets if you need to test more than one system. A graphical interface called xhydra is available on Linux.

Hydra compiles and runs on Linux, macOS, Windows via Cygwin, FreeBSD, Solaris, and some mobile platforms. A Docker image is provided for faster setup. Optional libraries extend which protocol modules are available; the README lists the specific package names for Debian and Ubuntu. The project is licensed under AGPLv3.