If you’re stepping into the world of ethical hacking, one of the first powerful tools you’ll hear about is Hydra.
Hydra is a fast and flexible password cracking tool used in cybersecurity for testing login credentials across different services like SSH, FTP, HTTP, and more. Think of Hydra like a robot that tries thousands of username-password combinations quickly to find weak passwords. We have created an tool which you can use to check if your password is ever breached or not, give it a try.
Cybersecurity professionals use Hydra to:
- Test system security
- Identify weak passwords
- Perform penetration testing
- Simulate real-world attacks
For beginners, learning Hydra is a game-changer because it teaches how attackers think—and how to defend against them.
In this Hydra Cheat Sheet, you will learn:
- Installation on Kali Linux
- 60+ Hydra commands (beginner + advanced)
- Real-world examples
- Hands-on lab scenarios
- Practical cybersecurity insights
By the end of this guide, you won’t just memorize commands—you’ll understand how to use Hydra in real-world hacking scenarios.
Table of Contents
How to Install Hydra on Kali Linux
Hydra comes pre-installed in most Kali Linux distributions. Hydra is a powerful password cracking tool widely used in cybersecurity. You can explore its official documentation on Hydra GitHub repository to understand its full capabilities and updates.
Step 1: Check if Hydra is installed
hydra -h
If installed, you’ll see help output.
Step 2: Install Hydra (if not installed)
sudo apt update
sudo apt install hydra -y
Step 3: Verify Installation
hydra -h
BASIC COMMANDS OF HYDRA
Below is your Hydra Cheat Sheet (Beginner Level).
| Command Syntax | Purpose of Command | Description |
|---|---|---|
| hydra -h | Show help menu | Displays all available Hydra options and syntax usage. This command is essential for beginners to understand how Hydra works and explore different modules, flags, and supported services without needing external documentation. |
| hydra -l user -P pass.txt ssh://target | SSH brute force | Attempts to log into an SSH service using a single username and a password list. It cycles through each password until it finds valid credentials or exhausts the list completely. |
| hydra -L users.txt -P pass.txt ftp://target | FTP brute force | Uses a list of usernames and passwords to attempt login on FTP service. This is useful in penetration testing when multiple accounts exist and weak passwords are suspected. |
| hydra -l admin -p password ftp://target | Single login test | Tests a single username and password combination against a service. This is useful for verifying credentials quickly without running full brute force attacks. |
| hydra -l admin -P pass.txt http-get://target | HTTP GET attack | Attempts login on web forms using GET requests. Hydra simulates login attempts using provided credentials and checks for successful authentication responses. |
| hydra -l admin -P pass.txt http-post-form | HTTP POST attack | Performs brute force attacks on login forms that use POST requests. It requires specifying form parameters and failure conditions for accurate results. |
| hydra -L users.txt -p 123456 ssh://target | Multiple users single password | Tries one password across many usernames. Useful when testing for weak default passwords used across multiple accounts in a system. |
| hydra -l root -P rockyou.txt ssh://target | Dictionary attack | Uses a popular wordlist like rockyou.txt to try common passwords against a target service. This is one of the most common real-world attack techniques. |
| hydra -t 4 target ssh | Set threads | Controls number of parallel connections. Increasing threads speeds up attack but may trigger detection systems or overload the target service. |
| hydra -V ssh://target | Verbose output | Displays every login attempt made by Hydra. This helps in debugging and understanding how Hydra is progressing during the attack process. |
| hydra -v ssh://target | Basic verbose | Shows limited output for each attempt. Useful when you want visibility without overwhelming logs with too much data. |
| hydra -o output.txt ssh://target | Save output | Stores successful login results in a file. This helps in documenting findings during penetration testing engagements. |
| hydra -f ssh://target | Stop after success | Stops the attack immediately after finding the first valid credential. This reduces unnecessary attempts and speeds up testing. |
| hydra -s 2222 ssh://target | Custom port | Targets a service running on a non-default port. Useful when services are configured on unusual ports for security through obscurity. |
| hydra -u ssh://target | Loop users first | Changes attack order to iterate usernames first before passwords. Useful in specific attack strategies where user enumeration is prioritized. |
| hydra -e ns ssh://target | Try null password | Tests empty passwords and username-as-password combinations. This identifies weak configurations where no password policies are enforced. |
| hydra -C combo.txt ssh://target | Combo file attack | Uses a file containing username:password pairs. This is efficient when testing leaked credential combinations from data breaches. |
| hydra -I ssh://target | Ignore restore file | Starts a fresh session ignoring previous attempts. Useful when restarting attacks without resuming previous progress. |
| hydra -R ssh://target | Resume attack | Continues a previously interrupted attack using restore files. Essential for long-running brute force operations. |
| hydra -t 16 ssh://target | Increase speed | Uses more threads for faster execution. However, this may increase detection risk or cause service instability. |
| hydra -w 5 ssh://target | Wait time | Sets delay between attempts. Helps avoid triggering intrusion detection systems or account lockouts. |
| hydra -l admin -P pass.txt smtp://target | SMTP attack | Attempts login on mail servers using SMTP protocol. Useful for testing email server security. |
| hydra -l admin -P pass.txt telnet://target | Telnet attack | Brute forces Telnet service credentials. Telnet is insecure and often vulnerable in legacy systems. |
| hydra -l admin -P pass.txt rdp://target | RDP brute force | Attempts login on Remote Desktop Protocol. Often used in enterprise penetration testing scenarios. |
| hydra -l admin -P pass.txt mysql://target | MySQL attack | Tests database credentials. Useful for identifying weak database passwords in internal networks. |
| hydra -l admin -P pass.txt mssql://target | MSSQL attack | Targets Microsoft SQL servers. Common in corporate environments where databases store sensitive data. |
| hydra -l admin -P pass.txt pop3://target | POP3 attack | Tests email retrieval protocol for weak passwords. Useful in phishing and credential testing scenarios. |
| hydra -l admin -P pass.txt imap://target | IMAP attack | Targets IMAP email servers. Helps identify weak authentication in email infrastructure. |
| hydra -l admin -P pass.txt vnc://target | VNC attack | Attempts to crack VNC passwords. Useful for remote desktop penetration testing. |
| hydra -l admin -P pass.txt smb://target | SMB attack | Targets Windows file sharing services. Often used in internal network penetration testing. |
ADVANCED COMMANDS OF HYDRA
| Command Syntax | Purpose of Command | Description |
|---|---|---|
| hydra -L users.txt -P pass.txt -t 32 ssh://target | High-speed attack | Uses high thread count to maximize speed. Effective in lab environments but risky in real systems due to detection mechanisms. |
| hydra -l admin -P pass.txt -s 8080 http-get://target | Custom HTTP port | Targets web services running on non-standard ports. Common in applications hosted on alternative configurations. |
| hydra -l admin -P pass.txt http-post-form “/login:user=^USER^&pass=^PASS^:F=incorrect” | Custom form attack | Defines custom login form parameters and failure messages. This allows Hydra to work with almost any web application login system. |
| hydra -L users.txt -P pass.txt -o results.txt ftp://target | Output logging | Saves results to file for reporting. Useful for penetration testers documenting findings. |
| hydra -L users.txt -P pass.txt -f -V ssh://target | Stop on success verbose | Combines verbosity and early stopping for efficient debugging and quick results during testing. |
| hydra -l admin -P pass.txt -e nsr ssh://target | Advanced password attempts | Tries null, username, and reversed username as passwords. Helps identify weak password policies quickly. |
| hydra -L users.txt -P pass.txt -M targets.txt ssh | Multi-target attack | Runs attacks against multiple hosts simultaneously. Useful in large-scale penetration testing. |
| hydra -L users.txt -P pass.txt -x 4:8:a ssh://target | Brute force generation | Generates passwords dynamically with specified length and charset. Useful when no wordlist is available. |
| hydra -l admin -p password -t 1 ssh://target | Slow stealth attack | Uses single thread to avoid detection. Ideal for stealth penetration testing scenarios. |
| hydra -L users.txt -P pass.txt -w 10 ssh://target | Delay between attempts | Adds wait time between login attempts. Helps bypass rate-limiting protections. |
| hydra -l admin -P pass.txt -vV ssh://target | Maximum verbosity | Displays detailed output for each attempt. Useful for debugging complex login scenarios. |
| hydra -L users.txt -P pass.txt -R ssh://target | Resume attack | Continues from last session. Critical for long brute force operations. |
| hydra -l admin -P pass.txt -I ssh://target | Ignore restore | Starts fresh attack ignoring previous sessions. Useful when starting new test runs. |
| hydra -L users.txt -P pass.txt -t 64 ftp://target | Aggressive FTP attack | Uses high thread count for FTP brute force. Effective but may trigger alerts quickly. |
| hydra -L users.txt -P pass.txt -u ftp://target | Loop strategy | Changes attack order to improve success rate depending on credential patterns. |
| hydra -l admin -P pass.txt -s 3306 mysql://target | Custom MySQL port | Targets databases running on alternative ports. Common in cloud environments. |
| hydra -L users.txt -P pass.txt -M iplist.txt ftp | Network-wide attack | Executes attacks across multiple IP addresses. Useful for enterprise assessments. |
| hydra -l admin -P pass.txt http-get-form “/login:user=^USER^&pass=^PASS^:S=Welcome” | Success condition | Defines success response instead of failure. Improves accuracy of results. |
| hydra -L users.txt -P pass.txt -o found.txt -f ssh://target | Save first success | Logs first valid credential and stops. Efficient for quick wins in testing. |
| hydra -l admin -P pass.txt -t 2 -w 5 ssh://target | Balanced attack | Combines moderate speed with delay to reduce detection risk. |
SECURITYELITES HANDS ON LAB – REAL SCENARIOS Using Hydra Commands
Scenario 1: Cracking SSH Login using Hydra Command
You discover an SSH service running on a target.
hydra -l root -P rockyou.txt ssh://192.168.1.10
Commands Used:
- -l
- -P
- ssh
Scenario 2: Web Login Brute Force using Hydra
Testing login form:
hydra -l admin -P passwords.txt http-post-form "/login:user=^USER^&pass=^PASS^:F=incorrect"
Commands Used:
- http-post-form
- -l
- -P
Scenario 3: FTP Weak Password Testing using Hydra
hydra -L users.txt -P pass.txt ftp://192.168.1.20
Commands Used:
- -L
- -P
- ftp
Scenario 4: Multi-Target Attack using Hydra
hydra -L users.txt -P pass.txt -M targets.txt ssh
Commands Used:
- -M
- -L
- -P
Scenario 5: Stealth Attack using Hydra
hydra -l admin -P pass.txt -t 1 -w 5 ssh://192.168.1.30
Commands Used:
- -t
- -w
FAQ (People Also Ask)
What is Hydra used for?
Hydra is used in cybersecurity for password cracking and authentication testing. It allows penetration testers to identify weak credentials across services like SSH, FTP, HTTP, and databases. By simulating brute force attacks, Hydra helps organizations strengthen password policies and secure their systems against real attackers.
Is Hydra legal?
Hydra is legal when used for ethical hacking and authorized penetration testing. However, using Hydra on systems without permission is illegal and considered cybercrime. Always ensure you have written authorization before performing any security testing.
Does Kali Linux include Hydra?
Yes, Hydra comes pre-installed in most Kali Linux distributions. It is one of the core tools used by ethical hackers and penetration testers for credential testing and brute force attacks.
Is Hydra used by hackers?
Yes, both ethical hackers and malicious attackers use Hydra. Ethical hackers use it to test system security, while attackers may use it to gain unauthorized access. Learning Hydra helps defenders understand and prevent attacks.
Is Hydra difficult to learn?
Hydra is beginner-friendly once you understand basic command syntax. With practice and cheat sheets like this, you can quickly learn how to use it effectively in real-world cybersecurity scenarios.
CONCLUSION
You’ve just explored one of the most powerful resources on the internet — the Hydra Cheat Sheet.
You now understand:
- What Hydra is and how it works
- 60+ essential Hydra commands
- Real-world penetration testing scenarios
- How attackers think and operate
But here’s the truth…
Reading alone won’t make you skilled.
To truly master Hydra:
- Practice in safe lab environments
- Test on vulnerable machines
- Experiment with different commands
- Build your own scenarios
Dont forget that securityelites has published many free online hacking tools, you must try them out:
👉 Bookmark this Hydra Cheat Sheet
👉 Share it with your cybersecurity friends
👉 Explore more guides on SecurityElites
Your journey into ethical hacking has just begun.
