Notes on Brute Force Attacks using Hydra

Part 1

Brute-forcing methods:

• offline (a.k.a offline password cracking)
• online (e.g. login forms)

I’ve seen people on twitter often mentioning wfuzz and ffuf for login brute-forcing. However, these notes are about the usage of thehydra tool.

To install it on your local VM:

apt install hydra -y

There can be different scenarios for brute-forcing, such as brute-forcing basic HTTP auth, brute-forcing for default…