The number one biggest security hole is passwords, as every password security study shows. Hydra is a parallelized (multi-threaded) login cracker which supports attacking/cracking numerous protocols. New modules are easy to add, beside that, it is flexible and very fast.
Currently this tool supports:
TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, SMB, SMBNT, MS-SQL, MYSQL, REXEC,RSH, RLOGIN, CVS, SNMP, SMTP-AUTH, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS, ICQ, SAP/R3, LDAP2, LDAP3, Postgres, Teamspeak, Cisco auth, Cisco enable, AFP, LDAP2, Cisco AAA (incorporated in telnet module).
Recent changes for v5.8
Additions prior to public release (v5.7 and before)
- Added ncp support plus minor fixes (by David Maciejak @ GMAIL dot com)
- Added an old patch to fix a memory from SSL and speed it up too from kan(at)dcit.cz
- Removed unnecessary compiler warnings
- Enhanced the SSH2 module based on an old patch from aris(at)0xbadc0de.be
- Fixed small local defined overflow in the teamspeak module. Does it still work anyway??
- Moved to GPLv3 License (lots of people wanted that)
- Upgraded ssh2 module to libssh-0.4.x (thanks to aris (at) 0xbadc0de.be for the 0.2 basis)
- Added firebird support (by David Maciejak @ GMAIL dot com)
- Added SIP MD5 auth patch (by Jean-Baptiste Aviat jba [at] hsc [dot] `french tld’)
- Removed Palm and ARM support
- Fix for cygwin which falsely detected postgres library when there was none.
You can download Hydra v5.8 here.