Overview
This node integrates the Hydra tool to perform brute force attacks against network services, primarily for security testing and penetration testing purposes. It attempts to connect to a specified target service (e.g., SSH) by trying multiple password combinations to discover valid credentials.
A common scenario is testing the strength of user passwords on an SSH server by attempting random brute force attacks with configurable parameters such as attack speed, number of attempts, and session restoration. This helps security professionals identify weak credentials and improve system security.
For example, you can use this node to:
- Test if the "root" user on an SSH server at IP
192.168.0.1has a weak password. - Configure slow or aggressive attack modes to balance between stealth and speed.
- Limit the number of login attempts to avoid locking out accounts or triggering alarms.
Properties
| Name | Meaning |
|---|---|
| Target Service | The network service to target for brute forcing. Currently supports: SSH |
| Target Host / IP | The IP address or hostname and port of the target machine (e.g., 192.168.0.1:22) |
| Username | The username to attempt to brute force (e.g., "root") |
| Attempts Limit | Maximum number of login attempts to perform; 0 disables the limit |
| Options | Collection of additional options: |
| - Slow Attack | Use a slow attack mode (-t 1 -W 64) to reduce detection risk |
| - Aggressive Mode | Number of parallel tasks for faster execution (e.g., 4) |
| - Wait Time | Wait time between attempts in seconds (e.g., 32) |
| - Try Empty Password | Whether to try logging in with an empty password |
| - Return All Attempts | Whether to return all failed login attempts in the output |
| - Restore Session | Whether to restore previous sessions on failure (-R option) |
| - Put Result in Field | The name of the output JSON field where results will be stored (default: "hydra") |
Output
The node outputs a JSON object containing the results of the brute force operation under the specified result field (default "hydra"). The structure includes:
target: The target host and port.service: The targeted service (e.g., "ssh").cracked: Boolean indicating if any successful login was found.successfulAttempts: Array of objects representing successful login attempts, each with:target: Host and port string.service: Service name.login: Username used.password: Password found.attempt: Attempt count when success occurred.
allAttempts(optional): If enabled, contains all failed attempts with details.errors: Array of error messages encountered during execution.duration: Duration of the attack in seconds.durationFormatted: Human-readable duration string.attemptCount: Total number of attempts performed.
The node does not output binary data.
Dependencies
- Requires the external command-line tool Hydra installed and accessible in the system environment.
- Uses standard shell commands and utilities (
sh,nmap). - No direct API keys or online services are required.
- The node resolves file paths and home directories for dictionary files if used (though not applicable for the Random BruteForce operation).
Troubleshooting
Common Issues:
- Hydra not installed or not in PATH: The node will fail to spawn the Hydra process.
- Incorrect target host or port: Connection attempts will fail.
- Insufficient permissions: Running Hydra may require appropriate system privileges.
- Too aggressive settings may cause network or service instability.
Error Messages:
[ERROR]lines from Hydra stderr indicate issues during execution; these are captured and included in the output'serrorsarray.- If the node terminates early due to errors, check the error messages for clues (e.g., connection refused, invalid parameters).
Resolutions:
- Ensure Hydra is installed and executable.
- Verify target host and port correctness.
- Adjust attack parameters to avoid overwhelming the target.
- Enable session restore if interrupted attacks need resuming.