Overview
This node integrates the Hydra tool to perform brute force attacks against network services, primarily SSH in this context. It automates attempts to gain access by trying combinations of usernames and passwords from provided dictionaries or generated patterns.
Common scenarios include:
- Security testing and auditing of SSH servers by penetration testers.
- Verifying password strength policies by attempting dictionary-based logins.
- Automated credential validation during security assessments.
Practical example: Using user and password lists, the node tries to authenticate to an SSH server at a specified IP address and port, reporting any successful login credentials found.
Properties
| Name | Meaning |
|---|---|
| Target Service | The service to attack; currently supports "SSH". |
| Target Host / IP | The target host and port (e.g., "192.168.0.1:22") where the brute force attack will be directed. |
| Users Dictionary File | Path to the file containing usernames to try (used in dictionary brute force). |
| Passwords Dictionary File | Path to the file containing passwords to try (used in dictionary brute force). |
| Attempts Limit | Maximum number of login attempts before stopping (0 disables limit). |
| Options | Collection of additional options: |
| - Slow Attack | Use slow attack mode with specific timing parameters. |
| - Aggressive Mode | Number indicating faster execution mode (-t parameter). |
| - Wait Time | Wait time between attempts (-W parameter). |
| - Try Empty Password | Whether to attempt login with empty password. |
| - Return All Attempts | Whether to return all failed attempts along with successes. |
| - Restore Session | Whether to restore session on failure (-R parameter). |
| - Put Result in Field | Name of the output JSON field where results will be stored (default "hydra"). |
Output
The node outputs JSON data containing the results of the brute force attack under the specified result field (default "hydra"). The structure includes:
target: The target host and port.service: The attacked service (e.g., "ssh").successfulAttempts: Array of objects representing successful login attempts, each with:target: Host and port.service: Service name.login: Username used.password: Password used.attempt: Attempt count when success occurred.
allAttempts(optional): If enabled, array of all attempted logins including failures.cracked: Boolean indicating if any credentials were successfully cracked.duration: Duration of the attack in seconds.durationFormatted: Human-readable duration string.attemptCount: Total number of attempts made.errors: Array of error messages encountered during execution.
No binary data output is produced by this node.
Dependencies
- Requires the external command-line tool Hydra installed and accessible in the system environment.
- Uses shell commands executed via Node.js child processes.
- Requires access to user and password dictionary files on the local filesystem.
- No internal API keys or credentials are required beyond what Hydra needs for authentication attempts.
Troubleshooting
Common issues:
- Hydra not installed or not in PATH: The node will fail to spawn the process.
- Incorrect paths to dictionary files: Hydra will error out; ensure paths are correct and accessible.
- Network connectivity issues to target host/port: Attempts will fail or timeout.
- Insufficient permissions to run Hydra or access files.
Error messages:
[ERROR]lines from Hydra stderr are captured and cause the attack to stop.- If the node logs errors related to spawning the process or file access, verify installation and file permissions.
- If no successful attempts are reported, check that the dictionaries contain valid credentials and the target is reachable.
Resolution tips:
- Confirm Hydra installation by running
hydra -hin the terminal. - Verify dictionary file paths and contents.
- Ensure the target host and port are correct and reachable.
- Adjust attack speed options if the target limits connection rates.
- Confirm Hydra installation by running