Overview
This node integrates the Hydra tool to perform brute force attacks against network services, primarily for security testing and penetration testing purposes. It attempts to connect to a specified service on a target host using various credential combinations to identify valid login credentials.
A common scenario is testing SSH access by trying multiple username-password pairs from a dictionary file to find weak or default credentials. This helps security professionals assess the strength of authentication mechanisms.
For example, you can use this node to:
- Test SSH login security on a server by providing a dictionary of user:password pairs.
- Limit the number of login attempts to avoid lockouts or detection.
- Customize attack speed and behavior with options like slow attack mode or aggressive mode.
Properties
| Name | Meaning |
|---|---|
| Target Service | The network service to target. Currently supports: SSH. |
| Target Host / IP | The IP address or hostname and port of the target service (e.g., 192.168.0.1:22). |
| Dictionary File | Path to a dictionary file containing user:password pairs used for the brute force attack. |
| Attempts Limit | Maximum number of login attempts to perform; set to 0 to disable the limit. |
| Options | Collection of additional settings: |
| - Slow Attack | Use a slow attack mode with specific timing parameters (-t 1 -W 64). |
| - Aggressive Mode | Number indicating faster execution mode (-t parameter). |
| - Wait Time | Wait time between attempts in seconds (-W parameter). |
| - Try Empty Password | Whether to try empty passwords during the attack. |
| - Return All Attempts | Whether to return all failed login attempts in the output. |
| - Restore Session | Whether to restore session on failure (-R option). |
| - Put Result in Field | The name of the output JSON field where results will be stored (default: "hydra"). |
Output
The node outputs an array of items, each containing a JSON object with the following structure under the configured result field (default "hydra"):
target: The target host and port string.service: The targeted service (e.g., "ssh").successfulAttempts: Array of objects representing successful login attempts, each with:target: Host and port.service: Service name.login: Username found.password: Password found.attempt: Attempt count when success occurred.
allAttempts(optional): If enabled, includes all failed attempts with details.cracked: Boolean indicating if any credentials were successfully cracked.duration: Duration of the attack in seconds.durationFormatted: Human-readable duration string.attemptCount: Total number of attempts performed.errors: Array of error messages captured during execution.
No binary data output is produced by this node.
Dependencies
- Requires the external command-line tool Hydra installed and accessible in the system environment.
- Uses shell execution to run Hydra commands.
- Requires access to the dictionary files on the local filesystem; paths are resolved to home directory if prefixed with
~. - No internal API keys or credentials are managed by the node itself; it relies on the user to provide correct target information and dictionary files.
Troubleshooting
Common Issues:
- Hydra not installed or not in PATH: The node will fail to spawn the Hydra process.
- Incorrect dictionary file path: The node resolves
~but the file must exist and be readable. - Target host unreachable or wrong port: No successful attempts will be found.
- Too low attempts limit may stop the attack prematurely.
- Permissions issues running shell commands or accessing files.
Error Messages:
- Errors emitted by Hydra are captured and included in the output's
errorsarray. - If
[ERROR]appears in Hydra stderr output, the node terminates the attack early. - Common errors include connection refused, authentication failures, or invalid parameters.
- Errors emitted by Hydra are captured and included in the output's
Resolution Tips:
- Ensure Hydra is installed and executable from the command line.
- Verify dictionary file paths and contents.
- Confirm network connectivity to the target host and port.
- Adjust attack options to balance speed and stealthiness.
- Check node logs for detailed Hydra output.