원클릭으로
hydra
Use hydra only for authorized, bounded authentication testing with explicit targets, protocols, accounts, and rate limits.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Use hydra only for authorized, bounded authentication testing with explicit targets, protocols, accounts, and rate limits.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
Use agent-browser-cli to perceive and control the supervised Chrome browser inside the sandbox, interact with pages, capture screenshots/PDFs, inspect cookies/CDP/network/console state, and troubleshoot only when needed.
Use OWASP Amass for authorized asset discovery, domain enumeration, and DNS intelligence on in-scope targets.
Use apktool for authorized Android APK resource decoding, manifest review, smali inspection, rebuild checks, and static mobile artifact triage.
Use file, 7z, unzip, tar-compatible tools, hashes, and bounded shell inspection for safe triage of provided archives and unknown files.
Use binwalk for authorized firmware, binary blob, archive, filesystem, and embedded-content triage with bounded extraction and evidence handling.
Use the pwntools-provided checksec CLI for authorized ELF hardening review, mitigation checks, and binary triage evidence.
| name | hydra |
| description | Use hydra only for authorized, bounded authentication testing with explicit targets, protocols, accounts, and rate limits. |
Use hydra only for authorized authentication testing where the target service, account scope, wordlists, and limits are explicit.
Before constructing commands, confirm the installed CLI and inspect help output. Hydra v9.5+ prints help for -h and exits 0; older builds may exit nonzero, so do not discard help output and do not use the exit status alone as a success probe:
command -v hydra
hydra -h 2>&1 | sed -n '1,80p'
/usr/share/seclists only when credential testing is explicitly authorized and lockout-safe limits are clear.SSH check for one authorized account with one worker:
hydra -l alice -P passwords.txt -s 22 -t 1 -o hydra-ssh.txt ssh://192.0.2.10
HTTP POST form check only when the failure marker is known:
hydra -l alice -P passwords.txt -t 1 -o hydra-http.txt 192.0.2.10 http-post-form '/login:username=^USER^&password=^PASS^:F=invalid'
Use -L for an authorized username file, -p for a single password, and -P for a password file. Keep -t conservative unless the user has provided safe limits.
Report scope, protocol, command used with sensitive values redacted when needed, rate limits, output path, and verified results.