update web link

CHANGES

@@ -3,6 +3,7 @@ Changelog for hydra
 
 
 Release 8.7-dev
+* New web page: https://github.com/vanhauser-thc/thc-hydra
 * http-get/http-post:
    - now supports H=/h= parameters same as http-form (thanks to mathewmarcus@github for the patch)
    - 403/404 errors are now always registered as failed attempts

README

@@ -2,7 +2,7 @@
 				  H Y D R A
 
                       (c) 2001-2018 by van Hauser / THC
-                       <vh@thc.org> http://www.thc.org
+             <vh@thc.org> https://github.com/vanhauser-thc/thc-hydra
        many modules were written by David (dot) Maciejak @ gmail (dot) com
                  BFG code by Jan Dlabal <dlabaljan@gmail.com>
 
@@ -49,7 +49,7 @@ Your help in writing, enhancing or fixing modules is highly appreciated!! :-)
 WHERE TO GET
 ------------
 You can always find the newest release/production version of hydra at its
-project page at https://www.thc.org/thc-hydra 
+project page at https://github.com/vanhauser-thc/thc-hydra/releases
 If you are interested in the current development state, the public development
 repository is at Github:
   svn co https://github.com/vanhauser-thc/thc-hydra
@@ -377,7 +377,7 @@ Version 1.00 example:
         "These are very free form"
     ],
     "generator": {
-        "built": "2018-01-01 14:44:22",
+        "built": "2018-03-01 14:44:22",
         "commandline": "hydra -b jsonv1 -o results.json ... ...",
         "jsonoutputversion": "1.00",
         "server": "127.0.0.1",

README.md

@@ -2,7 +2,7 @@
 				  H Y D R A
 
                       (c) 2001-2018 by van Hauser / THC
-                       <vh@thc.org> http://www.thc.org
+             <vh@thc.org> https://github.com/vanhauser-thc/thc-hydra
        many modules were written by David (dot) Maciejak @ gmail (dot) com
                  BFG code by Jan Dlabal <dlabaljan@gmail.com>
 
@@ -49,7 +49,7 @@ Your help in writing, enhancing or fixing modules is highly appreciated!! :-)
 WHERE TO GET
 ------------
 You can always find the newest release/production version of hydra at its
-project page at https://www.thc.org/thc-hydra 
+project page at https://github.com/vanhauser-thc/thc-hydra/releases
 If you are interested in the current development state, the public development
 repository is at Github:
   svn co https://github.com/vanhauser-thc/thc-hydra

hydra-pcnfs.c

@@ -66,7 +66,7 @@ int32_t start_pcnfs(int32_t s, char *ip, int32_t port, unsigned char options, ch
   prh->len_passwd = htonl(63);
   prh->len_comments = htonl(254);
 
-  strcpy(prh->comments, " Hydra - THC password cracker - visit http://www.thc.org - use only allowed for legal purposes ");
+  strcpy(prh->comments, " Hydra - THC password cracker - visit https://github.com/vanhauser-thc/thc-hydra - use only allowed for legal purposes ");
   strcpy(prh->name, "localhost");
 
   ptr = prh->id;

hydra.c

@@ -1,6 +1,6 @@
 /*
  * hydra (c) 2001-2018 by van Hauser / THC <vh@thc.org>
- * http://www.thc.org
+ * https://github.com/vanhauser-thc/thc-hydra
  *
  * Parallized network login hacker.
  * Don't use in military or secret service organizations, or for illegal purposes.
@@ -207,7 +207,7 @@ char *SERVICES =
 #define VERSION   "v8.7-dev"
 #define AUTHOR    "van Hauser/THC"
 #define EMAIL     "<vh@thc.org>"
-#define RESOURCE  "http://www.thc.org/thc-hydra"
+#define RESOURCE  "https://github.com/vanhauser-thc/thc-hydra"
 
 extern char *hydra_strcasestr(const char *haystack, const char *needle);
 extern void hydra_tobase64(unsigned char *buf, int32_t buflen, int32_t bufsize);

pw-inspector.c

@@ -8,7 +8,7 @@
 #define PROGRAM		"PW-Inspector"
 #define VERSION		"v0.2"
 #define EMAIL		"vh@thc.org"
-#define WEB		"http://www.thc.org"
+#define WEB		"https://github.com/vanhauser-thc/thc-hydra"
 
 #define MAXLENGTH	256
 

web/CHANGES

@@ -1,7 +1,22 @@
 Changelog for hydra
 -------------------
 
-Release 8.6-dev
+
+Release 8.7-dev
+* New web page: https://github.com/vanhauser-thc/thc-hydra
+* http-get/http-post:
+   - now supports H=/h= parameters same as http-form (thanks to mathewmarcus@github for the patch)
+   - 403/404 errors are now always registered as failed attempts
+* mysql module: a non-default port was not working, fixed
+* added -w timeout support to ssh module
+* fixed various memory leaks in http-form module
+* corrected hydra return code to be 0 on success
+* added patch from debian maintainers which fixes spellings
+* fixed weird crash on x64 systems
+* many warning fixes by crondaemon
+
+
+Release 8.6
 * added radmin2 module by catatonic prime - great work!
 * smb module now checks if SMBv1 is supported by the server and if signing is required
 * http-form module now supports URLs up to 6000 bytes (thanks to petrock6@github for the patch)

web/README

@@ -1,8 +1,8 @@
 
 				  H Y D R A
 
-                      (c) 2001-2017 by van Hauser / THC
+                      (c) 2001-2018 by van Hauser / THC
-                       <vh@thc.org> http://www.thc.org
+             <vh@thc.org> https://github.com/vanhauser-thc/thc-hydra
        many modules were written by David (dot) Maciejak @ gmail (dot) com
                  BFG code by Jan Dlabal <dlabaljan@gmail.com>
 
@@ -49,7 +49,7 @@ Your help in writing, enhancing or fixing modules is highly appreciated!! :-)
 WHERE TO GET
 ------------
 You can always find the newest release/production version of hydra at its
-project page at https://www.thc.org/thc-hydra 
+project page at https://github.com/vanhauser-thc/thc-hydra/releases
 If you are interested in the current development state, the public development
 repository is at Github:
   svn co https://github.com/vanhauser-thc/thc-hydra
@@ -64,19 +64,25 @@ HOW TO COMPILE
 --------------
 To configure, compile and install hydra, just type:
 
+```
 ./configure
 make
 make install
+```
 
 If you want the ssh module, you have to setup libssh (not libssh2!) on your
 system,  get it from http://www.libssh.org, for ssh v1 support you also need
 to add "-DWITH_SSH1=On" option in the cmake command line.
 
 If you use Ubuntu/Debian, this will install supplementary libraries needed
-for a few optional modules:
+for a few optional modules (note that some might not be available on your distribution):
- apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \
+
+```
+apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \
                  libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \
-                 firebird2.1-dev libncp-dev
+                 firebird-dev libncp-dev
+```
+
 This enables all optional modules and features with the exception of Oracle,
 SAP R/3 and the apple filing protocol - which you will need to download and
 install from the vendor's web sites.
@@ -90,31 +96,34 @@ and compile them manually.
 
 SUPPORTED PLATFORMS
 -------------------
-All UNIX platforms (linux, *bsd, solaris, etc.)
+- All UNIX platforms (Linux, *bsd, Solaris, etc.)
-MacOS
+- MacOS (basically a BSD clone)
-Windows with Cygwin (both IPv4 and IPv6)
+- Windows with Cygwin (both IPv4 and IPv6)
-Mobile systems based on Linux, MacOS or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq)
+- Mobile systems based on Linux, MacOS or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq)
 
 
 
 HOW TO USE
 ----------
-If you just enter "hydra", you will see a short summary of the important
+If you just enter `hydra`, you will see a short summary of the important
 options available.
-Type "./hydra -h" to see all available command line options.
+Type `./hydra -h` to see all available command line options.
 
 Note that NO login/password file is included. Generate them yourself.
 A default password list is however present, use "dpl4hydra.sh" to generate
 a list.
 
-For Linux users, a GTK gui is available, try "./xhydra"
+For Linux users, a GTK gui is available, try `./xhydra`
 
 For the command line usage, the syntax is as follows:
  For attacking one target or a network, you can use the new "://" style:
-  hydra [some command line options] PROTOCOL://TARGET:PORT/OPTIONS
+  hydra [some command line options] PROTOCOL://TARGET:PORT/MODULE-OPTIONS
  The old mode can be used for these too, and additionally if you want to
  specify your targets from a text file, you *must* use this one:
-  hydra [some command line options] [-s port] TARGET PROTOCOL OPTIONS
+
+```
+hydra [some command line options] [-s PORT] TARGET PROTOCOL [MODULE-OPTIONS]
+```
 
 Via the command line options you specify which logins to try, which passwords,
 if SSL should be used, how many parallel tasks to use for attacking, etc.
@@ -122,7 +131,7 @@ if SSL should be used, how many parallel tasks to use for attacking, etc.
 PROTOCOL is the protocol you want to use for attacking, e.g. ftp, smtp,
 http-get or many others are available
 TARGET is the target you want to attack
-OPTIONS are optional values which are special per PROTOCOL module
+MODULE-OPTIONS are optional values which are special per PROTOCOL module
 
 FIRST - select your target
  you have three options on how to specify the target you want to attack:
@@ -147,7 +156,7 @@ FOURTH - the destination port
 If you use "://" notation, you must use "[" "]" brackets if you want to supply
 IPv6 addresses or CIDR ("192.168.0.0/24") notations to attack:
   hydra [some command line options] ftp://[192.168.0.0/24]/
-  hydra [some command line options] -6 smtp://[2001:db8::1]/NTLM
+  hydra [some command line options] -6 smtps://[2001:db8::1]/NTLM
 
 Note that everything hydra does is IPv4 only!
 If you want to attack IPv6 addresses, you must add the "-6" command line option.
@@ -158,22 +167,27 @@ notation but use the old style and just supply the protocol (and module options)
   hydra [some command line options] -M targets.txt ftp
 You can supply also port for each target entry by adding ":<port>" after a
 target entry in the file, e.g.:
-  foo.bar.com
+
-  target.com:21
+```
-  unusual.port.com:2121
+foo.bar.com
-  default.used.here.com
+target.com:21
-  127.0.0.1
+unusual.port.com:2121
-  127.0.0.1:2121
+default.used.here.com
+127.0.0.1
+127.0.0.1:2121
+```
 
 Note that if you want to attach IPv6 targets, you must supply the -6 option
 and *must* put IPv6 addresses in brackets in the file(!) like this:
-  foo.bar.com
-  target.com:21
-  [fe80::1%eth0]
-  [2001::1]
-  [2002::2]:8080
-  [2a01:24a:133:0:00:123:ff:1a]
 
+```
+foo.bar.com
+target.com:21
+[fe80::1%eth0]
+[2001::1]
+[2002::2]:8080
+[2a01:24a:133:0:00:123:ff:1a]
+```
 
 LOGINS AND PASSWORDS
 --------------------
@@ -182,45 +196,68 @@ With -l for login and -p for password you tell hydra that this is the only
 login and/or password to try.
 With -L for logins and -P for passwords you supply text files with entries.
 e.g.:
-  hydra -l admin -p password ftp://localhost/
+
-  hydra -L default_logins.txt -p test ftp://localhost/
+```
-  hydra -l admin -P common_passwords.txt ftp://localhost/
+hydra -l admin -p password ftp://localhost/
-  hydra -L logins.txt -P passwords.txt ftp://localhost/
+hydra -L default_logins.txt -p test ftp://localhost/
+hydra -l admin -P common_passwords.txt ftp://localhost/
+hydra -L logins.txt -P passwords.txt ftp://localhost/
+```
+
 Additionally, you can try passwords based on the login via the "-e" option.
 The "-e" option has three parameters:
-  s - try the login as password
+
-  n - try an empty password
+```
-  r - reverse the login and try it as password
+s - try the login as password
+n - try an empty password
+r - reverse the login and try it as password
+```
+
 If you want to, e.g. try "try login as password and "empty password", you 
 specify "-e sn" on the command line.
 
-
 But there are two more modes for trying passwords than -p/-P:
 You can use text file which where a login and password pair is separated by a colon,
 e.g.:
-  admin:password
+
-  test:test
+```
-  foo:bar
+admin:password
+test:test
+foo:bar
+```
+
 This is a common default account style listing, that is also generated by the
 dpl4hydra.sh default account file generator supplied with hydra.
 You use such a text file with the -C option - note that in this mode you
 can not use -l/-L/-p/-P options (-e nsr however you can).
 Example:
-  hydra -C default_accounts.txt ftp://localhost/
+
+```
+hydra -C default_accounts.txt ftp://localhost/
+```
 
 And finally, there is a bruteforce mode with the -x option (which you can not
 use with -p/-P/-C):
-  -x minimum_length:maximum_length:charset
+
-the charset definition is 'a' for lowercase letters, 'A' for uppercase letters,
+```
-'1' for numbers and for anything else you supply it is their real representation.
+-x minimum_length:maximum_length:charset
+```
+
+the charset definition is `a` for lowercase letters, `A` for uppercase letters,
+`1` for numbers and for anything else you supply it is their real representation.
 Examples:
-  -x 1:3:a generate passwords from length 1 to 3 with all lowercase letters
+
-  -x 2:5:/ generate passwords from length 2 to 5 containing only slashes
+```
-  -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers
+-x 1:3:a generate passwords from length 1 to 3 with all lowercase letters
+-x 2:5:/ generate passwords from length 2 to 5 containing only slashes
+-x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers
+```
+
 Example:
-  hydra -l ftp -x 3:3:a ftp://localhost/
-
 
+```
+hydra -l ftp -x 3:3:a ftp://localhost/
+```
 
 SPECIAL OPTIONS FOR MODULES
 ---------------------------
@@ -229,19 +266,23 @@ command line option, you can pass one option to a module.
 Many modules use this, a few require it!
 
 To see the special option of a module, type:
+
   hydra -U <module>
+
 e.g.
+
   ./hydra -U http-post-form
 
 The special options can be passed via the -m parameter, as 3rd command line
 option or in the service://target/option format.
 
 Examples (they are all equal):
-  ./hydra -l test -p test -m PLAIN 127.0.0.1 imap
-  ./hydra -l test -p test 127.0.0.1 imap PLAIN
-  ./hydra -l test -p test imap://127.0.0.1/PLAIN
-
 
+```
+./hydra -l test -p test -m PLAIN 127.0.0.1 imap
+./hydra -l test -p test 127.0.0.1 imap PLAIN
+./hydra -l test -p test imap://127.0.0.1/PLAIN
+```
 
 RESTORING AN ABORTED/CRASHED SESSION
 ------------------------------------
@@ -251,28 +292,35 @@ restore the session. This session file is written every 5 minutes.
 NOTE: the hydra.restore file can NOT be copied to a different platform (e.g.
 from little endian to big endian, or from solaris to aix)
 
-
-
 HOW TO SCAN/CRACK OVER A PROXY
 ------------------------------
 The environment variable HYDRA_PROXY_HTTP defines the web proxy (this works
 just for the http services!).
 The following syntax is valid:
-  HYDRA_PROXY_HTTP="http://123.45.67.89:8080/"
+
-  HYDRA_PROXY_HTTP="http://login:password@123.45.67.89:8080/"
+```
-  HYDRA_PROXY_HTTP="proxylist.txt"
+HYDRA_PROXY_HTTP="http://123.45.67.89:8080/"
+HYDRA_PROXY_HTTP="http://login:password@123.45.67.89:8080/"
+HYDRA_PROXY_HTTP="proxylist.txt"
+```
+
 The last example is a text file containing up to 64 proxies (in the same
 format definition as the other examples).
 
 For all other services, use the HYDRA_PROXY variable to scan/crack.
 It uses the same syntax. eg:
-  HYDRA_PROXY=[connect|socks4|socks5]://[login:password@]proxy_addr:proxy_port
+
+```
+HYDRA_PROXY=[connect|socks4|socks5]://[login:password@]proxy_addr:proxy_port
+```
+
 for example:
-  HYDRA_PROXY=connect://proxy.anonymizer.com:8000
-  HYDRA_PROXY=socks4://auth:pw@127.0.0.1:1080
-  HYDRA_PROXY=socksproxylist.txt
-
 
+```
+HYDRA_PROXY=connect://proxy.anonymizer.com:8000
+HYDRA_PROXY=socks4://auth:pw@127.0.0.1:1080
+HYDRA_PROXY=socksproxylist.txt
+```
 
 ADDITIONAL HINTS
 ----------------
@@ -293,6 +341,7 @@ RESULTS OUTPUT
 The results are output to stdio along with the other information.  Via the -o
 command line option, the results can also be written to a file.  Using -b,
 the format of the output can be specified.  Currently, these are supported:
+
 * `text`   - plain text format
 * `jsonv1` - JSON data using version 1.x of the schema (defined below).
 * `json`   - JSON data using the latest version of the schema, currently there
@@ -302,7 +351,8 @@ If using JSON output, the results file may not be valid JSON if there are
 serious errors in booting Hydra.
 
 
-### JSON Schema
+JSON Schema
+-----------
 Here is an example of the JSON output.  Notes on some of the fields:
 
 * `errormessages` - an array of zero or more strings that are normally printed
@@ -327,7 +377,7 @@ Version 1.00 example:
         "These are very free form"
     ],
     "generator": {
-        "built": "2017-03-01 14:44:22",
+        "built": "2018-01-01 14:44:22",
         "commandline": "hydra -b jsonv1 -o results.json ... ...",
         "jsonoutputversion": "1.00",
         "server": "127.0.0.1",
@@ -373,6 +423,7 @@ Run against a SuSE Linux 7.2 on localhost with a "-C FILE" containing
 295 entries (294 tries invalid logins, 1 valid). Every test was run three
 times (only for "1 task" just once), and the average noted down.
 
+```
 			P A R A L L E L    T A S K S
 SERVICE	1	4	8	16	32	50	64	100	128
 ------- --------------------------------------------------------------------
@@ -380,6 +431,7 @@ telnet	23:20	5:58	2:58	1:34	1:05	0:33	0:45*	0:25*	0:55*
 ftp	45:54	11:51	5:54	3:06	1:25	0:58	0:46	0:29	0:32
 pop3	92:10	27:16	13:56	6:42	2:55	1:57	1:24	1:14	0:50
 imap	31:05	7:41	3:51	1:58	1:01	0:39	0:32	0:25	0:21
+```
 
 (*)
 Note: telnet timings can be VERY different for 64 to 128 tasks! e.g. with
@@ -387,10 +439,12 @@ Note: telnet timings can be VERY different for 64 to 128 tasks! e.g. with
 The reason for this is unknown...
 
 guesses per task (rounded up):
-	295	74	38	19	10	6	5	3	3
+	
+  295	74	38	19	10	6	5	3	3
 
 guesses possible per connect (depends on the server software and config):
-	telnet	4
+	
+  telnet	4
 	ftp	6
 	pop3	1
 	imap	3
@@ -406,6 +460,7 @@ vh@thc.org (and put "antispam" in the subject line)
 
 You should use PGP to encrypt emails to vh@thc.org :
 
+```
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 Version: GnuPG v3.3.3 (vh@thc.org)
 
@@ -471,3 +526,4 @@ zlGuZP1S6Y7S13ytiULSzTfUxJmyGYgNo+4ygh0i6Dudf9NLmV+i9aEIbLbd6bni
 zB3yrr+vYBT0uDWmxwPjiJs=
 =ytEf
 -----END PGP PUBLIC KEY BLOCK-----
+```